0000: 2f 2a 0a 43 6f 64 65 20 61 75 74 6f 6d 61 74 69 /*.Code automati
0010: 63 61 6c 6c 79 20 67 65 6e 65 72 61 74 65 64 20 cally generated
0020: 62 79 20 4b 65 63 63 61 6b 54 6f 6f 6c 73 21 0a by KeccakTools!.
0030: 0a 54 68 65 20 4b 65 63 63 61 6b 20 73 70 6f 6e .The Keccak spon
0040: 67 65 20 66 75 6e 63 74 69 6f 6e 2c 20 64 65 73 ge function, des
0050: 69 67 6e 65 64 20 62 79 20 47 75 69 64 6f 20 42 igned by Guido B
0060: 65 72 74 6f 6e 69 2c 20 4a 6f 61 6e 20 44 61 65 ertoni, Joan Dae
0070: 6d 65 6e 2c 0a 4d 69 63 68 61 c3 ab 6c 20 50 65 men,.Michaël Pe
0080: 65 74 65 72 73 20 61 6e 64 20 47 69 6c 6c 65 73 eters and Gilles
0090: 20 56 61 6e 20 41 73 73 63 68 65 2e 20 46 6f 72 Van Assche. For
00a0: 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f more informatio
00b0: 6e 2c 20 66 65 65 64 62 61 63 6b 20 6f 72 0a 71 n, feedback or.q
00c0: 75 65 73 74 69 6f 6e 73 2c 20 70 6c 65 61 73 65 uestions, please
00d0: 20 72 65 66 65 72 20 74 6f 20 6f 75 72 20 77 65 refer to our we
00e0: 62 73 69 74 65 3a 20 68 74 74 70 3a 2f 2f 6b 65 bsite: http://ke
00f0: 63 63 61 6b 2e 6e 6f 65 6b 65 6f 6e 2e 6f 72 67 ccak.noekeon.org
0100: 2f 0a 0a 49 6d 70 6c 65 6d 65 6e 74 61 74 69 6f /..Implementatio
0110: 6e 20 62 79 20 74 68 65 20 64 65 73 69 67 6e 65 n by the designe
0120: 72 73 2c 0a 68 65 72 65 62 79 20 64 65 6e 6f 74 rs,.hereby denot
0130: 65 64 20 61 73 20 22 74 68 65 20 69 6d 70 6c 65 ed as "the imple
0140: 6d 65 6e 74 65 72 22 2e 0a 0a 54 6f 20 74 68 65 menter"...To the
0150: 20 65 78 74 65 6e 74 20 70 6f 73 73 69 62 6c 65 extent possible
0160: 20 75 6e 64 65 72 20 6c 61 77 2c 20 74 68 65 20 under law, the
0170: 69 6d 70 6c 65 6d 65 6e 74 65 72 20 68 61 73 20 implementer has
0180: 77 61 69 76 65 64 20 61 6c 6c 20 63 6f 70 79 72 waived all copyr
0190: 69 67 68 74 0a 61 6e 64 20 72 65 6c 61 74 65 64 ight.and related
01a0: 20 6f 72 20 6e 65 69 67 68 62 6f 72 69 6e 67 20 or neighboring
01b0: 72 69 67 68 74 73 20 74 6f 20 74 68 65 20 73 6f rights to the so
01c0: 75 72 63 65 20 63 6f 64 65 20 69 6e 20 74 68 69 urce code in thi
01d0: 73 20 66 69 6c 65 2e 0a 68 74 74 70 3a 2f 2f 63 s file..http://c
01e0: 72 65 61 74 69 76 65 63 6f 6d 6d 6f 6e 73 2e 6f reativecommons.o
01f0: 72 67 2f 70 75 62 6c 69 63 64 6f 6d 61 69 6e 2f rg/publicdomain/
0200: 7a 65 72 6f 2f 31 2e 30 2f 0a 2a 2f 0a 0a 23 64 zero/1.0/.*/..#d
0210: 65 66 69 6e 65 20 64 65 63 6c 61 72 65 41 42 43 efine declareABC
0220: 44 45 20 5c 0a 20 20 20 20 56 36 34 20 41 62 61 DE \. V64 Aba
0230: 2c 20 41 62 65 2c 20 41 62 69 2c 20 41 62 6f 2c , Abe, Abi, Abo,
0240: 20 41 62 75 3b 20 5c 0a 20 20 20 20 56 36 34 20 Abu; \. V64
0250: 41 67 61 2c 20 41 67 65 2c 20 41 67 69 2c 20 41 Aga, Age, Agi, A
0260: 67 6f 2c 20 41 67 75 3b 20 5c 0a 20 20 20 20 56 go, Agu; \. V
0270: 36 34 20 41 6b 61 2c 20 41 6b 65 2c 20 41 6b 69 64 Aka, Ake, Aki
0280: 2c 20 41 6b 6f 2c 20 41 6b 75 3b 20 5c 0a 20 20 , Ako, Aku; \.
0290: 20 20 56 36 34 20 41 6d 61 2c 20 41 6d 65 2c 20 V64 Ama, Ame,
02a0: 41 6d 69 2c 20 41 6d 6f 2c 20 41 6d 75 3b 20 5c Ami, Amo, Amu; \
02b0: 0a 20 20 20 20 56 36 34 20 41 73 61 2c 20 41 73 . V64 Asa, As
02c0: 65 2c 20 41 73 69 2c 20 41 73 6f 2c 20 41 73 75 e, Asi, Aso, Asu
02d0: 3b 20 5c 0a 20 20 20 20 56 36 34 20 42 62 61 2c ; \. V64 Bba,
02e0: 20 42 62 65 2c 20 42 62 69 2c 20 42 62 6f 2c 20 Bbe, Bbi, Bbo,
02f0: 42 62 75 3b 20 5c 0a 20 20 20 20 56 36 34 20 42 Bbu; \. V64 B
0300: 67 61 2c 20 42 67 65 2c 20 42 67 69 2c 20 42 67 ga, Bge, Bgi, Bg
0310: 6f 2c 20 42 67 75 3b 20 5c 0a 20 20 20 20 56 36 o, Bgu; \. V6
0320: 34 20 42 6b 61 2c 20 42 6b 65 2c 20 42 6b 69 2c 4 Bka, Bke, Bki,
0330: 20 42 6b 6f 2c 20 42 6b 75 3b 20 5c 0a 20 20 20 Bko, Bku; \.
0340: 20 56 36 34 20 42 6d 61 2c 20 42 6d 65 2c 20 42 V64 Bma, Bme, B
0350: 6d 69 2c 20 42 6d 6f 2c 20 42 6d 75 3b 20 5c 0a mi, Bmo, Bmu; \.
0360: 20 20 20 20 56 36 34 20 42 73 61 2c 20 42 73 65 V64 Bsa, Bse
0370: 2c 20 42 73 69 2c 20 42 73 6f 2c 20 42 73 75 3b , Bsi, Bso, Bsu;
0380: 20 5c 0a 20 20 20 20 56 36 34 20 43 61 2c 20 43 \. V64 Ca, C
0390: 65 2c 20 43 69 2c 20 43 6f 2c 20 43 75 3b 20 5c e, Ci, Co, Cu; \
03a0: 0a 20 20 20 20 56 36 34 20 44 61 2c 20 44 65 2c . V64 Da, De,
03b0: 20 44 69 2c 20 44 6f 2c 20 44 75 3b 20 5c 0a 20 Di, Do, Du; \.
03c0: 20 20 20 56 36 34 20 45 62 61 2c 20 45 62 65 2c V64 Eba, Ebe,
03d0: 20 45 62 69 2c 20 45 62 6f 2c 20 45 62 75 3b 20 Ebi, Ebo, Ebu;
03e0: 5c 0a 20 20 20 20 56 36 34 20 45 67 61 2c 20 45 \. V64 Ega, E
03f0: 67 65 2c 20 45 67 69 2c 20 45 67 6f 2c 20 45 67 ge, Egi, Ego, Eg
0400: 75 3b 20 5c 0a 20 20 20 20 56 36 34 20 45 6b 61 u; \. V64 Eka
0410: 2c 20 45 6b 65 2c 20 45 6b 69 2c 20 45 6b 6f 2c , Eke, Eki, Eko,
0420: 20 45 6b 75 3b 20 5c 0a 20 20 20 20 56 36 34 20 Eku; \. V64
0430: 45 6d 61 2c 20 45 6d 65 2c 20 45 6d 69 2c 20 45 Ema, Eme, Emi, E
0440: 6d 6f 2c 20 45 6d 75 3b 20 5c 0a 20 20 20 20 56 mo, Emu; \. V
0450: 36 34 20 45 73 61 2c 20 45 73 65 2c 20 45 73 69 64 Esa, Ese, Esi
0460: 2c 20 45 73 6f 2c 20 45 73 75 3b 20 5c 0a 0a 23 , Eso, Esu; \..#
0470: 64 65 66 69 6e 65 20 70 72 65 70 61 72 65 54 68 define prepareTh
0480: 65 74 61 20 5c 0a 20 20 20 20 43 61 20 3d 20 58 eta \. Ca = X
0490: 4f 52 36 34 28 41 62 61 2c 20 58 4f 52 36 34 28 OR64(Aba, XOR64(
04a0: 41 67 61 2c 20 58 4f 52 36 34 28 41 6b 61 2c 20 Aga, XOR64(Aka,
04b0: 58 4f 52 36 34 28 41 6d 61 2c 20 41 73 61 29 29 XOR64(Ama, Asa))
04c0: 29 29 3b 20 5c 0a 20 20 20 20 43 65 20 3d 20 58 )); \. Ce = X
04d0: 4f 52 36 34 28 41 62 65 2c 20 58 4f 52 36 34 28 OR64(Abe, XOR64(
04e0: 41 67 65 2c 20 58 4f 52 36 34 28 41 6b 65 2c 20 Age, XOR64(Ake,
04f0: 58 4f 52 36 34 28 41 6d 65 2c 20 41 73 65 29 29 XOR64(Ame, Ase))
0500: 29 29 3b 20 5c 0a 20 20 20 20 43 69 20 3d 20 58 )); \. Ci = X
0510: 4f 52 36 34 28 41 62 69 2c 20 58 4f 52 36 34 28 OR64(Abi, XOR64(
0520: 41 67 69 2c 20 58 4f 52 36 34 28 41 6b 69 2c 20 Agi, XOR64(Aki,
0530: 58 4f 52 36 34 28 41 6d 69 2c 20 41 73 69 29 29 XOR64(Ami, Asi))
0540: 29 29 3b 20 5c 0a 20 20 20 20 43 6f 20 3d 20 58 )); \. Co = X
0550: 4f 52 36 34 28 41 62 6f 2c 20 58 4f 52 36 34 28 OR64(Abo, XOR64(
0560: 41 67 6f 2c 20 58 4f 52 36 34 28 41 6b 6f 2c 20 Ago, XOR64(Ako,
0570: 58 4f 52 36 34 28 41 6d 6f 2c 20 41 73 6f 29 29 XOR64(Amo, Aso))
0580: 29 29 3b 20 5c 0a 20 20 20 20 43 75 20 3d 20 58 )); \. Cu = X
0590: 4f 52 36 34 28 41 62 75 2c 20 58 4f 52 36 34 28 OR64(Abu, XOR64(
05a0: 41 67 75 2c 20 58 4f 52 36 34 28 41 6b 75 2c 20 Agu, XOR64(Aku,
05b0: 58 4f 52 36 34 28 41 6d 75 2c 20 41 73 75 29 29 XOR64(Amu, Asu))
05c0: 29 29 3b 20 5c 0a 0a 2f 2f 20 2d 2d 2d 20 43 6f )); \..// --- Co
05d0: 64 65 20 66 6f 72 20 72 6f 75 6e 64 2c 20 77 69 de for round, wi
05e0: 74 68 20 70 72 65 70 61 72 65 2d 74 68 65 74 61 th prepare-theta
05f0: 0a 2f 2f 20 2d 2d 2d 20 36 34 2d 62 69 74 20 6c .// --- 64-bit l
0600: 61 6e 65 73 20 6d 61 70 70 65 64 20 74 6f 20 36 anes mapped to 6
0610: 34 2d 62 69 74 20 77 6f 72 64 73 0a 23 64 65 66 4-bit words.#def
0620: 69 6e 65 20 74 68 65 74 61 52 68 6f 50 69 43 68 ine thetaRhoPiCh
0630: 69 49 6f 74 61 50 72 65 70 61 72 65 54 68 65 74 iIotaPrepareThet
0640: 61 28 69 2c 20 41 2c 20 45 29 20 5c 0a 20 20 20 a(i, A, E) \.
0650: 20 44 61 20 3d 20 58 4f 52 36 34 28 43 75 2c 20 Da = XOR64(Cu,
0660: 52 4f 4c 36 34 28 43 65 2c 20 31 29 29 3b 20 5c ROL64(Ce, 1)); \
0670: 0a 20 20 20 20 44 65 20 3d 20 58 4f 52 36 34 28 . De = XOR64(
0680: 43 61 2c 20 52 4f 4c 36 34 28 43 69 2c 20 31 29 Ca, ROL64(Ci, 1)
0690: 29 3b 20 5c 0a 20 20 20 20 44 69 20 3d 20 58 4f ); \. Di = XO
06a0: 52 36 34 28 43 65 2c 20 52 4f 4c 36 34 28 43 6f R64(Ce, ROL64(Co
06b0: 2c 20 31 29 29 3b 20 5c 0a 20 20 20 20 44 6f 20 , 1)); \. Do
06c0: 3d 20 58 4f 52 36 34 28 43 69 2c 20 52 4f 4c 36 = XOR64(Ci, ROL6
06d0: 34 28 43 75 2c 20 31 29 29 3b 20 5c 0a 20 20 20 4(Cu, 1)); \.
06e0: 20 44 75 20 3d 20 58 4f 52 36 34 28 43 6f 2c 20 Du = XOR64(Co,
06f0: 52 4f 4c 36 34 28 43 61 2c 20 31 29 29 3b 20 5c ROL64(Ca, 1)); \
0700: 0a 5c 0a 20 20 20 20 58 4f 52 65 71 36 34 28 41 .\. XOReq64(A
0710: 23 23 62 61 2c 20 44 61 29 3b 20 5c 0a 20 20 20 ##ba, Da); \.
0720: 20 42 62 61 20 3d 20 41 23 23 62 61 3b 20 5c 0a Bba = A##ba; \.
0730: 20 20 20 20 58 4f 52 65 71 36 34 28 41 23 23 67 XOReq64(A##g
0740: 65 2c 20 44 65 29 3b 20 5c 0a 20 20 20 20 42 62 e, De); \. Bb
0750: 65 20 3d 20 52 4f 4c 36 34 28 41 23 23 67 65 2c e = ROL64(A##ge,
0760: 20 34 34 29 3b 20 5c 0a 20 20 20 20 58 4f 52 65 44); \. XORe
0770: 71 36 34 28 41 23 23 6b 69 2c 20 44 69 29 3b 20 q64(A##ki, Di);
0780: 5c 0a 20 20 20 20 42 62 69 20 3d 20 52 4f 4c 36 \. Bbi = ROL6
0790: 34 28 41 23 23 6b 69 2c 20 34 33 29 3b 20 5c 0a 4(A##ki, 43); \.
07a0: 20 20 20 20 45 23 23 62 61 20 3d 20 58 4f 52 36 E##ba = XOR6
07b0: 34 28 42 62 61 2c 20 41 4e 44 6e 75 36 34 28 42 4(Bba, ANDnu64(B
07c0: 62 65 2c 20 42 62 69 29 29 3b 20 5c 0a 20 20 20 be, Bbi)); \.
07d0: 20 58 4f 52 65 71 36 34 28 45 23 23 62 61 2c 20 XOReq64(E##ba,
07e0: 43 4f 4e 53 54 36 34 28 4b 65 63 63 61 6b 46 31 CONST64(KeccakF1
07f0: 36 30 30 52 6f 75 6e 64 43 6f 6e 73 74 61 6e 74 600RoundConstant
0800: 73 5b 69 5d 29 29 3b 20 5c 0a 20 20 20 20 43 61 s[i])); \. Ca
0810: 20 3d 20 45 23 23 62 61 3b 20 5c 0a 20 20 20 20 = E##ba; \.
0820: 58 4f 52 65 71 36 34 28 41 23 23 6d 6f 2c 20 44 XOReq64(A##mo, D
0830: 6f 29 3b 20 5c 0a 20 20 20 20 42 62 6f 20 3d 20 o); \. Bbo =
0840: 52 4f 4c 36 34 28 41 23 23 6d 6f 2c 20 32 31 29 ROL64(A##mo, 21)
0850: 3b 20 5c 0a 20 20 20 20 45 23 23 62 65 20 3d 20 ; \. E##be =
0860: 58 4f 52 36 34 28 42 62 65 2c 20 41 4e 44 6e 75 XOR64(Bbe, ANDnu
0870: 36 34 28 42 62 69 2c 20 42 62 6f 29 29 3b 20 5c 64(Bbi, Bbo)); \
0880: 0a 20 20 20 20 43 65 20 3d 20 45 23 23 62 65 3b . Ce = E##be;
0890: 20 5c 0a 20 20 20 20 58 4f 52 65 71 36 34 28 41 \. XOReq64(A
08a0: 23 23 73 75 2c 20 44 75 29 3b 20 5c 0a 20 20 20 ##su, Du); \.
