]> git.proxmox.com Git - mirror_ubuntu-focal-kernel.git/blob - drivers/staging/skein/threefish_block.c
projects / mirror_ubuntu-focal-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Input: wm97xx: add new AC97 bus support
[mirror_ubuntu-focal-kernel.git] / drivers / staging / skein / threefish_block.c
1 #include <linux/bitops.h>
2 #include "threefish_api.h"
3
4 void threefish_encrypt_256(struct threefish_key *key_ctx, u64 *input,
5 u64 *output)
6 {
7 u64 b0 = input[0], b1 = input[1],
8 b2 = input[2], b3 = input[3];
9 u64 k0 = key_ctx->key[0], k1 = key_ctx->key[1],
10 k2 = key_ctx->key[2], k3 = key_ctx->key[3],
11 k4 = key_ctx->key[4];
12 u64 t0 = key_ctx->tweak[0], t1 = key_ctx->tweak[1],
13 t2 = key_ctx->tweak[2];
14
15 b1 += k1 + t0;
16 b0 += b1 + k0;
17 b1 = rol64(b1, 14) ^ b0;
18
19 b3 += k3;
20 b2 += b3 + k2 + t1;
21 b3 = rol64(b3, 16) ^ b2;
22
23 b0 += b3;
24 b3 = rol64(b3, 52) ^ b0;
25
26 b2 += b1;
27 b1 = rol64(b1, 57) ^ b2;
28
29 b0 += b1;
30 b1 = rol64(b1, 23) ^ b0;
31
32 b2 += b3;
33 b3 = rol64(b3, 40) ^ b2;
34
35 b0 += b3;
36 b3 = rol64(b3, 5) ^ b0;
37
38 b2 += b1;
39 b1 = rol64(b1, 37) ^ b2;
40
41 b1 += k2 + t1;
42 b0 += b1 + k1;
43 b1 = rol64(b1, 25) ^ b0;
44
45 b3 += k4 + 1;
46 b2 += b3 + k3 + t2;
47 b3 = rol64(b3, 33) ^ b2;
48
49 b0 += b3;
50 b3 = rol64(b3, 46) ^ b0;
51
52 b2 += b1;
53 b1 = rol64(b1, 12) ^ b2;
54
55 b0 += b1;
56 b1 = rol64(b1, 58) ^ b0;
57
58 b2 += b3;
59 b3 = rol64(b3, 22) ^ b2;
60
61 b0 += b3;
62 b3 = rol64(b3, 32) ^ b0;
63
64 b2 += b1;
65 b1 = rol64(b1, 32) ^ b2;
66
67 b1 += k3 + t2;
68 b0 += b1 + k2;
69 b1 = rol64(b1, 14) ^ b0;
70
71 b3 += k0 + 2;
72 b2 += b3 + k4 + t0;
73 b3 = rol64(b3, 16) ^ b2;
74
75 b0 += b3;
76 b3 = rol64(b3, 52) ^ b0;
77
78 b2 += b1;
79 b1 = rol64(b1, 57) ^ b2;
80
81 b0 += b1;
82 b1 = rol64(b1, 23) ^ b0;
83
84 b2 += b3;
85 b3 = rol64(b3, 40) ^ b2;
86
87 b0 += b3;
88 b3 = rol64(b3, 5) ^ b0;
89
90 b2 += b1;
91 b1 = rol64(b1, 37) ^ b2;
92
93 b1 += k4 + t0;
94 b0 += b1 + k3;
95 b1 = rol64(b1, 25) ^ b0;
96
97 b3 += k1 + 3;
98 b2 += b3 + k0 + t1;
99 b3 = rol64(b3, 33) ^ b2;
100
101 b0 += b3;
102 b3 = rol64(b3, 46) ^ b0;
103
104 b2 += b1;
105 b1 = rol64(b1, 12) ^ b2;
106
107 b0 += b1;
108 b1 = rol64(b1, 58) ^ b0;
109
110 b2 += b3;
111 b3 = rol64(b3, 22) ^ b2;
112
113 b0 += b3;
114 b3 = rol64(b3, 32) ^ b0;
115
116 b2 += b1;
117 b1 = rol64(b1, 32) ^ b2;
118
119 b1 += k0 + t1;
120 b0 += b1 + k4;
121 b1 = rol64(b1, 14) ^ b0;
122
123 b3 += k2 + 4;
124 b2 += b3 + k1 + t2;
125 b3 = rol64(b3, 16) ^ b2;
126
127 b0 += b3;
128 b3 = rol64(b3, 52) ^ b0;
129
130 b2 += b1;
131 b1 = rol64(b1, 57) ^ b2;
132
133 b0 += b1;
134 b1 = rol64(b1, 23) ^ b0;
135
136 b2 += b3;
137 b3 = rol64(b3, 40) ^ b2;
138
139 b0 += b3;
140 b3 = rol64(b3, 5) ^ b0;
141
142 b2 += b1;
143 b1 = rol64(b1, 37) ^ b2;
144
145 b1 += k1 + t2;
146 b0 += b1 + k0;
147 b1 = rol64(b1, 25) ^ b0;
148
149 b3 += k3 + 5;
150 b2 += b3 + k2 + t0;
151 b3 = rol64(b3, 33) ^ b2;
152
153 b0 += b3;
154 b3 = rol64(b3, 46) ^ b0;
155
156 b2 += b1;
157 b1 = rol64(b1, 12) ^ b2;
158
159 b0 += b1;
160 b1 = rol64(b1, 58) ^ b0;
161
162 b2 += b3;
163 b3 = rol64(b3, 22) ^ b2;
164
165 b0 += b3;
166 b3 = rol64(b3, 32) ^ b0;
167
168 b2 += b1;
169 b1 = rol64(b1, 32) ^ b2;
170
171 b1 += k2 + t0;
172 b0 += b1 + k1;
173 b1 = rol64(b1, 14) ^ b0;
174
175 b3 += k4 + 6;
176 b2 += b3 + k3 + t1;
177 b3 = rol64(b3, 16) ^ b2;
178
179 b0 += b3;
180 b3 = rol64(b3, 52) ^ b0;
181
182 b2 += b1;
183 b1 = rol64(b1, 57) ^ b2;
184
185 b0 += b1;
186 b1 = rol64(b1, 23) ^ b0;
187
188 b2 += b3;
189 b3 = rol64(b3, 40) ^ b2;
190
191 b0 += b3;
192 b3 = rol64(b3, 5) ^ b0;
193
194 b2 += b1;
195 b1 = rol64(b1, 37) ^ b2;
196
197 b1 += k3 + t1;
198 b0 += b1 + k2;
199 b1 = rol64(b1, 25) ^ b0;
200
201 b3 += k0 + 7;
202 b2 += b3 + k4 + t2;
203 b3 = rol64(b3, 33) ^ b2;
204
205 b0 += b3;
206 b3 = rol64(b3, 46) ^ b0;
207
208 b2 += b1;
209 b1 = rol64(b1, 12) ^ b2;
210
211 b0 += b1;
212 b1 = rol64(b1, 58) ^ b0;
213
214 b2 += b3;
215 b3 = rol64(b3, 22) ^ b2;
216
217 b0 += b3;
218 b3 = rol64(b3, 32) ^ b0;
219
220 b2 += b1;
221 b1 = rol64(b1, 32) ^ b2;
222
223 b1 += k4 + t2;
224 b0 += b1 + k3;
225 b1 = rol64(b1, 14) ^ b0;
226
227 b3 += k1 + 8;
228 b2 += b3 + k0 + t0;
229 b3 = rol64(b3, 16) ^ b2;
230
231 b0 += b3;
232 b3 = rol64(b3, 52) ^ b0;
233
234 b2 += b1;
235 b1 = rol64(b1, 57) ^ b2;
236
237 b0 += b1;
238 b1 = rol64(b1, 23) ^ b0;
239
240 b2 += b3;
241 b3 = rol64(b3, 40) ^ b2;
242
243 b0 += b3;
244 b3 = rol64(b3, 5) ^ b0;
245
246 b2 += b1;
247 b1 = rol64(b1, 37) ^ b2;
248
249 b1 += k0 + t0;
250 b0 += b1 + k4;
251 b1 = rol64(b1, 25) ^ b0;
252
253 b3 += k2 + 9;
254 b2 += b3 + k1 + t1;
255 b3 = rol64(b3, 33) ^ b2;
256
257 b0 += b3;
258 b3 = rol64(b3, 46) ^ b0;
259
260 b2 += b1;
261 b1 = rol64(b1, 12) ^ b2;
262
263 b0 += b1;
264 b1 = rol64(b1, 58) ^ b0;
265
266 b2 += b3;
267 b3 = rol64(b3, 22) ^ b2;
268
269 b0 += b3;
270 b3 = rol64(b3, 32) ^ b0;
271
272 b2 += b1;
273 b1 = rol64(b1, 32) ^ b2;
274
275 b1 += k1 + t1;
276 b0 += b1 + k0;
277 b1 = rol64(b1, 14) ^ b0;
278
279 b3 += k3 + 10;
280 b2 += b3 + k2 + t2;
281 b3 = rol64(b3, 16) ^ b2;
282
283 b0 += b3;
284 b3 = rol64(b3, 52) ^ b0;
285
286 b2 += b1;
287 b1 = rol64(b1, 57) ^ b2;
288
289 b0 += b1;
290 b1 = rol64(b1, 23) ^ b0;
291
292 b2 += b3;
293 b3 = rol64(b3, 40) ^ b2;
294
295 b0 += b3;
296 b3 = rol64(b3, 5) ^ b0;
297
298 b2 += b1;
299 b1 = rol64(b1, 37) ^ b2;
300
301 b1 += k2 + t2;
302 b0 += b1 + k1;
303 b1 = rol64(b1, 25) ^ b0;
304
305 b3 += k4 + 11;
306 b2 += b3 + k3 + t0;
307 b3 = rol64(b3, 33) ^ b2;
308
309 b0 += b3;
310 b3 = rol64(b3, 46) ^ b0;
311
312 b2 += b1;
313 b1 = rol64(b1, 12) ^ b2;
314
315 b0 += b1;
316 b1 = rol64(b1, 58) ^ b0;
317
318 b2 += b3;
319 b3 = rol64(b3, 22) ^ b2;
320
321 b0 += b3;
322 b3 = rol64(b3, 32) ^ b0;
323
324 b2 += b1;
325 b1 = rol64(b1, 32) ^ b2;
326
327 b1 += k3 + t0;
328 b0 += b1 + k2;
329 b1 = rol64(b1, 14) ^ b0;
330
331 b3 += k0 + 12;
332 b2 += b3 + k4 + t1;
333 b3 = rol64(b3, 16) ^ b2;
334
335 b0 += b3;
336 b3 = rol64(b3, 52) ^ b0;
337
338 b2 += b1;
339 b1 = rol64(b1, 57) ^ b2;
340
341 b0 += b1;
342 b1 = rol64(b1, 23) ^ b0;
343
344 b2 += b3;
345 b3 = rol64(b3, 40) ^ b2;
346
347 b0 += b3;
348 b3 = rol64(b3, 5) ^ b0;
349
350 b2 += b1;
351 b1 = rol64(b1, 37) ^ b2;
352
353 b1 += k4 + t1;
354 b0 += b1 + k3;
355 b1 = rol64(b1, 25) ^ b0;
356
357 b3 += k1 + 13;
358 b2 += b3 + k0 + t2;
359 b3 = rol64(b3, 33) ^ b2;
360
361 b0 += b3;
362 b3 = rol64(b3, 46) ^ b0;
363
364 b2 += b1;
365 b1 = rol64(b1, 12) ^ b2;
366
367 b0 += b1;
368 b1 = rol64(b1, 58) ^ b0;
369
370 b2 += b3;
371 b3 = rol64(b3, 22) ^ b2;
372
373 b0 += b3;
374 b3 = rol64(b3, 32) ^ b0;
375
376 b2 += b1;
377 b1 = rol64(b1, 32) ^ b2;
378
379 b1 += k0 + t2;
380 b0 += b1 + k4;
381 b1 = rol64(b1, 14) ^ b0;
382
383 b3 += k2 + 14;
384 b2 += b3 + k1 + t0;
385 b3 = rol64(b3, 16) ^ b2;
386
387 b0 += b3;
388 b3 = rol64(b3, 52) ^ b0;
389
390 b2 += b1;
391 b1 = rol64(b1, 57) ^ b2;
392
393 b0 += b1;
394 b1 = rol64(b1, 23) ^ b0;
395
396 b2 += b3;
397 b3 = rol64(b3, 40) ^ b2;
398
399 b0 += b3;
400 b3 = rol64(b3, 5) ^ b0;
401
402 b2 += b1;
403 b1 = rol64(b1, 37) ^ b2;
404
405 b1 += k1 + t0;
406 b0 += b1 + k0;
407 b1 = rol64(b1, 25) ^ b0;
408
409 b3 += k3 + 15;
410 b2 += b3 + k2 + t1;
411 b3 = rol64(b3, 33) ^ b2;
412
413 b0 += b3;
414 b3 = rol64(b3, 46) ^ b0;
415
416 b2 += b1;
417 b1 = rol64(b1, 12) ^ b2;
418
419 b0 += b1;
420 b1 = rol64(b1, 58) ^ b0;
421
422 b2 += b3;
423 b3 = rol64(b3, 22) ^ b2;
424
425 b0 += b3;
426 b3 = rol64(b3, 32) ^ b0;
427
428 b2 += b1;
429 b1 = rol64(b1, 32) ^ b2;
430
431 b1 += k2 + t1;
432 b0 += b1 + k1;
433 b1 = rol64(b1, 14) ^ b0;
434
435 b3 += k4 + 16;
436 b2 += b3 + k3 + t2;
437 b3 = rol64(b3, 16) ^ b2;
438
439 b0 += b3;
440 b3 = rol64(b3, 52) ^ b0;
441
442 b2 += b1;
443 b1 = rol64(b1, 57) ^ b2;
444
445 b0 += b1;
446 b1 = rol64(b1, 23) ^ b0;
447
448 b2 += b3;
449 b3 = rol64(b3, 40) ^ b2;
450
451 b0 += b3;
452 b3 = rol64(b3, 5) ^ b0;
453
454 b2 += b1;
455 b1 = rol64(b1, 37) ^ b2;
456
457 b1 += k3 + t2;
458 b0 += b1 + k2;
459 b1 = rol64(b1, 25) ^ b0;
460
461 b3 += k0 + 17;
462 b2 += b3 + k4 + t0;
463 b3 = rol64(b3, 33) ^ b2;
464
465 b0 += b3;
466 b3 = rol64(b3, 46) ^ b0;
467
468 b2 += b1;
469 b1 = rol64(b1, 12) ^ b2;
470
471 b0 += b1;
472 b1 = rol64(b1, 58) ^ b0;
473
474 b2 += b3;
475 b3 = rol64(b3, 22) ^ b2;
476
477 b0 += b3;
478 b3 = rol64(b3, 32) ^ b0;
479
480 b2 += b1;
481 b1 = rol64(b1, 32) ^ b2;
482
483 output[0] = b0 + k3;
484 output[1] = b1 + k4 + t0;
485 output[2] = b2 + k0 + t1;
486 output[3] = b3 + k1 + 18;
487 }
488
489 void threefish_decrypt_256(struct threefish_key *key_ctx, u64 *input,
490 u64 *output)
491 {
492 u64 b0 = input[0], b1 = input[1],
493 b2 = input[2], b3 = input[3];
494 u64 k0 = key_ctx->key[0], k1 = key_ctx->key[1],
495 k2 = key_ctx->key[2], k3 = key_ctx->key[3],
496 k4 = key_ctx->key[4];
497 u64 t0 = key_ctx->tweak[0], t1 = key_ctx->tweak[1],
498 t2 = key_ctx->tweak[2];
499
500 u64 tmp;
501
502 b0 -= k3;
503 b1 -= k4 + t0;
504 b2 -= k0 + t1;
505 b3 -= k1 + 18;
506 tmp = b3 ^ b0;
507 b3 = ror64(tmp, 32);
508 b0 -= b3;
509
510 tmp = b1 ^ b2;
511 b1 = ror64(tmp, 32);
512 b2 -= b1;
513
514 tmp = b1 ^ b0;
515 b1 = ror64(tmp, 58);
516 b0 -= b1;
517
518 tmp = b3 ^ b2;
519 b3 = ror64(tmp, 22);
520 b2 -= b3;
521
522 tmp = b3 ^ b0;
523 b3 = ror64(tmp, 46);
524 b0 -= b3;
525
526 tmp = b1 ^ b2;
527 b1 = ror64(tmp, 12);
528 b2 -= b1;
529
530 tmp = b1 ^ b0;
531 b1 = ror64(tmp, 25);
532 b0 -= b1 + k2;
533 b1 -= k3 + t2;
534
535 tmp = b3 ^ b2;
536 b3 = ror64(tmp, 33);
537 b2 -= b3 + k4 + t0;
538 b3 -= k0 + 17;
539
540 tmp = b3 ^ b0;
541 b3 = ror64(tmp, 5);
542 b0 -= b3;
543
544 tmp = b1 ^ b2;
545 b1 = ror64(tmp, 37);
546 b2 -= b1;
547
548 tmp = b1 ^ b0;
549 b1 = ror64(tmp, 23);
550 b0 -= b1;
551
552 tmp = b3 ^ b2;
553 b3 = ror64(tmp, 40);
554 b2 -= b3;
555
556 tmp = b3 ^ b0;
557 b3 = ror64(tmp, 52);
558 b0 -= b3;
559
560 tmp = b1 ^ b2;
561 b1 = ror64(tmp, 57);
562 b2 -= b1;
563
564 tmp = b1 ^ b0;
565 b1 = ror64(tmp, 14);
566 b0 -= b1 + k1;
567 b1 -= k2 + t1;
568
569 tmp = b3 ^ b2;
570 b3 = ror64(tmp, 16);
571 b2 -= b3 + k3 + t2;
572 b3 -= k4 + 16;
573
574 tmp = b3 ^ b0;
575 b3 = ror64(tmp, 32);
576 b0 -= b3;
577
578 tmp = b1 ^ b2;
579 b1 = ror64(tmp, 32);
580 b2 -= b1;
581
582 tmp = b1 ^ b0;
583 b1 = ror64(tmp, 58);
584 b0 -= b1;
585
586 tmp = b3 ^ b2;
587 b3 = ror64(tmp, 22);
588 b2 -= b3;
589
590 tmp = b3 ^ b0;
591 b3 = ror64(tmp, 46);
592 b0 -= b3;
593
594 tmp = b1 ^ b2;
595 b1 = ror64(tmp, 12);
596 b2 -= b1;
597
598 tmp = b1 ^ b0;
599 b1 = ror64(tmp, 25);
600 b0 -= b1 + k0;
601 b1 -= k1 + t0;
602
603 tmp = b3 ^ b2;
604 b3 = ror64(tmp, 33);
605 b2 -= b3 + k2 + t1;
606 b3 -= k3 + 15;
607
608 tmp = b3 ^ b0;
609 b3 = ror64(tmp, 5);
610 b0 -= b3;
611
612 tmp = b1 ^ b2;
613 b1 = ror64(tmp, 37);
614 b2 -= b1;
615
616 tmp = b1 ^ b0;
617 b1 = ror64(tmp, 23);
618 b0 -= b1;
619
620 tmp = b3 ^ b2;
621 b3 = ror64(tmp, 40);
622 b2 -= b3;
623
624 tmp = b3 ^ b0;
625 b3 = ror64(tmp, 52);
626 b0 -= b3;
627
628 tmp = b1 ^ b2;
629 b1 = ror64(tmp, 57);
630 b2 -= b1;
631
