C:\Users\Administrator>cd ..C:\Users>cd ,,C:\UsersC:\Users>git diff c:

1. C:\Users\Administrator>cd ..
2.  
3. C:\Users>cd ,,
4. C:\Users
5.  
6. C:\Users>git diff c:\1\sumokoin c:\1\2\sumokoin
7. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/HEAD.
8. The file will have its original line endings in your working directory.
9. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/HEAD.
10. The file will have its original line endings in your working directory.
11. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/config.
12. The file will have its original line endings in your working directory.
13. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/config.
14. The file will have its original line endings in your working directory.
15. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/description.
16. The file will have its original line endings in your working directory.
17. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/description.
18. The file will have its original line endings in your working directory.
19. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/hooks/applypatch-msg.sample.
20. The file will have its original line endings in your working directory.
21. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/hooks/applypatch-msg.sample.
22. The file will have its original line endings in your working directory.
23. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/hooks/commit-msg.sample.
24. The file will have its original line endings in your working directory.
25. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/hooks/commit-msg.sample.
26. The file will have its original line endings in your working directory.
27. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/hooks/fsmonitor-watchman.sample.
28. The file will have its original line endings in your working directory.
29. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/hooks/fsmonitor-watchman.sample.
30. The file will have its original line endings in your working directory.
31. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/hooks/post-update.sample.
32. The file will have its original line endings in your working directory.
33. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/hooks/post-update.sample.
34. The file will have its original line endings in your working directory.
35. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/hooks/pre-applypatch.sample.
36. The file will have its original line endings in your working directory.
37. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/hooks/pre-applypatch.sample.
38. The file will have its original line endings in your working directory.
39. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/hooks/pre-commit.sample.
40. The file will have its original line endings in your working directory.
41. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/hooks/pre-commit.sample.
42. The file will have its original line endings in your working directory.
43. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/hooks/pre-push.sample.
44. The file will have its original line endings in your working directory.
45. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/hooks/pre-push.sample.
46. The file will have its original line endings in your working directory.
47. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/hooks/pre-rebase.sample.
48. The file will have its original line endings in your working directory.
49. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/hooks/pre-rebase.sample.
50. The file will have its original line endings in your working directory.
51. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/hooks/pre-receive.sample.
52. The file will have its original line endings in your working directory.
53. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/hooks/pre-receive.sample.
54. The file will have its original line endings in your working directory.
55. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/hooks/prepare-commit-msg.sample.
56. The file will have its original line endings in your working directory.
57. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/hooks/prepare-commit-msg.sample.
58. The file will have its original line endings in your working directory.
59. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/hooks/update.sample.
60. The file will have its original line endings in your working directory.
61. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/hooks/update.sample.
62. The file will have its original line endings in your working directory.
63. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/info/exclude.
64. The file will have its original line endings in your working directory.
65. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/info/exclude.
66. The file will have its original line endings in your working directory.
67. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/logs/HEAD.
68. The file will have its original line endings in your working directory.
69. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/logs/HEAD.
70. The file will have its original line endings in your working directory.
71. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/logs/refs/remotes/origin/HEAD.
72. The file will have its original line endings in your working directory.
73. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/logs/refs/remotes/origin/HEAD.
74. The file will have its original line endings in your working directory.
75. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/packed-refs.
76. The file will have its original line endings in your working directory.
77. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/packed-refs.
78. The file will have its original line endings in your working directory.
79. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/refs/remotes/origin/HEAD.
80. The file will have its original line endings in your working directory.
81. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/refs/remotes/origin/HEAD.
82. The file will have its original line endings in your working directory.
83. warning: LF will be replaced by CRLF in c:\1\sumokoin/contrib/epee/include/console_handler.h.
84. The file will have its original line endings in your working directory.
85. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/contrib/epee/include/console_handler.h.
86. The file will have its original line endings in your working directory.
87. warning: LF will be replaced by CRLF in c:\1\sumokoin/contrib/epee/include/serialization/keyvalue_serialization_overloads.h.
88. The file will have its original line endings in your working directory.
89. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/contrib/epee/include/serialization/keyvalue_serialization_overloads.h.
90. The file will have its original line endings in your working directory.
91. warning: LF will be replaced by CRLF in c:\1\sumokoin/external/unbound/contrib/warmup.cmd.
92. The file will have its original line endings in your working directory.
93. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/external/unbound/contrib/warmup.cmd.
94. The file will have its original line endings in your working directory.
95. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/crypto/crypto.cpp.
96. The file will have its original line endings in your working directory.
97. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/crypto/crypto.cpp.
98. The file will have its original line endings in your working directory.
99. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/crypto/crypto.h.
100. The file will have its original line endings in your working directory.
101. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/crypto/crypto.h.
102. The file will have its original line endings in your working directory.
103. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/cryptonote_core/cryptonote_basic.h.
104. The file will have its original line endings in your working directory.
105. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/cryptonote_core/cryptonote_basic.h.
106. The file will have its original line endings in your working directory.
107. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/cryptonote_core/cryptonote_basic_impl.h.
108. The file will have its original line endings in your working directory.
109. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/cryptonote_core/cryptonote_basic_impl.h.
110. The file will have its original line endings in your working directory.
111. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/cryptonote_core/cryptonote_format_utils.cpp.
112. The file will have its original line endings in your working directory.
113. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/cryptonote_core/cryptonote_format_utils.h.
114. The file will have its original line endings in your working directory.
115. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/cryptonote_core/miner.cpp.
116. The file will have its original line endings in your working directory.
117. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/daemon/command_parser_executor.cpp.
118. The file will have its original line endings in your working directory.
119. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/daemon/command_parser_executor.cpp.
120. The file will have its original line endings in your working directory.
121. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/mnemonics/german.h.
122. The file will have its original line endings in your working directory.
123. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/mnemonics/german.h.
124. The file will have its original line endings in your working directory.
125. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/mnemonics/italian.h.
126. The file will have its original line endings in your working directory.
127. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/mnemonics/italian.h.
128. The file will have its original line endings in your working directory.
129. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/mnemonics/russian.h.
130. The file will have its original line endings in your working directory.
131. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/mnemonics/russian.h.
132. The file will have its original line endings in your working directory.
133. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/rpc/core_rpc_server.cpp.
134. The file will have its original line endings in your working directory.
135. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/rpc/core_rpc_server.cpp.
136. The file will have its original line endings in your working directory.
137. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/wallet/api/pending_transaction.h.
138. The file will have its original line endings in your working directory.
139. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/wallet/api/pending_transaction.h.
140. The file will have its original line endings in your working directory.
141. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/wallet/api/wallet.h.
142. The file will have its original line endings in your working directory.
143. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/wallet/api/wallet.h.
144. The file will have its original line endings in your working directory.
145. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/wallet/wallet2.cpp.
146. The file will have its original line endings in your working directory.
147. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/wallet/wallet2.cpp.
148. The file will have its original line endings in your working directory.
149. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/wallet/wallet2.h.
150. The file will have its original line endings in your working directory.
151. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/wallet/wallet2.h.
152. The file will have its original line endings in your working directory.
153. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/wallet/wallet_rpc_server.cpp.
154. The file will have its original line endings in your working directory.
155. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/wallet/wallet_rpc_server.cpp.
156. The file will have its original line endings in your working directory.
157. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/wallet/wallet_rpc_server_error_codes.h.
158. The file will have its original line endings in your working directory.
159. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/wallet/wallet_rpc_server_error_codes.h.
160. The file will have its original line endings in your working directory.
161. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/refs/heads/master.
162. The file will have its original line endings in your working directory.
163. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/logs/refs/heads/master.
164. The file will have its original line endings in your working directory.
165. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/logs/refs/heads/pow-change.
166. The file will have its original line endings in your working directory.
167. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/refs/heads/pow-change.
168. The file will have its original line endings in your working directory.
169. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/refs/heads/master.
170. The file will have its original line endings in your working directory.
171. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/refs/heads/pow-change.
172. The file will have its original line endings in your working directory.
173. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/logs/refs/heads/master.
174. The file will have its original line endings in your working directory.
175. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/logs/refs/heads/pow-change.
176. The file will have its original line endings in your working directory.
177. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/refs/heads/master.
178. The file will have its original line endings in your working directory.
179. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/refs/heads/pow-change.
180. The file will have its original line endings in your working directory.
181. diff --git "a/c:\\1\\sumokoin/.git/HEAD" "b/c:\\1\\2\\sumokoin/.git/HEAD"
182. index cb089cd..277049a 100644
183. --- "a/c:\\1\\sumokoin/.git/HEAD"
184. +++ "b/c:\\1\\2\\sumokoin/.git/HEAD"
185. @@ -1 +1 @@
186. -ref: refs/heads/master
187. +ref: refs/heads/pow-change
188. diff --git "a/c:\\1\\sumokoin/.git/config" "b/c:\\1\\2\\sumokoin/.git/config"
189. index 67a4572..5b239db 100644
190. --- "a/c:\\1\\sumokoin/.git/config"
191. +++ "b/c:\\1\\2\\sumokoin/.git/config"
192. @@ -8,6 +8,6 @@
193. [remote "origin"]
194. url = https://github.com/curie-kief/sumokoin
195. fetch = +refs/heads/*:refs/remotes/origin/*
196. -[branch "master"]
197. +[branch "pow-change"]
198. remote = origin
199. - merge = refs/heads/master
200. + merge = refs/heads/pow-change
201. diff --git "a/c:\\1\\sumokoin/.git/index" "b/c:\\1\\2\\sumokoin/.git/index"
202. index 181cbb8..df06eea 100644
203. Binary files "a/c:\\1\\sumokoin/.git/index" and "b/c:\\1\\2\\sumokoin/.git/index" differ
204. diff --git "a/c:\\1\\sumokoin/.git/logs/HEAD" "b/c:\\1\\2\\sumokoin/.git/logs/HEAD"
205. index 6c7ac38..e91a8ea 100644
206. --- "a/c:\\1\\sumokoin/.git/logs/HEAD"
207. +++ "b/c:\\1\\2\\sumokoin/.git/logs/HEAD"
208. @@ -1 +1 @@
209. -0000000000000000000000000000000000000000 5e990642905cef9d75931f202f9d400d3a1e94b0 Administrator <Administrator@EC2AMAZ-S6LBKHP.(none)> 1521577517 +0000 clone: from https://github.com/curie-kief/sumokoin
210. +0000000000000000000000000000000000000000 2561bd3170736c82c2d15a920fecb469d7207645 Administrator <Administrator@EC2AMAZ-S6LBKHP.(none)> 1521577569 +0000 clone: from https://github.com/curie-kief/sumokoin
211. diff --git "a/c:\\1\\sumokoin/.git/logs/refs/heads/master" "b/c:\\1\\sumokoin/.git/logs/refs/heads/master"
212. deleted file mode 100644
213. index 6c7ac38..0000000
214. --- "a/c:\\1\\sumokoin/.git/logs/refs/heads/master"
215. +++ /dev/null
216. @@ -1 +0,0 @@
217. -0000000000000000000000000000000000000000 5e990642905cef9d75931f202f9d400d3a1e94b0 Administrator <Administrator@EC2AMAZ-S6LBKHP.(none)> 1521577517 +0000 clone: from https://github.com/curie-kief/sumokoin
218. diff --git "a/c:\\1\\2\\sumokoin/.git/logs/refs/heads/pow-change" "b/c:\\1\\2\\sumokoin/.git/logs/refs/heads/pow-change"new file mode 100644
219. index 0000000..e91a8ea
220. --- /dev/null
221. +++ "b/c:\\1\\2\\sumokoin/.git/logs/refs/heads/pow-change"
222. @@ -0,0 +1 @@
223. +0000000000000000000000000000000000000000 2561bd3170736c82c2d15a920fecb469d7207645 Administrator <Administrator@EC2AMAZ-S6LBKHP.(none)> 1521577569 +0000 clone: from https://github.com/curie-kief/sumokoin
224. diff --git "a/c:\\1\\sumokoin/.git/logs/refs/remotes/origin/HEAD" "b/c:\\1\\2\\sumokoin/.git/logs/refs/remotes/origin/HEAD"
225. index 6c7ac38..8ed1bb8 100644
226. --- "a/c:\\1\\sumokoin/.git/logs/refs/remotes/origin/HEAD"
227. +++ "b/c:\\1\\2\\sumokoin/.git/logs/refs/remotes/origin/HEAD"
228. @@ -1 +1 @@
229. -0000000000000000000000000000000000000000 5e990642905cef9d75931f202f9d400d3a1e94b0 Administrator <Administrator@EC2AMAZ-S6LBKHP.(none)> 1521577517 +0000 clone: from https://github.com/curie-kief/sumokoin
230. +0000000000000000000000000000000000000000 5e990642905cef9d75931f202f9d400d3a1e94b0 Administrator <Administrator@EC2AMAZ-S6LBKHP.(none)> 1521577569 +0000 clone: from https://github.com/curie-kief/sumokoin
231. diff --git "a/c:\\1\\sumokoin/.git/refs/heads/master" "b/c:\\1\\sumokoin/.git/refs/heads/master"
232. deleted file mode 100644
233. index f2e26d7..0000000
234. --- "a/c:\\1\\sumokoin/.git/refs/heads/master"
235. +++ /dev/null
236. @@ -1 +0,0 @@
237. -5e990642905cef9d75931f202f9d400d3a1e94b0
238. diff --git "a/c:\\1\\2\\sumokoin/.git/refs/heads/pow-change" "b/c:\\1\\2\\sumokoin/.git/refs/heads/pow-change"
239. new file mode 100644
240. index 0000000..74512f5
241. --- /dev/null
242. +++ "b/c:\\1\\2\\sumokoin/.git/refs/heads/pow-change"
243. @@ -0,0 +1 @@
244. +2561bd3170736c82c2d15a920fecb469d7207645
245. diff --git "a/c:\\1\\sumokoin/CMakeLists.txt" "b/c:\\1\\2\\sumokoin/CMakeLists.txt"
246. index 6075c3e..e3d7a76 100644
247. --- "a/c:\\1\\sumokoin/CMakeLists.txt"
248. +++ "b/c:\\1\\2\\sumokoin/CMakeLists.txt"
249. @@ -568,6 +568,8 @@ else()
250. set(CMAKE_AR "gcc-ar")
251. set(CMAKE_RANLIB "gcc-ranlib")
252. endif()
253. + # Default ubuntu 16.04 LTS ld.bfd refuses to cooperate with LTO'ed ar libs for some reason, gold linker works, go figure
254. + set(RELEASE_FLAGS "${RELEASE_FLAGS} -fuse-ld=gold")
255. endif()
256. endif()
257.  
258. diff --git "a/c:\\1\\sumokoin/src/crypto/CMakeLists.txt" "b/c:\\1\\2\\sumokoin/src/crypto/CMakeLists.txt"
259. index 5f3e878..e8eec00 100644
260. --- "a/c:\\1\\sumokoin/src/crypto/CMakeLists.txt"
261. +++ "b/c:\\1\\2\\sumokoin/src/crypto/CMakeLists.txt"
262. @@ -34,18 +34,14 @@ set(crypto_sources
263. crypto-ops.c
264. crypto.cpp
265. groestl.c
266. - hash-extra-blake.c
267. - hash-extra-groestl.c
268. - hash-extra-jh.c
269. - hash-extra-skein.c
270. hash.c
271. jh.c
272. keccak.c
273. - oaes_lib.c
274. random.c
275. skein.c
276. - slow-hash.c
277. - tree-hash.c)
278. + tree-hash.c
279. + cn_slow_hash_soft.cpp
280. + cn_slow_hash_hard_intel.cpp)
281.  
282. set(crypto_headers)
283.  
284. @@ -62,11 +58,10 @@ set(crypto_private_headers
285. initializer.h
286. jh.h
287. keccak.h
288. - oaes_config.h
289. - oaes_lib.h
290. random.h
291. skein.h
292. - skein_port.h)
293. + skein_port.h
294. + cn_slow_hash.hpp)
295.  
296. sumokoin_private_headers(crypto
297. ${crypto_private_headers})
298. @@ -79,23 +74,3 @@ target_link_libraries(crypto
299. ${Boost_SYSTEM_LIBRARY}
300. PRIVATE
301. ${EXTRA_LIBRARIES})
302. -
303. -if (ARM)
304. - option(NO_OPTIMIZED_MULTIPLY_ON_ARM
305. - "Compute multiply using generic C implementation instead of ARM ASM" OFF)
306. - if(NO_OPTIMIZED_MULTIPLY_ON_ARM)
307. - message(STATUS "Using generic C implementation for multiply")
308. - set_property(SOURCE slow-hash.c
309. - PROPERTY COMPILE_DEFINITIONS "NO_OPTIMIZED_MULTIPLY_ON_ARM")
310. - endif()
311. -endif()
312. -
313. -# Because of the way Qt works on android with JNI, the code does not live in the
314. -# main android thread
315. -# So this code runs with a 1 MB default stack size.
316. -# This will force the use of the heap for the allocation of the scratchpad
317. -if (ANDROID OR IOS)
318. - if( BUILD_GUI_DEPS )
319. - add_definitions(-DFORCE_USE_HEAP=1)
320. - endif()
321. -endif()
322. diff --git "a/c:\\1\\sumokoin/src/crypto/chacha8.h" "b/c:\\1\\2\\sumokoin/src/crypto/chacha8.h"
323. index 94c0ba7..ded7914 100644
324. --- "a/c:\\1\\sumokoin/src/crypto/chacha8.h"
325. +++ "b/c:\\1\\2\\sumokoin/src/crypto/chacha8.h"
326. @@ -40,6 +40,7 @@
327. #include <memory.h>
328.  
329. #include "hash.h"
330. +#include "cn_slow_hash.hpp"
331.  
332. namespace crypto {
333. extern "C" {
334. @@ -72,8 +73,9 @@ namespace crypto {
335.  
336. inline void generate_chacha8_key(const void *data, size_t size, chacha8_key& key) {
337. static_assert(sizeof(chacha8_key) <= sizeof(hash), "Size of hash must be at least that of chacha8_key");
338. - char pwd_hash[HASH_SIZE];
339. - crypto::cn_slow_hash(data, size, pwd_hash);
340. + uint8_t pwd_hash[HASH_SIZE];
341. + cn_pow_hash_v1 kdf_hash;
342. + kdf_hash.hash(data, size, pwd_hash);
343. memcpy(&key, pwd_hash, sizeof(key));
344. memset(pwd_hash, 0, sizeof(pwd_hash));
345. }
346. diff --git "a/c:\\1\\2\\sumokoin/src/crypto/cn_slow_hash.hpp" "b/c:\\1\\2\\sumokoin/src/crypto/cn_slow_hash.hpp"
347. new file mode 100644
348. index 0000000..d35782e
349. --- /dev/null
350. +++ "b/c:\\1\\2\\sumokoin/src/crypto/cn_slow_hash.hpp"
351. @@ -0,0 +1,230 @@
352. +// Copyright (c) 2017, SUMOKOIN
353. +//
354. +// All rights reserved.
355. +//
356. +// Redistribution and use in source and binary forms, with or without modification, are
357. +// permitted provided that the following conditions are met:
358. +//
359. +// 1. Redistributions of source code must retain the above copyright notice, this list of
360. +// conditions and the following disclaimer.
361. +//
362. +// 2. Redistributions in binary form must reproduce the above copyright notice, this list
363. +// of conditions and the following disclaimer in the documentation and/or other
364. +// materials provided with the distribution.
365. +//
366. +// 3. Neither the name of the copyright holder nor the names of its contributors may be
367. +// used to endorse or promote products derived from this software without specific
368. +// prior written permission.
369. +//
370. +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
371. +// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
372. +// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
373. +// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
374. +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
375. +// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
376. +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
377. +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
378. +// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
379. +//
380. +// Parts of this file are originally copyright (c) 2014-2017, The Monero Project
381. +// Parts of this file are originally copyright (c) 2012-2013, The Cryptonote developers
382. +
383. +#pragma once
384. +
385. +#include <inttypes.h>
386. +#include <stddef.h>
387. +#include <stdlib.h>
388. +#include <assert.h>
389. +#include <string.h>
390. +
391. +// Note HAS_INTEL_HW and future HAS_ARM_HW only mean we can emit the AES instructions
392. +// check CPU support for the hardware AES encryption has to be done at runtime
393. +#if defined(__x86_64__) || defined(__i386__) || defined(_M_X86) || defined(_M_X64)
394. +#ifdef __GNUC__
395. +#include <x86intrin.h>
396. +#include <cpuid.h>
397. +#pragma GCC target ("aes")
398. +#define HAS_INTEL_HW
399. +#endif
400. +#if defined(_MSC_VER) && !defined(__MINGW32__) && !defined(__MINGW64__)
401. +#include <intrin.h>
402. +#define HAS_INTEL_HW
403. +#endif
404. +#endif
405. +
406. +#if defined(_WIN32) || defined(_WIN64)
407. +#include <malloc.h>
408. +#define WIN_MEM_ALIGN
409. +#endif
410. +
411. +#ifdef HAS_INTEL_HW
412. +inline void cpuid(uint32_t eax, int32_t ecx, int32_t val[4])
413. +{
414. + val[0] = 0;
415. + val[1] = 0;
416. + val[2] = 0;
417. + val[3] = 0;
418. +
419. +#if defined(_MSC_VER) && !defined(__MINGW32__) && !defined(__MINGW64__)
420. + __cpuidex(val, eax, ecx);
421. +#else
422. + __cpuid_count(eax, ecx, val[0], val[1], val[2], val[3]);
423. +#endif
424. +}
425. +
426. +inline bool hw_check_aes()
427. +{
428. + int32_t cpu_info[4];
429. + cpuid(1, 0, cpu_info);
430. + return (cpu_info[2] & (1 << 25)) != 0;
431. +}
432. +#endif
433. +
434. +#ifdef HAS_ARM_HW
435. +inline bool hw_check_aes()
436. +{
437. + return false;
438. +}
439. +#endif
440. +
441. +#if !defined(HAS_INTEL_HW) && !defined(HAS_ARM_HW)
442. +inline bool hw_check_aes()
443. +{
444. + return false;
445. +}
446. +#endif
447. +
448. +// This cruft avoids casting-galore and allows us not to worry about sizeof(void*)
449. +union cn_sptr
450. +{
451. + cn_sptr() : as_void(nullptr) {}
452. + cn_sptr(uint64_t* ptr) { as_uqword = ptr; }
453. + cn_sptr(uint32_t* ptr) { as_udword = ptr; }
454. + cn_sptr(uint8_t* ptr) { as_byte = ptr; }
455. +#ifdef HAS_INTEL_HW
456. + cn_sptr(__m128i* ptr) { as_xmm = ptr; }
457. +#endif
458. +
459. + void* as_void;
460. + uint8_t* as_byte;
461. + uint64_t* as_uqword;
462. + int32_t* as_dword;
463. + uint32_t* as_udword;
464. +#ifdef HAS_INTEL_HW
465. + __m128i* as_xmm;
466. +#endif
467. +};
468. +
469. +#include <stdio.h>
470. +#include <signal.h>
471. +template<size_t MEMORY, size_t ITER>
472. +class cn_slow_hash
473. +{
474. +public:
475. + cn_slow_hash()
476. + {
477. +#if !defined(WIN_MEM_ALIGN)
478. + lpad.as_void = aligned_alloc(4096, MEMORY);
479. + spad.as_void = aligned_alloc(4096, 4096);
480. +#else
481. + lpad.as_void = _aligned_malloc(MEMORY, 4096);
482. + spad.as_void = _aligned_malloc(4096, 4096);
483. +#endif
484. + }
485. +
486. + cn_slow_hash (cn_slow_hash&& other) noexcept : lpad(other.lpad.as_byte), spad(other.spad.as_byte)
487. + {
488. + other.lpad.as_byte = nullptr;
489. + other.spad.as_byte = nullptr;
490. + }
491. +
492. + cn_slow_hash& operator= (cn_slow_hash&& other) noexcept
493. + {
494. + if(this == &other)
495. + return *this;
496. +
497. + free_mem();
498. + lpad.as_byte = other.lpad.as_byte;
499. + spad.as_byte = spad.as_byte;
500. + return *this;
501. + }
502. +
503. + // Copying is going to be really inefficient
504. + cn_slow_hash(const cn_slow_hash& other) = delete;
505. + cn_slow_hash& operator= (const cn_slow_hash& other) = delete;
506. +
507. + ~cn_slow_hash()
508. + {
509. + free_mem();
510. + }
511. +
512. + void hash(const void* in, size_t len, void* out)
513. + {
514. + if(hw_check_aes() && !check_override())
515. + hardware_hash(in, len, out);
516. + else
517. + software_hash(in, len, out);
518. + }
519. +
520. + void software_hash(const void* in, size_t len, void* out);
521. +
522. +#if !defined(HAS_INTEL_HW) && !defined(HAS_ARM_HW)
523. + inline void hardware_hash(const void* in, size_t len, void* out) { assert(false); }
524. +#else
525. + void hardware_hash(const void* in, size_t len, void* out);
526. +#endif
527. +
528. +private:
529. + static constexpr size_t MASK = ((MEMORY-1) >> 4) << 4;
530. +
531. + inline bool check_override()
532. + {
533. + const char *env = getenv("SUMO_USE_SOFTWARE_AES");
534. + if (!env) {
535. + return false;
536. + }
537. + else if (!strcmp(env, "0") || !strcmp(env, "no")) {
538. + return false;
539. + }
540. + else {
541. + return true;
542. + }
543. + }
544. +
545. + inline void free_mem()
546. + {
547. +#if !defined(WIN_MEM_ALIGN)
548. + if(lpad.as_void != nullptr)
549. + free(lpad.as_void);
550. + if(lpad.as_void != nullptr)
551. + free(spad.as_void);
552. +#else
553. + if(lpad.as_void != nullptr)
554. + _aligned_free(lpad.as_void);
555. + if(lpad.as_void != nullptr)
556. + _aligned_free(spad.as_void);
557. +#endif
558. + lpad.as_void = nullptr;
559. + spad.as_void = nullptr;
560. + }
561. +
562. + inline cn_sptr scratchpad_ptr(uint32_t idx) { return lpad.as_byte + (idx & MASK); }
563. +
564. +#if !defined(HAS_INTEL_HW) && !defined(HAS_ARM_HW)
565. + inline void explode_scratchpad_hard() { assert(false); }
566. + inline void implode_scratchpad_hard() { assert(false); }
567. +#else
568. + void explode_scratchpad_hard();
569. + void implode_scratchpad_hard();
570. +#endif
571. +
572. + void explode_scratchpad_soft();
573. + void implode_scratchpad_soft();
574. +
575. + cn_sptr lpad;
576. + cn_sptr spad;
577. +};
578. +
579. +using cn_pow_hash_v1 = cn_slow_hash<2*1024*1024, 0x80000>;
580. +
581. +extern template class cn_slow_hash<2*1024*1024, 0x80000>;
582. diff --git "a/c:\\1\\2\\sumokoin/src/crypto/cn_slow_hash_hard_intel.cpp" "b/c:\\1\\2\\sumokoin/src/crypto/cn_slow_hash_hard_intel.cpp"
583. new file mode 100644
584. index 0000000..f19fdd8
585. --- /dev/null
586. +++ "b/c:\\1\\2\\sumokoin/src/crypto/cn_slow_hash_hard_intel.cpp"
587. @@ -0,0 +1,314 @@
588. +// Copyright (c) 2017, SUMOKOIN
589. +//
590. +// All rights reserved.
591. +//
592. +// Redistribution and use in source and binary forms, with or without modification, are
593. +// permitted provided that the following conditions are met:
594. +//
595. +// 1. Redistributions of source code must retain the above copyright notice, this list of
596. +// conditions and the following disclaimer.
597. +//
598. +// 2. Redistributions in binary form must reproduce the above copyright notice, this list
599. +// of conditions and the following disclaimer in the documentation and/or other
600. +// materials provided with the distribution.
601. +//
602. +// 3. Neither the name of the copyright holder nor the names of its contributors may be
603. +// used to endorse or promote products derived from this software without specific
604. +// prior written permission.