08b0: 20 42 62 75 20 3d 20 52 4f 4c 36 34 28 41 23 23 Bbu = ROL64(A##
08c0: 73 75 2c 20 31 34 29 3b 20 5c 0a 20 20 20 20 45 su, 14); \. E
08d0: 23 23 62 69 20 3d 20 58 4f 52 36 34 28 42 62 69 ##bi = XOR64(Bbi
08e0: 2c 20 41 4e 44 6e 75 36 34 28 42 62 6f 2c 20 42 , ANDnu64(Bbo, B
08f0: 62 75 29 29 3b 20 5c 0a 20 20 20 20 43 69 20 3d bu)); \. Ci =
0900: 20 45 23 23 62 69 3b 20 5c 0a 20 20 20 20 45 23 E##bi; \. E#
0910: 23 62 6f 20 3d 20 58 4f 52 36 34 28 42 62 6f 2c #bo = XOR64(Bbo,
0920: 20 41 4e 44 6e 75 36 34 28 42 62 75 2c 20 42 62 ANDnu64(Bbu, Bb
0930: 61 29 29 3b 20 5c 0a 20 20 20 20 43 6f 20 3d 20 a)); \. Co =
0940: 45 23 23 62 6f 3b 20 5c 0a 20 20 20 20 45 23 23 E##bo; \. E##
0950: 62 75 20 3d 20 58 4f 52 36 34 28 42 62 75 2c 20 bu = XOR64(Bbu,
0960: 41 4e 44 6e 75 36 34 28 42 62 61 2c 20 42 62 65 ANDnu64(Bba, Bbe
0970: 29 29 3b 20 5c 0a 20 20 20 20 43 75 20 3d 20 45 )); \. Cu = E
0980: 23 23 62 75 3b 20 5c 0a 5c 0a 20 20 20 20 58 4f ##bu; \.\. XO
0990: 52 65 71 36 34 28 41 23 23 62 6f 2c 20 44 6f 29 Req64(A##bo, Do)
09a0: 3b 20 5c 0a 20 20 20 20 42 67 61 20 3d 20 52 4f ; \. Bga = RO
09b0: 4c 36 34 28 41 23 23 62 6f 2c 20 32 38 29 3b 20 L64(A##bo, 28);
09c0: 5c 0a 20 20 20 20 58 4f 52 65 71 36 34 28 41 23 \. XOReq64(A#
09d0: 23 67 75 2c 20 44 75 29 3b 20 5c 0a 20 20 20 20 #gu, Du); \.
09e0: 42 67 65 20 3d 20 52 4f 4c 36 34 28 41 23 23 67 Bge = ROL64(A##g
09f0: 75 2c 20 32 30 29 3b 20 5c 0a 20 20 20 20 58 4f u, 20); \. XO
0a00: 52 65 71 36 34 28 41 23 23 6b 61 2c 20 44 61 29 Req64(A##ka, Da)
0a10: 3b 20 5c 0a 20 20 20 20 42 67 69 20 3d 20 52 4f ; \. Bgi = RO
0a20: 4c 36 34 28 41 23 23 6b 61 2c 20 33 29 3b 20 5c L64(A##ka, 3); \
0a30: 0a 20 20 20 20 45 23 23 67 61 20 3d 20 58 4f 52 . E##ga = XOR
0a40: 36 34 28 42 67 61 2c 20 41 4e 44 6e 75 36 34 28 64(Bga, ANDnu64(
0a50: 42 67 65 2c 20 42 67 69 29 29 3b 20 5c 0a 20 20 Bge, Bgi)); \.
0a60: 20 20 58 4f 52 65 71 36 34 28 43 61 2c 20 45 23 XOReq64(Ca, E#
0a70: 23 67 61 29 3b 20 5c 0a 20 20 20 20 58 4f 52 65 #ga); \. XORe
0a80: 71 36 34 28 41 23 23 6d 65 2c 20 44 65 29 3b 20 q64(A##me, De);
0a90: 5c 0a 20 20 20 20 42 67 6f 20 3d 20 52 4f 4c 36 \. Bgo = ROL6
0aa0: 34 28 41 23 23 6d 65 2c 20 34 35 29 3b 20 5c 0a 4(A##me, 45); \.
0ab0: 20 20 20 20 45 23 23 67 65 20 3d 20 58 4f 52 36 E##ge = XOR6
0ac0: 34 28 42 67 65 2c 20 41 4e 44 6e 75 36 34 28 42 4(Bge, ANDnu64(B
0ad0: 67 69 2c 20 42 67 6f 29 29 3b 20 5c 0a 20 20 20 gi, Bgo)); \.
0ae0: 20 58 4f 52 65 71 36 34 28 43 65 2c 20 45 23 23 XOReq64(Ce, E##
0af0: 67 65 29 3b 20 5c 0a 20 20 20 20 58 4f 52 65 71 ge); \. XOReq
0b00: 36 34 28 41 23 23 73 69 2c 20 44 69 29 3b 20 5c 64(A##si, Di); \
0b10: 0a 20 20 20 20 42 67 75 20 3d 20 52 4f 4c 36 34 . Bgu = ROL64
0b20: 28 41 23 23 73 69 2c 20 36 31 29 3b 20 5c 0a 20 (A##si, 61); \.
0b30: 20 20 20 45 23 23 67 69 20 3d 20 58 4f 52 36 34 E##gi = XOR64
0b40: 28 42 67 69 2c 20 41 4e 44 6e 75 36 34 28 42 67 (Bgi, ANDnu64(Bg
0b50: 6f 2c 20 42 67 75 29 29 3b 20 5c 0a 20 20 20 20 o, Bgu)); \.
0b60: 58 4f 52 65 71 36 34 28 43 69 2c 20 45 23 23 67 XOReq64(Ci, E##g
0b70: 69 29 3b 20 5c 0a 20 20 20 20 45 23 23 67 6f 20 i); \. E##go
0b80: 3d 20 58 4f 52 36 34 28 42 67 6f 2c 20 41 4e 44 = XOR64(Bgo, AND
0b90: 6e 75 36 34 28 42 67 75 2c 20 42 67 61 29 29 3b nu64(Bgu, Bga));
0ba0: 20 5c 0a 20 20 20 20 58 4f 52 65 71 36 34 28 43 \. XOReq64(C
0bb0: 6f 2c 20 45 23 23 67 6f 29 3b 20 5c 0a 20 20 20 o, E##go); \.
0bc0: 20 45 23 23 67 75 20 3d 20 58 4f 52 36 34 28 42 E##gu = XOR64(B
0bd0: 67 75 2c 20 41 4e 44 6e 75 36 34 28 42 67 61 2c gu, ANDnu64(Bga,
0be0: 20 42 67 65 29 29 3b 20 5c 0a 20 20 20 20 58 4f Bge)); \. XO
0bf0: 52 65 71 36 34 28 43 75 2c 20 45 23 23 67 75 29 Req64(Cu, E##gu)
0c00: 3b 20 5c 0a 5c 0a 20 20 20 20 58 4f 52 65 71 36 ; \.\. XOReq6
0c10: 34 28 41 23 23 62 65 2c 20 44 65 29 3b 20 5c 0a 4(A##be, De); \.
0c20: 20 20 20 20 42 6b 61 20 3d 20 52 4f 4c 36 34 28 Bka = ROL64(
0c30: 41 23 23 62 65 2c 20 31 29 3b 20 5c 0a 20 20 20 A##be, 1); \.
0c40: 20 58 4f 52 65 71 36 34 28 41 23 23 67 69 2c 20 XOReq64(A##gi,
0c50: 44 69 29 3b 20 5c 0a 20 20 20 20 42 6b 65 20 3d Di); \. Bke =
0c60: 20 52 4f 4c 36 34 28 41 23 23 67 69 2c 20 36 29 ROL64(A##gi, 6)
0c70: 3b 20 5c 0a 20 20 20 20 58 4f 52 65 71 36 34 28 ; \. XOReq64(
0c80: 41 23 23 6b 6f 2c 20 44 6f 29 3b 20 5c 0a 20 20 A##ko, Do); \.
0c90: 20 20 42 6b 69 20 3d 20 52 4f 4c 36 34 28 41 23 Bki = ROL64(A#
0ca0: 23 6b 6f 2c 20 32 35 29 3b 20 5c 0a 20 20 20 20 #ko, 25); \.
0cb0: 45 23 23 6b 61 20 3d 20 58 4f 52 36 34 28 42 6b E##ka = XOR64(Bk
0cc0: 61 2c 20 41 4e 44 6e 75 36 34 28 42 6b 65 2c 20 a, ANDnu64(Bke,
0cd0: 42 6b 69 29 29 3b 20 5c 0a 20 20 20 20 58 4f 52 Bki)); \. XOR
0ce0: 65 71 36 34 28 43 61 2c 20 45 23 23 6b 61 29 3b eq64(Ca, E##ka);
0cf0: 20 5c 0a 20 20 20 20 58 4f 52 65 71 36 34 28 41 \. XOReq64(A
0d00: 23 23 6d 75 2c 20 44 75 29 3b 20 5c 0a 20 20 20 ##mu, Du); \.
0d10: 20 42 6b 6f 20 3d 20 52 4f 4c 36 34 28 41 23 23 Bko = ROL64(A##
0d20: 6d 75 2c 20 38 29 3b 20 5c 0a 20 20 20 20 45 23 mu, 8); \. E#
0d30: 23 6b 65 20 3d 20 58 4f 52 36 34 28 42 6b 65 2c #ke = XOR64(Bke,
0d40: 20 41 4e 44 6e 75 36 34 28 42 6b 69 2c 20 42 6b ANDnu64(Bki, Bk
0d50: 6f 29 29 3b 20 5c 0a 20 20 20 20 58 4f 52 65 71 o)); \. XOReq
0d60: 36 34 28 43 65 2c 20 45 23 23 6b 65 29 3b 20 5c 64(Ce, E##ke); \
0d70: 0a 20 20 20 20 58 4f 52 65 71 36 34 28 41 23 23 . XOReq64(A##
0d80: 73 61 2c 20 44 61 29 3b 20 5c 0a 20 20 20 20 42 sa, Da); \. B
0d90: 6b 75 20 3d 20 52 4f 4c 36 34 28 41 23 23 73 61 ku = ROL64(A##sa
0da0: 2c 20 31 38 29 3b 20 5c 0a 20 20 20 20 45 23 23 , 18); \. E##
0db0: 6b 69 20 3d 20 58 4f 52 36 34 28 42 6b 69 2c 20 ki = XOR64(Bki,
0dc0: 41 4e 44 6e 75 36 34 28 42 6b 6f 2c 20 42 6b 75 ANDnu64(Bko, Bku
0dd0: 29 29 3b 20 5c 0a 20 20 20 20 58 4f 52 65 71 36 )); \. XOReq6
0de0: 34 28 43 69 2c 20 45 23 23 6b 69 29 3b 20 5c 0a 4(Ci, E##ki); \.
0df0: 20 20 20 20 45 23 23 6b 6f 20 3d 20 58 4f 52 36 E##ko = XOR6
0e00: 34 28 42 6b 6f 2c 20 41 4e 44 6e 75 36 34 28 42 4(Bko, ANDnu64(B
0e10: 6b 75 2c 20 42 6b 61 29 29 3b 20 5c 0a 20 20 20 ku, Bka)); \.
0e20: 20 58 4f 52 65 71 36 34 28 43 6f 2c 20 45 23 23 XOReq64(Co, E##
0e30: 6b 6f 29 3b 20 5c 0a 20 20 20 20 45 23 23 6b 75 ko); \. E##ku
0e40: 20 3d 20 58 4f 52 36 34 28 42 6b 75 2c 20 41 4e = XOR64(Bku, AN
0e50: 44 6e 75 36 34 28 42 6b 61 2c 20 42 6b 65 29 29 Dnu64(Bka, Bke))
0e60: 3b 20 5c 0a 20 20 20 20 58 4f 52 65 71 36 34 28 ; \. XOReq64(
0e70: 43 75 2c 20 45 23 23 6b 75 29 3b 20 5c 0a 5c 0a Cu, E##ku); \.\.
0e80: 20 20 20 20 58 4f 52 65 71 36 34 28 41 23 23 62 XOReq64(A##b
0e90: 75 2c 20 44 75 29 3b 20 5c 0a 20 20 20 20 42 6d u, Du); \. Bm
0ea0: 61 20 3d 20 52 4f 4c 36 34 28 41 23 23 62 75 2c a = ROL64(A##bu,
0eb0: 20 32 37 29 3b 20 5c 0a 20 20 20 20 58 4f 52 65 27); \. XORe
0ec0: 71 36 34 28 41 23 23 67 61 2c 20 44 61 29 3b 20 q64(A##ga, Da);
0ed0: 5c 0a 20 20 20 20 42 6d 65 20 3d 20 52 4f 4c 36 \. Bme = ROL6
0ee0: 34 28 41 23 23 67 61 2c 20 33 36 29 3b 20 5c 0a 4(A##ga, 36); \.
0ef0: 20 20 20 20 58 4f 52 65 71 36 34 28 41 23 23 6b XOReq64(A##k
0f00: 65 2c 20 44 65 29 3b 20 5c 0a 20 20 20 20 42 6d e, De); \. Bm
0f10: 69 20 3d 20 52 4f 4c 36 34 28 41 23 23 6b 65 2c i = ROL64(A##ke,
0f20: 20 31 30 29 3b 20 5c 0a 20 20 20 20 45 23 23 6d 10); \. E##m
0f30: 61 20 3d 20 58 4f 52 36 34 28 42 6d 61 2c 20 41 a = XOR64(Bma, A
0f40: 4e 44 6e 75 36 34 28 42 6d 65 2c 20 42 6d 69 29 NDnu64(Bme, Bmi)
0f50: 29 3b 20 5c 0a 20 20 20 20 58 4f 52 65 71 36 34 ); \. XOReq64
0f60: 28 43 61 2c 20 45 23 23 6d 61 29 3b 20 5c 0a 20 (Ca, E##ma); \.
0f70: 20 20 20 58 4f 52 65 71 36 34 28 41 23 23 6d 69 XOReq64(A##mi
0f80: 2c 20 44 69 29 3b 20 5c 0a 20 20 20 20 42 6d 6f , Di); \. Bmo
0f90: 20 3d 20 52 4f 4c 36 34 28 41 23 23 6d 69 2c 20 = ROL64(A##mi,
0fa0: 31 35 29 3b 20 5c 0a 20 20 20 20 45 23 23 6d 65 15); \. E##me
0fb0: 20 3d 20 58 4f 52 36 34 28 42 6d 65 2c 20 41 4e = XOR64(Bme, AN
0fc0: 44 6e 75 36 34 28 42 6d 69 2c 20 42 6d 6f 29 29 Dnu64(Bmi, Bmo))
0fd0: 3b 20 5c 0a 20 20 20 20 58 4f 52 65 71 36 34 28 ; \. XOReq64(
0fe0: 43 65 2c 20 45 23 23 6d 65 29 3b 20 5c 0a 20 20 Ce, E##me); \.
0ff0: 20 20 58 4f 52 65 71 36 34 28 41 23 23 73 6f 2c XOReq64(A##so,
1000: 20 44 6f 29 3b 20 5c 0a 20 20 20 20 42 6d 75 20 Do); \. Bmu
1010: 3d 20 52 4f 4c 36 34 28 41 23 23 73 6f 2c 20 35 = ROL64(A##so, 5
1020: 36 29 3b 20 5c 0a 20 20 20 20 45 23 23 6d 69 20 6); \. E##mi
1030: 3d 20 58 4f 52 36 34 28 42 6d 69 2c 20 41 4e 44 = XOR64(Bmi, AND
1040: 6e 75 36 34 28 42 6d 6f 2c 20 42 6d 75 29 29 3b nu64(Bmo, Bmu));
1050: 20 5c 0a 20 20 20 20 58 4f 52 65 71 36 34 28 43 \. XOReq64(C
1060: 69 2c 20 45 23 23 6d 69 29 3b 20 5c 0a 20 20 20 i, E##mi); \.
1070: 20 45 23 23 6d 6f 20 3d 20 58 4f 52 36 34 28 42 E##mo = XOR64(B
1080: 6d 6f 2c 20 41 4e 44 6e 75 36 34 28 42 6d 75 2c mo, ANDnu64(Bmu,
1090: 20 42 6d 61 29 29 3b 20 5c 0a 20 20 20 20 58 4f Bma)); \. XO
10a0: 52 65 71 36 34 28 43 6f 2c 20 45 23 23 6d 6f 29 Req64(Co, E##mo)
10b0: 3b 20 5c 0a 20 20 20 20 45 23 23 6d 75 20 3d 20 ; \. E##mu =
10c0: 58 4f 52 36 34 28 42 6d 75 2c 20 41 4e 44 6e 75 XOR64(Bmu, ANDnu
10d0: 36 34 28 42 6d 61 2c 20 42 6d 65 29 29 3b 20 5c 64(Bma, Bme)); \
10e0: 0a 20 20 20 20 58 4f 52 65 71 36 34 28 43 75 2c . XOReq64(Cu,
10f0: 20 45 23 23 6d 75 29 3b 20 5c 0a 5c 0a 20 20 20 E##mu); \.\.
1100: 20 58 4f 52 65 71 36 34 28 41 23 23 62 69 2c 20 XOReq64(A##bi,
1110: 44 69 29 3b 20 5c 0a 20 20 20 20 42 73 61 20 3d Di); \. Bsa =
1120: 20 52 4f 4c 36 34 28 41 23 23 62 69 2c 20 36 32 ROL64(A##bi, 62
1130: 29 3b 20 5c 0a 20 20 20 20 58 4f 52 65 71 36 34 ); \. XOReq64
1140: 28 41 23 23 67 6f 2c 20 44 6f 29 3b 20 5c 0a 20 (A##go, Do); \.
1150: 20 20 20 42 73 65 20 3d 20 52 4f 4c 36 34 28 41 Bse = ROL64(A
1160: 23 23 67 6f 2c 20 35 35 29 3b 20 5c 0a 20 20 20 ##go, 55); \.
1170: 20 58 4f 52 65 71 36 34 28 41 23 23 6b 75 2c 20 XOReq64(A##ku,
1180: 44 75 29 3b 20 5c 0a 20 20 20 20 42 73 69 20 3d Du); \. Bsi =
1190: 20 52 4f 4c 36 34 28 41 23 23 6b 75 2c 20 33 39 ROL64(A##ku, 39
11a0: 29 3b 20 5c 0a 20 20 20 20 45 23 23 73 61 20 3d ); \. E##sa =
11b0: 20 58 4f 52 36 34 28 42 73 61 2c 20 41 4e 44 6e XOR64(Bsa, ANDn
11c0: 75 36 34 28 42 73 65 2c 20 42 73 69 29 29 3b 20 u64(Bse, Bsi));
11d0: 5c 0a 20 20 20 20 58 4f 52 65 71 36 34 28 43 61 \. XOReq64(Ca
11e0: 2c 20 45 23 23 73 61 29 3b 20 5c 0a 20 20 20 20 , E##sa); \.