632 tmp = b1 ^ b0;
633 b1 = ror64(tmp, 14);
634 b0 -= b1 + k4;
635 b1 -= k0 + t2;
636
637 tmp = b3 ^ b2;
638 b3 = ror64(tmp, 16);
639 b2 -= b3 + k1 + t0;
640 b3 -= k2 + 14;
641
642 tmp = b3 ^ b0;
643 b3 = ror64(tmp, 32);
644 b0 -= b3;
645
646 tmp = b1 ^ b2;
647 b1 = ror64(tmp, 32);
648 b2 -= b1;
649
650 tmp = b1 ^ b0;
651 b1 = ror64(tmp, 58);
652 b0 -= b1;
653
654 tmp = b3 ^ b2;
655 b3 = ror64(tmp, 22);
656 b2 -= b3;
657
658 tmp = b3 ^ b0;
659 b3 = ror64(tmp, 46);
660 b0 -= b3;
661
662 tmp = b1 ^ b2;
663 b1 = ror64(tmp, 12);
664 b2 -= b1;
665
666 tmp = b1 ^ b0;
667 b1 = ror64(tmp, 25);
668 b0 -= b1 + k3;
669 b1 -= k4 + t1;
670
671 tmp = b3 ^ b2;
672 b3 = ror64(tmp, 33);
673 b2 -= b3 + k0 + t2;
674 b3 -= k1 + 13;
675
676 tmp = b3 ^ b0;
677 b3 = ror64(tmp, 5);
678 b0 -= b3;
679
680 tmp = b1 ^ b2;
681 b1 = ror64(tmp, 37);
682 b2 -= b1;
683
684 tmp = b1 ^ b0;
685 b1 = ror64(tmp, 23);
686 b0 -= b1;
687
688 tmp = b3 ^ b2;
689 b3 = ror64(tmp, 40);
690 b2 -= b3;
691
692 tmp = b3 ^ b0;
693 b3 = ror64(tmp, 52);
694 b0 -= b3;
695
696 tmp = b1 ^ b2;
697 b1 = ror64(tmp, 57);
698 b2 -= b1;
699
700 tmp = b1 ^ b0;
701 b1 = ror64(tmp, 14);
702 b0 -= b1 + k2;
703 b1 -= k3 + t0;
704
705 tmp = b3 ^ b2;
706 b3 = ror64(tmp, 16);
707 b2 -= b3 + k4 + t1;
708 b3 -= k0 + 12;
709
710 tmp = b3 ^ b0;
711 b3 = ror64(tmp, 32);
712 b0 -= b3;
713
714 tmp = b1 ^ b2;
715 b1 = ror64(tmp, 32);
716 b2 -= b1;
717
718 tmp = b1 ^ b0;
719 b1 = ror64(tmp, 58);
720 b0 -= b1;
721
722 tmp = b3 ^ b2;
723 b3 = ror64(tmp, 22);
724 b2 -= b3;
725
726 tmp = b3 ^ b0;
727 b3 = ror64(tmp, 46);
728 b0 -= b3;
729
730 tmp = b1 ^ b2;
731 b1 = ror64(tmp, 12);
732 b2 -= b1;
733
734 tmp = b1 ^ b0;
735 b1 = ror64(tmp, 25);
736 b0 -= b1 + k1;
737 b1 -= k2 + t2;
738
739 tmp = b3 ^ b2;
740 b3 = ror64(tmp, 33);
741 b2 -= b3 + k3 + t0;
742 b3 -= k4 + 11;
743
744 tmp = b3 ^ b0;
745 b3 = ror64(tmp, 5);
746 b0 -= b3;
747
748 tmp = b1 ^ b2;
749 b1 = ror64(tmp, 37);
750 b2 -= b1;
751
752 tmp = b1 ^ b0;
753 b1 = ror64(tmp, 23);
754 b0 -= b1;
755
756 tmp = b3 ^ b2;
757 b3 = ror64(tmp, 40);
758 b2 -= b3;
759
760 tmp = b3 ^ b0;
761 b3 = ror64(tmp, 52);
762 b0 -= b3;
763
764 tmp = b1 ^ b2;
765 b1 = ror64(tmp, 57);
766 b2 -= b1;
767
768 tmp = b1 ^ b0;
769 b1 = ror64(tmp, 14);
770 b0 -= b1 + k0;
771 b1 -= k1 + t1;
772
773 tmp = b3 ^ b2;
774 b3 = ror64(tmp, 16);
775 b2 -= b3 + k2 + t2;
776 b3 -= k3 + 10;
777
778 tmp = b3 ^ b0;
779 b3 = ror64(tmp, 32);
780 b0 -= b3;
781
782 tmp = b1 ^ b2;
783 b1 = ror64(tmp, 32);
784 b2 -= b1;
785
786 tmp = b1 ^ b0;
787 b1 = ror64(tmp, 58);
788 b0 -= b1;
789
790 tmp = b3 ^ b2;
791 b3 = ror64(tmp, 22);
792 b2 -= b3;
793
794 tmp = b3 ^ b0;
795 b3 = ror64(tmp, 46);
796 b0 -= b3;
797
798 tmp = b1 ^ b2;
799 b1 = ror64(tmp, 12);
800 b2 -= b1;
801
802 tmp = b1 ^ b0;
803 b1 = ror64(tmp, 25);
804 b0 -= b1 + k4;
805 b1 -= k0 + t0;
806
807 tmp = b3 ^ b2;
808 b3 = ror64(tmp, 33);
809 b2 -= b3 + k1 + t1;
810 b3 -= k2 + 9;
811
812 tmp = b3 ^ b0;
813 b3 = ror64(tmp, 5);
814 b0 -= b3;
815
816 tmp = b1 ^ b2;
817 b1 = ror64(tmp, 37);
818 b2 -= b1;
819
820 tmp = b1 ^ b0;
821 b1 = ror64(tmp, 23);
822 b0 -= b1;
823
824 tmp = b3 ^ b2;
825 b3 = ror64(tmp, 40);
826 b2 -= b3;
827
828 tmp = b3 ^ b0;
829 b3 = ror64(tmp, 52);
830 b0 -= b3;
831
832 tmp = b1 ^ b2;
833 b1 = ror64(tmp, 57);
834 b2 -= b1;
835
836 tmp = b1 ^ b0;
837 b1 = ror64(tmp, 14);
838 b0 -= b1 + k3;
839 b1 -= k4 + t2;
840
841 tmp = b3 ^ b2;
842 b3 = ror64(tmp, 16);
843 b2 -= b3 + k0 + t0;
844 b3 -= k1 + 8;
845
846 tmp = b3 ^ b0;
847 b3 = ror64(tmp, 32);
848 b0 -= b3;
849
850 tmp = b1 ^ b2;
851 b1 = ror64(tmp, 32);
852 b2 -= b1;
853
854 tmp = b1 ^ b0;
855 b1 = ror64(tmp, 58);
856 b0 -= b1;
857
858 tmp = b3 ^ b2;
859 b3 = ror64(tmp, 22);
860 b2 -= b3;
861
862 tmp = b3 ^ b0;
863 b3 = ror64(tmp, 46);
864 b0 -= b3;
865
866 tmp = b1 ^ b2;
867 b1 = ror64(tmp, 12);
868 b2 -= b1;
869
870 tmp = b1 ^ b0;
871 b1 = ror64(tmp, 25);
872 b0 -= b1 + k2;
873 b1 -= k3 + t1;
874
875 tmp = b3 ^ b2;
876 b3 = ror64(tmp, 33);
877 b2 -= b3 + k4 + t2;
878 b3 -= k0 + 7;
879
880 tmp = b3 ^ b0;
881 b3 = ror64(tmp, 5);
882 b0 -= b3;
883
884 tmp = b1 ^ b2;
885 b1 = ror64(tmp, 37);
886 b2 -= b1;
887
888 tmp = b1 ^ b0;
889 b1 = ror64(tmp, 23);
890 b0 -= b1;
891
892 tmp = b3 ^ b2;
893 b3 = ror64(tmp, 40);
894 b2 -= b3;
895
896 tmp = b3 ^ b0;
897 b3 = ror64(tmp, 52);
898 b0 -= b3;
899
900 tmp = b1 ^ b2;
901 b1 = ror64(tmp, 57);
902 b2 -= b1;
903
904 tmp = b1 ^ b0;
905 b1 = ror64(tmp, 14);
906 b0 -= b1 + k1;
907 b1 -= k2 + t0;
908
909 tmp = b3 ^ b2;
910 b3 = ror64(tmp, 16);
911 b2 -= b3 + k3 + t1;
912 b3 -= k4 + 6;
913
914 tmp = b3 ^ b0;
915 b3 = ror64(tmp, 32);
916 b0 -= b3;
917
918 tmp = b1 ^ b2;
919 b1 = ror64(tmp, 32);
920 b2 -= b1;
921
922 tmp = b1 ^ b0;
923 b1 = ror64(tmp, 58);
924 b0 -= b1;
925
926 tmp = b3 ^ b2;
927 b3 = ror64(tmp, 22);
928 b2 -= b3;
929
930 tmp = b3 ^ b0;
931 b3 = ror64(tmp, 46);
932 b0 -= b3;
933
934 tmp = b1 ^ b2;
935 b1 = ror64(tmp, 12);
936 b2 -= b1;
937
938 tmp = b1 ^ b0;
939 b1 = ror64(tmp, 25);
940 b0 -= b1 + k0;
941 b1 -= k1 + t2;
942
943 tmp = b3 ^ b2;
944 b3 = ror64(tmp, 33);
945 b2 -= b3 + k2 + t0;
946 b3 -= k3 + 5;
947
948 tmp = b3 ^ b0;
949 b3 = ror64(tmp, 5);
950 b0 -= b3;
951
952 tmp = b1 ^ b2;
953 b1 = ror64(tmp, 37);
954 b2 -= b1;
955
956 tmp = b1 ^ b0;
957 b1 = ror64(tmp, 23);
958 b0 -= b1;
959
960 tmp = b3 ^ b2;
961 b3 = ror64(tmp, 40);
962 b2 -= b3;
963
964 tmp = b3 ^ b0;
965 b3 = ror64(tmp, 52);
966 b0 -= b3;
967
968 tmp = b1 ^ b2;
969 b1 = ror64(tmp, 57);
970 b2 -= b1;
971
972 tmp = b1 ^ b0;
973 b1 = ror64(tmp, 14);
974 b0 -= b1 + k4;
975 b1 -= k0 + t1;
976
977 tmp = b3 ^ b2;
978 b3 = ror64(tmp, 16);
979 b2 -= b3 + k1 + t2;
980 b3 -= k2 + 4;
981
982 tmp = b3 ^ b0;
983 b3 = ror64(tmp, 32);
984 b0 -= b3;
985
986 tmp = b1 ^ b2;
987 b1 = ror64(tmp, 32);
988 b2 -= b1;
989
990 tmp = b1 ^ b0;
991 b1 = ror64(tmp, 58);
992 b0 -= b1;
993
994 tmp = b3 ^ b2;
995 b3 = ror64(tmp, 22);
996 b2 -= b3;
997
998 tmp = b3 ^ b0;
999 b3 = ror64(tmp, 46);
1000 b0 -= b3;
1001
1002 tmp = b1 ^ b2;
1003 b1 = ror64(tmp, 12);
1004 b2 -= b1;
1005
1006 tmp = b1 ^ b0;
1007 b1 = ror64(tmp, 25);
1008 b0 -= b1 + k3;
1009 b1 -= k4 + t0;
1010
1011 tmp = b3 ^ b2;
1012 b3 = ror64(tmp, 33);
1013 b2 -= b3 + k0 + t1;
1014 b3 -= k1 + 3;
1015
1016 tmp = b3 ^ b0;
1017 b3 = ror64(tmp, 5);
1018 b0 -= b3;
1019
1020 tmp = b1 ^ b2;
1021 b1 = ror64(tmp, 37);
1022 b2 -= b1;
1023
1024 tmp = b1 ^ b0;
1025 b1 = ror64(tmp, 23);
1026 b0 -= b1;
1027
1028 tmp = b3 ^ b2;
1029 b3 = ror64(tmp, 40);
1030 b2 -= b3;
1031
1032 tmp = b3 ^ b0;
1033 b3 = ror64(tmp, 52);
1034 b0 -= b3;
1035
1036 tmp = b1 ^ b2;
1037 b1 = ror64(tmp, 57);
1038 b2 -= b1;
1039
1040 tmp = b1 ^ b0;
1041 b1 = ror64(tmp, 14);
1042 b0 -= b1 + k2;
1043 b1 -= k3 + t2;
1044
1045 tmp = b3 ^ b2;
1046 b3 = ror64(tmp, 16);
1047 b2 -= b3 + k4 + t0;
1048 b3 -= k0 + 2;
1049
1050 tmp = b3 ^ b0;
1051 b3 = ror64(tmp, 32);
1052 b0 -= b3;
1053
1054 tmp = b1 ^ b2;
1055 b1 = ror64(tmp, 32);
1056 b2 -= b1;
1057
1058 tmp = b1 ^ b0;
1059 b1 = ror64(tmp, 58);
1060 b0 -= b1;
1061
1062 tmp = b3 ^ b2;
1063 b3 = ror64(tmp, 22);
1064 b2 -= b3;
1065
1066 tmp = b3 ^ b0;
1067 b3 = ror64(tmp, 46);
1068 b0 -= b3;
1069
1070 tmp = b1 ^ b2;
1071 b1 = ror64(tmp, 12);
1072 b2 -= b1;
1073
1074 tmp = b1 ^ b0;
1075 b1 = ror64(tmp, 25);
1076 b0 -= b1 + k1;
1077 b1 -= k2 + t1;
1078
1079 tmp = b3 ^ b2;
1080 b3 = ror64(tmp, 33);
1081 b2 -= b3 + k3 + t2;
1082 b3 -= k4 + 1;
1083
1084 tmp = b3 ^ b0;
1085 b3 = ror64(tmp, 5);
1086 b0 -= b3;
1087
1088 tmp = b1 ^ b2;
1089 b1 = ror64(tmp, 37);
1090 b2 -= b1;
1091
1092 tmp = b1 ^ b0;
1093 b1 = ror64(tmp, 23);
1094 b0 -= b1;
1095
1096 tmp = b3 ^ b2;
1097 b3 = ror64(tmp, 40);
1098 b2 -= b3;
1099
1100 tmp = b3 ^ b0;
1101 b3 = ror64(tmp, 52);
1102 b0 -= b3;
1103
1104 tmp = b1 ^ b2;
1105 b1 = ror64(tmp, 57);
1106 b2 -= b1;
1107
1108 tmp = b1 ^ b0;
1109 b1 = ror64(tmp, 14);
1110 b0 -= b1 + k0;
1111 b1 -= k1 + t0;
1112
1113 tmp = b3 ^ b2;
1114 b3 = ror64(tmp, 16);
1115 b2 -= b3 + k2 + t1;
1116 b3 -= k3;
1117
1118 output[0] = b0;
1119 output[1] = b1;
1120 output[2] = b2;
1121 output[3] = b3;
1122 }
1123
1124 void threefish_encrypt_512(struct threefish_key *key_ctx, u64 *input,
1125 u64 *output)
1126 {
1127 u64 b0 = input[0], b1 = input[1],
1128 b2 = input[2], b3 = input[3],
1129 b4 = input[4], b5 = input[5],
1130 b6 = input[6], b7 = input[7];
1131 u64 k0 = key_ctx->key[0], k1 = key_ctx->key[1],
1132 k2 = key_ctx->key[2], k3 = key_ctx->key[3],
1133 k4 = key_ctx->key[4], k5 = key_ctx->key[5],
1134 k6 = key_ctx->key[6], k7 = key_ctx->key[7],
1135 k8 = key_ctx->key[8];
1136 u64 t0 = key_ctx->tweak[0], t1 = key_ctx->tweak[1],
1137 t2 = key_ctx->tweak[2];
1138
1139 b1 += k1;
1140 b0 += b1 + k0;
1141 b1 = rol64(b1, 46) ^ b0;
1142
1143 b3 += k3;
1144 b2 += b3 + k2;
1145 b3 = rol64(b3, 36) ^ b2;
1146
1147 b5 += k5 + t0;
1148 b4 += b5 + k4;
1149 b5 = rol64(b5, 19) ^ b4;
1150
1151 b7 += k7;
1152 b6 += b7 + k6 + t1;
1153 b7 = rol64(b7, 37) ^ b6;
1154
1155 b2 += b1;
1156 b1 = rol64(b1, 33) ^ b2;
1157
1158 b4 += b7;
1159 b7 = rol64(b7, 27) ^ b4;
1160
1161 b6 += b5;
1162 b5 = rol64(b5, 14) ^ b6;
1163
1164 b0 += b3;
1165 b3 = rol64(b3, 42) ^ b0;
1166
1167 b4 += b1;
1168 b1 = rol64(b1, 17) ^ b4;
1169
1170 b6 += b3;
1171 b3 = rol64(b3, 49) ^ b6;
1172
1173 b0 += b5;
1174 b5 = rol64(b5, 36) ^ b0;
1175
1176 b2 += b7;
1177 b7 = rol64(b7, 39) ^ b2;
1178
1179 b6 += b1;
1180 b1 = rol64(b1, 44) ^ b6;
1181
1182 b0 += b7;
1183 b7 = rol64(b7, 9) ^ b0;
1184
1185 b2 += b5;
1186 b5 = rol64(b5, 54) ^ b2;
1187
1188 b4 += b3;
1189 b3 = rol64(b3, 56) ^ b4;
1190
1191 b1 += k2;
1192 b0 += b1 + k1;
1193 b1 = rol64(b1, 39) ^ b0;
1194
1195 b3 += k4;
1196 b2 += b3 + k3;
1197 b3 = rol64(b3, 30) ^ b2;
1198
1199 b5 += k6 + t1;
1200 b4 += b5 + k5;
1201 b5 = rol64(b5, 34) ^ b4;
1202
1203 b7 += k8 + 1;
1204 b6 += b7 + k7 + t2;
1205 b7 = rol64(b7, 24) ^ b6;
1206
1207 b2 += b1;
1208 b1 = rol64(b1, 13) ^ b2;
1209
1210 b4 += b7;
1211 b7 = rol64(b7, 50) ^ b4;
1212
1213 b6 += b5;
1214 b5 = rol64(b5, 10) ^ b6;
1215
1216 b0 += b3;
1217 b3 = rol64(b3, 17) ^ b0;
1218
1219 b4 += b1;
1220 b1 = rol64(b1, 25) ^ b4;
1221
1222 b6 += b3;
1223 b3 = rol64(b3, 29) ^ b6;
1224
1225 b0 += b5;
1226 b5 = rol64(b5, 39) ^ b0;
1227
1228 b2 += b7;
1229 b7 = rol64(b7, 43) ^ b2;
1230
1231 b6 += b1;
1232 b1 = rol64(b1, 8) ^ b6;
1233
1234 b0 += b7;
1235 b7 = rol64(b7, 35) ^ b0;
1236
1237 b2 += b5;
1238 b5 = rol64(b5, 56) ^ b2;
1239
1240 b4 += b3;
1241 b3 = rol64(b3, 22) ^ b4;
1242
1243 b1 += k3;
1244 b0 += b1 + k2;
1245 b1 = rol64(b1, 46) ^ b0;
1246
1247 b3 += k5;
1248 b2 += b3 + k4;
1249 b3 = rol64(b3, 36) ^ b2;
1250
1251 b5 += k7 + t2;
1252 b4 += b5 + k6;
1253 b5 = rol64(b5, 19) ^ b4;
1254
1255 b7 += k0 + 2;
1256 b6 += b7 + k8 + t0;
1257 b7 = rol64(b7, 37) ^ b6;
1258
1259 b2 += b1;
1260 b1 = rol64(b1, 33) ^ b2;
1261
1262 b4 += b7;
1263 b7 = rol64(b7, 27) ^ b4;
1264
1265 b6 += b5;
1266 b5 = rol64(b5, 14) ^ b6;
1267
1268 b0 += b3;
1269 b3 = rol64(b3, 42) ^ b0;
1270
1271 b4 += b1;
1272 b1 = rol64(b1, 17) ^ b4;
1273
1274 b6 += b3;