605. +//
606. +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
607. +// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
608. +// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
609. +// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
610. +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
611. +// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
612. +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
613. +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
614. +// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
615. +//
616. +// Parts of this file are originally copyright (c) 2014-2017, The Monero Project
617. +// Parts of this file are originally copyright (c) 2012-2013, The Cryptonote developers
618. +
619. +#include "cn_slow_hash.hpp"
620. +#include "keccak.h"
621. +
622. +#ifdef HAS_INTEL_HW
623. +
624. +#if !defined(_LP64) && !defined(_WIN64)
625. +#define BUILD32
626. +#endif
627. +
628. +// sl_xor(a1 a2 a3 a4) = a1 (a2^a1) (a3^a2^a1) (a4^a3^a2^a1)
629. +inline __m128i sl_xor(__m128i tmp1)
630. +{
631. + __m128i tmp4;
632. + tmp4 = _mm_slli_si128(tmp1, 0x04);
633. + tmp1 = _mm_xor_si128(tmp1, tmp4);
634. + tmp4 = _mm_slli_si128(tmp4, 0x04);
635. + tmp1 = _mm_xor_si128(tmp1, tmp4);
636. + tmp4 = _mm_slli_si128(tmp4, 0x04);
637. + tmp1 = _mm_xor_si128(tmp1, tmp4);
638. + return tmp1;
639. +}
640. +
641. +template<uint8_t rcon>
642. +inline void aes_genkey_sub(__m128i& xout0, __m128i& xout2)
643. +{
644. + __m128i xout1 = _mm_aeskeygenassist_si128(xout2, rcon);
645. + xout1 = _mm_shuffle_epi32(xout1, 0xFF);
646. + xout0 = sl_xor(xout0);
647. + xout0 = _mm_xor_si128(xout0, xout1);
648. + xout1 = _mm_aeskeygenassist_si128(xout0, 0x00);
649. + xout1 = _mm_shuffle_epi32(xout1, 0xAA);
650. + xout2 = sl_xor(xout2);
651. + xout2 = _mm_xor_si128(xout2, xout1);
652. +}
653. +
654. +inline void aes_genkey(const __m128i* memory, __m128i& k0, __m128i& k1, __m128i& k2, __m128i& k3, __m128i& k4,
655. + __m128i& k5, __m128i& k6, __m128i& k7, __m128i& k8, __m128i& k9)
656. +{
657. + __m128i xout0, xout2;
658. +
659. + xout0 = _mm_load_si128(memory);
660. + xout2 = _mm_load_si128(memory + 1);
661. + k0 = xout0;
662. + k1 = xout2;
663. +
664. + aes_genkey_sub<0x01>(xout0, xout2);
665. + k2 = xout0;
666. + k3 = xout2;
667. +
668. + aes_genkey_sub<0x02>(xout0, xout2);
669. + k4 = xout0;
670. + k5 = xout2;
671. +
672. + aes_genkey_sub<0x04>(xout0, xout2);
673. + k6 = xout0;
674. + k7 = xout2;
675. +
676. + aes_genkey_sub<0x08>(xout0, xout2);
677. + k8 = xout0;
678. + k9 = xout2;
679. +}
680. +
681. +inline void aes_round8(const __m128i& key, __m128i& x0, __m128i& x1, __m128i& x2, __m128i& x3, __m128i& x4, __m128i& x5, __m128i& x6, __m128i& x7)
682. +{
683. + x0 = _mm_aesenc_si128(x0, key);
684. + x1 = _mm_aesenc_si128(x1, key);
685. + x2 = _mm_aesenc_si128(x2, key);
686. + x3 = _mm_aesenc_si128(x3, key);
687. + x4 = _mm_aesenc_si128(x4, key);
688. + x5 = _mm_aesenc_si128(x5, key);
689. + x6 = _mm_aesenc_si128(x6, key);
690. + x7 = _mm_aesenc_si128(x7, key);
691. +}
692. +
693. +template<size_t MEMORY, size_t ITER>
694. +void cn_slow_hash<MEMORY,ITER>::implode_scratchpad_hard()
695. +{
696. + __m128i x0, x1, x2, x3, x4, x5, x6, x7;
697. + __m128i k0, k1, k2, k3, k4, k5, k6, k7, k8, k9;
698. +
699. + aes_genkey(spad.as_xmm + 2, k0, k1, k2, k3, k4, k5, k6, k7, k8, k9);
700. +
701. + x0 = _mm_load_si128(spad.as_xmm + 4);
702. + x1 = _mm_load_si128(spad.as_xmm + 5);
703. + x2 = _mm_load_si128(spad.as_xmm + 6);
704. + x3 = _mm_load_si128(spad.as_xmm + 7);
705. + x4 = _mm_load_si128(spad.as_xmm + 8);
706. + x5 = _mm_load_si128(spad.as_xmm + 9);
707. + x6 = _mm_load_si128(spad.as_xmm + 10);
708. + x7 = _mm_load_si128(spad.as_xmm + 11);
709. +
710. + for (size_t i = 0; i < MEMORY / sizeof(__m128i); i +=8)
711. + {
712. + x0 = _mm_xor_si128(_mm_load_si128(lpad.as_xmm + i + 0), x0);
713. + x1 = _mm_xor_si128(_mm_load_si128(lpad.as_xmm + i + 1), x1);
714. + x2 = _mm_xor_si128(_mm_load_si128(lpad.as_xmm + i + 2), x2);
715. + x3 = _mm_xor_si128(_mm_load_si128(lpad.as_xmm + i + 3), x3);
716. + x4 = _mm_xor_si128(_mm_load_si128(lpad.as_xmm + i + 4), x4);
717. + x5 = _mm_xor_si128(_mm_load_si128(lpad.as_xmm + i + 5), x5);
718. + x6 = _mm_xor_si128(_mm_load_si128(lpad.as_xmm + i + 6), x6);
719. + x7 = _mm_xor_si128(_mm_load_si128(lpad.as_xmm + i + 7), x7);
720. +
721. + aes_round8(k0, x0, x1, x2, x3, x4, x5, x6, x7);
722. + aes_round8(k1, x0, x1, x2, x3, x4, x5, x6, x7);
723. + aes_round8(k2, x0, x1, x2, x3, x4, x5, x6, x7);
724. + aes_round8(k3, x0, x1, x2, x3, x4, x5, x6, x7);
725. + aes_round8(k4, x0, x1, x2, x3, x4, x5, x6, x7);
726. + aes_round8(k5, x0, x1, x2, x3, x4, x5, x6, x7);
727. + aes_round8(k6, x0, x1, x2, x3, x4, x5, x6, x7);
728. + aes_round8(k7, x0, x1, x2, x3, x4, x5, x6, x7);
729. + aes_round8(k8, x0, x1, x2, x3, x4, x5, x6, x7);
730. + aes_round8(k9, x0, x1, x2, x3, x4, x5, x6, x7);
731. + }
732. +
733. + _mm_store_si128(spad.as_xmm + 4, x0);
734. + _mm_store_si128(spad.as_xmm + 5, x1);
735. + _mm_store_si128(spad.as_xmm + 6, x2);
736. + _mm_store_si128(spad.as_xmm + 7, x3);
737. + _mm_store_si128(spad.as_xmm + 8, x4);
738. + _mm_store_si128(spad.as_xmm + 9, x5);
739. + _mm_store_si128(spad.as_xmm + 10, x6);
740. + _mm_store_si128(spad.as_xmm + 11, x7);
741. +}
742. +
743. +template<size_t MEMORY, size_t ITER>
744. +void cn_slow_hash<MEMORY,ITER>::explode_scratchpad_hard()
745. +{
746. + __m128i x0, x1, x2, x3, x4, x5, x6, x7;
747. + __m128i k0, k1, k2, k3, k4, k5, k6, k7, k8, k9;
748. +
749. + aes_genkey(spad.as_xmm, k0, k1, k2, k3, k4, k5, k6, k7, k8, k9);
750. +
751. + x0 = _mm_load_si128(spad.as_xmm + 4);
752. + x1 = _mm_load_si128(spad.as_xmm + 5);
753. + x2 = _mm_load_si128(spad.as_xmm + 6);
754. + x3 = _mm_load_si128(spad.as_xmm + 7);
755. + x4 = _mm_load_si128(spad.as_xmm + 8);
756. + x5 = _mm_load_si128(spad.as_xmm + 9);
757. + x6 = _mm_load_si128(spad.as_xmm + 10);
758. + x7 = _mm_load_si128(spad.as_xmm + 11);
759. +
760. + for(size_t i = 0; i < MEMORY / sizeof(__m128i); i += 8)
761. + {
762. + aes_round8(k0, x0, x1, x2, x3, x4, x5, x6, x7);
763. + aes_round8(k1, x0, x1, x2, x3, x4, x5, x6, x7);
764. + aes_round8(k2, x0, x1, x2, x3, x4, x5, x6, x7);
765. + aes_round8(k3, x0, x1, x2, x3, x4, x5, x6, x7);
766. + aes_round8(k4, x0, x1, x2, x3, x4, x5, x6, x7);
767. + aes_round8(k5, x0, x1, x2, x3, x4, x5, x6, x7);
768. + aes_round8(k6, x0, x1, x2, x3, x4, x5, x6, x7);
769. + aes_round8(k7, x0, x1, x2, x3, x4, x5, x6, x7);
770. + aes_round8(k8, x0, x1, x2, x3, x4, x5, x6, x7);
771. + aes_round8(k9, x0, x1, x2, x3, x4, x5, x6, x7);
772. +
773. + _mm_store_si128(lpad.as_xmm + i + 0, x0);
774. + _mm_store_si128(lpad.as_xmm + i + 1, x1);
775. + _mm_store_si128(lpad.as_xmm + i + 2, x2);
776. + _mm_store_si128(lpad.as_xmm + i + 3, x3);
777. + _mm_store_si128(lpad.as_xmm + i + 4, x4);
778. + _mm_store_si128(lpad.as_xmm + i + 5, x5);
779. + _mm_store_si128(lpad.as_xmm + i + 6, x6);
780. + _mm_store_si128(lpad.as_xmm + i + 7, x7);
781. + }
782. +}
783. +
784. +#ifdef BUILD32
785. +inline uint64_t _umul128(uint64_t multiplier, uint64_t multiplicand, uint64_t* product_hi)
786. +{
787. + // multiplier = ab = a * 2^32 + b
788. + // multiplicand = cd = c * 2^32 + d
789. + // ab * cd = a * c * 2^64 + (a * d + b * c) * 2^32 + b * d
790. + uint64_t a = multiplier >> 32;
791. + uint64_t b = multiplier & 0xFFFFFFFF;
792. + uint64_t c = multiplicand >> 32;
793. + uint64_t d = multiplicand & 0xFFFFFFFF;
794. +
795. + uint64_t ac = a * c;
796. + uint64_t ad = a * d;
797. + uint64_t bc = b * c;
798. + uint64_t bd = b * d;
799. +
800. + uint64_t adbc = ad + bc;
801. + uint64_t adbc_carry = adbc < ad ? 1 : 0;
802. +
803. + // multiplier * multiplicand = product_hi * 2^64 + product_lo
804. + uint64_t product_lo = bd + (adbc << 32);
805. + uint64_t product_lo_carry = product_lo < bd ? 1 : 0;
806. + *product_hi = ac + (adbc >> 32) + (adbc_carry << 32) + product_lo_carry;
807. +
808. + return product_lo;
809. +}
810. +#else
811. +inline uint64_t _umul128(uint64_t a, uint64_t b, uint64_t* hi)
812. +{
813. + unsigned __int128 r = (unsigned __int128)a * (unsigned __int128)b;
814. + *hi = r >> 64;
815. + return (uint64_t)r;
816. +}
817. +#endif
818. +
819. +extern "C" void blake256_hash(uint8_t*, const uint8_t*, uint64_t);
820. +extern "C" void groestl(const uint8_t*, uint64_t, uint8_t*);
821. +extern "C" size_t jh_hash(int, const uint8_t*, size_t databitlen, uint8_t*);
822. +extern "C" size_t skein_hash(int, const uint8_t*, size_t, uint8_t*);
823. +
824. +inline uint64_t xmm_extract_64(__m128i x)
825. +{
826. +#ifdef BUILD32
827. + uint64_t r = uint32_t(_mm_cvtsi128_si32(_mm_shuffle_epi32(x, _MM_SHUFFLE(1,1,1,1))));
828. + r <<= 32;
829. + r |= uint32_t(_mm_cvtsi128_si32(x));
830. + return r;
831. +#else
832. + return _mm_cvtsi128_si64(x);
833. +#endif
834. +}
835. +
836. +template<size_t MEMORY, size_t ITER>
837. +void cn_slow_hash<MEMORY,ITER>::hardware_hash(const void* in, size_t len, void* out)
838. +{
839. + keccak((const uint8_t *)in, len, spad.as_byte, 200);
840. +
841. + explode_scratchpad_hard();
842. +
843. + uint64_t* h0 = spad.as_uqword;
844. +
845. + uint64_t al0 = h0[0] ^ h0[4];
846. + uint64_t ah0 = h0[1] ^ h0[5];
847. + __m128i bx0 = _mm_set_epi64x(h0[3] ^ h0[7], h0[2] ^ h0[6]);
848. +
849. + uint64_t idx0 = h0[0] ^ h0[4];
850. +
851. + // Optim - 90% time boundary
852. + for(size_t i = 0; i < ITER; i++)
853. + {
854. + __m128i cx;
855. + cx = _mm_load_si128(scratchpad_ptr(idx0).as_xmm);
856. +
857. + cx = _mm_aesenc_si128(cx, _mm_set_epi64x(ah0, al0));
858. +
859. + _mm_store_si128(scratchpad_ptr(idx0).as_xmm, _mm_xor_si128(bx0, cx));
860. + idx0 = xmm_extract_64(cx);
861. + bx0 = cx;
862. +
863. + uint64_t hi, lo, cl, ch;
864. + cl = scratchpad_ptr(idx0).as_uqword[0];
865. + ch = scratchpad_ptr(idx0).as_uqword[1];
866. +
867. + lo = _umul128(idx0, cl, &hi);
868. +
869. + al0 += hi;
870. + ah0 += lo;
871. + scratchpad_ptr(idx0).as_uqword[0] = al0;
872. + scratchpad_ptr(idx0).as_uqword[1] = ah0;
873. + ah0 ^= ch;
874. + al0 ^= cl;
875. + idx0 = al0;
876. + }
877. +
878. + implode_scratchpad_hard();
879. +
880. + keccakf(spad.as_uqword, 24);
881. +
882. + switch(spad.as_byte[0] & 3)
883. + {
884. + case 0:
885. + blake256_hash((uint8_t*)out, spad.as_byte, 200);
886. + break;
887. + case 1:
888. + groestl(spad.as_byte, 200 * 8, (uint8_t*)out);
889. + break;
890. + case 2:
891. + jh_hash(32 * 8, spad.as_byte, 8 * 200, (uint8_t*)out);
892. + break;
893. + case 3:
894. + skein_hash(8 * 32, spad.as_byte, 8 * 200, (uint8_t*)out);
895. + break;
896. + }
897. +}
898. +
899. +template class cn_slow_hash<2*1024*1024, 0x80000>;
900. +
901. +#endif
902. diff --git "a/c:\\1\\2\\sumokoin/src/crypto/cn_slow_hash_soft.cpp" "b/c:\\1\\2\\sumokoin/src/crypto/cn_slow_hash_soft.cpp"
903. new file mode 100644
904. index 0000000..f48e7fe
905. --- /dev/null
906. +++ "b/c:\\1\\2\\sumokoin/src/crypto/cn_slow_hash_soft.cpp"
907. @@ -0,0 +1,487 @@
908. +// Copyright (c) 2017, SUMOKOIN
909. +//
910. +// All rights reserved.
911. +//
912. +// Redistribution and use in source and binary forms, with or without modification, are
913. +// permitted provided that the following conditions are met:
914. +//
915. +// 1. Redistributions of source code must retain the above copyright notice, this list of
916. +// conditions and the following disclaimer.
917. +//
918. +// 2. Redistributions in binary form must reproduce the above copyright notice, this list
919. +// of conditions and the following disclaimer in the documentation and/or other
920. +// materials provided with the distribution.
921. +//
922. +// 3. Neither the name of the copyright holder nor the names of its contributors may be
923. +// used to endorse or promote products derived from this software without specific
924. +// prior written permission.
925. +//
926. +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
927. +// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
928. +// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
929. +// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
930. +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
931. +// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
932. +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
933. +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
934. +// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
935. +//
936. +// Parts of this file are originally copyright (c) 2012-2013, The Cryptonote developers
937. +
938. +#include "cn_slow_hash.hpp"
939. +#include "keccak.h"
940. +
941. +/*
942. +AES Tables Implementation is
943. +---------------------------------------------------------------------------
944. +Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
945. +
946. +The redistribution and use of this software (with or without changes)
947. +is allowed without the payment of fees or royalties provided that:
948. +
949. + source code distributions include the above copyright notice, this
950. + list of conditions and the following disclaimer;
951. +
952. + binary distributions include the above copyright notice, this list
953. + of conditions and the following disclaimer in their documentation.
954. +
955. +This software is provided 'as is' with no explicit or implied warranties
956. +in respect of its operation, including, but not limited to, correctness
957. +and fitness for purpose.
958. +---------------------------------------------------------------------------
959. +*/
960. +
961. +#if !defined(_LP64) && !defined(_WIN64)
962. +#define BUILD32
963. +#endif
964. +
965. +#define saes_data(w) {\
966. + w(0x63), w(0x7c), w(0x77), w(0x7b), w(0xf2), w(0x6b), w(0x6f), w(0xc5),\
967. + w(0x30), w(0x01), w(0x67), w(0x2b), w(0xfe), w(0xd7), w(0xab), w(0x76),\
968. + w(0xca), w(0x82), w(0xc9), w(0x7d), w(0xfa), w(0x59), w(0x47), w(0xf0),\
969. + w(0xad), w(0xd4), w(0xa2), w(0xaf), w(0x9c), w(0xa4), w(0x72), w(0xc0),\
970. + w(0xb7), w(0xfd), w(0x93), w(0x26), w(0x36), w(0x3f), w(0xf7), w(0xcc),\
971. + w(0x34), w(0xa5), w(0xe5), w(0xf1), w(0x71), w(0xd8), w(0x31), w(0x15),\
972. + w(0x04), w(0xc7), w(0x23), w(0xc3), w(0x18), w(0x96), w(0x05), w(0x9a),\
973. + w(0x07), w(0x12), w(0x80), w(0xe2), w(0xeb), w(0x27), w(0xb2), w(0x75),\
974. + w(0x09), w(0x83), w(0x2c), w(0x1a), w(0x1b), w(0x6e), w(0x5a), w(0xa0),\
975. + w(0x52), w(0x3b), w(0xd6), w(0xb3), w(0x29), w(0xe3), w(0x2f), w(0x84),\
976. + w(0x53), w(0xd1), w(0x00), w(0xed), w(0x20), w(0xfc), w(0xb1), w(0x5b),\
977. + w(0x6a), w(0xcb), w(0xbe), w(0x39), w(0x4a), w(0x4c), w(0x58), w(0xcf),\
978. + w(0xd0), w(0xef), w(0xaa), w(0xfb), w(0x43), w(0x4d), w(0x33), w(0x85),\
979. + w(0x45), w(0xf9), w(0x02), w(0x7f), w(0x50), w(0x3c), w(0x9f), w(0xa8),\
980. + w(0x51), w(0xa3), w(0x40), w(0x8f), w(0x92), w(0x9d), w(0x38), w(0xf5),\
981. + w(0xbc), w(0xb6), w(0xda), w(0x21), w(0x10), w(0xff), w(0xf3), w(0xd2),\
982. + w(0xcd), w(0x0c), w(0x13), w(0xec), w(0x5f), w(0x97), w(0x44), w(0x17),\
983. + w(0xc4), w(0xa7), w(0x7e), w(0x3d), w(0x64), w(0x5d), w(0x19), w(0x73),\
984. + w(0x60), w(0x81), w(0x4f), w(0xdc), w(0x22), w(0x2a), w(0x90), w(0x88),\
985. + w(0x46), w(0xee), w(0xb8), w(0x14), w(0xde), w(0x5e), w(0x0b), w(0xdb),\
986. + w(0xe0), w(0x32), w(0x3a), w(0x0a), w(0x49), w(0x06), w(0x24), w(0x5c),\
987. + w(0xc2), w(0xd3), w(0xac), w(0x62), w(0x91), w(0x95), w(0xe4), w(0x79),\
988. + w(0xe7), w(0xc8), w(0x37), w(0x6d), w(0x8d), w(0xd5), w(0x4e), w(0xa9),\
989. + w(0x6c), w(0x56), w(0xf4), w(0xea), w(0x65), w(0x7a), w(0xae), w(0x08),\
990. + w(0xba), w(0x78), w(0x25), w(0x2e), w(0x1c), w(0xa6), w(0xb4), w(0xc6),\
991. + w(0xe8), w(0xdd), w(0x74), w(0x1f), w(0x4b), w(0xbd), w(0x8b), w(0x8a),\
992. + w(0x70), w(0x3e), w(0xb5), w(0x66), w(0x48), w(0x03), w(0xf6), w(0x0e),\
993. + w(0x61), w(0x35), w(0x57), w(0xb9), w(0x86), w(0xc1), w(0x1d), w(0x9e),\
994. + w(0xe1), w(0xf8), w(0x98), w(0x11), w(0x69), w(0xd9), w(0x8e), w(0x94),\
995. + w(0x9b), w(0x1e), w(0x87), w(0xe9), w(0xce), w(0x55), w(0x28), w(0xdf),\
996. + w(0x8c), w(0xa1), w(0x89), w(0x0d), w(0xbf), w(0xe6), w(0x42), w(0x68),\
997. + w(0x41), w(0x99), w(0x2d), w(0x0f), w(0xb0), w(0x54), w(0xbb), w(0x16) }
998. +
999. +#define SAES_WPOLY 0x011b
1000. +
1001. +#define saes_b2w(b0, b1, b2, b3) (((uint32_t)(b3) << 24) | \
1002. + ((uint32_t)(b2) << 16) | ((uint32_t)(b1) << 8) | (b0))
1003. +
1004. +#define saes_f2(x) ((x<<1) ^ (((x>>7) & 1) * SAES_WPOLY))
1005. +#define saes_f3(x) (saes_f2(x) ^ x)
1006. +#define saes_h0(x) (x)
1007. +
1008. +#define saes_u0(p) saes_b2w(saes_f2(p), p, p, saes_f3(p))
1009. +#define saes_u1(p) saes_b2w(saes_f3(p), saes_f2(p), p, p)
1010. +#define saes_u2(p) saes_b2w( p, saes_f3(p), saes_f2(p), p)
1011. +#define saes_u3(p) saes_b2w( p, p, saes_f3(p), saes_f2(p))
1012. +
1013. +alignas(16) const uint32_t saes_table[4][256] = { saes_data(saes_u0), saes_data(saes_u1), saes_data(saes_u2), saes_data(saes_u3) };
1014. +alignas(16) const uint8_t saes_sbox[256] = saes_data(saes_h0);
1015. +
1016. +struct u32
1017. +{
1018. + uint32_t x0;
1019. + uint32_t x1;
1020. + uint32_t x2;
1021. + uint32_t x3;
1022. +};
1023. +
1024. +struct u64
1025. +{
1026. + uint64_t x0;
1027. + uint64_t x1;
1028. +};
1029. +
1030. +struct aesdata
1031. +{
1032. + union
1033. + {
1034. + u32 v32;
1035. + u64 v64;
1036. + };
1037. +
1038. + inline void load(const cn_sptr mem)
1039. + {
1040. +#ifdef BUILD32
1041. + v32.x0 = mem.as_udword[0];
1042. + v32.x1 = mem.as_udword[1];
1043. + v32.x2 = mem.as_udword[2];
1044. + v32.x3 = mem.as_udword[3];
1045. +#else
1046. + v64.x0 = mem.as_uqword[0];
1047. + v64.x1 = mem.as_uqword[1];
1048. +#endif
1049. + }
1050. +
1051. + inline void xor_load(const cn_sptr mem)
1052. + {
1053. +#ifdef BUILD32
1054. + v32.x0 ^= mem.as_udword[0];
1055. + v32.x1 ^= mem.as_udword[1];
1056. + v32.x2 ^= mem.as_udword[2];
1057. + v32.x3 ^= mem.as_udword[3];
1058. +#else
1059. + v64.x0 ^= mem.as_uqword[0];
1060. + v64.x1 ^= mem.as_uqword[1];
1061. +#endif
1062. + }
1063. +
1064. + inline void write(cn_sptr mem)
1065. + {
1066. +#ifdef BUILD32
1067. + mem.as_udword[0] = v32.x0;
1068. + mem.as_udword[1] = v32.x1;
1069. + mem.as_udword[2] = v32.x2;
1070. + mem.as_udword[3] = v32.x3;
1071. +#else
1072. + mem.as_uqword[0] = v64.x0;
1073. + mem.as_uqword[1] = v64.x1;
1074. +#endif
1075. + }
1076. +
1077. + inline aesdata& operator^=(const aesdata& rhs) noexcept
1078. + {
1079. +#ifdef BUILD32
1080. + v32.x0 ^= rhs.v32.x0;
1081. + v32.x1 ^= rhs.v32.x1;
1082. + v32.x2 ^= rhs.v32.x2;
1083. + v32.x3 ^= rhs.v32.x3;
1084. +#else
1085. + v64.x0 ^= rhs.v64.x0;
1086. + v64.x1 ^= rhs.v64.x1;
1087. +#endif
1088. + return *this;
1089. + }
1090. +
1091. + inline aesdata& operator^=(uint32_t rhs) noexcept
1092. + {
1093. + v32.x0 ^= rhs;
1094. + v32.x1 ^= rhs;
1095. + v32.x2 ^= rhs;
1096. + v32.x3 ^= rhs;
1097. + return *this;
1098. + }
1099. +};
1100. +
1101. +inline uint32_t sub_word(uint32_t key)
1102. +{
1103. + return (saes_sbox[key >> 24 ] << 24) | (saes_sbox[(key >> 16) & 0xff] << 16 ) |
1104. + (saes_sbox[(key >> 8) & 0xff] << 8 ) | saes_sbox[key & 0xff];
1105. +}
1106. +
1107. +#if defined(__clang__) || defined(__arm__) || defined(__aarch64__)
1108. +inline uint32_t rotr(uint32_t value, uint32_t amount)
1109. +{
1110. + return (value >> amount) | (value << ((32 - amount) & 31));
1111. +}
1112. +#else
1113. +inline uint32_t rotr(uint32_t value, uint32_t amount)
1114. +{
1115. + return _rotr(value, amount);
1116. +}
1117. +#endif
1118. +
1119. +// sl_xor(a1 a2 a3 a4) = a1 (a2^a1) (a3^a2^a1) (a4^a3^a2^a1)
1120. +inline void sl_xor(aesdata& x)
1121. +{
1122. + x.v32.x1 ^= x.v32.x0;
1123. + x.v32.x2 ^= x.v32.x1;
1124. + x.v32.x3 ^= x.v32.x2;
1125. +}
1126. +
1127. +template<uint8_t rcon>
1128. +inline void soft_aes_genkey_sub(aesdata& xout0, aesdata& xout2)
1129. +{
1130. + sl_xor(xout0);
1131. + xout0 ^= rotr(sub_word(xout2.v32.x3), 8) ^ rcon;
1132. + sl_xor(xout2);
1133. + xout2 ^= sub_word(xout0.v32.x3);
1134. +}
1135. +
1136. +inline void aes_genkey(const cn_sptr memory, aesdata& k0, aesdata& k1, aesdata& k2, aesdata& k3, aesdata& k4, aesdata& k5, aesdata& k6, aesdata& k7, aesdata& k8, aesdata& k9)
1137. +{
1138. + aesdata xout0, xout2;
1139. +
1140. + xout0.load(memory.as_uqword);
1141. + xout2.load(memory.as_uqword+2);
1142. + k0 = xout0;
1143. + k1 = xout2;
1144. +
1145. + soft_aes_genkey_sub<0x01>(xout0, xout2);
1146. + k2 = xout0;
1147. + k3 = xout2;
1148. +
1149. + soft_aes_genkey_sub<0x02>(xout0, xout2);
1150. + k4 = xout0;
1151. + k5 = xout2;
1152. +
1153. + soft_aes_genkey_sub<0x04>(xout0, xout2);
1154. + k6 = xout0;
1155. + k7 = xout2;
1156. +
1157. + soft_aes_genkey_sub<0x08>(xout0, xout2);
1158. + k8 = xout0;
1159. + k9 = xout2;
1160. +}
1161. +
1162. +inline void aes_round(aesdata& val, const aesdata& key)
1163. +{
1164. + u32 v = val.v32;
1165. + val.v32.x3 = saes_table[0][v.x3 & 0xff] ^ saes_table[1][(v.x0 >> 8) & 0xff] ^ saes_table[2][(v.x1 >> 16) & 0xff] ^ saes_table[3][v.x2 >> 24];
1166. + val.v32.x2 = saes_table[0][v.x2 & 0xff] ^ saes_table[1][(v.x3 >> 8) & 0xff] ^ saes_table[2][(v.x0 >> 16) & 0xff] ^ saes_table[3][v.x1 >> 24];
1167. + val.v32.x1 = saes_table[0][v.x1 & 0xff] ^ saes_table[1][(v.x2 >> 8) & 0xff] ^ saes_table[2][(v.x3 >> 16) & 0xff] ^ saes_table[3][v.x0 >> 24];
1168. + val.v32.x0 = saes_table[0][v.x0 & 0xff] ^ saes_table[1][(v.x1 >> 8) & 0xff] ^ saes_table[2][(v.x2 >> 16) & 0xff] ^ saes_table[3][v.x3 >> 24];
1169. + val ^= key;
1170. +}
1171. +
1172. +inline void aes_round8(const aesdata& key, aesdata& x0, aesdata& x1, aesdata& x2, aesdata& x3, aesdata& x4, aesdata& x5, aesdata& x6, aesdata& x7)
1173. +{
1174. + aes_round(x0, key);
1175. + aes_round(x1, key);
1176. + aes_round(x2, key);
1177. + aes_round(x3, key);
1178. + aes_round(x4, key);
1179. + aes_round(x5, key);
1180. + aes_round(x6, key);
1181. + aes_round(x7, key);
1182. +}
1183. +
1184. +template<size_t MEMORY, size_t ITER>
1185. +void cn_slow_hash<MEMORY,ITER>::implode_scratchpad_soft()
1186. +{
1187. + aesdata x0, x1, x2, x3, x4, x5, x6, x7;
1188. + aesdata k0, k1, k2, k3, k4, k5, k6, k7, k8, k9;
1189. +
1190. + aes_genkey(spad.as_uqword + 4, k0, k1, k2, k3, k4, k5, k6, k7, k8, k9);
1191. +
1192. + x0.load(spad.as_uqword + 8);
1193. + x1.load(spad.as_uqword + 10);
1194. + x2.load(spad.as_uqword + 12);
1195. + x3.load(spad.as_uqword + 14);
1196. + x4.load(spad.as_uqword + 16);
1197. + x5.load(spad.as_uqword + 18);
1198. + x6.load(spad.as_uqword + 20);
1199. + x7.load(spad.as_uqword + 22);
1200. +
1201. + for (size_t i = 0; i < MEMORY / sizeof(uint64_t); i += 16)
1202. + {
1203. + x0.xor_load(lpad.as_uqword + i + 0);
1204. + x1.xor_load(lpad.as_uqword + i + 2);
1205. + x2.xor_load(lpad.as_uqword + i + 4);
1206. + x3.xor_load(lpad.as_uqword + i + 6);
1207. + x4.xor_load(lpad.as_uqword + i + 8);
1208. + x5.xor_load(lpad.as_uqword + i + 10);
1209. + x6.xor_load(lpad.as_uqword + i + 12);
1210. + x7.xor_load(lpad.as_uqword + i + 14);
1211. +
1212. + aes_round8(k0, x0, x1, x2, x3, x4, x5, x6, x7);
1213. + aes_round8(k1, x0, x1, x2, x3, x4, x5, x6, x7);
1214. + aes_round8(k2, x0, x1, x2, x3, x4, x5, x6, x7);
1215. + aes_round8(k3, x0, x1, x2, x3, x4, x5, x6, x7);
1216. + aes_round8(k4, x0, x1, x2, x3, x4, x5, x6, x7);
1217. + aes_round8(k5, x0, x1, x2, x3, x4, x5, x6, x7);
1218. + aes_round8(k6, x0, x1, x2, x3, x4, x5, x6, x7);
1219. + aes_round8(k7, x0, x1, x2, x3, x4, x5, x6, x7);
1220. + aes_round8(k8, x0, x1, x2, x3, x4, x5, x6, x7);
1221. + aes_round8(k9, x0, x1, x2, x3, x4, x5, x6, x7);
1222. + }
1223. +
1224. + x0.write(spad.as_uqword + 8);
1225. + x1.write(spad.as_uqword + 10);
1226. + x2.write(spad.as_uqword + 12);
1227. + x3.write(spad.as_uqword + 14);
1228. + x4.write(spad.as_uqword + 16);
1229. + x5.write(spad.as_uqword + 18);
1230. + x6.write(spad.as_uqword + 20);
1231. + x7.write(spad.as_uqword + 22);
1232. +}
1233. +
1234. +template<size_t MEMORY, size_t ITER>
1235. +void cn_slow_hash<MEMORY,ITER>::explode_scratchpad_soft()
1236. +{
1237. + aesdata x0, x1, x2, x3, x4, x5, x6, x7;
1238. + aesdata k0, k1, k2, k3, k4, k5, k6, k7, k8, k9;
1239. +
1240. + aes_genkey(spad.as_uqword, k0, k1, k2, k3, k4, k5, k6, k7, k8, k9);
1241. +
1242. + x0.load(spad.as_uqword + 8);
1243. + x1.load(spad.as_uqword + 10);
1244. + x2.load(spad.as_uqword + 12);
1245. + x3.load(spad.as_uqword + 14);
1246. + x4.load(spad.as_uqword + 16);
1247. + x5.load(spad.as_uqword + 18);
1248. + x6.load(spad.as_uqword + 20);
1249. + x7.load(spad.as_uqword + 22);
1250. +
1251. + for (size_t i = 0; i < MEMORY / sizeof(uint64_t); i += 16)
1252. + {
1253. + aes_round8(k0, x0, x1, x2, x3, x4, x5, x6, x7);
1254. + aes_round8(k1, x0, x1, x2, x3, x4, x5, x6, x7);
1255. + aes_round8(k2, x0, x1, x2, x3, x4, x5, x6, x7);
1256. + aes_round8(k3, x0, x1, x2, x3, x4, x5, x6, x7);
1257. + aes_round8(k4, x0, x1, x2, x3, x4, x5, x6, x7);
1258. + aes_round8(k5, x0, x1, x2, x3, x4, x5, x6, x7);
1259. + aes_round8(k6, x0, x1, x2, x3, x4, x5, x6, x7);
1260. + aes_round8(k7, x0, x1, x2, x3, x4, x5, x6, x7);
1261. + aes_round8(k8, x0, x1, x2, x3, x4, x5, x6, x7);
1262. + aes_round8(k9, x0, x1, x2, x3, x4, x5, x6, x7);
1263. +
1264. + x0.write(lpad.as_uqword + i + 0);
1265. + x1.write(lpad.as_uqword + i + 2);
1266. + x2.write(lpad.as_uqword + i + 4);
1267. + x3.write(lpad.as_uqword + i + 6);
1268. + x4.write(lpad.as_uqword + i + 8);
1269. + x5.write(lpad.as_uqword + i + 10);
1270. + x6.write(lpad.as_uqword + i + 12);
1271. + x7.write(lpad.as_uqword + i + 14);
1272. + }
1273. +}
1274. +
1275. +#ifdef BUILD32
1276. +inline uint64_t _umul128(uint64_t multiplier, uint64_t multiplicand, uint64_t* product_hi)
1277. +{
1278. + // multiplier = ab = a * 2^32 + b
1279. + // multiplicand = cd = c * 2^32 + d
1280. + // ab * cd = a * c * 2^64 + (a * d + b * c) * 2^32 + b * d
1281. + uint64_t a = multiplier >> 32;
1282. + uint64_t b = multiplier & 0xFFFFFFFF;
1283. + uint64_t c = multiplicand >> 32;
1284. + uint64_t d = multiplicand & 0xFFFFFFFF;
1285. +
1286. + uint64_t ac = a * c;
1287. + uint64_t ad = a * d;
1288. + uint64_t bc = b * c;
1289. + uint64_t bd = b * d;
1290. +
1291. + uint64_t adbc = ad + bc;
1292. + uint64_t adbc_carry = adbc < ad ? 1 : 0;
1293. +
1294. + // multiplier * multiplicand = product_hi * 2^64 + product_lo
1295. + uint64_t product_lo = bd + (adbc << 32);
1296. + uint64_t product_lo_carry = product_lo < bd ? 1 : 0;
1297. + *product_hi = ac + (adbc >> 32) + (adbc_carry << 32) + product_lo_carry;
1298. +
1299. + return product_lo;
1300. +}
1301. +#else
1302. +inline uint64_t _umul128(uint64_t a, uint64_t b, uint64_t* hi)
1303. +{
1304. + unsigned __int128 r = (unsigned __int128)a * (unsigned __int128)b;
1305. + *hi = r >> 64;
1306. + return (uint64_t)r;
1307. +}
1308. +#endif
1309. +
1310. +extern "C" void blake256_hash(uint8_t*, const uint8_t*, uint64_t);
1311. +extern "C" void groestl(const uint8_t*, uint64_t, uint8_t*);
1312. +extern "C" size_t jh_hash(int, const uint8_t*, size_t databitlen, uint8_t*);
1313. +extern "C" size_t skein_hash(int, const uint8_t*, size_t, uint8_t*);
1314. +
1315. +template<size_t MEMORY, size_t ITER>
1316. +void cn_slow_hash<MEMORY,ITER>::software_hash(const void* in, size_t len, void* out)
1317. +{
1318. + keccak((const uint8_t *)in, len, spad.as_byte, 200);
1319. +
1320. + explode_scratchpad_soft();
1321. +
1322. + uint64_t* h0 = spad.as_uqword;
1323. +
1324. + aesdata ax;
1325. + ax.v64.x0 = h0[0] ^ h0[4];
1326. + ax.v64.x1 = h0[1] ^ h0[5];
1327. +
1328. + aesdata bx;
1329. + bx.v64.x0 = h0[2] ^ h0[6];
1330. + bx.v64.x1 = h0[3] ^ h0[7];
1331. +
1332. + aesdata cx;
1333. + cx.v64.x0 = 0;
1334. + cx.v64.x1 = 0;
1335. +
1336. + for(size_t i = 0; i < ITER/2; i++)
1337. + {
1338. + uint64_t hi, lo;
1339. +
1340. + ax ^= cx;
1341. + cx.load(scratchpad_ptr(ax.v64.x0));
1342. +
1343. + aes_round(cx, ax);
1344. +
1345. + bx ^= cx;
1346. + bx.write(scratchpad_ptr(ax.v64.x0));
1347. +
1348. + bx.load(scratchpad_ptr(cx.v64.x0));
1349. +
1350. + lo = _umul128(cx.v64.x0, bx.v64.x0, &hi);
1351. +
1352. + ax.v64.x0 += hi;
1353. + ax.v64.x1 += lo;
1354. + ax.write(scratchpad_ptr(cx.v64.x0));
1355. +
1356. + ax ^= bx;
1357. + bx.load(scratchpad_ptr(ax.v64.x0));
1358. +
1359. + aes_round(bx, ax);
1360. +
1361. + cx ^= bx;
1362. + cx.write(scratchpad_ptr(ax.v64.x0));
1363. +
1364. + cx.load(scratchpad_ptr(bx.v64.x0));
1365. +
1366. + lo = _umul128(bx.v64.x0, cx.v64.x0, &hi);
1367. +
1368. + ax.v64.x0 += hi;
1369. + ax.v64.x1 += lo;
1370. + ax.write(scratchpad_ptr(bx.v64.x0));
1371. + }
1372. +
1373. + implode_scratchpad_soft();
1374. +
1375. + keccakf(spad.as_uqword, 24);
1376. +
1377. + switch(spad.as_byte[0] & 3)
1378. + {
1379. + case 0:
1380. + blake256_hash((uint8_t*)out, spad.as_byte, 200);
1381. + break;
1382. + case 1:
1383. + groestl(spad.as_byte, 200 * 8, (uint8_t*)out);
1384. + break;
1385. + case 2:
1386. + jh_hash(32 * 8, spad.as_byte, 8 * 200, (uint8_t*)out);
1387. + break;
1388. + case 3:
1389. + skein_hash(8 * 32, spad.as_byte, 8 * 200, (uint8_t*)out);
1390. + break;
1391. + }
1392. +}
1393. +
1394. +template class cn_slow_hash<2*1024*1024, 0x80000>;
1395. diff --git "a/c:\\1\\sumokoin/src/crypto/hash-extra-blake.c" "b/c:\\1\\sumokoin/src/crypto/hash-extra-blake.c"
1396. deleted file mode 100644
1397. index 15357dc..0000000
1398. --- "a/c:\\1\\sumokoin/src/crypto/hash-extra-blake.c"
1399. +++ /dev/null
1400. @@ -1,38 +0,0 @@
1401. -// Copyright (c) 2014-2016, The Monero Project
1402. -//
1403. -// All rights reserved.
