C:\Users\Administrator>cd ..C:\UsersC:\Users>git diff c:\1\sumokoin c:\1

1. C:\Users\Administrator>cd ..
2.  
3. C:\Users
4.  
5. C:\Users>git diff c:\1\sumokoin c:\1\2\sumokoin
6. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/HEAD.
7. The file will have its original line endings in your working directory.
8. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/HEAD.
9. The file will have its original line endings in your working directory.
10. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/config.
11. The file will have its original line endings in your working directory.
12. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/config.
13. The file will have its original line endings in your working directory.
14. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/description.
15. The file will have its original line endings in your working directory.
16. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/description.
17. The file will have its original line endings in your working directory.
18. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/hooks/applypatch-msg.sample.
19. The file will have its original line endings in your working directory.
20. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/hooks/applypatch-msg.sample.
21. The file will have its original line endings in your working directory.
22. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/hooks/commit-msg.sample.
23. The file will have its original line endings in your working directory.
24. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/hooks/commit-msg.sample.
25. The file will have its original line endings in your working directory.
26. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/hooks/fsmonitor-watchman.sample.
27. The file will have its original line endings in your working directory.
28. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/hooks/fsmonitor-watchman.sample.
29. The file will have its original line endings in your working directory.
30. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/hooks/post-update.sample.
31. The file will have its original line endings in your working directory.
32. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/hooks/post-update.sample.
33. The file will have its original line endings in your working directory.
34. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/hooks/pre-applypatch.sample.
35. The file will have its original line endings in your working directory.
36. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/hooks/pre-applypatch.sample.
37. The file will have its original line endings in your working directory.
38. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/hooks/pre-commit.sample.
39. The file will have its original line endings in your working directory.
40. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/hooks/pre-commit.sample.
41. The file will have its original line endings in your working directory.
42. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/hooks/pre-push.sample.
43. The file will have its original line endings in your working directory.
44. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/hooks/pre-push.sample.
45. The file will have its original line endings in your working directory.
46. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/hooks/pre-rebase.sample.
47. The file will have its original line endings in your working directory.
48. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/hooks/pre-rebase.sample.
49. The file will have its original line endings in your working directory.
50. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/hooks/pre-receive.sample.
51. The file will have its original line endings in your working directory.
52. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/hooks/pre-receive.sample.
53. The file will have its original line endings in your working directory.
54. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/hooks/prepare-commit-msg.sample.
55. The file will have its original line endings in your working directory.
56. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/hooks/prepare-commit-msg.sample.
57. The file will have its original line endings in your working directory.
58. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/hooks/update.sample.
59. The file will have its original line endings in your working directory.
60. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/hooks/update.sample.
61. The file will have its original line endings in your working directory.
62. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/info/exclude.
63. The file will have its original line endings in your working directory.
64. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/info/exclude.
65. The file will have its original line endings in your working directory.
66. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/logs/HEAD.
67. The file will have its original line endings in your working directory.
68. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/logs/HEAD.
69. The file will have its original line endings in your working directory.
70. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/logs/refs/remotes/origin/HEAD.
71. The file will have its original line endings in your working directory.
72. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/logs/refs/remotes/origin/HEAD.
73. The file will have its original line endings in your working directory.
74. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/packed-refs.
75. The file will have its original line endings in your working directory.
76. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/packed-refs.
77. The file will have its original line endings in your working directory.
78. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/refs/remotes/origin/HEAD.
79. The file will have its original line endings in your working directory.
80. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/refs/remotes/origin/HEAD.
81. The file will have its original line endings in your working directory.
82. warning: LF will be replaced by CRLF in c:\1\sumokoin/contrib/epee/include/console_handler.h.
83. The file will have its original line endings in your working directory.
84. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/contrib/epee/include/console_handler.h.
85. The file will have its original line endings in your working directory.
86. warning: LF will be replaced by CRLF in c:\1\sumokoin/contrib/epee/include/serialization/keyvalue_serialization_overloads.h.
87. The file will have its original line endings in your working directory.
88. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/contrib/epee/include/serialization/keyvalue_serialization_overloads.h.
89. The file will have its original line endings in your working directory.
90. warning: LF will be replaced by CRLF in c:\1\sumokoin/external/unbound/contrib/warmup.cmd.
91. The file will have its original line endings in your working directory.
92. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/external/unbound/contrib/warmup.cmd.
93. The file will have its original line endings in your working directory.
94. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/crypto/crypto.cpp.
95. The file will have its original line endings in your working directory.
96. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/crypto/crypto.cpp.
97. The file will have its original line endings in your working directory.
98. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/crypto/crypto.h.
99. The file will have its original line endings in your working directory.
100. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/crypto/crypto.h.
101. The file will have its original line endings in your working directory.
102. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/cryptonote_core/cryptonote_basic.h.
103. The file will have its original line endings in your working directory.
104. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/cryptonote_core/cryptonote_basic.h.
105. The file will have its original line endings in your working directory.
106. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/cryptonote_core/cryptonote_basic_impl.h.
107. The file will have its original line endings in your working directory.
108. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/cryptonote_core/cryptonote_basic_impl.h.
109. The file will have its original line endings in your working directory.
110. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/cryptonote_core/cryptonote_format_utils.cpp.
111. The file will have its original line endings in your working directory.
112. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/cryptonote_core/cryptonote_format_utils.h.
113. The file will have its original line endings in your working directory.
114. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/cryptonote_core/miner.cpp.
115. The file will have its original line endings in your working directory.
116. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/daemon/command_parser_executor.cpp.
117. The file will have its original line endings in your working directory.
118. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/daemon/command_parser_executor.cpp.
119. The file will have its original line endings in your working directory.
120. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/mnemonics/german.h.
121. The file will have its original line endings in your working directory.
122. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/mnemonics/german.h.
123. The file will have its original line endings in your working directory.
124. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/mnemonics/italian.h.
125. The file will have its original line endings in your working directory.
126. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/mnemonics/italian.h.
127. The file will have its original line endings in your working directory.
128. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/mnemonics/russian.h.
129. The file will have its original line endings in your working directory.
130. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/mnemonics/russian.h.
131. The file will have its original line endings in your working directory.
132. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/rpc/core_rpc_server.cpp.
133. The file will have its original line endings in your working directory.
134. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/rpc/core_rpc_server.cpp.
135. The file will have its original line endings in your working directory.
136. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/wallet/api/pending_transaction.h.
137. The file will have its original line endings in your working directory.
138. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/wallet/api/pending_transaction.h.
139. The file will have its original line endings in your working directory.
140. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/wallet/api/wallet.h.
141. The file will have its original line endings in your working directory.
142. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/wallet/api/wallet.h.
143. The file will have its original line endings in your working directory.
144. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/wallet/wallet2.cpp.
145. The file will have its original line endings in your working directory.
146. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/wallet/wallet2.cpp.
147. The file will have its original line endings in your working directory.
148. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/wallet/wallet2.h.
149. The file will have its original line endings in your working directory.
150. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/wallet/wallet2.h.
151. The file will have its original line endings in your working directory.
152. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/wallet/wallet_rpc_server.cpp.
153. The file will have its original line endings in your working directory.
154. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/wallet/wallet_rpc_server.cpp.
155. The file will have its original line endings in your working directory.
156. warning: LF will be replaced by CRLF in c:\1\sumokoin/src/wallet/wallet_rpc_server_error_codes.h.
157. The file will have its original line endings in your working directory.
158. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/src/wallet/wallet_rpc_server_error_codes.h.
159. The file will have its original line endings in your working directory.
160. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/refs/heads/master.
161. The file will have its original line endings in your working directory.
162. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/logs/refs/heads/master.
163. The file will have its original line endings in your working directory.
164. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/logs/refs/heads/pow-change.
165. The file will have its original line endings in your working directory.
166. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/refs/heads/pow-change.
167. The file will have its original line endings in your working directory.
168. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/refs/heads/master.
169. The file will have its original line endings in your working directory.
170. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/refs/heads/pow-change.
171. The file will have its original line endings in your working directory.
172. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/logs/refs/heads/master.
173. The file will have its original line endings in your working directory.
174. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/logs/refs/heads/pow-change.
175. The file will have its original line endings in your working directory.
176. warning: LF will be replaced by CRLF in c:\1\sumokoin/.git/refs/heads/master.
177. The file will have its original line endings in your working directory.
178. warning: LF will be replaced by CRLF in c:\1\2\sumokoin/.git/refs/heads/pow-change.
179. The file will have its original line endings in your working directory.
180. diff --git "a/c:\\1\\sumokoin/.git/HEAD" "b/c:\\1\\2\\sumokoin/.git/HEAD"
181. index cb089cd..277049a 100644
182. --- "a/c:\\1\\sumokoin/.git/HEAD"
183. +++ "b/c:\\1\\2\\sumokoin/.git/HEAD"
184. @@ -1 +1 @@
185. -ref: refs/heads/master
186. +ref: refs/heads/pow-change
187. diff --git "a/c:\\1\\sumokoin/.git/config" "b/c:\\1\\2\\sumokoin/.git/config"
188. index 67a4572..5b239db 100644
189. --- "a/c:\\1\\sumokoin/.git/config"
190. +++ "b/c:\\1\\2\\sumokoin/.git/config"
191. @@ -8,6 +8,6 @@
192. [remote "origin"]
193. url = https://github.com/curie-kief/sumokoin
194. fetch = +refs/heads/*:refs/remotes/origin/*
195. -[branch "master"]
196. +[branch "pow-change"]
197. remote = origin
198. - merge = refs/heads/master
199. + merge = refs/heads/pow-change
200. diff --git "a/c:\\1\\sumokoin/.git/index" "b/c:\\1\\2\\sumokoin/.git/index"
201. index 181cbb8..df06eea 100644
202. Binary files "a/c:\\1\\sumokoin/.git/index" and "b/c:\\1\\2\\sumokoin/.git/index" differ
203. diff --git "a/c:\\1\\sumokoin/.git/logs/HEAD" "b/c:\\1\\2\\sumokoin/.git/logs/HEAD"
204. index 6c7ac38..e91a8ea 100644
205. --- "a/c:\\1\\sumokoin/.git/logs/HEAD"
206. +++ "b/c:\\1\\2\\sumokoin/.git/logs/HEAD"
207. @@ -1 +1 @@
208. -0000000000000000000000000000000000000000 5e990642905cef9d75931f202f9d400d3a1e94b0 Administrator <Administrator@EC2AMAZ-S6LBKHP.(none)> 1521577517 +0000 clone: from https://github.com/curie-kief/sumokoin
209. +0000000000000000000000000000000000000000 2561bd3170736c82c2d15a920fecb469d7207645 Administrator <Administrator@EC2AMAZ-S6LBKHP.(none)> 1521577569 +0000 clone: from https://github.com/curie-kief/sumokoin
210. diff --git "a/c:\\1\\sumokoin/.git/logs/refs/heads/master" "b/c:\\1\\sumokoin/.git/logs/refs/heads/master"
211. deleted file mode 100644
212. index 6c7ac38..0000000
213. --- "a/c:\\1\\sumokoin/.git/logs/refs/heads/master"
214. +++ /dev/null
215. @@ -1 +0,0 @@
216. -0000000000000000000000000000000000000000 5e990642905cef9d75931f202f9d400d3a1e94b0 Administrator <Administrator@EC2AMAZ-S6LBKHP.(none)> 1521577517 +0000 clone: from https://github.com/curie-kief/sumokoin
217. diff --git "a/c:\\1\\2\\sumokoin/.git/logs/refs/heads/pow-change" "b/c:\\1\\2\\sumokoin/.git/logs/refs/heads/pow-change"new file mode 100644
218. index 0000000..e91a8ea
219. --- /dev/null
220. +++ "b/c:\\1\\2\\sumokoin/.git/logs/refs/heads/pow-change"
221. @@ -0,0 +1 @@
222. +0000000000000000000000000000000000000000 2561bd3170736c82c2d15a920fecb469d7207645 Administrator <Administrator@EC2AMAZ-S6LBKHP.(none)> 1521577569 +0000 clone: from https://github.com/curie-kief/sumokoin
223. diff --git "a/c:\\1\\sumokoin/.git/logs/refs/remotes/origin/HEAD" "b/c:\\1\\2\\sumokoin/.git/logs/refs/remotes/origin/HEAD"
224. index 6c7ac38..8ed1bb8 100644
225. --- "a/c:\\1\\sumokoin/.git/logs/refs/remotes/origin/HEAD"
226. +++ "b/c:\\1\\2\\sumokoin/.git/logs/refs/remotes/origin/HEAD"
227. @@ -1 +1 @@
228. -0000000000000000000000000000000000000000 5e990642905cef9d75931f202f9d400d3a1e94b0 Administrator <Administrator@EC2AMAZ-S6LBKHP.(none)> 1521577517 +0000 clone: from https://github.com/curie-kief/sumokoin
229. +0000000000000000000000000000000000000000 5e990642905cef9d75931f202f9d400d3a1e94b0 Administrator <Administrator@EC2AMAZ-S6LBKHP.(none)> 1521577569 +0000 clone: from https://github.com/curie-kief/sumokoin
230. diff --git "a/c:\\1\\sumokoin/.git/refs/heads/master" "b/c:\\1\\sumokoin/.git/refs/heads/master"
231. deleted file mode 100644
232. index f2e26d7..0000000
233. --- "a/c:\\1\\sumokoin/.git/refs/heads/master"
234. +++ /dev/null
235. @@ -1 +0,0 @@
236. -5e990642905cef9d75931f202f9d400d3a1e94b0
237. diff --git "a/c:\\1\\2\\sumokoin/.git/refs/heads/pow-change" "b/c:\\1\\2\\sumokoin/.git/refs/heads/pow-change"
238. new file mode 100644
239. index 0000000..74512f5
240. --- /dev/null
241. +++ "b/c:\\1\\2\\sumokoin/.git/refs/heads/pow-change"
242. @@ -0,0 +1 @@
243. +2561bd3170736c82c2d15a920fecb469d7207645
244. diff --git "a/c:\\1\\sumokoin/CMakeLists.txt" "b/c:\\1\\2\\sumokoin/CMakeLists.txt"
245. index 6075c3e..e3d7a76 100644
246. --- "a/c:\\1\\sumokoin/CMakeLists.txt"
247. +++ "b/c:\\1\\2\\sumokoin/CMakeLists.txt"
248. @@ -568,6 +568,8 @@ else()
249. set(CMAKE_AR "gcc-ar")
250. set(CMAKE_RANLIB "gcc-ranlib")
251. endif()
252. + # Default ubuntu 16.04 LTS ld.bfd refuses to cooperate with LTO'ed ar libs for some reason, gold linker works, go figure
253. + set(RELEASE_FLAGS "${RELEASE_FLAGS} -fuse-ld=gold")
254. endif()
255. endif()
256.  
257. diff --git "a/c:\\1\\sumokoin/src/crypto/CMakeLists.txt" "b/c:\\1\\2\\sumokoin/src/crypto/CMakeLists.txt"
258. index 5f3e878..e8eec00 100644
259. --- "a/c:\\1\\sumokoin/src/crypto/CMakeLists.txt"
260. +++ "b/c:\\1\\2\\sumokoin/src/crypto/CMakeLists.txt"
261. @@ -34,18 +34,14 @@ set(crypto_sources
262. crypto-ops.c
263. crypto.cpp
264. groestl.c
265. - hash-extra-blake.c
266. - hash-extra-groestl.c
267. - hash-extra-jh.c
268. - hash-extra-skein.c
269. hash.c
270. jh.c
271. keccak.c
272. - oaes_lib.c
273. random.c
274. skein.c
275. - slow-hash.c
276. - tree-hash.c)
277. + tree-hash.c
278. + cn_slow_hash_soft.cpp
279. + cn_slow_hash_hard_intel.cpp)
280.  
281. set(crypto_headers)
282.  
283. @@ -62,11 +58,10 @@ set(crypto_private_headers
284. initializer.h
285. jh.h
286. keccak.h
287. - oaes_config.h
288. - oaes_lib.h
289. random.h
290. skein.h
291. - skein_port.h)
292. + skein_port.h
293. + cn_slow_hash.hpp)
294.  
295. sumokoin_private_headers(crypto
296. ${crypto_private_headers})
297. @@ -79,23 +74,3 @@ target_link_libraries(crypto
298. ${Boost_SYSTEM_LIBRARY}
299. PRIVATE
300. ${EXTRA_LIBRARIES})
301. -
302. -if (ARM)
303. - option(NO_OPTIMIZED_MULTIPLY_ON_ARM
304. - "Compute multiply using generic C implementation instead of ARM ASM" OFF)
305. - if(NO_OPTIMIZED_MULTIPLY_ON_ARM)
306. - message(STATUS "Using generic C implementation for multiply")
307. - set_property(SOURCE slow-hash.c
308. - PROPERTY COMPILE_DEFINITIONS "NO_OPTIMIZED_MULTIPLY_ON_ARM")
309. - endif()
310. -endif()
311. -
312. -# Because of the way Qt works on android with JNI, the code does not live in the
313. -# main android thread
314. -# So this code runs with a 1 MB default stack size.
315. -# This will force the use of the heap for the allocation of the scratchpad
316. -if (ANDROID OR IOS)
317. - if( BUILD_GUI_DEPS )
318. - add_definitions(-DFORCE_USE_HEAP=1)
319. - endif()
320. -endif()
321. diff --git "a/c:\\1\\sumokoin/src/crypto/chacha8.h" "b/c:\\1\\2\\sumokoin/src/crypto/chacha8.h"
322. index 94c0ba7..ded7914 100644
323. --- "a/c:\\1\\sumokoin/src/crypto/chacha8.h"
324. +++ "b/c:\\1\\2\\sumokoin/src/crypto/chacha8.h"
325. @@ -40,6 +40,7 @@
326. #include <memory.h>
327.  
328. #include "hash.h"
329. +#include "cn_slow_hash.hpp"
330.  
331. namespace crypto {
332. extern "C" {
333. @@ -72,8 +73,9 @@ namespace crypto {
334.  
335. inline void generate_chacha8_key(const void *data, size_t size, chacha8_key& key) {
336. static_assert(sizeof(chacha8_key) <= sizeof(hash), "Size of hash must be at least that of chacha8_key");
337. - char pwd_hash[HASH_SIZE];
338. - crypto::cn_slow_hash(data, size, pwd_hash);
339. + uint8_t pwd_hash[HASH_SIZE];
340. + cn_pow_hash_v1 kdf_hash;
341. + kdf_hash.hash(data, size, pwd_hash);
342. memcpy(&key, pwd_hash, sizeof(key));
343. memset(pwd_hash, 0, sizeof(pwd_hash));
344. }
345. diff --git "a/c:\\1\\2\\sumokoin/src/crypto/cn_slow_hash.hpp" "b/c:\\1\\2\\sumokoin/src/crypto/cn_slow_hash.hpp"
346. new file mode 100644
347. index 0000000..d35782e
348. --- /dev/null
349. +++ "b/c:\\1\\2\\sumokoin/src/crypto/cn_slow_hash.hpp"
350. @@ -0,0 +1,230 @@
351. +// Copyright (c) 2017, SUMOKOIN
352. +//
353. +// All rights reserved.
354. +//
355. +// Redistribution and use in source and binary forms, with or without modification, are
356. +// permitted provided that the following conditions are met:
357. +//
358. +// 1. Redistributions of source code must retain the above copyright notice, this list of
359. +// conditions and the following disclaimer.
360. +//
361. +// 2. Redistributions in binary form must reproduce the above copyright notice, this list
362. +// of conditions and the following disclaimer in the documentation and/or other
363. +// materials provided with the distribution.
364. +//
365. +// 3. Neither the name of the copyright holder nor the names of its contributors may be
366. +// used to endorse or promote products derived from this software without specific
367. +// prior written permission.
368. +//
369. +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
370. +// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
371. +// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
372. +// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
373. +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
374. +// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
375. +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
376. +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
377. +// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
378. +//
379. +// Parts of this file are originally copyright (c) 2014-2017, The Monero Project
380. +// Parts of this file are originally copyright (c) 2012-2013, The Cryptonote developers
381. +
382. +#pragma once
383. +
384. +#include <inttypes.h>
385. +#include <stddef.h>
386. +#include <stdlib.h>
387. +#include <assert.h>
388. +#include <string.h>
389. +
390. +// Note HAS_INTEL_HW and future HAS_ARM_HW only mean we can emit the AES instructions
391. +// check CPU support for the hardware AES encryption has to be done at runtime
392. +#if defined(__x86_64__) || defined(__i386__) || defined(_M_X86) || defined(_M_X64)
393. +#ifdef __GNUC__
394. +#include <x86intrin.h>
395. +#include <cpuid.h>
396. +#pragma GCC target ("aes")
397. +#define HAS_INTEL_HW
398. +#endif
399. +#if defined(_MSC_VER) && !defined(__MINGW32__) && !defined(__MINGW64__)
400. +#include <intrin.h>
401. +#define HAS_INTEL_HW
402. +#endif
403. +#endif
404. +
405. +#if defined(_WIN32) || defined(_WIN64)
406. +#include <malloc.h>
407. +#define WIN_MEM_ALIGN
408. +#endif
409. +
410. +#ifdef HAS_INTEL_HW
411. +inline void cpuid(uint32_t eax, int32_t ecx, int32_t val[4])
412. +{
413. + val[0] = 0;
414. + val[1] = 0;
415. + val[2] = 0;
416. + val[3] = 0;
417. +
418. +#if defined(_MSC_VER) && !defined(__MINGW32__) && !defined(__MINGW64__)
419. + __cpuidex(val, eax, ecx);
420. +#else
421. + __cpuid_count(eax, ecx, val[0], val[1], val[2], val[3]);
422. +#endif
423. +}
424. +
425. +inline bool hw_check_aes()
426. +{
427. + int32_t cpu_info[4];
428. + cpuid(1, 0, cpu_info);
429. + return (cpu_info[2] & (1 << 25)) != 0;
430. +}
431. +#endif
432. +
433. +#ifdef HAS_ARM_HW
434. +inline bool hw_check_aes()
435. +{
436. + return false;
437. +}
438. +#endif
439. +
440. +#if !defined(HAS_INTEL_HW) && !defined(HAS_ARM_HW)
441. +inline bool hw_check_aes()
442. +{
443. + return false;
444. +}
445. +#endif
446. +
447. +// This cruft avoids casting-galore and allows us not to worry about sizeof(void*)
448. +union cn_sptr
449. +{
450. + cn_sptr() : as_void(nullptr) {}
451. + cn_sptr(uint64_t* ptr) { as_uqword = ptr; }
452. + cn_sptr(uint32_t* ptr) { as_udword = ptr; }
453. + cn_sptr(uint8_t* ptr) { as_byte = ptr; }
454. +#ifdef HAS_INTEL_HW
455. + cn_sptr(__m128i* ptr) { as_xmm = ptr; }
456. +#endif
457. +
458. + void* as_void;
459. + uint8_t* as_byte;
460. + uint64_t* as_uqword;
461. + int32_t* as_dword;
462. + uint32_t* as_udword;
463. +#ifdef HAS_INTEL_HW
464. + __m128i* as_xmm;
465. +#endif
466. +};
467. +
468. +#include <stdio.h>
469. +#include <signal.h>
470. +template<size_t MEMORY, size_t ITER>
471. +class cn_slow_hash
472. +{
473. +public:
474. + cn_slow_hash()
475. + {
476. +#if !defined(WIN_MEM_ALIGN)
477. + lpad.as_void = aligned_alloc(4096, MEMORY);
478. + spad.as_void = aligned_alloc(4096, 4096);
479. +#else
480. + lpad.as_void = _aligned_malloc(MEMORY, 4096);
481. + spad.as_void = _aligned_malloc(4096, 4096);
482. +#endif
483. + }
484. +
485. + cn_slow_hash (cn_slow_hash&& other) noexcept : lpad(other.lpad.as_byte), spad(other.spad.as_byte)
486. + {
487. + other.lpad.as_byte = nullptr;
488. + other.spad.as_byte = nullptr;
489. + }
490. +
491. + cn_slow_hash& operator= (cn_slow_hash&& other) noexcept
492. + {
493. + if(this == &other)
494. + return *this;
495. +
496. + free_mem();
497. + lpad.as_byte = other.lpad.as_byte;
498. + spad.as_byte = spad.as_byte;
499. + return *this;
500. + }
501. +
502. + // Copying is going to be really inefficient
503. + cn_slow_hash(const cn_slow_hash& other) = delete;
504. + cn_slow_hash& operator= (const cn_slow_hash& other) = delete;
505. +
506. + ~cn_slow_hash()
507. + {
508. + free_mem();
509. + }
510. +
511. + void hash(const void* in, size_t len, void* out)
512. + {
513. + if(hw_check_aes() && !check_override())
514. + hardware_hash(in, len, out);
515. + else
516. + software_hash(in, len, out);
517. + }
518. +
519. + void software_hash(const void* in, size_t len, void* out);
520. +
521. +#if !defined(HAS_INTEL_HW) && !defined(HAS_ARM_HW)
522. + inline void hardware_hash(const void* in, size_t len, void* out) { assert(false); }
523. +#else
524. + void hardware_hash(const void* in, size_t len, void* out);
525. +#endif
526. +
527. +private:
528. + static constexpr size_t MASK = ((MEMORY-1) >> 4) << 4;
529. +
530. + inline bool check_override()
531. + {
532. + const char *env = getenv("SUMO_USE_SOFTWARE_AES");
533. + if (!env) {
534. + return false;
535. + }
536. + else if (!strcmp(env, "0") || !strcmp(env, "no")) {
537. + return false;
538. + }
539. + else {
540. + return true;
541. + }
542. + }
543. +
544. + inline void free_mem()
545. + {
546. +#if !defined(WIN_MEM_ALIGN)
547. + if(lpad.as_void != nullptr)
548. + free(lpad.as_void);
549. + if(lpad.as_void != nullptr)
550. + free(spad.as_void);
551. +#else
552. + if(lpad.as_void != nullptr)
553. + _aligned_free(lpad.as_void);
554. + if(lpad.as_void != nullptr)
555. + _aligned_free(spad.as_void);
556. +#endif
557. + lpad.as_void = nullptr;
558. + spad.as_void = nullptr;
559. + }
560. +
561. + inline cn_sptr scratchpad_ptr(uint32_t idx) { return lpad.as_byte + (idx & MASK); }
562. +
563. +#if !defined(HAS_INTEL_HW) && !defined(HAS_ARM_HW)
564. + inline void explode_scratchpad_hard() { assert(false); }
565. + inline void implode_scratchpad_hard() { assert(false); }
566. +#else
567. + void explode_scratchpad_hard();
568. + void implode_scratchpad_hard();
569. +#endif
570. +
571. + void explode_scratchpad_soft();
572. + void implode_scratchpad_soft();
573. +
574. + cn_sptr lpad;
575. + cn_sptr spad;
576. +};
577. +
578. +using cn_pow_hash_v1 = cn_slow_hash<2*1024*1024, 0x80000>;
579. +
580. +extern template class cn_slow_hash<2*1024*1024, 0x80000>;
581. diff --git "a/c:\\1\\2\\sumokoin/src/crypto/cn_slow_hash_hard_intel.cpp" "b/c:\\1\\2\\sumokoin/src/crypto/cn_slow_hash_hard_intel.cpp"
582. new file mode 100644
583. index 0000000..f19fdd8
584. --- /dev/null
585. +++ "b/c:\\1\\2\\sumokoin/src/crypto/cn_slow_hash_hard_intel.cpp"
586. @@ -0,0 +1,314 @@
587. +// Copyright (c) 2017, SUMOKOIN
588. +//
589. +// All rights reserved.
590. +//
591. +// Redistribution and use in source and binary forms, with or without modification, are
592. +// permitted provided that the following conditions are met:
593. +//
594. +// 1. Redistributions of source code must retain the above copyright notice, this list of
595. +// conditions and the following disclaimer.
596. +//
597. +// 2. Redistributions in binary form must reproduce the above copyright notice, this list
598. +// of conditions and the following disclaimer in the documentation and/or other
599. +// materials provided with the distribution.
600. +//
601. +// 3. Neither the name of the copyright holder nor the names of its contributors may be
602. +// used to endorse or promote products derived from this software without specific
603. +// prior written permission.