11f0: 58 4f 52 65 71 36 34 28 41 23 23 6d 61 2c 20 44 XOReq64(A##ma, D
1200: 61 29 3b 20 5c 0a 20 20 20 20 42 73 6f 20 3d 20 a); \. Bso =
1210: 52 4f 4c 36 34 28 41 23 23 6d 61 2c 20 34 31 29 ROL64(A##ma, 41)
1220: 3b 20 5c 0a 20 20 20 20 45 23 23 73 65 20 3d 20 ; \. E##se =
1230: 58 4f 52 36 34 28 42 73 65 2c 20 41 4e 44 6e 75 XOR64(Bse, ANDnu
1240: 36 34 28 42 73 69 2c 20 42 73 6f 29 29 3b 20 5c 64(Bsi, Bso)); \
1250: 0a 20 20 20 20 58 4f 52 65 71 36 34 28 43 65 2c . XOReq64(Ce,
1260: 20 45 23 23 73 65 29 3b 20 5c 0a 20 20 20 20 58 E##se); \. X
1270: 4f 52 65 71 36 34 28 41 23 23 73 65 2c 20 44 65 OReq64(A##se, De
1280: 29 3b 20 5c 0a 20 20 20 20 42 73 75 20 3d 20 52 ); \. Bsu = R
1290: 4f 4c 36 34 28 41 23 23 73 65 2c 20 32 29 3b 20 OL64(A##se, 2);
12a0: 5c 0a 20 20 20 20 45 23 23 73 69 20 3d 20 58 4f \. E##si = XO
12b0: 52 36 34 28 42 73 69 2c 20 41 4e 44 6e 75 36 34 R64(Bsi, ANDnu64
12c0: 28 42 73 6f 2c 20 42 73 75 29 29 3b 20 5c 0a 20 (Bso, Bsu)); \.
12d0: 20 20 20 58 4f 52 65 71 36 34 28 43 69 2c 20 45 XOReq64(Ci, E
12e0: 23 23 73 69 29 3b 20 5c 0a 20 20 20 20 45 23 23 ##si); \. E##
12f0: 73 6f 20 3d 20 58 4f 52 36 34 28 42 73 6f 2c 20 so = XOR64(Bso,
1300: 41 4e 44 6e 75 36 34 28 42 73 75 2c 20 42 73 61 ANDnu64(Bsu, Bsa
1310: 29 29 3b 20 5c 0a 20 20 20 20 58 4f 52 65 71 36 )); \. XOReq6
1320: 34 28 43 6f 2c 20 45 23 23 73 6f 29 3b 20 5c 0a 4(Co, E##so); \.
1330: 20 20 20 20 45 23 23 73 75 20 3d 20 58 4f 52 36 E##su = XOR6
1340: 34 28 42 73 75 2c 20 41 4e 44 6e 75 36 34 28 42 4(Bsu, ANDnu64(B
1350: 73 61 2c 20 42 73 65 29 29 3b 20 5c 0a 20 20 20 sa, Bse)); \.
1360: 20 58 4f 52 65 71 36 34 28 43 75 2c 20 45 23 23 XOReq64(Cu, E##
1370: 73 75 29 3b 20 5c 0a 5c 0a 0a 2f 2f 20 2d 2d 2d su); \.\..// ---
1380: 20 43 6f 64 65 20 66 6f 72 20 72 6f 75 6e 64 0a Code for round.
1390: 2f 2f 20 2d 2d 2d 20 36 34 2d 62 69 74 20 6c 61 // --- 64-bit la
13a0: 6e 65 73 20 6d 61 70 70 65 64 20 74 6f 20 36 34 nes mapped to 64
13b0: 2d 62 69 74 20 77 6f 72 64 73 0a 23 64 65 66 69 -bit words.#defi
13c0: 6e 65 20 74 68 65 74 61 52 68 6f 50 69 43 68 69 ne thetaRhoPiChi
13d0: 49 6f 74 61 28 69 2c 20 41 2c 20 45 29 20 5c 0a Iota(i, A, E) \.
13e0: 20 20 20 20 44 61 20 3d 20 58 4f 52 36 34 28 43 Da = XOR64(C
13f0: 75 2c 20 52 4f 4c 36 34 28 43 65 2c 20 31 29 29 u, ROL64(Ce, 1))
1400: 3b 20 5c 0a 20 20 20 20 44 65 20 3d 20 58 4f 52 ; \. De = XOR
1410: 36 34 28 43 61 2c 20 52 4f 4c 36 34 28 43 69 2c 64(Ca, ROL64(Ci,
1420: 20 31 29 29 3b 20 5c 0a 20 20 20 20 44 69 20 3d 1)); \. Di =
1430: 20 58 4f 52 36 34 28 43 65 2c 20 52 4f 4c 36 34 XOR64(Ce, ROL64
1440: 28 43 6f 2c 20 31 29 29 3b 20 5c 0a 20 20 20 20 (Co, 1)); \.
1450: 44 6f 20 3d 20 58 4f 52 36 34 28 43 69 2c 20 52 Do = XOR64(Ci, R
1460: 4f 4c 36 34 28 43 75 2c 20 31 29 29 3b 20 5c 0a OL64(Cu, 1)); \.
1470: 20 20 20 20 44 75 20 3d 20 58 4f 52 36 34 28 43 Du = XOR64(C
1480: 6f 2c 20 52 4f 4c 36 34 28 43 61 2c 20 31 29 29 o, ROL64(Ca, 1))
1490: 3b 20 5c 0a 5c 0a 20 20 20 20 58 4f 52 65 71 36 ; \.\. XOReq6
14a0: 34 28 41 23 23 62 61 2c 20 44 61 29 3b 20 5c 0a 4(A##ba, Da); \.
14b0: 20 20 20 20 42 62 61 20 3d 20 41 23 23 62 61 3b Bba = A##ba;
14c0: 20 5c 0a 20 20 20 20 58 4f 52 65 71 36 34 28 41 \. XOReq64(A
14d0: 23 23 67 65 2c 20 44 65 29 3b 20 5c 0a 20 20 20 ##ge, De); \.
14e0: 20 42 62 65 20 3d 20 52 4f 4c 36 34 28 41 23 23 Bbe = ROL64(A##
14f0: 67 65 2c 20 34 34 29 3b 20 5c 0a 20 20 20 20 58 ge, 44); \. X
1500: 4f 52 65 71 36 34 28 41 23 23 6b 69 2c 20 44 69 OReq64(A##ki, Di
1510: 29 3b 20 5c 0a 20 20 20 20 42 62 69 20 3d 20 52 ); \. Bbi = R
1520: 4f 4c 36 34 28 41 23 23 6b 69 2c 20 34 33 29 3b OL64(A##ki, 43);
1530: 20 5c 0a 20 20 20 20 45 23 23 62 61 20 3d 20 58 \. E##ba = X
1540: 4f 52 36 34 28 42 62 61 2c 20 41 4e 44 6e 75 36 OR64(Bba, ANDnu6
1550: 34 28 42 62 65 2c 20 42 62 69 29 29 3b 20 5c 0a 4(Bbe, Bbi)); \.
1560: 20 20 20 20 58 4f 52 65 71 36 34 28 45 23 23 62 XOReq64(E##b
1570: 61 2c 20 43 4f 4e 53 54 36 34 28 4b 65 63 63 61 a, CONST64(Kecca
1580: 6b 46 31 36 30 30 52 6f 75 6e 64 43 6f 6e 73 74 kF1600RoundConst
1590: 61 6e 74 73 5b 69 5d 29 29 3b 20 5c 0a 20 20 20 ants[i])); \.
15a0: 20 58 4f 52 65 71 36 34 28 41 23 23 6d 6f 2c 20 XOReq64(A##mo,
15b0: 44 6f 29 3b 20 5c 0a 20 20 20 20 42 62 6f 20 3d Do); \. Bbo =
15c0: 20 52 4f 4c 36 34 28 41 23 23 6d 6f 2c 20 32 31 ROL64(A##mo, 21
15d0: 29 3b 20 5c 0a 20 20 20 20 45 23 23 62 65 20 3d ); \. E##be =
15e0: 20 58 4f 52 36 34 28 42 62 65 2c 20 41 4e 44 6e XOR64(Bbe, ANDn
15f0: 75 36 34 28 42 62 69 2c 20 42 62 6f 29 29 3b 20 u64(Bbi, Bbo));
1600: 5c 0a 20 20 20 20 58 4f 52 65 71 36 34 28 41 23 \. XOReq64(A#
1610: 23 73 75 2c 20 44 75 29 3b 20 5c 0a 20 20 20 20 #su, Du); \.
1620: 42 62 75 20 3d 20 52 4f 4c 36 34 28 41 23 23 73 Bbu = ROL64(A##s
1630: 75 2c 20 31 34 29 3b 20 5c 0a 20 20 20 20 45 23 u, 14); \. E#
1640: 23 62 69 20 3d 20 58 4f 52 36 34 28 42 62 69 2c #bi = XOR64(Bbi,
1650: 20 41 4e 44 6e 75 36 34 28 42 62 6f 2c 20 42 62 ANDnu64(Bbo, Bb
1660: 75 29 29 3b 20 5c 0a 20 20 20 20 45 23 23 62 6f u)); \. E##bo
1670: 20 3d 20 58 4f 52 36 34 28 42 62 6f 2c 20 41 4e = XOR64(Bbo, AN
1680: 44 6e 75 36 34 28 42 62 75 2c 20 42 62 61 29 29 Dnu64(Bbu, Bba))
1690: 3b 20 5c 0a 20 20 20 20 45 23 23 62 75 20 3d 20 ; \. E##bu =
16a0: 58 4f 52 36 34 28 42 62 75 2c 20 41 4e 44 6e 75 XOR64(Bbu, ANDnu
16b0: 36 34 28 42 62 61 2c 20 42 62 65 29 29 3b 20 5c 64(Bba, Bbe)); \
16c0: 0a 5c 0a 20 20 20 20 58 4f 52 65 71 36 34 28 41 .\. XOReq64(A
16d0: 23 23 62 6f 2c 20 44 6f 29 3b 20 5c 0a 20 20 20 ##bo, Do); \.
16e0: 20 42 67 61 20 3d 20 52 4f 4c 36 34 28 41 23 23 Bga = ROL64(A##
16f0: 62 6f 2c 20 32 38 29 3b 20 5c 0a 20 20 20 20 58 bo, 28); \. X
1700: 4f 52 65 71 36 34 28 41 23 23 67 75 2c 20 44 75 OReq64(A##gu, Du
1710: 29 3b 20 5c 0a 20 20 20 20 42 67 65 20 3d 20 52 ); \. Bge = R
1720: 4f 4c 36 34 28 41 23 23 67 75 2c 20 32 30 29 3b OL64(A##gu, 20);
1730: 20 5c 0a 20 20 20 20 58 4f 52 65 71 36 34 28 41 \. XOReq64(A
1740: 23 23 6b 61 2c 20 44 61 29 3b 20 5c 0a 20 20 20 ##ka, Da); \.
1750: 20 42 67 69 20 3d 20 52 4f 4c 36 34 28 41 23 23 Bgi = ROL64(A##
1760: 6b 61 2c 20 33 29 3b 20 5c 0a 20 20 20 20 45 23 ka, 3); \. E#
1770: 23 67 61 20 3d 20 58 4f 52 36 34 28 42 67 61 2c #ga = XOR64(Bga,
1780: 20 41 4e 44 6e 75 36 34 28 42 67 65 2c 20 42 67 ANDnu64(Bge, Bg
1790: 69 29 29 3b 20 5c 0a 20 20 20 20 58 4f 52 65 71 i)); \. XOReq
17a0: 36 34 28 41 23 23 6d 65 2c 20 44 65 29 3b 20 5c 64(A##me, De); \
17b0: 0a 20 20 20 20 42 67 6f 20 3d 20 52 4f 4c 36 34 . Bgo = ROL64
17c0: 28 41 23 23 6d 65 2c 20 34 35 29 3b 20 5c 0a 20 (A##me, 45); \.
17d0: 20 20 20 45 23 23 67 65 20 3d 20 58 4f 52 36 34 E##ge = XOR64
17e0: 28 42 67 65 2c 20 41 4e 44 6e 75 36 34 28 42 67 (Bge, ANDnu64(Bg
17f0: 69 2c 20 42 67 6f 29 29 3b 20 5c 0a 20 20 20 20 i, Bgo)); \.
1800: 58 4f 52 65 71 36 34 28 41 23 23 73 69 2c 20 44 XOReq64(A##si, D
1810: 69 29 3b 20 5c 0a 20 20 20 20 42 67 75 20 3d 20 i); \. Bgu =
1820: 52 4f 4c 36 34 28 41 23 23 73 69 2c 20 36 31 29 ROL64(A##si, 61)
1830: 3b 20 5c 0a 20 20 20 20 45 23 23 67 69 20 3d 20 ; \. E##gi =
1840: 58 4f 52 36 34 28 42 67 69 2c 20 41 4e 44 6e 75 XOR64(Bgi, ANDnu
1850: 36 34 28 42 67 6f 2c 20 42 67 75 29 29 3b 20 5c 64(Bgo, Bgu)); \
1860: 0a 20 20 20 20 45 23 23 67 6f 20 3d 20 58 4f 52 . E##go = XOR
1870: 36 34 28 42 67 6f 2c 20 41 4e 44 6e 75 36 34 28 64(Bgo, ANDnu64(
1880: 42 67 75 2c 20 42 67 61 29 29 3b 20 5c 0a 20 20 Bgu, Bga)); \.
1890: 20 20 45 23 23 67 75 20 3d 20 58 4f 52 36 34 28 E##gu = XOR64(
18a0: 42 67 75 2c 20 41 4e 44 6e 75 36 34 28 42 67 61 Bgu, ANDnu64(Bga
18b0: 2c 20 42 67 65 29 29 3b 20 5c 0a 5c 0a 20 20 20 , Bge)); \.\.
18c0: 20 58 4f 52 65 71 36 34 28 41 23 23 62 65 2c 20 XOReq64(A##be,
18d0: 44 65 29 3b 20 5c 0a 20 20 20 20 42 6b 61 20 3d De); \. Bka =
18e0: 20 52 4f 4c 36 34 28 41 23 23 62 65 2c 20 31 29 ROL64(A##be, 1)
18f0: 3b 20 5c 0a 20 20 20 20 58 4f 52 65 71 36 34 28 ; \. XOReq64(
1900: 41 23 23 67 69 2c 20 44 69 29 3b 20 5c 0a 20 20 A##gi, Di); \.
1910: 20 20 42 6b 65 20 3d 20 52 4f 4c 36 34 28 41 23 Bke = ROL64(A#
1920: 23 67 69 2c 20 36 29 3b 20 5c 0a 20 20 20 20 58 #gi, 6); \. X
1930: 4f 52 65 71 36 34 28 41 23 23 6b 6f 2c 20 44 6f OReq64(A##ko, Do
1940: 29 3b 20 5c 0a 20 20 20 20 42 6b 69 20 3d 20 52 ); \. Bki = R
1950: 4f 4c 36 34 28 41 23 23 6b 6f 2c 20 32 35 29 3b OL64(A##ko, 25);
1960: 20 5c 0a 20 20 20 20 45 23 23 6b 61 20 3d 20 58 \. E##ka = X
1970: 4f 52 36 34 28 42 6b 61 2c 20 41 4e 44 6e 75 36 OR64(Bka, ANDnu6
1980: 34 28 42 6b 65 2c 20 42 6b 69 29 29 3b 20 5c 0a 4(Bke, Bki)); \.
1990: 20 20 20 20 58 4f 52 65 71 36 34 28 41 23 23 6d XOReq64(A##m
19a0: 75 2c 20 44 75 29 3b 20 5c 0a 20 20 20 20 42 6b u, Du); \. Bk
19b0: 6f 20 3d 20 52 4f 4c 36 34 28 41 23 23 6d 75 2c o = ROL64(A##mu,
19c0: 20 38 29 3b 20 5c 0a 20 20 20 20 45 23 23 6b 65 8); \. E##ke
19d0: 20 3d 20 58 4f 52 36 34 28 42 6b 65 2c 20 41 4e = XOR64(Bke, AN
19e0: 44 6e 75 36 34 28 42 6b 69 2c 20 42 6b 6f 29 29 Dnu64(Bki, Bko))
19f0: 3b 20 5c 0a 20 20 20 20 58 4f 52 65 71 36 34 28 ; \. XOReq64(
1a00: 41 23 23 73 61 2c 20 44 61 29 3b 20 5c 0a 20 20 A##sa, Da); \.
1a10: 20 20 42 6b 75 20 3d 20 52 4f 4c 36 34 28 41 23 Bku = ROL64(A#
1a20: 23 73 61 2c 20 31 38 29 3b 20 5c 0a 20 20 20 20 #sa, 18); \.
1a30: 45 23 23 6b 69 20 3d 20 58 4f 52 36 34 28 42 6b E##ki = XOR64(Bk
1a40: 69 2c 20 41 4e 44 6e 75 36 34 28 42 6b 6f 2c 20 i, ANDnu64(Bko,
1a50: 42 6b 75 29 29 3b 20 5c 0a 20 20 20 20 45 23 23 Bku)); \. E##
1a60: 6b 6f 20 3d 20 58 4f 52 36 34 28 42 6b 6f 2c 20 ko = XOR64(Bko,
1a70: 41 4e 44 6e 75 36 34 28 42 6b 75 2c 20 42 6b 61 ANDnu64(Bku, Bka
1a80: 29 29 3b 20 5c 0a 20 20 20 20 45 23 23 6b 75 20 )); \. E##ku
1a90: 3d 20 58 4f 52 36 34 28 42 6b 75 2c 20 41 4e 44 = XOR64(Bku, AND
1aa0: 6e 75 36 34 28 42 6b 61 2c 20 42 6b 65 29 29 3b nu64(Bka, Bke));
1ab0: 20 5c 0a 5c 0a 20 20 20 20 58 4f 52 65 71 36 34 \.\. XOReq64
1ac0: 28 41 23 23 62 75 2c 20 44 75 29 3b 20 5c 0a 20 (A##bu, Du); \.