1404. -//
1405. -// Redistribution and use in source and binary forms, with or without modification, are
1406. -// permitted provided that the following conditions are met:
1407. -//
1408. -// 1. Redistributions of source code must retain the above copyright notice, this list of
1409. -// conditions and the following disclaimer.
1410. -//
1411. -// 2. Redistributions in binary form must reproduce the above copyright notice, this list
1412. -// of conditions and the following disclaimer in the documentation and/or other
1413. -// materials provided with the distribution.
1414. -//
1415. -// 3. Neither the name of the copyright holder nor the names of its contributors may be
1416. -// used to endorse or promote products derived from this software without specific
1417. -// prior written permission.
1418. -//
1419. -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
1420. -// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
1421. -// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
1422. -// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1423. -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
1424. -// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
1425. -// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1426. -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
1427. -// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1428. -//
1429. -// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
1430. -
1431. -#include <stddef.h>
1432. -#include <stdint.h>
1433. -
1434. -#include "blake256.h"
1435. -
1436. -void hash_extra_blake(const void *data, size_t length, char *hash) {
1437. - blake256_hash((uint8_t*)hash, data, length);
1438. -}
1439. diff --git "a/c:\\1\\sumokoin/src/crypto/hash-extra-groestl.c" "b/c:\\1\\sumokoin/src/crypto/hash-extra-groestl.c"
1440. deleted file mode 100644
1441. index 69546ee..0000000
1442. --- "a/c:\\1\\sumokoin/src/crypto/hash-extra-groestl.c"
1443. +++ /dev/null
1444. @@ -1,38 +0,0 @@
1445. -// Copyright (c) 2014-2016, The Monero Project
1446. -//
1447. -// All rights reserved.
1448. -//
1449. -// Redistribution and use in source and binary forms, with or without modification, are
1450. -// permitted provided that the following conditions are met:
1451. -//
1452. -// 1. Redistributions of source code must retain the above copyright notice, this list of
1453. -// conditions and the following disclaimer.
1454. -//
1455. -// 2. Redistributions in binary form must reproduce the above copyright notice, this list
1456. -// of conditions and the following disclaimer in the documentation and/or other
1457. -// materials provided with the distribution.
1458. -//
1459. -// 3. Neither the name of the copyright holder nor the names of its contributors may be
1460. -// used to endorse or promote products derived from this software without specific
1461. -// prior written permission.
1462. -//
1463. -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
1464. -// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
1465. -// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
1466. -// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1467. -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
1468. -// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
1469. -// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1470. -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
1471. -// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1472. -//
1473. -// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
1474. -
1475. -#include <stddef.h>
1476. -#include <stdint.h>
1477. -
1478. -#include "groestl.h"
1479. -
1480. -void hash_extra_groestl(const void *data, size_t length, char *hash) {
1481. - groestl(data, length * 8, (uint8_t*)hash);
1482. -}
1483. diff --git "a/c:\\1\\sumokoin/src/crypto/hash-extra-jh.c" "b/c:\\1\\sumokoin/src/crypto/hash-extra-jh.c"
1484. deleted file mode 100644
1485. index 5da0894..0000000
1486. --- "a/c:\\1\\sumokoin/src/crypto/hash-extra-jh.c"
1487. +++ /dev/null
1488. @@ -1,42 +0,0 @@
1489. -// Copyright (c) 2014-2016, The Monero Project
1490. -//
1491. -// All rights reserved.
1492. -//
1493. -// Redistribution and use in source and binary forms, with or without modification, are
1494. -// permitted provided that the following conditions are met:
1495. -//
1496. -// 1. Redistributions of source code must retain the above copyright notice, this list of
1497. -// conditions and the following disclaimer.
1498. -//
1499. -// 2. Redistributions in binary form must reproduce the above copyright notice, this list
1500. -// of conditions and the following disclaimer in the documentation and/or other
1501. -// materials provided with the distribution.
1502. -//
1503. -// 3. Neither the name of the copyright holder nor the names of its contributors may be
1504. -// used to endorse or promote products derived from this software without specific
1505. -// prior written permission.
1506. -//
1507. -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
1508. -// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
1509. -// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
1510. -// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1511. -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
1512. -// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
1513. -// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1514. -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
1515. -// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1516. -//
1517. -// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
1518. -
1519. -#include <assert.h>
1520. -#include <stddef.h>
1521. -#include <stdint.h>
1522. -#include <string.h>
1523. -
1524. -#include "jh.h"
1525. -#include "hash-ops.h"
1526. -
1527. -void hash_extra_jh(const void *data, size_t length, char *hash) {
1528. - int r = jh_hash(HASH_SIZE * 8, data, 8 * length, (uint8_t*)hash);
1529. - assert(SUCCESS == r);
1530. -}
1531. diff --git "a/c:\\1\\sumokoin/src/crypto/hash-extra-skein.c" "b/c:\\1\\sumokoin/src/crypto/hash-extra-skein.c"
1532. deleted file mode 100644
1533. index babf500..0000000
1534. --- "a/c:\\1\\sumokoin/src/crypto/hash-extra-skein.c"
1535. +++ /dev/null
1536. @@ -1,40 +0,0 @@
1537. -// Copyright (c) 2014-2016, The Monero Project
1538. -//
1539. -// All rights reserved.
1540. -//
1541. -// Redistribution and use in source and binary forms, with or without modification, are
1542. -// permitted provided that the following conditions are met:
1543. -//
1544. -// 1. Redistributions of source code must retain the above copyright notice, this list of
1545. -// conditions and the following disclaimer.
1546. -//
1547. -// 2. Redistributions in binary form must reproduce the above copyright notice, this list
1548. -// of conditions and the following disclaimer in the documentation and/or other
1549. -// materials provided with the distribution.
1550. -//
1551. -// 3. Neither the name of the copyright holder nor the names of its contributors may be
1552. -// used to endorse or promote products derived from this software without specific
1553. -// prior written permission.
1554. -//
1555. -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
1556. -// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
1557. -// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
1558. -// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1559. -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
1560. -// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
1561. -// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1562. -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
1563. -// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1564. -//
1565. -// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
1566. -
1567. -#include <stddef.h>
1568. -#include <stdint.h>
1569. -
1570. -#include "hash-ops.h"
1571. -#include "skein.h"
1572. -
1573. -void hash_extra_skein(const void *data, size_t length, char *hash) {
1574. - int r = skein_hash(8 * HASH_SIZE, data, 8 * length, (uint8_t*)hash);
1575. - assert(SKEIN_SUCCESS == r);
1576. -}
1577. diff --git "a/c:\\1\\sumokoin/src/crypto/hash-ops.h" "b/c:\\1\\2\\sumokoin/src/crypto/hash-ops.h"
1578. index 612d94e..9443bdb 100644
1579. --- "a/c:\\1\\sumokoin/src/crypto/hash-ops.h"
1580. +++ "b/c:\\1\\2\\sumokoin/src/crypto/hash-ops.h"
1581. @@ -79,11 +79,4 @@ enum {
1582. };
1583.  
1584. void cn_fast_hash(const void *data, size_t length, char *hash);
1585. -void cn_slow_hash(const void *data, size_t length, char *hash);
1586. -
1587. -void hash_extra_blake(const void *data, size_t length, char *hash);
1588. -void hash_extra_groestl(const void *data, size_t length, char *hash);
1589. -void hash_extra_jh(const void *data, size_t length, char *hash);
1590. -void hash_extra_skein(const void *data, size_t length, char *hash);
1591. -
1592. void tree_hash(const char (*hashes)[HASH_SIZE], size_t count, char *root_hash);
1593. diff --git "a/c:\\1\\sumokoin/src/crypto/hash.h" "b/c:\\1\\2\\sumokoin/src/crypto/hash.h"
1594. index 8039920..e591b6b 100644
1595. --- "a/c:\\1\\sumokoin/src/crypto/hash.h"
1596. +++ "b/c:\\1\\2\\sumokoin/src/crypto/hash.h"
1597. @@ -67,10 +67,6 @@ namespace crypto {
1598. return h;
1599. }
1600.  
1601. - inline void cn_slow_hash(const void *data, std::size_t length, hash &hash) {
1602. - cn_slow_hash(data, length, reinterpret_cast<char *>(&hash));
1603. - }
1604. -
1605. inline void tree_hash(const hash *hashes, std::size_t count, hash &root_hash) {
1606. tree_hash(reinterpret_cast<const char (*)[HASH_SIZE]>(hashes), count, reinterpret_cast<char *>(&root_hash));
1607. }
1608. diff --git "a/c:\\1\\sumokoin/src/crypto/keccak.h" "b/c:\\1\\2\\sumokoin/src/crypto/keccak.h"
1609. index fbd8e19..ae39231 100644
1610. --- "a/c:\\1\\sumokoin/src/crypto/keccak.h"
1611. +++ "b/c:\\1\\2\\sumokoin/src/crypto/keccak.h"
1612. @@ -7,6 +7,10 @@
1613. #include <stdint.h>
1614. #include <string.h>
1615.  
1616. +#ifdef __cplusplus
1617. +extern "C" {
1618. +#endif
1619. +
1620. #ifndef KECCAK_ROUNDS
1621. #define KECCAK_ROUNDS 24
1622. #endif
1623. @@ -23,4 +27,8 @@ void keccakf(uint64_t st[25], int norounds);
1624.  
1625. void keccak1600(const uint8_t *in, size_t inlen, uint8_t *md);
1626.  
1627. +#ifdef __cplusplus
1628. +}
1629. +#endif
1630. +
1631. #endif
1632. diff --git "a/c:\\1\\sumokoin/src/crypto/oaes_config.h" "b/c:\\1\\sumokoin/src/crypto/oaes_config.h"
1633. deleted file mode 100644
1634. index 3fc0e1b..0000000
1635. --- "a/c:\\1\\sumokoin/src/crypto/oaes_config.h"
1636. +++ /dev/null
1637. @@ -1,50 +0,0 @@
1638. -/*
1639. - * ---------------------------------------------------------------------------
1640. - * OpenAES License
1641. - * ---------------------------------------------------------------------------
1642. - * Copyright (c) 2012, Nabil S. Al Ramli, www.nalramli.com
1643. - * All rights reserved.
1644. - *
1645. - * Redistribution and use in source and binary forms, with or without
1646. - * modification, are permitted provided that the following conditions are met:
1647. - *
1648. - * - Redistributions of source code must retain the above copyright notice,
1649. - * this list of conditions and the following disclaimer.
1650. - * - Redistributions in binary form must reproduce the above copyright
1651. - * notice, this list of conditions and the following disclaimer in the
1652. - * documentation and/or other materials provided with the distribution.
1653. - *
1654. - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
1655. - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1656. - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1657. - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
1658. - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
1659. - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
1660. - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
1661. - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
1662. - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1663. - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
1664. - * POSSIBILITY OF SUCH DAMAGE.
1665. - * ---------------------------------------------------------------------------
1666. - */
1667. -
1668. -#ifndef _OAES_CONFIG_H
1669. -#define _OAES_CONFIG_H
1670. -
1671. -#ifdef __cplusplus
1672. -extern "C" {
1673. -#endif
1674. -
1675. -//#ifndef OAES_HAVE_ISAAC
1676. -//#define OAES_HAVE_ISAAC 1
1677. -//#endif // OAES_HAVE_ISAAC
1678. -
1679. -//#ifndef OAES_DEBUG
1680. -//#define OAES_DEBUG 0
1681. -//#endif // OAES_DEBUG
1682. -
1683. -#ifdef __cplusplus
1684. -}
1685. -#endif
1686. -
1687. -#endif // _OAES_CONFIG_H
1688. diff --git "a/c:\\1\\sumokoin/src/crypto/oaes_lib.c" "b/c:\\1\\sumokoin/src/crypto/oaes_lib.c"
1689. deleted file mode 100644
1690. index e7226de..0000000
1691. --- "a/c:\\1\\sumokoin/src/crypto/oaes_lib.c"
1692. +++ /dev/null
1693. @@ -1,1499 +0,0 @@
1694. -/*
1695. - * ---------------------------------------------------------------------------
1696. - * OpenAES License
1697. - * ---------------------------------------------------------------------------
1698. - * Copyright (c) 2012, Nabil S. Al Ramli, www.nalramli.com
1699. - * All rights reserved.
1700. - *
1701. - * Redistribution and use in source and binary forms, with or without
1702. - * modification, are permitted provided that the following conditions are met:
1703. - *
1704. - * - Redistributions of source code must retain the above copyright notice,
1705. - * this list of conditions and the following disclaimer.
1706. - * - Redistributions in binary form must reproduce the above copyright
1707. - * notice, this list of conditions and the following disclaimer in the
1708. - * documentation and/or other materials provided with the distribution.
1709. - *
1710. - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
1711. - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1712. - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1713. - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
1714. - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
1715. - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
1716. - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
1717. - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
1718. - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1719. - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
1720. - * POSSIBILITY OF SUCH DAMAGE.
