1 /***********************************************************************
3 ** Implementation of the Skein block functions.
5 ** Source code author: Doug Whiting, 2008.
7 ** This algorithm and source code is released to the public domain.
9 ** Compile-time switches:
11 ** SKEIN_USE_ASM -- set bits (256/512/1024) to select which
12 ** versions use ASM code for block processing
13 ** [default: use C for all block sizes]
15 ************************************************************************/
17 #include <linux/string.h>
21 #define SKEIN_USE_ASM (0) /* default is all C code (no ASM) */
25 #define SKEIN_LOOP 001 /* default: unroll 256 and 512, but not 1024 */
28 #define BLK_BITS (WCNT*64) /* some useful definitions for code here */
29 #define KW_TWK_BASE (0)
30 #define KW_KEY_BASE (3)
31 #define ks (kw + KW_KEY_BASE)
32 #define ts (kw + KW_TWK_BASE)
35 #define DebugSaveTweak(ctx) { ctx->h.T[0] = ts[0]; ctx->h.T[1] = ts[1]; }
37 #define DebugSaveTweak(ctx)
40 /***************************** SKEIN_256 ******************************/
41 #if !(SKEIN_USE_ASM & 256)
42 void skein_256_process_block(struct skein_256_ctx *ctx, const u8 *blk_ptr,
43 size_t blk_cnt, size_t byte_cnt_add)
46 WCNT = SKEIN_256_STATE_WORDS
49 #define RCNT (SKEIN_256_ROUNDS_TOTAL/8)
51 #ifdef SKEIN_LOOP /* configure how much to unroll the loop */
52 #define SKEIN_UNROLL_256 (((SKEIN_LOOP)/100)%10)
54 #define SKEIN_UNROLL_256 (0)
58 #if (RCNT % SKEIN_UNROLL_256)
59 #error "Invalid SKEIN_UNROLL_256" /* sanity check on unroll count */
62 u64 kw[WCNT+4+RCNT*2]; /* key schedule: chaining vars + tweak + "rot"*/
64 u64 kw[WCNT+4]; /* key schedule words : chaining vars + tweak */
66 u64 X0, X1, X2, X3; /* local copy of context vars, for speed */
67 u64 w[WCNT]; /* local copy of input block */
69 const u64 *X_ptr[4]; /* use for debugging (help cc put Xn in regs) */
71 X_ptr[0] = &X0; X_ptr[1] = &X1; X_ptr[2] = &X2; X_ptr[3] = &X3;
73 Skein_assert(blk_cnt != 0); /* never call with blk_cnt == 0! */
78 * this implementation only supports 2**64 input bytes
81 ts[0] += byte_cnt_add; /* update processed length */
83 /* precompute the key schedule for this block */
88 ks[4] = ks[0] ^ ks[1] ^ ks[2] ^ ks[3] ^ SKEIN_KS_PARITY;
90 ts[2] = ts[0] ^ ts[1];
92 /* get input block in little-endian format */
93 Skein_Get64_LSB_First(w, blk_ptr, WCNT);
95 Skein_Show_Block(BLK_BITS, &ctx->h, ctx->X, blk_ptr, w, ks, ts);
97 X0 = w[0] + ks[0]; /* do the first full key injection */
98 X1 = w[1] + ks[1] + ts[0];
99 X2 = w[2] + ks[2] + ts[1];
102 /* show starting state values */