1275 b3 = rol64(b3, 49) ^ b6;
1276
1277 b0 += b5;
1278 b5 = rol64(b5, 36) ^ b0;
1279
1280 b2 += b7;
1281 b7 = rol64(b7, 39) ^ b2;
1282
1283 b6 += b1;
1284 b1 = rol64(b1, 44) ^ b6;
1285
1286 b0 += b7;
1287 b7 = rol64(b7, 9) ^ b0;
1288
1289 b2 += b5;
1290 b5 = rol64(b5, 54) ^ b2;
1291
1292 b4 += b3;
1293 b3 = rol64(b3, 56) ^ b4;
1294
1295 b1 += k4;
1296 b0 += b1 + k3;
1297 b1 = rol64(b1, 39) ^ b0;
1298
1299 b3 += k6;
1300 b2 += b3 + k5;
1301 b3 = rol64(b3, 30) ^ b2;
1302
1303 b5 += k8 + t0;
1304 b4 += b5 + k7;
1305 b5 = rol64(b5, 34) ^ b4;
1306
1307 b7 += k1 + 3;
1308 b6 += b7 + k0 + t1;
1309 b7 = rol64(b7, 24) ^ b6;
1310
1311 b2 += b1;
1312 b1 = rol64(b1, 13) ^ b2;
1313
1314 b4 += b7;
1315 b7 = rol64(b7, 50) ^ b4;
1316
1317 b6 += b5;
1318 b5 = rol64(b5, 10) ^ b6;
1319
1320 b0 += b3;
1321 b3 = rol64(b3, 17) ^ b0;
1322
1323 b4 += b1;
1324 b1 = rol64(b1, 25) ^ b4;
1325
1326 b6 += b3;
1327 b3 = rol64(b3, 29) ^ b6;
1328
1329 b0 += b5;
1330 b5 = rol64(b5, 39) ^ b0;
1331
1332 b2 += b7;
1333 b7 = rol64(b7, 43) ^ b2;
1334
1335 b6 += b1;
1336 b1 = rol64(b1, 8) ^ b6;
1337
1338 b0 += b7;
1339 b7 = rol64(b7, 35) ^ b0;
1340
1341 b2 += b5;
1342 b5 = rol64(b5, 56) ^ b2;
1343
1344 b4 += b3;
1345 b3 = rol64(b3, 22) ^ b4;
1346
1347 b1 += k5;
1348 b0 += b1 + k4;
1349 b1 = rol64(b1, 46) ^ b0;
1350
1351 b3 += k7;
1352 b2 += b3 + k6;
1353 b3 = rol64(b3, 36) ^ b2;
1354
1355 b5 += k0 + t1;
1356 b4 += b5 + k8;
1357 b5 = rol64(b5, 19) ^ b4;
1358
1359 b7 += k2 + 4;
1360 b6 += b7 + k1 + t2;
1361 b7 = rol64(b7, 37) ^ b6;
1362
1363 b2 += b1;
1364 b1 = rol64(b1, 33) ^ b2;
1365
1366 b4 += b7;
1367 b7 = rol64(b7, 27) ^ b4;
1368
1369 b6 += b5;
1370 b5 = rol64(b5, 14) ^ b6;
1371
1372 b0 += b3;
1373 b3 = rol64(b3, 42) ^ b0;
1374
1375 b4 += b1;
1376 b1 = rol64(b1, 17) ^ b4;
1377
1378 b6 += b3;
1379 b3 = rol64(b3, 49) ^ b6;
1380
1381 b0 += b5;
1382 b5 = rol64(b5, 36) ^ b0;
1383
1384 b2 += b7;
1385 b7 = rol64(b7, 39) ^ b2;
1386
1387 b6 += b1;
1388 b1 = rol64(b1, 44) ^ b6;
1389
1390 b0 += b7;
1391 b7 = rol64(b7, 9) ^ b0;
1392
1393 b2 += b5;
1394 b5 = rol64(b5, 54) ^ b2;
1395
1396 b4 += b3;
1397 b3 = rol64(b3, 56) ^ b4;
1398
1399 b1 += k6;
1400 b0 += b1 + k5;
1401 b1 = rol64(b1, 39) ^ b0;
1402
1403 b3 += k8;
1404 b2 += b3 + k7;
1405 b3 = rol64(b3, 30) ^ b2;
1406
1407 b5 += k1 + t2;
1408 b4 += b5 + k0;
1409 b5 = rol64(b5, 34) ^ b4;
1410
1411 b7 += k3 + 5;
1412 b6 += b7 + k2 + t0;
1413 b7 = rol64(b7, 24) ^ b6;
1414
1415 b2 += b1;
1416 b1 = rol64(b1, 13) ^ b2;
1417
1418 b4 += b7;
1419 b7 = rol64(b7, 50) ^ b4;
1420
1421 b6 += b5;
1422 b5 = rol64(b5, 10) ^ b6;
1423
1424 b0 += b3;
1425 b3 = rol64(b3, 17) ^ b0;
1426
1427 b4 += b1;
1428 b1 = rol64(b1, 25) ^ b4;
1429
1430 b6 += b3;
1431 b3 = rol64(b3, 29) ^ b6;
1432
1433 b0 += b5;
1434 b5 = rol64(b5, 39) ^ b0;
1435
1436 b2 += b7;
1437 b7 = rol64(b7, 43) ^ b2;
1438
1439 b6 += b1;
1440 b1 = rol64(b1, 8) ^ b6;
1441
1442 b0 += b7;
1443 b7 = rol64(b7, 35) ^ b0;
1444
1445 b2 += b5;
1446 b5 = rol64(b5, 56) ^ b2;
1447
1448 b4 += b3;
1449 b3 = rol64(b3, 22) ^ b4;
1450
1451 b1 += k7;
1452 b0 += b1 + k6;
1453 b1 = rol64(b1, 46) ^ b0;
1454
1455 b3 += k0;
1456 b2 += b3 + k8;
1457 b3 = rol64(b3, 36) ^ b2;
1458
1459 b5 += k2 + t0;
1460 b4 += b5 + k1;
1461 b5 = rol64(b5, 19) ^ b4;
1462
1463 b7 += k4 + 6;
1464 b6 += b7 + k3 + t1;
1465 b7 = rol64(b7, 37) ^ b6;
1466
1467 b2 += b1;
1468 b1 = rol64(b1, 33) ^ b2;
1469
1470 b4 += b7;
1471 b7 = rol64(b7, 27) ^ b4;
1472
1473 b6 += b5;
1474 b5 = rol64(b5, 14) ^ b6;
1475
1476 b0 += b3;
1477 b3 = rol64(b3, 42) ^ b0;
1478
1479 b4 += b1;
1480 b1 = rol64(b1, 17) ^ b4;
1481
1482 b6 += b3;
1483 b3 = rol64(b3, 49) ^ b6;
1484
1485 b0 += b5;
1486 b5 = rol64(b5, 36) ^ b0;
1487
1488 b2 += b7;
1489 b7 = rol64(b7, 39) ^ b2;
1490
1491 b6 += b1;
1492 b1 = rol64(b1, 44) ^ b6;
1493
1494 b0 += b7;
1495 b7 = rol64(b7, 9) ^ b0;
1496
1497 b2 += b5;
1498 b5 = rol64(b5, 54) ^ b2;
1499
1500 b4 += b3;
1501 b3 = rol64(b3, 56) ^ b4;
1502
1503 b1 += k8;
1504 b0 += b1 + k7;
1505 b1 = rol64(b1, 39) ^ b0;
1506
1507 b3 += k1;
1508 b2 += b3 + k0;
1509 b3 = rol64(b3, 30) ^ b2;
1510
1511 b5 += k3 + t1;
1512 b4 += b5 + k2;
1513 b5 = rol64(b5, 34) ^ b4;
1514
1515 b7 += k5 + 7;
1516 b6 += b7 + k4 + t2;
1517 b7 = rol64(b7, 24) ^ b6;
1518
1519 b2 += b1;
1520 b1 = rol64(b1, 13) ^ b2;
1521
1522 b4 += b7;
1523 b7 = rol64(b7, 50) ^ b4;
1524
1525 b6 += b5;
1526 b5 = rol64(b5, 10) ^ b6;
1527
1528 b0 += b3;
1529 b3 = rol64(b3, 17) ^ b0;
1530
1531 b4 += b1;
1532 b1 = rol64(b1, 25) ^ b4;
1533
1534 b6 += b3;
1535 b3 = rol64(b3, 29) ^ b6;
1536
1537 b0 += b5;
1538 b5 = rol64(b5, 39) ^ b0;
1539
1540 b2 += b7;
1541 b7 = rol64(b7, 43) ^ b2;
1542
1543 b6 += b1;
1544 b1 = rol64(b1, 8) ^ b6;
1545
1546 b0 += b7;
1547 b7 = rol64(b7, 35) ^ b0;
1548
1549 b2 += b5;
1550 b5 = rol64(b5, 56) ^ b2;
1551
1552 b4 += b3;
1553 b3 = rol64(b3, 22) ^ b4;
1554
1555 b1 += k0;
1556 b0 += b1 + k8;
1557 b1 = rol64(b1, 46) ^ b0;
1558
1559 b3 += k2;
1560 b2 += b3 + k1;
1561 b3 = rol64(b3, 36) ^ b2;
1562
1563 b5 += k4 + t2;
1564 b4 += b5 + k3;
1565 b5 = rol64(b5, 19) ^ b4;
1566
1567 b7 += k6 + 8;
1568 b6 += b7 + k5 + t0;
1569 b7 = rol64(b7, 37) ^ b6;
1570
1571 b2 += b1;
1572 b1 = rol64(b1, 33) ^ b2;
1573
1574 b4 += b7;
1575 b7 = rol64(b7, 27) ^ b4;
1576
1577 b6 += b5;
1578 b5 = rol64(b5, 14) ^ b6;
1579
1580 b0 += b3;
1581 b3 = rol64(b3, 42) ^ b0;
1582
1583 b4 += b1;
1584 b1 = rol64(b1, 17) ^ b4;
1585
1586 b6 += b3;
1587 b3 = rol64(b3, 49) ^ b6;
1588
1589 b0 += b5;
1590 b5 = rol64(b5, 36) ^ b0;
1591
1592 b2 += b7;
1593 b7 = rol64(b7, 39) ^ b2;
1594
1595 b6 += b1;
1596 b1 = rol64(b1, 44) ^ b6;
1597
1598 b0 += b7;
1599 b7 = rol64(b7, 9) ^ b0;
1600
1601 b2 += b5;
1602 b5 = rol64(b5, 54) ^ b2;
1603
1604 b4 += b3;
1605 b3 = rol64(b3, 56) ^ b4;
1606
1607 b1 += k1;
1608 b0 += b1 + k0;
1609 b1 = rol64(b1, 39) ^ b0;
1610
1611 b3 += k3;
1612 b2 += b3 + k2;
1613 b3 = rol64(b3, 30) ^ b2;
1614
1615 b5 += k5 + t0;
1616 b4 += b5 + k4;
1617 b5 = rol64(b5, 34) ^ b4;
1618
1619 b7 += k7 + 9;
1620 b6 += b7 + k6 + t1;
1621 b7 = rol64(b7, 24) ^ b6;
1622
1623 b2 += b1;
1624 b1 = rol64(b1, 13) ^ b2;
1625
1626 b4 += b7;
1627 b7 = rol64(b7, 50) ^ b4;
1628
1629 b6 += b5;
1630 b5 = rol64(b5, 10) ^ b6;
1631
1632 b0 += b3;
1633 b3 = rol64(b3, 17) ^ b0;
1634
1635 b4 += b1;
1636 b1 = rol64(b1, 25) ^ b4;
1637
1638 b6 += b3;
1639 b3 = rol64(b3, 29) ^ b6;
1640
1641 b0 += b5;
1642 b5 = rol64(b5, 39) ^ b0;
1643
1644 b2 += b7;
1645 b7 = rol64(b7, 43) ^ b2;
1646
1647 b6 += b1;
1648 b1 = rol64(b1, 8) ^ b6;
1649
1650 b0 += b7;
1651 b7 = rol64(b7, 35) ^ b0;
1652
1653 b2 += b5;
1654 b5 = rol64(b5, 56) ^ b2;
1655
1656 b4 += b3;
1657 b3 = rol64(b3, 22) ^ b4;
1658
1659 b1 += k2;
1660 b0 += b1 + k1;
1661 b1 = rol64(b1, 46) ^ b0;
1662
1663 b3 += k4;
1664 b2 += b3 + k3;
1665 b3 = rol64(b3, 36) ^ b2;
1666
1667 b5 += k6 + t1;
1668 b4 += b5 + k5;
1669 b5 = rol64(b5, 19) ^ b4;
1670
1671 b7 += k8 + 10;
1672 b6 += b7 + k7 + t2;
1673 b7 = rol64(b7, 37) ^ b6;
1674
1675 b2 += b1;
1676 b1 = rol64(b1, 33) ^ b2;
1677
1678 b4 += b7;
1679 b7 = rol64(b7, 27) ^ b4;
1680
1681 b6 += b5;
1682 b5 = rol64(b5, 14) ^ b6;
1683
1684 b0 += b3;
1685 b3 = rol64(b3, 42) ^ b0;
1686
1687 b4 += b1;
1688 b1 = rol64(b1, 17) ^ b4;
1689
1690 b6 += b3;
1691 b3 = rol64(b3, 49) ^ b6;
1692
1693 b0 += b5;
1694 b5 = rol64(b5, 36) ^ b0;
1695
1696 b2 += b7;
1697 b7 = rol64(b7, 39) ^ b2;
1698
1699 b6 += b1;
1700 b1 = rol64(b1, 44) ^ b6;
1701
1702 b0 += b7;
1703 b7 = rol64(b7, 9) ^ b0;
1704
1705 b2 += b5;
1706 b5 = rol64(b5, 54) ^ b2;
1707
1708 b4 += b3;
1709 b3 = rol64(b3, 56) ^ b4;
1710
1711 b1 += k3;
1712 b0 += b1 + k2;
1713 b1 = rol64(b1, 39) ^ b0;
1714
1715 b3 += k5;
1716 b2 += b3 + k4;
1717 b3 = rol64(b3, 30) ^ b2;
1718
1719 b5 += k7 + t2;
1720 b4 += b5 + k6;
1721 b5 = rol64(b5, 34) ^ b4;
1722
1723 b7 += k0 + 11;
1724 b6 += b7 + k8 + t0;
1725 b7 = rol64(b7, 24) ^ b6;
1726
1727 b2 += b1;
1728 b1 = rol64(b1, 13) ^ b2;
1729
1730 b4 += b7;
1731 b7 = rol64(b7, 50) ^ b4;
1732
1733 b6 += b5;
1734 b5 = rol64(b5, 10) ^ b6;
1735
1736 b0 += b3;
1737 b3 = rol64(b3, 17) ^ b0;
1738
1739 b4 += b1;
1740 b1 = rol64(b1, 25) ^ b4;
1741
1742 b6 += b3;
1743 b3 = rol64(b3, 29) ^ b6;
1744
1745 b0 += b5;
1746 b5 = rol64(b5, 39) ^ b0;
1747
1748 b2 += b7;
1749 b7 = rol64(b7, 43) ^ b2;
1750
1751 b6 += b1;
1752 b1 = rol64(b1, 8) ^ b6;
1753
1754 b0 += b7;
1755 b7 = rol64(b7, 35) ^ b0;
1756
1757 b2 += b5;
1758 b5 = rol64(b5, 56) ^ b2;
1759
1760 b4 += b3;
1761 b3 = rol64(b3, 22) ^ b4;
1762
1763 b1 += k4;
1764 b0 += b1 + k3;
1765 b1 = rol64(b1, 46) ^ b0;
1766
1767 b3 += k6;
1768 b2 += b3 + k5;
1769 b3 = rol64(b3, 36) ^ b2;
1770
1771 b5 += k8 + t0;
1772 b4 += b5 + k7;
1773 b5 = rol64(b5, 19) ^ b4;
1774
1775 b7 += k1 + 12;
1776 b6 += b7 + k0 + t1;
1777 b7 = rol64(b7, 37) ^ b6;
1778
1779 b2 += b1;
1780 b1 = rol64(b1, 33) ^ b2;
1781
1782 b4 += b7;
1783 b7 = rol64(b7, 27) ^ b4;
1784
1785 b6 += b5;
1786 b5 = rol64(b5, 14) ^ b6;
1787
1788 b0 += b3;
1789 b3 = rol64(b3, 42) ^ b0;
1790
1791 b4 += b1;
1792 b1 = rol64(b1, 17) ^ b4;
1793
1794 b6 += b3;
1795 b3 = rol64(b3, 49) ^ b6;
1796
1797 b0 += b5;
1798 b5 = rol64(b5, 36) ^ b0;
1799
1800 b2 += b7;
1801 b7 = rol64(b7, 39) ^ b2;
1802
1803 b6 += b1;
1804 b1 = rol64(b1, 44) ^ b6;
1805
1806 b0 += b7;
1807 b7 = rol64(b7, 9) ^ b0;
1808
1809 b2 += b5;
1810 b5 = rol64(b5, 54) ^ b2;
1811
1812 b4 += b3;
1813 b3 = rol64(b3, 56) ^ b4;
1814
1815 b1 += k5;
1816 b0 += b1 + k4;
1817 b1 = rol64(b1, 39) ^ b0;
1818
1819 b3 += k7;
1820 b2 += b3 + k6;
1821 b3 = rol64(b3, 30) ^ b2;
1822
1823 b5 += k0 + t1;
1824 b4 += b5 + k8;
1825 b5 = rol64(b5, 34) ^ b4;
1826
1827 b7 += k2 + 13;
1828 b6 += b7 + k1 + t2;
1829 b7 = rol64(b7, 24) ^ b6;
1830
1831 b2 += b1;
1832 b1 = rol64(b1, 13) ^ b2;
1833
1834 b4 += b7;
1835 b7 = rol64(b7, 50) ^ b4;
1836
1837 b6 += b5;
1838 b5 = rol64(b5, 10) ^ b6;
1839
1840 b0 += b3;
1841 b3 = rol64(b3, 17) ^ b0;
1842
1843 b4 += b1;
1844 b1 = rol64(b1, 25) ^ b4;
1845
1846 b6 += b3;
1847 b3 = rol64(b3, 29) ^ b6;
1848
1849 b0 += b5;
1850 b5 = rol64(b5, 39) ^ b0;
1851
1852 b2 += b7;
1853 b7 = rol64(b7, 43) ^ b2;
1854
1855 b6 += b1;
1856 b1 = rol64(b1, 8) ^ b6;
1857
1858 b0 += b7;
1859 b7 = rol64(b7, 35) ^ b0;
1860
1861 b2 += b5;
1862 b5 = rol64(b5, 56) ^ b2;
1863
1864 b4 += b3;
1865 b3 = rol64(b3, 22) ^ b4;
1866
1867 b1 += k6;
1868 b0 += b1 + k5;
1869 b1 = rol64(b1, 46) ^ b0;
1870
1871 b3 += k8;
1872 b2 += b3 + k7;
1873 b3 = rol64(b3, 36) ^ b2;
1874
1875 b5 += k1 + t2;
1876 b4 += b5 + k0;
1877 b5 = rol64(b5, 19) ^ b4;
1878
1879 b7 += k3 + 14;
1880 b6 += b7 + k2 + t0;
1881 b7 = rol64(b7, 37) ^ b6;
1882
1883 b2 += b1;
1884 b1 = rol64(b1, 33) ^ b2;
1885
1886 b4 += b7;
1887 b7 = rol64(b7, 27) ^ b4;
1888
1889 b6 += b5;
1890 b5 = rol64(b5, 14) ^ b6;
1891
1892 b0 += b3;
1893 b3 = rol64(b3, 42) ^ b0;
1894
1895 b4 += b1;
1896 b1 = rol64(b1, 17) ^ b4;
1897
1898 b6 += b3;
1899 b3 = rol64(b3, 49) ^ b6;
1900
1901 b0 += b5;
1902 b5 = rol64(b5, 36) ^ b0;
1903
1904 b2 += b7;
1905 b7 = rol64(b7, 39) ^ b2;
1906
1907 b6 += b1;
1908 b1 = rol64(b1, 44) ^ b6;
1909
1910 b0 += b7;
1911 b7 = rol64(b7, 9) ^ b0;
1912