604. +//
605. +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
606. +// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
607. +// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
608. +// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
609. +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
610. +// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
611. +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
612. +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
613. +// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
614. +//
615. +// Parts of this file are originally copyright (c) 2014-2017, The Monero Project
616. +// Parts of this file are originally copyright (c) 2012-2013, The Cryptonote developers
617. +
618. +#include "cn_slow_hash.hpp"
619. +#include "keccak.h"
620. +
621. +#ifdef HAS_INTEL_HW
622. +
623. +#if !defined(_LP64) && !defined(_WIN64)
624. +#define BUILD32
625. +#endif
626. +
627. +// sl_xor(a1 a2 a3 a4) = a1 (a2^a1) (a3^a2^a1) (a4^a3^a2^a1)
628. +inline __m128i sl_xor(__m128i tmp1)
629. +{
630. + __m128i tmp4;
631. + tmp4 = _mm_slli_si128(tmp1, 0x04);
632. + tmp1 = _mm_xor_si128(tmp1, tmp4);
633. + tmp4 = _mm_slli_si128(tmp4, 0x04);
634. + tmp1 = _mm_xor_si128(tmp1, tmp4);
635. + tmp4 = _mm_slli_si128(tmp4, 0x04);
636. + tmp1 = _mm_xor_si128(tmp1, tmp4);
637. + return tmp1;
638. +}
639. +
640. +template<uint8_t rcon>
641. +inline void aes_genkey_sub(__m128i& xout0, __m128i& xout2)
642. +{
643. + __m128i xout1 = _mm_aeskeygenassist_si128(xout2, rcon);
644. + xout1 = _mm_shuffle_epi32(xout1, 0xFF);
645. + xout0 = sl_xor(xout0);
646. + xout0 = _mm_xor_si128(xout0, xout1);
647. + xout1 = _mm_aeskeygenassist_si128(xout0, 0x00);
648. + xout1 = _mm_shuffle_epi32(xout1, 0xAA);
649. + xout2 = sl_xor(xout2);
650. + xout2 = _mm_xor_si128(xout2, xout1);
651. +}
652. +
653. +inline void aes_genkey(const __m128i* memory, __m128i& k0, __m128i& k1, __m128i& k2, __m128i& k3, __m128i& k4,
654. + __m128i& k5, __m128i& k6, __m128i& k7, __m128i& k8, __m128i& k9)
655. +{
656. + __m128i xout0, xout2;
657. +
658. + xout0 = _mm_load_si128(memory);
659. + xout2 = _mm_load_si128(memory + 1);
660. + k0 = xout0;
661. + k1 = xout2;
662. +
663. + aes_genkey_sub<0x01>(xout0, xout2);
664. + k2 = xout0;
665. + k3 = xout2;
666. +
667. + aes_genkey_sub<0x02>(xout0, xout2);
668. + k4 = xout0;
669. + k5 = xout2;
670. +
671. + aes_genkey_sub<0x04>(xout0, xout2);
672. + k6 = xout0;
673. + k7 = xout2;
674. +
675. + aes_genkey_sub<0x08>(xout0, xout2);
676. + k8 = xout0;
677. + k9 = xout2;
678. +}
679. +
680. +inline void aes_round8(const __m128i& key, __m128i& x0, __m128i& x1, __m128i& x2, __m128i& x3, __m128i& x4, __m128i& x5, __m128i& x6, __m128i& x7)
681. +{
682. + x0 = _mm_aesenc_si128(x0, key);
683. + x1 = _mm_aesenc_si128(x1, key);
684. + x2 = _mm_aesenc_si128(x2, key);
685. + x3 = _mm_aesenc_si128(x3, key);
686. + x4 = _mm_aesenc_si128(x4, key);
687. + x5 = _mm_aesenc_si128(x5, key);
688. + x6 = _mm_aesenc_si128(x6, key);
689. + x7 = _mm_aesenc_si128(x7, key);
690. +}
691. +
692. +template<size_t MEMORY, size_t ITER>
693. +void cn_slow_hash<MEMORY,ITER>::implode_scratchpad_hard()
694. +{
695. + __m128i x0, x1, x2, x3, x4, x5, x6, x7;
696. + __m128i k0, k1, k2, k3, k4, k5, k6, k7, k8, k9;
697. +
698. + aes_genkey(spad.as_xmm + 2, k0, k1, k2, k3, k4, k5, k6, k7, k8, k9);
699. +
700. + x0 = _mm_load_si128(spad.as_xmm + 4);
701. + x1 = _mm_load_si128(spad.as_xmm + 5);
702. + x2 = _mm_load_si128(spad.as_xmm + 6);
703. + x3 = _mm_load_si128(spad.as_xmm + 7);
704. + x4 = _mm_load_si128(spad.as_xmm + 8);
705. + x5 = _mm_load_si128(spad.as_xmm + 9);
706. + x6 = _mm_load_si128(spad.as_xmm + 10);
707. + x7 = _mm_load_si128(spad.as_xmm + 11);
708. +
709. + for (size_t i = 0; i < MEMORY / sizeof(__m128i); i +=8)
710. + {
711. + x0 = _mm_xor_si128(_mm_load_si128(lpad.as_xmm + i + 0), x0);
712. + x1 = _mm_xor_si128(_mm_load_si128(lpad.as_xmm + i + 1), x1);
713. + x2 = _mm_xor_si128(_mm_load_si128(lpad.as_xmm + i + 2), x2);
714. + x3 = _mm_xor_si128(_mm_load_si128(lpad.as_xmm + i + 3), x3);
715. + x4 = _mm_xor_si128(_mm_load_si128(lpad.as_xmm + i + 4), x4);
716. + x5 = _mm_xor_si128(_mm_load_si128(lpad.as_xmm + i + 5), x5);
717. + x6 = _mm_xor_si128(_mm_load_si128(lpad.as_xmm + i + 6), x6);
718. + x7 = _mm_xor_si128(_mm_load_si128(lpad.as_xmm + i + 7), x7);
719. +
720. + aes_round8(k0, x0, x1, x2, x3, x4, x5, x6, x7);
721. + aes_round8(k1, x0, x1, x2, x3, x4, x5, x6, x7);
722. + aes_round8(k2, x0, x1, x2, x3, x4, x5, x6, x7);
723. + aes_round8(k3, x0, x1, x2, x3, x4, x5, x6, x7);
724. + aes_round8(k4, x0, x1, x2, x3, x4, x5, x6, x7);
725. + aes_round8(k5, x0, x1, x2, x3, x4, x5, x6, x7);
726. + aes_round8(k6, x0, x1, x2, x3, x4, x5, x6, x7);
727. + aes_round8(k7, x0, x1, x2, x3, x4, x5, x6, x7);
728. + aes_round8(k8, x0, x1, x2, x3, x4, x5, x6, x7);
729. + aes_round8(k9, x0, x1, x2, x3, x4, x5, x6, x7);
730. + }
731. +
732. + _mm_store_si128(spad.as_xmm + 4, x0);
733. + _mm_store_si128(spad.as_xmm + 5, x1);
734. + _mm_store_si128(spad.as_xmm + 6, x2);
735. + _mm_store_si128(spad.as_xmm + 7, x3);
736. + _mm_store_si128(spad.as_xmm + 8, x4);
737. + _mm_store_si128(spad.as_xmm + 9, x5);
738. + _mm_store_si128(spad.as_xmm + 10, x6);
739. + _mm_store_si128(spad.as_xmm + 11, x7);
740. +}
741. +
742. +template<size_t MEMORY, size_t ITER>
743. +void cn_slow_hash<MEMORY,ITER>::explode_scratchpad_hard()
744. +{
745. + __m128i x0, x1, x2, x3, x4, x5, x6, x7;
746. + __m128i k0, k1, k2, k3, k4, k5, k6, k7, k8, k9;
747. +
748. + aes_genkey(spad.as_xmm, k0, k1, k2, k3, k4, k5, k6, k7, k8, k9);
749. +
750. + x0 = _mm_load_si128(spad.as_xmm + 4);
751. + x1 = _mm_load_si128(spad.as_xmm + 5);
752. + x2 = _mm_load_si128(spad.as_xmm + 6);
753. + x3 = _mm_load_si128(spad.as_xmm + 7);
754. + x4 = _mm_load_si128(spad.as_xmm + 8);
755. + x5 = _mm_load_si128(spad.as_xmm + 9);
756. + x6 = _mm_load_si128(spad.as_xmm + 10);
757. + x7 = _mm_load_si128(spad.as_xmm + 11);
758. +
759. + for(size_t i = 0; i < MEMORY / sizeof(__m128i); i += 8)
760. + {
761. + aes_round8(k0, x0, x1, x2, x3, x4, x5, x6, x7);
762. + aes_round8(k1, x0, x1, x2, x3, x4, x5, x6, x7);
763. + aes_round8(k2, x0, x1, x2, x3, x4, x5, x6, x7);
764. + aes_round8(k3, x0, x1, x2, x3, x4, x5, x6, x7);
765. + aes_round8(k4, x0, x1, x2, x3, x4, x5, x6, x7);
766. + aes_round8(k5, x0, x1, x2, x3, x4, x5, x6, x7);
767. + aes_round8(k6, x0, x1, x2, x3, x4, x5, x6, x7);
768. + aes_round8(k7, x0, x1, x2, x3, x4, x5, x6, x7);
769. + aes_round8(k8, x0, x1, x2, x3, x4, x5, x6, x7);
770. + aes_round8(k9, x0, x1, x2, x3, x4, x5, x6, x7);
771. +
772. + _mm_store_si128(lpad.as_xmm + i + 0, x0);
773. + _mm_store_si128(lpad.as_xmm + i + 1, x1);
774. + _mm_store_si128(lpad.as_xmm + i + 2, x2);
775. + _mm_store_si128(lpad.as_xmm + i + 3, x3);
776. + _mm_store_si128(lpad.as_xmm + i + 4, x4);
777. + _mm_store_si128(lpad.as_xmm + i + 5, x5);
778. + _mm_store_si128(lpad.as_xmm + i + 6, x6);
779. + _mm_store_si128(lpad.as_xmm + i + 7, x7);
780. + }
781. +}
782. +
783. +#ifdef BUILD32
784. +inline uint64_t _umul128(uint64_t multiplier, uint64_t multiplicand, uint64_t* product_hi)
785. +{
786. + // multiplier = ab = a * 2^32 + b
787. + // multiplicand = cd = c * 2^32 + d
788. + // ab * cd = a * c * 2^64 + (a * d + b * c) * 2^32 + b * d
789. + uint64_t a = multiplier >> 32;
790. + uint64_t b = multiplier & 0xFFFFFFFF;
791. + uint64_t c = multiplicand >> 32;
792. + uint64_t d = multiplicand & 0xFFFFFFFF;
793. +
794. + uint64_t ac = a * c;
795. + uint64_t ad = a * d;
796. + uint64_t bc = b * c;
797. + uint64_t bd = b * d;
798. +
799. + uint64_t adbc = ad + bc;
800. + uint64_t adbc_carry = adbc < ad ? 1 : 0;
801. +
802. + // multiplier * multiplicand = product_hi * 2^64 + product_lo
803. + uint64_t product_lo = bd + (adbc << 32);
804. + uint64_t product_lo_carry = product_lo < bd ? 1 : 0;
805. + *product_hi = ac + (adbc >> 32) + (adbc_carry << 32) + product_lo_carry;
806. +
807. + return product_lo;
808. +}
809. +#else
810. +inline uint64_t _umul128(uint64_t a, uint64_t b, uint64_t* hi)
811. +{
812. + unsigned __int128 r = (unsigned __int128)a * (unsigned __int128)b;
813. + *hi = r >> 64;
814. + return (uint64_t)r;
815. +}
816. +#endif
817. +
818. +extern "C" void blake256_hash(uint8_t*, const uint8_t*, uint64_t);
819. +extern "C" void groestl(const uint8_t*, uint64_t, uint8_t*);
820. +extern "C" size_t jh_hash(int, const uint8_t*, size_t databitlen, uint8_t*);
821. +extern "C" size_t skein_hash(int, const uint8_t*, size_t, uint8_t*);
822. +
823. +inline uint64_t xmm_extract_64(__m128i x)
824. +{
825. +#ifdef BUILD32
826. + uint64_t r = uint32_t(_mm_cvtsi128_si32(_mm_shuffle_epi32(x, _MM_SHUFFLE(1,1,1,1))));
827. + r <<= 32;
828. + r |= uint32_t(_mm_cvtsi128_si32(x));
829. + return r;
830. +#else
831. + return _mm_cvtsi128_si64(x);
832. +#endif
833. +}
834. +
835. +template<size_t MEMORY, size_t ITER>
836. +void cn_slow_hash<MEMORY,ITER>::hardware_hash(const void* in, size_t len, void* out)
837. +{
838. + keccak((const uint8_t *)in, len, spad.as_byte, 200);
839. +
840. + explode_scratchpad_hard();
841. +
842. + uint64_t* h0 = spad.as_uqword;
843. +
844. + uint64_t al0 = h0[0] ^ h0[4];
845. + uint64_t ah0 = h0[1] ^ h0[5];
846. + __m128i bx0 = _mm_set_epi64x(h0[3] ^ h0[7], h0[2] ^ h0[6]);
847. +
848. + uint64_t idx0 = h0[0] ^ h0[4];
849. +
850. + // Optim - 90% time boundary
851. + for(size_t i = 0; i < ITER; i++)
852. + {
853. + __m128i cx;
854. + cx = _mm_load_si128(scratchpad_ptr(idx0).as_xmm);
855. +
856. + cx = _mm_aesenc_si128(cx, _mm_set_epi64x(ah0, al0));
857. +
858. + _mm_store_si128(scratchpad_ptr(idx0).as_xmm, _mm_xor_si128(bx0, cx));
859. + idx0 = xmm_extract_64(cx);
860. + bx0 = cx;
861. +
862. + uint64_t hi, lo, cl, ch;
863. + cl = scratchpad_ptr(idx0).as_uqword[0];
864. + ch = scratchpad_ptr(idx0).as_uqword[1];
865. +
866. + lo = _umul128(idx0, cl, &hi);
867. +
868. + al0 += hi;
869. + ah0 += lo;
870. + scratchpad_ptr(idx0).as_uqword[0] = al0;
871. + scratchpad_ptr(idx0).as_uqword[1] = ah0;
872. + ah0 ^= ch;
873. + al0 ^= cl;
874. + idx0 = al0;
875. + }
876. +
877. + implode_scratchpad_hard();
878. +
879. + keccakf(spad.as_uqword, 24);
880. +
881. + switch(spad.as_byte[0] & 3)
882. + {
883. + case 0:
884. + blake256_hash((uint8_t*)out, spad.as_byte, 200);
885. + break;
886. + case 1:
887. + groestl(spad.as_byte, 200 * 8, (uint8_t*)out);
888. + break;
889. + case 2:
890. + jh_hash(32 * 8, spad.as_byte, 8 * 200, (uint8_t*)out);
891. + break;
892. + case 3:
893. + skein_hash(8 * 32, spad.as_byte, 8 * 200, (uint8_t*)out);
894. + break;
895. + }
896. +}
897. +
898. +template class cn_slow_hash<2*1024*1024, 0x80000>;
899. +
900. +#endif
901. diff --git "a/c:\\1\\2\\sumokoin/src/crypto/cn_slow_hash_soft.cpp" "b/c:\\1\\2\\sumokoin/src/crypto/cn_slow_hash_soft.cpp"
902. new file mode 100644
903. index 0000000..f48e7fe
904. --- /dev/null
905. +++ "b/c:\\1\\2\\sumokoin/src/crypto/cn_slow_hash_soft.cpp"
906. @@ -0,0 +1,487 @@
907. +// Copyright (c) 2017, SUMOKOIN
908. +//
909. +// All rights reserved.
910. +//
911. +// Redistribution and use in source and binary forms, with or without modification, are
912. +// permitted provided that the following conditions are met:
913. +//
914. +// 1. Redistributions of source code must retain the above copyright notice, this list of
915. +// conditions and the following disclaimer.
916. +//
917. +// 2. Redistributions in binary form must reproduce the above copyright notice, this list
918. +// of conditions and the following disclaimer in the documentation and/or other
919. +// materials provided with the distribution.
920. +//
921. +// 3. Neither the name of the copyright holder nor the names of its contributors may be
922. +// used to endorse or promote products derived from this software without specific
923. +// prior written permission.
924. +//
925. +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
926. +// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
927. +// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
928. +// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
929. +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
930. +// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
931. +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
932. +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
933. +// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
934. +//
935. +// Parts of this file are originally copyright (c) 2012-2013, The Cryptonote developers
936. +
937. +#include "cn_slow_hash.hpp"
938. +#include "keccak.h"
939. +
940. +/*
941. +AES Tables Implementation is
942. +---------------------------------------------------------------------------
943. +Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
944. +
945. +The redistribution and use of this software (with or without changes)
946. +is allowed without the payment of fees or royalties provided that:
947. +
948. + source code distributions include the above copyright notice, this
949. + list of conditions and the following disclaimer;
950. +
951. + binary distributions include the above copyright notice, this list
952. + of conditions and the following disclaimer in their documentation.
953. +
954. +This software is provided 'as is' with no explicit or implied warranties
955. +in respect of its operation, including, but not limited to, correctness
956. +and fitness for purpose.
957. +---------------------------------------------------------------------------
958. +*/
959. +
960. +#if !defined(_LP64) && !defined(_WIN64)
961. +#define BUILD32
962. +#endif
963. +
964. +#define saes_data(w) {\
965. + w(0x63), w(0x7c), w(0x77), w(0x7b), w(0xf2), w(0x6b), w(0x6f), w(0xc5),\
966. + w(0x30), w(0x01), w(0x67), w(0x2b), w(0xfe), w(0xd7), w(0xab), w(0x76),\
967. + w(0xca), w(0x82), w(0xc9), w(0x7d), w(0xfa), w(0x59), w(0x47), w(0xf0),\
968. + w(0xad), w(0xd4), w(0xa2), w(0xaf), w(0x9c), w(0xa4), w(0x72), w(0xc0),\
969. + w(0xb7), w(0xfd), w(0x93), w(0x26), w(0x36), w(0x3f), w(0xf7), w(0xcc),\
970. + w(0x34), w(0xa5), w(0xe5), w(0xf1), w(0x71), w(0xd8), w(0x31), w(0x15),\
971. + w(0x04), w(0xc7), w(0x23), w(0xc3), w(0x18), w(0x96), w(0x05), w(0x9a),\
972. + w(0x07), w(0x12), w(0x80), w(0xe2), w(0xeb), w(0x27), w(0xb2), w(0x75),\
973. + w(0x09), w(0x83), w(0x2c), w(0x1a), w(0x1b), w(0x6e), w(0x5a), w(0xa0),\
974. + w(0x52), w(0x3b), w(0xd6), w(0xb3), w(0x29), w(0xe3), w(0x2f), w(0x84),\
975. + w(0x53), w(0xd1), w(0x00), w(0xed), w(0x20), w(0xfc), w(0xb1), w(0x5b),\
976. + w(0x6a), w(0xcb), w(0xbe), w(0x39), w(0x4a), w(0x4c), w(0x58), w(0xcf),\
977. + w(0xd0), w(0xef), w(0xaa), w(0xfb), w(0x43), w(0x4d), w(0x33), w(0x85),\
978. + w(0x45), w(0xf9), w(0x02), w(0x7f), w(0x50), w(0x3c), w(0x9f), w(0xa8),\
979. + w(0x51), w(0xa3), w(0x40), w(0x8f), w(0x92), w(0x9d), w(0x38), w(0xf5),\
980. + w(0xbc), w(0xb6), w(0xda), w(0x21), w(0x10), w(0xff), w(0xf3), w(0xd2),\
981. + w(0xcd), w(0x0c), w(0x13), w(0xec), w(0x5f), w(0x97), w(0x44), w(0x17),\
982. + w(0xc4), w(0xa7), w(0x7e), w(0x3d), w(0x64), w(0x5d), w(0x19), w(0x73),\
983. + w(0x60), w(0x81), w(0x4f), w(0xdc), w(0x22), w(0x2a), w(0x90), w(0x88),\
984. + w(0x46), w(0xee), w(0xb8), w(0x14), w(0xde), w(0x5e), w(0x0b), w(0xdb),\
985. + w(0xe0), w(0x32), w(0x3a), w(0x0a), w(0x49), w(0x06), w(0x24), w(0x5c),\
986. + w(0xc2), w(0xd3), w(0xac), w(0x62), w(0x91), w(0x95), w(0xe4), w(0x79),\
987. + w(0xe7), w(0xc8), w(0x37), w(0x6d), w(0x8d), w(0xd5), w(0x4e), w(0xa9),\
988. + w(0x6c), w(0x56), w(0xf4), w(0xea), w(0x65), w(0x7a), w(0xae), w(0x08),\
989. + w(0xba), w(0x78), w(0x25), w(0x2e), w(0x1c), w(0xa6), w(0xb4), w(0xc6),\
990. + w(0xe8), w(0xdd), w(0x74), w(0x1f), w(0x4b), w(0xbd), w(0x8b), w(0x8a),\
991. + w(0x70), w(0x3e), w(0xb5), w(0x66), w(0x48), w(0x03), w(0xf6), w(0x0e),\
992. + w(0x61), w(0x35), w(0x57), w(0xb9), w(0x86), w(0xc1), w(0x1d), w(0x9e),\
993. + w(0xe1), w(0xf8), w(0x98), w(0x11), w(0x69), w(0xd9), w(0x8e), w(0x94),\
994. + w(0x9b), w(0x1e), w(0x87), w(0xe9), w(0xce), w(0x55), w(0x28), w(0xdf),\
995. + w(0x8c), w(0xa1), w(0x89), w(0x0d), w(0xbf), w(0xe6), w(0x42), w(0x68),\
996. + w(0x41), w(0x99), w(0x2d), w(0x0f), w(0xb0), w(0x54), w(0xbb), w(0x16) }
997. +
998. +#define SAES_WPOLY 0x011b
999. +
1000. +#define saes_b2w(b0, b1, b2, b3) (((uint32_t)(b3) << 24) | \
1001. + ((uint32_t)(b2) << 16) | ((uint32_t)(b1) << 8) | (b0))
1002. +
1003. +#define saes_f2(x) ((x<<1) ^ (((x>>7) & 1) * SAES_WPOLY))
1004. +#define saes_f3(x) (saes_f2(x) ^ x)
1005. +#define saes_h0(x) (x)
1006. +
1007. +#define saes_u0(p) saes_b2w(saes_f2(p), p, p, saes_f3(p))
1008. +#define saes_u1(p) saes_b2w(saes_f3(p), saes_f2(p), p, p)
1009. +#define saes_u2(p) saes_b2w( p, saes_f3(p), saes_f2(p), p)
1010. +#define saes_u3(p) saes_b2w( p, p, saes_f3(p), saes_f2(p))
1011. +
1012. +alignas(16) const uint32_t saes_table[4][256] = { saes_data(saes_u0), saes_data(saes_u1), saes_data(saes_u2), saes_data(saes_u3) };
1013. +alignas(16) const uint8_t saes_sbox[256] = saes_data(saes_h0);
1014. +
1015. +struct u32
1016. +{
1017. + uint32_t x0;
1018. + uint32_t x1;
1019. + uint32_t x2;
1020. + uint32_t x3;
1021. +};
1022. +
1023. +struct u64
1024. +{
1025. + uint64_t x0;
1026. + uint64_t x1;
1027. +};
1028. +
1029. +struct aesdata
1030. +{
1031. + union
1032. + {
1033. + u32 v32;
1034. + u64 v64;
1035. + };
1036. +
1037. + inline void load(const cn_sptr mem)
1038. + {
1039. +#ifdef BUILD32
1040. + v32.x0 = mem.as_udword[0];
1041. + v32.x1 = mem.as_udword[1];
1042. + v32.x2 = mem.as_udword[2];
1043. + v32.x3 = mem.as_udword[3];
1044. +#else
1045. + v64.x0 = mem.as_uqword[0];
1046. + v64.x1 = mem.as_uqword[1];
1047. +#endif
1048. + }
1049. +
1050. + inline void xor_load(const cn_sptr mem)
1051. + {
1052. +#ifdef BUILD32
1053. + v32.x0 ^= mem.as_udword[0];
1054. + v32.x1 ^= mem.as_udword[1];
1055. + v32.x2 ^= mem.as_udword[2];
1056. + v32.x3 ^= mem.as_udword[3];
1057. +#else
1058. + v64.x0 ^= mem.as_uqword[0];
1059. + v64.x1 ^= mem.as_uqword[1];
1060. +#endif
1061. + }
1062. +
1063. + inline void write(cn_sptr mem)
1064. + {
1065. +#ifdef BUILD32
1066. + mem.as_udword[0] = v32.x0;
1067. + mem.as_udword[1] = v32.x1;
1068. + mem.as_udword[2] = v32.x2;
1069. + mem.as_udword[3] = v32.x3;
1070. +#else
1071. + mem.as_uqword[0] = v64.x0;
1072. + mem.as_uqword[1] = v64.x1;
1073. +#endif
1074. + }
1075. +
1076. + inline aesdata& operator^=(const aesdata& rhs) noexcept
1077. + {
1078. +#ifdef BUILD32
1079. + v32.x0 ^= rhs.v32.x0;
1080. + v32.x1 ^= rhs.v32.x1;
1081. + v32.x2 ^= rhs.v32.x2;
1082. + v32.x3 ^= rhs.v32.x3;
1083. +#else
1084. + v64.x0 ^= rhs.v64.x0;
1085. + v64.x1 ^= rhs.v64.x1;
1086. +#endif
1087. + return *this;
1088. + }
1089. +
1090. + inline aesdata& operator^=(uint32_t rhs) noexcept
1091. + {
1092. + v32.x0 ^= rhs;
1093. + v32.x1 ^= rhs;
1094. + v32.x2 ^= rhs;
1095. + v32.x3 ^= rhs;
1096. + return *this;
1097. + }
1098. +};
1099. +
1100. +inline uint32_t sub_word(uint32_t key)
1101. +{
1102. + return (saes_sbox[key >> 24 ] << 24) | (saes_sbox[(key >> 16) & 0xff] << 16 ) |
1103. + (saes_sbox[(key >> 8) & 0xff] << 8 ) | saes_sbox[key & 0xff];
1104. +}
1105. +
1106. +#if defined(__clang__) || defined(__arm__) || defined(__aarch64__)
1107. +inline uint32_t rotr(uint32_t value, uint32_t amount)
1108. +{
1109. + return (value >> amount) | (value << ((32 - amount) & 31));
1110. +}
1111. +#else
1112. +inline uint32_t rotr(uint32_t value, uint32_t amount)
1113. +{
1114. + return _rotr(value, amount);
1115. +}
1116. +#endif
1117. +
1118. +// sl_xor(a1 a2 a3 a4) = a1 (a2^a1) (a3^a2^a1) (a4^a3^a2^a1)
1119. +inline void sl_xor(aesdata& x)
1120. +{
1121. + x.v32.x1 ^= x.v32.x0;
1122. + x.v32.x2 ^= x.v32.x1;
1123. + x.v32.x3 ^= x.v32.x2;
1124. +}
1125. +
1126. +template<uint8_t rcon>
1127. +inline void soft_aes_genkey_sub(aesdata& xout0, aesdata& xout2)
1128. +{
1129. + sl_xor(xout0);
1130. + xout0 ^= rotr(sub_word(xout2.v32.x3), 8) ^ rcon;
1131. + sl_xor(xout2);
1132. + xout2 ^= sub_word(xout0.v32.x3);
1133. +}
1134. +
1135. +inline void aes_genkey(const cn_sptr memory, aesdata& k0, aesdata& k1, aesdata& k2, aesdata& k3, aesdata& k4, aesdata& k5, aesdata& k6, aesdata& k7, aesdata& k8, aesdata& k9)
1136. +{
1137. + aesdata xout0, xout2;
1138. +
1139. + xout0.load(memory.as_uqword);
1140. + xout2.load(memory.as_uqword+2);
1141. + k0 = xout0;
1142. + k1 = xout2;
1143. +
1144. + soft_aes_genkey_sub<0x01>(xout0, xout2);
1145. + k2 = xout0;
1146. + k3 = xout2;
1147. +
1148. + soft_aes_genkey_sub<0x02>(xout0, xout2);
1149. + k4 = xout0;
1150. + k5 = xout2;
1151. +
1152. + soft_aes_genkey_sub<0x04>(xout0, xout2);
1153. + k6 = xout0;
1154. + k7 = xout2;
1155. +
1156. + soft_aes_genkey_sub<0x08>(xout0, xout2);
1157. + k8 = xout0;
1158. + k9 = xout2;
1159. +}
1160. +
1161. +inline void aes_round(aesdata& val, const aesdata& key)
1162. +{
1163. + u32 v = val.v32;
1164. + val.v32.x3 = saes_table[0][v.x3 & 0xff] ^ saes_table[1][(v.x0 >> 8) & 0xff] ^ saes_table[2][(v.x1 >> 16) & 0xff] ^ saes_table[3][v.x2 >> 24];
1165. + val.v32.x2 = saes_table[0][v.x2 & 0xff] ^ saes_table[1][(v.x3 >> 8) & 0xff] ^ saes_table[2][(v.x0 >> 16) & 0xff] ^ saes_table[3][v.x1 >> 24];
1166. + val.v32.x1 = saes_table[0][v.x1 & 0xff] ^ saes_table[1][(v.x2 >> 8) & 0xff] ^ saes_table[2][(v.x3 >> 16) & 0xff] ^ saes_table[3][v.x0 >> 24];
1167. + val.v32.x0 = saes_table[0][v.x0 & 0xff] ^ saes_table[1][(v.x1 >> 8) & 0xff] ^ saes_table[2][(v.x2 >> 16) & 0xff] ^ saes_table[3][v.x3 >> 24];
1168. + val ^= key;
1169. +}
1170. +
1171. +inline void aes_round8(const aesdata& key, aesdata& x0, aesdata& x1, aesdata& x2, aesdata& x3, aesdata& x4, aesdata& x5, aesdata& x6, aesdata& x7)
1172. +{
1173. + aes_round(x0, key);
1174. + aes_round(x1, key);
1175. + aes_round(x2, key);
1176. + aes_round(x3, key);
1177. + aes_round(x4, key);
1178. + aes_round(x5, key);
1179. + aes_round(x6, key);
1180. + aes_round(x7, key);
1181. +}
1182. +
1183. +template<size_t MEMORY, size_t ITER>
1184. +void cn_slow_hash<MEMORY,ITER>::implode_scratchpad_soft()
1185. +{
1186. + aesdata x0, x1, x2, x3, x4, x5, x6, x7;
1187. + aesdata k0, k1, k2, k3, k4, k5, k6, k7, k8, k9;
1188. +
1189. + aes_genkey(spad.as_uqword + 4, k0, k1, k2, k3, k4, k5, k6, k7, k8, k9);
1190. +
1191. + x0.load(spad.as_uqword + 8);
1192. + x1.load(spad.as_uqword + 10);
1193. + x2.load(spad.as_uqword + 12);
1194. + x3.load(spad.as_uqword + 14);
1195. + x4.load(spad.as_uqword + 16);
1196. + x5.load(spad.as_uqword + 18);
1197. + x6.load(spad.as_uqword + 20);
1198. + x7.load(spad.as_uqword + 22);
1199. +
1200. + for (size_t i = 0; i < MEMORY / sizeof(uint64_t); i += 16)
1201. + {
1202. + x0.xor_load(lpad.as_uqword + i + 0);
1203. + x1.xor_load(lpad.as_uqword + i + 2);
1204. + x2.xor_load(lpad.as_uqword + i + 4);
1205. + x3.xor_load(lpad.as_uqword + i + 6);
1206. + x4.xor_load(lpad.as_uqword + i + 8);
1207. + x5.xor_load(lpad.as_uqword + i + 10);
1208. + x6.xor_load(lpad.as_uqword + i + 12);
1209. + x7.xor_load(lpad.as_uqword + i + 14);
1210. +
1211. + aes_round8(k0, x0, x1, x2, x3, x4, x5, x6, x7);
1212. + aes_round8(k1, x0, x1, x2, x3, x4, x5, x6, x7);
1213. + aes_round8(k2, x0, x1, x2, x3, x4, x5, x6, x7);
1214. + aes_round8(k3, x0, x1, x2, x3, x4, x5, x6, x7);
1215. + aes_round8(k4, x0, x1, x2, x3, x4, x5, x6, x7);
1216. + aes_round8(k5, x0, x1, x2, x3, x4, x5, x6, x7);
1217. + aes_round8(k6, x0, x1, x2, x3, x4, x5, x6, x7);
1218. + aes_round8(k7, x0, x1, x2, x3, x4, x5, x6, x7);
1219. + aes_round8(k8, x0, x1, x2, x3, x4, x5, x6, x7);
1220. + aes_round8(k9, x0, x1, x2, x3, x4, x5, x6, x7);
1221. + }
1222. +
1223. + x0.write(spad.as_uqword + 8);
1224. + x1.write(spad.as_uqword + 10);
1225. + x2.write(spad.as_uqword + 12);
1226. + x3.write(spad.as_uqword + 14);
1227. + x4.write(spad.as_uqword + 16);
1228. + x5.write(spad.as_uqword + 18);
1229. + x6.write(spad.as_uqword + 20);
1230. + x7.write(spad.as_uqword + 22);
1231. +}
1232. +
1233. +template<size_t MEMORY, size_t ITER>
1234. +void cn_slow_hash<MEMORY,ITER>::explode_scratchpad_soft()
1235. +{
1236. + aesdata x0, x1, x2, x3, x4, x5, x6, x7;
1237. + aesdata k0, k1, k2, k3, k4, k5, k6, k7, k8, k9;
1238. +
1239. + aes_genkey(spad.as_uqword, k0, k1, k2, k3, k4, k5, k6, k7, k8, k9);
1240. +
1241. + x0.load(spad.as_uqword + 8);
1242. + x1.load(spad.as_uqword + 10);
1243. + x2.load(spad.as_uqword + 12);
1244. + x3.load(spad.as_uqword + 14);
1245. + x4.load(spad.as_uqword + 16);
1246. + x5.load(spad.as_uqword + 18);
1247. + x6.load(spad.as_uqword + 20);
1248. + x7.load(spad.as_uqword + 22);
1249. +
1250. + for (size_t i = 0; i < MEMORY / sizeof(uint64_t); i += 16)
1251. + {
1252. + aes_round8(k0, x0, x1, x2, x3, x4, x5, x6, x7);
1253. + aes_round8(k1, x0, x1, x2, x3, x4, x5, x6, x7);
1254. + aes_round8(k2, x0, x1, x2, x3, x4, x5, x6, x7);
1255. + aes_round8(k3, x0, x1, x2, x3, x4, x5, x6, x7);
1256. + aes_round8(k4, x0, x1, x2, x3, x4, x5, x6, x7);
1257. + aes_round8(k5, x0, x1, x2, x3, x4, x5, x6, x7);
1258. + aes_round8(k6, x0, x1, x2, x3, x4, x5, x6, x7);
1259. + aes_round8(k7, x0, x1, x2, x3, x4, x5, x6, x7);
1260. + aes_round8(k8, x0, x1, x2, x3, x4, x5, x6, x7);
1261. + aes_round8(k9, x0, x1, x2, x3, x4, x5, x6, x7);
1262. +
1263. + x0.write(lpad.as_uqword + i + 0);
1264. + x1.write(lpad.as_uqword + i + 2);
1265. + x2.write(lpad.as_uqword + i + 4);
1266. + x3.write(lpad.as_uqword + i + 6);
1267. + x4.write(lpad.as_uqword + i + 8);
1268. + x5.write(lpad.as_uqword + i + 10);
1269. + x6.write(lpad.as_uqword + i + 12);
1270. + x7.write(lpad.as_uqword + i + 14);
1271. + }
1272. +}
1273. +
1274. +#ifdef BUILD32
1275. +inline uint64_t _umul128(uint64_t multiplier, uint64_t multiplicand, uint64_t* product_hi)
1276. +{
1277. + // multiplier = ab = a * 2^32 + b
1278. + // multiplicand = cd = c * 2^32 + d
1279. + // ab * cd = a * c * 2^64 + (a * d + b * c) * 2^32 + b * d
1280. + uint64_t a = multiplier >> 32;
1281. + uint64_t b = multiplier & 0xFFFFFFFF;
1282. + uint64_t c = multiplicand >> 32;
1283. + uint64_t d = multiplicand & 0xFFFFFFFF;
1284. +
1285. + uint64_t ac = a * c;
1286. + uint64_t ad = a * d;
1287. + uint64_t bc = b * c;
1288. + uint64_t bd = b * d;
1289. +
1290. + uint64_t adbc = ad + bc;
1291. + uint64_t adbc_carry = adbc < ad ? 1 : 0;
1292. +
1293. + // multiplier * multiplicand = product_hi * 2^64 + product_lo
1294. + uint64_t product_lo = bd + (adbc << 32);
1295. + uint64_t product_lo_carry = product_lo < bd ? 1 : 0;
1296. + *product_hi = ac + (adbc >> 32) + (adbc_carry << 32) + product_lo_carry;
1297. +
1298. + return product_lo;
1299. +}
1300. +#else
1301. +inline uint64_t _umul128(uint64_t a, uint64_t b, uint64_t* hi)
1302. +{
1303. + unsigned __int128 r = (unsigned __int128)a * (unsigned __int128)b;
1304. + *hi = r >> 64;
1305. + return (uint64_t)r;
1306. +}
1307. +#endif
1308. +
1309. +extern "C" void blake256_hash(uint8_t*, const uint8_t*, uint64_t);
1310. +extern "C" void groestl(const uint8_t*, uint64_t, uint8_t*);
1311. +extern "C" size_t jh_hash(int, const uint8_t*, size_t databitlen, uint8_t*);
1312. +extern "C" size_t skein_hash(int, const uint8_t*, size_t, uint8_t*);
1313. +
1314. +template<size_t MEMORY, size_t ITER>
1315. +void cn_slow_hash<MEMORY,ITER>::software_hash(const void* in, size_t len, void* out)
1316. +{
1317. + keccak((const uint8_t *)in, len, spad.as_byte, 200);
1318. +
1319. + explode_scratchpad_soft();
1320. +
1321. + uint64_t* h0 = spad.as_uqword;
1322. +
1323. + aesdata ax;
1324. + ax.v64.x0 = h0[0] ^ h0[4];
1325. + ax.v64.x1 = h0[1] ^ h0[5];
1326. +
1327. + aesdata bx;
1328. + bx.v64.x0 = h0[2] ^ h0[6];
1329. + bx.v64.x1 = h0[3] ^ h0[7];
1330. +
1331. + aesdata cx;
1332. + cx.v64.x0 = 0;
1333. + cx.v64.x1 = 0;
1334. +
1335. + for(size_t i = 0; i < ITER/2; i++)
1336. + {
1337. + uint64_t hi, lo;
1338. +
1339. + ax ^= cx;
1340. + cx.load(scratchpad_ptr(ax.v64.x0));
1341. +
1342. + aes_round(cx, ax);
1343. +
1344. + bx ^= cx;
1345. + bx.write(scratchpad_ptr(ax.v64.x0));
1346. +
1347. + bx.load(scratchpad_ptr(cx.v64.x0));
1348. +
1349. + lo = _umul128(cx.v64.x0, bx.v64.x0, &hi);
1350. +
1351. + ax.v64.x0 += hi;
1352. + ax.v64.x1 += lo;
1353. + ax.write(scratchpad_ptr(cx.v64.x0));
1354. +
1355. + ax ^= bx;
1356. + bx.load(scratchpad_ptr(ax.v64.x0));
1357. +
1358. + aes_round(bx, ax);
1359. +
1360. + cx ^= bx;
1361. + cx.write(scratchpad_ptr(ax.v64.x0));
1362. +
1363. + cx.load(scratchpad_ptr(bx.v64.x0));
1364. +
1365. + lo = _umul128(bx.v64.x0, cx.v64.x0, &hi);
1366. +
1367. + ax.v64.x0 += hi;
1368. + ax.v64.x1 += lo;
1369. + ax.write(scratchpad_ptr(bx.v64.x0));
1370. + }
1371. +
1372. + implode_scratchpad_soft();
1373. +
1374. + keccakf(spad.as_uqword, 24);
1375. +
1376. + switch(spad.as_byte[0] & 3)
1377. + {
1378. + case 0:
1379. + blake256_hash((uint8_t*)out, spad.as_byte, 200);
1380. + break;
1381. + case 1:
1382. + groestl(spad.as_byte, 200 * 8, (uint8_t*)out);
1383. + break;
1384. + case 2:
1385. + jh_hash(32 * 8, spad.as_byte, 8 * 200, (uint8_t*)out);
1386. + break;
1387. + case 3:
1388. + skein_hash(8 * 32, spad.as_byte, 8 * 200, (uint8_t*)out);
1389. + break;
1390. + }
1391. +}
1392. +
1393. +template class cn_slow_hash<2*1024*1024, 0x80000>;
1394. diff --git "a/c:\\1\\sumokoin/src/crypto/hash-extra-blake.c" "b/c:\\1\\sumokoin/src/crypto/hash-extra-blake.c"
1395. deleted file mode 100644
1396. index 15357dc..0000000
1397. --- "a/c:\\1\\sumokoin/src/crypto/hash-extra-blake.c"
1398. +++ /dev/null
1399. @@ -1,38 +0,0 @@
1400. -// Copyright (c) 2014-2016, The Monero Project
1401. -//
1402. -// All rights reserved.
