Lines Matching +full:14 +full:a
5 * a copy of this software and associated documentation files (the
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
46 * XOR a block of data into the provided state. This supports only
47 * blocks whose length is a multiple of 64 bits.
50 xor_block(uint64_t *A, const void *data, size_t rate) in xor_block() argument
55 A[u >> 3] ^= br_dec64le((const unsigned char *)data + u); in xor_block()
60 * Process a block with the provided data. The data length must be a
64 process_block(uint64_t *A) in process_block() argument
78 tt0 = A[ 1] ^ A[ 6]; in process_block()
79 tt1 = A[11] ^ A[16]; in process_block()
80 tt0 ^= A[21] ^ tt1; in process_block()
82 tt2 = A[ 4] ^ A[ 9]; in process_block()
83 tt3 = A[14] ^ A[19]; in process_block()
84 tt0 ^= A[24]; in process_block()
88 tt0 = A[ 2] ^ A[ 7]; in process_block()
89 tt1 = A[12] ^ A[17]; in process_block()
90 tt0 ^= A[22] ^ tt1; in process_block()
92 tt2 = A[ 0] ^ A[ 5]; in process_block()
93 tt3 = A[10] ^ A[15]; in process_block()
94 tt0 ^= A[20]; in process_block()
98 tt0 = A[ 3] ^ A[ 8]; in process_block()
99 tt1 = A[13] ^ A[18]; in process_block()
100 tt0 ^= A[23] ^ tt1; in process_block()
102 tt2 = A[ 1] ^ A[ 6]; in process_block()
103 tt3 = A[11] ^ A[16]; in process_block()
104 tt0 ^= A[21]; in process_block()
108 tt0 = A[ 4] ^ A[ 9]; in process_block()
109 tt1 = A[14] ^ A[19]; in process_block()
110 tt0 ^= A[24] ^ tt1; in process_block()
112 tt2 = A[ 2] ^ A[ 7]; in process_block()
113 tt3 = A[12] ^ A[17]; in process_block()
114 tt0 ^= A[22]; in process_block()
118 tt0 = A[ 0] ^ A[ 5]; in process_block()
119 tt1 = A[10] ^ A[15]; in process_block()
120 tt0 ^= A[20] ^ tt1; in process_block()
122 tt2 = A[ 3] ^ A[ 8]; in process_block()
123 tt3 = A[13] ^ A[18]; in process_block()
124 tt0 ^= A[23]; in process_block()
128 A[ 0] = A[ 0] ^ t0; in process_block()
129 A[ 5] = A[ 5] ^ t0; in process_block()
130 A[10] = A[10] ^ t0; in process_block()
131 A[15] = A[15] ^ t0; in process_block()
132 A[20] = A[20] ^ t0; in process_block()
133 A[ 1] = A[ 1] ^ t1; in process_block()
134 A[ 6] = A[ 6] ^ t1; in process_block()
135 A[11] = A[11] ^ t1; in process_block()
136 A[16] = A[16] ^ t1; in process_block()
137 A[21] = A[21] ^ t1; in process_block()
138 A[ 2] = A[ 2] ^ t2; in process_block()
139 A[ 7] = A[ 7] ^ t2; in process_block()
140 A[12] = A[12] ^ t2; in process_block()
141 A[17] = A[17] ^ t2; in process_block()
142 A[22] = A[22] ^ t2; in process_block()
143 A[ 3] = A[ 3] ^ t3; in process_block()
144 A[ 8] = A[ 8] ^ t3; in process_block()
145 A[13] = A[13] ^ t3; in process_block()
146 A[18] = A[18] ^ t3; in process_block()
147 A[23] = A[23] ^ t3; in process_block()
148 A[ 4] = A[ 4] ^ t4; in process_block()
149 A[ 9] = A[ 9] ^ t4; in process_block()
150 A[14] = A[14] ^ t4; in process_block()
151 A[19] = A[19] ^ t4; in process_block()
152 A[24] = A[24] ^ t4; in process_block()
153 A[ 5] = (A[ 5] << 36) | (A[ 5] >> (64 - 36)); in process_block()
