diff --git a/Makefile.am b/Makefile.am index a4af006..e12dced 100644 --- a/Makefile.am +++ b/Makefile.am @@ -117,6 +117,7 @@ cpuminer_SOURCES = \ algo/keccak/keccak-4way.c\ algo/keccak/keccak-gate.c \ algo/keccak/sse2/keccak.c \ + algo/lanehash/lane.c \ algo/luffa/sph_luffa.c \ algo/luffa/luffa.c \ algo/luffa/luffa_for_sse2.c \ @@ -200,6 +201,7 @@ cpuminer_SOURCES = \ algo/skein/skein2-gate.c \ algo/sm3/sm3.c \ algo/sm3/sm3-hash-4way.c \ + algo/swifftx/swifftx.c \ algo/tiger/sph_tiger.c \ algo/whirlpool/sph_whirlpool.c \ algo/whirlpool/whirlpool-hash-4way.c \ @@ -279,6 +281,11 @@ cpuminer_SOURCES = \ algo/x17/sonoa-4way.c \ algo/x17/sonoa.c \ algo/x20/x20r.c \ + algo/x22/x22i-4way.c \ + algo/x22/x22i.c \ + algo/x22/x22i-gate.c \ + algo/x22/x25x.c \ + algo/x22/x25x-4way.c \ algo/yescrypt/yescrypt.c \ algo/yescrypt/sha256_Y.c \ algo/yescrypt/yescrypt-best.c \ diff --git a/README.md b/README.md index dd5af57..568c552 100644 --- a/README.md +++ b/README.md @@ -129,6 +129,8 @@ Supported Algorithms x16s Pigeoncoin (PGN) x17 x21s + x22i + x25x xevan Bitsend (BSD) yescrypt Globalboost-Y (BSTY) yescryptr8 BitZeny (ZNY) diff --git a/RELEASE_NOTES b/RELEASE_NOTES index adde72a..8124aa6 100644 --- a/RELEASE_NOTES +++ b/RELEASE_NOTES @@ -31,6 +31,11 @@ FreeBSD YMMV. Change Log ---------- +v3.9.11 + +Added x22i & x25x algos. +Blake2s 2% faster AVX2 with Intel CPU, slower with Ryzen v1, v2 ? + v3.9.10 Faster X* algos with AVX2. diff --git a/algo-gate-api.c b/algo-gate-api.c index bcce910..cebfc8b 100644 --- a/algo-gate-api.c +++ b/algo-gate-api.c @@ -238,6 +238,8 @@ bool register_algo_gate( int algo, algo_gate_t *gate ) case ALGO_X16S: register_x16s_algo ( gate ); break; case ALGO_X17: register_x17_algo ( gate ); break; case ALGO_X21S: register_x21s_algo ( gate ); break; + case ALGO_X22I: register_x22i_algo ( gate ); break; + case ALGO_X25X: register_x25x_algo ( gate ); break; case ALGO_XEVAN: register_xevan_algo ( gate ); break; /* case ALGO_YESCRYPT: register_yescrypt_05_algo ( gate ); break; case ALGO_YESCRYPTR8: register_yescryptr8_05_algo ( gate ); break; diff --git a/algo/blake/blake2s-hash-4way.c b/algo/blake/blake2s-hash-4way.c index 155518c..e1982ba 100644 --- a/algo/blake/blake2s-hash-4way.c +++ b/algo/blake/blake2s-hash-4way.c @@ -20,12 +20,13 @@ //#if defined(__SSE4_2__) #if defined(__SSE2__) - +/* static const uint32_t blake2s_IV[8] = { 0x6A09E667UL, 0xBB67AE85UL, 0x3C6EF372UL, 0xA54FF53AUL, 0x510E527FUL, 0x9B05688CUL, 0x1F83D9ABUL, 0x5BE0CD19UL }; +*/ static const uint8_t blake2s_sigma[10][16] = { @@ -41,6 +42,7 @@ static const uint8_t blake2s_sigma[10][16] = { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } , }; + // define a constant for initial param. int blake2s_4way_init( blake2s_4way_state *S, const uint8_t outlen ) @@ -88,41 +90,45 @@ int blake2s_4way_compress( blake2s_4way_state *S, const __m128i* block ) memcpy_128( m, block, 16 ); memcpy_128( v, S->h, 8 ); - v[ 8] = _mm_set1_epi32( blake2s_IV[0] ); - v[ 9] = _mm_set1_epi32( blake2s_IV[1] ); - v[10] = _mm_set1_epi32( blake2s_IV[2] ); - v[11] = _mm_set1_epi32( blake2s_IV[3] ); + v[ 8] = m128_const1_64( 0x6A09E6676A09E667ULL ); + v[ 9] = m128_const1_64( 0xBB67AE85BB67AE85ULL ); + v[10] = m128_const1_64( 0x3C6EF3723C6EF372ULL ); + v[11] = m128_const1_64( 0xA54FF53AA54FF53AULL ); v[12] = _mm_xor_si128( _mm_set1_epi32( S->t[0] ), - _mm_set1_epi32( blake2s_IV[4] ) ); + m128_const1_64( 0x510E527F510E527FULL ) ); v[13] = _mm_xor_si128( _mm_set1_epi32( S->t[1] ), - _mm_set1_epi32( blake2s_IV[5] ) ); + m128_const1_64( 0x9B05688C9B05688CULL ) ); v[14] = _mm_xor_si128( _mm_set1_epi32( S->f[0] ), - _mm_set1_epi32( blake2s_IV[6] ) ); + m128_const1_64( 0x1F83D9AB1F83D9ABULL ) ); v[15] = _mm_xor_si128( _mm_set1_epi32( S->f[1] ), - _mm_set1_epi32( blake2s_IV[7] ) ); + m128_const1_64( 0x5BE0CD195BE0CD19ULL ) ); -#define G4W(r,i,a,b,c,d) \ +#define G4W( sigma0, sigma1, a, b, c, d ) \ do { \ - a = _mm_add_epi32( _mm_add_epi32( a, b ), m[ blake2s_sigma[r][2*i+0] ] ); \ + uint8_t s0 = sigma0; \ + uint8_t s1 = sigma1; \ + a = _mm_add_epi32( _mm_add_epi32( a, b ), m[ s0 ] ); \ d = mm128_ror_32( _mm_xor_si128( d, a ), 16 ); \ c = _mm_add_epi32( c, d ); \ b = mm128_ror_32( _mm_xor_si128( b, c ), 12 ); \ - a = _mm_add_epi32( _mm_add_epi32( a, b ), m[ blake2s_sigma[r][2*i+1] ] ); \ + a = _mm_add_epi32( _mm_add_epi32( a, b ), m[ s1 ] ); \ d = mm128_ror_32( _mm_xor_si128( d, a ), 8 ); \ c = _mm_add_epi32( c, d ); \ b = mm128_ror_32( _mm_xor_si128( b, c ), 7 ); \ } while(0) + #define ROUND4W(r) \ do { \ - G4W( r, 0, v[ 0], v[ 4], v[ 8], v[12] ); \ - G4W( r, 1, v[ 1], v[ 5], v[ 9], v[13] ); \ - G4W( r, 2, v[ 2], v[ 6], v[10], v[14] ); \ - G4W( r, 3, v[ 3], v[ 7], v[11], v[15] ); \ - G4W( r, 4, v[ 0], v[ 5], v[10], v[15] ); \ - G4W( r, 5, v[ 1], v[ 6], v[11], v[12] ); \ - G4W( r, 6, v[ 2], v[ 7], v[ 8], v[13] ); \ - G4W( r, 7, v[ 3], v[ 4], v[ 9], v[14] ); \ + uint8_t *sigma = (uint8_t*)&blake2s_sigma[r]; \ + G4W( sigma[ 0], sigma[ 1], v[ 0], v[ 4], v[ 8], v[12] ); \ + G4W( sigma[ 2], sigma[ 3], v[ 1], v[ 5], v[ 9], v[13] ); \ + G4W( sigma[ 4], sigma[ 5], v[ 2], v[ 6], v[10], v[14] ); \ + G4W( sigma[ 6], sigma[ 7], v[ 3], v[ 7], v[11], v[15] ); \ + G4W( sigma[ 8], sigma[ 9], v[ 0], v[ 5], v[10], v[15] ); \ + G4W( sigma[10], sigma[11], v[ 1], v[ 6], v[11], v[12] ); \ + G4W( sigma[12], sigma[13], v[ 2], v[ 7], v[ 8], v[13] ); \ + G4W( sigma[14], sigma[15], v[ 3], v[ 4], v[ 9], v[14] ); \ } while(0) ROUND4W( 0 ); @@ -144,26 +150,47 @@ do { \ return 0; } +// There is a problem that can't be resolved internally. +// If the last block is a full 64 bytes it should not be compressed in +// update but left for final. However, when streaming, it isn't known +// which block is last. There may be a subsequent call to update to add +// more data. +// +// The reference code handled this by juggling 2 blocks at a time at +// a significant performance penalty. +// +// Instead a new function is introduced called full_blocks which combines +// update and final and is to be used in non-streaming mode where the data +// is a multiple of 64 bytes. +// +// Supported: +// 64 + 16 bytes (blake2s with midstate optimization) +// 80 bytes without midstate (blake2s without midstate optimization) +// Any multiple of 64 bytes in one shot (x25x) +// +// Unsupported: +// Stream of 64 byte blocks one at a time. +// +// use for part blocks or when streaming more data int blake2s_4way_update( blake2s_4way_state *S, const void *in, uint64_t inlen ) { - __m128i *input = (__m128i*)in; - __m128i *buf = (__m128i*)S->buf; - const int bsize = BLAKE2S_BLOCKBYTES; + __m128i *input = (__m128i*)in; + __m128i *buf = (__m128i*)S->buf; while( inlen > 0 ) { size_t left = S->buflen; - if( inlen >= bsize - left ) + if( inlen >= BLAKE2S_BLOCKBYTES - left ) { - memcpy_128( buf + (left>>2), input, (bsize - left) >> 2 ); - S->buflen += bsize - left; + memcpy_128( buf + (left>>2), input, (BLAKE2S_BLOCKBYTES - left) >> 2 ); + S->buflen += BLAKE2S_BLOCKBYTES - left; S->t[0] += BLAKE2S_BLOCKBYTES; S->t[1] += ( S->t[0] < BLAKE2S_BLOCKBYTES ); blake2s_4way_compress( S, buf ); S->buflen = 0; - input += ( bsize >> 2 ); - inlen -= bsize; + input += ( BLAKE2S_BLOCKBYTES >> 2 ); + inlen -= BLAKE2S_BLOCKBYTES; } else { @@ -195,8 +222,45 @@ int blake2s_4way_final( blake2s_4way_state *S, void *out, uint8_t outlen ) return 0; } +// Update and final when inlen is a multiple of 64 bytes +int blake2s_4way_full_blocks( blake2s_4way_state *S, void *out, + const void *input, uint64_t inlen ) +{ + __m128i *in = (__m128i*)input; + __m128i *buf = (__m128i*)S->buf; + + while( inlen > BLAKE2S_BLOCKBYTES ) + { + memcpy_128( buf, in, BLAKE2S_BLOCKBYTES >> 2 ); + S->buflen = BLAKE2S_BLOCKBYTES; + inlen -= BLAKE2S_BLOCKBYTES; + S->t[0] += BLAKE2S_BLOCKBYTES; + S->t[1] += ( S->t[0] < BLAKE2S_BLOCKBYTES ); + blake2s_4way_compress( S, buf ); + S->buflen = 0; + in += ( BLAKE2S_BLOCKBYTES >> 2 ); + } + + // last block + memcpy_128( buf, in, BLAKE2S_BLOCKBYTES >> 2 ); + S->buflen = BLAKE2S_BLOCKBYTES; + S->t[0] += S->buflen; + S->t[1] += ( S->t[0] < S->buflen ); + if ( S->last_node ) S->f[1] = ~0U; + S->f[0] = ~0U; + blake2s_4way_compress( S, buf ); + + for ( int i = 0; i < 8; ++i ) + casti_m128i( out, i ) = S->h[ i ]; + return 0; +} + #if defined(__AVX2__) +// The commented code below is slower on Intel but faster on +// Zen1 AVX2. It's also faster than Zen1 AVX. +// Ryzen gen2 is unknown at this time. + int blake2s_8way_compress( blake2s_8way_state *S, const __m256i *block ) { __m256i m[16]; @@ -205,6 +269,23 @@ int blake2s_8way_compress( blake2s_8way_state *S, const __m256i *block ) memcpy_256( m, block, 16 ); memcpy_256( v, S->h, 8 ); + v[ 8] = m256_const1_64( 0x6A09E6676A09E667ULL ); + v[ 9] = m256_const1_64( 0xBB67AE85BB67AE85ULL ); + v[10] = m256_const1_64( 0x3C6EF3723C6EF372ULL ); + v[11] = m256_const1_64( 0xA54FF53AA54FF53AULL ); + v[12] = _mm256_xor_si256( _mm256_set1_epi32( S->t[0] ), + m256_const1_64( 0x510E527F510E527FULL ) ); + + v[13] = _mm256_xor_si256( _mm256_set1_epi32( S->t[1] ), + m256_const1_64( 0x9B05688C9B05688CULL ) ); + + v[14] = _mm256_xor_si256( _mm256_set1_epi32( S->f[0] ), + m256_const1_64( 0x1F83D9AB1F83D9ABULL ) ); + + v[15] = _mm256_xor_si256( _mm256_set1_epi32( S->f[1] ), + m256_const1_64( 0x5BE0CD195BE0CD19ULL ) ); + +/* v[ 8] = _mm256_set1_epi32( blake2s_IV[0] ); v[ 9] = _mm256_set1_epi32( blake2s_IV[1] ); v[10] = _mm256_set1_epi32( blake2s_IV[2] ); @@ -218,6 +299,7 @@ int blake2s_8way_compress( blake2s_8way_state *S, const __m256i *block ) v[15] = _mm256_xor_si256( _mm256_set1_epi32( S->f[1] ), _mm256_set1_epi32( blake2s_IV[7] ) ); + #define G8W(r,i,a,b,c,d) \ do { \ a = _mm256_add_epi32( _mm256_add_epi32( a, b ), \ @@ -231,7 +313,36 @@ do { \ c = _mm256_add_epi32( c, d ); \ b = mm256_ror_32( _mm256_xor_si256( b, c ), 7 ); \ } while(0) +*/ +#define G8W( sigma0, sigma1, a, b, c, d) \ +do { \ + uint8_t s0 = sigma0; \ + uint8_t s1 = sigma1; \ + a = _mm256_add_epi32( _mm256_add_epi32( a, b ), m[ s0 ] ); \ + d = mm256_ror_32( _mm256_xor_si256( d, a ), 16 ); \ + c = _mm256_add_epi32( c, d ); \ + b = mm256_ror_32( _mm256_xor_si256( b, c ), 12 ); \ + a = _mm256_add_epi32( _mm256_add_epi32( a, b ), m[ s1 ] ); \ + d = mm256_ror_32( _mm256_xor_si256( d, a ), 8 ); \ + c = _mm256_add_epi32( c, d ); \ + b = mm256_ror_32( _mm256_xor_si256( b, c ), 7 ); \ +} while(0) + +#define ROUND8W(r) \ +do { \ + uint8_t *sigma = (uint8_t*)&blake2s_sigma[r]; \ + G8W( sigma[ 0], sigma[ 1], v[ 0], v[ 4], v[ 8], v[12] ); \ + G8W( sigma[ 2], sigma[ 3], v[ 1], v[ 5], v[ 9], v[13] ); \ + G8W( sigma[ 4], sigma[ 5], v[ 2], v[ 6], v[10], v[14] ); \ + G8W( sigma[ 6], sigma[ 7], v[ 3], v[ 7], v[11], v[15] ); \ + G8W( sigma[ 8], sigma[ 9], v[ 0], v[ 5], v[10], v[15] ); \ + G8W( sigma[10], sigma[11], v[ 1], v[ 6], v[11], v[12] ); \ + G8W( sigma[12], sigma[13], v[ 2], v[ 7], v[ 8], v[13] ); \ + G8W( sigma[14], sigma[15], v[ 3], v[ 4], v[ 9], v[14] ); \ +} while(0) + +/* #define ROUND8W(r) \ do { \ G8W( r, 0, v[ 0], v[ 4], v[ 8], v[12] ); \ @@ -243,6 +354,7 @@ do { \ G8W( r, 6, v[ 2], v[ 7], v[ 8], v[13] ); \ G8W( r, 7, v[ 3], v[ 4], v[ 9], v[14] ); \ } while(0) +*/ ROUND8W( 0 ); ROUND8W( 1 ); diff --git a/algo/blake/blake2s-hash-4way.h b/algo/blake/blake2s-hash-4way.h index 45d5de9..a273056 100644 --- a/algo/blake/blake2s-hash-4way.h +++ b/algo/blake/blake2s-hash-4way.h @@ -64,7 +64,7 @@ typedef struct __blake2s_nway_param ALIGN( 64 ) typedef struct __blake2s_4way_state { __m128i h[8]; - uint8_t buf[ BLAKE2S_BLOCKBYTES * 4 ]; + uint8_t buf[ 2 * BLAKE2S_BLOCKBYTES * 4 ]; uint32_t t[2]; uint32_t f[2]; size_t buflen; @@ -81,7 +81,7 @@ int blake2s_4way_final( blake2s_4way_state *S, void *out, uint8_t outlen ); ALIGN( 64 ) typedef struct __blake2s_8way_state { __m256i h[8]; - uint8_t buf[ BLAKE2S_BLOCKBYTES * 8 ]; + uint8_t buf[ 2 * BLAKE2S_BLOCKBYTES * 8 ]; uint32_t t[2]; uint32_t f[2]; size_t buflen; @@ -92,6 +92,9 @@ int blake2s_8way_init( blake2s_8way_state *S, const uint8_t outlen ); int blake2s_8way_update( blake2s_8way_state *S, const void *in, uint64_t inlen ); int blake2s_8way_final( blake2s_8way_state *S, void *out, uint8_t outlen ); +int blake2s_4way_full_blocks( blake2s_4way_state *S, void *out, + const void *input, uint64_t inlen ); + #endif diff --git a/algo/lanehash/lane.c b/algo/lanehash/lane.c new file mode 100644 index 0000000..a5e5054 --- /dev/null +++ b/algo/lanehash/lane.c @@ -0,0 +1,2156 @@ +/* + * Copyright (c) 2008 Sebastiaan Indesteege + * + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Optimised ANSI-C implementation of LANE + */ + +#include "lane.h" + +#define T8(x) ((x) & 0xff) +#define B0(x) (T8((x) )) +#define B1(x) (T8((x) >> 8)) +#define B2(x) (T8((x) >> 16)) +#define B3(x) (T8((x) >> 24)) +#define MSB32(x) ((uint32_t)((((uint64_t)(x))>>32) & 0xffffffff)) +#define LSB32(x) ((uint32_t)((((uint64_t)(x)) ) & 0xffffffff)) +#ifdef LANE_BIG_ENDIAN +#define U8TO32_BIG(c) (((uint32_t*)(c))[0]) +#define U32TO8_BIG(c, v) ((uint32_t*)(c))[0]=v +#else +#define U8TO32_BIG(c) (((uint32_t)T8(*((uint8_t*)(c))) << 24) | \ + ((uint32_t)T8(*(((uint8_t*)(c)) + 1)) << 16) | \ + ((uint32_t)T8(*(((uint8_t*)(c)) + 2)) << 8) | \ + ((uint32_t)T8(*(((uint8_t*)(c)) + 3)))) +#define U32TO8_BIG(c, v) do { \ + uint32_t tmp_portable_h_x = (v); \ + uint8_t *tmp_portable_h_d = (c); \ + tmp_portable_h_d[0] = T8(tmp_portable_h_x >> 24); \ + tmp_portable_h_d[1] = T8(tmp_portable_h_x >> 16); \ + tmp_portable_h_d[2] = T8(tmp_portable_h_x >> 8); \ + tmp_portable_h_d[3] = T8(tmp_portable_h_x); \ + } while (0) +#endif /* LANE_BIG_ENDIAN */ + +static const uint32_t iv224[8] = { + 0xc8245a86U, 0x8d733102U, 0x314ddcb9U, 0xf60a7ef4U, + 0x57b8c917U, 0xeefeaec2U, 0xff4fc3beU, 0x87c4728eU +}; + +static const uint32_t iv256[8] = { + 0xbe292e17U, 0xbb541ff2U, 0xfe54b6f7U, 0x30b1c96aU, + 0x7b259268U, 0x8539bdf3U, 0x97c4bdd6U, 0x49763fb8U +}; + +static const uint32_t iv384[16] = { + 0x148922ceU, 0x548c3001U, 0x76978bc8U, 0x266e008cU, + 0x3dc60765U, 0xd85b09d9U, 0x4cb1c8d8U, 0xe2cab952U, + 0xdb72be8eU, 0x685f0783U, 0xfa436c3dU, 0x4b9acb90U, + 0x5088dd47U, 0x932f55a9U, 0xa0c415c6U, 0xdb6dd795U +}; + +static const uint32_t iv512[16] = { + 0x9b603481U, 0x1d5a931bU, 0x69c4e6e0U, 0x975e2681U, + 0xb863ba53U, 0x8d1be11bU, 0x77340080U, 0xd42c48a5U, + 0x3a3a1d61U, 0x1cf3a1c4U, 0xf0a30347U, 0x7e56a44aU, + 0x9530ee60U, 0xdadb05b6U, 0x3ae3ac7cU, 0xd732ac6aU +}; + +static const uint32_t T0[256] = { + 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, + 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, + 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, + 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, + 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U, + 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU, + 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU, + 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU, + 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU, + 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU, + 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U, + 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU, + 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU, + 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U, + 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU, + 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU, + 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU, + 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU, + 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU, + 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U, + 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU, + 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU, + 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU, + 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU, + 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U, + 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U, + 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U, + 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U, + 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU, + 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U, + 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U, + 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU, + 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU, + 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U, + 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U, + 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U, + 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU, + 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U, + 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU, + 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U, + 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU, + 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U, + 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U, + 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU, + 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U, + 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U, + 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U, + 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U, + 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U, + 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U, + 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U, + 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U, + 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU, + 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U, + 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U, + 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U, + 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U, + 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U, + 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U, + 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU, + 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U, + 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U, + 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, + 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, +}; +static const uint32_t T1[256] = { + 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU, + 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U, + 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU, + 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U, + 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU, + 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U, + 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU, + 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U, + 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U, + 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU, + 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U, + 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U, + 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U, + 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU, + 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U, + 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U, + 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU, + 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U, + 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U, + 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U, + 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU, + 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU, + 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U, + 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU, + 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU, + 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U, + 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU, + 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U, + 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU, + 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U, + 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U, + 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U, + 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU, + 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U, + 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU, + 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U, + 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU, + 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U, + 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U, + 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU, + 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU, + 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU, + 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U, + 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U, + 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU, + 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U, + 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU, + 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U, + 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU, + 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U, + 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU, + 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU, + 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U, + 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU, + 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U, + 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU, + 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U, + 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U, + 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U, + 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU, + 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU, + 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U, + 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU, + 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U, +}; +static const uint32_t T2[256] = { + 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU, + 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U, + 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU, + 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U, + 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU, + 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U, + 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU, + 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U, + 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U, + 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU, + 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U, + 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U, + 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U, + 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU, + 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U, + 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U, + 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU, + 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U, + 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U, + 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U, + 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU, + 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU, + 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U, + 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU, + 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU, + 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U, + 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU, + 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U, + 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU, + 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U, + 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U, + 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U, + 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU, + 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U, + 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU, + 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U, + 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU, + 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U, + 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U, + 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU, + 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU, + 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU, + 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U, + 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U, + 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU, + 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U, + 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU, + 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U, + 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU, + 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U, + 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU, + 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU, + 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U, + 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU, + 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U, + 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU, + 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U, + 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U, + 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U, + 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU, + 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU, + 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U, + 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU, + 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U, +}; +static const uint32_t T3[256] = { + 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, + 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, + 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U, + 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU, + 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU, + 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU, + 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U, + 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU, + 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU, + 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U, + 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U, + 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU, + 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU, + 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU, + 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU, + 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU, + 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U, + 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU, + 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU, + 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U, + 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U, + 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U, + 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U, + 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U, + 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU, + 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U, + 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU, + 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU, + 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U, + 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U, + 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U, + 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU, + 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U, + 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU, + 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU, + 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U, + 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U, + 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU, + 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U, + 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU, + 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U, + 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U, + 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U, + 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U, + 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU, + 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U, + 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU, + 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U, + 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU, + 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U, + 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU, + 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU, + 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU, + 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU, + 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U, + 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U, + 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U, + 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U, + 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U, + 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U, + 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU, + 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U, + 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, + 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, +}; + +static const uint32_t C[768] = { + 0x07fc703d, 0xd3fe381f, 0xb9ff1c0e, 0x5cff8e07, 0xfe7fc702, 0x7f3fe381, 0xef9ff1c1, 0xa7cff8e1, + 0x83e7fc71, 0x91f3fe39, 0x98f9ff1d, 0x9c7cff8f, 0x9e3e7fc6, 0x4f1f3fe3, 0xf78f9ff0, 0x7bc7cff8, + 0x3de3e7fc, 0x1ef1f3fe, 0x0f78f9ff, 0xd7bc7cfe, 0x6bde3e7f, 0xe5ef1f3e, 0x72f78f9f, 0xe97bc7ce, + 0x74bde3e7, 0xea5ef1f2, 0x752f78f9, 0xea97bc7d, 0xa54bde3f, 0x82a5ef1e, 0x4152f78f, 0xf0a97bc6, + 0x7854bde3, 0xec2a5ef0, 0x76152f78, 0x3b0a97bc, 0x1d854bde, 0x0ec2a5ef, 0xd76152f6, 0x6bb0a97b, + 0xe5d854bc, 0x72ec2a5e, 0x3976152f, 0xccbb0a96, 0x665d854b, 0xe32ec2a4, 0x71976152, 0x38cbb0a9, + 0xcc65d855, 0xb632ec2b, 0x8b197614, 0x458cbb0a, 0x22c65d85, 0xc1632ec3, 0xb0b19760, 0x5858cbb0, + 0x2c2c65d8, 0x161632ec, 0x0b0b1976, 0x05858cbb, 0xd2c2c65c, 0x6961632e, 0x34b0b197, 0xca5858ca, + 0x652c2c65, 0xe2961633, 0xa14b0b18, 0x50a5858c, 0x2852c2c6, 0x14296163, 0xda14b0b0, 0x6d0a5858, + 0x36852c2c, 0x1b429616, 0x0da14b0b, 0xd6d0a584, 0x6b6852c2, 0x35b42961, 0xcada14b1, 0xb56d0a59, + 0x8ab6852d, 0x955b4297, 0x9aada14a, 0x4d56d0a5, 0xf6ab6853, 0xab55b428, 0x55aada14, 0x2ad56d0a, + 0x156ab685, 0xdab55b43, 0xbd5aada0, 0x5ead56d0, 0x2f56ab68, 0x17ab55b4, 0x0bd5aada, 0x05ead56d, + 0xd2f56ab7, 0xb97ab55a, 0x5cbd5aad, 0xfe5ead57, 0xaf2f56aa, 0x5797ab55, 0xfbcbd5ab, 0xade5ead4, + 0x56f2f56a, 0x2b797ab5, 0xc5bcbd5b, 0xb2de5eac, 0x596f2f56, 0x2cb797ab, 0xc65bcbd4, 0x632de5ea, + 0x3196f2f5, 0xc8cb797b, 0xb465bcbc, 0x5a32de5e, 0x2d196f2f, 0xc68cb796, 0x63465bcb, 0xe1a32de4, + 0x70d196f2, 0x3868cb79, 0xcc3465bd, 0xb61a32df, 0x8b0d196e, 0x45868cb7, 0xf2c3465a, 0x7961a32d, + 0xecb0d197, 0xa65868ca, 0x532c3465, 0xf9961a33, 0xaccb0d18, 0x5665868c, 0x2b32c346, 0x159961a3, + 0xdaccb0d0, 0x6d665868, 0x36b32c34, 0x1b59961a, 0x0daccb0d, 0xd6d66587, 0xbb6b32c2, 0x5db59961, + 0xfedaccb1, 0xaf6d6659, 0x87b6b32d, 0x93db5997, 0x99edacca, 0x4cf6d665, 0xf67b6b33, 0xab3db598, + 0x559edacc, 0x2acf6d66, 0x1567b6b3, 0xdab3db58, 0x6d59edac, 0x36acf6d6, 0x1b567b6b, 0xddab3db4, + 0x6ed59eda, 0x376acf6d, 0xcbb567b7, 0xb5dab3da, 0x5aed59ed, 0xfd76acf7, 0xaebb567a, 0x575dab3d, + 0xfbaed59f, 0xadd76ace, 0x56ebb567, 0xfb75dab2, 0x7dbaed59, 0xeedd76ad, 0xa76ebb57, 0x83b75daa, + 0x41dbaed5, 0xf0edd76b, 0xa876ebb4, 0x543b75da, 0x2a1dbaed, 0xc50edd77, 0xb2876eba, 0x5943b75d, + 0xfca1dbaf, 0xae50edd6, 0x572876eb, 0xfb943b74, 0x7dca1dba, 0x3ee50edd, 0xcf72876f, 0xb7b943b6, + 0x5bdca1db, 0xfdee50ec, 0x7ef72876, 0x3f7b943b, 0xcfbdca1c, 0x67dee50e, 0x33ef7287, 0xc9f7b942, + 0x64fbdca1, 0xe27dee51, 0xa13ef729, 0x809f7b95, 0x904fbdcb, 0x9827dee4, 0x4c13ef72, 0x2609f7b9, + 0xc304fbdd, 0xb1827def, 0x88c13ef6, 0x44609f7b, 0xf2304fbc, 0x791827de, 0x3c8c13ef, 0xce4609f6, + 0x672304fb, 0xe391827c, 0x71c8c13e, 0x38e4609f, 0xcc72304e, 0x66391827, 0xe31c8c12, 0x718e4609, + 0xe8c72305, 0xa4639183, 0x8231c8c0, 0x4118e460, 0x208c7230, 0x10463918, 0x08231c8c, 0x04118e46, + 0x0208c723, 0xd1046390, 0x688231c8, 0x344118e4, 0x1a208c72, 0x0d104639, 0xd688231d, 0xbb44118f, + 0x8da208c6, 0x46d10463, 0xf3688230, 0x79b44118, 0x3cda208c, 0x1e6d1046, 0x0f368823, 0xd79b4410, + 0x6bcda208, 0x35e6d104, 0x1af36882, 0x0d79b441, 0xd6bcda21, 0xbb5e6d11, 0x8daf3689, 0x96d79b45, + 0x9b6bcda3, 0x9db5e6d0, 0x4edaf368, 0x276d79b4, 0x13b6bcda, 0x09db5e6d, 0xd4edaf37, 0xba76d79a, + 0x5d3b6bcd, 0xfe9db5e7, 0xaf4edaf2, 0x57a76d79, 0xfbd3b6bd, 0xade9db5f, 0x86f4edae, 0x437a76d7, + 0xf1bd3b6a, 0x78de9db5, 0xec6f4edb, 0xa637a76c, 0x531bd3b6, 0x298de9db, 0xc4c6f4ec, 0x62637a76, + 0x3131bd3b, 0xc898de9c, 0x644c6f4e, 0x322637a7, 0xc9131bd2, 0x64898de9, 0xe244c6f5, 0xa122637b, + 0x809131bc, 0x404898de, 0x20244c6f, 0xc0122636, 0x6009131b, 0xe004898c, 0x700244c6, 0x38012263, + 0xcc009130, 0x66004898, 0x3300244c, 0x19801226, 0x0cc00913, 0xd6600488, 0x6b300244, 0x35980122, + 0x1acc0091, 0xdd660049, 0xbeb30025, 0x8f598013, 0x97acc008, 0x4bd66004, 0x25eb3002, 0x12f59801, + 0xd97acc01, 0xbcbd6601, 0x8e5eb301, 0x972f5981, 0x9b97acc1, 0x9dcbd661, 0x9ee5eb31, 0x9f72f599, + 0x9fb97acd, 0x9fdcbd67, 0x9fee5eb2, 0x4ff72f59, 0xf7fb97ad, 0xabfdcbd7, 0x85fee5ea, 0x42ff72f5, + 0xf17fb97b, 0xa8bfdcbc, 0x545fee5e, 0x2a2ff72f, 0xc517fb96, 0x628bfdcb, 0xe145fee4, 0x70a2ff72, + 0x38517fb9, 0xcc28bfdd, 0xb6145fef, 0x8b0a2ff6, 0x458517fb, 0xf2c28bfc, 0x796145fe, 0x3cb0a2ff, + 0xce58517e, 0x672c28bf, 0xe396145e, 0x71cb0a2f, 0xe8e58516, 0x7472c28b, 0xea396144, 0x751cb0a2, + 0x3a8e5851, 0xcd472c29, 0xb6a39615, 0x8b51cb0b, 0x95a8e584, 0x4ad472c2, 0x256a3961, 0xc2b51cb1, + 0xb15a8e59, 0x88ad472d, 0x9456a397, 0x9a2b51ca, 0x4d15a8e5, 0xf68ad473, 0xab456a38, 0x55a2b51c, + 0x2ad15a8e, 0x1568ad47, 0xdab456a2, 0x6d5a2b51, 0xe6ad15a9, 0xa3568ad5, 0x81ab456b, 0x90d5a2b4, + 0x486ad15a, 0x243568ad, 0xc21ab457, 0xb10d5a2a, 0x5886ad15, 0xfc43568b, 0xae21ab44, 0x5710d5a2, + 0x2b886ad1, 0xc5c43569, 0xb2e21ab5, 0x89710d5b, 0x94b886ac, 0x4a5c4356, 0x252e21ab, 0xc29710d4, + 0x614b886a, 0x30a5c435, 0xc852e21b, 0xb429710c, 0x5a14b886, 0x2d0a5c43, 0xc6852e20, 0x63429710, + 0x31a14b88, 0x18d0a5c4, 0x0c6852e2, 0x06342971, 0xd31a14b9, 0xb98d0a5d, 0x8cc6852f, 0x96634296, + 0x4b31a14b, 0xf598d0a4, 0x7acc6852, 0x3d663429, 0xceb31a15, 0xb7598d0b, 0x8bacc684, 0x45d66342, + 0x22eb31a1, 0xc17598d1, 0xb0bacc69, 0x885d6635, 0x942eb31b, 0x9a17598c, 0x4d0bacc6, 0x2685d663, + 0xc342eb30, 0x61a17598, 0x30d0bacc, 0x18685d66, 0x0c342eb3, 0xd61a1758, 0x6b0d0bac, 0x358685d6, + 0x1ac342eb, 0xdd61a174, 0x6eb0d0ba, 0x3758685d, 0xcbac342f, 0xb5d61a16, 0x5aeb0d0b, 0xfd758684, + 0x7ebac342, 0x3f5d61a1, 0xcfaeb0d1, 0xb7d75869, 0x8bebac35, 0x95f5d61b, 0x9afaeb0c, 0x4d7d7586, + 0x26bebac3, 0xc35f5d60, 0x61afaeb0, 0x30d7d758, 0x186bebac, 0x0c35f5d6, 0x061afaeb, 0xd30d7d74, + 0x6986beba, 0x34c35f5d, 0xca61afaf, 0xb530d7d6, 0x5a986beb, 0xfd4c35f4, 0x7ea61afa, 0x3f530d7d, + 0xcfa986bf, 0xb7d4c35e, 0x5bea61af, 0xfdf530d6, 0x7efa986b, 0xef7d4c34, 0x77bea61a, 0x3bdf530d, + 0xcdefa987, 0xb6f7d4c2, 0x5b7bea61, 0xfdbdf531, 0xaedefa99, 0x876f7d4d, 0x93b7bea7, 0x99dbdf52, + 0x4cedefa9, 0xf676f7d5, 0xab3b7beb, 0x859dbdf4, 0x42cedefa, 0x21676f7d, 0xc0b3b7bf, 0xb059dbde, + 0x582cedef, 0xfc1676f6, 0x7e0b3b7b, 0xef059dbc, 0x7782cede, 0x3bc1676f, 0xcde0b3b6, 0x66f059db, + 0xe3782cec, 0x71bc1676, 0x38de0b3b, 0xcc6f059c, 0x663782ce, 0x331bc167, 0xc98de0b2, 0x64c6f059, + 0xe263782d, 0xa131bc17, 0x8098de0a, 0x404c6f05, 0xf0263783, 0xa8131bc0, 0x54098de0, 0x2a04c6f0, + 0x15026378, 0x0a8131bc, 0x054098de, 0x02a04c6f, 0xd1502636, 0x68a8131b, 0xe454098c, 0x722a04c6, + 0x39150263, 0xcc8a8130, 0x66454098, 0x3322a04c, 0x19915026, 0x0cc8a813, 0xd6645408, 0x6b322a04, + 0x35991502, 0x1acc8a81, 0xdd664541, 0xbeb322a1, 0x8f599151, 0x97acc8a9, 0x9bd66455, 0x9deb322b, + 0x9ef59914, 0x4f7acc8a, 0x27bd6645, 0xc3deb323, 0xb1ef5990, 0x58f7acc8, 0x2c7bd664, 0x163deb32, + 0x0b1ef599, 0xd58f7acd, 0xbac7bd67, 0x8d63deb2, 0x46b1ef59, 0xf358f7ad, 0xa9ac7bd7, 0x84d63dea, + 0x426b1ef5, 0xf1358f7b, 0xa89ac7bc, 0x544d63de, 0x2a26b1ef, 0xc51358f6, 0x6289ac7b, 0xe144d63c, + 0x70a26b1e, 0x3851358f, 0xcc289ac6, 0x66144d63, 0xe30a26b0, 0x71851358, 0x38c289ac, 0x1c6144d6, + 0x0e30a26b, 0xd7185134, 0x6b8c289a, 0x35c6144d, 0xcae30a27, 0xb5718512, 0x5ab8c289, 0xfd5c6145, + 0xaeae30a3, 0x87571850, 0x43ab8c28, 0x21d5c614, 0x10eae30a, 0x08757185, 0xd43ab8c3, 0xba1d5c60, + 0x5d0eae30, 0x2e875718, 0x1743ab8c, 0x0ba1d5c6, 0x05d0eae3, 0xd2e87570, 0x69743ab8, 0x34ba1d5c, + 0x1a5d0eae, 0x0d2e8757, 0xd69743aa, 0x6b4ba1d5, 0xe5a5d0eb, 0xa2d2e874, 0x5169743a, 0x28b4ba1d, + 0xc45a5d0f, 0xb22d2e86, 0x59169743, 0xfc8b4ba0, 0x7e45a5d0, 0x3f22d2e8, 0x1f916974, 0x0fc8b4ba, + 0x07e45a5d, 0xd3f22d2f, 0xb9f91696, 0x5cfc8b4b, 0xfe7e45a4, 0x7f3f22d2, 0x3f9f9169, 0xcfcfc8b5, + 0xb7e7e45b, 0x8bf3f22c, 0x45f9f916, 0x22fcfc8b, 0xc17e7e44, 0x60bf3f22, 0x305f9f91, 0xc82fcfc9, + 0xb417e7e5, 0x8a0bf3f3, 0x9505f9f8, 0x4a82fcfc, 0x25417e7e, 0x12a0bf3f, 0xd9505f9e, 0x6ca82fcf, + 0xe65417e6, 0x732a0bf3, 0xe99505f8, 0x74ca82fc, 0x3a65417e, 0x1d32a0bf, 0xde99505e, 0x6f4ca82f, + 0xe7a65416, 0x73d32a0b, 0xe9e99504, 0x74f4ca82, 0x3a7a6541, 0xcd3d32a1, 0xb69e9951, 0x8b4f4ca9, + 0x95a7a655, 0x9ad3d32b, 0x9d69e994, 0x4eb4f4ca, 0x275a7a65, 0xc3ad3d33, 0xb1d69e98, 0x58eb4f4c, + 0x2c75a7a6, 0x163ad3d3, 0xdb1d69e8, 0x6d8eb4f4, 0x36c75a7a, 0x1b63ad3d, 0xddb1d69f, 0xbed8eb4e, + 0x5f6c75a7, 0xffb63ad2, 0x7fdb1d69, 0xefed8eb5, 0xa7f6c75b, 0x83fb63ac, 0x41fdb1d6, 0x20fed8eb, + 0xc07f6c74, 0x603fb63a, 0x301fdb1d, 0xc80fed8f, 0xb407f6c6, 0x5a03fb63, 0xfd01fdb0, 0x7e80fed8, + 0x3f407f6c, 0x1fa03fb6, 0x0fd01fdb, 0xd7e80fec, 0x6bf407f6, 0x35fa03fb, 0xcafd01fc, 0x657e80fe, + 0x32bf407f, 0xc95fa03e, 0x64afd01f, 0xe257e80e, 0x712bf407, 0xe895fa02, 0x744afd01, 0xea257e81, + 0xa512bf41, 0x82895fa1, 0x9144afd1, 0x98a257e9, 0x9c512bf5, 0x9e2895fb, 0x9f144afc, 0x4f8a257e, + 0x27c512bf, 0xc3e2895e, 0x61f144af, 0xe0f8a256, 0x707c512b, 0xe83e2894, 0x741f144a, 0x3a0f8a25, + 0xcd07c513, 0xb683e288, 0x5b41f144, 0x2da0f8a2, 0x16d07c51, 0xdb683e29, 0xbdb41f15, 0x8eda0f8b, + 0x976d07c4, 0x4bb683e2, 0x25db41f1, 0xc2eda0f9, 0xb176d07d, 0x88bb683f, 0x945db41e, 0x4a2eda0f, + 0xf5176d06, 0x7a8bb683, 0xed45db40, 0x76a2eda0, 0x3b5176d0, 0x1da8bb68, 0x0ed45db4, 0x076a2eda, + 0x03b5176d, 0xd1da8bb7, 0xb8ed45da, 0x5c76a2ed, 0xfe3b5177, 0xaf1da8ba, 0x578ed45d, 0xfbc76a2f, + 0xade3b516, 0x56f1da8b, 0xfb78ed44, 0x7dbc76a2, 0x3ede3b51, 0xcf6f1da9, 0xb7b78ed5, 0x8bdbc76b, + 0x95ede3b4, 0x4af6f1da, 0x257b78ed, 0xc2bdbc77, 0xb15ede3a, 0x58af6f1d, 0xfc57b78f, 0xae2bdbc6, + 0x5715ede3, 0xfb8af6f0, 0x7dc57b78, 0x3ee2bdbc, 0x1f715ede, 0x0fb8af6f, 0xd7dc57b6, 0x6bee2bdb, +}; + +void lane256_compress(const uint8_t m[64], uint32_t h[8], const uint32_t ctrh, const uint32_t ctrl) +{ + uint32_t t0, t1, t2, t3, t4, t5, t6, t7; /* temp */ + uint32_t s00, s01, s02, s03, s04, s05, s06, s07; /* lane 0 */ + uint32_t s10, s11, s12, s13, s14, s15, s16, s17; /* lane 1 */ + uint32_t s20, s21, s22, s23, s24, s25, s26, s27; /* lane 2 */ + uint32_t s30, s31, s32, s33, s34, s35, s36, s37; /* lane 3 */ + uint32_t s40, s41, s42, s43, s44, s45, s46, s47; /* lane 4 */ + uint32_t s50, s51, s52, s53, s54, s55, s56, s57; /* lane 5 */ + uint32_t s60, s61, s62, s63, s64, s65, s66, s67; /* lane 6 */ + uint32_t s70, s71, s72, s73, s74, s75, s76, s77; /* lane 7 */ + + /* Message expansion */ + s30 = h[0]; + s31 = h[1]; + s32 = h[2]; + s33 = h[3]; + s34 = h[4]; + s35 = h[5]; + s36 = h[6]; + s37 = h[7]; + s40 = U8TO32_BIG(m + 0); + s41 = U8TO32_BIG(m + 4); + s42 = U8TO32_BIG(m + 8); + s43 = U8TO32_BIG(m + 12); + s44 = U8TO32_BIG(m + 16); + s45 = U8TO32_BIG(m + 20); + s46 = U8TO32_BIG(m + 24); + s47 = U8TO32_BIG(m + 28); + s50 = U8TO32_BIG(m + 32); + s51 = U8TO32_BIG(m + 36); + s52 = U8TO32_BIG(m + 40); + s53 = U8TO32_BIG(m + 44); + s54 = U8TO32_BIG(m + 48); + s55 = U8TO32_BIG(m + 52); + s56 = U8TO32_BIG(m + 56); + s57 = U8TO32_BIG(m + 60); + s00 = s30 ^ s40 ^ s44 ^ s50 ^ s54; + s01 = s31 ^ s41 ^ s45 ^ s51 ^ s55; + s02 = s32 ^ s42 ^ s46 ^ s52 ^ s56; + s03 = s33 ^ s43 ^ s47 ^ s53 ^ s57; + s04 = s34 ^ s40 ^ s50; + s05 = s35 ^ s41 ^ s51; + s06 = s36 ^ s42 ^ s52; + s07 = s37 ^ s43 ^ s53; + s10 = s00 ^ s34 ^ s44; + s11 = s01 ^ s35 ^ s45; + s12 = s02 ^ s36 ^ s46; + s13 = s03 ^ s37 ^ s47; + s14 = s30 ^ s44 ^ s50; + s15 = s31 ^ s45 ^ s51; + s16 = s32 ^ s46 ^ s52; + s17 = s33 ^ s47 ^ s53; + s20 = s00 ^ s34 ^ s54; + s21 = s01 ^ s35 ^ s55; + s22 = s02 ^ s36 ^ s56; + s23 = s03 ^ s37 ^ s57; + s24 = s30 ^ s40 ^ s54; + s25 = s31 ^ s41 ^ s55; + s26 = s32 ^ s42 ^ s56; + s27 = s33 ^ s43 ^ s57; + + /* Lane 0 */ + t0 = T0[B3(s00)] ^ T1[B2(s01)] ^ T2[B1(s02)] ^ T3[B0(s03)] ^ C[ 0]; + t1 = T0[B3(s01)] ^ T1[B2(s02)] ^ T2[B1(s03)] ^ T3[B0(s00)] ^ C[ 1]; + t4 = T0[B3(s02)] ^ T1[B2(s03)] ^ T2[B1(s00)] ^ T3[B0(s01)] ^ C[ 2]; + t5 = T0[B3(s03)] ^ T1[B2(s00)] ^ T2[B1(s01)] ^ T3[B0(s02)] ^ C[ 3] ^ ctrh; + t2 = T0[B3(s04)] ^ T1[B2(s05)] ^ T2[B1(s06)] ^ T3[B0(s07)] ^ C[ 4]; + t3 = T0[B3(s05)] ^ T1[B2(s06)] ^ T2[B1(s07)] ^ T3[B0(s04)] ^ C[ 5]; + t6 = T0[B3(s06)] ^ T1[B2(s07)] ^ T2[B1(s04)] ^ T3[B0(s05)] ^ C[ 6]; + t7 = T0[B3(s07)] ^ T1[B2(s04)] ^ T2[B1(s05)] ^ T3[B0(s06)] ^ C[ 7]; + + s00 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 8]; + s01 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 9]; + s04 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[10]; + s05 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[11] ^ ctrl; + s02 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[12]; + s03 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[13]; + s06 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[14]; + s07 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[15]; + + t0 = T0[B3(s00)] ^ T1[B2(s01)] ^ T2[B1(s02)] ^ T3[B0(s03)] ^ C[16]; + t1 = T0[B3(s01)] ^ T1[B2(s02)] ^ T2[B1(s03)] ^ T3[B0(s00)] ^ C[17]; + t4 = T0[B3(s02)] ^ T1[B2(s03)] ^ T2[B1(s00)] ^ T3[B0(s01)] ^ C[18]; + t5 = T0[B3(s03)] ^ T1[B2(s00)] ^ T2[B1(s01)] ^ T3[B0(s02)] ^ C[19] ^ ctrh; + t2 = T0[B3(s04)] ^ T1[B2(s05)] ^ T2[B1(s06)] ^ T3[B0(s07)] ^ C[20]; + t3 = T0[B3(s05)] ^ T1[B2(s06)] ^ T2[B1(s07)] ^ T3[B0(s04)] ^ C[21]; + t6 = T0[B3(s06)] ^ T1[B2(s07)] ^ T2[B1(s04)] ^ T3[B0(s05)] ^ C[22]; + t7 = T0[B3(s07)] ^ T1[B2(s04)] ^ T2[B1(s05)] ^ T3[B0(s06)] ^ C[23]; + + s00 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[24]; + s01 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[25]; + s04 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[26]; + s05 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[27] ^ ctrl; + s02 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[28]; + s03 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[29]; + s06 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[30]; + s07 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[31]; + + t0 = T0[B3(s00)] ^ T1[B2(s01)] ^ T2[B1(s02)] ^ T3[B0(s03)] ^ C[32]; + t1 = T0[B3(s01)] ^ T1[B2(s02)] ^ T2[B1(s03)] ^ T3[B0(s00)] ^ C[33]; + t4 = T0[B3(s02)] ^ T1[B2(s03)] ^ T2[B1(s00)] ^ T3[B0(s01)] ^ C[34]; + t5 = T0[B3(s03)] ^ T1[B2(s00)] ^ T2[B1(s01)] ^ T3[B0(s02)] ^ C[35] ^ ctrh; + t2 = T0[B3(s04)] ^ T1[B2(s05)] ^ T2[B1(s06)] ^ T3[B0(s07)] ^ C[36]; + t3 = T0[B3(s05)] ^ T1[B2(s06)] ^ T2[B1(s07)] ^ T3[B0(s04)] ^ C[37]; + t6 = T0[B3(s06)] ^ T1[B2(s07)] ^ T2[B1(s04)] ^ T3[B0(s05)] ^ C[38]; + t7 = T0[B3(s07)] ^ T1[B2(s04)] ^ T2[B1(s05)] ^ T3[B0(s06)] ^ C[39]; + + s60 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )]; + s61 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )]; + s64 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )]; + s65 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )]; + s62 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )]; + s63 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )]; + s66 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )]; + s67 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )]; + + /* Lane 1 */ + t0 = T0[B3(s10)] ^ T1[B2(s11)] ^ T2[B1(s12)] ^ T3[B0(s13)] ^ C[ 0+40]; + t1 = T0[B3(s11)] ^ T1[B2(s12)] ^ T2[B1(s13)] ^ T3[B0(s10)] ^ C[ 1+40]; + t4 = T0[B3(s12)] ^ T1[B2(s13)] ^ T2[B1(s10)] ^ T3[B0(s11)] ^ C[ 2+40]; + t5 = T0[B3(s13)] ^ T1[B2(s10)] ^ T2[B1(s11)] ^ T3[B0(s12)] ^ C[ 3+40] ^ ctrl; + t2 = T0[B3(s14)] ^ T1[B2(s15)] ^ T2[B1(s16)] ^ T3[B0(s17)] ^ C[ 4+40]; + t3 = T0[B3(s15)] ^ T1[B2(s16)] ^ T2[B1(s17)] ^ T3[B0(s14)] ^ C[ 5+40]; + t6 = T0[B3(s16)] ^ T1[B2(s17)] ^ T2[B1(s14)] ^ T3[B0(s15)] ^ C[ 6+40]; + t7 = T0[B3(s17)] ^ T1[B2(s14)] ^ T2[B1(s15)] ^ T3[B0(s16)] ^ C[ 7+40]; + + s10 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 8+40]; + s11 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 9+40]; + s14 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[10+40]; + s15 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[11+40] ^ ctrh; + s12 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[12+40]; + s13 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[13+40]; + s16 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[14+40]; + s17 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[15+40]; + + t0 = T0[B3(s10)] ^ T1[B2(s11)] ^ T2[B1(s12)] ^ T3[B0(s13)] ^ C[16+40]; + t1 = T0[B3(s11)] ^ T1[B2(s12)] ^ T2[B1(s13)] ^ T3[B0(s10)] ^ C[17+40]; + t4 = T0[B3(s12)] ^ T1[B2(s13)] ^ T2[B1(s10)] ^ T3[B0(s11)] ^ C[18+40]; + t5 = T0[B3(s13)] ^ T1[B2(s10)] ^ T2[B1(s11)] ^ T3[B0(s12)] ^ C[19+40] ^ ctrl; + t2 = T0[B3(s14)] ^ T1[B2(s15)] ^ T2[B1(s16)] ^ T3[B0(s17)] ^ C[20+40]; + t3 = T0[B3(s15)] ^ T1[B2(s16)] ^ T2[B1(s17)] ^ T3[B0(s14)] ^ C[21+40]; + t6 = T0[B3(s16)] ^ T1[B2(s17)] ^ T2[B1(s14)] ^ T3[B0(s15)] ^ C[22+40]; + t7 = T0[B3(s17)] ^ T1[B2(s14)] ^ T2[B1(s15)] ^ T3[B0(s16)] ^ C[23+40]; + + s10 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[24+40]; + s11 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[25+40]; + s14 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[26+40]; + s15 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[27+40] ^ ctrh; + s12 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[28+40]; + s13 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[29+40]; + s16 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[30+40]; + s17 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[31+40]; + + t0 = T0[B3(s10)] ^ T1[B2(s11)] ^ T2[B1(s12)] ^ T3[B0(s13)] ^ C[32+40]; + t1 = T0[B3(s11)] ^ T1[B2(s12)] ^ T2[B1(s13)] ^ T3[B0(s10)] ^ C[33+40]; + t4 = T0[B3(s12)] ^ T1[B2(s13)] ^ T2[B1(s10)] ^ T3[B0(s11)] ^ C[34+40]; + t5 = T0[B3(s13)] ^ T1[B2(s10)] ^ T2[B1(s11)] ^ T3[B0(s12)] ^ C[35+40] ^ ctrl; + t2 = T0[B3(s14)] ^ T1[B2(s15)] ^ T2[B1(s16)] ^ T3[B0(s17)] ^ C[36+40]; + t3 = T0[B3(s15)] ^ T1[B2(s16)] ^ T2[B1(s17)] ^ T3[B0(s14)] ^ C[37+40]; + t6 = T0[B3(s16)] ^ T1[B2(s17)] ^ T2[B1(s14)] ^ T3[B0(s15)] ^ C[38+40]; + t7 = T0[B3(s17)] ^ T1[B2(s14)] ^ T2[B1(s15)] ^ T3[B0(s16)] ^ C[39+40]; + + s60 ^= T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )]; + s61 ^= T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )]; + s64 ^= T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )]; + s65 ^= T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )]; + s62 ^= T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )]; + s63 ^= T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )]; + s66 ^= T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )]; + s67 ^= T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )]; + + /* Lane 2 */ + t0 = T0[B3(s20)] ^ T1[B2(s21)] ^ T2[B1(s22)] ^ T3[B0(s23)] ^ C[ 0+80]; + t1 = T0[B3(s21)] ^ T1[B2(s22)] ^ T2[B1(s23)] ^ T3[B0(s20)] ^ C[ 1+80]; + t4 = T0[B3(s22)] ^ T1[B2(s23)] ^ T2[B1(s20)] ^ T3[B0(s21)] ^ C[ 2+80]; + t5 = T0[B3(s23)] ^ T1[B2(s20)] ^ T2[B1(s21)] ^ T3[B0(s22)] ^ C[ 3+80] ^ ctrh; + t2 = T0[B3(s24)] ^ T1[B2(s25)] ^ T2[B1(s26)] ^ T3[B0(s27)] ^ C[ 4+80]; + t3 = T0[B3(s25)] ^ T1[B2(s26)] ^ T2[B1(s27)] ^ T3[B0(s24)] ^ C[ 5+80]; + t6 = T0[B3(s26)] ^ T1[B2(s27)] ^ T2[B1(s24)] ^ T3[B0(s25)] ^ C[ 6+80]; + t7 = T0[B3(s27)] ^ T1[B2(s24)] ^ T2[B1(s25)] ^ T3[B0(s26)] ^ C[ 7+80]; + + s20 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 8+80]; + s21 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 9+80]; + s24 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[10+80]; + s25 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[11+80] ^ ctrl; + s22 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[12+80]; + s23 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[13+80]; + s26 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[14+80]; + s27 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[15+80]; + + t0 = T0[B3(s20)] ^ T1[B2(s21)] ^ T2[B1(s22)] ^ T3[B0(s23)] ^ C[16+80]; + t1 = T0[B3(s21)] ^ T1[B2(s22)] ^ T2[B1(s23)] ^ T3[B0(s20)] ^ C[17+80]; + t4 = T0[B3(s22)] ^ T1[B2(s23)] ^ T2[B1(s20)] ^ T3[B0(s21)] ^ C[18+80]; + t5 = T0[B3(s23)] ^ T1[B2(s20)] ^ T2[B1(s21)] ^ T3[B0(s22)] ^ C[19+80] ^ ctrh; + t2 = T0[B3(s24)] ^ T1[B2(s25)] ^ T2[B1(s26)] ^ T3[B0(s27)] ^ C[20+80]; + t3 = T0[B3(s25)] ^ T1[B2(s26)] ^ T2[B1(s27)] ^ T3[B0(s24)] ^ C[21+80]; + t6 = T0[B3(s26)] ^ T1[B2(s27)] ^ T2[B1(s24)] ^ T3[B0(s25)] ^ C[22+80]; + t7 = T0[B3(s27)] ^ T1[B2(s24)] ^ T2[B1(s25)] ^ T3[B0(s26)] ^ C[23+80]; + + s20 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[24+80]; + s21 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[25+80]; + s24 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[26+80]; + s25 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[27+80] ^ ctrl; + s22 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[28+80]; + s23 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[29+80]; + s26 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[30+80]; + s27 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[31+80]; + + t0 = T0[B3(s20)] ^ T1[B2(s21)] ^ T2[B1(s22)] ^ T3[B0(s23)] ^ C[32+80]; + t1 = T0[B3(s21)] ^ T1[B2(s22)] ^ T2[B1(s23)] ^ T3[B0(s20)] ^ C[33+80]; + t4 = T0[B3(s22)] ^ T1[B2(s23)] ^ T2[B1(s20)] ^ T3[B0(s21)] ^ C[34+80]; + t5 = T0[B3(s23)] ^ T1[B2(s20)] ^ T2[B1(s21)] ^ T3[B0(s22)] ^ C[35+80] ^ ctrh; + t2 = T0[B3(s24)] ^ T1[B2(s25)] ^ T2[B1(s26)] ^ T3[B0(s27)] ^ C[36+80]; + t3 = T0[B3(s25)] ^ T1[B2(s26)] ^ T2[B1(s27)] ^ T3[B0(s24)] ^ C[37+80]; + t6 = T0[B3(s26)] ^ T1[B2(s27)] ^ T2[B1(s24)] ^ T3[B0(s25)] ^ C[38+80]; + t7 = T0[B3(s27)] ^ T1[B2(s24)] ^ T2[B1(s25)] ^ T3[B0(s26)] ^ C[39+80]; + + s60 ^= T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )]; + s61 ^= T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )]; + s64 ^= T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )]; + s65 ^= T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )]; + s62 ^= T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )]; + s63 ^= T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )]; + s66 ^= T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )]; + s67 ^= T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )]; + + /* Lane 3 */ + t0 = T0[B3(s30)] ^ T1[B2(s31)] ^ T2[B1(s32)] ^ T3[B0(s33)] ^ C[ 0+120]; + t1 = T0[B3(s31)] ^ T1[B2(s32)] ^ T2[B1(s33)] ^ T3[B0(s30)] ^ C[ 1+120]; + t4 = T0[B3(s32)] ^ T1[B2(s33)] ^ T2[B1(s30)] ^ T3[B0(s31)] ^ C[ 2+120]; + t5 = T0[B3(s33)] ^ T1[B2(s30)] ^ T2[B1(s31)] ^ T3[B0(s32)] ^ C[ 3+120] ^ ctrl; + t2 = T0[B3(s34)] ^ T1[B2(s35)] ^ T2[B1(s36)] ^ T3[B0(s37)] ^ C[ 4+120]; + t3 = T0[B3(s35)] ^ T1[B2(s36)] ^ T2[B1(s37)] ^ T3[B0(s34)] ^ C[ 5+120]; + t6 = T0[B3(s36)] ^ T1[B2(s37)] ^ T2[B1(s34)] ^ T3[B0(s35)] ^ C[ 6+120]; + t7 = T0[B3(s37)] ^ T1[B2(s34)] ^ T2[B1(s35)] ^ T3[B0(s36)] ^ C[ 7+120]; + + s30 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 8+120]; + s31 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 9+120]; + s34 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[10+120]; + s35 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[11+120] ^ ctrh; + s32 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[12+120]; + s33 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[13+120]; + s36 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[14+120]; + s37 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[15+120]; + + t0 = T0[B3(s30)] ^ T1[B2(s31)] ^ T2[B1(s32)] ^ T3[B0(s33)] ^ C[16+120]; + t1 = T0[B3(s31)] ^ T1[B2(s32)] ^ T2[B1(s33)] ^ T3[B0(s30)] ^ C[17+120]; + t4 = T0[B3(s32)] ^ T1[B2(s33)] ^ T2[B1(s30)] ^ T3[B0(s31)] ^ C[18+120]; + t5 = T0[B3(s33)] ^ T1[B2(s30)] ^ T2[B1(s31)] ^ T3[B0(s32)] ^ C[19+120] ^ ctrl; + t2 = T0[B3(s34)] ^ T1[B2(s35)] ^ T2[B1(s36)] ^ T3[B0(s37)] ^ C[20+120]; + t3 = T0[B3(s35)] ^ T1[B2(s36)] ^ T2[B1(s37)] ^ T3[B0(s34)] ^ C[21+120]; + t6 = T0[B3(s36)] ^ T1[B2(s37)] ^ T2[B1(s34)] ^ T3[B0(s35)] ^ C[22+120]; + t7 = T0[B3(s37)] ^ T1[B2(s34)] ^ T2[B1(s35)] ^ T3[B0(s36)] ^ C[23+120]; + + s30 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[24+120]; + s31 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[25+120]; + s34 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[26+120]; + s35 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[27+120] ^ ctrh; + s32 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[28+120]; + s33 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[29+120]; + s36 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[30+120]; + s37 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[31+120]; + + t0 = T0[B3(s30)] ^ T1[B2(s31)] ^ T2[B1(s32)] ^ T3[B0(s33)] ^ C[32+120]; + t1 = T0[B3(s31)] ^ T1[B2(s32)] ^ T2[B1(s33)] ^ T3[B0(s30)] ^ C[33+120]; + t4 = T0[B3(s32)] ^ T1[B2(s33)] ^ T2[B1(s30)] ^ T3[B0(s31)] ^ C[34+120]; + t5 = T0[B3(s33)] ^ T1[B2(s30)] ^ T2[B1(s31)] ^ T3[B0(s32)] ^ C[35+120] ^ ctrl; + t2 = T0[B3(s34)] ^ T1[B2(s35)] ^ T2[B1(s36)] ^ T3[B0(s37)] ^ C[36+120]; + t3 = T0[B3(s35)] ^ T1[B2(s36)] ^ T2[B1(s37)] ^ T3[B0(s34)] ^ C[37+120]; + t6 = T0[B3(s36)] ^ T1[B2(s37)] ^ T2[B1(s34)] ^ T3[B0(s35)] ^ C[38+120]; + t7 = T0[B3(s37)] ^ T1[B2(s34)] ^ T2[B1(s35)] ^ T3[B0(s36)] ^ C[39+120]; + + s70 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )]; + s71 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )]; + s74 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )]; + s75 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )]; + s72 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )]; + s73 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )]; + s76 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )]; + s77 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )]; + + /* Lane 4 */ + t0 = T0[B3(s40)] ^ T1[B2(s41)] ^ T2[B1(s42)] ^ T3[B0(s43)] ^ C[ 0+160]; + t1 = T0[B3(s41)] ^ T1[B2(s42)] ^ T2[B1(s43)] ^ T3[B0(s40)] ^ C[ 1+160]; + t4 = T0[B3(s42)] ^ T1[B2(s43)] ^ T2[B1(s40)] ^ T3[B0(s41)] ^ C[ 2+160]; + t5 = T0[B3(s43)] ^ T1[B2(s40)] ^ T2[B1(s41)] ^ T3[B0(s42)] ^ C[ 3+160] ^ ctrh; + t2 = T0[B3(s44)] ^ T1[B2(s45)] ^ T2[B1(s46)] ^ T3[B0(s47)] ^ C[ 4+160]; + t3 = T0[B3(s45)] ^ T1[B2(s46)] ^ T2[B1(s47)] ^ T3[B0(s44)] ^ C[ 5+160]; + t6 = T0[B3(s46)] ^ T1[B2(s47)] ^ T2[B1(s44)] ^ T3[B0(s45)] ^ C[ 6+160]; + t7 = T0[B3(s47)] ^ T1[B2(s44)] ^ T2[B1(s45)] ^ T3[B0(s46)] ^ C[ 7+160]; + + s40 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 8+160]; + s41 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 9+160]; + s44 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[10+160]; + s45 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[11+160] ^ ctrl; + s42 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[12+160]; + s43 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[13+160]; + s46 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[14+160]; + s47 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[15+160]; + + t0 = T0[B3(s40)] ^ T1[B2(s41)] ^ T2[B1(s42)] ^ T3[B0(s43)] ^ C[16+160]; + t1 = T0[B3(s41)] ^ T1[B2(s42)] ^ T2[B1(s43)] ^ T3[B0(s40)] ^ C[17+160]; + t4 = T0[B3(s42)] ^ T1[B2(s43)] ^ T2[B1(s40)] ^ T3[B0(s41)] ^ C[18+160]; + t5 = T0[B3(s43)] ^ T1[B2(s40)] ^ T2[B1(s41)] ^ T3[B0(s42)] ^ C[19+160] ^ ctrh; + t2 = T0[B3(s44)] ^ T1[B2(s45)] ^ T2[B1(s46)] ^ T3[B0(s47)] ^ C[20+160]; + t3 = T0[B3(s45)] ^ T1[B2(s46)] ^ T2[B1(s47)] ^ T3[B0(s44)] ^ C[21+160]; + t6 = T0[B3(s46)] ^ T1[B2(s47)] ^ T2[B1(s44)] ^ T3[B0(s45)] ^ C[22+160]; + t7 = T0[B3(s47)] ^ T1[B2(s44)] ^ T2[B1(s45)] ^ T3[B0(s46)] ^ C[23+160]; + + s40 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[24+160]; + s41 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[25+160]; + s44 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[26+160]; + s45 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[27+160] ^ ctrl; + s42 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[28+160]; + s43 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[29+160]; + s46 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[30+160]; + s47 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[31+160]; + + t0 = T0[B3(s40)] ^ T1[B2(s41)] ^ T2[B1(s42)] ^ T3[B0(s43)] ^ C[32+160]; + t1 = T0[B3(s41)] ^ T1[B2(s42)] ^ T2[B1(s43)] ^ T3[B0(s40)] ^ C[33+160]; + t4 = T0[B3(s42)] ^ T1[B2(s43)] ^ T2[B1(s40)] ^ T3[B0(s41)] ^ C[34+160]; + t5 = T0[B3(s43)] ^ T1[B2(s40)] ^ T2[B1(s41)] ^ T3[B0(s42)] ^ C[35+160] ^ ctrh; + t2 = T0[B3(s44)] ^ T1[B2(s45)] ^ T2[B1(s46)] ^ T3[B0(s47)] ^ C[36+160]; + t3 = T0[B3(s45)] ^ T1[B2(s46)] ^ T2[B1(s47)] ^ T3[B0(s44)] ^ C[37+160]; + t6 = T0[B3(s46)] ^ T1[B2(s47)] ^ T2[B1(s44)] ^ T3[B0(s45)] ^ C[38+160]; + t7 = T0[B3(s47)] ^ T1[B2(s44)] ^ T2[B1(s45)] ^ T3[B0(s46)] ^ C[39+160]; + + s70 ^= T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )]; + s71 ^= T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )]; + s74 ^= T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )]; + s75 ^= T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )]; + s72 ^= T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )]; + s73 ^= T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )]; + s76 ^= T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )]; + s77 ^= T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )]; + + /* Lane 5 */ + t0 = T0[B3(s50)] ^ T1[B2(s51)] ^ T2[B1(s52)] ^ T3[B0(s53)] ^ C[ 0+200]; + t1 = T0[B3(s51)] ^ T1[B2(s52)] ^ T2[B1(s53)] ^ T3[B0(s50)] ^ C[ 1+200]; + t4 = T0[B3(s52)] ^ T1[B2(s53)] ^ T2[B1(s50)] ^ T3[B0(s51)] ^ C[ 2+200]; + t5 = T0[B3(s53)] ^ T1[B2(s50)] ^ T2[B1(s51)] ^ T3[B0(s52)] ^ C[ 3+200] ^ ctrl; + t2 = T0[B3(s54)] ^ T1[B2(s55)] ^ T2[B1(s56)] ^ T3[B0(s57)] ^ C[ 4+200]; + t3 = T0[B3(s55)] ^ T1[B2(s56)] ^ T2[B1(s57)] ^ T3[B0(s54)] ^ C[ 5+200]; + t6 = T0[B3(s56)] ^ T1[B2(s57)] ^ T2[B1(s54)] ^ T3[B0(s55)] ^ C[ 6+200]; + t7 = T0[B3(s57)] ^ T1[B2(s54)] ^ T2[B1(s55)] ^ T3[B0(s56)] ^ C[ 7+200]; + + s50 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 8+200]; + s51 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 9+200]; + s54 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[10+200]; + s55 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[11+200] ^ ctrh; + s52 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[12+200]; + s53 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[13+200]; + s56 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[14+200]; + s57 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[15+200]; + + t0 = T0[B3(s50)] ^ T1[B2(s51)] ^ T2[B1(s52)] ^ T3[B0(s53)] ^ C[16+200]; + t1 = T0[B3(s51)] ^ T1[B2(s52)] ^ T2[B1(s53)] ^ T3[B0(s50)] ^ C[17+200]; + t4 = T0[B3(s52)] ^ T1[B2(s53)] ^ T2[B1(s50)] ^ T3[B0(s51)] ^ C[18+200]; + t5 = T0[B3(s53)] ^ T1[B2(s50)] ^ T2[B1(s51)] ^ T3[B0(s52)] ^ C[19+200] ^ ctrl; + t2 = T0[B3(s54)] ^ T1[B2(s55)] ^ T2[B1(s56)] ^ T3[B0(s57)] ^ C[20+200]; + t3 = T0[B3(s55)] ^ T1[B2(s56)] ^ T2[B1(s57)] ^ T3[B0(s54)] ^ C[21+200]; + t6 = T0[B3(s56)] ^ T1[B2(s57)] ^ T2[B1(s54)] ^ T3[B0(s55)] ^ C[22+200]; + t7 = T0[B3(s57)] ^ T1[B2(s54)] ^ T2[B1(s55)] ^ T3[B0(s56)] ^ C[23+200]; + + s50 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[24+200]; + s51 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[25+200]; + s54 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[26+200]; + s55 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[27+200] ^ ctrh; + s52 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[28+200]; + s53 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[29+200]; + s56 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[30+200]; + s57 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[31+200]; + + t0 = T0[B3(s50)] ^ T1[B2(s51)] ^ T2[B1(s52)] ^ T3[B0(s53)] ^ C[32+200]; + t1 = T0[B3(s51)] ^ T1[B2(s52)] ^ T2[B1(s53)] ^ T3[B0(s50)] ^ C[33+200]; + t4 = T0[B3(s52)] ^ T1[B2(s53)] ^ T2[B1(s50)] ^ T3[B0(s51)] ^ C[34+200]; + t5 = T0[B3(s53)] ^ T1[B2(s50)] ^ T2[B1(s51)] ^ T3[B0(s52)] ^ C[35+200] ^ ctrl; + t2 = T0[B3(s54)] ^ T1[B2(s55)] ^ T2[B1(s56)] ^ T3[B0(s57)] ^ C[36+200]; + t3 = T0[B3(s55)] ^ T1[B2(s56)] ^ T2[B1(s57)] ^ T3[B0(s54)] ^ C[37+200]; + t6 = T0[B3(s56)] ^ T1[B2(s57)] ^ T2[B1(s54)] ^ T3[B0(s55)] ^ C[38+200]; + t7 = T0[B3(s57)] ^ T1[B2(s54)] ^ T2[B1(s55)] ^ T3[B0(s56)] ^ C[39+200]; + + s70 ^= T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )]; + s71 ^= T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )]; + s74 ^= T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )]; + s75 ^= T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )]; + s72 ^= T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )]; + s73 ^= T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )]; + s76 ^= T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )]; + s77 ^= T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )]; + + /* Lane 6 */ + t0 = T0[B3(s60)] ^ T1[B2(s61)] ^ T2[B1(s62)] ^ T3[B0(s63)] ^ C[ 0+240]; + t1 = T0[B3(s61)] ^ T1[B2(s62)] ^ T2[B1(s63)] ^ T3[B0(s60)] ^ C[ 1+240]; + t4 = T0[B3(s62)] ^ T1[B2(s63)] ^ T2[B1(s60)] ^ T3[B0(s61)] ^ C[ 2+240]; + t5 = T0[B3(s63)] ^ T1[B2(s60)] ^ T2[B1(s61)] ^ T3[B0(s62)] ^ C[ 3+240] ^ ctrh; + t2 = T0[B3(s64)] ^ T1[B2(s65)] ^ T2[B1(s66)] ^ T3[B0(s67)] ^ C[ 4+240]; + t3 = T0[B3(s65)] ^ T1[B2(s66)] ^ T2[B1(s67)] ^ T3[B0(s64)] ^ C[ 5+240]; + t6 = T0[B3(s66)] ^ T1[B2(s67)] ^ T2[B1(s64)] ^ T3[B0(s65)] ^ C[ 6+240]; + t7 = T0[B3(s67)] ^ T1[B2(s64)] ^ T2[B1(s65)] ^ T3[B0(s66)] ^ C[ 7+240]; + + s60 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 8+240]; + s61 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 9+240]; + s64 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[10+240]; + s65 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[11+240] ^ ctrl; + s62 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[12+240]; + s63 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[13+240]; + s66 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[14+240]; + s67 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[15+240]; + + h[0] = T0[B3(s60)] ^ T1[B2(s61)] ^ T2[B1(s62)] ^ T3[B0(s63)]; + h[1] = T0[B3(s61)] ^ T1[B2(s62)] ^ T2[B1(s63)] ^ T3[B0(s60)]; + h[4] = T0[B3(s62)] ^ T1[B2(s63)] ^ T2[B1(s60)] ^ T3[B0(s61)]; + h[5] = T0[B3(s63)] ^ T1[B2(s60)] ^ T2[B1(s61)] ^ T3[B0(s62)]; + h[2] = T0[B3(s64)] ^ T1[B2(s65)] ^ T2[B1(s66)] ^ T3[B0(s67)]; + h[3] = T0[B3(s65)] ^ T1[B2(s66)] ^ T2[B1(s67)] ^ T3[B0(s64)]; + h[6] = T0[B3(s66)] ^ T1[B2(s67)] ^ T2[B1(s64)] ^ T3[B0(s65)]; + h[7] = T0[B3(s67)] ^ T1[B2(s64)] ^ T2[B1(s65)] ^ T3[B0(s66)]; + + /* Lane 7 */ + t0 = T0[B3(s70)] ^ T1[B2(s71)] ^ T2[B1(s72)] ^ T3[B0(s73)] ^ C[ 0+256]; + t1 = T0[B3(s71)] ^ T1[B2(s72)] ^ T2[B1(s73)] ^ T3[B0(s70)] ^ C[ 1+256]; + t4 = T0[B3(s72)] ^ T1[B2(s73)] ^ T2[B1(s70)] ^ T3[B0(s71)] ^ C[ 2+256]; + t5 = T0[B3(s73)] ^ T1[B2(s70)] ^ T2[B1(s71)] ^ T3[B0(s72)] ^ C[ 3+256] ^ ctrh; + t2 = T0[B3(s74)] ^ T1[B2(s75)] ^ T2[B1(s76)] ^ T3[B0(s77)] ^ C[ 4+256]; + t3 = T0[B3(s75)] ^ T1[B2(s76)] ^ T2[B1(s77)] ^ T3[B0(s74)] ^ C[ 5+256]; + t6 = T0[B3(s76)] ^ T1[B2(s77)] ^ T2[B1(s74)] ^ T3[B0(s75)] ^ C[ 6+256]; + t7 = T0[B3(s77)] ^ T1[B2(s74)] ^ T2[B1(s75)] ^ T3[B0(s76)] ^ C[ 7+256]; + + s70 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 8+256]; + s71 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 9+256]; + s74 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[10+256]; + s75 = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[11+256] ^ ctrl; + s72 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[12+256]; + s73 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[13+256]; + s76 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[14+256]; + s77 = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[15+256]; + + h[0] ^= T0[B3(s70)] ^ T1[B2(s71)] ^ T2[B1(s72)] ^ T3[B0(s73)]; + h[1] ^= T0[B3(s71)] ^ T1[B2(s72)] ^ T2[B1(s73)] ^ T3[B0(s70)]; + h[4] ^= T0[B3(s72)] ^ T1[B2(s73)] ^ T2[B1(s70)] ^ T3[B0(s71)]; + h[5] ^= T0[B3(s73)] ^ T1[B2(s70)] ^ T2[B1(s71)] ^ T3[B0(s72)]; + h[2] ^= T0[B3(s74)] ^ T1[B2(s75)] ^ T2[B1(s76)] ^ T3[B0(s77)]; + h[3] ^= T0[B3(s75)] ^ T1[B2(s76)] ^ T2[B1(s77)] ^ T3[B0(s74)]; + h[6] ^= T0[B3(s76)] ^ T1[B2(s77)] ^ T2[B1(s74)] ^ T3[B0(s75)]; + h[7] ^= T0[B3(s77)] ^ T1[B2(s74)] ^ T2[B1(s75)] ^ T3[B0(s76)]; +} + +void lane512_compress(const uint8_t m[128], uint32_t h[16], const uint32_t ctrh, const uint32_t ctrl) +{ + uint32_t t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, ta, tb, tc, td, te, tf; /* temp */ + uint32_t s00, s01, s02, s03, s04, s05, s06, s07, s08, s09, s0a, s0b, s0c, s0d, s0e, s0f; /* lane 0 */ + uint32_t s10, s11, s12, s13, s14, s15, s16, s17, s18, s19, s1a, s1b, s1c, s1d, s1e, s1f; /* lane 1 */ + uint32_t s20, s21, s22, s23, s24, s25, s26, s27, s28, s29, s2a, s2b, s2c, s2d, s2e, s2f; /* lane 2 */ + uint32_t s30, s31, s32, s33, s34, s35, s36, s37, s38, s39, s3a, s3b, s3c, s3d, s3e, s3f; /* lane 3 */ + uint32_t s40, s41, s42, s43, s44, s45, s46, s47, s48, s49, s4a, s4b, s4c, s4d, s4e, s4f; /* lane 4 */ + uint32_t s50, s51, s52, s53, s54, s55, s56, s57, s58, s59, s5a, s5b, s5c, s5d, s5e, s5f; /* lane 5 */ + uint32_t s60, s61, s62, s63, s64, s65, s66, s67, s68, s69, s6a, s6b, s6c, s6d, s6e, s6f; /* lane 6 */ + uint32_t s70, s71, s72, s73, s74, s75, s76, s77, s78, s79, s7a, s7b, s7c, s7d, s7e, s7f; /* lane 7 */ + + /* Message expansion */ + s30 = h[0]; + s31 = h[1]; + s32 = h[2]; + s33 = h[3]; + s34 = h[4]; + s35 = h[5]; + s36 = h[6]; + s37 = h[7]; + s38 = h[8]; + s39 = h[9]; + s3a = h[10]; + s3b = h[11]; + s3c = h[12]; + s3d = h[13]; + s3e = h[14]; + s3f = h[15]; + s40 = U8TO32_BIG(m + 0); + s41 = U8TO32_BIG(m + 4); + s42 = U8TO32_BIG(m + 8); + s43 = U8TO32_BIG(m + 12); + s44 = U8TO32_BIG(m + 16); + s45 = U8TO32_BIG(m + 20); + s46 = U8TO32_BIG(m + 24); + s47 = U8TO32_BIG(m + 28); + s48 = U8TO32_BIG(m + 32); + s49 = U8TO32_BIG(m + 36); + s4a = U8TO32_BIG(m + 40); + s4b = U8TO32_BIG(m + 44); + s4c = U8TO32_BIG(m + 48); + s4d = U8TO32_BIG(m + 52); + s4e = U8TO32_BIG(m + 56); + s4f = U8TO32_BIG(m + 60); + s50 = U8TO32_BIG(m + 64); + s51 = U8TO32_BIG(m + 68); + s52 = U8TO32_BIG(m + 72); + s53 = U8TO32_BIG(m + 76); + s54 = U8TO32_BIG(m + 80); + s55 = U8TO32_BIG(m + 84); + s56 = U8TO32_BIG(m + 88); + s57 = U8TO32_BIG(m + 92); + s58 = U8TO32_BIG(m + 96); + s59 = U8TO32_BIG(m + 100); + s5a = U8TO32_BIG(m + 104); + s5b = U8TO32_BIG(m + 108); + s5c = U8TO32_BIG(m + 112); + s5d = U8TO32_BIG(m + 116); + s5e = U8TO32_BIG(m + 120); + s5f = U8TO32_BIG(m + 124); + s00 = s30 ^ s40 ^ s48 ^ s50 ^ s58; + s01 = s31 ^ s41 ^ s49 ^ s51 ^ s59; + s02 = s32 ^ s42 ^ s4a ^ s52 ^ s5a; + s03 = s33 ^ s43 ^ s4b ^ s53 ^ s5b; + s04 = s34 ^ s44 ^ s4c ^ s54 ^ s5c; + s05 = s35 ^ s45 ^ s4d ^ s55 ^ s5d; + s06 = s36 ^ s46 ^ s4e ^ s56 ^ s5e; + s07 = s37 ^ s47 ^ s4f ^ s57 ^ s5f; + s08 = s38 ^ s40 ^ s50; + s09 = s39 ^ s41 ^ s51; + s0a = s3a ^ s42 ^ s52; + s0b = s3b ^ s43 ^ s53; + s0c = s3c ^ s44 ^ s54; + s0d = s3d ^ s45 ^ s55; + s0e = s3e ^ s46 ^ s56; + s0f = s3f ^ s47 ^ s57; + s10 = s00 ^ s38 ^ s48; + s11 = s01 ^ s39 ^ s49; + s12 = s02 ^ s3a ^ s4a; + s13 = s03 ^ s3b ^ s4b; + s14 = s04 ^ s3c ^ s4c; + s15 = s05 ^ s3d ^ s4d; + s16 = s06 ^ s3e ^ s4e; + s17 = s07 ^ s3f ^ s4f; + s18 = s30 ^ s48 ^ s50; + s19 = s31 ^ s49 ^ s51; + s1a = s32 ^ s4a ^ s52; + s1b = s33 ^ s4b ^ s53; + s1c = s34 ^ s4c ^ s54; + s1d = s35 ^ s4d ^ s55; + s1e = s36 ^ s4e ^ s56; + s1f = s37 ^ s4f ^ s57; + s20 = s00 ^ s38 ^ s58; + s21 = s01 ^ s39 ^ s59; + s22 = s02 ^ s3a ^ s5a; + s23 = s03 ^ s3b ^ s5b; + s24 = s04 ^ s3c ^ s5c; + s25 = s05 ^ s3d ^ s5d; + s26 = s06 ^ s3e ^ s5e; + s27 = s07 ^ s3f ^ s5f; + s28 = s30 ^ s40 ^ s58; + s29 = s31 ^ s41 ^ s59; + s2a = s32 ^ s42 ^ s5a; + s2b = s33 ^ s43 ^ s5b; + s2c = s34 ^ s44 ^ s5c; + s2d = s35 ^ s45 ^ s5d; + s2e = s36 ^ s46 ^ s5e; + s2f = s37 ^ s47 ^ s5f; + + /* Lane 0 */ + t0 = T0[B3(s00)] ^ T1[B2(s01)] ^ T2[B1(s02)] ^ T3[B0(s03)] ^ C[ 0]; + t4 = T0[B3(s01)] ^ T1[B2(s02)] ^ T2[B1(s03)] ^ T3[B0(s00)] ^ C[ 1]; + t8 = T0[B3(s02)] ^ T1[B2(s03)] ^ T2[B1(s00)] ^ T3[B0(s01)] ^ C[ 2]; + tc = T0[B3(s03)] ^ T1[B2(s00)] ^ T2[B1(s01)] ^ T3[B0(s02)] ^ C[ 3] ^ ctrh; + t1 = T0[B3(s04)] ^ T1[B2(s05)] ^ T2[B1(s06)] ^ T3[B0(s07)] ^ C[ 4]; + t5 = T0[B3(s05)] ^ T1[B2(s06)] ^ T2[B1(s07)] ^ T3[B0(s04)] ^ C[ 5]; + t9 = T0[B3(s06)] ^ T1[B2(s07)] ^ T2[B1(s04)] ^ T3[B0(s05)] ^ C[ 6]; + td = T0[B3(s07)] ^ T1[B2(s04)] ^ T2[B1(s05)] ^ T3[B0(s06)] ^ C[ 7]; + t2 = T0[B3(s08)] ^ T1[B2(s09)] ^ T2[B1(s0a)] ^ T3[B0(s0b)] ^ C[ 8]; + t6 = T0[B3(s09)] ^ T1[B2(s0a)] ^ T2[B1(s0b)] ^ T3[B0(s08)] ^ C[ 9]; + ta = T0[B3(s0a)] ^ T1[B2(s0b)] ^ T2[B1(s08)] ^ T3[B0(s09)] ^ C[ 10]; + te = T0[B3(s0b)] ^ T1[B2(s08)] ^ T2[B1(s09)] ^ T3[B0(s0a)] ^ C[ 11]; + t3 = T0[B3(s0c)] ^ T1[B2(s0d)] ^ T2[B1(s0e)] ^ T3[B0(s0f)] ^ C[ 12]; + t7 = T0[B3(s0d)] ^ T1[B2(s0e)] ^ T2[B1(s0f)] ^ T3[B0(s0c)] ^ C[ 13]; + tb = T0[B3(s0e)] ^ T1[B2(s0f)] ^ T2[B1(s0c)] ^ T3[B0(s0d)] ^ C[ 14]; + tf = T0[B3(s0f)] ^ T1[B2(s0c)] ^ T2[B1(s0d)] ^ T3[B0(s0e)] ^ C[ 15]; + + s00 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 16]; + s04 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 17]; + s08 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 18]; + s0c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 19] ^ ctrl; + s01 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 20]; + s05 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 21]; + s09 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 22]; + s0d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 23]; + s02 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 24]; + s06 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 25]; + s0a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 26]; + s0e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 27]; + s03 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 28]; + s07 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 29]; + s0b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 30]; + s0f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 31]; + + t0 = T0[B3(s00)] ^ T1[B2(s01)] ^ T2[B1(s02)] ^ T3[B0(s03)] ^ C[ 32]; + t4 = T0[B3(s01)] ^ T1[B2(s02)] ^ T2[B1(s03)] ^ T3[B0(s00)] ^ C[ 33]; + t8 = T0[B3(s02)] ^ T1[B2(s03)] ^ T2[B1(s00)] ^ T3[B0(s01)] ^ C[ 34]; + tc = T0[B3(s03)] ^ T1[B2(s00)] ^ T2[B1(s01)] ^ T3[B0(s02)] ^ C[ 35] ^ ctrh; + t1 = T0[B3(s04)] ^ T1[B2(s05)] ^ T2[B1(s06)] ^ T3[B0(s07)] ^ C[ 36]; + t5 = T0[B3(s05)] ^ T1[B2(s06)] ^ T2[B1(s07)] ^ T3[B0(s04)] ^ C[ 37]; + t9 = T0[B3(s06)] ^ T1[B2(s07)] ^ T2[B1(s04)] ^ T3[B0(s05)] ^ C[ 38]; + td = T0[B3(s07)] ^ T1[B2(s04)] ^ T2[B1(s05)] ^ T3[B0(s06)] ^ C[ 39]; + t2 = T0[B3(s08)] ^ T1[B2(s09)] ^ T2[B1(s0a)] ^ T3[B0(s0b)] ^ C[ 40]; + t6 = T0[B3(s09)] ^ T1[B2(s0a)] ^ T2[B1(s0b)] ^ T3[B0(s08)] ^ C[ 41]; + ta = T0[B3(s0a)] ^ T1[B2(s0b)] ^ T2[B1(s08)] ^ T3[B0(s09)] ^ C[ 42]; + te = T0[B3(s0b)] ^ T1[B2(s08)] ^ T2[B1(s09)] ^ T3[B0(s0a)] ^ C[ 43]; + t3 = T0[B3(s0c)] ^ T1[B2(s0d)] ^ T2[B1(s0e)] ^ T3[B0(s0f)] ^ C[ 44]; + t7 = T0[B3(s0d)] ^ T1[B2(s0e)] ^ T2[B1(s0f)] ^ T3[B0(s0c)] ^ C[ 45]; + tb = T0[B3(s0e)] ^ T1[B2(s0f)] ^ T2[B1(s0c)] ^ T3[B0(s0d)] ^ C[ 46]; + tf = T0[B3(s0f)] ^ T1[B2(s0c)] ^ T2[B1(s0d)] ^ T3[B0(s0e)] ^ C[ 47]; + + s00 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 48]; + s04 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 49]; + s08 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 50]; + s0c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 51] ^ ctrl; + s01 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 52]; + s05 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 53]; + s09 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 54]; + s0d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 55]; + s02 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 56]; + s06 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 57]; + s0a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 58]; + s0e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 59]; + s03 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 60]; + s07 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 61]; + s0b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 62]; + s0f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 63]; + + t0 = T0[B3(s00)] ^ T1[B2(s01)] ^ T2[B1(s02)] ^ T3[B0(s03)] ^ C[ 64]; + t4 = T0[B3(s01)] ^ T1[B2(s02)] ^ T2[B1(s03)] ^ T3[B0(s00)] ^ C[ 65]; + t8 = T0[B3(s02)] ^ T1[B2(s03)] ^ T2[B1(s00)] ^ T3[B0(s01)] ^ C[ 66]; + tc = T0[B3(s03)] ^ T1[B2(s00)] ^ T2[B1(s01)] ^ T3[B0(s02)] ^ C[ 67] ^ ctrh; + t1 = T0[B3(s04)] ^ T1[B2(s05)] ^ T2[B1(s06)] ^ T3[B0(s07)] ^ C[ 68]; + t5 = T0[B3(s05)] ^ T1[B2(s06)] ^ T2[B1(s07)] ^ T3[B0(s04)] ^ C[ 69]; + t9 = T0[B3(s06)] ^ T1[B2(s07)] ^ T2[B1(s04)] ^ T3[B0(s05)] ^ C[ 70]; + td = T0[B3(s07)] ^ T1[B2(s04)] ^ T2[B1(s05)] ^ T3[B0(s06)] ^ C[ 71]; + t2 = T0[B3(s08)] ^ T1[B2(s09)] ^ T2[B1(s0a)] ^ T3[B0(s0b)] ^ C[ 72]; + t6 = T0[B3(s09)] ^ T1[B2(s0a)] ^ T2[B1(s0b)] ^ T3[B0(s08)] ^ C[ 73]; + ta = T0[B3(s0a)] ^ T1[B2(s0b)] ^ T2[B1(s08)] ^ T3[B0(s09)] ^ C[ 74]; + te = T0[B3(s0b)] ^ T1[B2(s08)] ^ T2[B1(s09)] ^ T3[B0(s0a)] ^ C[ 75]; + t3 = T0[B3(s0c)] ^ T1[B2(s0d)] ^ T2[B1(s0e)] ^ T3[B0(s0f)] ^ C[ 76]; + t7 = T0[B3(s0d)] ^ T1[B2(s0e)] ^ T2[B1(s0f)] ^ T3[B0(s0c)] ^ C[ 77]; + tb = T0[B3(s0e)] ^ T1[B2(s0f)] ^ T2[B1(s0c)] ^ T3[B0(s0d)] ^ C[ 78]; + tf = T0[B3(s0f)] ^ T1[B2(s0c)] ^ T2[B1(s0d)] ^ T3[B0(s0e)] ^ C[ 79]; + + s00 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 80]; + s04 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 81]; + s08 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 82]; + s0c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 83] ^ ctrl; + s01 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 84]; + s05 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 85]; + s09 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 86]; + s0d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 87]; + s02 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 88]; + s06 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 89]; + s0a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 90]; + s0e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 91]; + s03 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 92]; + s07 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 93]; + s0b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 94]; + s0f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 95]; + + t0 = T0[B3(s00)] ^ T1[B2(s01)] ^ T2[B1(s02)] ^ T3[B0(s03)] ^ C[ 96]; + t4 = T0[B3(s01)] ^ T1[B2(s02)] ^ T2[B1(s03)] ^ T3[B0(s00)] ^ C[ 97]; + t8 = T0[B3(s02)] ^ T1[B2(s03)] ^ T2[B1(s00)] ^ T3[B0(s01)] ^ C[ 98]; + tc = T0[B3(s03)] ^ T1[B2(s00)] ^ T2[B1(s01)] ^ T3[B0(s02)] ^ C[ 99] ^ ctrh; + t1 = T0[B3(s04)] ^ T1[B2(s05)] ^ T2[B1(s06)] ^ T3[B0(s07)] ^ C[100]; + t5 = T0[B3(s05)] ^ T1[B2(s06)] ^ T2[B1(s07)] ^ T3[B0(s04)] ^ C[101]; + t9 = T0[B3(s06)] ^ T1[B2(s07)] ^ T2[B1(s04)] ^ T3[B0(s05)] ^ C[102]; + td = T0[B3(s07)] ^ T1[B2(s04)] ^ T2[B1(s05)] ^ T3[B0(s06)] ^ C[103]; + t2 = T0[B3(s08)] ^ T1[B2(s09)] ^ T2[B1(s0a)] ^ T3[B0(s0b)] ^ C[104]; + t6 = T0[B3(s09)] ^ T1[B2(s0a)] ^ T2[B1(s0b)] ^ T3[B0(s08)] ^ C[105]; + ta = T0[B3(s0a)] ^ T1[B2(s0b)] ^ T2[B1(s08)] ^ T3[B0(s09)] ^ C[106]; + te = T0[B3(s0b)] ^ T1[B2(s08)] ^ T2[B1(s09)] ^ T3[B0(s0a)] ^ C[107]; + t3 = T0[B3(s0c)] ^ T1[B2(s0d)] ^ T2[B1(s0e)] ^ T3[B0(s0f)] ^ C[108]; + t7 = T0[B3(s0d)] ^ T1[B2(s0e)] ^ T2[B1(s0f)] ^ T3[B0(s0c)] ^ C[109]; + tb = T0[B3(s0e)] ^ T1[B2(s0f)] ^ T2[B1(s0c)] ^ T3[B0(s0d)] ^ C[110]; + tf = T0[B3(s0f)] ^ T1[B2(s0c)] ^ T2[B1(s0d)] ^ T3[B0(s0e)] ^ C[111]; + + s60 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )]; + s64 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )]; + s68 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )]; + s6c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )]; + s61 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )]; + s65 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )]; + s69 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )]; + s6d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )]; + s62 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )]; + s66 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )]; + s6a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )]; + s6e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )]; + s63 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )]; + s67 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )]; + s6b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )]; + s6f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )]; + + /* Lane 1 */ + t0 = T0[B3(s10)] ^ T1[B2(s11)] ^ T2[B1(s12)] ^ T3[B0(s13)] ^ C[ 0+112]; + t4 = T0[B3(s11)] ^ T1[B2(s12)] ^ T2[B1(s13)] ^ T3[B0(s10)] ^ C[ 1+112]; + t8 = T0[B3(s12)] ^ T1[B2(s13)] ^ T2[B1(s10)] ^ T3[B0(s11)] ^ C[ 2+112]; + tc = T0[B3(s13)] ^ T1[B2(s10)] ^ T2[B1(s11)] ^ T3[B0(s12)] ^ C[ 3+112] ^ ctrl; + t1 = T0[B3(s14)] ^ T1[B2(s15)] ^ T2[B1(s16)] ^ T3[B0(s17)] ^ C[ 4+112]; + t5 = T0[B3(s15)] ^ T1[B2(s16)] ^ T2[B1(s17)] ^ T3[B0(s14)] ^ C[ 5+112]; + t9 = T0[B3(s16)] ^ T1[B2(s17)] ^ T2[B1(s14)] ^ T3[B0(s15)] ^ C[ 6+112]; + td = T0[B3(s17)] ^ T1[B2(s14)] ^ T2[B1(s15)] ^ T3[B0(s16)] ^ C[ 7+112]; + t2 = T0[B3(s18)] ^ T1[B2(s19)] ^ T2[B1(s1a)] ^ T3[B0(s1b)] ^ C[ 8+112]; + t6 = T0[B3(s19)] ^ T1[B2(s1a)] ^ T2[B1(s1b)] ^ T3[B0(s18)] ^ C[ 9+112]; + ta = T0[B3(s1a)] ^ T1[B2(s1b)] ^ T2[B1(s18)] ^ T3[B0(s19)] ^ C[ 10+112]; + te = T0[B3(s1b)] ^ T1[B2(s18)] ^ T2[B1(s19)] ^ T3[B0(s1a)] ^ C[ 11+112]; + t3 = T0[B3(s1c)] ^ T1[B2(s1d)] ^ T2[B1(s1e)] ^ T3[B0(s1f)] ^ C[ 12+112]; + t7 = T0[B3(s1d)] ^ T1[B2(s1e)] ^ T2[B1(s1f)] ^ T3[B0(s1c)] ^ C[ 13+112]; + tb = T0[B3(s1e)] ^ T1[B2(s1f)] ^ T2[B1(s1c)] ^ T3[B0(s1d)] ^ C[ 14+112]; + tf = T0[B3(s1f)] ^ T1[B2(s1c)] ^ T2[B1(s1d)] ^ T3[B0(s1e)] ^ C[ 15+112]; + + s10 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 16+112]; + s14 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 17+112]; + s18 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 18+112]; + s1c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 19+112] ^ ctrh; + s11 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 20+112]; + s15 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 21+112]; + s19 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 22+112]; + s1d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 23+112]; + s12 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 24+112]; + s16 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 25+112]; + s1a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 26+112]; + s1e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 27+112]; + s13 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 28+112]; + s17 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 29+112]; + s1b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 30+112]; + s1f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 31+112]; + + t0 = T0[B3(s10)] ^ T1[B2(s11)] ^ T2[B1(s12)] ^ T3[B0(s13)] ^ C[ 32+112]; + t4 = T0[B3(s11)] ^ T1[B2(s12)] ^ T2[B1(s13)] ^ T3[B0(s10)] ^ C[ 33+112]; + t8 = T0[B3(s12)] ^ T1[B2(s13)] ^ T2[B1(s10)] ^ T3[B0(s11)] ^ C[ 34+112]; + tc = T0[B3(s13)] ^ T1[B2(s10)] ^ T2[B1(s11)] ^ T3[B0(s12)] ^ C[ 35+112] ^ ctrl; + t1 = T0[B3(s14)] ^ T1[B2(s15)] ^ T2[B1(s16)] ^ T3[B0(s17)] ^ C[ 36+112]; + t5 = T0[B3(s15)] ^ T1[B2(s16)] ^ T2[B1(s17)] ^ T3[B0(s14)] ^ C[ 37+112]; + t9 = T0[B3(s16)] ^ T1[B2(s17)] ^ T2[B1(s14)] ^ T3[B0(s15)] ^ C[ 38+112]; + td = T0[B3(s17)] ^ T1[B2(s14)] ^ T2[B1(s15)] ^ T3[B0(s16)] ^ C[ 39+112]; + t2 = T0[B3(s18)] ^ T1[B2(s19)] ^ T2[B1(s1a)] ^ T3[B0(s1b)] ^ C[ 40+112]; + t6 = T0[B3(s19)] ^ T1[B2(s1a)] ^ T2[B1(s1b)] ^ T3[B0(s18)] ^ C[ 41+112]; + ta = T0[B3(s1a)] ^ T1[B2(s1b)] ^ T2[B1(s18)] ^ T3[B0(s19)] ^ C[ 42+112]; + te = T0[B3(s1b)] ^ T1[B2(s18)] ^ T2[B1(s19)] ^ T3[B0(s1a)] ^ C[ 43+112]; + t3 = T0[B3(s1c)] ^ T1[B2(s1d)] ^ T2[B1(s1e)] ^ T3[B0(s1f)] ^ C[ 44+112]; + t7 = T0[B3(s1d)] ^ T1[B2(s1e)] ^ T2[B1(s1f)] ^ T3[B0(s1c)] ^ C[ 45+112]; + tb = T0[B3(s1e)] ^ T1[B2(s1f)] ^ T2[B1(s1c)] ^ T3[B0(s1d)] ^ C[ 46+112]; + tf = T0[B3(s1f)] ^ T1[B2(s1c)] ^ T2[B1(s1d)] ^ T3[B0(s1e)] ^ C[ 47+112]; + + s10 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 48+112]; + s14 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 49+112]; + s18 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 50+112]; + s1c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 51+112] ^ ctrh; + s11 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 52+112]; + s15 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 53+112]; + s19 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 54+112]; + s1d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 55+112]; + s12 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 56+112]; + s16 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 57+112]; + s1a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 58+112]; + s1e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 59+112]; + s13 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 60+112]; + s17 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 61+112]; + s1b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 62+112]; + s1f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 63+112]; + + t0 = T0[B3(s10)] ^ T1[B2(s11)] ^ T2[B1(s12)] ^ T3[B0(s13)] ^ C[ 64+112]; + t4 = T0[B3(s11)] ^ T1[B2(s12)] ^ T2[B1(s13)] ^ T3[B0(s10)] ^ C[ 65+112]; + t8 = T0[B3(s12)] ^ T1[B2(s13)] ^ T2[B1(s10)] ^ T3[B0(s11)] ^ C[ 66+112]; + tc = T0[B3(s13)] ^ T1[B2(s10)] ^ T2[B1(s11)] ^ T3[B0(s12)] ^ C[ 67+112] ^ ctrl; + t1 = T0[B3(s14)] ^ T1[B2(s15)] ^ T2[B1(s16)] ^ T3[B0(s17)] ^ C[ 68+112]; + t5 = T0[B3(s15)] ^ T1[B2(s16)] ^ T2[B1(s17)] ^ T3[B0(s14)] ^ C[ 69+112]; + t9 = T0[B3(s16)] ^ T1[B2(s17)] ^ T2[B1(s14)] ^ T3[B0(s15)] ^ C[ 70+112]; + td = T0[B3(s17)] ^ T1[B2(s14)] ^ T2[B1(s15)] ^ T3[B0(s16)] ^ C[ 71+112]; + t2 = T0[B3(s18)] ^ T1[B2(s19)] ^ T2[B1(s1a)] ^ T3[B0(s1b)] ^ C[ 72+112]; + t6 = T0[B3(s19)] ^ T1[B2(s1a)] ^ T2[B1(s1b)] ^ T3[B0(s18)] ^ C[ 73+112]; + ta = T0[B3(s1a)] ^ T1[B2(s1b)] ^ T2[B1(s18)] ^ T3[B0(s19)] ^ C[ 74+112]; + te = T0[B3(s1b)] ^ T1[B2(s18)] ^ T2[B1(s19)] ^ T3[B0(s1a)] ^ C[ 75+112]; + t3 = T0[B3(s1c)] ^ T1[B2(s1d)] ^ T2[B1(s1e)] ^ T3[B0(s1f)] ^ C[ 76+112]; + t7 = T0[B3(s1d)] ^ T1[B2(s1e)] ^ T2[B1(s1f)] ^ T3[B0(s1c)] ^ C[ 77+112]; + tb = T0[B3(s1e)] ^ T1[B2(s1f)] ^ T2[B1(s1c)] ^ T3[B0(s1d)] ^ C[ 78+112]; + tf = T0[B3(s1f)] ^ T1[B2(s1c)] ^ T2[B1(s1d)] ^ T3[B0(s1e)] ^ C[ 79+112]; + + s10 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 80+112]; + s14 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 81+112]; + s18 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 82+112]; + s1c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 83+112] ^ ctrh; + s11 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 84+112]; + s15 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 85+112]; + s19 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 86+112]; + s1d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 87+112]; + s12 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 88+112]; + s16 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 89+112]; + s1a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 90+112]; + s1e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 91+112]; + s13 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 92+112]; + s17 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 93+112]; + s1b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 94+112]; + s1f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 95+112]; + + t0 = T0[B3(s10)] ^ T1[B2(s11)] ^ T2[B1(s12)] ^ T3[B0(s13)] ^ C[ 96+112]; + t4 = T0[B3(s11)] ^ T1[B2(s12)] ^ T2[B1(s13)] ^ T3[B0(s10)] ^ C[ 97+112]; + t8 = T0[B3(s12)] ^ T1[B2(s13)] ^ T2[B1(s10)] ^ T3[B0(s11)] ^ C[ 98+112]; + tc = T0[B3(s13)] ^ T1[B2(s10)] ^ T2[B1(s11)] ^ T3[B0(s12)] ^ C[ 99+112] ^ ctrl; + t1 = T0[B3(s14)] ^ T1[B2(s15)] ^ T2[B1(s16)] ^ T3[B0(s17)] ^ C[100+112]; + t5 = T0[B3(s15)] ^ T1[B2(s16)] ^ T2[B1(s17)] ^ T3[B0(s14)] ^ C[101+112]; + t9 = T0[B3(s16)] ^ T1[B2(s17)] ^ T2[B1(s14)] ^ T3[B0(s15)] ^ C[102+112]; + td = T0[B3(s17)] ^ T1[B2(s14)] ^ T2[B1(s15)] ^ T3[B0(s16)] ^ C[103+112]; + t2 = T0[B3(s18)] ^ T1[B2(s19)] ^ T2[B1(s1a)] ^ T3[B0(s1b)] ^ C[104+112]; + t6 = T0[B3(s19)] ^ T1[B2(s1a)] ^ T2[B1(s1b)] ^ T3[B0(s18)] ^ C[105+112]; + ta = T0[B3(s1a)] ^ T1[B2(s1b)] ^ T2[B1(s18)] ^ T3[B0(s19)] ^ C[106+112]; + te = T0[B3(s1b)] ^ T1[B2(s18)] ^ T2[B1(s19)] ^ T3[B0(s1a)] ^ C[107+112]; + t3 = T0[B3(s1c)] ^ T1[B2(s1d)] ^ T2[B1(s1e)] ^ T3[B0(s1f)] ^ C[108+112]; + t7 = T0[B3(s1d)] ^ T1[B2(s1e)] ^ T2[B1(s1f)] ^ T3[B0(s1c)] ^ C[109+112]; + tb = T0[B3(s1e)] ^ T1[B2(s1f)] ^ T2[B1(s1c)] ^ T3[B0(s1d)] ^ C[110+112]; + tf = T0[B3(s1f)] ^ T1[B2(s1c)] ^ T2[B1(s1d)] ^ T3[B0(s1e)] ^ C[111+112]; + + s60 ^= T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )]; + s64 ^= T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )]; + s68 ^= T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )]; + s6c ^= T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )]; + s61 ^= T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )]; + s65 ^= T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )]; + s69 ^= T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )]; + s6d ^= T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )]; + s62 ^= T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )]; + s66 ^= T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )]; + s6a ^= T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )]; + s6e ^= T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )]; + s63 ^= T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )]; + s67 ^= T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )]; + s6b ^= T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )]; + s6f ^= T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )]; + + /* Lane 2 */ + t0 = T0[B3(s20)] ^ T1[B2(s21)] ^ T2[B1(s22)] ^ T3[B0(s23)] ^ C[ 0+224]; + t4 = T0[B3(s21)] ^ T1[B2(s22)] ^ T2[B1(s23)] ^ T3[B0(s20)] ^ C[ 1+224]; + t8 = T0[B3(s22)] ^ T1[B2(s23)] ^ T2[B1(s20)] ^ T3[B0(s21)] ^ C[ 2+224]; + tc = T0[B3(s23)] ^ T1[B2(s20)] ^ T2[B1(s21)] ^ T3[B0(s22)] ^ C[ 3+224] ^ ctrh; + t1 = T0[B3(s24)] ^ T1[B2(s25)] ^ T2[B1(s26)] ^ T3[B0(s27)] ^ C[ 4+224]; + t5 = T0[B3(s25)] ^ T1[B2(s26)] ^ T2[B1(s27)] ^ T3[B0(s24)] ^ C[ 5+224]; + t9 = T0[B3(s26)] ^ T1[B2(s27)] ^ T2[B1(s24)] ^ T3[B0(s25)] ^ C[ 6+224]; + td = T0[B3(s27)] ^ T1[B2(s24)] ^ T2[B1(s25)] ^ T3[B0(s26)] ^ C[ 7+224]; + t2 = T0[B3(s28)] ^ T1[B2(s29)] ^ T2[B1(s2a)] ^ T3[B0(s2b)] ^ C[ 8+224]; + t6 = T0[B3(s29)] ^ T1[B2(s2a)] ^ T2[B1(s2b)] ^ T3[B0(s28)] ^ C[ 9+224]; + ta = T0[B3(s2a)] ^ T1[B2(s2b)] ^ T2[B1(s28)] ^ T3[B0(s29)] ^ C[ 10+224]; + te = T0[B3(s2b)] ^ T1[B2(s28)] ^ T2[B1(s29)] ^ T3[B0(s2a)] ^ C[ 11+224]; + t3 = T0[B3(s2c)] ^ T1[B2(s2d)] ^ T2[B1(s2e)] ^ T3[B0(s2f)] ^ C[ 12+224]; + t7 = T0[B3(s2d)] ^ T1[B2(s2e)] ^ T2[B1(s2f)] ^ T3[B0(s2c)] ^ C[ 13+224]; + tb = T0[B3(s2e)] ^ T1[B2(s2f)] ^ T2[B1(s2c)] ^ T3[B0(s2d)] ^ C[ 14+224]; + tf = T0[B3(s2f)] ^ T1[B2(s2c)] ^ T2[B1(s2d)] ^ T3[B0(s2e)] ^ C[ 15+224]; + + s20 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 16+224]; + s24 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 17+224]; + s28 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 18+224]; + s2c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 19+224] ^ ctrl; + s21 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 20+224]; + s25 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 21+224]; + s29 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 22+224]; + s2d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 23+224]; + s22 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 24+224]; + s26 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 25+224]; + s2a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 26+224]; + s2e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 27+224]; + s23 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 28+224]; + s27 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 29+224]; + s2b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 30+224]; + s2f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 31+224]; + + t0 = T0[B3(s20)] ^ T1[B2(s21)] ^ T2[B1(s22)] ^ T3[B0(s23)] ^ C[ 32+224]; + t4 = T0[B3(s21)] ^ T1[B2(s22)] ^ T2[B1(s23)] ^ T3[B0(s20)] ^ C[ 33+224]; + t8 = T0[B3(s22)] ^ T1[B2(s23)] ^ T2[B1(s20)] ^ T3[B0(s21)] ^ C[ 34+224]; + tc = T0[B3(s23)] ^ T1[B2(s20)] ^ T2[B1(s21)] ^ T3[B0(s22)] ^ C[ 35+224] ^ ctrh; + t1 = T0[B3(s24)] ^ T1[B2(s25)] ^ T2[B1(s26)] ^ T3[B0(s27)] ^ C[ 36+224]; + t5 = T0[B3(s25)] ^ T1[B2(s26)] ^ T2[B1(s27)] ^ T3[B0(s24)] ^ C[ 37+224]; + t9 = T0[B3(s26)] ^ T1[B2(s27)] ^ T2[B1(s24)] ^ T3[B0(s25)] ^ C[ 38+224]; + td = T0[B3(s27)] ^ T1[B2(s24)] ^ T2[B1(s25)] ^ T3[B0(s26)] ^ C[ 39+224]; + t2 = T0[B3(s28)] ^ T1[B2(s29)] ^ T2[B1(s2a)] ^ T3[B0(s2b)] ^ C[ 40+224]; + t6 = T0[B3(s29)] ^ T1[B2(s2a)] ^ T2[B1(s2b)] ^ T3[B0(s28)] ^ C[ 41+224]; + ta = T0[B3(s2a)] ^ T1[B2(s2b)] ^ T2[B1(s28)] ^ T3[B0(s29)] ^ C[ 42+224]; + te = T0[B3(s2b)] ^ T1[B2(s28)] ^ T2[B1(s29)] ^ T3[B0(s2a)] ^ C[ 43+224]; + t3 = T0[B3(s2c)] ^ T1[B2(s2d)] ^ T2[B1(s2e)] ^ T3[B0(s2f)] ^ C[ 44+224]; + t7 = T0[B3(s2d)] ^ T1[B2(s2e)] ^ T2[B1(s2f)] ^ T3[B0(s2c)] ^ C[ 45+224]; + tb = T0[B3(s2e)] ^ T1[B2(s2f)] ^ T2[B1(s2c)] ^ T3[B0(s2d)] ^ C[ 46+224]; + tf = T0[B3(s2f)] ^ T1[B2(s2c)] ^ T2[B1(s2d)] ^ T3[B0(s2e)] ^ C[ 47+224]; + + s20 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 48+224]; + s24 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 49+224]; + s28 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 50+224]; + s2c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 51+224] ^ ctrl; + s21 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 52+224]; + s25 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 53+224]; + s29 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 54+224]; + s2d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 55+224]; + s22 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 56+224]; + s26 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 57+224]; + s2a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 58+224]; + s2e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 59+224]; + s23 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 60+224]; + s27 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 61+224]; + s2b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 62+224]; + s2f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 63+224]; + + t0 = T0[B3(s20)] ^ T1[B2(s21)] ^ T2[B1(s22)] ^ T3[B0(s23)] ^ C[ 64+224]; + t4 = T0[B3(s21)] ^ T1[B2(s22)] ^ T2[B1(s23)] ^ T3[B0(s20)] ^ C[ 65+224]; + t8 = T0[B3(s22)] ^ T1[B2(s23)] ^ T2[B1(s20)] ^ T3[B0(s21)] ^ C[ 66+224]; + tc = T0[B3(s23)] ^ T1[B2(s20)] ^ T2[B1(s21)] ^ T3[B0(s22)] ^ C[ 67+224] ^ ctrh; + t1 = T0[B3(s24)] ^ T1[B2(s25)] ^ T2[B1(s26)] ^ T3[B0(s27)] ^ C[ 68+224]; + t5 = T0[B3(s25)] ^ T1[B2(s26)] ^ T2[B1(s27)] ^ T3[B0(s24)] ^ C[ 69+224]; + t9 = T0[B3(s26)] ^ T1[B2(s27)] ^ T2[B1(s24)] ^ T3[B0(s25)] ^ C[ 70+224]; + td = T0[B3(s27)] ^ T1[B2(s24)] ^ T2[B1(s25)] ^ T3[B0(s26)] ^ C[ 71+224]; + t2 = T0[B3(s28)] ^ T1[B2(s29)] ^ T2[B1(s2a)] ^ T3[B0(s2b)] ^ C[ 72+224]; + t6 = T0[B3(s29)] ^ T1[B2(s2a)] ^ T2[B1(s2b)] ^ T3[B0(s28)] ^ C[ 73+224]; + ta = T0[B3(s2a)] ^ T1[B2(s2b)] ^ T2[B1(s28)] ^ T3[B0(s29)] ^ C[ 74+224]; + te = T0[B3(s2b)] ^ T1[B2(s28)] ^ T2[B1(s29)] ^ T3[B0(s2a)] ^ C[ 75+224]; + t3 = T0[B3(s2c)] ^ T1[B2(s2d)] ^ T2[B1(s2e)] ^ T3[B0(s2f)] ^ C[ 76+224]; + t7 = T0[B3(s2d)] ^ T1[B2(s2e)] ^ T2[B1(s2f)] ^ T3[B0(s2c)] ^ C[ 77+224]; + tb = T0[B3(s2e)] ^ T1[B2(s2f)] ^ T2[B1(s2c)] ^ T3[B0(s2d)] ^ C[ 78+224]; + tf = T0[B3(s2f)] ^ T1[B2(s2c)] ^ T2[B1(s2d)] ^ T3[B0(s2e)] ^ C[ 79+224]; + + s20 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 80+224]; + s24 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 81+224]; + s28 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 82+224]; + s2c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 83+224] ^ ctrl; + s21 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 84+224]; + s25 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 85+224]; + s29 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 86+224]; + s2d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 87+224]; + s22 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 88+224]; + s26 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 89+224]; + s2a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 90+224]; + s2e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 91+224]; + s23 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 92+224]; + s27 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 93+224]; + s2b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 94+224]; + s2f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 95+224]; + + t0 = T0[B3(s20)] ^ T1[B2(s21)] ^ T2[B1(s22)] ^ T3[B0(s23)] ^ C[ 96+224]; + t4 = T0[B3(s21)] ^ T1[B2(s22)] ^ T2[B1(s23)] ^ T3[B0(s20)] ^ C[ 97+224]; + t8 = T0[B3(s22)] ^ T1[B2(s23)] ^ T2[B1(s20)] ^ T3[B0(s21)] ^ C[ 98+224]; + tc = T0[B3(s23)] ^ T1[B2(s20)] ^ T2[B1(s21)] ^ T3[B0(s22)] ^ C[ 99+224] ^ ctrh; + t1 = T0[B3(s24)] ^ T1[B2(s25)] ^ T2[B1(s26)] ^ T3[B0(s27)] ^ C[100+224]; + t5 = T0[B3(s25)] ^ T1[B2(s26)] ^ T2[B1(s27)] ^ T3[B0(s24)] ^ C[101+224]; + t9 = T0[B3(s26)] ^ T1[B2(s27)] ^ T2[B1(s24)] ^ T3[B0(s25)] ^ C[102+224]; + td = T0[B3(s27)] ^ T1[B2(s24)] ^ T2[B1(s25)] ^ T3[B0(s26)] ^ C[103+224]; + t2 = T0[B3(s28)] ^ T1[B2(s29)] ^ T2[B1(s2a)] ^ T3[B0(s2b)] ^ C[104+224]; + t6 = T0[B3(s29)] ^ T1[B2(s2a)] ^ T2[B1(s2b)] ^ T3[B0(s28)] ^ C[105+224]; + ta = T0[B3(s2a)] ^ T1[B2(s2b)] ^ T2[B1(s28)] ^ T3[B0(s29)] ^ C[106+224]; + te = T0[B3(s2b)] ^ T1[B2(s28)] ^ T2[B1(s29)] ^ T3[B0(s2a)] ^ C[107+224]; + t3 = T0[B3(s2c)] ^ T1[B2(s2d)] ^ T2[B1(s2e)] ^ T3[B0(s2f)] ^ C[108+224]; + t7 = T0[B3(s2d)] ^ T1[B2(s2e)] ^ T2[B1(s2f)] ^ T3[B0(s2c)] ^ C[109+224]; + tb = T0[B3(s2e)] ^ T1[B2(s2f)] ^ T2[B1(s2c)] ^ T3[B0(s2d)] ^ C[110+224]; + tf = T0[B3(s2f)] ^ T1[B2(s2c)] ^ T2[B1(s2d)] ^ T3[B0(s2e)] ^ C[111+224]; + + s60 ^= T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )]; + s64 ^= T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )]; + s68 ^= T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )]; + s6c ^= T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )]; + s61 ^= T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )]; + s65 ^= T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )]; + s69 ^= T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )]; + s6d ^= T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )]; + s62 ^= T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )]; + s66 ^= T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )]; + s6a ^= T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )]; + s6e ^= T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )]; + s63 ^= T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )]; + s67 ^= T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )]; + s6b ^= T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )]; + s6f ^= T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )]; + + /* Lane 3 */ + t0 = T0[B3(s30)] ^ T1[B2(s31)] ^ T2[B1(s32)] ^ T3[B0(s33)] ^ C[ 0+336]; + t4 = T0[B3(s31)] ^ T1[B2(s32)] ^ T2[B1(s33)] ^ T3[B0(s30)] ^ C[ 1+336]; + t8 = T0[B3(s32)] ^ T1[B2(s33)] ^ T2[B1(s30)] ^ T3[B0(s31)] ^ C[ 2+336]; + tc = T0[B3(s33)] ^ T1[B2(s30)] ^ T2[B1(s31)] ^ T3[B0(s32)] ^ C[ 3+336] ^ ctrl; + t1 = T0[B3(s34)] ^ T1[B2(s35)] ^ T2[B1(s36)] ^ T3[B0(s37)] ^ C[ 4+336]; + t5 = T0[B3(s35)] ^ T1[B2(s36)] ^ T2[B1(s37)] ^ T3[B0(s34)] ^ C[ 5+336]; + t9 = T0[B3(s36)] ^ T1[B2(s37)] ^ T2[B1(s34)] ^ T3[B0(s35)] ^ C[ 6+336]; + td = T0[B3(s37)] ^ T1[B2(s34)] ^ T2[B1(s35)] ^ T3[B0(s36)] ^ C[ 7+336]; + t2 = T0[B3(s38)] ^ T1[B2(s39)] ^ T2[B1(s3a)] ^ T3[B0(s3b)] ^ C[ 8+336]; + t6 = T0[B3(s39)] ^ T1[B2(s3a)] ^ T2[B1(s3b)] ^ T3[B0(s38)] ^ C[ 9+336]; + ta = T0[B3(s3a)] ^ T1[B2(s3b)] ^ T2[B1(s38)] ^ T3[B0(s39)] ^ C[ 10+336]; + te = T0[B3(s3b)] ^ T1[B2(s38)] ^ T2[B1(s39)] ^ T3[B0(s3a)] ^ C[ 11+336]; + t3 = T0[B3(s3c)] ^ T1[B2(s3d)] ^ T2[B1(s3e)] ^ T3[B0(s3f)] ^ C[ 12+336]; + t7 = T0[B3(s3d)] ^ T1[B2(s3e)] ^ T2[B1(s3f)] ^ T3[B0(s3c)] ^ C[ 13+336]; + tb = T0[B3(s3e)] ^ T1[B2(s3f)] ^ T2[B1(s3c)] ^ T3[B0(s3d)] ^ C[ 14+336]; + tf = T0[B3(s3f)] ^ T1[B2(s3c)] ^ T2[B1(s3d)] ^ T3[B0(s3e)] ^ C[ 15+336]; + + s30 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 16+336]; + s34 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 17+336]; + s38 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 18+336]; + s3c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 19+336] ^ ctrh; + s31 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 20+336]; + s35 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 21+336]; + s39 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 22+336]; + s3d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 23+336]; + s32 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 24+336]; + s36 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 25+336]; + s3a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 26+336]; + s3e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 27+336]; + s33 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 28+336]; + s37 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 29+336]; + s3b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 30+336]; + s3f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 31+336]; + + t0 = T0[B3(s30)] ^ T1[B2(s31)] ^ T2[B1(s32)] ^ T3[B0(s33)] ^ C[ 32+336]; + t4 = T0[B3(s31)] ^ T1[B2(s32)] ^ T2[B1(s33)] ^ T3[B0(s30)] ^ C[ 33+336]; + t8 = T0[B3(s32)] ^ T1[B2(s33)] ^ T2[B1(s30)] ^ T3[B0(s31)] ^ C[ 34+336]; + tc = T0[B3(s33)] ^ T1[B2(s30)] ^ T2[B1(s31)] ^ T3[B0(s32)] ^ C[ 35+336] ^ ctrl; + t1 = T0[B3(s34)] ^ T1[B2(s35)] ^ T2[B1(s36)] ^ T3[B0(s37)] ^ C[ 36+336]; + t5 = T0[B3(s35)] ^ T1[B2(s36)] ^ T2[B1(s37)] ^ T3[B0(s34)] ^ C[ 37+336]; + t9 = T0[B3(s36)] ^ T1[B2(s37)] ^ T2[B1(s34)] ^ T3[B0(s35)] ^ C[ 38+336]; + td = T0[B3(s37)] ^ T1[B2(s34)] ^ T2[B1(s35)] ^ T3[B0(s36)] ^ C[ 39+336]; + t2 = T0[B3(s38)] ^ T1[B2(s39)] ^ T2[B1(s3a)] ^ T3[B0(s3b)] ^ C[ 40+336]; + t6 = T0[B3(s39)] ^ T1[B2(s3a)] ^ T2[B1(s3b)] ^ T3[B0(s38)] ^ C[ 41+336]; + ta = T0[B3(s3a)] ^ T1[B2(s3b)] ^ T2[B1(s38)] ^ T3[B0(s39)] ^ C[ 42+336]; + te = T0[B3(s3b)] ^ T1[B2(s38)] ^ T2[B1(s39)] ^ T3[B0(s3a)] ^ C[ 43+336]; + t3 = T0[B3(s3c)] ^ T1[B2(s3d)] ^ T2[B1(s3e)] ^ T3[B0(s3f)] ^ C[ 44+336]; + t7 = T0[B3(s3d)] ^ T1[B2(s3e)] ^ T2[B1(s3f)] ^ T3[B0(s3c)] ^ C[ 45+336]; + tb = T0[B3(s3e)] ^ T1[B2(s3f)] ^ T2[B1(s3c)] ^ T3[B0(s3d)] ^ C[ 46+336]; + tf = T0[B3(s3f)] ^ T1[B2(s3c)] ^ T2[B1(s3d)] ^ T3[B0(s3e)] ^ C[ 47+336]; + + s30 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 48+336]; + s34 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 49+336]; + s38 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 50+336]; + s3c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 51+336] ^ ctrh; + s31 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 52+336]; + s35 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 53+336]; + s39 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 54+336]; + s3d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 55+336]; + s32 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 56+336]; + s36 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 57+336]; + s3a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 58+336]; + s3e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 59+336]; + s33 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 60+336]; + s37 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 61+336]; + s3b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 62+336]; + s3f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 63+336]; + + t0 = T0[B3(s30)] ^ T1[B2(s31)] ^ T2[B1(s32)] ^ T3[B0(s33)] ^ C[ 64+336]; + t4 = T0[B3(s31)] ^ T1[B2(s32)] ^ T2[B1(s33)] ^ T3[B0(s30)] ^ C[ 65+336]; + t8 = T0[B3(s32)] ^ T1[B2(s33)] ^ T2[B1(s30)] ^ T3[B0(s31)] ^ C[ 66+336]; + tc = T0[B3(s33)] ^ T1[B2(s30)] ^ T2[B1(s31)] ^ T3[B0(s32)] ^ C[ 67+336] ^ ctrl; + t1 = T0[B3(s34)] ^ T1[B2(s35)] ^ T2[B1(s36)] ^ T3[B0(s37)] ^ C[ 68+336]; + t5 = T0[B3(s35)] ^ T1[B2(s36)] ^ T2[B1(s37)] ^ T3[B0(s34)] ^ C[ 69+336]; + t9 = T0[B3(s36)] ^ T1[B2(s37)] ^ T2[B1(s34)] ^ T3[B0(s35)] ^ C[ 70+336]; + td = T0[B3(s37)] ^ T1[B2(s34)] ^ T2[B1(s35)] ^ T3[B0(s36)] ^ C[ 71+336]; + t2 = T0[B3(s38)] ^ T1[B2(s39)] ^ T2[B1(s3a)] ^ T3[B0(s3b)] ^ C[ 72+336]; + t6 = T0[B3(s39)] ^ T1[B2(s3a)] ^ T2[B1(s3b)] ^ T3[B0(s38)] ^ C[ 73+336]; + ta = T0[B3(s3a)] ^ T1[B2(s3b)] ^ T2[B1(s38)] ^ T3[B0(s39)] ^ C[ 74+336]; + te = T0[B3(s3b)] ^ T1[B2(s38)] ^ T2[B1(s39)] ^ T3[B0(s3a)] ^ C[ 75+336]; + t3 = T0[B3(s3c)] ^ T1[B2(s3d)] ^ T2[B1(s3e)] ^ T3[B0(s3f)] ^ C[ 76+336]; + t7 = T0[B3(s3d)] ^ T1[B2(s3e)] ^ T2[B1(s3f)] ^ T3[B0(s3c)] ^ C[ 77+336]; + tb = T0[B3(s3e)] ^ T1[B2(s3f)] ^ T2[B1(s3c)] ^ T3[B0(s3d)] ^ C[ 78+336]; + tf = T0[B3(s3f)] ^ T1[B2(s3c)] ^ T2[B1(s3d)] ^ T3[B0(s3e)] ^ C[ 79+336]; + + s30 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 80+336]; + s34 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 81+336]; + s38 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 82+336]; + s3c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 83+336] ^ ctrh; + s31 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 84+336]; + s35 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 85+336]; + s39 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 86+336]; + s3d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 87+336]; + s32 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 88+336]; + s36 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 89+336]; + s3a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 90+336]; + s3e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 91+336]; + s33 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 92+336]; + s37 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 93+336]; + s3b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 94+336]; + s3f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 95+336]; + + t0 = T0[B3(s30)] ^ T1[B2(s31)] ^ T2[B1(s32)] ^ T3[B0(s33)] ^ C[ 96+336]; + t4 = T0[B3(s31)] ^ T1[B2(s32)] ^ T2[B1(s33)] ^ T3[B0(s30)] ^ C[ 97+336]; + t8 = T0[B3(s32)] ^ T1[B2(s33)] ^ T2[B1(s30)] ^ T3[B0(s31)] ^ C[ 98+336]; + tc = T0[B3(s33)] ^ T1[B2(s30)] ^ T2[B1(s31)] ^ T3[B0(s32)] ^ C[ 99+336] ^ ctrl; + t1 = T0[B3(s34)] ^ T1[B2(s35)] ^ T2[B1(s36)] ^ T3[B0(s37)] ^ C[100+336]; + t5 = T0[B3(s35)] ^ T1[B2(s36)] ^ T2[B1(s37)] ^ T3[B0(s34)] ^ C[101+336]; + t9 = T0[B3(s36)] ^ T1[B2(s37)] ^ T2[B1(s34)] ^ T3[B0(s35)] ^ C[102+336]; + td = T0[B3(s37)] ^ T1[B2(s34)] ^ T2[B1(s35)] ^ T3[B0(s36)] ^ C[103+336]; + t2 = T0[B3(s38)] ^ T1[B2(s39)] ^ T2[B1(s3a)] ^ T3[B0(s3b)] ^ C[104+336]; + t6 = T0[B3(s39)] ^ T1[B2(s3a)] ^ T2[B1(s3b)] ^ T3[B0(s38)] ^ C[105+336]; + ta = T0[B3(s3a)] ^ T1[B2(s3b)] ^ T2[B1(s38)] ^ T3[B0(s39)] ^ C[106+336]; + te = T0[B3(s3b)] ^ T1[B2(s38)] ^ T2[B1(s39)] ^ T3[B0(s3a)] ^ C[107+336]; + t3 = T0[B3(s3c)] ^ T1[B2(s3d)] ^ T2[B1(s3e)] ^ T3[B0(s3f)] ^ C[108+336]; + t7 = T0[B3(s3d)] ^ T1[B2(s3e)] ^ T2[B1(s3f)] ^ T3[B0(s3c)] ^ C[109+336]; + tb = T0[B3(s3e)] ^ T1[B2(s3f)] ^ T2[B1(s3c)] ^ T3[B0(s3d)] ^ C[110+336]; + tf = T0[B3(s3f)] ^ T1[B2(s3c)] ^ T2[B1(s3d)] ^ T3[B0(s3e)] ^ C[111+336]; + + s70 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )]; + s74 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )]; + s78 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )]; + s7c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )]; + s71 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )]; + s75 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )]; + s79 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )]; + s7d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )]; + s72 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )]; + s76 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )]; + s7a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )]; + s7e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )]; + s73 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )]; + s77 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )]; + s7b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )]; + s7f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )]; + + /* Lane 4 */ + t0 = T0[B3(s40)] ^ T1[B2(s41)] ^ T2[B1(s42)] ^ T3[B0(s43)] ^ C[ 0+448]; + t4 = T0[B3(s41)] ^ T1[B2(s42)] ^ T2[B1(s43)] ^ T3[B0(s40)] ^ C[ 1+448]; + t8 = T0[B3(s42)] ^ T1[B2(s43)] ^ T2[B1(s40)] ^ T3[B0(s41)] ^ C[ 2+448]; + tc = T0[B3(s43)] ^ T1[B2(s40)] ^ T2[B1(s41)] ^ T3[B0(s42)] ^ C[ 3+448] ^ ctrh; + t1 = T0[B3(s44)] ^ T1[B2(s45)] ^ T2[B1(s46)] ^ T3[B0(s47)] ^ C[ 4+448]; + t5 = T0[B3(s45)] ^ T1[B2(s46)] ^ T2[B1(s47)] ^ T3[B0(s44)] ^ C[ 5+448]; + t9 = T0[B3(s46)] ^ T1[B2(s47)] ^ T2[B1(s44)] ^ T3[B0(s45)] ^ C[ 6+448]; + td = T0[B3(s47)] ^ T1[B2(s44)] ^ T2[B1(s45)] ^ T3[B0(s46)] ^ C[ 7+448]; + t2 = T0[B3(s48)] ^ T1[B2(s49)] ^ T2[B1(s4a)] ^ T3[B0(s4b)] ^ C[ 8+448]; + t6 = T0[B3(s49)] ^ T1[B2(s4a)] ^ T2[B1(s4b)] ^ T3[B0(s48)] ^ C[ 9+448]; + ta = T0[B3(s4a)] ^ T1[B2(s4b)] ^ T2[B1(s48)] ^ T3[B0(s49)] ^ C[ 10+448]; + te = T0[B3(s4b)] ^ T1[B2(s48)] ^ T2[B1(s49)] ^ T3[B0(s4a)] ^ C[ 11+448]; + t3 = T0[B3(s4c)] ^ T1[B2(s4d)] ^ T2[B1(s4e)] ^ T3[B0(s4f)] ^ C[ 12+448]; + t7 = T0[B3(s4d)] ^ T1[B2(s4e)] ^ T2[B1(s4f)] ^ T3[B0(s4c)] ^ C[ 13+448]; + tb = T0[B3(s4e)] ^ T1[B2(s4f)] ^ T2[B1(s4c)] ^ T3[B0(s4d)] ^ C[ 14+448]; + tf = T0[B3(s4f)] ^ T1[B2(s4c)] ^ T2[B1(s4d)] ^ T3[B0(s4e)] ^ C[ 15+448]; + + s40 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 16+448]; + s44 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 17+448]; + s48 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 18+448]; + s4c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 19+448] ^ ctrl; + s41 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 20+448]; + s45 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 21+448]; + s49 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 22+448]; + s4d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 23+448]; + s42 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 24+448]; + s46 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 25+448]; + s4a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 26+448]; + s4e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 27+448]; + s43 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 28+448]; + s47 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 29+448]; + s4b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 30+448]; + s4f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 31+448]; + + t0 = T0[B3(s40)] ^ T1[B2(s41)] ^ T2[B1(s42)] ^ T3[B0(s43)] ^ C[ 32+448]; + t4 = T0[B3(s41)] ^ T1[B2(s42)] ^ T2[B1(s43)] ^ T3[B0(s40)] ^ C[ 33+448]; + t8 = T0[B3(s42)] ^ T1[B2(s43)] ^ T2[B1(s40)] ^ T3[B0(s41)] ^ C[ 34+448]; + tc = T0[B3(s43)] ^ T1[B2(s40)] ^ T2[B1(s41)] ^ T3[B0(s42)] ^ C[ 35+448] ^ ctrh; + t1 = T0[B3(s44)] ^ T1[B2(s45)] ^ T2[B1(s46)] ^ T3[B0(s47)] ^ C[ 36+448]; + t5 = T0[B3(s45)] ^ T1[B2(s46)] ^ T2[B1(s47)] ^ T3[B0(s44)] ^ C[ 37+448]; + t9 = T0[B3(s46)] ^ T1[B2(s47)] ^ T2[B1(s44)] ^ T3[B0(s45)] ^ C[ 38+448]; + td = T0[B3(s47)] ^ T1[B2(s44)] ^ T2[B1(s45)] ^ T3[B0(s46)] ^ C[ 39+448]; + t2 = T0[B3(s48)] ^ T1[B2(s49)] ^ T2[B1(s4a)] ^ T3[B0(s4b)] ^ C[ 40+448]; + t6 = T0[B3(s49)] ^ T1[B2(s4a)] ^ T2[B1(s4b)] ^ T3[B0(s48)] ^ C[ 41+448]; + ta = T0[B3(s4a)] ^ T1[B2(s4b)] ^ T2[B1(s48)] ^ T3[B0(s49)] ^ C[ 42+448]; + te = T0[B3(s4b)] ^ T1[B2(s48)] ^ T2[B1(s49)] ^ T3[B0(s4a)] ^ C[ 43+448]; + t3 = T0[B3(s4c)] ^ T1[B2(s4d)] ^ T2[B1(s4e)] ^ T3[B0(s4f)] ^ C[ 44+448]; + t7 = T0[B3(s4d)] ^ T1[B2(s4e)] ^ T2[B1(s4f)] ^ T3[B0(s4c)] ^ C[ 45+448]; + tb = T0[B3(s4e)] ^ T1[B2(s4f)] ^ T2[B1(s4c)] ^ T3[B0(s4d)] ^ C[ 46+448]; + tf = T0[B3(s4f)] ^ T1[B2(s4c)] ^ T2[B1(s4d)] ^ T3[B0(s4e)] ^ C[ 47+448]; + + s40 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 48+448]; + s44 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 49+448]; + s48 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 50+448]; + s4c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 51+448] ^ ctrl; + s41 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 52+448]; + s45 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 53+448]; + s49 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 54+448]; + s4d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 55+448]; + s42 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 56+448]; + s46 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 57+448]; + s4a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 58+448]; + s4e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 59+448]; + s43 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 60+448]; + s47 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 61+448]; + s4b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 62+448]; + s4f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 63+448]; + + t0 = T0[B3(s40)] ^ T1[B2(s41)] ^ T2[B1(s42)] ^ T3[B0(s43)] ^ C[ 64+448]; + t4 = T0[B3(s41)] ^ T1[B2(s42)] ^ T2[B1(s43)] ^ T3[B0(s40)] ^ C[ 65+448]; + t8 = T0[B3(s42)] ^ T1[B2(s43)] ^ T2[B1(s40)] ^ T3[B0(s41)] ^ C[ 66+448]; + tc = T0[B3(s43)] ^ T1[B2(s40)] ^ T2[B1(s41)] ^ T3[B0(s42)] ^ C[ 67+448] ^ ctrh; + t1 = T0[B3(s44)] ^ T1[B2(s45)] ^ T2[B1(s46)] ^ T3[B0(s47)] ^ C[ 68+448]; + t5 = T0[B3(s45)] ^ T1[B2(s46)] ^ T2[B1(s47)] ^ T3[B0(s44)] ^ C[ 69+448]; + t9 = T0[B3(s46)] ^ T1[B2(s47)] ^ T2[B1(s44)] ^ T3[B0(s45)] ^ C[ 70+448]; + td = T0[B3(s47)] ^ T1[B2(s44)] ^ T2[B1(s45)] ^ T3[B0(s46)] ^ C[ 71+448]; + t2 = T0[B3(s48)] ^ T1[B2(s49)] ^ T2[B1(s4a)] ^ T3[B0(s4b)] ^ C[ 72+448]; + t6 = T0[B3(s49)] ^ T1[B2(s4a)] ^ T2[B1(s4b)] ^ T3[B0(s48)] ^ C[ 73+448]; + ta = T0[B3(s4a)] ^ T1[B2(s4b)] ^ T2[B1(s48)] ^ T3[B0(s49)] ^ C[ 74+448]; + te = T0[B3(s4b)] ^ T1[B2(s48)] ^ T2[B1(s49)] ^ T3[B0(s4a)] ^ C[ 75+448]; + t3 = T0[B3(s4c)] ^ T1[B2(s4d)] ^ T2[B1(s4e)] ^ T3[B0(s4f)] ^ C[ 76+448]; + t7 = T0[B3(s4d)] ^ T1[B2(s4e)] ^ T2[B1(s4f)] ^ T3[B0(s4c)] ^ C[ 77+448]; + tb = T0[B3(s4e)] ^ T1[B2(s4f)] ^ T2[B1(s4c)] ^ T3[B0(s4d)] ^ C[ 78+448]; + tf = T0[B3(s4f)] ^ T1[B2(s4c)] ^ T2[B1(s4d)] ^ T3[B0(s4e)] ^ C[ 79+448]; + + s40 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 80+448]; + s44 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 81+448]; + s48 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 82+448]; + s4c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 83+448] ^ ctrl; + s41 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 84+448]; + s45 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 85+448]; + s49 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 86+448]; + s4d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 87+448]; + s42 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 88+448]; + s46 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 89+448]; + s4a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 90+448]; + s4e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 91+448]; + s43 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 92+448]; + s47 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 93+448]; + s4b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 94+448]; + s4f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 95+448]; + + t0 = T0[B3(s40)] ^ T1[B2(s41)] ^ T2[B1(s42)] ^ T3[B0(s43)] ^ C[ 96+448]; + t4 = T0[B3(s41)] ^ T1[B2(s42)] ^ T2[B1(s43)] ^ T3[B0(s40)] ^ C[ 97+448]; + t8 = T0[B3(s42)] ^ T1[B2(s43)] ^ T2[B1(s40)] ^ T3[B0(s41)] ^ C[ 98+448]; + tc = T0[B3(s43)] ^ T1[B2(s40)] ^ T2[B1(s41)] ^ T3[B0(s42)] ^ C[ 99+448] ^ ctrh; + t1 = T0[B3(s44)] ^ T1[B2(s45)] ^ T2[B1(s46)] ^ T3[B0(s47)] ^ C[100+448]; + t5 = T0[B3(s45)] ^ T1[B2(s46)] ^ T2[B1(s47)] ^ T3[B0(s44)] ^ C[101+448]; + t9 = T0[B3(s46)] ^ T1[B2(s47)] ^ T2[B1(s44)] ^ T3[B0(s45)] ^ C[102+448]; + td = T0[B3(s47)] ^ T1[B2(s44)] ^ T2[B1(s45)] ^ T3[B0(s46)] ^ C[103+448]; + t2 = T0[B3(s48)] ^ T1[B2(s49)] ^ T2[B1(s4a)] ^ T3[B0(s4b)] ^ C[104+448]; + t6 = T0[B3(s49)] ^ T1[B2(s4a)] ^ T2[B1(s4b)] ^ T3[B0(s48)] ^ C[105+448]; + ta = T0[B3(s4a)] ^ T1[B2(s4b)] ^ T2[B1(s48)] ^ T3[B0(s49)] ^ C[106+448]; + te = T0[B3(s4b)] ^ T1[B2(s48)] ^ T2[B1(s49)] ^ T3[B0(s4a)] ^ C[107+448]; + t3 = T0[B3(s4c)] ^ T1[B2(s4d)] ^ T2[B1(s4e)] ^ T3[B0(s4f)] ^ C[108+448]; + t7 = T0[B3(s4d)] ^ T1[B2(s4e)] ^ T2[B1(s4f)] ^ T3[B0(s4c)] ^ C[109+448]; + tb = T0[B3(s4e)] ^ T1[B2(s4f)] ^ T2[B1(s4c)] ^ T3[B0(s4d)] ^ C[110+448]; + tf = T0[B3(s4f)] ^ T1[B2(s4c)] ^ T2[B1(s4d)] ^ T3[B0(s4e)] ^ C[111+448]; + + s70 ^= T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )]; + s74 ^= T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )]; + s78 ^= T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )]; + s7c ^= T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )]; + s71 ^= T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )]; + s75 ^= T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )]; + s79 ^= T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )]; + s7d ^= T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )]; + s72 ^= T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )]; + s76 ^= T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )]; + s7a ^= T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )]; + s7e ^= T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )]; + s73 ^= T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )]; + s77 ^= T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )]; + s7b ^= T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )]; + s7f ^= T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )]; + + /* Lane 5 */ + t0 = T0[B3(s50)] ^ T1[B2(s51)] ^ T2[B1(s52)] ^ T3[B0(s53)] ^ C[ 0+560]; + t4 = T0[B3(s51)] ^ T1[B2(s52)] ^ T2[B1(s53)] ^ T3[B0(s50)] ^ C[ 1+560]; + t8 = T0[B3(s52)] ^ T1[B2(s53)] ^ T2[B1(s50)] ^ T3[B0(s51)] ^ C[ 2+560]; + tc = T0[B3(s53)] ^ T1[B2(s50)] ^ T2[B1(s51)] ^ T3[B0(s52)] ^ C[ 3+560] ^ ctrl; + t1 = T0[B3(s54)] ^ T1[B2(s55)] ^ T2[B1(s56)] ^ T3[B0(s57)] ^ C[ 4+560]; + t5 = T0[B3(s55)] ^ T1[B2(s56)] ^ T2[B1(s57)] ^ T3[B0(s54)] ^ C[ 5+560]; + t9 = T0[B3(s56)] ^ T1[B2(s57)] ^ T2[B1(s54)] ^ T3[B0(s55)] ^ C[ 6+560]; + td = T0[B3(s57)] ^ T1[B2(s54)] ^ T2[B1(s55)] ^ T3[B0(s56)] ^ C[ 7+560]; + t2 = T0[B3(s58)] ^ T1[B2(s59)] ^ T2[B1(s5a)] ^ T3[B0(s5b)] ^ C[ 8+560]; + t6 = T0[B3(s59)] ^ T1[B2(s5a)] ^ T2[B1(s5b)] ^ T3[B0(s58)] ^ C[ 9+560]; + ta = T0[B3(s5a)] ^ T1[B2(s5b)] ^ T2[B1(s58)] ^ T3[B0(s59)] ^ C[ 10+560]; + te = T0[B3(s5b)] ^ T1[B2(s58)] ^ T2[B1(s59)] ^ T3[B0(s5a)] ^ C[ 11+560]; + t3 = T0[B3(s5c)] ^ T1[B2(s5d)] ^ T2[B1(s5e)] ^ T3[B0(s5f)] ^ C[ 12+560]; + t7 = T0[B3(s5d)] ^ T1[B2(s5e)] ^ T2[B1(s5f)] ^ T3[B0(s5c)] ^ C[ 13+560]; + tb = T0[B3(s5e)] ^ T1[B2(s5f)] ^ T2[B1(s5c)] ^ T3[B0(s5d)] ^ C[ 14+560]; + tf = T0[B3(s5f)] ^ T1[B2(s5c)] ^ T2[B1(s5d)] ^ T3[B0(s5e)] ^ C[ 15+560]; + + s50 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 16+560]; + s54 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 17+560]; + s58 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 18+560]; + s5c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 19+560] ^ ctrh; + s51 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 20+560]; + s55 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 21+560]; + s59 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 22+560]; + s5d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 23+560]; + s52 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 24+560]; + s56 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 25+560]; + s5a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 26+560]; + s5e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 27+560]; + s53 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 28+560]; + s57 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 29+560]; + s5b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 30+560]; + s5f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 31+560]; + + t0 = T0[B3(s50)] ^ T1[B2(s51)] ^ T2[B1(s52)] ^ T3[B0(s53)] ^ C[ 32+560]; + t4 = T0[B3(s51)] ^ T1[B2(s52)] ^ T2[B1(s53)] ^ T3[B0(s50)] ^ C[ 33+560]; + t8 = T0[B3(s52)] ^ T1[B2(s53)] ^ T2[B1(s50)] ^ T3[B0(s51)] ^ C[ 34+560]; + tc = T0[B3(s53)] ^ T1[B2(s50)] ^ T2[B1(s51)] ^ T3[B0(s52)] ^ C[ 35+560] ^ ctrl; + t1 = T0[B3(s54)] ^ T1[B2(s55)] ^ T2[B1(s56)] ^ T3[B0(s57)] ^ C[ 36+560]; + t5 = T0[B3(s55)] ^ T1[B2(s56)] ^ T2[B1(s57)] ^ T3[B0(s54)] ^ C[ 37+560]; + t9 = T0[B3(s56)] ^ T1[B2(s57)] ^ T2[B1(s54)] ^ T3[B0(s55)] ^ C[ 38+560]; + td = T0[B3(s57)] ^ T1[B2(s54)] ^ T2[B1(s55)] ^ T3[B0(s56)] ^ C[ 39+560]; + t2 = T0[B3(s58)] ^ T1[B2(s59)] ^ T2[B1(s5a)] ^ T3[B0(s5b)] ^ C[ 40+560]; + t6 = T0[B3(s59)] ^ T1[B2(s5a)] ^ T2[B1(s5b)] ^ T3[B0(s58)] ^ C[ 41+560]; + ta = T0[B3(s5a)] ^ T1[B2(s5b)] ^ T2[B1(s58)] ^ T3[B0(s59)] ^ C[ 42+560]; + te = T0[B3(s5b)] ^ T1[B2(s58)] ^ T2[B1(s59)] ^ T3[B0(s5a)] ^ C[ 43+560]; + t3 = T0[B3(s5c)] ^ T1[B2(s5d)] ^ T2[B1(s5e)] ^ T3[B0(s5f)] ^ C[ 44+560]; + t7 = T0[B3(s5d)] ^ T1[B2(s5e)] ^ T2[B1(s5f)] ^ T3[B0(s5c)] ^ C[ 45+560]; + tb = T0[B3(s5e)] ^ T1[B2(s5f)] ^ T2[B1(s5c)] ^ T3[B0(s5d)] ^ C[ 46+560]; + tf = T0[B3(s5f)] ^ T1[B2(s5c)] ^ T2[B1(s5d)] ^ T3[B0(s5e)] ^ C[ 47+560]; + + s50 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 48+560]; + s54 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 49+560]; + s58 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 50+560]; + s5c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 51+560] ^ ctrh; + s51 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 52+560]; + s55 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 53+560]; + s59 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 54+560]; + s5d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 55+560]; + s52 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 56+560]; + s56 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 57+560]; + s5a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 58+560]; + s5e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 59+560]; + s53 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 60+560]; + s57 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 61+560]; + s5b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 62+560]; + s5f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 63+560]; + + t0 = T0[B3(s50)] ^ T1[B2(s51)] ^ T2[B1(s52)] ^ T3[B0(s53)] ^ C[ 64+560]; + t4 = T0[B3(s51)] ^ T1[B2(s52)] ^ T2[B1(s53)] ^ T3[B0(s50)] ^ C[ 65+560]; + t8 = T0[B3(s52)] ^ T1[B2(s53)] ^ T2[B1(s50)] ^ T3[B0(s51)] ^ C[ 66+560]; + tc = T0[B3(s53)] ^ T1[B2(s50)] ^ T2[B1(s51)] ^ T3[B0(s52)] ^ C[ 67+560] ^ ctrl; + t1 = T0[B3(s54)] ^ T1[B2(s55)] ^ T2[B1(s56)] ^ T3[B0(s57)] ^ C[ 68+560]; + t5 = T0[B3(s55)] ^ T1[B2(s56)] ^ T2[B1(s57)] ^ T3[B0(s54)] ^ C[ 69+560]; + t9 = T0[B3(s56)] ^ T1[B2(s57)] ^ T2[B1(s54)] ^ T3[B0(s55)] ^ C[ 70+560]; + td = T0[B3(s57)] ^ T1[B2(s54)] ^ T2[B1(s55)] ^ T3[B0(s56)] ^ C[ 71+560]; + t2 = T0[B3(s58)] ^ T1[B2(s59)] ^ T2[B1(s5a)] ^ T3[B0(s5b)] ^ C[ 72+560]; + t6 = T0[B3(s59)] ^ T1[B2(s5a)] ^ T2[B1(s5b)] ^ T3[B0(s58)] ^ C[ 73+560]; + ta = T0[B3(s5a)] ^ T1[B2(s5b)] ^ T2[B1(s58)] ^ T3[B0(s59)] ^ C[ 74+560]; + te = T0[B3(s5b)] ^ T1[B2(s58)] ^ T2[B1(s59)] ^ T3[B0(s5a)] ^ C[ 75+560]; + t3 = T0[B3(s5c)] ^ T1[B2(s5d)] ^ T2[B1(s5e)] ^ T3[B0(s5f)] ^ C[ 76+560]; + t7 = T0[B3(s5d)] ^ T1[B2(s5e)] ^ T2[B1(s5f)] ^ T3[B0(s5c)] ^ C[ 77+560]; + tb = T0[B3(s5e)] ^ T1[B2(s5f)] ^ T2[B1(s5c)] ^ T3[B0(s5d)] ^ C[ 78+560]; + tf = T0[B3(s5f)] ^ T1[B2(s5c)] ^ T2[B1(s5d)] ^ T3[B0(s5e)] ^ C[ 79+560]; + + s50 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 80+560]; + s54 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 81+560]; + s58 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 82+560]; + s5c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 83+560] ^ ctrh; + s51 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 84+560]; + s55 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 85+560]; + s59 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 86+560]; + s5d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 87+560]; + s52 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 88+560]; + s56 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 89+560]; + s5a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 90+560]; + s5e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 91+560]; + s53 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 92+560]; + s57 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 93+560]; + s5b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 94+560]; + s5f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 95+560]; + + t0 = T0[B3(s50)] ^ T1[B2(s51)] ^ T2[B1(s52)] ^ T3[B0(s53)] ^ C[ 96+560]; + t4 = T0[B3(s51)] ^ T1[B2(s52)] ^ T2[B1(s53)] ^ T3[B0(s50)] ^ C[ 97+560]; + t8 = T0[B3(s52)] ^ T1[B2(s53)] ^ T2[B1(s50)] ^ T3[B0(s51)] ^ C[ 98+560]; + tc = T0[B3(s53)] ^ T1[B2(s50)] ^ T2[B1(s51)] ^ T3[B0(s52)] ^ C[ 99+560] ^ ctrl; + t1 = T0[B3(s54)] ^ T1[B2(s55)] ^ T2[B1(s56)] ^ T3[B0(s57)] ^ C[100+560]; + t5 = T0[B3(s55)] ^ T1[B2(s56)] ^ T2[B1(s57)] ^ T3[B0(s54)] ^ C[101+560]; + t9 = T0[B3(s56)] ^ T1[B2(s57)] ^ T2[B1(s54)] ^ T3[B0(s55)] ^ C[102+560]; + td = T0[B3(s57)] ^ T1[B2(s54)] ^ T2[B1(s55)] ^ T3[B0(s56)] ^ C[103+560]; + t2 = T0[B3(s58)] ^ T1[B2(s59)] ^ T2[B1(s5a)] ^ T3[B0(s5b)] ^ C[104+560]; + t6 = T0[B3(s59)] ^ T1[B2(s5a)] ^ T2[B1(s5b)] ^ T3[B0(s58)] ^ C[105+560]; + ta = T0[B3(s5a)] ^ T1[B2(s5b)] ^ T2[B1(s58)] ^ T3[B0(s59)] ^ C[106+560]; + te = T0[B3(s5b)] ^ T1[B2(s58)] ^ T2[B1(s59)] ^ T3[B0(s5a)] ^ C[107+560]; + t3 = T0[B3(s5c)] ^ T1[B2(s5d)] ^ T2[B1(s5e)] ^ T3[B0(s5f)] ^ C[108+560]; + t7 = T0[B3(s5d)] ^ T1[B2(s5e)] ^ T2[B1(s5f)] ^ T3[B0(s5c)] ^ C[109+560]; + tb = T0[B3(s5e)] ^ T1[B2(s5f)] ^ T2[B1(s5c)] ^ T3[B0(s5d)] ^ C[110+560]; + tf = T0[B3(s5f)] ^ T1[B2(s5c)] ^ T2[B1(s5d)] ^ T3[B0(s5e)] ^ C[111+560]; + + s70 ^= T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )]; + s74 ^= T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )]; + s78 ^= T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )]; + s7c ^= T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )]; + s71 ^= T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )]; + s75 ^= T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )]; + s79 ^= T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )]; + s7d ^= T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )]; + s72 ^= T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )]; + s76 ^= T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )]; + s7a ^= T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )]; + s7e ^= T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )]; + s73 ^= T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )]; + s77 ^= T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )]; + s7b ^= T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )]; + s7f ^= T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )]; + + /* Lane 6 */ + t0 = T0[B3(s60)] ^ T1[B2(s61)] ^ T2[B1(s62)] ^ T3[B0(s63)] ^ C[ 0+672]; + t4 = T0[B3(s61)] ^ T1[B2(s62)] ^ T2[B1(s63)] ^ T3[B0(s60)] ^ C[ 1+672]; + t8 = T0[B3(s62)] ^ T1[B2(s63)] ^ T2[B1(s60)] ^ T3[B0(s61)] ^ C[ 2+672]; + tc = T0[B3(s63)] ^ T1[B2(s60)] ^ T2[B1(s61)] ^ T3[B0(s62)] ^ C[ 3+672] ^ ctrh; + t1 = T0[B3(s64)] ^ T1[B2(s65)] ^ T2[B1(s66)] ^ T3[B0(s67)] ^ C[ 4+672]; + t5 = T0[B3(s65)] ^ T1[B2(s66)] ^ T2[B1(s67)] ^ T3[B0(s64)] ^ C[ 5+672]; + t9 = T0[B3(s66)] ^ T1[B2(s67)] ^ T2[B1(s64)] ^ T3[B0(s65)] ^ C[ 6+672]; + td = T0[B3(s67)] ^ T1[B2(s64)] ^ T2[B1(s65)] ^ T3[B0(s66)] ^ C[ 7+672]; + t2 = T0[B3(s68)] ^ T1[B2(s69)] ^ T2[B1(s6a)] ^ T3[B0(s6b)] ^ C[ 8+672]; + t6 = T0[B3(s69)] ^ T1[B2(s6a)] ^ T2[B1(s6b)] ^ T3[B0(s68)] ^ C[ 9+672]; + ta = T0[B3(s6a)] ^ T1[B2(s6b)] ^ T2[B1(s68)] ^ T3[B0(s69)] ^ C[ 10+672]; + te = T0[B3(s6b)] ^ T1[B2(s68)] ^ T2[B1(s69)] ^ T3[B0(s6a)] ^ C[ 11+672]; + t3 = T0[B3(s6c)] ^ T1[B2(s6d)] ^ T2[B1(s6e)] ^ T3[B0(s6f)] ^ C[ 12+672]; + t7 = T0[B3(s6d)] ^ T1[B2(s6e)] ^ T2[B1(s6f)] ^ T3[B0(s6c)] ^ C[ 13+672]; + tb = T0[B3(s6e)] ^ T1[B2(s6f)] ^ T2[B1(s6c)] ^ T3[B0(s6d)] ^ C[ 14+672]; + tf = T0[B3(s6f)] ^ T1[B2(s6c)] ^ T2[B1(s6d)] ^ T3[B0(s6e)] ^ C[ 15+672]; + + s60 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 16+672]; + s64 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 17+672]; + s68 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 18+672]; + s6c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 19+672] ^ ctrl; + s61 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 20+672]; + s65 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 21+672]; + s69 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 22+672]; + s6d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 23+672]; + s62 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 24+672]; + s66 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 25+672]; + s6a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 26+672]; + s6e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 27+672]; + s63 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 28+672]; + s67 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 29+672]; + s6b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 30+672]; + s6f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 31+672]; + + t0 = T0[B3(s60)] ^ T1[B2(s61)] ^ T2[B1(s62)] ^ T3[B0(s63)] ^ C[ 32+672]; + t4 = T0[B3(s61)] ^ T1[B2(s62)] ^ T2[B1(s63)] ^ T3[B0(s60)] ^ C[ 33+672]; + t8 = T0[B3(s62)] ^ T1[B2(s63)] ^ T2[B1(s60)] ^ T3[B0(s61)] ^ C[ 34+672]; + tc = T0[B3(s63)] ^ T1[B2(s60)] ^ T2[B1(s61)] ^ T3[B0(s62)] ^ C[ 35+672] ^ ctrh; + t1 = T0[B3(s64)] ^ T1[B2(s65)] ^ T2[B1(s66)] ^ T3[B0(s67)] ^ C[ 36+672]; + t5 = T0[B3(s65)] ^ T1[B2(s66)] ^ T2[B1(s67)] ^ T3[B0(s64)] ^ C[ 37+672]; + t9 = T0[B3(s66)] ^ T1[B2(s67)] ^ T2[B1(s64)] ^ T3[B0(s65)] ^ C[ 38+672]; + td = T0[B3(s67)] ^ T1[B2(s64)] ^ T2[B1(s65)] ^ T3[B0(s66)] ^ C[ 39+672]; + t2 = T0[B3(s68)] ^ T1[B2(s69)] ^ T2[B1(s6a)] ^ T3[B0(s6b)] ^ C[ 40+672]; + t6 = T0[B3(s69)] ^ T1[B2(s6a)] ^ T2[B1(s6b)] ^ T3[B0(s68)] ^ C[ 41+672]; + ta = T0[B3(s6a)] ^ T1[B2(s6b)] ^ T2[B1(s68)] ^ T3[B0(s69)] ^ C[ 42+672]; + te = T0[B3(s6b)] ^ T1[B2(s68)] ^ T2[B1(s69)] ^ T3[B0(s6a)] ^ C[ 43+672]; + t3 = T0[B3(s6c)] ^ T1[B2(s6d)] ^ T2[B1(s6e)] ^ T3[B0(s6f)] ^ C[ 44+672]; + t7 = T0[B3(s6d)] ^ T1[B2(s6e)] ^ T2[B1(s6f)] ^ T3[B0(s6c)] ^ C[ 45+672]; + tb = T0[B3(s6e)] ^ T1[B2(s6f)] ^ T2[B1(s6c)] ^ T3[B0(s6d)] ^ C[ 46+672]; + tf = T0[B3(s6f)] ^ T1[B2(s6c)] ^ T2[B1(s6d)] ^ T3[B0(s6e)] ^ C[ 47+672]; + + h[ 0] = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )]; + h[ 4] = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )]; + h[ 8] = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )]; + h[12] = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )]; + h[ 1] = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )]; + h[ 5] = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )]; + h[ 9] = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )]; + h[13] = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )]; + h[ 2] = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )]; + h[ 6] = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )]; + h[10] = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )]; + h[14] = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )]; + h[ 3] = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )]; + h[ 7] = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )]; + h[11] = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )]; + h[15] = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )]; + + /* Lane 7 */ + t0 = T0[B3(s70)] ^ T1[B2(s71)] ^ T2[B1(s72)] ^ T3[B0(s73)] ^ C[ 0+720]; + t4 = T0[B3(s71)] ^ T1[B2(s72)] ^ T2[B1(s73)] ^ T3[B0(s70)] ^ C[ 1+720]; + t8 = T0[B3(s72)] ^ T1[B2(s73)] ^ T2[B1(s70)] ^ T3[B0(s71)] ^ C[ 2+720]; + tc = T0[B3(s73)] ^ T1[B2(s70)] ^ T2[B1(s71)] ^ T3[B0(s72)] ^ C[ 3+720] ^ ctrl; + t1 = T0[B3(s74)] ^ T1[B2(s75)] ^ T2[B1(s76)] ^ T3[B0(s77)] ^ C[ 4+720]; + t5 = T0[B3(s75)] ^ T1[B2(s76)] ^ T2[B1(s77)] ^ T3[B0(s74)] ^ C[ 5+720]; + t9 = T0[B3(s76)] ^ T1[B2(s77)] ^ T2[B1(s74)] ^ T3[B0(s75)] ^ C[ 6+720]; + td = T0[B3(s77)] ^ T1[B2(s74)] ^ T2[B1(s75)] ^ T3[B0(s76)] ^ C[ 7+720]; + t2 = T0[B3(s78)] ^ T1[B2(s79)] ^ T2[B1(s7a)] ^ T3[B0(s7b)] ^ C[ 8+720]; + t6 = T0[B3(s79)] ^ T1[B2(s7a)] ^ T2[B1(s7b)] ^ T3[B0(s78)] ^ C[ 9+720]; + ta = T0[B3(s7a)] ^ T1[B2(s7b)] ^ T2[B1(s78)] ^ T3[B0(s79)] ^ C[ 10+720]; + te = T0[B3(s7b)] ^ T1[B2(s78)] ^ T2[B1(s79)] ^ T3[B0(s7a)] ^ C[ 11+720]; + t3 = T0[B3(s7c)] ^ T1[B2(s7d)] ^ T2[B1(s7e)] ^ T3[B0(s7f)] ^ C[ 12+720]; + t7 = T0[B3(s7d)] ^ T1[B2(s7e)] ^ T2[B1(s7f)] ^ T3[B0(s7c)] ^ C[ 13+720]; + tb = T0[B3(s7e)] ^ T1[B2(s7f)] ^ T2[B1(s7c)] ^ T3[B0(s7d)] ^ C[ 14+720]; + tf = T0[B3(s7f)] ^ T1[B2(s7c)] ^ T2[B1(s7d)] ^ T3[B0(s7e)] ^ C[ 15+720]; + + s70 = T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )] ^ C[ 16+720]; + s74 = T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )] ^ C[ 17+720]; + s78 = T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )] ^ C[ 18+720]; + s7c = T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )] ^ C[ 19+720] ^ ctrh; + s71 = T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )] ^ C[ 20+720]; + s75 = T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )] ^ C[ 21+720]; + s79 = T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )] ^ C[ 22+720]; + s7d = T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )] ^ C[ 23+720]; + s72 = T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )] ^ C[ 24+720]; + s76 = T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )] ^ C[ 25+720]; + s7a = T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )] ^ C[ 26+720]; + s7e = T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )] ^ C[ 27+720]; + s73 = T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )] ^ C[ 28+720]; + s77 = T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )] ^ C[ 29+720]; + s7b = T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )] ^ C[ 30+720]; + s7f = T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )] ^ C[ 31+720]; + + t0 = T0[B3(s70)] ^ T1[B2(s71)] ^ T2[B1(s72)] ^ T3[B0(s73)] ^ C[ 32+720]; + t4 = T0[B3(s71)] ^ T1[B2(s72)] ^ T2[B1(s73)] ^ T3[B0(s70)] ^ C[ 33+720]; + t8 = T0[B3(s72)] ^ T1[B2(s73)] ^ T2[B1(s70)] ^ T3[B0(s71)] ^ C[ 34+720]; + tc = T0[B3(s73)] ^ T1[B2(s70)] ^ T2[B1(s71)] ^ T3[B0(s72)] ^ C[ 35+720] ^ ctrl; + t1 = T0[B3(s74)] ^ T1[B2(s75)] ^ T2[B1(s76)] ^ T3[B0(s77)] ^ C[ 36+720]; + t5 = T0[B3(s75)] ^ T1[B2(s76)] ^ T2[B1(s77)] ^ T3[B0(s74)] ^ C[ 37+720]; + t9 = T0[B3(s76)] ^ T1[B2(s77)] ^ T2[B1(s74)] ^ T3[B0(s75)] ^ C[ 38+720]; + td = T0[B3(s77)] ^ T1[B2(s74)] ^ T2[B1(s75)] ^ T3[B0(s76)] ^ C[ 39+720]; + t2 = T0[B3(s78)] ^ T1[B2(s79)] ^ T2[B1(s7a)] ^ T3[B0(s7b)] ^ C[ 40+720]; + t6 = T0[B3(s79)] ^ T1[B2(s7a)] ^ T2[B1(s7b)] ^ T3[B0(s78)] ^ C[ 41+720]; + ta = T0[B3(s7a)] ^ T1[B2(s7b)] ^ T2[B1(s78)] ^ T3[B0(s79)] ^ C[ 42+720]; + te = T0[B3(s7b)] ^ T1[B2(s78)] ^ T2[B1(s79)] ^ T3[B0(s7a)] ^ C[ 43+720]; + t3 = T0[B3(s7c)] ^ T1[B2(s7d)] ^ T2[B1(s7e)] ^ T3[B0(s7f)] ^ C[ 44+720]; + t7 = T0[B3(s7d)] ^ T1[B2(s7e)] ^ T2[B1(s7f)] ^ T3[B0(s7c)] ^ C[ 45+720]; + tb = T0[B3(s7e)] ^ T1[B2(s7f)] ^ T2[B1(s7c)] ^ T3[B0(s7d)] ^ C[ 46+720]; + tf = T0[B3(s7f)] ^ T1[B2(s7c)] ^ T2[B1(s7d)] ^ T3[B0(s7e)] ^ C[ 47+720]; + + h[ 0] ^= T0[B3(t0 )] ^ T1[B2(t1 )] ^ T2[B1(t2 )] ^ T3[B0(t3 )]; + h[ 4] ^= T0[B3(t1 )] ^ T1[B2(t2 )] ^ T2[B1(t3 )] ^ T3[B0(t0 )]; + h[ 8] ^= T0[B3(t2 )] ^ T1[B2(t3 )] ^ T2[B1(t0 )] ^ T3[B0(t1 )]; + h[12] ^= T0[B3(t3 )] ^ T1[B2(t0 )] ^ T2[B1(t1 )] ^ T3[B0(t2 )]; + h[ 1] ^= T0[B3(t4 )] ^ T1[B2(t5 )] ^ T2[B1(t6 )] ^ T3[B0(t7 )]; + h[ 5] ^= T0[B3(t5 )] ^ T1[B2(t6 )] ^ T2[B1(t7 )] ^ T3[B0(t4 )]; + h[ 9] ^= T0[B3(t6 )] ^ T1[B2(t7 )] ^ T2[B1(t4 )] ^ T3[B0(t5 )]; + h[13] ^= T0[B3(t7 )] ^ T1[B2(t4 )] ^ T2[B1(t5 )] ^ T3[B0(t6 )]; + h[ 2] ^= T0[B3(t8 )] ^ T1[B2(t9 )] ^ T2[B1(ta )] ^ T3[B0(tb )]; + h[ 6] ^= T0[B3(t9 )] ^ T1[B2(ta )] ^ T2[B1(tb )] ^ T3[B0(t8 )]; + h[10] ^= T0[B3(ta )] ^ T1[B2(tb )] ^ T2[B1(t8 )] ^ T3[B0(t9 )]; + h[14] ^= T0[B3(tb )] ^ T1[B2(t8 )] ^ T2[B1(t9 )] ^ T3[B0(ta )]; + h[ 3] ^= T0[B3(tc )] ^ T1[B2(td )] ^ T2[B1(te )] ^ T3[B0(tf )]; + h[ 7] ^= T0[B3(td )] ^ T1[B2(te )] ^ T2[B1(tf )] ^ T3[B0(tc )]; + h[11] ^= T0[B3(te )] ^ T1[B2(tf )] ^ T2[B1(tc )] ^ T3[B0(td )]; + h[15] ^= T0[B3(tf )] ^ T1[B2(tc )] ^ T2[B1(td )] ^ T3[B0(te )]; +} + +void laneInit (hashState *state, int hashbitlen) +{ +// if (hashbitlen != 224 && hashbitlen != 256 && hashbitlen != 384 && hashbitlen != 512) +// return BAD_HASHBITLEN; + + state->hashbitlen = hashbitlen; + state->ctr = 0; + + switch (state->hashbitlen) { + case 224: + memcpy(state->h, iv224, 8*sizeof(uint32_t)); + break; + case 256: default: + memcpy(state->h, iv256, 8*sizeof(uint32_t)); + break; + case 384: + memcpy(state->h, iv384, 16*sizeof(uint32_t)); + break; + case 512: + memcpy(state->h, iv512, 16*sizeof(uint32_t)); + break; + } + +// return SUCCESS; +} + +void laneUpdate (hashState *state, const BitSequence *data, DataLength databitlen) +{ + uint64_t buffill; + uint64_t bytes; + + switch (state->hashbitlen) { + case 224: case 256: default: + buffill = (state->ctr >> 3) & 0x3f; + bytes = databitlen >> 3; + +// if (state->ctr & 0x7) +// return BAD_DATABITLEN; /* Only the last call to Update() may contain a fractional byte */ + + /* Check if we have some stuff left in the buffer. If so, fill it, and process it */ + if (buffill) { + const uint64_t n = buffill + bytes > 64 ? 