1403. -//
1404. -// Redistribution and use in source and binary forms, with or without modification, are
1405. -// permitted provided that the following conditions are met:
1406. -//
1407. -// 1. Redistributions of source code must retain the above copyright notice, this list of
1408. -// conditions and the following disclaimer.
1409. -//
1410. -// 2. Redistributions in binary form must reproduce the above copyright notice, this list
1411. -// of conditions and the following disclaimer in the documentation and/or other
1412. -// materials provided with the distribution.
1413. -//
1414. -// 3. Neither the name of the copyright holder nor the names of its contributors may be
1415. -// used to endorse or promote products derived from this software without specific
1416. -// prior written permission.
1417. -//
1418. -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
1419. -// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
1420. -// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
1421. -// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1422. -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
1423. -// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
1424. -// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1425. -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
1426. -// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1427. -//
1428. -// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
1429. -
1430. -#include <stddef.h>
1431. -#include <stdint.h>
1432. -
1433. -#include "blake256.h"
1434. -
1435. -void hash_extra_blake(const void *data, size_t length, char *hash) {
1436. - blake256_hash((uint8_t*)hash, data, length);
1437. -}
1438. diff --git "a/c:\\1\\sumokoin/src/crypto/hash-extra-groestl.c" "b/c:\\1\\sumokoin/src/crypto/hash-extra-groestl.c"
1439. deleted file mode 100644
1440. index 69546ee..0000000
1441. --- "a/c:\\1\\sumokoin/src/crypto/hash-extra-groestl.c"
1442. +++ /dev/null
1443. @@ -1,38 +0,0 @@
1444. -// Copyright (c) 2014-2016, The Monero Project
1445. -//
1446. -// All rights reserved.
1447. -//
1448. -// Redistribution and use in source and binary forms, with or without modification, are
1449. -// permitted provided that the following conditions are met:
1450. -//
1451. -// 1. Redistributions of source code must retain the above copyright notice, this list of
1452. -// conditions and the following disclaimer.
1453. -//
1454. -// 2. Redistributions in binary form must reproduce the above copyright notice, this list
1455. -// of conditions and the following disclaimer in the documentation and/or other
1456. -// materials provided with the distribution.
1457. -//
1458. -// 3. Neither the name of the copyright holder nor the names of its contributors may be
1459. -// used to endorse or promote products derived from this software without specific
1460. -// prior written permission.
1461. -//
1462. -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
1463. -// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
1464. -// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
1465. -// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1466. -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
1467. -// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
1468. -// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1469. -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
1470. -// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1471. -//
1472. -// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
1473. -
1474. -#include <stddef.h>
1475. -#include <stdint.h>
1476. -
1477. -#include "groestl.h"
1478. -
1479. -void hash_extra_groestl(const void *data, size_t length, char *hash) {
1480. - groestl(data, length * 8, (uint8_t*)hash);
1481. -}
1482. diff --git "a/c:\\1\\sumokoin/src/crypto/hash-extra-jh.c" "b/c:\\1\\sumokoin/src/crypto/hash-extra-jh.c"
1483. deleted file mode 100644
1484. index 5da0894..0000000
1485. --- "a/c:\\1\\sumokoin/src/crypto/hash-extra-jh.c"
1486. +++ /dev/null
1487. @@ -1,42 +0,0 @@
1488. -// Copyright (c) 2014-2016, The Monero Project
1489. -//
1490. -// All rights reserved.
1491. -//
1492. -// Redistribution and use in source and binary forms, with or without modification, are
1493. -// permitted provided that the following conditions are met:
1494. -//
1495. -// 1. Redistributions of source code must retain the above copyright notice, this list of
1496. -// conditions and the following disclaimer.
1497. -//
1498. -// 2. Redistributions in binary form must reproduce the above copyright notice, this list
1499. -// of conditions and the following disclaimer in the documentation and/or other
1500. -// materials provided with the distribution.
1501. -//
1502. -// 3. Neither the name of the copyright holder nor the names of its contributors may be
1503. -// used to endorse or promote products derived from this software without specific
1504. -// prior written permission.
1505. -//
1506. -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
1507. -// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
1508. -// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
1509. -// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1510. -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
1511. -// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
1512. -// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1513. -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
1514. -// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1515. -//
1516. -// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
1517. -
1518. -#include <assert.h>
1519. -#include <stddef.h>
1520. -#include <stdint.h>
1521. -#include <string.h>
1522. -
1523. -#include "jh.h"
1524. -#include "hash-ops.h"
1525. -
1526. -void hash_extra_jh(const void *data, size_t length, char *hash) {
1527. - int r = jh_hash(HASH_SIZE * 8, data, 8 * length, (uint8_t*)hash);
1528. - assert(SUCCESS == r);
1529. -}
1530. diff --git "a/c:\\1\\sumokoin/src/crypto/hash-extra-skein.c" "b/c:\\1\\sumokoin/src/crypto/hash-extra-skein.c"
1531. deleted file mode 100644
1532. index babf500..0000000
1533. --- "a/c:\\1\\sumokoin/src/crypto/hash-extra-skein.c"
1534. +++ /dev/null
1535. @@ -1,40 +0,0 @@
1536. -// Copyright (c) 2014-2016, The Monero Project
1537. -//
1538. -// All rights reserved.
1539. -//
1540. -// Redistribution and use in source and binary forms, with or without modification, are
1541. -// permitted provided that the following conditions are met:
1542. -//
1543. -// 1. Redistributions of source code must retain the above copyright notice, this list of
1544. -// conditions and the following disclaimer.
1545. -//
1546. -// 2. Redistributions in binary form must reproduce the above copyright notice, this list
1547. -// of conditions and the following disclaimer in the documentation and/or other
1548. -// materials provided with the distribution.
1549. -//
1550. -// 3. Neither the name of the copyright holder nor the names of its contributors may be
1551. -// used to endorse or promote products derived from this software without specific
1552. -// prior written permission.
1553. -//
1554. -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
1555. -// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
1556. -// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
1557. -// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1558. -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
1559. -// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
1560. -// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1561. -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
1562. -// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1563. -//
1564. -// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
1565. -
1566. -#include <stddef.h>
1567. -#include <stdint.h>
1568. -
1569. -#include "hash-ops.h"
1570. -#include "skein.h"
1571. -
1572. -void hash_extra_skein(const void *data, size_t length, char *hash) {
1573. - int r = skein_hash(8 * HASH_SIZE, data, 8 * length, (uint8_t*)hash);
1574. - assert(SKEIN_SUCCESS == r);
1575. -}
1576. diff --git "a/c:\\1\\sumokoin/src/crypto/hash-ops.h" "b/c:\\1\\2\\sumokoin/src/crypto/hash-ops.h"
1577. index 612d94e..9443bdb 100644
1578. --- "a/c:\\1\\sumokoin/src/crypto/hash-ops.h"
1579. +++ "b/c:\\1\\2\\sumokoin/src/crypto/hash-ops.h"
1580. @@ -79,11 +79,4 @@ enum {
1581. };
1582.  
1583. void cn_fast_hash(const void *data, size_t length, char *hash);
1584. -void cn_slow_hash(const void *data, size_t length, char *hash);
1585. -
1586. -void hash_extra_blake(const void *data, size_t length, char *hash);
1587. -void hash_extra_groestl(const void *data, size_t length, char *hash);
1588. -void hash_extra_jh(const void *data, size_t length, char *hash);
1589. -void hash_extra_skein(const void *data, size_t length, char *hash);
1590. -
1591. void tree_hash(const char (*hashes)[HASH_SIZE], size_t count, char *root_hash);
1592. diff --git "a/c:\\1\\sumokoin/src/crypto/hash.h" "b/c:\\1\\2\\sumokoin/src/crypto/hash.h"
1593. index 8039920..e591b6b 100644
1594. --- "a/c:\\1\\sumokoin/src/crypto/hash.h"
1595. +++ "b/c:\\1\\2\\sumokoin/src/crypto/hash.h"
1596. @@ -67,10 +67,6 @@ namespace crypto {
1597. return h;
1598. }
1599.  
1600. - inline void cn_slow_hash(const void *data, std::size_t length, hash &hash) {
1601. - cn_slow_hash(data, length, reinterpret_cast<char *>(&hash));
1602. - }
1603. -
1604. inline void tree_hash(const hash *hashes, std::size_t count, hash &root_hash) {
1605. tree_hash(reinterpret_cast<const char (*)[HASH_SIZE]>(hashes), count, reinterpret_cast<char *>(&root_hash));
1606. }
1607. diff --git "a/c:\\1\\sumokoin/src/crypto/keccak.h" "b/c:\\1\\2\\sumokoin/src/crypto/keccak.h"
1608. index fbd8e19..ae39231 100644
1609. --- "a/c:\\1\\sumokoin/src/crypto/keccak.h"
1610. +++ "b/c:\\1\\2\\sumokoin/src/crypto/keccak.h"
1611. @@ -7,6 +7,10 @@
1612. #include <stdint.h>
1613. #include <string.h>
1614.  
1615. +#ifdef __cplusplus
1616. +extern "C" {
1617. +#endif
1618. +
1619. #ifndef KECCAK_ROUNDS
1620. #define KECCAK_ROUNDS 24
1621. #endif
1622. @@ -23,4 +27,8 @@ void keccakf(uint64_t st[25], int norounds);
1623.  
1624. void keccak1600(const uint8_t *in, size_t inlen, uint8_t *md);
1625.  
1626. +#ifdef __cplusplus
1627. +}
1628. +#endif
1629. +
1630. #endif
1631. diff --git "a/c:\\1\\sumokoin/src/crypto/oaes_config.h" "b/c:\\1\\sumokoin/src/crypto/oaes_config.h"
1632. deleted file mode 100644
1633. index 3fc0e1b..0000000
1634. --- "a/c:\\1\\sumokoin/src/crypto/oaes_config.h"
1635. +++ /dev/null
1636. @@ -1,50 +0,0 @@
1637. -/*
1638. - * ---------------------------------------------------------------------------
1639. - * OpenAES License
1640. - * ---------------------------------------------------------------------------
1641. - * Copyright (c) 2012, Nabil S. Al Ramli, www.nalramli.com
1642. - * All rights reserved.
1643. - *
1644. - * Redistribution and use in source and binary forms, with or without
1645. - * modification, are permitted provided that the following conditions are met:
1646. - *
1647. - * - Redistributions of source code must retain the above copyright notice,
1648. - * this list of conditions and the following disclaimer.
1649. - * - Redistributions in binary form must reproduce the above copyright
1650. - * notice, this list of conditions and the following disclaimer in the
1651. - * documentation and/or other materials provided with the distribution.
1652. - *
1653. - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
1654. - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1655. - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1656. - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
1657. - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
1658. - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
1659. - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
1660. - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
1661. - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1662. - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
1663. - * POSSIBILITY OF SUCH DAMAGE.
1664. - * ---------------------------------------------------------------------------
1665. - */
1666. -
1667. -#ifndef _OAES_CONFIG_H
1668. -#define _OAES_CONFIG_H
1669. -
1670. -#ifdef __cplusplus
1671. -extern "C" {
1672. -#endif
1673. -
1674. -//#ifndef OAES_HAVE_ISAAC
1675. -//#define OAES_HAVE_ISAAC 1
1676. -//#endif // OAES_HAVE_ISAAC
1677. -
1678. -//#ifndef OAES_DEBUG
1679. -//#define OAES_DEBUG 0
1680. -//#endif // OAES_DEBUG
1681. -
1682. -#ifdef __cplusplus
1683. -}
1684. -#endif
1685. -
1686. -#endif // _OAES_CONFIG_H
1687. diff --git "a/c:\\1\\sumokoin/src/crypto/oaes_lib.c" "b/c:\\1\\sumokoin/src/crypto/oaes_lib.c"
1688. deleted file mode 100644
1689. index e7226de..0000000
1690. --- "a/c:\\1\\sumokoin/src/crypto/oaes_lib.c"
1691. +++ /dev/null
1692. @@ -1,1499 +0,0 @@
1693. -/*
1694. - * ---------------------------------------------------------------------------
1695. - * OpenAES License
1696. - * ---------------------------------------------------------------------------
1697. - * Copyright (c) 2012, Nabil S. Al Ramli, www.nalramli.com
1698. - * All rights reserved.
1699. - *
1700. - * Redistribution and use in source and binary forms, with or without
1701. - * modification, are permitted provided that the following conditions are met:
1702. - *
1703. - * - Redistributions of source code must retain the above copyright notice,
1704. - * this list of conditions and the following disclaimer.
1705. - * - Redistributions in binary form must reproduce the above copyright
1706. - * notice, this list of conditions and the following disclaimer in the
1707. - * documentation and/or other materials provided with the distribution.
1708. - *
1709. - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
1710. - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1711. - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1712. - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
1713. - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
1714. - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
1715. - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
1716. - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
1717. - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1718. - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
1719. - * POSSIBILITY OF SUCH DAMAGE.