103 Skein_Show_R_Ptr(BLK_BITS, &ctx->h, SKEIN_RND_KEY_INITIAL,
106 blk_ptr += SKEIN_256_BLOCK_BYTES;
110 #define Round256(p0, p1, p2, p3, ROT, r_num) \
112 X##p0 += X##p1; X##p1 = RotL_64(X##p1, ROT##_0); X##p1 ^= X##p0; \
113 X##p2 += X##p3; X##p3 = RotL_64(X##p3, ROT##_1); X##p3 ^= X##p2; \
116 #if SKEIN_UNROLL_256 == 0
117 #define R256(p0, p1, p2, p3, ROT, r_num) /* fully unrolled */ \
119 Round256(p0, p1, p2, p3, ROT, r_num); \
120 Skein_Show_R_Ptr(BLK_BITS, &ctx->h, r_num, X_ptr); \
125 /* inject the key schedule value */ \
126 X0 += ks[((R)+1) % 5]; \
127 X1 += ks[((R)+2) % 5] + ts[((R)+1) % 3]; \
128 X2 += ks[((R)+3) % 5] + ts[((R)+2) % 3]; \
129 X3 += ks[((R)+4) % 5] + (R)+1; \
130 Skein_Show_R_Ptr(BLK_BITS, &ctx->h, SKEIN_RND_KEY_INJECT, X_ptr); \
132 #else /* looping version */
133 #define R256(p0, p1, p2, p3, ROT, r_num) \
135 Round256(p0, p1, p2, p3, ROT, r_num); \
136 Skein_Show_R_Ptr(BLK_BITS, &ctx->h, 4 * (r - 1) + r_num, X_ptr); \
141 /* inject the key schedule value */ \
143 X1 += ks[r+(R)+1] + ts[r+(R)+0]; \
144 X2 += ks[r+(R)+2] + ts[r+(R)+1]; \
145 X3 += ks[r+(R)+3] + r+(R); \
146 /* rotate key schedule */ \
147 ks[r + (R) + 4] = ks[r + (R) - 1]; \
148 ts[r + (R) + 2] = ts[r + (R) - 1]; \
149 Skein_Show_R_Ptr(BLK_BITS, &ctx->h, SKEIN_RND_KEY_INJECT, X_ptr); \
152 for (r = 1; r < 2 * RCNT; r += 2 * SKEIN_UNROLL_256)
155 #define R256_8_rounds(R) \
157 R256(0, 1, 2, 3, R_256_0, 8 * (R) + 1); \
158 R256(0, 3, 2, 1, R_256_1, 8 * (R) + 2); \
159 R256(0, 1, 2, 3, R_256_2, 8 * (R) + 3); \
160 R256(0, 3, 2, 1, R_256_3, 8 * (R) + 4); \
162 R256(0, 1, 2, 3, R_256_4, 8 * (R) + 5); \
163 R256(0, 3, 2, 1, R_256_5, 8 * (R) + 6); \
164 R256(0, 1, 2, 3, R_256_6, 8 * (R) + 7); \
165 R256(0, 3, 2, 1, R_256_7, 8 * (R) + 8); \
171 #define R256_Unroll_R(NN) \
172 ((SKEIN_UNROLL_256 == 0 && \
173 SKEIN_256_ROUNDS_TOTAL/8 > (NN)) || \
174 (SKEIN_UNROLL_256 > (NN)))
203 #if R256_Unroll_R(10)
206 #if R256_Unroll_R(11)
209 #if R256_Unroll_R(12)
212 #if R256_Unroll_R(13)
215 #if R256_Unroll_R(14)
218 #if (SKEIN_UNROLL_256 > 14)
219 #error "need more unrolling in skein_256_process_block"
222 /* do the final "feedforward" xor, update context chaining */
223 ctx->X[0] = X0 ^ w[0];
224 ctx->X[1] = X1 ^ w[1];
225 ctx->X[2] = X2 ^ w[2];
226 ctx->X[3] = X3 ^ w[3];
228 Skein_Show_Round(BLK_BITS, &ctx->h, SKEIN_RND_FEED_FWD, ctx->X);
230 ts[1] &= ~SKEIN_T1_FLAG_FIRST;
236 #if defined(SKEIN_CODE_SIZE) || defined(SKEIN_PERF)
237 size_t skein_256_process_block_code_size(void)
239 return ((u8 *) skein_256_process_block_code_size) -