154 A[10] = (A[10] << 3) | (A[10] >> (64 - 3)); in process_block()
155 A[15] = (A[15] << 41) | (A[15] >> (64 - 41)); in process_block()
156 A[20] = (A[20] << 18) | (A[20] >> (64 - 18)); in process_block()
157 A[ 1] = (A[ 1] << 1) | (A[ 1] >> (64 - 1)); in process_block()
158 A[ 6] = (A[ 6] << 44) | (A[ 6] >> (64 - 44)); in process_block()
159 A[11] = (A[11] << 10) | (A[11] >> (64 - 10)); in process_block()
160 A[16] = (A[16] << 45) | (A[16] >> (64 - 45)); in process_block()
161 A[21] = (A[21] << 2) | (A[21] >> (64 - 2)); in process_block()
162 A[ 2] = (A[ 2] << 62) | (A[ 2] >> (64 - 62)); in process_block()
163 A[ 7] = (A[ 7] << 6) | (A[ 7] >> (64 - 6)); in process_block()
164 A[12] = (A[12] << 43) | (A[12] >> (64 - 43)); in process_block()
165 A[17] = (A[17] << 15) | (A[17] >> (64 - 15)); in process_block()
166 A[22] = (A[22] << 61) | (A[22] >> (64 - 61)); in process_block()
167 A[ 3] = (A[ 3] << 28) | (A[ 3] >> (64 - 28)); in process_block()
168 A[ 8] = (A[ 8] << 55) | (A[ 8] >> (64 - 55)); in process_block()
169 A[13] = (A[13] << 25) | (A[13] >> (64 - 25)); in process_block()
170 A[18] = (A[18] << 21) | (A[18] >> (64 - 21)); in process_block()
171 A[23] = (A[23] << 56) | (A[23] >> (64 - 56)); in process_block()
172 A[ 4] = (A[ 4] << 27) | (A[ 4] >> (64 - 27)); in process_block()
173 A[ 9] = (A[ 9] << 20) | (A[ 9] >> (64 - 20)); in process_block()
174 A[14] = (A[14] << 39) | (A[14] >> (64 - 39)); in process_block()
175 A[19] = (A[19] << 8) | (A[19] >> (64 - 8)); in process_block()
176 A[24] = (A[24] << 14) | (A[24] >> (64 - 14)); in process_block()
177 bnn = ~A[12]; in process_block()
178 kt = A[ 6] | A[12]; in process_block()
179 c0 = A[ 0] ^ kt; in process_block()
180 kt = bnn | A[18]; in process_block()
181 c1 = A[ 6] ^ kt; in process_block()
182 kt = A[18] & A[24]; in process_block()
183 c2 = A[12] ^ kt; in process_block()
184 kt = A[24] | A[ 0]; in process_block()
185 c3 = A[18] ^ kt; in process_block()
186 kt = A[ 0] & A[ 6]; in process_block()
187 c4 = A[24] ^ kt; in process_block()
188 A[ 0] = c0; in process_block()
189 A[ 6] = c1; in process_block()
190 A[12] = c2; in process_block()
191 A[18] = c3; in process_block()
192 A[24] = c4; in process_block()
193 bnn = ~A[22]; in process_block()
194 kt = A[ 9] | A[10]; in process_block()
195 c0 = A[ 3] ^ kt; in process_block()
196 kt = A[10] & A[16]; in process_block()
197 c1 = A[ 9] ^ kt; in process_block()
198 kt = A[16] | bnn; in process_block()
199 c2 = A[10] ^ kt; in process_block()
200 kt = A[22] | A[ 3]; in process_block()
201 c3 = A[16] ^ kt; in process_block()
202 kt = A[ 3] & A[ 9]; in process_block()
203 c4 = A[22] ^ kt; in process_block()
204 A[ 3] = c0; in process_block()
205 A[ 9] = c1; in process_block()
206 A[10] = c2; in process_block()
207 A[16] = c3; in process_block()
208 A[22] = c4; in process_block()
209 bnn = ~A[19]; in process_block()
210 kt = A[ 7] | A[13]; in process_block()