1720. - * ---------------------------------------------------------------------------
1721. - */
1722. -#include <stddef.h>
1723. -#include <time.h>
1724. -#include <string.h>
1725. -#include <stdlib.h>
1726. -#include <stdio.h>
1727. -
1728. -// OS X, FreeBSD, and OpenBSD don't need malloc.h
1729. -#if !defined(__APPLE__) && !defined(__FreeBSD__) && !defined(__OpenBSD__)
1730. - #include <malloc.h>
1731. -#endif
1732. -
1733. -// FreeBSD, OpenBSD and Android also don't need timeb.h
1734. -#if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__ANDROID__)
1735. - #include <sys/timeb.h>
1736. -#else
1737. - #include <sys/time.h>
1738. -#endif
1739. -
1740. -#ifdef WIN32
1741. -#include <process.h>
1742. -#else
1743. -#include <sys/types.h>
1744. -#include <unistd.h>
1745. -#endif
1746. -
1747. -#include "oaes_config.h"
1748. -#include "oaes_lib.h"
1749. -
1750. -#ifdef OAES_HAVE_ISAAC
1751. -#include "rand.h"
1752. -#endif // OAES_HAVE_ISAAC
1753. -
1754. -#define OAES_RKEY_LEN 4
1755. -#define OAES_COL_LEN 4
1756. -#define OAES_ROUND_BASE 7
1757. -
1758. -// the block is padded
1759. -#define OAES_FLAG_PAD 0x01
1760. -
1761. -#ifndef min
1762. -# define min(a,b) (((a)<(b)) ? (a) : (b))
1763. -#endif /* min */
1764. -
1765. -// "OAES<8-bit header version><8-bit type><16-bit options><8-bit flags><56-bit reserved>"
1766. -static uint8_t oaes_header[OAES_BLOCK_SIZE] = {
1767. - // 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f,
1768. - /*0*/ 0x4f, 0x41, 0x45, 0x53, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1769. -};
1770. -static uint8_t oaes_gf_8[] = {
1771. - 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36 };
1772. -
1773. -static uint8_t oaes_sub_byte_value[16][16] = {
1774. - // 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f,
1775. - /*0*/ { 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76 },
1776. - /*1*/ { 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0 },
1777. - /*2*/ { 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15 },
1778. - /*3*/ { 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75 },
1779. - /*4*/ { 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84 },
1780. - /*5*/ { 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf },
1781. - /*6*/ { 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8 },
1782. - /*7*/ { 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2 },
1783. - /*8*/ { 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73 },
1784. - /*9*/ { 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb },
1785. - /*a*/ { 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79 },
1786. - /*b*/ { 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08 },
1787. - /*c*/ { 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a },
1788. - /*d*/ { 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e },
1789. - /*e*/ { 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf },
1790. - /*f*/ { 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 },
1791. -};
1792. -
1793. -static uint8_t oaes_inv_sub_byte_value[16][16] = {
1794. - // 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f,
1795. - /*0*/ { 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb },
1796. - /*1*/ { 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb },
1797. - /*2*/ { 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e },
1798. - /*3*/ { 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25 },
1799. - /*4*/ { 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92 },
1800. - /*5*/ { 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84 },
1801. - /*6*/ { 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06 },
1802. - /*7*/ { 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b },
1803. - /*8*/ { 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73 },
1804. - /*9*/ { 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e },
1805. - /*a*/ { 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b },
1806. - /*b*/ { 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4 },
1807. - /*c*/ { 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f },
1808. - /*d*/ { 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef },
1809. - /*e*/ { 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61 },
1810. - /*f*/ { 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d },
1811. -};
1812. -
1813. -static uint8_t oaes_gf_mul_2[16][16] = {
1814. - // 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f,
1815. - /*0*/ { 0x00, 0x02, 0x04, 0x06, 0x08, 0x0a, 0x0c, 0x0e, 0x10, 0x12, 0x14, 0x16, 0x18, 0x1a, 0x1c, 0x1e },
1816. - /*1*/ { 0x20, 0x22, 0x24, 0x26, 0x28, 0x2a, 0x2c, 0x2e, 0x30, 0x32, 0x34, 0x36, 0x38, 0x3a, 0x3c, 0x3e },
1817. - /*2*/ { 0x40, 0x42, 0x44, 0x46, 0x48, 0x4a, 0x4c, 0x4e, 0x50, 0x52, 0x54, 0x56, 0x58, 0x5a, 0x5c, 0x5e },
1818. - /*3*/ { 0x60, 0x62, 0x64, 0x66, 0x68, 0x6a, 0x6c, 0x6e, 0x70, 0x72, 0x74, 0x76, 0x78, 0x7a, 0x7c, 0x7e },
1819. - /*4*/ { 0x80, 0x82, 0x84, 0x86, 0x88, 0x8a, 0x8c, 0x8e, 0x90, 0x92, 0x94, 0x96, 0x98, 0x9a, 0x9c, 0x9e },
1820. - /*5*/ { 0xa0, 0xa2, 0xa4, 0xa6, 0xa8, 0xaa, 0xac, 0xae, 0xb0, 0xb2, 0xb4, 0xb6, 0xb8, 0xba, 0xbc, 0xbe },
1821. - /*6*/ { 0xc0, 0xc2, 0xc4, 0xc6, 0xc8, 0xca, 0xcc, 0xce, 0xd0, 0xd2, 0xd4, 0xd6, 0xd8, 0xda, 0xdc, 0xde },
1822. - /*7*/ { 0xe0, 0xe2, 0xe4, 0xe6, 0xe8, 0xea, 0xec, 0xee, 0xf0, 0xf2, 0xf4, 0xf6, 0xf8, 0xfa, 0xfc, 0xfe },
1823. - /*8*/ { 0x1b, 0x19, 0x1f, 0x1d, 0x13, 0x11, 0x17, 0x15, 0x0b, 0x09, 0x0f, 0x0d, 0x03, 0x01, 0x07, 0x05 },
1824. - /*9*/ { 0x3b, 0x39, 0x3f, 0x3d, 0x33, 0x31, 0x37, 0x35, 0x2b, 0x29, 0x2f, 0x2d, 0x23, 0x21, 0x27, 0x25 },
1825. - /*a*/ { 0x5b, 0x59, 0x5f, 0x5d, 0x53, 0x51, 0x57, 0x55, 0x4b, 0x49, 0x4f, 0x4d, 0x43, 0x41, 0x47, 0x45 },
1826. - /*b*/ { 0x7b, 0x79, 0x7f, 0x7d, 0x73, 0x71, 0x77, 0x75, 0x6b, 0x69, 0x6f, 0x6d, 0x63, 0x61, 0x67, 0x65 },
1827. - /*c*/ { 0x9b, 0x99, 0x9f, 0x9d, 0x93, 0x91, 0x97, 0x95, 0x8b, 0x89, 0x8f, 0x8d, 0x83, 0x81, 0x87, 0x85 },
1828. - /*d*/ { 0xbb, 0xb9, 0xbf, 0xbd, 0xb3, 0xb1, 0xb7, 0xb5, 0xab, 0xa9, 0xaf, 0xad, 0xa3, 0xa1, 0xa7, 0xa5 },
1829. - /*e*/ { 0xdb, 0xd9, 0xdf, 0xdd, 0xd3, 0xd1, 0xd7, 0xd5, 0xcb, 0xc9, 0xcf, 0xcd, 0xc3, 0xc1, 0xc7, 0xc5 },
1830. - /*f*/ { 0xfb, 0xf9, 0xff, 0xfd, 0xf3, 0xf1, 0xf7, 0xf5, 0xeb, 0xe9, 0xef, 0xed, 0xe3, 0xe1, 0xe7, 0xe5 },
1831. -};
1832. -
1833. -static uint8_t oaes_gf_mul_3[16][16] = {
1834. - // 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f,
1835. - /*0*/ { 0x00, 0x03, 0x06, 0x05, 0x0c, 0x0f, 0x0a, 0x09, 0x18, 0x1b, 0x1e, 0x1d, 0x14, 0x17, 0x12, 0x11 },
1836. - /*1*/ { 0x30, 0x33, 0x36, 0x35, 0x3c, 0x3f, 0x3a, 0x39, 0x28, 0x2b, 0x2e, 0x2d, 0x24, 0x27, 0x22, 0x21 },
1837. - /*2*/ { 0x60, 0x63, 0x66, 0x65, 0x6c, 0x6f, 0x6a, 0x69, 0x78, 0x7b, 0x7e, 0x7d, 0x74, 0x77, 0x72, 0x71 },
1838. - /*3*/ { 0x50, 0x53, 0x56, 0x55, 0x5c, 0x5f, 0x5a, 0x59, 0x48, 0x4b, 0x4e, 0x4d, 0x44, 0x47, 0x42, 0x41 },
1839. - /*4*/ { 0xc0, 0xc3, 0xc6, 0xc5, 0xcc, 0xcf, 0xca, 0xc9, 0xd8, 0xdb, 0xde, 0xdd, 0xd4, 0xd7, 0xd2, 0xd1 },
1840. - /*5*/ { 0xf0, 0xf3, 0xf6, 0xf5, 0xfc, 0xff, 0xfa, 0xf9, 0xe8, 0xeb, 0xee, 0xed, 0xe4, 0xe7, 0xe2, 0xe1 },
1841. - /*6*/ { 0xa0, 0xa3, 0xa6, 0xa5, 0xac, 0xaf, 0xaa, 0xa9, 0xb8, 0xbb, 0xbe, 0xbd, 0xb4, 0xb7, 0xb2, 0xb1 },
1842. - /*7*/ { 0x90, 0x93, 0x96, 0x95, 0x9c, 0x9f, 0x9a, 0x99, 0x88, 0x8b, 0x8e, 0x8d, 0x84, 0x87, 0x82, 0x81 },
1843. - /*8*/ { 0x9b, 0x98, 0x9d, 0x9e, 0x97, 0x94, 0x91, 0x92, 0x83, 0x80, 0x85, 0x86, 0x8f, 0x8c, 0x89, 0x8a },
1844. - /*9*/ { 0xab, 0xa8, 0xad, 0xae, 0xa7, 0xa4, 0xa1, 0xa2, 0xb3, 0xb0, 0xb5, 0xb6, 0xbf, 0xbc, 0xb9, 0xba },
1845. - /*a*/ { 0xfb, 0xf8, 0xfd, 0xfe, 0xf7, 0xf4, 0xf1, 0xf2, 0xe3, 0xe0, 0xe5, 0xe6, 0xef, 0xec, 0xe9, 0xea },
1846. - /*b*/ { 0xcb, 0xc8, 0xcd, 0xce, 0xc7, 0xc4, 0xc1, 0xc2, 0xd3, 0xd0, 0xd5, 0xd6, 0xdf, 0xdc, 0xd9, 0xda },
1847. - /*c*/ { 0x5b, 0x58, 0x5d, 0x5e, 0x57, 0x54, 0x51, 0x52, 0x43, 0x40, 0x45, 0x46, 0x4f, 0x4c, 0x49, 0x4a },
1848. - /*d*/ { 0x6b, 0x68, 0x6d, 0x6e, 0x67, 0x64, 0x61, 0x62, 0x73, 0x70, 0x75, 0x76, 0x7f, 0x7c, 0x79, 0x7a },
1849. - /*e*/ { 0x3b, 0x38, 0x3d, 0x3e, 0x37, 0x34, 0x31, 0x32, 0x23, 0x20, 0x25, 0x26, 0x2f, 0x2c, 0x29, 0x2a },
1850. - /*f*/ { 0x0b, 0x08, 0x0d, 0x0e, 0x07, 0x04, 0x01, 0x02, 0x13, 0x10, 0x15, 0x16, 0x1f, 0x1c, 0x19, 0x1a },
1851. -};
1852. -
1853. -static uint8_t oaes_gf_mul_9[16][16] = {
1854. - // 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f,
1855. - /*0*/ { 0x00, 0x09, 0x12, 0x1b, 0x24, 0x2d, 0x36, 0x3f, 0x48, 0x41, 0x5a, 0x53, 0x6c, 0x65, 0x7e, 0x77 },
1856. - /*1*/ { 0x90, 0x99, 0x82, 0x8b, 0xb4, 0xbd, 0xa6, 0xaf, 0xd8, 0xd1, 0xca, 0xc3, 0xfc, 0xf5, 0xee, 0xe7 },
1857. - /*2*/ { 0x3b, 0x32, 0x29, 0x20, 0x1f, 0x16, 0x0d, 0x04, 0x73, 0x7a, 0x61, 0x68, 0x57, 0x5e, 0x45, 0x4c },
1858. - /*3*/ { 0xab, 0xa2, 0xb9, 0xb0, 0x8f, 0x86, 0x9d, 0x94, 0xe3, 0xea, 0xf1, 0xf8, 0xc7, 0xce, 0xd5, 0xdc },
1859. - /*4*/ { 0x76, 0x7f, 0x64, 0x6d, 0x52, 0x5b, 0x40, 0x49, 0x3e, 0x37, 0x2c, 0x25, 0x1a, 0x13, 0x08, 0x01 },
1860. - /*5*/ { 0xe6, 0xef, 0xf4, 0xfd, 0xc2, 0xcb, 0xd0, 0xd9, 0xae, 0xa7, 0xbc, 0xb5, 0x8a, 0x83, 0x98, 0x91 },
1861. - /*6*/ { 0x4d, 0x44, 0x5f, 0x56, 0x69, 0x60, 0x7b, 0x72, 0x05, 0x0c, 0x17, 0x1e, 0x21, 0x28, 0x33, 0x3a },
1862. - /*7*/ { 0xdd, 0xd4, 0xcf, 0xc6, 0xf9, 0xf0, 0xeb, 0xe2, 0x95, 0x9c, 0x87, 0x8e, 0xb1, 0xb8, 0xa3, 0xaa },
1863. - /*8*/ { 0xec, 0xe5, 0xfe, 0xf7, 0xc8, 0xc1, 0xda, 0xd3, 0xa4, 0xad, 0xb6, 0xbf, 0x80, 0x89, 0x92, 0x9b },
1864. - /*9*/ { 0x7c, 0x75, 0x6e, 0x67, 0x58, 0x51, 0x4a, 0x43, 0x34, 0x3d, 0x26, 0x2f, 0x10, 0x19, 0x02, 0x0b },
1865. - /*a*/ { 0xd7, 0xde, 0xc5, 0xcc, 0xf3, 0xfa, 0xe1, 0xe8, 0x9f, 0x96, 0x8d, 0x84, 0xbb, 0xb2, 0xa9, 0xa0 },
1866. - /*b*/ { 0x47, 0x4e, 0x55, 0x5c, 0x63, 0x6a, 0x71, 0x78, 0x0f, 0x06, 0x1d, 0x14, 0x2b, 0x22, 0x39, 0x30 },
1867. - /*c*/ { 0x9a, 0x93, 0x88, 0x81, 0xbe, 0xb7, 0xac, 0xa5, 0xd2, 0xdb, 0xc0, 0xc9, 0xf6, 0xff, 0xe4, 0xed },
1868. - /*d*/ { 0x0a, 0x03, 0x18, 0x11, 0x2e, 0x27, 0x3c, 0x35, 0x42, 0x4b, 0x50, 0x59, 0x66, 0x6f, 0x74, 0x7d },
1869. - /*e*/ { 0xa1, 0xa8, 0xb3, 0xba, 0x85, 0x8c, 0x97, 0x9e, 0xe9, 0xe0, 0xfb, 0xf2, 0xcd, 0xc4, 0xdf, 0xd6 },
1870. - /*f*/ { 0x31, 0x38, 0x23, 0x2a, 0x15, 0x1c, 0x07, 0x0e, 0x79, 0x70, 0x6b, 0x62, 0x5d, 0x54, 0x4f, 0x46 },
1871. -};
1872. -
1873. -static uint8_t oaes_gf_mul_b[16][16] = {
1874. - // 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f,
1875. - /*0*/ { 0x00, 0x0b, 0x16, 0x1d, 0x2c, 0x27, 0x3a, 0x31, 0x58, 0x53, 0x4e, 0x45, 0x74, 0x7f, 0x62, 0x69 },
1876. - /*1*/ { 0xb0, 0xbb, 0xa6, 0xad, 0x9c, 0x97, 0x8a, 0x81, 0xe8, 0xe3, 0xfe, 0xf5, 0xc4, 0xcf, 0xd2, 0xd9 },
1877. - /*2*/ { 0x7b, 0x70, 0x6d, 0x66, 0x57, 0x5c, 0x41, 0x4a, 0x23, 0x28, 0x35, 0x3e, 0x0f, 0x04, 0x19, 0x12 },
1878. - /*3*/ { 0xcb, 0xc0, 0xdd, 0xd6, 0xe7, 0xec, 0xf1, 0xfa, 0x93, 0x98, 0x85, 0x8e, 0xbf, 0xb4, 0xa9, 0xa2 },
1879. - /*4*/ { 0xf6, 0xfd, 0xe0, 0xeb, 0xda, 0xd1, 0xcc, 0xc7, 0xae, 0xa5, 0xb8, 0xb3, 0x82, 0x89, 0x94, 0x9f },
1880. - /*5*/ { 0x46, 0x4d, 0x50, 0x5b, 0x6a, 0x61, 0x7c, 0x77, 0x1e, 0x15, 0x08, 0x03, 0x32, 0x39, 0x24, 0x2f },
1881. - /*6*/ { 0x8d, 0x86, 0x9b, 0x90, 0xa1, 0xaa, 0xb7, 0xbc, 0xd5, 0xde, 0xc3, 0xc8, 0xf9, 0xf2, 0xef, 0xe4 },
1882. - /*7*/ { 0x3d, 0x36, 0x2b, 0x20, 0x11, 0x1a, 0x07, 0x0c, 0x65, 0x6e, 0x73, 0x78, 0x49, 0x42, 0x5f, 0x54 },
1883. - /*8*/ { 0xf7, 0xfc, 0xe1, 0xea, 0xdb, 0xd0, 0xcd, 0xc6, 0xaf, 0xa4, 0xb9, 0xb2, 0x83, 0x88, 0x95, 0x9e },
1884. - /*9*/ { 0x47, 0x4c, 0x51, 0x5a, 0x6b, 0x60, 0x7d, 0x76, 0x1f, 0x14, 0x09, 0x02, 0x33, 0x38, 0x25, 0x2e },
1885. - /*a*/ { 0x8c, 0x87, 0x9a, 0x91, 0xa0, 0xab, 0xb6, 0xbd, 0xd4, 0xdf, 0xc2, 0xc9, 0xf8, 0xf3, 0xee, 0xe5 },
1886. - /*b*/ { 0x3c, 0x37, 0x2a, 0x21, 0x10, 0x1b, 0x06, 0x0d, 0x64, 0x6f, 0x72, 0x79, 0x48, 0x43, 0x5e, 0x55 },
1887. - /*c*/ { 0x01, 0x0a, 0x17, 0x1c, 0x2d, 0x26, 0x3b, 0x30, 0x59, 0x52, 0x4f, 0x44, 0x75, 0x7e, 0x63, 0x68 },
1888. - /*d*/ { 0xb1, 0xba, 0xa7, 0xac, 0x9d, 0x96, 0x8b, 0x80, 0xe9, 0xe2, 0xff, 0xf4, 0xc5, 0xce, 0xd3, 0xd8 },
1889. - /*e*/ { 0x7a, 0x71, 0x6c, 0x67, 0x56, 0x5d, 0x40, 0x4b, 0x22, 0x29, 0x34, 0x3f, 0x0e, 0x05, 0x18, 0x13 },
1890. - /*f*/ { 0xca, 0xc1, 0xdc, 0xd7, 0xe6, 0xed, 0xf0, 0xfb, 0x92, 0x99, 0x84, 0x8f, 0xbe, 0xb5, 0xa8, 0xa3 },
1891. -};
1892. -
1893. -static uint8_t oaes_gf_mul_d[16][16] = {
1894. - // 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f,
1895. - /*0*/ { 0x00, 0x0d, 0x1a, 0x17, 0x34, 0x39, 0x2e, 0x23, 0x68, 0x65, 0x72, 0x7f, 0x5c, 0x51, 0x46, 0x4b },
1896. - /*1*/ { 0xd0, 0xdd, 0xca, 0xc7, 0xe4, 0xe9, 0xfe, 0xf3, 0xb8, 0xb5, 0xa2, 0xaf, 0x8c, 0x81, 0x96, 0x9b },
1897. - /*2*/ { 0xbb, 0xb6, 0xa1, 0xac, 0x8f, 0x82, 0x95, 0x98, 0xd3, 0xde, 0xc9, 0xc4, 0xe7, 0xea, 0xfd, 0xf0 },
1898. - /*3*/ { 0x6b, 0x66, 0x71, 0x7c, 0x5f, 0x52, 0x45, 0x48, 0x03, 0x0e, 0x19, 0x14, 0x37, 0x3a, 0x2d, 0x20 },
1899. - /*4*/ { 0x6d, 0x60, 0x77, 0x7a, 0x59, 0x54, 0x43, 0x4e, 0x05, 0x08, 0x1f, 0x12, 0x31, 0x3c, 0x2b, 0x26 },
1900. - /*5*/ { 0xbd, 0xb0, 0xa7, 0xaa, 0x89, 0x84, 0x93, 0x9e, 0xd5, 0xd8, 0xcf, 0xc2, 0xe1, 0xec, 0xfb, 0xf6 },
1901. - /*6*/ { 0xd6, 0xdb, 0xcc, 0xc1, 0xe2, 0xef, 0xf8, 0xf5, 0xbe, 0xb3, 0xa4, 0xa9, 0x8a, 0x87, 0x90, 0x9d },
1902. - /*7*/ { 0x06, 0x0b, 0x1c, 0x11, 0x32, 0x3f, 0x28, 0x25, 0x6e, 0x63, 0x74, 0x79, 0x5a, 0x57, 0x40, 0x4d },
1903. - /*8*/ { 0xda, 0xd7, 0xc0, 0xcd, 0xee, 0xe3, 0xf4, 0xf9, 0xb2, 0xbf, 0xa8, 0xa5, 0x86, 0x8b, 0x9c, 0x91 },
1904. - /*9*/ { 0x0a, 0x07, 0x10, 0x1d, 0x3e, 0x33, 0x24, 0x29, 0x62, 0x6f, 0x78, 0x75, 0x56, 0x5b, 0x4c, 0x41 },
1905. - /*a*/ { 0x61, 0x6c, 0x7b, 0x76, 0x55, 0x58, 0x4f, 0x42, 0x09, 0x04, 0x13, 0x1e, 0x3d, 0x30, 0x27, 0x2a },
1906. - /*b*/ { 0xb1, 0xbc, 0xab, 0xa6, 0x85, 0x88, 0x9f, 0x92, 0xd9, 0xd4, 0xc3, 0xce, 0xed, 0xe0, 0xf7, 0xfa },
1907. - /*c*/ { 0xb7, 0xba, 0xad, 0xa0, 0x83, 0x8e, 0x99, 0x94, 0xdf, 0xd2, 0xc5, 0xc8, 0xeb, 0xe6, 0xf1, 0xfc },
1908. - /*d*/ { 0x67, 0x6a, 0x7d, 0x70, 0x53, 0x5e, 0x49, 0x44, 0x0f, 0x02, 0x15, 0x18, 0x3b, 0x36, 0x21, 0x2c },
1909. - /*e*/ { 0x0c, 0x01, 0x16, 0x1b, 0x38, 0x35, 0x22, 0x2f, 0x64, 0x69, 0x7e, 0x73, 0x50, 0x5d, 0x4a, 0x47 },
1910. - /*f*/ { 0xdc, 0xd1, 0xc6, 0xcb, 0xe8, 0xe5, 0xf2, 0xff, 0xb4, 0xb9, 0xae, 0xa3, 0x80, 0x8d, 0x9a, 0x97 },
1911. -};
1912. -
1913. -static uint8_t oaes_gf_mul_e[16][16] = {
1914. - // 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f,
1915. - /*0*/ { 0x00, 0x0e, 0x1c, 0x12, 0x38, 0x36, 0x24, 0x2a, 0x70, 0x7e, 0x6c, 0x62, 0x48, 0x46, 0x54, 0x5a },
1916. - /*1*/ { 0xe0, 0xee, 0xfc, 0xf2, 0xd8, 0xd6, 0xc4, 0xca, 0x90, 0x9e, 0x8c, 0x82, 0xa8, 0xa6, 0xb4, 0xba },
1917. - /*2*/ { 0xdb, 0xd5, 0xc7, 0xc9, 0xe3, 0xed, 0xff, 0xf1, 0xab, 0xa5, 0xb7, 0xb9, 0x93, 0x9d, 0x8f, 0x81 },
1918. - /*3*/ { 0x3b, 0x35, 0x27, 0x29, 0x03, 0x0d, 0x1f, 0x11, 0x4b, 0x45, 0x57, 0x59, 0x73, 0x7d, 0x6f, 0x61 },
1919. - /*4*/ { 0xad, 0xa3, 0xb1, 0xbf, 0x95, 0x9b, 0x89, 0x87, 0xdd, 0xd3, 0xc1, 0xcf, 0xe5, 0xeb, 0xf9, 0xf7 },
1920. - /*5*/ { 0x4d, 0x43, 0x51, 0x5f, 0x75, 0x7b, 0x69, 0x67, 0x3d, 0x33, 0x21, 0x2f, 0x05, 0x0b, 0x19, 0x17 },
1921. - /*6*/ { 0x76, 0x78, 0x6a, 0x64, 0x4e, 0x40, 0x52, 0x5c, 0x06, 0x08, 0x1a, 0x14, 0x3e, 0x30, 0x22, 0x2c },
1922. - /*7*/ { 0x96, 0x98, 0x8a, 0x84, 0xae, 0xa0, 0xb2, 0xbc, 0xe6, 0xe8, 0xfa, 0xf4, 0xde, 0xd0, 0xc2, 0xcc },
1923. - /*8*/ { 0x41, 0x4f, 0x5d, 0x53, 0x79, 0x77, 0x65, 0x6b, 0x31, 0x3f, 0x2d, 0x23, 0x09, 0x07, 0x15, 0x1b },
1924. - /*9*/ { 0xa1, 0xaf, 0xbd, 0xb3, 0x99, 0x97, 0x85, 0x8b, 0xd1, 0xdf, 0xcd, 0xc3, 0xe9, 0xe7, 0xf5, 0xfb },
1925. - /*a*/ { 0x9a, 0x94, 0x86, 0x88, 0xa2, 0xac, 0xbe, 0xb0, 0xea, 0xe4, 0xf6, 0xf8, 0xd2, 0xdc, 0xce, 0xc0 },
1926. - /*b*/ { 0x7a, 0x74, 0x66, 0x68, 0x42, 0x4c, 0x5e, 0x50, 0x0a, 0x04, 0x16, 0x18, 0x32, 0x3c, 0x2e, 0x20 },
1927. - /*c*/ { 0xec, 0xe2, 0xf0, 0xfe, 0xd4, 0xda, 0xc8, 0xc6, 0x9c, 0x92, 0x80, 0x8e, 0xa4, 0xaa, 0xb8, 0xb6 },
1928. - /*d*/ { 0x0c, 0x02, 0x10, 0x1e, 0x34, 0x3a, 0x28, 0x26, 0x7c, 0x72, 0x60, 0x6e, 0x44, 0x4a, 0x58, 0x56 },
1929. - /*e*/ { 0x37, 0x39, 0x2b, 0x25, 0x0f, 0x01, 0x13, 0x1d, 0x47, 0x49, 0x5b, 0x55, 0x7f, 0x71, 0x63, 0x6d },
1930. - /*f*/ { 0xd7, 0xd9, 0xcb, 0xc5, 0xef, 0xe1, 0xf3, 0xfd, 0xa7, 0xa9, 0xbb, 0xb5, 0x9f, 0x91, 0x83, 0x8d },
1931. -};
1932. -
1933. -static OAES_RET oaes_sub_byte( uint8_t * byte )
1934. -{
1935. - size_t _x, _y;
1936. -
1937. - if( NULL == byte )
1938. - return OAES_RET_ARG1;
1939. -
1940. - _x = _y = *byte;
1941. - _x &= 0x0f;
1942. - _y &= 0xf0;
1943. - _y >>= 4;
1944. - *byte = oaes_sub_byte_value[_y][_x];
1945. -
1946. - return OAES_RET_SUCCESS;
1947. -}
1948. -
1949. -static OAES_RET oaes_inv_sub_byte( uint8_t * byte )
1950. -{
1951. - size_t _x, _y;
1952. -
1953. - if( NULL == byte )
1954. - return OAES_RET_ARG1;
1955. -
1956. - _x = _y = *byte;
1957. - _x &= 0x0f;
1958. - _y &= 0xf0;
1959. - _y >>= 4;
1960. - *byte = oaes_inv_sub_byte_value[_y][_x];
1961. -
1962. - return OAES_RET_SUCCESS;
1963. -}
1964. -/*
1965. -static OAES_RET oaes_word_rot_right( uint8_t word[OAES_COL_LEN] )
1966. -{
1967. - uint8_t _temp[OAES_COL_LEN];
1968. -
1969. - if( NULL == word )
1970. - return OAES_RET_ARG1;
1971. -
1972. - memcpy( _temp + 1, word, OAES_COL_LEN - 1 );
1973. - _temp[0] = word[OAES_COL_LEN - 1];
1974. - memcpy( word, _temp, OAES_COL_LEN );
1975. -
1976. - return OAES_RET_SUCCESS;
1977. -}
1978. -*/
1979. -static OAES_RET oaes_word_rot_left( uint8_t word[OAES_COL_LEN] )
1980. -{
1981. - uint8_t _temp[OAES_COL_LEN];
1982. -
1983. - if( NULL == word )
1984. - return OAES_RET_ARG1;
1985. -
1986. - memcpy( _temp, word + 1, OAES_COL_LEN - 1 );
1987. - _temp[OAES_COL_LEN - 1] = word[0];
1988. - memcpy( word, _temp, OAES_COL_LEN );
1989. -
1990. - return OAES_RET_SUCCESS;
1991. -}
1992. -
1993. -static OAES_RET oaes_shift_rows( uint8_t block[OAES_BLOCK_SIZE] )
1994. -{
1995. - uint8_t _temp[OAES_BLOCK_SIZE];
1996. -
1997. - if( NULL == block )
1998. - return OAES_RET_ARG1;
1999. -
2000. - _temp[0x00] = block[0x00];
2001. - _temp[0x01] = block[0x05];
2002. - _temp[0x02] = block[0x0a];
2003. - _temp[0x03] = block[0x0f];
2004. - _temp[0x04] = block[0x04];
2005. - _temp[0x05] = block[0x09];
2006. - _temp[0x06] = block[0x0e];
2007. - _temp[0x07] = block[0x03];
2008. - _temp[0x08] = block[0x08];
2009. - _temp[0x09] = block[0x0d];
2010. - _temp[0x0a] = block[0x02];
2011. - _temp[0x0b] = block[0x07];
2012. - _temp[0x0c] = block[0x0c];
2013. - _temp[0x0d] = block[0x01];
2014. - _temp[0x0e] = block[0x06];
2015. - _temp[0x0f] = block[0x0b];
2016. - memcpy( block, _temp, OAES_BLOCK_SIZE );
2017. -
2018. - return OAES_RET_SUCCESS;
2019. -}
2020. -
2021. -static OAES_RET oaes_inv_shift_rows( uint8_t block[OAES_BLOCK_SIZE] )
2022. -{
2023. - uint8_t _temp[OAES_BLOCK_SIZE];
2024. -
2025. - if( NULL == block )
2026. - return OAES_RET_ARG1;
2027. -
2028. - _temp[0x00] = block[0x00];
2029. - _temp[0x01] = block[0x0d];
2030. - _temp[0x02] = block[0x0a];
2031. - _temp[0x03] = block[0x07];
2032. - _temp[0x04] = block[0x04];
2033. - _temp[0x05] = block[0x01];
2034. - _temp[0x06] = block[0x0e];
2035. - _temp[0x07] = block[0x0b];
2036. - _temp[0x08] = block[0x08];
2037. - _temp[0x09] = block[0x05];
2038. - _temp[0x0a] = block[0x02];
2039. - _temp[0x0b] = block[0x0f];
2040. - _temp[0x0c] = block[0x0c];
2041. - _temp[0x0d] = block[0x09];
2042. - _temp[0x0e] = block[0x06];
2043. - _temp[0x0f] = block[0x03];
2044. - memcpy( block, _temp, OAES_BLOCK_SIZE );
2045. -
2046. - return OAES_RET_SUCCESS;
2047. -}
2048. -
2049. -static uint8_t oaes_gf_mul(uint8_t left, uint8_t right)
2050. -{
2051. - size_t _x, _y;
2052. -
2053. - _x = _y = left;
2054. - _x &= 0x0f;
2055. - _y &= 0xf0;
2056. - _y >>= 4;
2057. -
2058. - switch( right )
2059. - {
2060. - case 0x02:
2061. - return oaes_gf_mul_2[_y][_x];
2062. - break;
2063. - case 0x03:
2064. - return oaes_gf_mul_3[_y][_x];
2065. - break;
2066. - case 0x09:
2067. - return oaes_gf_mul_9[_y][_x];
2068. - break;
2069. - case 0x0b:
2070. - return oaes_gf_mul_b[_y][_x];
2071. - break;
2072. - case 0x0d:
2073. - return oaes_gf_mul_d[_y][_x];
2074. - break;
2075. - case 0x0e:
2076. - return oaes_gf_mul_e[_y][_x];
2077. - break;
2078. - default:
2079. - return left;
2080. - break;
2081. - }
2082. -}
2083. -
2084. -static OAES_RET oaes_mix_cols( uint8_t word[OAES_COL_LEN] )
2085. -{
2086. - uint8_t _temp[OAES_COL_LEN];
2087. -
2088. - if( NULL == word )
2089. - return OAES_RET_ARG1;
2090. -
2091. - _temp[0] = oaes_gf_mul(word[0], 0x02) ^ oaes_gf_mul( word[1], 0x03 ) ^
2092. - word[2] ^ word[3];
2093. - _temp[1] = word[0] ^ oaes_gf_mul( word[1], 0x02 ) ^
2094. - oaes_gf_mul( word[2], 0x03 ) ^ word[3];
2095. - _temp[2] = word[0] ^ word[1] ^
2096. - oaes_gf_mul( word[2], 0x02 ) ^ oaes_gf_mul( word[3], 0x03 );
2097. - _temp[3] = oaes_gf_mul( word[0], 0x03 ) ^ word[1] ^
2098. - word[2] ^ oaes_gf_mul( word[3], 0x02 );
2099. - memcpy( word, _temp, OAES_COL_LEN );
2100. -
2101. - return OAES_RET_SUCCESS;
2102. -}
2103. -
2104. -static OAES_RET oaes_inv_mix_cols( uint8_t word[OAES_COL_LEN] )
2105. -{
2106. - uint8_t _temp[OAES_COL_LEN];
2107. -
2108. - if( NULL == word )
2109. - return OAES_RET_ARG1;
2110. -
2111. - _temp[0] = oaes_gf_mul( word[0], 0x0e ) ^ oaes_gf_mul( word[1], 0x0b ) ^
2112. - oaes_gf_mul( word[2], 0x0d ) ^ oaes_gf_mul( word[3], 0x09 );
2113. - _temp[1] = oaes_gf_mul( word[0], 0x09 ) ^ oaes_gf_mul( word[1], 0x0e ) ^
2114. - oaes_gf_mul( word[2], 0x0b ) ^ oaes_gf_mul( word[3], 0x0d );
2115. - _temp[2] = oaes_gf_mul( word[0], 0x0d ) ^ oaes_gf_mul( word[1], 0x09 ) ^
2116. - oaes_gf_mul( word[2], 0x0e ) ^ oaes_gf_mul( word[3], 0x0b );
2117. - _temp[3] = oaes_gf_mul( word[0], 0x0b ) ^ oaes_gf_mul( word[1], 0x0d ) ^
2118. - oaes_gf_mul( word[2], 0x09 ) ^ oaes_gf_mul( word[3], 0x0e );
2119. - memcpy( word, _temp, OAES_COL_LEN );
2120. -
2121. - return OAES_RET_SUCCESS;
2122. -}
2123. -
2124. -OAES_RET oaes_sprintf(
2125. - char * buf, size_t * buf_len, const uint8_t * data, size_t data_len )
2126. -{
2127. - size_t _i, _buf_len_in;
2128. - char _temp[4];
2129. -
2130. - if( NULL == buf_len )
2131. - return OAES_RET_ARG2;
2132. -
2133. - _buf_len_in = *buf_len;
2134. - *buf_len = data_len * 3 + data_len / OAES_BLOCK_SIZE + 1;
2135. -
2136. - if( NULL == buf )
2137. - return OAES_RET_SUCCESS;
2138. -
2139. - if( *buf_len > _buf_len_in )
2140. - return OAES_RET_BUF;
2141. -
2142. - if( NULL == data )