64-buffill : bytes; /* number of bytes to copy */ + memcpy(state->buffer + buffill, data, n); + state->ctr += n << 3; + if (buffill + n == 64) /* full buffer now */ + lane256_compress(state->buffer, state->h, MSB32(state->ctr), LSB32(state->ctr)); + data += n; + bytes -= n; + } + + /* Now process as many full blocks as we can directly from the input message */ + while (bytes >= 64) { + state->ctr += 64 << 3; + lane256_compress(data, state->h, MSB32(state->ctr), LSB32(state->ctr)); + data += 64; + bytes -= 64; + } + break; + + case 384: case 512: + buffill = (state->ctr >> 3) & 0x7f; + bytes = databitlen >> 3; + +// if (state->ctr & 0x7) +// return BAD_DATABITLEN; /* Only the last call to Update() may contain a fractional byte */ + + /* Check if we have some stuff left in the buffer. If so, fill it, and process it */ + if (buffill) { + const uint64_t n = buffill + bytes > 128 ? 128-buffill : bytes; /* number of bytes to copy */ + memcpy(state->buffer + buffill, data, n); + state->ctr += n << 3; + if (buffill + n == 128) /* full buffer now */ + lane512_compress(state->buffer, state->h, MSB32(state->ctr), LSB32(state->ctr)); + data += n; + bytes -= n; + } + + /* Now process as many full blocks as we can directly from the input message */ + while (bytes >= 128) { + state->ctr += 128 << 3; + lane512_compress(data, state->h, MSB32(state->ctr), LSB32(state->ctr)); + data += 128; + bytes -= 128; + } + break; + } + + /* And finally, save the last, incomplete message block */ + if (bytes || (databitlen & 0x7)) { + memcpy(state->buffer, data, databitlen & 0x7 ? bytes+1 : bytes); /* also copy partial byte */ + state->ctr += (bytes << 3) + (databitlen & 0x7); + } + +// return SUCCESS; +} + +void laneFinal (hashState *state, BitSequence *hashval) +{ + + switch (state->hashbitlen) { + case 224: case 256: default: + /* do zero padding and compress last block, if there is some data in the buffer */ + if (state->ctr & 0x1ff) { + const uint64_t n = (((state->ctr & 0x1ff) - 1) >> 3) + 1; /* number of bytes in buffer that are (partially) filled */ + if (n < 64) + memset(state->buffer + n, 0, 64-n); + state->buffer[(state->ctr >> 3)&0x3f] &= ~(0xff >> (state->ctr & 0x7)); /* zero-pad partial byte */ + lane256_compress(state->buffer, state->h, MSB32(state->ctr), LSB32(state->ctr)); + } + + /* output transformation */ + memset(state->buffer, 0, 64); + state->buffer[0] = 0x00; /* flag byte 0x00: output transformation without seed */ + state->buffer[1] = T8(state->ctr >> 56); /* message length in big-endian */ + state->buffer[2] = T8(state->ctr >> 48); + state->buffer[3] = T8(state->ctr >> 40); + state->buffer[4] = T8(state->ctr >> 32); + state->buffer[5] = T8(state->ctr >> 24); + state->buffer[6] = T8(state->ctr >> 16); + state->buffer[7] = T8(state->ctr >> 8); + state->buffer[8] = T8(state->ctr >> 0); + lane256_compress(state->buffer, state->h, 0, 0); + + /* write back result */ + U32TO8_BIG(hashval, state->h[0]); + U32TO8_BIG(hashval+4, state->h[1]); + U32TO8_BIG(hashval+8, state->h[2]); + U32TO8_BIG(hashval+12, state->h[3]); + U32TO8_BIG(hashval+16, state->h[4]); + U32TO8_BIG(hashval+20, state->h[5]); + U32TO8_BIG(hashval+24, state->h[6]); + U32TO8_BIG(hashval+28, state->h[7]); + + break; + + case 384: case 512: + /* do zero padding and compress last block, if there is some data in the buffer */ + if (state->ctr & 0x3ff) { + const uint64_t n = (((state->ctr & 0x3ff) - 1) >> 3) + 1; /* number of bytes in buffer that are (partially) filled */ + if (n < 128) + memset(state->buffer + n, 0, 128-n); + state->buffer[(state->ctr >> 3)&0x7f] &= ~(0xff >> (state->ctr & 0x7)); /* zero-pad partial byte */ + lane512_compress(state->buffer, state->h, MSB32(state->ctr), LSB32(state->ctr)); + } + + /* output transformation */ + memset(state->buffer, 0, 128); + state->buffer[0] = 0x00; /* flag byte 0x00: output transformation without seed */ + state->buffer[1] = T8(state->ctr >> 56); /* message length in big-endian */ + state->buffer[2] = T8(state->ctr >> 48); + state->buffer[3] = T8(state->ctr >> 40); + state->buffer[4] = T8(state->ctr >> 32); + state->buffer[5] = T8(state->ctr >> 24); + state->buffer[6] = T8(state->ctr >> 16); + state->buffer[7] = T8(state->ctr >> 8); + state->buffer[8] = T8(state->ctr >> 0); + lane512_compress(state->buffer, state->h, 0, 0); + + /* write back result */ + U32TO8_BIG(hashval, state->h[0]); + U32TO8_BIG(hashval+4, state->h[1]); + U32TO8_BIG(hashval+8, state->h[2]); + U32TO8_BIG(hashval+12, state->h[3]); + U32TO8_BIG(hashval+16, state->h[4]); + U32TO8_BIG(hashval+20, state->h[5]); + U32TO8_BIG(hashval+24, state->h[6]); + U32TO8_BIG(hashval+28, state->h[7]); + U32TO8_BIG(hashval+32, state->h[8]); + U32TO8_BIG(hashval+36, state->h[9]); + U32TO8_BIG(hashval+40, state->h[10]); + U32TO8_BIG(hashval+44, state->h[11]); + U32TO8_BIG(hashval+48, state->h[12]); + U32TO8_BIG(hashval+52, state->h[13]); + U32TO8_BIG(hashval+56, state->h[14]); + U32TO8_BIG(hashval+60, state->h[15]); + + break; + } + +// return SUCCESS; +} + +void laneHash (int hashbitlen, const BitSequence *data, DataLength databitlen, BitSequence *hashval) +{ + hashState state; +// HashReturn hashReturn; + + laneInit(&state, hashbitlen); + laneUpdate(&state, data, databitlen); + laneFinal(&state, hashval); +/* + if ((hashReturn = laneInit(&state, hashbitlen)) != SUCCESS) + return hashReturn; + if ((hashReturn = laneUpdate(&state, data, databitlen)) != SUCCESS) + return hashReturn; + if ((hashReturn = laneFinal(&state, hashval)) != SUCCESS) + return hashReturn; + return SUCCESS; +*/ +} diff --git a/algo/lanehash/lane.h b/algo/lanehash/lane.h new file mode 100644 index 0000000..4a02e64 --- /dev/null +++ b/algo/lanehash/lane.h @@ -0,0 +1,50 @@ +/* + * Copyright (c) 2008 Sebastiaan Indesteege + * + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Optimised ANSI-C implementation of LANE + */ + +#ifndef LANE_H +#define LANE_H + +#include +//#include "algo/sha/sha3-defs.h" +#include + +typedef unsigned char BitSequence; +typedef unsigned long long DataLength; + +//typedef enum { SUCCESS = 0, FAIL = 1, BAD_HASHBITLEN = 2, BAD_DATABITLEN = 3 } HashReturn; + +//typedef unsigned char u8; +//typedef unsigned int u32; +//typedef unsigned long long u64; + +typedef struct { + int hashbitlen; + uint64_t ctr; + uint32_t h[16]; + uint8_t buffer[128]; +} hashState; + +void laneInit (hashState *state, int hashbitlen); +void laneUpdate (hashState *state, const BitSequence *data, DataLength databitlen); +void laneFinal (hashState *state, BitSequence *hashval); +void laneHash (int hashbitlen, const BitSequence *data, DataLength databitlen, BitSequence *hashval); + +#endif /* LANE_H */ diff --git a/algo/swifftx/Swifftx_sha3.cpp b/algo/swifftx/Swifftx_sha3.cpp new file mode 100644 index 0000000..a71099f --- /dev/null +++ b/algo/swifftx/Swifftx_sha3.cpp @@ -0,0 +1,369 @@ +#include "Swifftx_sha3.h" +extern "C" { +#include "SWIFFTX.h" +} +#include +#include +#include + +// The default salt value. +// This is the expansion of e (Euler's number) - the 19 digits after 2.71: +// 8281828459045235360. +// The above in base 256, from MSB to LSB: +BitSequence SWIF_saltValueChar[SWIF_HAIFA_SALT_SIZE] = {114, 238, 247, 26, 192, 28, 170, 160}; + +// All the IVs here below were produced from the decimal digits of e's expansion. +// The code can be found in 'ProduceRandomIV.c'. +// The initial value for 224 digest size. +const BitSequence SWIF_HAIFA_IV_224[SWIFFTX_OUTPUT_BLOCK_SIZE] = +{37, 242, 132, 2, 167, 81, 158, 237, 113, 77, 162, 60, 65, 236, 108, 246, +101, 72, 190, 109, 58, 205, 99, 6, 114, 169, 104, 114, 38, 146, 121, 142, + 59, 98, 233, 84, 72, 227, 22, 199, 17, 102, 198, 145, 24, 178, 37, 1, +215, 245, 66, 120, 230, 193, 113, 253, 165, 218, 66, 134, 49, 231, 124, 204, + 0}; + +// The initial value for 256 digest size. +const BitSequence SWIF_HAIFA_IV_256[SWIFFTX_OUTPUT_BLOCK_SIZE] = +{250, 50, 42, 40, 14, 233, 53, 48, 227, 42, 237, 187, 211, 120, 209, 234, + 27, 144, 4, 61, 243, 244, 29, 247, 37, 162, 70, 11, 231, 196, 53, 6, + 193, 240, 94, 126, 204, 132, 104, 46, 114, 29, 3, 104, 118, 184, 201, 3, + 57, 77, 91, 101, 31, 155, 84, 199, 228, 39, 198, 42, 248, 198, 201, 178, + 8}; + +// The initial value for 384 digest size. +const BitSequence SWIF_HAIFA_IV_384[SWIFFTX_OUTPUT_BLOCK_SIZE] = +{40, 145, 193, 100, 205, 171, 47, 76, 254, 10, 196, 41, 165, 207, 200, 79, +109, 13, 75, 201, 17, 172, 64, 162, 217, 22, 88, 39, 51, 30, 220, 151, +133, 73, 216, 233, 184, 203, 77, 0, 248, 13, 28, 199, 30, 147, 232, 242, +227, 124, 169, 174, 14, 45, 27, 87, 254, 73, 68, 136, 135, 159, 83, 152, + 0}; + +// The initial value for 512 digest size. +const BitSequence SWIF_HAIFA_IV_512[SWIFFTX_OUTPUT_BLOCK_SIZE] = +{195, 126, 197, 167, 157, 114, 99, 126, 208, 105, 200, 90, 71, 195, 144, 138, + 142, 122, 123, 116, 24, 214, 168, 173, 203, 183, 194, 210, 102, 117, 138, 42, + 114, 118, 132, 33, 35, 149, 143, 163, 163, 183, 243, 175, 72, 22, 201, 255, + 102, 243, 22, 187, 211, 167, 239, 76, 164, 70, 80, 182, 181, 212, 9, 185, + 0}; + + +/////////////////////////////////////////////////////////////////////////////////////////////// +// NIST API implementation portion. +/////////////////////////////////////////////////////////////////////////////////////////////// + +int Swifftx::Init(int hashbitlen) +{ + switch(hashbitlen) + { + case 224: + swifftxState.hashbitlen = hashbitlen; + // Initializes h_0 in HAIFA: + memcpy(swifftxState.currOutputBlock, SWIF_HAIFA_IV_224, SWIFFTX_OUTPUT_BLOCK_SIZE); + break; + case 256: + swifftxState.hashbitlen = hashbitlen; + memcpy(swifftxState.currOutputBlock, SWIF_HAIFA_IV_256, SWIFFTX_OUTPUT_BLOCK_SIZE); + break; + case 384: + swifftxState.hashbitlen = hashbitlen; + memcpy(swifftxState.currOutputBlock, SWIF_HAIFA_IV_384, SWIFFTX_OUTPUT_BLOCK_SIZE); + break; + case 512: + swifftxState.hashbitlen = hashbitlen; + memcpy(swifftxState.currOutputBlock, SWIF_HAIFA_IV_512, SWIFFTX_OUTPUT_BLOCK_SIZE); + break; + default: + return BAD_HASHBITLEN; + } + + swifftxState.wasUpdated = false; + swifftxState.remainingSize = 0; + memset(swifftxState.remaining, 0, SWIF_HAIFA_INPUT_BLOCK_SIZE); + memset(swifftxState.numOfBitsChar, 0, SWIF_HAIFA_NUM_OF_BITS_SIZE); + // Initialize the salt with the default value. + memcpy(swifftxState.salt, SWIF_saltValueChar, SWIF_HAIFA_SALT_SIZE); + + InitializeSWIFFTX(); + + return SUCCESS; +} + +int Swifftx::Update(const BitSequence *data, DataLength databitlen) +{ + // The size of input in bytes after putting the remaining data from previous invocation. + int sizeOfInputAfterRemaining = 0; + // The input block to compression function of SWIFFTX: + BitSequence currInputBlock[SWIFFTX_INPUT_BLOCK_SIZE] = {0}; + // Whether we handled a single block. + bool wasSingleBlockHandled = false; + + swifftxState.wasUpdated = true; + + // Handle an empty message as required by NIST. Since 'Final()' is oblivious to the input + // (but of course uses the output of the compression function from the previous round, + // which is called h_{i-1} in HAIFA article), we have to do nothing here. + if (databitlen == 0) + return SUCCESS; + + // If we had before an input with unaligned length, return an error + if (swifftxState.remainingSize % 8) + { + return INPUT_DATA_NOT_ALIGNED; + } + + // Convert remaining size to bytes. + swifftxState.remainingSize /= 8; + + // As long as we have enough data combined from (remaining + data) to fill input block + //NASTAVENIE RUND + while (((databitlen / 8) + swifftxState.remainingSize) >= SWIF_HAIFA_INPUT_BLOCK_SIZE) + { + // Fill the input block with data: + // 1. The output of the previous block: + memcpy(currInputBlock, swifftxState.currOutputBlock, SWIFFTX_OUTPUT_BLOCK_SIZE); + // 2. The input part of the block: + // 2a. The remaining data from the previous 'Update()' call: + if (swifftxState.remainingSize) + memcpy(currInputBlock + SWIFFTX_OUTPUT_BLOCK_SIZE, swifftxState.remaining, + swifftxState.remainingSize); + // 2b. The input data that we have place for after the 'remaining': + sizeOfInputAfterRemaining = SWIFFTX_INPUT_BLOCK_SIZE - SWIFFTX_OUTPUT_BLOCK_SIZE + - ((int) swifftxState.remainingSize) - SWIF_HAIFA_NUM_OF_BITS_SIZE + - SWIF_HAIFA_SALT_SIZE; + memcpy(currInputBlock + SWIFFTX_OUTPUT_BLOCK_SIZE + swifftxState.remainingSize, + data, sizeOfInputAfterRemaining); + + // 3. The #bits part of the block: + memcpy(currInputBlock + SWIFFTX_OUTPUT_BLOCK_SIZE + swifftxState.remainingSize + + sizeOfInputAfterRemaining, + swifftxState.numOfBitsChar, SWIF_HAIFA_NUM_OF_BITS_SIZE); + // 4. The salt part of the block: + memcpy(currInputBlock + SWIFFTX_OUTPUT_BLOCK_SIZE + swifftxState.remainingSize + + sizeOfInputAfterRemaining + SWIF_HAIFA_NUM_OF_BITS_SIZE, + swifftxState.salt, SWIF_HAIFA_SALT_SIZE); + + ComputeSingleSWIFFTX(currInputBlock, swifftxState.currOutputBlock, false); + + // Update the #bits field with SWIF_HAIFA_INPUT_BLOCK_SIZE. + AddToCurrInBase256(swifftxState.numOfBitsChar, SWIF_HAIFA_INPUT_BLOCK_SIZE * 8); + wasSingleBlockHandled = true; + data += sizeOfInputAfterRemaining; + databitlen -= (sizeOfInputAfterRemaining * 8); + swifftxState.remainingSize = 0; + } + + // Update the swifftxState.remaining and swifftxState.remainingSize. + // remainingSize will be in bits after exiting 'Update()'. + if (wasSingleBlockHandled) + { + swifftxState.remainingSize = (unsigned int) databitlen; // now remaining size is in bits. + if (swifftxState.remainingSize) + memcpy(swifftxState.remaining, data, (swifftxState.remainingSize + 7) / 8); + } + else + { + memcpy(swifftxState.remaining + swifftxState.remainingSize, data, + (size_t) (databitlen + 7) / 8); + swifftxState.remainingSize = (swifftxState.remainingSize * 8) + (unsigned short) databitlen; + } + + return SUCCESS; +} + +int Swifftx::Final(BitSequence *hashval) +{ + int i; + // Whether to add one last block. True if the padding appended to the last block overflows + // the block size. + bool toAddFinalBlock = false; + bool toPutOneInFinalBlock = false; + unsigned short oneShift = 0; + // The size of the last input block before the zeroes padding. We add 1 here because we + // include the final '1' bit in the calculation and 7 as we round the length to bytes. + unsigned short sizeOfLastInputBlock = (swifftxState.remainingSize + 1 + 7) / 8; + // The number of bytes of zero in the padding part. + // The padding contains: + // 1. A single 1 bit. + // 2. As many zeroes as needed. + // 3. The message length in bits. Occupies SWIF_HAIFA_NUM_OF_BITS_SIZE bytes. + // 4. The digest size. Maximum is 512, so we need 2 bytes. + // If the total number achieved is negative, add an additional block, as HAIFA specifies. + short numOfZeroBytesInPadding = (short) SWIFFTX_INPUT_BLOCK_SIZE - SWIFFTX_OUTPUT_BLOCK_SIZE + - sizeOfLastInputBlock - (2 * SWIF_HAIFA_NUM_OF_BITS_SIZE) - 2 + - SWIF_HAIFA_SALT_SIZE; + // The input block to compression function of SWIFFTX: + BitSequence currInputBlock[SWIFFTX_INPUT_BLOCK_SIZE] = {0}; + // The message length in base 256. + BitSequence messageLengthChar[SWIF_HAIFA_NUM_OF_BITS_SIZE] = {0}; + // The digest size used for padding: + unsigned char digestSizeLSB = swifftxState.hashbitlen % 256; + unsigned char digestSizeMSB = (swifftxState.hashbitlen - digestSizeLSB) / 256; + + if (numOfZeroBytesInPadding < 1) + toAddFinalBlock = true; + + // Fill the input block with data: + // 1. The output of the previous block: + memcpy(currInputBlock, swifftxState.currOutputBlock, SWIFFTX_OUTPUT_BLOCK_SIZE); + // 2a. The input part of the block, which is the remaining data from the previous 'Update()' + // call, if exists and an extra '1' bit (maybe all we have is this extra 1): + + // Add the last 1 in big-endian convention ... + if (swifftxState.remainingSize % 8 == 0) + { + swifftxState.remaining[sizeOfLastInputBlock - 1] = 0x80; + } + else + { + swifftxState.remaining[sizeOfLastInputBlock - 1] |= (1 << (7 - (swifftxState.remainingSize % 8))); + } + + if (sizeOfLastInputBlock) + memcpy(currInputBlock + SWIFFTX_OUTPUT_BLOCK_SIZE, swifftxState.remaining, + sizeOfLastInputBlock); + + // Compute the message length in base 256: + for (i = 0; i < SWIF_HAIFA_NUM_OF_BITS_SIZE; ++i) + messageLengthChar[i] = swifftxState.numOfBitsChar[i]; + if (sizeOfLastInputBlock) + AddToCurrInBase256(messageLengthChar, sizeOfLastInputBlock * 8); + + if (!toAddFinalBlock) + { + // 2b. Put the zeroes: + memset(currInputBlock + SWIFFTX_OUTPUT_BLOCK_SIZE + sizeOfLastInputBlock, + 0, numOfZeroBytesInPadding); + // 2c. Pad the message length: + for (i = 0; i < SWIF_HAIFA_NUM_OF_BITS_SIZE; ++i) + currInputBlock[SWIFFTX_OUTPUT_BLOCK_SIZE + sizeOfLastInputBlock + + numOfZeroBytesInPadding + i] = messageLengthChar[i]; + // 2d. Pad the digest size: + currInputBlock[SWIFFTX_OUTPUT_BLOCK_SIZE + sizeOfLastInputBlock + + numOfZeroBytesInPadding + SWIF_HAIFA_NUM_OF_BITS_SIZE] = digestSizeMSB; + currInputBlock[SWIFFTX_OUTPUT_BLOCK_SIZE + sizeOfLastInputBlock + + numOfZeroBytesInPadding + SWIF_HAIFA_NUM_OF_BITS_SIZE + 1] = digestSizeLSB; + } + else + { + // 2b. Put the zeroes, if at all: + if ((SWIF_HAIFA_INPUT_BLOCK_SIZE - sizeOfLastInputBlock) > 0) + { + memset(currInputBlock + SWIFFTX_OUTPUT_BLOCK_SIZE + sizeOfLastInputBlock, + 0, SWIF_HAIFA_INPUT_BLOCK_SIZE - sizeOfLastInputBlock); + } + } + + // 3. The #bits part of the block: + memcpy(currInputBlock + SWIFFTX_OUTPUT_BLOCK_SIZE + SWIF_HAIFA_INPUT_BLOCK_SIZE, + swifftxState.numOfBitsChar, SWIF_HAIFA_NUM_OF_BITS_SIZE); + // 4. The salt part of the block: + memcpy(currInputBlock + SWIFFTX_OUTPUT_BLOCK_SIZE + SWIF_HAIFA_INPUT_BLOCK_SIZE + + SWIF_HAIFA_NUM_OF_BITS_SIZE, + swifftxState.salt, + SWIF_HAIFA_SALT_SIZE); + + ComputeSingleSWIFFTX(currInputBlock, swifftxState.currOutputBlock, !toAddFinalBlock); + + // If we have to add one more block, it is now: + if (toAddFinalBlock) + { + // 1. The previous output block, as usual. + memcpy(currInputBlock, swifftxState.currOutputBlock, SWIFFTX_OUTPUT_BLOCK_SIZE); + + // 2a. Instead of the input, zeroes: + memset(currInputBlock + SWIFFTX_OUTPUT_BLOCK_SIZE , 0, + SWIF_HAIFA_INPUT_BLOCK_SIZE - SWIF_HAIFA_NUM_OF_BITS_SIZE - 2); + // 2b. Instead of the input, the message length: + memcpy(currInputBlock + SWIFFTX_OUTPUT_BLOCK_SIZE + SWIF_HAIFA_INPUT_BLOCK_SIZE + - SWIF_HAIFA_NUM_OF_BITS_SIZE - 2, + messageLengthChar, + SWIF_HAIFA_NUM_OF_BITS_SIZE); + // 2c. Instead of the input, the digest size: + currInputBlock[SWIFFTX_OUTPUT_BLOCK_SIZE + SWIF_HAIFA_INPUT_BLOCK_SIZE - 2] = digestSizeMSB; + currInputBlock[SWIFFTX_OUTPUT_BLOCK_SIZE + SWIF_HAIFA_INPUT_BLOCK_SIZE - 1] = digestSizeLSB; + // 3. The #bits part of the block, which is zero in case of additional block: + memset(currInputBlock + SWIFFTX_OUTPUT_BLOCK_SIZE + SWIF_HAIFA_INPUT_BLOCK_SIZE, + 0, + SWIF_HAIFA_NUM_OF_BITS_SIZE); + // 4. The salt part of the block: + memcpy(currInputBlock + SWIFFTX_OUTPUT_BLOCK_SIZE + SWIF_HAIFA_INPUT_BLOCK_SIZE + + SWIF_HAIFA_NUM_OF_BITS_SIZE, + swifftxState.salt, + SWIF_HAIFA_SALT_SIZE); + + ComputeSingleSWIFFTX(currInputBlock, swifftxState.currOutputBlock, true); + } + + // Finally, copy the result into 'hashval'. In case the digest size is not 512bit, copy the + // first hashbitlen of them: + for (i = 0; i < (swifftxState.hashbitlen / 8); ++i) + hashval[i] = swifftxState.currOutputBlock[i]; + + return SUCCESS; +} + +int Swifftx::Hash(int hashbitlen, const BitSequence *data, DataLength databitlen, + BitSequence *hashval) +{ + int result; + //hashState state; + // The pointer to the current place in the input we take into the compression function. + DataLength currInputIndex = 0; + + result = Swifftx::Init(hashbitlen); + + if (result != SUCCESS) + return result; + + for ( ; (databitlen / 8) > SWIF_HAIFA_INPUT_BLOCK_SIZE; + currInputIndex += SWIF_HAIFA_INPUT_BLOCK_SIZE, databitlen -= (SWIF_HAIFA_INPUT_BLOCK_SIZE * 8)) + { + result = Swifftx::Update(data + currInputIndex, SWIF_HAIFA_INPUT_BLOCK_SIZE * 8); + if (result != SUCCESS) + return result; + } + + // The length of the last block may be shorter than (SWIF_HAIFA_INPUT_BLOCK_SIZE * 8) + result = Swifftx::Update(data + currInputIndex, databitlen); + if (result != SUCCESS) + { + return result; + } + + return Swifftx::Final(hashval); +} + +/////////////////////////////////////////////////////////////////////////////////////////////// +// Helper fuction implementation portion. +/////////////////////////////////////////////////////////////////////////////////////////////// + +void Swifftx::AddToCurrInBase256(BitSequence value[SWIF_HAIFA_NUM_OF_BITS_SIZE], + unsigned short toAdd) +{ + unsigned char remainder = 0; + short i; + BitSequence currValueInBase256[8] = {0}; + unsigned short currIndex = 7; + unsigned short temp = 0; + + do + { + remainder = toAdd % 256; + currValueInBase256[currIndex--] = remainder; + toAdd -= remainder; + toAdd /= 256; + } + while(toAdd != 0); + + for (i = 7; i >= 0; --i) + { + temp = value[i] + currValueInBase256[i]; + if (temp > 255) + { + value[i] = temp % 256; + currValueInBase256[i - 1]++; + } + else + value[i] = (unsigned char) temp; + } +} \ No newline at end of file diff --git a/algo/swifftx/Swifftx_sha3.h b/algo/swifftx/Swifftx_sha3.h new file mode 100644 index 0000000..9f6985e --- /dev/null +++ b/algo/swifftx/Swifftx_sha3.h @@ -0,0 +1,79 @@ +#ifndef SWIFFTX_SHA3_H +#define SWIFFTX_SHA3_H + +#include "sha3_interface.h" +#include "stdbool.h" +#include "stdint.h" + +class Swifftx : public SHA3 { + +#define SWIFFTX_INPUT_BLOCK_SIZE 256 +#define SWIFFTX_OUTPUT_BLOCK_SIZE 65 +#define SWIF_HAIFA_SALT_SIZE 8 +#define SWIF_HAIFA_NUM_OF_BITS_SIZE 8 +#define SWIF_HAIFA_INPUT_BLOCK_SIZE (SWIFFTX_INPUT_BLOCK_SIZE - SWIFFTX_OUTPUT_BLOCK_SIZE \ + - SWIF_HAIFA_NUM_OF_BITS_SIZE - SWIF_HAIFA_SALT_SIZE) + + typedef unsigned char BitSequence; +//const DataLength SWIF_SALT_VALUE; + +#define SWIF_HAIFA_IV 0 + +/*const BitSequence SWIF_HAIFA_IV_224[SWIFFTX_OUTPUT_BLOCK_SIZE]; +const BitSequence SWIF_HAIFA_IV_256[SWIFFTX_OUTPUT_BLOCK_SIZE]; +const BitSequence SWIF_HAIFA_IV_384[SWIFFTX_OUTPUT_BLOCK_SIZE]; +const BitSequence SWIF_HAIFA_IV_512[SWIFFTX_OUTPUT_BLOCK_SIZE];*/ + +typedef enum +{ + SUCCESS = 0, + FAIL = 1, + BAD_HASHBITLEN = 2, + BAD_SALT_SIZE = 3, + SET_SALT_VALUE_FAILED = 4, + INPUT_DATA_NOT_ALIGNED = 5 +} HashReturn; + +typedef struct hashState { + unsigned short hashbitlen; + + // The data remained after the recent call to 'Update()'. + BitSequence remaining[SWIF_HAIFA_INPUT_BLOCK_SIZE + 1]; + + // The size of the remaining data in bits. + // Is 0 in case there is no remaning data at all. + unsigned int remainingSize; + + // The current output of the compression function. At the end will contain the final digest + // (which may be needed to be truncated, depending on hashbitlen). + BitSequence currOutputBlock[SWIFFTX_OUTPUT_BLOCK_SIZE]; + + // The value of '#bits hashed so far' field in HAIFA, in base 256. + BitSequence numOfBitsChar[SWIF_HAIFA_NUM_OF_BITS_SIZE]; + + // The salt value currently in use: + BitSequence salt[SWIF_HAIFA_SALT_SIZE]; + + // Indicates whether a single 'Update()' occured. + // Ater a call to 'Update()' the key and the salt values cannot be changed. + bool wasUpdated; +} hashState; + +private: +int swifftxNumRounds; +hashState swifftxState; + + +public: +int Init(int hashbitlen); +int Update(const BitSequence *data, DataLength databitlen); +int Final(BitSequence *hashval); +int Hash(int hashbitlen, const BitSequence *data, DataLength databitlen, + BitSequence *hashval); + +private: +static void AddToCurrInBase256(BitSequence value[SWIF_HAIFA_NUM_OF_BITS_SIZE], unsigned short toAdd); + +}; + +#endif \ No newline at end of file diff --git a/algo/swifftx/hash_interface.h b/algo/swifftx/hash_interface.h new file mode 100644 index 0000000..8857cb7 --- /dev/null +++ b/algo/swifftx/hash_interface.h @@ -0,0 +1,21 @@ +#pragma once + +#include + +namespace hash { + +using BitSequence = unsigned char; +using DataLength = unsigned long long; + +struct hash_interface { + virtual ~hash_interface() = default; + + virtual int Init(int hash_bitsize) = 0; + virtual int Update(const BitSequence *data, DataLength data_bitsize) = 0; + virtual int Final(BitSequence *hash) = 0; + + virtual int + Hash(int hash_bitsize, const BitSequence *data, DataLength data_bitsize, BitSequence *hash) = 0; +}; + +} // namespace hash diff --git a/algo/swifftx/inttypes.h b/algo/swifftx/inttypes.h new file mode 100644 index 0000000..2b6b941 --- /dev/null +++ b/algo/swifftx/inttypes.h @@ -0,0 +1,39 @@ + /* + inttypes.h + + Contributors: + Created by Marek Michalkiewicz + + THIS SOFTWARE IS NOT COPYRIGHTED + + This source code is offered for use in the public domain. You may + use, modify or distribute it freely. + + This code is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY + DISCLAIMED. This includes but is not limited to warranties of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +*/ + + #ifndef __INTTYPES_H_ + #define __INTTYPES_H_ + + /* Use [u]intN_t if you need exactly N bits. + XXX - doesn't handle the -mint8 option. */ + + typedef signed char swift_int8_t; + typedef unsigned char swift_uint8_t; + + typedef int swift_int16_t; + typedef unsigned int swift_uint16_t; + + typedef long swift_int32_t; + typedef unsigned long swift_uint32_t; + + typedef long long swift_int64_t; + typedef unsigned long long swift_uint64_t; + + //typedef swift_int16_t intptr_t; + //typedef swift_uint16_t uintptr_t; + + #endif diff --git a/algo/swifftx/sha3_interface.h b/algo/swifftx/sha3_interface.h new file mode 100644 index 0000000..1ae2360 --- /dev/null +++ b/algo/swifftx/sha3_interface.h @@ -0,0 +1,14 @@ +#pragma once + +#include +//#include +#include "hash_interface.h" + +namespace sha3 { + +using BitSequence = hash::BitSequence; +using DataLength = hash::DataLength; + +struct sha3_interface : hash::hash_interface {}; + +} // namespace sha3 diff --git a/algo/swifftx/stdbool.h b/algo/swifftx/stdbool.h new file mode 100644 index 0000000..d6396c3 --- /dev/null +++ b/algo/swifftx/stdbool.h @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2000 Jeroen Ruigrok van der Werven + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/include/stdbool.h,v 1.6 2002/08/16 07:33:14 alfred Exp $ + */ + +#ifndef _STDBOOL_H_ +#define _STDBOOL_H_ + +#define __bool_true_false_are_defined 1 + +#ifndef __cplusplus + +#define false 0 +#define true 1 + +//#define bool _Bool +//#if __STDC_VERSION__ < 199901L && __GNUC__ < 3 +//typedef int _Bool; +//#endif +typedef int bool; + +#endif /* !__cplusplus */ + +#endif /* !_STDBOOL_H_ */ diff --git a/algo/swifftx/stdint.h b/algo/swifftx/stdint.h new file mode 100644 index 0000000..59f4cfc --- /dev/null +++ b/algo/swifftx/stdint.h @@ -0,0 +1,54 @@ +#ifndef _SWIFFT_STDINT_H +#define _SWIFFT_STDINT_H + +/////////////////////////////////////////////////////////////////////////////////////////////// +// +// A note from SWIFFTX implementers: +// +// Although the submission was targeted for Microsoft Visual Studio 2005 compiler, we strived +// to make the code as portable as possible. This is why we preferred to use the types defined +// here, instead of Microsoft-specific types. We compiled the code with gcc to make this sure. +// However, we couldn't use this header as is, due to VS2005 compiler objections. This is why +// we commented out certain defines and clearly marked it. +// To compile our code on gcc you may define SYS_STDINT. +// +/////////////////////////////////////////////////////////////////////////////////////////////// + +#ifdef SYS_STDINT + +#include + +#else + +#include "inttypes.h" +// The following was commented out by SWIFFTX implementers: +// __BEGIN_DECLS + +typedef swift_int8_t swifftx_int_least8_t; +typedef swift_int16_t swifftx_int_least16_t; +typedef swift_int32_t swifftx_int_least32_t; +typedef swift_uint8_t swifftx_uint_least8_t; +typedef swift_uint16_t swifftx_uint_least16_t; +typedef swift_uint32_t swifftx_uint_least32_t; + +#ifndef __STRICT_ANSI__ +typedef swift_int64_t swifftx_int_least64_t; +typedef swift_uint64_t swifftx_uint_least64_t; +#endif + +/*typedef signed char int_fast8_t; +typedef signed long int int_fast16_t; +typedef signed long int int_fast32_t; +typedef signed long long int int_fast64_t; + +typedef unsigned char uint_fast8_t; +typedef unsigned long int uint_fast16_t; +typedef unsigned long int uint_fast32_t; +typedef unsigned long long int uint_fast64_t;*/ + +// The following was commented out by SWIFFTX implementers: +// #include +// __END_DECLS +#endif + +#endif diff --git a/algo/swifftx/swifftx-4way.c b/algo/swifftx/swifftx-4way.c new file mode 100644 index 0000000..cc003f0 --- /dev/null +++ b/algo/swifftx/swifftx-4way.c @@ -0,0 +1,912 @@ +/////////////////////////////////////////////////////////////////////////////////////////////// +// +// SWIFFTX ANSI C OPTIMIZED 32BIT IMPLEMENTATION FOR NIST SHA-3 COMPETITION +// +// SWIFFTX.c +// +// October 2008 +// +// This is the source file of the OPTIMIZED 32BIT implementation of SWIFFTX hash function. +// SWIFFTX is a candidate function for SHA-3 NIST competition. +// More details about SWIFFTX can be found in the accompanying submission documents. +// +/////////////////////////////////////////////////////////////////////////////////////////////// +#include "swifftx.h" +// See the remarks concerning compatibility issues inside stdint.h. +#include "stdint.h" +// Remove this while using gcc: +//#include "stdbool.h" +#include + +/////////////////////////////////////////////////////////////////////////////////////////////// +// Constants and static tables portion. +/////////////////////////////////////////////////////////////////////////////////////////////// + +// In SWIFFTX we work over Z_257, so this is the modulus and the arithmetic is performed modulo +// this number. +#define FIELD_SIZE 257 + +// The size of FFT we use: +#define N 64 + +#define LOGN 6 + +#define EIGHTH_N (N / 8) + +// The number of FFTS done on the input. +#define M (SWIFFTX_INPUT_BLOCK_SIZE / 8) // 32 + +// Omega is the 128th root of unity in Z_257. +// We choose w = 42. +#define OMEGA 42 + +// The size of the inner FFT lookup table: +#define W 8 + +// Calculates the sum and the difference of two numbers. +// +// Parameters: +// - A: the first operand. After the operation stores the sum of the two operands. +// - B: the second operand. After the operation stores the difference between the first and the +// second operands. +#define ADD_SUB_4WAY( A, B ) \ +{ \ + __m128i temp = B; \ + B = _mm_sub_epi32( A, B ); \ + A = _mm_add_epi32( A, temp ); \ +} + + +//#define ADD_SUB(A, B) {register int temp = (B); B = ((A) - (B)); A = ((A) + (temp));} + +// Quickly reduces an integer modulo 257. +// +// Parameters: +// - A: the input. + +#define Q_REDUCE( A ) ( _mm_sub_epi32( \ + _mm_and_epi32( A, m128_const1_32( 0xff ) ), \ + _mm_srli_epi32( A, 8 ) ) ) + +//#define Q_REDUCE(A) (((A) & 0xff) - ((A) >> 8)) + +// Since we need to do the setup only once, this is the indicator variable: +static bool wasSetupDone = false; + +// This array stores the powers of omegas that correspond to the indices, which are the input +// values. Known also as the "outer FFT twiddle factors". +swift_int16_t multipliers[N]; + +// This array stores the powers of omegas, multiplied by the corresponding values. +// We store this table to save computation time. +// +// To calculate the intermediate value of the compression function (the first out of two +// stages), we multiply the k-th bit of x_i by w^[(2i + 1) * k]. {x_i} is the input to the +// compression function, i is between 0 and 31, x_i is a 64-bit value. +// One can see the formula for this (intermediate) stage in the SWIFFT FSE 2008 paper -- +// formula (2), section 3, page 6. +swift_int16_t fftTable[256 * EIGHTH_N]; + +// The A's we use in SWIFFTX shall be random elements of Z_257. +// We generated these A's from the decimal expansion of PI as follows: we converted each +// triple of digits into a decimal number d. If d < (257 * 3) we used (d % 257) for the next A +// element, otherwise move to the next triple of digits in the expansion. This guarntees that +// the A's are random, provided that PI digits are. +const swift_int16_t As[3 * M * N] = +{141, 78, 139, 75, 238, 205, 129, 126, 22, 245, 197, 169, 142, 118, 105, 78, + 50, 149, 29, 208, 114, 34, 85, 117, 67, 148, 86, 256, 25, 49, 133, 93, + 95, 36, 68, 231, 211, 102, 151, 128, 224, 117, 193, 27, 102, 187, 7, 105, + 45, 130, 108, 124, 171, 151, 189, 128, 218, 134, 233, 165, 14, 201, 145, 134, + 52, 203, 91, 96, 197, 69, 134, 213, 136, 93, 3, 249, 141, 16, 210, 73, + 6, 92, 58, 74, 174, 6, 254, 91, 201, 107, 110, 76, 103, 11, 73, 16, + 34, 209, 7, 127, 146, 254, 95, 176, 57, 13, 108, 245, 77, 92, 186, 117, + 124, 97, 105, 118, 34, 74, 205, 122, 235, 53, 94, 238, 210, 227, 183, 11, + 129, 159, 105, 183, 142, 129, 86, 21, 137, 138, 224, 223, 190, 188, 179, 188, + 256, 25, 217, 176, 36, 176, 238, 127, 160, 210, 155, 148, 132, 0, 54, 127, + 145, 6, 46, 85, 243, 95, 173, 123, 178, 207, 211, 183, 224, 173, 146, 35, + 71, 114, 50, 22, 175, 1, 28, 19, 112, 129, 21, 34, 161, 159, 115, 52, + 4, 193, 211, 92, 115, 49, 59, 217, 218, 96, 61, 81, 24, 202, 198, 89, + 45, 128, 8, 51, 253, 87, 171, 35, 4, 188, 171, 10, 3, 137, 238, 73, + 19, 208, 124, 163, 103, 177, 155, 147, 46, 84, 253, 233, 171, 241, 211, 217, + 159, 48, 96, 79, 237, 18, 171, 226, 99, 1, 97, 195, 216, 163, 198, 95, + 0, 201, 65, 228, 21, 153, 124, 230, 44, 35, 44, 108, 85, 156, 249, 207, + 26, 222, 131, 1, 60, 242, 197, 150, 181, 19, 116, 213, 75, 98, 124, 240, + 123, 207, 62, 255, 60, 143, 187, 157, 139, 9, 12, 104, 89, 49, 193, 146, + 104, 196, 181, 82, 198, 253, 192, 191, 255, 122, 212, 104, 47, 20, 132, 208, + 46, 170, 2, 69, 234, 36, 56, 163, 28, 152, 104, 238, 162, 56, 24, 58, + 38, 150, 193, 254, 253, 125, 173, 35, 73, 126, 247, 239, 216, 6, 199, 15, + 90, 12, 97, 122, 9, 84, 207, 127, 219, 72, 58, 30, 29, 182, 41, 192, + 235, 248, 237, 74, 72, 176, 210, 252, 45, 64, 165, 87, 202, 241, 236, 223, + 151, 242, 119, 239, 52, 112, 169, 28, 13, 37, 160, 60, 158, 81, 133, 60, + 16, 145, 249, 192, 173, 217, 214, 93, 141, 184, 54, 34, 161, 104, 157, 95, + 38, 133, 218, 227, 211, 181, 9, 66, 137, 143, 77, 33, 248, 159, 4, 55, + 228, 48, 99, 219, 222, 184, 15, 36, 254, 256, 157, 237, 87, 139, 209, 113, + 232, 85, 126, 167, 197, 100, 103, 166, 64, 225, 125, 205, 117, 135, 84, 128, + 231, 112, 90, 241, 28, 22, 210, 147, 186, 49, 230, 21, 108, 39, 194, 47, + 123, 199, 107, 114, 30, 210, 250, 143, 59, 156, 131, 133, 221, 27, 76, 99, + 208, 250, 78, 12, 211, 141, 95, 81, 195, 106, 8, 232, 150, 212, 205, 221, + 11, 225, 87, 219, 126, 136, 137, 180, 198, 48, 68, 203, 239, 252, 194, 235, + 142, 137, 174, 172, 190, 145, 250, 221, 182, 204, 1, 195, 130, 153, 83, 241, + 161, 239, 211, 138, 11, 169, 155, 245, 174, 49, 10, 166, 16, 130, 181, 139, + 222, 222, 112, 99, 124, 94, 51, 243, 133, 194, 244, 136, 35, 248, 201, 177, + 178, 186, 129, 102, 89, 184, 180, 41, 149, 96, 165, 72, 225, 231, 134, 158, + 199, 28, 249, 16, 225, 195, 10, 210, 164, 252, 138, 8, 35, 152, 213, 199, + 82, 116, 97, 230, 63, 199, 241, 35, 79, 120, 54, 174, 67, 112, 1, 76, + 69, 222, 194, 96, 82, 94, 25, 228, 196, 145, 155, 136, 228, 234, 46, 101, + 246, 51, 103, 166, 246, 75, 9, 200, 161, 4, 108, 35, 129, 168, 208, 144, + 50, 14, 13, 220, 41, 132, 122, 127, 194, 9, 232, 234, 107, 28, 187, 8, + 51, 141, 97, 221, 225, 9, 113, 170, 166, 102, 135, 22, 231, 185, 227, 187, + 110, 145, 251, 146, 76, 22, 146, 228, 7, 53, 64, 25, 62, 198, 130, 190, + 221, 232, 169, 64, 188, 199, 237, 249, 173, 218, 196, 191, 48, 224, 5, 113, + 100, 166, 160, 21, 191, 197, 61, 162, 149, 171, 240, 183, 129, 231, 123, 204, + 192, 179, 134, 15, 47, 161, 142, 177, 239, 234, 186, 237, 231, 53, 208, 95, + 146, 36, 225, 231, 89, 142, 93, 248, 137, 124, 83, 39, 69, 77, 89, 208, + 182, 48, 85, 147, 244, 164, 246, 68, 38, 190, 220, 35, 202, 91, 157, 151, + 201, 240, 185, 218, 4, 152, 2, 132, 177, 88, 190, 196, 229, 74, 220, 135, + 137, 196, 11, 47, 5, 251, 106, 144, 163, 60, 222, 127, 52, 57, 202, 102, + 64, 140, 110, 206, 23, 182, 39, 245, 1, 163, 157, 186, 163, 80, 7, 230, + 44, 249, 176, 102, 164, 125, 147, 120, 18, 191, 186, 125, 64, 65, 198, 157, + 164, 213, 95, 61, 13, 181, 208, 91, 242, 197, 158, 34, 98, 169, 91, 14, + 17, 93, 157, 17, 65, 30, 183, 6, 139, 58, 255, 108, 100, 136, 209, 144, + 164, 6, 237, 33, 210, 110, 57, 126, 197, 136, 125, 244, 165, 151, 168, 3, + 143, 251, 247, 155, 136, 130, 88, 14, 74, 121, 250, 133, 21, 226, 185, 232, + 118, 132, 89, 64, 204, 161, 2, 70, 224, 159, 35, 204, 123, 180, 13, 52, + 231, 57, 25, 78, 66, 69, 97, 42, 198, 84, 176, 59, 8, 232, 125, 134, + 193, 2, 232, 109, 216, 69, 90, 142, 32, 38, 249, 37, 75, 180, 184, 188, + 19, 47, 120, 87, 146, 70, 232, 120, 191, 45, 33, 38, 19, 248, 110, 110, + 44, 64, 2, 84, 244, 228, 252, 228, 170, 123, 38, 144, 213, 144, 171, 212, + 243, 87, 189, 46, 128, 110, 84, 77, 65, 183, 61, 184, 101, 44, 168, 68, + 14, 106, 105, 8, 227, 211, 166, 39, 152, 43, 52, 254, 197, 55, 119, 89, + 168, 65, 53, 138, 177, 56, 219, 0, 58, 121, 148, 18, 44, 100, 215, 103, + 145, 229, 117, 196, 91, 89, 113, 143, 172, 239, 249, 184, 154, 39, 112, 65, + 204, 42, 84, 38, 155, 151, 151, 16, 100, 87, 174, 162, 145, 147, 149, 186, + 237, 145, 134, 144, 198, 235, 213, 163, 48, 230, 24, 47, 57, 71, 127, 0, + 150, 219, 12, 81, 197, 150, 131, 13, 169, 63, 175, 184, 48, 235, 65, 243, + 149, 200, 163, 254, 202, 114, 247, 67, 143, 250, 126, 228, 80, 130, 216, 214, + 36, 2, 230, 33, 119, 125, 3, 142, 237, 100, 3, 152, 197, 174, 244, 129, + 232, 30, 206, 199, 39, 210, 220, 43, 237, 221, 201, 54, 179, 42, 28, 133, + 246, 203, 198, 177, 0, 28, 194, 85, 223, 109, 155, 147, 221, 60, 133, 108, + 157, 254, 26, 75, 157, 185, 49, 142, 31, 137, 71, 43, 63, 64, 237, 148, + 237, 172, 159, 160, 155, 254, 234, 224, 140, 193, 114, 140, 62, 109, 136, 39, + 255, 8, 158, 146, 128, 49, 222, 96, 57, 209, 180, 249, 202, 127, 113, 231, + 78, 178, 46, 33, 228, 215, 104, 31, 207, 186, 82, 41, 42, 39, 103, 119, + 123, 133, 243, 254, 238, 156, 90, 186, 37, 212, 33, 107, 252, 51, 177, 36, + 237, 76, 159, 245, 93, 214, 97, 56, 190, 38, 160, 94, 105, 222, 220, 158, + 49, 16, 191, 52, 120, 87, 179, 2, 27, 144, 223, 230, 184, 6, 129, 227, + 69, 47, 215, 181, 162, 139, 72, 200, 45, 163, 159, 62, 2, 221, 124, 40, + 159, 242, 35, 208, 179, 166, 98, 67, 178, 68, 143, 225, 178, 146, 187, 159, + 57, 66, 176, 192, 236, 250, 168, 224, 122, 43, 159, 120, 133, 165, 122, 64, + 87, 74, 161, 241, 9, 87, 90, 24, 255, 113, 203, 220, 57, 139, 197, 159, + 31, 151, 27, 140, 77, 162, 7, 27, 84, 228, 187, 220, 53, 126, 162, 242, + 84, 181, 223, 103, 86, 177, 207, 31, 140, 18, 207, 256, 201, 166, 96, 23, + 233, 103, 197, 84, 161, 75, 59, 149, 138, 154, 119, 92, 16, 53, 116, 97, + 220, 114, 35, 45, 77, 209, 40, 196, 71, 22, 81, 178, 110, 14, 3, 180, + 110, 129, 112, 47, 18, 61, 134, 78, 73, 79, 254, 232, 125, 180, 205, 54, + 220, 119, 63, 89, 181, 52, 77, 109, 151, 77, 80, 207, 144, 25, 20, 6, + 208, 47, 201, 206, 192, 14, 73, 176, 256, 201, 207, 87, 216, 60, 56, 73, + 92, 243, 179, 113, 49, 59, 55, 168, 121, 137, 69, 154, 95, 57, 187, 47, + 129, 4, 15, 92, 6, 116, 69, 196, 48, 134, 84, 81, 111, 56, 38, 176, + 239, 6, 128, 72, 242, 134, 36, 221, 59, 48, 242, 68, 130, 110, 171, 89, + 13, 220, 48, 29, 5, 75, 104, 233, 91, 129, 105, 162, 44, 113, 163, 163, + 85, 147, 190, 111, 197, 80, 213, 153, 81, 68, 203, 33, 161, 165, 10, 61, + 120, 252, 0, 205, 28, 42, 193, 64, 39, 37, 83, 175, 5, 218, 215, 174, + 128, 121, 231, 11, 150, 145, 135, 197, 136, 91, 193, 5, 107, 88, 82, 6, + 4, 188, 256, 70, 40, 2, 167, 57, 169, 203, 115, 254, 215, 172, 84, 80, + 188, 167, 34, 137, 43, 243, 2, 79, 178, 38, 188, 135, 233, 194, 208, 13, + 11, 151, 231, 196, 12, 122, 162, 56, 17, 114, 191, 207, 90, 132, 64, 238, + 187, 6, 198, 176, 240, 88, 118, 236, 15, 226, 166, 22, 193, 229, 82, 246, + 213, 64, 37, 63, 31, 243, 252, 37, 156, 38, 175, 204, 138, 141, 211, 82, + 106, 217, 97, 139, 153, 56, 129, 218, 158, 9, 83, 26, 87, 112, 71, 21, + 250, 5, 65, 141, 68, 116, 231, 113, 10, 218, 99, 205, 201, 92, 157, 4, + 97, 46, 49, 220, 72, 139, 103, 171, 149, 129, 193, 19, 69, 245, 43, 31, + 58, 68, 36, 195, 159, 22, 54, 34, 233, 141, 205, 100, 226, 96, 22, 192, + 41, 231, 24, 79, 234, 138, 30, 120, 117, 216, 172, 197, 172, 107, 86, 29, + 181, 151, 0, 6, 146, 186, 68, 55, 54, 58, 213, 182, 60, 231, 33, 232, + 77, 210, 216, 154, 80, 51, 141, 122, 68, 148, 219, 122, 254, 48, 64, 175, + 41, 115, 62, 243, 141, 81, 119, 121, 5, 68, 121, 88, 239, 29, 230, 90, + 135, 159, 35, 223, 168, 112, 49, 37, 146, 60, 126, 134, 42, 145, 115, 90, + 73, 133, 211, 86, 120, 141, 122, 241, 127, 56, 130, 36, 174, 75, 83, 246, + 112, 45, 136, 194, 201, 115, 1, 156, 114, 167, 208, 12, 176, 147, 32, 170, + 251, 100, 102, 220, 122, 210, 6, 49, 75, 201, 38, 105, 132, 135, 126, 102, + 13, 121, 76, 228, 202, 20, 61, 213, 246, 13, 207, 42, 148, 168, 37, 253, + 34, 94, 141, 185, 18, 234, 157, 109, 104, 64, 250, 125, 49, 236, 86, 48, + 196, 77, 75, 237, 156, 103, 225, 19, 110, 229, 22, 68, 177, 93, 221, 181, + 152, 153, 61, 108, 101, 74, 247, 195, 127, 216, 30, 166, 168, 61, 83, 229, + 120, 156, 96, 120, 201, 124, 43, 27, 253, 250, 120, 143, 89, 235, 189, 243, + 150, 7, 127, 119, 149, 244, 84, 185, 134, 34, 128, 193, 236, 234, 132, 117, + 137, 32, 145, 184, 44, 121, 51, 76, 11, 228, 142, 251, 39, 77, 228, 251, + 41, 58, 246, 107, 125, 187, 9, 240, 35, 8, 11, 162, 242, 220, 158, 163, + 2, 184, 163, 227, 242, 2, 100, 101, 2, 78, 129, 34, 89, 28, 26, 157, + 79, 31, 107, 250, 194, 156, 186, 69, 212, 66, 41, 180, 139, 42, 211, 253, + 256, 239, 29, 129, 104, 248, 182, 68, 1, 189, 48, 226, 36, 229, 3, 158, + 41, 53, 241, 22, 115, 174, 16, 163, 224, 19, 112, 219, 177, 233, 42, 27, + 250, 134, 18, 28, 145, 122, 68, 34, 134, 31, 147, 17, 39, 188, 150, 76, + 45, 42, 167, 249, 12, 16, 23, 182, 13, 79, 121, 3, 70, 197, 239, 44, + 86, 177, 255, 81, 64, 171, 138, 131, 73, 110, 44, 201, 254, 198, 146, 91, + 48, 9, 104, 31, 29, 161, 101, 31, 138, 180, 231, 233, 79, 137, 61, 236, + 140, 15, 249, 218, 234, 119, 99, 195, 110, 137, 237, 207, 8, 31, 45, 24, + 90, 155, 203, 253, 192, 203, 65, 176, 210, 171, 142, 214, 220, 122, 136, 237, + 189, 186, 147, 40, 80, 254, 173, 33, 191, 46, 192, 26, 108, 255, 228, 205, + 61, 76, 39, 107, 225, 126, 228, 182, 140, 251, 143, 134, 252, 168, 221, 8, + 185, 85, 60, 233, 147, 244, 87, 137, 8, 140, 96, 80, 53, 45, 175, 160, + 124, 189, 112, 37, 144, 19, 70, 17, 170, 242, 2, 3, 28, 95, 120, 199, + 212, 43, 9, 117, 86, 151, 101, 241, 200, 145, 241, 19, 178, 69, 204, 197, + 227, 166, 94, 7, 193, 45, 247, 234, 19, 187, 212, 212, 236, 125, 33, 95, + 198, 121, 122, 103, 77, 155, 235, 49, 25, 237, 249, 11, 162, 7, 238, 24, + 16, 150, 129, 25, 152, 17, 42, 67, 247, 162, 77, 154, 31, 133, 55, 137, + 79, 119, 153, 10, 86, 28, 244, 186, 41, 169, 106, 44, 10, 49, 110, 179, + 32, 133, 155, 244, 61, 70, 131, 168, 170, 39, 231, 252, 32, 69, 92, 238, + 239, 35, 132, 136, 236, 167, 90, 32, 123, 88, 69, 22, 20, 89, 145, 166, + 30, 118, 75, 4, 49, 31, 225, 54, 11, 50, 56, 191, 246, 1, 187, 33, + 119, 107, 139, 68, 19, 240, 131, 55, 94, 113, 31, 252, 12, 179, 121, 2, + 120, 252, 0, 76, 41, 80, 185, 42, 62, 121, 105, 159, 121, 109, 111, 98, + 7, 118, 86, 29, 210, 70, 231, 179, 223, 229, 164, 70, 62, 47, 0, 206, + 204, 178, 168, 120, 224, 166, 99, 25, 103, 63, 246, 224, 117, 204, 75, 124, + 140, 133, 110, 110, 222, 88, 151, 118, 46, 37, 22, 143, 158, 40, 2, 50, + 153, 94, 190, 199, 13, 198, 127, 211, 180, 90, 183, 98, 0, 142, 210, 154, + 100, 187, 67, 231, 202, 100, 198, 235, 252, 160, 247, 124, 247, 14, 121, 221, + 57, 88, 253, 243, 185, 89, 45, 249, 221, 194, 108, 175, 193, 119, 50, 141, + 223, 133, 136, 64, 176, 250, 129, 100, 124, 94, 181, 159, 99, 185, 177, 240, + 135, 42, 103, 52, 202, 208, 143, 186, 193, 103, 154, 237, 102, 88, 225, 161, + 50, 188, 191, 109, 12, 87, 19, 227, 247, 183, 13, 52, 205, 170, 205, 146, + 89, 160, 18, 105, 192, 73, 231, 225, 184, 157, 252, 220, 61, 59, 169, 183, + 221, 20, 141, 20, 158, 101, 245, 7, 245, 225, 118, 137, 84, 55, 19, 27, + 164, 110, 35, 25, 202, 94, 150, 46, 91, 152, 130, 1, 7, 46, 16, 237, + 171, 109, 19, 200, 65, 38, 10, 213, 70, 96, 126, 226, 185, 225, 181, 46, + 10, 165, 11, 123, 53, 158, 22, 147, 64, 22, 227, 69, 182, 237, 197, 37, + 39, 49, 186, 223, 139, 128, 55, 36, 166, 178, 220, 20, 98, 172, 166, 253, + 45, 0, 120, 180, 189, 185, 158, 159, 196, 6, 214, 79, 141, 52, 156, 107, + 5, 109, 142, 159, 33, 64, 190, 133, 95, 132, 95, 202, 160, 63, 186, 23, + 231, 107, 163, 33, 234, 15, 244, 77, 108, 49, 51, 7, 164, 87, 142, 99, + 240, 202, 47, 256, 118, 190, 196, 178, 217, 42, 39, 153, 21, 192, 232, 202, + 14, 82, 179, 64, 233, 4, 219, 10, 133, 78, 43, 144, 146, 216, 202, 81, + 71, 252, 8, 201, 68, 256, 85, 233, 164, 88, 176, 30, 5, 152, 126, 179, + 249, 84, 140, 190, 159, 54, 118, 