1913 b2 += b5;
1914 b5 = rol64(b5, 54) ^ b2;
1915
1916 b4 += b3;
1917 b3 = rol64(b3, 56) ^ b4;
1918
1919 b1 += k7;
1920 b0 += b1 + k6;
1921 b1 = rol64(b1, 39) ^ b0;
1922
1923 b3 += k0;
1924 b2 += b3 + k8;
1925 b3 = rol64(b3, 30) ^ b2;
1926
1927 b5 += k2 + t0;
1928 b4 += b5 + k1;
1929 b5 = rol64(b5, 34) ^ b4;
1930
1931 b7 += k4 + 15;
1932 b6 += b7 + k3 + t1;
1933 b7 = rol64(b7, 24) ^ b6;
1934
1935 b2 += b1;
1936 b1 = rol64(b1, 13) ^ b2;
1937
1938 b4 += b7;
1939 b7 = rol64(b7, 50) ^ b4;
1940
1941 b6 += b5;
1942 b5 = rol64(b5, 10) ^ b6;
1943
1944 b0 += b3;
1945 b3 = rol64(b3, 17) ^ b0;
1946
1947 b4 += b1;
1948 b1 = rol64(b1, 25) ^ b4;
1949
1950 b6 += b3;
1951 b3 = rol64(b3, 29) ^ b6;
1952
1953 b0 += b5;
1954 b5 = rol64(b5, 39) ^ b0;
1955
1956 b2 += b7;
1957 b7 = rol64(b7, 43) ^ b2;
1958
1959 b6 += b1;
1960 b1 = rol64(b1, 8) ^ b6;
1961
1962 b0 += b7;
1963 b7 = rol64(b7, 35) ^ b0;
1964
1965 b2 += b5;
1966 b5 = rol64(b5, 56) ^ b2;
1967
1968 b4 += b3;
1969 b3 = rol64(b3, 22) ^ b4;
1970
1971 b1 += k8;
1972 b0 += b1 + k7;
1973 b1 = rol64(b1, 46) ^ b0;
1974
1975 b3 += k1;
1976 b2 += b3 + k0;
1977 b3 = rol64(b3, 36) ^ b2;
1978
1979 b5 += k3 + t1;
1980 b4 += b5 + k2;
1981 b5 = rol64(b5, 19) ^ b4;
1982
1983 b7 += k5 + 16;
1984 b6 += b7 + k4 + t2;
1985 b7 = rol64(b7, 37) ^ b6;
1986
1987 b2 += b1;
1988 b1 = rol64(b1, 33) ^ b2;
1989
1990 b4 += b7;
1991 b7 = rol64(b7, 27) ^ b4;
1992
1993 b6 += b5;
1994 b5 = rol64(b5, 14) ^ b6;
1995
1996 b0 += b3;
1997 b3 = rol64(b3, 42) ^ b0;
1998
1999 b4 += b1;
2000 b1 = rol64(b1, 17) ^ b4;
2001
2002 b6 += b3;
2003 b3 = rol64(b3, 49) ^ b6;
2004
2005 b0 += b5;
2006 b5 = rol64(b5, 36) ^ b0;
2007
2008 b2 += b7;
2009 b7 = rol64(b7, 39) ^ b2;
2010
2011 b6 += b1;
2012 b1 = rol64(b1, 44) ^ b6;
2013
2014 b0 += b7;
2015 b7 = rol64(b7, 9) ^ b0;
2016
2017 b2 += b5;
2018 b5 = rol64(b5, 54) ^ b2;
2019
2020 b4 += b3;
2021 b3 = rol64(b3, 56) ^ b4;
2022
2023 b1 += k0;
2024 b0 += b1 + k8;
2025 b1 = rol64(b1, 39) ^ b0;
2026
2027 b3 += k2;
2028 b2 += b3 + k1;
2029 b3 = rol64(b3, 30) ^ b2;
2030
2031 b5 += k4 + t2;
2032 b4 += b5 + k3;
2033 b5 = rol64(b5, 34) ^ b4;
2034
2035 b7 += k6 + 17;
2036 b6 += b7 + k5 + t0;
2037 b7 = rol64(b7, 24) ^ b6;
2038
2039 b2 += b1;
2040 b1 = rol64(b1, 13) ^ b2;
2041
2042 b4 += b7;
2043 b7 = rol64(b7, 50) ^ b4;
2044
2045 b6 += b5;
2046 b5 = rol64(b5, 10) ^ b6;
2047
2048 b0 += b3;
2049 b3 = rol64(b3, 17) ^ b0;
2050
2051 b4 += b1;
2052 b1 = rol64(b1, 25) ^ b4;
2053
2054 b6 += b3;
2055 b3 = rol64(b3, 29) ^ b6;
2056
2057 b0 += b5;
2058 b5 = rol64(b5, 39) ^ b0;
2059
2060 b2 += b7;
2061 b7 = rol64(b7, 43) ^ b2;
2062
2063 b6 += b1;
2064 b1 = rol64(b1, 8) ^ b6;
2065
2066 b0 += b7;
2067 b7 = rol64(b7, 35) ^ b0;
2068
2069 b2 += b5;
2070 b5 = rol64(b5, 56) ^ b2;
2071
2072 b4 += b3;
2073 b3 = rol64(b3, 22) ^ b4;
2074
2075 output[0] = b0 + k0;
2076 output[1] = b1 + k1;
2077 output[2] = b2 + k2;
2078 output[3] = b3 + k3;
2079 output[4] = b4 + k4;
2080 output[5] = b5 + k5 + t0;
2081 output[6] = b6 + k6 + t1;
2082 output[7] = b7 + k7 + 18;
2083 }
2084
2085 void threefish_decrypt_512(struct threefish_key *key_ctx, u64 *input,
2086 u64 *output)
2087 {
2088 u64 b0 = input[0], b1 = input[1],
2089 b2 = input[2], b3 = input[3],
2090 b4 = input[4], b5 = input[5],
2091 b6 = input[6], b7 = input[7];
2092 u64 k0 = key_ctx->key[0], k1 = key_ctx->key[1],
2093 k2 = key_ctx->key[2], k3 = key_ctx->key[3],
2094 k4 = key_ctx->key[4], k5 = key_ctx->key[5],
2095 k6 = key_ctx->key[6], k7 = key_ctx->key[7],
2096 k8 = key_ctx->key[8];
2097 u64 t0 = key_ctx->tweak[0], t1 = key_ctx->tweak[1],
2098 t2 = key_ctx->tweak[2];
2099
2100 u64 tmp;
2101
2102 b0 -= k0;
2103 b1 -= k1;
2104 b2 -= k2;
2105 b3 -= k3;
2106 b4 -= k4;
2107 b5 -= k5 + t0;
2108 b6 -= k6 + t1;
2109 b7 -= k7 + 18;
2110
2111 tmp = b3 ^ b4;
2112 b3 = ror64(tmp, 22);
2113 b4 -= b3;
2114
2115 tmp = b5 ^ b2;
2116 b5 = ror64(tmp, 56);
2117 b2 -= b5;
2118
2119 tmp = b7 ^ b0;
2120 b7 = ror64(tmp, 35);
2121 b0 -= b7;
2122
2123 tmp = b1 ^ b6;
2124 b1 = ror64(tmp, 8);
2125 b6 -= b1;
2126
2127 tmp = b7 ^ b2;
2128 b7 = ror64(tmp, 43);
2129 b2 -= b7;
2130
2131 tmp = b5 ^ b0;
2132 b5 = ror64(tmp, 39);
2133 b0 -= b5;
2134
2135 tmp = b3 ^ b6;
2136 b3 = ror64(tmp, 29);
2137 b6 -= b3;
2138
2139 tmp = b1 ^ b4;
2140 b1 = ror64(tmp, 25);
2141 b4 -= b1;
2142
2143 tmp = b3 ^ b0;
2144 b3 = ror64(tmp, 17);
2145 b0 -= b3;
2146
2147 tmp = b5 ^ b6;
2148 b5 = ror64(tmp, 10);
2149 b6 -= b5;
2150
2151 tmp = b7 ^ b4;
2152 b7 = ror64(tmp, 50);
2153 b4 -= b7;
2154
2155 tmp = b1 ^ b2;
2156 b1 = ror64(tmp, 13);
2157 b2 -= b1;
2158
2159 tmp = b7 ^ b6;
2160 b7 = ror64(tmp, 24);
2161 b6 -= b7 + k5 + t0;
2162 b7 -= k6 + 17;
2163
2164 tmp = b5 ^ b4;
2165 b5 = ror64(tmp, 34);
2166 b4 -= b5 + k3;
2167 b5 -= k4 + t2;
2168
2169 tmp = b3 ^ b2;
2170 b3 = ror64(tmp, 30);
2171 b2 -= b3 + k1;
2172 b3 -= k2;
2173
2174 tmp = b1 ^ b0;
2175 b1 = ror64(tmp, 39);
2176 b0 -= b1 + k8;
2177 b1 -= k0;
2178
2179 tmp = b3 ^ b4;
2180 b3 = ror64(tmp, 56);
2181 b4 -= b3;
2182
2183 tmp = b5 ^ b2;
2184 b5 = ror64(tmp, 54);
2185 b2 -= b5;
2186
2187 tmp = b7 ^ b0;
2188 b7 = ror64(tmp, 9);
2189 b0 -= b7;
2190
2191 tmp = b1 ^ b6;
2192 b1 = ror64(tmp, 44);
2193 b6 -= b1;
2194
2195 tmp = b7 ^ b2;
2196 b7 = ror64(tmp, 39);
2197 b2 -= b7;
2198
2199 tmp = b5 ^ b0;
2200 b5 = ror64(tmp, 36);
2201 b0 -= b5;
2202
2203 tmp = b3 ^ b6;
2204 b3 = ror64(tmp, 49);
2205 b6 -= b3;
2206
2207 tmp = b1 ^ b4;
2208 b1 = ror64(tmp, 17);
2209 b4 -= b1;
2210
2211 tmp = b3 ^ b0;
2212 b3 = ror64(tmp, 42);
2213 b0 -= b3;
2214
2215 tmp = b5 ^ b6;
2216 b5 = ror64(tmp, 14);
2217 b6 -= b5;
2218
2219 tmp = b7 ^ b4;
2220 b7 = ror64(tmp, 27);
2221 b4 -= b7;
2222
2223 tmp = b1 ^ b2;
2224 b1 = ror64(tmp, 33);
2225 b2 -= b1;
2226
2227 tmp = b7 ^ b6;
2228 b7 = ror64(tmp, 37);
2229 b6 -= b7 + k4 + t2;
2230 b7 -= k5 + 16;
2231
2232 tmp = b5 ^ b4;
2233 b5 = ror64(tmp, 19);
2234 b4 -= b5 + k2;
2235 b5 -= k3 + t1;
2236
2237 tmp = b3 ^ b2;
2238 b3 = ror64(tmp, 36);
2239 b2 -= b3 + k0;
2240 b3 -= k1;
2241
2242 tmp = b1 ^ b0;
2243 b1 = ror64(tmp, 46);
2244 b0 -= b1 + k7;
2245 b1 -= k8;
2246
2247 tmp = b3 ^ b4;
2248 b3 = ror64(tmp, 22);
2249 b4 -= b3;
2250
2251 tmp = b5 ^ b2;
2252 b5 = ror64(tmp, 56);
2253 b2 -= b5;
2254
2255 tmp = b7 ^ b0;
2256 b7 = ror64(tmp, 35);
2257 b0 -= b7;
2258
2259 tmp = b1 ^ b6;
2260 b1 = ror64(tmp, 8);
2261 b6 -= b1;
2262
2263 tmp = b7 ^ b2;
2264 b7 = ror64(tmp, 43);
2265 b2 -= b7;
2266
2267 tmp = b5 ^ b0;
2268 b5 = ror64(tmp, 39);
2269 b0 -= b5;
2270
2271 tmp = b3 ^ b6;
2272 b3 = ror64(tmp, 29);
2273 b6 -= b3;
2274
2275 tmp = b1 ^ b4;
2276 b1 = ror64(tmp, 25);
2277 b4 -= b1;
2278
2279 tmp = b3 ^ b0;
2280 b3 = ror64(tmp, 17);
2281 b0 -= b3;
2282
2283 tmp = b5 ^ b6;
2284 b5 = ror64(tmp, 10);
2285 b6 -= b5;
2286
2287 tmp = b7 ^ b4;
2288 b7 = ror64(tmp, 50);
2289 b4 -= b7;
2290
2291 tmp = b1 ^ b2;
2292 b1 = ror64(tmp, 13);
2293 b2 -= b1;
2294
2295 tmp = b7 ^ b6;
2296 b7 = ror64(tmp, 24);
2297 b6 -= b7 + k3 + t1;
2298 b7 -= k4 + 15;
2299
2300 tmp = b5 ^ b4;
2301 b5 = ror64(tmp, 34);
2302 b4 -= b5 + k1;
2303 b5 -= k2 + t0;
2304
2305 tmp = b3 ^ b2;
2306 b3 = ror64(tmp, 30);
2307 b2 -= b3 + k8;
2308 b3 -= k0;
2309
2310 tmp = b1 ^ b0;
2311 b1 = ror64(tmp, 39);
2312 b0 -= b1 + k6;
2313 b1 -= k7;
2314
2315 tmp = b3 ^ b4;
2316 b3 = ror64(tmp, 56);
2317 b4 -= b3;
2318
2319 tmp = b5 ^ b2;
2320 b5 = ror64(tmp, 54);
2321 b2 -= b5;
2322
2323 tmp = b7 ^ b0;
2324 b7 = ror64(tmp, 9);
2325 b0 -= b7;
2326
2327 tmp = b1 ^ b6;
2328 b1 = ror64(tmp, 44);
2329 b6 -= b1;
2330
2331 tmp = b7 ^ b2;
2332 b7 = ror64(tmp, 39);
2333 b2 -= b7;
2334
2335 tmp = b5 ^ b0;
2336 b5 = ror64(tmp, 36);
2337 b0 -= b5;
2338
2339 tmp = b3 ^ b6;
2340 b3 = ror64(tmp, 49);
2341 b6 -= b3;
2342
2343 tmp = b1 ^ b4;
2344 b1 = ror64(tmp, 17);
2345 b4 -= b1;
2346
2347 tmp = b3 ^ b0;
2348 b3 = ror64(tmp, 42);
2349 b0 -= b3;
2350
2351 tmp = b5 ^ b6;
2352 b5 = ror64(tmp, 14);
2353 b6 -= b5;
2354
2355 tmp = b7 ^ b4;
2356 b7 = ror64(tmp, 27);
2357 b4 -= b7;
2358
2359 tmp = b1 ^ b2;
2360 b1 = ror64(tmp, 33);
2361 b2 -= b1;
2362
2363 tmp = b7 ^ b6;
2364 b7 = ror64(tmp, 37);
2365 b6 -= b7 + k2 + t0;
2366 b7 -= k3 + 14;
2367
2368 tmp = b5 ^ b4;
2369 b5 = ror64(tmp, 19);
2370 b4 -= b5 + k0;
2371 b5 -= k1 + t2;
2372
2373 tmp = b3 ^ b2;
2374 b3 = ror64(tmp, 36);
2375 b2 -= b3 + k7;
2376 b3 -= k8;
2377
2378 tmp = b1 ^ b0;
2379 b1 = ror64(tmp, 46);
2380 b0 -= b1 + k5;
2381 b1 -= k6;
2382
2383 tmp = b3 ^ b4;
2384 b3 = ror64(tmp, 22);
2385 b4 -= b3;
2386
2387 tmp = b5 ^ b2;
2388 b5 = ror64(tmp, 56);
2389 b2 -= b5;
2390
2391 tmp = b7 ^ b0;
2392 b7 = ror64(tmp, 35);
2393 b0 -= b7;
2394
2395 tmp = b1 ^ b6;
2396 b1 = ror64(tmp, 8);
2397 b6 -= b1;
2398
2399 tmp = b7 ^ b2;
2400 b7 = ror64(tmp, 43);
2401 b2 -= b7;
2402
2403 tmp = b5 ^ b0;
2404 b5 = ror64(tmp, 39);
2405 b0 -= b5;
2406
2407 tmp = b3 ^ b6;
2408 b3 = ror64(tmp, 29);
2409 b6 -= b3;
2410
2411 tmp = b1 ^ b4;
2412 b1 = ror64(tmp, 25);
2413 b4 -= b1;
2414
2415 tmp = b3 ^ b0;
2416 b3 = ror64(tmp, 17);
2417 b0 -= b3;
2418
2419 tmp = b5 ^ b6;
2420 b5 = ror64(tmp, 10);
2421 b6 -= b5;
2422
2423 tmp = b7 ^ b4;
2424 b7 = ror64(tmp, 50);
2425 b4 -= b7;
2426
2427 tmp = b1 ^ b2;
2428 b1 = ror64(tmp, 13);
2429 b2 -= b1;
2430
2431 tmp = b7 ^ b6;
2432 b7 = ror64(tmp, 24);
2433 b6 -= b7 + k1 + t2;
2434 b7 -= k2 + 13;
2435
2436 tmp = b5 ^ b4;
2437 b5 = ror64(tmp, 34);
2438 b4 -= b5 + k8;
2439 b5 -= k0 + t1;
2440
2441 tmp = b3 ^ b2;
2442 b3 = ror64(tmp, 30);
2443 b2 -= b3 + k6;
2444 b3 -= k7;
2445
2446 tmp = b1 ^ b0;
2447 b1 = ror64(tmp, 39);
2448 b0 -= b1 + k4;
2449 b1 -= k5;
2450
2451 tmp = b3 ^ b4;
2452 b3 = ror64(tmp, 56);
2453 b4 -= b3;
2454
2455 tmp = b5 ^ b2;
2456 b5 = ror64(tmp, 54);
2457 b2 -= b5;
2458
2459 tmp = b7 ^ b0;
2460 b7 = ror64(tmp, 9);
2461 b0 -= b7;
2462
2463 tmp = b1 ^ b6;
2464 b1 = ror64(tmp, 44);
2465 b6 -= b1;
2466
2467 tmp = b7 ^ b2;
2468 b7 = ror64(tmp, 39);
2469 b2 -= b7;
2470
2471 tmp = b5 ^ b0;
2472 b5 = ror64(tmp, 36);
2473 b0 -= b5;
2474
2475 tmp = b3 ^ b6;
2476 b3 = ror64(tmp, 49);
2477 b6 -= b3;
2478
2479 tmp = b1 ^ b4;
2480 b1 = ror64(tmp, 17);
2481 b4 -= b1;
2482
2483 tmp = b3 ^ b0;
2484 b3 = ror64(tmp, 42);
2485 b0 -= b3;
2486
2487 tmp = b5 ^ b6;
2488 b5 = ror64(tmp, 14);
2489 b6 -= b5;
2490
2491 tmp = b7 ^ b4;
2492 b7 = ror64(tmp, 27);
2493 b4 -= b7;
2494
2495 tmp = b1 ^ b2;
2496 b1 = ror64(tmp, 33);
2497 b2 -= b1;
2498
2499 tmp = b7 ^ b6;
2500 b7 = ror64(tmp, 37);
2501 b6 -= b7 + k0 + t1;
2502 b7 -= k1 + 12;
2503
2504 tmp = b5 ^ b4;
2505 b5 = ror64(tmp, 19);
2506 b4 -= b5 + k7;
2507 b5 -= k8 + t0;
2508
2509 tmp = b3 ^ b2;
2510 b3 = ror64(tmp, 36);
2511 b2 -= b3 + k5;
2512 b3 -= k6;
2513
2514 tmp = b1 ^ b0;
2515 b1 = ror64(tmp, 46);
2516 b0 -= b1 + k3;
2517 b1 -= k4;
2518
2519 tmp = b3 ^ b4;
2520 b3 = ror64(tmp, 22);
2521 b4 -= b3;
2522
2523 tmp = b5 ^ b2;
2524 b5 = ror64(tmp, 56);
2525 b2 -= b5;
2526
2527 tmp = b7 ^ b0;
2528 b7 = ror64(tmp, 35);
2529 b0 -= b7;
2530
2531 tmp = b1 ^ b6;
2532 b1 = ror64(tmp, 8);
2533 b6 -= b1;
2534
2535 tmp = b7 ^ b2;
2536 b7 = ror64(tmp, 43);
2537 b2 -= b7;