1721. - * ---------------------------------------------------------------------------
1722. - */
1723. -#include <stddef.h>
1724. -#include <time.h>
1725. -#include <string.h>
1726. -#include <stdlib.h>
1727. -#include <stdio.h>
1728. -
1729. -// OS X, FreeBSD, and OpenBSD don't need malloc.h
1730. -#if !defined(__APPLE__) && !defined(__FreeBSD__) && !defined(__OpenBSD__)
1731. - #include <malloc.h>
1732. -#endif
1733. -
1734. -// FreeBSD, OpenBSD and Android also don't need timeb.h
1735. -#if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__ANDROID__)
1736. - #include <sys/timeb.h>
1737. -#else
1738. - #include <sys/time.h>
1739. -#endif
1740. -
1741. -#ifdef WIN32
1742. -#include <process.h>
1743. -#else
1744. -#include <sys/types.h>
1745. -#include <unistd.h>
1746. -#endif
1747. -
1748. -#include "oaes_config.h"
1749. -#include "oaes_lib.h"
1750. -
1751. -#ifdef OAES_HAVE_ISAAC
1752. -#include "rand.h"
1753. -#endif // OAES_HAVE_ISAAC
1754. -
1755. -#define OAES_RKEY_LEN 4
1756. -#define OAES_COL_LEN 4
1757. -#define OAES_ROUND_BASE 7
1758. -
1759. -// the block is padded
1760. -#define OAES_FLAG_PAD 0x01
1761. -
1762. -#ifndef min
1763. -# define min(a,b) (((a)<(b)) ? (a) : (b))
1764. -#endif /* min */
1765. -
1766. -// "OAES<8-bit header version><8-bit type><16-bit options><8-bit flags><56-bit reserved>"
1767. -static uint8_t oaes_header[OAES_BLOCK_SIZE] = {
1768. - // 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f,
1769. - /*0*/ 0x4f, 0x41, 0x45, 0x53, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1770. -};
1771. -static uint8_t oaes_gf_8[] = {
1772. - 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36 };
1773. -
1774. -static uint8_t oaes_sub_byte_value[16][16] = {
1775. - // 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f,
1776. - /*0*/ { 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76 },
1777. - /*1*/ { 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0 },
1778. - /*2*/ { 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15 },
1779. - /*3*/ { 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75 },
1780. - /*4*/ { 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84 },
1781. - /*5*/ { 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf },
1782. - /*6*/ { 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8 },
1783. - /*7*/ { 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2 },
1784. - /*8*/ { 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73 },
1785. - /*9*/ { 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb },
1786. - /*a*/ { 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79 },
1787. - /*b*/ { 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08 },
1788. - /*c*/ { 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a },
1789. - /*d*/ { 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e },
1790. - /*e*/ { 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf },
1791. - /*f*/ { 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 },
1792. -};
1793. -
1794. -static uint8_t oaes_inv_sub_byte_value[16][16] = {
1795. - // 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f,
1796. - /*0*/ { 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb },
1797. - /*1*/ { 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb },
1798. - /*2*/ { 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e },
1799. - /*3*/ { 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25 },
1800. - /*4*/ { 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92 },
1801. - /*5*/ { 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84 },
1802. - /*6*/ { 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06 },
1803. - /*7*/ { 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b },
1804. - /*8*/ { 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73 },
1805. - /*9*/ { 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e },
1806. - /*a*/ { 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b },
1807. - /*b*/ { 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4 },
1808. - /*c*/ { 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f },
1809. - /*d*/ { 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef },
1810. - /*e*/ { 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61 },
1811. - /*f*/ { 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d },
1812. -};
1813. -
1814. -static uint8_t oaes_gf_mul_2[16][16] = {
1815. - // 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f,
1816. - /*0*/ { 0x00, 0x02, 0x04, 0x06, 0x08, 0x0a, 0x0c, 0x0e, 0x10, 0x12, 0x14, 0x16, 0x18, 0x1a, 0x1c, 0x1e },
1817. - /*1*/ { 0x20, 0x22, 0x24, 0x26, 0x28, 0x2a, 0x2c, 0x2e, 0x30, 0x32, 0x34, 0x36, 0x38, 0x3a, 0x3c, 0x3e },
1818. - /*2*/ { 0x40, 0x42, 0x44, 0x46, 0x48, 0x4a, 0x4c, 0x4e, 0x50, 0x52, 0x54, 0x56, 0x58, 0x5a, 0x5c, 0x5e },
1819. - /*3*/ { 0x60, 0x62, 0x64, 0x66, 0x68, 0x6a, 0x6c, 0x6e, 0x70, 0x72, 0x74, 0x76, 0x78, 0x7a, 0x7c, 0x7e },
1820. - /*4*/ { 0x80, 0x82, 0x84, 0x86, 0x88, 0x8a, 0x8c, 0x8e, 0x90, 0x92, 0x94, 0x96, 0x98, 0x9a, 0x9c, 0x9e },
1821. - /*5*/ { 0xa0, 0xa2, 0xa4, 0xa6, 0xa8, 0xaa, 0xac, 0xae, 0xb0, 0xb2, 0xb4, 0xb6, 0xb8, 0xba, 0xbc, 0xbe },
1822. - /*6*/ { 0xc0, 0xc2, 0xc4, 0xc6, 0xc8, 0xca, 0xcc, 0xce, 0xd0, 0xd2, 0xd4, 0xd6, 0xd8, 0xda, 0xdc, 0xde },
1823. - /*7*/ { 0xe0, 0xe2, 0xe4, 0xe6, 0xe8, 0xea, 0xec, 0xee, 0xf0, 0xf2, 0xf4, 0xf6, 0xf8, 0xfa, 0xfc, 0xfe },
1824. - /*8*/ { 0x1b, 0x19, 0x1f, 0x1d, 0x13, 0x11, 0x17, 0x15, 0x0b, 0x09, 0x0f, 0x0d, 0x03, 0x01, 0x07, 0x05 },
1825. - /*9*/ { 0x3b, 0x39, 0x3f, 0x3d, 0x33, 0x31, 0x37, 0x35, 0x2b, 0x29, 0x2f, 0x2d, 0x23, 0x21, 0x27, 0x25 },
1826. - /*a*/ { 0x5b, 0x59, 0x5f, 0x5d, 0x53, 0x51, 0x57, 0x55, 0x4b, 0x49, 0x4f, 0x4d, 0x43, 0x41, 0x47, 0x45 },
1827. - /*b*/ { 0x7b, 0x79, 0x7f, 0x7d, 0x73, 0x71, 0x77, 0x75, 0x6b, 0x69, 0x6f, 0x6d, 0x63, 0x61, 0x67, 0x65 },
1828. - /*c*/ { 0x9b, 0x99, 0x9f, 0x9d, 0x93, 0x91, 0x97, 0x95, 0x8b, 0x89, 0x8f, 0x8d, 0x83, 0x81, 0x87, 0x85 },
1829. - /*d*/ { 0xbb, 0xb9, 0xbf, 0xbd, 0xb3, 0xb1, 0xb7, 0xb5, 0xab, 0xa9, 0xaf, 0xad, 0xa3, 0xa1, 0xa7, 0xa5 },
1830. - /*e*/ { 0xdb, 0xd9, 0xdf, 0xdd, 0xd3, 0xd1, 0xd7, 0xd5, 0xcb, 0xc9, 0xcf, 0xcd, 0xc3, 0xc1, 0xc7, 0xc5 },
1831. - /*f*/ { 0xfb, 0xf9, 0xff, 0xfd, 0xf3, 0xf1, 0xf7, 0xf5, 0xeb, 0xe9, 0xef, 0xed, 0xe3, 0xe1, 0xe7, 0xe5 },
1832. -};
1833. -
1834. -static uint8_t oaes_gf_mul_3[16][16] = {
1835. - // 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f,
1836. - /*0*/ { 0x00, 0x03, 0x06, 0x05, 0x0c, 0x0f, 0x0a, 0x09, 0x18, 0x1b, 0x1e, 0x1d, 0x14, 0x17, 0x12, 0x11 },
1837. - /*1*/ { 0x30, 0x33, 0x36, 0x35, 0x3c, 0x3f, 0x3a, 0x39, 0x28, 0x2b, 0x2e, 0x2d, 0x24, 0x27, 0x22, 0x21 },
1838. - /*2*/ { 0x60, 0x63, 0x66, 0x65, 0x6c, 0x6f, 0x6a, 0x69, 0x78, 0x7b, 0x7e, 0x7d, 0x74, 0x77, 0x72, 0x71 },
1839. - /*3*/ { 0x50, 0x53, 0x56, 0x55, 0x5c, 0x5f, 0x5a, 0x59, 0x48, 0x4b, 0x4e, 0x4d, 0x44, 0x47, 0x42, 0x41 },
1840. - /*4*/ { 0xc0, 0xc3, 0xc6, 0xc5, 0xcc, 0xcf, 0xca, 0xc9, 0xd8, 0xdb, 0xde, 0xdd, 0xd4, 0xd7, 0xd2, 0xd1 },
1841. - /*5*/ { 0xf0, 0xf3, 0xf6, 0xf5, 0xfc, 0xff, 0xfa, 0xf9, 0xe8, 0xeb, 0xee, 0xed, 0xe4, 0xe7, 0xe2, 0xe1 },
1842. - /*6*/ { 0xa0, 0xa3, 0xa6, 0xa5, 0xac, 0xaf, 0xaa, 0xa9, 0xb8, 0xbb, 0xbe, 0xbd, 0xb4, 0xb7, 0xb2, 0xb1 },
1843. - /*7*/ { 0x90, 0x93, 0x96, 0x95, 0x9c, 0x9f, 0x9a, 0x99, 0x88, 0x8b, 0x8e, 0x8d, 0x84, 0x87, 0x82, 0x81 },
1844. - /*8*/ { 0x9b, 0x98, 0x9d, 0x9e, 0x97, 0x94, 0x91, 0x92, 0x83, 0x80, 0x85, 0x86, 0x8f, 0x8c, 0x89, 0x8a },
1845. - /*9*/ { 0xab, 0xa8, 0xad, 0xae, 0xa7, 0xa4, 0xa1, 0xa2, 0xb3, 0xb0, 0xb5, 0xb6, 0xbf, 0xbc, 0xb9, 0xba },
1846. - /*a*/ { 0xfb, 0xf8, 0xfd, 0xfe, 0xf7, 0xf4, 0xf1, 0xf2, 0xe3, 0xe0, 0xe5, 0xe6, 0xef, 0xec, 0xe9, 0xea },
1847. - /*b*/ { 0xcb, 0xc8, 0xcd, 0xce, 0xc7, 0xc4, 0xc1, 0xc2, 0xd3, 0xd0, 0xd5, 0xd6, 0xdf, 0xdc, 0xd9, 0xda },
1848. - /*c*/ { 0x5b, 0x58, 0x5d, 0x5e, 0x57, 0x54, 0x51, 0x52, 0x43, 0x40, 0x45, 0x46, 0x4f, 0x4c, 0x49, 0x4a },
1849. - /*d*/ { 0x6b, 0x68, 0x6d, 0x6e, 0x67, 0x64, 0x61, 0x62, 0x73, 0x70, 0x75, 0x76, 0x7f, 0x7c, 0x79, 0x7a },
1850. - /*e*/ { 0x3b, 0x38, 0x3d, 0x3e, 0x37, 0x34, 0x31, 0x32, 0x23, 0x20, 0x25, 0x26, 0x2f, 0x2c, 0x29, 0x2a },
1851. - /*f*/ { 0x0b, 0x08, 0x0d, 0x0e, 0x07, 0x04, 0x01, 0x02, 0x13, 0x10, 0x15, 0x16, 0x1f, 0x1c, 0x19, 0x1a },
1852. -};
1853. -
1854. -static uint8_t oaes_gf_mul_9[16][16] = {
1855. - // 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f,
1856. - /*0*/ { 0x00, 0x09, 0x12, 0x1b, 0x24, 0x2d, 0x36, 0x3f, 0x48, 0x41, 0x5a, 0x53, 0x6c, 0x65, 0x7e, 0x77 },
1857. - /*1*/ { 0x90, 0x99, 0x82, 0x8b, 0xb4, 0xbd, 0xa6, 0xaf, 0xd8, 0xd1, 0xca, 0xc3, 0xfc, 0xf5, 0xee, 0xe7 },
1858. - /*2*/ { 0x3b, 0x32, 0x29, 0x20, 0x1f, 0x16, 0x0d, 0x04, 0x73, 0x7a, 0x61, 0x68, 0x57, 0x5e, 0x45, 0x4c },
1859. - /*3*/ { 0xab, 0xa2, 0xb9, 0xb0, 0x8f, 0x86, 0x9d, 0x94, 0xe3, 0xea, 0xf1, 0xf8, 0xc7, 0xce, 0xd5, 0xdc },
1860. - /*4*/ { 0x76, 0x7f, 0x64, 0x6d, 0x52, 0x5b, 0x40, 0x49, 0x3e, 0x37, 0x2c, 0x25, 0x1a, 0x13, 0x08, 0x01 },
1861. - /*5*/ { 0xe6, 0xef, 0xf4, 0xfd, 0xc2, 0xcb, 0xd0, 0xd9, 0xae, 0xa7, 0xbc, 0xb5, 0x8a, 0x83, 0x98, 0x91 },
1862. - /*6*/ { 0x4d, 0x44, 0x5f, 0x56, 0x69, 0x60, 0x7b, 0x72, 0x05, 0x0c, 0x17, 0x1e, 0x21, 0x28, 0x33, 0x3a },
1863. - /*7*/ { 0xdd, 0xd4, 0xcf, 0xc6, 0xf9, 0xf0, 0xeb, 0xe2, 0x95, 0x9c, 0x87, 0x8e, 0xb1, 0xb8, 0xa3, 0xaa },
1864. - /*8*/ { 0xec, 0xe5, 0xfe, 0xf7, 0xc8, 0xc1, 0xda, 0xd3, 0xa4, 0xad, 0xb6, 0xbf, 0x80, 0x89, 0x92, 0x9b },
1865. - /*9*/ { 0x7c, 0x75, 0x6e, 0x67, 0x58, 0x51, 0x4a, 0x43, 0x34, 0x3d, 0x26, 0x2f, 0x10, 0x19, 0x02, 0x0b },
1866. - /*a*/ { 0xd7, 0xde, 0xc5, 0xcc, 0xf3, 0xfa, 0xe1, 0xe8, 0x9f, 0x96, 0x8d, 0x84, 0xbb, 0xb2, 0xa9, 0xa0 },
1867. - /*b*/ { 0x47, 0x4e, 0x55, 0x5c, 0x63, 0x6a, 0x71, 0x78, 0x0f, 0x06, 0x1d, 0x14, 0x2b, 0x22, 0x39, 0x30 },
1868. - /*c*/ { 0x9a, 0x93, 0x88, 0x81, 0xbe, 0xb7, 0xac, 0xa5, 0xd2, 0xdb, 0xc0, 0xc9, 0xf6, 0xff, 0xe4, 0xed },
1869. - /*d*/ { 0x0a, 0x03, 0x18, 0x11, 0x2e, 0x27, 0x3c, 0x35, 0x42, 0x4b, 0x50, 0x59, 0x66, 0x6f, 0x74, 0x7d },
1870. - /*e*/ { 0xa1, 0xa8, 0xb3, 0xba, 0x85, 0x8c, 0x97, 0x9e, 0xe9, 0xe0, 0xfb, 0xf2, 0xcd, 0xc4, 0xdf, 0xd6 },
1871. - /*f*/ { 0x31, 0x38, 0x23, 0x2a, 0x15, 0x1c, 0x07, 0x0e, 0x79, 0x70, 0x6b, 0x62, 0x5d, 0x54, 0x4f, 0x46 },
1872. -};
1873. -
1874. -static uint8_t oaes_gf_mul_b[16][16] = {
1875. - // 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f,
1876. - /*0*/ { 0x00, 0x0b, 0x16, 0x1d, 0x2c, 0x27, 0x3a, 0x31, 0x58, 0x53, 0x4e, 0x45, 0x74, 0x7f, 0x62, 0x69 },
1877. - /*1*/ { 0xb0, 0xbb, 0xa6, 0xad, 0x9c, 0x97, 0x8a, 0x81, 0xe8, 0xe3, 0xfe, 0xf5, 0xc4, 0xcf, 0xd2, 0xd9 },
1878. - /*2*/ { 0x7b, 0x70, 0x6d, 0x66, 0x57, 0x5c, 0x41, 0x4a, 0x23, 0x28, 0x35, 0x3e, 0x0f, 0x04, 0x19, 0x12 },
1879. - /*3*/ { 0xcb, 0xc0, 0xdd, 0xd6, 0xe7, 0xec, 0xf1, 0xfa, 0x93, 0x98, 0x85, 0x8e, 0xbf, 0xb4, 0xa9, 0xa2 },
1880. - /*4*/ { 0xf6, 0xfd, 0xe0, 0xeb, 0xda, 0xd1, 0xcc, 0xc7, 0xae, 0xa5, 0xb8, 0xb3, 0x82, 0x89, 0x94, 0x9f },
1881. - /*5*/ { 0x46, 0x4d, 0x50, 0x5b, 0x6a, 0x61, 0x7c, 0x77, 0x1e, 0x15, 0x08, 0x03, 0x32, 0x39, 0x24, 0x2f },
1882. - /*6*/ { 0x8d, 0x86, 0x9b, 0x90, 0xa1, 0xaa, 0xb7, 0xbc, 0xd5, 0xde, 0xc3, 0xc8, 0xf9, 0xf2, 0xef, 0xe4 },
1883. - /*7*/ { 0x3d, 0x36, 0x2b, 0x20, 0x11, 0x1a, 0x07, 0x0c, 0x65, 0x6e, 0x73, 0x78, 0x49, 0x42, 0x5f, 0x54 },
1884. - /*8*/ { 0xf7, 0xfc, 0xe1, 0xea, 0xdb, 0xd0, 0xcd, 0xc6, 0xaf, 0xa4, 0xb9, 0xb2, 0x83, 0x88, 0x95, 0x9e },
1885. - /*9*/ { 0x47, 0x4c, 0x51, 0x5a, 0x6b, 0x60, 0x7d, 0x76, 0x1f, 0x14, 0x09, 0x02, 0x33, 0x38, 0x25, 0x2e },
1886. - /*a*/ { 0x8c, 0x87, 0x9a, 0x91, 0xa0, 0xab, 0xb6, 0xbd, 0xd4, 0xdf, 0xc2, 0xc9, 0xf8, 0xf3, 0xee, 0xe5 },
1887. - /*b*/ { 0x3c, 0x37, 0x2a, 0x21, 0x10, 0x1b, 0x06, 0x0d, 0x64, 0x6f, 0x72, 0x79, 0x48, 0x43, 0x5e, 0x55 },
1888. - /*c*/ { 0x01, 0x0a, 0x17, 0x1c, 0x2d, 0x26, 0x3b, 0x30, 0x59, 0x52, 0x4f, 0x44, 0x75, 0x7e, 0x63, 0x68 },
1889. - /*d*/ { 0xb1, 0xba, 0xa7, 0xac, 0x9d, 0x96, 0x8b, 0x80, 0xe9, 0xe2, 0xff, 0xf4, 0xc5, 0xce, 0xd3, 0xd8 },
1890. - /*e*/ { 0x7a, 0x71, 0x6c, 0x67, 0x56, 0x5d, 0x40, 0x4b, 0x22, 0x29, 0x34, 0x3f, 0x0e, 0x05, 0x18, 0x13 },
1891. - /*f*/ { 0xca, 0xc1, 0xdc, 0xd7, 0xe6, 0xed, 0xf0, 0xfb, 0x92, 0x99, 0x84, 0x8f, 0xbe, 0xb5, 0xa8, 0xa3 },
1892. -};
1893. -
1894. -static uint8_t oaes_gf_mul_d[16][16] = {
1895. - // 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f,
1896. - /*0*/ { 0x00, 0x0d, 0x1a, 0x17, 0x34, 0x39, 0x2e, 0x23, 0x68, 0x65, 0x72, 0x7f, 0x5c, 0x51, 0x46, 0x4b },
1897. - /*1*/ { 0xd0, 0xdd, 0xca, 0xc7, 0xe4, 0xe9, 0xfe, 0xf3, 0xb8, 0xb5, 0xa2, 0xaf, 0x8c, 0x81, 0x96, 0x9b },
1898. - /*2*/ { 0xbb, 0xb6, 0xa1, 0xac, 0x8f, 0x82, 0x95, 0x98, 0xd3, 0xde, 0xc9, 0xc4, 0xe7, 0xea, 0xfd, 0xf0 },
1899. - /*3*/ { 0x6b, 0x66, 0x71, 0x7c, 0x5f, 0x52, 0x45, 0x48, 0x03, 0x0e, 0x19, 0x14, 0x37, 0x3a, 0x2d, 0x20 },
1900. - /*4*/ { 0x6d, 0x60, 0x77, 0x7a, 0x59, 0x54, 0x43, 0x4e, 0x05, 0x08, 0x1f, 0x12, 0x31, 0x3c, 0x2b, 0x26 },
1901. - /*5*/ { 0xbd, 0xb0, 0xa7, 0xaa, 0x89, 0x84, 0x93, 0x9e, 0xd5, 0xd8, 0xcf, 0xc2, 0xe1, 0xec, 0xfb, 0xf6 },
1902. - /*6*/ { 0xd6, 0xdb, 0xcc, 0xc1, 0xe2, 0xef, 0xf8, 0xf5, 0xbe, 0xb3, 0xa4, 0xa9, 0x8a, 0x87, 0x90, 0x9d },
1903. - /*7*/ { 0x06, 0x0b, 0x1c, 0x11, 0x32, 0x3f, 0x28, 0x25, 0x6e, 0x63, 0x74, 0x79, 0x5a, 0x57, 0x40, 0x4d },
1904. - /*8*/ { 0xda, 0xd7, 0xc0, 0xcd, 0xee, 0xe3, 0xf4, 0xf9, 0xb2, 0xbf, 0xa8, 0xa5, 0x86, 0x8b, 0x9c, 0x91 },
1905. - /*9*/ { 0x0a, 0x07, 0x10, 0x1d, 0x3e, 0x33, 0x24, 0x29, 0x62, 0x6f, 0x78, 0x75, 0x56, 0x5b, 0x4c, 0x41 },
1906. - /*a*/ { 0x61, 0x6c, 0x7b, 0x76, 0x55, 0x58, 0x4f, 0x42, 0x09, 0x04, 0x13, 0x1e, 0x3d, 0x30, 0x27, 0x2a },
1907. - /*b*/ { 0xb1, 0xbc, 0xab, 0xa6, 0x85, 0x88, 0x9f, 0x92, 0xd9, 0xd4, 0xc3, 0xce, 0xed, 0xe0, 0xf7, 0xfa },
1908. - /*c*/ { 0xb7, 0xba, 0xad, 0xa0, 0x83, 0x8e, 0x99, 0x94, 0xdf, 0xd2, 0xc5, 0xc8, 0xeb, 0xe6, 0xf1, 0xfc },
1909. - /*d*/ { 0x67, 0x6a, 0x7d, 0x70, 0x53, 0x5e, 0x49, 0x44, 0x0f, 0x02, 0x15, 0x18, 0x3b, 0x36, 0x21, 0x2c },
1910. - /*e*/ { 0x0c, 0x01, 0x16, 0x1b, 0x38, 0x35, 0x22, 0x2f, 0x64, 0x69, 0x7e, 0x73, 0x50, 0x5d, 0x4a, 0x47 },
1911. - /*f*/ { 0xdc, 0xd1, 0xc6, 0xcb, 0xe8, 0xe5, 0xf2, 0xff, 0xb4, 0xb9, 0xae, 0xa3, 0x80, 0x8d, 0x9a, 0x97 },
1912. -};
1913. -
1914. -static uint8_t oaes_gf_mul_e[16][16] = {
1915. - // 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f,
1916. - /*0*/ { 0x00, 0x0e, 0x1c, 0x12, 0x38, 0x36, 0x24, 0x2a, 0x70, 0x7e, 0x6c, 0x62, 0x48, 0x46, 0x54, 0x5a },
1917. - /*1*/ { 0xe0, 0xee, 0xfc, 0xf2, 0xd8, 0xd6, 0xc4, 0xca, 0x90, 0x9e, 0x8c, 0x82, 0xa8, 0xa6, 0xb4, 0xba },
1918. - /*2*/ { 0xdb, 0xd5, 0xc7, 0xc9, 0xe3, 0xed, 0xff, 0xf1, 0xab, 0xa5, 0xb7, 0xb9, 0x93, 0x9d, 0x8f, 0x81 },
1919. - /*3*/ { 0x3b, 0x35, 0x27, 0x29, 0x03, 0x0d, 0x1f, 0x11, 0x4b, 0x45, 0x57, 0x59, 0x73, 0x7d, 0x6f, 0x61 },
1920. - /*4*/ { 0xad, 0xa3, 0xb1, 0xbf, 0x95, 0x9b, 0x89, 0x87, 0xdd, 0xd3, 0xc1, 0xcf, 0xe5, 0xeb, 0xf9, 0xf7 },
1921. - /*5*/ { 0x4d, 0x43, 0x51, 0x5f, 0x75, 0x7b, 0x69, 0x67, 0x3d, 0x33, 0x21, 0x2f, 0x05, 0x0b, 0x19, 0x17 },
1922. - /*6*/ { 0x76, 0x78, 0x6a, 0x64, 0x4e, 0x40, 0x52, 0x5c, 0x06, 0x08, 0x1a, 0x14, 0x3e, 0x30, 0x22, 0x2c },
1923. - /*7*/ { 0x96, 0x98, 0x8a, 0x84, 0xae, 0xa0, 0xb2, 0xbc, 0xe6, 0xe8, 0xfa, 0xf4, 0xde, 0xd0, 0xc2, 0xcc },
1924. - /*8*/ { 0x41, 0x4f, 0x5d, 0x53, 0x79, 0x77, 0x65, 0x6b, 0x31, 0x3f, 0x2d, 0x23, 0x09, 0x07, 0x15, 0x1b },
1925. - /*9*/ { 0xa1, 0xaf, 0xbd, 0xb3, 0x99, 0x97, 0x85, 0x8b, 0xd1, 0xdf, 0xcd, 0xc3, 0xe9, 0xe7, 0xf5, 0xfb },
1926. - /*a*/ { 0x9a, 0x94, 0x86, 0x88, 0xa2, 0xac, 0xbe, 0xb0, 0xea, 0xe4, 0xf6, 0xf8, 0xd2, 0xdc, 0xce, 0xc0 },
1927. - /*b*/ { 0x7a, 0x74, 0x66, 0x68, 0x42, 0x4c, 0x5e, 0x50, 0x0a, 0x04, 0x16, 0x18, 0x32, 0x3c, 0x2e, 0x20 },
1928. - /*c*/ { 0xec, 0xe2, 0xf0, 0xfe, 0xd4, 0xda, 0xc8, 0xc6, 0x9c, 0x92, 0x80, 0x8e, 0xa4, 0xaa, 0xb8, 0xb6 },
1929. - /*d*/ { 0x0c, 0x02, 0x10, 0x1e, 0x34, 0x3a, 0x28, 0x26, 0x7c, 0x72, 0x60, 0x6e, 0x44, 0x4a, 0x58, 0x56 },
1930. - /*e*/ { 0x37, 0x39, 0x2b, 0x25, 0x0f, 0x01, 0x13, 0x1d, 0x47, 0x49, 0x5b, 0x55, 0x7f, 0x71, 0x63, 0x6d },
1931. - /*f*/ { 0xd7, 0xd9, 0xcb, 0xc5, 0xef, 0xe1, 0xf3, 0xfd, 0xa7, 0xa9, 0xbb, 0xb5, 0x9f, 0x91, 0x83, 0x8d },
1932. -};
1933. -
1934. -static OAES_RET oaes_sub_byte( uint8_t * byte )
1935. -{
1936. - size_t _x, _y;
1937. -
1938. - if( NULL == byte )
1939. - return OAES_RET_ARG1;
1940. -
1941. - _x = _y = *byte;
1942. - _x &= 0x0f;
1943. - _y &= 0xf0;
1944. - _y >>= 4;
1945. - *byte = oaes_sub_byte_value[_y][_x];
1946. -
1947. - return OAES_RET_SUCCESS;
1948. -}
1949. -
1950. -static OAES_RET oaes_inv_sub_byte( uint8_t * byte )
1951. -{
1952. - size_t _x, _y;
1953. -
1954. - if( NULL == byte )
1955. - return OAES_RET_ARG1;
1956. -
1957. - _x = _y = *byte;
1958. - _x &= 0x0f;
1959. - _y &= 0xf0;
1960. - _y >>= 4;
1961. - *byte = oaes_inv_sub_byte_value[_y][_x];
1962. -
1963. - return OAES_RET_SUCCESS;
1964. -}
1965. -/*
1966. -static OAES_RET oaes_word_rot_right( uint8_t word[OAES_COL_LEN] )
1967. -{
1968. - uint8_t _temp[OAES_COL_LEN];
1969. -
1970. - if( NULL == word )
1971. - return OAES_RET_ARG1;
1972. -
1973. - memcpy( _temp + 1, word, OAES_COL_LEN - 1 );
1974. - _temp[0] = word[OAES_COL_LEN - 1];
1975. - memcpy( word, _temp, OAES_COL_LEN );
1976. -
1977. - return OAES_RET_SUCCESS;
1978. -}
1979. -*/
1980. -static OAES_RET oaes_word_rot_left( uint8_t word[OAES_COL_LEN] )
1981. -{
1982. - uint8_t _temp[OAES_COL_LEN];
1983. -
1984. - if( NULL == word )
1985. - return OAES_RET_ARG1;
1986. -
1987. - memcpy( _temp, word + 1, OAES_COL_LEN - 1 );
1988. - _temp[OAES_COL_LEN - 1] = word[0];
1989. - memcpy( word, _temp, OAES_COL_LEN );
1990. -
1991. - return OAES_RET_SUCCESS;
1992. -}
1993. -
1994. -static OAES_RET oaes_shift_rows( uint8_t block[OAES_BLOCK_SIZE] )
1995. -{
1996. - uint8_t _temp[OAES_BLOCK_SIZE];
1997. -
1998. - if( NULL == block )
1999. - return OAES_RET_ARG1;
2000. -
2001. - _temp[0x00] = block[0x00];
2002. - _temp[0x01] = block[0x05];
2003. - _temp[0x02] = block[0x0a];
2004. - _temp[0x03] = block[0x0f];
2005. - _temp[0x04] = block[0x04];
2006. - _temp[0x05] = block[0x09];
2007. - _temp[0x06] = block[0x0e];
2008. - _temp[0x07] = block[0x03];
2009. - _temp[0x08] = block[0x08];
2010. - _temp[0x09] = block[0x0d];
2011. - _temp[0x0a] = block[0x02];
2012. - _temp[0x0b] = block[0x07];
2013. - _temp[0x0c] = block[0x0c];
2014. - _temp[0x0d] = block[0x01];
2015. - _temp[0x0e] = block[0x06];
2016. - _temp[0x0f] = block[0x0b];
2017. - memcpy( block, _temp, OAES_BLOCK_SIZE );
2018. -
2019. - return OAES_RET_SUCCESS;
2020. -}
2021. -
2022. -static OAES_RET oaes_inv_shift_rows( uint8_t block[OAES_BLOCK_SIZE] )
2023. -{
2024. - uint8_t _temp[OAES_BLOCK_SIZE];
2025. -
2026. - if( NULL == block )
2027. - return OAES_RET_ARG1;
2028. -
2029. - _temp[0x00] = block[0x00];
2030. - _temp[0x01] = block[0x0d];
2031. - _temp[0x02] = block[0x0a];
2032. - _temp[0x03] = block[0x07];
2033. - _temp[0x04] = block[0x04];
2034. - _temp[0x05] = block[0x01];
2035. - _temp[0x06] = block[0x0e];
2036. - _temp[0x07] = block[0x0b];
2037. - _temp[0x08] = block[0x08];
2038. - _temp[0x09] = block[0x05];
2039. - _temp[0x0a] = block[0x02];
2040. - _temp[0x0b] = block[0x0f];
2041. - _temp[0x0c] = block[0x0c];
2042. - _temp[0x0d] = block[0x09];
2043. - _temp[0x0e] = block[0x06];
2044. - _temp[0x0f] = block[0x03];
2045. - memcpy( block, _temp, OAES_BLOCK_SIZE );
2046. -
2047. - return OAES_RET_SUCCESS;
2048. -}
2049. -
2050. -static uint8_t oaes_gf_mul(uint8_t left, uint8_t right)
2051. -{
2052. - size_t _x, _y;
2053. -
2054. - _x = _y = left;
2055. - _x &= 0x0f;
2056. - _y &= 0xf0;
2057. - _y >>= 4;
2058. -
2059. - switch( right )
2060. - {
2061. - case 0x02:
2062. - return oaes_gf_mul_2[_y][_x];
2063. - break;
2064. - case 0x03:
2065. - return oaes_gf_mul_3[_y][_x];
2066. - break;
2067. - case 0x09:
2068. - return oaes_gf_mul_9[_y][_x];
2069. - break;
2070. - case 0x0b:
2071. - return oaes_gf_mul_b[_y][_x];
2072. - break;
2073. - case 0x0d:
2074. - return oaes_gf_mul_d[_y][_x];
2075. - break;
2076. - case 0x0e:
2077. - return oaes_gf_mul_e[_y][_x];
2078. - break;
2079. - default:
2080. - return left;
2081. - break;
2082. - }
2083. -}
2084. -
2085. -static OAES_RET oaes_mix_cols( uint8_t word[OAES_COL_LEN] )
2086. -{
2087. - uint8_t _temp[OAES_COL_LEN];
2088. -
2089. - if( NULL == word )
2090. - return OAES_RET_ARG1;
2091. -
2092. - _temp[0] = oaes_gf_mul(word[0], 0x02) ^ oaes_gf_mul( word[1], 0x03 ) ^
2093. - word[2] ^ word[3];
2094. - _temp[1] = word[0] ^ oaes_gf_mul( word[1], 0x02 ) ^
2095. - oaes_gf_mul( word[2], 0x03 ) ^ word[3];
2096. - _temp[2] = word[0] ^ word[1] ^
2097. - oaes_gf_mul( word[2], 0x02 ) ^ oaes_gf_mul( word[3], 0x03 );
2098. - _temp[3] = oaes_gf_mul( word[0], 0x03 ) ^ word[1] ^
2099. - word[2] ^ oaes_gf_mul( word[3], 0x02 );
2100. - memcpy( word, _temp, OAES_COL_LEN );
2101. -
2102. - return OAES_RET_SUCCESS;
2103. -}
2104. -
2105. -static OAES_RET oaes_inv_mix_cols( uint8_t word[OAES_COL_LEN] )
2106. -{
2107. - uint8_t _temp[OAES_COL_LEN];
2108. -
2109. - if( NULL == word )
2110. - return OAES_RET_ARG1;
2111. -
2112. - _temp[0] = oaes_gf_mul( word[0], 0x0e ) ^ oaes_gf_mul( word[1], 0x0b ) ^
2113. - oaes_gf_mul( word[2], 0x0d ) ^ oaes_gf_mul( word[3], 0x09 );
2114. - _temp[1] = oaes_gf_mul( word[0], 0x09 ) ^ oaes_gf_mul( word[1], 0x0e ) ^
2115. - oaes_gf_mul( word[2], 0x0b ) ^ oaes_gf_mul( word[3], 0x0d );
2116. - _temp[2] = oaes_gf_mul( word[0], 0x0d ) ^ oaes_gf_mul( word[1], 0x09 ) ^
2117. - oaes_gf_mul( word[2], 0x0e ) ^ oaes_gf_mul( word[3], 0x0b );
2118. - _temp[3] = oaes_gf_mul( word[0], 0x0b ) ^ oaes_gf_mul( word[1], 0x0d ) ^
2119. - oaes_gf_mul( word[2], 0x09 ) ^ oaes_gf_mul( word[3], 0x0e );
2120. - memcpy( word, _temp, OAES_COL_LEN );
2121. -
2122. - return OAES_RET_SUCCESS;
2123. -}
2124. -
2125. -OAES_RET oaes_sprintf(
2126. - char * buf, size_t * buf_len, const uint8_t * data, size_t data_len )
2127. -{
2128. - size_t _i, _buf_len_in;
2129. - char _temp[4];
2130. -
2131. - if( NULL == buf_len )
2132. - return OAES_RET_ARG2;
2133. -
2134. - _buf_len_in = *buf_len;
2135. - *buf_len = data_len * 3 + data_len / OAES_BLOCK_SIZE + 1;
2136. -
2137. - if( NULL == buf )
2138. - return OAES_RET_SUCCESS;
2139. -
2140. - if( *buf_len > _buf_len_in )
2141. - return OAES_RET_BUF;
2142. -
2143. - if( NULL == data )