2143. - return OAES_RET_ARG3;
2144. -
2145. - strcpy( buf, "" );
2146. -
2147. - for( _i = 0; _i < data_len; _i++ )
2148. - {
2149. - sprintf( _temp, "%02x ", data[_i] );
2150. - strcat( buf, _temp );
2151. - if( _i && 0 == ( _i + 1 ) % OAES_BLOCK_SIZE )
2152. - strcat( buf, "\n" );
2153. - }
2154. -
2155. - return OAES_RET_SUCCESS;
2156. -}
2157. -
2158. -#ifdef OAES_HAVE_ISAAC
2159. -static void oaes_get_seed( char buf[RANDSIZ + 1] )
2160. -{
2161. - #if !defined(__FreeBSD__) && !defined(__OpenBSD__)
2162. - struct timeb timer;
2163. - struct tm *gmTimer;
2164. - char * _test = NULL;
2165. -
2166. - ftime (&timer);
2167. - gmTimer = gmtime( &timer.time );
2168. - _test = (char *) calloc( sizeof( char ), timer.millitm );
2169. - sprintf( buf, "%04d%02d%02d%02d%02d%02d%03d%p%d",
2170. - gmTimer->tm_year + 1900, gmTimer->tm_mon + 1, gmTimer->tm_mday,
2171. - gmTimer->tm_hour, gmTimer->tm_min, gmTimer->tm_sec, timer.millitm,
2172. - _test + timer.millitm, getpid() );
2173. - #else
2174. - struct timeval timer;
2175. - struct tm *gmTimer;
2176. - char * _test = NULL;
2177. -
2178. - gettimeofday(&timer, NULL);
2179. - gmTimer = gmtime( &timer.tv_sec );
2180. - _test = (char *) calloc( sizeof( char ), timer.tv_usec/1000 );
2181. - sprintf( buf, "%04d%02d%02d%02d%02d%02d%03d%p%d",
2182. - gmTimer->tm_year + 1900, gmTimer->tm_mon + 1, gmTimer->tm_mday,
2183. - gmTimer->tm_hour, gmTimer->tm_min, gmTimer->tm_sec, timer.tv_usec/1000,
2184. - _test + timer.tv_usec/1000, getpid() );
2185. - #endif
2186. -
2187. - if( _test )
2188. - free( _test );
2189. -}
2190. -#else
2191. -static uint32_t oaes_get_seed(void)
2192. -{
2193. - #if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__ANDROID__)
2194. - struct timeb timer;
2195. - struct tm *gmTimer;
2196. - char * _test = NULL;
2197. - uint32_t _ret = 0;
2198. -
2199. - ftime (&timer);
2200. - gmTimer = gmtime( &timer.time );
2201. - _test = (char *) calloc( sizeof( char ), timer.millitm );
2202. - _ret = gmTimer->tm_year + 1900 + gmTimer->tm_mon + 1 + gmTimer->tm_mday +
2203. - gmTimer->tm_hour + gmTimer->tm_min + gmTimer->tm_sec + timer.millitm +
2204. - (uintptr_t) ( _test + timer.millitm ) + getpid();
2205. - #else
2206. - struct timeval timer;
2207. - struct tm *gmTimer;
2208. - char * _test = NULL;
2209. - uint32_t _ret = 0;
2210. -
2211. - gettimeofday(&timer, NULL);
2212. - gmTimer = gmtime( &timer.tv_sec );
2213. - _test = (char *) calloc( sizeof( char ), timer.tv_usec/1000 );
2214. - _ret = gmTimer->tm_year + 1900 + gmTimer->tm_mon + 1 + gmTimer->tm_mday +
2215. - gmTimer->tm_hour + gmTimer->tm_min + gmTimer->tm_sec + timer.tv_usec/1000 +
2216. - (uintptr_t) ( _test + timer.tv_usec/1000 ) + getpid();
2217. - #endif
2218. -
2219. - if( _test )
2220. - free( _test );
2221. -
2222. - return _ret;
2223. -}
2224. -#endif // OAES_HAVE_ISAAC
2225. -
2226. -static OAES_RET oaes_key_destroy( oaes_key ** key )
2227. -{
2228. - if( NULL == *key )
2229. - return OAES_RET_SUCCESS;
2230. -
2231. - if( (*key)->data )
2232. - {
2233. - free( (*key)->data );
2234. - (*key)->data = NULL;
2235. - }
2236. -
2237. - if( (*key)->exp_data )
2238. - {
2239. - free( (*key)->exp_data );
2240. - (*key)->exp_data = NULL;
2241. - }
2242. -
2243. - (*key)->data_len = 0;
2244. - (*key)->exp_data_len = 0;
2245. - (*key)->num_keys = 0;
2246. - (*key)->key_base = 0;
2247. - free( *key );
2248. - *key = NULL;
2249. -
2250. - return OAES_RET_SUCCESS;
2251. -}
2252. -
2253. -static OAES_RET oaes_key_expand( OAES_CTX * ctx )
2254. -{
2255. - size_t _i, _j;
2256. - oaes_ctx * _ctx = (oaes_ctx *) ctx;
2257. -
2258. - if( NULL == _ctx )
2259. - return OAES_RET_ARG1;
2260. -
2261. - if( NULL == _ctx->key )
2262. - return OAES_RET_NOKEY;
2263. -
2264. - _ctx->key->key_base = _ctx->key->data_len / OAES_RKEY_LEN;
2265. - _ctx->key->num_keys = _ctx->key->key_base + OAES_ROUND_BASE;
2266. -
2267. - _ctx->key->exp_data_len = _ctx->key->num_keys * OAES_RKEY_LEN * OAES_COL_LEN;
2268. - _ctx->key->exp_data = (uint8_t *)
2269. - calloc( _ctx->key->exp_data_len, sizeof( uint8_t ));
2270. -
2271. - if( NULL == _ctx->key->exp_data )
2272. - return OAES_RET_MEM;
2273. -
2274. - // the first _ctx->key->data_len are a direct copy
2275. - memcpy( _ctx->key->exp_data, _ctx->key->data, _ctx->key->data_len );
2276. -
2277. - // apply ExpandKey algorithm for remainder
2278. - for( _i = _ctx->key->key_base; _i < _ctx->key->num_keys * OAES_RKEY_LEN; _i++ )
2279. - {
2280. - uint8_t _temp[OAES_COL_LEN];
2281. -
2282. - memcpy( _temp,
2283. - _ctx->key->exp_data + ( _i - 1 ) * OAES_RKEY_LEN, OAES_COL_LEN );
2284. -
2285. - // transform key column
2286. - if( 0 == _i % _ctx->key->key_base )
2287. - {
2288. - oaes_word_rot_left( _temp );
2289. -
2290. - for( _j = 0; _j < OAES_COL_LEN; _j++ )
2291. - oaes_sub_byte( _temp + _j );
2292. -
2293. - _temp[0] = _temp[0] ^ oaes_gf_8[ _i / _ctx->key->key_base - 1 ];
2294. - }
2295. - else if( _ctx->key->key_base > 6 && 4 == _i % _ctx->key->key_base )
2296. - {
2297. - for( _j = 0; _j < OAES_COL_LEN; _j++ )
2298. - oaes_sub_byte( _temp + _j );
2299. - }
2300. -
2301. - for( _j = 0; _j < OAES_COL_LEN; _j++ )
2302. - {
2303. - _ctx->key->exp_data[ _i * OAES_RKEY_LEN + _j ] =
2304. - _ctx->key->exp_data[ ( _i - _ctx->key->key_base ) *
2305. - OAES_RKEY_LEN + _j ] ^ _temp[_j];
2306. - }
2307. - }
2308. -
2309. - return OAES_RET_SUCCESS;
2310. -}
2311. -
2312. -static OAES_RET oaes_key_gen( OAES_CTX * ctx, size_t key_size )
2313. -{
2314. - size_t _i;
2315. - oaes_key * _key = NULL;
2316. - oaes_ctx * _ctx = (oaes_ctx *) ctx;
2317. - OAES_RET _rc = OAES_RET_SUCCESS;
2318. -
2319. - if( NULL == _ctx )
2320. - return OAES_RET_ARG1;
2321. -
2322. - _key = (oaes_key *) calloc( sizeof( oaes_key ), 1 );
2323. -
2324. - if( NULL == _key )
2325. - return OAES_RET_MEM;
2326. -
2327. - if( _ctx->key )
2328. - oaes_key_destroy( &(_ctx->key) );
2329. -
2330. - _key->data_len = key_size;
2331. - _key->data = (uint8_t *) calloc( key_size, sizeof( uint8_t ));
2332. -
2333. - if( NULL == _key->data )
2334. - {
2335. - free( _key );
2336. - return OAES_RET_MEM;
2337. - }
2338. -
2339. - for( _i = 0; _i < key_size; _i++ )
2340. -#ifdef OAES_HAVE_ISAAC
2341. - _key->data[_i] = (uint8_t) rand( _ctx->rctx );
2342. -#else
2343. - _key->data[_i] = (uint8_t) rand();
2344. -#endif // OAES_HAVE_ISAAC
2345. -
2346. - _ctx->key = _key;
2347. - _rc = _rc || oaes_key_expand( ctx );
2348. -
2349. - if( _rc != OAES_RET_SUCCESS )
2350. - {
2351. - oaes_key_destroy( &(_ctx->key) );
2352. - return _rc;
2353. - }
2354. -
2355. - return OAES_RET_SUCCESS;
2356. -}
2357. -
2358. -OAES_RET oaes_key_gen_128( OAES_CTX * ctx )
2359. -{
2360. - return oaes_key_gen( ctx, 16 );
2361. -}
2362. -
2363. -OAES_RET oaes_key_gen_192( OAES_CTX * ctx )
2364. -{
2365. - return oaes_key_gen( ctx, 24 );
2366. -}
2367. -
2368. -OAES_RET oaes_key_gen_256( OAES_CTX * ctx )
2369. -{
2370. - return oaes_key_gen( ctx, 32 );
2371. -}
2372. -
2373. -OAES_RET oaes_key_export( OAES_CTX * ctx,
2374. - uint8_t * data, size_t * data_len )
2375. -{
2376. - size_t _data_len_in;
2377. - oaes_ctx * _ctx = (oaes_ctx *) ctx;
2378. -
2379. - if( NULL == _ctx )
2380. - return OAES_RET_ARG1;
2381. -
2382. - if( NULL == _ctx->key )
2383. - return OAES_RET_NOKEY;
2384. -
2385. - if( NULL == data_len )
2386. - return OAES_RET_ARG3;
2387. -
2388. - _data_len_in = *data_len;
2389. - // data + header
2390. - *data_len = _ctx->key->data_len + OAES_BLOCK_SIZE;
2391. -
2392. - if( NULL == data )
2393. - return OAES_RET_SUCCESS;
2394. -
2395. - if( _data_len_in < *data_len )
2396. - return OAES_RET_BUF;
2397. -
2398. - // header
2399. - memcpy( data, oaes_header, OAES_BLOCK_SIZE );
2400. - data[5] = 0x01;
2401. - data[7] = _ctx->key->data_len;
2402. - memcpy( data + OAES_BLOCK_SIZE, _ctx->key->data, _ctx->key->data_len );
2403. -
2404. - return OAES_RET_SUCCESS;
2405. -}
2406. -
2407. -OAES_RET oaes_key_export_data( OAES_CTX * ctx,
2408. - uint8_t * data, size_t * data_len )
2409. -{
2410. - size_t _data_len_in;
2411. - oaes_ctx * _ctx = (oaes_ctx *) ctx;
2412. -
2413. - if( NULL == _ctx )
2414. - return OAES_RET_ARG1;
2415. -
2416. - if( NULL == _ctx->key )
2417. - return OAES_RET_NOKEY;
2418. -
2419. - if( NULL == data_len )
2420. - return OAES_RET_ARG3;
2421. -
2422. - _data_len_in = *data_len;
2423. - *data_len = _ctx->key->data_len;
2424. -
2425. - if( NULL == data )
2426. - return OAES_RET_SUCCESS;
2427. -
2428. - if( _data_len_in < *data_len )
2429. - return OAES_RET_BUF;
2430. -
2431. - memcpy( data, _ctx->key->data, *data_len );
2432. -
2433. - return OAES_RET_SUCCESS;
2434. -}
2435. -
2436. -OAES_RET oaes_key_import( OAES_CTX * ctx,
2437. - const uint8_t * data, size_t data_len )
2438. -{
2439. - oaes_ctx * _ctx = (oaes_ctx *) ctx;
2440. - OAES_RET _rc = OAES_RET_SUCCESS;
2441. - int _key_length;
2442. -
2443. - if( NULL == _ctx )
2444. - return OAES_RET_ARG1;
2445. -
2446. - if( NULL == data )
2447. - return OAES_RET_ARG2;
2448. -
2449. - switch( data_len )
2450. - {
2451. - case 16 + OAES_BLOCK_SIZE:
2452. - case 24 + OAES_BLOCK_SIZE:
2453. - case 32 + OAES_BLOCK_SIZE:
2454. - break;
2455. - default:
2456. - return OAES_RET_ARG3;
2457. - }
2458. -
2459. - // header
2460. - if( 0 != memcmp( data, oaes_header, 4 ) )
2461. - return OAES_RET_HEADER;
2462. -
2463. - // header version
2464. - switch( data[4] )
2465. - {
2466. - case 0x01:
2467. - break;
2468. - default:
2469. - return OAES_RET_HEADER;
2470. - }
2471. -
2472. - // header type
2473. - switch( data[5] )
2474. - {
2475. - case 0x01:
2476. - break;
2477. - default:
2478. - return OAES_RET_HEADER;
2479. - }
2480. -
2481. - // options
2482. - _key_length = data[7];
2483. - switch( _key_length )
2484. - {
2485. - case 16:
2486. - case 24:
2487. - case 32:
2488. - break;
2489. - default:
2490. - return OAES_RET_HEADER;
2491. - }
2492. -
2493. - if( (int)data_len != _key_length + OAES_BLOCK_SIZE )
2494. - return OAES_RET_ARG3;
2495. -
2496. - if( _ctx->key )
2497. - oaes_key_destroy( &(_ctx->key) );
2498. -
2499. - _ctx->key = (oaes_key *) calloc( sizeof( oaes_key ), 1 );
2500. -
2501. - if( NULL == _ctx->key )
2502. - return OAES_RET_MEM;
2503. -
2504. - _ctx->key->data_len = _key_length;
2505. - _ctx->key->data = (uint8_t *)
2506. - calloc( _key_length, sizeof( uint8_t ));
2507. -
2508. - if( NULL == _ctx->key->data )
2509. - {
2510. - oaes_key_destroy( &(_ctx->key) );
2511. - return OAES_RET_MEM;
2512. - }
2513. -
2514. - memcpy( _ctx->key->data, data + OAES_BLOCK_SIZE, _key_length );
2515. - _rc = _rc || oaes_key_expand( ctx );
2516. -
2517. - if( _rc != OAES_RET_SUCCESS )
2518. - {
2519. - oaes_key_destroy( &(_ctx->key) );
2520. - return _rc;
2521. - }
2522. -
2523. - return OAES_RET_SUCCESS;
2524. -}
2525. -
2526. -OAES_RET oaes_key_import_data( OAES_CTX * ctx,
2527. - const uint8_t * data, size_t data_len )
2528. -{
2529. - oaes_ctx * _ctx = (oaes_ctx *) ctx;
2530. - OAES_RET _rc = OAES_RET_SUCCESS;
2531. -
2532. - if( NULL == _ctx )
2533. - return OAES_RET_ARG1;
2534. -
2535. - if( NULL == data )
2536. - return OAES_RET_ARG2;
2537. -
2538. - switch( data_len )
2539. - {
2540. - case 16:
2541. - case 24:
2542. - case 32:
2543. - break;
2544. - default:
2545. - return OAES_RET_ARG3;
2546. - }
2547. -
2548. - if( _ctx->key )
2549. - oaes_key_destroy( &(_ctx->key) );
2550. -
2551. - _ctx->key = (oaes_key *) calloc( sizeof( oaes_key ), 1 );
2552. -
2553. - if( NULL == _ctx->key )
2554. - return OAES_RET_MEM;
2555. -
2556. - _ctx->key->data_len = data_len;
2557. - _ctx->key->data = (uint8_t *)
2558. - calloc( data_len, sizeof( uint8_t ));
2559. -
2560. - if( NULL == _ctx->key->data )
2561. - {
2562. - oaes_key_destroy( &(_ctx->key) );
2563. - return OAES_RET_MEM;
2564. - }
2565. -
2566. - memcpy( _ctx->key->data, data, data_len );
2567. - _rc = _rc || oaes_key_expand( ctx );
2568. -
2569. - if( _rc != OAES_RET_SUCCESS )
2570. - {
2571. - oaes_key_destroy( &(_ctx->key) );
2572. - return _rc;
2573. - }
2574. -
2575. - return OAES_RET_SUCCESS;
2576. -}
2577. -
2578. -OAES_CTX * oaes_alloc(void)
2579. -{
2580. - oaes_ctx * _ctx = (oaes_ctx *) calloc( sizeof( oaes_ctx ), 1 );
2581. -
2582. - if( NULL == _ctx )
2583. - return NULL;
2584. -
2585. -#ifdef OAES_HAVE_ISAAC
2586. - {
2587. - ub4 _i = 0;
2588. - char _seed[RANDSIZ + 1];
2589. -
2590. - _ctx->rctx = (randctx *) calloc( sizeof( randctx ), 1 );
2591. -
2592. - if( NULL == _ctx->rctx )
2593. - {
2594. - free( _ctx );
2595. - return NULL;
2596. - }
2597. -
2598. - oaes_get_seed( _seed );
2599. - memset( _ctx->rctx->randrsl, 0, RANDSIZ );
2600. - memcpy( _ctx->rctx->randrsl, _seed, RANDSIZ );
2601. - randinit( _ctx->rctx, TRUE);
2602. - }
2603. -#else
2604. - srand( oaes_get_seed() );
2605. -#endif // OAES_HAVE_ISAAC
2606. -
2607. - _ctx->key = NULL;
2608. - oaes_set_option( _ctx, OAES_OPTION_CBC, NULL );
2609. -
2610. -#ifdef OAES_DEBUG
2611. - _ctx->step_cb = NULL;
2612. - oaes_set_option( _ctx, OAES_OPTION_STEP_OFF, NULL );
2613. -#endif // OAES_DEBUG
2614. -
2615. - return (OAES_CTX *) _ctx;
2616. -}
2617. -
2618. -OAES_RET oaes_free( OAES_CTX ** ctx )
2619. -{
2620. - oaes_ctx ** _ctx = (oaes_ctx **) ctx;
2621. -
2622. - if( NULL == _ctx )
2623. - return OAES_RET_ARG1;
2624. -
2625. - if( NULL == *_ctx )
2626. - return OAES_RET_SUCCESS;
2627. -
2628. - if( (*_ctx)->key )
2629. - oaes_key_destroy( &((*_ctx)->key) );
2630. -
2631. -#ifdef OAES_HAVE_ISAAC
2632. - if( (*_ctx)->rctx )
2633. - {
2634. - free( (*_ctx)->rctx );
2635. - (*_ctx)->rctx = NULL;
2636. - }
2637. -#endif // OAES_HAVE_ISAAC
2638. -
2639. - free( *_ctx );
2640. - *_ctx = NULL;
2641. -
2642. - return OAES_RET_SUCCESS;
2643. -}
2644. -
2645. -OAES_RET oaes_set_option( OAES_CTX * ctx,
2646. - OAES_OPTION option, const void * value )
2647. -{
2648. - size_t _i;
2649. - oaes_ctx * _ctx = (oaes_ctx *) ctx;
2650. -
2651. - if( NULL == _ctx )
2652. - return OAES_RET_ARG1;
2653. -
2654. - switch( option )
2655. - {
2656. - case OAES_OPTION_ECB:
2657. - _ctx->options &= ~OAES_OPTION_CBC;
2658. - memset( _ctx->iv, 0, OAES_BLOCK_SIZE );
2659. - break;
2660. -
2661. - case OAES_OPTION_CBC:
2662. - _ctx->options &= ~OAES_OPTION_ECB;
2663. - if( value )
2664. - memcpy( _ctx->iv, value, OAES_BLOCK_SIZE );
2665. - else
2666. - {
2667. - for( _i = 0; _i < OAES_BLOCK_SIZE; _i++ )
2668. -#ifdef OAES_HAVE_ISAAC
2669. - _ctx->iv[_i] = (uint8_t) rand( _ctx->rctx );
2670. -#else
2671. - _ctx->iv[_i] = (uint8_t) rand();
2672. -#endif // OAES_HAVE_ISAAC
2673. - }
2674. - break;
2675. -
2676. -#ifdef OAES_DEBUG
2677. -
2678. - case OAES_OPTION_STEP_ON:
2679. - if( value )
2680. - {
2681. - _ctx->options &= ~OAES_OPTION_STEP_OFF;
2682. - _ctx->step_cb = value;
2683. - }
2684. - else
2685. - {
2686. - _ctx->options &= ~OAES_OPTION_STEP_ON;
2687. - _ctx->options |= OAES_OPTION_STEP_OFF;
2688. - _ctx->step_cb = NULL;
2689. - return OAES_RET_ARG3;
2690. - }
2691. - break;
2692. -
2693. - case OAES_OPTION_STEP_OFF:
2694. - _ctx->options &= ~OAES_OPTION_STEP_ON;
2695. - _ctx->step_cb = NULL;
2696. - break;
2697. -
2698. -#endif // OAES_DEBUG
2699. -
2700. - default:
2701. - return OAES_RET_ARG2;
2702. - }
2703. -
2704. - _ctx->options |= option;
2705. -
2706. - return OAES_RET_SUCCESS;
2707. -}
2708. -
2709. -static OAES_RET oaes_encrypt_block(
2710. - OAES_CTX * ctx, uint8_t * c, size_t c_len )
2711. -{
2712. - size_t _i, _j;
2713. - oaes_ctx * _ctx = (oaes_ctx *) ctx;
2714. -
2715. - if( NULL == _ctx )
2716. - return OAES_RET_ARG1;
2717. -
2718. - if( NULL == c )
2719. - return OAES_RET_ARG2;
2720. -
2721. - if( c_len != OAES_BLOCK_SIZE )
2722. - return OAES_RET_ARG3;
2723. -
2724. - if( NULL == _ctx->key )
2725. - return OAES_RET_NOKEY;
2726. -
2727. -#ifdef OAES_DEBUG
2728. - if( _ctx->step_cb )
2729. - _ctx->step_cb( c, "input", 1, NULL );
2730. -#endif // OAES_DEBUG
2731. -
2732. - // AddRoundKey(State, K0)
2733. - for( _i = 0; _i < c_len; _i++ )
2734. - c[_i] = c[_i] ^ _ctx->key->exp_data[_i];
2735. -
2736. -#ifdef OAES_DEBUG
2737. - if( _ctx->step_cb )
2738. - {
2739. - _ctx->step_cb( _ctx->key->exp_data, "k_sch", 1, NULL );
2740. - _ctx->step_cb( c, "k_add", 1, NULL );
2741. - }
2742. -#endif // OAES_DEBUG
2743. -
2744. - // for round = 1 step 1 to Nr<E2><80><93>1
2745. - for( _i = 1; _i < _ctx->key->num_keys - 1; _i++ )
2746. - {
2747. - // SubBytes(state)
2748. - for( _j = 0; _j < c_len; _j++ )
2749. - oaes_sub_byte( c + _j );
2750. -
2751. -#ifdef OAES_DEBUG
2752. - if( _ctx->step_cb )
2753. - _ctx->step_cb( c, "s_box", _i, NULL );
2754. -#endif // OAES_DEBUG
2755. -
2756. - // ShiftRows(state)
2757. - oaes_shift_rows( c );
2758. -
2759. -#ifdef OAES_DEBUG
2760. - if( _ctx->step_cb )
2761. - _ctx->step_cb( c, "s_row", _i, NULL );
2762. -#endif // OAES_DEBUG
2763. -
2764. - // MixColumns(state)
2765. - oaes_mix_cols( c );
2766. - oaes_mix_cols( c + 4 );
2767. - oaes_mix_cols( c + 8 );
2768. - oaes_mix_cols( c + 12 );
2769. -
2770. -#ifdef OAES_DEBUG
2771. - if( _ctx->step_cb )
2772. - _ctx->step_cb( c, "m_col", _i, NULL );
2773. -#endif // OAES_DEBUG
2774. -
2775. - // AddRoundKey(state, w[round*Nb, (round+1)*Nb-1])
2776. - for( _j = 0; _j < c_len; _j++ )
2777. - c[_j] = c[_j] ^
2778. - _ctx->key->exp_data[_i * OAES_RKEY_LEN * OAES_COL_LEN + _j];
2779. -
2780. -#ifdef OAES_DEBUG
2781. - if( _ctx->step_cb )
2782. - {
2783. - _ctx->step_cb( _ctx->key->exp_data + _i * OAES_RKEY_LEN * OAES_COL_LEN,
2784. - "k_sch", _i, NULL );
2785. - _ctx->step_cb( c, "k_add", _i, NULL );
2786. - }
2787. -#endif // OAES_DEBUG
2788. -
2789. - }
2790. -
2791. - // SubBytes(state)
2792. - for( _i = 0; _i < c_len; _i++ )
2793. - oaes_sub_byte( c + _i );
2794. -
2795. -#ifdef OAES_DEBUG
2796. - if( _ctx->step_cb )
2797. - _ctx->step_cb( c, "s_box", _ctx->key->num_keys - 1, NULL );
2798. -#endif // OAES_DEBUG
2799. -
2800. - // ShiftRows(state)
2801. - oaes_shift_rows( c );
2802. -
2803. -#ifdef OAES_DEBUG
2804. - if( _ctx->step_cb )
2805. - _ctx->step_cb( c, "s_row", _ctx->key->num_keys - 1, NULL );
2806. -#endif // OAES_DEBUG
2807. -
2808. - // AddRoundKey(state, w[Nr*Nb, (Nr+1)*Nb-1])
2809. - for( _i = 0; _i < c_len; _i++ )
2810. - c[_i] = c[_i] ^ _ctx->key->exp_data[
2811. - ( _ctx->key->num_keys - 1 ) * OAES_RKEY_LEN * OAES_COL_LEN + _i ];
2812. -
2813. -#ifdef OAES_DEBUG
2814. - if( _ctx->step_cb )
2815. - {
2816. - _ctx->step_cb( _ctx->key->exp_data +
2817. - ( _ctx->key->num_keys - 1 ) * OAES_RKEY_LEN * OAES_COL_LEN,
2818. - "k_sch", _ctx->key->num_keys - 1, NULL );
2819. - _ctx->step_cb( c, "output", _ctx->key->num_keys - 1, NULL );
2820. - }
2821. -#endif // OAES_DEBUG
2822. -
2823. - return OAES_RET_SUCCESS;
2824. -}
2825. -
2826. -static OAES_RET oaes_decrypt_block(
2827. - OAES_CTX * ctx, uint8_t * c, size_t c_len )
2828. -{
2829. - size_t _i, _j;
2830. - oaes_ctx * _ctx = (oaes_ctx *) ctx;
2831. -
2832. - if( NULL == _ctx )
2833. - return OAES_RET_ARG1;
2834. -
2835. - if( NULL == c )
2836. - return OAES_RET_ARG2;
2837. -
2838. - if( c_len != OAES_BLOCK_SIZE )
2839. - return OAES_RET_ARG3;
2840. -
2841. - if( NULL == _ctx->key )
2842. - return OAES_RET_NOKEY;
2843. -
2844. -#ifdef OAES_DEBUG
2845. - if( _ctx->step_cb )
2846. - _ctx->step_cb( c, "iinput", _ctx->key->num_keys - 1, NULL );
2847. -#endif // OAES_DEBUG
2848. -
2849. - // AddRoundKey(state, w[Nr*Nb, (Nr+1)*Nb-1])
2850. - for( _i = 0; _i < c_len; _i++ )
2851. - c[_i] = c[_i] ^ _ctx->key->exp_data[
2852. - ( _ctx->key->num_keys - 1 ) * OAES_RKEY_LEN * OAES_COL_LEN + _i ];
2853. -
2854. -#ifdef OAES_DEBUG
2855. - if( _ctx->step_cb )
2856. - {
2857. - _ctx->step_cb( _ctx->key->exp_data +
2858. - ( _ctx->key->num_keys - 1 ) * OAES_RKEY_LEN * OAES_COL_LEN,
2859. - "ik_sch", _ctx->key->num_keys - 1, NULL );
2860. - _ctx->step_cb( c, "ik_add", _ctx->key->num_keys - 1, NULL );
2861. - }
2862. -#endif // OAES_DEBUG
2863. -
2864. - for( _i = _ctx->key->num_keys - 2; _i > 0; _i-- )
2865. - {
2866. - // InvShiftRows(state)
2867. - oaes_inv_shift_rows( c );
2868. -
2869. -#ifdef OAES_DEBUG
2870. - if( _ctx->step_cb )
2871. - _ctx->step_cb( c, "is_row", _i, NULL );
2872. -#endif // OAES_DEBUG
2873. -
2874. - // InvSubBytes(state)
2875. - for( _j = 0; _j < c_len; _j++ )
2876. - oaes_inv_sub_byte( c + _j );
2877. -
2878. -#ifdef OAES_DEBUG
2879. - if( _ctx->step_cb )
2880. - _ctx->step_cb( c, "is_box", _i, NULL );
2881. -#endif // OAES_DEBUG
2882. -
2883. - // AddRoundKey(state, w[round*Nb, (round+1)*Nb-1])
2884. - for( _j = 0; _j < c_len; _j++ )
2885. - c[_j] = c[_j] ^
2886. - _ctx->key->exp_data[_i * OAES_RKEY_LEN * OAES_COL_LEN + _j];
2887. -
2888. -#ifdef OAES_DEBUG
2889. - if( _ctx->step_cb )
2890. - {
2891. - _ctx->step_cb( _ctx->key->exp_data + _i * OAES_RKEY_LEN * OAES_COL_LEN,
2892. - "ik_sch", _i, NULL );
2893. - _ctx->step_cb( c, "ik_add", _i, NULL );
2894. - }
2895. -#endif // OAES_DEBUG
2896. -
2897. - // InvMixColums(state)
2898. - oaes_inv_mix_cols( c );
2899. - oaes_inv_mix_cols( c + 4 );
2900. - oaes_inv_mix_cols( c + 8 );
2901. - oaes_inv_mix_cols( c + 12 );
2902. -
2903. -#ifdef OAES_DEBUG
2904. - if( _ctx->step_cb )
2905. - _ctx->step_cb( c, "im_col", _i, NULL );
2906. -#endif // OAES_DEBUG
2907. -
2908. - }
2909. -
2910. - // InvShiftRows(state)
2911. - oaes_inv_shift_rows( c );
2912. -
2913. -#ifdef OAES_DEBUG
2914. - if( _ctx->step_cb )
2915. - _ctx->step_cb( c, "is_row", 1, NULL );
2916. -#endif // OAES_DEBUG
2917. -
2918. - // InvSubBytes(state)
2919. - for( _i = 0; _i < c_len; _i++ )
2920. - oaes_inv_sub_byte( c + _i );
2921. -
2922. -#ifdef OAES_DEBUG
2923. - if( _ctx->step_cb )
2924. - _ctx->step_cb( c, "is_box", 1, NULL );
2925. -#endif // OAES_DEBUG
2926. -
2927. - // AddRoundKey(state, w[0, Nb-1])
2928. - for( _i = 0; _i < c_len; _i++ )
2929. - c[_i] = c[_i] ^ _ctx->key->exp_data[_i];
2930. -
2931. -#ifdef OAES_DEBUG
2932. - if( _ctx->step_cb )
2933. - {
2934. - _ctx->step_cb( _ctx->key->exp_data, "ik_sch", 1, NULL );
2935. - _ctx->step_cb( c, "ioutput", 1, NULL );
2936. - }
2937. -#endif // OAES_DEBUG
2938. -
2939. - return OAES_RET_SUCCESS;
2940. -}
2941. -
2942. -OAES_RET oaes_encrypt( OAES_CTX * ctx,
2943. - const uint8_t * m, size_t m_len, uint8_t * c, size_t * c_len )
2944. -{
2945. - size_t _i, _j, _c_len_in, _c_data_len;
2946. - size_t _pad_len = m_len % OAES_BLOCK_SIZE == 0 ?