1ad0: 20 20 20 42 6d 61 20 3d 20 52 4f 4c 36 34 28 41 Bma = ROL64(A
1ae0: 23 23 62 75 2c 20 32 37 29 3b 20 5c 0a 20 20 20 ##bu, 27); \.
1af0: 20 58 4f 52 65 71 36 34 28 41 23 23 67 61 2c 20 XOReq64(A##ga,
1b00: 44 61 29 3b 20 5c 0a 20 20 20 20 42 6d 65 20 3d Da); \. Bme =
1b10: 20 52 4f 4c 36 34 28 41 23 23 67 61 2c 20 33 36 ROL64(A##ga, 36
1b20: 29 3b 20 5c 0a 20 20 20 20 58 4f 52 65 71 36 34 ); \. XOReq64
1b30: 28 41 23 23 6b 65 2c 20 44 65 29 3b 20 5c 0a 20 (A##ke, De); \.
1b40: 20 20 20 42 6d 69 20 3d 20 52 4f 4c 36 34 28 41 Bmi = ROL64(A
1b50: 23 23 6b 65 2c 20 31 30 29 3b 20 5c 0a 20 20 20 ##ke, 10); \.
1b60: 20 45 23 23 6d 61 20 3d 20 58 4f 52 36 34 28 42 E##ma = XOR64(B
1b70: 6d 61 2c 20 41 4e 44 6e 75 36 34 28 42 6d 65 2c ma, ANDnu64(Bme,
1b80: 20 42 6d 69 29 29 3b 20 5c 0a 20 20 20 20 58 4f Bmi)); \. XO
1b90: 52 65 71 36 34 28 41 23 23 6d 69 2c 20 44 69 29 Req64(A##mi, Di)
1ba0: 3b 20 5c 0a 20 20 20 20 42 6d 6f 20 3d 20 52 4f ; \. Bmo = RO
1bb0: 4c 36 34 28 41 23 23 6d 69 2c 20 31 35 29 3b 20 L64(A##mi, 15);
1bc0: 5c 0a 20 20 20 20 45 23 23 6d 65 20 3d 20 58 4f \. E##me = XO
1bd0: 52 36 34 28 42 6d 65 2c 20 41 4e 44 6e 75 36 34 R64(Bme, ANDnu64
1be0: 28 42 6d 69 2c 20 42 6d 6f 29 29 3b 20 5c 0a 20 (Bmi, Bmo)); \.
1bf0: 20 20 20 58 4f 52 65 71 36 34 28 41 23 23 73 6f XOReq64(A##so
1c00: 2c 20 44 6f 29 3b 20 5c 0a 20 20 20 20 42 6d 75 , Do); \. Bmu
1c10: 20 3d 20 52 4f 4c 36 34 28 41 23 23 73 6f 2c 20 = ROL64(A##so,
1c20: 35 36 29 3b 20 5c 0a 20 20 20 20 45 23 23 6d 69 56); \. E##mi
1c30: 20 3d 20 58 4f 52 36 34 28 42 6d 69 2c 20 41 4e = XOR64(Bmi, AN
1c40: 44 6e 75 36 34 28 42 6d 6f 2c 20 42 6d 75 29 29 Dnu64(Bmo, Bmu))
1c50: 3b 20 5c 0a 20 20 20 20 45 23 23 6d 6f 20 3d 20 ; \. E##mo =
1c60: 58 4f 52 36 34 28 42 6d 6f 2c 20 41 4e 44 6e 75 XOR64(Bmo, ANDnu
1c70: 36 34 28 42 6d 75 2c 20 42 6d 61 29 29 3b 20 5c 64(Bmu, Bma)); \
1c80: 0a 20 20 20 20 45 23 23 6d 75 20 3d 20 58 4f 52 . E##mu = XOR
1c90: 36 34 28 42 6d 75 2c 20 41 4e 44 6e 75 36 34 28 64(Bmu, ANDnu64(
1ca0: 42 6d 61 2c 20 42 6d 65 29 29 3b 20 5c 0a 5c 0a Bma, Bme)); \.\.
1cb0: 20 20 20 20 58 4f 52 65 71 36 34 28 41 23 23 62 XOReq64(A##b
1cc0: 69 2c 20 44 69 29 3b 20 5c 0a 20 20 20 20 42 73 i, Di); \. Bs
1cd0: 61 20 3d 20 52 4f 4c 36 34 28 41 23 23 62 69 2c a = ROL64(A##bi,
1ce0: 20 36 32 29 3b 20 5c 0a 20 20 20 20 58 4f 52 65 62); \. XORe
1cf0: 71 36 34 28 41 23 23 67 6f 2c 20 44 6f 29 3b 20 q64(A##go, Do);
1d00: 5c 0a 20 20 20 20 42 73 65 20 3d 20 52 4f 4c 36 \. Bse = ROL6
1d10: 34 28 41 23 23 67 6f 2c 20 35 35 29 3b 20 5c 0a 4(A##go, 55); \.
1d20: 20 20 20 20 58 4f 52 65 71 36 34 28 41 23 23 6b XOReq64(A##k
1d30: 75 2c 20 44 75 29 3b 20 5c 0a 20 20 20 20 42 73 u, Du); \. Bs
1d40: 69 20 3d 20 52 4f 4c 36 34 28 41 23 23 6b 75 2c i = ROL64(A##ku,
1d50: 20 33 39 29 3b 20 5c 0a 20 20 20 20 45 23 23 73 39); \. E##s
1d60: 61 20 3d 20 58 4f 52 36 34 28 42 73 61 2c 20 41 a = XOR64(Bsa, A
1d70: 4e 44 6e 75 36 34 28 42 73 65 2c 20 42 73 69 29 NDnu64(Bse, Bsi)
1d80: 29 3b 20 5c 0a 20 20 20 20 58 4f 52 65 71 36 34 ); \. XOReq64
1d90: 28 41 23 23 6d 61 2c 20 44 61 29 3b 20 5c 0a 20 (A##ma, Da); \.
1da0: 20 20 20 42 73 6f 20 3d 20 52 4f 4c 36 34 28 41 Bso = ROL64(A
1db0: 23 23 6d 61 2c 20 34 31 29 3b 20 5c 0a 20 20 20 ##ma, 41); \.
1dc0: 20 45 23 23 73 65 20 3d 20 58 4f 52 36 34 28 42 E##se = XOR64(B
1dd0: 73 65 2c 20 41 4e 44 6e 75 36 34 28 42 73 69 2c se, ANDnu64(Bsi,
1de0: 20 42 73 6f 29 29 3b 20 5c 0a 20 20 20 20 58 4f Bso)); \. XO
1df0: 52 65 71 36 34 28 41 23 23 73 65 2c 20 44 65 29 Req64(A##se, De)
1e00: 3b 20 5c 0a 20 20 20 20 42 73 75 20 3d 20 52 4f ; \. Bsu = RO
1e10: 4c 36 34 28 41 23 23 73 65 2c 20 32 29 3b 20 5c L64(A##se, 2); \
1e20: 0a 20 20 20 20 45 23 23 73 69 20 3d 20 58 4f 52 . E##si = XOR
1e30: 36 34 28 42 73 69 2c 20 41 4e 44 6e 75 36 34 28 64(Bsi, ANDnu64(
1e40: 42 73 6f 2c 20 42 73 75 29 29 3b 20 5c 0a 20 20 Bso, Bsu)); \.
1e50: 20 20 45 23 23 73 6f 20 3d 20 58 4f 52 36 34 28 E##so = XOR64(
1e60: 42 73 6f 2c 20 41 4e 44 6e 75 36 34 28 42 73 75 Bso, ANDnu64(Bsu
1e70: 2c 20 42 73 61 29 29 3b 20 5c 0a 20 20 20 20 45 , Bsa)); \. E
1e80: 23 23 73 75 20 3d 20 58 4f 52 36 34 28 42 73 75 ##su = XOR64(Bsu
1e90: 2c 20 41 4e 44 6e 75 36 34 28 42 73 61 2c 20 42 , ANDnu64(Bsa, B
1ea0: 73 65 29 29 3b 20 5c 0a 5c 0a 0a 63 6f 6e 73 74 se)); \.\..const
1eb0: 20 55 49 4e 54 36 34 20 4b 65 63 63 61 6b 46 31 UINT64 KeccakF1
1ec0: 36 30 30 52 6f 75 6e 64 43 6f 6e 73 74 61 6e 74 600RoundConstant
1ed0: 73 5b 32 34 5d 20 3d 20 7b 0a 20 20 20 20 30 78 s[24] = {. 0x
1ee0: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 0000000000000001
1ef0: 55 4c 4c 2c 0a 20 20 20 20 30 78 30 30 30 30 30 ULL,. 0x00000
1f00: 30 30 30 30 30 30 30 38 30 38 32 55 4c 4c 2c 0a 00000008082ULL,.
1f10: 20 20 20 20 30 78 38 30 30 30 30 30 30 30 30 30 0x8000000000
1f20: 30 30 38 30 38 61 55 4c 4c 2c 0a 20 20 20 20 30 00808aULL,. 0
1f30: 78 38 30 30 30 30 30 30 30 38 30 30 30 38 30 30 x800000008000800
1f40: 30 55 4c 4c 2c 0a 20 20 20 20 30 78 30 30 30 30 0ULL,. 0x0000
1f50: 30 30 30 30 30 30 30 30 38 30 38 62 55 4c 4c 2c 00000000808bULL,
1f60: 0a 20 20 20 20 30 78 30 30 30 30 30 30 30 30 38 . 0x000000008
1f70: 30 30 30 30 30 30 31 55 4c 4c 2c 0a 20 20 20 20 0000001ULL,.
1f80: 30 78 38 30 30 30 30 30 30 30 38 30 30 30 38 30 0x80000000800080
1f90: 38 31 55 4c 4c 2c 0a 20 20 20 20 30 78 38 30 30 81ULL,. 0x800
1fa0: 30 30 30 30 30 30 30 30 30 38 30 30 39 55 4c 4c 0000000008009ULL
1fb0: 2c 0a 20 20 20 20 30 78 30 30 30 30 30 30 30 30 ,. 0x00000000
1fc0: 30 30 30 30 30 30 38 61 55 4c 4c 2c 0a 20 20 20 0000008aULL,.
1fd0: 20 30 78 30 30 30 30 30 30 30 30 30 30 30 30 30 0x0000000000000
1fe0: 30 38 38 55 4c 4c 2c 0a 20 20 20 20 30 78 30 30 088ULL,. 0x00
1ff0: 30 30 30 30 30 30 38 30 30 30 38 30 30 39 55 4c 00000080008009UL
2000: 4c 2c 0a 20 20 20 20 30 78 30 30 30 30 30 30 30 L,. 0x0000000
2010: 30 38 30 30 30 30 30 30 61 55 4c 4c 2c 0a 20 20 08000000aULL,.
2020: 20 20 30 78 30 30 30 30 30 30 30 30 38 30 30 30 0x000000008000
2030: 38 30 38 62 55 4c 4c 2c 0a 20 20 20 20 30 78 38 808bULL,. 0x8
2040: 30 30 30 30 30 30 30 30 30 30 30 30 30 38 62 55 00000000000008bU
2050: 4c 4c 2c 0a 20 20 20 20 30 78 38 30 30 30 30 30 LL,. 0x800000
2060: 30 30 30 30 30 30 38 30 38 39 55 4c 4c 2c 0a 20 0000008089ULL,.
2070: 20 20 20 30 78 38 30 30 30 30 30 30 30 30 30 30 0x80000000000
2080: 30 38 30 30 33 55 4c 4c 2c 0a 20 20 20 20 30 78 08003ULL,. 0x
2090: 38 30 30 30 30 30 30 30 30 30 30 30 38 30 30 32 8000000000008002
20a0: 55 4c 4c 2c 0a 20 20 20 20 30 78 38 30 30 30 30 ULL,. 0x80000
20b0: 30 30 30 30 30 30 30 30 30 38 30 55 4c 4c 2c 0a 00000000080ULL,.
20c0: 20 20 20 20 30 78 30 30 30 30 30 30 30 30 30 30 0x0000000000
20d0: 30 30 38 30 30 61 55 4c 4c 2c 0a 20 20 20 20 30 00800aULL,. 0
20e0: 78 38 30 30 30 30 30 30 30 38 30 30 30 30 30 30 x800000008000000
20f0: 61 55 4c 4c 2c 0a 20 20 20 20 30 78 38 30 30 30 aULL,. 0x8000
2100: 30 30 30 30 38 30 30 30 38 30 38 31 55 4c 4c 2c 000080008081ULL,
2110: 0a 20 20 20 20 30 78 38 30 30 30 30 30 30 30 30 . 0x800000000
2120: 30 30 30 38 30 38 30 55 4c 4c 2c 0a 20 20 20 20 0008080ULL,.
2130: 30 78 30 30 30 30 30 30 30 30 38 30 30 30 30 30 0x00000000800000
2140: 30 31 55 4c 4c 2c 0a 20 20 20 20 30 78 38 30 30 01ULL,. 0x800
2150: 30 30 30 30 30 38 30 30 30 38 30 30 38 55 4c 4c 0000080008008ULL
2160: 20 7d 3b 0a 0a 23 64 65 66 69 6e 65 20 63 6f 70 };..#define cop
2170: 79 46 72 6f 6d 53 74 61 74 65 41 6e 64 58 6f 72 yFromStateAndXor
2180: 35 37 36 62 69 74 73 28 58 2c 20 73 74 61 74 65 576bits(X, state
2190: 2c 20 69 6e 70 75 74 29 20 5c 0a 20 20 20 20 58 , input) \. X
21a0: 23 23 62 61 20 3d 20 58 4f 52 36 34 28 4c 4f 41 ##ba = XOR64(LOA
21b0: 44 36 34 28 73 74 61 74 65 5b 20 30 5d 29 2c 20 D64(state[ 0]),
21c0: 4c 4f 41 44 36 34 28 69 6e 70 75 74 5b 20 30 5d LOAD64(input[ 0]
21d0: 29 29 3b 20 5c 0a 20 20 20 20 58 23 23 62 65 20 )); \. X##be
21e0: 3d 20 58 4f 52 36 34 28 4c 4f 41 44 36 34 28 73 = XOR64(LOAD64(s
21f0: 74 61 74 65 5b 20 31 5d 29 2c 20 4c 4f 41 44 36 tate[ 1]), LOAD6
2200: 34 28 69 6e 70 75 74 5b 20 31 5d 29 29 3b 20 5c 4(input[ 1])); \
2210: 0a 20 20 20 20 58 23 23 62 69 20 3d 20 58 4f 52 . X##bi = XOR
2220: 36 34 28 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 64(LOAD64(state[
2230: 20 32 5d 29 2c 20 4c 4f 41 44 36 34 28 69 6e 70 2]), LOAD64(inp
2240: 75 74 5b 20 32 5d 29 29 3b 20 5c 0a 20 20 20 20 ut[ 2])); \.
2250: 58 23 23 62 6f 20 3d 20 58 4f 52 36 34 28 4c 4f X##bo = XOR64(LO
2260: 41 44 36 34 28 73 74 61 74 65 5b 20 33 5d 29 2c AD64(state[ 3]),
2270: 20 4c 4f 41 44 36 34 28 69 6e 70 75 74 5b 20 33 LOAD64(input[ 3
2280: 5d 29 29 3b 20 5c 0a 20 20 20 20 58 23 23 62 75 ])); \. X##bu
2290: 20 3d 20 58 4f 52 36 34 28 4c 4f 41 44 36 34 28 = XOR64(LOAD64(
22a0: 73 74 61 74 65 5b 20 34 5d 29 2c 20 4c 4f 41 44 state[ 4]), LOAD
22b0: 36 34 28 69 6e 70 75 74 5b 20 34 5d 29 29 3b 20 64(input[ 4]));
22c0: 5c 0a 20 20 20 20 58 23 23 67 61 20 3d 20 58 4f \. X##ga = XO
22d0: 52 36 34 28 4c 4f 41 44 36 34 28 73 74 61 74 65 R64(LOAD64(state
22e0: 5b 20 35 5d 29 2c 20 4c 4f 41 44 36 34 28 69 6e [ 5]), LOAD64(in
22f0: 70 75 74 5b 20 35 5d 29 29 3b 20 5c 0a 20 20 20 put[ 5])); \.
2300: 20 58 23 23 67 65 20 3d 20 58 4f 52 36 34 28 4c X##ge = XOR64(L
2310: 4f 41 44 36 34 28 73 74 61 74 65 5b 20 36 5d 29 OAD64(state[ 6])
2320: 2c 20 4c 4f 41 44 36 34 28 69 6e 70 75 74 5b 20 , LOAD64(input[
2330: 36 5d 29 29 3b 20 5c 0a 20 20 20 20 58 23 23 67 6])); \. X##g
2340: 69 20 3d 20 58 4f 52 36 34 28 4c 4f 41 44 36 34 i = XOR64(LOAD64
2350: 28 73 74 61 74 65 5b 20 37 5d 29 2c 20 4c 4f 41 (state[ 7]), LOA
2360: 44 36 34 28 69 6e 70 75 74 5b 20 37 5d 29 29 3b D64(input[ 7]));
2370: 20 5c 0a 20 20 20 20 58 23 23 67 6f 20 3d 20 58 \. X##go = X
2380: 4f 52 36 34 28 4c 4f 41 44 36 34 28 73 74 61 74 OR64(LOAD64(stat
2390: 65 5b 20 38 5d 29 2c 20 4c 4f 41 44 36 34 28 69 e[ 8]), LOAD64(i
23a0: 6e 70 75 74 5b 20 38 5d 29 29 3b 20 5c 0a 20 20 nput[ 8])); \.