2144. - return OAES_RET_ARG3;
2145. -
2146. - strcpy( buf, "" );
2147. -
2148. - for( _i = 0; _i < data_len; _i++ )
2149. - {
2150. - sprintf( _temp, "%02x ", data[_i] );
2151. - strcat( buf, _temp );
2152. - if( _i && 0 == ( _i + 1 ) % OAES_BLOCK_SIZE )
2153. - strcat( buf, "\n" );
2154. - }
2155. -
2156. - return OAES_RET_SUCCESS;
2157. -}
2158. -
2159. -#ifdef OAES_HAVE_ISAAC
2160. -static void oaes_get_seed( char buf[RANDSIZ + 1] )
2161. -{
2162. - #if !defined(__FreeBSD__) && !defined(__OpenBSD__)
2163. - struct timeb timer;
2164. - struct tm *gmTimer;
2165. - char * _test = NULL;
2166. -
2167. - ftime (&timer);
2168. - gmTimer = gmtime( &timer.time );
2169. - _test = (char *) calloc( sizeof( char ), timer.millitm );
2170. - sprintf( buf, "%04d%02d%02d%02d%02d%02d%03d%p%d",
2171. - gmTimer->tm_year + 1900, gmTimer->tm_mon + 1, gmTimer->tm_mday,
2172. - gmTimer->tm_hour, gmTimer->tm_min, gmTimer->tm_sec, timer.millitm,
2173. - _test + timer.millitm, getpid() );
2174. - #else
2175. - struct timeval timer;
2176. - struct tm *gmTimer;
2177. - char * _test = NULL;
2178. -
2179. - gettimeofday(&timer, NULL);
2180. - gmTimer = gmtime( &timer.tv_sec );
2181. - _test = (char *) calloc( sizeof( char ), timer.tv_usec/1000 );
2182. - sprintf( buf, "%04d%02d%02d%02d%02d%02d%03d%p%d",
2183. - gmTimer->tm_year + 1900, gmTimer->tm_mon + 1, gmTimer->tm_mday,
2184. - gmTimer->tm_hour, gmTimer->tm_min, gmTimer->tm_sec, timer.tv_usec/1000,
2185. - _test + timer.tv_usec/1000, getpid() );
2186. - #endif
2187. -
2188. - if( _test )
2189. - free( _test );
2190. -}
2191. -#else
2192. -static uint32_t oaes_get_seed(void)
2193. -{
2194. - #if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__ANDROID__)
2195. - struct timeb timer;
2196. - struct tm *gmTimer;
2197. - char * _test = NULL;
2198. - uint32_t _ret = 0;
2199. -
2200. - ftime (&timer);
2201. - gmTimer = gmtime( &timer.time );
2202. - _test = (char *) calloc( sizeof( char ), timer.millitm );
2203. - _ret = gmTimer->tm_year + 1900 + gmTimer->tm_mon + 1 + gmTimer->tm_mday +
2204. - gmTimer->tm_hour + gmTimer->tm_min + gmTimer->tm_sec + timer.millitm +
2205. - (uintptr_t) ( _test + timer.millitm ) + getpid();
2206. - #else
2207. - struct timeval timer;
2208. - struct tm *gmTimer;
2209. - char * _test = NULL;
2210. - uint32_t _ret = 0;
2211. -
2212. - gettimeofday(&timer, NULL);
2213. - gmTimer = gmtime( &timer.tv_sec );
2214. - _test = (char *) calloc( sizeof( char ), timer.tv_usec/1000 );
2215. - _ret = gmTimer->tm_year + 1900 + gmTimer->tm_mon + 1 + gmTimer->tm_mday +
2216. - gmTimer->tm_hour + gmTimer->tm_min + gmTimer->tm_sec + timer.tv_usec/1000 +
2217. - (uintptr_t) ( _test + timer.tv_usec/1000 ) + getpid();
2218. - #endif
2219. -
2220. - if( _test )
2221. - free( _test );
2222. -
2223. - return _ret;
2224. -}
2225. -#endif // OAES_HAVE_ISAAC
2226. -
2227. -static OAES_RET oaes_key_destroy( oaes_key ** key )
2228. -{
2229. - if( NULL == *key )
2230. - return OAES_RET_SUCCESS;
2231. -
2232. - if( (*key)->data )
2233. - {
2234. - free( (*key)->data );
2235. - (*key)->data = NULL;
2236. - }
2237. -
2238. - if( (*key)->exp_data )
2239. - {
2240. - free( (*key)->exp_data );
2241. - (*key)->exp_data = NULL;
2242. - }
2243. -
2244. - (*key)->data_len = 0;
2245. - (*key)->exp_data_len = 0;
2246. - (*key)->num_keys = 0;
2247. - (*key)->key_base = 0;
2248. - free( *key );
2249. - *key = NULL;
2250. -
2251. - return OAES_RET_SUCCESS;
2252. -}
2253. -
2254. -static OAES_RET oaes_key_expand( OAES_CTX * ctx )
2255. -{
2256. - size_t _i, _j;
2257. - oaes_ctx * _ctx = (oaes_ctx *) ctx;
2258. -
2259. - if( NULL == _ctx )
2260. - return OAES_RET_ARG1;
2261. -
2262. - if( NULL == _ctx->key )
2263. - return OAES_RET_NOKEY;
2264. -
2265. - _ctx->key->key_base = _ctx->key->data_len / OAES_RKEY_LEN;
2266. - _ctx->key->num_keys = _ctx->key->key_base + OAES_ROUND_BASE;
2267. -
2268. - _ctx->key->exp_data_len = _ctx->key->num_keys * OAES_RKEY_LEN * OAES_COL_LEN;
2269. - _ctx->key->exp_data = (uint8_t *)
2270. - calloc( _ctx->key->exp_data_len, sizeof( uint8_t ));
2271. -
2272. - if( NULL == _ctx->key->exp_data )
2273. - return OAES_RET_MEM;
2274. -
2275. - // the first _ctx->key->data_len are a direct copy
2276. - memcpy( _ctx->key->exp_data, _ctx->key->data, _ctx->key->data_len );
2277. -
2278. - // apply ExpandKey algorithm for remainder
2279. - for( _i = _ctx->key->key_base; _i < _ctx->key->num_keys * OAES_RKEY_LEN; _i++ )
2280. - {
2281. - uint8_t _temp[OAES_COL_LEN];
2282. -
2283. - memcpy( _temp,
2284. - _ctx->key->exp_data + ( _i - 1 ) * OAES_RKEY_LEN, OAES_COL_LEN );
2285. -
2286. - // transform key column
2287. - if( 0 == _i % _ctx->key->key_base )
2288. - {
2289. - oaes_word_rot_left( _temp );
2290. -
2291. - for( _j = 0; _j < OAES_COL_LEN; _j++ )
2292. - oaes_sub_byte( _temp + _j );
2293. -
2294. - _temp[0] = _temp[0] ^ oaes_gf_8[ _i / _ctx->key->key_base - 1 ];
2295. - }
2296. - else if( _ctx->key->key_base > 6 && 4 == _i % _ctx->key->key_base )
2297. - {
2298. - for( _j = 0; _j < OAES_COL_LEN; _j++ )
2299. - oaes_sub_byte( _temp + _j );
2300. - }
2301. -
2302. - for( _j = 0; _j < OAES_COL_LEN; _j++ )
2303. - {
2304. - _ctx->key->exp_data[ _i * OAES_RKEY_LEN + _j ] =
2305. - _ctx->key->exp_data[ ( _i - _ctx->key->key_base ) *
2306. - OAES_RKEY_LEN + _j ] ^ _temp[_j];
2307. - }
2308. - }
2309. -
2310. - return OAES_RET_SUCCESS;
2311. -}
2312. -
2313. -static OAES_RET oaes_key_gen( OAES_CTX * ctx, size_t key_size )
2314. -{
2315. - size_t _i;
2316. - oaes_key * _key = NULL;
2317. - oaes_ctx * _ctx = (oaes_ctx *) ctx;
2318. - OAES_RET _rc = OAES_RET_SUCCESS;
2319. -
2320. - if( NULL == _ctx )
2321. - return OAES_RET_ARG1;
2322. -
2323. - _key = (oaes_key *) calloc( sizeof( oaes_key ), 1 );
2324. -
2325. - if( NULL == _key )
2326. - return OAES_RET_MEM;
2327. -
2328. - if( _ctx->key )
2329. - oaes_key_destroy( &(_ctx->key) );
2330. -
2331. - _key->data_len = key_size;
2332. - _key->data = (uint8_t *) calloc( key_size, sizeof( uint8_t ));
2333. -
2334. - if( NULL == _key->data )
2335. - {
2336. - free( _key );
2337. - return OAES_RET_MEM;
2338. - }
2339. -
2340. - for( _i = 0; _i < key_size; _i++ )
2341. -#ifdef OAES_HAVE_ISAAC
2342. - _key->data[_i] = (uint8_t) rand( _ctx->rctx );
2343. -#else
2344. - _key->data[_i] = (uint8_t) rand();
2345. -#endif // OAES_HAVE_ISAAC
2346. -
2347. - _ctx->key = _key;
2348. - _rc = _rc || oaes_key_expand( ctx );
2349. -
2350. - if( _rc != OAES_RET_SUCCESS )
2351. - {
2352. - oaes_key_destroy( &(_ctx->key) );
2353. - return _rc;
2354. - }
2355. -
2356. - return OAES_RET_SUCCESS;
2357. -}
2358. -
2359. -OAES_RET oaes_key_gen_128( OAES_CTX * ctx )
2360. -{
2361. - return oaes_key_gen( ctx, 16 );
2362. -}
2363. -
2364. -OAES_RET oaes_key_gen_192( OAES_CTX * ctx )
2365. -{
2366. - return oaes_key_gen( ctx, 24 );
2367. -}
2368. -
2369. -OAES_RET oaes_key_gen_256( OAES_CTX * ctx )
2370. -{
2371. - return oaes_key_gen( ctx, 32 );
2372. -}
2373. -
2374. -OAES_RET oaes_key_export( OAES_CTX * ctx,
2375. - uint8_t * data, size_t * data_len )
2376. -{
2377. - size_t _data_len_in;
2378. - oaes_ctx * _ctx = (oaes_ctx *) ctx;
2379. -
2380. - if( NULL == _ctx )
2381. - return OAES_RET_ARG1;
2382. -
2383. - if( NULL == _ctx->key )
2384. - return OAES_RET_NOKEY;
2385. -
2386. - if( NULL == data_len )
2387. - return OAES_RET_ARG3;
2388. -
2389. - _data_len_in = *data_len;
2390. - // data + header
2391. - *data_len = _ctx->key->data_len + OAES_BLOCK_SIZE;
2392. -
2393. - if( NULL == data )
2394. - return OAES_RET_SUCCESS;
2395. -
2396. - if( _data_len_in < *data_len )
2397. - return OAES_RET_BUF;
2398. -
2399. - // header
2400. - memcpy( data, oaes_header, OAES_BLOCK_SIZE );
2401. - data[5] = 0x01;
2402. - data[7] = _ctx->key->data_len;
2403. - memcpy( data + OAES_BLOCK_SIZE, _ctx->key->data, _ctx->key->data_len );
2404. -
2405. - return OAES_RET_SUCCESS;
2406. -}
2407. -
2408. -OAES_RET oaes_key_export_data( OAES_CTX * ctx,
2409. - uint8_t * data, size_t * data_len )
2410. -{
2411. - size_t _data_len_in;
2412. - oaes_ctx * _ctx = (oaes_ctx *) ctx;
2413. -
2414. - if( NULL == _ctx )
2415. - return OAES_RET_ARG1;
2416. -
2417. - if( NULL == _ctx->key )
2418. - return OAES_RET_NOKEY;
2419. -
2420. - if( NULL == data_len )
2421. - return OAES_RET_ARG3;
2422. -
2423. - _data_len_in = *data_len;
2424. - *data_len = _ctx->key->data_len;
2425. -
2426. - if( NULL == data )
2427. - return OAES_RET_SUCCESS;
2428. -
2429. - if( _data_len_in < *data_len )
2430. - return OAES_RET_BUF;
2431. -
2432. - memcpy( data, _ctx->key->data, *data_len );
2433. -
2434. - return OAES_RET_SUCCESS;
2435. -}
2436. -
2437. -OAES_RET oaes_key_import( OAES_CTX * ctx,
2438. - const uint8_t * data, size_t data_len )
2439. -{
2440. - oaes_ctx * _ctx = (oaes_ctx *) ctx;
2441. - OAES_RET _rc = OAES_RET_SUCCESS;
2442. - int _key_length;
2443. -
2444. - if( NULL == _ctx )
2445. - return OAES_RET_ARG1;
2446. -
2447. - if( NULL == data )
2448. - return OAES_RET_ARG2;
2449. -
2450. - switch( data_len )
2451. - {
2452. - case 16 + OAES_BLOCK_SIZE:
2453. - case 24 + OAES_BLOCK_SIZE:
2454. - case 32 + OAES_BLOCK_SIZE:
2455. - break;
2456. - default:
2457. - return OAES_RET_ARG3;
2458. - }
2459. -
2460. - // header
2461. - if( 0 != memcmp( data, oaes_header, 4 ) )
2462. - return OAES_RET_HEADER;
2463. -
2464. - // header version
2465. - switch( data[4] )
2466. - {
2467. - case 0x01:
2468. - break;
2469. - default:
2470. - return OAES_RET_HEADER;
2471. - }
2472. -
2473. - // header type
2474. - switch( data[5] )
2475. - {
2476. - case 0x01:
2477. - break;
2478. - default:
2479. - return OAES_RET_HEADER;
2480. - }
2481. -
2482. - // options
2483. - _key_length = data[7];
2484. - switch( _key_length )
2485. - {
2486. - case 16:
2487. - case 24:
2488. - case 32:
2489. - break;
2490. - default:
2491. - return OAES_RET_HEADER;
2492. - }
2493. -
2494. - if( (int)data_len != _key_length + OAES_BLOCK_SIZE )
2495. - return OAES_RET_ARG3;
2496. -
2497. - if( _ctx->key )
2498. - oaes_key_destroy( &(_ctx->key) );
2499. -
2500. - _ctx->key = (oaes_key *) calloc( sizeof( oaes_key ), 1 );
2501. -
2502. - if( NULL == _ctx->key )
2503. - return OAES_RET_MEM;
2504. -
2505. - _ctx->key->data_len = _key_length;
2506. - _ctx->key->data = (uint8_t *)
2507. - calloc( _key_length, sizeof( uint8_t ));
2508. -
2509. - if( NULL == _ctx->key->data )
2510. - {
2511. - oaes_key_destroy( &(_ctx->key) );
2512. - return OAES_RET_MEM;
2513. - }
2514. -
2515. - memcpy( _ctx->key->data, data + OAES_BLOCK_SIZE, _key_length );
2516. - _rc = _rc || oaes_key_expand( ctx );
2517. -
2518. - if( _rc != OAES_RET_SUCCESS )
2519. - {
2520. - oaes_key_destroy( &(_ctx->key) );
2521. - return _rc;
2522. - }
2523. -
2524. - return OAES_RET_SUCCESS;
2525. -}
2526. -
2527. -OAES_RET oaes_key_import_data( OAES_CTX * ctx,
2528. - const uint8_t * data, size_t data_len )
2529. -{
2530. - oaes_ctx * _ctx = (oaes_ctx *) ctx;
2531. - OAES_RET _rc = OAES_RET_SUCCESS;
2532. -
2533. - if( NULL == _ctx )
2534. - return OAES_RET_ARG1;
2535. -
2536. - if( NULL == data )
2537. - return OAES_RET_ARG2;
2538. -
2539. - switch( data_len )
2540. - {
2541. - case 16:
2542. - case 24:
2543. - case 32:
2544. - break;
2545. - default:
2546. - return OAES_RET_ARG3;
2547. - }
2548. -
2549. - if( _ctx->key )
2550. - oaes_key_destroy( &(_ctx->key) );
2551. -
2552. - _ctx->key = (oaes_key *) calloc( sizeof( oaes_key ), 1 );
2553. -
2554. - if( NULL == _ctx->key )
2555. - return OAES_RET_MEM;
2556. -
2557. - _ctx->key->data_len = data_len;
2558. - _ctx->key->data = (uint8_t *)
2559. - calloc( data_len, sizeof( uint8_t ));
2560. -
2561. - if( NULL == _ctx->key->data )
2562. - {
2563. - oaes_key_destroy( &(_ctx->key) );
2564. - return OAES_RET_MEM;
2565. - }
2566. -
2567. - memcpy( _ctx->key->data, data, data_len );
2568. - _rc = _rc || oaes_key_expand( ctx );
2569. -
2570. - if( _rc != OAES_RET_SUCCESS )
2571. - {
2572. - oaes_key_destroy( &(_ctx->key) );
2573. - return _rc;
2574. - }
2575. -
2576. - return OAES_RET_SUCCESS;
2577. -}
2578. -
2579. -OAES_CTX * oaes_alloc(void)
2580. -{
2581. - oaes_ctx * _ctx = (oaes_ctx *) calloc( sizeof( oaes_ctx ), 1 );
2582. -
2583. - if( NULL == _ctx )
2584. - return NULL;
2585. -
2586. -#ifdef OAES_HAVE_ISAAC
2587. - {
2588. - ub4 _i = 0;
2589. - char _seed[RANDSIZ + 1];
2590. -
2591. - _ctx->rctx = (randctx *) calloc( sizeof( randctx ), 1 );
2592. -
2593. - if( NULL == _ctx->rctx )
2594. - {
2595. - free( _ctx );
2596. - return NULL;
2597. - }
2598. -
2599. - oaes_get_seed( _seed );
2600. - memset( _ctx->rctx->randrsl, 0, RANDSIZ );
2601. - memcpy( _ctx->rctx->randrsl, _seed, RANDSIZ );
2602. - randinit( _ctx->rctx, TRUE);
2603. - }
2604. -#else
2605. - srand( oaes_get_seed() );
2606. -#endif // OAES_HAVE_ISAAC
2607. -
2608. - _ctx->key = NULL;
2609. - oaes_set_option( _ctx, OAES_OPTION_CBC, NULL );
2610. -
2611. -#ifdef OAES_DEBUG
2612. - _ctx->step_cb = NULL;
2613. - oaes_set_option( _ctx, OAES_OPTION_STEP_OFF, NULL );
2614. -#endif // OAES_DEBUG
2615. -
2616. - return (OAES_CTX *) _ctx;
2617. -}
2618. -
2619. -OAES_RET oaes_free( OAES_CTX ** ctx )
2620. -{
2621. - oaes_ctx ** _ctx = (oaes_ctx **) ctx;
2622. -
2623. - if( NULL == _ctx )
2624. - return OAES_RET_ARG1;
2625. -
2626. - if( NULL == *_ctx )
2627. - return OAES_RET_SUCCESS;
2628. -
2629. - if( (*_ctx)->key )
2630. - oaes_key_destroy( &((*_ctx)->key) );
2631. -
2632. -#ifdef OAES_HAVE_ISAAC
2633. - if( (*_ctx)->rctx )
2634. - {
2635. - free( (*_ctx)->rctx );
2636. - (*_ctx)->rctx = NULL;
2637. - }
2638. -#endif // OAES_HAVE_ISAAC
2639. -
2640. - free( *_ctx );
2641. - *_ctx = NULL;
2642. -
2643. - return OAES_RET_SUCCESS;
2644. -}
2645. -
2646. -OAES_RET oaes_set_option( OAES_CTX * ctx,
2647. - OAES_OPTION option, const void * value )
2648. -{
2649. - size_t _i;
2650. - oaes_ctx * _ctx = (oaes_ctx *) ctx;
2651. -
2652. - if( NULL == _ctx )
2653. - return OAES_RET_ARG1;
2654. -
2655. - switch( option )
2656. - {
2657. - case OAES_OPTION_ECB:
2658. - _ctx->options &= ~OAES_OPTION_CBC;
2659. - memset( _ctx->iv, 0, OAES_BLOCK_SIZE );
2660. - break;
2661. -
2662. - case OAES_OPTION_CBC:
2663. - _ctx->options &= ~OAES_OPTION_ECB;
2664. - if( value )
2665. - memcpy( _ctx->iv, value, OAES_BLOCK_SIZE );
2666. - else
2667. - {
2668. - for( _i = 0; _i < OAES_BLOCK_SIZE; _i++ )
2669. -#ifdef OAES_HAVE_ISAAC
2670. - _ctx->iv[_i] = (uint8_t) rand( _ctx->rctx );
2671. -#else
2672. - _ctx->iv[_i] = (uint8_t) rand();
2673. -#endif // OAES_HAVE_ISAAC
2674. - }
2675. - break;
2676. -
2677. -#ifdef OAES_DEBUG
2678. -
2679. - case OAES_OPTION_STEP_ON:
2680. - if( value )
2681. - {
2682. - _ctx->options &= ~OAES_OPTION_STEP_OFF;
2683. - _ctx->step_cb = value;
2684. - }
2685. - else
2686. - {
2687. - _ctx->options &= ~OAES_OPTION_STEP_ON;
2688. - _ctx->options |= OAES_OPTION_STEP_OFF;
2689. - _ctx->step_cb = NULL;
2690. - return OAES_RET_ARG3;
2691. - }
2692. - break;
2693. -
2694. - case OAES_OPTION_STEP_OFF:
2695. - _ctx->options &= ~OAES_OPTION_STEP_ON;
2696. - _ctx->step_cb = NULL;
2697. - break;
2698. -
2699. -#endif // OAES_DEBUG
2700. -
2701. - default:
2702. - return OAES_RET_ARG2;
2703. - }
2704. -
2705. - _ctx->options |= option;
2706. -
2707. - return OAES_RET_SUCCESS;
2708. -}
2709. -
2710. -static OAES_RET oaes_encrypt_block(
2711. - OAES_CTX * ctx, uint8_t * c, size_t c_len )
2712. -{
2713. - size_t _i, _j;
2714. - oaes_ctx * _ctx = (oaes_ctx *) ctx;
2715. -
2716. - if( NULL == _ctx )
2717. - return OAES_RET_ARG1;
2718. -
2719. - if( NULL == c )
2720. - return OAES_RET_ARG2;
2721. -
2722. - if( c_len != OAES_BLOCK_SIZE )
2723. - return OAES_RET_ARG3;
2724. -
2725. - if( NULL == _ctx->key )
2726. - return OAES_RET_NOKEY;
2727. -
2728. -#ifdef OAES_DEBUG
2729. - if( _ctx->step_cb )
2730. - _ctx->step_cb( c, "input", 1, NULL );
2731. -#endif // OAES_DEBUG
2732. -
2733. - // AddRoundKey(State, K0)
2734. - for( _i = 0; _i < c_len; _i++ )
2735. - c[_i] = c[_i] ^ _ctx->key->exp_data[_i];
2736. -
2737. -#ifdef OAES_DEBUG
2738. - if( _ctx->step_cb )
2739. - {
2740. - _ctx->step_cb( _ctx->key->exp_data, "k_sch", 1, NULL );
2741. - _ctx->step_cb( c, "k_add", 1, NULL );
2742. - }
2743. -#endif // OAES_DEBUG
2744. -
2745. - // for round = 1 step 1 to Nr<E2><80><93>1
2746. - for( _i = 1; _i < _ctx->key->num_keys - 1; _i++ )
2747. - {
2748. - // SubBytes(state)
2749. - for( _j = 0; _j < c_len; _j++ )
2750. - oaes_sub_byte( c + _j );
2751. -
2752. -#ifdef OAES_DEBUG
2753. - if( _ctx->step_cb )
2754. - _ctx->step_cb( c, "s_box", _i, NULL );
2755. -#endif // OAES_DEBUG
2756. -
2757. - // ShiftRows(state)
2758. - oaes_shift_rows( c );
2759. -
2760. -#ifdef OAES_DEBUG
2761. - if( _ctx->step_cb )
2762. - _ctx->step_cb( c, "s_row", _i, NULL );
2763. -#endif // OAES_DEBUG
2764. -
2765. - // MixColumns(state)
2766. - oaes_mix_cols( c );
2767. - oaes_mix_cols( c + 4 );
2768. - oaes_mix_cols( c + 8 );
2769. - oaes_mix_cols( c + 12 );
2770. -
2771. -#ifdef OAES_DEBUG
2772. - if( _ctx->step_cb )
2773. - _ctx->step_cb( c, "m_col", _i, NULL );
2774. -#endif // OAES_DEBUG
2775. -
2776. - // AddRoundKey(state, w[round*Nb, (round+1)*Nb-1])
2777. - for( _j = 0; _j < c_len; _j++ )
2778. - c[_j] = c[_j] ^
2779. - _ctx->key->exp_data[_i * OAES_RKEY_LEN * OAES_COL_LEN + _j];
2780. -
2781. -#ifdef OAES_DEBUG
2782. - if( _ctx->step_cb )
2783. - {
2784. - _ctx->step_cb( _ctx->key->exp_data + _i * OAES_RKEY_LEN * OAES_COL_LEN,
2785. - "k_sch", _i, NULL );
2786. - _ctx->step_cb( c, "k_add", _i, NULL );
2787. - }
2788. -#endif // OAES_DEBUG
2789. -
2790. - }
2791. -
2792. - // SubBytes(state)
2793. - for( _i = 0; _i < c_len; _i++ )
2794. - oaes_sub_byte( c + _i );
2795. -
2796. -#ifdef OAES_DEBUG
2797. - if( _ctx->step_cb )
2798. - _ctx->step_cb( c, "s_box", _ctx->key->num_keys - 1, NULL );
2799. -#endif // OAES_DEBUG
2800. -
2801. - // ShiftRows(state)
2802. - oaes_shift_rows( c );
2803. -
2804. -#ifdef OAES_DEBUG
2805. - if( _ctx->step_cb )
2806. - _ctx->step_cb( c, "s_row", _ctx->key->num_keys - 1, NULL );
2807. -#endif // OAES_DEBUG
2808. -
2809. - // AddRoundKey(state, w[Nr*Nb, (Nr+1)*Nb-1])
2810. - for( _i = 0; _i < c_len; _i++ )
2811. - c[_i] = c[_i] ^ _ctx->key->exp_data[
2812. - ( _ctx->key->num_keys - 1 ) * OAES_RKEY_LEN * OAES_COL_LEN + _i ];
2813. -
2814. -#ifdef OAES_DEBUG
2815. - if( _ctx->step_cb )
2816. - {
2817. - _ctx->step_cb( _ctx->key->exp_data +
2818. - ( _ctx->key->num_keys - 1 ) * OAES_RKEY_LEN * OAES_COL_LEN,
2819. - "k_sch", _ctx->key->num_keys - 1, NULL );
2820. - _ctx->step_cb( c, "output", _ctx->key->num_keys - 1, NULL );
2821. - }
2822. -#endif // OAES_DEBUG
2823. -
2824. - return OAES_RET_SUCCESS;
2825. -}
2826. -
2827. -static OAES_RET oaes_decrypt_block(
2828. - OAES_CTX * ctx, uint8_t * c, size_t c_len )
2829. -{
2830. - size_t _i, _j;
2831. - oaes_ctx * _ctx = (oaes_ctx *) ctx;
2832. -
2833. - if( NULL == _ctx )
2834. - return OAES_RET_ARG1;
2835. -
2836. - if( NULL == c )
2837. - return OAES_RET_ARG2;
2838. -
2839. - if( c_len != OAES_BLOCK_SIZE )
2840. - return OAES_RET_ARG3;
2841. -
2842. - if( NULL == _ctx->key )
2843. - return OAES_RET_NOKEY;
2844. -
2845. -#ifdef OAES_DEBUG
2846. - if( _ctx->step_cb )
2847. - _ctx->step_cb( c, "iinput", _ctx->key->num_keys - 1, NULL );
2848. -#endif // OAES_DEBUG
2849. -
2850. - // AddRoundKey(state, w[Nr*Nb, (Nr+1)*Nb-1])
2851. - for( _i = 0; _i < c_len; _i++ )
2852. - c[_i] = c[_i] ^ _ctx->key->exp_data[
2853. - ( _ctx->key->num_keys - 1 ) * OAES_RKEY_LEN * OAES_COL_LEN + _i ];
2854. -
2855. -#ifdef OAES_DEBUG
2856. - if( _ctx->step_cb )
2857. - {
2858. - _ctx->step_cb( _ctx->key->exp_data +
2859. - ( _ctx->key->num_keys - 1 ) * OAES_RKEY_LEN * OAES_COL_LEN,
2860. - "ik_sch", _ctx->key->num_keys - 1, NULL );
2861. - _ctx->step_cb( c, "ik_add", _ctx->key->num_keys - 1, NULL );
2862. - }
2863. -#endif // OAES_DEBUG
2864. -
2865. - for( _i = _ctx->key->num_keys - 2; _i > 0; _i-- )
2866. - {
2867. - // InvShiftRows(state)
2868. - oaes_inv_shift_rows( c );
2869. -
2870. -#ifdef OAES_DEBUG
2871. - if( _ctx->step_cb )
2872. - _ctx->step_cb( c, "is_row", _i, NULL );
2873. -#endif // OAES_DEBUG
2874. -
2875. - // InvSubBytes(state)
2876. - for( _j = 0; _j < c_len; _j++ )
2877. - oaes_inv_sub_byte( c + _j );
2878. -
2879. -#ifdef OAES_DEBUG
2880. - if( _ctx->step_cb )
2881. - _ctx->step_cb( c, "is_box", _i, NULL );
2882. -#endif // OAES_DEBUG
2883. -
2884. - // AddRoundKey(state, w[round*Nb, (round+1)*Nb-1])
2885. - for( _j = 0; _j < c_len; _j++ )
2886. - c[_j] = c[_j] ^
2887. - _ctx->key->exp_data[_i * OAES_RKEY_LEN * OAES_COL_LEN + _j];
2888. -
2889. -#ifdef OAES_DEBUG
2890. - if( _ctx->step_cb )
2891. - {
2892. - _ctx->step_cb( _ctx->key->exp_data + _i * OAES_RKEY_LEN * OAES_COL_LEN,
2893. - "ik_sch", _i, NULL );
2894. - _ctx->step_cb( c, "ik_add", _i, NULL );
2895. - }
2896. -#endif // OAES_DEBUG
2897. -
2898. - // InvMixColums(state)
2899. - oaes_inv_mix_cols( c );
2900. - oaes_inv_mix_cols( c + 4 );
2901. - oaes_inv_mix_cols( c + 8 );
2902. - oaes_inv_mix_cols( c + 12 );
2903. -
2904. -#ifdef OAES_DEBUG
2905. - if( _ctx->step_cb )
2906. - _ctx->step_cb( c, "im_col", _i, NULL );
2907. -#endif // OAES_DEBUG
2908. -
2909. - }
2910. -
2911. - // InvShiftRows(state)
2912. - oaes_inv_shift_rows( c );
2913. -
2914. -#ifdef OAES_DEBUG
2915. - if( _ctx->step_cb )
2916. - _ctx->step_cb( c, "is_row", 1, NULL );
2917. -#endif // OAES_DEBUG
2918. -
2919. - // InvSubBytes(state)
2920. - for( _i = 0; _i < c_len; _i++ )
2921. - oaes_inv_sub_byte( c + _i );
2922. -
2923. -#ifdef OAES_DEBUG
2924. - if( _ctx->step_cb )
2925. - _ctx->step_cb( c, "is_box", 1, NULL );
2926. -#endif // OAES_DEBUG
2927. -
2928. - // AddRoundKey(state, w[0, Nb-1])
2929. - for( _i = 0; _i < c_len; _i++ )
2930. - c[_i] = c[_i] ^ _ctx->key->exp_data[_i];
2931. -
2932. -#ifdef OAES_DEBUG
2933. - if( _ctx->step_cb )
2934. - {
2935. - _ctx->step_cb( _ctx->key->exp_data, "ik_sch", 1, NULL );
2936. - _ctx->step_cb( c, "ioutput", 1, NULL );
2937. - }
2938. -#endif // OAES_DEBUG
2939. -
2940. - return OAES_RET_SUCCESS;
2941. -}
2942. -
2943. -OAES_RET oaes_encrypt( OAES_CTX * ctx,
2944. - const uint8_t * m, size_t m_len, uint8_t * c, size_t * c_len )
2945. -{
2946. - size_t _i, _j, _c_len_in, _c_data_len;
2947. - size_t _pad_len = m_len % OAES_BLOCK_SIZE == 0 ?