2947. - 0 : OAES_BLOCK_SIZE - m_len % OAES_BLOCK_SIZE;
2948. - oaes_ctx * _ctx = (oaes_ctx *) ctx;
2949. - OAES_RET _rc = OAES_RET_SUCCESS;
2950. - uint8_t _flags = _pad_len ? OAES_FLAG_PAD : 0;
2951. -
2952. - if( NULL == _ctx )
2953. - return OAES_RET_ARG1;
2954. -
2955. - if( NULL == m )
2956. - return OAES_RET_ARG2;
2957. -
2958. - if( NULL == c_len )
2959. - return OAES_RET_ARG5;
2960. -
2961. - _c_len_in = *c_len;
2962. - // data + pad
2963. - _c_data_len = m_len + _pad_len;
2964. - // header + iv + data + pad
2965. - *c_len = 2 * OAES_BLOCK_SIZE + m_len + _pad_len;
2966. -
2967. - if( NULL == c )
2968. - return OAES_RET_SUCCESS;
2969. -
2970. - if( _c_len_in < *c_len )
2971. - return OAES_RET_BUF;
2972. -
2973. - if( NULL == _ctx->key )
2974. - return OAES_RET_NOKEY;
2975. -
2976. - // header
2977. - memcpy(c, oaes_header, OAES_BLOCK_SIZE );
2978. - memcpy(c + 6, &_ctx->options, sizeof(_ctx->options));
2979. - memcpy(c + 8, &_flags, sizeof(_flags));
2980. - // iv
2981. - memcpy(c + OAES_BLOCK_SIZE, _ctx->iv, OAES_BLOCK_SIZE );
2982. - // data
2983. - memcpy(c + 2 * OAES_BLOCK_SIZE, m, m_len );
2984. -
2985. - for( _i = 0; _i < _c_data_len; _i += OAES_BLOCK_SIZE )
2986. - {
2987. - uint8_t _block[OAES_BLOCK_SIZE];
2988. - size_t _block_size = min( m_len - _i, OAES_BLOCK_SIZE );
2989. -
2990. - memcpy( _block, c + 2 * OAES_BLOCK_SIZE + _i, _block_size );
2991. -
2992. - // insert pad
2993. - for( _j = 0; _j < OAES_BLOCK_SIZE - _block_size; _j++ )
2994. - _block[ _block_size + _j ] = _j + 1;
2995. -
2996. - // CBC
2997. - if( _ctx->options & OAES_OPTION_CBC )
2998. - {
2999. - for( _j = 0; _j < OAES_BLOCK_SIZE; _j++ )
3000. - _block[_j] = _block[_j] ^ _ctx->iv[_j];
3001. - }
3002. -
3003. - _rc = _rc ||
3004. - oaes_encrypt_block( ctx, _block, OAES_BLOCK_SIZE );
3005. - memcpy( c + 2 * OAES_BLOCK_SIZE + _i, _block, OAES_BLOCK_SIZE );
3006. -
3007. - if( _ctx->options & OAES_OPTION_CBC )
3008. - memcpy( _ctx->iv, _block, OAES_BLOCK_SIZE );
3009. - }
3010. -
3011. - return _rc;
3012. -}
3013. -
3014. -OAES_RET oaes_decrypt( OAES_CTX * ctx,
3015. - const uint8_t * c, size_t c_len, uint8_t * m, size_t * m_len )
3016. -{
3017. - size_t _i, _j, _m_len_in;
3018. - oaes_ctx * _ctx = (oaes_ctx *) ctx;
3019. - OAES_RET _rc = OAES_RET_SUCCESS;
3020. - uint8_t _iv[OAES_BLOCK_SIZE];
3021. - uint8_t _flags;
3022. - OAES_OPTION _options;
3023. -
3024. - if( NULL == ctx )
3025. - return OAES_RET_ARG1;
3026. -
3027. - if( NULL == c )
3028. - return OAES_RET_ARG2;
3029. -
3030. - if( c_len % OAES_BLOCK_SIZE )
3031. - return OAES_RET_ARG3;
3032. -
3033. - if( NULL == m_len )
3034. - return OAES_RET_ARG5;
3035. -
3036. - _m_len_in = *m_len;
3037. - *m_len = c_len - 2 * OAES_BLOCK_SIZE;
3038. -
3039. - if( NULL == m )
3040. - return OAES_RET_SUCCESS;
3041. -
3042. - if( _m_len_in < *m_len )
3043. - return OAES_RET_BUF;
3044. -
3045. - if( NULL == _ctx->key )
3046. - return OAES_RET_NOKEY;
3047. -
3048. - // header
3049. - if( 0 != memcmp( c, oaes_header, 4 ) )
3050. - return OAES_RET_HEADER;
3051. -
3052. - // header version
3053. - switch( c[4] )
3054. - {
3055. - case 0x01:
3056. - break;
3057. - default:
3058. - return OAES_RET_HEADER;
3059. - }
3060. -
3061. - // header type
3062. - switch( c[5] )
3063. - {
3064. - case 0x02:
3065. - break;
3066. - default:
3067. - return OAES_RET_HEADER;
3068. - }
3069. -
3070. - // options
3071. - memcpy(&_options, c + 6, sizeof(_options));
3072. - // validate that all options are valid
3073. - if( _options & ~(
3074. - OAES_OPTION_ECB
3075. - | OAES_OPTION_CBC
3076. -#ifdef OAES_DEBUG
3077. - | OAES_OPTION_STEP_ON
3078. - | OAES_OPTION_STEP_OFF
3079. -#endif // OAES_DEBUG
3080. - ) )
3081. - return OAES_RET_HEADER;
3082. - if( ( _options & OAES_OPTION_ECB ) &&
3083. - ( _options & OAES_OPTION_CBC ) )
3084. - return OAES_RET_HEADER;
3085. - if( _options == OAES_OPTION_NONE )
3086. - return OAES_RET_HEADER;
3087. -
3088. - // flags
3089. - memcpy(&_flags, c + 8, sizeof(_flags));
3090. - // validate that all flags are valid
3091. - if( _flags & ~(
3092. - OAES_FLAG_PAD
3093. - ) )
3094. - return OAES_RET_HEADER;
3095. -
3096. - // iv
3097. - memcpy( _iv, c + OAES_BLOCK_SIZE, OAES_BLOCK_SIZE);
3098. - // data + pad
3099. - memcpy( m, c + 2 * OAES_BLOCK_SIZE, *m_len );
3100. -
3101. - for( _i = 0; _i < *m_len; _i += OAES_BLOCK_SIZE )
3102. - {
3103. - if( ( _options & OAES_OPTION_CBC ) && _i > 0 )
3104. - memcpy( _iv, c + OAES_BLOCK_SIZE + _i, OAES_BLOCK_SIZE );
3105. -
3106. - _rc = _rc ||
3107. - oaes_decrypt_block( ctx, m + _i, min( *m_len - _i, OAES_BLOCK_SIZE ) );
3108. -
3109. - // CBC
3110. - if( _options & OAES_OPTION_CBC )
3111. - {
3112. - for( _j = 0; _j < OAES_BLOCK_SIZE; _j++ )
3113. - m[ _i + _j ] = m[ _i + _j ] ^ _iv[_j];
3114. - }
3115. - }
3116. -
3117. - // remove pad
3118. - if( _flags & OAES_FLAG_PAD )
3119. - {
3120. - int _is_pad = 1;
3121. - size_t _temp = (size_t) m[*m_len - 1];
3122. -
3123. - if( _temp <= 0x00 || _temp > 0x0f )
3124. - return OAES_RET_HEADER;
3125. - for( _i = 0; _i < _temp; _i++ )
3126. - if( m[*m_len - 1 - _i] != _temp - _i )
3127. - _is_pad = 0;
3128. - if( _is_pad )
3129. - {
3130. - memset( m + *m_len - _temp, 0, _temp );
3131. - *m_len -= _temp;
3132. - }
3133. - else
3134. - return OAES_RET_HEADER;
3135. - }
3136. -
3137. - return OAES_RET_SUCCESS;
3138. -}
3139. -
3140. -
3141. -OAES_API OAES_RET oaes_encryption_round( const uint8_t * key, uint8_t * c )
3142. -{
3143. - size_t _i;
3144. -
3145. - if( NULL == key )
3146. - return OAES_RET_ARG1;
3147. -
3148. - if( NULL == c )
3149. - return OAES_RET_ARG2;
3150. -
3151. - // SubBytes(state)
3152. - for( _i = 0; _i < OAES_BLOCK_SIZE; _i++ )
3153. - oaes_sub_byte( c + _i );
3154. -
3155. - // ShiftRows(state)
3156. - oaes_shift_rows( c );
3157. -
3158. - // MixColumns(state)
3159. - oaes_mix_cols( c );
3160. - oaes_mix_cols( c + 4 );
3161. - oaes_mix_cols( c + 8 );
3162. - oaes_mix_cols( c + 12 );
3163. -
3164. - // AddRoundKey(State, key)
3165. - for( _i = 0; _i < OAES_BLOCK_SIZE; _i++ )
3166. - c[_i] ^= key[_i];
3167. -
3168. - return OAES_RET_SUCCESS;
3169. -}
3170. -
3171. -OAES_API OAES_RET oaes_pseudo_encrypt_ecb( OAES_CTX * ctx, uint8_t * c )
3172. -{
3173. - size_t _i;
3174. - oaes_ctx * _ctx = (oaes_ctx *) ctx;
3175. -
3176. - if( NULL == _ctx )
3177. - return OAES_RET_ARG1;
3178. -
3179. - if( NULL == c )
3180. - return OAES_RET_ARG2;
3181. -
3182. - if( NULL == _ctx->key )
3183. - return OAES_RET_NOKEY;
3184. -
3185. - for ( _i = 0; _i < 10; ++_i )
3186. - {
3187. - oaes_encryption_round( &_ctx->key->exp_data[_i * OAES_RKEY_LEN * OAES_COL_LEN], c );
3188. - }
3189. -
3190. - return OAES_RET_SUCCESS;
3191. -}
3192. diff --git "a/c:\\1\\sumokoin/src/crypto/oaes_lib.h" "b/c:\\1\\sumokoin/src/crypto/oaes_lib.h"
3193. deleted file mode 100644
3194. index fd19428..0000000
3195. --- "a/c:\\1\\sumokoin/src/crypto/oaes_lib.h"
3196. +++ /dev/null
3197. @@ -1,215 +0,0 @@
3198. -/*
3199. - * ---------------------------------------------------------------------------
3200. - * OpenAES License
3201. - * ---------------------------------------------------------------------------
3202. - * Copyright (c) 2012, Nabil S. Al Ramli, www.nalramli.com
3203. - * All rights reserved.
3204. - *
3205. - * Redistribution and use in source and binary forms, with or without
3206. - * modification, are permitted provided that the following conditions are met:
3207. - *
3208. - * - Redistributions of source code must retain the above copyright notice,
3209. - * this list of conditions and the following disclaimer.
3210. - * - Redistributions in binary form must reproduce the above copyright
3211. - * notice, this list of conditions and the following disclaimer in the
3212. - * documentation and/or other materials provided with the distribution.
3213. - *
3214. - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
3215. - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
3216. - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
3217. - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
3218. - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
3219. - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
3220. - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
3221. - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
3222. - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
3223. - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
3224. - * POSSIBILITY OF SUCH DAMAGE.
3225. - * ---------------------------------------------------------------------------
3226. - */
3227. -
3228. -#ifndef _OAES_LIB_H
3229. -#define _OAES_LIB_H
3230. -
3231. -#include <stdint.h>
3232. -#include <stdlib.h>
3233. -
3234. -#ifdef __cplusplus
3235. -extern "C" {
3236. -#endif
3237. -
3238. -#ifdef _WIN32
3239. -# ifdef OAES_SHARED
3240. -# ifdef oaes_lib_EXPORTS
3241. -# define OAES_API __declspec(dllexport)
3242. -# else
3243. -# define OAES_API __declspec(dllimport)
3244. -# endif
3245. -# else
3246. -# define OAES_API
3247. -# endif
3248. -#else
3249. -# define OAES_API
3250. -#endif // WIN32
3251. -
3252. -#define OAES_VERSION "0.8.1"
3253. -#define OAES_BLOCK_SIZE 16
3254. -
3255. -typedef void OAES_CTX;
3256. -
3257. -typedef enum
3258. -{
3259. - OAES_RET_FIRST = 0,
3260. - OAES_RET_SUCCESS = 0,
3261. - OAES_RET_UNKNOWN,
3262. - OAES_RET_ARG1,
3263. - OAES_RET_ARG2,
3264. - OAES_RET_ARG3,
3265. - OAES_RET_ARG4,
3266. - OAES_RET_ARG5,
3267. - OAES_RET_NOKEY,
3268. - OAES_RET_MEM,
3269. - OAES_RET_BUF,
3270. - OAES_RET_HEADER,
3271. - OAES_RET_COUNT
3272. -} OAES_RET;
3273. -
3274. -/*
3275. - * oaes_set_option() takes one of these values for its [option] parameter
3276. - * some options accept either an optional or a required [value] parameter
3277. - */
3278. -// no option
3279. -#define OAES_OPTION_NONE 0
3280. -// enable ECB mode, disable CBC mode
3281. -#define OAES_OPTION_ECB 1
3282. -// enable CBC mode, disable ECB mode
3283. -// value is optional, may pass uint8_t iv[OAES_BLOCK_SIZE] to specify
3284. -// the value of the initialization vector, iv
3285. -#define OAES_OPTION_CBC 2
3286. -
3287. -#ifdef OAES_DEBUG
3288. -typedef int ( * oaes_step_cb ) (
3289. - const uint8_t state[OAES_BLOCK_SIZE],
3290. - const char * step_name,
3291. - int step_count,
3292. - void * user_data );
3293. -// enable state stepping mode
3294. -// value is required, must pass oaes_step_cb to receive the state at each step
3295. -#define OAES_OPTION_STEP_ON 4
3296. -// disable state stepping mode
3297. -#define OAES_OPTION_STEP_OFF 8
3298. -#endif // OAES_DEBUG
3299. -
3300. -typedef uint16_t OAES_OPTION;
3301. -
3302. -typedef struct _oaes_key
3303. -{
3304. - size_t data_len;
3305. - uint8_t *data;
3306. - size_t exp_data_len;
3307. - uint8_t *exp_data;
3308. - size_t num_keys;
3309. - size_t key_base;
3310. -} oaes_key;
3311. -
3312. -typedef struct _oaes_ctx
3313. -{
3314. -#ifdef OAES_HAVE_ISAAC
3315. - randctx * rctx;
3316. -#endif // OAES_HAVE_ISAAC
3317. -
3318. -#ifdef OAES_DEBUG
3319. - oaes_step_cb step_cb;
3320. -#endif // OAES_DEBUG
3321. -
3322. - oaes_key * key;
3323. - OAES_OPTION options;
3324. - uint8_t iv[OAES_BLOCK_SIZE];
3325. -} oaes_ctx;
3326. -/*
3327. - * // usage:
3328. - *
3329. - * OAES_CTX * ctx = oaes_alloc();
3330. - * .
3331. - * .
3332. - * .
3333. - * {
3334. - * oaes_gen_key_xxx( ctx );
3335. - * {
3336. - * oaes_key_export( ctx, _buf, &_buf_len );
3337. - * // or
3338. - * oaes_key_export_data( ctx, _buf, &_buf_len );\
3339. - * }
3340. - * }
3341. - * // or
3342. - * {
3343. - * oaes_key_import( ctx, _buf, _buf_len );
3344. - * // or
3345. - * oaes_key_import_data( ctx, _buf, _buf_len );
3346. - * }
3347. - * .
3348. - * .
3349. - * .
3350. - * oaes_encrypt( ctx, m, m_len, c, &c_len );
3351. - * .
3352. - * .
3353. - * .
3354. - * oaes_decrypt( ctx, c, c_len, m, &m_len );
3355. - * .
3356. - * .
3357. - * .
3358. - * oaes_free( &ctx );
3359. - */
3360. -
3361. -OAES_API OAES_CTX * oaes_alloc(void);
3362. -
3363. -OAES_API OAES_RET oaes_free( OAES_CTX ** ctx );
3364. -
3365. -OAES_API OAES_RET oaes_set_option( OAES_CTX * ctx,
3366. - OAES_OPTION option, const void * value );
3367. -
3368. -OAES_API OAES_RET oaes_key_gen_128( OAES_CTX * ctx );
3369. -
3370. -OAES_API OAES_RET oaes_key_gen_192( OAES_CTX * ctx );
3371. -
3372. -OAES_API OAES_RET oaes_key_gen_256( OAES_CTX * ctx );
3373. -
3374. -// export key with header information
3375. -// set data == NULL to get the required data_len
3376. -OAES_API OAES_RET oaes_key_export( OAES_CTX * ctx,
3377. - uint8_t * data, size_t * data_len );
3378. -
3379. -// directly export the data from key
3380. -// set data == NULL to get the required data_len
3381. -OAES_API OAES_RET oaes_key_export_data( OAES_CTX * ctx,
3382. - uint8_t * data, size_t * data_len );
3383. -
3384. -// import key with header information
3385. -OAES_API OAES_RET oaes_key_import( OAES_CTX * ctx,
3386. - const uint8_t * data, size_t data_len );
3387. -
3388. -// directly import data into key
3389. -OAES_API OAES_RET oaes_key_import_data( OAES_CTX * ctx,
3390. - const uint8_t * data, size_t data_len );
3391. -
3392. -// set c == NULL to get the required c_len
3393. -OAES_API OAES_RET oaes_encrypt( OAES_CTX * ctx,
3394. - const uint8_t * m, size_t m_len, uint8_t * c, size_t * c_len );
3395. -
3396. -// set m == NULL to get the required m_len
3397. -OAES_API OAES_RET oaes_decrypt( OAES_CTX * ctx,
3398. - const uint8_t * c, size_t c_len, uint8_t * m, size_t * m_len );
3399. -
3400. -// set buf == NULL to get the required buf_len
3401. -OAES_API OAES_RET oaes_sprintf(
3402. - char * buf, size_t * buf_len, const uint8_t * data, size_t data_len );
3403. -
3404. -OAES_API OAES_RET oaes_encryption_round( const uint8_t * key, uint8_t * c );
3405. -
3406. -OAES_API OAES_RET oaes_pseudo_encrypt_ecb( OAES_CTX * ctx, uint8_t * c );
3407. -
3408. -#ifdef __cplusplus
3409. -}
3410. -#endif
3411. -
3412. -#endif // _OAES_LIB_H
3413. diff --git "a/c:\\1\\sumokoin/src/crypto/slow-hash.c" "b/c:\\1\\sumokoin/src/crypto/slow-hash.c"
3414. deleted file mode 100644
3415. index 61f6922..0000000
3416. --- "a/c:\\1\\sumokoin/src/crypto/slow-hash.c"
3417. +++ /dev/null
3418. @@ -1,1283 +0,0 @@
3419. -// Copyright (c) 2014-2017, The Monero Project
3420. -//
3421. -// All rights reserved.
3422. -//
3423. -// Redistribution and use in source and binary forms, with or without modification, are
3424. -// permitted provided that the following conditions are met:
3425. -//
3426. -// 1. Redistributions of source code must retain the above copyright notice, this list of
3427. -// conditions and the following disclaimer.
3428. -//
3429. -// 2. Redistributions in binary form must reproduce the above copyright notice, this list
3430. -// of conditions and the following disclaimer in the documentation and/or other
3431. -// materials provided with the distribution.
3432. -//
3433. -// 3. Neither the name of the copyright holder nor the names of its contributors may be
3434. -// used to endorse or promote products derived from this software without specific
3435. -// prior written permission.
3436. -//
3437. -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
3438. -// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
3439. -// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
3440. -// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
3441. -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
3442. -// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
3443. -// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
3444. -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
3445. -// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
3446. -//
3447. -// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
3448. -
3449. -#include <assert.h>
3450. -#include <stddef.h>
3451. -#include <stdint.h>
3452. -#include <string.h>
3453. -
3454. -#include "common/int-util.h"
3455. -#include "hash-ops.h"
3456. -#include "oaes_lib.h"
3457. -
3458. -#define MEMORY (1 << 21) // 2MB scratchpad
3459. -#define ITER (1 << 20)
3460. -#define AES_BLOCK_SIZE 16
3461. -#define AES_KEY_SIZE 32
3462. -#define INIT_SIZE_BLK 8
3463. -#define INIT_SIZE_BYTE (INIT_SIZE_BLK * AES_BLOCK_SIZE)
3464. -
3465. -#if defined(__x86_64__) || (defined(_MSC_VER) && defined(_WIN64))
3466. -// Optimised code below, uses x86-specific intrinsics, SSE2, AES-NI
3467. -// Fall back to more portable code is down at the bottom
3468. -
3469. -#include <emmintrin.h>
3470. -
3471. -#if defined(_MSC_VER)
3472. -#include <intrin.h>
3473. -#include <windows.h>
3474. -#define STATIC
3475. -#define INLINE __inline
3476. -#if !defined(RDATA_ALIGN16)
3477. -#define RDATA_ALIGN16 __declspec(align(16))
3478. -#endif
3479. -#elif defined(__MINGW32__)
3480. -#include <intrin.h>
3481. -#include <windows.h>
3482. -#define STATIC static
3483. -#define INLINE inline
3484. -#if !defined(RDATA_ALIGN16)
3485. -#define RDATA_ALIGN16 __attribute__ ((aligned(16)))
3486. -#endif
3487. -#else
3488. -#include <wmmintrin.h>
3489. -#include <sys/mman.h>
3490. -#define STATIC static
3491. -#define INLINE inline
3492. -#if !defined(RDATA_ALIGN16)
3493. -#define RDATA_ALIGN16 __attribute__ ((aligned(16)))
3494. -#endif
3495. -#endif
3496. -
3497. -#if defined(__INTEL_COMPILER)
3498. -#define ASM __asm__
3499. -#elif !defined(_MSC_VER)
3500. -#define ASM __asm__
3501. -#else
3502. -#define ASM __asm
3503. -#endif
3504. -
3505. -#define TOTALBLOCKS (MEMORY / AES_BLOCK_SIZE)
3506. -
3507. -#define U64(x) ((uint64_t *) (x))
3508. -#define R128(x) ((__m128i *) (x))
3509. -
3510. -#define state_index(x) (((*((uint64_t *)x) >> 4) & (TOTALBLOCKS - 1)) << 4)
3511. -#if defined(_MSC_VER)
3512. -#if !defined(_WIN64)
3513. -#define __mul() lo = mul128(c[0], b[0], &hi);
3514. -#else
3515. -#define __mul() lo = _umul128(c[0], b[0], &hi);
3516. -#endif
3517. -#else
3518. -#if defined(__x86_64__)
3519. -#define __mul() ASM("mulq %3\n\t" : "=d"(hi), "=a"(lo) : "%a" (c[0]), "rm" (b[0]) : "cc");
3520. -#else
3521. -#define __mul() lo = mul128(c[0], b[0], &hi);
3522. -#endif
3523. -#endif
3524. -
3525. -#define pre_aes() \
3526. - j = state_index(a); \
3527. - _c = _mm_load_si128(R128(&hp_state[j])); \
3528. - _a = _mm_load_si128(R128(a)); \
3529. -
3530. -/*
3531. - * An SSE-optimized implementation of the second half of CryptoNight step 3.
3532. - * After using AES to mix a scratchpad value into _c (done by the caller),
3533. - * this macro xors it with _b and stores the result back to the same index (j) that it
3534. - * loaded the scratchpad value from. It then performs a second random memory
3535. - * read/write from the scratchpad, but this time mixes the values using a 64
3536. - * bit multiply.
3537. - * This code is based upon an optimized implementation by dga.
3538. - */
3539. -#define post_aes() \
3540. - _mm_store_si128(R128(c), _c); \
3541. - _b = _mm_xor_si128(_b, _c); \
3542. - _mm_store_si128(R128(&hp_state[j]), _b); \
3543. - j = state_index(c); \
3544. - p = U64(&hp_state[j]); \
3545. - b[0] = p[0]; b[1] = p[1]; \
3546. - __mul(); \
3547. - a[0] += hi; a[1] += lo; \
3548. - p = U64(&hp_state[j]); \
3549. - p[0] = a[0]; p[1] = a[1]; \
3550. - a[0] ^= b[0]; a[1] ^= b[1]; \
3551. - _b = _c; \
3552. -
3553. -#if defined(_MSC_VER)
3554. -#define THREADV __declspec(thread)
3555. -#else
3556. -#define THREADV __thread
3557. -#endif
3558. -
3559. -extern int aesb_single_round(const uint8_t *in, uint8_t*out, const uint8_t *expandedKey);
3560. -extern int aesb_pseudo_round(const uint8_t *in, uint8_t *out, const uint8_t *expandedKey);
3561. -
3562. -#pragma pack(push, 1)
3563. -union cn_slow_hash_state
3564. -{
3565. - union hash_state hs;
3566. - struct
3567. - {
3568. - uint8_t k[64];
3569. - uint8_t init[INIT_SIZE_BYTE];
3570. - };
3571. -};
3572. -#pragma pack(pop)
3573. -
3574. -THREADV uint8_t *hp_state = NULL;
3575. -THREADV int hp_allocated = 0;
3576. -
3577. -#if defined(_MSC_VER)
3578. -#define cpuid(info,x) __cpuidex(info,x,0)
3579. -#else
3580. -void cpuid(int CPUInfo[4], int InfoType)
3581. -{
3582. - ASM __volatile__
3583. - (
3584. - "cpuid":
3585. - "=a" (CPUInfo[0]),
3586. - "=b" (CPUInfo[1]),
3587. - "=c" (CPUInfo[2]),
3588. - "=d" (CPUInfo[3]) :
3589. - "a" (InfoType), "c" (0)
3590. - );
3591. -}
3592. -#endif
3593. -
3594. -/**
3595. - * @brief a = (a xor b), where a and b point to 128 bit values
3596. - */
3597. -
3598. -STATIC INLINE void xor_blocks(uint8_t *a, const uint8_t *b)
3599. -{
3600. - U64(a)[0] ^= U64(b)[0];
3601. - U64(a)[1] ^= U64(b)[1];
3602. -}
3603. -
3604. -/**
3605. - * @brief uses cpuid to determine if the CPU supports the AES instructions
3606. - * @return true if the CPU supports AES, false otherwise
3607. - */
3608. -
3609. -STATIC INLINE int force_software_aes(void)
3610. -{
3611. - static int use = -1;
3612. -
3613. - if (use != -1)
3614. - return use;
3615. -
3616. - const char *env = getenv("MONERO_USE_SOFTWARE_AES");
3617. - if (!env) {
3618. - use = 0;
3619. - }
3620. - else if (!strcmp(env, "0") || !strcmp(env, "no")) {
3621. - use = 0;
3622. - }
3623. - else {
3624. - use = 1;
3625. - }
3626. - return use;
3627. -}
3628. -
3629. -STATIC INLINE int check_aes_hw(void)
3630. -{
3631. - int cpuid_results[4];
3632. - static int supported = -1;
3633. -
3634. - if(supported >= 0)
3635. - return supported;
3636. -
3637. - cpuid(cpuid_results,1);
3638. - return supported = cpuid_results[2] & (1 << 25);
3639. -}
3640. -
3641. -STATIC INLINE void aes_256_assist1(__m128i* t1, __m128i * t2)
3642. -{
3643. - __m128i t4;
3644. - *t2 = _mm_shuffle_epi32(*t2, 0xff);
3645. - t4 = _mm_slli_si128(*t1, 0x04);
3646. - *t1 = _mm_xor_si128(*t1, t4);
3647. - t4 = _mm_slli_si128(t4, 0x04);
3648. - *t1 = _mm_xor_si128(*t1, t4);
3649. - t4 = _mm_slli_si128(t4, 0x04);
3650. - *t1 = _mm_xor_si128(*t1, t4);
3651. - *t1 = _mm_xor_si128(*t1, *t2);
3652. -}
3653. -
3654. -STATIC INLINE void aes_256_assist2(__m128i* t1, __m128i * t3)
3655. -{
3656. - __m128i t2, t4;
3657. - t4 = _mm_aeskeygenassist_si128(*t1, 0x00);
3658. - t2 = _mm_shuffle_epi32(t4, 0xaa);
3659. - t4 = _mm_slli_si128(*t3, 0x04);
3660. - *t3 = _mm_xor_si128(*t3, t4);
3661. - t4 = _mm_slli_si128(t4, 0x04);
3662. - *t3 = _mm_xor_si128(*t3, t4);
3663. - t4 = _mm_slli_si128(t4, 0x04);
3664. - *t3 = _mm_xor_si128(*t3, t4);
3665. - *t3 = _mm_xor_si128(*t3, t2);
3666. -}
3667. -
3668. -/**
3669. - * @brief expands 'key' into a form it can be used for AES encryption.
3670. - *
3671. - * This is an SSE-optimized implementation of AES key schedule generation. It
3672. - * expands the key into multiple round keys, each of which is used in one round
3673. - * of the AES encryption used to fill (and later, extract randomness from)
3674. - * the large 2MB buffer. Note that CryptoNight does not use a completely
3675. - * standard AES encryption for its buffer expansion, so do not copy this
3676. - * function outside of Monero without caution! This version uses the hardware
3677. - * AESKEYGENASSIST instruction to speed key generation, and thus requires
3678. - * CPU AES support.
3679. - * For more information about these functions, see page 19 of Intel's AES instructions
3680. - * white paper:
3681. - * http://www.intel.com/content/dam/www/public/us/en/documents/white-papers/aes-instructions-set-white-paper.pdf
3682. - *
3683. - * @param key the input 128 bit key
3684. - * @param expandedKey An output buffer to hold the generated key schedule
3685. - */
3686. -
3687. -STATIC INLINE void aes_expand_key(const uint8_t *key, uint8_t *expandedKey)
3688. -{
3689. - __m128i *ek = R128(expandedKey);
3690. - __m128i t1, t2, t3;
3691. -
3692. - t1 = _mm_loadu_si128(R128(key));
3693. - t3 = _mm_loadu_si128(R128(key + 16));
3694. -
3695. - ek[0] = t1;
3696. - ek[1] = t3;
3697. -
3698. - t2 = _mm_aeskeygenassist_si128(t3, 0x01);
3699. - aes_256_assist1(&t1, &t2);
3700. - ek[2] = t1;
3701. - aes_256_assist2(&t1, &t3);
3702. - ek[3] = t3;
3703. -
3704. - t2 = _mm_aeskeygenassist_si128(t3, 0x02);
3705. - aes_256_assist1(&t1, &t2);
3706. - ek[4] = t1;
3707. - aes_256_assist2(&t1, &t3);
3708. - ek[5] = t3;
3709. -
3710. - t2 = _mm_aeskeygenassist_si128(t3, 0x04);
3711. - aes_256_assist1(&t1, &t2);
3712. - ek[6] = t1;
3713. - aes_256_assist2(&t1, &t3);
3714. - ek[7] = t3;
3715. -
3716. - t2 = _mm_aeskeygenassist_si128(t3, 0x08);
3717. - aes_256_assist1(&t1, &t2);
3718. - ek[8] = t1;
3719. - aes_256_assist2(&t1, &t3);
3720. - ek[9] = t3;
3721. -
3722. - t2 = _mm_aeskeygenassist_si128(t3, 0x10);
3723. - aes_256_assist1(&t1, &t2);
3724. - ek[10] = t1;
3725. -}
3726. -
3727. -/**
3728. - * @brief a "pseudo" round of AES (similar to but slightly different from normal AES encryption)
3729. - *
3730. - * To fill its 2MB scratch buffer, CryptoNight uses a nonstandard implementation
3731. - * of AES encryption: It applies 10 rounds of the basic AES encryption operation
3732. - * to an input 128 bit chunk of data <in>. Unlike normal AES, however, this is
3733. - * all it does; it does not perform the initial AddRoundKey step (this is done
3734. - * in subsequent steps by aesenc_si128), and it does not use the simpler final round.