98, 2, 159, 27, 133, 74, 121, 239, 196, + 71, 149, 119, 135, 102, 20, 87, 112, 44, 75, 221, 3, 151, 158, 5, 98, + 152, 25, 97, 106, 63, 171, 240, 79, 234, 240, 230, 92, 76, 70, 173, 196, + 36, 225, 218, 133, 64, 240, 150, 41, 146, 66, 133, 51, 134, 73, 170, 238, + 140, 90, 45, 89, 46, 147, 96, 169, 174, 174, 244, 151, 90, 40, 32, 74, + 38, 154, 246, 57, 31, 14, 189, 151, 83, 243, 197, 183, 220, 185, 53, 225, + 51, 106, 188, 208, 222, 248, 93, 13, 93, 215, 131, 25, 142, 185, 113, 222, + 131, 215, 149, 50, 159, 85, 32, 5, 205, 192, 2, 227, 42, 214, 197, 42, + 126, 182, 68, 123, 109, 36, 237, 179, 170, 199, 77, 256, 5, 128, 214, 243, + 137, 177, 170, 253, 179, 180, 153, 236, 100, 196, 216, 231, 198, 37, 192, 80, + 121, 221, 246, 1, 16, 246, 29, 78, 64, 148, 124, 38, 96, 125, 28, 20, + 48, 51, 73, 187, 139, 208, 98, 253, 221, 188, 84, 129, 1, 205, 95, 205, + 117, 79, 71, 126, 134, 237, 19, 184, 137, 125, 129, 178, 223, 54, 188, 112, + 30, 7, 225, 228, 205, 184, 233, 87, 117, 22, 58, 10, 8, 42, 2, 114, + 254, 19, 17, 13, 150, 92, 233, 179, 63, 12, 60, 171, 127, 35, 50, 5, + 195, 113, 241, 25, 249, 184, 166, 44, 221, 35, 151, 116, 8, 54, 195, 89, + 218, 186, 132, 5, 41, 89, 226, 177, 11, 41, 87, 172, 5, 23, 20, 59, + 228, 94, 76, 33, 137, 43, 151, 221, 61, 232, 4, 120, 93, 217, 80, 228, + 228, 6, 58, 25, 62, 84, 91, 48, 209, 20, 247, 243, 55, 106, 80, 79, + 235, 34, 20, 180, 146, 2, 236, 13, 236, 206, 243, 222, 204, 83, 148, 213, + 214, 117, 237, 98, 0, 90, 204, 168, 32, 41, 126, 67, 191, 74, 27, 255, + 26, 75, 240, 113, 185, 105, 167, 154, 112, 67, 151, 63, 161, 134, 239, 176, + 42, 87, 249, 130, 45, 242, 17, 100, 107, 120, 212, 218, 237, 76, 231, 162, + 175, 172, 118, 155, 92, 36, 124, 17, 121, 71, 13, 9, 82, 126, 147, 142, + 218, 148, 138, 80, 163, 106, 164, 123, 140, 129, 35, 42, 186, 154, 228, 214, + 75, 73, 8, 253, 42, 153, 232, 164, 95, 24, 110, 90, 231, 197, 90, 196, + 57, 164, 252, 181, 31, 7, 97, 256, 35, 77, 200, 212, 99, 179, 92, 227, + 17, 180, 49, 176, 9, 188, 13, 182, 93, 44, 128, 219, 134, 92, 151, 6, + 23, 126, 200, 109, 66, 30, 140, 180, 146, 134, 67, 200, 7, 9, 223, 168, + 186, 221, 3, 154, 150, 165, 43, 53, 138, 27, 86, 213, 235, 160, 70, 2, + 240, 20, 89, 212, 84, 141, 168, 246, 183, 227, 30, 167, 138, 185, 253, 83, + 52, 143, 236, 94, 59, 65, 89, 218, 194, 157, 164, 156, 111, 95, 202, 168, + 245, 256, 151, 28, 222, 194, 72, 130, 217, 134, 253, 77, 246, 100, 76, 32, + 254, 174, 182, 193, 14, 237, 74, 1, 74, 26, 135, 216, 152, 208, 112, 38, + 181, 62, 25, 71, 61, 234, 254, 97, 191, 23, 92, 256, 190, 205, 6, 16, + 134, 147, 210, 219, 148, 59, 73, 185, 24, 247, 174, 143, 116, 220, 128, 144, + 111, 126, 101, 98, 130, 136, 101, 102, 69, 127, 24, 168, 146, 226, 226, 207, + 176, 122, 149, 254, 134, 196, 22, 151, 197, 21, 50, 205, 116, 154, 65, 116, + 177, 224, 127, 77, 177, 159, 225, 69, 176, 54, 100, 104, 140, 8, 11, 126, + 11, 188, 185, 159, 107, 16, 254, 142, 80, 28, 5, 157, 104, 57, 109, 82, + 102, 80, 173, 242, 238, 207, 57, 105, 237, 160, 59, 189, 189, 199, 26, 11, + 190, 156, 97, 118, 20, 12, 254, 189, 165, 147, 142, 199, 5, 213, 64, 133, + 108, 217, 133, 60, 94, 28, 116, 136, 47, 165, 125, 42, 183, 143, 14, 129, + 223, 70, 212, 205, 181, 180, 3, 201, 182, 46, 57, 104, 239, 60, 99, 181, + 220, 231, 45, 79, 156, 89, 149, 143, 190, 103, 153, 61, 235, 73, 136, 20, + 89, 243, 16, 130, 247, 141, 134, 93, 80, 68, 85, 84, 8, 72, 194, 4, + 242, 110, 19, 133, 199, 70, 172, 92, 132, 254, 67, 74, 36, 94, 13, 90, + 154, 184, 9, 109, 118, 243, 214, 71, 36, 95, 0, 90, 201, 105, 112, 215, + 69, 196, 224, 210, 236, 242, 155, 211, 37, 134, 69, 113, 157, 97, 68, 26, + 230, 149, 219, 180, 20, 76, 172, 145, 154, 40, 129, 8, 93, 56, 162, 124, + 207, 233, 105, 19, 3, 183, 155, 134, 8, 244, 213, 78, 139, 88, 156, 37, + 51, 152, 111, 102, 112, 250, 114, 252, 201, 241, 133, 24, 136, 153, 5, 90, + 210, 197, 216, 24, 131, 17, 147, 246, 13, 86, 3, 253, 179, 237, 101, 114, + 243, 191, 207, 2, 220, 133, 244, 53, 87, 125, 154, 158, 197, 20, 8, 83, + 32, 191, 38, 241, 204, 22, 168, 59, 217, 123, 162, 82, 21, 50, 130, 89, + 239, 253, 195, 56, 253, 74, 147, 125, 234, 199, 250, 28, 65, 193, 22, 237, + 193, 94, 58, 229, 139, 176, 69, 42, 179, 164, 150, 168, 246, 214, 86, 174, + 59, 117, 15, 19, 76, 37, 214, 238, 153, 226, 154, 45, 109, 114, 198, 107, + 45, 70, 238, 196, 142, 252, 244, 71, 123, 136, 134, 188, 99, 132, 25, 42, + 240, 0, 196, 33, 26, 124, 256, 145, 27, 102, 153, 35, 28, 132, 221, 167, + 138, 133, 41, 170, 95, 224, 40, 139, 239, 153, 1, 106, 255, 106, 170, 163, + 127, 44, 155, 232, 194, 119, 232, 117, 239, 143, 108, 41, 3, 9, 180, 256, + 144, 113, 133, 200, 79, 69, 128, 216, 31, 50, 102, 209, 249, 136, 150, 154, + 182, 51, 228, 39, 127, 142, 87, 15, 94, 92, 187, 245, 31, 236, 64, 58, + 114, 11, 17, 166, 189, 152, 218, 34, 123, 39, 58, 37, 153, 91, 63, 121, + 31, 34, 12, 254, 106, 96, 171, 14, 155, 247, 214, 69, 24, 98, 3, 204, + 202, 194, 207, 30, 253, 44, 119, 70, 14, 96, 82, 250, 63, 6, 232, 38, + 89, 144, 102, 191, 82, 254, 20, 222, 96, 162, 110, 6, 159, 58, 200, 226, + 98, 128, 42, 70, 84, 247, 128, 211, 136, 54, 143, 166, 60, 118, 99, 218, + 27, 193, 85, 81, 219, 223, 46, 41, 23, 233, 152, 222, 36, 236, 54, 181, + 56, 50, 4, 207, 129, 92, 78, 88, 197, 251, 131, 105, 31, 172, 38, 131, + 19, 204, 129, 47, 227, 106, 202, 183, 23, 6, 77, 224, 102, 147, 11, 218, + 131, 132, 60, 192, 208, 223, 236, 23, 103, 115, 89, 18, 185, 171, 70, 174, + 139, 0, 100, 160, 221, 11, 228, 60, 12, 122, 114, 12, 157, 235, 148, 57, + 83, 62, 173, 131, 169, 126, 85, 99, 93, 243, 81, 80, 29, 245, 206, 82, + 236, 227, 166, 14, 230, 213, 144, 97, 27, 111, 99, 164, 105, 150, 89, 111, + 252, 118, 140, 232, 120, 183, 137, 213, 232, 157, 224, 33, 134, 118, 186, 80, + 159, 2, 186, 193, 54, 242, 25, 237, 232, 249, 226, 213, 90, 149, 90, 160, + 118, 69, 64, 37, 10, 183, 109, 246, 30, 52, 219, 69, 189, 26, 116, 220, + 50, 244, 243, 243, 139, 137, 232, 98, 38, 45, 256, 143, 171, 101, 73, 238, + 123, 45, 194, 167, 250, 123, 12, 29, 136, 237, 141, 21, 89, 96, 199, 44, + 8, 214, 208, 17, 113, 41, 137, 26, 166, 155, 89, 85, 54, 58, 97, 160, + 50, 239, 58, 71, 21, 157, 139, 12, 37, 198, 182, 131, 149, 134, 16, 204, + 164, 181, 248, 166, 52, 216, 136, 201, 37, 255, 187, 240, 5, 101, 147, 231, + 14, 163, 253, 134, 146, 216, 8, 54, 224, 90, 220, 195, 75, 215, 186, 58, + 71, 204, 124, 105, 239, 53, 16, 85, 69, 163, 195, 223, 33, 38, 69, 88, + 88, 203, 99, 55, 176, 13, 156, 204, 236, 99, 194, 134, 75, 247, 126, 129, + 160, 124, 233, 206, 139, 144, 154, 45, 233, 51, 206, 61, 60, 55, 205, 107, + 84, 108, 96, 188, 203, 31, 89, 20, 115, 144, 137, 90, 237, 78, 231, 185, + 120, 217, 1, 176, 169, 30, 155, 176, 100, 113, 53, 42, 193, 108, 14, 121, + 176, 158, 137, 92, 178, 44, 110, 249, 108, 234, 94, 101, 128, 12, 250, 173, + 72, 202, 232, 66, 139, 152, 189, 18, 32, 197, 9, 238, 246, 55, 119, 183, + 196, 119, 113, 247, 191, 100, 200, 245, 46, 16, 234, 112, 136, 116, 232, 48, + 176, 108, 11, 237, 14, 153, 93, 177, 124, 72, 67, 121, 135, 143, 45, 18, + 97, 251, 184, 172, 136, 55, 213, 8, 103, 12, 221, 212, 13, 160, 116, 91, + 237, 127, 218, 190, 103, 131, 77, 82, 36, 100, 22, 252, 79, 69, 54, 26, + 65, 182, 115, 142, 247, 20, 89, 81, 188, 244, 27, 120, 240, 248, 13, 230, + 67, 133, 32, 201, 129, 87, 9, 245, 66, 88, 166, 34, 46, 184, 119, 218, + 144, 235, 163, 40, 138, 134, 127, 217, 64, 227, 116, 67, 55, 202, 130, 48, + 199, 42, 251, 112, 124, 153, 123, 194, 243, 49, 250, 12, 78, 157, 167, 134, + 210, 73, 156, 102, 21, 88, 216, 123, 45, 11, 208, 18, 47, 187, 20, 43, + 3, 180, 124, 2, 136, 176, 77, 111, 138, 139, 91, 225, 126, 8, 74, 255, + 88, 192, 193, 239, 138, 204, 139, 194, 166, 130, 252, 184, 140, 168, 30, 177, + 121, 98, 131, 124, 69, 171, 75, 49, 184, 34, 76, 122, 202, 115, 184, 253, + 120, 182, 33, 251, 1, 74, 216, 217, 243, 168, 70, 162, 119, 158, 197, 198, + 61, 89, 7, 5, 54, 199, 211, 170, 23, 226, 44, 247, 165, 195, 7, 225, + 91, 23, 50, 15, 51, 208, 106, 94, 12, 31, 43, 112, 146, 139, 246, 182, + 113, 1, 97, 15, 66, 2, 51, 76, 164, 184, 237, 200, 218, 176, 72, 98, + 33, 135, 38, 147, 140, 229, 50, 94, 81, 187, 129, 17, 238, 168, 146, 203, + 181, 99, 164, 3, 104, 98, 255, 189, 114, 142, 86, 102, 229, 102, 80, 129, + 64, 84, 79, 161, 81, 156, 128, 111, 164, 197, 18, 15, 55, 196, 198, 191, + 28, 113, 117, 96, 207, 253, 19, 158, 231, 13, 53, 130, 252, 211, 58, 180, + 212, 142, 7, 219, 38, 81, 62, 109, 167, 113, 33, 56, 97, 185, 157, 130, + 186, 129, 119, 182, 196, 26, 54, 110, 65, 170, 166, 236, 30, 22, 162, 0, + 106, 12, 248, 33, 48, 72, 159, 17, 76, 244, 172, 132, 89, 171, 196, 76, + 254, 166, 76, 218, 226, 3, 52, 220, 238, 181, 179, 144, 225, 23, 3, 166, + 158, 35, 228, 154, 204, 23, 203, 71, 134, 189, 18, 168, 236, 141, 117, 138, + 2, 132, 78, 57, 154, 21, 250, 196, 184, 40, 161, 40, 10, 178, 134, 120, + 132, 123, 101, 82, 205, 121, 55, 140, 231, 56, 231, 71, 206, 246, 198, 150, + 146, 192, 45, 105, 242, 1, 125, 18, 176, 46, 222, 122, 19, 80, 113, 133, + 131, 162, 81, 51, 98, 168, 247, 161, 139, 39, 63, 162, 22, 153, 170, 92, + 91, 130, 174, 200, 45, 112, 99, 164, 132, 184, 191, 186, 200, 167, 86, 145, + 167, 227, 130, 44, 12, 158, 172, 249, 204, 17, 54, 249, 16, 200, 21, 174, + 67, 223, 105, 201, 50, 36, 133, 203, 244, 131, 228, 67, 29, 195, 91, 91, + 55, 107, 167, 154, 170, 137, 218, 183, 169, 61, 99, 175, 128, 23, 142, 183, + 66, 255, 59, 187, 66, 85, 212, 109, 168, 82, 16, 43, 67, 139, 114, 176, + 216, 255, 130, 94, 152, 79, 183, 64, 100, 23, 214, 82, 34, 230, 48, 15, + 242, 130, 50, 241, 81, 32, 5, 125, 183, 182, 184, 99, 248, 109, 159, 210, + 226, 61, 119, 129, 39, 149, 78, 214, 107, 78, 147, 124, 228, 18, 143, 188, + 84, 180, 233, 119, 64, 39, 158, 133, 177, 168, 6, 150, 80, 117, 150, 56, + 49, 72, 49, 37, 30, 242, 49, 142, 33, 156, 34, 44, 44, 72, 58, 22, + 249, 46, 168, 80, 25, 196, 64, 174, 97, 179, 244, 134, 213, 105, 63, 151, + 21, 90, 168, 90, 245, 28, 157, 65, 250, 232, 188, 27, 99, 160, 156, 127, + 68, 193, 10, 80, 205, 36, 138, 229, 12, 223, 70, 169, 251, 41, 48, 94, + 41, 177, 99, 256, 158, 0, 6, 83, 231, 191, 120, 135, 157, 146, 218, 213, + 160, 7, 47, 234, 98, 211, 79, 225, 179, 95, 175, 105, 185, 79, 115, 0, + 104, 14, 65, 124, 15, 188, 52, 9, 253, 27, 132, 137, 13, 127, 75, 238, + 185, 253, 33, 8, 52, 157, 164, 68, 232, 188, 69, 28, 209, 233, 5, 129, + 216, 90, 252, 212, 33, 200, 222, 9, 112, 15, 43, 36, 226, 114, 15, 249, + 217, 8, 148, 22, 147, 23, 143, 67, 222, 116, 235, 250, 212, 210, 39, 142, + 108, 64, 209, 83, 73, 66, 99, 34, 17, 29, 45, 151, 244, 114, 28, 241, + 144, 208, 146, 179, 132, 89, 217, 198, 252, 219, 205, 165, 75, 107, 11, 173, + 76, 6, 196, 247, 152, 216, 248, 91, 209, 178, 57, 250, 174, 60, 79, 123, + 18, 135, 9, 241, 230, 159, 184, 68, 156, 251, 215, 9, 113, 234, 75, 235, + 103, 194, 205, 129, 230, 45, 96, 73, 157, 20, 200, 212, 212, 228, 161, 7, + 231, 228, 108, 43, 198, 87, 140, 140, 4, 182, 164, 3, 53, 104, 250, 213, + 85, 38, 89, 61, 52, 187, 35, 204, 86, 249, 100, 71, 248, 213, 163, 215, + 66, 106, 252, 129, 40, 111, 47, 24, 186, 221, 85, 205, 199, 237, 122, 181, + 32, 46, 182, 135, 33, 251, 142, 34, 208, 242, 128, 255, 4, 234, 15, 33, + 167, 222, 32, 186, 191, 34, 255, 244, 98, 240, 228, 204, 30, 142, 32, 70, + 69, 83, 110, 151, 10, 243, 141, 21, 223, 69, 61, 37, 59, 209, 102, 114, + 223, 33, 129, 254, 255, 103, 86, 247, 235, 72, 126, 177, 102, 226, 102, 30, + 149, 221, 62, 247, 251, 120, 163, 173, 57, 202, 204, 24, 39, 106, 120, 143, + 202, 176, 191, 147, 37, 38, 51, 133, 47, 245, 157, 132, 154, 71, 183, 111, + 30, 180, 18, 202, 82, 96, 170, 91, 157, 181, 212, 140, 256, 8, 196, 121, + 149, 79, 66, 127, 113, 78, 4, 197, 84, 256, 111, 222, 102, 63, 228, 104, + 136, 223, 67, 193, 93, 154, 249, 83, 204, 101, 200, 234, 84, 252, 230, 195, + 43, 140, 120, 242, 89, 63, 166, 233, 209, 94, 43, 170, 126, 5, 205, 78, + 112, 80, 143, 151, 146, 248, 137, 203, 45, 183, 61, 1, 155, 8, 102, 59, + 68, 212, 230, 61, 254, 191, 128, 223, 176, 123, 229, 27, 146, 120, 96, 165, + 213, 12, 232, 40, 186, 225, 66, 105, 200, 195, 212, 110, 237, 238, 151, 19, + 12, 171, 150, 82, 7, 228, 79, 52, 15, 78, 62, 43, 21, 154, 114, 21, + 12, 212, 256, 232, 125, 127, 5, 51, 37, 252, 136, 13, 47, 195, 168, 191, + 231, 55, 57, 251, 214, 116, 15, 86, 210, 41, 249, 242, 119, 27, 250, 203, + 107, 69, 90, 43, 206, 154, 127, 54, 100, 78, 187, 54, 244, 177, 234, 167, + 202, 136, 209, 171, 69, 114, 133, 173, 26, 139, 78, 141, 128, 32, 124, 39, + 45, 218, 96, 68, 90, 44, 67, 62, 83, 190, 188, 256, 103, 42, 102, 64, + 249, 0, 141, 11, 61, 69, 70, 66, 233, 237, 29, 200, 251, 157, 71, 51, + 64, 133, 113, 76, 35, 125, 76, 137, 217, 145, 35, 69, 226, 180, 56, 249, + 156, 163, 176, 237, 81, 54, 85, 169, 115, 211, 129, 70, 248, 40, 252, 192, + 194, 101, 247, 8, 181, 124, 217, 191, 194, 93, 99, 127, 117, 177, 144, 151, + 228, 121, 32, 11, 89, 81, 26, 29, 183, 76, 249, 132, 179, 70, 34, 102, + 20, 66, 87, 63, 124, 205, 174, 177, 87, 219, 73, 218, 91, 87, 176, 72, + 15, 211, 47, 61, 251, 165, 39, 247, 146, 70, 150, 57, 1, 212, 36, 162, + 39, 38, 16, 216, 3, 50, 116, 200, 32, 234, 77, 181, 155, 19, 90, 188, + 36, 6, 254, 46, 46, 203, 25, 230, 181, 196, 4, 151, 225, 65, 122, 216, + 168, 86, 158, 131, 136, 16, 49, 102, 233, 64, 154, 88, 228, 52, 146, 69, + 93, 157, 243, 121, 70, 209, 126, 213, 88, 145, 236, 65, 70, 96, 204, 47, + 10, 200, 77, 8, 103, 150, 48, 153, 5, 37, 52, 235, 209, 31, 181, 126, + 83, 142, 224, 140, 6, 32, 200, 171, 160, 179, 115, 229, 75, 194, 208, 39, + 59, 223, 52, 247, 38, 197, 135, 1, 6, 189, 106, 114, 168, 5, 211, 222, + 44, 63, 90, 160, 116, 172, 170, 133, 125, 138, 39, 131, 23, 178, 10, 214, + 36, 93, 28, 59, 68, 17, 123, 25, 255, 184, 204, 102, 194, 214, 129, 94, + 159, 245, 112, 141, 62, 11, 61, 197, 124, 221, 205, 11, 79, 71, 201, 54, + 58, 150, 29, 121, 87, 46, 240, 201, 68, 20, 194, 209, 47, 152, 158, 174, + 193, 164, 120, 255, 216, 165, 247, 58, 85, 130, 220, 23, 122, 223, 188, 98, + 21, 70, 72, 170, 150, 237, 76, 143, 112, 238, 206, 146, 215, 110, 4, 250, + 68, 44, 174, 177, 30, 98, 143, 241, 180, 127, 113, 48, 0, 1, 179, 199, + 59, 106, 201, 114, 29, 86, 173, 133, 217, 44, 200, 141, 107, 172, 16, 60, + 82, 58, 239, 94, 141, 234, 186, 235, 109, 173, 249, 139, 141, 59, 100, 248, + 84, 144, 49, 160, 51, 207, 164, 103, 74, 97, 146, 202, 193, 125, 168, 134, + 236, 111, 135, 121, 59, 145, 168, 200, 181, 173, 109, 2, 255, 6, 9, 245, + 90, 202, 214, 143, 121, 65, 85, 232, 132, 77, 228, 84, 26, 54, 184, 15, + 161, 29, 177, 79, 43, 0, 156, 184, 163, 165, 62, 90, 179, 93, 45, 239, + 1, 16, 120, 189, 127, 47, 74, 166, 20, 214, 233, 226, 89, 217, 229, 26, + 156, 53, 162, 60, 21, 3, 192, 72, 111, 51, 53, 101, 181, 208, 88, 82, + 179, 160, 219, 113, 240, 108, 43, 224, 162, 147, 62, 14, 95, 81, 205, 4, + 160, 177, 225, 115, 29, 69, 235, 168, 148, 29, 128, 114, 124, 129, 172, 165, + 215, 231, 214, 86, 160, 44, 157, 91, 248, 183, 73, 164, 56, 181, 162, 92, + 141, 118, 127, 240, 196, 77, 0, 9, 244, 79, 250, 100, 195, 25, 255, 85, + 94, 35, 212, 137, 107, 34, 110, 20, 200, 104, 17, 32, 231, 43, 150, 159, + 231, 216, 223, 190, 226, 109, 162, 197, 87, 92, 224, 11, 111, 73, 60, 225, + 238, 73, 246, 169, 19, 217, 119, 38, 121, 118, 70, 82, 99, 241, 110, 67, + 31, 76, 146, 215, 124, 240, 31, 103, 139, 224, 75, 160, 31, 78, 93, 4, + 64, 9, 103, 223, 6, 227, 119, 85, 116, 81, 21, 43, 46, 206, 234, 132, + 85, 99, 22, 131, 135, 97, 86, 13, 234, 188, 21, 14, 89, 169, 207, 238, + 219, 177, 190, 72, 157, 41, 114, 140, 92, 141, 186, 1, 63, 107, 225, 184, + 118, 150, 153, 254, 241, 106, 120, 210, 104, 144, 151, 161, 88, 206, 125, 164, + 15, 211, 173, 49, 146, 241, 71, 36, 58, 201, 46, 27, 33, 187, 91, 162, + 117, 19, 210, 213, 187, 97, 193, 50, 190, 114, 217, 60, 61, 167, 207, 213, + 213, 53, 135, 34, 156, 91, 115, 119, 46, 99, 242, 1, 90, 52, 198, 227, + 201, 91, 216, 146, 210, 82, 121, 38, 73, 133, 182, 193, 132, 148, 246, 75, + 109, 157, 179, 113, 176, 134, 205, 159, 148, 58, 103, 171, 132, 156, 133, 147, + 161, 231, 39, 100, 175, 97, 125, 28, 183, 129, 135, 191, 202, 181, 29, 218, + 43, 104, 148, 203, 189, 204, 4, 182, 169, 1, 134, 122, 141, 202, 13, 187, + 177, 112, 162, 35, 231, 6, 8, 241, 99, 6, 191, 45, 113, 113, 101, 104}; + +// The S-Box we use for further linearity breaking. +// We created it by taking the digits of decimal expansion of e. +// The code that created it can be found in 'ProduceRandomSBox.c'. +unsigned char SBox[256] = { +//0 1 2 3 4 5 6 7 8 9 A B C D E F +0x7d, 0xd1, 0x70, 0x0b, 0xfa, 0x39, 0x18, 0xc3, 0xf3, 0xbb, 0xa7, 0xd4, 0x84, 0x25, 0x3b, 0x3c, // 0 +0x2c, 0x15, 0x69, 0x9a, 0xf9, 0x27, 0xfb, 0x02, 0x52, 0xba, 0xa8, 0x4b, 0x20, 0xb5, 0x8b, 0x3a, // 1 +0x88, 0x8e, 0x26, 0xcb, 0x71, 0x5e, 0xaf, 0xad, 0x0c, 0xac, 0xa1, 0x93, 0xc6, 0x78, 0xce, 0xfc, // 2 +0x2a, 0x76, 0x17, 0x1f, 0x62, 0xc2, 0x2e, 0x99, 0x11, 0x37, 0x65, 0x40, 0xfd, 0xa0, 0x03, 0xc1, // 3 +0xca, 0x48, 0xe2, 0x9b, 0x81, 0xe4, 0x1c, 0x01, 0xec, 0x68, 0x7a, 0x5a, 0x50, 0xf8, 0x0e, 0xa3, // 4 +0xe8, 0x61, 0x2b, 0xa2, 0xeb, 0xcf, 0x8c, 0x3d, 0xb4, 0x95, 0x13, 0x08, 0x46, 0xab, 0x91, 0x7b, // 5 +0xea, 0x55, 0x67, 0x9d, 0xdd, 0x29, 0x6a, 0x8f, 0x9f, 0x22, 0x4e, 0xf2, 0x57, 0xd2, 0xa9, 0xbd, // 6 +0x38, 0x16, 0x5f, 0x4c, 0xf7, 0x9e, 0x1b, 0x2f, 0x30, 0xc7, 0x41, 0x24, 0x5c, 0xbf, 0x05, 0xf6, // 7 +0x0a, 0x31, 0xa5, 0x45, 0x21, 0x33, 0x6b, 0x6d, 0x6c, 0x86, 0xe1, 0xa4, 0xe6, 0x92, 0x9c, 0xdf, // 8 +0xe7, 0xbe, 0x28, 0xe3, 0xfe, 0x06, 0x4d, 0x98, 0x80, 0x04, 0x96, 0x36, 0x3e, 0x14, 0x4a, 0x34, // 9 +0xd3, 0xd5, 0xdb, 0x44, 0xcd, 0xf5, 0x54, 0xdc, 0x89, 0x09, 0x90, 0x42, 0x87, 0xff, 0x7e, 0x56, // A +0x5d, 0x59, 0xd7, 0x23, 0x75, 0x19, 0x97, 0x73, 0x83, 0x64, 0x53, 0xa6, 0x1e, 0xd8, 0xb0, 0x49, // B +0x3f, 0xef, 0xbc, 0x7f, 0x43, 0xf0, 0xc9, 0x72, 0x0f, 0x63, 0x79, 0x2d, 0xc0, 0xda, 0x66, 0xc8, // C +0x32, 0xde, 0x47, 0x07, 0xb8, 0xe9, 0x1d, 0xc4, 0x85, 0x74, 0x82, 0xcc, 0x60, 0x51, 0x77, 0x0d, // D +0xaa, 0x35, 0xed, 0x58, 0x7c, 0x5b, 0xb9, 0x94, 0x6e, 0x8d, 0xb1, 0xc5, 0xb7, 0xee, 0xb6, 0xae, // E +0x10, 0xe0, 0xd6, 0xd9, 0xe5, 0x4f, 0xf1, 0x12, 0x00, 0xd0, 0xf4, 0x1a, 0x6f, 0x8a, 0xb3, 0xb2 }; // F + +/////////////////////////////////////////////////////////////////////////////////////////////// +// +// Helper functions definition portion. +// +/////////////////////////////////////////////////////////////////////////////////////////////// + +// Don't vectorize, move decl to header file + +// Translates an input array with values in base 257 to output array with values in base 256. +// Returns the carry bit. +// +// Parameters: +// - input: the input array of size EIGHTH_N. Each value in the array is a number in Z_257. +// The MSB is assumed to be the last one in the array. +// - output: the input array encoded in base 256. +// +// Returns: +// - The carry bit (MSB). +swift_int16_t TranslateToBase256(swift_int32_t input[EIGHTH_N], unsigned char output[EIGHTH_N]); + +// Translates an input integer into the range (-FIELD_SIZE / 2) <= result <= (FIELD_SIZE / 2). +// +// Parameters: +// - x: the input integer. +// +// Returns: +// - The result, which equals (x MOD FIELD_SIZE), such that |result| <= (FIELD_SIZE / 2). +int Center(int x); + +// Calculates bit reversal permutation. +// +// Parameters: +// - input: the input to reverse. +// - numOfBits: the number of bits in the input to reverse. +// +// Returns: +// - The resulting number, which is obtained from the input by reversing its bits. +int ReverseBits(int input, int numOfBits); + +// Initializes the FFT fast lookup table. +// Shall be called only once. +void InitializeSWIFFTX(); + +// Calculates the FFT. +// +// Parameters: +// - input: the input to the FFT. +// - output: the resulting output. +void FFT(const unsigned char input[EIGHTH_N], swift_int32_t *output); + +/////////////////////////////////////////////////////////////////////////////////////////////// +// Helper functions implementation portion. +/////////////////////////////////////////////////////////////////////////////////////////////// + +// Don't vectorize, delete this copy. + +swift_int16_t TranslateToBase256(swift_int32_t input[EIGHTH_N], unsigned char output[EIGHTH_N]) +{ + swift_int32_t pairs[EIGHTH_N / 2]; + int i; + + for (i = 0; i < EIGHTH_N; i += 2) + { + // input[i] + 257 * input[i + 1] + pairs[i >> 1] = input[i] + input[i + 1] + (input[i + 1] << 8); + } + + for (i = (EIGHTH_N / 2) - 1; i > 0; --i) + { + int j; + + for (j = i - 1; j < (EIGHTH_N / 2) - 1; ++j) + { + // pairs[j + 1] * 513, because 257^2 = 513 % 256^2. + register swift_int32_t temp = pairs[j] + pairs[j + 1] + (pairs[j + 1] << 9); + pairs[j] = temp & 0xffff; + pairs[j + 1] += (temp >> 16); + } + } + + for (i = 0; i < EIGHTH_N; i += 2) + { + output[i] = (unsigned char) (pairs[i >> 1] & 0xff); + output[i + 1] = (unsigned char) ((pairs[i >> 1] >> 8) & 0xff); + } + + return (pairs[EIGHTH_N/2 - 1] >> 16); +} + +int Center(int x) +{ + int result = x % FIELD_SIZE; + + if (result > (FIELD_SIZE / 2)) + result -= FIELD_SIZE; + + if (result < (FIELD_SIZE / -2)) + result += FIELD_SIZE; + + return result; +} + +int ReverseBits(int input, int numOfBits) +{ + register int reversed = 0; + + for (input |= numOfBits; input > 1; input >>= 1) + reversed = (reversed << 1) | (input & 1); + + return reversed; +} + +void InitializeSWIFFTX() +{ + int i, j, k, x; + // The powers of OMEGA + int omegaPowers[2 * N]; + omegaPowers[0] = 1; + + if (wasSetupDone) + return; + + for (i = 1; i < (2 * N); ++i) + { + omegaPowers[i] = Center(omegaPowers[i - 1] * OMEGA); + } + + for (i = 0; i < (N / W); ++i) + { + for (j = 0; j < W; ++j) + { + multipliers[(i << 3) + j] = omegaPowers[ReverseBits(i, N / W) * (2 * j + 1)]; + } + } + + for (x = 0; x < 256; ++x) + { + for (j = 0; j < 8; ++j) + { + register int temp = 0; + for (k = 0; k < 8; ++k) + { + temp += omegaPowers[(EIGHTH_N * (2 * j + 1) * ReverseBits(k, W)) % (2 * N)] + * ((x >> k) & 1); + } + + fftTable[(x << 3) + j] = Center(temp); + } + } + + wasSetupDone = true; +} + +// input should be deinterleaved in contiguos memory +// output and F are 4x32 +// multipliers & fftTable are scalar 16 + + +void FFT_4way(const unsigned char input[EIGHTH_N], swift_int32_t *output) +{ + swift_int16_t *mult = multipliers; + m128_swift_int32_t F[64]; + + for (int i = 0; i < 8; i++) + { + int j = i<<3; + +// Need to isolate bytes in input, 8 bytes per lane. +// Each iteration of the loop process one input vector +// Each lane reads a different index to ffttable. + +// deinterleave the input! + +// load table with 4 lanes from different indexes into fftTable +// extract bytes into m128 4x16 +// mutiply by vectorized mult + +// input[lane][byte] + + __m128i table; + table = _mm_set_epi32( fftTable[ input[3][i] ], + fftTable[ input[2][i] ], + fftTable[ input[1][i] ], + fftTable[ input[0][i] ] ); + + F[i ] = _mm_mullo_epi32( mm128_const1_32( mult[j+0] ), table ); + + table = _mm_set_epi32( fftTable[ input[3][i+1] ] + fftTable[ input[2][i+1] ] + fftTable[ input[1][i+1] ] + fftTable[ input[0][i+1] ] ); + + F[i+8] = _mm_mullo_epi32( mm128_const1_32( mult[j+0] ), table ); + + + m128_swift_int16_t *table = &( fftTable[input[i] << 3] ); + + F[i ] = _mm_mullo_epi32( mm128_const1_32( mult[j+0] ), + mm128_const1_32( table[0] ) ); + F[i+ 8] = _mm_mullo_epi32( mm128_const1_32( mult[j+1] ), + mm128_const1_32( table[1] ) ); + F[i+16] = _mm_mullo_epi32( mm128_const1_32( mult[j+2] ), + mm128_const1_32( table[2] ) ); + F[i+24] = _mm_mullo_epi32( mm128_const1_32( mult[j+3] ), + mm128_const1_32( table[3] ) ); + F[i+32] = _mm_mullo_epi32( mm128_const1_32( mult[j+4] ), + mm128_const1_32( table[4] ) ); + F[i+40] = _mm_mullo_epi32( mm128_const1_32( mult[j+5] ), + mm128_const1_32( table[5] ) ); + F[i+48] = _mm_mullo_epi32( mm128_const1_32( mult[j+6] ), + mm128_const1_32( table[6] ) ); + F[i+56] = _mm_mullo_epi32( mm128_const1_32( mult[j+7] ), + mm128_const1_32( table[7] ) ); + } + + + for ( int i = 0; i < 8; i++ ) + { + int j = i<<3; + ADD_SUB_4WAY( F[j ], F[j+1] ); + ADD_SUB_4WAY( F[j+2], F[j+3] ); + ADD_SUB_4WAY( F[j+4], F[j+5] ); + ADD_SUB_4WAY( F[j+6], F[j+7] ); + + F[j+3] = _mm_slli_epi32( F[j+3], 4 ); + F[j+7] = _mm_slli_epi32( F[j+7], 4 ); + + ADD_SUB_4WAY( F[j ], F[j+2] ); + ADD_SUB_4WAY( F[j+1], F[j+3] ); + ADD_SUB_4WAY( F[j+4], F[j+6] ); + ADD_SUB_4WAY( F[j+5], F[j+7] ); + + F[j+5] = _mm_slli_epi32( F[j+5], 2 ); + F[j+6] = _mm_slli_epi32( F[j+6], 4 ); + F[j+7] = _mm_slli_epi32( F[j+7], 6 ); + + ADD_SUB_4WAY( F[j ], F[j+4] ); + ADD_SUB_4WAY( F[j+1], F[j+5] ); + ADD_SUB_4WAY( F[j+2], F[j+6] ); + ADD_SUB_4WAY( F[j+3], F[j+7] ); + + output[i ] = Q_REDUCE_4WAY( F[j ] ); + output[i+ 8] = Q_REDUCE_4WAY( F[j+1] ); + output[i+16] = Q_REDUCE_4WAY( F[j+2] ); + output[i+24] = Q_REDUCE_4WAY( F[j+3] ); + output[i+32] = Q_REDUCE_4WAY( F[j+4] ); + output[i+40] = Q_REDUCE_4WAY( F[j+5] ); + output[i+48] = Q_REDUCE_4WAY( F[j+6] ); + output[i+56] = Q_REDUCE_4WAY( F[j+7] ); + } +} + +// Calculates the FFT part of SWIFFT. +// We divided the SWIFFT calculation into two, because that way we could save 2 computations of +// the FFT part, since in the first stage of SWIFFTX the difference between the first 3 SWIFFTs +// is only the A's part. +// +// Parameters: +// - input: the input to FFT. +// - m: the input size divided by 8. The function performs m FFTs. +// - output: will store the result. +void SWIFFTFFT(const unsigned char *input, int m, swift_int32_t *output) +{ + int i; + + for (i = 0; + i < m; + i++, input += EIGHTH_N, output += N) + { + FFT(input, output); + } +} + +// Calculates the 'sum' part of SWIFFT, including the base change at the end. +// We divided the SWIFFT calculation into two, because that way we could save 2 computations of +// the FFT part, since in the first stage of SWIFFTX the difference between the first 3 SWIFFTs +// is only the A's part. +// +// Parameters: +// - input: the input. Of size 64 * m. +// - m: the input size divided by 64. +// - output: will store the result. +// - a: the coefficients in the sum. Of size 64 * m. +void SWIFFTSum(const swift_int32_t *input, int m, unsigned char *output, const swift_int16_t *a) +{ + int i, j; + swift_int32_t result[N]; + register swift_int16_t carry = 0; + + for (j = 0; j < N; ++j) + { + register swift_int32_t sum = 0; + const register swift_int32_t *f = input + j; + const register swift_int16_t *k = a + j; + + for (i = 0; i < m; i++, f += N,k += N) + { + sum += (*f) * (*k); + } + + result[j] = sum; + } + + for (j = 0; j < N; ++j) + { + result[j] = ((FIELD_SIZE << 22) + result[j]) % FIELD_SIZE; + } + + for (j = 0; j < 8; ++j) + { + int register carryBit = TranslateToBase256(result + (j << 3), output + (j << 3)); + carry |= carryBit << j; + } + + output[N] = carry; +} + + +// On entry input is interleaved 4x64. SIZE is *4 lanes / 8 bytes, +// multiply by 2. + + +void ComputeSingleSWIFFTX_4way( unsigned char input[SWIFFTX_INPUT_BLOCK_SIZE], + unsigned char output[SWIFFTX_OUTPUT_BLOCK_SIZE], + bool doSmooth) +{ + int i; + // Will store the result of the FFT parts: + m128_swift_int32_t fftOut[N * M]; +// swift_int32_t fftOut[N * M]; + unsigned char intermediate[N * 3 + 8]; + unsigned char carry0,carry1,carry2; + + // Do the three SWIFFTS while remembering the three carry bytes (each carry byte gets + // overriden by the following SWIFFT): + + // 1. Compute the FFT of the input - the common part for the first 3 SWIFFTs: + SWIFFTFFT(input, M, fftOut); + + // 2. Compute the sums of the 3 SWIFFTs, each using a different set of coefficients: + + // 2a. The first SWIFFT: + SWIFFTSum(fftOut, M, intermediate, As); + // Remember the carry byte: + carry0 = intermediate[N]; + + // 2b. The second one: + SWIFFTSum(fftOut, M, intermediate + N, As + (M * N)); + carry1 = intermediate[2 * N]; + + // 2c. The third one: + SWIFFTSum(fftOut, M, intermediate + (2 * N), As + 2 * (M * N)); + carry2 = intermediate[3 * N]; + + //2d. Put three carry bytes in their place + intermediate[3 * N] = carry0; + intermediate[(3 * N) + 1] = carry1; + intermediate[(3 * N) + 2] = carry2; + + // Padding intermediate output with 5 zeroes. + memset(intermediate + (3 * N) + 3, 0, 5); + + // Apply the S-Box: + for (i = 0; i < (3 * N) + 8; ++i) + { + intermediate[i] = SBox[intermediate[i]]; + } + + // 3. The final and last SWIFFT: + SWIFFTFFT(intermediate, 3 * (N/8) + 1, fftOut); + SWIFFTSum(fftOut, 3 * (N/8) + 1, output, As); + + if (doSmooth) + { + unsigned char sum[N]; + register int i, j; + memset(sum, 0, N); + + for (i = 0; i < (N + 1) * 8; ++i) + { + register const swift_int16_t *AsRow; + register int AShift; + + if (!(output[i >> 3] & (1 << (i & 7)))) + { + continue; + } + + AsRow = As + N * M + (i & ~(N - 1)) ; + AShift = i & 63; + + for (j = AShift; j < N; ++j) + { + sum[j] += AsRow[j - AShift]; + } + + for(j = 0; j < AShift; ++j) + { + sum[j] -= AsRow[N - AShift + j]; + } + } + + for (i = 0; i < N; ++i) + { + output[i] = sum[i]; + } + + output[N] = 0; + } +} diff --git a/algo/swifftx/swifftx.c b/algo/swifftx/swifftx.c new file mode 100644 index 0000000..f38ea85 --- /dev/null +++ b/algo/swifftx/swifftx.c @@ -0,0 +1,1243 @@ +/////////////////////////////////////////////////////////////////////////////////////////////// +// +// SWIFFTX ANSI C OPTIMIZED 32BIT IMPLEMENTATION FOR NIST SHA-3 COMPETITION +// +// SWIFFTX.c +// +// October 2008 +// +// This is the source file of the OPTIMIZED 32BIT implementation of SWIFFTX hash function. +// SWIFFTX is a candidate function for SHA-3 NIST competition. +// More details about SWIFFTX can be found in the accompanying submission documents. +// +/////////////////////////////////////////////////////////////////////////////////////////////// +#include "swifftx.h" +// See the remarks concerning compatibility issues inside stdint.h. +#include "stdint.h" +// Remove this while using gcc: +//#include "stdbool.h" +#include + +/////////////////////////////////////////////////////////////////////////////////////////////// +// Constants and static tables portion. +/////////////////////////////////////////////////////////////////////////////////////////////// + +// In SWIFFTX we work over Z_257, so this is the modulus and the arithmetic is performed modulo +// this number. +#define FIELD_SIZE 257 + +// The size of FFT we use: +#define N 64 + +#define LOGN 6 + +#define EIGHTH_N (N / 8) + +// The number of FFTS done on the input. +#define M (SWIFFTX_INPUT_BLOCK_SIZE / 8) // 32 + +// Omega is the 128th root of unity in Z_257. +// We choose w = 42. +#define OMEGA 42 + +// The size of the inner FFT lookup table: +#define W 8 + +// Calculates the sum and the difference of two numbers. +// +// Parameters: +// - A: the first operand. After the operation stores the sum of the two operands. +// - B: the second operand. After the operation stores the difference between the first and the +// second operands. +#define ADD_SUB(A, B) {register int temp = (B); B = ((A) - (B)); A = ((A) + (temp));} + +// Quickly reduces an integer modulo 257. +// +// Parameters: +// - A: the input. +#define Q_REDUCE(A) (((A) & 0xff) - ((A) >> 8)) + +// Since we need to do the setup only once, this is the indicator variable: +static bool wasSetupDone = false; + +// This array stores the powers of omegas that correspond to the indices, which are the input +// values. Known also as the "outer FFT twiddle factors". +swift_int16_t multipliers[N]; + +// This array stores the powers of omegas, multiplied by the corresponding values. +// We store this table to save computation time. +// +// To calculate the intermediate value of the compression function (the first out of two +// stages), we multiply the k-th bit of x_i by w^[(2i + 1) * k]. {x_i} is the input to the +// compression function, i is between 0 and 31, x_i is a 64-bit value. +// One can see the formula for this (intermediate) stage in the SWIFFT FSE 2008 paper -- +// formula (2), section 3, page 6. +swift_int16_t fftTable[256 * EIGHTH_N]; + +// The A's we use in SWIFFTX shall be random elements of Z_257. +// We generated these A's from the decimal expansion of PI as follows: we converted each +// triple of digits into a decimal number d. If d < (257 * 3) we used (d % 257) for the next A +// element, otherwise move to the next triple of digits in the expansion. This guarntees that +// the A's are random, provided that PI digits are. +const swift_int16_t As[3 * M * N] = +{141, 78, 139, 75, 238, 205, 129, 126, 22, 245, 197, 169, 142, 118, 105, 78, + 50, 149, 29, 208, 114, 34, 85, 117, 67, 148, 86, 256, 25, 49, 133, 93, + 95, 36, 68, 231, 211, 102, 151, 128, 224, 117, 193, 27, 102, 187, 7, 105, + 45, 130, 108, 124, 171, 151, 189, 128, 218, 134, 233, 165, 14, 201, 145, 134, + 52, 203, 91, 96, 197, 69, 134, 213, 136, 93, 3, 249, 141, 16, 210, 73, + 6, 92, 58, 74, 174, 6, 254, 91, 201, 107, 110, 76, 103, 11, 73, 16, + 34, 209, 7, 127, 146, 254, 95, 176, 57, 13, 108, 245, 77, 92, 186, 117, + 124, 97, 105, 118, 34, 74, 205, 122, 235, 53, 94, 238, 210, 227, 183, 11, + 129, 159, 105, 183, 142, 129, 86, 21, 137, 138, 224, 223, 190, 188, 179, 188, + 256, 25, 217, 176, 36, 176, 238, 127, 160, 210, 155, 148, 132, 0, 54, 127, + 145, 6, 46, 85, 243, 95, 173, 123, 178, 207, 211, 183, 224, 173, 146, 35, + 71, 114, 50, 22, 175, 1, 28, 19, 112, 129, 21, 34, 161, 159, 115, 52, + 4, 193, 211, 92, 115, 49, 59, 217, 218, 96, 61, 81, 24, 202, 198, 89, + 45, 128, 8, 51, 253, 87, 171, 35, 4, 188, 171, 10, 3, 137, 238, 73, + 19, 208, 124, 163, 103, 177, 155, 147, 46, 84, 253, 233, 171, 241, 211, 217, + 159, 48, 96, 79, 237, 18, 171, 226, 99, 1, 97, 195, 216, 163, 198, 95, + 0, 201, 65, 228, 21, 153, 124, 230, 44, 35, 44, 108, 85, 156, 249, 207, + 26, 222, 131, 1, 60, 242, 197, 150, 181, 19, 116, 213, 75, 98, 124, 240, + 123, 207, 62, 255, 60, 143, 187, 157, 139, 9, 12, 104, 89, 49, 193, 146, + 104, 196, 181, 82, 198, 253, 192, 191, 255, 122, 212, 104, 47, 20, 132, 208, + 46, 170, 2, 69, 234, 36, 56, 163, 28, 152, 104, 238, 162, 56, 24, 58, + 38, 150, 193, 254, 253, 125, 173, 35, 73, 126, 247, 239, 216, 6, 199, 15, + 90, 12, 97, 122, 9, 84, 207, 127, 219, 72, 58, 30, 29, 182, 41, 192, + 235, 248, 237, 74, 72, 176, 210, 252, 45, 64, 165, 87, 202, 241, 236, 223, + 151, 242, 119, 239, 52, 112, 169, 28, 13, 37, 160, 60, 158, 81, 133, 60, + 16, 145, 249, 192, 173, 217, 214, 93, 141, 184, 54, 34, 161, 104, 157, 95, + 38, 133, 218, 227, 211, 181, 9, 66, 137, 143, 77, 33, 248, 159, 4, 55, + 228, 48, 99, 219, 222, 184, 15, 36, 254, 256, 157, 237, 87, 139, 209, 113, + 232, 85, 126, 167, 197, 100, 103, 166, 64, 225, 125, 205, 117, 135, 84, 128, + 231, 112, 90, 241, 28, 22, 210, 147, 186, 49, 230, 21, 108, 39, 194, 47, + 123, 199, 107, 114, 30, 210, 250, 143, 59, 156, 131, 133, 221, 27, 76, 99, + 208, 250, 78, 12, 211, 141, 95, 81, 195, 106, 8, 232, 150, 212, 205, 221, + 11, 225, 87, 219, 126, 136, 137, 180, 198, 48, 68, 203, 239, 252, 194, 235, + 142, 137, 174, 172, 190, 145, 250, 221, 182, 204, 1, 195, 130, 153, 83, 241, + 161, 239, 211, 138, 11, 169, 155, 245, 174, 49, 10, 166, 16, 130, 181, 139, + 222, 222, 112, 99, 124, 94, 51, 243, 133, 194, 244, 136, 35, 248, 201, 177, + 178, 186, 129, 102, 89, 184, 180, 41, 149, 96, 165, 72, 225, 231, 134, 158, + 199, 28, 249, 16, 225, 195, 10, 210, 164, 252, 138, 8, 35, 152, 213, 199, + 82, 116, 97, 230, 63, 199, 241, 35, 79, 120, 54, 174, 67, 112, 1, 76, + 69, 222, 194, 96, 82, 94, 25, 228, 196, 145, 155, 136, 228, 234, 46, 101, + 246, 51, 103, 166, 246, 75, 9, 200, 161, 4, 108, 35, 129, 168, 208, 144, + 50, 14, 13, 220, 41, 132, 122, 127, 194, 9, 232, 234, 107, 28, 187, 8, + 51, 141, 97, 221, 225, 9, 113, 170, 166, 102, 135, 22, 231, 185, 227, 187, + 110, 145, 251, 146, 76, 22, 146, 228, 7, 53, 64, 25, 62, 198, 130, 190, + 221, 232, 169, 64, 188, 199, 237, 249, 173, 218, 196, 191, 48, 224, 5, 113, + 100, 166, 160, 21, 191, 197, 61, 162, 149, 171, 240, 183, 129, 231, 123, 204, + 192, 179, 134, 15, 47, 161, 142, 177, 239, 234, 186, 237, 231, 53, 208, 95, + 146, 36, 225, 231, 89, 142, 93, 248, 137, 124, 83, 39, 69, 77, 89, 208, + 182, 48, 85, 147, 244, 164, 246, 68, 38, 190, 220, 35, 202, 91, 157, 151, + 201, 240, 185, 218, 4, 152, 2, 132, 177, 88, 190, 196, 229, 74, 220, 135, + 137, 196, 11, 47, 5, 251, 106, 144, 163, 60, 222, 127, 52, 57, 202, 102, + 64, 140, 110, 206, 23, 182, 39, 245, 1, 163, 157, 186, 163, 80, 7, 230, + 44, 249, 176, 102, 164, 125, 147, 120, 18, 191, 186, 125, 64, 65, 198, 157, + 164, 213, 95, 61, 13, 181, 208, 91, 242, 197, 158, 34, 98, 169, 91, 14, + 17, 93, 157, 17, 65, 30, 183, 6, 139, 58, 255, 108, 100, 136, 209, 144, + 164, 6, 237, 33, 210, 110, 57, 126, 197, 136, 125, 244, 165, 151, 168, 3, + 143, 251, 247, 155, 136, 130, 88, 14, 74, 121, 250, 133, 21, 226, 185, 232, + 118, 132, 89, 64, 204, 161, 2, 70, 224, 159, 35, 204, 123, 180, 13, 52, + 231, 57, 25, 78, 66, 69, 97, 42, 198, 84, 176, 59, 8, 232, 125, 134, + 193, 2, 232, 109, 216, 69, 90, 142, 32, 38, 249, 37, 75, 180, 184, 188, + 19, 47, 120, 87, 146, 70, 232, 120, 191, 45, 33, 38, 19, 248, 110, 110, + 44, 64, 2, 84, 244, 228, 252, 228, 170, 123, 38, 144, 213, 144, 171, 212, + 243, 87, 189, 46, 128, 110, 84, 77, 65, 183, 61, 184, 101, 44, 168, 68, + 14, 106, 105, 8, 227, 211, 166, 39, 152, 43, 52, 254, 197, 55, 119, 89, + 168, 65, 53, 138, 177, 56, 219, 0, 58, 121, 148, 18, 44, 100, 215, 103, + 145, 229, 117, 196, 91, 89, 113, 143, 172, 239, 249, 184, 154, 39, 112, 65, + 204, 42, 84, 38, 155, 151, 151, 16, 100, 87, 174, 162, 145, 147, 149, 186, + 237, 145, 134, 144, 198, 235, 213, 163, 48, 230, 24, 47, 57, 71, 127, 0, + 150, 219, 12, 81, 197, 150, 131, 13, 169, 63, 175, 184, 48, 235, 65, 243, + 149, 200, 163, 254, 202, 114, 247, 67, 143, 250, 126, 228, 80, 130, 216, 214, + 36, 2, 230, 33, 119, 125, 3, 142, 237, 100, 3, 152, 197, 174, 244, 129, + 232, 30, 206, 199, 39, 210, 220, 43, 237, 221, 201, 54, 179, 42, 28, 133, + 246, 203, 198, 177, 0, 28, 194, 85, 223, 109, 155, 147, 221, 60, 133, 108, + 157, 254, 26, 75, 157, 185, 49, 142, 31, 137, 71, 43, 63, 64, 237, 148, + 237, 172, 159, 160, 155, 254, 234, 224, 140, 193, 114, 140, 62, 109, 136, 39, + 255, 8, 158, 146, 128, 49, 222, 96, 57, 209, 180, 249, 202, 127, 113, 231, + 78, 178, 46, 33, 228, 215, 104, 31, 207, 186, 82, 41, 42, 39, 103, 119, + 123, 133, 243, 254, 238, 156, 90, 186, 37, 212, 33, 107, 252, 51, 177, 36, + 237, 76, 159, 245, 93, 214, 97, 56, 190, 38, 160, 94, 105, 222, 220, 158, + 49, 16, 191, 52, 120, 87, 179, 2, 27, 144, 223, 230, 184, 6, 129, 227, + 69, 47, 215, 181, 162, 139, 72, 200, 45, 163, 159, 62, 2, 221, 124, 40, + 159, 242, 35, 208, 179, 166, 98, 67, 178, 68, 143, 225, 178, 146, 187, 159, + 57, 66, 176, 192, 236, 250, 168, 224, 122, 43, 159, 120, 133, 165, 122, 64, + 87, 74, 161, 241, 9, 87, 90, 24, 255, 113, 203, 220, 57, 139, 197, 159, + 31, 151, 27, 140, 77, 162, 7, 27, 84, 228, 187, 220, 53, 126, 162, 242, + 84, 181, 223, 103, 86, 177, 207, 31, 140, 18, 207, 256, 201, 166, 96, 23, + 233, 103, 197, 84, 161, 75, 59, 149, 138, 154, 119, 92, 16, 53, 116, 97, + 220, 114, 35, 45, 77, 209, 40, 196, 71, 22, 81, 178, 110, 14, 3, 180, + 110, 129, 112, 47, 18, 61, 134, 78, 73, 79, 254, 232, 125, 180, 205, 54, + 220, 119, 63, 89, 181, 52, 77, 109, 151, 77, 80, 207, 144, 25, 20, 6, + 208, 47, 201, 206, 192, 14, 73, 176, 256, 201, 207, 87, 216, 60, 56, 73, + 92, 243, 179, 113, 49, 59, 55, 168, 121, 137, 69, 154, 95, 57, 187, 47, + 129, 4, 15, 92, 6, 116, 69, 196, 48, 134, 84, 81, 111, 56, 38, 176, + 239, 6, 128, 72, 242, 134, 36, 221, 59, 48, 242, 68, 130, 110, 171, 89, + 13, 220, 48, 29, 5, 75, 104, 233, 91, 129, 105, 162, 44, 113, 163, 163, + 85, 147, 190, 111, 197, 80, 213, 153, 81, 68, 203, 33, 161, 165, 10, 61, + 120, 252, 0, 205, 28, 42, 193, 64, 39, 37, 83, 175, 5, 218, 215, 174, + 128, 121, 231, 11, 150, 145, 135, 197, 136, 91, 193, 5, 107, 88, 82, 6, + 4, 188, 256, 70, 40, 2, 167, 57, 169, 203, 115, 254, 215, 172, 84, 80, + 188, 167, 34, 137, 43, 243, 2, 79, 178, 38, 188, 135, 233, 194, 208, 13, + 11, 151, 231, 196, 12, 122, 162, 56, 17, 114, 191, 207, 90, 132, 64, 238, + 187, 6, 198, 176, 240, 88, 118, 236, 15, 226, 166, 22, 193, 229, 82, 246, + 213, 64, 37, 63, 31, 243, 252, 37, 156, 38, 175, 204, 138, 141, 211, 82, + 106, 217, 97, 139, 153, 56, 129, 218, 158, 9, 83, 26, 87, 112, 71, 21, + 250, 5, 65, 141, 68, 116, 231, 113, 10, 218, 99, 205, 201, 92, 157, 4, + 97, 46, 49, 220, 72, 139, 103, 171, 149, 129, 193, 19, 69, 245, 43, 31, + 58, 68, 36, 195, 159, 22, 54, 34, 233, 141, 205, 100, 226, 96, 22, 192, + 41, 231, 24, 79, 234, 138, 30, 120, 117, 216, 172, 197, 172, 107, 86, 29, + 181, 151, 0, 6, 146, 186, 68, 55, 54, 58, 213, 182, 60, 231, 33, 232, + 77, 210, 216, 154, 80, 51, 141, 122, 68, 148, 219, 122, 254, 48, 64, 175, + 41, 115, 62, 243, 141, 81, 119, 121, 5, 68, 121, 88, 239, 29, 230, 90, + 135, 159, 35, 223, 168, 112, 49, 37, 146, 60, 126, 134, 42, 145, 115, 90, + 73, 133, 211, 86, 120, 141, 122, 241, 127, 56, 130, 36, 174, 75, 83, 246, + 112, 45, 136, 194, 201, 115, 1, 156, 114, 167, 208, 12, 176, 147, 32, 170, + 251, 100, 102, 220, 122, 210, 6, 49, 75, 201, 38, 105, 132, 135, 126, 102, + 13, 121, 76, 228, 202, 20, 61, 213, 246, 13, 207, 42, 148, 168, 37, 253, + 34, 94, 141, 185, 18, 234, 157, 109, 104, 64, 250, 125, 49, 236, 86, 48, + 196, 77, 75, 237, 156, 103, 225, 19, 110, 229, 22, 68, 177, 93, 221, 181, + 152, 153, 61, 108, 101, 74, 247, 195, 127, 216, 30, 166, 168, 61, 83, 229, + 120, 156, 96, 120, 201, 124, 43, 27, 253, 250, 120, 143, 89, 235, 189, 243, + 150, 7, 127, 119, 149, 244, 84, 185, 134, 34, 128, 193, 236, 234, 132, 117, + 137, 32, 145, 184, 44, 121, 51, 76, 11, 228, 142, 251, 39, 77, 228, 251, + 41, 58, 246, 107, 125, 187, 9, 240, 35, 8, 11, 162, 242, 220, 158, 163, + 2, 184, 163, 227, 242, 2, 100, 101, 2, 78, 129, 34, 89, 28, 26, 157, + 79, 31, 107, 250, 194, 156, 186, 69, 212, 66, 41, 180, 139, 42, 211, 253, + 256, 239, 29, 129, 104, 248, 182, 68, 1, 189, 48, 226, 36, 229, 3, 158, + 41, 53, 241, 22, 115, 174, 16, 163, 224, 19, 112, 219, 177, 233, 42, 27, + 250, 134, 18, 28, 145, 122, 68, 34, 134, 31, 147, 17, 39, 188, 150, 76, + 45, 42, 167, 249, 12, 16, 23, 182, 13, 79, 121, 3, 70, 197, 239, 44, + 86, 177, 255, 81, 64, 171, 138, 131, 73, 110, 44, 201, 254, 198, 146, 91, + 48, 9, 104, 31, 29, 161, 101, 31, 138, 180, 231, 233, 79, 137, 61, 236, + 140, 15, 249, 218, 234, 119, 99, 195, 110, 137, 237, 207, 8, 31, 45, 24, + 90, 155, 203, 253, 192, 203, 65, 176, 210, 171, 142, 214, 220, 122, 136, 237, + 189, 186, 147, 40, 80, 254, 173, 33, 191, 46, 192, 26, 108, 255, 228, 205, + 61, 76, 39, 107, 225, 126, 228, 182, 140, 251, 143, 134, 252, 168, 221, 8, + 185, 85, 60, 233, 147, 244, 87, 137, 8, 140, 96, 80, 53, 45, 175, 160, + 124, 189, 112, 37, 144, 19, 70, 17, 170, 242, 2, 3, 28, 95, 120, 199, + 212, 43, 9, 117, 86, 151, 101, 241, 200, 145, 241, 19, 178, 69, 204, 197, + 227, 166, 94, 7, 193, 45, 247, 234, 19, 187, 212, 212, 236, 125, 33, 95, + 198, 121, 122, 103, 77, 155, 235, 49, 25, 237, 249, 11, 162, 7, 238, 24, + 16, 150, 129, 25, 152, 17, 42, 67, 247, 162, 77, 154, 31, 133, 55, 137, + 79, 119, 153, 10, 86, 28, 244, 186, 41, 169, 106, 44, 10, 49, 110, 179, + 32, 133, 155, 244, 61, 70, 131, 168, 170, 39, 231, 252, 32, 69, 92, 238, + 239, 35, 132, 136, 236, 167, 90, 32, 123, 88, 69, 22, 20, 89, 145, 166, + 30, 118, 75, 4, 49, 31, 225, 54, 11, 50, 56, 191, 246, 1, 187, 33, + 119, 107, 139, 68, 19, 240, 131, 55, 94, 113, 31, 252, 12, 179, 121, 2, + 120, 252, 0, 76, 41, 80, 185, 42, 62, 121, 105, 159, 121, 109, 111, 98, + 7, 118, 86, 29, 210, 70, 231, 179, 223, 229, 164, 70, 62, 47, 0, 206, + 204, 178, 168, 120, 224, 166, 99, 25, 103, 63, 246, 224, 117, 204, 75, 124, + 140, 133, 110, 110, 222, 88, 151, 118, 46, 37, 22, 143, 158, 40, 2, 50, + 153, 94, 190, 199, 13, 198, 127, 211, 180, 90, 183, 98, 0, 142, 210, 154, + 100, 187, 67, 231, 202, 100, 198, 235, 252, 160, 247, 124, 247, 14, 121, 221, + 57, 88, 253, 243, 185, 89, 45, 249, 221, 194, 108, 175, 193, 119, 50, 141, + 223, 133, 136, 64, 176, 250, 129, 100, 124, 94, 181, 159, 99, 185, 177, 240, + 135, 42, 103, 52, 202, 208, 143, 186, 193, 103, 154, 237, 102, 88, 225, 161, + 50, 188, 191, 109, 12, 87, 19, 227, 247, 183, 13, 52, 205, 170, 205, 146, + 89, 160, 18, 105, 192, 73, 231, 225, 184, 157, 252, 220, 61, 59, 169, 183, + 221, 20, 141, 20, 158, 101, 245, 7, 245, 225, 118, 137, 84, 55, 19, 27, + 164, 110, 35, 25, 202, 94, 150, 46, 91, 152, 130, 1, 7, 46, 16, 237, + 171, 109, 19, 200, 65, 38, 10, 213, 70, 96, 126, 226, 185, 225, 181, 46, + 10, 165, 11, 123, 53, 158, 22, 147, 64, 22, 227, 69, 182, 237, 197, 37, + 39, 49, 186, 223, 139, 128, 55, 36, 166, 178, 220, 20, 98, 172, 166, 253, + 45, 0, 120, 180, 189, 185, 158, 159, 196, 6, 214, 79, 141, 52, 156, 107, + 5, 109, 142, 159, 33, 64, 190, 