23b0: 20 20 58 23 23 67 75 20 3d 20 4c 4f 41 44 36 34 X##gu = LOAD64
23c0: 28 73 74 61 74 65 5b 20 39 5d 29 3b 20 5c 0a 20 (state[ 9]); \.
23d0: 20 20 20 58 23 23 6b 61 20 3d 20 4c 4f 41 44 36 X##ka = LOAD6
23e0: 34 28 73 74 61 74 65 5b 31 30 5d 29 3b 20 5c 0a 4(state[10]); \.
23f0: 20 20 20 20 58 23 23 6b 65 20 3d 20 4c 4f 41 44 X##ke = LOAD
2400: 36 34 28 73 74 61 74 65 5b 31 31 5d 29 3b 20 5c 64(state[11]); \
2410: 0a 20 20 20 20 58 23 23 6b 69 20 3d 20 4c 4f 41 . X##ki = LOA
2420: 44 36 34 28 73 74 61 74 65 5b 31 32 5d 29 3b 20 D64(state[12]);
2430: 5c 0a 20 20 20 20 58 23 23 6b 6f 20 3d 20 4c 4f \. X##ko = LO
2440: 41 44 36 34 28 73 74 61 74 65 5b 31 33 5d 29 3b AD64(state[13]);
2450: 20 5c 0a 20 20 20 20 58 23 23 6b 75 20 3d 20 4c \. X##ku = L
2460: 4f 41 44 36 34 28 73 74 61 74 65 5b 31 34 5d 29 OAD64(state[14])
2470: 3b 20 5c 0a 20 20 20 20 58 23 23 6d 61 20 3d 20 ; \. X##ma =
2480: 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 31 35 5d LOAD64(state[15]
2490: 29 3b 20 5c 0a 20 20 20 20 58 23 23 6d 65 20 3d ); \. X##me =
24a0: 20 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 31 36 LOAD64(state[16
24b0: 5d 29 3b 20 5c 0a 20 20 20 20 58 23 23 6d 69 20 ]); \. X##mi
24c0: 3d 20 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 31 = LOAD64(state[1
24d0: 37 5d 29 3b 20 5c 0a 20 20 20 20 58 23 23 6d 6f 7]); \. X##mo
24e0: 20 3d 20 4c 4f 41 44 36 34 28 73 74 61 74 65 5b = LOAD64(state[
24f0: 31 38 5d 29 3b 20 5c 0a 20 20 20 20 58 23 23 6d 18]); \. X##m
2500: 75 20 3d 20 4c 4f 41 44 36 34 28 73 74 61 74 65 u = LOAD64(state
2510: 5b 31 39 5d 29 3b 20 5c 0a 20 20 20 20 58 23 23 [19]); \. X##
2520: 73 61 20 3d 20 4c 4f 41 44 36 34 28 73 74 61 74 sa = LOAD64(stat
2530: 65 5b 32 30 5d 29 3b 20 5c 0a 20 20 20 20 58 23 e[20]); \. X#
2540: 23 73 65 20 3d 20 4c 4f 41 44 36 34 28 73 74 61 #se = LOAD64(sta
2550: 74 65 5b 32 31 5d 29 3b 20 5c 0a 20 20 20 20 58 te[21]); \. X
2560: 23 23 73 69 20 3d 20 4c 4f 41 44 36 34 28 73 74 ##si = LOAD64(st
2570: 61 74 65 5b 32 32 5d 29 3b 20 5c 0a 20 20 20 20 ate[22]); \.
2580: 58 23 23 73 6f 20 3d 20 4c 4f 41 44 36 34 28 73 X##so = LOAD64(s
2590: 74 61 74 65 5b 32 33 5d 29 3b 20 5c 0a 20 20 20 tate[23]); \.
25a0: 20 58 23 23 73 75 20 3d 20 4c 4f 41 44 36 34 28 X##su = LOAD64(
25b0: 73 74 61 74 65 5b 32 34 5d 29 3b 20 5c 0a 0a 23 state[24]); \..#
25c0: 64 65 66 69 6e 65 20 63 6f 70 79 46 72 6f 6d 53 define copyFromS
25d0: 74 61 74 65 41 6e 64 58 6f 72 38 33 32 62 69 74 tateAndXor832bit
25e0: 73 28 58 2c 20 73 74 61 74 65 2c 20 69 6e 70 75 s(X, state, inpu
25f0: 74 29 20 5c 0a 20 20 20 20 58 23 23 62 61 20 3d t) \. X##ba =
2600: 20 58 4f 52 36 34 28 4c 4f 41 44 36 34 28 73 74 XOR64(LOAD64(st
2610: 61 74 65 5b 20 30 5d 29 2c 20 4c 4f 41 44 36 34 ate[ 0]), LOAD64
2620: 28 69 6e 70 75 74 5b 20 30 5d 29 29 3b 20 5c 0a (input[ 0])); \.
2630: 20 20 20 20 58 23 23 62 65 20 3d 20 58 4f 52 36 X##be = XOR6
2640: 34 28 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 20 4(LOAD64(state[
2650: 31 5d 29 2c 20 4c 4f 41 44 36 34 28 69 6e 70 75 1]), LOAD64(inpu
2660: 74 5b 20 31 5d 29 29 3b 20 5c 0a 20 20 20 20 58 t[ 1])); \. X
2670: 23 23 62 69 20 3d 20 58 4f 52 36 34 28 4c 4f 41 ##bi = XOR64(LOA
2680: 44 36 34 28 73 74 61 74 65 5b 20 32 5d 29 2c 20 D64(state[ 2]),
2690: 4c 4f 41 44 36 34 28 69 6e 70 75 74 5b 20 32 5d LOAD64(input[ 2]
26a0: 29 29 3b 20 5c 0a 20 20 20 20 58 23 23 62 6f 20 )); \. X##bo
26b0: 3d 20 58 4f 52 36 34 28 4c 4f 41 44 36 34 28 73 = XOR64(LOAD64(s
26c0: 74 61 74 65 5b 20 33 5d 29 2c 20 4c 4f 41 44 36 tate[ 3]), LOAD6
26d0: 34 28 69 6e 70 75 74 5b 20 33 5d 29 29 3b 20 5c 4(input[ 3])); \
26e0: 0a 20 20 20 20 58 23 23 62 75 20 3d 20 58 4f 52 . X##bu = XOR
26f0: 36 34 28 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 64(LOAD64(state[
2700: 20 34 5d 29 2c 20 4c 4f 41 44 36 34 28 69 6e 70 4]), LOAD64(inp
2710: 75 74 5b 20 34 5d 29 29 3b 20 5c 0a 20 20 20 20 ut[ 4])); \.
2720: 58 23 23 67 61 20 3d 20 58 4f 52 36 34 28 4c 4f X##ga = XOR64(LO
2730: 41 44 36 34 28 73 74 61 74 65 5b 20 35 5d 29 2c AD64(state[ 5]),
2740: 20 4c 4f 41 44 36 34 28 69 6e 70 75 74 5b 20 35 LOAD64(input[ 5
2750: 5d 29 29 3b 20 5c 0a 20 20 20 20 58 23 23 67 65 ])); \. X##ge
2760: 20 3d 20 58 4f 52 36 34 28 4c 4f 41 44 36 34 28 = XOR64(LOAD64(
2770: 73 74 61 74 65 5b 20 36 5d 29 2c 20 4c 4f 41 44 state[ 6]), LOAD
2780: 36 34 28 69 6e 70 75 74 5b 20 36 5d 29 29 3b 20 64(input[ 6]));
2790: 5c 0a 20 20 20 20 58 23 23 67 69 20 3d 20 58 4f \. X##gi = XO
27a0: 52 36 34 28 4c 4f 41 44 36 34 28 73 74 61 74 65 R64(LOAD64(state
27b0: 5b 20 37 5d 29 2c 20 4c 4f 41 44 36 34 28 69 6e [ 7]), LOAD64(in
27c0: 70 75 74 5b 20 37 5d 29 29 3b 20 5c 0a 20 20 20 put[ 7])); \.
27d0: 20 58 23 23 67 6f 20 3d 20 58 4f 52 36 34 28 4c X##go = XOR64(L
27e0: 4f 41 44 36 34 28 73 74 61 74 65 5b 20 38 5d 29 OAD64(state[ 8])
27f0: 2c 20 4c 4f 41 44 36 34 28 69 6e 70 75 74 5b 20 , LOAD64(input[
2800: 38 5d 29 29 3b 20 5c 0a 20 20 20 20 58 23 23 67 8])); \. X##g
2810: 75 20 3d 20 58 4f 52 36 34 28 4c 4f 41 44 36 34 u = XOR64(LOAD64
2820: 28 73 74 61 74 65 5b 20 39 5d 29 2c 20 4c 4f 41 (state[ 9]), LOA
2830: 44 36 34 28 69 6e 70 75 74 5b 20 39 5d 29 29 3b D64(input[ 9]));
2840: 20 5c 0a 20 20 20 20 58 23 23 6b 61 20 3d 20 58 \. X##ka = X
2850: 4f 52 36 34 28 4c 4f 41 44 36 34 28 73 74 61 74 OR64(LOAD64(stat
2860: 65 5b 31 30 5d 29 2c 20 4c 4f 41 44 36 34 28 69 e[10]), LOAD64(i
2870: 6e 70 75 74 5b 31 30 5d 29 29 3b 20 5c 0a 20 20 nput[10])); \.
2880: 20 20 58 23 23 6b 65 20 3d 20 58 4f 52 36 34 28 X##ke = XOR64(
2890: 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 31 31 5d LOAD64(state[11]
28a0: 29 2c 20 4c 4f 41 44 36 34 28 69 6e 70 75 74 5b ), LOAD64(input[
28b0: 31 31 5d 29 29 3b 20 5c 0a 20 20 20 20 58 23 23 11])); \. X##
28c0: 6b 69 20 3d 20 58 4f 52 36 34 28 4c 4f 41 44 36 ki = XOR64(LOAD6
28d0: 34 28 73 74 61 74 65 5b 31 32 5d 29 2c 20 4c 4f 4(state[12]), LO
28e0: 41 44 36 34 28 69 6e 70 75 74 5b 31 32 5d 29 29 AD64(input[12]))
28f0: 3b 20 5c 0a 20 20 20 20 58 23 23 6b 6f 20 3d 20 ; \. X##ko =
2900: 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 31 33 5d LOAD64(state[13]
2910: 29 3b 20 5c 0a 20 20 20 20 58 23 23 6b 75 20 3d ); \. X##ku =
2920: 20 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 31 34 LOAD64(state[14
2930: 5d 29 3b 20 5c 0a 20 20 20 20 58 23 23 6d 61 20 ]); \. X##ma
2940: 3d 20 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 31 = LOAD64(state[1
2950: 35 5d 29 3b 20 5c 0a 20 20 20 20 58 23 23 6d 65 5]); \. X##me
2960: 20 3d 20 4c 4f 41 44 36 34 28 73 74 61 74 65 5b = LOAD64(state[
2970: 31 36 5d 29 3b 20 5c 0a 20 20 20 20 58 23 23 6d 16]); \. X##m
2980: 69 20 3d 20 4c 4f 41 44 36 34 28 73 74 61 74 65 i = LOAD64(state
2990: 5b 31 37 5d 29 3b 20 5c 0a 20 20 20 20 58 23 23 [17]); \. X##
29a0: 6d 6f 20 3d 20 4c 4f 41 44 36 34 28 73 74 61 74 mo = LOAD64(stat
29b0: 65 5b 31 38 5d 29 3b 20 5c 0a 20 20 20 20 58 23 e[18]); \. X#
29c0: 23 6d 75 20 3d 20 4c 4f 41 44 36 34 28 73 74 61 #mu = LOAD64(sta
29d0: 74 65 5b 31 39 5d 29 3b 20 5c 0a 20 20 20 20 58 te[19]); \. X
29e0: 23 23 73 61 20 3d 20 4c 4f 41 44 36 34 28 73 74 ##sa = LOAD64(st
29f0: 61 74 65 5b 32 30 5d 29 3b 20 5c 0a 20 20 20 20 ate[20]); \.
2a00: 58 23 23 73 65 20 3d 20 4c 4f 41 44 36 34 28 73 X##se = LOAD64(s
2a10: 74 61 74 65 5b 32 31 5d 29 3b 20 5c 0a 20 20 20 tate[21]); \.
2a20: 20 58 23 23 73 69 20 3d 20 4c 4f 41 44 36 34 28 X##si = LOAD64(
2a30: 73 74 61 74 65 5b 32 32 5d 29 3b 20 5c 0a 20 20 state[22]); \.
2a40: 20 20 58 23 23 73 6f 20 3d 20 4c 4f 41 44 36 34 X##so = LOAD64
2a50: 28 73 74 61 74 65 5b 32 33 5d 29 3b 20 5c 0a 20 (state[23]); \.
2a60: 20 20 20 58 23 23 73 75 20 3d 20 4c 4f 41 44 36 X##su = LOAD6
2a70: 34 28 73 74 61 74 65 5b 32 34 5d 29 3b 20 5c 0a 4(state[24]); \.
2a80: 0a 23 64 65 66 69 6e 65 20 63 6f 70 79 46 72 6f .#define copyFro
2a90: 6d 53 74 61 74 65 41 6e 64 58 6f 72 31 30 32 34 mStateAndXor1024
2aa0: 62 69 74 73 28 58 2c 20 73 74 61 74 65 2c 20 69 bits(X, state, i
2ab0: 6e 70 75 74 29 20 5c 0a 20 20 20 20 58 23 23 62 nput) \. X##b
2ac0: 61 20 3d 20 58 4f 52 36 34 28 4c 4f 41 44 36 34 a = XOR64(LOAD64
2ad0: 28 73 74 61 74 65 5b 20 30 5d 29 2c 20 4c 4f 41 (state[ 0]), LOA
2ae0: 44 36 34 28 69 6e 70 75 74 5b 20 30 5d 29 29 3b D64(input[ 0]));
2af0: 20 5c 0a 20 20 20 20 58 23 23 62 65 20 3d 20 58 \. X##be = X
2b00: 4f 52 36 34 28 4c 4f 41 44 36 34 28 73 74 61 74 OR64(LOAD64(stat
2b10: 65 5b 20 31 5d 29 2c 20 4c 4f 41 44 36 34 28 69 e[ 1]), LOAD64(i
2b20: 6e 70 75 74 5b 20 31 5d 29 29 3b 20 5c 0a 20 20 nput[ 1])); \.
2b30: 20 20 58 23 23 62 69 20 3d 20 58 4f 52 36 34 28 X##bi = XOR64(
2b40: 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 20 32 5d LOAD64(state[ 2]
2b50: 29 2c 20 4c 4f 41 44 36 34 28 69 6e 70 75 74 5b ), LOAD64(input[
2b60: 20 32 5d 29 29 3b 20 5c 0a 20 20 20 20 58 23 23 2])); \. X##
2b70: 62 6f 20 3d 20 58 4f 52 36 34 28 4c 4f 41 44 36 bo = XOR64(LOAD6
2b80: 34 28 73 74 61 74 65 5b 20 33 5d 29 2c 20 4c 4f 4(state[ 3]), LO
2b90: 41 44 36 34 28 69 6e 70 75 74 5b 20 33 5d 29 29 AD64(input[ 3]))
2ba0: 3b 20 5c 0a 20 20 20 20 58 23 23 62 75 20 3d 20 ; \. X##bu =
2bb0: 58 4f 52 36 34 28 4c 4f 41 44 36 34 28 73 74 61 XOR64(LOAD64(sta
2bc0: 74 65 5b 20 34 5d 29 2c 20 4c 4f 41 44 36 34 28 te[ 4]), LOAD64(
2bd0: 69 6e 70 75 74 5b 20 34 5d 29 29 3b 20 5c 0a 20 input[ 4])); \.
2be0: 20 20 20 58 23 23 67 61 20 3d 20 58 4f 52 36 34 X##ga = XOR64
2bf0: 28 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 20 35 (LOAD64(state[ 5
2c00: 5d 29 2c 20 4c 4f 41 44 36 34 28 69 6e 70 75 74 ]), LOAD64(input
2c10: 5b 20 35 5d 29 29 3b 20 5c 0a 20 20 20 20 58 23 [ 5])); \. X#
2c20: 23 67 65 20 3d 20 58 4f 52 36 34 28 4c 4f 41 44 #ge = XOR64(LOAD
2c30: 36 34 28 73 74 61 74 65 5b 20 36 5d 29 2c 20 4c 64(state[ 6]), L
2c40: 4f 41 44 36 34 28 69 6e 70 75 74 5b 20 36 5d 29 OAD64(input[ 6])
2c50: 29 3b 20 5c 0a 20 20 20 20 58 23 23 67 69 20 3d ); \. X##gi =
2c60: 20 58 4f 52 36 34 28 4c 4f 41 44 36 34 28 73 74 XOR64(LOAD64(st
2c70: 61 74 65 5b 20 37 5d 29 2c 20 4c 4f 41 44 36 34 ate[ 7]), LOAD64
2c80: 28 69 6e 70 75 74 5b 20 37 5d 29 29 3b 20 5c 0a (input[ 7])); \.