2948. - 0 : OAES_BLOCK_SIZE - m_len % OAES_BLOCK_SIZE;
2949. - oaes_ctx * _ctx = (oaes_ctx *) ctx;
2950. - OAES_RET _rc = OAES_RET_SUCCESS;
2951. - uint8_t _flags = _pad_len ? OAES_FLAG_PAD : 0;
2952. -
2953. - if( NULL == _ctx )
2954. - return OAES_RET_ARG1;
2955. -
2956. - if( NULL == m )
2957. - return OAES_RET_ARG2;
2958. -
2959. - if( NULL == c_len )
2960. - return OAES_RET_ARG5;
2961. -
2962. - _c_len_in = *c_len;
2963. - // data + pad
2964. - _c_data_len = m_len + _pad_len;
2965. - // header + iv + data + pad
2966. - *c_len = 2 * OAES_BLOCK_SIZE + m_len + _pad_len;
2967. -
2968. - if( NULL == c )
2969. - return OAES_RET_SUCCESS;
2970. -
2971. - if( _c_len_in < *c_len )
2972. - return OAES_RET_BUF;
2973. -
2974. - if( NULL == _ctx->key )
2975. - return OAES_RET_NOKEY;
2976. -
2977. - // header
2978. - memcpy(c, oaes_header, OAES_BLOCK_SIZE );
2979. - memcpy(c + 6, &_ctx->options, sizeof(_ctx->options));
2980. - memcpy(c + 8, &_flags, sizeof(_flags));
2981. - // iv
2982. - memcpy(c + OAES_BLOCK_SIZE, _ctx->iv, OAES_BLOCK_SIZE );
2983. - // data
2984. - memcpy(c + 2 * OAES_BLOCK_SIZE, m, m_len );
2985. -
2986. - for( _i = 0; _i < _c_data_len; _i += OAES_BLOCK_SIZE )
2987. - {
2988. - uint8_t _block[OAES_BLOCK_SIZE];
2989. - size_t _block_size = min( m_len - _i, OAES_BLOCK_SIZE );
2990. -
2991. - memcpy( _block, c + 2 * OAES_BLOCK_SIZE + _i, _block_size );
2992. -
2993. - // insert pad
2994. - for( _j = 0; _j < OAES_BLOCK_SIZE - _block_size; _j++ )
2995. - _block[ _block_size + _j ] = _j + 1;
2996. -
2997. - // CBC
2998. - if( _ctx->options & OAES_OPTION_CBC )
2999. - {
3000. - for( _j = 0; _j < OAES_BLOCK_SIZE; _j++ )
3001. - _block[_j] = _block[_j] ^ _ctx->iv[_j];
3002. - }
3003. -
3004. - _rc = _rc ||
3005. - oaes_encrypt_block( ctx, _block, OAES_BLOCK_SIZE );
3006. - memcpy( c + 2 * OAES_BLOCK_SIZE + _i, _block, OAES_BLOCK_SIZE );
3007. -
3008. - if( _ctx->options & OAES_OPTION_CBC )
3009. - memcpy( _ctx->iv, _block, OAES_BLOCK_SIZE );
3010. - }
3011. -
3012. - return _rc;
3013. -}
3014. -
3015. -OAES_RET oaes_decrypt( OAES_CTX * ctx,
3016. - const uint8_t * c, size_t c_len, uint8_t * m, size_t * m_len )
3017. -{
3018. - size_t _i, _j, _m_len_in;
3019. - oaes_ctx * _ctx = (oaes_ctx *) ctx;
3020. - OAES_RET _rc = OAES_RET_SUCCESS;
3021. - uint8_t _iv[OAES_BLOCK_SIZE];
3022. - uint8_t _flags;
3023. - OAES_OPTION _options;
3024. -
3025. - if( NULL == ctx )
3026. - return OAES_RET_ARG1;
3027. -
3028. - if( NULL == c )
3029. - return OAES_RET_ARG2;
3030. -
3031. - if( c_len % OAES_BLOCK_SIZE )
3032. - return OAES_RET_ARG3;
3033. -
3034. - if( NULL == m_len )
3035. - return OAES_RET_ARG5;
3036. -
3037. - _m_len_in = *m_len;
3038. - *m_len = c_len - 2 * OAES_BLOCK_SIZE;
3039. -
3040. - if( NULL == m )
3041. - return OAES_RET_SUCCESS;
3042. -
3043. - if( _m_len_in < *m_len )
3044. - return OAES_RET_BUF;
3045. -
3046. - if( NULL == _ctx->key )
3047. - return OAES_RET_NOKEY;
3048. -
3049. - // header
3050. - if( 0 != memcmp( c, oaes_header, 4 ) )
3051. - return OAES_RET_HEADER;
3052. -
3053. - // header version
3054. - switch( c[4] )
3055. - {
3056. - case 0x01:
3057. - break;
3058. - default:
3059. - return OAES_RET_HEADER;
3060. - }
3061. -
3062. - // header type
3063. - switch( c[5] )
3064. - {
3065. - case 0x02:
3066. - break;
3067. - default:
3068. - return OAES_RET_HEADER;
3069. - }
3070. -
3071. - // options
3072. - memcpy(&_options, c + 6, sizeof(_options));
3073. - // validate that all options are valid
3074. - if( _options & ~(
3075. - OAES_OPTION_ECB
3076. - | OAES_OPTION_CBC
3077. -#ifdef OAES_DEBUG
3078. - | OAES_OPTION_STEP_ON
3079. - | OAES_OPTION_STEP_OFF
3080. -#endif // OAES_DEBUG
3081. - ) )
3082. - return OAES_RET_HEADER;
3083. - if( ( _options & OAES_OPTION_ECB ) &&
3084. - ( _options & OAES_OPTION_CBC ) )
3085. - return OAES_RET_HEADER;
3086. - if( _options == OAES_OPTION_NONE )
3087. - return OAES_RET_HEADER;
3088. -
3089. - // flags
3090. - memcpy(&_flags, c + 8, sizeof(_flags));
3091. - // validate that all flags are valid
3092. - if( _flags & ~(
3093. - OAES_FLAG_PAD
3094. - ) )
3095. - return OAES_RET_HEADER;
3096. -
3097. - // iv
3098. - memcpy( _iv, c + OAES_BLOCK_SIZE, OAES_BLOCK_SIZE);
3099. - // data + pad
3100. - memcpy( m, c + 2 * OAES_BLOCK_SIZE, *m_len );
3101. -
3102. - for( _i = 0; _i < *m_len; _i += OAES_BLOCK_SIZE )
3103. - {
3104. - if( ( _options & OAES_OPTION_CBC ) && _i > 0 )
3105. - memcpy( _iv, c + OAES_BLOCK_SIZE + _i, OAES_BLOCK_SIZE );
3106. -
3107. - _rc = _rc ||
3108. - oaes_decrypt_block( ctx, m + _i, min( *m_len - _i, OAES_BLOCK_SIZE ) );
3109. -
3110. - // CBC
3111. - if( _options & OAES_OPTION_CBC )
3112. - {
3113. - for( _j = 0; _j < OAES_BLOCK_SIZE; _j++ )
3114. - m[ _i + _j ] = m[ _i + _j ] ^ _iv[_j];
3115. - }
3116. - }
3117. -
3118. - // remove pad
3119. - if( _flags & OAES_FLAG_PAD )
3120. - {
3121. - int _is_pad = 1;
3122. - size_t _temp = (size_t) m[*m_len - 1];
3123. -
3124. - if( _temp <= 0x00 || _temp > 0x0f )
3125. - return OAES_RET_HEADER;
3126. - for( _i = 0; _i < _temp; _i++ )
3127. - if( m[*m_len - 1 - _i] != _temp - _i )
3128. - _is_pad = 0;
3129. - if( _is_pad )
3130. - {
3131. - memset( m + *m_len - _temp, 0, _temp );
3132. - *m_len -= _temp;
3133. - }
3134. - else
3135. - return OAES_RET_HEADER;
3136. - }
3137. -
3138. - return OAES_RET_SUCCESS;
3139. -}
3140. -
3141. -
3142. -OAES_API OAES_RET oaes_encryption_round( const uint8_t * key, uint8_t * c )
3143. -{
3144. - size_t _i;
3145. -
3146. - if( NULL == key )
3147. - return OAES_RET_ARG1;
3148. -
3149. - if( NULL == c )
3150. - return OAES_RET_ARG2;
3151. -
3152. - // SubBytes(state)
3153. - for( _i = 0; _i < OAES_BLOCK_SIZE; _i++ )
3154. - oaes_sub_byte( c + _i );
3155. -
3156. - // ShiftRows(state)
3157. - oaes_shift_rows( c );
3158. -
3159. - // MixColumns(state)
3160. - oaes_mix_cols( c );
3161. - oaes_mix_cols( c + 4 );
3162. - oaes_mix_cols( c + 8 );
3163. - oaes_mix_cols( c + 12 );
3164. -
3165. - // AddRoundKey(State, key)
3166. - for( _i = 0; _i < OAES_BLOCK_SIZE; _i++ )
3167. - c[_i] ^= key[_i];
3168. -
3169. - return OAES_RET_SUCCESS;
3170. -}
3171. -
3172. -OAES_API OAES_RET oaes_pseudo_encrypt_ecb( OAES_CTX * ctx, uint8_t * c )
3173. -{
3174. - size_t _i;
3175. - oaes_ctx * _ctx = (oaes_ctx *) ctx;
3176. -
3177. - if( NULL == _ctx )
3178. - return OAES_RET_ARG1;
3179. -
3180. - if( NULL == c )
3181. - return OAES_RET_ARG2;
3182. -
3183. - if( NULL == _ctx->key )
3184. - return OAES_RET_NOKEY;
3185. -
3186. - for ( _i = 0; _i < 10; ++_i )
3187. - {
3188. - oaes_encryption_round( &_ctx->key->exp_data[_i * OAES_RKEY_LEN * OAES_COL_LEN], c );
3189. - }
3190. -
3191. - return OAES_RET_SUCCESS;
3192. -}
3193. diff --git "a/c:\\1\\sumokoin/src/crypto/oaes_lib.h" "b/c:\\1\\sumokoin/src/crypto/oaes_lib.h"
3194. deleted file mode 100644
3195. index fd19428..0000000
3196. --- "a/c:\\1\\sumokoin/src/crypto/oaes_lib.h"
3197. +++ /dev/null
3198. @@ -1,215 +0,0 @@
3199. -/*
3200. - * ---------------------------------------------------------------------------
3201. - * OpenAES License
3202. - * ---------------------------------------------------------------------------
3203. - * Copyright (c) 2012, Nabil S. Al Ramli, www.nalramli.com
3204. - * All rights reserved.
3205. - *
3206. - * Redistribution and use in source and binary forms, with or without
3207. - * modification, are permitted provided that the following conditions are met:
3208. - *
3209. - * - Redistributions of source code must retain the above copyright notice,
3210. - * this list of conditions and the following disclaimer.
3211. - * - Redistributions in binary form must reproduce the above copyright
3212. - * notice, this list of conditions and the following disclaimer in the
3213. - * documentation and/or other materials provided with the distribution.
3214. - *
3215. - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
3216. - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
3217. - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
3218. - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
3219. - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
3220. - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
3221. - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
3222. - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
3223. - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
3224. - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
3225. - * POSSIBILITY OF SUCH DAMAGE.
3226. - * ---------------------------------------------------------------------------
3227. - */
3228. -
3229. -#ifndef _OAES_LIB_H
3230. -#define _OAES_LIB_H
3231. -
3232. -#include <stdint.h>
3233. -#include <stdlib.h>
3234. -
3235. -#ifdef __cplusplus
3236. -extern "C" {
3237. -#endif
3238. -
3239. -#ifdef _WIN32
3240. -# ifdef OAES_SHARED
3241. -# ifdef oaes_lib_EXPORTS
3242. -# define OAES_API __declspec(dllexport)
3243. -# else
3244. -# define OAES_API __declspec(dllimport)
3245. -# endif
3246. -# else
3247. -# define OAES_API
3248. -# endif
3249. -#else
3250. -# define OAES_API
3251. -#endif // WIN32
3252. -
3253. -#define OAES_VERSION "0.8.1"
3254. -#define OAES_BLOCK_SIZE 16
3255. -
3256. -typedef void OAES_CTX;
3257. -
3258. -typedef enum
3259. -{
3260. - OAES_RET_FIRST = 0,
3261. - OAES_RET_SUCCESS = 0,
3262. - OAES_RET_UNKNOWN,
3263. - OAES_RET_ARG1,
3264. - OAES_RET_ARG2,
3265. - OAES_RET_ARG3,
3266. - OAES_RET_ARG4,
3267. - OAES_RET_ARG5,
3268. - OAES_RET_NOKEY,
3269. - OAES_RET_MEM,
3270. - OAES_RET_BUF,
3271. - OAES_RET_HEADER,
3272. - OAES_RET_COUNT
3273. -} OAES_RET;
3274. -
3275. -/*
3276. - * oaes_set_option() takes one of these values for its [option] parameter
3277. - * some options accept either an optional or a required [value] parameter
3278. - */
3279. -// no option
3280. -#define OAES_OPTION_NONE 0
3281. -// enable ECB mode, disable CBC mode
3282. -#define OAES_OPTION_ECB 1
3283. -// enable CBC mode, disable ECB mode
3284. -// value is optional, may pass uint8_t iv[OAES_BLOCK_SIZE] to specify
3285. -// the value of the initialization vector, iv
3286. -#define OAES_OPTION_CBC 2
3287. -
3288. -#ifdef OAES_DEBUG
3289. -typedef int ( * oaes_step_cb ) (
3290. - const uint8_t state[OAES_BLOCK_SIZE],
3291. - const char * step_name,
3292. - int step_count,
3293. - void * user_data );
3294. -// enable state stepping mode
3295. -// value is required, must pass oaes_step_cb to receive the state at each step
3296. -#define OAES_OPTION_STEP_ON 4
3297. -// disable state stepping mode
3298. -#define OAES_OPTION_STEP_OFF 8
3299. -#endif // OAES_DEBUG
3300. -
3301. -typedef uint16_t OAES_OPTION;
3302. -
3303. -typedef struct _oaes_key
3304. -{
3305. - size_t data_len;
3306. - uint8_t *data;
3307. - size_t exp_data_len;
3308. - uint8_t *exp_data;
3309. - size_t num_keys;
3310. - size_t key_base;
3311. -} oaes_key;
3312. -
3313. -typedef struct _oaes_ctx
3314. -{
3315. -#ifdef OAES_HAVE_ISAAC
3316. - randctx * rctx;
3317. -#endif // OAES_HAVE_ISAAC
3318. -
3319. -#ifdef OAES_DEBUG
3320. - oaes_step_cb step_cb;
3321. -#endif // OAES_DEBUG
3322. -
3323. - oaes_key * key;
3324. - OAES_OPTION options;
3325. - uint8_t iv[OAES_BLOCK_SIZE];
3326. -} oaes_ctx;
3327. -/*
3328. - * // usage:
3329. - *
3330. - * OAES_CTX * ctx = oaes_alloc();
3331. - * .
3332. - * .
3333. - * .
3334. - * {
3335. - * oaes_gen_key_xxx( ctx );
3336. - * {
3337. - * oaes_key_export( ctx, _buf, &_buf_len );
3338. - * // or
3339. - * oaes_key_export_data( ctx, _buf, &_buf_len );\
3340. - * }
3341. - * }
3342. - * // or
3343. - * {
3344. - * oaes_key_import( ctx, _buf, _buf_len );
3345. - * // or
3346. - * oaes_key_import_data( ctx, _buf, _buf_len );
3347. - * }
3348. - * .
3349. - * .
3350. - * .
3351. - * oaes_encrypt( ctx, m, m_len, c, &c_len );
3352. - * .
3353. - * .
3354. - * .
3355. - * oaes_decrypt( ctx, c, c_len, m, &m_len );
3356. - * .
3357. - * .
3358. - * .
3359. - * oaes_free( &ctx );
3360. - */
3361. -
3362. -OAES_API OAES_CTX * oaes_alloc(void);
3363. -
3364. -OAES_API OAES_RET oaes_free( OAES_CTX ** ctx );
3365. -
3366. -OAES_API OAES_RET oaes_set_option( OAES_CTX * ctx,
3367. - OAES_OPTION option, const void * value );
3368. -
3369. -OAES_API OAES_RET oaes_key_gen_128( OAES_CTX * ctx );
3370. -
3371. -OAES_API OAES_RET oaes_key_gen_192( OAES_CTX * ctx );
3372. -
3373. -OAES_API OAES_RET oaes_key_gen_256( OAES_CTX * ctx );
3374. -
3375. -// export key with header information
3376. -// set data == NULL to get the required data_len
3377. -OAES_API OAES_RET oaes_key_export( OAES_CTX * ctx,
3378. - uint8_t * data, size_t * data_len );
3379. -
3380. -// directly export the data from key
3381. -// set data == NULL to get the required data_len
3382. -OAES_API OAES_RET oaes_key_export_data( OAES_CTX * ctx,
3383. - uint8_t * data, size_t * data_len );
3384. -
3385. -// import key with header information
3386. -OAES_API OAES_RET oaes_key_import( OAES_CTX * ctx,
3387. - const uint8_t * data, size_t data_len );
3388. -
3389. -// directly import data into key
3390. -OAES_API OAES_RET oaes_key_import_data( OAES_CTX * ctx,
3391. - const uint8_t * data, size_t data_len );
3392. -
3393. -// set c == NULL to get the required c_len
3394. -OAES_API OAES_RET oaes_encrypt( OAES_CTX * ctx,
3395. - const uint8_t * m, size_t m_len, uint8_t * c, size_t * c_len );
3396. -
3397. -// set m == NULL to get the required m_len
3398. -OAES_API OAES_RET oaes_decrypt( OAES_CTX * ctx,
3399. - const uint8_t * c, size_t c_len, uint8_t * m, size_t * m_len );
3400. -
3401. -// set buf == NULL to get the required buf_len
3402. -OAES_API OAES_RET oaes_sprintf(
3403. - char * buf, size_t * buf_len, const uint8_t * data, size_t data_len );
3404. -
3405. -OAES_API OAES_RET oaes_encryption_round( const uint8_t * key, uint8_t * c );
3406. -
3407. -OAES_API OAES_RET oaes_pseudo_encrypt_ecb( OAES_CTX * ctx, uint8_t * c );
3408. -
3409. -#ifdef __cplusplus
3410. -}
3411. -#endif
3412. -
3413. -#endif // _OAES_LIB_H
3414. diff --git "a/c:\\1\\sumokoin/src/crypto/slow-hash.c" "b/c:\\1\\sumokoin/src/crypto/slow-hash.c"
3415. deleted file mode 100644
3416. index 61f6922..0000000
3417. --- "a/c:\\1\\sumokoin/src/crypto/slow-hash.c"
3418. +++ /dev/null
3419. @@ -1,1283 +0,0 @@
3420. -// Copyright (c) 2014-2017, The Monero Project
3421. -//
3422. -// All rights reserved.
3423. -//
3424. -// Redistribution and use in source and binary forms, with or without modification, are
3425. -// permitted provided that the following conditions are met:
3426. -//
3427. -// 1. Redistributions of source code must retain the above copyright notice, this list of
3428. -// conditions and the following disclaimer.
3429. -//
3430. -// 2. Redistributions in binary form must reproduce the above copyright notice, this list
3431. -// of conditions and the following disclaimer in the documentation and/or other
3432. -// materials provided with the distribution.
3433. -//
3434. -// 3. Neither the name of the copyright holder nor the names of its contributors may be
3435. -// used to endorse or promote products derived from this software without specific
3436. -// prior written permission.
3437. -//
3438. -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
3439. -// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
3440. -// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
3441. -// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
3442. -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
3443. -// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
3444. -// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
3445. -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
3446. -// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
3447. -//
3448. -// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
3449. -
3450. -#include <assert.h>
3451. -#include <stddef.h>
3452. -#include <stdint.h>
3453. -#include <string.h>
3454. -
3455. -#include "common/int-util.h"
3456. -#include "hash-ops.h"
3457. -#include "oaes_lib.h"
3458. -
3459. -#define MEMORY (1 << 21) // 2MB scratchpad
3460. -#define ITER (1 << 20)
3461. -#define AES_BLOCK_SIZE 16
3462. -#define AES_KEY_SIZE 32
3463. -#define INIT_SIZE_BLK 8
3464. -#define INIT_SIZE_BYTE (INIT_SIZE_BLK * AES_BLOCK_SIZE)
3465. -
3466. -#if defined(__x86_64__) || (defined(_MSC_VER) && defined(_WIN64))
3467. -// Optimised code below, uses x86-specific intrinsics, SSE2, AES-NI
3468. -// Fall back to more portable code is down at the bottom
3469. -
3470. -#include <emmintrin.h>
3471. -
3472. -#if defined(_MSC_VER)
3473. -#include <intrin.h>
3474. -#include <windows.h>
3475. -#define STATIC
3476. -#define INLINE __inline
3477. -#if !defined(RDATA_ALIGN16)
3478. -#define RDATA_ALIGN16 __declspec(align(16))
3479. -#endif
3480. -#elif defined(__MINGW32__)
3481. -#include <intrin.h>
3482. -#include <windows.h>
3483. -#define STATIC static
3484. -#define INLINE inline
3485. -#if !defined(RDATA_ALIGN16)
3486. -#define RDATA_ALIGN16 __attribute__ ((aligned(16)))
3487. -#endif
3488. -#else
3489. -#include <wmmintrin.h>
3490. -#include <sys/mman.h>
3491. -#define STATIC static
3492. -#define INLINE inline
3493. -#if !defined(RDATA_ALIGN16)
3494. -#define RDATA_ALIGN16 __attribute__ ((aligned(16)))
3495. -#endif
3496. -#endif
3497. -
3498. -#if defined(__INTEL_COMPILER)
3499. -#define ASM __asm__
3500. -#elif !defined(_MSC_VER)
3501. -#define ASM __asm__
3502. -#else
3503. -#define ASM __asm
3504. -#endif
3505. -
3506. -#define TOTALBLOCKS (MEMORY / AES_BLOCK_SIZE)
3507. -
3508. -#define U64(x) ((uint64_t *) (x))
3509. -#define R128(x) ((__m128i *) (x))
3510. -
3511. -#define state_index(x) (((*((uint64_t *)x) >> 4) & (TOTALBLOCKS - 1)) << 4)
3512. -#if defined(_MSC_VER)
3513. -#if !defined(_WIN64)
3514. -#define __mul() lo = mul128(c[0], b[0], &hi);
3515. -#else
3516. -#define __mul() lo = _umul128(c[0], b[0], &hi);
3517. -#endif
3518. -#else
3519. -#if defined(__x86_64__)
3520. -#define __mul() ASM("mulq %3\n\t" : "=d"(hi), "=a"(lo) : "%a" (c[0]), "rm" (b[0]) : "cc");
3521. -#else
3522. -#define __mul() lo = mul128(c[0], b[0], &hi);
3523. -#endif
3524. -#endif
3525. -
3526. -#define pre_aes() \
3527. - j = state_index(a); \
3528. - _c = _mm_load_si128(R128(&hp_state[j])); \
3529. - _a = _mm_load_si128(R128(a)); \
3530. -
3531. -/*
3532. - * An SSE-optimized implementation of the second half of CryptoNight step 3.
3533. - * After using AES to mix a scratchpad value into _c (done by the caller),
3534. - * this macro xors it with _b and stores the result back to the same index (j) that it
3535. - * loaded the scratchpad value from. It then performs a second random memory
3536. - * read/write from the scratchpad, but this time mixes the values using a 64
3537. - * bit multiply.
3538. - * This code is based upon an optimized implementation by dga.
3539. - */
3540. -#define post_aes() \
3541. - _mm_store_si128(R128(c), _c); \
3542. - _b = _mm_xor_si128(_b, _c); \
3543. - _mm_store_si128(R128(&hp_state[j]), _b); \
3544. - j = state_index(c); \
3545. - p = U64(&hp_state[j]); \
3546. - b[0] = p[0]; b[1] = p[1]; \
3547. - __mul(); \
3548. - a[0] += hi; a[1] += lo; \
3549. - p = U64(&hp_state[j]); \
3550. - p[0] = a[0]; p[1] = a[1]; \
3551. - a[0] ^= b[0]; a[1] ^= b[1]; \
3552. - _b = _c; \
3553. -
3554. -#if defined(_MSC_VER)
3555. -#define THREADV __declspec(thread)
3556. -#else
3557. -#define THREADV __thread
3558. -#endif
3559. -
3560. -extern int aesb_single_round(const uint8_t *in, uint8_t*out, const uint8_t *expandedKey);
3561. -extern int aesb_pseudo_round(const uint8_t *in, uint8_t *out, const uint8_t *expandedKey);
3562. -
3563. -#pragma pack(push, 1)
3564. -union cn_slow_hash_state
3565. -{
3566. - union hash_state hs;
3567. - struct
3568. - {
3569. - uint8_t k[64];
3570. - uint8_t init[INIT_SIZE_BYTE];
3571. - };
3572. -};
3573. -#pragma pack(pop)
3574. -
3575. -THREADV uint8_t *hp_state = NULL;
3576. -THREADV int hp_allocated = 0;
3577. -
3578. -#if defined(_MSC_VER)
3579. -#define cpuid(info,x) __cpuidex(info,x,0)
3580. -#else
3581. -void cpuid(int CPUInfo[4], int InfoType)
3582. -{
3583. - ASM __volatile__
3584. - (
3585. - "cpuid":
3586. - "=a" (CPUInfo[0]),
3587. - "=b" (CPUInfo[1]),
3588. - "=c" (CPUInfo[2]),
3589. - "=d" (CPUInfo[3]) :
3590. - "a" (InfoType), "c" (0)
3591. - );
3592. -}
3593. -#endif
3594. -
3595. -/**
3596. - * @brief a = (a xor b), where a and b point to 128 bit values
3597. - */
3598. -
3599. -STATIC INLINE void xor_blocks(uint8_t *a, const uint8_t *b)
3600. -{
3601. - U64(a)[0] ^= U64(b)[0];
3602. - U64(a)[1] ^= U64(b)[1];
3603. -}
3604. -
3605. -/**
3606. - * @brief uses cpuid to determine if the CPU supports the AES instructions
3607. - * @return true if the CPU supports AES, false otherwise
3608. - */
3609. -
3610. -STATIC INLINE int force_software_aes(void)
3611. -{
3612. - static int use = -1;
3613. -
3614. - if (use != -1)
3615. - return use;
3616. -
3617. - const char *env = getenv("MONERO_USE_SOFTWARE_AES");
3618. - if (!env) {
3619. - use = 0;
3620. - }
3621. - else if (!strcmp(env, "0") || !strcmp(env, "no")) {
3622. - use = 0;
3623. - }
3624. - else {
3625. - use = 1;
3626. - }
3627. - return use;
3628. -}
3629. -
3630. -STATIC INLINE int check_aes_hw(void)
3631. -{
3632. - int cpuid_results[4];
3633. - static int supported = -1;
3634. -
3635. - if(supported >= 0)
3636. - return supported;
3637. -
3638. - cpuid(cpuid_results,1);
3639. - return supported = cpuid_results[2] & (1 << 25);
3640. -}
3641. -
3642. -STATIC INLINE void aes_256_assist1(__m128i* t1, __m128i * t2)
3643. -{
3644. - __m128i t4;
3645. - *t2 = _mm_shuffle_epi32(*t2, 0xff);
3646. - t4 = _mm_slli_si128(*t1, 0x04);
3647. - *t1 = _mm_xor_si128(*t1, t4);
3648. - t4 = _mm_slli_si128(t4, 0x04);
3649. - *t1 = _mm_xor_si128(*t1, t4);
3650. - t4 = _mm_slli_si128(t4, 0x04);
3651. - *t1 = _mm_xor_si128(*t1, t4);
3652. - *t1 = _mm_xor_si128(*t1, *t2);
3653. -}
3654. -
3655. -STATIC INLINE void aes_256_assist2(__m128i* t1, __m128i * t3)
3656. -{
3657. - __m128i t2, t4;
3658. - t4 = _mm_aeskeygenassist_si128(*t1, 0x00);
3659. - t2 = _mm_shuffle_epi32(t4, 0xaa);
3660. - t4 = _mm_slli_si128(*t3, 0x04);
3661. - *t3 = _mm_xor_si128(*t3, t4);
3662. - t4 = _mm_slli_si128(t4, 0x04);
3663. - *t3 = _mm_xor_si128(*t3, t4);
3664. - t4 = _mm_slli_si128(t4, 0x04);
3665. - *t3 = _mm_xor_si128(*t3, t4);
3666. - *t3 = _mm_xor_si128(*t3, t2);
3667. -}
3668. -
3669. -/**
3670. - * @brief expands 'key' into a form it can be used for AES encryption.
3671. - *
3672. - * This is an SSE-optimized implementation of AES key schedule generation. It
3673. - * expands the key into multiple round keys, each of which is used in one round
3674. - * of the AES encryption used to fill (and later, extract randomness from)
3675. - * the large 2MB buffer. Note that CryptoNight does not use a completely
3676. - * standard AES encryption for its buffer expansion, so do not copy this
3677. - * function outside of Monero without caution! This version uses the hardware
3678. - * AESKEYGENASSIST instruction to speed key generation, and thus requires
3679. - * CPU AES support.
3680. - * For more information about these functions, see page 19 of Intel's AES instructions
3681. - * white paper:
3682. - * http://www.intel.com/content/dam/www/public/us/en/documents/white-papers/aes-instructions-set-white-paper.pdf
3683. - *
3684. - * @param key the input 128 bit key
3685. - * @param expandedKey An output buffer to hold the generated key schedule
3686. - */
3687. -
3688. -STATIC INLINE void aes_expand_key(const uint8_t *key, uint8_t *expandedKey)
3689. -{
3690. - __m128i *ek = R128(expandedKey);
3691. - __m128i t1, t2, t3;
3692. -
3693. - t1 = _mm_loadu_si128(R128(key));
3694. - t3 = _mm_loadu_si128(R128(key + 16));
3695. -
3696. - ek[0] = t1;
3697. - ek[1] = t3;
3698. -
3699. - t2 = _mm_aeskeygenassist_si128(t3, 0x01);
3700. - aes_256_assist1(&t1, &t2);
3701. - ek[2] = t1;
3702. - aes_256_assist2(&t1, &t3);
3703. - ek[3] = t3;
3704. -
3705. - t2 = _mm_aeskeygenassist_si128(t3, 0x02);
3706. - aes_256_assist1(&t1, &t2);
3707. - ek[4] = t1;
3708. - aes_256_assist2(&t1, &t3);
3709. - ek[5] = t3;
3710. -
3711. - t2 = _mm_aeskeygenassist_si128(t3, 0x04);
3712. - aes_256_assist1(&t1, &t2);
3713. - ek[6] = t1;
3714. - aes_256_assist2(&t1, &t3);
3715. - ek[7] = t3;
3716. -
3717. - t2 = _mm_aeskeygenassist_si128(t3, 0x08);
3718. - aes_256_assist1(&t1, &t2);
3719. - ek[8] = t1;
3720. - aes_256_assist2(&t1, &t3);
3721. - ek[9] = t3;
3722. -
3723. - t2 = _mm_aeskeygenassist_si128(t3, 0x10);
3724. - aes_256_assist1(&t1, &t2);
3725. - ek[10] = t1;
3726. -}
3727. -
3728. -/**
3729. - * @brief a "pseudo" round of AES (similar to but slightly different from normal AES encryption)
3730. - *
3731. - * To fill its 2MB scratch buffer, CryptoNight uses a nonstandard implementation
3732. - * of AES encryption: It applies 10 rounds of the basic AES encryption operation
3733. - * to an input 128 bit chunk of data <in>. Unlike normal AES, however, this is
3734. - * all it does; it does not perform the initial AddRoundKey step (this is done
3735. - * in subsequent steps by aesenc_si128), and it does not use the simpler final round.