2538
2539 tmp = b5 ^ b0;
2540 b5 = ror64(tmp, 39);
2541 b0 -= b5;
2542
2543 tmp = b3 ^ b6;
2544 b3 = ror64(tmp, 29);
2545 b6 -= b3;
2546
2547 tmp = b1 ^ b4;
2548 b1 = ror64(tmp, 25);
2549 b4 -= b1;
2550
2551 tmp = b3 ^ b0;
2552 b3 = ror64(tmp, 17);
2553 b0 -= b3;
2554
2555 tmp = b5 ^ b6;
2556 b5 = ror64(tmp, 10);
2557 b6 -= b5;
2558
2559 tmp = b7 ^ b4;
2560 b7 = ror64(tmp, 50);
2561 b4 -= b7;
2562
2563 tmp = b1 ^ b2;
2564 b1 = ror64(tmp, 13);
2565 b2 -= b1;
2566
2567 tmp = b7 ^ b6;
2568 b7 = ror64(tmp, 24);
2569 b6 -= b7 + k8 + t0;
2570 b7 -= k0 + 11;
2571
2572 tmp = b5 ^ b4;
2573 b5 = ror64(tmp, 34);
2574 b4 -= b5 + k6;
2575 b5 -= k7 + t2;
2576
2577 tmp = b3 ^ b2;
2578 b3 = ror64(tmp, 30);
2579 b2 -= b3 + k4;
2580 b3 -= k5;
2581
2582 tmp = b1 ^ b0;
2583 b1 = ror64(tmp, 39);
2584 b0 -= b1 + k2;
2585 b1 -= k3;
2586
2587 tmp = b3 ^ b4;
2588 b3 = ror64(tmp, 56);
2589 b4 -= b3;
2590
2591 tmp = b5 ^ b2;
2592 b5 = ror64(tmp, 54);
2593 b2 -= b5;
2594
2595 tmp = b7 ^ b0;
2596 b7 = ror64(tmp, 9);
2597 b0 -= b7;
2598
2599 tmp = b1 ^ b6;
2600 b1 = ror64(tmp, 44);
2601 b6 -= b1;
2602
2603 tmp = b7 ^ b2;
2604 b7 = ror64(tmp, 39);
2605 b2 -= b7;
2606
2607 tmp = b5 ^ b0;
2608 b5 = ror64(tmp, 36);
2609 b0 -= b5;
2610
2611 tmp = b3 ^ b6;
2612 b3 = ror64(tmp, 49);
2613 b6 -= b3;
2614
2615 tmp = b1 ^ b4;
2616 b1 = ror64(tmp, 17);
2617 b4 -= b1;
2618
2619 tmp = b3 ^ b0;
2620 b3 = ror64(tmp, 42);
2621 b0 -= b3;
2622
2623 tmp = b5 ^ b6;
2624 b5 = ror64(tmp, 14);
2625 b6 -= b5;
2626
2627 tmp = b7 ^ b4;
2628 b7 = ror64(tmp, 27);
2629 b4 -= b7;
2630
2631 tmp = b1 ^ b2;
2632 b1 = ror64(tmp, 33);
2633 b2 -= b1;
2634
2635 tmp = b7 ^ b6;
2636 b7 = ror64(tmp, 37);
2637 b6 -= b7 + k7 + t2;
2638 b7 -= k8 + 10;
2639
2640 tmp = b5 ^ b4;
2641 b5 = ror64(tmp, 19);
2642 b4 -= b5 + k5;
2643 b5 -= k6 + t1;
2644
2645 tmp = b3 ^ b2;
2646 b3 = ror64(tmp, 36);
2647 b2 -= b3 + k3;
2648 b3 -= k4;
2649
2650 tmp = b1 ^ b0;
2651 b1 = ror64(tmp, 46);
2652 b0 -= b1 + k1;
2653 b1 -= k2;
2654
2655 tmp = b3 ^ b4;
2656 b3 = ror64(tmp, 22);
2657 b4 -= b3;
2658
2659 tmp = b5 ^ b2;
2660 b5 = ror64(tmp, 56);
2661 b2 -= b5;
2662
2663 tmp = b7 ^ b0;
2664 b7 = ror64(tmp, 35);
2665 b0 -= b7;
2666
2667 tmp = b1 ^ b6;
2668 b1 = ror64(tmp, 8);
2669 b6 -= b1;
2670
2671 tmp = b7 ^ b2;
2672 b7 = ror64(tmp, 43);
2673 b2 -= b7;
2674
2675 tmp = b5 ^ b0;
2676 b5 = ror64(tmp, 39);
2677 b0 -= b5;
2678
2679 tmp = b3 ^ b6;
2680 b3 = ror64(tmp, 29);
2681 b6 -= b3;
2682
2683 tmp = b1 ^ b4;
2684 b1 = ror64(tmp, 25);
2685 b4 -= b1;
2686
2687 tmp = b3 ^ b0;
2688 b3 = ror64(tmp, 17);
2689 b0 -= b3;
2690
2691 tmp = b5 ^ b6;
2692 b5 = ror64(tmp, 10);
2693 b6 -= b5;
2694
2695 tmp = b7 ^ b4;
2696 b7 = ror64(tmp, 50);
2697 b4 -= b7;
2698
2699 tmp = b1 ^ b2;
2700 b1 = ror64(tmp, 13);
2701 b2 -= b1;
2702
2703 tmp = b7 ^ b6;
2704 b7 = ror64(tmp, 24);
2705 b6 -= b7 + k6 + t1;
2706 b7 -= k7 + 9;
2707
2708 tmp = b5 ^ b4;
2709 b5 = ror64(tmp, 34);
2710 b4 -= b5 + k4;
2711 b5 -= k5 + t0;
2712
2713 tmp = b3 ^ b2;
2714 b3 = ror64(tmp, 30);
2715 b2 -= b3 + k2;
2716 b3 -= k3;
2717
2718 tmp = b1 ^ b0;
2719 b1 = ror64(tmp, 39);
2720 b0 -= b1 + k0;
2721 b1 -= k1;
2722
2723 tmp = b3 ^ b4;
2724 b3 = ror64(tmp, 56);
2725 b4 -= b3;
2726
2727 tmp = b5 ^ b2;
2728 b5 = ror64(tmp, 54);
2729 b2 -= b5;
2730
2731 tmp = b7 ^ b0;
2732 b7 = ror64(tmp, 9);
2733 b0 -= b7;
2734
2735 tmp = b1 ^ b6;
2736 b1 = ror64(tmp, 44);
2737 b6 -= b1;
2738
2739 tmp = b7 ^ b2;
2740 b7 = ror64(tmp, 39);
2741 b2 -= b7;
2742
2743 tmp = b5 ^ b0;
2744 b5 = ror64(tmp, 36);
2745 b0 -= b5;
2746
2747 tmp = b3 ^ b6;
2748 b3 = ror64(tmp, 49);
2749 b6 -= b3;
2750
2751 tmp = b1 ^ b4;
2752 b1 = ror64(tmp, 17);
2753 b4 -= b1;
2754
2755 tmp = b3 ^ b0;
2756 b3 = ror64(tmp, 42);
2757 b0 -= b3;
2758
2759 tmp = b5 ^ b6;
2760 b5 = ror64(tmp, 14);
2761 b6 -= b5;
2762
2763 tmp = b7 ^ b4;
2764 b7 = ror64(tmp, 27);
2765 b4 -= b7;
2766
2767 tmp = b1 ^ b2;
2768 b1 = ror64(tmp, 33);
2769 b2 -= b1;
2770
2771 tmp = b7 ^ b6;
2772 b7 = ror64(tmp, 37);
2773 b6 -= b7 + k5 + t0;
2774 b7 -= k6 + 8;
2775
2776 tmp = b5 ^ b4;
2777 b5 = ror64(tmp, 19);
2778 b4 -= b5 + k3;
2779 b5 -= k4 + t2;
2780
2781 tmp = b3 ^ b2;
2782 b3 = ror64(tmp, 36);
2783 b2 -= b3 + k1;
2784 b3 -= k2;
2785
2786 tmp = b1 ^ b0;
2787 b1 = ror64(tmp, 46);
2788 b0 -= b1 + k8;
2789 b1 -= k0;
2790
2791 tmp = b3 ^ b4;
2792 b3 = ror64(tmp, 22);
2793 b4 -= b3;
2794
2795 tmp = b5 ^ b2;
2796 b5 = ror64(tmp, 56);
2797 b2 -= b5;
2798
2799 tmp = b7 ^ b0;
2800 b7 = ror64(tmp, 35);
2801 b0 -= b7;
2802
2803 tmp = b1 ^ b6;
2804 b1 = ror64(tmp, 8);
2805 b6 -= b1;
2806
2807 tmp = b7 ^ b2;
2808 b7 = ror64(tmp, 43);
2809 b2 -= b7;
2810
2811 tmp = b5 ^ b0;
2812 b5 = ror64(tmp, 39);
2813 b0 -= b5;
2814
2815 tmp = b3 ^ b6;
2816 b3 = ror64(tmp, 29);
2817 b6 -= b3;
2818
2819 tmp = b1 ^ b4;
2820 b1 = ror64(tmp, 25);
2821 b4 -= b1;
2822
2823 tmp = b3 ^ b0;
2824 b3 = ror64(tmp, 17);
2825 b0 -= b3;
2826
2827 tmp = b5 ^ b6;
2828 b5 = ror64(tmp, 10);
2829 b6 -= b5;
2830
2831 tmp = b7 ^ b4;
2832 b7 = ror64(tmp, 50);
2833 b4 -= b7;
2834
2835 tmp = b1 ^ b2;
2836 b1 = ror64(tmp, 13);
2837 b2 -= b1;
2838
2839 tmp = b7 ^ b6;
2840 b7 = ror64(tmp, 24);
2841 b6 -= b7 + k4 + t2;
2842 b7 -= k5 + 7;
2843
2844 tmp = b5 ^ b4;
2845 b5 = ror64(tmp, 34);
2846 b4 -= b5 + k2;
2847 b5 -= k3 + t1;
2848
2849 tmp = b3 ^ b2;
2850 b3 = ror64(tmp, 30);
2851 b2 -= b3 + k0;
2852 b3 -= k1;
2853
2854 tmp = b1 ^ b0;
2855 b1 = ror64(tmp, 39);
2856 b0 -= b1 + k7;
2857 b1 -= k8;
2858
2859 tmp = b3 ^ b4;
2860 b3 = ror64(tmp, 56);
2861 b4 -= b3;
2862
2863 tmp = b5 ^ b2;
2864 b5 = ror64(tmp, 54);
2865 b2 -= b5;
2866
2867 tmp = b7 ^ b0;
2868 b7 = ror64(tmp, 9);
2869 b0 -= b7;
2870
2871 tmp = b1 ^ b6;
2872 b1 = ror64(tmp, 44);
2873 b6 -= b1;
2874
2875 tmp = b7 ^ b2;
2876 b7 = ror64(tmp, 39);
2877 b2 -= b7;
2878
2879 tmp = b5 ^ b0;
2880 b5 = ror64(tmp, 36);
2881 b0 -= b5;
2882
2883 tmp = b3 ^ b6;
2884 b3 = ror64(tmp, 49);
2885 b6 -= b3;
2886
2887 tmp = b1 ^ b4;
2888 b1 = ror64(tmp, 17);
2889 b4 -= b1;
2890
2891 tmp = b3 ^ b0;
2892 b3 = ror64(tmp, 42);
2893 b0 -= b3;
2894
2895 tmp = b5 ^ b6;
2896 b5 = ror64(tmp, 14);
2897 b6 -= b5;
2898
2899 tmp = b7 ^ b4;
2900 b7 = ror64(tmp, 27);
2901 b4 -= b7;
2902
2903 tmp = b1 ^ b2;
2904 b1 = ror64(tmp, 33);
2905 b2 -= b1;
2906
2907 tmp = b7 ^ b6;
2908 b7 = ror64(tmp, 37);
2909 b6 -= b7 + k3 + t1;
2910 b7 -= k4 + 6;
2911
2912 tmp = b5 ^ b4;
2913 b5 = ror64(tmp, 19);
2914 b4 -= b5 + k1;
2915 b5 -= k2 + t0;
2916
2917 tmp = b3 ^ b2;
2918 b3 = ror64(tmp, 36);
2919 b2 -= b3 + k8;
2920 b3 -= k0;
2921
2922 tmp = b1 ^ b0;
2923 b1 = ror64(tmp, 46);
2924 b0 -= b1 + k6;
2925 b1 -= k7;
2926
2927 tmp = b3 ^ b4;
2928 b3 = ror64(tmp, 22);
2929 b4 -= b3;
2930
2931 tmp = b5 ^ b2;
2932 b5 = ror64(tmp, 56);
2933 b2 -= b5;
2934
2935 tmp = b7 ^ b0;
2936 b7 = ror64(tmp, 35);
2937 b0 -= b7;
2938
2939 tmp = b1 ^ b6;
2940 b1 = ror64(tmp, 8);
2941 b6 -= b1;
2942
2943 tmp = b7 ^ b2;
2944 b7 = ror64(tmp, 43);
2945 b2 -= b7;
2946
2947 tmp = b5 ^ b0;
2948 b5 = ror64(tmp, 39);
2949 b0 -= b5;
2950
2951 tmp = b3 ^ b6;
2952 b3 = ror64(tmp, 29);
2953 b6 -= b3;
2954
2955 tmp = b1 ^ b4;
2956 b1 = ror64(tmp, 25);
2957 b4 -= b1;
2958
2959 tmp = b3 ^ b0;
2960 b3 = ror64(tmp, 17);
2961 b0 -= b3;
2962
2963 tmp = b5 ^ b6;
2964 b5 = ror64(tmp, 10);
2965 b6 -= b5;
2966
2967 tmp = b7 ^ b4;
2968 b7 = ror64(tmp, 50);
2969 b4 -= b7;
2970
2971 tmp = b1 ^ b2;
2972 b1 = ror64(tmp, 13);
2973 b2 -= b1;
2974
2975 tmp = b7 ^ b6;
2976 b7 = ror64(tmp, 24);
2977 b6 -= b7 + k2 + t0;
2978 b7 -= k3 + 5;
2979
2980 tmp = b5 ^ b4;
2981 b5 = ror64(tmp, 34);
2982 b4 -= b5 + k0;
2983 b5 -= k1 + t2;
2984
2985 tmp = b3 ^ b2;
2986 b3 = ror64(tmp, 30);
2987 b2 -= b3 + k7;
2988 b3 -= k8;
2989
2990 tmp = b1 ^ b0;
2991 b1 = ror64(tmp, 39);
2992 b0 -= b1 + k5;
2993 b1 -= k6;
2994
2995 tmp = b3 ^ b4;
2996 b3 = ror64(tmp, 56);
2997 b4 -= b3;
2998
2999 tmp = b5 ^ b2;
3000 b5 = ror64(tmp, 54);
3001 b2 -= b5;
3002
3003 tmp = b7 ^ b0;
3004 b7 = ror64(tmp, 9);
3005 b0 -= b7;
3006
3007 tmp = b1 ^ b6;
3008 b1 = ror64(tmp, 44);
3009 b6 -= b1;
3010
3011 tmp = b7 ^ b2;
3012 b7 = ror64(tmp, 39);
3013 b2 -= b7;
3014
3015 tmp = b5 ^ b0;
3016 b5 = ror64(tmp, 36);
3017 b0 -= b5;
3018
3019 tmp = b3 ^ b6;
3020 b3 = ror64(tmp, 49);
3021 b6 -= b3;
3022
3023 tmp = b1 ^ b4;
3024 b1 = ror64(tmp, 17);
3025 b4 -= b1;
3026
3027 tmp = b3 ^ b0;
3028 b3 = ror64(tmp, 42);
3029 b0 -= b3;
3030
3031 tmp = b5 ^ b6;
3032 b5 = ror64(tmp, 14);
3033 b6 -= b5;
3034
3035 tmp = b7 ^ b4;
3036 b7 = ror64(tmp, 27);
3037 b4 -= b7;
3038
3039 tmp = b1 ^ b2;
3040 b1 = ror64(tmp, 33);
3041 b2 -= b1;
3042
3043 tmp = b7 ^ b6;
3044 b7 = ror64(tmp, 37);
3045 b6 -= b7 + k1 + t2;
3046 b7 -= k2 + 4;
3047
3048 tmp = b5 ^ b4;
3049 b5 = ror64(tmp, 19);
3050 b4 -= b5 + k8;
3051 b5 -= k0 + t1;
3052
3053 tmp = b3 ^ b2;
3054 b3 = ror64(tmp, 36);
3055 b2 -= b3 + k6;
3056 b3 -= k7;
3057
3058 tmp = b1 ^ b0;
3059 b1 = ror64(tmp, 46);
3060 b0 -= b1 + k4;
3061 b1 -= k5;
3062
3063 tmp = b3 ^ b4;
3064 b3 = ror64(tmp, 22);
3065 b4 -= b3;
3066
3067 tmp = b5 ^ b2;
3068 b5 = ror64(tmp, 56);
3069 b2 -= b5;
3070
3071 tmp = b7 ^ b0;
3072 b7 = ror64(tmp, 35);
3073 b0 -= b7;
3074
3075 tmp = b1 ^ b6;
3076 b1 = ror64(tmp, 8);
3077 b6 -= b1;
3078
3079 tmp = b7 ^ b2;
3080 b7 = ror64(tmp, 43);
3081 b2 -= b7;
3082
3083 tmp = b5 ^ b0;
3084 b5 = ror64(tmp, 39);
3085 b0 -= b5;
3086
3087 tmp = b3 ^ b6;
3088 b3 = ror64(tmp, 29);
3089 b6 -= b3;
3090
3091 tmp = b1 ^ b4;
3092 b1 = ror64(tmp, 25);
3093 b4 -= b1;
3094
3095 tmp = b3 ^ b0;
3096 b3 = ror64(tmp, 17);
3097 b0 -= b3;
3098
3099 tmp = b5 ^ b6;
3100 b5 = ror64(tmp, 10);
3101 b6 -= b5;
3102
3103 tmp = b7 ^ b4;
3104 b7 = ror64(tmp, 50);
3105 b4 -= b7;
3106
3107 tmp = b1 ^ b2;
3108 b1 = ror64(tmp, 13);
3109 b2 -= b1;
3110
3111 tmp = b7 ^ b6;
3112 b7 = ror64(tmp, 24);
3113 b6 -= b7 + k0 + t1;
3114 b7 -= k1 + 3;
3115
3116 tmp = b5 ^ b4;
3117 b5 = ror64(tmp, 34);
3118 b4 -= b5 + k7;
3119 b5 -= k8 + t0;
3120
3121 tmp = b3 ^ b2;
3122 b3 = ror64(tmp, 30);
3123 b2 -= b3 + k5;
3124 b3 -= k6;
3125
3126 tmp = b1 ^ b0;
3127 b1 = ror64(tmp, 39);
3128 b0 -= b1 + k3;
3129 b1 -= k4;
3130
3131 tmp = b3 ^ b4;
3132 b3 = ror64(tmp, 56);
3133 b4 -= b3;
3134
3135 tmp = b5 ^ b2;
3136 b5 = ror64(tmp, 54);
3137 b2 -= b5;
3138
3139 tmp = b7 ^ b0;
3140 b7 = ror64(tmp, 9);
3141 b0 -= b7;
3142
3143 tmp = b1 ^ b6;
3144 b1 = ror64(tmp, 44);
3145 b6 -= b1;
3146
3147 tmp = b7 ^ b2;
3148 b7 = ror64(tmp, 39);
3149 b2 -= b7;
3150
3151 tmp = b5 ^ b0;
3152 b5 = ror64(tmp, 36);
3153 b0 -= b5;
3154
3155 tmp = b3 ^ b6;
3156 b3 = ror64(tmp, 49);
3157 b6 -= b3;
3158
3159 tmp = b1 ^ b4;
3160 b1 = ror64(tmp, 17);
3161 b4 -= b1;
3162
3163 tmp = b3 ^ b0;
3164 b3 = ror64(tmp, 42);
3165 b0 -= b3;
3166
3167 tmp = b5 ^ b6;
3168 b5 = ror64(tmp, 14);
3169 b6 -= b5;
3170
3171 tmp = b7 ^ b4;
3172 b7 = ror64(tmp, 27);
3173 b4 -= b7;
3174
3175 tmp = b1 ^ b2;
3176 b1 = ror64(tmp, 33);
3177 b2 -= b1;
3178
3179 tmp = b7 ^ b6;
3180 b7 = ror64(tmp, 37);
3181 b6 -= b7 + k8 + t0;
3182 b7 -= k0 + 2;
3183
3184 tmp = b5 ^ b4;
3185 b5 = ror64(tmp, 19);