2c90: 20 20 20 20 58 23 23 67 6f 20 3d 20 58 4f 52 36 X##go = XOR6
2ca0: 34 28 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 20 4(LOAD64(state[
2cb0: 38 5d 29 2c 20 4c 4f 41 44 36 34 28 69 6e 70 75 8]), LOAD64(inpu
2cc0: 74 5b 20 38 5d 29 29 3b 20 5c 0a 20 20 20 20 58 t[ 8])); \. X
2cd0: 23 23 67 75 20 3d 20 58 4f 52 36 34 28 4c 4f 41 ##gu = XOR64(LOA
2ce0: 44 36 34 28 73 74 61 74 65 5b 20 39 5d 29 2c 20 D64(state[ 9]),
2cf0: 4c 4f 41 44 36 34 28 69 6e 70 75 74 5b 20 39 5d LOAD64(input[ 9]
2d00: 29 29 3b 20 5c 0a 20 20 20 20 58 23 23 6b 61 20 )); \. X##ka
2d10: 3d 20 58 4f 52 36 34 28 4c 4f 41 44 36 34 28 73 = XOR64(LOAD64(s
2d20: 74 61 74 65 5b 31 30 5d 29 2c 20 4c 4f 41 44 36 tate[10]), LOAD6
2d30: 34 28 69 6e 70 75 74 5b 31 30 5d 29 29 3b 20 5c 4(input[10])); \
2d40: 0a 20 20 20 20 58 23 23 6b 65 20 3d 20 58 4f 52 . X##ke = XOR
2d50: 36 34 28 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 64(LOAD64(state[
2d60: 31 31 5d 29 2c 20 4c 4f 41 44 36 34 28 69 6e 70 11]), LOAD64(inp
2d70: 75 74 5b 31 31 5d 29 29 3b 20 5c 0a 20 20 20 20 ut[11])); \.
2d80: 58 23 23 6b 69 20 3d 20 58 4f 52 36 34 28 4c 4f X##ki = XOR64(LO
2d90: 41 44 36 34 28 73 74 61 74 65 5b 31 32 5d 29 2c AD64(state[12]),
2da0: 20 4c 4f 41 44 36 34 28 69 6e 70 75 74 5b 31 32 LOAD64(input[12
2db0: 5d 29 29 3b 20 5c 0a 20 20 20 20 58 23 23 6b 6f ])); \. X##ko
2dc0: 20 3d 20 58 4f 52 36 34 28 4c 4f 41 44 36 34 28 = XOR64(LOAD64(
2dd0: 73 74 61 74 65 5b 31 33 5d 29 2c 20 4c 4f 41 44 state[13]), LOAD
2de0: 36 34 28 69 6e 70 75 74 5b 31 33 5d 29 29 3b 20 64(input[13]));
2df0: 5c 0a 20 20 20 20 58 23 23 6b 75 20 3d 20 58 4f \. X##ku = XO
2e00: 52 36 34 28 4c 4f 41 44 36 34 28 73 74 61 74 65 R64(LOAD64(state
2e10: 5b 31 34 5d 29 2c 20 4c 4f 41 44 36 34 28 69 6e [14]), LOAD64(in
2e20: 70 75 74 5b 31 34 5d 29 29 3b 20 5c 0a 20 20 20 put[14])); \.
2e30: 20 58 23 23 6d 61 20 3d 20 58 4f 52 36 34 28 4c X##ma = XOR64(L
2e40: 4f 41 44 36 34 28 73 74 61 74 65 5b 31 35 5d 29 OAD64(state[15])
2e50: 2c 20 4c 4f 41 44 36 34 28 69 6e 70 75 74 5b 31 , LOAD64(input[1
2e60: 35 5d 29 29 3b 20 5c 0a 20 20 20 20 58 23 23 6d 5])); \. X##m
2e70: 65 20 3d 20 4c 4f 41 44 36 34 28 73 74 61 74 65 e = LOAD64(state
2e80: 5b 31 36 5d 29 3b 20 5c 0a 20 20 20 20 58 23 23 [16]); \. X##
2e90: 6d 69 20 3d 20 4c 4f 41 44 36 34 28 73 74 61 74 mi = LOAD64(stat
2ea0: 65 5b 31 37 5d 29 3b 20 5c 0a 20 20 20 20 58 23 e[17]); \. X#
2eb0: 23 6d 6f 20 3d 20 4c 4f 41 44 36 34 28 73 74 61 #mo = LOAD64(sta
2ec0: 74 65 5b 31 38 5d 29 3b 20 5c 0a 20 20 20 20 58 te[18]); \. X
2ed0: 23 23 6d 75 20 3d 20 4c 4f 41 44 36 34 28 73 74 ##mu = LOAD64(st
2ee0: 61 74 65 5b 31 39 5d 29 3b 20 5c 0a 20 20 20 20 ate[19]); \.
2ef0: 58 23 23 73 61 20 3d 20 4c 4f 41 44 36 34 28 73 X##sa = LOAD64(s
2f00: 74 61 74 65 5b 32 30 5d 29 3b 20 5c 0a 20 20 20 tate[20]); \.
2f10: 20 58 23 23 73 65 20 3d 20 4c 4f 41 44 36 34 28 X##se = LOAD64(
2f20: 73 74 61 74 65 5b 32 31 5d 29 3b 20 5c 0a 20 20 state[21]); \.
2f30: 20 20 58 23 23 73 69 20 3d 20 4c 4f 41 44 36 34 X##si = LOAD64
2f40: 28 73 74 61 74 65 5b 32 32 5d 29 3b 20 5c 0a 20 (state[22]); \.
2f50: 20 20 20 58 23 23 73 6f 20 3d 20 4c 4f 41 44 36 X##so = LOAD6
2f60: 34 28 73 74 61 74 65 5b 32 33 5d 29 3b 20 5c 0a 4(state[23]); \.
2f70: 20 20 20 20 58 23 23 73 75 20 3d 20 4c 4f 41 44 X##su = LOAD
2f80: 36 34 28 73 74 61 74 65 5b 32 34 5d 29 3b 20 5c 64(state[24]); \
2f90: 0a 0a 23 64 65 66 69 6e 65 20 63 6f 70 79 46 72 ..#define copyFr
2fa0: 6f 6d 53 74 61 74 65 41 6e 64 58 6f 72 31 30 38 omStateAndXor108
2fb0: 38 62 69 74 73 28 58 2c 20 73 74 61 74 65 2c 20 8bits(X, state,
2fc0: 69 6e 70 75 74 29 20 5c 0a 20 20 20 20 58 23 23 input) \. X##
2fd0: 62 61 20 3d 20 58 4f 52 36 34 28 4c 4f 41 44 36 ba = XOR64(LOAD6
2fe0: 34 28 73 74 61 74 65 5b 20 30 5d 29 2c 20 4c 4f 4(state[ 0]), LO
2ff0: 41 44 36 34 28 69 6e 70 75 74 5b 20 30 5d 29 29 AD64(input[ 0]))
3000: 3b 20 5c 0a 20 20 20 20 58 23 23 62 65 20 3d 20 ; \. X##be =
3010: 58 4f 52 36 34 28 4c 4f 41 44 36 34 28 73 74 61 XOR64(LOAD64(sta
3020: 74 65 5b 20 31 5d 29 2c 20 4c 4f 41 44 36 34 28 te[ 1]), LOAD64(
3030: 69 6e 70 75 74 5b 20 31 5d 29 29 3b 20 5c 0a 20 input[ 1])); \.
3040: 20 20 20 58 23 23 62 69 20 3d 20 58 4f 52 36 34 X##bi = XOR64
3050: 28 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 20 32 (LOAD64(state[ 2
3060: 5d 29 2c 20 4c 4f 41 44 36 34 28 69 6e 70 75 74 ]), LOAD64(input
3070: 5b 20 32 5d 29 29 3b 20 5c 0a 20 20 20 20 58 23 [ 2])); \. X#
3080: 23 62 6f 20 3d 20 58 4f 52 36 34 28 4c 4f 41 44 #bo = XOR64(LOAD
3090: 36 34 28 73 74 61 74 65 5b 20 33 5d 29 2c 20 4c 64(state[ 3]), L
30a0: 4f 41 44 36 34 28 69 6e 70 75 74 5b 20 33 5d 29 OAD64(input[ 3])
30b0: 29 3b 20 5c 0a 20 20 20 20 58 23 23 62 75 20 3d ); \. X##bu =
30c0: 20 58 4f 52 36 34 28 4c 4f 41 44 36 34 28 73 74 XOR64(LOAD64(st
30d0: 61 74 65 5b 20 34 5d 29 2c 20 4c 4f 41 44 36 34 ate[ 4]), LOAD64
30e0: 28 69 6e 70 75 74 5b 20 34 5d 29 29 3b 20 5c 0a (input[ 4])); \.
30f0: 20 20 20 20 58 23 23 67 61 20 3d 20 58 4f 52 36 X##ga = XOR6
3100: 34 28 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 20 4(LOAD64(state[
3110: 35 5d 29 2c 20 4c 4f 41 44 36 34 28 69 6e 70 75 5]), LOAD64(inpu
3120: 74 5b 20 35 5d 29 29 3b 20 5c 0a 20 20 20 20 58 t[ 5])); \. X
3130: 23 23 67 65 20 3d 20 58 4f 52 36 34 28 4c 4f 41 ##ge = XOR64(LOA
3140: 44 36 34 28 73 74 61 74 65 5b 20 36 5d 29 2c 20 D64(state[ 6]),
3150: 4c 4f 41 44 36 34 28 69 6e 70 75 74 5b 20 36 5d LOAD64(input[ 6]
3160: 29 29 3b 20 5c 0a 20 20 20 20 58 23 23 67 69 20 )); \. X##gi
3170: 3d 20 58 4f 52 36 34 28 4c 4f 41 44 36 34 28 73 = XOR64(LOAD64(s
3180: 74 61 74 65 5b 20 37 5d 29 2c 20 4c 4f 41 44 36 tate[ 7]), LOAD6
3190: 34 28 69 6e 70 75 74 5b 20 37 5d 29 29 3b 20 5c 4(input[ 7])); \
31a0: 0a 20 20 20 20 58 23 23 67 6f 20 3d 20 58 4f 52 . X##go = XOR
31b0: 36 34 28 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 64(LOAD64(state[
31c0: 20 38 5d 29 2c 20 4c 4f 41 44 36 34 28 69 6e 70 8]), LOAD64(inp
31d0: 75 74 5b 20 38 5d 29 29 3b 20 5c 0a 20 20 20 20 ut[ 8])); \.
31e0: 58 23 23 67 75 20 3d 20 58 4f 52 36 34 28 4c 4f X##gu = XOR64(LO
31f0: 41 44 36 34 28 73 74 61 74 65 5b 20 39 5d 29 2c AD64(state[ 9]),
3200: 20 4c 4f 41 44 36 34 28 69 6e 70 75 74 5b 20 39 LOAD64(input[ 9
3210: 5d 29 29 3b 20 5c 0a 20 20 20 20 58 23 23 6b 61 ])); \. X##ka
3220: 20 3d 20 58 4f 52 36 34 28 4c 4f 41 44 36 34 28 = XOR64(LOAD64(
3230: 73 74 61 74 65 5b 31 30 5d 29 2c 20 4c 4f 41 44 state[10]), LOAD
3240: 36 34 28 69 6e 70 75 74 5b 31 30 5d 29 29 3b 20 64(input[10]));
3250: 5c 0a 20 20 20 20 58 23 23 6b 65 20 3d 20 58 4f \. X##ke = XO
3260: 52 36 34 28 4c 4f 41 44 36 34 28 73 74 61 74 65 R64(LOAD64(state
3270: 5b 31 31 5d 29 2c 20 4c 4f 41 44 36 34 28 69 6e [11]), LOAD64(in
3280: 70 75 74 5b 31 31 5d 29 29 3b 20 5c 0a 20 20 20 put[11])); \.
3290: 20 58 23 23 6b 69 20 3d 20 58 4f 52 36 34 28 4c X##ki = XOR64(L
32a0: 4f 41 44 36 34 28 73 74 61 74 65 5b 31 32 5d 29 OAD64(state[12])
32b0: 2c 20 4c 4f 41 44 36 34 28 69 6e 70 75 74 5b 31 , LOAD64(input[1
32c0: 32 5d 29 29 3b 20 5c 0a 20 20 20 20 58 23 23 6b 2])); \. X##k
32d0: 6f 20 3d 20 58 4f 52 36 34 28 4c 4f 41 44 36 34 o = XOR64(LOAD64
32e0: 28 73 74 61 74 65 5b 31 33 5d 29 2c 20 4c 4f 41 (state[13]), LOA
32f0: 44 36 34 28 69 6e 70 75 74 5b 31 33 5d 29 29 3b D64(input[13]));
3300: 20 5c 0a 20 20 20 20 58 23 23 6b 75 20 3d 20 58 \. X##ku = X
3310: 4f 52 36 34 28 4c 4f 41 44 36 34 28 73 74 61 74 OR64(LOAD64(stat
3320: 65 5b 31 34 5d 29 2c 20 4c 4f 41 44 36 34 28 69 e[14]), LOAD64(i
3330: 6e 70 75 74 5b 31 34 5d 29 29 3b 20 5c 0a 20 20 nput[14])); \.
3340: 20 20 58 23 23 6d 61 20 3d 20 58 4f 52 36 34 28 X##ma = XOR64(
3350: 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 31 35 5d LOAD64(state[15]
3360: 29 2c 20 4c 4f 41 44 36 34 28 69 6e 70 75 74 5b ), LOAD64(input[
3370: 31 35 5d 29 29 3b 20 5c 0a 20 20 20 20 58 23 23 15])); \. X##
3380: 6d 65 20 3d 20 58 4f 52 36 34 28 4c 4f 41 44 36 me = XOR64(LOAD6
3390: 34 28 73 74 61 74 65 5b 31 36 5d 29 2c 20 4c 4f 4(state[16]), LO
33a0: 41 44 36 34 28 69 6e 70 75 74 5b 31 36 5d 29 29 AD64(input[16]))
33b0: 3b 20 5c 0a 20 20 20 20 58 23 23 6d 69 20 3d 20 ; \. X##mi =
33c0: 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 31 37 5d LOAD64(state[17]
33d0: 29 3b 20 5c 0a 20 20 20 20 58 23 23 6d 6f 20 3d ); \. X##mo =
33e0: 20 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 31 38 LOAD64(state[18
33f0: 5d 29 3b 20 5c 0a 20 20 20 20 58 23 23 6d 75 20 ]); \. X##mu
3400: 3d 20 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 31 = LOAD64(state[1
3410: 39 5d 29 3b 20 5c 0a 20 20 20 20 58 23 23 73 61 9]); \. X##sa
3420: 20 3d 20 4c 4f 41 44 36 34 28 73 74 61 74 65 5b = LOAD64(state[
3430: 32 30 5d 29 3b 20 5c 0a 20 20 20 20 58 23 23 73 20]); \. X##s
3440: 65 20 3d 20 4c 4f 41 44 36 34 28 73 74 61 74 65 e = LOAD64(state
3450: 5b 32 31 5d 29 3b 20 5c 0a 20 20 20 20 58 23 23 [21]); \. X##
3460: 73 69 20 3d 20 4c 4f 41 44 36 34 28 73 74 61 74 si = LOAD64(stat
3470: 65 5b 32 32 5d 29 3b 20 5c 0a 20 20 20 20 58 23 e[22]); \. X#
3480: 23 73 6f 20 3d 20 4c 4f 41 44 36 34 28 73 74 61 #so = LOAD64(sta
3490: 74 65 5b 32 33 5d 29 3b 20 5c 0a 20 20 20 20 58 te[23]); \. X
34a0: 23 23 73 75 20 3d 20 4c 4f 41 44 36 34 28 73 74 ##su = LOAD64(st
34b0: 61 74 65 5b 32 34 5d 29 3b 20 5c 0a 0a 23 64 65 ate[24]); \..#de
34c0: 66 69 6e 65 20 63 6f 70 79 46 72 6f 6d 53 74 61 fine copyFromSta
34d0: 74 65 41 6e 64 58 6f 72 31 31 35 32 62 69 74 73 teAndXor1152bits
34e0: 28 58 2c 20 73 74 61 74 65 2c 20 69 6e 70 75 74 (X, state, input
34f0: 29 20 5c 0a 20 20 20 20 58 23 23 62 61 20 3d 20 ) \. X##ba =
3500: 58 4f 52 36 34 28 4c 4f 41 44 36 34 28 73 74 61 XOR64(LOAD64(sta
3510: 74 65 5b 20 30 5d 29 2c 20 4c 4f 41 44 36 34 28 te[ 0]), LOAD64(
3520: 69 6e 70 75 74 5b 20 30 5d 29 29 3b 20 5c 0a 20 input[ 0])); \.
3530: 20 20 20 58 23 23 62 65 20 3d 20 58 4f 52 36 34 X##be = XOR64
3540: 28 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 20 31 (LOAD64(state[ 1
3550: 5d 29 2c 20 4c 4f 41 44 36 34 28 69 6e 70 75 74 ]), LOAD64(input
3560: 5b 20 31 5d 29 29 3b 20 5c 0a 20 20 20 20 58 23 [ 1])); \. X#
3570: 23 62 69 20 3d 20 58 4f 52 36 34 28 4c 4f 41 44 #bi = XOR64(LOAD
3580: 36 34 28 73 74 61 74 65 5b 20 32 5d 29 2c 20 4c 64(state[ 2]), L
3590: 4f 41 44 36 34 28 69 6e 70 75 74 5b 20 32 5d 29 OAD64(input[ 2])
35a0: 29 3b 20 5c 0a 20 20 20 20 58 23 23 62 6f 20 3d ); \. X##bo =
35b0: 20 58 4f 52 36 34 28 4c 4f 41 44 36 34 28 73 74 XOR64(LOAD64(st
35c0: 61 74 65 5b 20 33 5d 29 2c 20 4c 4f 41 44 36 34 ate[ 3]), LOAD64
35d0: 28 69 6e 70 75 74 5b 20 33 5d 29 29 3b 20 5c 0a (input[ 3])); \.