211 c0 = A[ 1] ^ kt; in process_block()
212 kt = A[13] & A[19]; in process_block()
213 c1 = A[ 7] ^ kt; in process_block()
214 kt = bnn & A[20]; in process_block()
215 c2 = A[13] ^ kt; in process_block()
216 kt = A[20] | A[ 1]; in process_block()
218 kt = A[ 1] & A[ 7]; in process_block()
219 c4 = A[20] ^ kt; in process_block()
220 A[ 1] = c0; in process_block()
221 A[ 7] = c1; in process_block()
222 A[13] = c2; in process_block()
223 A[19] = c3; in process_block()
224 A[20] = c4; in process_block()
225 bnn = ~A[17]; in process_block()
226 kt = A[ 5] & A[11]; in process_block()
227 c0 = A[ 4] ^ kt; in process_block()
228 kt = A[11] | A[17]; in process_block()
229 c1 = A[ 5] ^ kt; in process_block()
230 kt = bnn | A[23]; in process_block()
231 c2 = A[11] ^ kt; in process_block()
232 kt = A[23] & A[ 4]; in process_block()
234 kt = A[ 4] | A[ 5]; in process_block()
235 c4 = A[23] ^ kt; in process_block()
236 A[ 4] = c0; in process_block()
237 A[ 5] = c1; in process_block()
238 A[11] = c2; in process_block()
239 A[17] = c3; in process_block()
240 A[23] = c4; in process_block()
241 bnn = ~A[ 8]; in process_block()
242 kt = bnn & A[14]; in process_block()
243 c0 = A[ 2] ^ kt; in process_block()
244 kt = A[14] | A[15]; in process_block()
246 kt = A[15] & A[21]; in process_block()
247 c2 = A[14] ^ kt; in process_block()
248 kt = A[21] | A[ 2]; in process_block()
249 c3 = A[15] ^ kt; in process_block()
250 kt = A[ 2] & A[ 8]; in process_block()
251 c4 = A[21] ^ kt; in process_block()
252 A[ 2] = c0; in process_block()
253 A[ 8] = c1; in process_block()
254 A[14] = c2; in process_block()
255 A[15] = c3; in process_block()
256 A[21] = c4; in process_block()
257 A[ 0] = A[ 0] ^ RC[j + 0]; in process_block()
259 tt0 = A[ 6] ^ A[ 9]; in process_block()
260 tt1 = A[ 7] ^ A[ 5]; in process_block()
261 tt0 ^= A[ 8] ^ tt1; in process_block()
263 tt2 = A[24] ^ A[22]; in process_block()
264 tt3 = A[20] ^ A[23]; in process_block()
265 tt0 ^= A[21]; in process_block()
269 tt0 = A[12] ^ A[10]; in process_block()
270 tt1 = A[13] ^ A[11]; in process_block()
271 tt0 ^= A[14] ^ tt1; in process_block()
273 tt2 = A[ 0] ^ A[ 3]; in process_block()
274 tt3 = A[ 1] ^ A[ 4]; in process_block()
275 tt0 ^= A[ 2]; in process_block()
279 tt0 = A[18] ^ A[16]; in process_block()
280 tt1 = A[19] ^ A[17]; in process_block()
281 tt0 ^= A[15] ^ tt1; in process_block()
283 tt2 = A[ 6] ^ A[ 9]; in process_block()
284 tt3 = A[ 7] ^ A[ 5]; in process_block()
285 tt0 ^= A[ 8]; in process_block()
289 tt0 = A[24] ^ A[22]; in process_block()
290 tt1 = A[20] ^ A[23]; in process_block()
291 tt0 ^= A[21] ^ tt1; in process_block()
293 tt2 = A[12] ^ A[10]; in process_block()
294 tt3 = A[13] ^ A[11]; in process_block()
295 tt0 ^= A[14]; in process_block()
299 tt0 = A[ 0] ^ A[ 3]; in process_block()
300 tt1 = A[ 1] ^ A[ 4]; in process_block()
301 tt0 ^= A[ 2] ^ tt1; in process_block()
303 tt2 = A[18] ^ A[16]; in process_block()
304 tt3 = A[19] ^ A[17]; in process_block()