3735. - * Hence, this is a "pseudo" round - though the function actually implements 10 rounds together.
3736. - *
3737. - * Note that unlike aesb_pseudo_round, this function works on multiple data chunks.
3738. - *
3739. - * @param in a pointer to nblocks * 128 bits of data to be encrypted
3740. - * @param out a pointer to an nblocks * 128 bit buffer where the output will be stored
3741. - * @param expandedKey the expanded AES key
3742. - * @param nblocks the number of 128 blocks of data to be encrypted
3743. - */
3744. -
3745. -STATIC INLINE void aes_pseudo_round(const uint8_t *in, uint8_t *out,
3746. - const uint8_t *expandedKey, int nblocks)
3747. -{
3748. - __m128i *k = R128(expandedKey);
3749. - __m128i d;
3750. - int i;
3751. -
3752. - for(i = 0; i < nblocks; i++)
3753. - {
3754. - d = _mm_loadu_si128(R128(in + i * AES_BLOCK_SIZE));
3755. - d = _mm_aesenc_si128(d, *R128(&k[0]));
3756. - d = _mm_aesenc_si128(d, *R128(&k[1]));
3757. - d = _mm_aesenc_si128(d, *R128(&k[2]));
3758. - d = _mm_aesenc_si128(d, *R128(&k[3]));
3759. - d = _mm_aesenc_si128(d, *R128(&k[4]));
3760. - d = _mm_aesenc_si128(d, *R128(&k[5]));
3761. - d = _mm_aesenc_si128(d, *R128(&k[6]));
3762. - d = _mm_aesenc_si128(d, *R128(&k[7]));
3763. - d = _mm_aesenc_si128(d, *R128(&k[8]));
3764. - d = _mm_aesenc_si128(d, *R128(&k[9]));
3765. - _mm_storeu_si128((R128(out + i * AES_BLOCK_SIZE)), d);
3766. - }
3767. -}
3768. -
3769. -/**
3770. - * @brief aes_pseudo_round that loads data from *in and xors it with *xor first
3771. - *
3772. - * This function performs the same operations as aes_pseudo_round, but before
3773. - * performing the encryption of each 128 bit block from <in>, it xors
3774. - * it with the corresponding block from <xor>.
3775. - *
3776. - * @param in a pointer to nblocks * 128 bits of data to be encrypted
3777. - * @param out a pointer to an nblocks * 128 bit buffer where the output will be stored
3778. - * @param expandedKey the expanded AES key
3779. - * @param xor a pointer to an nblocks * 128 bit buffer that is xored into in before encryption (in is left unmodified)
3780. - * @param nblocks the number of 128 blocks of data to be encrypted
3781. - */
3782. -
3783. -STATIC INLINE void aes_pseudo_round_xor(const uint8_t *in, uint8_t *out,
3784. - const uint8_t *expandedKey, const uint8_t *xor, int nblocks)
3785. -{
3786. - __m128i *k = R128(expandedKey);
3787. - __m128i *x = R128(xor);
3788. - __m128i d;
3789. - int i;
3790. -
3791. - for(i = 0; i < nblocks; i++)
3792. - {
3793. - d = _mm_loadu_si128(R128(in + i * AES_BLOCK_SIZE));
3794. - d = _mm_xor_si128(d, *R128(x++));
3795. - d = _mm_aesenc_si128(d, *R128(&k[0]));
3796. - d = _mm_aesenc_si128(d, *R128(&k[1]));
3797. - d = _mm_aesenc_si128(d, *R128(&k[2]));
3798. - d = _mm_aesenc_si128(d, *R128(&k[3]));
3799. - d = _mm_aesenc_si128(d, *R128(&k[4]));
3800. - d = _mm_aesenc_si128(d, *R128(&k[5]));
3801. - d = _mm_aesenc_si128(d, *R128(&k[6]));
3802. - d = _mm_aesenc_si128(d, *R128(&k[7]));
3803. - d = _mm_aesenc_si128(d, *R128(&k[8]));
3804. - d = _mm_aesenc_si128(d, *R128(&k[9]));
3805. - _mm_storeu_si128((R128(out + i * AES_BLOCK_SIZE)), d);
3806. - }
3807. -}
3808. -
3809. -#if defined(_MSC_VER) || defined(__MINGW32__)
3810. -BOOL SetLockPagesPrivilege(HANDLE hProcess, BOOL bEnable)
3811. -{
3812. - struct
3813. - {
3814. - DWORD count;
3815. - LUID_AND_ATTRIBUTES privilege[1];
3816. - } info;
3817. -
3818. - HANDLE token;
3819. - if(!OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES, &token))
3820. - return FALSE;
3821. -
3822. - info.count = 1;
3823. - info.privilege[0].Attributes = bEnable ? SE_PRIVILEGE_ENABLED : 0;
3824. -
3825. - if(!LookupPrivilegeValue(NULL, SE_LOCK_MEMORY_NAME, &(info.privilege[0].Luid)))
3826. - return FALSE;
3827. -
3828. - if(!AdjustTokenPrivileges(token, FALSE, (PTOKEN_PRIVILEGES) &info, 0, NULL, NULL))
3829. - return FALSE;
3830. -
3831. - if (GetLastError() != ERROR_SUCCESS)
3832. - return FALSE;
3833. -
3834. - CloseHandle(token);
3835. -
3836. - return TRUE;
3837. -
3838. -}
3839. -#endif
3840. -
3841. -/**
3842. - * @brief allocate the 2MB scratch buffer using OS support for huge pages, if available
3843. - *
3844. - * This function tries to allocate the 2MB scratch buffer using a single
3845. - * 2MB "huge page" (instead of the usual 4KB page sizes) to reduce TLB misses
3846. - * during the random accesses to the scratch buffer. This is one of the
3847. - * important speed optimizations needed to make CryptoNight faster.
3848. - *
3849. - * No parameters. Updates a thread-local pointer, hp_state, to point to
3850. - * the allocated buffer.
3851. - */
3852. -
3853. -void slow_hash_allocate_state(void)
3854. -{
3855. - if(hp_state != NULL)
3856. - return;
3857. -
3858. -#if defined(_MSC_VER) || defined(__MINGW32__)
3859. - SetLockPagesPrivilege(GetCurrentProcess(), TRUE);
3860. - hp_state = (uint8_t *) VirtualAlloc(hp_state, MEMORY, MEM_LARGE_PAGES |
3861. - MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
3862. -#else
3863. -#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__)
3864. - hp_state = mmap(0, MEMORY, PROT_READ | PROT_WRITE,
3865. - MAP_PRIVATE | MAP_ANON, 0, 0);
3866. -#else
3867. - hp_state = mmap(0, MEMORY, PROT_READ | PROT_WRITE,
3868. - MAP_PRIVATE | MAP_ANONYMOUS | MAP_HUGETLB, 0, 0);
3869. -#endif
3870. - if(hp_state == MAP_FAILED)
3871. - hp_state = NULL;
3872. -#endif
3873. - hp_allocated = 1;
3874. - if(hp_state == NULL)
3875. - {
3876. - hp_allocated = 0;
3877. - hp_state = (uint8_t *) malloc(MEMORY);
3878. - }
3879. -}
3880. -
3881. -/**
3882. - *@brief frees the state allocated by slow_hash_allocate_state
3883. - */
3884. -
3885. -void slow_hash_free_state(void)
3886. -{
3887. - if(hp_state == NULL)
3888. - return;
3889. -
3890. - if(!hp_allocated)
3891. - free(hp_state);
3892. - else
3893. - {
3894. -#if defined(_MSC_VER) || defined(__MINGW32__)
3895. - VirtualFree(hp_state, MEMORY, MEM_RELEASE);
3896. -#else
3897. - munmap(hp_state, MEMORY);
3898. -#endif
3899. - }
3900. -
3901. - hp_state = NULL;
3902. - hp_allocated = 0;
3903. -}
3904. -
3905. -/**
3906. - * @brief the hash function implementing CryptoNight, used for the Monero proof-of-work
3907. - *
3908. - * Computes the hash of <data> (which consists of <length> bytes), returning the
3909. - * hash in <hash>. The CryptoNight hash operates by first using Keccak 1600,
3910. - * the 1600 bit variant of the Keccak hash used in SHA-3, to create a 200 byte
3911. - * buffer of pseudorandom data by hashing the supplied data. It then uses this
3912. - * random data to fill a large 2MB buffer with pseudorandom data by iteratively
3913. - * encrypting it using 10 rounds of AES per entry. After this initialization,
3914. - * it executes 500,000 rounds of mixing through the random 2MB buffer using
3915. - * AES (typically provided in hardware on modern CPUs) and a 64 bit multiply.
3916. - * Finally, it re-mixes this large buffer back into
3917. - * the 200 byte "text" buffer, and then hashes this buffer using one of four
3918. - * pseudorandomly selected hash functions (Blake, Groestl, JH, or Skein)
3919. - * to populate the output.
3920. - *
3921. - * The 2MB buffer and choice of functions for mixing are designed to make the
3922. - * algorithm "CPU-friendly" (and thus, reduce the advantage of GPU, FPGA,
3923. - * or ASIC-based implementations): the functions used are fast on modern
3924. - * CPUs, and the 2MB size matches the typical amount of L3 cache available per
3925. - * core on 2013-era CPUs. When available, this implementation will use hardware
3926. - * AES support on x86 CPUs.
3927. - *
3928. - * A diagram of the inner loop of this function can be found at
3929. - * http://www.cs.cmu.edu/~dga/crypto/xmr/cryptonight.png
3930. - *
3931. - * @param data the data to hash
3932. - * @param length the length in bytes of the data
3933. - * @param hash a pointer to a buffer in which the final 256 bit hash will be stored
3934. - */
3935. -
3936. -void cn_slow_hash(const void *data, size_t length, char *hash)
3937. -{
3938. - RDATA_ALIGN16 uint8_t expandedKey[240]; /* These buffers are aligned to use later with SSE functions */
3939. -
3940. - uint8_t text[INIT_SIZE_BYTE];
3941. - RDATA_ALIGN16 uint64_t a[2];
3942. - RDATA_ALIGN16 uint64_t b[2];
3943. - RDATA_ALIGN16 uint64_t c[2];
3944. - union cn_slow_hash_state state;
3945. - __m128i _a, _b, _c;
3946. - uint64_t hi, lo;
3947. -
3948. - size_t i, j;
3949. - uint64_t *p = NULL;
3950. - oaes_ctx *aes_ctx = NULL;
3951. - int useAes = !force_software_aes() && check_aes_hw();
3952. -
3953. - static void (*const extra_hashes[4])(const void *, size_t, char *) =
3954. - {
3955. - hash_extra_blake, hash_extra_groestl, hash_extra_jh, hash_extra_skein
3956. - };
3957. -
3958. - // this isn't supposed to happen, but guard against it for now.
3959. - if(hp_state == NULL)
3960. - slow_hash_allocate_state();
3961. -
3962. - /* CryptoNight Step 1: Use Keccak1600 to initialize the 'state' (and 'text') buffers from the data. */
3963. -
3964. - hash_process(&state.hs, data, length);
3965. - memcpy(text, state.init, INIT_SIZE_BYTE);
3966. -
3967. - /* CryptoNight Step 2: Iteratively encrypt the results from Keccak to fill
3968. - * the 2MB large random access buffer.
3969. - */
3970. -
3971. - if(useAes)
3972. - {
3973. - aes_expand_key(state.hs.b, expandedKey);
3974. - for(i = 0; i < MEMORY / INIT_SIZE_BYTE; i++)
3975. - {
3976. - aes_pseudo_round(text, text, expandedKey, INIT_SIZE_BLK);
3977. - memcpy(&hp_state[i * INIT_SIZE_BYTE], text, INIT_SIZE_BYTE);
3978. - }
3979. - }
3980. - else
3981. - {
3982. - aes_ctx = (oaes_ctx *) oaes_alloc();
3983. - oaes_key_import_data(aes_ctx, state.hs.b, AES_KEY_SIZE);
3984. - for(i = 0; i < MEMORY / INIT_SIZE_BYTE; i++)
3985. - {
3986. - for(j = 0; j < INIT_SIZE_BLK; j++)
3987. - aesb_pseudo_round(&text[AES_BLOCK_SIZE * j], &text[AES_BLOCK_SIZE * j], aes_ctx->key->exp_data);
3988. -
3989. - memcpy(&hp_state[i * INIT_SIZE_BYTE], text, INIT_SIZE_BYTE);
3990. - }
3991. - }
3992. -
3993. - U64(a)[0] = U64(&state.k[0])[0] ^ U64(&state.k[32])[0];
3994. - U64(a)[1] = U64(&state.k[0])[1] ^ U64(&state.k[32])[1];
3995. - U64(b)[0] = U64(&state.k[16])[0] ^ U64(&state.k[48])[0];
3996. - U64(b)[1] = U64(&state.k[16])[1] ^ U64(&state.k[48])[1];
3997. -
3998. - /* CryptoNight Step 3: Bounce randomly 1 million times through the mixing buffer,
3999. - * using 500,000 iterations of the following mixing function. Each execution
4000. - * performs two reads and writes from the mixing buffer.
4001. - */
4002. -
4003. - _b = _mm_load_si128(R128(b));
4004. - // Two independent versions, one with AES, one without, to ensure that
4005. - // the useAes test is only performed once, not every iteration.
4006. - if(useAes)
4007. - {
4008. - for(i = 0; i < ITER / 2; i++)
4009. - {
4010. - pre_aes();
4011. - _c = _mm_aesenc_si128(_c, _a);
4012. - post_aes();
4013. - }
4014. - }
4015. - else
4016. - {
4017. - for(i = 0; i < ITER / 2; i++)
4018. - {
4019. - pre_aes();
4020. - aesb_single_round((uint8_t *) &_c, (uint8_t *) &_c, (uint8_t *) &_a);
4021. - post_aes();
4022. - }
4023. - }
4024. -
4025. - /* CryptoNight Step 4: Sequentially pass through the mixing buffer and use 10 rounds
4026. - * of AES encryption to mix the random data back into the 'text' buffer. 'text'
4027. - * was originally created with the output of Keccak1600. */
4028. -
4029. - memcpy(text, state.init, INIT_SIZE_BYTE);
4030. - if(useAes)
4031. - {
4032. - aes_expand_key(&state.hs.b[32], expandedKey);
4033. - for(i = 0; i < MEMORY / INIT_SIZE_BYTE; i++)
4034. - {
4035. - // add the xor to the pseudo round
4036. - aes_pseudo_round_xor(text, text, expandedKey, &hp_state[i * INIT_SIZE_BYTE], INIT_SIZE_BLK);
4037. - }
4038. - }
4039. - else
4040. - {
4041. - oaes_key_import_data(aes_ctx, &state.hs.b[32], AES_KEY_SIZE);
4042. - for(i = 0; i < MEMORY / INIT_SIZE_BYTE; i++)
4043. - {
4044. - for(j = 0; j < INIT_SIZE_BLK; j++)
4045. - {
4046. - xor_blocks(&text[j * AES_BLOCK_SIZE], &hp_state[i * INIT_SIZE_BYTE + j * AES_BLOCK_SIZE]);
4047. - aesb_pseudo_round(&text[AES_BLOCK_SIZE * j], &text[AES_BLOCK_SIZE * j], aes_ctx->key->exp_data);
4048. - }
4049. - }
4050. - oaes_free((OAES_CTX **) &aes_ctx);
4051. - }
4052. -
4053. - /* CryptoNight Step 5: Apply Keccak to the state again, and then
4054. - * use the resulting data to select which of four finalizer
4055. - * hash functions to apply to the data (Blake, Groestl, JH, or Skein).
4056. - * Use this hash to squeeze the state array down
4057. - * to the final 256 bit hash output.
4058. - */
4059. -
4060. - memcpy(state.init, text, INIT_SIZE_BYTE);
4061. - hash_permutation(&state.hs);
4062. - extra_hashes[state.hs.b[0] & 3](&state, 200, hash);
4063. -}
4064. -
4065. -#elif defined(__arm__) || defined(__aarch64__)
4066. -void slow_hash_allocate_state(void)
4067. -{
4068. - // Do nothing, this is just to maintain compatibility with the upgraded slow-hash.c
4069. - return;
4070. -}
4071. -
4072. -void slow_hash_free_state(void)
4073. -{
4074. - // As above
4075. - return;
4076. -}
4077. -
4078. -#if defined(__GNUC__)
4079. -#define RDATA_ALIGN16 __attribute__ ((aligned(16)))
4080. -#define STATIC static
4081. -#define INLINE inline
4082. -#else
4083. -#define RDATA_ALIGN16
4084. -#define STATIC static
4085. -#define INLINE
4086. -#endif
4087. -
4088. -#define U64(x) ((uint64_t *) (x))
4089. -
4090. -#pragma pack(push, 1)
4091. -union cn_slow_hash_state
4092. -{
4093. - union hash_state hs;
4094. - struct
4095. - {
4096. - uint8_t k[64];
4097. - uint8_t init[INIT_SIZE_BYTE];
4098. - };
4099. -};
4100. -#pragma pack(pop)
4101. -
4102. -#if defined(__aarch64__) && defined(__ARM_FEATURE_CRYPTO)
4103. -
4104. -/* ARMv8-A optimized with NEON and AES instructions.
4105. - * Copied from the x86-64 AES-NI implementation. It has much the same
4106. - * characteristics as x86-64: there's no 64x64=128 multiplier for vectors,
4107. - * and moving between vector and regular registers stalls the pipeline.
4108. - */
4109. -#include <arm_neon.h>
4110. -
4111. -#define TOTALBLOCKS (MEMORY / AES_BLOCK_SIZE)
4112. -
4113. -#define state_index(x) (((*((uint64_t *)x) >> 4) & (TOTALBLOCKS - 1)) << 4)
4114. -#define __mul() __asm__("mul %0, %1, %2\n\t" : "=r"(lo) : "r"(c[0]), "r"(b[0]) ); \
4115. - __asm__("umulh %0, %1, %2\n\t" : "=r"(hi) : "r"(c[0]), "r"(b[0]) );
4116. -
4117. -#define pre_aes() \
4118. - j = state_index(a); \
4119. - _c = vld1q_u8(&hp_state[j]); \
4120. - _a = vld1q_u8((const uint8_t *)a); \
4121. -
4122. -#define post_aes() \
4123. - vst1q_u8((uint8_t *)c, _c); \
4124. - _b = veorq_u8(_b, _c); \
4125. - vst1q_u8(&hp_state[j], _b); \
4126. - j = state_index(c); \
4127. - p = U64(&hp_state[j]); \
4128. - b[0] = p[0]; b[1] = p[1]; \
4129. - __mul(); \
4130. - a[0] += hi; a[1] += lo; \
4131. - p = U64(&hp_state[j]); \
4132. - p[0] = a[0]; p[1] = a[1]; \
4133. - a[0] ^= b[0]; a[1] ^= b[1]; \
4134. - _b = _c; \
4135. -
4136. -
4137. -/* Note: this was based on a standard 256bit key schedule but
4138. - * it's been shortened since Cryptonight doesn't use the full
4139. - * key schedule. Don't try to use this for vanilla AES.
4140. -*/
4141. -static void aes_expand_key(const uint8_t *key, uint8_t *expandedKey) {
4142. -__asm__("mov x2, %1\n\t" : : "r"(key), "r"(expandedKey));
4143. -__asm__(
4144. -" adr x3,Lrcon\n"
4145. -"\n"
4146. -" eor v0.16b,v0.16b,v0.16b\n"
4147. -" ld1 {v3.16b},[x0],#16\n"
4148. -" ld1 {v1.4s,v2.4s},[x3],#32\n"
4149. -" b L256\n"
4150. -".align 5\n"
4151. -"Lrcon:\n"
4152. -".long 0x01,0x01,0x01,0x01\n"
4153. -".long 0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d // rotate-n-splat\n"
4154. -".long 0x1b,0x1b,0x1b,0x1b\n"
4155. -"\n"
4156. -".align 4\n"
4157. -"L256:\n"
4158. -" ld1 {v4.16b},[x0]\n"
4159. -" mov w1,#5\n"
4160. -" st1 {v3.4s},[x2],#16\n"
4161. -"\n"
4162. -"Loop256:\n"
4163. -" tbl v6.16b,{v4.16b},v2.16b\n"
4164. -" ext v5.16b,v0.16b,v3.16b,#12\n"
4165. -" st1 {v4.4s},[x2],#16\n"
4166. -" aese v6.16b,v0.16b\n"
4167. -" subs w1,w1,#1\n"
4168. -"\n"
4169. -" eor v3.16b,v3.16b,v5.16b\n"
4170. -" ext v5.16b,v0.16b,v5.16b,#12\n"
4171. -" eor v3.16b,v3.16b,v5.16b\n"
4172. -" ext v5.16b,v0.16b,v5.16b,#12\n"
4173. -" eor v6.16b,v6.16b,v1.16b\n"
4174. -" eor v3.16b,v3.16b,v5.16b\n"
4175. -" shl v1.16b,v1.16b,#1\n"
4176. -" eor v3.16b,v3.16b,v6.16b\n"
4177. -" st1 {v3.4s},[x2],#16\n"
4178. -" b.eq Ldone\n"
4179. -"\n"
4180. -" dup v6.4s,v3.s[3] // just splat\n"
4181. -" ext v5.16b,v0.16b,v4.16b,#12\n"
4182. -" aese v6.16b,v0.16b\n"
4183. -"\n"
4184. -" eor v4.16b,v4.16b,v5.16b\n"
4185. -" ext v5.16b,v0.16b,v5.16b,#12\n"
4186. -" eor v4.16b,v4.16b,v5.16b\n"
4187. -" ext v5.16b,v0.16b,v5.16b,#12\n"
4188. -" eor v4.16b,v4.16b,v5.16b\n"
4189. -"\n"
4190. -" eor v4.16b,v4.16b,v6.16b\n"
4191. -" b Loop256\n"
4192. -"\n"
4193. -"Ldone:\n");
4194. -}
4195. -
4196. -/* An ordinary AES round is a sequence of SubBytes, ShiftRows, MixColumns, AddRoundKey. There
4197. - * is also an InitialRound which consists solely of AddRoundKey. The ARM instructions slice
4198. - * this sequence differently; the aese instruction performs AddRoundKey, SubBytes, ShiftRows.
4199. - * The aesmc instruction does the MixColumns. Since the aese instruction moves the AddRoundKey
4200. - * up front, and Cryptonight's hash skips the InitialRound step, we have to kludge it here by
4201. - * feeding in a vector of zeros for our first step. Also we have to do our own Xor explicitly
4202. - * at the last step, to provide the AddRoundKey that the ARM instructions omit.
4203. - */
4204. -STATIC INLINE void aes_pseudo_round(const uint8_t *in, uint8_t *out, const uint8_t *expandedKey, int nblocks)
4205. -{
4206. - const uint8x16_t *k = (const uint8x16_t *)expandedKey, zero = {0};
4207. - uint8x16_t tmp;
4208. - int i;
4209. -
4210. - for (i=0; i<nblocks; i++)
4211. - {
4212. - uint8x16_t tmp = vld1q_u8(in + i * AES_BLOCK_SIZE);
4213. - tmp = vaeseq_u8(tmp, zero);
4214. - tmp = vaesmcq_u8(tmp);
4215. - tmp = vaeseq_u8(tmp, k[0]);
4216. - tmp = vaesmcq_u8(tmp);
4217. - tmp = vaeseq_u8(tmp, k[1]);
4218. - tmp = vaesmcq_u8(tmp);
4219. - tmp = vaeseq_u8(tmp, k[2]);
4220. - tmp = vaesmcq_u8(tmp);
4221. - tmp = vaeseq_u8(tmp, k[3]);
4222. - tmp = vaesmcq_u8(tmp);
4223. - tmp = vaeseq_u8(tmp, k[4]);
4224. - tmp = vaesmcq_u8(tmp);
4225. - tmp = vaeseq_u8(tmp, k[5]);
4226. - tmp = vaesmcq_u8(tmp);
4227. - tmp = vaeseq_u8(tmp, k[6]);
4228. - tmp = vaesmcq_u8(tmp);
4229. - tmp = vaeseq_u8(tmp, k[7]);
4230. - tmp = vaesmcq_u8(tmp);
4231. - tmp = vaeseq_u8(tmp, k[8]);
4232. - tmp = vaesmcq_u8(tmp);
4233. - tmp = veorq_u8(tmp, k[9]);
4234. - vst1q_u8(out + i * AES_BLOCK_SIZE, tmp);
4235. - }
4236. -}
4237. -
4238. -STATIC INLINE void aes_pseudo_round_xor(const uint8_t *in, uint8_t *out, const uint8_t *expandedKey, const uint8_t *xor, int nblocks)
4239. -{
4240. - const uint8x16_t *k = (const uint8x16_t *)expandedKey;
4241. - const uint8x16_t *x = (const uint8x16_t *)xor;
4242. - uint8x16_t tmp;
4243. - int i;
4244. -
4245. - for (i=0; i<nblocks; i++)
4246. - {
4247. - uint8x16_t tmp = vld1q_u8(in + i * AES_BLOCK_SIZE);
4248. - tmp = vaeseq_u8(tmp, x[i]);
4249. - tmp = vaesmcq_u8(tmp);
4250. - tmp = vaeseq_u8(tmp, k[0]);
4251. - tmp = vaesmcq_u8(tmp);
4252. - tmp = vaeseq_u8(tmp, k[1]);
4253. - tmp = vaesmcq_u8(tmp);
4254. - tmp = vaeseq_u8(tmp, k[2]);
4255. - tmp = vaesmcq_u8(tmp);
4256. - tmp = vaeseq_u8(tmp, k[3]);
4257. - tmp = vaesmcq_u8(tmp);
4258. - tmp = vaeseq_u8(tmp, k[4]);
4259. - tmp = vaesmcq_u8(tmp);
4260. - tmp = vaeseq_u8(tmp, k[5]);
4261. - tmp = vaesmcq_u8(tmp);
4262. - tmp = vaeseq_u8(tmp, k[6]);
4263. - tmp = vaesmcq_u8(tmp);
4264. - tmp = vaeseq_u8(tmp, k[7]);
4265. - tmp = vaesmcq_u8(tmp);
4266. - tmp = vaeseq_u8(tmp, k[8]);
4267. - tmp = vaesmcq_u8(tmp);
4268. - tmp = veorq_u8(tmp, k[9]);
4269. - vst1q_u8(out + i * AES_BLOCK_SIZE, tmp);
4270. - }
4271. -}
4272. -
4273. -void cn_slow_hash(const void *data, size_t length, char *hash)
4274. -{
4275. - RDATA_ALIGN16 uint8_t expandedKey[240];
4276. - RDATA_ALIGN16 uint8_t hp_state[MEMORY];
4277. -
4278. - uint8_t text[INIT_SIZE_BYTE];
4279. - RDATA_ALIGN16 uint64_t a[2];
4280. - RDATA_ALIGN16 uint64_t b[2];
4281. - RDATA_ALIGN16 uint64_t c[2];
4282. - union cn_slow_hash_state state;
4283. - uint8x16_t _a, _b, _c, zero = {0};
4284. - uint64_t hi, lo;
4285. -
4286. - size_t i, j;
4287. - uint64_t *p = NULL;
4288. -
4289. - static void (*const extra_hashes[4])(const void *, size_t, char *) =
4290. - {
4291. - hash_extra_blake, hash_extra_groestl, hash_extra_jh, hash_extra_skein
4292. - };
4293. -
4294. - /* CryptoNight Step 1: Use Keccak1600 to initialize the 'state' (and 'text') buffers from the data. */
4295. -
4296. - hash_process(&state.hs, data, length);
4297. - memcpy(text, state.init, INIT_SIZE_BYTE);
4298. -
4299. - /* CryptoNight Step 2: Iteratively encrypt the results from Keccak to fill
4300. - * the 2MB large random access buffer.
4301. - */
4302. -
4303. - aes_expand_key(state.hs.b, expandedKey);
4304. - for(i = 0; i < MEMORY / INIT_SIZE_BYTE; i++)
4305. - {
4306. - aes_pseudo_round(text, text, expandedKey, INIT_SIZE_BLK);
4307. - memcpy(&hp_state[i * INIT_SIZE_BYTE], text, INIT_SIZE_BYTE);
4308. - }
4309. -
4310. - U64(a)[0] = U64(&state.k[0])[0] ^ U64(&state.k[32])[0];
4311. - U64(a)[1] = U64(&state.k[0])[1] ^ U64(&state.k[32])[1];
4312. - U64(b)[0] = U64(&state.k[16])[0] ^ U64(&state.k[48])[0];
4313. - U64(b)[1] = U64(&state.k[16])[1] ^ U64(&state.k[48])[1];
4314. -
4315. - /* CryptoNight Step 3: Bounce randomly 1 million times through the mixing buffer,
4316. - * using 500,000 iterations of the following mixing function. Each execution
4317. - * performs two reads and writes from the mixing buffer.
4318. - */
4319. -
4320. - _b = vld1q_u8((const uint8_t *)b);
4321. -
4322. -
4323. - for(i = 0; i < ITER / 2; i++)
4324. - {
4325. - pre_aes();
4326. - _c = vaeseq_u8(_c, zero);
4327. - _c = vaesmcq_u8(_c);
4328. - _c = veorq_u8(_c, _a);
4329. - post_aes();
4330. - }
4331. -
4332. - /* CryptoNight Step 4: Sequentially pass through the mixing buffer and use 10 rounds
4333. - * of AES encryption to mix the random data back into the 'text' buffer. 'text'
4334. - * was originally created with the output of Keccak1600. */
4335. -
4336. - memcpy(text, state.init, INIT_SIZE_BYTE);
4337. -
4338. - aes_expand_key(&state.hs.b[32], expandedKey);
4339. - for(i = 0; i < MEMORY / INIT_SIZE_BYTE; i++)
4340. - {
4341. - // add the xor to the pseudo round
4342. - aes_pseudo_round_xor(text, text, expandedKey, &hp_state[i * INIT_SIZE_BYTE], INIT_SIZE_BLK);
4343. - }
4344. -
4345. - /* CryptoNight Step 5: Apply Keccak to the state again, and then
4346. - * use the resulting data to select which of four finalizer
4347. - * hash functions to apply to the data (Blake, Groestl, JH, or Skein).