3186 b4 -= b5 + k6;
3187 b5 -= k7 + t2;
3188
3189 tmp = b3 ^ b2;
3190 b3 = ror64(tmp, 36);
3191 b2 -= b3 + k4;
3192 b3 -= k5;
3193
3194 tmp = b1 ^ b0;
3195 b1 = ror64(tmp, 46);
3196 b0 -= b1 + k2;
3197 b1 -= k3;
3198
3199 tmp = b3 ^ b4;
3200 b3 = ror64(tmp, 22);
3201 b4 -= b3;
3202
3203 tmp = b5 ^ b2;
3204 b5 = ror64(tmp, 56);
3205 b2 -= b5;
3206
3207 tmp = b7 ^ b0;
3208 b7 = ror64(tmp, 35);
3209 b0 -= b7;
3210
3211 tmp = b1 ^ b6;
3212 b1 = ror64(tmp, 8);
3213 b6 -= b1;
3214
3215 tmp = b7 ^ b2;
3216 b7 = ror64(tmp, 43);
3217 b2 -= b7;
3218
3219 tmp = b5 ^ b0;
3220 b5 = ror64(tmp, 39);
3221 b0 -= b5;
3222
3223 tmp = b3 ^ b6;
3224 b3 = ror64(tmp, 29);
3225 b6 -= b3;
3226
3227 tmp = b1 ^ b4;
3228 b1 = ror64(tmp, 25);
3229 b4 -= b1;
3230
3231 tmp = b3 ^ b0;
3232 b3 = ror64(tmp, 17);
3233 b0 -= b3;
3234
3235 tmp = b5 ^ b6;
3236 b5 = ror64(tmp, 10);
3237 b6 -= b5;
3238
3239 tmp = b7 ^ b4;
3240 b7 = ror64(tmp, 50);
3241 b4 -= b7;
3242
3243 tmp = b1 ^ b2;
3244 b1 = ror64(tmp, 13);
3245 b2 -= b1;
3246
3247 tmp = b7 ^ b6;
3248 b7 = ror64(tmp, 24);
3249 b6 -= b7 + k7 + t2;
3250 b7 -= k8 + 1;
3251
3252 tmp = b5 ^ b4;
3253 b5 = ror64(tmp, 34);
3254 b4 -= b5 + k5;
3255 b5 -= k6 + t1;
3256
3257 tmp = b3 ^ b2;
3258 b3 = ror64(tmp, 30);
3259 b2 -= b3 + k3;
3260 b3 -= k4;
3261
3262 tmp = b1 ^ b0;
3263 b1 = ror64(tmp, 39);
3264 b0 -= b1 + k1;
3265 b1 -= k2;
3266
3267 tmp = b3 ^ b4;
3268 b3 = ror64(tmp, 56);
3269 b4 -= b3;
3270
3271 tmp = b5 ^ b2;
3272 b5 = ror64(tmp, 54);
3273 b2 -= b5;
3274
3275 tmp = b7 ^ b0;
3276 b7 = ror64(tmp, 9);
3277 b0 -= b7;
3278
3279 tmp = b1 ^ b6;
3280 b1 = ror64(tmp, 44);
3281 b6 -= b1;
3282
3283 tmp = b7 ^ b2;
3284 b7 = ror64(tmp, 39);
3285 b2 -= b7;
3286
3287 tmp = b5 ^ b0;
3288 b5 = ror64(tmp, 36);
3289 b0 -= b5;
3290
3291 tmp = b3 ^ b6;
3292 b3 = ror64(tmp, 49);
3293 b6 -= b3;
3294
3295 tmp = b1 ^ b4;
3296 b1 = ror64(tmp, 17);
3297 b4 -= b1;
3298
3299 tmp = b3 ^ b0;
3300 b3 = ror64(tmp, 42);
3301 b0 -= b3;
3302
3303 tmp = b5 ^ b6;
3304 b5 = ror64(tmp, 14);
3305 b6 -= b5;
3306
3307 tmp = b7 ^ b4;
3308 b7 = ror64(tmp, 27);
3309 b4 -= b7;
3310
3311 tmp = b1 ^ b2;
3312 b1 = ror64(tmp, 33);
3313 b2 -= b1;
3314
3315 tmp = b7 ^ b6;
3316 b7 = ror64(tmp, 37);
3317 b6 -= b7 + k6 + t1;
3318 b7 -= k7;
3319
3320 tmp = b5 ^ b4;
3321 b5 = ror64(tmp, 19);
3322 b4 -= b5 + k4;
3323 b5 -= k5 + t0;
3324
3325 tmp = b3 ^ b2;
3326 b3 = ror64(tmp, 36);
3327 b2 -= b3 + k2;
3328 b3 -= k3;
3329
3330 tmp = b1 ^ b0;
3331 b1 = ror64(tmp, 46);
3332 b0 -= b1 + k0;
3333 b1 -= k1;
3334
3335 output[0] = b0;
3336 output[1] = b1;
3337 output[2] = b2;
3338 output[3] = b3;
3339
3340 output[7] = b7;
3341 output[6] = b6;
3342 output[5] = b5;
3343 output[4] = b4;
3344 }
3345
3346 void threefish_encrypt_1024(struct threefish_key *key_ctx, u64 *input,
3347 u64 *output)
3348 {
3349 u64 b0 = input[0], b1 = input[1],
3350 b2 = input[2], b3 = input[3],
3351 b4 = input[4], b5 = input[5],
3352 b6 = input[6], b7 = input[7],
3353 b8 = input[8], b9 = input[9],
3354 b10 = input[10], b11 = input[11],
3355 b12 = input[12], b13 = input[13],
3356 b14 = input[14], b15 = input[15];
3357 u64 k0 = key_ctx->key[0], k1 = key_ctx->key[1],
3358 k2 = key_ctx->key[2], k3 = key_ctx->key[3],
3359 k4 = key_ctx->key[4], k5 = key_ctx->key[5],
3360 k6 = key_ctx->key[6], k7 = key_ctx->key[7],
3361 k8 = key_ctx->key[8], k9 = key_ctx->key[9],
3362 k10 = key_ctx->key[10], k11 = key_ctx->key[11],
3363 k12 = key_ctx->key[12], k13 = key_ctx->key[13],
3364 k14 = key_ctx->key[14], k15 = key_ctx->key[15],
3365 k16 = key_ctx->key[16];
3366 u64 t0 = key_ctx->tweak[0], t1 = key_ctx->tweak[1],
3367 t2 = key_ctx->tweak[2];
3368
3369 b1 += k1;
3370 b0 += b1 + k0;
3371 b1 = rol64(b1, 24) ^ b0;
3372
3373 b3 += k3;
3374 b2 += b3 + k2;
3375 b3 = rol64(b3, 13) ^ b2;
3376
3377 b5 += k5;
3378 b4 += b5 + k4;
3379 b5 = rol64(b5, 8) ^ b4;
3380
3381 b7 += k7;
3382 b6 += b7 + k6;
3383 b7 = rol64(b7, 47) ^ b6;
3384
3385 b9 += k9;
3386 b8 += b9 + k8;
3387 b9 = rol64(b9, 8) ^ b8;
3388
3389 b11 += k11;
3390 b10 += b11 + k10;
3391 b11 = rol64(b11, 17) ^ b10;
3392
3393 b13 += k13 + t0;
3394 b12 += b13 + k12;
3395 b13 = rol64(b13, 22) ^ b12;
3396
3397 b15 += k15;
3398 b14 += b15 + k14 + t1;
3399 b15 = rol64(b15, 37) ^ b14;
3400
3401 b0 += b9;
3402 b9 = rol64(b9, 38) ^ b0;
3403
3404 b2 += b13;
3405 b13 = rol64(b13, 19) ^ b2;
3406
3407 b6 += b11;
3408 b11 = rol64(b11, 10) ^ b6;
3409
3410 b4 += b15;
3411 b15 = rol64(b15, 55) ^ b4;
3412
3413 b10 += b7;
3414 b7 = rol64(b7, 49) ^ b10;
3415
3416 b12 += b3;
3417 b3 = rol64(b3, 18) ^ b12;
3418
3419 b14 += b5;
3420 b5 = rol64(b5, 23) ^ b14;
3421
3422 b8 += b1;
3423 b1 = rol64(b1, 52) ^ b8;
3424
3425 b0 += b7;
3426 b7 = rol64(b7, 33) ^ b0;
3427
3428 b2 += b5;
3429 b5 = rol64(b5, 4) ^ b2;
3430
3431 b4 += b3;
3432 b3 = rol64(b3, 51) ^ b4;
3433
3434 b6 += b1;
3435 b1 = rol64(b1, 13) ^ b6;
3436
3437 b12 += b15;
3438 b15 = rol64(b15, 34) ^ b12;
3439
3440 b14 += b13;
3441 b13 = rol64(b13, 41) ^ b14;
3442
3443 b8 += b11;
3444 b11 = rol64(b11, 59) ^ b8;
3445
3446 b10 += b9;
3447 b9 = rol64(b9, 17) ^ b10;
3448
3449 b0 += b15;
3450 b15 = rol64(b15, 5) ^ b0;
3451
3452 b2 += b11;
3453 b11 = rol64(b11, 20) ^ b2;
3454
3455 b6 += b13;
3456 b13 = rol64(b13, 48) ^ b6;
3457
3458 b4 += b9;
3459 b9 = rol64(b9, 41) ^ b4;
3460
3461 b14 += b1;
3462 b1 = rol64(b1, 47) ^ b14;
3463
3464 b8 += b5;
3465 b5 = rol64(b5, 28) ^ b8;
3466
3467 b10 += b3;
3468 b3 = rol64(b3, 16) ^ b10;
3469
3470 b12 += b7;
3471 b7 = rol64(b7, 25) ^ b12;
3472
3473 b1 += k2;
3474 b0 += b1 + k1;
3475 b1 = rol64(b1, 41) ^ b0;
3476
3477 b3 += k4;
3478 b2 += b3 + k3;
3479 b3 = rol64(b3, 9) ^ b2;
3480
3481 b5 += k6;
3482 b4 += b5 + k5;
3483 b5 = rol64(b5, 37) ^ b4;
3484
3485 b7 += k8;
3486 b6 += b7 + k7;
3487 b7 = rol64(b7, 31) ^ b6;
3488
3489 b9 += k10;
3490 b8 += b9 + k9;
3491 b9 = rol64(b9, 12) ^ b8;
3492
3493 b11 += k12;
3494 b10 += b11 + k11;
3495 b11 = rol64(b11, 47) ^ b10;
3496
3497 b13 += k14 + t1;
3498 b12 += b13 + k13;
3499 b13 = rol64(b13, 44) ^ b12;
3500
3501 b15 += k16 + 1;
3502 b14 += b15 + k15 + t2;
3503 b15 = rol64(b15, 30) ^ b14;
3504
3505 b0 += b9;
3506 b9 = rol64(b9, 16) ^ b0;
3507
3508 b2 += b13;
3509 b13 = rol64(b13, 34) ^ b2;
3510
3511 b6 += b11;
3512 b11 = rol64(b11, 56) ^ b6;
3513
3514 b4 += b15;
3515 b15 = rol64(b15, 51) ^ b4;
3516
3517 b10 += b7;
3518 b7 = rol64(b7, 4) ^ b10;
3519
3520 b12 += b3;
3521 b3 = rol64(b3, 53) ^ b12;
3522
3523 b14 += b5;
3524 b5 = rol64(b5, 42) ^ b14;
3525
3526 b8 += b1;
3527 b1 = rol64(b1, 41) ^ b8;
3528
3529 b0 += b7;
3530 b7 = rol64(b7, 31) ^ b0;
3531
3532 b2 += b5;
3533 b5 = rol64(b5, 44) ^ b2;
3534
3535 b4 += b3;
3536 b3 = rol64(b3, 47) ^ b4;
3537
3538 b6 += b1;
3539 b1 = rol64(b1, 46) ^ b6;
3540
3541 b12 += b15;
3542 b15 = rol64(b15, 19) ^ b12;
3543
3544 b14 += b13;
3545 b13 = rol64(b13, 42) ^ b14;
3546
3547 b8 += b11;
3548 b11 = rol64(b11, 44) ^ b8;
3549
3550 b10 += b9;
3551 b9 = rol64(b9, 25) ^ b10;
3552
3553 b0 += b15;
3554 b15 = rol64(b15, 9) ^ b0;
3555
3556 b2 += b11;
3557 b11 = rol64(b11, 48) ^ b2;
3558
3559 b6 += b13;
3560 b13 = rol64(b13, 35) ^ b6;
3561
3562 b4 += b9;
3563 b9 = rol64(b9, 52) ^ b4;
3564
3565 b14 += b1;
3566 b1 = rol64(b1, 23) ^ b14;
3567
3568 b8 += b5;
3569 b5 = rol64(b5, 31) ^ b8;
3570
3571 b10 += b3;
3572 b3 = rol64(b3, 37) ^ b10;
3573
3574 b12 += b7;
3575 b7 = rol64(b7, 20) ^ b12;
3576
3577 b1 += k3;
3578 b0 += b1 + k2;
3579 b1 = rol64(b1, 24) ^ b0;
3580
3581 b3 += k5;
3582 b2 += b3 + k4;
3583 b3 = rol64(b3, 13) ^ b2;
3584
3585 b5 += k7;
3586 b4 += b5 + k6;
3587 b5 = rol64(b5, 8) ^ b4;
3588
3589 b7 += k9;
3590 b6 += b7 + k8;
3591 b7 = rol64(b7, 47) ^ b6;
3592
3593 b9 += k11;
3594 b8 += b9 + k10;
3595 b9 = rol64(b9, 8) ^ b8;
3596
3597 b11 += k13;
3598 b10 += b11 + k12;
3599 b11 = rol64(b11, 17) ^ b10;
3600
3601 b13 += k15 + t2;
3602 b12 += b13 + k14;
3603 b13 = rol64(b13, 22) ^ b12;
3604
3605 b15 += k0 + 2;
3606 b14 += b15 + k16 + t0;
3607 b15 = rol64(b15, 37) ^ b14;
3608
3609 b0 += b9;
3610 b9 = rol64(b9, 38) ^ b0;
3611
3612 b2 += b13;
3613 b13 = rol64(b13, 19) ^ b2;
3614
3615 b6 += b11;
3616 b11 = rol64(b11, 10) ^ b6;
3617
3618 b4 += b15;
3619 b15 = rol64(b15, 55) ^ b4;
3620
3621 b10 += b7;
3622 b7 = rol64(b7, 49) ^ b10;
3623
3624 b12 += b3;
3625 b3 = rol64(b3, 18) ^ b12;
3626
3627 b14 += b5;
3628 b5 = rol64(b5, 23) ^ b14;
3629
3630 b8 += b1;
3631 b1 = rol64(b1, 52) ^ b8;
3632
3633 b0 += b7;
3634 b7 = rol64(b7, 33) ^ b0;
3635
3636 b2 += b5;
3637 b5 = rol64(b5, 4) ^ b2;
3638
3639 b4 += b3;
3640 b3 = rol64(b3, 51) ^ b4;
3641
3642 b6 += b1;
3643 b1 = rol64(b1, 13) ^ b6;
3644
3645 b12 += b15;
3646 b15 = rol64(b15, 34) ^ b12;
3647
3648 b14 += b13;
3649 b13 = rol64(b13, 41) ^ b14;
3650
3651 b8 += b11;
3652 b11 = rol64(b11, 59) ^ b8;
3653
3654 b10 += b9;
3655 b9 = rol64(b9, 17) ^ b10;
3656
3657 b0 += b15;
3658 b15 = rol64(b15, 5) ^ b0;
3659
3660 b2 += b11;
3661 b11 = rol64(b11, 20) ^ b2;
3662
3663 b6 += b13;
3664 b13 = rol64(b13, 48) ^ b6;
3665
3666 b4 += b9;
3667 b9 = rol64(b9, 41) ^ b4;
3668
3669 b14 += b1;
3670 b1 = rol64(b1, 47) ^ b14;
3671
3672 b8 += b5;
3673 b5 = rol64(b5, 28) ^ b8;
3674
3675 b10 += b3;
3676 b3 = rol64(b3, 16) ^ b10;
3677
3678 b12 += b7;
3679 b7 = rol64(b7, 25) ^ b12;
3680
3681 b1 += k4;
3682 b0 += b1 + k3;
3683 b1 = rol64(b1, 41) ^ b0;
3684
3685 b3 += k6;
3686 b2 += b3 + k5;
3687 b3 = rol64(b3, 9) ^ b2;
3688
3689 b5 += k8;
3690 b4 += b5 + k7;
3691 b5 = rol64(b5, 37) ^ b4;
3692
3693 b7 += k10;
3694 b6 += b7 + k9;
3695 b7 = rol64(b7, 31) ^ b6;
3696
3697 b9 += k12;
3698 b8 += b9 + k11;
3699 b9 = rol64(b9, 12) ^ b8;
3700
3701 b11 += k14;
3702 b10 += b11 + k13;
3703 b11 = rol64(b11, 47) ^ b10;
3704
3705 b13 += k16 + t0;
3706 b12 += b13 + k15;
3707 b13 = rol64(b13, 44) ^ b12;
3708
3709 b15 += k1 + 3;
3710 b14 += b15 + k0 + t1;
3711 b15 = rol64(b15, 30) ^ b14;
3712
3713 b0 += b9;
3714 b9 = rol64(b9, 16) ^ b0;
3715
3716 b2 += b13;
3717 b13 = rol64(b13, 34) ^ b2;
3718
3719 b6 += b11;
3720 b11 = rol64(b11, 56) ^ b6;
3721
3722 b4 += b15;
3723 b15 = rol64(b15, 51) ^ b4;
3724
3725 b10 += b7;
3726 b7 = rol64(b7, 4) ^ b10;
3727
3728 b12 += b3;
3729 b3 = rol64(b3, 53) ^ b12;
3730
3731 b14 += b5;
3732 b5 = rol64(b5, 42) ^ b14;
3733
3734 b8 += b1;
3735 b1 = rol64(b1, 41) ^ b8;
3736
3737 b0 += b7;
3738 b7 = rol64(b7, 31) ^ b0;
3739
3740 b2 += b5;
3741 b5 = rol64(b5, 44) ^ b2;
3742
3743 b4 += b3;
3744 b3 = rol64(b3, 47) ^ b4;
3745
3746 b6 += b1;
3747 b1 = rol64(b1, 46) ^ b6;
3748
3749 b12 += b15;
3750 b15 = rol64(b15, 19) ^ b12;
3751
3752 b14 += b13;
3753 b13 = rol64(b13, 42) ^ b14;
3754
3755 b8 += b11;
3756 b11 = rol64(b11, 44) ^ b8;
3757
3758 b10 += b9;
3759 b9 = rol64(b9, 25) ^ b10;
3760
3761 b0 += b15;
3762 b15 = rol64(b15, 9) ^ b0;
3763
3764 b2 += b11;
3765 b11 = rol64(b11, 48) ^ b2;
3766
3767 b6 += b13;
3768 b13 = rol64(b13, 35) ^ b6;
3769
3770 b4 += b9;
3771 b9 = rol64(b9, 52) ^ b4;
3772
3773 b14 += b1;
3774 b1 = rol64(b1, 23) ^ b14;
3775
3776 b8 += b5;
3777 b5 = rol64(b5, 31) ^ b8;
3778
3779 b10 += b3;
3780 b3 = rol64(b3, 37) ^ b10;
3781
3782 b12 += b7;
3783 b7 = rol64(b7, 20) ^ b12;