3736. - * Hence, this is a "pseudo" round - though the function actually implements 10 rounds together.
3737. - *
3738. - * Note that unlike aesb_pseudo_round, this function works on multiple data chunks.
3739. - *
3740. - * @param in a pointer to nblocks * 128 bits of data to be encrypted
3741. - * @param out a pointer to an nblocks * 128 bit buffer where the output will be stored
3742. - * @param expandedKey the expanded AES key
3743. - * @param nblocks the number of 128 blocks of data to be encrypted
3744. - */
3745. -
3746. -STATIC INLINE void aes_pseudo_round(const uint8_t *in, uint8_t *out,
3747. - const uint8_t *expandedKey, int nblocks)
3748. -{
3749. - __m128i *k = R128(expandedKey);
3750. - __m128i d;
3751. - int i;
3752. -
3753. - for(i = 0; i < nblocks; i++)
3754. - {
3755. - d = _mm_loadu_si128(R128(in + i * AES_BLOCK_SIZE));
3756. - d = _mm_aesenc_si128(d, *R128(&k[0]));
3757. - d = _mm_aesenc_si128(d, *R128(&k[1]));
3758. - d = _mm_aesenc_si128(d, *R128(&k[2]));
3759. - d = _mm_aesenc_si128(d, *R128(&k[3]));
3760. - d = _mm_aesenc_si128(d, *R128(&k[4]));
3761. - d = _mm_aesenc_si128(d, *R128(&k[5]));
3762. - d = _mm_aesenc_si128(d, *R128(&k[6]));
3763. - d = _mm_aesenc_si128(d, *R128(&k[7]));
3764. - d = _mm_aesenc_si128(d, *R128(&k[8]));
3765. - d = _mm_aesenc_si128(d, *R128(&k[9]));
3766. - _mm_storeu_si128((R128(out + i * AES_BLOCK_SIZE)), d);
3767. - }
3768. -}
3769. -
3770. -/**
3771. - * @brief aes_pseudo_round that loads data from *in and xors it with *xor first
3772. - *
3773. - * This function performs the same operations as aes_pseudo_round, but before
3774. - * performing the encryption of each 128 bit block from <in>, it xors
3775. - * it with the corresponding block from <xor>.
3776. - *
3777. - * @param in a pointer to nblocks * 128 bits of data to be encrypted
3778. - * @param out a pointer to an nblocks * 128 bit buffer where the output will be stored
3779. - * @param expandedKey the expanded AES key
3780. - * @param xor a pointer to an nblocks * 128 bit buffer that is xored into in before encryption (in is left unmodified)
3781. - * @param nblocks the number of 128 blocks of data to be encrypted
3782. - */
3783. -
3784. -STATIC INLINE void aes_pseudo_round_xor(const uint8_t *in, uint8_t *out,
3785. - const uint8_t *expandedKey, const uint8_t *xor, int nblocks)
3786. -{
3787. - __m128i *k = R128(expandedKey);
3788. - __m128i *x = R128(xor);
3789. - __m128i d;
3790. - int i;
3791. -
3792. - for(i = 0; i < nblocks; i++)
3793. - {
3794. - d = _mm_loadu_si128(R128(in + i * AES_BLOCK_SIZE));
3795. - d = _mm_xor_si128(d, *R128(x++));
3796. - d = _mm_aesenc_si128(d, *R128(&k[0]));
3797. - d = _mm_aesenc_si128(d, *R128(&k[1]));
3798. - d = _mm_aesenc_si128(d, *R128(&k[2]));
3799. - d = _mm_aesenc_si128(d, *R128(&k[3]));
3800. - d = _mm_aesenc_si128(d, *R128(&k[4]));
3801. - d = _mm_aesenc_si128(d, *R128(&k[5]));
3802. - d = _mm_aesenc_si128(d, *R128(&k[6]));
3803. - d = _mm_aesenc_si128(d, *R128(&k[7]));
3804. - d = _mm_aesenc_si128(d, *R128(&k[8]));
3805. - d = _mm_aesenc_si128(d, *R128(&k[9]));
3806. - _mm_storeu_si128((R128(out + i * AES_BLOCK_SIZE)), d);
3807. - }
3808. -}
3809. -
3810. -#if defined(_MSC_VER) || defined(__MINGW32__)
3811. -BOOL SetLockPagesPrivilege(HANDLE hProcess, BOOL bEnable)
3812. -{
3813. - struct
3814. - {
3815. - DWORD count;
3816. - LUID_AND_ATTRIBUTES privilege[1];
3817. - } info;
3818. -
3819. - HANDLE token;
3820. - if(!OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES, &token))
3821. - return FALSE;
3822. -
3823. - info.count = 1;
3824. - info.privilege[0].Attributes = bEnable ? SE_PRIVILEGE_ENABLED : 0;
3825. -
3826. - if(!LookupPrivilegeValue(NULL, SE_LOCK_MEMORY_NAME, &(info.privilege[0].Luid)))
3827. - return FALSE;
3828. -
3829. - if(!AdjustTokenPrivileges(token, FALSE, (PTOKEN_PRIVILEGES) &info, 0, NULL, NULL))
3830. - return FALSE;
3831. -
3832. - if (GetLastError() != ERROR_SUCCESS)
3833. - return FALSE;
3834. -
3835. - CloseHandle(token);
3836. -
3837. - return TRUE;
3838. -
3839. -}
3840. -#endif
3841. -
3842. -/**
3843. - * @brief allocate the 2MB scratch buffer using OS support for huge pages, if available
3844. - *
3845. - * This function tries to allocate the 2MB scratch buffer using a single
3846. - * 2MB "huge page" (instead of the usual 4KB page sizes) to reduce TLB misses
3847. - * during the random accesses to the scratch buffer. This is one of the
3848. - * important speed optimizations needed to make CryptoNight faster.
3849. - *
3850. - * No parameters. Updates a thread-local pointer, hp_state, to point to
3851. - * the allocated buffer.
3852. - */
3853. -
3854. -void slow_hash_allocate_state(void)
3855. -{
3856. - if(hp_state != NULL)
3857. - return;
3858. -
3859. -#if defined(_MSC_VER) || defined(__MINGW32__)
3860. - SetLockPagesPrivilege(GetCurrentProcess(), TRUE);
3861. - hp_state = (uint8_t *) VirtualAlloc(hp_state, MEMORY, MEM_LARGE_PAGES |
3862. - MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
3863. -#else
3864. -#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__)
3865. - hp_state = mmap(0, MEMORY, PROT_READ | PROT_WRITE,
3866. - MAP_PRIVATE | MAP_ANON, 0, 0);
3867. -#else
3868. - hp_state = mmap(0, MEMORY, PROT_READ | PROT_WRITE,
3869. - MAP_PRIVATE | MAP_ANONYMOUS | MAP_HUGETLB, 0, 0);
3870. -#endif
3871. - if(hp_state == MAP_FAILED)
3872. - hp_state = NULL;
3873. -#endif
3874. - hp_allocated = 1;
3875. - if(hp_state == NULL)
3876. - {
3877. - hp_allocated = 0;
3878. - hp_state = (uint8_t *) malloc(MEMORY);
3879. - }
3880. -}
3881. -
3882. -/**
3883. - *@brief frees the state allocated by slow_hash_allocate_state
3884. - */
3885. -
3886. -void slow_hash_free_state(void)
3887. -{
3888. - if(hp_state == NULL)
3889. - return;
3890. -
3891. - if(!hp_allocated)
3892. - free(hp_state);
3893. - else
3894. - {
3895. -#if defined(_MSC_VER) || defined(__MINGW32__)
3896. - VirtualFree(hp_state, MEMORY, MEM_RELEASE);
3897. -#else
3898. - munmap(hp_state, MEMORY);
3899. -#endif
3900. - }
3901. -
3902. - hp_state = NULL;
3903. - hp_allocated = 0;
3904. -}
3905. -
3906. -/**
3907. - * @brief the hash function implementing CryptoNight, used for the Monero proof-of-work
3908. - *
3909. - * Computes the hash of <data> (which consists of <length> bytes), returning the
3910. - * hash in <hash>. The CryptoNight hash operates by first using Keccak 1600,
3911. - * the 1600 bit variant of the Keccak hash used in SHA-3, to create a 200 byte
3912. - * buffer of pseudorandom data by hashing the supplied data. It then uses this
3913. - * random data to fill a large 2MB buffer with pseudorandom data by iteratively
3914. - * encrypting it using 10 rounds of AES per entry. After this initialization,
3915. - * it executes 500,000 rounds of mixing through the random 2MB buffer using
3916. - * AES (typically provided in hardware on modern CPUs) and a 64 bit multiply.
3917. - * Finally, it re-mixes this large buffer back into
3918. - * the 200 byte "text" buffer, and then hashes this buffer using one of four
3919. - * pseudorandomly selected hash functions (Blake, Groestl, JH, or Skein)
3920. - * to populate the output.
3921. - *
3922. - * The 2MB buffer and choice of functions for mixing are designed to make the
3923. - * algorithm "CPU-friendly" (and thus, reduce the advantage of GPU, FPGA,
3924. - * or ASIC-based implementations): the functions used are fast on modern
3925. - * CPUs, and the 2MB size matches the typical amount of L3 cache available per
3926. - * core on 2013-era CPUs. When available, this implementation will use hardware
3927. - * AES support on x86 CPUs.
3928. - *
3929. - * A diagram of the inner loop of this function can be found at
3930. - * http://www.cs.cmu.edu/~dga/crypto/xmr/cryptonight.png
3931. - *
3932. - * @param data the data to hash
3933. - * @param length the length in bytes of the data
3934. - * @param hash a pointer to a buffer in which the final 256 bit hash will be stored
3935. - */
3936. -
3937. -void cn_slow_hash(const void *data, size_t length, char *hash)
3938. -{
3939. - RDATA_ALIGN16 uint8_t expandedKey[240]; /* These buffers are aligned to use later with SSE functions */
3940. -
3941. - uint8_t text[INIT_SIZE_BYTE];
3942. - RDATA_ALIGN16 uint64_t a[2];
3943. - RDATA_ALIGN16 uint64_t b[2];
3944. - RDATA_ALIGN16 uint64_t c[2];
3945. - union cn_slow_hash_state state;
3946. - __m128i _a, _b, _c;
3947. - uint64_t hi, lo;
3948. -
3949. - size_t i, j;
3950. - uint64_t *p = NULL;
3951. - oaes_ctx *aes_ctx = NULL;
3952. - int useAes = !force_software_aes() && check_aes_hw();
3953. -
3954. - static void (*const extra_hashes[4])(const void *, size_t, char *) =
3955. - {
3956. - hash_extra_blake, hash_extra_groestl, hash_extra_jh, hash_extra_skein
3957. - };
3958. -
3959. - // this isn't supposed to happen, but guard against it for now.
3960. - if(hp_state == NULL)
3961. - slow_hash_allocate_state();
3962. -
3963. - /* CryptoNight Step 1: Use Keccak1600 to initialize the 'state' (and 'text') buffers from the data. */
3964. -
3965. - hash_process(&state.hs, data, length);
3966. - memcpy(text, state.init, INIT_SIZE_BYTE);
3967. -
3968. - /* CryptoNight Step 2: Iteratively encrypt the results from Keccak to fill
3969. - * the 2MB large random access buffer.
3970. - */
3971. -
3972. - if(useAes)
3973. - {
3974. - aes_expand_key(state.hs.b, expandedKey);
3975. - for(i = 0; i < MEMORY / INIT_SIZE_BYTE; i++)
3976. - {
3977. - aes_pseudo_round(text, text, expandedKey, INIT_SIZE_BLK);
3978. - memcpy(&hp_state[i * INIT_SIZE_BYTE], text, INIT_SIZE_BYTE);
3979. - }
3980. - }
3981. - else
3982. - {
3983. - aes_ctx = (oaes_ctx *) oaes_alloc();
3984. - oaes_key_import_data(aes_ctx, state.hs.b, AES_KEY_SIZE);
3985. - for(i = 0; i < MEMORY / INIT_SIZE_BYTE; i++)
3986. - {
3987. - for(j = 0; j < INIT_SIZE_BLK; j++)
3988. - aesb_pseudo_round(&text[AES_BLOCK_SIZE * j], &text[AES_BLOCK_SIZE * j], aes_ctx->key->exp_data);
3989. -
3990. - memcpy(&hp_state[i * INIT_SIZE_BYTE], text, INIT_SIZE_BYTE);
3991. - }
3992. - }
3993. -
3994. - U64(a)[0] = U64(&state.k[0])[0] ^ U64(&state.k[32])[0];
3995. - U64(a)[1] = U64(&state.k[0])[1] ^ U64(&state.k[32])[1];
3996. - U64(b)[0] = U64(&state.k[16])[0] ^ U64(&state.k[48])[0];
3997. - U64(b)[1] = U64(&state.k[16])[1] ^ U64(&state.k[48])[1];
3998. -
3999. - /* CryptoNight Step 3: Bounce randomly 1 million times through the mixing buffer,
4000. - * using 500,000 iterations of the following mixing function. Each execution
4001. - * performs two reads and writes from the mixing buffer.
4002. - */
4003. -
4004. - _b = _mm_load_si128(R128(b));
4005. - // Two independent versions, one with AES, one without, to ensure that
4006. - // the useAes test is only performed once, not every iteration.
4007. - if(useAes)
4008. - {
4009. - for(i = 0; i < ITER / 2; i++)
4010. - {
4011. - pre_aes();
4012. - _c = _mm_aesenc_si128(_c, _a);
4013. - post_aes();
4014. - }
4015. - }
4016. - else
4017. - {
4018. - for(i = 0; i < ITER / 2; i++)
4019. - {
4020. - pre_aes();
4021. - aesb_single_round((uint8_t *) &_c, (uint8_t *) &_c, (uint8_t *) &_a);
4022. - post_aes();
4023. - }
4024. - }
4025. -
4026. - /* CryptoNight Step 4: Sequentially pass through the mixing buffer and use 10 rounds
4027. - * of AES encryption to mix the random data back into the 'text' buffer. 'text'
4028. - * was originally created with the output of Keccak1600. */
4029. -
4030. - memcpy(text, state.init, INIT_SIZE_BYTE);
4031. - if(useAes)
4032. - {
4033. - aes_expand_key(&state.hs.b[32], expandedKey);
4034. - for(i = 0; i < MEMORY / INIT_SIZE_BYTE; i++)
4035. - {
4036. - // add the xor to the pseudo round
4037. - aes_pseudo_round_xor(text, text, expandedKey, &hp_state[i * INIT_SIZE_BYTE], INIT_SIZE_BLK);
4038. - }
4039. - }
4040. - else
4041. - {
4042. - oaes_key_import_data(aes_ctx, &state.hs.b[32], AES_KEY_SIZE);
4043. - for(i = 0; i < MEMORY / INIT_SIZE_BYTE; i++)
4044. - {
4045. - for(j = 0; j < INIT_SIZE_BLK; j++)
4046. - {
4047. - xor_blocks(&text[j * AES_BLOCK_SIZE], &hp_state[i * INIT_SIZE_BYTE + j * AES_BLOCK_SIZE]);
4048. - aesb_pseudo_round(&text[AES_BLOCK_SIZE * j], &text[AES_BLOCK_SIZE * j], aes_ctx->key->exp_data);
4049. - }
4050. - }
4051. - oaes_free((OAES_CTX **) &aes_ctx);
4052. - }
4053. -
4054. - /* CryptoNight Step 5: Apply Keccak to the state again, and then
4055. - * use the resulting data to select which of four finalizer
4056. - * hash functions to apply to the data (Blake, Groestl, JH, or Skein).
4057. - * Use this hash to squeeze the state array down
4058. - * to the final 256 bit hash output.
4059. - */
4060. -
4061. - memcpy(state.init, text, INIT_SIZE_BYTE);
4062. - hash_permutation(&state.hs);
4063. - extra_hashes[state.hs.b[0] & 3](&state, 200, hash);
4064. -}
4065. -
4066. -#elif defined(__arm__) || defined(__aarch64__)
4067. -void slow_hash_allocate_state(void)
4068. -{
4069. - // Do nothing, this is just to maintain compatibility with the upgraded slow-hash.c
4070. - return;
4071. -}
4072. -
4073. -void slow_hash_free_state(void)
4074. -{
4075. - // As above
4076. - return;
4077. -}
4078. -
4079. -#if defined(__GNUC__)
4080. -#define RDATA_ALIGN16 __attribute__ ((aligned(16)))
4081. -#define STATIC static
4082. -#define INLINE inline
4083. -#else
4084. -#define RDATA_ALIGN16
4085. -#define STATIC static
4086. -#define INLINE
4087. -#endif
4088. -
4089. -#define U64(x) ((uint64_t *) (x))
4090. -
4091. -#pragma pack(push, 1)
4092. -union cn_slow_hash_state
4093. -{
4094. - union hash_state hs;
4095. - struct
4096. - {
4097. - uint8_t k[64];
4098. - uint8_t init[INIT_SIZE_BYTE];
4099. - };
4100. -};
4101. -#pragma pack(pop)
4102. -
4103. -#if defined(__aarch64__) && defined(__ARM_FEATURE_CRYPTO)
4104. -
4105. -/* ARMv8-A optimized with NEON and AES instructions.
4106. - * Copied from the x86-64 AES-NI implementation. It has much the same
4107. - * characteristics as x86-64: there's no 64x64=128 multiplier for vectors,
4108. - * and moving between vector and regular registers stalls the pipeline.
4109. - */
4110. -#include <arm_neon.h>
4111. -
4112. -#define TOTALBLOCKS (MEMORY / AES_BLOCK_SIZE)
4113. -
4114. -#define state_index(x) (((*((uint64_t *)x) >> 4) & (TOTALBLOCKS - 1)) << 4)
4115. -#define __mul() __asm__("mul %0, %1, %2\n\t" : "=r"(lo) : "r"(c[0]), "r"(b[0]) ); \
4116. - __asm__("umulh %0, %1, %2\n\t" : "=r"(hi) : "r"(c[0]), "r"(b[0]) );
4117. -
4118. -#define pre_aes() \
4119. - j = state_index(a); \
4120. - _c = vld1q_u8(&hp_state[j]); \
4121. - _a = vld1q_u8((const uint8_t *)a); \
4122. -
4123. -#define post_aes() \
4124. - vst1q_u8((uint8_t *)c, _c); \
4125. - _b = veorq_u8(_b, _c); \
4126. - vst1q_u8(&hp_state[j], _b); \
4127. - j = state_index(c); \
4128. - p = U64(&hp_state[j]); \
4129. - b[0] = p[0]; b[1] = p[1]; \
4130. - __mul(); \
4131. - a[0] += hi; a[1] += lo; \
4132. - p = U64(&hp_state[j]); \
4133. - p[0] = a[0]; p[1] = a[1]; \
4134. - a[0] ^= b[0]; a[1] ^= b[1]; \
4135. - _b = _c; \
4136. -
4137. -
4138. -/* Note: this was based on a standard 256bit key schedule but
4139. - * it's been shortened since Cryptonight doesn't use the full
4140. - * key schedule. Don't try to use this for vanilla AES.
4141. -*/
4142. -static void aes_expand_key(const uint8_t *key, uint8_t *expandedKey) {
4143. -__asm__("mov x2, %1\n\t" : : "r"(key), "r"(expandedKey));
4144. -__asm__(
4145. -" adr x3,Lrcon\n"
4146. -"\n"
4147. -" eor v0.16b,v0.16b,v0.16b\n"
4148. -" ld1 {v3.16b},[x0],#16\n"
4149. -" ld1 {v1.4s,v2.4s},[x3],#32\n"
4150. -" b L256\n"
4151. -".align 5\n"
4152. -"Lrcon:\n"
4153. -".long 0x01,0x01,0x01,0x01\n"
4154. -".long 0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d // rotate-n-splat\n"
4155. -".long 0x1b,0x1b,0x1b,0x1b\n"
4156. -"\n"
4157. -".align 4\n"
4158. -"L256:\n"
4159. -" ld1 {v4.16b},[x0]\n"
4160. -" mov w1,#5\n"
4161. -" st1 {v3.4s},[x2],#16\n"
4162. -"\n"
4163. -"Loop256:\n"
4164. -" tbl v6.16b,{v4.16b},v2.16b\n"
4165. -" ext v5.16b,v0.16b,v3.16b,#12\n"
4166. -" st1 {v4.4s},[x2],#16\n"
4167. -" aese v6.16b,v0.16b\n"
4168. -" subs w1,w1,#1\n"
4169. -"\n"
4170. -" eor v3.16b,v3.16b,v5.16b\n"
4171. -" ext v5.16b,v0.16b,v5.16b,#12\n"
4172. -" eor v3.16b,v3.16b,v5.16b\n"
4173. -" ext v5.16b,v0.16b,v5.16b,#12\n"
4174. -" eor v6.16b,v6.16b,v1.16b\n"
4175. -" eor v3.16b,v3.16b,v5.16b\n"
4176. -" shl v1.16b,v1.16b,#1\n"
4177. -" eor v3.16b,v3.16b,v6.16b\n"
4178. -" st1 {v3.4s},[x2],#16\n"
4179. -" b.eq Ldone\n"
4180. -"\n"
4181. -" dup v6.4s,v3.s[3] // just splat\n"
4182. -" ext v5.16b,v0.16b,v4.16b,#12\n"
4183. -" aese v6.16b,v0.16b\n"
4184. -"\n"
4185. -" eor v4.16b,v4.16b,v5.16b\n"
4186. -" ext v5.16b,v0.16b,v5.16b,#12\n"
4187. -" eor v4.16b,v4.16b,v5.16b\n"
4188. -" ext v5.16b,v0.16b,v5.16b,#12\n"
4189. -" eor v4.16b,v4.16b,v5.16b\n"
4190. -"\n"
4191. -" eor v4.16b,v4.16b,v6.16b\n"
4192. -" b Loop256\n"
4193. -"\n"
4194. -"Ldone:\n");
4195. -}
4196. -
4197. -/* An ordinary AES round is a sequence of SubBytes, ShiftRows, MixColumns, AddRoundKey. There
4198. - * is also an InitialRound which consists solely of AddRoundKey. The ARM instructions slice
4199. - * this sequence differently; the aese instruction performs AddRoundKey, SubBytes, ShiftRows.
4200. - * The aesmc instruction does the MixColumns. Since the aese instruction moves the AddRoundKey
4201. - * up front, and Cryptonight's hash skips the InitialRound step, we have to kludge it here by
4202. - * feeding in a vector of zeros for our first step. Also we have to do our own Xor explicitly
4203. - * at the last step, to provide the AddRoundKey that the ARM instructions omit.
4204. - */
4205. -STATIC INLINE void aes_pseudo_round(const uint8_t *in, uint8_t *out, const uint8_t *expandedKey, int nblocks)
4206. -{
4207. - const uint8x16_t *k = (const uint8x16_t *)expandedKey, zero = {0};
4208. - uint8x16_t tmp;
4209. - int i;
4210. -
4211. - for (i=0; i<nblocks; i++)
4212. - {
4213. - uint8x16_t tmp = vld1q_u8(in + i * AES_BLOCK_SIZE);
4214. - tmp = vaeseq_u8(tmp, zero);
4215. - tmp = vaesmcq_u8(tmp);
4216. - tmp = vaeseq_u8(tmp, k[0]);
4217. - tmp = vaesmcq_u8(tmp);
4218. - tmp = vaeseq_u8(tmp, k[1]);
4219. - tmp = vaesmcq_u8(tmp);
4220. - tmp = vaeseq_u8(tmp, k[2]);
4221. - tmp = vaesmcq_u8(tmp);
4222. - tmp = vaeseq_u8(tmp, k[3]);
4223. - tmp = vaesmcq_u8(tmp);
4224. - tmp = vaeseq_u8(tmp, k[4]);
4225. - tmp = vaesmcq_u8(tmp);
4226. - tmp = vaeseq_u8(tmp, k[5]);
4227. - tmp = vaesmcq_u8(tmp);
4228. - tmp = vaeseq_u8(tmp, k[6]);
4229. - tmp = vaesmcq_u8(tmp);
4230. - tmp = vaeseq_u8(tmp, k[7]);
4231. - tmp = vaesmcq_u8(tmp);
4232. - tmp = vaeseq_u8(tmp, k[8]);
4233. - tmp = vaesmcq_u8(tmp);
4234. - tmp = veorq_u8(tmp, k[9]);
4235. - vst1q_u8(out + i * AES_BLOCK_SIZE, tmp);
4236. - }
4237. -}
4238. -
4239. -STATIC INLINE void aes_pseudo_round_xor(const uint8_t *in, uint8_t *out, const uint8_t *expandedKey, const uint8_t *xor, int nblocks)
4240. -{
4241. - const uint8x16_t *k = (const uint8x16_t *)expandedKey;
4242. - const uint8x16_t *x = (const uint8x16_t *)xor;
4243. - uint8x16_t tmp;
4244. - int i;
4245. -
4246. - for (i=0; i<nblocks; i++)
4247. - {
4248. - uint8x16_t tmp = vld1q_u8(in + i * AES_BLOCK_SIZE);
4249. - tmp = vaeseq_u8(tmp, x[i]);
4250. - tmp = vaesmcq_u8(tmp);
4251. - tmp = vaeseq_u8(tmp, k[0]);
4252. - tmp = vaesmcq_u8(tmp);
4253. - tmp = vaeseq_u8(tmp, k[1]);
4254. - tmp = vaesmcq_u8(tmp);
4255. - tmp = vaeseq_u8(tmp, k[2]);
4256. - tmp = vaesmcq_u8(tmp);
4257. - tmp = vaeseq_u8(tmp, k[3]);
4258. - tmp = vaesmcq_u8(tmp);
4259. - tmp = vaeseq_u8(tmp, k[4]);
4260. - tmp = vaesmcq_u8(tmp);
4261. - tmp = vaeseq_u8(tmp, k[5]);
4262. - tmp = vaesmcq_u8(tmp);
4263. - tmp = vaeseq_u8(tmp, k[6]);
4264. - tmp = vaesmcq_u8(tmp);
4265. - tmp = vaeseq_u8(tmp, k[7]);
4266. - tmp = vaesmcq_u8(tmp);
4267. - tmp = vaeseq_u8(tmp, k[8]);
4268. - tmp = vaesmcq_u8(tmp);
4269. - tmp = veorq_u8(tmp, k[9]);
4270. - vst1q_u8(out + i * AES_BLOCK_SIZE, tmp);
4271. - }
4272. -}
4273. -
4274. -void cn_slow_hash(const void *data, size_t length, char *hash)
4275. -{
4276. - RDATA_ALIGN16 uint8_t expandedKey[240];
4277. - RDATA_ALIGN16 uint8_t hp_state[MEMORY];
4278. -
4279. - uint8_t text[INIT_SIZE_BYTE];
4280. - RDATA_ALIGN16 uint64_t a[2];
4281. - RDATA_ALIGN16 uint64_t b[2];
4282. - RDATA_ALIGN16 uint64_t c[2];
4283. - union cn_slow_hash_state state;
4284. - uint8x16_t _a, _b, _c, zero = {0};
4285. - uint64_t hi, lo;
4286. -
4287. - size_t i, j;
4288. - uint64_t *p = NULL;
4289. -
4290. - static void (*const extra_hashes[4])(const void *, size_t, char *) =
4291. - {
4292. - hash_extra_blake, hash_extra_groestl, hash_extra_jh, hash_extra_skein
4293. - };
4294. -
4295. - /* CryptoNight Step 1: Use Keccak1600 to initialize the 'state' (and 'text') buffers from the data. */
4296. -
4297. - hash_process(&state.hs, data, length);
4298. - memcpy(text, state.init, INIT_SIZE_BYTE);
4299. -
4300. - /* CryptoNight Step 2: Iteratively encrypt the results from Keccak to fill
4301. - * the 2MB large random access buffer.
4302. - */
4303. -
4304. - aes_expand_key(state.hs.b, expandedKey);
4305. - for(i = 0; i < MEMORY / INIT_SIZE_BYTE; i++)
4306. - {
4307. - aes_pseudo_round(text, text, expandedKey, INIT_SIZE_BLK);
4308. - memcpy(&hp_state[i * INIT_SIZE_BYTE], text, INIT_SIZE_BYTE);
4309. - }
4310. -
4311. - U64(a)[0] = U64(&state.k[0])[0] ^ U64(&state.k[32])[0];
4312. - U64(a)[1] = U64(&state.k[0])[1] ^ U64(&state.k[32])[1];
4313. - U64(b)[0] = U64(&state.k[16])[0] ^ U64(&state.k[48])[0];
4314. - U64(b)[1] = U64(&state.k[16])[1] ^ U64(&state.k[48])[1];
4315. -
4316. - /* CryptoNight Step 3: Bounce randomly 1 million times through the mixing buffer,
4317. - * using 500,000 iterations of the following mixing function. Each execution
4318. - * performs two reads and writes from the mixing buffer.
4319. - */
4320. -
4321. - _b = vld1q_u8((const uint8_t *)b);
4322. -
4323. -
4324. - for(i = 0; i < ITER / 2; i++)
4325. - {
4326. - pre_aes();
4327. - _c = vaeseq_u8(_c, zero);
4328. - _c = vaesmcq_u8(_c);
4329. - _c = veorq_u8(_c, _a);
4330. - post_aes();
4331. - }
4332. -
4333. - /* CryptoNight Step 4: Sequentially pass through the mixing buffer and use 10 rounds
4334. - * of AES encryption to mix the random data back into the 'text' buffer. 'text'
4335. - * was originally created with the output of Keccak1600. */
4336. -
4337. - memcpy(text, state.init, INIT_SIZE_BYTE);
4338. -
4339. - aes_expand_key(&state.hs.b[32], expandedKey);
4340. - for(i = 0; i < MEMORY / INIT_SIZE_BYTE; i++)
4341. - {
4342. - // add the xor to the pseudo round
4343. - aes_pseudo_round_xor(text, text, expandedKey, &hp_state[i * INIT_SIZE_BYTE], INIT_SIZE_BLK);
4344. - }
4345. -
4346. - /* CryptoNight Step 5: Apply Keccak to the state again, and then
4347. - * use the resulting data to select which of four finalizer
4348. - * hash functions to apply to the data (Blake, Groestl, JH, or Skein).