240 ((u8 *) skein_256_process_block);
242 unsigned int skein_256_unroll_cnt(void)
244 return SKEIN_UNROLL_256;
249 /***************************** SKEIN_512 ******************************/
250 #if !(SKEIN_USE_ASM & 512)
251 void skein_512_process_block(struct skein_512_ctx *ctx, const u8 *blk_ptr,
252 size_t blk_cnt, size_t byte_cnt_add)
255 WCNT = SKEIN_512_STATE_WORDS
258 #define RCNT (SKEIN_512_ROUNDS_TOTAL/8)
260 #ifdef SKEIN_LOOP /* configure how much to unroll the loop */
261 #define SKEIN_UNROLL_512 (((SKEIN_LOOP)/10)%10)
263 #define SKEIN_UNROLL_512 (0)
267 #if (RCNT % SKEIN_UNROLL_512)
268 #error "Invalid SKEIN_UNROLL_512" /* sanity check on unroll count */
271 u64 kw[WCNT+4+RCNT*2]; /* key sched: chaining vars + tweak + "rot"*/
273 u64 kw[WCNT+4]; /* key schedule words : chaining vars + tweak */
275 u64 X0, X1, X2, X3, X4, X5, X6, X7; /* local copies, for speed */
276 u64 w[WCNT]; /* local copy of input block */
278 const u64 *X_ptr[8]; /* use for debugging (help cc put Xn in regs) */
280 X_ptr[0] = &X0; X_ptr[1] = &X1; X_ptr[2] = &X2; X_ptr[3] = &X3;
281 X_ptr[4] = &X4; X_ptr[5] = &X5; X_ptr[6] = &X6; X_ptr[7] = &X7;
284 Skein_assert(blk_cnt != 0); /* never call with blk_cnt == 0! */
289 * this implementation only supports 2**64 input bytes
290 * (no carry out here)
292 ts[0] += byte_cnt_add; /* update processed length */
294 /* precompute the key schedule for this block */
303 ks[8] = ks[0] ^ ks[1] ^ ks[2] ^ ks[3] ^
304 ks[4] ^ ks[5] ^ ks[6] ^ ks[7] ^ SKEIN_KS_PARITY;
306 ts[2] = ts[0] ^ ts[1];
308 /* get input block in little-endian format */
309 Skein_Get64_LSB_First(w, blk_ptr, WCNT);
311 Skein_Show_Block(BLK_BITS, &ctx->h, ctx->X, blk_ptr, w, ks, ts);
313 X0 = w[0] + ks[0]; /* do the first full key injection */
318 X5 = w[5] + ks[5] + ts[0];
319 X6 = w[6] + ks[6] + ts[1];
322 blk_ptr += SKEIN_512_BLOCK_BYTES;
324 Skein_Show_R_Ptr(BLK_BITS, &ctx->h, SKEIN_RND_KEY_INITIAL,
327 #define Round512(p0, p1, p2, p3, p4, p5, p6, p7, ROT, r_num) \
329 X##p0 += X##p1; X##p1 = RotL_64(X##p1, ROT##_0); X##p1 ^= X##p0; \
330 X##p2 += X##p3; X##p3 = RotL_64(X##p3, ROT##_1); X##p3 ^= X##p2; \
331 X##p4 += X##p5; X##p5 = RotL_64(X##p5, ROT##_2); X##p5 ^= X##p4; \
332 X##p6 += X##p7; X##p7 = RotL_64(X##p7, ROT##_3); X##p7 ^= X##p6; \
335 #if SKEIN_UNROLL_512 == 0
336 #define R512(p0, p1, p2, p3, p4, p5, p6, p7, ROT, r_num) /* unrolled */ \
338 Round512(p0, p1, p2, p3, p4, p5, p6, p7, ROT, r_num) \
339 Skein_Show_R_Ptr(BLK_BITS, &ctx->h, r_num, X_ptr); \
344 /* inject the key schedule value */ \
345 X0 += ks[((R) + 1) % 9]; \