4348. - * Use this hash to squeeze the state array down
4349. - * to the final 256 bit hash output.
4350. - */
4351. -
4352. - memcpy(state.init, text, INIT_SIZE_BYTE);
4353. - hash_permutation(&state.hs);
4354. - extra_hashes[state.hs.b[0] & 3](&state, 200, hash);
4355. -}
4356. -#else /* aarch64 && crypto */
4357. -
4358. -// ND: Some minor optimizations for ARMv7 (raspberrry pi 2), effect seems to be ~40-50% faster.
4359. -// Needs more work.
4360. -
4361. -#ifdef NO_OPTIMIZED_MULTIPLY_ON_ARM
4362. -/* The asm corresponds to this C code */
4363. -#define SHORT uint32_t
4364. -#define LONG uint64_t
4365. -
4366. -void mul(const uint8_t *ca, const uint8_t *cb, uint8_t *cres) {
4367. - const SHORT *aa = (SHORT *)ca;
4368. - const SHORT *bb = (SHORT *)cb;
4369. - SHORT *res = (SHORT *)cres;
4370. - union {
4371. - SHORT tmp[8];
4372. - LONG ltmp[4];
4373. - } t;
4374. - LONG A = aa[1];
4375. - LONG a = aa[0];
4376. - LONG B = bb[1];
4377. - LONG b = bb[0];
4378. -
4379. - // Aa * Bb = ab + aB_ + Ab_ + AB__
4380. - t.ltmp[0] = a * b;
4381. - t.ltmp[1] = a * B;
4382. - t.ltmp[2] = A * b;
4383. - t.ltmp[3] = A * B;
4384. -
4385. - res[2] = t.tmp[0];
4386. - t.ltmp[1] += t.tmp[1];
4387. - t.ltmp[1] += t.tmp[4];
4388. - t.ltmp[3] += t.tmp[3];
4389. - t.ltmp[3] += t.tmp[5];
4390. - res[3] = t.tmp[2];
4391. - res[0] = t.tmp[6];
4392. - res[1] = t.tmp[7];
4393. -}
4394. -#else // !NO_OPTIMIZED_MULTIPLY_ON_ARM
4395. -
4396. -#ifdef __aarch64__ /* ARM64, no crypto */
4397. -#define mul(a, b, c) cn_mul128((const uint64_t *)a, (const uint64_t *)b, (uint64_t *)c)
4398. -STATIC void cn_mul128(const uint64_t *a, const uint64_t *b, uint64_t *r)
4399. -{
4400. - uint64_t lo, hi;
4401. - __asm__("mul %0, %1, %2\n\t" : "=r"(lo) : "r"(a[0]), "r"(b[0]) );
4402. - __asm__("umulh %0, %1, %2\n\t" : "=r"(hi) : "r"(a[0]), "r"(b[0]) );
4403. - r[0] = hi;
4404. - r[1] = lo;
4405. -}
4406. -#else /* ARM32 */
4407. -/* Can work as inline, but actually runs slower. Keep it separate */
4408. -#define mul(a, b, c) cn_mul128((const uint32_t *)a, (const uint32_t *)b, (uint32_t *)c)
4409. -STATIC void cn_mul128(const uint32_t *aa, const uint32_t *bb, uint32_t *r)
4410. -{
4411. - uint32_t t0, t1, t2=0, t3=0;
4412. -__asm__ __volatile__(
4413. - "umull %[t0], %[t1], %[a], %[b]\n\t"
4414. - "str %[t0], %[ll]\n\t"
4415. -
4416. - // accumulating with 0 can never overflow/carry
4417. - "eor %[t0], %[t0]\n\t"
4418. - "umlal %[t1], %[t0], %[a], %[B]\n\t"
4419. -
4420. - "umlal %[t1], %[t2], %[A], %[b]\n\t"
4421. - "str %[t1], %[lh]\n\t"
4422. -
4423. - "umlal %[t0], %[t3], %[A], %[B]\n\t"
4424. -
4425. - // final add may have a carry
4426. - "adds %[t0], %[t0], %[t2]\n\t"
4427. - "adc %[t1], %[t3], #0\n\t"
4428. -
4429. - "str %[t0], %[hl]\n\t"
4430. - "str %[t1], %[hh]\n\t"
4431. - : [t0]"=&r"(t0), [t1]"=&r"(t1), [t2]"+r"(t2), [t3]"+r"(t3), [hl]"=m"(r[0]), [hh]"=m"(r[1]), [ll]"=m"(r[2]), [lh]"=m"(r[3])
4432. - : [A]"r"(aa[1]), [a]"r"(aa[0]), [B]"r"(bb[1]), [b]"r"(bb[0])
4433. - : "cc");
4434. -}
4435. -#endif /* !aarch64 */
4436. -#endif // NO_OPTIMIZED_MULTIPLY_ON_ARM
4437. -
4438. -STATIC INLINE void sum_half_blocks(uint8_t* a, const uint8_t* b)
4439. -{
4440. - uint64_t a0, a1, b0, b1;
4441. - a0 = U64(a)[0];
4442. - a1 = U64(a)[1];
4443. - b0 = U64(b)[0];
4444. - b1 = U64(b)[1];
4445. - a0 += b0;
4446. - a1 += b1;
4447. - U64(a)[0] = a0;
4448. - U64(a)[1] = a1;
4449. -}
4450. -
4451. -STATIC INLINE void swap_blocks(uint8_t *a, uint8_t *b)
4452. -{
4453. - uint64_t t[2];
4454. - U64(t)[0] = U64(a)[0];
4455. - U64(t)[1] = U64(a)[1];
4456. - U64(a)[0] = U64(b)[0];
4457. - U64(a)[1] = U64(b)[1];
4458. - U64(b)[0] = U64(t)[0];
4459. - U64(b)[1] = U64(t)[1];
4460. -}
4461. -
4462. -STATIC INLINE void xor_blocks(uint8_t* a, const uint8_t* b)
4463. -{
4464. - U64(a)[0] ^= U64(b)[0];
4465. - U64(a)[1] ^= U64(b)[1];
4466. -}
4467. -
4468. -void cn_slow_hash(const void *data, size_t length, char *hash)
4469. -{
4470. - uint8_t long_state[MEMORY];
4471. - uint8_t text[INIT_SIZE_BYTE];
4472. - uint8_t a[AES_BLOCK_SIZE];
4473. - uint8_t b[AES_BLOCK_SIZE];
4474. - uint8_t d[AES_BLOCK_SIZE];
4475. - uint8_t aes_key[AES_KEY_SIZE];
4476. - RDATA_ALIGN16 uint8_t expandedKey[256];
4477. -
4478. - union cn_slow_hash_state state;
4479. -
4480. - size_t i, j;
4481. - uint8_t *p = NULL;
4482. - oaes_ctx *aes_ctx;
4483. - static void (*const extra_hashes[4])(const void *, size_t, char *) =
4484. - {
4485. - hash_extra_blake, hash_extra_groestl, hash_extra_jh, hash_extra_skein
4486. - };
4487. -
4488. - hash_process(&state.hs, data, length);
4489. - memcpy(text, state.init, INIT_SIZE_BYTE);
4490. -
4491. - aes_ctx = (oaes_ctx *) oaes_alloc();
4492. - oaes_key_import_data(aes_ctx, state.hs.b, AES_KEY_SIZE);
4493. -
4494. - // use aligned data
4495. - memcpy(expandedKey, aes_ctx->key->exp_data, aes_ctx->key->exp_data_len);
4496. - for(i = 0; i < MEMORY / INIT_SIZE_BYTE; i++)
4497. - {
4498. - for(j = 0; j < INIT_SIZE_BLK; j++)
4499. - aesb_pseudo_round(&text[AES_BLOCK_SIZE * j], &text[AES_BLOCK_SIZE * j], expandedKey);
4500. - memcpy(&long_state[i * INIT_SIZE_BYTE], text, INIT_SIZE_BYTE);
4501. - }
4502. -
4503. - U64(a)[0] = U64(&state.k[0])[0] ^ U64(&state.k[32])[0];
4504. - U64(a)[1] = U64(&state.k[0])[1] ^ U64(&state.k[32])[1];
4505. - U64(b)[0] = U64(&state.k[16])[0] ^ U64(&state.k[48])[0];
4506. - U64(b)[1] = U64(&state.k[16])[1] ^ U64(&state.k[48])[1];
4507. -
4508. - for(i = 0; i < ITER / 2; i++)
4509. - {
4510. - #define MASK ((uint32_t)(((MEMORY / AES_BLOCK_SIZE) - 1) << 4))
4511. - #define state_index(x) ((*(uint32_t *) x) & MASK)
4512. -
4513. - // Iteration 1
4514. - p = &long_state[state_index(a)];
4515. - aesb_single_round(p, p, a);
4516. -
4517. - xor_blocks(b, p);
4518. - swap_blocks(b, p);
4519. - swap_blocks(a, b);
4520. -
4521. - // Iteration 2
4522. - p = &long_state[state_index(a)];
4523. -
4524. - mul(a, p, d);
4525. - sum_half_blocks(b, d);
4526. - swap_blocks(b, p);
4527. - xor_blocks(b, p);
4528. - swap_blocks(a, b);
4529. - }
4530. -
4531. - memcpy(text, state.init, INIT_SIZE_BYTE);
4532. - oaes_key_import_data(aes_ctx, &state.hs.b[32], AES_KEY_SIZE);
4533. - memcpy(expandedKey, aes_ctx->key->exp_data, aes_ctx->key->exp_data_len);
4534. - for(i = 0; i < MEMORY / INIT_SIZE_BYTE; i++)
4535. - {
4536. - for(j = 0; j < INIT_SIZE_BLK; j++)
4537. - {
4538. - xor_blocks(&text[j * AES_BLOCK_SIZE], &long_state[i * INIT_SIZE_BYTE + j * AES_BLOCK_SIZE]);
4539. - aesb_pseudo_round(&text[AES_BLOCK_SIZE * j], &text[AES_BLOCK_SIZE * j], expandedKey);
4540. - }
4541. - }
4542. -
4543. - oaes_free((OAES_CTX **) &aes_ctx);
4544. - memcpy(state.init, text, INIT_SIZE_BYTE);
4545. - hash_permutation(&state.hs);
4546. - extra_hashes[state.hs.b[0] & 3](&state, 200, hash);
4547. -}
4548. -#endif /* !aarch64 || !crypto */
4549. -
4550. -#else
4551. -// Portable implementation as a fallback
4552. -
4553. -void slow_hash_allocate_state(void)
4554. -{
4555. - // Do nothing, this is just to maintain compatibility with the upgraded slow-hash.c
4556. - return;
4557. -}
4558. -
4559. -void slow_hash_free_state(void)
4560. -{
4561. - // As above
4562. - return;
4563. -}
4564. -
4565. -static void (*const extra_hashes[4])(const void *, size_t, char *) = {
4566. - hash_extra_blake, hash_extra_groestl, hash_extra_jh, hash_extra_skein
4567. -};
4568. -
4569. -extern int aesb_single_round(const uint8_t *in, uint8_t*out, const uint8_t *expandedKey);
4570. -extern int aesb_pseudo_round(const uint8_t *in, uint8_t *out, const uint8_t *expandedKey);
4571. -
4572. -static size_t e2i(const uint8_t* a, size_t count) { return (*((uint64_t*)a) / AES_BLOCK_SIZE) & (count - 1); }
4573. -
4574. -static void mul(const uint8_t* a, const uint8_t* b, uint8_t* res) {
4575. - uint64_t a0, b0;
4576. - uint64_t hi, lo;
4577. -
4578. - a0 = SWAP64LE(((uint64_t*)a)[0]);
4579. - b0 = SWAP64LE(((uint64_t*)b)[0]);
4580. - lo = mul128(a0, b0, &hi);
4581. - ((uint64_t*)res)[0] = SWAP64LE(hi);
4582. - ((uint64_t*)res)[1] = SWAP64LE(lo);
4583. -}
4584. -
4585. -static void sum_half_blocks(uint8_t* a, const uint8_t* b) {
4586. - uint64_t a0, a1, b0, b1;
4587. -
4588. - a0 = SWAP64LE(((uint64_t*)a)[0]);
4589. - a1 = SWAP64LE(((uint64_t*)a)[1]);
4590. - b0 = SWAP64LE(((uint64_t*)b)[0]);
4591. - b1 = SWAP64LE(((uint64_t*)b)[1]);
4592. - a0 += b0;
4593. - a1 += b1;
4594. - ((uint64_t*)a)[0] = SWAP64LE(a0);
4595. - ((uint64_t*)a)[1] = SWAP64LE(a1);
4596. -}
4597. -#define U64(x) ((uint64_t *) (x))
4598. -
4599. -static void copy_block(uint8_t* dst, const uint8_t* src) {
4600. - memcpy(dst, src, AES_BLOCK_SIZE);
4601. -}
4602. -
4603. -static void swap_blocks(uint8_t *a, uint8_t *b){
4604. - uint64_t t[2];
4605. - U64(t)[0] = U64(a)[0];
4606. - U64(t)[1] = U64(a)[1];
4607. - U64(a)[0] = U64(b)[0];
4608. - U64(a)[1] = U64(b)[1];
4609. - U64(b)[0] = U64(t)[0];
4610. - U64(b)[1] = U64(t)[1];
4611. -}
4612. -
4613. -static void xor_blocks(uint8_t* a, const uint8_t* b) {
4614. - size_t i;
4615. - for (i = 0; i < AES_BLOCK_SIZE; i++) {
4616. - a[i] ^= b[i];
4617. - }
4618. -}
4619. -
4620. -#pragma pack(push, 1)
4621. -union cn_slow_hash_state {
4622. - union hash_state hs;
4623. - struct {
4624. - uint8_t k[64];
4625. - uint8_t init[INIT_SIZE_BYTE];
4626. - };
4627. -};
4628. -#pragma pack(pop)
4629. -
4630. -void cn_slow_hash(const void *data, size_t length, char *hash) {
4631. - uint8_t long_state[MEMORY];
4632. - union cn_slow_hash_state state;
4633. - uint8_t text[INIT_SIZE_BYTE];
4634. - uint8_t a[AES_BLOCK_SIZE];
4635. - uint8_t b[AES_BLOCK_SIZE];
4636. - uint8_t c[AES_BLOCK_SIZE];
4637. - uint8_t d[AES_BLOCK_SIZE];
4638. - size_t i, j;
4639. - uint8_t aes_key[AES_KEY_SIZE];
4640. - oaes_ctx *aes_ctx;
4641. -
4642. - hash_process(&state.hs, data, length);
4643. - memcpy(text, state.init, INIT_SIZE_BYTE);
4644. - memcpy(aes_key, state.hs.b, AES_KEY_SIZE);
4645. - aes_ctx = (oaes_ctx *) oaes_alloc();
4646. -
4647. - oaes_key_import_data(aes_ctx, aes_key, AES_KEY_SIZE);
4648. - for (i = 0; i < MEMORY / INIT_SIZE_BYTE; i++) {
4649. - for (j = 0; j < INIT_SIZE_BLK; j++) {
4650. - aesb_pseudo_round(&text[AES_BLOCK_SIZE * j], &text[AES_BLOCK_SIZE * j], aes_ctx->key->exp_data);
4651. - }
4652. - memcpy(&long_state[i * INIT_SIZE_BYTE], text, INIT_SIZE_BYTE);
4653. - }
4654. -
4655. - for (i = 0; i < 16; i++) {
4656. - a[i] = state.k[ i] ^ state.k[32 + i];
4657. - b[i] = state.k[16 + i] ^ state.k[48 + i];
4658. - }
4659. -
4660. - for (i = 0; i < ITER / 2; i++) {
4661. - /* Dependency chain: address -> read value ------+
4662. - * written value <-+ hard function (AES or MUL) <+
4663. - * next address <-+
4664. - */
4665. - /* Iteration 1 */
4666. - j = e2i(a, MEMORY / AES_BLOCK_SIZE);
4667. - copy_block(c, &long_state[j * AES_BLOCK_SIZE]);
4668. - aesb_single_round(c, c, a);
4669. - xor_blocks(b, c);
4670. - swap_blocks(b, c);
4671. - copy_block(&long_state[j * AES_BLOCK_SIZE], c);
4672. - assert(j == e2i(a, MEMORY / AES_BLOCK_SIZE));
4673. - swap_blocks(a, b);
4674. - /* Iteration 2 */
4675. - j = e2i(a, MEMORY / AES_BLOCK_SIZE);
4676. - copy_block(c, &long_state[j * AES_BLOCK_SIZE]);
4677. - mul(a, c, d);
4678. - sum_half_blocks(b, d);
4679. - swap_blocks(b, c);
4680. - xor_blocks(b, c);
4681. - copy_block(&long_state[j * AES_BLOCK_SIZE], c);
4682. - assert(j == e2i(a, MEMORY / AES_BLOCK_SIZE));
4683. - swap_blocks(a, b);
4684. - }
4685. -
4686. - memcpy(text, state.init, INIT_SIZE_BYTE);
4687. - oaes_key_import_data(aes_ctx, &state.hs.b[32], AES_KEY_SIZE);
4688. - for (i = 0; i < MEMORY / INIT_SIZE_BYTE; i++) {
4689. - for (j = 0; j < INIT_SIZE_BLK; j++) {
4690. - xor_blocks(&text[j * AES_BLOCK_SIZE], &long_state[i * INIT_SIZE_BYTE + j * AES_BLOCK_SIZE]);
4691. - aesb_pseudo_round(&text[AES_BLOCK_SIZE * j], &text[AES_BLOCK_SIZE * j], aes_ctx->key->exp_data);
4692. - }
4693. - }
4694. - memcpy(state.init, text, INIT_SIZE_BYTE);
4695. - hash_permutation(&state.hs);
4696. - /*memcpy(hash, &state, 32);*/
4697. - extra_hashes[state.hs.b[0] & 3](&state, 200, hash);
4698. - oaes_free((OAES_CTX **) &aes_ctx);
4699. -}
4700. -
4701. -#endif
4702. diff --git "a/c:\\1\\sumokoin/src/cryptonote_core/blockchain.cpp" "b/c:\\1\\2\\sumokoin/src/cryptonote_core/blockchain.cpp"
4703. index d7302df..c1d9b28 100644
4704. --- "a/c:\\1\\sumokoin/src/cryptonote_core/blockchain.cpp"
4705. +++ "b/c:\\1\\2\\sumokoin/src/cryptonote_core/blockchain.cpp"
4706. @@ -69,8 +69,6 @@
4707.  
4708. using namespace cryptonote;
4709. using epee::string_tools::pod_to_hex;
4710. -extern "C" void slow_hash_allocate_state();
4711. -extern "C" void slow_hash_free_state();
4712.  
4713. DISABLE_VS_WARNINGS(4267)
4714.  
4715. @@ -1310,7 +1308,7 @@ bool Blockchain::handle_alternative_block(const block& b, const crypto::hash& id
4716. difficulty_type current_diff = get_next_difficulty_for_alternative_chain(alt_chain, bei);
4717. CHECK_AND_ASSERT_MES(current_diff, false, "!!!!!!! DIFFICULTY OVERHEAD !!!!!!!");
4718. crypto::hash proof_of_work = null_hash;
4719. - get_block_longhash(bei.bl, proof_of_work, bei.height);
4720. + get_block_longhash_v1(bei.bl, m_pow_ctx_v1, proof_of_work);
4721. if(!check_hash(proof_of_work, current_diff))
4722. {
4723. LOG_PRINT_RED_L1("Block with id: " << id << std::endl << " for alternative chain, does not have enough proof of work: " << proof_of_work << std::endl << " expected difficulty: " << current_diff);
4724. @@ -3003,7 +3001,9 @@ leave:
4725. proof_of_work = it->second;
4726. }
4727. else
4728. - proof_of_work = get_block_longhash(bl, m_db->height());
4729. + {
4730. + get_block_longhash_v1(bl, m_pow_ctx_v1, proof_of_work);
4731. + }
4732.  
4733. // validate proof_of_work versus difficulty target
4734. if(!check_hash(proof_of_work, current_diffic))
4735. @@ -3368,10 +3368,9 @@ void Blockchain::set_enforce_dns_checkpoints(bool enforce_checkpoints)
4736. }
4737.  
4738. //------------------------------------------------------------------
4739. -void Blockchain::block_longhash_worker(const uint64_t height, const std::vector<block> &blocks, std::unordered_map<crypto::hash, crypto::hash> &map) const
4740. +void Blockchain::block_longhash_worker(cn_pow_hash_v1& hash_ctx, const std::vector<block> &blocks, std::unordered_map<crypto::hash, crypto::hash> &map)
4741. {
4742. TIME_MEASURE_START(t);
4743. - slow_hash_allocate_state();
4744.  
4745. //FIXME: height should be changing here, as get_block_longhash expects
4746. // the height of the block passed to it
4747. @@ -3380,11 +3379,11 @@ void Blockchain::block_longhash_worker(const uint64_t height, const std::vector<
4748. if (m_cancel)
4749. return;
4750. crypto::hash id = get_block_hash(block);
4751. - crypto::hash pow = get_block_longhash(block, height);
4752. + crypto::hash pow;
4753. + get_block_longhash_v1(block, hash_ctx, pow);
4754. map.emplace(id, pow);
4755. }
4756.  
4757. - slow_hash_free_state();
4758. TIME_MEASURE_FINISH(t);
4759. }
4760.  
4761. @@ -3541,9 +3540,13 @@ bool Blockchain::prepare_handle_incoming_blocks(const std::list<block_complete_e
4762. if (!blocks_exist)
4763. {
4764. m_blocks_longhash_table.clear();
4765. +
4766. + if(m_hash_ctxes_multi.size() < threads)
4767. + m_hash_ctxes_multi.resize(threads);
4768. +
4769. for (uint64_t i = 0; i < threads; i++)
4770. {
4771. - thread_list.push_back(new boost::thread(&Blockchain::block_longhash_worker, this, height + (i * batches), std::cref(blocks[i]), std::ref(maps[i])));
4772. + thread_list.push_back(new boost::thread(&Blockchain::block_longhash_worker, this, std::ref(m_hash_ctxes_multi[i]), std::cref(blocks[i]), std::ref(maps[i])));
4773. }
4774.  
4775. for (size_t j = 0; j < thread_list.size(); j++)
4776. diff --git "a/c:\\1\\sumokoin/src/cryptonote_core/blockchain.h" "b/c:\\1\\2\\sumokoin/src/cryptonote_core/blockchain.h"
4777. index 48590bf..58584b0 100644
4778. --- "a/c:\\1\\sumokoin/src/cryptonote_core/blockchain.h"
4779. +++ "b/c:\\1\\2\\sumokoin/src/cryptonote_core/blockchain.h"
4780. @@ -837,12 +837,11 @@ namespace cryptonote
4781. /**
4782. * @brief computes the "short" and "long" hashes for a set of blocks
4783. *
4784. - * @param height the height of the first block
4785. + * @param hash_ctx pow hash ctx
4786. * @param blocks the blocks to be hashed
4787. * @param map return-by-reference the hashes for each block
4788. */
4789. - void block_longhash_worker(const uint64_t height, const std::vector<block> &blocks,
4790. - std::unordered_map<crypto::hash, crypto::hash> &map) const;
4791. + void block_longhash_worker(cn_pow_hash_v1& hash_ctx, const std::vector<block> &blocks, std::unordered_map<crypto::hash, crypto::hash> &map);
4792.  
4793. void cancel();
4794.  
4795. @@ -905,6 +904,8 @@ namespace cryptonote
4796. // some invalid blocks
4797. blocks_ext_by_hash m_invalid_blocks; // crypto::hash -> block_extended_info
4798.  
4799. + cn_pow_hash_v1 m_pow_ctx_v1;
4800. + std::vector<cn_pow_hash_v1> m_hash_ctxes_multi;
4801.  
4802. checkpoints m_checkpoints;
4803. std::atomic<bool> m_is_in_checkpoint_zone;
4804. diff --git "a/c:\\1\\sumokoin/src/cryptonote_core/cryptonote_format_utils.cpp" "b/c:\\1\\2\\sumokoin/src/cryptonote_core/cryptonote_format_utils.cpp"
4805. index 2bf5175..4f633d0 100644
4806. --- "a/c:\\1\\sumokoin/src/cryptonote_core/cryptonote_format_utils.cpp"
4807. +++ "b/c:\\1\\2\\sumokoin/src/cryptonote_core/cryptonote_format_utils.cpp"
4808. @@ -1238,11 +1238,12 @@ namespace cryptonote
4809. return true;
4810. }
4811. //---------------------------------------------------------------
4812. - bool get_block_longhash(const block& b, crypto::hash& res, uint64_t height)
4813. + bool get_block_longhash_v1(const block& b, cn_pow_hash_v1 &ctx, crypto::hash& res)
4814. {
4815. block b_local = b; //workaround to avoid const errors with do_serialize
4816. blobdata bd = get_block_hashing_blob(b);
4817. - crypto::cn_slow_hash(bd.data(), bd.size(), res);
4818. + ctx.hash(bd.data(), bd.size(), res.data);
4819. + // crypto::cn_slow_hash(bd.data(), bd.size(), res);
4820. return true;
4821. }
4822. //---------------------------------------------------------------
4823. @@ -1266,13 +1267,6 @@ namespace cryptonote
4824. return res;
4825. }
4826. //---------------------------------------------------------------
4827. - crypto::hash get_block_longhash(const block& b, uint64_t height)
4828. - {
4829. - crypto::hash p = null_hash;
4830. - get_block_longhash(b, p, height);
4831. - return p;
4832. - }
4833. - //---------------------------------------------------------------
4834. bool parse_and_validate_block_from_blob(const blobdata& b_blob, block& b)
4835. {
4836. std::stringstream ss;
4837. diff --git "a/c:\\1\\sumokoin/src/cryptonote_core/cryptonote_format_utils.h" "b/c:\\1\\2\\sumokoin/src/cryptonote_core/cryptonote_format_utils.h"
4838. index 7b271f5..d21b964 100644
4839. --- "a/c:\\1\\sumokoin/src/cryptonote_core/cryptonote_format_utils.h"
4840. +++ "b/c:\\1\\2\\sumokoin/src/cryptonote_core/cryptonote_format_utils.h"
4841. @@ -36,6 +36,7 @@
4842. #include "include_base_utils.h"
4843. #include "crypto/crypto.h"
4844. #include "crypto/hash.h"
4845. +#include "crypto/cn_slow_hash.hpp"
4846. #include "ringct/rctOps.h"
4847. #include <unordered_map>
4848.  
4849. @@ -149,8 +150,7 @@ namespace cryptonote
4850. blobdata get_block_hashing_blob(const block& b);
4851. bool get_block_hash(const block& b, crypto::hash& res);
4852. crypto::hash get_block_hash(const block& b);
4853. - bool get_block_longhash(const block& b, crypto::hash& res, uint64_t height);
4854. - crypto::hash get_block_longhash(const block& b, uint64_t height);
4855. + bool get_block_longhash_v1(const block& b, cn_pow_hash_v1 &ctx, crypto::hash& res);
4856. bool generate_genesis_block(
4857. block& bl
4858. , std::string const & genesis_tx
4859. diff --git "a/c:\\1\\sumokoin/src/cryptonote_core/miner.cpp" "b/c:\\1\\2\\sumokoin/src/cryptonote_core/miner.cpp"
4860. index 37986f0..070460d 100644
4861. --- "a/c:\\1\\sumokoin/src/cryptonote_core/miner.cpp"
4862. +++ "b/c:\\1\\2\\sumokoin/src/cryptonote_core/miner.cpp"
4863. @@ -47,9 +47,6 @@ using namespace epee;
4864.  
4865. #include "miner.h"
4866.  
4867. -
4868. -extern "C" void slow_hash_allocate_state();
4869. -extern "C" void slow_hash_free_state();
4870. namespace cryptonote
4871. {
4872.  
4873. @@ -301,10 +298,11 @@ namespace cryptonote
4874. //-----------------------------------------------------------------------------------------------------
4875. bool miner::find_nonce_for_given_block(block& bl, const difficulty_type& diffic, uint64_t height)
4876. {
4877. + cn_pow_hash_v1 hash_ctx;
4878. for(; bl.nonce != std::numeric_limits<uint32_t>::max(); bl.nonce++)
4879. {
4880. crypto::hash h;
4881. - get_block_longhash(bl, h, height);
4882. + get_block_longhash_v1(bl, hash_ctx, h);
4883.  
4884. if(check_hash(h, diffic))
4885. {
4886. @@ -352,11 +350,11 @@ namespace cryptonote
4887. LOG_PRINT_L0("Miner thread was started ["<< th_local_index << "]");
4888. log_space::log_singletone::set_thread_log_prefix(std::string("[miner ") + std::to_string(th_local_index) + "]");
4889. uint32_t nonce = m_starter_nonce + th_local_index;
4890. - uint64_t height = 0;
4891. difficulty_type local_diff = 0;
4892. uint32_t local_template_ver = 0;
4893. block b;
4894. - slow_hash_allocate_state();
4895. + cn_pow_hash_v1 hash_ctx;
4896. +
4897. while(!m_stop)
4898. {
4899. if(m_pausers_count)//anti split workaround
4900. @@ -370,7 +368,6 @@ namespace cryptonote
4901. CRITICAL_REGION_BEGIN(m_template_lock);
4902. b = m_template;
4903. local_diff = m_diffic;
4904. - height = m_height;
4905. CRITICAL_REGION_END();
4906. local_template_ver = m_template_no;
4907. nonce = m_starter_nonce + th_local_index;
4908. @@ -385,7 +382,7 @@ namespace cryptonote
4909.  
4910. b.nonce = nonce;
4911. crypto::hash h;
4912. - get_block_longhash(b, h, height);
4913. + get_block_longhash_v1(b, hash_ctx, h);
4914.  
4915. if(check_hash(h, local_diff))
4916. {
4917. @@ -405,7 +402,6 @@ namespace cryptonote
4918. nonce+=m_threads_total;
4919. ++m_hashes;
4920. }
4921. - slow_hash_free_state();
4922. LOG_PRINT_L0("Miner thread stopped ["<< th_local_index << "]");
4923. return true;
4924. }
4925. (END)