133, 95, 132, 95, 202, 160, 63, 186, 23, + 231, 107, 163, 33, 234, 15, 244, 77, 108, 49, 51, 7, 164, 87, 142, 99, + 240, 202, 47, 256, 118, 190, 196, 178, 217, 42, 39, 153, 21, 192, 232, 202, + 14, 82, 179, 64, 233, 4, 219, 10, 133, 78, 43, 144, 146, 216, 202, 81, + 71, 252, 8, 201, 68, 256, 85, 233, 164, 88, 176, 30, 5, 152, 126, 179, + 249, 84, 140, 190, 159, 54, 118, 98, 2, 159, 27, 133, 74, 121, 239, 196, + 71, 149, 119, 135, 102, 20, 87, 112, 44, 75, 221, 3, 151, 158, 5, 98, + 152, 25, 97, 106, 63, 171, 240, 79, 234, 240, 230, 92, 76, 70, 173, 196, + 36, 225, 218, 133, 64, 240, 150, 41, 146, 66, 133, 51, 134, 73, 170, 238, + 140, 90, 45, 89, 46, 147, 96, 169, 174, 174, 244, 151, 90, 40, 32, 74, + 38, 154, 246, 57, 31, 14, 189, 151, 83, 243, 197, 183, 220, 185, 53, 225, + 51, 106, 188, 208, 222, 248, 93, 13, 93, 215, 131, 25, 142, 185, 113, 222, + 131, 215, 149, 50, 159, 85, 32, 5, 205, 192, 2, 227, 42, 214, 197, 42, + 126, 182, 68, 123, 109, 36, 237, 179, 170, 199, 77, 256, 5, 128, 214, 243, + 137, 177, 170, 253, 179, 180, 153, 236, 100, 196, 216, 231, 198, 37, 192, 80, + 121, 221, 246, 1, 16, 246, 29, 78, 64, 148, 124, 38, 96, 125, 28, 20, + 48, 51, 73, 187, 139, 208, 98, 253, 221, 188, 84, 129, 1, 205, 95, 205, + 117, 79, 71, 126, 134, 237, 19, 184, 137, 125, 129, 178, 223, 54, 188, 112, + 30, 7, 225, 228, 205, 184, 233, 87, 117, 22, 58, 10, 8, 42, 2, 114, + 254, 19, 17, 13, 150, 92, 233, 179, 63, 12, 60, 171, 127, 35, 50, 5, + 195, 113, 241, 25, 249, 184, 166, 44, 221, 35, 151, 116, 8, 54, 195, 89, + 218, 186, 132, 5, 41, 89, 226, 177, 11, 41, 87, 172, 5, 23, 20, 59, + 228, 94, 76, 33, 137, 43, 151, 221, 61, 232, 4, 120, 93, 217, 80, 228, + 228, 6, 58, 25, 62, 84, 91, 48, 209, 20, 247, 243, 55, 106, 80, 79, + 235, 34, 20, 180, 146, 2, 236, 13, 236, 206, 243, 222, 204, 83, 148, 213, + 214, 117, 237, 98, 0, 90, 204, 168, 32, 41, 126, 67, 191, 74, 27, 255, + 26, 75, 240, 113, 185, 105, 167, 154, 112, 67, 151, 63, 161, 134, 239, 176, + 42, 87, 249, 130, 45, 242, 17, 100, 107, 120, 212, 218, 237, 76, 231, 162, + 175, 172, 118, 155, 92, 36, 124, 17, 121, 71, 13, 9, 82, 126, 147, 142, + 218, 148, 138, 80, 163, 106, 164, 123, 140, 129, 35, 42, 186, 154, 228, 214, + 75, 73, 8, 253, 42, 153, 232, 164, 95, 24, 110, 90, 231, 197, 90, 196, + 57, 164, 252, 181, 31, 7, 97, 256, 35, 77, 200, 212, 99, 179, 92, 227, + 17, 180, 49, 176, 9, 188, 13, 182, 93, 44, 128, 219, 134, 92, 151, 6, + 23, 126, 200, 109, 66, 30, 140, 180, 146, 134, 67, 200, 7, 9, 223, 168, + 186, 221, 3, 154, 150, 165, 43, 53, 138, 27, 86, 213, 235, 160, 70, 2, + 240, 20, 89, 212, 84, 141, 168, 246, 183, 227, 30, 167, 138, 185, 253, 83, + 52, 143, 236, 94, 59, 65, 89, 218, 194, 157, 164, 156, 111, 95, 202, 168, + 245, 256, 151, 28, 222, 194, 72, 130, 217, 134, 253, 77, 246, 100, 76, 32, + 254, 174, 182, 193, 14, 237, 74, 1, 74, 26, 135, 216, 152, 208, 112, 38, + 181, 62, 25, 71, 61, 234, 254, 97, 191, 23, 92, 256, 190, 205, 6, 16, + 134, 147, 210, 219, 148, 59, 73, 185, 24, 247, 174, 143, 116, 220, 128, 144, + 111, 126, 101, 98, 130, 136, 101, 102, 69, 127, 24, 168, 146, 226, 226, 207, + 176, 122, 149, 254, 134, 196, 22, 151, 197, 21, 50, 205, 116, 154, 65, 116, + 177, 224, 127, 77, 177, 159, 225, 69, 176, 54, 100, 104, 140, 8, 11, 126, + 11, 188, 185, 159, 107, 16, 254, 142, 80, 28, 5, 157, 104, 57, 109, 82, + 102, 80, 173, 242, 238, 207, 57, 105, 237, 160, 59, 189, 189, 199, 26, 11, + 190, 156, 97, 118, 20, 12, 254, 189, 165, 147, 142, 199, 5, 213, 64, 133, + 108, 217, 133, 60, 94, 28, 116, 136, 47, 165, 125, 42, 183, 143, 14, 129, + 223, 70, 212, 205, 181, 180, 3, 201, 182, 46, 57, 104, 239, 60, 99, 181, + 220, 231, 45, 79, 156, 89, 149, 143, 190, 103, 153, 61, 235, 73, 136, 20, + 89, 243, 16, 130, 247, 141, 134, 93, 80, 68, 85, 84, 8, 72, 194, 4, + 242, 110, 19, 133, 199, 70, 172, 92, 132, 254, 67, 74, 36, 94, 13, 90, + 154, 184, 9, 109, 118, 243, 214, 71, 36, 95, 0, 90, 201, 105, 112, 215, + 69, 196, 224, 210, 236, 242, 155, 211, 37, 134, 69, 113, 157, 97, 68, 26, + 230, 149, 219, 180, 20, 76, 172, 145, 154, 40, 129, 8, 93, 56, 162, 124, + 207, 233, 105, 19, 3, 183, 155, 134, 8, 244, 213, 78, 139, 88, 156, 37, + 51, 152, 111, 102, 112, 250, 114, 252, 201, 241, 133, 24, 136, 153, 5, 90, + 210, 197, 216, 24, 131, 17, 147, 246, 13, 86, 3, 253, 179, 237, 101, 114, + 243, 191, 207, 2, 220, 133, 244, 53, 87, 125, 154, 158, 197, 20, 8, 83, + 32, 191, 38, 241, 204, 22, 168, 59, 217, 123, 162, 82, 21, 50, 130, 89, + 239, 253, 195, 56, 253, 74, 147, 125, 234, 199, 250, 28, 65, 193, 22, 237, + 193, 94, 58, 229, 139, 176, 69, 42, 179, 164, 150, 168, 246, 214, 86, 174, + 59, 117, 15, 19, 76, 37, 214, 238, 153, 226, 154, 45, 109, 114, 198, 107, + 45, 70, 238, 196, 142, 252, 244, 71, 123, 136, 134, 188, 99, 132, 25, 42, + 240, 0, 196, 33, 26, 124, 256, 145, 27, 102, 153, 35, 28, 132, 221, 167, + 138, 133, 41, 170, 95, 224, 40, 139, 239, 153, 1, 106, 255, 106, 170, 163, + 127, 44, 155, 232, 194, 119, 232, 117, 239, 143, 108, 41, 3, 9, 180, 256, + 144, 113, 133, 200, 79, 69, 128, 216, 31, 50, 102, 209, 249, 136, 150, 154, + 182, 51, 228, 39, 127, 142, 87, 15, 94, 92, 187, 245, 31, 236, 64, 58, + 114, 11, 17, 166, 189, 152, 218, 34, 123, 39, 58, 37, 153, 91, 63, 121, + 31, 34, 12, 254, 106, 96, 171, 14, 155, 247, 214, 69, 24, 98, 3, 204, + 202, 194, 207, 30, 253, 44, 119, 70, 14, 96, 82, 250, 63, 6, 232, 38, + 89, 144, 102, 191, 82, 254, 20, 222, 96, 162, 110, 6, 159, 58, 200, 226, + 98, 128, 42, 70, 84, 247, 128, 211, 136, 54, 143, 166, 60, 118, 99, 218, + 27, 193, 85, 81, 219, 223, 46, 41, 23, 233, 152, 222, 36, 236, 54, 181, + 56, 50, 4, 207, 129, 92, 78, 88, 197, 251, 131, 105, 31, 172, 38, 131, + 19, 204, 129, 47, 227, 106, 202, 183, 23, 6, 77, 224, 102, 147, 11, 218, + 131, 132, 60, 192, 208, 223, 236, 23, 103, 115, 89, 18, 185, 171, 70, 174, + 139, 0, 100, 160, 221, 11, 228, 60, 12, 122, 114, 12, 157, 235, 148, 57, + 83, 62, 173, 131, 169, 126, 85, 99, 93, 243, 81, 80, 29, 245, 206, 82, + 236, 227, 166, 14, 230, 213, 144, 97, 27, 111, 99, 164, 105, 150, 89, 111, + 252, 118, 140, 232, 120, 183, 137, 213, 232, 157, 224, 33, 134, 118, 186, 80, + 159, 2, 186, 193, 54, 242, 25, 237, 232, 249, 226, 213, 90, 149, 90, 160, + 118, 69, 64, 37, 10, 183, 109, 246, 30, 52, 219, 69, 189, 26, 116, 220, + 50, 244, 243, 243, 139, 137, 232, 98, 38, 45, 256, 143, 171, 101, 73, 238, + 123, 45, 194, 167, 250, 123, 12, 29, 136, 237, 141, 21, 89, 96, 199, 44, + 8, 214, 208, 17, 113, 41, 137, 26, 166, 155, 89, 85, 54, 58, 97, 160, + 50, 239, 58, 71, 21, 157, 139, 12, 37, 198, 182, 131, 149, 134, 16, 204, + 164, 181, 248, 166, 52, 216, 136, 201, 37, 255, 187, 240, 5, 101, 147, 231, + 14, 163, 253, 134, 146, 216, 8, 54, 224, 90, 220, 195, 75, 215, 186, 58, + 71, 204, 124, 105, 239, 53, 16, 85, 69, 163, 195, 223, 33, 38, 69, 88, + 88, 203, 99, 55, 176, 13, 156, 204, 236, 99, 194, 134, 75, 247, 126, 129, + 160, 124, 233, 206, 139, 144, 154, 45, 233, 51, 206, 61, 60, 55, 205, 107, + 84, 108, 96, 188, 203, 31, 89, 20, 115, 144, 137, 90, 237, 78, 231, 185, + 120, 217, 1, 176, 169, 30, 155, 176, 100, 113, 53, 42, 193, 108, 14, 121, + 176, 158, 137, 92, 178, 44, 110, 249, 108, 234, 94, 101, 128, 12, 250, 173, + 72, 202, 232, 66, 139, 152, 189, 18, 32, 197, 9, 238, 246, 55, 119, 183, + 196, 119, 113, 247, 191, 100, 200, 245, 46, 16, 234, 112, 136, 116, 232, 48, + 176, 108, 11, 237, 14, 153, 93, 177, 124, 72, 67, 121, 135, 143, 45, 18, + 97, 251, 184, 172, 136, 55, 213, 8, 103, 12, 221, 212, 13, 160, 116, 91, + 237, 127, 218, 190, 103, 131, 77, 82, 36, 100, 22, 252, 79, 69, 54, 26, + 65, 182, 115, 142, 247, 20, 89, 81, 188, 244, 27, 120, 240, 248, 13, 230, + 67, 133, 32, 201, 129, 87, 9, 245, 66, 88, 166, 34, 46, 184, 119, 218, + 144, 235, 163, 40, 138, 134, 127, 217, 64, 227, 116, 67, 55, 202, 130, 48, + 199, 42, 251, 112, 124, 153, 123, 194, 243, 49, 250, 12, 78, 157, 167, 134, + 210, 73, 156, 102, 21, 88, 216, 123, 45, 11, 208, 18, 47, 187, 20, 43, + 3, 180, 124, 2, 136, 176, 77, 111, 138, 139, 91, 225, 126, 8, 74, 255, + 88, 192, 193, 239, 138, 204, 139, 194, 166, 130, 252, 184, 140, 168, 30, 177, + 121, 98, 131, 124, 69, 171, 75, 49, 184, 34, 76, 122, 202, 115, 184, 253, + 120, 182, 33, 251, 1, 74, 216, 217, 243, 168, 70, 162, 119, 158, 197, 198, + 61, 89, 7, 5, 54, 199, 211, 170, 23, 226, 44, 247, 165, 195, 7, 225, + 91, 23, 50, 15, 51, 208, 106, 94, 12, 31, 43, 112, 146, 139, 246, 182, + 113, 1, 97, 15, 66, 2, 51, 76, 164, 184, 237, 200, 218, 176, 72, 98, + 33, 135, 38, 147, 140, 229, 50, 94, 81, 187, 129, 17, 238, 168, 146, 203, + 181, 99, 164, 3, 104, 98, 255, 189, 114, 142, 86, 102, 229, 102, 80, 129, + 64, 84, 79, 161, 81, 156, 128, 111, 164, 197, 18, 15, 55, 196, 198, 191, + 28, 113, 117, 96, 207, 253, 19, 158, 231, 13, 53, 130, 252, 211, 58, 180, + 212, 142, 7, 219, 38, 81, 62, 109, 167, 113, 33, 56, 97, 185, 157, 130, + 186, 129, 119, 182, 196, 26, 54, 110, 65, 170, 166, 236, 30, 22, 162, 0, + 106, 12, 248, 33, 48, 72, 159, 17, 76, 244, 172, 132, 89, 171, 196, 76, + 254, 166, 76, 218, 226, 3, 52, 220, 238, 181, 179, 144, 225, 23, 3, 166, + 158, 35, 228, 154, 204, 23, 203, 71, 134, 189, 18, 168, 236, 141, 117, 138, + 2, 132, 78, 57, 154, 21, 250, 196, 184, 40, 161, 40, 10, 178, 134, 120, + 132, 123, 101, 82, 205, 121, 55, 140, 231, 56, 231, 71, 206, 246, 198, 150, + 146, 192, 45, 105, 242, 1, 125, 18, 176, 46, 222, 122, 19, 80, 113, 133, + 131, 162, 81, 51, 98, 168, 247, 161, 139, 39, 63, 162, 22, 153, 170, 92, + 91, 130, 174, 200, 45, 112, 99, 164, 132, 184, 191, 186, 200, 167, 86, 145, + 167, 227, 130, 44, 12, 158, 172, 249, 204, 17, 54, 249, 16, 200, 21, 174, + 67, 223, 105, 201, 50, 36, 133, 203, 244, 131, 228, 67, 29, 195, 91, 91, + 55, 107, 167, 154, 170, 137, 218, 183, 169, 61, 99, 175, 128, 23, 142, 183, + 66, 255, 59, 187, 66, 85, 212, 109, 168, 82, 16, 43, 67, 139, 114, 176, + 216, 255, 130, 94, 152, 79, 183, 64, 100, 23, 214, 82, 34, 230, 48, 15, + 242, 130, 50, 241, 81, 32, 5, 125, 183, 182, 184, 99, 248, 109, 159, 210, + 226, 61, 119, 129, 39, 149, 78, 214, 107, 78, 147, 124, 228, 18, 143, 188, + 84, 180, 233, 119, 64, 39, 158, 133, 177, 168, 6, 150, 80, 117, 150, 56, + 49, 72, 49, 37, 30, 242, 49, 142, 33, 156, 34, 44, 44, 72, 58, 22, + 249, 46, 168, 80, 25, 196, 64, 174, 97, 179, 244, 134, 213, 105, 63, 151, + 21, 90, 168, 90, 245, 28, 157, 65, 250, 232, 188, 27, 99, 160, 156, 127, + 68, 193, 10, 80, 205, 36, 138, 229, 12, 223, 70, 169, 251, 41, 48, 94, + 41, 177, 99, 256, 158, 0, 6, 83, 231, 191, 120, 135, 157, 146, 218, 213, + 160, 7, 47, 234, 98, 211, 79, 225, 179, 95, 175, 105, 185, 79, 115, 0, + 104, 14, 65, 124, 15, 188, 52, 9, 253, 27, 132, 137, 13, 127, 75, 238, + 185, 253, 33, 8, 52, 157, 164, 68, 232, 188, 69, 28, 209, 233, 5, 129, + 216, 90, 252, 212, 33, 200, 222, 9, 112, 15, 43, 36, 226, 114, 15, 249, + 217, 8, 148, 22, 147, 23, 143, 67, 222, 116, 235, 250, 212, 210, 39, 142, + 108, 64, 209, 83, 73, 66, 99, 34, 17, 29, 45, 151, 244, 114, 28, 241, + 144, 208, 146, 179, 132, 89, 217, 198, 252, 219, 205, 165, 75, 107, 11, 173, + 76, 6, 196, 247, 152, 216, 248, 91, 209, 178, 57, 250, 174, 60, 79, 123, + 18, 135, 9, 241, 230, 159, 184, 68, 156, 251, 215, 9, 113, 234, 75, 235, + 103, 194, 205, 129, 230, 45, 96, 73, 157, 20, 200, 212, 212, 228, 161, 7, + 231, 228, 108, 43, 198, 87, 140, 140, 4, 182, 164, 3, 53, 104, 250, 213, + 85, 38, 89, 61, 52, 187, 35, 204, 86, 249, 100, 71, 248, 213, 163, 215, + 66, 106, 252, 129, 40, 111, 47, 24, 186, 221, 85, 205, 199, 237, 122, 181, + 32, 46, 182, 135, 33, 251, 142, 34, 208, 242, 128, 255, 4, 234, 15, 33, + 167, 222, 32, 186, 191, 34, 255, 244, 98, 240, 228, 204, 30, 142, 32, 70, + 69, 83, 110, 151, 10, 243, 141, 21, 223, 69, 61, 37, 59, 209, 102, 114, + 223, 33, 129, 254, 255, 103, 86, 247, 235, 72, 126, 177, 102, 226, 102, 30, + 149, 221, 62, 247, 251, 120, 163, 173, 57, 202, 204, 24, 39, 106, 120, 143, + 202, 176, 191, 147, 37, 38, 51, 133, 47, 245, 157, 132, 154, 71, 183, 111, + 30, 180, 18, 202, 82, 96, 170, 91, 157, 181, 212, 140, 256, 8, 196, 121, + 149, 79, 66, 127, 113, 78, 4, 197, 84, 256, 111, 222, 102, 63, 228, 104, + 136, 223, 67, 193, 93, 154, 249, 83, 204, 101, 200, 234, 84, 252, 230, 195, + 43, 140, 120, 242, 89, 63, 166, 233, 209, 94, 43, 170, 126, 5, 205, 78, + 112, 80, 143, 151, 146, 248, 137, 203, 45, 183, 61, 1, 155, 8, 102, 59, + 68, 212, 230, 61, 254, 191, 128, 223, 176, 123, 229, 27, 146, 120, 96, 165, + 213, 12, 232, 40, 186, 225, 66, 105, 200, 195, 212, 110, 237, 238, 151, 19, + 12, 171, 150, 82, 7, 228, 79, 52, 15, 78, 62, 43, 21, 154, 114, 21, + 12, 212, 256, 232, 125, 127, 5, 51, 37, 252, 136, 13, 47, 195, 168, 191, + 231, 55, 57, 251, 214, 116, 15, 86, 210, 41, 249, 242, 119, 27, 250, 203, + 107, 69, 90, 43, 206, 154, 127, 54, 100, 78, 187, 54, 244, 177, 234, 167, + 202, 136, 209, 171, 69, 114, 133, 173, 26, 139, 78, 141, 128, 32, 124, 39, + 45, 218, 96, 68, 90, 44, 67, 62, 83, 190, 188, 256, 103, 42, 102, 64, + 249, 0, 141, 11, 61, 69, 70, 66, 233, 237, 29, 200, 251, 157, 71, 51, + 64, 133, 113, 76, 35, 125, 76, 137, 217, 145, 35, 69, 226, 180, 56, 249, + 156, 163, 176, 237, 81, 54, 85, 169, 115, 211, 129, 70, 248, 40, 252, 192, + 194, 101, 247, 8, 181, 124, 217, 191, 194, 93, 99, 127, 117, 177, 144, 151, + 228, 121, 32, 11, 89, 81, 26, 29, 183, 76, 249, 132, 179, 70, 34, 102, + 20, 66, 87, 63, 124, 205, 174, 177, 87, 219, 73, 218, 91, 87, 176, 72, + 15, 211, 47, 61, 251, 165, 39, 247, 146, 70, 150, 57, 1, 212, 36, 162, + 39, 38, 16, 216, 3, 50, 116, 200, 32, 234, 77, 181, 155, 19, 90, 188, + 36, 6, 254, 46, 46, 203, 25, 230, 181, 196, 4, 151, 225, 65, 122, 216, + 168, 86, 158, 131, 136, 16, 49, 102, 233, 64, 154, 88, 228, 52, 146, 69, + 93, 157, 243, 121, 70, 209, 126, 213, 88, 145, 236, 65, 70, 96, 204, 47, + 10, 200, 77, 8, 103, 150, 48, 153, 5, 37, 52, 235, 209, 31, 181, 126, + 83, 142, 224, 140, 6, 32, 200, 171, 160, 179, 115, 229, 75, 194, 208, 39, + 59, 223, 52, 247, 38, 197, 135, 1, 6, 189, 106, 114, 168, 5, 211, 222, + 44, 63, 90, 160, 116, 172, 170, 133, 125, 138, 39, 131, 23, 178, 10, 214, + 36, 93, 28, 59, 68, 17, 123, 25, 255, 184, 204, 102, 194, 214, 129, 94, + 159, 245, 112, 141, 62, 11, 61, 197, 124, 221, 205, 11, 79, 71, 201, 54, + 58, 150, 29, 121, 87, 46, 240, 201, 68, 20, 194, 209, 47, 152, 158, 174, + 193, 164, 120, 255, 216, 165, 247, 58, 85, 130, 220, 23, 122, 223, 188, 98, + 21, 70, 72, 170, 150, 237, 76, 143, 112, 238, 206, 146, 215, 110, 4, 250, + 68, 44, 174, 177, 30, 98, 143, 241, 180, 127, 113, 48, 0, 1, 179, 199, + 59, 106, 201, 114, 29, 86, 173, 133, 217, 44, 200, 141, 107, 172, 16, 60, + 82, 58, 239, 94, 141, 234, 186, 235, 109, 173, 249, 139, 141, 59, 100, 248, + 84, 144, 49, 160, 51, 207, 164, 103, 74, 97, 146, 202, 193, 125, 168, 134, + 236, 111, 135, 121, 59, 145, 168, 200, 181, 173, 109, 2, 255, 6, 9, 245, + 90, 202, 214, 143, 121, 65, 85, 232, 132, 77, 228, 84, 26, 54, 184, 15, + 161, 29, 177, 79, 43, 0, 156, 184, 163, 165, 62, 90, 179, 93, 45, 239, + 1, 16, 120, 189, 127, 47, 74, 166, 20, 214, 233, 226, 89, 217, 229, 26, + 156, 53, 162, 60, 21, 3, 192, 72, 111, 51, 53, 101, 181, 208, 88, 82, + 179, 160, 219, 113, 240, 108, 43, 224, 162, 147, 62, 14, 95, 81, 205, 4, + 160, 177, 225, 115, 29, 69, 235, 168, 148, 29, 128, 114, 124, 129, 172, 165, + 215, 231, 214, 86, 160, 44, 157, 91, 248, 183, 73, 164, 56, 181, 162, 92, + 141, 118, 127, 240, 196, 77, 0, 9, 244, 79, 250, 100, 195, 25, 255, 85, + 94, 35, 212, 137, 107, 34, 110, 20, 200, 104, 17, 32, 231, 43, 150, 159, + 231, 216, 223, 190, 226, 109, 162, 197, 87, 92, 224, 11, 111, 73, 60, 225, + 238, 73, 246, 169, 19, 217, 119, 38, 121, 118, 70, 82, 99, 241, 110, 67, + 31, 76, 146, 215, 124, 240, 31, 103, 139, 224, 75, 160, 31, 78, 93, 4, + 64, 9, 103, 223, 6, 227, 119, 85, 116, 81, 21, 43, 46, 206, 234, 132, + 85, 99, 22, 131, 135, 97, 86, 13, 234, 188, 21, 14, 89, 169, 207, 238, + 219, 177, 190, 72, 157, 41, 114, 140, 92, 141, 186, 1, 63, 107, 225, 184, + 118, 150, 153, 254, 241, 106, 120, 210, 104, 144, 151, 161, 88, 206, 125, 164, + 15, 211, 173, 49, 146, 241, 71, 36, 58, 201, 46, 27, 33, 187, 91, 162, + 117, 19, 210, 213, 187, 97, 193, 50, 190, 114, 217, 60, 61, 167, 207, 213, + 213, 53, 135, 34, 156, 91, 115, 119, 46, 99, 242, 1, 90, 52, 198, 227, + 201, 91, 216, 146, 210, 82, 121, 38, 73, 133, 182, 193, 132, 148, 246, 75, + 109, 157, 179, 113, 176, 134, 205, 159, 148, 58, 103, 171, 132, 156, 133, 147, + 161, 231, 39, 100, 175, 97, 125, 28, 183, 129, 135, 191, 202, 181, 29, 218, + 43, 104, 148, 203, 189, 204, 4, 182, 169, 1, 134, 122, 141, 202, 13, 187, + 177, 112, 162, 35, 231, 6, 8, 241, 99, 6, 191, 45, 113, 113, 101, 104}; + +// The S-Box we use for further linearity breaking. +// We created it by taking the digits of decimal expansion of e. +// The code that created it can be found in 'ProduceRandomSBox.c'. +unsigned char SBox[256] = { +//0 1 2 3 4 5 6 7 8 9 A B C D E F +0x7d, 0xd1, 0x70, 0x0b, 0xfa, 0x39, 0x18, 0xc3, 0xf3, 0xbb, 0xa7, 0xd4, 0x84, 0x25, 0x3b, 0x3c, // 0 +0x2c, 0x15, 0x69, 0x9a, 0xf9, 0x27, 0xfb, 0x02, 0x52, 0xba, 0xa8, 0x4b, 0x20, 0xb5, 0x8b, 0x3a, // 1 +0x88, 0x8e, 0x26, 0xcb, 0x71, 0x5e, 0xaf, 0xad, 0x0c, 0xac, 0xa1, 0x93, 0xc6, 0x78, 0xce, 0xfc, // 2 +0x2a, 0x76, 0x17, 0x1f, 0x62, 0xc2, 0x2e, 0x99, 0x11, 0x37, 0x65, 0x40, 0xfd, 0xa0, 0x03, 0xc1, // 3 +0xca, 0x48, 0xe2, 0x9b, 0x81, 0xe4, 0x1c, 0x01, 0xec, 0x68, 0x7a, 0x5a, 0x50, 0xf8, 0x0e, 0xa3, // 4 +0xe8, 0x61, 0x2b, 0xa2, 0xeb, 0xcf, 0x8c, 0x3d, 0xb4, 0x95, 0x13, 0x08, 0x46, 0xab, 0x91, 0x7b, // 5 +0xea, 0x55, 0x67, 0x9d, 0xdd, 0x29, 0x6a, 0x8f, 0x9f, 0x22, 0x4e, 0xf2, 0x57, 0xd2, 0xa9, 0xbd, // 6 +0x38, 0x16, 0x5f, 0x4c, 0xf7, 0x9e, 0x1b, 0x2f, 0x30, 0xc7, 0x41, 0x24, 0x5c, 0xbf, 0x05, 0xf6, // 7 +0x0a, 0x31, 0xa5, 0x45, 0x21, 0x33, 0x6b, 0x6d, 0x6c, 0x86, 0xe1, 0xa4, 0xe6, 0x92, 0x9c, 0xdf, // 8 +0xe7, 0xbe, 0x28, 0xe3, 0xfe, 0x06, 0x4d, 0x98, 0x80, 0x04, 0x96, 0x36, 0x3e, 0x14, 0x4a, 0x34, // 9 +0xd3, 0xd5, 0xdb, 0x44, 0xcd, 0xf5, 0x54, 0xdc, 0x89, 0x09, 0x90, 0x42, 0x87, 0xff, 0x7e, 0x56, // A +0x5d, 0x59, 0xd7, 0x23, 0x75, 0x19, 0x97, 0x73, 0x83, 0x64, 0x53, 0xa6, 0x1e, 0xd8, 0xb0, 0x49, // B +0x3f, 0xef, 0xbc, 0x7f, 0x43, 0xf0, 0xc9, 0x72, 0x0f, 0x63, 0x79, 0x2d, 0xc0, 0xda, 0x66, 0xc8, // C +0x32, 0xde, 0x47, 0x07, 0xb8, 0xe9, 0x1d, 0xc4, 0x85, 0x74, 0x82, 0xcc, 0x60, 0x51, 0x77, 0x0d, // D +0xaa, 0x35, 0xed, 0x58, 0x7c, 0x5b, 0xb9, 0x94, 0x6e, 0x8d, 0xb1, 0xc5, 0xb7, 0xee, 0xb6, 0xae, // E +0x10, 0xe0, 0xd6, 0xd9, 0xe5, 0x4f, 0xf1, 0x12, 0x00, 0xd0, 0xf4, 0x1a, 0x6f, 0x8a, 0xb3, 0xb2 }; // F + +/////////////////////////////////////////////////////////////////////////////////////////////// +// +// Helper functions definition portion. +// +/////////////////////////////////////////////////////////////////////////////////////////////// + +// Translates an input array with values in base 257 to output array with values in base 256. +// Returns the carry bit. +// +// Parameters: +// - input: the input array of size EIGHTH_N. Each value in the array is a number in Z_257. +// The MSB is assumed to be the last one in the array. +// - output: the input array encoded in base 256. +// +// Returns: +// - The carry bit (MSB). +swift_int16_t TranslateToBase256(swift_int32_t input[EIGHTH_N], unsigned char output[EIGHTH_N]); + +// Translates an input integer into the range (-FIELD_SIZE / 2) <= result <= (FIELD_SIZE / 2). +// +// Parameters: +// - x: the input integer. +// +// Returns: +// - The result, which equals (x MOD FIELD_SIZE), such that |result| <= (FIELD_SIZE / 2). +int Center(int x); + +// Calculates bit reversal permutation. +// +// Parameters: +// - input: the input to reverse. +// - numOfBits: the number of bits in the input to reverse. +// +// Returns: +// - The resulting number, which is obtained from the input by reversing its bits. +int ReverseBits(int input, int numOfBits); + +// Initializes the FFT fast lookup table. +// Shall be called only once. +void InitializeSWIFFTX(); + +// Calculates the FFT. +// +// Parameters: +// - input: the input to the FFT. +// - output: the resulting output. +void FFT(const unsigned char input[EIGHTH_N], swift_int32_t *output); + +/////////////////////////////////////////////////////////////////////////////////////////////// +// Helper functions implementation portion. +/////////////////////////////////////////////////////////////////////////////////////////////// + +swift_int16_t TranslateToBase256(swift_int32_t input[EIGHTH_N], unsigned char output[EIGHTH_N]) +{ + swift_int32_t pairs[EIGHTH_N / 2]; + int i; + + for (i = 0; i < EIGHTH_N; i += 2) + { + // input[i] + 257 * input[i + 1] + pairs[i >> 1] = input[i] + input[i + 1] + (input[i + 1] << 8); + } + + for (i = (EIGHTH_N / 2) - 1; i > 0; --i) + { + int j; + + for (j = i - 1; j < (EIGHTH_N / 2) - 1; ++j) + { + // pairs[j + 1] * 513, because 257^2 = 513 % 256^2. + register swift_int32_t temp = pairs[j] + pairs[j + 1] + (pairs[j + 1] << 9); + pairs[j] = temp & 0xffff; + pairs[j + 1] += (temp >> 16); + } + } + + for (i = 0; i < EIGHTH_N; i += 2) + { + output[i] = (unsigned char) (pairs[i >> 1] & 0xff); + output[i + 1] = (unsigned char) ((pairs[i >> 1] >> 8) & 0xff); + } + + return (pairs[EIGHTH_N/2 - 1] >> 16); +} + +int Center(int x) +{ + int result = x % FIELD_SIZE; + + if (result > (FIELD_SIZE / 2)) + result -= FIELD_SIZE; + + if (result < (FIELD_SIZE / -2)) + result += FIELD_SIZE; + + return result; +} + +int ReverseBits(int input, int numOfBits) +{ + register int reversed = 0; + + for (input |= numOfBits; input > 1; input >>= 1) + reversed = (reversed << 1) | (input & 1); + + return reversed; +} + +void InitializeSWIFFTX() +{ + int i, j, k, x; + // The powers of OMEGA + int omegaPowers[2 * N]; + omegaPowers[0] = 1; + + if (wasSetupDone) + return; + + for (i = 1; i < (2 * N); ++i) + { + omegaPowers[i] = Center(omegaPowers[i - 1] * OMEGA); + } + + for (i = 0; i < (N / W); ++i) + { + for (j = 0; j < W; ++j) + { + multipliers[(i << 3) + j] = omegaPowers[ReverseBits(i, N / W) * (2 * j + 1)]; + } + } + + for (x = 0; x < 256; ++x) + { + for (j = 0; j < 8; ++j) + { + register int temp = 0; + for (k = 0; k < 8; ++k) + { + temp += omegaPowers[(EIGHTH_N * (2 * j + 1) * ReverseBits(k, W)) % (2 * N)] + * ((x >> k) & 1); + } + + fftTable[(x << 3) + j] = Center(temp); + } + } + + wasSetupDone = true; +} + +void FFT(const unsigned char input[EIGHTH_N], swift_int32_t *output) +{ + swift_int16_t *mult = multipliers; + +/* + swift_int32_t F[64]; + + for (int i = 0; i < 8; i++) + { + int j = i<<3; + swift_int16_t *table = &(fftTable[input[i] << 3]); + F[i ] = mult[j+0] * table[0]; + F[i+ 8] = mult[j+1] * table[1]; + F[i+16] = mult[j+2] * table[2]; + F[i+24] = mult[j+3] * table[3]; + F[i+32] = mult[j+4] * table[4]; + F[i+40] = mult[j+5] * table[5]; + F[i+48] = mult[j+6] * table[6]; + F[i+56] = mult[j+7] * table[7]; + } +*/ + + register swift_int32_t F0, F1, F2, F3, F4, F5, F6, F7, F8, F9, + F10, F11, F12, F13, F14, F15, F16, F17, F18, F19, + F20, F21, F22, F23, F24, F25, F26, F27, F28, F29, + F30, F31, F32, F33, F34, F35, F36, F37, F38, F39, + F40, F41, F42, F43, F44, F45, F46, F47, F48, F49, + F50, F51, F52, F53, F54, F55, F56, F57, F58, F59, + F60, F61, F62, F63; + + // First loop unrolling: + register swift_int16_t *table = &(fftTable[input[0] << 3]); + + F0 = mult[0] * table[0]; + F8 = mult[1] * table[1]; + F16 = mult[2] * table[2]; + F24 = mult[3] * table[3]; + F32 = mult[4] * table[4]; + F40 = mult[5] * table[5]; + F48 = mult[6] * table[6]; + F56 = mult[7] * table[7]; + + mult += 8; + table = &(fftTable[input[1] << 3]); + + F1 = mult[0] * table[0]; + F9 = mult[1] * table[1]; + F17 = mult[2] * table[2]; + F25 = mult[3] * table[3]; + F33 = mult[4] * table[4]; + F41 = mult[5] * table[5]; + F49 = mult[6] * table[6]; + F57 = mult[7] * table[7]; + + mult += 8; + table = &(fftTable[input[2] << 3]); + + F2 = mult[0] * table[0]; + F10 = mult[1] * table[1]; + F18 = mult[2] * table[2]; + F26 = mult[3] * table[3]; + F34 = mult[4] * table[4]; + F42 = mult[5] * table[5]; + F50 = mult[6] * table[6]; + F58 = mult[7] * table[7]; + + mult += 8; + table = &(fftTable[input[3] << 3]); + + F3 = mult[0] * table[0]; + F11 = mult[1] * table[1]; + F19 = mult[2] * table[2]; + F27 = mult[3] * table[3]; + F35 = mult[4] * table[4]; + F43 = mult[5] * table[5]; + F51 = mult[6] * table[6]; + F59 = mult[7] * table[7]; + + mult += 8; + table = &(fftTable[input[4] << 3]); + + F4 = mult[0] * table[0]; + F12 = mult[1] * table[1]; + F20 = mult[2] * table[2]; + F28 = mult[3] * table[3]; + F36 = mult[4] * table[4]; + F44 = mult[5] * table[5]; + F52 = mult[6] * table[6]; + F60 = mult[7] * table[7]; + + mult += 8; + table = &(fftTable[input[5] << 3]); + + F5 = mult[0] * table[0]; + F13 = mult[1] * table[1]; + F21 = mult[2] * table[2]; + F29 = mult[3] * table[3]; + F37 = mult[4] * table[4]; + F45 = mult[5] * table[5]; + F53 = mult[6] * table[6]; + F61 = mult[7] * table[7]; + + mult += 8; + table = &(fftTable[input[6] << 3]); + + F6 = mult[0] * table[0]; + F14 = mult[1] * table[1]; + F22 = mult[2] * table[2]; + F30 = mult[3] * table[3]; + F38 = mult[4] * table[4]; + F46 = mult[5] * table[5]; + F54 = mult[6] * table[6]; + F62 = mult[7] * table[7]; + + mult += 8; + table = &(fftTable[input[7] << 3]); + + F7 = mult[0] * table[0]; + F15 = mult[1] * table[1]; + F23 = mult[2] * table[2]; + F31 = mult[3] * table[3]; + F39 = mult[4] * table[4]; + F47 = mult[5] * table[5]; + F55 = mult[6] * table[6]; + F63 = mult[7] * table[7]; + +/* + + for ( int i = 0; i < 8; i++ ) + { + int j = i<<3; + ADD_SUB( F[j ], F[j+1] ); + ADD_SUB( F[j+2], F[j+3] ); + ADD_SUB( F[j+4], F[j+5] ); + ADD_SUB( F[j+6], F[j+7] ); + + F[j+3] <<= 4; + F[j+7] <<= 4; + + ADD_SUB( F[j ], F[j+2] ); + ADD_SUB( F[j+1], F[j+3] ); + ADD_SUB( F[j+4], F[j+6] ); + ADD_SUB( F[j+5], F[j+7] ); + + F[j+5] <<= 2; + F[j+6] <<= 4; + F[j+7] <<= 6; + + ADD_SUB( F[j ], F[j+4] ); + ADD_SUB( F[j+1], F[j+5] ); + ADD_SUB( F[j+2], F[j+6] ); + ADD_SUB( F[j+3], F[j+7] ); + + output[i ] = Q_REDUCE( F[j ] ); + output[i+ 8] = Q_REDUCE( F[j+1] ); + output[i+16] = Q_REDUCE( F[j+2] ); + output[i+24] = Q_REDUCE( F[j+3] ); + output[i+32] = Q_REDUCE( F[j+4] ); + output[i+40] = Q_REDUCE( F[j+5] ); + output[i+48] = Q_REDUCE( F[j+6] ); + output[i+56] = Q_REDUCE( F[j+7] ); + } +*/ + + + // Second loop unrolling: + // Iteration 0: + ADD_SUB(F0, F1); + ADD_SUB(F2, F3); + ADD_SUB(F4, F5); + ADD_SUB(F6, F7); + + F3 <<= 4; + F7 <<= 4; + + ADD_SUB(F0, F2); + ADD_SUB(F1, F3); + ADD_SUB(F4, F6); + ADD_SUB(F5, F7); + + F5 <<= 2; + F6 <<= 4; + F7 <<= 6; + + ADD_SUB(F0, F4); + ADD_SUB(F1, F5); + ADD_SUB(F2, F6); + ADD_SUB(F3, F7); + + output[0] = Q_REDUCE(F0); + output[8] = Q_REDUCE(F1); + output[16] = Q_REDUCE(F2); + output[24] = Q_REDUCE(F3); + output[32] = Q_REDUCE(F4); + output[40] = Q_REDUCE(F5); + output[48] = Q_REDUCE(F6); + output[56] = Q_REDUCE(F7); + + // Iteration 1: + ADD_SUB(F8, F9); + ADD_SUB(F10, F11); + ADD_SUB(F12, F13); + ADD_SUB(F14, F15); + + F11 <<= 4; + F15 <<= 4; + + ADD_SUB(F8, F10); + ADD_SUB(F9, F11); + ADD_SUB(F12, F14); + ADD_SUB(F13, F15); + + F13 <<= 2; + F14 <<= 4; + F15 <<= 6; + + ADD_SUB(F8, F12); + ADD_SUB(F9, F13); + ADD_SUB(F10, F14); + ADD_SUB(F11, F15); + + output[1] = Q_REDUCE(F8); + output[9] = Q_REDUCE(F9); + output[17] = Q_REDUCE(F10); + output[25] = Q_REDUCE(F11); + output[33] = Q_REDUCE(F12); + output[41] = Q_REDUCE(F13); + output[49] = Q_REDUCE(F14); + output[57] = Q_REDUCE(F15); + + // Iteration 2: + ADD_SUB(F16, F17); + ADD_SUB(F18, F19); + ADD_SUB(F20, F21); + ADD_SUB(F22, F23); + + F19 <<= 4; + F23 <<= 4; + + ADD_SUB(F16, F18); + ADD_SUB(F17, F19); + ADD_SUB(F20, F22); + ADD_SUB(F21, F23); + + F21 <<= 2; + F22 <<= 4; + F23 <<= 6; + + ADD_SUB(F16, F20); + ADD_SUB(F17, F21); + ADD_SUB(F18, F22); + ADD_SUB(F19, F23); + + output[2] = Q_REDUCE(F16); + output[10] = Q_REDUCE(F17); + output[18] = Q_REDUCE(F18); + output[26] = Q_REDUCE(F19); + output[34] = Q_REDUCE(F20); + output[42] = Q_REDUCE(F21); + output[50] = Q_REDUCE(F22); + output[58] = Q_REDUCE(F23); + + // Iteration 3: + ADD_SUB(F24, F25); + ADD_SUB(F26, F27); + ADD_SUB(F28, F29); + ADD_SUB(F30, F31); + + F27 <<= 4; + F31 <<= 4; + + ADD_SUB(F24, F26); + ADD_SUB(F25, F27); + ADD_SUB(F28, F30); + ADD_SUB(F29, F31); + + F29 <<= 2; + F30 <<= 4; + F31 <<= 6; + + ADD_SUB(F24, F28); + ADD_SUB(F25, F29); + ADD_SUB(F26, F30); + ADD_SUB(F27, F31); + + output[3] = Q_REDUCE(F24); + output[11] = Q_REDUCE(F25); + output[19] = Q_REDUCE(F26); + output[27] = Q_REDUCE(F27); + output[35] = Q_REDUCE(F28); + output[43] = Q_REDUCE(F29); + output[51] = Q_REDUCE(F30); + output[59] = Q_REDUCE(F31); + + // Iteration 4: + ADD_SUB(F32, F33); + ADD_SUB(F34, F35); + ADD_SUB(F36, F37); + ADD_SUB(F38, F39); + + F35 <<= 4; + F39 <<= 4; + + ADD_SUB(F32, F34); + ADD_SUB(F33, F35); + ADD_SUB(F36, F38); + ADD_SUB(F37, F39); + + F37 <<= 2; + F38 <<= 4; + F39 <<= 6; + + ADD_SUB(F32, F36); + ADD_SUB(F33, F37); + ADD_SUB(F34, F38); + ADD_SUB(F35, F39); + + output[4] = Q_REDUCE(F32); + output[12] = Q_REDUCE(F33); + output[20] = Q_REDUCE(F34); + output[28] = Q_REDUCE(F35); + output[36] = Q_REDUCE(F36); + output[44] = Q_REDUCE(F37); + output[52] = Q_REDUCE(F38); + output[60] = Q_REDUCE(F39); + + // Iteration 5: + ADD_SUB(F40, F41); + ADD_SUB(F42, F43); + ADD_SUB(F44, F45); + ADD_SUB(F46, F47); + + F43 <<= 4; + F47 <<= 4; + + ADD_SUB(F40, F42); + ADD_SUB(F41, F43); + ADD_SUB(F44, F46); + ADD_SUB(F45, F47); + + F45 <<= 2; + F46 <<= 4; + F47 <<= 6; + + ADD_SUB(F40, F44); + ADD_SUB(F41, F45); + ADD_SUB(F42, F46); + ADD_SUB(F43, F47); + + output[5] = Q_REDUCE(F40); + output[13] = Q_REDUCE(F41); + output[21] = Q_REDUCE(F42); + output[29] = Q_REDUCE(F43); + output[37] = Q_REDUCE(F44); + output[45] = Q_REDUCE(F45); + output[53] = Q_REDUCE(F46); + output[61] = Q_REDUCE(F47); + + // Iteration 6: + ADD_SUB(F48, F49); + ADD_SUB(F50, F51); + ADD_SUB(F52, F53); + ADD_SUB(F54, F55); + + F51 <<= 4; + F55 <<= 4; + + ADD_SUB(F48, F50); + ADD_SUB(F49, F51); + ADD_SUB(F52, F54); + ADD_SUB(F53, F55); + + F53 <<= 2; + F54 <<= 4; + F55 <<= 6; + + ADD_SUB(F48, F52); + ADD_SUB(F49, F53); + ADD_SUB(F50, F54); + ADD_SUB(F51, F55); + + output[6] = Q_REDUCE(F48); + output[14] = Q_REDUCE(F49); + output[22] = Q_REDUCE(F50); + output[30] = Q_REDUCE(F51); + output[38] = Q_REDUCE(F52); + output[46] = Q_REDUCE(F53); + output[54] = Q_REDUCE(F54); + output[62] = Q_REDUCE(F55); + + // Iteration 7: + ADD_SUB(F56, F57); + ADD_SUB(F58, F59); + ADD_SUB(F60, F61); + ADD_SUB(F62, F63); + + F59 <<= 4; + F63 <<= 4; + + ADD_SUB(F56, F58); + ADD_SUB(F57, F59); + ADD_SUB(F60, F62); + ADD_SUB(F61, F63); + + F61 <<= 2; + F62 <<= 4; + F63 <<= 6; + + ADD_SUB(F56, F60); + ADD_SUB(F57, F61); + ADD_SUB(F58, F62); + ADD_SUB(F59, F63); + + output[7] = Q_REDUCE(F56); + output[15] = Q_REDUCE(F57); + output[23] = Q_REDUCE(F58); + output[31] = Q_REDUCE(F59); + output[39] = Q_REDUCE(F60); + output[47] = Q_REDUCE(F61); + output[55] = Q_REDUCE(F62); + output[63] = Q_REDUCE(F63); +} + +// Calculates the FFT part of SWIFFT. +// We divided the SWIFFT calculation into two, because that way we could save 2 computations of +// the FFT part, since in the first stage of SWIFFTX the difference between the first 3 SWIFFTs +// is only the A's part. +// +// Parameters: +// - input: the input to FFT. +// - m: the input size divided by 8. The function performs m FFTs. +// - output: will store the result. +void SWIFFTFFT(const unsigned char *input, int m, swift_int32_t *output) +{ + int i; + + for ( i = 0; i < m; i++, input += EIGHTH_N, output += N ) + FFT( input, output ); +} + +// Calculates the 'sum' part of SWIFFT, including the base change at the end. +// We divided the SWIFFT calculation into two, because that way we could save 2 computations of +// the FFT part, since in the first stage of SWIFFTX the difference between the first 3 SWIFFTs +// is only the A's part. +// +// Parameters: +// - input: the input. Of size 64 * m. +// - m: the input size divided by 64. +// - output: will store the result. +// - a: the coefficients in the sum. Of size 64 * m. +void SWIFFTSum(const swift_int32_t *input, int m, unsigned char *output, const swift_int16_t *a) +{ + int i, j; + swift_int32_t result[N]; + register swift_int16_t carry = 0; + + for (j = 0; j < N; ++j) + { + register swift_int32_t sum = 0; + const register swift_int32_t *f = input + j; + const register swift_int16_t *k = a + j; + + for (i = 0; i < m; i++, f += N,k += N) + sum += (*f) * (*k); + + result[j] = sum; + } + + for (j = 0; j < N; ++j) + result[j] = ((FIELD_SIZE << 22) + result[j]) % FIELD_SIZE; + + for (j = 0; j < 8; ++j) + { + int register carryBit = TranslateToBase256(result + (j << 3), output + (j << 3)); + carry |= carryBit << j; + } + + output[N] = carry; +} + +void ComputeSingleSWIFFTX_smooth(unsigned char input[SWIFFTX_INPUT_BLOCK_SIZE], + unsigned char output[SWIFFTX_OUTPUT_BLOCK_SIZE], + bool doSmooth) +{ + int i; + // Will store the result of the FFT parts: + swift_int32_t fftOut[N * M]; + unsigned char intermediate[N * 3 + 8]; + unsigned char carry0,carry1,carry2; + + // Do the three SWIFFTS while remembering the three carry bytes (each carry byte gets + // overriden by the following SWIFFT): + + // 1. Compute the FFT of the input - the common part for the first 3 SWIFFTs: + SWIFFTFFT(input, M, fftOut); + + // 2. Compute the sums of the 3 SWIFFTs, each using a different set of coefficients: + + // 2a. The first SWIFFT: + SWIFFTSum(fftOut, M, intermediate, As); + // Remember the carry byte: + carry0 = intermediate[N]; + + // 2b. The second one: + SWIFFTSum(fftOut, M, intermediate + N, As + (M * N)); + carry1 = intermediate[2 * N]; + + // 2c. The third one: + SWIFFTSum(fftOut, M, intermediate + (2 * N), As + 2 * (M * N)); + carry2 = intermediate[3 * N]; + + //2d. Put three carry bytes in their place + intermediate[3 * N] = carry0; + intermediate[(3 * N) + 1] = carry1; + intermediate[(3 * N) + 2] = carry2; + + // Padding intermediate output with 5 zeroes. + memset(intermediate + (3 * N) + 3, 0, 5); + + // Apply the S-Box: + for ( i = 0; i < (3 * N) + 8; ++i ) + intermediate[i] = SBox[intermediate[i]]; + + // 3. The final and last SWIFFT: + SWIFFTFFT(intermediate, 3 * (N/8) + 1, fftOut); + SWIFFTSum(fftOut, 3 * (N/8) + 1, output, As); + + if (doSmooth) + { + unsigned char sum[N]; + register int i, j; + memset(sum, 0, N); + + for (i = 0; i < (N + 1) * 8; ++i) + { + register const swift_int16_t *AsRow; + register int AShift; + + if ( !( output[i >> 3] & ( 1 << (i&7) ) ) ) + continue; + + AsRow = As + N * M + (i & ~(N - 1)) ; + AShift = i & 63; + + for ( j = AShift; j < N; ++j ) + sum[j] += AsRow[j - AShift]; + + for( j = 0; j < AShift; ++j ) + sum[j] -= AsRow[N - AShift + j]; + } + + for ( i = 0; i < N; ++i ) + output[i] = sum[i]; + + output[N] = 0; + } +} + +void ComputeSingleSWIFFTX( unsigned char input[SWIFFTX_INPUT_BLOCK_SIZE], + unsigned char output[SWIFFTX_OUTPUT_BLOCK_SIZE] ) +{ + int i; + // Will store the result of the FFT parts: + swift_int32_t fftOut[N * M]; + unsigned char intermediate[N * 3 + 8]; + unsigned char carry0,carry1,carry2; + + // Do the three SWIFFTS while remembering the three carry bytes (each carry byte gets + // overriden by the following SWIFFT): + + // 1. Compute the FFT of the input - the common part for the first 3 SWIFFTs: + SWIFFTFFT(input, M, fftOut); + + // 2. Compute the sums of the 3 SWIFFTs, each using a different set of coefficients: + + // 2a. The first SWIFFT: + SWIFFTSum(fftOut, M, intermediate, As); + // Remember the carry byte: + carry0 = intermediate[N]; + + // 2b. The second one: + SWIFFTSum(fftOut, M, intermediate + N, As + (M * N)); + carry1 = intermediate[2 * N]; + + // 2c. The third one: + SWIFFTSum(fftOut, M, intermediate + (2 * N), As + 2 * (M * N)); + carry2 = intermediate[3 * N]; + + //2d. Put three carry bytes in their place + intermediate[3 * N] = carry0; + intermediate[(3 * N) + 1] = carry1; + intermediate[(3 * N) + 2] = carry2; + + // Padding intermediate output with 5 zeroes. + memset(intermediate + (3 * N) + 3, 0, 5); + + // Apply the S-Box: + for ( i = 0; i < (3 * N) + 8; ++i ) + intermediate[i] = SBox[intermediate[i]]; + + // 3. The final and last SWIFFT: + SWIFFTFFT(intermediate, 3 * (N/8) + 1, fftOut); + SWIFFTSum(fftOut, 3 * (N/8) + 1, output, As); + +} diff --git a/algo/swifftx/swifftx.c.bak b/algo/swifftx/swifftx.c.bak new file mode 100644 index 0000000..24453e2 --- /dev/null +++ b/algo/swifftx/swifftx.c.bak @@ -0,0 +1,1155 @@ +/////////////////////////////////////////////////////////////////////////////////////////////// +// +// SWIFFTX ANSI C OPTIMIZED 32BIT IMPLEMENTATION FOR NIST SHA-3 COMPETITION +// +// SWIFFTX.c +// +// October 2008 +// +// This is the source file of the OPTIMIZED 32BIT implementation of SWIFFTX hash function. +// SWIFFTX is a candidate function for SHA-3 NIST competition. +// More details about SWIFFTX can be found in the accompanying submission documents. +// +/////////////////////////////////////////////////////////////////////////////////////////////// +#include "swifftx.h" +// See the remarks concerning compatibility issues inside stdint.h. +#include "stdint.h" +// Remove this while using gcc: +//#include "stdbool.h" +#include + +/////////////////////////////////////////////////////////////////////////////////////////////// +// Constants and static tables portion. +/////////////////////////////////////////////////////////////////////////////////////////////// + +// In SWIFFTX we work over Z_257, so this is the modulus and the arithmetic is performed modulo +// this number. +#define FIELD_SIZE 257 + +// The size of FFT we use: +#define N 64 + +#define LOGN 6 + +#define EIGHTH_N (N / 8) + +// The number of FFTS done on the input. +#define M (SWIFFTX_INPUT_BLOCK_SIZE / 8) // 32 + +// Omega is the 128th root of unity in Z_257. +// We choose w = 42. +#define OMEGA 42 + +// The size of the inner FFT lookup table: +#define W 8 + +// Calculates the sum and the difference of two numbers. +// +// Parameters: +// - A: the first operand. After the operation stores the sum of the two operands. +// - B: the second operand. After the operation stores the difference between the first and the +// second operands. +#define ADD_SUB(A, B) {register int temp = (B); B = ((A) - (B)); A = ((A) + (temp));} + +// Quickly reduces an integer modulo 257. +// +// Parameters: +// - A: the input. +#define Q_REDUCE(A) (((A) & 0xff) - ((A) >> 8)) + +// Since we need to do the setup only once, this is the indicator variable: +static bool wasSetupDone = false; + +// This array stores the powers of omegas that correspond to the indices, which are the input +// values. Known also as the "outer FFT twiddle factors". +swift_int16_t multipliers[N]; + +// This array stores the powers of omegas, multiplied by the corresponding values. +// We store this table to save computation time. +// +// To calculate the intermediate value of the compression function (the first out of two +// stages), we multiply the k-th bit of x_i by w^[(2i + 1) * k]. {x_i} is the input to the +// compression function, i is between 0 and 31, x_i is a 64-bit value. +// One can see the formula for this (intermediate) stage in the SWIFFT FSE 2008 paper -- +// formula (2), section 3, page 6. +swift_int16_t fftTable[256 * EIGHTH_N]; + +// The A's we use in SWIFFTX shall be random elements of Z_257. +// We generated these A's from the decimal expansion of PI as follows: we converted each +// triple of digits into a decimal number d. If d < (257 * 3) we used (d % 257) for the next A +// element, otherwise move to the next triple of digits in the expansion. This guarntees that +// the A's are random, provided that PI digits are. +const swift_int16_t As[3 * M * N] = +{141, 78, 139, 75, 238, 205, 129, 126, 22, 245, 197, 169, 142, 118, 105, 78, + 50, 149, 29, 208, 114, 34, 85, 117, 67, 148, 86, 256, 25, 49, 133, 93, + 95, 36, 68, 231, 211, 102, 151, 128, 224, 117, 193, 27, 102, 187, 7, 105, + 45, 130, 108, 124, 171, 151, 189, 128, 218, 134, 233, 165, 14, 201, 145, 134, + 52, 203, 91, 96, 197, 69, 134, 213, 136, 93, 3, 249, 141, 16, 210, 73, + 6, 92, 58, 74, 174, 6, 254, 91, 201, 107, 110, 76, 103, 11, 73, 16, + 34, 209, 7, 127, 146, 254, 95, 176, 57, 13, 108, 245, 77, 92, 186, 117, + 124, 97, 105, 118, 34, 74, 205, 122, 235, 53, 94, 238, 210, 227, 183, 11, + 129, 159, 105, 183, 142, 129, 86, 21, 137, 138, 224, 223, 190, 188, 179, 188, + 256, 25, 217, 176, 36, 176, 238, 127, 160, 210, 155, 148, 132, 0, 54, 127, + 145, 6, 46, 85, 243, 95, 173, 123, 178, 207, 211, 183, 224, 173, 146, 35, + 71, 114, 50, 22, 175, 1, 28, 19, 112, 129, 21, 34, 161, 159, 115, 52, + 4, 193, 211, 92, 115, 49, 59, 217, 218, 96, 61, 81, 24, 202, 198, 89, + 45, 128, 8, 51, 253, 87, 171, 35, 4, 188, 171, 10, 3, 137, 238, 73, + 19, 208, 124, 163, 103, 177, 155, 147, 46, 84, 253, 233, 171, 241, 211, 217, + 159, 48, 96, 79, 237, 18, 171, 226, 99, 1, 97, 195, 216, 163, 198, 95, + 0, 201, 65, 228, 21, 153, 124, 230, 44, 35, 44, 108, 85, 156, 249, 207, + 26, 222, 131, 1, 60, 242, 197, 150, 181, 19, 116, 213, 75, 98, 124, 240, + 123, 207, 62, 255, 60, 143, 187, 157, 139, 9, 12, 104, 89, 49, 193, 146, + 104, 196, 181, 82, 198, 253, 192, 191, 255, 122, 212, 104, 47, 20, 132, 208, + 46, 170, 2, 69, 234, 36, 56, 163, 28, 152, 104, 238, 162, 56, 24, 58, + 38, 150, 193, 254, 253, 125, 173, 35, 73, 126, 247, 239, 216, 6, 199, 15, + 90, 12, 97, 122, 9, 84, 207, 127, 219, 72, 58, 30, 29, 182, 41, 192, + 235, 248, 237, 74, 72, 176, 210, 252, 45, 64, 165, 87, 202, 241, 236, 223, + 151, 242, 119, 239, 52, 112, 169, 28, 13, 37, 160, 60, 158, 81, 133, 60, + 16, 145, 249, 192, 173, 217, 214, 93, 141, 184, 54, 34, 161, 104, 157, 95, + 38, 133, 218, 227, 211, 181, 9, 66, 137, 143, 77, 33, 248, 159, 4, 55, + 228, 48, 99, 219, 222, 184, 15, 36, 254, 256, 157, 237, 87, 139, 209, 113, + 232, 85, 126, 167, 197, 100, 103, 166, 64, 225, 125, 205, 117, 135, 84, 128, + 231, 112, 90, 241, 28, 22, 210, 147, 186, 49, 230, 21, 108, 39, 194, 47, + 123, 199, 107, 114, 30, 210, 250, 143, 59, 156, 131, 133, 221, 27, 76, 99, + 208, 250, 78, 12, 211, 141, 95, 81, 195, 106, 8, 232, 150, 212, 205, 221, + 11, 225, 87, 219, 126, 136, 137, 180, 198, 48, 68, 203, 239, 252, 194, 235, + 142, 137, 174, 172, 190, 145, 250, 221, 182, 204, 1, 195, 130, 153, 83, 241, + 161, 239, 211, 138, 11, 169, 155, 245, 174, 49, 10, 166, 16, 130, 181, 139, + 222, 222, 112, 99, 124, 94, 51, 243, 133, 194, 244, 136, 35, 248, 201, 177, + 178, 186, 129, 102, 89, 184, 180, 41, 149, 96, 165, 72, 225, 231, 134, 158, + 199, 28, 249, 16, 225, 195, 10, 210, 164, 252, 138, 8, 35, 152, 213, 199, + 82, 116, 97, 230, 63, 199, 241, 35, 79, 120, 54, 174, 67, 112, 1, 76, + 69, 222, 194, 96, 82, 94, 25, 228, 196, 145, 155, 136, 228, 234, 46, 101, + 246, 51, 103, 166, 246, 75, 9, 200, 161, 4, 108, 35, 129, 168, 208, 144, + 50, 14, 13, 220, 41, 132, 122, 127, 194, 9, 232, 234, 107, 28, 187, 8, + 51, 141, 97, 221, 225, 9, 113, 170, 166, 102, 135, 22, 231, 185, 227, 187, + 110, 145, 251, 146, 76, 22, 146, 228, 7, 53, 64, 25, 62, 198, 130, 190, + 221, 232, 169, 64, 188, 199, 237, 249, 173, 218, 196, 191, 48, 224, 5, 113, + 100, 166, 160, 21, 191, 197, 61, 162, 149, 171, 240, 183, 129, 231, 123, 204, + 192, 179, 134, 15, 47, 161, 142, 177, 239, 234, 186, 237, 231, 53, 208, 95, + 146, 36, 225, 231, 89, 142, 93, 248, 137, 124, 83, 39, 69, 77, 89, 208, + 182, 48, 85, 147, 244, 164, 246, 68, 38, 190, 220, 35, 202, 91, 157, 151, + 201, 240, 185, 218, 4, 152, 2, 132, 177, 88, 190, 196, 229, 74, 220, 135, + 137, 196, 11, 47, 5, 251, 106, 144, 163, 60, 222, 127, 52, 57, 202, 102, + 64, 140, 110, 206, 23, 182, 39, 245, 1, 163, 157, 186, 163, 80, 7, 230, + 44, 249, 176, 102, 164, 125, 147, 120, 18, 191, 186, 125, 64, 65, 198, 157, + 164, 213, 95, 61, 13, 181, 208, 91, 242, 197, 158, 34, 98, 169, 91, 14, + 17, 93, 157, 17, 65, 30, 183, 6, 139, 58, 255, 108, 100, 136, 209, 144, + 164, 6, 237, 33, 210, 110, 57, 126, 197, 136, 125, 244, 165, 151, 168, 3, + 143, 251, 247, 155, 136, 130, 88, 14, 74, 121, 250, 133, 21, 226, 185, 232, + 118, 132, 89, 64, 204, 161, 2, 70, 224, 159, 35, 204, 123, 180, 13, 52, + 231, 57, 25, 78, 66, 69, 97, 42, 198, 84, 176, 59, 8, 232, 125, 134, + 193, 2, 232, 109, 216, 69, 90, 142, 32, 38, 249, 37, 75, 180, 184, 188, + 19, 47, 120, 87, 146, 70, 232, 120, 191, 45, 33, 38, 19, 248, 110, 110, + 44, 64, 2, 84, 244, 228, 252, 228, 170, 123, 38, 144, 213, 144, 171, 212, + 243, 87, 189, 46, 128, 110, 84, 77, 65, 183, 61, 184, 101, 44, 168, 68, + 14, 106, 105, 8, 227, 211, 166, 39, 152, 43, 52, 254, 197, 55, 119, 89, + 168, 65, 53, 138, 177, 56, 219, 0, 58, 121, 148, 18, 44, 100, 215, 103, + 145, 229, 117, 196, 91, 89, 113, 143, 172, 239, 249, 184, 154, 39, 112, 65, + 204, 42, 84, 38, 