305 tt0 ^= A[15]; in process_block()
309 A[ 0] = A[ 0] ^ t0; in process_block()
310 A[ 3] = A[ 3] ^ t0; in process_block()
311 A[ 1] = A[ 1] ^ t0; in process_block()
312 A[ 4] = A[ 4] ^ t0; in process_block()
313 A[ 2] = A[ 2] ^ t0; in process_block()
314 A[ 6] = A[ 6] ^ t1; in process_block()
315 A[ 9] = A[ 9] ^ t1; in process_block()
316 A[ 7] = A[ 7] ^ t1; in process_block()
317 A[ 5] = A[ 5] ^ t1; in process_block()
318 A[ 8] = A[ 8] ^ t1; in process_block()
319 A[12] = A[12] ^ t2; in process_block()
320 A[10] = A[10] ^ t2; in process_block()
321 A[13] = A[13] ^ t2; in process_block()
322 A[11] = A[11] ^ t2; in process_block()
323 A[14] = A[14] ^ t2; in process_block()
324 A[18] = A[18] ^ t3; in process_block()
325 A[16] = A[16] ^ t3; in process_block()
326 A[19] = A[19] ^ t3; in process_block()
327 A[17] = A[17] ^ t3; in process_block()
328 A[15] = A[15] ^ t3; in process_block()
329 A[24] = A[24] ^ t4; in process_block()
330 A[22] = A[22] ^ t4; in process_block()
331 A[20] = A[20] ^ t4; in process_block()
332 A[23] = A[23] ^ t4; in process_block()
333 A[21] = A[21] ^ t4; in process_block()
334 A[ 3] = (A[ 3] << 36) | (A[ 3] >> (64 - 36)); in process_block()
335 A[ 1] = (A[ 1] << 3) | (A[ 1] >> (64 - 3)); in process_block()
336 A[ 4] = (A[ 4] << 41) | (A[ 4] >> (64 - 41)); in process_block()
337 A[ 2] = (A[ 2] << 18) | (A[ 2] >> (64 - 18)); in process_block()
338 A[ 6] = (A[ 6] << 1) | (A[ 6] >> (64 - 1)); in process_block()
339 A[ 9] = (A[ 9] << 44) | (A[ 9] >> (64 - 44)); in process_block()
340 A[ 7] = (A[ 7] << 10) | (A[ 7] >> (64 - 10)); in process_block()
341 A[ 5] = (A[ 5] << 45) | (A[ 5] >> (64 - 45)); in process_block()
342 A[ 8] = (A[ 8] << 2) | (A[ 8] >> (64 - 2)); in process_block()
343 A[12] = (A[12] << 62) | (A[12] >> (64 - 62)); in process_block()
344 A[10] = (A[10] << 6) | (A[10] >> (64 - 6)); in process_block()
345 A[13] = (A[13] << 43) | (A[13] >> (64 - 43)); in process_block()
346 A[11] = (A[11] << 15) | (A[11] >> (64 - 15)); in process_block()
347 A[14] = (A[14] << 61) | (A[14] >> (64 - 61)); in process_block()
348 A[18] = (A[18] << 28) | (A[18] >> (64 - 28)); in process_block()
349 A[16] = (A[16] << 55) | (A[16] >> (64 - 55)); in process_block()
350 A[19] = (A[19] << 25) | (A[19] >> (64 - 25)); in process_block()
351 A[17] = (A[17] << 21) | (A[17] >> (64 - 21)); in process_block()
352 A[15] = (A[15] << 56) | (A[15] >> (64 - 56)); in process_block()
353 A[24] = (A[24] << 27) | (A[24] >> (64 - 27)); in process_block()
354 A[22] = (A[22] << 20) | (A[22] >> (64 - 20)); in process_block()
355 A[20] = (A[20] << 39) | (A[20] >> (64 - 39)); in process_block()
356 A[23] = (A[23] << 8) | (A[23] >> (64 - 8)); in process_block()
357 A[21] = (A[21] << 14) | (A[21] >> (64 - 14)); in process_block()
358 bnn = ~A[13]; in process_block()
359 kt = A[ 9] | A[13]; in process_block()
360 c0 = A[ 0] ^ kt; in process_block()
361 kt = bnn | A[17]; in process_block()
362 c1 = A[ 9] ^ kt; in process_block()