346 X1 += ks[((R) + 2) % 9]; \
347 X2 += ks[((R) + 3) % 9]; \
348 X3 += ks[((R) + 4) % 9]; \
349 X4 += ks[((R) + 5) % 9]; \
350 X5 += ks[((R) + 6) % 9] + ts[((R) + 1) % 3]; \
351 X6 += ks[((R) + 7) % 9] + ts[((R) + 2) % 3]; \
352 X7 += ks[((R) + 8) % 9] + (R) + 1; \
353 Skein_Show_R_Ptr(BLK_BITS, &ctx->h, SKEIN_RND_KEY_INJECT, X_ptr); \
355 #else /* looping version */
356 #define R512(p0, p1, p2, p3, p4, p5, p6, p7, ROT, r_num) \
358 Round512(p0, p1, p2, p3, p4, p5, p6, p7, ROT, r_num); \
359 Skein_Show_R_Ptr(BLK_BITS, &ctx->h, 4 * (r - 1) + r_num, X_ptr); \
364 /* inject the key schedule value */ \
365 X0 += ks[r + (R) + 0]; \
366 X1 += ks[r + (R) + 1]; \
367 X2 += ks[r + (R) + 2]; \
368 X3 += ks[r + (R) + 3]; \
369 X4 += ks[r + (R) + 4]; \
370 X5 += ks[r + (R) + 5] + ts[r + (R) + 0]; \
371 X6 += ks[r + (R) + 6] + ts[r + (R) + 1]; \
372 X7 += ks[r + (R) + 7] + r + (R); \
373 /* rotate key schedule */ \
374 ks[r + (R) + 8] = ks[r + (R) - 1]; \
375 ts[r + (R) + 2] = ts[r + (R) - 1]; \
376 Skein_Show_R_Ptr(BLK_BITS, &ctx->h, SKEIN_RND_KEY_INJECT, X_ptr); \
379 for (r = 1; r < 2 * RCNT; r += 2 * SKEIN_UNROLL_512)
380 #endif /* end of looped code definitions */
382 #define R512_8_rounds(R) /* do 8 full rounds */ \
384 R512(0, 1, 2, 3, 4, 5, 6, 7, R_512_0, 8 * (R) + 1); \
385 R512(2, 1, 4, 7, 6, 5, 0, 3, R_512_1, 8 * (R) + 2); \
386 R512(4, 1, 6, 3, 0, 5, 2, 7, R_512_2, 8 * (R) + 3); \
387 R512(6, 1, 0, 7, 2, 5, 4, 3, R_512_3, 8 * (R) + 4); \
389 R512(0, 1, 2, 3, 4, 5, 6, 7, R_512_4, 8 * (R) + 5); \
390 R512(2, 1, 4, 7, 6, 5, 0, 3, R_512_5, 8 * (R) + 6); \
391 R512(4, 1, 6, 3, 0, 5, 2, 7, R_512_6, 8 * (R) + 7); \
392 R512(6, 1, 0, 7, 2, 5, 4, 3, R_512_7, 8 * (R) + 8); \
393 I512(2 * (R) + 1); /* and key injection */ \
398 #define R512_Unroll_R(NN) \
399 ((SKEIN_UNROLL_512 == 0 && \
400 SKEIN_512_ROUNDS_TOTAL/8 > (NN)) || \
401 (SKEIN_UNROLL_512 > (NN)))
430 #if R512_Unroll_R(10)
433 #if R512_Unroll_R(11)
436 #if R512_Unroll_R(12)
439 #if R512_Unroll_R(13)
442 #if R512_Unroll_R(14)
445 #if (SKEIN_UNROLL_512 > 14)
446 #error "need more unrolling in skein_512_process_block"
450 /* do the final "feedforward" xor, update context chaining */
451 ctx->X[0] = X0 ^ w[0];
452 ctx->X[1] = X1 ^ w[1];
453 ctx->X[2] = X2 ^ w[2];
454 ctx->X[3] = X3 ^ w[3];
455 ctx->X[4] = X4 ^ w[4];
456 ctx->X[5] = X5 ^ w[5];
457 ctx->X[6] = X6 ^ w[6];
458 ctx->X[7] = X7 ^ w[7];
459 Skein_Show_Round(BLK_BITS, &ctx->h, SKEIN_RND_FEED_FWD, ctx->X);
461 ts[1] &= ~SKEIN_T1_FLAG_FIRST;
467 #if defined(SKEIN_CODE_SIZE) || defined(SKEIN_PERF)