35e0: 20 20 20 20 58 23 23 62 75 20 3d 20 58 4f 52 36 X##bu = XOR6
35f0: 34 28 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 20 4(LOAD64(state[
3600: 34 5d 29 2c 20 4c 4f 41 44 36 34 28 69 6e 70 75 4]), LOAD64(inpu
3610: 74 5b 20 34 5d 29 29 3b 20 5c 0a 20 20 20 20 58 t[ 4])); \. X
3620: 23 23 67 61 20 3d 20 58 4f 52 36 34 28 4c 4f 41 ##ga = XOR64(LOA
3630: 44 36 34 28 73 74 61 74 65 5b 20 35 5d 29 2c 20 D64(state[ 5]),
3640: 4c 4f 41 44 36 34 28 69 6e 70 75 74 5b 20 35 5d LOAD64(input[ 5]
3650: 29 29 3b 20 5c 0a 20 20 20 20 58 23 23 67 65 20 )); \. X##ge
3660: 3d 20 58 4f 52 36 34 28 4c 4f 41 44 36 34 28 73 = XOR64(LOAD64(s
3670: 74 61 74 65 5b 20 36 5d 29 2c 20 4c 4f 41 44 36 tate[ 6]), LOAD6
3680: 34 28 69 6e 70 75 74 5b 20 36 5d 29 29 3b 20 5c 4(input[ 6])); \
3690: 0a 20 20 20 20 58 23 23 67 69 20 3d 20 58 4f 52 . X##gi = XOR
36a0: 36 34 28 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 64(LOAD64(state[
36b0: 20 37 5d 29 2c 20 4c 4f 41 44 36 34 28 69 6e 70 7]), LOAD64(inp
36c0: 75 74 5b 20 37 5d 29 29 3b 20 5c 0a 20 20 20 20 ut[ 7])); \.
36d0: 58 23 23 67 6f 20 3d 20 58 4f 52 36 34 28 4c 4f X##go = XOR64(LO
36e0: 41 44 36 34 28 73 74 61 74 65 5b 20 38 5d 29 2c AD64(state[ 8]),
36f0: 20 4c 4f 41 44 36 34 28 69 6e 70 75 74 5b 20 38 LOAD64(input[ 8
3700: 5d 29 29 3b 20 5c 0a 20 20 20 20 58 23 23 67 75 ])); \. X##gu
3710: 20 3d 20 58 4f 52 36 34 28 4c 4f 41 44 36 34 28 = XOR64(LOAD64(
3720: 73 74 61 74 65 5b 20 39 5d 29 2c 20 4c 4f 41 44 state[ 9]), LOAD
3730: 36 34 28 69 6e 70 75 74 5b 20 39 5d 29 29 3b 20 64(input[ 9]));
3740: 5c 0a 20 20 20 20 58 23 23 6b 61 20 3d 20 58 4f \. X##ka = XO
3750: 52 36 34 28 4c 4f 41 44 36 34 28 73 74 61 74 65 R64(LOAD64(state
3760: 5b 31 30 5d 29 2c 20 4c 4f 41 44 36 34 28 69 6e [10]), LOAD64(in
3770: 70 75 74 5b 31 30 5d 29 29 3b 20 5c 0a 20 20 20 put[10])); \.
3780: 20 58 23 23 6b 65 20 3d 20 58 4f 52 36 34 28 4c X##ke = XOR64(L
3790: 4f 41 44 36 34 28 73 74 61 74 65 5b 31 31 5d 29 OAD64(state[11])
37a0: 2c 20 4c 4f 41 44 36 34 28 69 6e 70 75 74 5b 31 , LOAD64(input[1
37b0: 31 5d 29 29 3b 20 5c 0a 20 20 20 20 58 23 23 6b 1])); \. X##k
37c0: 69 20 3d 20 58 4f 52 36 34 28 4c 4f 41 44 36 34 i = XOR64(LOAD64
37d0: 28 73 74 61 74 65 5b 31 32 5d 29 2c 20 4c 4f 41 (state[12]), LOA
37e0: 44 36 34 28 69 6e 70 75 74 5b 31 32 5d 29 29 3b D64(input[12]));
37f0: 20 5c 0a 20 20 20 20 58 23 23 6b 6f 20 3d 20 58 \. X##ko = X
3800: 4f 52 36 34 28 4c 4f 41 44 36 34 28 73 74 61 74 OR64(LOAD64(stat
3810: 65 5b 31 33 5d 29 2c 20 4c 4f 41 44 36 34 28 69 e[13]), LOAD64(i
3820: 6e 70 75 74 5b 31 33 5d 29 29 3b 20 5c 0a 20 20 nput[13])); \.
3830: 20 20 58 23 23 6b 75 20 3d 20 58 4f 52 36 34 28 X##ku = XOR64(
3840: 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 31 34 5d LOAD64(state[14]
3850: 29 2c 20 4c 4f 41 44 36 34 28 69 6e 70 75 74 5b ), LOAD64(input[
3860: 31 34 5d 29 29 3b 20 5c 0a 20 20 20 20 58 23 23 14])); \. X##
3870: 6d 61 20 3d 20 58 4f 52 36 34 28 4c 4f 41 44 36 ma = XOR64(LOAD6
3880: 34 28 73 74 61 74 65 5b 31 35 5d 29 2c 20 4c 4f 4(state[15]), LO
3890: 41 44 36 34 28 69 6e 70 75 74 5b 31 35 5d 29 29 AD64(input[15]))
38a0: 3b 20 5c 0a 20 20 20 20 58 23 23 6d 65 20 3d 20 ; \. X##me =
38b0: 58 4f 52 36 34 28 4c 4f 41 44 36 34 28 73 74 61 XOR64(LOAD64(sta
38c0: 74 65 5b 31 36 5d 29 2c 20 4c 4f 41 44 36 34 28 te[16]), LOAD64(
38d0: 69 6e 70 75 74 5b 31 36 5d 29 29 3b 20 5c 0a 20 input[16])); \.
38e0: 20 20 20 58 23 23 6d 69 20 3d 20 58 4f 52 36 34 X##mi = XOR64
38f0: 28 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 31 37 (LOAD64(state[17
3900: 5d 29 2c 20 4c 4f 41 44 36 34 28 69 6e 70 75 74 ]), LOAD64(input
3910: 5b 31 37 5d 29 29 3b 20 5c 0a 20 20 20 20 58 23 [17])); \. X#
3920: 23 6d 6f 20 3d 20 4c 4f 41 44 36 34 28 73 74 61 #mo = LOAD64(sta
3930: 74 65 5b 31 38 5d 29 3b 20 5c 0a 20 20 20 20 58 te[18]); \. X
3940: 23 23 6d 75 20 3d 20 4c 4f 41 44 36 34 28 73 74 ##mu = LOAD64(st
3950: 61 74 65 5b 31 39 5d 29 3b 20 5c 0a 20 20 20 20 ate[19]); \.
3960: 58 23 23 73 61 20 3d 20 4c 4f 41 44 36 34 28 73 X##sa = LOAD64(s
3970: 74 61 74 65 5b 32 30 5d 29 3b 20 5c 0a 20 20 20 tate[20]); \.
3980: 20 58 23 23 73 65 20 3d 20 4c 4f 41 44 36 34 28 X##se = LOAD64(
3990: 73 74 61 74 65 5b 32 31 5d 29 3b 20 5c 0a 20 20 state[21]); \.
39a0: 20 20 58 23 23 73 69 20 3d 20 4c 4f 41 44 36 34 X##si = LOAD64
39b0: 28 73 74 61 74 65 5b 32 32 5d 29 3b 20 5c 0a 20 (state[22]); \.
39c0: 20 20 20 58 23 23 73 6f 20 3d 20 4c 4f 41 44 36 X##so = LOAD6
39d0: 34 28 73 74 61 74 65 5b 32 33 5d 29 3b 20 5c 0a 4(state[23]); \.
39e0: 20 20 20 20 58 23 23 73 75 20 3d 20 4c 4f 41 44 X##su = LOAD
39f0: 36 34 28 73 74 61 74 65 5b 32 34 5d 29 3b 20 5c 64(state[24]); \
3a00: 0a 0a 23 64 65 66 69 6e 65 20 63 6f 70 79 46 72 ..#define copyFr
3a10: 6f 6d 53 74 61 74 65 41 6e 64 58 6f 72 31 33 34 omStateAndXor134
3a20: 34 62 69 74 73 28 58 2c 20 73 74 61 74 65 2c 20 4bits(X, state,
3a30: 69 6e 70 75 74 29 20 5c 0a 20 20 20 20 58 23 23 input) \. X##
3a40: 62 61 20 3d 20 58 4f 52 36 34 28 4c 4f 41 44 36 ba = XOR64(LOAD6
3a50: 34 28 73 74 61 74 65 5b 20 30 5d 29 2c 20 4c 4f 4(state[ 0]), LO
3a60: 41 44 36 34 28 69 6e 70 75 74 5b 20 30 5d 29 29 AD64(input[ 0]))
3a70: 3b 20 5c 0a 20 20 20 20 58 23 23 62 65 20 3d 20 ; \. X##be =
3a80: 58 4f 52 36 34 28 4c 4f 41 44 36 34 28 73 74 61 XOR64(LOAD64(sta
3a90: 74 65 5b 20 31 5d 29 2c 20 4c 4f 41 44 36 34 28 te[ 1]), LOAD64(
3aa0: 69 6e 70 75 74 5b 20 31 5d 29 29 3b 20 5c 0a 20 input[ 1])); \.
3ab0: 20 20 20 58 23 23 62 69 20 3d 20 58 4f 52 36 34 X##bi = XOR64
3ac0: 28 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 20 32 (LOAD64(state[ 2
3ad0: 5d 29 2c 20 4c 4f 41 44 36 34 28 69 6e 70 75 74 ]), LOAD64(input
3ae0: 5b 20 32 5d 29 29 3b 20 5c 0a 20 20 20 20 58 23 [ 2])); \. X#
3af0: 23 62 6f 20 3d 20 58 4f 52 36 34 28 4c 4f 41 44 #bo = XOR64(LOAD
3b00: 36 34 28 73 74 61 74 65 5b 20 33 5d 29 2c 20 4c 64(state[ 3]), L
3b10: 4f 41 44 36 34 28 69 6e 70 75 74 5b 20 33 5d 29 OAD64(input[ 3])
3b20: 29 3b 20 5c 0a 20 20 20 20 58 23 23 62 75 20 3d ); \. X##bu =
3b30: 20 58 4f 52 36 34 28 4c 4f 41 44 36 34 28 73 74 XOR64(LOAD64(st
3b40: 61 74 65 5b 20 34 5d 29 2c 20 4c 4f 41 44 36 34 ate[ 4]), LOAD64
3b50: 28 69 6e 70 75 74 5b 20 34 5d 29 29 3b 20 5c 0a (input[ 4])); \.
3b60: 20 20 20 20 58 23 23 67 61 20 3d 20 58 4f 52 36 X##ga = XOR6
3b70: 34 28 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 20 4(LOAD64(state[
3b80: 35 5d 29 2c 20 4c 4f 41 44 36 34 28 69 6e 70 75 5]), LOAD64(inpu
3b90: 74 5b 20 35 5d 29 29 3b 20 5c 0a 20 20 20 20 58 t[ 5])); \. X
3ba0: 23 23 67 65 20 3d 20 58 4f 52 36 34 28 4c 4f 41 ##ge = XOR64(LOA
3bb0: 44 36 34 28 73 74 61 74 65 5b 20 36 5d 29 2c 20 D64(state[ 6]),
3bc0: 4c 4f 41 44 36 34 28 69 6e 70 75 74 5b 20 36 5d LOAD64(input[ 6]
3bd0: 29 29 3b 20 5c 0a 20 20 20 20 58 23 23 67 69 20 )); \. X##gi
3be0: 3d 20 58 4f 52 36 34 28 4c 4f 41 44 36 34 28 73 = XOR64(LOAD64(s
3bf0: 74 61 74 65 5b 20 37 5d 29 2c 20 4c 4f 41 44 36 tate[ 7]), LOAD6
3c00: 34 28 69 6e 70 75 74 5b 20 37 5d 29 29 3b 20 5c 4(input[ 7])); \
3c10: 0a 20 20 20 20 58 23 23 67 6f 20 3d 20 58 4f 52 . X##go = XOR
3c20: 36 34 28 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 64(LOAD64(state[
3c30: 20 38 5d 29 2c 20 4c 4f 41 44 36 34 28 69 6e 70 8]), LOAD64(inp
3c40: 75 74 5b 20 38 5d 29 29 3b 20 5c 0a 20 20 20 20 ut[ 8])); \.
3c50: 58 23 23 67 75 20 3d 20 58 4f 52 36 34 28 4c 4f X##gu = XOR64(LO
3c60: 41 44 36 34 28 73 74 61 74 65 5b 20 39 5d 29 2c AD64(state[ 9]),
3c70: 20 4c 4f 41 44 36 34 28 69 6e 70 75 74 5b 20 39 LOAD64(input[ 9
3c80: 5d 29 29 3b 20 5c 0a 20 20 20 20 58 23 23 6b 61 ])); \. X##ka
3c90: 20 3d 20 58 4f 52 36 34 28 4c 4f 41 44 36 34 28 = XOR64(LOAD64(
3ca0: 73 74 61 74 65 5b 31 30 5d 29 2c 20 4c 4f 41 44 state[10]), LOAD
3cb0: 36 34 28 69 6e 70 75 74 5b 31 30 5d 29 29 3b 20 64(input[10]));
3cc0: 5c 0a 20 20 20 20 58 23 23 6b 65 20 3d 20 58 4f \. X##ke = XO
3cd0: 52 36 34 28 4c 4f 41 44 36 34 28 73 74 61 74 65 R64(LOAD64(state
3ce0: 5b 31 31 5d 29 2c 20 4c 4f 41 44 36 34 28 69 6e [11]), LOAD64(in
3cf0: 70 75 74 5b 31 31 5d 29 29 3b 20 5c 0a 20 20 20 put[11])); \.
3d00: 20 58 23 23 6b 69 20 3d 20 58 4f 52 36 34 28 4c X##ki = XOR64(L
3d10: 4f 41 44 36 34 28 73 74 61 74 65 5b 31 32 5d 29 OAD64(state[12])
3d20: 2c 20 4c 4f 41 44 36 34 28 69 6e 70 75 74 5b 31 , LOAD64(input[1
3d30: 32 5d 29 29 3b 20 5c 0a 20 20 20 20 58 23 23 6b 2])); \. X##k
3d40: 6f 20 3d 20 58 4f 52 36 34 28 4c 4f 41 44 36 34 o = XOR64(LOAD64
3d50: 28 73 74 61 74 65 5b 31 33 5d 29 2c 20 4c 4f 41 (state[13]), LOA
3d60: 44 36 34 28 69 6e 70 75 74 5b 31 33 5d 29 29 3b D64(input[13]));
3d70: 20 5c 0a 20 20 20 20 58 23 23 6b 75 20 3d 20 58 \. X##ku = X
3d80: 4f 52 36 34 28 4c 4f 41 44 36 34 28 73 74 61 74 OR64(LOAD64(stat
3d90: 65 5b 31 34 5d 29 2c 20 4c 4f 41 44 36 34 28 69 e[14]), LOAD64(i
3da0: 6e 70 75 74 5b 31 34 5d 29 29 3b 20 5c 0a 20 20 nput[14])); \.
3db0: 20 20 58 23 23 6d 61 20 3d 20 58 4f 52 36 34 28 X##ma = XOR64(
3dc0: 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 31 35 5d LOAD64(state[15]
3dd0: 29 2c 20 4c 4f 41 44 36 34 28 69 6e 70 75 74 5b ), LOAD64(input[
3de0: 31 35 5d 29 29 3b 20 5c 0a 20 20 20 20 58 23 23 15])); \. X##
3df0: 6d 65 20 3d 20 58 4f 52 36 34 28 4c 4f 41 44 36 me = XOR64(LOAD6
3e00: 34 28 73 74 61 74 65 5b 31 36 5d 29 2c 20 4c 4f 4(state[16]), LO
3e10: 41 44 36 34 28 69 6e 70 75 74 5b 31 36 5d 29 29 AD64(input[16]))
3e20: 3b 20 5c 0a 20 20 20 20 58 23 23 6d 69 20 3d 20 ; \. X##mi =
3e30: 58 4f 52 36 34 28 4c 4f 41 44 36 34 28 73 74 61 XOR64(LOAD64(sta
3e40: 74 65 5b 31 37 5d 29 2c 20 4c 4f 41 44 36 34 28 te[17]), LOAD64(
3e50: 69 6e 70 75 74 5b 31 37 5d 29 29 3b 20 5c 0a 20 input[17])); \.
3e60: 20 20 20 58 23 23 6d 6f 20 3d 20 58 4f 52 36 34 X##mo = XOR64
3e70: 28 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 31 38 (LOAD64(state[18
3e80: 5d 29 2c 20 4c 4f 41 44 36 34 28 69 6e 70 75 74 ]), LOAD64(input
3e90: 5b 31 38 5d 29 29 3b 20 5c 0a 20 20 20 20 58 23 [18])); \. X#
3ea0: 23 6d 75 20 3d 20 58 4f 52 36 34 28 4c 4f 41 44 #mu = XOR64(LOAD
3eb0: 36 34 28 73 74 61 74 65 5b 31 39 5d 29 2c 20 4c 64(state[19]), L
3ec0: 4f 41 44 36 34 28 69 6e 70 75 74 5b 31 39 5d 29 OAD64(input[19])
3ed0: 29 3b 20 5c 0a 20 20 20 20 58 23 23 73 61 20 3d ); \. X##sa =
3ee0: 20 58 4f 52 36 34 28 4c 4f 41 44 36 34 28 73 74 XOR64(LOAD64(st
3ef0: 61 74 65 5b 32 30 5d 29 2c 20 4c 4f 41 44 36 34 ate[20]), LOAD64
3f00: 28 69 6e 70 75 74 5b 32 30 5d 29 29 3b 20 5c 0a (input[20])); \.