363 kt = A[17] & A[21]; in process_block()
364 c2 = A[13] ^ kt; in process_block()
365 kt = A[21] | A[ 0]; in process_block()
366 c3 = A[17] ^ kt; in process_block()
367 kt = A[ 0] & A[ 9]; in process_block()
368 c4 = A[21] ^ kt; in process_block()
369 A[ 0] = c0; in process_block()
370 A[ 9] = c1; in process_block()
371 A[13] = c2; in process_block()
372 A[17] = c3; in process_block()
373 A[21] = c4; in process_block()
374 bnn = ~A[14]; in process_block()
375 kt = A[22] | A[ 1]; in process_block()
376 c0 = A[18] ^ kt; in process_block()
377 kt = A[ 1] & A[ 5]; in process_block()
378 c1 = A[22] ^ kt; in process_block()
379 kt = A[ 5] | bnn; in process_block()
380 c2 = A[ 1] ^ kt; in process_block()
381 kt = A[14] | A[18]; in process_block()
382 c3 = A[ 5] ^ kt; in process_block()
383 kt = A[18] & A[22]; in process_block()
384 c4 = A[14] ^ kt; in process_block()
385 A[18] = c0; in process_block()
386 A[22] = c1; in process_block()
387 A[ 1] = c2; in process_block()
388 A[ 5] = c3; in process_block()
389 A[14] = c4; in process_block()
390 bnn = ~A[23]; in process_block()
391 kt = A[10] | A[19]; in process_block()
392 c0 = A[ 6] ^ kt; in process_block()
393 kt = A[19] & A[23]; in process_block()
394 c1 = A[10] ^ kt; in process_block()
395 kt = bnn & A[ 2]; in process_block()
396 c2 = A[19] ^ kt; in process_block()
397 kt = A[ 2] | A[ 6]; in process_block()
399 kt = A[ 6] & A[10]; in process_block()
400 c4 = A[ 2] ^ kt; in process_block()
401 A[ 6] = c0; in process_block()
402 A[10] = c1; in process_block()
403 A[19] = c2; in process_block()
404 A[23] = c3; in process_block()
405 A[ 2] = c4; in process_block()
406 bnn = ~A[11]; in process_block()
407 kt = A[ 3] & A[ 7]; in process_block()
408 c0 = A[24] ^ kt; in process_block()
409 kt = A[ 7] | A[11]; in process_block()
410 c1 = A[ 3] ^ kt; in process_block()
411 kt = bnn | A[15]; in process_block()
412 c2 = A[ 7] ^ kt; in process_block()
413 kt = A[15] & A[24]; in process_block()
415 kt = A[24] | A[ 3]; in process_block()
416 c4 = A[15] ^ kt; in process_block()
417 A[24] = c0; in process_block()
418 A[ 3] = c1; in process_block()
419 A[ 7] = c2; in process_block()
420 A[11] = c3; in process_block()
421 A[15] = c4; in process_block()
422 bnn = ~A[16]; in process_block()
423 kt = bnn & A[20]; in process_block()
424 c0 = A[12] ^ kt; in process_block()
425 kt = A[20] | A[ 4]; in process_block()
427 kt = A[ 4] & A[ 8]; in process_block()
428 c2 = A[20] ^ kt; in process_block()
429 kt = A[ 8] | A[12]; in process_block()
430 c3 = A[ 4] ^ kt; in process_block()
431 kt = A[12] & A[16]; in process_block()
432 c4 = A[ 8] ^ kt; in process_block()
433 A[12] = c0; in process_block()
434 A[16] = c1; in process_block()
435 A[20] = c2; in process_block()
436 A[ 4] = c3; in process_block()
437 A[ 8] = c4; in process_block()
438 A[ 0] = A[ 0] ^ RC[j + 1]; in process_block()
439 t = A[ 5]; in process_block()
440 A[ 5] = A[18]; in process_block()