468 size_t skein_512_process_block_code_size(void)
470 return ((u8 *) skein_512_process_block_code_size) -
471 ((u8 *) skein_512_process_block);
473 unsigned int skein_512_unroll_cnt(void)
475 return SKEIN_UNROLL_512;
480 /***************************** SKEIN_1024 ******************************/
481 #if !(SKEIN_USE_ASM & 1024)
482 void skein_1024_process_block(struct skein_1024_ctx *ctx, const u8 *blk_ptr,
483 size_t blk_cnt, size_t byte_cnt_add)
484 { /* do it in C, always looping (unrolled is bigger AND slower!) */
486 WCNT = SKEIN1024_STATE_WORDS
489 #define RCNT (SKEIN1024_ROUNDS_TOTAL/8)
491 #ifdef SKEIN_LOOP /* configure how much to unroll the loop */
492 #define SKEIN_UNROLL_1024 ((SKEIN_LOOP)%10)
494 #define SKEIN_UNROLL_1024 (0)
497 #if (SKEIN_UNROLL_1024 != 0)
498 #if (RCNT % SKEIN_UNROLL_1024)
499 #error "Invalid SKEIN_UNROLL_1024" /* sanity check on unroll count */
502 u64 kw[WCNT+4+RCNT*2]; /* key sched: chaining vars + tweak + "rot" */
504 u64 kw[WCNT+4]; /* key schedule words : chaining vars + tweak */
507 /* local copy of vars, for speed */
508 u64 X00, X01, X02, X03, X04, X05, X06, X07,
509 X08, X09, X10, X11, X12, X13, X14, X15;
510 u64 w[WCNT]; /* local copy of input block */
512 const u64 *X_ptr[16]; /* use for debugging (help cc put Xn in regs) */
514 X_ptr[0] = &X00; X_ptr[1] = &X01; X_ptr[2] = &X02;
515 X_ptr[3] = &X03; X_ptr[4] = &X04; X_ptr[5] = &X05;
516 X_ptr[6] = &X06; X_ptr[7] = &X07; X_ptr[8] = &X08;
517 X_ptr[9] = &X09; X_ptr[10] = &X10; X_ptr[11] = &X11;
518 X_ptr[12] = &X12; X_ptr[13] = &X13; X_ptr[14] = &X14;
522 Skein_assert(blk_cnt != 0); /* never call with blk_cnt == 0! */
527 * this implementation only supports 2**64 input bytes
528 * (no carry out here)
530 ts[0] += byte_cnt_add; /* update processed length */
532 /* precompute the key schedule for this block */
549 ks[16] = ks[0] ^ ks[1] ^ ks[2] ^ ks[3] ^
550 ks[4] ^ ks[5] ^ ks[6] ^ ks[7] ^
551 ks[8] ^ ks[9] ^ ks[10] ^ ks[11] ^
552 ks[12] ^ ks[13] ^ ks[14] ^ ks[15] ^ SKEIN_KS_PARITY;
554 ts[2] = ts[0] ^ ts[1];
556 /* get input block in little-endian format */
557 Skein_Get64_LSB_First(w, blk_ptr, WCNT);
559 Skein_Show_Block(BLK_BITS, &ctx->h, ctx->X, blk_ptr, w, ks, ts);
561 X00 = w[0] + ks[0]; /* do the first full key injection */
571 X10 = w[10] + ks[10];
572 X11 = w[11] + ks[11];
573 X12 = w[12] + ks[12];
574 X13 = w[13] + ks[13] + ts[0];
575 X14 = w[14] + ks[14] + ts[1];
576 X15 = w[15] + ks[15];
578 Skein_Show_R_Ptr(BLK_BITS, &ctx->h, SKEIN_RND_KEY_INITIAL,
581 #define Round1024(p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, pA, pB, pC, pD, pE, \