3784
3785 b1 += k5;
3786 b0 += b1 + k4;
3787 b1 = rol64(b1, 24) ^ b0;
3788
3789 b3 += k7;
3790 b2 += b3 + k6;
3791 b3 = rol64(b3, 13) ^ b2;
3792
3793 b5 += k9;
3794 b4 += b5 + k8;
3795 b5 = rol64(b5, 8) ^ b4;
3796
3797 b7 += k11;
3798 b6 += b7 + k10;
3799 b7 = rol64(b7, 47) ^ b6;
3800
3801 b9 += k13;
3802 b8 += b9 + k12;
3803 b9 = rol64(b9, 8) ^ b8;
3804
3805 b11 += k15;
3806 b10 += b11 + k14;
3807 b11 = rol64(b11, 17) ^ b10;
3808
3809 b13 += k0 + t1;
3810 b12 += b13 + k16;
3811 b13 = rol64(b13, 22) ^ b12;
3812
3813 b15 += k2 + 4;
3814 b14 += b15 + k1 + t2;
3815 b15 = rol64(b15, 37) ^ b14;
3816
3817 b0 += b9;
3818 b9 = rol64(b9, 38) ^ b0;
3819
3820 b2 += b13;
3821 b13 = rol64(b13, 19) ^ b2;
3822
3823 b6 += b11;
3824 b11 = rol64(b11, 10) ^ b6;
3825
3826 b4 += b15;
3827 b15 = rol64(b15, 55) ^ b4;
3828
3829 b10 += b7;
3830 b7 = rol64(b7, 49) ^ b10;
3831
3832 b12 += b3;
3833 b3 = rol64(b3, 18) ^ b12;
3834
3835 b14 += b5;
3836 b5 = rol64(b5, 23) ^ b14;
3837
3838 b8 += b1;
3839 b1 = rol64(b1, 52) ^ b8;
3840
3841 b0 += b7;
3842 b7 = rol64(b7, 33) ^ b0;
3843
3844 b2 += b5;
3845 b5 = rol64(b5, 4) ^ b2;
3846
3847 b4 += b3;
3848 b3 = rol64(b3, 51) ^ b4;
3849
3850 b6 += b1;
3851 b1 = rol64(b1, 13) ^ b6;
3852
3853 b12 += b15;
3854 b15 = rol64(b15, 34) ^ b12;
3855
3856 b14 += b13;
3857 b13 = rol64(b13, 41) ^ b14;
3858
3859 b8 += b11;
3860 b11 = rol64(b11, 59) ^ b8;
3861
3862 b10 += b9;
3863 b9 = rol64(b9, 17) ^ b10;
3864
3865 b0 += b15;
3866 b15 = rol64(b15, 5) ^ b0;
3867
3868 b2 += b11;
3869 b11 = rol64(b11, 20) ^ b2;
3870
3871 b6 += b13;
3872 b13 = rol64(b13, 48) ^ b6;
3873
3874 b4 += b9;
3875 b9 = rol64(b9, 41) ^ b4;
3876
3877 b14 += b1;
3878 b1 = rol64(b1, 47) ^ b14;
3879
3880 b8 += b5;
3881 b5 = rol64(b5, 28) ^ b8;
3882
3883 b10 += b3;
3884 b3 = rol64(b3, 16) ^ b10;
3885
3886 b12 += b7;
3887 b7 = rol64(b7, 25) ^ b12;
3888
3889 b1 += k6;
3890 b0 += b1 + k5;
3891 b1 = rol64(b1, 41) ^ b0;
3892
3893 b3 += k8;
3894 b2 += b3 + k7;
3895 b3 = rol64(b3, 9) ^ b2;
3896
3897 b5 += k10;
3898 b4 += b5 + k9;
3899 b5 = rol64(b5, 37) ^ b4;
3900
3901 b7 += k12;
3902 b6 += b7 + k11;
3903 b7 = rol64(b7, 31) ^ b6;
3904
3905 b9 += k14;
3906 b8 += b9 + k13;
3907 b9 = rol64(b9, 12) ^ b8;
3908
3909 b11 += k16;
3910 b10 += b11 + k15;
3911 b11 = rol64(b11, 47) ^ b10;
3912
3913 b13 += k1 + t2;
3914 b12 += b13 + k0;
3915 b13 = rol64(b13, 44) ^ b12;
3916
3917 b15 += k3 + 5;
3918 b14 += b15 + k2 + t0;
3919 b15 = rol64(b15, 30) ^ b14;
3920
3921 b0 += b9;
3922 b9 = rol64(b9, 16) ^ b0;
3923
3924 b2 += b13;
3925 b13 = rol64(b13, 34) ^ b2;
3926
3927 b6 += b11;
3928 b11 = rol64(b11, 56) ^ b6;
3929
3930 b4 += b15;
3931 b15 = rol64(b15, 51) ^ b4;
3932
3933 b10 += b7;
3934 b7 = rol64(b7, 4) ^ b10;
3935
3936 b12 += b3;
3937 b3 = rol64(b3, 53) ^ b12;
3938
3939 b14 += b5;
3940 b5 = rol64(b5, 42) ^ b14;
3941
3942 b8 += b1;
3943 b1 = rol64(b1, 41) ^ b8;
3944
3945 b0 += b7;
3946 b7 = rol64(b7, 31) ^ b0;
3947
3948 b2 += b5;
3949 b5 = rol64(b5, 44) ^ b2;
3950
3951 b4 += b3;
3952 b3 = rol64(b3, 47) ^ b4;
3953
3954 b6 += b1;
3955 b1 = rol64(b1, 46) ^ b6;
3956
3957 b12 += b15;
3958 b15 = rol64(b15, 19) ^ b12;
3959
3960 b14 += b13;
3961 b13 = rol64(b13, 42) ^ b14;
3962
3963 b8 += b11;
3964 b11 = rol64(b11, 44) ^ b8;
3965
3966 b10 += b9;
3967 b9 = rol64(b9, 25) ^ b10;
3968
3969 b0 += b15;
3970 b15 = rol64(b15, 9) ^ b0;
3971
3972 b2 += b11;
3973 b11 = rol64(b11, 48) ^ b2;
3974
3975 b6 += b13;
3976 b13 = rol64(b13, 35) ^ b6;
3977
3978 b4 += b9;
3979 b9 = rol64(b9, 52) ^ b4;
3980
3981 b14 += b1;
3982 b1 = rol64(b1, 23) ^ b14;
3983
3984 b8 += b5;
3985 b5 = rol64(b5, 31) ^ b8;
3986
3987 b10 += b3;
3988 b3 = rol64(b3, 37) ^ b10;
3989
3990 b12 += b7;
3991 b7 = rol64(b7, 20) ^ b12;
3992
3993 b1 += k7;
3994 b0 += b1 + k6;
3995 b1 = rol64(b1, 24) ^ b0;
3996
3997 b3 += k9;
3998 b2 += b3 + k8;
3999 b3 = rol64(b3, 13) ^ b2;
4000
4001 b5 += k11;
4002 b4 += b5 + k10;
4003 b5 = rol64(b5, 8) ^ b4;
4004
4005 b7 += k13;
4006 b6 += b7 + k12;
4007 b7 = rol64(b7, 47) ^ b6;
4008
4009 b9 += k15;
4010 b8 += b9 + k14;
4011 b9 = rol64(b9, 8) ^ b8;
4012
4013 b11 += k0;
4014 b10 += b11 + k16;
4015 b11 = rol64(b11, 17) ^ b10;
4016
4017 b13 += k2 + t0;
4018 b12 += b13 + k1;
4019 b13 = rol64(b13, 22) ^ b12;
4020
4021 b15 += k4 + 6;
4022 b14 += b15 + k3 + t1;
4023 b15 = rol64(b15, 37) ^ b14;
4024
4025 b0 += b9;
4026 b9 = rol64(b9, 38) ^ b0;
4027
4028 b2 += b13;
4029 b13 = rol64(b13, 19) ^ b2;
4030
4031 b6 += b11;
4032 b11 = rol64(b11, 10) ^ b6;
4033
4034 b4 += b15;
4035 b15 = rol64(b15, 55) ^ b4;
4036
4037 b10 += b7;
4038 b7 = rol64(b7, 49) ^ b10;
4039
4040 b12 += b3;
4041 b3 = rol64(b3, 18) ^ b12;
4042
4043 b14 += b5;
4044 b5 = rol64(b5, 23) ^ b14;
4045
4046 b8 += b1;
4047 b1 = rol64(b1, 52) ^ b8;
4048
4049 b0 += b7;
4050 b7 = rol64(b7, 33) ^ b0;
4051
4052 b2 += b5;
4053 b5 = rol64(b5, 4) ^ b2;
4054
4055 b4 += b3;
4056 b3 = rol64(b3, 51) ^ b4;
4057
4058 b6 += b1;
4059 b1 = rol64(b1, 13) ^ b6;
4060
4061 b12 += b15;
4062 b15 = rol64(b15, 34) ^ b12;
4063
4064 b14 += b13;
4065 b13 = rol64(b13, 41) ^ b14;
4066
4067 b8 += b11;
4068 b11 = rol64(b11, 59) ^ b8;
4069
4070 b10 += b9;
4071 b9 = rol64(b9, 17) ^ b10;
4072
4073 b0 += b15;
4074 b15 = rol64(b15, 5) ^ b0;
4075
4076 b2 += b11;
4077 b11 = rol64(b11, 20) ^ b2;
4078
4079 b6 += b13;
4080 b13 = rol64(b13, 48) ^ b6;
4081
4082 b4 += b9;
4083 b9 = rol64(b9, 41) ^ b4;
4084
4085 b14 += b1;
4086 b1 = rol64(b1, 47) ^ b14;
4087
4088 b8 += b5;
4089 b5 = rol64(b5, 28) ^ b8;
4090
4091 b10 += b3;
4092 b3 = rol64(b3, 16) ^ b10;
4093
4094 b12 += b7;
4095 b7 = rol64(b7, 25) ^ b12;
4096
4097 b1 += k8;
4098 b0 += b1 + k7;
4099 b1 = rol64(b1, 41) ^ b0;
4100
4101 b3 += k10;
4102 b2 += b3 + k9;
4103 b3 = rol64(b3, 9) ^ b2;
4104
4105 b5 += k12;
4106 b4 += b5 + k11;
4107 b5 = rol64(b5, 37) ^ b4;
4108
4109 b7 += k14;
4110 b6 += b7 + k13;
4111 b7 = rol64(b7, 31) ^ b6;
4112
4113 b9 += k16;
4114 b8 += b9 + k15;
4115 b9 = rol64(b9, 12) ^ b8;
4116
4117 b11 += k1;
4118 b10 += b11 + k0;
4119 b11 = rol64(b11, 47) ^ b10;
4120
4121 b13 += k3 + t1;
4122 b12 += b13 + k2;
4123 b13 = rol64(b13, 44) ^ b12;
4124
4125 b15 += k5 + 7;
4126 b14 += b15 + k4 + t2;
4127 b15 = rol64(b15, 30) ^ b14;
4128
4129 b0 += b9;
4130 b9 = rol64(b9, 16) ^ b0;
4131
4132 b2 += b13;
4133 b13 = rol64(b13, 34) ^ b2;
4134
4135 b6 += b11;
4136 b11 = rol64(b11, 56) ^ b6;
4137
4138 b4 += b15;
4139 b15 = rol64(b15, 51) ^ b4;
4140
4141 b10 += b7;
4142 b7 = rol64(b7, 4) ^ b10;
4143
4144 b12 += b3;
4145 b3 = rol64(b3, 53) ^ b12;
4146
4147 b14 += b5;
4148 b5 = rol64(b5, 42) ^ b14;
4149
4150 b8 += b1;
4151 b1 = rol64(b1, 41) ^ b8;
4152
4153 b0 += b7;
4154 b7 = rol64(b7, 31) ^ b0;
4155
4156 b2 += b5;
4157 b5 = rol64(b5, 44) ^ b2;
4158
4159 b4 += b3;
4160 b3 = rol64(b3, 47) ^ b4;
4161
4162 b6 += b1;
4163 b1 = rol64(b1, 46) ^ b6;
4164
4165 b12 += b15;
4166 b15 = rol64(b15, 19) ^ b12;
4167
4168 b14 += b13;
4169 b13 = rol64(b13, 42) ^ b14;
4170
4171 b8 += b11;
4172 b11 = rol64(b11, 44) ^ b8;
4173
4174 b10 += b9;
4175 b9 = rol64(b9, 25) ^ b10;
4176
4177 b0 += b15;
4178 b15 = rol64(b15, 9) ^ b0;
4179
4180 b2 += b11;
4181 b11 = rol64(b11, 48) ^ b2;
4182
4183 b6 += b13;
4184 b13 = rol64(b13, 35) ^ b6;
4185
4186 b4 += b9;
4187 b9 = rol64(b9, 52) ^ b4;
4188
4189 b14 += b1;
4190 b1 = rol64(b1, 23) ^ b14;
4191
4192 b8 += b5;
4193 b5 = rol64(b5, 31) ^ b8;
4194
4195 b10 += b3;
4196 b3 = rol64(b3, 37) ^ b10;
4197
4198 b12 += b7;
4199 b7 = rol64(b7, 20) ^ b12;
4200
4201 b1 += k9;
4202 b0 += b1 + k8;
4203 b1 = rol64(b1, 24) ^ b0;
4204
4205 b3 += k11;
4206 b2 += b3 + k10;
4207 b3 = rol64(b3, 13) ^ b2;
4208
4209 b5 += k13;
4210 b4 += b5 + k12;
4211 b5 = rol64(b5, 8) ^ b4;
4212
4213 b7 += k15;
4214 b6 += b7 + k14;
4215 b7 = rol64(b7, 47) ^ b6;
4216
4217 b9 += k0;
4218 b8 += b9 + k16;
4219 b9 = rol64(b9, 8) ^ b8;
4220
4221 b11 += k2;
4222 b10 += b11 + k1;
4223 b11 = rol64(b11, 17) ^ b10;
4224
4225 b13 += k4 + t2;
4226 b12 += b13 + k3;
4227 b13 = rol64(b13, 22) ^ b12;
4228
4229 b15 += k6 + 8;
4230 b14 += b15 + k5 + t0;
4231 b15 = rol64(b15, 37) ^ b14;
4232
4233 b0 += b9;
4234 b9 = rol64(b9, 38) ^ b0;
4235
4236 b2 += b13;
4237 b13 = rol64(b13, 19) ^ b2;
4238
4239 b6 += b11;
4240 b11 = rol64(b11, 10) ^ b6;
4241
4242 b4 += b15;
4243 b15 = rol64(b15, 55) ^ b4;
4244
4245 b10 += b7;
4246 b7 = rol64(b7, 49) ^ b10;
4247
4248 b12 += b3;
4249 b3 = rol64(b3, 18) ^ b12;
4250
4251 b14 += b5;
4252 b5 = rol64(b5, 23) ^ b14;
4253
4254 b8 += b1;
4255 b1 = rol64(b1, 52) ^ b8;
4256
4257 b0 += b7;
4258 b7 = rol64(b7, 33) ^ b0;
4259
4260 b2 += b5;
4261 b5 = rol64(b5, 4) ^ b2;
4262
4263 b4 += b3;
4264 b3 = rol64(b3, 51) ^ b4;
4265
4266 b6 += b1;
4267 b1 = rol64(b1, 13) ^ b6;
4268
4269 b12 += b15;
4270 b15 = rol64(b15, 34) ^ b12;
4271
4272 b14 += b13;
4273 b13 = rol64(b13, 41) ^ b14;
4274
4275 b8 += b11;
4276 b11 = rol64(b11, 59) ^ b8;
4277
4278 b10 += b9;
4279 b9 = rol64(b9, 17) ^ b10;
4280
4281 b0 += b15;
4282 b15 = rol64(b15, 5) ^ b0;
4283
4284 b2 += b11;
4285 b11 = rol64(b11, 20) ^ b2;
4286
4287 b6 += b13;
4288 b13 = rol64(b13, 48) ^ b6;
4289
4290 b4 += b9;
4291 b9 = rol64(b9, 41) ^ b4;
4292
4293 b14 += b1;
4294 b1 = rol64(b1, 47) ^ b14;
4295
4296 b8 += b5;
4297 b5 = rol64(b5, 28) ^ b8;
4298
4299 b10 += b3;
4300 b3 = rol64(b3, 16) ^ b10;
4301
4302 b12 += b7;
4303 b7 = rol64(b7, 25) ^ b12;
4304
4305 b1 += k10;
4306 b0 += b1 + k9;
4307 b1 = rol64(b1, 41) ^ b0;
4308
4309 b3 += k12;
4310 b2 += b3 + k11;
4311 b3 = rol64(b3, 9) ^ b2;
4312
4313 b5 += k14;
4314 b4 += b5 + k13;
4315 b5 = rol64(b5, 37) ^ b4;
4316
4317 b7 += k16;
4318 b6 += b7 + k15;
4319 b7 = rol64(b7, 31) ^ b6;
4320
4321 b9 += k1;
4322 b8 += b9 + k0;
4323 b9 = rol64(b9, 12) ^ b8;
4324
4325 b11 += k3;
4326 b10 += b11 + k2;
4327 b11 = rol64(b11, 47) ^ b10;
4328
4329 b13 += k5 + t0;
4330 b12 += b13 + k4;
4331 b13 = rol64(b13, 44) ^ b12;
4332
4333 b15 += k7 + 9;
4334 b14 += b15 + k6 + t1;
4335 b15 = rol64(b15, 30) ^ b14;
4336
4337 b0 += b9;
4338 b9 = rol64(b9, 16) ^ b0;
4339
4340 b2 += b13;
4341 b13 = rol64(b13, 34) ^ b2;
4342
4343 b6 += b11;
4344 b11 = rol64(b11, 56) ^ b6;
4345
4346 b4 += b15;
4347 b15 = rol64(b15, 51) ^ b4;
4348
4349 b10 += b7;
4350 b7 = rol64(b7, 4) ^ b10;
4351
4352 b12 += b3;
4353 b3 = rol64(b3, 53) ^ b12;
4354
4355 b14 += b5;
4356 b5 = rol64(b5, 42) ^ b14;
4357
4358 b8 += b1;
4359 b1 = rol64(b1, 41) ^ b8;
4360
4361 b0 += b7;
4362 b7 = rol64(b7, 31) ^ b0;
4363
4364 b2 += b5;
4365 b5 = rol64(b5, 44) ^ b2;
4366
4367 b4 += b3;
4368 b3 = rol64(b3, 47) ^ b4;
4369
4370 b6 += b1;
4371 b1 = rol64(b1, 46) ^ b6;
4372
4373 b12 += b15;
4374 b15 = rol64(b15, 19) ^ b12;
4375
4376 b14 += b13;
4377 b13 = rol64(b13, 42) ^ b14;
4378
4379 b8 += b11;
4380 b11 = rol64(b11, 44) ^ b8;
4381
4382 b10 += b9;
4383 b9 = rol64(b9, 25) ^ b10;
4384
4385 b0 += b15;
4386 b15 = rol64(b15, 9) ^ b0;
4387
4388 b2 += b11;
4389 b11 = rol64(b11, 48) ^ b2;
4390
4391 b6 += b13;
4392 b13 = rol64(b13, 35) ^ b6;
4393
4394 b4 += b9;
4395 b9 = rol64(b9, 52) ^ b4;
4396
4397 b14 += b1;
4398 b1 = rol64(b1, 23) ^ b14;
4399
4400 b8 += b5;
4401 b5 = rol64(b5, 31) ^ b8;
4402
4403 b10 += b3;