155, 151, 151, 16, 100, 87, 174, 162, 145, 147, 149, 186, + 237, 145, 134, 144, 198, 235, 213, 163, 48, 230, 24, 47, 57, 71, 127, 0, + 150, 219, 12, 81, 197, 150, 131, 13, 169, 63, 175, 184, 48, 235, 65, 243, + 149, 200, 163, 254, 202, 114, 247, 67, 143, 250, 126, 228, 80, 130, 216, 214, + 36, 2, 230, 33, 119, 125, 3, 142, 237, 100, 3, 152, 197, 174, 244, 129, + 232, 30, 206, 199, 39, 210, 220, 43, 237, 221, 201, 54, 179, 42, 28, 133, + 246, 203, 198, 177, 0, 28, 194, 85, 223, 109, 155, 147, 221, 60, 133, 108, + 157, 254, 26, 75, 157, 185, 49, 142, 31, 137, 71, 43, 63, 64, 237, 148, + 237, 172, 159, 160, 155, 254, 234, 224, 140, 193, 114, 140, 62, 109, 136, 39, + 255, 8, 158, 146, 128, 49, 222, 96, 57, 209, 180, 249, 202, 127, 113, 231, + 78, 178, 46, 33, 228, 215, 104, 31, 207, 186, 82, 41, 42, 39, 103, 119, + 123, 133, 243, 254, 238, 156, 90, 186, 37, 212, 33, 107, 252, 51, 177, 36, + 237, 76, 159, 245, 93, 214, 97, 56, 190, 38, 160, 94, 105, 222, 220, 158, + 49, 16, 191, 52, 120, 87, 179, 2, 27, 144, 223, 230, 184, 6, 129, 227, + 69, 47, 215, 181, 162, 139, 72, 200, 45, 163, 159, 62, 2, 221, 124, 40, + 159, 242, 35, 208, 179, 166, 98, 67, 178, 68, 143, 225, 178, 146, 187, 159, + 57, 66, 176, 192, 236, 250, 168, 224, 122, 43, 159, 120, 133, 165, 122, 64, + 87, 74, 161, 241, 9, 87, 90, 24, 255, 113, 203, 220, 57, 139, 197, 159, + 31, 151, 27, 140, 77, 162, 7, 27, 84, 228, 187, 220, 53, 126, 162, 242, + 84, 181, 223, 103, 86, 177, 207, 31, 140, 18, 207, 256, 201, 166, 96, 23, + 233, 103, 197, 84, 161, 75, 59, 149, 138, 154, 119, 92, 16, 53, 116, 97, + 220, 114, 35, 45, 77, 209, 40, 196, 71, 22, 81, 178, 110, 14, 3, 180, + 110, 129, 112, 47, 18, 61, 134, 78, 73, 79, 254, 232, 125, 180, 205, 54, + 220, 119, 63, 89, 181, 52, 77, 109, 151, 77, 80, 207, 144, 25, 20, 6, + 208, 47, 201, 206, 192, 14, 73, 176, 256, 201, 207, 87, 216, 60, 56, 73, + 92, 243, 179, 113, 49, 59, 55, 168, 121, 137, 69, 154, 95, 57, 187, 47, + 129, 4, 15, 92, 6, 116, 69, 196, 48, 134, 84, 81, 111, 56, 38, 176, + 239, 6, 128, 72, 242, 134, 36, 221, 59, 48, 242, 68, 130, 110, 171, 89, + 13, 220, 48, 29, 5, 75, 104, 233, 91, 129, 105, 162, 44, 113, 163, 163, + 85, 147, 190, 111, 197, 80, 213, 153, 81, 68, 203, 33, 161, 165, 10, 61, + 120, 252, 0, 205, 28, 42, 193, 64, 39, 37, 83, 175, 5, 218, 215, 174, + 128, 121, 231, 11, 150, 145, 135, 197, 136, 91, 193, 5, 107, 88, 82, 6, + 4, 188, 256, 70, 40, 2, 167, 57, 169, 203, 115, 254, 215, 172, 84, 80, + 188, 167, 34, 137, 43, 243, 2, 79, 178, 38, 188, 135, 233, 194, 208, 13, + 11, 151, 231, 196, 12, 122, 162, 56, 17, 114, 191, 207, 90, 132, 64, 238, + 187, 6, 198, 176, 240, 88, 118, 236, 15, 226, 166, 22, 193, 229, 82, 246, + 213, 64, 37, 63, 31, 243, 252, 37, 156, 38, 175, 204, 138, 141, 211, 82, + 106, 217, 97, 139, 153, 56, 129, 218, 158, 9, 83, 26, 87, 112, 71, 21, + 250, 5, 65, 141, 68, 116, 231, 113, 10, 218, 99, 205, 201, 92, 157, 4, + 97, 46, 49, 220, 72, 139, 103, 171, 149, 129, 193, 19, 69, 245, 43, 31, + 58, 68, 36, 195, 159, 22, 54, 34, 233, 141, 205, 100, 226, 96, 22, 192, + 41, 231, 24, 79, 234, 138, 30, 120, 117, 216, 172, 197, 172, 107, 86, 29, + 181, 151, 0, 6, 146, 186, 68, 55, 54, 58, 213, 182, 60, 231, 33, 232, + 77, 210, 216, 154, 80, 51, 141, 122, 68, 148, 219, 122, 254, 48, 64, 175, + 41, 115, 62, 243, 141, 81, 119, 121, 5, 68, 121, 88, 239, 29, 230, 90, + 135, 159, 35, 223, 168, 112, 49, 37, 146, 60, 126, 134, 42, 145, 115, 90, + 73, 133, 211, 86, 120, 141, 122, 241, 127, 56, 130, 36, 174, 75, 83, 246, + 112, 45, 136, 194, 201, 115, 1, 156, 114, 167, 208, 12, 176, 147, 32, 170, + 251, 100, 102, 220, 122, 210, 6, 49, 75, 201, 38, 105, 132, 135, 126, 102, + 13, 121, 76, 228, 202, 20, 61, 213, 246, 13, 207, 42, 148, 168, 37, 253, + 34, 94, 141, 185, 18, 234, 157, 109, 104, 64, 250, 125, 49, 236, 86, 48, + 196, 77, 75, 237, 156, 103, 225, 19, 110, 229, 22, 68, 177, 93, 221, 181, + 152, 153, 61, 108, 101, 74, 247, 195, 127, 216, 30, 166, 168, 61, 83, 229, + 120, 156, 96, 120, 201, 124, 43, 27, 253, 250, 120, 143, 89, 235, 189, 243, + 150, 7, 127, 119, 149, 244, 84, 185, 134, 34, 128, 193, 236, 234, 132, 117, + 137, 32, 145, 184, 44, 121, 51, 76, 11, 228, 142, 251, 39, 77, 228, 251, + 41, 58, 246, 107, 125, 187, 9, 240, 35, 8, 11, 162, 242, 220, 158, 163, + 2, 184, 163, 227, 242, 2, 100, 101, 2, 78, 129, 34, 89, 28, 26, 157, + 79, 31, 107, 250, 194, 156, 186, 69, 212, 66, 41, 180, 139, 42, 211, 253, + 256, 239, 29, 129, 104, 248, 182, 68, 1, 189, 48, 226, 36, 229, 3, 158, + 41, 53, 241, 22, 115, 174, 16, 163, 224, 19, 112, 219, 177, 233, 42, 27, + 250, 134, 18, 28, 145, 122, 68, 34, 134, 31, 147, 17, 39, 188, 150, 76, + 45, 42, 167, 249, 12, 16, 23, 182, 13, 79, 121, 3, 70, 197, 239, 44, + 86, 177, 255, 81, 64, 171, 138, 131, 73, 110, 44, 201, 254, 198, 146, 91, + 48, 9, 104, 31, 29, 161, 101, 31, 138, 180, 231, 233, 79, 137, 61, 236, + 140, 15, 249, 218, 234, 119, 99, 195, 110, 137, 237, 207, 8, 31, 45, 24, + 90, 155, 203, 253, 192, 203, 65, 176, 210, 171, 142, 214, 220, 122, 136, 237, + 189, 186, 147, 40, 80, 254, 173, 33, 191, 46, 192, 26, 108, 255, 228, 205, + 61, 76, 39, 107, 225, 126, 228, 182, 140, 251, 143, 134, 252, 168, 221, 8, + 185, 85, 60, 233, 147, 244, 87, 137, 8, 140, 96, 80, 53, 45, 175, 160, + 124, 189, 112, 37, 144, 19, 70, 17, 170, 242, 2, 3, 28, 95, 120, 199, + 212, 43, 9, 117, 86, 151, 101, 241, 200, 145, 241, 19, 178, 69, 204, 197, + 227, 166, 94, 7, 193, 45, 247, 234, 19, 187, 212, 212, 236, 125, 33, 95, + 198, 121, 122, 103, 77, 155, 235, 49, 25, 237, 249, 11, 162, 7, 238, 24, + 16, 150, 129, 25, 152, 17, 42, 67, 247, 162, 77, 154, 31, 133, 55, 137, + 79, 119, 153, 10, 86, 28, 244, 186, 41, 169, 106, 44, 10, 49, 110, 179, + 32, 133, 155, 244, 61, 70, 131, 168, 170, 39, 231, 252, 32, 69, 92, 238, + 239, 35, 132, 136, 236, 167, 90, 32, 123, 88, 69, 22, 20, 89, 145, 166, + 30, 118, 75, 4, 49, 31, 225, 54, 11, 50, 56, 191, 246, 1, 187, 33, + 119, 107, 139, 68, 19, 240, 131, 55, 94, 113, 31, 252, 12, 179, 121, 2, + 120, 252, 0, 76, 41, 80, 185, 42, 62, 121, 105, 159, 121, 109, 111, 98, + 7, 118, 86, 29, 210, 70, 231, 179, 223, 229, 164, 70, 62, 47, 0, 206, + 204, 178, 168, 120, 224, 166, 99, 25, 103, 63, 246, 224, 117, 204, 75, 124, + 140, 133, 110, 110, 222, 88, 151, 118, 46, 37, 22, 143, 158, 40, 2, 50, + 153, 94, 190, 199, 13, 198, 127, 211, 180, 90, 183, 98, 0, 142, 210, 154, + 100, 187, 67, 231, 202, 100, 198, 235, 252, 160, 247, 124, 247, 14, 121, 221, + 57, 88, 253, 243, 185, 89, 45, 249, 221, 194, 108, 175, 193, 119, 50, 141, + 223, 133, 136, 64, 176, 250, 129, 100, 124, 94, 181, 159, 99, 185, 177, 240, + 135, 42, 103, 52, 202, 208, 143, 186, 193, 103, 154, 237, 102, 88, 225, 161, + 50, 188, 191, 109, 12, 87, 19, 227, 247, 183, 13, 52, 205, 170, 205, 146, + 89, 160, 18, 105, 192, 73, 231, 225, 184, 157, 252, 220, 61, 59, 169, 183, + 221, 20, 141, 20, 158, 101, 245, 7, 245, 225, 118, 137, 84, 55, 19, 27, + 164, 110, 35, 25, 202, 94, 150, 46, 91, 152, 130, 1, 7, 46, 16, 237, + 171, 109, 19, 200, 65, 38, 10, 213, 70, 96, 126, 226, 185, 225, 181, 46, + 10, 165, 11, 123, 53, 158, 22, 147, 64, 22, 227, 69, 182, 237, 197, 37, + 39, 49, 186, 223, 139, 128, 55, 36, 166, 178, 220, 20, 98, 172, 166, 253, + 45, 0, 120, 180, 189, 185, 158, 159, 196, 6, 214, 79, 141, 52, 156, 107, + 5, 109, 142, 159, 33, 64, 190, 133, 95, 132, 95, 202, 160, 63, 186, 23, + 231, 107, 163, 33, 234, 15, 244, 77, 108, 49, 51, 7, 164, 87, 142, 99, + 240, 202, 47, 256, 118, 190, 196, 178, 217, 42, 39, 153, 21, 192, 232, 202, + 14, 82, 179, 64, 233, 4, 219, 10, 133, 78, 43, 144, 146, 216, 202, 81, + 71, 252, 8, 201, 68, 256, 85, 233, 164, 88, 176, 30, 5, 152, 126, 179, + 249, 84, 140, 190, 159, 54, 118, 98, 2, 159, 27, 133, 74, 121, 239, 196, + 71, 149, 119, 135, 102, 20, 87, 112, 44, 75, 221, 3, 151, 158, 5, 98, + 152, 25, 97, 106, 63, 171, 240, 79, 234, 240, 230, 92, 76, 70, 173, 196, + 36, 225, 218, 133, 64, 240, 150, 41, 146, 66, 133, 51, 134, 73, 170, 238, + 140, 90, 45, 89, 46, 147, 96, 169, 174, 174, 244, 151, 90, 40, 32, 74, + 38, 154, 246, 57, 31, 14, 189, 151, 83, 243, 197, 183, 220, 185, 53, 225, + 51, 106, 188, 208, 222, 248, 93, 13, 93, 215, 131, 25, 142, 185, 113, 222, + 131, 215, 149, 50, 159, 85, 32, 5, 205, 192, 2, 227, 42, 214, 197, 42, + 126, 182, 68, 123, 109, 36, 237, 179, 170, 199, 77, 256, 5, 128, 214, 243, + 137, 177, 170, 253, 179, 180, 153, 236, 100, 196, 216, 231, 198, 37, 192, 80, + 121, 221, 246, 1, 16, 246, 29, 78, 64, 148, 124, 38, 96, 125, 28, 20, + 48, 51, 73, 187, 139, 208, 98, 253, 221, 188, 84, 129, 1, 205, 95, 205, + 117, 79, 71, 126, 134, 237, 19, 184, 137, 125, 129, 178, 223, 54, 188, 112, + 30, 7, 225, 228, 205, 184, 233, 87, 117, 22, 58, 10, 8, 42, 2, 114, + 254, 19, 17, 13, 150, 92, 233, 179, 63, 12, 60, 171, 127, 35, 50, 5, + 195, 113, 241, 25, 249, 184, 166, 44, 221, 35, 151, 116, 8, 54, 195, 89, + 218, 186, 132, 5, 41, 89, 226, 177, 11, 41, 87, 172, 5, 23, 20, 59, + 228, 94, 76, 33, 137, 43, 151, 221, 61, 232, 4, 120, 93, 217, 80, 228, + 228, 6, 58, 25, 62, 84, 91, 48, 209, 20, 247, 243, 55, 106, 80, 79, + 235, 34, 20, 180, 146, 2, 236, 13, 236, 206, 243, 222, 204, 83, 148, 213, + 214, 117, 237, 98, 0, 90, 204, 168, 32, 41, 126, 67, 191, 74, 27, 255, + 26, 75, 240, 113, 185, 105, 167, 154, 112, 67, 151, 63, 161, 134, 239, 176, + 42, 87, 249, 130, 45, 242, 17, 100, 107, 120, 212, 218, 237, 76, 231, 162, + 175, 172, 118, 155, 92, 36, 124, 17, 121, 71, 13, 9, 82, 126, 147, 142, + 218, 148, 138, 80, 163, 106, 164, 123, 140, 129, 35, 42, 186, 154, 228, 214, + 75, 73, 8, 253, 42, 153, 232, 164, 95, 24, 110, 90, 231, 197, 90, 196, + 57, 164, 252, 181, 31, 7, 97, 256, 35, 77, 200, 212, 99, 179, 92, 227, + 17, 180, 49, 176, 9, 188, 13, 182, 93, 44, 128, 219, 134, 92, 151, 6, + 23, 126, 200, 109, 66, 30, 140, 180, 146, 134, 67, 200, 7, 9, 223, 168, + 186, 221, 3, 154, 150, 165, 43, 53, 138, 27, 86, 213, 235, 160, 70, 2, + 240, 20, 89, 212, 84, 141, 168, 246, 183, 227, 30, 167, 138, 185, 253, 83, + 52, 143, 236, 94, 59, 65, 89, 218, 194, 157, 164, 156, 111, 95, 202, 168, + 245, 256, 151, 28, 222, 194, 72, 130, 217, 134, 253, 77, 246, 100, 76, 32, + 254, 174, 182, 193, 14, 237, 74, 1, 74, 26, 135, 216, 152, 208, 112, 38, + 181, 62, 25, 71, 61, 234, 254, 97, 191, 23, 92, 256, 190, 205, 6, 16, + 134, 147, 210, 219, 148, 59, 73, 185, 24, 247, 174, 143, 116, 220, 128, 144, + 111, 126, 101, 98, 130, 136, 101, 102, 69, 127, 24, 168, 146, 226, 226, 207, + 176, 122, 149, 254, 134, 196, 22, 151, 197, 21, 50, 205, 116, 154, 65, 116, + 177, 224, 127, 77, 177, 159, 225, 69, 176, 54, 100, 104, 140, 8, 11, 126, + 11, 188, 185, 159, 107, 16, 254, 142, 80, 28, 5, 157, 104, 57, 109, 82, + 102, 80, 173, 242, 238, 207, 57, 105, 237, 160, 59, 189, 189, 199, 26, 11, + 190, 156, 97, 118, 20, 12, 254, 189, 165, 147, 142, 199, 5, 213, 64, 133, + 108, 217, 133, 60, 94, 28, 116, 136, 47, 165, 125, 42, 183, 143, 14, 129, + 223, 70, 212, 205, 181, 180, 3, 201, 182, 46, 57, 104, 239, 60, 99, 181, + 220, 231, 45, 79, 156, 89, 149, 143, 190, 103, 153, 61, 235, 73, 136, 20, + 89, 243, 16, 130, 247, 141, 134, 93, 80, 68, 85, 84, 8, 72, 194, 4, + 242, 110, 19, 133, 199, 70, 172, 92, 132, 254, 67, 74, 36, 94, 13, 90, + 154, 184, 9, 109, 118, 243, 214, 71, 36, 95, 0, 90, 201, 105, 112, 215, + 69, 196, 224, 210, 236, 242, 155, 211, 37, 134, 69, 113, 157, 97, 68, 26, + 230, 149, 219, 180, 20, 76, 172, 145, 154, 40, 129, 8, 93, 56, 162, 124, + 207, 233, 105, 19, 3, 183, 155, 134, 8, 244, 213, 78, 139, 88, 156, 37, + 51, 152, 111, 102, 112, 250, 114, 252, 201, 241, 133, 24, 136, 153, 5, 90, + 210, 197, 216, 24, 131, 17, 147, 246, 13, 86, 3, 253, 179, 237, 101, 114, + 243, 191, 207, 2, 220, 133, 244, 53, 87, 125, 154, 158, 197, 20, 8, 83, + 32, 191, 38, 241, 204, 22, 168, 59, 217, 123, 162, 82, 21, 50, 130, 89, + 239, 253, 195, 56, 253, 74, 147, 125, 234, 199, 250, 28, 65, 193, 22, 237, + 193, 94, 58, 229, 139, 176, 69, 42, 179, 164, 150, 168, 246, 214, 86, 174, + 59, 117, 15, 19, 76, 37, 214, 238, 153, 226, 154, 45, 109, 114, 198, 107, + 45, 70, 238, 196, 142, 252, 244, 71, 123, 136, 134, 188, 99, 132, 25, 42, + 240, 0, 196, 33, 26, 124, 256, 145, 27, 102, 153, 35, 28, 132, 221, 167, + 138, 133, 41, 170, 95, 224, 40, 139, 239, 153, 1, 106, 255, 106, 170, 163, + 127, 44, 155, 232, 194, 119, 232, 117, 239, 143, 108, 41, 3, 9, 180, 256, + 144, 113, 133, 200, 79, 69, 128, 216, 31, 50, 102, 209, 249, 136, 150, 154, + 182, 51, 228, 39, 127, 142, 87, 15, 94, 92, 187, 245, 31, 236, 64, 58, + 114, 11, 17, 166, 189, 152, 218, 34, 123, 39, 58, 37, 153, 91, 63, 121, + 31, 34, 12, 254, 106, 96, 171, 14, 155, 247, 214, 69, 24, 98, 3, 204, + 202, 194, 207, 30, 253, 44, 119, 70, 14, 96, 82, 250, 63, 6, 232, 38, + 89, 144, 102, 191, 82, 254, 20, 222, 96, 162, 110, 6, 159, 58, 200, 226, + 98, 128, 42, 70, 84, 247, 128, 211, 136, 54, 143, 166, 60, 118, 99, 218, + 27, 193, 85, 81, 219, 223, 46, 41, 23, 233, 152, 222, 36, 236, 54, 181, + 56, 50, 4, 207, 129, 92, 78, 88, 197, 251, 131, 105, 31, 172, 38, 131, + 19, 204, 129, 47, 227, 106, 202, 183, 23, 6, 77, 224, 102, 147, 11, 218, + 131, 132, 60, 192, 208, 223, 236, 23, 103, 115, 89, 18, 185, 171, 70, 174, + 139, 0, 100, 160, 221, 11, 228, 60, 12, 122, 114, 12, 157, 235, 148, 57, + 83, 62, 173, 131, 169, 126, 85, 99, 93, 243, 81, 80, 29, 245, 206, 82, + 236, 227, 166, 14, 230, 213, 144, 97, 27, 111, 99, 164, 105, 150, 89, 111, + 252, 118, 140, 232, 120, 183, 137, 213, 232, 157, 224, 33, 134, 118, 186, 80, + 159, 2, 186, 193, 54, 242, 25, 237, 232, 249, 226, 213, 90, 149, 90, 160, + 118, 69, 64, 37, 10, 183, 109, 246, 30, 52, 219, 69, 189, 26, 116, 220, + 50, 244, 243, 243, 139, 137, 232, 98, 38, 45, 256, 143, 171, 101, 73, 238, + 123, 45, 194, 167, 250, 123, 12, 29, 136, 237, 141, 21, 89, 96, 199, 44, + 8, 214, 208, 17, 113, 41, 137, 26, 166, 155, 89, 85, 54, 58, 97, 160, + 50, 239, 58, 71, 21, 157, 139, 12, 37, 198, 182, 131, 149, 134, 16, 204, + 164, 181, 248, 166, 52, 216, 136, 201, 37, 255, 187, 240, 5, 101, 147, 231, + 14, 163, 253, 134, 146, 216, 8, 54, 224, 90, 220, 195, 75, 215, 186, 58, + 71, 204, 124, 105, 239, 53, 16, 85, 69, 163, 195, 223, 33, 38, 69, 88, + 88, 203, 99, 55, 176, 13, 156, 204, 236, 99, 194, 134, 75, 247, 126, 129, + 160, 124, 233, 206, 139, 144, 154, 45, 233, 51, 206, 61, 60, 55, 205, 107, + 84, 108, 96, 188, 203, 31, 89, 20, 115, 144, 137, 90, 237, 78, 231, 185, + 120, 217, 1, 176, 169, 30, 155, 176, 100, 113, 53, 42, 193, 108, 14, 121, + 176, 158, 137, 92, 178, 44, 110, 249, 108, 234, 94, 101, 128, 12, 250, 173, + 72, 202, 232, 66, 139, 152, 189, 18, 32, 197, 9, 238, 246, 55, 119, 183, + 196, 119, 113, 247, 191, 100, 200, 245, 46, 16, 234, 112, 136, 116, 232, 48, + 176, 108, 11, 237, 14, 153, 93, 177, 124, 72, 67, 121, 135, 143, 45, 18, + 97, 251, 184, 172, 136, 55, 213, 8, 103, 12, 221, 212, 13, 160, 116, 91, + 237, 127, 218, 190, 103, 131, 77, 82, 36, 100, 22, 252, 79, 69, 54, 26, + 65, 182, 115, 142, 247, 20, 89, 81, 188, 244, 27, 120, 240, 248, 13, 230, + 67, 133, 32, 201, 129, 87, 9, 245, 66, 88, 166, 34, 46, 184, 119, 218, + 144, 235, 163, 40, 138, 134, 127, 217, 64, 227, 116, 67, 55, 202, 130, 48, + 199, 42, 251, 112, 124, 153, 123, 194, 243, 49, 250, 12, 78, 157, 167, 134, + 210, 73, 156, 102, 21, 88, 216, 123, 45, 11, 208, 18, 47, 187, 20, 43, + 3, 180, 124, 2, 136, 176, 77, 111, 138, 139, 91, 225, 126, 8, 74, 255, + 88, 192, 193, 239, 138, 204, 139, 194, 166, 130, 252, 184, 140, 168, 30, 177, + 121, 98, 131, 124, 69, 171, 75, 49, 184, 34, 76, 122, 202, 115, 184, 253, + 120, 182, 33, 251, 1, 74, 216, 217, 243, 168, 70, 162, 119, 158, 197, 198, + 61, 89, 7, 5, 54, 199, 211, 170, 23, 226, 44, 247, 165, 195, 7, 225, + 91, 23, 50, 15, 51, 208, 106, 94, 12, 31, 43, 112, 146, 139, 246, 182, + 113, 1, 97, 15, 66, 2, 51, 76, 164, 184, 237, 200, 218, 176, 72, 98, + 33, 135, 38, 147, 140, 229, 50, 94, 81, 187, 129, 17, 238, 168, 146, 203, + 181, 99, 164, 3, 104, 98, 255, 189, 114, 142, 86, 102, 229, 102, 80, 129, + 64, 84, 79, 161, 81, 156, 128, 111, 164, 197, 18, 15, 55, 196, 198, 191, + 28, 113, 117, 96, 207, 253, 19, 158, 231, 13, 53, 130, 252, 211, 58, 180, + 212, 142, 7, 219, 38, 81, 62, 109, 167, 113, 33, 56, 97, 185, 157, 130, + 186, 129, 119, 182, 196, 26, 54, 110, 65, 170, 166, 236, 30, 22, 162, 0, + 106, 12, 248, 33, 48, 72, 159, 17, 76, 244, 172, 132, 89, 171, 196, 76, + 254, 166, 76, 218, 226, 3, 52, 220, 238, 181, 179, 144, 225, 23, 3, 166, + 158, 35, 228, 154, 204, 23, 203, 71, 134, 189, 18, 168, 236, 141, 117, 138, + 2, 132, 78, 57, 154, 21, 250, 196, 184, 40, 161, 40, 10, 178, 134, 120, + 132, 123, 101, 82, 205, 121, 55, 140, 231, 56, 231, 71, 206, 246, 198, 150, + 146, 192, 45, 105, 242, 1, 125, 18, 176, 46, 222, 122, 19, 80, 113, 133, + 131, 162, 81, 51, 98, 168, 247, 161, 139, 39, 63, 162, 22, 153, 170, 92, + 91, 130, 174, 200, 45, 112, 99, 164, 132, 184, 191, 186, 200, 167, 86, 145, + 167, 227, 130, 44, 12, 158, 172, 249, 204, 17, 54, 249, 16, 200, 21, 174, + 67, 223, 105, 201, 50, 36, 133, 203, 244, 131, 228, 67, 29, 195, 91, 91, + 55, 107, 167, 154, 170, 137, 218, 183, 169, 61, 99, 175, 128, 23, 142, 183, + 66, 255, 59, 187, 66, 85, 212, 109, 168, 82, 16, 43, 67, 139, 114, 176, + 216, 255, 130, 94, 152, 79, 183, 64, 100, 23, 214, 82, 34, 230, 48, 15, + 242, 130, 50, 241, 81, 32, 5, 125, 183, 182, 184, 99, 248, 109, 159, 210, + 226, 61, 119, 129, 39, 149, 78, 214, 107, 78, 147, 124, 228, 18, 143, 188, + 84, 180, 233, 119, 64, 39, 158, 133, 177, 168, 6, 150, 80, 117, 150, 56, + 49, 72, 49, 37, 30, 242, 49, 142, 33, 156, 34, 44, 44, 72, 58, 22, + 249, 46, 168, 80, 25, 196, 64, 174, 97, 179, 244, 134, 213, 105, 63, 151, + 21, 90, 168, 90, 245, 28, 157, 65, 250, 232, 188, 27, 99, 160, 156, 127, + 68, 193, 10, 80, 205, 36, 138, 229, 12, 223, 70, 169, 251, 41, 48, 94, + 41, 177, 99, 256, 158, 0, 6, 83, 231, 191, 120, 135, 157, 146, 218, 213, + 160, 7, 47, 234, 98, 211, 79, 225, 179, 95, 175, 105, 185, 79, 115, 0, + 104, 14, 65, 124, 15, 188, 52, 9, 253, 27, 132, 137, 13, 127, 75, 238, + 185, 253, 33, 8, 52, 157, 164, 68, 232, 188, 69, 28, 209, 233, 5, 129, + 216, 90, 252, 212, 33, 200, 222, 9, 112, 15, 43, 36, 226, 114, 15, 249, + 217, 8, 148, 22, 147, 23, 143, 67, 222, 116, 235, 250, 212, 210, 39, 142, + 108, 64, 209, 83, 73, 66, 99, 34, 17, 29, 45, 151, 244, 114, 28, 241, + 144, 208, 146, 179, 132, 89, 217, 198, 252, 219, 205, 165, 75, 107, 11, 173, + 76, 6, 196, 247, 152, 216, 248, 91, 209, 178, 57, 250, 174, 60, 79, 123, + 18, 135, 9, 241, 230, 159, 184, 68, 156, 251, 215, 9, 113, 234, 75, 235, + 103, 194, 205, 129, 230, 45, 96, 73, 157, 20, 200, 212, 212, 228, 161, 7, + 231, 228, 108, 43, 198, 87, 140, 140, 4, 182, 164, 3, 53, 104, 250, 213, + 85, 38, 89, 61, 52, 187, 35, 204, 86, 249, 100, 71, 248, 213, 163, 215, + 66, 106, 252, 129, 40, 111, 47, 24, 186, 221, 85, 205, 199, 237, 122, 181, + 32, 46, 182, 135, 33, 251, 142, 34, 208, 242, 128, 255, 4, 234, 15, 33, + 167, 222, 32, 186, 191, 34, 255, 244, 98, 240, 228, 204, 30, 142, 32, 70, + 69, 83, 110, 151, 10, 243, 141, 21, 223, 69, 61, 37, 59, 209, 102, 114, + 223, 33, 129, 254, 255, 103, 86, 247, 235, 72, 126, 177, 102, 226, 102, 30, + 149, 221, 62, 247, 251, 120, 163, 173, 57, 202, 204, 24, 39, 106, 120, 143, + 202, 176, 191, 147, 37, 38, 51, 133, 47, 245, 157, 132, 154, 71, 183, 111, + 30, 180, 18, 202, 82, 96, 170, 91, 157, 181, 212, 140, 256, 8, 196, 121, + 149, 79, 66, 127, 113, 78, 4, 197, 84, 256, 111, 222, 102, 63, 228, 104, + 136, 223, 67, 193, 93, 154, 249, 83, 204, 101, 200, 234, 84, 252, 230, 195, + 43, 140, 120, 242, 89, 63, 166, 233, 209, 94, 43, 170, 126, 5, 205, 78, + 112, 80, 143, 151, 146, 248, 137, 203, 45, 183, 61, 1, 155, 8, 102, 59, + 68, 212, 230, 61, 254, 191, 128, 223, 176, 123, 229, 27, 146, 120, 96, 165, + 213, 12, 232, 40, 186, 225, 66, 105, 200, 195, 212, 110, 237, 238, 151, 19, + 12, 171, 150, 82, 7, 228, 79, 52, 15, 78, 62, 43, 21, 154, 114, 21, + 12, 212, 256, 232, 125, 127, 5, 51, 37, 252, 136, 13, 47, 195, 168, 191, + 231, 55, 57, 251, 214, 116, 15, 86, 210, 41, 249, 242, 119, 27, 250, 203, + 107, 69, 90, 43, 206, 154, 127, 54, 100, 78, 187, 54, 244, 177, 234, 167, + 202, 136, 209, 171, 69, 114, 133, 173, 26, 139, 78, 141, 128, 32, 124, 39, + 45, 218, 96, 68, 90, 44, 67, 62, 83, 190, 188, 256, 103, 42, 102, 64, + 249, 0, 141, 11, 61, 69, 70, 66, 233, 237, 29, 200, 251, 157, 71, 51, + 64, 133, 113, 76, 35, 125, 76, 137, 217, 145, 35, 69, 226, 180, 56, 249, + 156, 163, 176, 237, 81, 54, 85, 169, 115, 211, 129, 70, 248, 40, 252, 192, + 194, 101, 247, 8, 181, 124, 217, 191, 194, 93, 99, 127, 117, 177, 144, 151, + 228, 121, 32, 11, 89, 81, 26, 29, 183, 76, 249, 132, 179, 70, 34, 102, + 20, 66, 87, 63, 124, 205, 174, 177, 87, 219, 73, 218, 91, 87, 176, 72, + 15, 211, 47, 61, 251, 165, 39, 247, 146, 70, 150, 57, 1, 212, 36, 162, + 39, 38, 16, 216, 3, 50, 116, 200, 32, 234, 77, 181, 155, 19, 90, 188, + 36, 6, 254, 46, 46, 203, 25, 230, 181, 196, 4, 151, 225, 65, 122, 216, + 168, 86, 158, 131, 136, 16, 49, 102, 233, 64, 154, 88, 228, 52, 146, 69, + 93, 157, 243, 121, 70, 209, 126, 213, 88, 145, 236, 65, 70, 96, 204, 47, + 10, 200, 77, 8, 103, 150, 48, 153, 5, 37, 52, 235, 209, 31, 181, 126, + 83, 142, 224, 140, 6, 32, 200, 171, 160, 179, 115, 229, 75, 194, 208, 39, + 59, 223, 52, 247, 38, 197, 135, 1, 6, 189, 106, 114, 168, 5, 211, 222, + 44, 63, 90, 160, 116, 172, 170, 133, 125, 138, 39, 131, 23, 178, 10, 214, + 36, 93, 28, 59, 68, 17, 123, 25, 255, 184, 204, 102, 194, 214, 129, 94, + 159, 245, 112, 141, 62, 11, 61, 197, 124, 221, 205, 11, 79, 71, 201, 54, + 58, 150, 29, 121, 87, 46, 240, 201, 68, 20, 194, 209, 47, 152, 158, 174, + 193, 164, 120, 255, 216, 165, 247, 58, 85, 130, 220, 23, 122, 223, 188, 98, + 21, 70, 72, 170, 150, 237, 76, 143, 112, 238, 206, 146, 215, 110, 4, 250, + 68, 44, 174, 177, 30, 98, 143, 241, 180, 127, 113, 48, 0, 1, 179, 199, + 59, 106, 201, 114, 29, 86, 173, 133, 217, 44, 200, 141, 107, 172, 16, 60, + 82, 58, 239, 94, 141, 234, 186, 235, 109, 173, 249, 139, 141, 59, 100, 248, + 84, 144, 49, 160, 51, 207, 164, 103, 74, 97, 146, 202, 193, 125, 168, 134, + 236, 111, 135, 121, 59, 145, 168, 200, 181, 173, 109, 2, 255, 6, 9, 245, + 90, 202, 214, 143, 121, 65, 85, 232, 132, 77, 228, 84, 26, 54, 184, 15, + 161, 29, 177, 79, 43, 0, 156, 184, 163, 165, 62, 90, 179, 93, 45, 239, + 1, 16, 120, 189, 127, 47, 74, 166, 20, 214, 233, 226, 89, 217, 229, 26, + 156, 53, 162, 60, 21, 3, 192, 72, 111, 51, 53, 101, 181, 208, 88, 82, + 179, 160, 219, 113, 240, 108, 43, 224, 162, 147, 62, 14, 95, 81, 205, 4, + 160, 177, 225, 115, 29, 69, 235, 168, 148, 29, 128, 114, 124, 129, 172, 165, + 215, 231, 214, 86, 160, 44, 157, 91, 248, 183, 73, 164, 56, 181, 162, 92, + 141, 118, 127, 240, 196, 77, 0, 9, 244, 79, 250, 100, 195, 25, 255, 85, + 94, 35, 212, 137, 107, 34, 110, 20, 200, 104, 17, 32, 231, 43, 150, 159, + 231, 216, 223, 190, 226, 109, 162, 197, 87, 92, 224, 11, 111, 73, 60, 225, + 238, 73, 246, 169, 19, 217, 119, 38, 121, 118, 70, 82, 99, 241, 110, 67, + 31, 76, 146, 215, 124, 240, 31, 103, 139, 224, 75, 160, 31, 78, 93, 4, + 64, 9, 103, 223, 6, 227, 119, 85, 116, 81, 21, 43, 46, 206, 234, 132, + 85, 99, 22, 131, 135, 97, 86, 13, 234, 188, 21, 14, 89, 169, 207, 238, + 219, 177, 190, 72, 157, 41, 114, 140, 92, 141, 186, 1, 63, 107, 225, 184, + 118, 150, 153, 254, 241, 106, 120, 210, 104, 144, 151, 161, 88, 206, 125, 164, + 15, 211, 173, 49, 146, 241, 71, 36, 58, 201, 46, 27, 33, 187, 91, 162, + 117, 19, 210, 213, 187, 97, 193, 50, 190, 114, 217, 60, 61, 167, 207, 213, + 213, 53, 135, 34, 156, 91, 115, 119, 46, 99, 242, 1, 90, 52, 198, 227, + 201, 91, 216, 146, 210, 82, 121, 38, 73, 133, 182, 193, 132, 148, 246, 75, + 109, 157, 179, 113, 176, 134, 205, 159, 148, 58, 103, 171, 132, 156, 133, 147, + 161, 231, 39, 100, 175, 97, 125, 28, 183, 129, 135, 191, 202, 181, 29, 218, + 43, 104, 148, 203, 189, 204, 4, 182, 169, 1, 134, 122, 141, 202, 13, 187, + 177, 112, 162, 35, 231, 6, 8, 241, 99, 6, 191, 45, 113, 113, 101, 104}; + +// The S-Box we use for further linearity breaking. +// We created it by taking the digits of decimal expansion of e. +// The code that created it can be found in 'ProduceRandomSBox.c'. +unsigned char SBox[256] = { +//0 1 2 3 4 5 6 7 8 9 A B C D E F +0x7d, 0xd1, 0x70, 0x0b, 0xfa, 0x39, 0x18, 0xc3, 0xf3, 0xbb, 0xa7, 0xd4, 0x84, 0x25, 0x3b, 0x3c, // 0 +0x2c, 0x15, 0x69, 0x9a, 0xf9, 0x27, 0xfb, 0x02, 0x52, 0xba, 0xa8, 0x4b, 0x20, 0xb5, 0x8b, 0x3a, // 1 +0x88, 0x8e, 0x26, 0xcb, 0x71, 0x5e, 0xaf, 0xad, 0x0c, 0xac, 0xa1, 0x93, 0xc6, 0x78, 0xce, 0xfc, // 2 +0x2a, 0x76, 0x17, 0x1f, 0x62, 0xc2, 0x2e, 0x99, 0x11, 0x37, 0x65, 0x40, 0xfd, 0xa0, 0x03, 0xc1, // 3 +0xca, 0x48, 0xe2, 0x9b, 0x81, 0xe4, 0x1c, 0x01, 0xec, 0x68, 0x7a, 0x5a, 0x50, 0xf8, 0x0e, 0xa3, // 4 +0xe8, 0x61, 0x2b, 0xa2, 0xeb, 0xcf, 0x8c, 0x3d, 0xb4, 0x95, 0x13, 0x08, 0x46, 0xab, 0x91, 0x7b, // 5 +0xea, 0x55, 0x67, 0x9d, 0xdd, 0x29, 0x6a, 0x8f, 0x9f, 0x22, 0x4e, 0xf2, 0x57, 0xd2, 0xa9, 0xbd, // 6 +0x38, 0x16, 0x5f, 0x4c, 0xf7, 0x9e, 0x1b, 0x2f, 0x30, 0xc7, 0x41, 0x24, 0x5c, 0xbf, 0x05, 0xf6, // 7 +0x0a, 0x31, 0xa5, 0x45, 0x21, 0x33, 0x6b, 0x6d, 0x6c, 0x86, 0xe1, 0xa4, 0xe6, 0x92, 0x9c, 0xdf, // 8 +0xe7, 0xbe, 0x28, 0xe3, 0xfe, 0x06, 0x4d, 0x98, 0x80, 0x04, 0x96, 0x36, 0x3e, 0x14, 0x4a, 0x34, // 9 +0xd3, 0xd5, 0xdb, 0x44, 0xcd, 0xf5, 0x54, 0xdc, 0x89, 0x09, 0x90, 0x42, 0x87, 0xff, 0x7e, 0x56, // A +0x5d, 0x59, 0xd7, 0x23, 0x75, 0x19, 0x97, 0x73, 0x83, 0x64, 0x53, 0xa6, 0x1e, 0xd8, 0xb0, 0x49, // B +0x3f, 0xef, 0xbc, 0x7f, 0x43, 0xf0, 0xc9, 0x72, 0x0f, 0x63, 0x79, 0x2d, 0xc0, 0xda, 0x66, 0xc8, // C +0x32, 0xde, 0x47, 0x07, 0xb8, 0xe9, 0x1d, 0xc4, 0x85, 0x74, 0x82, 0xcc, 0x60, 0x51, 0x77, 0x0d, // D +0xaa, 0x35, 0xed, 0x58, 0x7c, 0x5b, 0xb9, 0x94, 0x6e, 0x8d, 0xb1, 0xc5, 0xb7, 0xee, 0xb6, 0xae, // E +0x10, 0xe0, 0xd6, 0xd9, 0xe5, 0x4f, 0xf1, 0x12, 0x00, 0xd0, 0xf4, 0x1a, 0x6f, 0x8a, 0xb3, 0xb2 }; // F + +/////////////////////////////////////////////////////////////////////////////////////////////// +// +// Helper functions definition portion. +// +/////////////////////////////////////////////////////////////////////////////////////////////// + +// Translates an input array with values in base 257 to output array with values in base 256. +// Returns the carry bit. +// +// Parameters: +// - input: the input array of size EIGHTH_N. Each value in the array is a number in Z_257. +// The MSB is assumed to be the last one in the array. +// - output: the input array encoded in base 256. +// +// Returns: +// - The carry bit (MSB). +swift_int16_t TranslateToBase256(swift_int32_t input[EIGHTH_N], unsigned char output[EIGHTH_N]); + +// Translates an input integer into the range (-FIELD_SIZE / 2) <= result <= (FIELD_SIZE / 2). +// +// Parameters: +// - x: the input integer. +// +// Returns: +// - The result, which equals (x MOD FIELD_SIZE), such that |result| <= (FIELD_SIZE / 2). +int Center(int x); + +// Calculates bit reversal permutation. +// +// Parameters: +// - input: the input to reverse. +// - numOfBits: the number of bits in the input to reverse. +// +// Returns: +// - The resulting number, which is obtained from the input by reversing its bits. +int ReverseBits(int input, int numOfBits); + +// Initializes the FFT fast lookup table. +// Shall be called only once. +void InitializeSWIFFTX(); + +// Calculates the FFT. +// +// Parameters: +// - input: the input to the FFT. +// - output: the resulting output. +void FFT(const unsigned char input[EIGHTH_N], swift_int32_t *output); + +/////////////////////////////////////////////////////////////////////////////////////////////// +// Helper functions implementation portion. +/////////////////////////////////////////////////////////////////////////////////////////////// + +swift_int16_t TranslateToBase256(swift_int32_t input[EIGHTH_N], unsigned char output[EIGHTH_N]) +{ + swift_int32_t pairs[EIGHTH_N / 2]; + int i; + + for (i = 0; i < EIGHTH_N; i += 2) + { + // input[i] + 257 * input[i + 1] + pairs[i >> 1] = input[i] + input[i + 1] + (input[i + 1] << 8); + } + + for (i = (EIGHTH_N / 2) - 1; i > 0; --i) + { + int j; + + for (j = i - 1; j < (EIGHTH_N / 2) - 1; ++j) + { + // pairs[j + 1] * 513, because 257^2 = 513 % 256^2. + register swift_int32_t temp = pairs[j] + pairs[j + 1] + (pairs[j + 1] << 9); + pairs[j] = temp & 0xffff; + pairs[j + 1] += (temp >> 16); + } + } + + for (i = 0; i < EIGHTH_N; i += 2) + { + output[i] = (unsigned char) (pairs[i >> 1] & 0xff); + output[i + 1] = (unsigned char) ((pairs[i >> 1] >> 8) & 0xff); + } + + return (pairs[EIGHTH_N/2 - 1] >> 16); +} + +int Center(int x) +{ + int result = x % FIELD_SIZE; + + if (result > (FIELD_SIZE / 2)) + result -= FIELD_SIZE; + + if (result < (FIELD_SIZE / -2)) + result += FIELD_SIZE; + + return result; +} + +int ReverseBits(int input, int numOfBits) +{ + register int reversed = 0; + + for (input |= numOfBits; input > 1; input >>= 1) + reversed = (reversed << 1) | (input & 1); + + return reversed; +} + +void InitializeSWIFFTX() +{ + int i, j, k, x; + // The powers of OMEGA + int omegaPowers[2 * N]; + omegaPowers[0] = 1; + + if (wasSetupDone) + return; + + for (i = 1; i < (2 * N); ++i) + { + omegaPowers[i] = Center(omegaPowers[i - 1] * OMEGA); + } + + for (i = 0; i < (N / W); ++i) + { + for (j = 0; j < W; ++j) + { + multipliers[(i << 3) + j] = omegaPowers[ReverseBits(i, N / W) * (2 * j + 1)]; + } + } + + for (x = 0; x < 256; ++x) + { + for (j = 0; j < 8; ++j) + { + register int temp = 0; + for (k = 0; k < 8; ++k) + { + temp += omegaPowers[(EIGHTH_N * (2 * j + 1) * ReverseBits(k, W)) % (2 * N)] + * ((x >> k) & 1); + } + + fftTable[(x << 3) + j] = Center(temp); + } + } + + wasSetupDone = true; +} + +void FFT(const unsigned char input[EIGHTH_N], swift_int32_t *output) +{ + register swift_int16_t *mult = multipliers; + register swift_int32_t F0, F1, F2, F3, F4, F5, F6, F7, F8, F9, + F10, F11, F12, F13, F14, F15, F16, F17, F18, F19, + F20, F21, F22, F23, F24, F25, F26, F27, F28, F29, + F30, F31, F32, F33, F34, F35, F36, F37, F38, F39, + F40, F41, F42, F43, F44, F45, F46, F47, F48, F49, + F50, F51, F52, F53, F54, F55, F56, F57, F58, F59, + F60, F61, F62, F63; + + // First loop unrolling: + register swift_int16_t *table = &(fftTable[input[0] << 3]); + + F0 = mult[0] * table[0]; + F8 = mult[1] * table[1]; + F16 = mult[2] * table[2]; + F24 = mult[3] * table[3]; + F32 = mult[4] * table[4]; + F40 = mult[5] * table[5]; + F48 = mult[6] * table[6]; + F56 = mult[7] * table[7]; + + mult += 8; + table = &(fftTable[input[1] << 3]); + + F1 = mult[0] * table[0]; + F9 = mult[1] * table[1]; + F17 = mult[2] * table[2]; + F25 = mult[3] * table[3]; + F33 = mult[4] * table[4]; + F41 = mult[5] * table[5]; + F49 = mult[6] * table[6]; + F57 = mult[7] * table[7]; + + mult += 8; + table = &(fftTable[input[2] << 3]); + + F2 = mult[0] * table[0]; + F10 = mult[1] * table[1]; + F18 = mult[2] * table[2]; + F26 = mult[3] * table[3]; + F34 = mult[4] * table[4]; + F42 = mult[5] * table[5]; + F50 = mult[6] * table[6]; + F58 = mult[7] * table[7]; + + mult += 8; + table = &(fftTable[input[3] << 3]); + + F3 = mult[0] * table[0]; + F11 = mult[1] * table[1]; + F19 = mult[2] * table[2]; + F27 = mult[3] * table[3]; + F35 = mult[4] * table[4]; + F43 = mult[5] * table[5]; + F51 = mult[6] * table[6]; + F59 = mult[7] * table[7]; + + mult += 8; + table = &(fftTable[input[4] << 3]); + + F4 = mult[0] * table[0]; + F12 = mult[1] * table[1]; + F20 = mult[2] * table[2]; + F28 = mult[3] * table[3]; + F36 = mult[4] * table[4]; + F44 = mult[5] * table[5]; + F52 = mult[6] * table[6]; + F60 = mult[7] * table[7]; + + mult += 8; + table = &(fftTable[input[5] << 3]); + + F5 = mult[0] * table[0]; + F13 = mult[1] * table[1]; + F21 = mult[2] * table[2]; + F29 = mult[3] * table[3]; + F37 = mult[4] * table[4]; + F45 = mult[5] * table[5]; + F53 = mult[6] * table[6]; + F61 = mult[7] * table[7]; + + mult += 8; + table = &(fftTable[input[6] << 3]); + + F6 = mult[0] * table[0]; + F14 = mult[1] * table[1]; + F22 = mult[2] * table[2]; + F30 = mult[3] * table[3]; + F38 = mult[4] * table[4]; + F46 = mult[5] * table[5]; + F54 = mult[6] * table[6]; + F62 = mult[7] * table[7]; + + mult += 8; + table = &(fftTable[input[7] << 3]); + + F7 = mult[0] * table[0]; + F15 = mult[1] * table[1]; + F23 = mult[2] * table[2]; + F31 = mult[3] * table[3]; + F39 = mult[4] * table[4]; + F47 = mult[5] * table[5]; + F55 = mult[6] * table[6]; + F63 = mult[7] * table[7]; + + // Second loop unrolling: + // Iteration 0: + ADD_SUB(F0, F1); + ADD_SUB(F2, F3); + ADD_SUB(F4, F5); + ADD_SUB(F6, F7); + + F3 <<= 4; + F7 <<= 4; + + ADD_SUB(F0, F2); + ADD_SUB(F1, F3); + ADD_SUB(F4, F6); + ADD_SUB(F5, F7); + + F5 <<= 2; + F6 <<= 4; + F7 <<= 6; + + ADD_SUB(F0, F4); + ADD_SUB(F1, F5); + ADD_SUB(F2, F6); + ADD_SUB(F3, F7); + + output[0] = Q_REDUCE(F0); + output[8] = Q_REDUCE(F1); + output[16] = Q_REDUCE(F2); + output[24] = Q_REDUCE(F3); + output[32] = Q_REDUCE(F4); + output[40] = Q_REDUCE(F5); + output[48] = Q_REDUCE(F6); + output[56] = Q_REDUCE(F7); + + // Iteration 1: + ADD_SUB(F8, F9); + ADD_SUB(F10, F11); + ADD_SUB(F12, F13); + ADD_SUB(F14, F15); + + F11 <<= 4; + F15 <<= 4; + + ADD_SUB(F8, F10); + ADD_SUB(F9, F11); + ADD_SUB(F12, F14); + ADD_SUB(F13, F15); + + F13 <<= 2; + F14 <<= 4; + F15 <<= 6; + + ADD_SUB(F8, F12); + ADD_SUB(F9, F13); + ADD_SUB(F10, F14); + ADD_SUB(F11, F15); + + output[1] = Q_REDUCE(F8); + output[9] = Q_REDUCE(F9); + output[17] = Q_REDUCE(F10); + output[25] = Q_REDUCE(F11); + output[33] = Q_REDUCE(F12); + output[41] = Q_REDUCE(F13); + output[49] = Q_REDUCE(F14); + output[57] = Q_REDUCE(F15); + + // Iteration 2: + ADD_SUB(F16, F17); + ADD_SUB(F18, F19); + ADD_SUB(F20, F21); + ADD_SUB(F22, F23); + + F19 <<= 4; + F23 <<= 4; + + ADD_SUB(F16, F18); + ADD_SUB(F17, F19); + ADD_SUB(F20, F22); + ADD_SUB(F21, F23); + + F21 <<= 2; + F22 <<= 4; + F23 <<= 6; + + ADD_SUB(F16, F20); + ADD_SUB(F17, F21); + ADD_SUB(F18, F22); + ADD_SUB(F19, F23); + + output[2] = Q_REDUCE(F16); + output[10] = Q_REDUCE(F17); + output[18] = Q_REDUCE(F18); + output[26] = Q_REDUCE(F19); + output[34] = Q_REDUCE(F20); + output[42] = Q_REDUCE(F21); + output[50] = Q_REDUCE(F22); + output[58] = Q_REDUCE(F23); + + // Iteration 3: + ADD_SUB(F24, F25); + ADD_SUB(F26, F27); + ADD_SUB(F28, F29); + ADD_SUB(F30, F31); + + F27 <<= 4; + F31 <<= 4; + + ADD_SUB(F24, F26); + ADD_SUB(F25, F27); + ADD_SUB(F28, F30); + ADD_SUB(F29, F31); + + F29 <<= 2; + F30 <<= 4; + F31 <<= 6; + + ADD_SUB(F24, F28); + ADD_SUB(F25, F29); + ADD_SUB(F26, F30); + ADD_SUB(F27, F31); + + output[3] = Q_REDUCE(F24); + output[11] = Q_REDUCE(F25); + output[19] = Q_REDUCE(F26); + output[27] = Q_REDUCE(F27); + output[35] = Q_REDUCE(F28); + output[43] = Q_REDUCE(F29); + output[51] = Q_REDUCE(F30); + output[59] = Q_REDUCE(F31); + + // Iteration 4: + ADD_SUB(F32, F33); + ADD_SUB(F34, F35); + ADD_SUB(F36, F37); + ADD_SUB(F38, F39); + + F35 <<= 4; + F39 <<= 4; + + ADD_SUB(F32, F34); + ADD_SUB(F33, F35); + ADD_SUB(F36, F38); + ADD_SUB(F37, F39); + + F37 <<= 2; + F38 <<= 4; + F39 <<= 6; + + ADD_SUB(F32, F36); + ADD_SUB(F33, F37); + ADD_SUB(F34, F38); + ADD_SUB(F35, F39); + + output[4] = Q_REDUCE(F32); + output[12] = Q_REDUCE(F33); + output[20] = Q_REDUCE(F34); + output[28] = Q_REDUCE(F35); + output[36] = Q_REDUCE(F36); + output[44] = Q_REDUCE(F37); + output[52] = Q_REDUCE(F38); + output[60] = Q_REDUCE(F39); + + // Iteration 5: + ADD_SUB(F40, F41); + ADD_SUB(F42, F43); + ADD_SUB(F44, F45); + ADD_SUB(F46, F47); + + F43 <<= 4; + F47 <<= 4; + + ADD_SUB(F40, F42); + ADD_SUB(F41, F43); + ADD_SUB(F44, F46); + ADD_SUB(F45, F47); + + F45 <<= 2; + F46 <<= 4; + F47 <<= 6; + + ADD_SUB(F40, F44); + ADD_SUB(F41, F45); + ADD_SUB(F42, F46); + ADD_SUB(F43, F47); + + output[5] = Q_REDUCE(F40); + output[13] = Q_REDUCE(F41); + output[21] = Q_REDUCE(F42); + output[29] = Q_REDUCE(F43); + output[37] = Q_REDUCE(F44); + output[45] = Q_REDUCE(F45); + output[53] = Q_REDUCE(F46); + output[61] = Q_REDUCE(F47); + + // Iteration 6: + ADD_SUB(F48, F49); + ADD_SUB(F50, F51); + ADD_SUB(F52, F53); + ADD_SUB(F54, F55); + + F51 <<= 4; + F55 <<= 4; + + ADD_SUB(F48, F50); + ADD_SUB(F49, F51); + ADD_SUB(F52, F54); + ADD_SUB(F53, F55); + + F53 <<= 2; + F54 <<= 4; + F55 <<= 6; + + ADD_SUB(F48, F52); + ADD_SUB(F49, F53); + ADD_SUB(F50, F54); + ADD_SUB(F51, F55); + + output[6] = Q_REDUCE(F48); + output[14] = Q_REDUCE(F49); + output[22] = Q_REDUCE(F50); + output[30] = Q_REDUCE(F51); + output[38] = Q_REDUCE(F52); + output[46] = Q_REDUCE(F53); + output[54] = Q_REDUCE(F54); + output[62] = Q_REDUCE(F55); + + // Iteration 7: + ADD_SUB(F56, F57); + ADD_SUB(F58, F59); + ADD_SUB(F60, F61); + ADD_SUB(F62, F63); + + F59 <<= 4; + F63 <<= 4; + + ADD_SUB(F56, F58); + ADD_SUB(F57, F59); + ADD_SUB(F60, F62); + ADD_SUB(F61, F63); + + F61 <<= 2; + F62 <<= 4; + F63 <<= 6; + + ADD_SUB(F56, F60); + ADD_SUB(F57, F61); + ADD_SUB(F58, F62); + ADD_SUB(F59, F63); + + output[7] = Q_REDUCE(F56); + output[15] = Q_REDUCE(F57); + output[23] = Q_REDUCE(F58); + output[31] = Q_REDUCE(F59); + output[39] = Q_REDUCE(F60); + output[47] = Q_REDUCE(F61); + output[55] = Q_REDUCE(F62); + output[63] = Q_REDUCE(F63); +} + +// Calculates the FFT part of SWIFFT. +// We divided the SWIFFT calculation into two, because that way we could save 2 computations of +// the FFT part, since in the first stage of SWIFFTX the difference between the first 3 SWIFFTs +// is only the A's part. +// +// Parameters: +// - input: the input to FFT. +// - m: the input size divided by 8. The function performs m FFTs. +// - output: will store the result. +void SWIFFTFFT(const unsigned char *input, int m, swift_int32_t *output) +{ + int i; + + for (i = 0; + i < m; + i++, input += EIGHTH_N, output += N) + { + FFT(input, output); + } +} + +// Calculates the 'sum' part of SWIFFT, including the base change at the end. +// We divided the SWIFFT calculation into two, because that way we could save 2 computations of +// the FFT part, since in the first stage of SWIFFTX the difference between the first 3 SWIFFTs +// is only the A's part. +// +// Parameters: +// - input: the input. Of size 64 * m. +// - m: the input size divided by 64. +// - output: will store the result. +// - a: the coefficients in the sum. Of size 64 * m. +void SWIFFTSum(const swift_int32_t *input, int m, unsigned char *output, const swift_int16_t *a) +{ + int i, j; + swift_int32_t result[N]; + register swift_int16_t carry = 0; + + for (j = 0; j < N; ++j) + { + register swift_int32_t sum = 0; + const register swift_int32_t *f = input + j; + const register swift_int16_t *k = a + j; + + for (i = 0; i < m; i++, f += N,k += N) + { + sum += (*f) * (*k); + } + + result[j] = sum; + } + + for (j = 0; j < N; ++j) + { + result[j] = ((FIELD_SIZE << 22) + result[j]) % FIELD_SIZE; + } + + for (j = 0; j < 8; ++j) + { + int register carryBit = TranslateToBase256(result + (j << 3), output + (j << 3)); + carry |= carryBit << j; + } + + output[N] = carry; +} + +void ComputeSingleSWIFFTX(unsigned char input[SWIFFTX_INPUT_BLOCK_SIZE], + unsigned char output[SWIFFTX_OUTPUT_BLOCK_SIZE], + bool doSmooth) +{ + int i; + // Will store the result of the FFT parts: + swift_int32_t fftOut[N * M]; + unsigned char intermediate[N * 3 + 8]; + unsigned char carry0,carry1,carry2; + + // Do the three SWIFFTS while remembering the three carry bytes (each carry byte gets + // overriden by the following SWIFFT): + + // 1. Compute the FFT of the input - the common part for the first 3 SWIFFTs: + SWIFFTFFT(input, M, fftOut); + + // 2. Compute the sums of the 3 SWIFFTs, each using a different set of coefficients: + + // 2a. The first SWIFFT: + SWIFFTSum(fftOut, M, intermediate, As); + // Remember the carry byte: + carry0 = intermediate[N]; + + // 2b. The second one: + SWIFFTSum(fftOut, M, intermediate + N, As + (M * N)); + carry1 = intermediate[2 * N]; + + // 2c. The third one: + SWIFFTSum(fftOut, M, intermediate + (2 * N), As + 2 * (M * N)); + carry2 = intermediate[3 * N]; + + //2d. Put three carry bytes in their place + intermediate[3 * N] = carry0; + intermediate[(3 * N) + 1] = carry1; + intermediate[(3 * N) + 2] = carry2; + + // Padding intermediate output with 5 zeroes. + memset(intermediate + (3 * N) + 3, 0, 5); + + // Apply the S-Box: + for (i = 0; i < (3 * N) + 8; ++i) + { + intermediate[i] = SBox[intermediate[i]]; + } + + // 3. The final and last SWIFFT: + SWIFFTFFT(intermediate, 3 * (N/8) + 1, fftOut); + SWIFFTSum(fftOut, 3 * (N/8) + 1, output, As); + + if (doSmooth) + { + unsigned char sum[N]; + register int i, j; + memset(sum, 0, N); + + for (i = 0; i < (N + 1) * 8; ++i) + { + register const swift_int16_t *AsRow; + register int AShift; + + if (!