584 X##p0 += X##p1; X##p1 = RotL_64(X##p1, ROT##_0); X##p1 ^= X##p0; \
585 X##p2 += X##p3; X##p3 = RotL_64(X##p3, ROT##_1); X##p3 ^= X##p2; \
586 X##p4 += X##p5; X##p5 = RotL_64(X##p5, ROT##_2); X##p5 ^= X##p4; \
587 X##p6 += X##p7; X##p7 = RotL_64(X##p7, ROT##_3); X##p7 ^= X##p6; \
588 X##p8 += X##p9; X##p9 = RotL_64(X##p9, ROT##_4); X##p9 ^= X##p8; \
589 X##pA += X##pB; X##pB = RotL_64(X##pB, ROT##_5); X##pB ^= X##pA; \
590 X##pC += X##pD; X##pD = RotL_64(X##pD, ROT##_6); X##pD ^= X##pC; \
591 X##pE += X##pF; X##pF = RotL_64(X##pF, ROT##_7); X##pF ^= X##pE; \
594 #if SKEIN_UNROLL_1024 == 0
595 #define R1024(p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, pA, pB, pC, pD, pE, pF, \
598 Round1024(p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, pA, pB, pC, pD, pE, \
600 Skein_Show_R_Ptr(BLK_BITS, &ctx->h, rn, X_ptr); \
605 /* inject the key schedule value */ \
606 X00 += ks[((R) + 1) % 17]; \
607 X01 += ks[((R) + 2) % 17]; \
608 X02 += ks[((R) + 3) % 17]; \
609 X03 += ks[((R) + 4) % 17]; \
610 X04 += ks[((R) + 5) % 17]; \
611 X05 += ks[((R) + 6) % 17]; \
612 X06 += ks[((R) + 7) % 17]; \
613 X07 += ks[((R) + 8) % 17]; \
614 X08 += ks[((R) + 9) % 17]; \
615 X09 += ks[((R) + 10) % 17]; \
616 X10 += ks[((R) + 11) % 17]; \
617 X11 += ks[((R) + 12) % 17]; \
618 X12 += ks[((R) + 13) % 17]; \
619 X13 += ks[((R) + 14) % 17] + ts[((R) + 1) % 3]; \
620 X14 += ks[((R) + 15) % 17] + ts[((R) + 2) % 3]; \
621 X15 += ks[((R) + 16) % 17] + (R) + 1; \
622 Skein_Show_R_Ptr(BLK_BITS, &ctx->h, SKEIN_RND_KEY_INJECT, X_ptr); \
624 #else /* looping version */
625 #define R1024(p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, pA, pB, pC, pD, pE, pF, \
628 Round1024(p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, pA, pB, pC, pD, pE, \
630 Skein_Show_R_Ptr(BLK_BITS, &ctx->h, 4 * (r - 1) + rn, X_ptr); \
635 /* inject the key schedule value */ \
636 X00 += ks[r + (R) + 0]; \
637 X01 += ks[r + (R) + 1]; \
638 X02 += ks[r + (R) + 2]; \
639 X03 += ks[r + (R) + 3]; \
640 X04 += ks[r + (R) + 4]; \
641 X05 += ks[r + (R) + 5]; \
642 X06 += ks[r + (R) + 6]; \
643 X07 += ks[r + (R) + 7]; \
644 X08 += ks[r + (R) + 8]; \
645 X09 += ks[r + (R) + 9]; \
646 X10 += ks[r + (R) + 10]; \
647 X11 += ks[r + (R) + 11]; \
648 X12 += ks[r + (R) + 12]; \
649 X13 += ks[r + (R) + 13] + ts[r + (R) + 0]; \
650 X14 += ks[r + (R) + 14] + ts[r + (R) + 1]; \
651 X15 += ks[r + (R) + 15] + r + (R); \
652 /* rotate key schedule */ \
653 ks[r + (R) + 16] = ks[r + (R) - 1]; \
654 ts[r + (R) + 2] = ts[r + (R) - 1]; \