3f10: 20 20 20 20 58 23 23 73 65 20 3d 20 4c 4f 41 44 X##se = LOAD
3f20: 36 34 28 73 74 61 74 65 5b 32 31 5d 29 3b 20 5c 64(state[21]); \
3f30: 0a 20 20 20 20 58 23 23 73 69 20 3d 20 4c 4f 41 . X##si = LOA
3f40: 44 36 34 28 73 74 61 74 65 5b 32 32 5d 29 3b 20 D64(state[22]);
3f50: 5c 0a 20 20 20 20 58 23 23 73 6f 20 3d 20 4c 4f \. X##so = LO
3f60: 41 44 36 34 28 73 74 61 74 65 5b 32 33 5d 29 3b AD64(state[23]);
3f70: 20 5c 0a 20 20 20 20 58 23 23 73 75 20 3d 20 4c \. X##su = L
3f80: 4f 41 44 36 34 28 73 74 61 74 65 5b 32 34 5d 29 OAD64(state[24])
3f90: 3b 20 5c 0a 0a 23 64 65 66 69 6e 65 20 63 6f 70 ; \..#define cop
3fa0: 79 46 72 6f 6d 53 74 61 74 65 28 58 2c 20 73 74 yFromState(X, st
3fb0: 61 74 65 29 20 5c 0a 20 20 20 20 58 23 23 62 61 ate) \. X##ba
3fc0: 20 3d 20 4c 4f 41 44 36 34 28 73 74 61 74 65 5b = LOAD64(state[
3fd0: 20 30 5d 29 3b 20 5c 0a 20 20 20 20 58 23 23 62 0]); \. X##b
3fe0: 65 20 3d 20 4c 4f 41 44 36 34 28 73 74 61 74 65 e = LOAD64(state
3ff0: 5b 20 31 5d 29 3b 20 5c 0a 20 20 20 20 58 23 23 [ 1]); \. X##
4000: 62 69 20 3d 20 4c 4f 41 44 36 34 28 73 74 61 74 bi = LOAD64(stat
4010: 65 5b 20 32 5d 29 3b 20 5c 0a 20 20 20 20 58 23 e[ 2]); \. X#
4020: 23 62 6f 20 3d 20 4c 4f 41 44 36 34 28 73 74 61 #bo = LOAD64(sta
4030: 74 65 5b 20 33 5d 29 3b 20 5c 0a 20 20 20 20 58 te[ 3]); \. X
4040: 23 23 62 75 20 3d 20 4c 4f 41 44 36 34 28 73 74 ##bu = LOAD64(st
4050: 61 74 65 5b 20 34 5d 29 3b 20 5c 0a 20 20 20 20 ate[ 4]); \.
4060: 58 23 23 67 61 20 3d 20 4c 4f 41 44 36 34 28 73 X##ga = LOAD64(s
4070: 74 61 74 65 5b 20 35 5d 29 3b 20 5c 0a 20 20 20 tate[ 5]); \.
4080: 20 58 23 23 67 65 20 3d 20 4c 4f 41 44 36 34 28 X##ge = LOAD64(
4090: 73 74 61 74 65 5b 20 36 5d 29 3b 20 5c 0a 20 20 state[ 6]); \.
40a0: 20 20 58 23 23 67 69 20 3d 20 4c 4f 41 44 36 34 X##gi = LOAD64
40b0: 28 73 74 61 74 65 5b 20 37 5d 29 3b 20 5c 0a 20 (state[ 7]); \.
40c0: 20 20 20 58 23 23 67 6f 20 3d 20 4c 4f 41 44 36 X##go = LOAD6
40d0: 34 28 73 74 61 74 65 5b 20 38 5d 29 3b 20 5c 0a 4(state[ 8]); \.
40e0: 20 20 20 20 58 23 23 67 75 20 3d 20 4c 4f 41 44 X##gu = LOAD
40f0: 36 34 28 73 74 61 74 65 5b 20 39 5d 29 3b 20 5c 64(state[ 9]); \
4100: 0a 20 20 20 20 58 23 23 6b 61 20 3d 20 4c 4f 41 . X##ka = LOA
4110: 44 36 34 28 73 74 61 74 65 5b 31 30 5d 29 3b 20 D64(state[10]);
4120: 5c 0a 20 20 20 20 58 23 23 6b 65 20 3d 20 4c 4f \. X##ke = LO
4130: 41 44 36 34 28 73 74 61 74 65 5b 31 31 5d 29 3b AD64(state[11]);
4140: 20 5c 0a 20 20 20 20 58 23 23 6b 69 20 3d 20 4c \. X##ki = L
4150: 4f 41 44 36 34 28 73 74 61 74 65 5b 31 32 5d 29 OAD64(state[12])
4160: 3b 20 5c 0a 20 20 20 20 58 23 23 6b 6f 20 3d 20 ; \. X##ko =
4170: 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 31 33 5d LOAD64(state[13]
4180: 29 3b 20 5c 0a 20 20 20 20 58 23 23 6b 75 20 3d ); \. X##ku =
4190: 20 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 31 34 LOAD64(state[14
41a0: 5d 29 3b 20 5c 0a 20 20 20 20 58 23 23 6d 61 20 ]); \. X##ma
41b0: 3d 20 4c 4f 41 44 36 34 28 73 74 61 74 65 5b 31 = LOAD64(state[1
41c0: 35 5d 29 3b 20 5c 0a 20 20 20 20 58 23 23 6d 65 5]); \. X##me
41d0: 20 3d 20 4c 4f 41 44 36 34 28 73 74 61 74 65 5b = LOAD64(state[
41e0: 31 36 5d 29 3b 20 5c 0a 20 20 20 20 58 23 23 6d 16]); \. X##m
41f0: 69 20 3d 20 4c 4f 41 44 36 34 28 73 74 61 74 65 i = LOAD64(state
4200: 5b 31 37 5d 29 3b 20 5c 0a 20 20 20 20 58 23 23 [17]); \. X##
4210: 6d 6f 20 3d 20 4c 4f 41 44 36 34 28 73 74 61 74 mo = LOAD64(stat
4220: 65 5b 31 38 5d 29 3b 20 5c 0a 20 20 20 20 58 23 e[18]); \. X#
4230: 23 6d 75 20 3d 20 4c 4f 41 44 36 34 28 73 74 61 #mu = LOAD64(sta
4240: 74 65 5b 31 39 5d 29 3b 20 5c 0a 20 20 20 20 58 te[19]); \. X
4250: 23 23 73 61 20 3d 20 4c 4f 41 44 36 34 28 73 74 ##sa = LOAD64(st
4260: 61 74 65 5b 32 30 5d 29 3b 20 5c 0a 20 20 20 20 ate[20]); \.
4270: 58 23 23 73 65 20 3d 20 4c 4f 41 44 36 34 28 73 X##se = LOAD64(s
4280: 74 61 74 65 5b 32 31 5d 29 3b 20 5c 0a 20 20 20 tate[21]); \.
4290: 20 58 23 23 73 69 20 3d 20 4c 4f 41 44 36 34 28 X##si = LOAD64(
42a0: 73 74 61 74 65 5b 32 32 5d 29 3b 20 5c 0a 20 20 state[22]); \.
42b0: 20 20 58 23 23 73 6f 20 3d 20 4c 4f 41 44 36 34 X##so = LOAD64
42c0: 28 73 74 61 74 65 5b 32 33 5d 29 3b 20 5c 0a 20 (state[23]); \.
42d0: 20 20 20 58 23 23 73 75 20 3d 20 4c 4f 41 44 36 X##su = LOAD6
42e0: 34 28 73 74 61 74 65 5b 32 34 5d 29 3b 20 5c 0a 4(state[24]); \.
42f0: 0a 23 64 65 66 69 6e 65 20 63 6f 70 79 54 6f 53 .#define copyToS
4300: 74 61 74 65 28 73 74 61 74 65 2c 20 58 29 20 5c tate(state, X) \
4310: 0a 20 20 20 20 53 54 4f 52 45 36 34 28 73 74 61 . STORE64(sta
4320: 74 65 5b 20 30 5d 2c 20 58 23 23 62 61 29 3b 20 te[ 0], X##ba);
4330: 5c 0a 20 20 20 20 53 54 4f 52 45 36 34 28 73 74 \. STORE64(st
4340: 61 74 65 5b 20 31 5d 2c 20 58 23 23 62 65 29 3b ate[ 1], X##be);
4350: 20 5c 0a 20 20 20 20 53 54 4f 52 45 36 34 28 73 \. STORE64(s
4360: 74 61 74 65 5b 20 32 5d 2c 20 58 23 23 62 69 29 tate[ 2], X##bi)
4370: 3b 20 5c 0a 20 20 20 20 53 54 4f 52 45 36 34 28 ; \. STORE64(
4380: 73 74 61 74 65 5b 20 33 5d 2c 20 58 23 23 62 6f state[ 3], X##bo
4390: 29 3b 20 5c 0a 20 20 20 20 53 54 4f 52 45 36 34 ); \. STORE64
43a0: 28 73 74 61 74 65 5b 20 34 5d 2c 20 58 23 23 62 (state[ 4], X##b
43b0: 75 29 3b 20 5c 0a 20 20 20 20 53 54 4f 52 45 36 u); \. STORE6
43c0: 34 28 73 74 61 74 65 5b 20 35 5d 2c 20 58 23 23 4(state[ 5], X##
43d0: 67 61 29 3b 20 5c 0a 20 20 20 20 53 54 4f 52 45 ga); \. STORE
43e0: 36 34 28 73 74 61 74 65 5b 20 36 5d 2c 20 58 23 64(state[ 6], X#
43f0: 23 67 65 29 3b 20 5c 0a 20 20 20 20 53 54 4f 52 #ge); \. STOR
4400: 45 36 34 28 73 74 61 74 65 5b 20 37 5d 2c 20 58 E64(state[ 7], X
4410: 23 23 67 69 29 3b 20 5c 0a 20 20 20 20 53 54 4f ##gi); \. STO
4420: 52 45 36 34 28 73 74 61 74 65 5b 20 38 5d 2c 20 RE64(state[ 8],
4430: 58 23 23 67 6f 29 3b 20 5c 0a 20 20 20 20 53 54 X##go); \. ST
4440: 4f 52 45 36 34 28 73 74 61 74 65 5b 20 39 5d 2c ORE64(state[ 9],
4450: 20 58 23 23 67 75 29 3b 20 5c 0a 20 20 20 20 53 X##gu); \. S
4460: 54 4f 52 45 36 34 28 73 74 61 74 65 5b 31 30 5d TORE64(state[10]
4470: 2c 20 58 23 23 6b 61 29 3b 20 5c 0a 20 20 20 20 , X##ka); \.
4480: 53 54 4f 52 45 36 34 28 73 74 61 74 65 5b 31 31 STORE64(state[11
4490: 5d 2c 20 58 23 23 6b 65 29 3b 20 5c 0a 20 20 20 ], X##ke); \.
44a0: 20 53 54 4f 52 45 36 34 28 73 74 61 74 65 5b 31 STORE64(state[1
44b0: 32 5d 2c 20 58 23 23 6b 69 29 3b 20 5c 0a 20 20 2], X##ki); \.
44c0: 20 20 53 54 4f 52 45 36 34 28 73 74 61 74 65 5b STORE64(state[
44d0: 31 33 5d 2c 20 58 23 23 6b 6f 29 3b 20 5c 0a 20 13], X##ko); \.
44e0: 20 20 20 53 54 4f 52 45 36 34 28 73 74 61 74 65 STORE64(state
44f0: 5b 31 34 5d 2c 20 58 23 23 6b 75 29 3b 20 5c 0a [14], X##ku); \.
4500: 20 20 20 20 53 54 4f 52 45 36 34 28 73 74 61 74 STORE64(stat
4510: 65 5b 31 35 5d 2c 20 58 23 23 6d 61 29 3b 20 5c e[15], X##ma); \
4520: 0a 20 20 20 20 53 54 4f 52 45 36 34 28 73 74 61 . STORE64(sta
4530: 74 65 5b 31 36 5d 2c 20 58 23 23 6d 65 29 3b 20 te[16], X##me);
4540: 5c 0a 20 20 20 20 53 54 4f 52 45 36 34 28 73 74 \. STORE64(st
4550: 61 74 65 5b 31 37 5d 2c 20 58 23 23 6d 69 29 3b ate[17], X##mi);
4560: 20 5c 0a 20 20 20 20 53 54 4f 52 45 36 34 28 73 \. STORE64(s
4570: 74 61 74 65 5b 31 38 5d 2c 20 58 23 23 6d 6f 29 tate[18], X##mo)
4580: 3b 20 5c 0a 20 20 20 20 53 54 4f 52 45 36 34 28 ; \. STORE64(
4590: 73 74 61 74 65 5b 31 39 5d 2c 20 58 23 23 6d 75 state[19], X##mu
45a0: 29 3b 20 5c 0a 20 20 20 20 53 54 4f 52 45 36 34 ); \. STORE64
45b0: 28 73 74 61 74 65 5b 32 30 5d 2c 20 58 23 23 73 (state[20], X##s
45c0: 61 29 3b 20 5c 0a 20 20 20 20 53 54 4f 52 45 36 a); \. STORE6
45d0: 34 28 73 74 61 74 65 5b 32 31 5d 2c 20 58 23 23 4(state[21], X##
45e0: 73 65 29 3b 20 5c 0a 20 20 20 20 53 54 4f 52 45 se); \. STORE
45f0: 36 34 28 73 74 61 74 65 5b 32 32 5d 2c 20 58 23 64(state[22], X#
4600: 23 73 69 29 3b 20 5c 0a 20 20 20 20 53 54 4f 52 #si); \. STOR
4610: 45 36 34 28 73 74 61 74 65 5b 32 33 5d 2c 20 58 E64(state[23], X
4620: 23 23 73 6f 29 3b 20 5c 0a 20 20 20 20 53 54 4f ##so); \. STO
4630: 52 45 36 34 28 73 74 61 74 65 5b 32 34 5d 2c 20 RE64(state[24],
4640: 58 23 23 73 75 29 3b 20 5c 0a 0a 23 64 65 66 69 X##su); \..#defi
4650: 6e 65 20 63 6f 70 79 53 74 61 74 65 56 61 72 69 ne copyStateVari
4660: 61 62 6c 65 73 28 58 2c 20 59 29 20 5c 0a 20 20 ables(X, Y) \.
4670: 20 20 58 23 23 62 61 20 3d 20 59 23 23 62 61 3b X##ba = Y##ba;
4680: 20 5c 0a 20 20 20 20 58 23 23 62 65 20 3d 20 59 \. X##be = Y
4690: 23 23 62 65 3b 20 5c 0a 20 20 20 20 58 23 23 62 ##be; \. X##b
46a0: 69 20 3d 20 59 23 23 62 69 3b 20 5c 0a 20 20 20 i = Y##bi; \.
46b0: 20 58 23 23 62 6f 20 3d 20 59 23 23 62 6f 3b 20 X##bo = Y##bo;
46c0: 5c 0a 20 20 20 20 58 23 23 62 75 20 3d 20 59 23 \. X##bu = Y#
46d0: 23 62 75 3b 20 5c 0a 20 20 20 20 58 23 23 67 61 #bu; \. X##ga
46e0: 20 3d 20 59 23 23 67 61 3b 20 5c 0a 20 20 20 20 = Y##ga; \.
46f0: 58 23 23 67 65 20 3d 20 59 23 23 67 65 3b 20 5c X##ge = Y##ge; \
4700: 0a 20 20 20 20 58 23 23 67 69 20 3d 20 59 23 23 . X##gi = Y##
4710: 67 69 3b 20 5c 0a 20 20 20 20 58 23 23 67 6f 20 gi; \. X##go
4720: 3d 20 59 23 23 67 6f 3b 20 5c 0a 20 20 20 20 58 = Y##go; \. X
4730: 23 23 67 75 20 3d 20 59 23 23 67 75 3b 20 5c 0a ##gu = Y##gu; \.
4740: 20 20 20 20 58 23 23 6b 61 20 3d 20 59 23 23 6b X##ka = Y##k
4750: 61 3b 20 5c 0a 20 20 20 20 58 23 23 6b 65 20 3d a; \. X##ke =
4760: 20 59 23 23 6b 65 3b 20 5c 0a 20 20 20 20 58 23 Y##ke; \. X#
4770: 23 6b 69 20 3d 20 59 23 23 6b 69 3b 20 5c 0a 20 #ki = Y##ki; \.
4780: 20 20 20 58 23 23 6b 6f 20 3d 20 59 23 23 6b 6f X##ko = Y##ko
4790: 3b 20 5c 0a 20 20 20 20 58 23 23 6b 75 20 3d 20 ; \. X##ku =
47a0: 59 23 23 6b 75 3b 20 5c 0a 20 20 20 20 58 23 23 Y##ku; \. X##
47b0: 6d 61 20 3d 20 59 23 23 6d 61 3b 20 5c 0a 20 20 ma = Y##ma; \.
47c0: 20 20 58 23 23 6d 65 20 3d 20 59 23 23 6d 65 3b X##me = Y##me;
47d0: 20 5c 0a 20 20 20 20 58 23 23 6d 69 20 3d 20 59 \. X##mi = Y
47e0: 23 23 6d 69 3b 20 5c 0a 20 20 20 20 58 23 23 6d ##mi; \. X##m
47f0: 6f 20 3d 20 59 23 23 6d 6f 3b 20 5c 0a 20 20 20 o = Y##mo; \.
4800: 20 58 23 23 6d 75 20 3d 20 59 23 23 6d 75 3b 20 X##mu = Y##mu;
4810: 5c 0a 20 20 20 20 58 23 23 73 61 20 3d 20 59 23 \. X##sa = Y#
4820: 23 73 61 3b 20 5c 0a 20 20 20 20 58 23 23 73 65 #sa; \. X##se
4830: 20 3d 20 59 23 23 73 65 3b 20 5c 0a 20 20 20 20 = Y##se; \.
4840: 58 23 23 73 69 20 3d 20 59 23 23 73 69 3b 20 5c X##si = Y##si; \
4850: 0a 20 20 20 20 58 23 23 73 6f 20 3d 20 59 23 23 . X##so = Y##
4860: 73 6f 3b 20 5c 0a 20 20 20 20 58 23 23 73 75 20 so; \. X##su
4870: 3d 20 59 23 23 73 75 3b 20 5c 0a 0a = Y##su; \..