4349. - * Use this hash to squeeze the state array down
4350. - * to the final 256 bit hash output.
4351. - */
4352. -
4353. - memcpy(state.init, text, INIT_SIZE_BYTE);
4354. - hash_permutation(&state.hs);
4355. - extra_hashes[state.hs.b[0] & 3](&state, 200, hash);
4356. -}
4357. -#else /* aarch64 && crypto */
4358. -
4359. -// ND: Some minor optimizations for ARMv7 (raspberrry pi 2), effect seems to be ~40-50% faster.
4360. -// Needs more work.
4361. -
4362. -#ifdef NO_OPTIMIZED_MULTIPLY_ON_ARM
4363. -/* The asm corresponds to this C code */
4364. -#define SHORT uint32_t
4365. -#define LONG uint64_t
4366. -
4367. -void mul(const uint8_t *ca, const uint8_t *cb, uint8_t *cres) {
4368. - const SHORT *aa = (SHORT *)ca;
4369. - const SHORT *bb = (SHORT *)cb;
4370. - SHORT *res = (SHORT *)cres;
4371. - union {
4372. - SHORT tmp[8];
4373. - LONG ltmp[4];
4374. - } t;
4375. - LONG A = aa[1];
4376. - LONG a = aa[0];
4377. - LONG B = bb[1];
4378. - LONG b = bb[0];
4379. -
4380. - // Aa * Bb = ab + aB_ + Ab_ + AB__
4381. - t.ltmp[0] = a * b;
4382. - t.ltmp[1] = a * B;
4383. - t.ltmp[2] = A * b;
4384. - t.ltmp[3] = A * B;
4385. -
4386. - res[2] = t.tmp[0];
4387. - t.ltmp[1] += t.tmp[1];
4388. - t.ltmp[1] += t.tmp[4];
4389. - t.ltmp[3] += t.tmp[3];
4390. - t.ltmp[3] += t.tmp[5];
4391. - res[3] = t.tmp[2];
4392. - res[0] = t.tmp[6];
4393. - res[1] = t.tmp[7];
4394. -}
4395. -#else // !NO_OPTIMIZED_MULTIPLY_ON_ARM
4396. -
4397. -#ifdef __aarch64__ /* ARM64, no crypto */
4398. -#define mul(a, b, c) cn_mul128((const uint64_t *)a, (const uint64_t *)b, (uint64_t *)c)
4399. -STATIC void cn_mul128(const uint64_t *a, const uint64_t *b, uint64_t *r)
4400. -{
4401. - uint64_t lo, hi;
4402. - __asm__("mul %0, %1, %2\n\t" : "=r"(lo) : "r"(a[0]), "r"(b[0]) );
4403. - __asm__("umulh %0, %1, %2\n\t" : "=r"(hi) : "r"(a[0]), "r"(b[0]) );
4404. - r[0] = hi;
4405. - r[1] = lo;
4406. -}
4407. -#else /* ARM32 */
4408. -/* Can work as inline, but actually runs slower. Keep it separate */
4409. -#define mul(a, b, c) cn_mul128((const uint32_t *)a, (const uint32_t *)b, (uint32_t *)c)
4410. -STATIC void cn_mul128(const uint32_t *aa, const uint32_t *bb, uint32_t *r)
4411. -{
4412. - uint32_t t0, t1, t2=0, t3=0;
4413. -__asm__ __volatile__(
4414. - "umull %[t0], %[t1], %[a], %[b]\n\t"
4415. - "str %[t0], %[ll]\n\t"
4416. -
4417. - // accumulating with 0 can never overflow/carry
4418. - "eor %[t0], %[t0]\n\t"
4419. - "umlal %[t1], %[t0], %[a], %[B]\n\t"
4420. -
4421. - "umlal %[t1], %[t2], %[A], %[b]\n\t"
4422. - "str %[t1], %[lh]\n\t"
4423. -
4424. - "umlal %[t0], %[t3], %[A], %[B]\n\t"
4425. -
4426. - // final add may have a carry
4427. - "adds %[t0], %[t0], %[t2]\n\t"
4428. - "adc %[t1], %[t3], #0\n\t"
4429. -
4430. - "str %[t0], %[hl]\n\t"
4431. - "str %[t1], %[hh]\n\t"
4432. - : [t0]"=&r"(t0), [t1]"=&r"(t1), [t2]"+r"(t2), [t3]"+r"(t3), [hl]"=m"(r[0]), [hh]"=m"(r[1]), [ll]"=m"(r[2]), [lh]"=m"(r[3])
4433. - : [A]"r"(aa[1]), [a]"r"(aa[0]), [B]"r"(bb[1]), [b]"r"(bb[0])
4434. - : "cc");
4435. -}
4436. -#endif /* !aarch64 */
4437. -#endif // NO_OPTIMIZED_MULTIPLY_ON_ARM
4438. -
4439. -STATIC INLINE void sum_half_blocks(uint8_t* a, const uint8_t* b)
4440. -{
4441. - uint64_t a0, a1, b0, b1;
4442. - a0 = U64(a)[0];
4443. - a1 = U64(a)[1];
4444. - b0 = U64(b)[0];
4445. - b1 = U64(b)[1];
4446. - a0 += b0;
4447. - a1 += b1;
4448. - U64(a)[0] = a0;
4449. - U64(a)[1] = a1;
4450. -}
4451. -
4452. -STATIC INLINE void swap_blocks(uint8_t *a, uint8_t *b)
4453. -{
4454. - uint64_t t[2];
4455. - U64(t)[0] = U64(a)[0];
4456. - U64(t)[1] = U64(a)[1];
4457. - U64(a)[0] = U64(b)[0];
4458. - U64(a)[1] = U64(b)[1];
4459. - U64(b)[0] = U64(t)[0];
4460. - U64(b)[1] = U64(t)[1];
4461. -}
4462. -
4463. -STATIC INLINE void xor_blocks(uint8_t* a, const uint8_t* b)
4464. -{
4465. - U64(a)[0] ^= U64(b)[0];
4466. - U64(a)[1] ^= U64(b)[1];
4467. -}
4468. -
4469. -void cn_slow_hash(const void *data, size_t length, char *hash)
4470. -{
4471. - uint8_t long_state[MEMORY];
4472. - uint8_t text[INIT_SIZE_BYTE];
4473. - uint8_t a[AES_BLOCK_SIZE];
4474. - uint8_t b[AES_BLOCK_SIZE];
4475. - uint8_t d[AES_BLOCK_SIZE];
4476. - uint8_t aes_key[AES_KEY_SIZE];
4477. - RDATA_ALIGN16 uint8_t expandedKey[256];
4478. -
4479. - union cn_slow_hash_state state;
4480. -
4481. - size_t i, j;
4482. - uint8_t *p = NULL;
4483. - oaes_ctx *aes_ctx;
4484. - static void (*const extra_hashes[4])(const void *, size_t, char *) =
4485. - {
4486. - hash_extra_blake, hash_extra_groestl, hash_extra_jh, hash_extra_skein
4487. - };
4488. -
4489. - hash_process(&state.hs, data, length);
4490. - memcpy(text, state.init, INIT_SIZE_BYTE);
4491. -
4492. - aes_ctx = (oaes_ctx *) oaes_alloc();
4493. - oaes_key_import_data(aes_ctx, state.hs.b, AES_KEY_SIZE);
4494. -
4495. - // use aligned data
4496. - memcpy(expandedKey, aes_ctx->key->exp_data, aes_ctx->key->exp_data_len);
4497. - for(i = 0; i < MEMORY / INIT_SIZE_BYTE; i++)
4498. - {
4499. - for(j = 0; j < INIT_SIZE_BLK; j++)
4500. - aesb_pseudo_round(&text[AES_BLOCK_SIZE * j], &text[AES_BLOCK_SIZE * j], expandedKey);
4501. - memcpy(&long_state[i * INIT_SIZE_BYTE], text, INIT_SIZE_BYTE);
4502. - }
4503. -
4504. - U64(a)[0] = U64(&state.k[0])[0] ^ U64(&state.k[32])[0];
4505. - U64(a)[1] = U64(&state.k[0])[1] ^ U64(&state.k[32])[1];
4506. - U64(b)[0] = U64(&state.k[16])[0] ^ U64(&state.k[48])[0];
4507. - U64(b)[1] = U64(&state.k[16])[1] ^ U64(&state.k[48])[1];
4508. -
4509. - for(i = 0; i < ITER / 2; i++)
4510. - {
4511. - #define MASK ((uint32_t)(((MEMORY / AES_BLOCK_SIZE) - 1) << 4))
4512. - #define state_index(x) ((*(uint32_t *) x) & MASK)
4513. -
4514. - // Iteration 1
4515. - p = &long_state[state_index(a)];
4516. - aesb_single_round(p, p, a);
4517. -
4518. - xor_blocks(b, p);
4519. - swap_blocks(b, p);
4520. - swap_blocks(a, b);
4521. -
4522. - // Iteration 2
4523. - p = &long_state[state_index(a)];
4524. -
4525. - mul(a, p, d);
4526. - sum_half_blocks(b, d);
4527. - swap_blocks(b, p);
4528. - xor_blocks(b, p);
4529. - swap_blocks(a, b);
4530. - }
4531. -
4532. - memcpy(text, state.init, INIT_SIZE_BYTE);
4533. - oaes_key_import_data(aes_ctx, &state.hs.b[32], AES_KEY_SIZE);
4534. - memcpy(expandedKey, aes_ctx->key->exp_data, aes_ctx->key->exp_data_len);
4535. - for(i = 0; i < MEMORY / INIT_SIZE_BYTE; i++)
4536. - {
4537. - for(j = 0; j < INIT_SIZE_BLK; j++)
4538. - {
4539. - xor_blocks(&text[j * AES_BLOCK_SIZE], &long_state[i * INIT_SIZE_BYTE + j * AES_BLOCK_SIZE]);
4540. - aesb_pseudo_round(&text[AES_BLOCK_SIZE * j], &text[AES_BLOCK_SIZE * j], expandedKey);
4541. - }
4542. - }
4543. -
4544. - oaes_free((OAES_CTX **) &aes_ctx);
4545. - memcpy(state.init, text, INIT_SIZE_BYTE);
4546. - hash_permutation(&state.hs);
4547. - extra_hashes[state.hs.b[0] & 3](&state, 200, hash);
4548. -}
4549. -#endif /* !aarch64 || !crypto */
4550. -
4551. -#else
4552. -// Portable implementation as a fallback
4553. -
4554. -void slow_hash_allocate_state(void)
4555. -{
4556. - // Do nothing, this is just to maintain compatibility with the upgraded slow-hash.c
4557. - return;
4558. -}
4559. -
4560. -void slow_hash_free_state(void)
4561. -{
4562. - // As above
4563. - return;
4564. -}
4565. -
4566. -static void (*const extra_hashes[4])(const void *, size_t, char *) = {
4567. - hash_extra_blake, hash_extra_groestl, hash_extra_jh, hash_extra_skein
4568. -};
4569. -
4570. -extern int aesb_single_round(const uint8_t *in, uint8_t*out, const uint8_t *expandedKey);
4571. -extern int aesb_pseudo_round(const uint8_t *in, uint8_t *out, const uint8_t *expandedKey);
4572. -
4573. -static size_t e2i(const uint8_t* a, size_t count) { return (*((uint64_t*)a) / AES_BLOCK_SIZE) & (count - 1); }
4574. -
4575. -static void mul(const uint8_t* a, const uint8_t* b, uint8_t* res) {
4576. - uint64_t a0, b0;
4577. - uint64_t hi, lo;
4578. -
4579. - a0 = SWAP64LE(((uint64_t*)a)[0]);
4580. - b0 = SWAP64LE(((uint64_t*)b)[0]);
4581. - lo = mul128(a0, b0, &hi);
4582. - ((uint64_t*)res)[0] = SWAP64LE(hi);
4583. - ((uint64_t*)res)[1] = SWAP64LE(lo);
4584. -}
4585. -
4586. -static void sum_half_blocks(uint8_t* a, const uint8_t* b) {
4587. - uint64_t a0, a1, b0, b1;
4588. -
4589. - a0 = SWAP64LE(((uint64_t*)a)[0]);
4590. - a1 = SWAP64LE(((uint64_t*)a)[1]);
4591. - b0 = SWAP64LE(((uint64_t*)b)[0]);
4592. - b1 = SWAP64LE(((uint64_t*)b)[1]);
4593. - a0 += b0;
4594. - a1 += b1;
4595. - ((uint64_t*)a)[0] = SWAP64LE(a0);
4596. - ((uint64_t*)a)[1] = SWAP64LE(a1);
4597. -}
4598. -#define U64(x) ((uint64_t *) (x))
4599. -
4600. -static void copy_block(uint8_t* dst, const uint8_t* src) {
4601. - memcpy(dst, src, AES_BLOCK_SIZE);
4602. -}
4603. -
4604. -static void swap_blocks(uint8_t *a, uint8_t *b){
4605. - uint64_t t[2];
4606. - U64(t)[0] = U64(a)[0];
4607. - U64(t)[1] = U64(a)[1];
4608. - U64(a)[0] = U64(b)[0];
4609. - U64(a)[1] = U64(b)[1];
4610. - U64(b)[0] = U64(t)[0];
4611. - U64(b)[1] = U64(t)[1];
4612. -}
4613. -
4614. -static void xor_blocks(uint8_t* a, const uint8_t* b) {
4615. - size_t i;
4616. - for (i = 0; i < AES_BLOCK_SIZE; i++) {
4617. - a[i] ^= b[i];
4618. - }
4619. -}
4620. -
4621. -#pragma pack(push, 1)
4622. -union cn_slow_hash_state {
4623. - union hash_state hs;
4624. - struct {
4625. - uint8_t k[64];
4626. - uint8_t init[INIT_SIZE_BYTE];
4627. - };
4628. -};
4629. -#pragma pack(pop)
4630. -
4631. -void cn_slow_hash(const void *data, size_t length, char *hash) {
4632. - uint8_t long_state[MEMORY];
4633. - union cn_slow_hash_state state;
4634. - uint8_t text[INIT_SIZE_BYTE];
4635. - uint8_t a[AES_BLOCK_SIZE];
4636. - uint8_t b[AES_BLOCK_SIZE];
4637. - uint8_t c[AES_BLOCK_SIZE];
4638. - uint8_t d[AES_BLOCK_SIZE];
4639. - size_t i, j;
4640. - uint8_t aes_key[AES_KEY_SIZE];
4641. - oaes_ctx *aes_ctx;
4642. -
4643. - hash_process(&state.hs, data, length);
4644. - memcpy(text, state.init, INIT_SIZE_BYTE);
4645. - memcpy(aes_key, state.hs.b, AES_KEY_SIZE);
4646. - aes_ctx = (oaes_ctx *) oaes_alloc();
4647. -
4648. - oaes_key_import_data(aes_ctx, aes_key, AES_KEY_SIZE);
4649. - for (i = 0; i < MEMORY / INIT_SIZE_BYTE; i++) {
4650. - for (j = 0; j < INIT_SIZE_BLK; j++) {
4651. - aesb_pseudo_round(&text[AES_BLOCK_SIZE * j], &text[AES_BLOCK_SIZE * j], aes_ctx->key->exp_data);
4652. - }
4653. - memcpy(&long_state[i * INIT_SIZE_BYTE], text, INIT_SIZE_BYTE);
4654. - }
4655. -
4656. - for (i = 0; i < 16; i++) {
4657. - a[i] = state.k[ i] ^ state.k[32 + i];
4658. - b[i] = state.k[16 + i] ^ state.k[48 + i];
4659. - }
4660. -
4661. - for (i = 0; i < ITER / 2; i++) {
4662. - /* Dependency chain: address -> read value ------+
4663. - * written value <-+ hard function (AES or MUL) <+
4664. - * next address <-+
4665. - */
4666. - /* Iteration 1 */
4667. - j = e2i(a, MEMORY / AES_BLOCK_SIZE);
4668. - copy_block(c, &long_state[j * AES_BLOCK_SIZE]);
4669. - aesb_single_round(c, c, a);
4670. - xor_blocks(b, c);
4671. - swap_blocks(b, c);
4672. - copy_block(&long_state[j * AES_BLOCK_SIZE], c);
4673. - assert(j == e2i(a, MEMORY / AES_BLOCK_SIZE));
4674. - swap_blocks(a, b);
4675. - /* Iteration 2 */
4676. - j = e2i(a, MEMORY / AES_BLOCK_SIZE);
4677. - copy_block(c, &long_state[j * AES_BLOCK_SIZE]);
4678. - mul(a, c, d);
4679. - sum_half_blocks(b, d);
4680. - swap_blocks(b, c);
4681. - xor_blocks(b, c);
4682. - copy_block(&long_state[j * AES_BLOCK_SIZE], c);
4683. - assert(j == e2i(a, MEMORY / AES_BLOCK_SIZE));
4684. - swap_blocks(a, b);
4685. - }
4686. -
4687. - memcpy(text, state.init, INIT_SIZE_BYTE);
4688. - oaes_key_import_data(aes_ctx, &state.hs.b[32], AES_KEY_SIZE);
4689. - for (i = 0; i < MEMORY / INIT_SIZE_BYTE; i++) {
4690. - for (j = 0; j < INIT_SIZE_BLK; j++) {
4691. - xor_blocks(&text[j * AES_BLOCK_SIZE], &long_state[i * INIT_SIZE_BYTE + j * AES_BLOCK_SIZE]);
4692. - aesb_pseudo_round(&text[AES_BLOCK_SIZE * j], &text[AES_BLOCK_SIZE * j], aes_ctx->key->exp_data);
4693. - }
4694. - }
4695. - memcpy(state.init, text, INIT_SIZE_BYTE);
4696. - hash_permutation(&state.hs);
4697. - /*memcpy(hash, &state, 32);*/
4698. - extra_hashes[state.hs.b[0] & 3](&state, 200, hash);
4699. - oaes_free((OAES_CTX **) &aes_ctx);
4700. -}
4701. -
4702. -#endif
4703. diff --git "a/c:\\1\\sumokoin/src/cryptonote_core/blockchain.cpp" "b/c:\\1\\2\\sumokoin/src/cryptonote_core/blockchain.cpp"
4704. index d7302df..c1d9b28 100644
4705. --- "a/c:\\1\\sumokoin/src/cryptonote_core/blockchain.cpp"
4706. +++ "b/c:\\1\\2\\sumokoin/src/cryptonote_core/blockchain.cpp"
4707. @@ -69,8 +69,6 @@
4708.  
4709. using namespace cryptonote;
4710. using epee::string_tools::pod_to_hex;
4711. -extern "C" void slow_hash_allocate_state();
4712. -extern "C" void slow_hash_free_state();
4713.  
4714. DISABLE_VS_WARNINGS(4267)
4715.  
4716. @@ -1310,7 +1308,7 @@ bool Blockchain::handle_alternative_block(const block& b, const crypto::hash& id
4717. difficulty_type current_diff = get_next_difficulty_for_alternative_chain(alt_chain, bei);
4718. CHECK_AND_ASSERT_MES(current_diff, false, "!!!!!!! DIFFICULTY OVERHEAD !!!!!!!");
4719. crypto::hash proof_of_work = null_hash;
4720. - get_block_longhash(bei.bl, proof_of_work, bei.height);
4721. + get_block_longhash_v1(bei.bl, m_pow_ctx_v1, proof_of_work);
4722. if(!check_hash(proof_of_work, current_diff))
4723. {
4724. LOG_PRINT_RED_L1("Block with id: " << id << std::endl << " for alternative chain, does not have enough proof of work: " << proof_of_work << std::endl << " expected difficulty: " << current_diff);
4725. @@ -3003,7 +3001,9 @@ leave:
4726. proof_of_work = it->second;
4727. }
4728. else
4729. - proof_of_work = get_block_longhash(bl, m_db->height());
4730. + {
4731. + get_block_longhash_v1(bl, m_pow_ctx_v1, proof_of_work);
4732. + }
4733.  
4734. // validate proof_of_work versus difficulty target
4735. if(!check_hash(proof_of_work, current_diffic))
4736. @@ -3368,10 +3368,9 @@ void Blockchain::set_enforce_dns_checkpoints(bool enforce_checkpoints)
4737. }
4738.  
4739. //------------------------------------------------------------------
4740. -void Blockchain::block_longhash_worker(const uint64_t height, const std::vector<block> &blocks, std::unordered_map<crypto::hash, crypto::hash> &map) const
4741. +void Blockchain::block_longhash_worker(cn_pow_hash_v1& hash_ctx, const std::vector<block> &blocks, std::unordered_map<crypto::hash, crypto::hash> &map)
4742. {
4743. TIME_MEASURE_START(t);
4744. - slow_hash_allocate_state();
4745.  
4746. //FIXME: height should be changing here, as get_block_longhash expects
4747. // the height of the block passed to it
4748. @@ -3380,11 +3379,11 @@ void Blockchain::block_longhash_worker(const uint64_t height, const std::vector<
4749. if (m_cancel)
4750. return;
4751. crypto::hash id = get_block_hash(block);
4752. - crypto::hash pow = get_block_longhash(block, height);
4753. + crypto::hash pow;
4754. + get_block_longhash_v1(block, hash_ctx, pow);
4755. map.emplace(id, pow);
4756. }
4757.  
4758. - slow_hash_free_state();
4759. TIME_MEASURE_FINISH(t);
4760. }
4761.  
4762. @@ -3541,9 +3540,13 @@ bool Blockchain::prepare_handle_incoming_blocks(const std::list<block_complete_e
4763. if (!blocks_exist)
4764. {
4765. m_blocks_longhash_table.clear();
4766. +
4767. + if(m_hash_ctxes_multi.size() < threads)
4768. + m_hash_ctxes_multi.resize(threads);
4769. +
4770. for (uint64_t i = 0; i < threads; i++)
4771. {
4772. - thread_list.push_back(new boost::thread(&Blockchain::block_longhash_worker, this, height + (i * batches), std::cref(blocks[i]), std::ref(maps[i])));
4773. + thread_list.push_back(new boost::thread(&Blockchain::block_longhash_worker, this, std::ref(m_hash_ctxes_multi[i]), std::cref(blocks[i]), std::ref(maps[i])));
4774. }
4775.  
4776. for (size_t j = 0; j < thread_list.size(); j++)
4777. diff --git "a/c:\\1\\sumokoin/src/cryptonote_core/blockchain.h" "b/c:\\1\\2\\sumokoin/src/cryptonote_core/blockchain.h"
4778. index 48590bf..58584b0 100644
4779. --- "a/c:\\1\\sumokoin/src/cryptonote_core/blockchain.h"
4780. +++ "b/c:\\1\\2\\sumokoin/src/cryptonote_core/blockchain.h"
4781. @@ -837,12 +837,11 @@ namespace cryptonote
4782. /**
4783. * @brief computes the "short" and "long" hashes for a set of blocks
4784. *
4785. - * @param height the height of the first block
4786. + * @param hash_ctx pow hash ctx
4787. * @param blocks the blocks to be hashed
4788. * @param map return-by-reference the hashes for each block
4789. */
4790. - void block_longhash_worker(const uint64_t height, const std::vector<block> &blocks,
4791. - std::unordered_map<crypto::hash, crypto::hash> &map) const;
4792. + void block_longhash_worker(cn_pow_hash_v1& hash_ctx, const std::vector<block> &blocks, std::unordered_map<crypto::hash, crypto::hash> &map);
4793.  
4794. void cancel();
4795.  
4796. @@ -905,6 +904,8 @@ namespace cryptonote
4797. // some invalid blocks
4798. blocks_ext_by_hash m_invalid_blocks; // crypto::hash -> block_extended_info
4799.  
4800. + cn_pow_hash_v1 m_pow_ctx_v1;
4801. + std::vector<cn_pow_hash_v1> m_hash_ctxes_multi;
4802.  
4803. checkpoints m_checkpoints;
4804. std::atomic<bool> m_is_in_checkpoint_zone;
4805. diff --git "a/c:\\1\\sumokoin/src/cryptonote_core/cryptonote_format_utils.cpp" "b/c:\\1\\2\\sumokoin/src/cryptonote_core/cryptonote_format_utils.cpp"
4806. index 2bf5175..4f633d0 100644
4807. --- "a/c:\\1\\sumokoin/src/cryptonote_core/cryptonote_format_utils.cpp"
4808. +++ "b/c:\\1\\2\\sumokoin/src/cryptonote_core/cryptonote_format_utils.cpp"
4809. @@ -1238,11 +1238,12 @@ namespace cryptonote
4810. return true;
4811. }
4812. //---------------------------------------------------------------
4813. - bool get_block_longhash(const block& b, crypto::hash& res, uint64_t height)
4814. + bool get_block_longhash_v1(const block& b, cn_pow_hash_v1 &ctx, crypto::hash& res)
4815. {
4816. block b_local = b; //workaround to avoid const errors with do_serialize
4817. blobdata bd = get_block_hashing_blob(b);
4818. - crypto::cn_slow_hash(bd.data(), bd.size(), res);
4819. + ctx.hash(bd.data(), bd.size(), res.data);
4820. + // crypto::cn_slow_hash(bd.data(), bd.size(), res);
4821. return true;
4822. }
4823. //---------------------------------------------------------------
4824. @@ -1266,13 +1267,6 @@ namespace cryptonote
4825. return res;
4826. }
4827. //---------------------------------------------------------------
4828. - crypto::hash get_block_longhash(const block& b, uint64_t height)
4829. - {
4830. - crypto::hash p = null_hash;
4831. - get_block_longhash(b, p, height);
4832. - return p;
4833. - }
4834. - //---------------------------------------------------------------
4835. bool parse_and_validate_block_from_blob(const blobdata& b_blob, block& b)
4836. {
4837. std::stringstream ss;
4838. diff --git "a/c:\\1\\sumokoin/src/cryptonote_core/cryptonote_format_utils.h" "b/c:\\1\\2\\sumokoin/src/cryptonote_core/cryptonote_format_utils.h"
4839. index 7b271f5..d21b964 100644
4840. --- "a/c:\\1\\sumokoin/src/cryptonote_core/cryptonote_format_utils.h"
4841. +++ "b/c:\\1\\2\\sumokoin/src/cryptonote_core/cryptonote_format_utils.h"
4842. @@ -36,6 +36,7 @@
4843. #include "include_base_utils.h"
4844. #include "crypto/crypto.h"
4845. #include "crypto/hash.h"
4846. +#include "crypto/cn_slow_hash.hpp"
4847. #include "ringct/rctOps.h"
4848. #include <unordered_map>
4849.  
4850. @@ -149,8 +150,7 @@ namespace cryptonote
4851. blobdata get_block_hashing_blob(const block& b);
4852. bool get_block_hash(const block& b, crypto::hash& res);
4853. crypto::hash get_block_hash(const block& b);
4854. - bool get_block_longhash(const block& b, crypto::hash& res, uint64_t height);
4855. - crypto::hash get_block_longhash(const block& b, uint64_t height);
4856. + bool get_block_longhash_v1(const block& b, cn_pow_hash_v1 &ctx, crypto::hash& res);
4857. bool generate_genesis_block(
4858. block& bl
4859. , std::string const & genesis_tx
4860. diff --git "a/c:\\1\\sumokoin/src/cryptonote_core/miner.cpp" "b/c:\\1\\2\\sumokoin/src/cryptonote_core/miner.cpp"
4861. index 37986f0..070460d 100644
4862. --- "a/c:\\1\\sumokoin/src/cryptonote_core/miner.cpp"
4863. +++ "b/c:\\1\\2\\sumokoin/src/cryptonote_core/miner.cpp"
4864. @@ -47,9 +47,6 @@ using namespace epee;
4865.  
4866. #include "miner.h"
4867.  
4868. -
4869. -extern "C" void slow_hash_allocate_state();
4870. -extern "C" void slow_hash_free_state();
4871. namespace cryptonote
4872. {
4873.  
4874. @@ -301,10 +298,11 @@ namespace cryptonote
4875. //-----------------------------------------------------------------------------------------------------
4876. bool miner::find_nonce_for_given_block(block& bl, const difficulty_type& diffic, uint64_t height)
4877. {
4878. + cn_pow_hash_v1 hash_ctx;
4879. for(; bl.nonce != std::numeric_limits<uint32_t>::max(); bl.nonce++)
4880. {
4881. crypto::hash h;
4882. - get_block_longhash(bl, h, height);
4883. + get_block_longhash_v1(bl, hash_ctx, h);
4884.  
4885. if(check_hash(h, diffic))
4886. {
4887. @@ -352,11 +350,11 @@ namespace cryptonote
4888. LOG_PRINT_L0("Miner thread was started ["<< th_local_index << "]");
4889. log_space::log_singletone::set_thread_log_prefix(std::string("[miner ") + std::to_string(th_local_index) + "]");
4890. uint32_t nonce = m_starter_nonce + th_local_index;
4891. - uint64_t height = 0;
4892. difficulty_type local_diff = 0;
4893. uint32_t local_template_ver = 0;
4894. block b;
4895. - slow_hash_allocate_state();
4896. + cn_pow_hash_v1 hash_ctx;
4897. +
4898. while(!m_stop)
4899. {
4900. if(m_pausers_count)//anti split workaround
4901. @@ -370,7 +368,6 @@ namespace cryptonote
4902. CRITICAL_REGION_BEGIN(m_template_lock);
4903. b = m_template;
4904. local_diff = m_diffic;
4905. - height = m_height;
4906. CRITICAL_REGION_END();
4907. local_template_ver = m_template_no;
4908. nonce = m_starter_nonce + th_local_index;
4909. @@ -385,7 +382,7 @@ namespace cryptonote
4910.  
4911. b.nonce = nonce;
4912. crypto::hash h;
4913. - get_block_longhash(b, h, height);
4914. + get_block_longhash_v1(b, hash_ctx, h);
4915.  
4916. if(check_hash(h, local_diff))
4917. {
4918. @@ -405,7 +402,6 @@ namespace cryptonote
4919. nonce+=m_threads_total;
4920. ++m_hashes;
4921. }
4922. - slow_hash_free_state();
4923. LOG_PRINT_L0("Miner thread stopped ["<< th_local_index << "]");
4924. return true;
4925. }
4926. (END)