(output[i >> 3] & (1 << (i & 7)))) + { + continue; + } + + AsRow = As + N * M + (i & ~(N - 1)) ; + AShift = i & 63; + + for (j = AShift; j < N; ++j) + { + sum[j] += AsRow[j - AShift]; + } + + for(j = 0; j < AShift; ++j) + { + sum[j] -= AsRow[N - AShift + j]; + } + } + + for (i = 0; i < N; ++i) + { + output[i] = sum[i]; + } + + output[N] = 0; + } +} diff --git a/algo/swifftx/swifftx.h b/algo/swifftx/swifftx.h new file mode 100644 index 0000000..eedbc8f --- /dev/null +++ b/algo/swifftx/swifftx.h @@ -0,0 +1,78 @@ +/////////////////////////////////////////////////////////////////////////////////////////////// +// +// SWIFFTX ANSI C OPTIMIZED 32BIT IMPLEMENTATION FOR NIST SHA-3 COMPETITION +// +// SWIFFTX.h +// +// October 2008 +// +// This file is the exact copy from the reference implementation. +// +/////////////////////////////////////////////////////////////////////////////////////////////// +#ifndef __SWIFFTX__ +#define __SWIFFTX__ + +#ifdef __cplusplus +extern "C"{ +#endif + +// See the remarks concerning compatibility issues inside stdint.h. +//#include +#include +#include "stdint.h" +//#include "stdbool.h" +//#include "SHA3swift.h" + +// The size of SWIFFTX input in bytes. +#define SWIFFTX_INPUT_BLOCK_SIZE 256 + +// The size of output block in bytes. The compression function of SWIFFT outputs a block of +// this size (i.e., this is the size of the resulting hash value). +#define SWIFFTX_OUTPUT_BLOCK_SIZE 65 + +// Computes the result of a single SWIFFT operation. +// This is the simple implementation, where our main concern is to show our design principles. +// It is made more efficient in the optimized version, by using FFT instead of DFT, and +// through other speed-up techniques. +// +// Parameters: +// - input: the input string. Consists of 8*m input bytes, where each octet passes the DFT +// processing. +// - m: the length of the input in bytes. +// - output: the resulting hash value of SWIFFT, of size 65 bytes (520 bit). This is the +// result of summing the dot products of the DFTS with the A's after applying the base +// change transformation +// - A: the A's coefficients to work with (since every SWIFFT in SWIFFTX uses different As). +// A single application of SWIFFT uses 64*m A's. +void ComputeSingleSWIFFT(unsigned char *input, unsigned short m, + unsigned char output[SWIFFTX_OUTPUT_BLOCK_SIZE], + const swift_int16_t *a); + +// Computes the result of a single SWIFFTX operation. +// NOTE: for simplicity we use 'ComputeSingleSWIFFT()' as a subroutine. This is only to show +// the design idea. In the optimized versions we don't do this for efficiency concerns, since +// there we compute the first part (which doesn't involve the A coefficients) only once for all +// of the 3 invocations of SWIFFT. This enables us to introduce a significant speedup. +// +// Parameters: +// - input: the input input of 256 bytes (2048 bit). +// - output: the resulting hash value of SWIFFT, of size 64 bytes (512 bit). +// - doSMooth: if true, a final smoothing stage is performed and the output is of size 512 bits. +// +// Returns: +// - Success value. +void ComputeSingleSWIFFTX( unsigned char input[SWIFFTX_INPUT_BLOCK_SIZE], + unsigned char output[SWIFFTX_OUTPUT_BLOCK_SIZE] ); + +void ComputeSingleSWIFFTX_smooth( unsigned char input[SWIFFTX_INPUT_BLOCK_SIZE], + unsigned char output[SWIFFTX_OUTPUT_BLOCK_SIZE], bool doSmooth); + +// Calculates the powers of OMEGA and generates the bit reversal permutation. +// You must call this function before doing SWIFFT/X, otherwise you will get zeroes everywhere. +void InitializeSWIFFTX(); + +#ifdef __cplusplus +} +#endif + +#endif // __SWIFFTX__ diff --git a/algo/x22/x22i-4way.c b/algo/x22/x22i-4way.c new file mode 100644 index 0000000..1046d82 --- /dev/null +++ b/algo/x22/x22i-4way.c @@ -0,0 +1,311 @@ +#include "x22i-gate.h" + +#if defined(X22I_4WAY) + +#include "algo/blake/blake-hash-4way.h" +#include "algo/bmw/bmw-hash-4way.h" +#include "algo/echo/aes_ni/hash_api.h" +#include "algo/groestl/aes_ni/hash-groestl.h" +#include "algo/skein/skein-hash-4way.h" +#include "algo/jh/jh-hash-4way.h" +#include "algo/keccak/keccak-hash-4way.h" +#include "algo/luffa/luffa-hash-2way.h" +#include "algo/cubehash/cube-hash-2way.h" +#include "algo/shavite/shavite-hash-2way.h" +#include "algo/simd/simd-hash-2way.h" +#include "algo/shavite/sph_shavite.h" +#include "algo/hamsi/hamsi-hash-4way.h" +#include "algo/fugue/sph_fugue.h" +#include "algo/shabal/shabal-hash-4way.h" +#include "algo/whirlpool/sph_whirlpool.h" +#include "algo/sha/sha-hash-4way.h" +#include "algo/haval/haval-hash-4way.h" +#include "algo/tiger/sph_tiger.h" +#include "algo/lyra2/lyra2.h" +#include "algo/gost/sph_gost.h" +#include "algo/swifftx/swifftx.h" + +union _x22i_4way_ctx_overlay +{ + blake512_4way_context blake; + bmw512_4way_context bmw; + hashState_groestl groestl; + hashState_echo echo; + skein512_4way_context skein; + jh512_4way_context jh; + keccak512_4way_context keccak; + luffa_2way_context luffa; + cube_2way_context cube; + shavite512_2way_context shavite; + simd_2way_context simd; + hamsi512_4way_context hamsi; + sph_fugue512_context fugue; + shabal512_4way_context shabal; + sph_whirlpool_context whirlpool; + sha512_4way_context sha512; + haval256_5_4way_context haval; + sph_tiger_context tiger; + sph_gost512_context gost; + sha256_4way_context sha256; +}; +typedef union _x22i_4way_ctx_overlay x22i_ctx_overlay; + +void x22i_4way_hash( void *output, const void *input ) +{ + uint64_t hash0[8*4] __attribute__ ((aligned (64))); + uint64_t hash1[8*4] __attribute__ ((aligned (64))); + uint64_t hash2[8*4] __attribute__ ((aligned (64))); + uint64_t hash3[8*4] __attribute__ ((aligned (64))); + uint64_t vhash[8*4] __attribute__ ((aligned (64))); + uint64_t vhashA[8*4] __attribute__ ((aligned (64))); + uint64_t vhashB[8*4] __attribute__ ((aligned (64))); + +// unsigned char hash[64 * 4] __attribute__((aligned(64))) = {0}; + unsigned char hashA0[64] __attribute__((aligned(64))) = {0}; + unsigned char hashA1[64] __attribute__((aligned(32))) = {0}; + unsigned char hashA2[64] __attribute__((aligned(32))) = {0}; + unsigned char hashA3[64] __attribute__((aligned(32))) = {0}; + x22i_ctx_overlay ctx; + + blake512_4way_init( &ctx.blake ); + blake512_4way( &ctx.blake, input, 80 ); + blake512_4way_close( &ctx.blake, vhash ); + + bmw512_4way_init( &ctx.bmw ); + bmw512_4way( &ctx.bmw, vhash, 64 ); + bmw512_4way_close( &ctx.bmw, vhash ); + + dintrlv_4x64_512( hash0, hash1, hash2, hash3, vhash ); + + init_groestl( &ctx.groestl, 64 ); + update_and_final_groestl( &ctx.groestl, (char*)hash0, + (const char*)hash0, 512 ); + init_groestl( &ctx.groestl, 64 ); + update_and_final_groestl( &ctx.groestl, (char*)hash1, + (const char*)hash1, 512 ); + init_groestl( &ctx.groestl, 64 ); + update_and_final_groestl( &ctx.groestl, (char*)hash2, + (const char*)hash2, 512 ); + init_groestl( &ctx.groestl, 64 ); + update_and_final_groestl( &ctx.groestl, (char*)hash3, + (const char*)hash3, 512 ); + + intrlv_4x64_512( vhash, hash0, hash1, hash2, hash3 ); + + skein512_4way_init( &ctx.skein ); + skein512_4way( &ctx.skein, vhash, 64 ); + skein512_4way_close( &ctx.skein, vhash ); + + jh512_4way_init( &ctx.jh ); + jh512_4way( &ctx.jh, vhash, 64 ); + jh512_4way_close( &ctx.jh, vhash ); + + keccak512_4way_init( &ctx.keccak ); + keccak512_4way( &ctx.keccak, vhash, 64 ); + keccak512_4way_close( &ctx.keccak, vhash ); + + rintrlv_4x64_2x128( vhashA, vhashB, vhash, 512 ); + + luffa_2way_init( &ctx.luffa, 512 ); + luffa_2way_update_close( &ctx.luffa, vhashA, vhashA, 64 ); + luffa_2way_init( &ctx.luffa, 512 ); + luffa_2way_update_close( &ctx.luffa, vhashB, vhashB, 64 ); + + cube_2way_init( &ctx.cube, 512, 16, 32 ); + cube_2way_update_close( &ctx.cube, vhashA, vhashA, 64 ); + cube_2way_init( &ctx.cube, 512, 16, 32 ); + cube_2way_update_close( &ctx.cube, vhashB, vhashB, 64 ); + + shavite512_2way_init( &ctx.shavite ); + shavite512_2way_update_close( &ctx.shavite, vhashA, vhashA, 64 ); + shavite512_2way_init( &ctx.shavite ); + shavite512_2way_update_close( &ctx.shavite, vhashB, vhashB, 64 ); + + simd_2way_init( &ctx.simd, 512 ); + simd_2way_update_close( &ctx.simd, vhashA, vhashA, 512 ); + simd_2way_init( &ctx.simd, 512 ); + simd_2way_update_close( &ctx.simd, vhashB, vhashB, 512 ); + + dintrlv_2x128_512( hash0, hash1, vhashA ); + dintrlv_2x128_512( hash2, hash3, vhashB ); + + init_echo( &ctx.echo, 512 ); + update_final_echo ( &ctx.echo, (BitSequence*)hash0, + (const BitSequence*)hash0, 512 ); + init_echo( &ctx.echo, 512 ); + update_final_echo ( &ctx.echo, (BitSequence*)hash1, + (const BitSequence*)hash1, 512 ); + init_echo( &ctx.echo, 512 ); + update_final_echo ( &ctx.echo, (BitSequence*)hash2, + (const BitSequence*)hash2, 512 ); + init_echo( &ctx.echo, 512 ); + update_final_echo ( &ctx.echo, (BitSequence*)hash3, + (const BitSequence*)hash3, 512 ); + + + intrlv_4x64_512( vhash, hash0, hash1, hash2, hash3 ); + + hamsi512_4way_init( &ctx.hamsi ); + hamsi512_4way( &ctx.hamsi, vhash, 64 ); + hamsi512_4way_close( &ctx.hamsi, vhash ); + + dintrlv_4x64_512( hash0, hash1, hash2, hash3, vhash ); + + sph_fugue512_init( &ctx.fugue ); + sph_fugue512( &ctx.fugue, hash0, 64 ); + sph_fugue512_close( &ctx.fugue, hash0 ); + sph_fugue512_init( &ctx.fugue ); + sph_fugue512( &ctx.fugue, hash1, 64 ); + sph_fugue512_close( &ctx.fugue, hash1 ); + sph_fugue512_init( &ctx.fugue ); + sph_fugue512( &ctx.fugue, hash2, 64 ); + sph_fugue512_close( &ctx.fugue, hash2 ); + sph_fugue512_init( &ctx.fugue ); + sph_fugue512( &ctx.fugue, hash3, 64 ); + sph_fugue512_close( &ctx.fugue, hash3 ); + + intrlv_4x32_512( vhash, hash0, hash1, hash2, hash3 ); + + shabal512_4way_init( &ctx.shabal ); + shabal512_4way( &ctx.shabal, vhash, 64 ); + shabal512_4way_close( &ctx.shabal, vhash ); + + dintrlv_4x32_512( &hash0[8], &hash1[8], &hash2[8], &hash3[8], vhash ); + + sph_whirlpool_init( &ctx.whirlpool ); + sph_whirlpool( &ctx.whirlpool, &hash0[8], 64 ); + sph_whirlpool_close( &ctx.whirlpool, &hash0[16] ); + sph_whirlpool_init( &ctx.whirlpool ); + sph_whirlpool( &ctx.whirlpool, &hash1[8], 64 ); + sph_whirlpool_close( &ctx.whirlpool, &hash1[16] ); + sph_whirlpool_init( &ctx.whirlpool ); + sph_whirlpool( &ctx.whirlpool, &hash2[8], 64 ); + sph_whirlpool_close( &ctx.whirlpool, &hash2[16] ); + sph_whirlpool_init( &ctx.whirlpool ); + sph_whirlpool( &ctx.whirlpool, &hash3[8], 64 ); + sph_whirlpool_close( &ctx.whirlpool, &hash3[16] ); + + intrlv_4x64_512( vhash, &hash0[16], &hash1[16], &hash2[16], &hash3[16] ); + + sha512_4way_init( &ctx.sha512 ); + sha512_4way( &ctx.sha512, vhash, 64 ); + sha512_4way_close( &ctx.sha512, vhash ); + + dintrlv_4x64_512( &hash0[24], &hash1[24], &hash2[24], &hash3[24], vhash ); + +// InitializeSWIFFTX(); + ComputeSingleSWIFFTX((unsigned char*)hash0, (unsigned char*)hashA0); + ComputeSingleSWIFFTX((unsigned char*)hash1, (unsigned char*)hashA1); + ComputeSingleSWIFFTX((unsigned char*)hash2, (unsigned char*)hashA2); + ComputeSingleSWIFFTX((unsigned char*)hash3, (unsigned char*)hashA3); + + intrlv_4x32_512( vhashA, hashA0, hashA1, hashA2, hashA3 ); + + memset( vhash, 0, 64*4 ); + + haval256_5_4way_init( &ctx.haval ); + haval256_5_4way( &ctx.haval, vhashA, 64 ); + haval256_5_4way_close( &ctx.haval, vhash ); + + dintrlv_4x32_512( hash0, hash1, hash2, hash3, vhash ); + + memset( hashA0, 0, 64 ); + memset( hashA1, 0, 64 ); + memset( hashA2, 0, 64 ); + memset( hashA3, 0, 64 ); + + sph_tiger_init(&ctx.tiger); + sph_tiger (&ctx.tiger, (const void*) hash0, 64); + sph_tiger_close(&ctx.tiger, (void*) hashA0); + sph_tiger_init(&ctx.tiger); + sph_tiger (&ctx.tiger, (const void*) hash1, 64); + sph_tiger_close(&ctx.tiger, (void*) hashA1); + sph_tiger_init(&ctx.tiger); + sph_tiger (&ctx.tiger, (const void*) hash2, 64); + sph_tiger_close(&ctx.tiger, (void*) hashA2); + sph_tiger_init(&ctx.tiger); + sph_tiger (&ctx.tiger, (const void*) hash3, 64); + sph_tiger_close(&ctx.tiger, (void*) hashA3); + + memset( hash0, 0, 64 ); + memset( hash1, 0, 64 ); + memset( hash2, 0, 64 ); + memset( hash3, 0, 64 ); + + LYRA2RE( (void*) hash0, 32, (const void*) hashA0, 32, (const void*) hashA0, + 32, 1, 4, 4 ); + LYRA2RE( (void*) hash1, 32, (const void*) hashA1, 32, (const void*) hashA1, + 32, 1, 4, 4 ); + LYRA2RE( (void*) hash2, 32, (const void*) hashA2, 32, (const void*) hashA2, + 32, 1, 4, 4 ); + LYRA2RE( (void*) hash3, 32, (const void*) hashA3, 32, (const void*) hashA3, + 32, 1, 4, 4 ); + + sph_gost512_init(&ctx.gost); + sph_gost512 (&ctx.gost, (const void*) hash0, 64); + sph_gost512_close(&ctx.gost, (void*) hash0); + sph_gost512_init(&ctx.gost); + sph_gost512 (&ctx.gost, (const void*) hash1, 64); + sph_gost512_close(&ctx.gost, (void*) hash1); + sph_gost512_init(&ctx.gost); + sph_gost512 (&ctx.gost, (const void*) hash2, 64); + sph_gost512_close(&ctx.gost, (void*) hash2); + sph_gost512_init(&ctx.gost); + sph_gost512 (&ctx.gost, (const void*) hash3, 64); + sph_gost512_close(&ctx.gost, (void*) hash3); + + intrlv_4x32_512( vhash, hash0, hash1, hash2, hash3 ); + + sha256_4way_init( &ctx.sha256 ); + sha256_4way( &ctx.sha256, vhash, 64 ); + sha256_4way_close( &ctx.sha256, output ); + +// memcpy(output, hash, 32); +} + + +int scanhash_x22i_4way( struct work* work, uint32_t max_nonce, + uint64_t *hashes_done, struct thr_info *mythr ) +{ + uint32_t hash[4*16] __attribute__ ((aligned (64))); + uint32_t vdata[24*4] __attribute__ ((aligned (64))); + uint32_t lane_hash[8] __attribute__ ((aligned (32))); + uint32_t *hash7 = &(hash[7<<2]); + uint32_t *pdata = work->data; + uint32_t *ptarget = work->target; + const uint32_t first_nonce = pdata[19]; + __m256i *noncev = (__m256i*)vdata + 9; // aligned + uint32_t n = first_nonce; + const int thr_id = mythr->id; + const uint32_t Htarg = ptarget[7]; + + if (opt_benchmark) + ((uint32_t*)ptarget)[7] = 0x08ff; + + InitializeSWIFFTX(); + + mm256_bswap32_intrlv80_4x64( vdata, pdata ); + do + { + *noncev = mm256_intrlv_blend_32( mm256_bswap_32( + _mm256_set_epi32( n+3, 0, n+2, 0, n+1, 0, n, 0 ) ), *noncev ); + x22i_4way_hash( hash, vdata ); + + for ( int lane = 0; lane < 4; lane++ ) + if unlikely( ( hash7[ lane ] <= Htarg ) ) + { + extr_lane_4x32( lane_hash, hash, lane, 256 ); + if ( likely( fulltest( lane_hash, ptarget ) && !opt_benchmark ) ) + { + pdata[19] = n + lane; + submit_lane_solution( work, lane_hash, mythr, lane ); + } + } + n += 4; + } while ( likely( ( n < max_nonce - 4 ) && !work_restart[thr_id].restart ) ); + + *hashes_done = n - first_nonce + 1; + return 0; +} + +#endif // X22I_4WAY diff --git a/algo/x22/x22i-gate.c b/algo/x22/x22i-gate.c new file mode 100644 index 0000000..0d2d3e2 --- /dev/null +++ b/algo/x22/x22i-gate.c @@ -0,0 +1,28 @@ +#include "x22i-gate.h" + +bool register_x22i_algo( algo_gate_t* gate ) +{ +#if defined (X22I_4WAY) + gate->scanhash = (void*)&scanhash_x22i_4way; + gate->hash = (void*)&x22i_4way_hash; +#else + gate->scanhash = (void*)&scanhash_x22i; + gate->hash = (void*)&x22i_hash; +#endif + gate->optimizations = SSE2_OPT | AES_OPT | AVX2_OPT | SHA_OPT; + return true; +}; + +bool register_x25x_algo( algo_gate_t* gate ) +{ +#if defined (X22I_4WAY) + gate->scanhash = (void*)&scanhash_x25x_4way; + gate->hash = (void*)&x25x_4way_hash; +#else + gate->scanhash = (void*)&scanhash_x25x; + gate->hash = (void*)&x25x_hash; +#endif + gate->optimizations = SSE2_OPT | AES_OPT | AVX2_OPT | SHA_OPT; + return true; +}; + diff --git a/algo/x22/x22i-gate.h b/algo/x22/x22i-gate.h new file mode 100644 index 0000000..c5954c8 --- /dev/null +++ b/algo/x22/x22i-gate.h @@ -0,0 +1,35 @@ +#ifndef X22I_GATE_H__ +#define X22I_GATE_H__ 1 + +#include "algo-gate-api.h" +#include "simd-utils.h" +#include +#include + +#if defined(__AVX2__) && defined(__AES__) + #define X22I_4WAY +#endif + +bool register_x22i__algo( algo_gate_t* gate ); + +#if defined(X22I_4WAY) + +void x22i_4way_hash( void *state, const void *input ); +int scanhash_x22i_4way( struct work *work, uint32_t max_nonce, + uint64_t *hashes_done, struct thr_info *mythr ); + +void x25x_4way_hash( void *state, const void *input ); +int scanhash_x25x_4way( struct work *work, uint32_t max_nonce, + uint64_t *hashes_done, struct thr_info *mythr ); + +#endif + +void x22i_hash( void *state, const void *input ); +int scanhash_x22i( struct work *work, uint32_t max_nonce, + uint64_t *hashes_done, struct thr_info *mythr ); + +void x25x_hash( void *state, const void *input ); +int scanhash_x25x( struct work *work, uint32_t max_nonce, + uint64_t *hashes_done, struct thr_info *mythr ); + +#endif // X22I_GATE_H__ diff --git a/algo/x22/x22i.c b/algo/x22/x22i.c new file mode 100644 index 0000000..65643e3 --- /dev/null +++ b/algo/x22/x22i.c @@ -0,0 +1,202 @@ +#include "algo/blake/sph_blake.h" +#include "algo/bmw/sph_bmw.h" +#if defined(__AES__) + #include "algo/echo/aes_ni/hash_api.h" + #include "algo/groestl/aes_ni/hash-groestl.h" +#else + #include "algo/groestl/sph_groestl.h" + #include "algo/echo/sph_echo.h" +#endif +#include "algo/skein/sph_skein.h" +#include "algo/jh/sph_jh.h" +#include "algo/keccak/sph_keccak.h" +#include "algo/luffa/luffa_for_sse2.h" +#include "algo/cubehash/cubehash_sse2.h" +#include "algo/shavite/sph_shavite.h" +#include "algo/simd/nist.h" +#include "algo/hamsi/sph_hamsi.h" +#include "algo/fugue/sph_fugue.h" +#include "algo/shabal/sph_shabal.h" +#include "algo/whirlpool/sph_whirlpool.h" +#include +#include "algo/haval/sph-haval.h" +#include "algo/tiger/sph_tiger.h" +#include "algo/lyra2/lyra2.h" +#include "algo/gost/sph_gost.h" +#include "algo/swifftx/swifftx.h" +#include "x22i-gate.h" + +union _x22i_context_overlay +{ + sph_blake512_context blake; + sph_bmw512_context bmw; +#if defined(__AES__) + hashState_groestl groestl; + hashState_echo echo; +#else + sph_groestl512_context groestl; + sph_echo512_context echo; +#endif + sph_jh512_context jh; + sph_keccak512_context keccak; + sph_skein512_context skein; + hashState_luffa luffa; + cubehashParam cube; + sph_shavite512_context shavite; + hashState_sd simd; + sph_hamsi512_context hamsi; + sph_fugue512_context fugue; + sph_shabal512_context shabal; + sph_whirlpool_context whirlpool; + SHA512_CTX sha512; + sph_haval256_5_context haval; + sph_tiger_context tiger; + sph_gost512_context gost; + SHA256_CTX sha256; +}; +typedef union _x22i_context_overlay x22i_context_overlay; + +void x22i_hash( void *output, const void *input ) +{ + unsigned char hash[64 * 4] __attribute__((aligned(64))) = {0}; + unsigned char hash2[65] __attribute__((aligned(64))) = {0}; + x22i_context_overlay ctx; + + sph_blake512_init(&ctx.blake); + sph_blake512(&ctx.blake, input, 80); + sph_blake512_close(&ctx.blake, hash); + + sph_bmw512_init(&ctx.bmw); + sph_bmw512(&ctx.bmw, (const void*) hash, 64); + sph_bmw512_close(&ctx.bmw, hash); + +#if defined(__AES__) + init_groestl( &ctx.groestl, 64 ); + update_and_final_groestl( &ctx.groestl, (char*)hash, + (const char*)hash, 512 ); +#else + sph_groestl512_init( &ctx.groestl ); + sph_groestl512( &ctx.groestl, hash, 64 ); + sph_groestl512_close( &ctx.groestl, hash ); +#endif + + sph_skein512_init(&ctx.skein); + sph_skein512(&ctx.skein, (const void*) hash, 64); + sph_skein512_close(&ctx.skein, hash); + + sph_jh512_init(&ctx.jh); + sph_jh512(&ctx.jh, (const void*) hash, 64); + sph_jh512_close(&ctx.jh, hash); + + sph_keccak512_init(&ctx.keccak); + sph_keccak512(&ctx.keccak, (const void*) hash, 64); + sph_keccak512_close(&ctx.keccak, hash); + + init_luffa( &ctx.luffa, 512 ); + update_and_final_luffa( &ctx.luffa, (BitSequence*)hash, + (const BitSequence*)hash, 64 ); + + cubehashInit( &ctx.cube, 512, 16, 32 ); + cubehashUpdateDigest( &ctx.cube, (byte*) hash, + (const byte*)hash, 64 ); + + sph_shavite512_init(&ctx.shavite); + sph_shavite512(&ctx.shavite, (const void*) hash, 64); + sph_shavite512_close(&ctx.shavite, hash); + + init_sd( &ctx.simd, 512 ); + update_final_sd( &ctx.simd, (BitSequence*)hash, + (const BitSequence*)hash, 512 ); + +#if defined(__AES__) + init_echo( &ctx.echo, 512 ); + update_final_echo ( &ctx.echo, (BitSequence*)hash, + (const BitSequence*)hash, 512 ); +#else + sph_echo512_init( &ctx.echo ); + sph_echo512( &ctx.echo, hash, 64 ); + sph_echo512_close( &ctx.echo, hash ); +#endif + + sph_hamsi512_init(&ctx.hamsi); + sph_hamsi512(&ctx.hamsi, (const void*) hash, 64); + sph_hamsi512_close(&ctx.hamsi, hash); + + sph_fugue512_init(&ctx.fugue); + sph_fugue512(&ctx.fugue, (const void*) hash, 64); + sph_fugue512_close(&ctx.fugue, hash); + + sph_shabal512_init(&ctx.shabal); + sph_shabal512(&ctx.shabal, (const void*) hash, 64); + sph_shabal512_close(&ctx.shabal, &hash[64]); + + sph_whirlpool_init(&ctx.whirlpool); + sph_whirlpool (&ctx.whirlpool, (const void*) &hash[64], 64); + sph_whirlpool_close(&ctx.whirlpool, &hash[128]); + + SHA512_Init( &ctx.sha512 ); + SHA512_Update( &ctx.sha512, (const void*) &hash[128], 64); + SHA512_Final( (void*) &hash[192], &ctx.sha512 ); + + ComputeSingleSWIFFTX((unsigned char*)hash, (unsigned char*)hash2); + + memset(hash, 0, 64); + sph_haval256_5_init(&ctx.haval); + sph_haval256_5(&ctx.haval,(const void*) hash2, 64); + sph_haval256_5_close(&ctx.haval,hash); + + memset(hash2, 0, 64); + sph_tiger_init(&ctx.tiger); + sph_tiger (&ctx.tiger, (const void*) hash, 64); + sph_tiger_close(&ctx.tiger, (void*) hash2); + + memset(hash, 0, 64); + LYRA2RE((void*) hash, 32, (const void*) hash2, 32, (const void*) hash2, 32, 1, 4, 4); + + sph_gost512_init(&ctx.gost); + sph_gost512 (&ctx.gost, (const void*) hash, 64); + sph_gost512_close(&ctx.gost, (void*) hash); + + SHA256_Init( &ctx.sha256 ); + SHA256_Update( &ctx.sha256, (const void*) hash, 64 ); + SHA256_Final( (unsigned char*) hash, &ctx.sha256 ); + + memcpy(output, hash, 32); +} + +int scanhash_x22i( struct work* work, uint32_t max_nonce, + uint64_t *hashes_done, struct thr_info *mythr ) +{ + uint32_t endiandata[20] __attribute__((aligned(64))); + uint32_t hash[8] __attribute__((aligned(64))); + uint32_t *pdata = work->data; + uint32_t *ptarget = work->target; + const uint32_t first_nonce = pdata[19]; + const uint32_t Htarg = ptarget[7]; + uint32_t n = first_nonce; + const int thr_id = mythr->id; + + if (opt_benchmark) + ((uint32_t*)ptarget)[7] = 0x08ff; + + for (int k=0; k < 20; k++) + be32enc(&endiandata[k], pdata[k]); + + InitializeSWIFFTX(); + + do + { + pdata[19] = ++n; + be32enc( &endiandata[19], n ); + + x22i_hash( hash, endiandata ); + + if ( hash[7] < Htarg ) + if ( fulltest( hash, ptarget ) && !opt_benchmark ) + submit_solution( work, hash, mythr ); + } while ( n < max_nonce && !work_restart[thr_id].restart ); + + *hashes_done = pdata[19] - first_nonce; + return 0; +} + diff --git a/algo/x22/x25x-4way.c b/algo/x22/x25x-4way.c new file mode 100644 index 0000000..b1b4c88 --- /dev/null +++ b/algo/x22/x25x-4way.c @@ -0,0 +1,402 @@ +#include "x22i-gate.h" + +#if defined(X22I_4WAY) + +#include "algo/blake/blake-hash-4way.h" +#include "algo/bmw/bmw-hash-4way.h" +#include "algo/skein/skein-hash-4way.h" +#include "algo/jh/jh-hash-4way.h" +#include "algo/keccak/keccak-hash-4way.h" +#include "algo/hamsi/hamsi-hash-4way.h" +#include "algo/shabal/shabal-hash-4way.h" +#include "algo/sha/sha-hash-4way.h" +#include "algo/haval/haval-hash-4way.h" +#include "algo/blake/blake2s-hash-4way.h" +#include "algo/echo/aes_ni/hash_api.h" +#include "algo/groestl/aes_ni/hash-groestl.h" +#include "algo/luffa/luffa_for_sse2.h" +#include "algo/cubehash/cubehash_sse2.h" +#include "algo/shavite/sph_shavite.h" +#include "algo/simd/nist.h" +#include "algo/fugue/sph_fugue.h" +#include "algo/whirlpool/sph_whirlpool.h" +#include "algo/tiger/sph_tiger.h" +#include "algo/lyra2/lyra2.h" +#include "algo/gost/sph_gost.h" +#include "algo/swifftx/swifftx.h" +#include "algo/panama/sph_panama.h" +#include "algo/lanehash/lane.h" + +union _x25x_4way_ctx_overlay +{ + blake512_4way_context blake; + bmw512_4way_context bmw; + hashState_groestl groestl; + hashState_echo echo; + skein512_4way_context skein; + jh512_4way_context jh; + keccak512_4way_context keccak; + hashState_luffa luffa; + cubehashParam cube; + sph_shavite512_context shavite; + hashState_sd simd; + hamsi512_4way_context hamsi; + sph_fugue512_context fugue; + shabal512_4way_context shabal; + sph_whirlpool_context whirlpool; + sha512_4way_context sha512; + haval256_5_4way_context haval; + sph_tiger_context tiger; + sph_gost512_context gost; + sha256_4way_context sha256; + sph_panama_context panama; + blake2s_4way_state blake2s; +}; +typedef union _x25x_4way_ctx_overlay x25x_4way_ctx_overlay; + +void x25x_shuffle( void *hash ) +{ + // Simple shuffle algorithm, instead of just reversing + #define X25X_SHUFFLE_BLOCKS (24 * 64 / 2) + #define X25X_SHUFFLE_ROUNDS 12 + + static const uint16_t x25x_round_const[X25X_SHUFFLE_ROUNDS] = + { + 0x142c, 0x5830, 0x678c, 0xe08c, 0x3c67, 0xd50d, 0xb1d8, 0xecb2, + 0xd7ee, 0x6783, 0xfa6c, 0x4b9c + }; + + uint16_t* block_pointer = (uint16_t*)hash; + for ( int r = 0; r < X25X_SHUFFLE_ROUNDS; r++ ) + { + for ( int i = 0; i < X25X_SHUFFLE_BLOCKS; i++ ) + { + uint16_t block_value = block_pointer[ X25X_SHUFFLE_BLOCKS - i - 1 ]; + block_pointer[i] ^= block_pointer[ block_value % X25X_SHUFFLE_BLOCKS ] + + ( x25x_round_const[r] << (i % 16) ); + } + } + + #undef X25X_SHUFFLE_BLOCKS + #undef X25X_SHUFFLE_ROUNDS +} + +void x25x_4way_hash( void *output, const void *input ) +{ + unsigned char hash0[25][64] __attribute__((aligned(64))) = {0}; + unsigned char hash1[25][64] __attribute__((aligned(64))) = {0}; + unsigned char hash2[25][64] __attribute__((aligned(64))) = {0}; + unsigned char hash3[25][64] __attribute__((aligned(64))) = {0}; + uint64_t vhash[8*4] __attribute__ ((aligned (64))); + unsigned char vhashA[24][64*4] __attribute__ ((aligned (64))); + x25x_4way_ctx_overlay ctx __attribute__ ((aligned (64))); + + blake512_4way_init( &ctx.blake ); + blake512_4way( &ctx.blake, input, 80 ); + blake512_4way_close( &ctx.blake, vhash ); + dintrlv_4x64_512( &hash0[0], &hash1[0], &hash2[0], &hash3[0], vhash ); + + bmw512_4way_init( &ctx.bmw ); + bmw512_4way( &ctx.bmw, vhash, 64 ); + bmw512_4way_close( &ctx.bmw, vhash ); + dintrlv_4x64_512( &hash0[1], &hash1[1], &hash2[1], &hash3[1], vhash ); + + init_groestl( &ctx.groestl, 64 ); + update_and_final_groestl( &ctx.groestl, (char*)&hash0[2], + (const char*)&hash0[1], 512 ); + init_groestl( &ctx.groestl, 64 ); + update_and_final_groestl( &ctx.groestl, (char*)&hash1[2], + (const char*)&hash1[1], 512 ); + init_groestl( &ctx.groestl, 64 ); + update_and_final_groestl( &ctx.groestl, (char*)&hash2[2], + (const char*)&hash2[1], 512 ); + init_groestl( &ctx.groestl, 64 ); + update_and_final_groestl( &ctx.groestl, (char*)&hash3[2], + (const char*)&hash3[1], 512 ); + + intrlv_4x64_512( vhash, &hash0[2], &hash1[2], &hash2[2], &hash3[2] ); + + skein512_4way_init( &ctx.skein ); + skein512_4way( &ctx.skein, vhash, 64 ); + skein512_4way_close( &ctx.skein, vhash ); + dintrlv_4x64_512( &hash0[3], &hash1[3], &hash2[3], &hash3[3], vhash ); + + jh512_4way_init( &ctx.jh ); + jh512_4way( &ctx.jh, vhash, 64 ); + jh512_4way_close( &ctx.jh, vhash ); + dintrlv_4x64_512( &hash0[4], &hash1[4], &hash2[4], &hash3[4], vhash ); + + keccak512_4way_init( &ctx.keccak ); + keccak512_4way( &ctx.keccak, vhash, 64 ); + keccak512_4way_close( &ctx.keccak, vhash ); + dintrlv_4x64_512( &hash0[5], &hash1[5], &hash2[5], &hash3[5], vhash ); + + init_luffa( &ctx.luffa, 512 ); + update_and_final_luffa( &ctx.luffa, (BitSequence*)&hash0[6], + (const BitSequence*)&hash0[5], 64 ); + init_luffa( &ctx.luffa, 512 ); + update_and_final_luffa( &ctx.luffa, (BitSequence*)&hash1[6], + (const BitSequence*)&hash1[5], 64 ); + init_luffa( &ctx.luffa, 512 ); + update_and_final_luffa( &ctx.luffa, (BitSequence*)&hash2[6], + (const BitSequence*)&hash2[5], 64 ); + init_luffa( &ctx.luffa, 512 ); + update_and_final_luffa( &ctx.luffa, (BitSequence*)&hash3[6], + (const BitSequence*)&hash3[5], 64 ); + + cubehashInit( &ctx.cube, 512, 16, 32 ); + cubehashUpdateDigest( &ctx.cube, (byte*) &hash0[7], + (const byte*)&hash0[6], 64 ); + cubehashInit( &ctx.cube, 512, 16, 32 ); + cubehashUpdateDigest( &ctx.cube, (byte*) &hash1[7], + (const byte*)&hash1[6], 64 ); + cubehashInit( &ctx.cube, 512, 16, 32 ); + cubehashUpdateDigest( &ctx.cube, (byte*) &hash2[7], + (const byte*)&hash2[6], 64 ); + cubehashInit( &ctx.cube, 512, 16, 32 ); + cubehashUpdateDigest( &ctx.cube, (byte*) &hash3[7], + (const byte*)&hash3[6], 64 ); + + sph_shavite512_init(&ctx.shavite); + sph_shavite512(&ctx.shavite, (const void*) &hash0[7], 64); + sph_shavite512_close(&ctx.shavite, &hash0[8]); + sph_shavite512_init(&ctx.shavite); + sph_shavite512(&ctx.shavite, (const void*) &hash1[7], 64); + sph_shavite512_close(&ctx.shavite, &hash1[8]); + sph_shavite512_init(&ctx.shavite); + sph_shavite512(&ctx.shavite, (const void*) &hash2[7], 64); + sph_shavite512_close(&ctx.shavite, &hash2[8]); + sph_shavite512_init(&ctx.shavite); + sph_shavite512(&ctx.shavite, (const void*) &hash3[7], 64); + sph_shavite512_close(&ctx.shavite, &hash3[8]); + + init_sd( &ctx.simd, 512 ); + update_final_sd( &ctx.simd, (BitSequence*)&hash0[9], + (const BitSequence*)&hash0[8], 512 ); + init_sd( &ctx.simd, 512 ); + update_final_sd( &ctx.simd, (BitSequence*)&hash1[9], + (const BitSequence*)&hash1[8], 512 ); + init_sd( &ctx.simd, 512 ); + update_final_sd( &ctx.simd, (BitSequence*)&hash2[9], + (const BitSequence*)&hash2[8], 512 ); + init_sd( &ctx.simd, 512 ); + update_final_sd( &ctx.simd, (BitSequence*)&hash3[9], + (const BitSequence*)&hash3[8], 512 ); + + init_echo( &ctx.echo, 512 ); + update_final_echo ( &ctx.echo, (BitSequence*)&hash0[10], + (const BitSequence*)&hash0[9], 512 ); + init_echo( &ctx.echo, 512 ); + update_final_echo ( &ctx.echo, (BitSequence*)&hash1[10], + (const BitSequence*)&hash1[9], 512 ); + init_echo( &ctx.echo, 512 ); + update_final_echo ( &ctx.echo, (BitSequence*)&hash2[10], + (const BitSequence*)&hash2[9], 512 ); + init_echo( &ctx.echo, 512 ); + update_final_echo ( &ctx.echo, (BitSequence*)&hash3[10], + (const BitSequence*)&hash3[9], 512 ); + + intrlv_4x64_512( vhash, &hash0[10], &hash1[10], &hash2[10], &hash3[10] ); + + hamsi512_4way_init( &ctx.hamsi ); + hamsi512_4way( &ctx.hamsi, vhash, 64 ); + hamsi512_4way_close( &ctx.hamsi, vhash ); + dintrlv_4x64_512( &hash0[11], &hash1[11], &hash2[11], &hash3[11], vhash ); + + sph_fugue512_init(&ctx.fugue); + sph_fugue512(&ctx.fugue, (const void*) &hash0[11], 64); + sph_fugue512_close(&ctx.fugue, &hash0[12]); + sph_fugue512_init(&ctx.fugue); + sph_fugue512(&ctx.fugue, (const void*) &hash1[11], 64); + sph_fugue512_close(&ctx.fugue, &hash1[12]); + sph_fugue512_init(&ctx.fugue); + sph_fugue512(&ctx.fugue, (const void*) &hash2[11], 64); + sph_fugue512_close(&ctx.fugue, &hash2[12]); + sph_fugue512_init(&ctx.fugue); + sph_fugue512(&ctx.fugue, (const void*) &hash3[11], 64); + sph_fugue512_close(&ctx.fugue, &hash3[12]); + + intrlv_4x32_512( vhash, &hash0[12], &hash1[12], &hash2[12], &hash3[12] ); + + shabal512_4way_init( &ctx.shabal ); + shabal512_4way( &ctx.shabal, vhash, 64 ); + shabal512_4way_close( &ctx.shabal, vhash ); + dintrlv_4x32_512( &hash0[13], &hash1[13], &hash2[13], &hash3[13], vhash ); + + sph_whirlpool_init(&ctx.whirlpool); + sph_whirlpool (&ctx.whirlpool, (const void*) &hash0[13], 64); + sph_whirlpool_close(&ctx.whirlpool, &hash0[14]); + sph_whirlpool_init(&ctx.whirlpool); + sph_whirlpool (&ctx.whirlpool, (const void*) &hash1[13], 64); + sph_whirlpool_close(&ctx.whirlpool, &hash1[14]); + sph_whirlpool_init(&ctx.whirlpool); + sph_whirlpool (&ctx.whirlpool, (const void*) &hash2[13], 64); + sph_whirlpool_close(&ctx.whirlpool, &hash2[14]); + sph_whirlpool_init(&ctx.whirlpool); + sph_whirlpool (&ctx.whirlpool, (const void*) &hash3[13], 64); + sph_whirlpool_close(&ctx.whirlpool, &hash3[14]); + + intrlv_4x64_512( vhash, &hash0[14], &hash1[14], &hash2[14], &hash3[14] ); + + sha512_4way_init( &ctx.sha512 ); + sha512_4way( &ctx.sha512, vhash, 64 ); + sha512_4way_close( &ctx.sha512, vhash ); + dintrlv_4x64_512( &hash0[15], &hash1[15], &hash2[15], &hash3[15], vhash ); + + + ComputeSingleSWIFFTX((unsigned char*)&hash0[12], (unsigned char*)&hash0[16]); + ComputeSingleSWIFFTX((unsigned char*)&hash1[12], (unsigned char*)&hash1[16]); + ComputeSingleSWIFFTX((unsigned char*)&hash2[12], (unsigned char*)&hash2[16]); + ComputeSingleSWIFFTX((unsigned char*)&hash3[12], (unsigned char*)&hash3[16]); + + intrlv_4x32_512( &vhashA, &hash0[16], &hash1[16], &hash2[16], &hash3[16] ); + + memset( vhash, 0, 64*4 ); + + haval256_5_4way_init( &ctx.haval ); + haval256_5_4way( &ctx.haval, vhashA, 64 ); + haval256_5_4way_close( &ctx.haval, vhash ); + dintrlv_4x32_512( &hash0[17], &hash1[17], &hash2[17], &hash3[17], vhash ); + + sph_tiger_init(&ctx.tiger); + sph_tiger (&ctx.tiger, (const void*) &hash0[17], 64); + sph_tiger_close(&ctx.tiger, (void*) &hash0[18]); + sph_tiger_init(&ctx.tiger); + sph_tiger (&ctx.tiger, (const void*) &hash1[17], 64); + sph_tiger_close(&ctx.tiger, (void*) &hash1[18]); + sph_tiger_init(&ctx.tiger); + sph_tiger (&ctx.tiger, (const void*) &hash2[17], 64); + sph_tiger_close(&ctx.tiger, (void*) &hash2[18]); + sph_tiger_init(&ctx.tiger); + sph_tiger (&ctx.tiger, (const void*) &hash3[17], 64); + sph_tiger_close(&ctx.tiger, (void*) &hash3[18]); + + LYRA2RE( (void*)&hash0[19], 32, (const void*)&hash0[18], 32, + (const void*)&hash0[18], 32, 1, 4, 4 ); + LYRA2RE( (void*)&hash1[19], 32, (const void*)&hash1[18], 32, + (const void*)&hash1[18], 32, 1, 4, 4 ); + LYRA2RE( (void*)&hash2[19], 32, (const void*)&hash2[18], 32, + (const void*)&hash2[18], 32, 1, 4, 4 ); + LYRA2RE( (void*)&hash3[19], 32, (const void*)&hash3[18], 32, + (const void*)&hash3[18], 32, 1, 4, 4 ); + + sph_gost512_init(&ctx.gost); + sph_gost512 (&ctx.gost, (const void*) &hash0[19], 64); + sph_gost512_close(&ctx.gost, (void*) &hash0[20]); + sph_gost512_init(&ctx.gost); + sph_gost512 (&ctx.gost, (const void*) &hash1[19], 64); + sph_gost512_close(&ctx.gost, (void*) &hash1[20]); + sph_gost512_init(&ctx.gost); + sph_gost512 (&ctx.gost, (const void*) &hash2[19], 64); + sph_gost512_close(&ctx.gost, (void*) &hash2[20]); + sph_gost512_init(&ctx.gost); + sph_gost512 (&ctx.gost, (const void*) &hash3[19], 64); + sph_gost512_close(&ctx.gost, (void*) &hash3[20]); + + intrlv_4x32_512( vhashA, &hash0[20], &hash1[20], &hash2[20], &hash3[20] ); + memset( vhash, 0, 64*4 ); + + sha256_4way_init( &ctx.sha256 ); + sha256_4way( &ctx.sha256, vhashA, 64 ); + sha256_4way_close( &ctx.sha256, vhash ); + dintrlv_4x32_512( &hash0[21], &hash1[21], &hash2[21], &hash3[21], vhash ); + + sph_panama_init(&ctx.panama); + sph_panama (&ctx.panama, (const void*) &hash0[21], 64 ); + sph_panama_close(&ctx.panama, (void*) &hash0[22]); + sph_panama_init(&ctx.panama); + sph_panama (&ctx.panama, (const void*) &hash1[21], 64 ); + sph_panama_close(&ctx.panama, (void*) &hash1[22]); + sph_panama_init(&ctx.panama); + sph_panama (&ctx.panama, (const void*) &hash2[21], 64 ); + sph_panama_close(&ctx.panama, (void*) &hash2[22]); + sph_panama_init(&ctx.panama); + sph_panama (&ctx.panama, (const void*) &hash3[21], 64 ); + sph_panama_close(&ctx.panama, (void*) &hash3[22]); + + laneHash(512, (const BitSequence*)&hash0[22], 512, (BitSequence*)&hash0[23]); + laneHash(512, (const BitSequence*)&hash1[22], 512, (BitSequence*)&hash1[23]); + laneHash(512, (const BitSequence*)&hash2[22], 512, (BitSequence*)&hash2[23]); + laneHash(512, (const BitSequence*)&hash3[22], 512, (BitSequence*)&hash3[23]); + + x25x_shuffle( hash0 ); + x25x_shuffle( hash1 ); + x25x_shuffle( hash2 ); + x25x_shuffle( hash3 ); + + intrlv_4x32_512( &vhashA[ 0], &hash0[ 0], &hash1[ 0], &hash2[ 0], &hash3[ 0] ); + intrlv_4x32_512( &vhashA[ 1], &hash0[ 1], &hash1[ 1], &hash2[ 1], &hash3[ 1] ); + intrlv_4x32_512( &vhashA[ 2], &hash0[ 2], &hash1[ 2], &hash2[ 2], &hash3[ 2] ); + intrlv_4x32_512( &vhashA[ 3], &hash0[ 3], &hash1[ 3], &hash2[ 3], &hash3[ 3] ); + intrlv_4x32_512( &vhashA[ 4], &hash0[ 4], &hash1[ 4], &hash2[ 4], &hash3[ 4] ); + intrlv_4x32_512( &vhashA[ 5], &hash0[ 5], &hash1[ 5], &hash2[ 5], &hash3[ 5] ); + intrlv_4x32_512( &vhashA[ 6], &hash0[ 6], &hash1[ 6], &hash2[ 6], &hash3[ 6] ); + intrlv_4x32_512( &vhashA[ 7], &hash0[ 7], &hash1[ 7], &hash2[ 7], &hash3[ 7] ); + intrlv_4x32_512( &vhashA[ 8], &hash0[ 8], &hash1[ 8], &hash2[ 8], &hash3[ 8] ); + intrlv_4x32_512( &vhashA[ 9], &hash0[ 9], &hash1[ 9], &hash2[ 9], &hash3[ 9] ); + intrlv_4x32_512( &vhashA[10], &hash0[10], &hash1[10], &hash2[10], &hash3[10] ); + intrlv_4x32_512( &vhashA[11], &hash0[11], &hash1[11], &hash2[11], &hash3[11] ); + intrlv_4x32_512( &vhashA[12], &hash0[12], &hash1[12], &hash2[12], &hash3[12] ); + intrlv_4x32_512( &vhashA[13], &hash0[13], &hash1[13], &hash2[13], &hash3[13] ); + intrlv_4x32_512( &vhashA[14], &hash0[14], &hash1[14], &hash2[14], &hash3[14] ); + intrlv_4x32_512( &vhashA[15], &hash0[15], &hash1[15], &hash2[15], &hash3[15] ); + intrlv_4x32_512( &vhashA[16], &hash0[16], &hash1[16], &hash2[16], &hash3[16] ); + intrlv_4x32_512( &vhashA[17], &hash0[17], &hash1[17], &hash2[17], &hash3[17] ); + intrlv_4x32_512( &vhashA[18], &hash0[18], &hash1[18], &hash2[18], &hash3[18] ); + intrlv_4x32_512( &vhashA[19], &hash0[19], &hash1[19], &hash2[19], &hash3[19] ); + intrlv_4x32_512( &vhashA[20], &hash0[20], &hash1[20], &hash2[20], &hash3[20] ); + intrlv_4x32_512( &vhashA[21], &hash0[21], &hash1[21], &hash2[21], &hash3[21] ); + intrlv_4x32_512( &vhashA[22], &hash0[22], &hash1[22], &hash2[22], &hash3[22] ); + intrlv_4x32_512( &vhashA[23], &hash0[23], &hash1[23], &hash2[23], &hash3[23] ); + + blake2s_4way_init( &ctx.blake2s, 32 ); + blake2s_4way_full_blocks( &ctx.blake2s, vhash, vhashA, 64*24 ); + + dintrlv_4x32( &hash0[24], &hash1[24], &hash2[24], &hash3[24], vhash, 256 ); + + memcpy(output, &hash0[24], 32); + memcpy(output+32, &hash1[24], 32); + memcpy(output+64, &hash2[24], 32); + memcpy(output+96, &hash3[24], 32); +} + +int scanhash_x25x_4way( struct work* work, uint32_t max_nonce, + uint64_t *hashes_done, struct thr_info *mythr ) +{ + uint32_t hash[4*16] __attribute__ ((aligned (64))); + uint32_t vdata[24*4] __attribute__ ((aligned (64))); + uint32_t *pdata = work->data; + uint32_t *ptarget = work->target; + const uint32_t first_nonce = pdata[19]; + __m256i *noncev = (__m256i*)vdata + 9; // aligned + uint32_t n = first_nonce; + const int thr_id = mythr->id; + const uint32_t Htarg = ptarget[7]; + + if (opt_benchmark) + ((uint32_t*)ptarget)[7] = 0x08ff; + + InitializeSWIFFTX(); + + mm256_bswap32_intrlv80_4x64( vdata, pdata ); + do + { + *noncev = mm256_intrlv_blend_32( mm256_bswap_32( + _mm256_set_epi32( n+3, 0, n+2, 0, n+1, 0, n, 0 ) ), *noncev ); + x25x_4way_hash( hash, vdata ); + + for ( int i = 0; i < 4; i++ ) + if ( unlikely( (hash+(i<<3))[7] <= Htarg ) ) + if( likely( fulltest( hash+(i<<3), ptarget ) && !opt_benchmark ) ) + { + pdata[19] = n+i; + submit_lane_solution( work, hash+(i<<3), mythr, i ); + } + n += 4; + } while ( likely( ( n < max_nonce - 4 ) && !work_restart[thr_id].restart ) ); + + *hashes_done = n - first_nonce + 1; + return 0; +} + +#endif diff --git a/algo/x22/x25x.c b/algo/x22/x25x.c new file mode 100644 index 0000000..8dd5c62 --- /dev/null +++ b/algo/x22/x25x.c @@ -0,0 +1,236 @@ +#include "x22i-gate.h" +#include "algo/blake/sph_blake.h" +#include "algo/bmw/sph_bmw.h" +#if defined(__AES__) + #include "algo/echo/aes_ni/hash_api.h" + #include "algo/groestl/aes_ni/hash-groestl.h" +#else + #include "algo/groestl/sph_groestl.h" + #include "algo/echo/sph_echo.h" +#endif +#include "algo/skein/sph_skein.h" +#include "algo/jh/sph_jh.h" +#include "algo/keccak/sph_keccak.h" +#include "algo/luffa/luffa_for_sse2.h" +#include "algo/cubehash/cubehash_sse2.h" +#include "algo/shavite/sph_shavite.h" +#include "algo/simd/nist.h" +#include "algo/hamsi/sph_hamsi.h" +#include "algo/fugue/sph_fugue.h" +#include "algo/shabal/sph_shabal.h" +#include "algo/whirlpool/sph_whirlpool.h" +#include +#include "algo/haval/sph-haval.h" +#include "algo/tiger/sph_tiger.h" +#include "algo/lyra2/lyra2.h" +#include "algo/gost/sph_gost.h" +#include "algo/swifftx/swifftx.h" +#include "algo/blake/sph-blake2s.h" +#include "algo/panama/sph_panama.h" +#include "algo/lanehash/lane.h" + +union _x25x_context_overlay +{ + sph_blake512_context blake; + sph_bmw512_context bmw; +#if defined(__AES__) + hashState_groestl groestl; + hashState_echo echo; +#else + sph_groestl512_context groestl; + sph_echo512_context echo; +#endif + sph_jh512_context jh; + sph_keccak512_context keccak; + sph_skein512_context skein; + hashState_luffa luffa; + cubehashParam cube; + sph_shavite512_context shavite; + hashState_sd simd; + sph_hamsi512_context hamsi; + sph_fugue512_context fugue; + sph_shabal512_context shabal; + sph_whirlpool_context whirlpool; + SHA512_CTX sha512; + sph_haval256_5_context haval; + sph_tiger_context tiger; + sph_gost512_context gost; + SHA256_CTX sha256; + sph_panama_context panama; + blake2s_state blake2s; +}; +typedef union _x25x_context_overlay x25x_context_overlay; + +void x25x_hash( void *output, const void *input ) +{ + unsigned char hash[25][64] __attribute__((aligned(64))) = {0}; + x25x_context_overlay ctx; + + sph_blake512_init(&ctx.blake); + sph_blake512(&ctx.blake, input, 80); + sph_blake512_close(&ctx.blake, &hash[0] ); + + sph_bmw512_init(&ctx.bmw); + sph_bmw512(&ctx.bmw, (const void*) &hash[0], 64); + sph_bmw512_close(&ctx.bmw, &hash[1]); + +#if defined(__AES__) + init_groestl( &ctx.groestl, 64 ); + update_and_final_groestl( &ctx.groestl, (char*)&hash[2], + (const char*)&hash[1], 512 ); +#else + sph_groestl512_init( &ctx.groestl ); + sph_groestl512( &ctx.groestl, &hash[1], 64 ); + sph_groestl512_close( &ctx.groestl, &hash[2] ); +#endif + + sph_skein512_init(&ctx.skein); + sph_skein512(&ctx.skein, (const void*) &hash[2], 64); + sph_skein512_close(&ctx.skein, &hash[3]); + + sph_jh512_init(&ctx.jh); + sph_jh512(&ctx.jh, (const void*) &hash[3], 64); + sph_jh512_close(&ctx.jh, &hash[4]); + + sph_keccak512_init(&ctx.keccak); + sph_keccak512(&ctx.keccak, (const void*) &hash[4], 64); + sph_keccak512_close(&ctx.keccak, &hash[5]); + + init_luffa( &ctx.luffa, 512 ); + update_and_final_luffa( &ctx.luffa, (BitSequence*)&hash[6], + (const BitSequence*)&hash[5], 64 ); + + cubehashInit( &ctx.cube, 512, 16, 32 ); + cubehashUpdateDigest( &ctx.cube, (byte*) &hash[7], + (const byte*)&hash[6], 64 ); + + sph_shavite512_init(&ctx.shavite); + sph_shavite512(&ctx.shavite, (const void*) &hash[7], 64); + sph_shavite512_close(&ctx.shavite, &hash[8]); + + init_sd( &ctx.simd, 512 ); + update_final_sd( &ctx.simd, (BitSequence*)&hash[9], + (const BitSequence*)&hash[8], 512 ); + +#if defined(__AES__) + init_echo( &ctx.echo, 512 ); + update_final_echo ( &ctx.echo, (BitSequence*)&hash[10], + (const BitSequence*)&hash[9], 512 ); +#else + sph_echo512_init( &ctx.echo ); + sph_echo512( &ctx.echo, &hash[9], 64 ); + sph_echo512_close( &ctx.echo, &hash[10] ); +#endif + + sph_hamsi512_init(&ctx.hamsi); + sph_hamsi512(&ctx.hamsi, (const void*) &hash[10], 64); + sph_hamsi512_close(&ctx.hamsi, &hash[11]); + + sph_fugue512_init(&ctx.fugue); + sph_fugue512(&ctx.fugue, (const void*) &hash[11], 64); + sph_fugue512_close(&ctx.fugue, &hash[12]); + + sph_shabal512_init(&ctx.shabal); + sph_shabal512(&ctx.shabal, (const void*) &hash[12], 64); + sph_shabal512_close(&ctx.shabal, &hash[13]); + + sph_whirlpool_init(&ctx.whirlpool); + sph_whirlpool (&ctx.whirlpool, (const void*) &hash[13], 64); + sph_whirlpool_close(&ctx.whirlpool, &hash[14]); + + SHA512_Init( &ctx.sha512 ); + SHA512_Update( &ctx.sha512, (const void*) &hash[14], 64); + SHA512_Final( (void*) &hash[15], &ctx.sha512 ); + + ComputeSingleSWIFFTX((unsigned char*)&hash[12], (unsigned char*)&hash[16]); + + sph_haval256_5_init(&ctx.haval); + sph_haval256_5(&ctx.haval,(const void*) &hash[16], 64); + sph_haval256_5_close(&ctx.haval,&hash[17]); + + sph_tiger_init(&ctx.tiger); + sph_tiger (&ctx.tiger, (const void*) &hash[17], 64); + sph_tiger_close(&ctx.tiger, (void*) &hash[18]); + + LYRA2RE( (void*)&hash[19], 32, (const void*)&hash[18], 32, + (const void*)&hash[18], 32, 1, 4, 4 ); + + sph_gost512_init(&ctx.gost); + sph_gost512 (&ctx.gost, (const void*) &hash[19], 64); + sph_gost512_close(&ctx.gost, (void*) &hash[20]); + + SHA256_Init( &ctx.sha256 ); + SHA256_Update( &ctx.sha256, (const void*) &hash[20], 64 ); + SHA256_Final( (unsigned char*) &hash[21], &ctx.sha256 ); + + sph_panama_init(&ctx.panama); + sph_panama (&ctx.panama, (const void*) &hash[21], 64 ); + sph_panama_close(&ctx.panama, (void*) &hash[22]); + + laneHash(512, (const BitSequence*) &hash[22], 512, (BitSequence*) &hash[23]); + + // Simple shuffle algorithm, instead of just reversing + #define X25X_SHUFFLE_BLOCKS (24 * 64 / 2) + #define X25X_SHUFFLE_ROUNDS 12 + + static const uint16_t x25x_round_const[X25X_SHUFFLE_ROUNDS] = + { + 0x142c, 0x5830, 0x678c, 0xe08c, 0x3c67, 0xd50d, 0xb1d8, 0xecb2, + 0xd7ee, 0x6783, 0xfa6c, 0x4b9c + }; + + uint16_t* block_pointer = (uint16_t*)hash; + for ( int r = 0; r < X25X_SHUFFLE_ROUNDS; r++ ) + { + for ( int i = 0; i < X25X_SHUFFLE_BLOCKS; i++ ) + { + uint16_t block_value = block_pointer[ X25X_SHUFFLE_BLOCKS - i - 1 ]; + block_pointer[i] ^= block_pointer[ block_value % X25X_SHUFFLE_BLOCKS ] + + ( x25x_round_const[r] << (i % 16) ); + } + } + + #undef X25X_SHUFFLE_BLOCKS + #undef X25X_SHUFFLE_ROUNDS + + blake2s_simple( (uint8_t*)&hash[24], (const void*)(&hash[0]), 64 * 24 ); + + memcpy(output, &hash[24], 32); +} + +int scanhash_x25x( struct work* work, uint32_t max_nonce, + uint64_t *hashes_done, struct thr_info *mythr ) +{ + uint32_t endiandata[20] __attribute__((aligned(64))); + uint32_t hash[8] __attribute__((aligned(64))); + uint32_t *pdata = work->data; + uint32_t *ptarget = work->target; + const uint32_t first_nonce = pdata[19]; + const uint32_t Htarg = ptarget[7]; + uint32_t n = first_nonce; + const int thr_id = mythr->id; + + if (opt_benchmark) + ((uint32_t*)ptarget)[7] = 0x08ff; + + for (int k=0; k < 20; k++) + be32enc(&endiandata[k], pdata[k]); + + InitializeSWIFFTX(); + + do + { + pdata[19] = ++n; + be32enc( &endiandata[19], n ); + + x25x_hash( hash, endiandata ); + + if ( hash[7] < Htarg ) + if ( fulltest( hash, ptarget ) && !opt_benchmark ) + submit_solution( work, hash, mythr ); + } while ( n < max_nonce && !work_restart[thr_id].restart ); + + *hashes_done = pdata[19] - first_nonce; + return 0; +} + diff --git a/configure b/configure index f5ea6b3..8789e30 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for cpuminer-opt 3.9.10. +# Generated by GNU Autoconf 2.69 for cpuminer-opt 3.9.11. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -577,8 +577,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='cpuminer-opt' PACKAGE_TARNAME='cpuminer-opt' -PACKAGE_VERSION='3.9.10' -PACKAGE_STRING='cpuminer-opt 3.9.10' +PACKAGE_VERSION='3.9.11' +PACKAGE_STRING='cpuminer-opt 3.9.11' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1332,7 +1332,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures cpuminer-opt 3.9.10 to adapt to many kinds of systems. +\`configure' configures cpuminer-opt 3.9.11 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1404,7 +1404,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of cpuminer-opt 3.9.10:";; + short | recursive ) echo "Configuration of cpuminer-opt 3.9.11:";; esac cat <<\_ACEOF @@ -1509,7 +1509,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -cpuminer-opt configure 3.9.10 +cpuminer-opt configure 3.9.11 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2012,7 +2012,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by cpuminer-opt $as_me 3.9.10, which was +It was created by cpuminer-opt $as_me 3.9.11, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2993,7 +2993,7 @@ fi # Define the identity of the package. PACKAGE='cpuminer-opt' - VERSION='3.9.10' + VERSION='3.9.11' cat >>confdefs.h <<_ACEOF @@ -6690,7 +6690,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by cpuminer-opt $as_me 3.9.10, which was +This file was extended by cpuminer-opt $as_me 3.9.11, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -6756,7 +6756,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -cpuminer-opt config.status 3.9.10 +cpuminer-opt config.status 3.9.11 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 40c0cb6..05c55a9 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -AC_INIT([cpuminer-opt], [3.9.10]) +AC_INIT([cpuminer-opt], [3.9.11]) AC_PREREQ([2.59c]) AC_CANONICAL_SYSTEM diff --git a/miner.h b/miner.h index 73face1..4852852 100644 --- a/miner.h +++ b/miner.h @@ -610,6 +610,8 @@ enum algos { ALGO_X16S, ALGO_X17, ALGO_X21S, + ALGO_X22I, + ALGO_X25X, ALGO_XEVAN, ALGO_YESCRYPT, ALGO_YESCRYPTR8, @@ -707,6 +709,8 @@ static const char* const algo_names[] = { "x16s", "x17", "x21s", + "x22i", + "x25x", "xevan", "yescrypt", "yescryptr8", @@ -871,6 +875,8 @@ Options:\n\ x16s\n\ x17\n\ x21s\n\ + x22i\n\ + x25x\n\ xevan Bitsend (BSD)\n\ yescrypt Globalboost-Y (BSTY)\n\ yescryptr8 BitZeny (ZNY)\n\