441 A[18] = A[11]; in process_block()
442 A[11] = A[10]; in process_block()
443 A[10] = A[ 6]; in process_block()
444 A[ 6] = A[22]; in process_block()
445 A[22] = A[20]; in process_block()
446 A[20] = A[12]; in process_block()
447 A[12] = A[19]; in process_block()
448 A[19] = A[15]; in process_block()
449 A[15] = A[24]; in process_block()
450 A[24] = A[ 8]; in process_block()
451 A[ 8] = t; in process_block()
452 t = A[ 1]; in process_block()
453 A[ 1] = A[ 9]; in process_block()
454 A[ 9] = A[14]; in process_block()
455 A[14] = A[ 2]; in process_block()
456 A[ 2] = A[13]; in process_block()
457 A[13] = A[23]; in process_block()
458 A[23] = A[ 4]; in process_block()
459 A[ 4] = A[21]; in process_block()
460 A[21] = A[16]; in process_block()
461 A[16] = A[ 3]; in process_block()
462 A[ 3] = A[17]; in process_block()
463 A[17] = A[ 7]; in process_block()
464 A[ 7] = t; in process_block()
474 memset(sc->A, 0, sizeof sc->A); in br_shake_init()
475 sc->A[ 1] = ~(uint64_t)0; in br_shake_init()
476 sc->A[ 2] = ~(uint64_t)0; in br_shake_init()
477 sc->A[ 8] = ~(uint64_t)0; in br_shake_init()
478 sc->A[12] = ~(uint64_t)0; in br_shake_init()
479 sc->A[17] = ~(uint64_t)0; in br_shake_init()
480 sc->A[20] = ~(uint64_t)0; in br_shake_init()
505 xor_block(sc->A, sc->dbuf, rate); in br_shake_inject()
506 process_block(sc->A); in br_shake_inject()
530 xor_block(sc->A, sc->dbuf, sc->rate); in br_shake_flip()
548 uint64_t *A; in br_shake_produce() local
550 A = sc->A; in br_shake_produce()
552 process_block(A); in br_shake_produce()
553 br_enc64le(dbuf + 0, A[ 0]); in br_shake_produce()
554 br_enc64le(dbuf + 8, ~A[ 1]); in br_shake_produce()
555 br_enc64le(dbuf + 16, ~A[ 2]); in br_shake_produce()
556 br_enc64le(dbuf + 24, A[ 3]); in br_shake_produce()
557 br_enc64le(dbuf + 32, A[ 4]); in br_shake_produce()
558 br_enc64le(dbuf + 40, A[ 5]); in br_shake_produce()
559 br_enc64le(dbuf + 48, A[ 6]); in br_shake_produce()
560 br_enc64le(dbuf + 56, A[ 7]); in br_shake_produce()
561 br_enc64le(dbuf + 64, ~A[ 8]); in br_shake_produce()
562 br_enc64le(dbuf + 72, A[ 9]); in br_shake_produce()
563 br_enc64le(dbuf + 80, A[10]); in br_shake_produce()
564 br_enc64le(dbuf + 88, A[11]); in br_shake_produce()
565 br_enc64le(dbuf + 96, ~A[12]); in br_shake_produce()
566 br_enc64le(dbuf + 104, A[13]); in br_shake_produce()
567 br_enc64le(dbuf + 112, A[14]); in br_shake_produce()
568 br_enc64le(dbuf + 120, A[15]); in br_shake_produce()
569 br_enc64le(dbuf + 128, A[16]); in br_shake_produce()
570 br_enc64le(dbuf + 136, ~A[17]); in br_shake_produce()
571 br_enc64le(dbuf + 144, A[18]); in br_shake_produce()
572 br_enc64le(dbuf + 152, A[19]); in br_shake_produce()
573 br_enc64le(dbuf + 160, ~A[20]); in br_shake_produce()
574 br_enc64le(dbuf + 168, A[21]); in br_shake_produce()
575 br_enc64le(dbuf + 176, A[22]); in br_shake_produce()
576 br_enc64le(dbuf + 184, A[23]); in br_shake_produce()
577 br_enc64le(dbuf + 192, A[24]); in br_shake_produce()