655 Skein_Show_R_Ptr(BLK_BITSi, &ctx->h, SKEIN_RND_KEY_INJECT, X_ptr); \
658 for (r = 1; r <= 2 * RCNT; r += 2 * SKEIN_UNROLL_1024)
661 #define R1024_8_rounds(R) \
663 R1024(00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15, \
664 R1024_0, 8*(R) + 1); \
665 R1024(00, 09, 02, 13, 06, 11, 04, 15, 10, 07, 12, 03, 14, 05, 08, 01, \
666 R1024_1, 8*(R) + 2); \
667 R1024(00, 07, 02, 05, 04, 03, 06, 01, 12, 15, 14, 13, 08, 11, 10, 09, \
668 R1024_2, 8*(R) + 3); \
669 R1024(00, 15, 02, 11, 06, 13, 04, 09, 14, 01, 08, 05, 10, 03, 12, 07, \
670 R1024_3, 8*(R) + 4); \
672 R1024(00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15, \
673 R1024_4, 8*(R) + 5); \
674 R1024(00, 09, 02, 13, 06, 11, 04, 15, 10, 07, 12, 03, 14, 05, 08, 01, \
675 R1024_5, 8*(R) + 6); \
676 R1024(00, 07, 02, 05, 04, 03, 06, 01, 12, 15, 14, 13, 08, 11, 10, 09, \
677 R1024_6, 8*(R) + 7); \
678 R1024(00, 15, 02, 11, 06, 13, 04, 09, 14, 01, 08, 05, 10, 03, 12, 07, \
679 R1024_7, 8*(R) + 8); \
685 #define R1024_Unroll_R(NN) \
686 ((SKEIN_UNROLL_1024 == 0 && \
687 SKEIN1024_ROUNDS_TOTAL/8 > (NN)) || \
688 (SKEIN_UNROLL_1024 > (NN)))
690 #if R1024_Unroll_R(1)
693 #if R1024_Unroll_R(2)
696 #if R1024_Unroll_R(3)
699 #if R1024_Unroll_R(4)
702 #if R1024_Unroll_R(5)
705 #if R1024_Unroll_R(6)
708 #if R1024_Unroll_R(7)
711 #if R1024_Unroll_R(8)
714 #if R1024_Unroll_R(9)
717 #if R1024_Unroll_R(10)
720 #if R1024_Unroll_R(11)
723 #if R1024_Unroll_R(12)
726 #if R1024_Unroll_R(13)
729 #if R1024_Unroll_R(14)
732 #if (SKEIN_UNROLL_1024 > 14)
733 #error "need more unrolling in Skein_1024_Process_Block"
736 /* do the final "feedforward" xor, update context chaining */
738 ctx->X[0] = X00 ^ w[0];
739 ctx->X[1] = X01 ^ w[1];
740 ctx->X[2] = X02 ^ w[2];
741 ctx->X[3] = X03 ^ w[3];
742 ctx->X[4] = X04 ^ w[4];
743 ctx->X[5] = X05 ^ w[5];
744 ctx->X[6] = X06 ^ w[6];
745 ctx->X[7] = X07 ^ w[7];
746 ctx->X[8] = X08 ^ w[8];
747 ctx->X[9] = X09 ^ w[9];
748 ctx->X[10] = X10 ^ w[10];
749 ctx->X[11] = X11 ^ w[11];
750 ctx->X[12] = X12 ^ w[12];
751 ctx->X[13] = X13 ^ w[13];
752 ctx->X[14] = X14 ^ w[14];
753 ctx->X[15] = X15 ^ w[15];
755 Skein_Show_Round(BLK_BITS, &ctx->h, SKEIN_RND_FEED_FWD, ctx->X);
757 ts[1] &= ~SKEIN_T1_FLAG_FIRST;
758 blk_ptr += SKEIN1024_BLOCK_BYTES;
764 #if defined(SKEIN_CODE_SIZE) || defined(SKEIN_PERF)
765 size_t skein_1024_process_block_code_size(void)
767 return ((u8 *) skein_1024_process_block_code_size) -
768 ((u8 *) skein_1024_process_block);
770 unsigned int skein_1024_unroll_cnt(void)
772 return SKEIN_UNROLL_1024;
projects / karo-tx-linux.git / blob