4404 b3 = rol64(b3, 37) ^ b10;
4405
4406 b12 += b7;
4407 b7 = rol64(b7, 20) ^ b12;
4408
4409 b1 += k11;
4410 b0 += b1 + k10;
4411 b1 = rol64(b1, 24) ^ b0;
4412
4413 b3 += k13;
4414 b2 += b3 + k12;
4415 b3 = rol64(b3, 13) ^ b2;
4416
4417 b5 += k15;
4418 b4 += b5 + k14;
4419 b5 = rol64(b5, 8) ^ b4;
4420
4421 b7 += k0;
4422 b6 += b7 + k16;
4423 b7 = rol64(b7, 47) ^ b6;
4424
4425 b9 += k2;
4426 b8 += b9 + k1;
4427 b9 = rol64(b9, 8) ^ b8;
4428
4429 b11 += k4;
4430 b10 += b11 + k3;
4431 b11 = rol64(b11, 17) ^ b10;
4432
4433 b13 += k6 + t1;
4434 b12 += b13 + k5;
4435 b13 = rol64(b13, 22) ^ b12;
4436
4437 b15 += k8 + 10;
4438 b14 += b15 + k7 + t2;
4439 b15 = rol64(b15, 37) ^ b14;
4440
4441 b0 += b9;
4442 b9 = rol64(b9, 38) ^ b0;
4443
4444 b2 += b13;
4445 b13 = rol64(b13, 19) ^ b2;
4446
4447 b6 += b11;
4448 b11 = rol64(b11, 10) ^ b6;
4449
4450 b4 += b15;
4451 b15 = rol64(b15, 55) ^ b4;
4452
4453 b10 += b7;
4454 b7 = rol64(b7, 49) ^ b10;
4455
4456 b12 += b3;
4457 b3 = rol64(b3, 18) ^ b12;
4458
4459 b14 += b5;
4460 b5 = rol64(b5, 23) ^ b14;
4461
4462 b8 += b1;
4463 b1 = rol64(b1, 52) ^ b8;
4464
4465 b0 += b7;
4466 b7 = rol64(b7, 33) ^ b0;
4467
4468 b2 += b5;
4469 b5 = rol64(b5, 4) ^ b2;
4470
4471 b4 += b3;
4472 b3 = rol64(b3, 51) ^ b4;
4473
4474 b6 += b1;
4475 b1 = rol64(b1, 13) ^ b6;
4476
4477 b12 += b15;
4478 b15 = rol64(b15, 34) ^ b12;
4479
4480 b14 += b13;
4481 b13 = rol64(b13, 41) ^ b14;
4482
4483 b8 += b11;
4484 b11 = rol64(b11, 59) ^ b8;
4485
4486 b10 += b9;
4487 b9 = rol64(b9, 17) ^ b10;
4488
4489 b0 += b15;
4490 b15 = rol64(b15, 5) ^ b0;
4491
4492 b2 += b11;
4493 b11 = rol64(b11, 20) ^ b2;
4494
4495 b6 += b13;
4496 b13 = rol64(b13, 48) ^ b6;
4497
4498 b4 += b9;
4499 b9 = rol64(b9, 41) ^ b4;
4500
4501 b14 += b1;
4502 b1 = rol64(b1, 47) ^ b14;
4503
4504 b8 += b5;
4505 b5 = rol64(b5, 28) ^ b8;
4506
4507 b10 += b3;
4508 b3 = rol64(b3, 16) ^ b10;
4509
4510 b12 += b7;
4511 b7 = rol64(b7, 25) ^ b12;
4512
4513 b1 += k12;
4514 b0 += b1 + k11;
4515 b1 = rol64(b1, 41) ^ b0;
4516
4517 b3 += k14;
4518 b2 += b3 + k13;
4519 b3 = rol64(b3, 9) ^ b2;
4520
4521 b5 += k16;
4522 b4 += b5 + k15;
4523 b5 = rol64(b5, 37) ^ b4;
4524
4525 b7 += k1;
4526 b6 += b7 + k0;
4527 b7 = rol64(b7, 31) ^ b6;
4528
4529 b9 += k3;
4530 b8 += b9 + k2;
4531 b9 = rol64(b9, 12) ^ b8;
4532
4533 b11 += k5;
4534 b10 += b11 + k4;
4535 b11 = rol64(b11, 47) ^ b10;
4536
4537 b13 += k7 + t2;
4538 b12 += b13 + k6;
4539 b13 = rol64(b13, 44) ^ b12;
4540
4541 b15 += k9 + 11;
4542 b14 += b15 + k8 + t0;
4543 b15 = rol64(b15, 30) ^ b14;
4544
4545 b0 += b9;
4546 b9 = rol64(b9, 16) ^ b0;
4547
4548 b2 += b13;
4549 b13 = rol64(b13, 34) ^ b2;
4550
4551 b6 += b11;
4552 b11 = rol64(b11, 56) ^ b6;
4553
4554 b4 += b15;
4555 b15 = rol64(b15, 51) ^ b4;
4556
4557 b10 += b7;
4558 b7 = rol64(b7, 4) ^ b10;
4559
4560 b12 += b3;
4561 b3 = rol64(b3, 53) ^ b12;
4562
4563 b14 += b5;
4564 b5 = rol64(b5, 42) ^ b14;
4565
4566 b8 += b1;
4567 b1 = rol64(b1, 41) ^ b8;
4568
4569 b0 += b7;
4570 b7 = rol64(b7, 31) ^ b0;
4571
4572 b2 += b5;
4573 b5 = rol64(b5, 44) ^ b2;
4574
4575 b4 += b3;
4576 b3 = rol64(b3, 47) ^ b4;
4577
4578 b6 += b1;
4579 b1 = rol64(b1, 46) ^ b6;
4580
4581 b12 += b15;
4582 b15 = rol64(b15, 19) ^ b12;
4583
4584 b14 += b13;
4585 b13 = rol64(b13, 42) ^ b14;
4586
4587 b8 += b11;
4588 b11 = rol64(b11, 44) ^ b8;
4589
4590 b10 += b9;
4591 b9 = rol64(b9, 25) ^ b10;
4592
4593 b0 += b15;
4594 b15 = rol64(b15, 9) ^ b0;
4595
4596 b2 += b11;
4597 b11 = rol64(b11, 48) ^ b2;
4598
4599 b6 += b13;
4600 b13 = rol64(b13, 35) ^ b6;
4601
4602 b4 += b9;
4603 b9 = rol64(b9, 52) ^ b4;
4604
4605 b14 += b1;
4606 b1 = rol64(b1, 23) ^ b14;
4607
4608 b8 += b5;
4609 b5 = rol64(b5, 31) ^ b8;
4610
4611 b10 += b3;
4612 b3 = rol64(b3, 37) ^ b10;
4613
4614 b12 += b7;
4615 b7 = rol64(b7, 20) ^ b12;
4616
4617 b1 += k13;
4618 b0 += b1 + k12;
4619 b1 = rol64(b1, 24) ^ b0;
4620
4621 b3 += k15;
4622 b2 += b3 + k14;
4623 b3 = rol64(b3, 13) ^ b2;
4624
4625 b5 += k0;
4626 b4 += b5 + k16;
4627 b5 = rol64(b5, 8) ^ b4;
4628
4629 b7 += k2;
4630 b6 += b7 + k1;
4631 b7 = rol64(b7, 47) ^ b6;
4632
4633 b9 += k4;
4634 b8 += b9 + k3;
4635 b9 = rol64(b9, 8) ^ b8;
4636
4637 b11 += k6;
4638 b10 += b11 + k5;
4639 b11 = rol64(b11, 17) ^ b10;
4640
4641 b13 += k8 + t0;
4642 b12 += b13 + k7;
4643 b13 = rol64(b13, 22) ^ b12;
4644
4645 b15 += k10 + 12;
4646 b14 += b15 + k9 + t1;
4647 b15 = rol64(b15, 37) ^ b14;
4648
4649 b0 += b9;
4650 b9 = rol64(b9, 38) ^ b0;
4651
4652 b2 += b13;
4653 b13 = rol64(b13, 19) ^ b2;
4654
4655 b6 += b11;
4656 b11 = rol64(b11, 10) ^ b6;
4657
4658 b4 += b15;
4659 b15 = rol64(b15, 55) ^ b4;
4660
4661 b10 += b7;
4662 b7 = rol64(b7, 49) ^ b10;
4663
4664 b12 += b3;
4665 b3 = rol64(b3, 18) ^ b12;
4666
4667 b14 += b5;
4668 b5 = rol64(b5, 23) ^ b14;
4669
4670 b8 += b1;
4671 b1 = rol64(b1, 52) ^ b8;
4672
4673 b0 += b7;
4674 b7 = rol64(b7, 33) ^ b0;
4675
4676 b2 += b5;
4677 b5 = rol64(b5, 4) ^ b2;
4678
4679 b4 += b3;
4680 b3 = rol64(b3, 51) ^ b4;
4681
4682 b6 += b1;
4683 b1 = rol64(b1, 13) ^ b6;
4684
4685 b12 += b15;
4686 b15 = rol64(b15, 34) ^ b12;
4687
4688 b14 += b13;
4689 b13 = rol64(b13, 41) ^ b14;
4690
4691 b8 += b11;
4692 b11 = rol64(b11, 59) ^ b8;
4693
4694 b10 += b9;
4695 b9 = rol64(b9, 17) ^ b10;
4696
4697 b0 += b15;
4698 b15 = rol64(b15, 5) ^ b0;
4699
4700 b2 += b11;
4701 b11 = rol64(b11, 20) ^ b2;
4702
4703 b6 += b13;
4704 b13 = rol64(b13, 48) ^ b6;
4705
4706 b4 += b9;
4707 b9 = rol64(b9, 41) ^ b4;
4708
4709 b14 += b1;
4710 b1 = rol64(b1, 47) ^ b14;
4711
4712 b8 += b5;
4713 b5 = rol64(b5, 28) ^ b8;
4714
4715 b10 += b3;
4716 b3 = rol64(b3, 16) ^ b10;
4717
4718 b12 += b7;
4719 b7 = rol64(b7, 25) ^ b12;
4720
4721 b1 += k14;
4722 b0 += b1 + k13;
4723 b1 = rol64(b1, 41) ^ b0;
4724
4725 b3 += k16;
4726 b2 += b3 + k15;
4727 b3 = rol64(b3, 9) ^ b2;
4728
4729 b5 += k1;
4730 b4 += b5 + k0;
4731 b5 = rol64(b5, 37) ^ b4;
4732
4733 b7 += k3;
4734 b6 += b7 + k2;
4735 b7 = rol64(b7, 31) ^ b6;
4736
4737 b9 += k5;
4738 b8 += b9 + k4;
4739 b9 = rol64(b9, 12) ^ b8;
4740
4741 b11 += k7;
4742 b10 += b11 + k6;
4743 b11 = rol64(b11, 47) ^ b10;
4744
4745 b13 += k9 + t1;
4746 b12 += b13 + k8;
4747 b13 = rol64(b13, 44) ^ b12;
4748
4749 b15 += k11 + 13;
4750 b14 += b15 + k10 + t2;
4751 b15 = rol64(b15, 30) ^ b14;
4752
4753 b0 += b9;
4754 b9 = rol64(b9, 16) ^ b0;
4755
4756 b2 += b13;
4757 b13 = rol64(b13, 34) ^ b2;
4758
4759 b6 += b11;
4760 b11 = rol64(b11, 56) ^ b6;
4761
4762 b4 += b15;
4763 b15 = rol64(b15, 51) ^ b4;
4764
4765 b10 += b7;
4766 b7 = rol64(b7, 4) ^ b10;
4767
4768 b12 += b3;
4769 b3 = rol64(b3, 53) ^ b12;
4770
4771 b14 += b5;
4772 b5 = rol64(b5, 42) ^ b14;
4773
4774 b8 += b1;
4775 b1 = rol64(b1, 41) ^ b8;
4776
4777 b0 += b7;
4778 b7 = rol64(b7, 31) ^ b0;
4779
4780 b2 += b5;
4781 b5 = rol64(b5, 44) ^ b2;
4782
4783 b4 += b3;
4784 b3 = rol64(b3, 47) ^ b4;
4785
4786 b6 += b1;
4787 b1 = rol64(b1, 46) ^ b6;
4788
4789 b12 += b15;
4790 b15 = rol64(b15, 19) ^ b12;
4791
4792 b14 += b13;
4793 b13 = rol64(b13, 42) ^ b14;
4794
4795 b8 += b11;
4796 b11 = rol64(b11, 44) ^ b8;
4797
4798 b10 += b9;
4799 b9 = rol64(b9, 25) ^ b10;
4800
4801 b0 += b15;
4802 b15 = rol64(b15, 9) ^ b0;
4803
4804 b2 += b11;
4805 b11 = rol64(b11, 48) ^ b2;
4806
4807 b6 += b13;
4808 b13 = rol64(b13, 35) ^ b6;
4809
4810 b4 += b9;
4811 b9 = rol64(b9, 52) ^ b4;
4812
4813 b14 += b1;
4814 b1 = rol64(b1, 23) ^ b14;
4815
4816 b8 += b5;
4817 b5 = rol64(b5, 31) ^ b8;
4818
4819 b10 += b3;
4820 b3 = rol64(b3, 37) ^ b10;
4821
4822 b12 += b7;
4823 b7 = rol64(b7, 20) ^ b12;
4824
4825 b1 += k15;
4826 b0 += b1 + k14;
4827 b1 = rol64(b1, 24) ^ b0;
4828
4829 b3 += k0;
4830 b2 += b3 + k16;
4831 b3 = rol64(b3, 13) ^ b2;
4832
4833 b5 += k2;
4834 b4 += b5 + k1;
4835 b5 = rol64(b5, 8) ^ b4;
4836
4837 b7 += k4;
4838 b6 += b7 + k3;
4839 b7 = rol64(b7, 47) ^ b6;
4840
4841 b9 += k6;
4842 b8 += b9 + k5;
4843 b9 = rol64(b9, 8) ^ b8;
4844
4845 b11 += k8;
4846 b10 += b11 + k7;
4847 b11 = rol64(b11, 17) ^ b10;
4848
4849 b13 += k10 + t2;
4850 b12 += b13 + k9;
4851 b13 = rol64(b13, 22) ^ b12;
4852
4853 b15 += k12 + 14;
4854 b14 += b15 + k11 + t0;
4855 b15 = rol64(b15, 37) ^ b14;
4856
4857 b0 += b9;
4858 b9 = rol64(b9, 38) ^ b0;
4859
4860 b2 += b13;
4861 b13 = rol64(b13, 19) ^ b2;
4862
4863 b6 += b11;
4864 b11 = rol64(b11, 10) ^ b6;
4865
4866 b4 += b15;
4867 b15 = rol64(b15, 55) ^ b4;
4868
4869 b10 += b7;
4870 b7 = rol64(b7, 49) ^ b10;
4871
4872 b12 += b3;
4873 b3 = rol64(b3, 18) ^ b12;
4874
4875 b14 += b5;
4876 b5 = rol64(b5, 23) ^ b14;
4877
4878 b8 += b1;
4879 b1 = rol64(b1, 52) ^ b8;
4880
4881 b0 += b7;
4882 b7 = rol64(b7, 33) ^ b0;
4883
4884 b2 += b5;
4885 b5 = rol64(b5, 4) ^ b2;
4886
4887 b4 += b3;
4888 b3 = rol64(b3, 51) ^ b4;
4889
4890 b6 += b1;
4891 b1 = rol64(b1, 13) ^ b6;
4892
4893 b12 += b15;
4894 b15 = rol64(b15, 34) ^ b12;
4895
4896 b14 += b13;
4897 b13 = rol64(b13, 41) ^ b14;
4898
4899 b8 += b11;
4900 b11 = rol64(b11, 59) ^ b8;
4901
4902 b10 += b9;
4903 b9 = rol64(b9, 17) ^ b10;
4904
4905 b0 += b15;
4906 b15 = rol64(b15, 5) ^ b0;
4907
4908 b2 += b11;
4909 b11 = rol64(b11, 20) ^ b2;
4910
4911 b6 += b13;
4912 b13 = rol64(b13, 48) ^ b6;
4913
4914 b4 += b9;
4915 b9 = rol64(b9, 41) ^ b4;
4916
4917 b14 += b1;
4918 b1 = rol64(b1, 47) ^ b14;
4919
4920 b8 += b5;
4921 b5 = rol64(b5, 28) ^ b8;
4922
4923 b10 += b3;
4924 b3 = rol64(b3, 16) ^ b10;
4925
4926 b12 += b7;
4927 b7 = rol64(b7, 25) ^ b12;
4928
4929 b1 += k16;
4930 b0 += b1 + k15;
4931 b1 = rol64(b1, 41) ^ b0;
4932
4933 b3 += k1;
4934 b2 += b3 + k0;
4935 b3 = rol64(b3, 9) ^ b2;
4936
4937 b5 += k3;
4938 b4 += b5 + k2;
4939 b5 = rol64(b5, 37) ^ b4;
4940
4941 b7 += k5;
4942 b6 += b7 + k4;
4943 b7 = rol64(b7, 31) ^ b6;
4944
4945 b9 += k7;
4946 b8 += b9 + k6;
4947 b9 = rol64(b9, 12) ^ b8;
4948
4949 b11 += k9;
4950 b10 += b11 + k8;
4951 b11 = rol64(b11, 47) ^ b10;
4952
4953 b13 += k11 + t0;
4954 b12 += b13 + k10;
4955 b13 = rol64(b13, 44) ^ b12;
4956
4957 b15 += k13 + 15;
4958 b14 += b15 + k12 + t1;
4959 b15 = rol64(b15, 30) ^ b14;
4960
4961 b0 += b9;
4962 b9 = rol64(b9, 16) ^ b0;
4963
4964 b2 += b13;
4965 b13 = rol64(b13, 34) ^ b2;
4966
4967 b6 += b11;
4968 b11 = rol64(b11, 56) ^ b6;
4969
4970 b4 += b15;
4971 b15 = rol64(b15, 51) ^ b4;
4972
4973 b10 += b7;
4974 b7 = rol64(b7, 4) ^ b10;
4975
4976 b12 += b3;
4977 b3 = rol64(b3, 53) ^ b12;
4978
4979 b14 += b5;
4980 b5 = rol64(b5, 42) ^ b14;
4981
4982 b8 += b1;
4983 b1 = rol64(b1, 41) ^ b8;
4984
4985 b0 += b7;
4986 b7 = rol64(b7, 31) ^ b0;
4987
4988 b2 += b5;
4989 b5 = rol64(b5, 44) ^ b2;
4990
4991 b4 += b3;
4992 b3 = rol64(b3, 47) ^ b4;
4993
4994 b6 += b1;
4995 b1 = rol64(b1, 46) ^ b6;
4996
4997 b12 += b15;
4998 b15 = rol64(b15, 19) ^ b12;
4999
5000 b14 += b13;
5001 b13 = rol64(b13, 42) ^ b14;
5002
5003 b8 += b11;
5004 b11 = rol64(b11, 44) ^ b8;
5005
5006 b10 += b9;
5007 b9 = rol64(b9, 25) ^ b10;
5008
5009 b0 += b15;
5010 b15 = rol64(b15, 9) ^ b0;
5011
5012 b2 += b11;
5013 b11 = rol64(b11, 48) ^ b2;
5014
5015 b6 += b13;
5016 b13 = rol64(b13, 35) ^ b6;
5017
5018 b4 += b9;
5019 b9 = rol64(b9, 52) ^ b4;
5020
5021 b14 += b1;
5022 b1 = rol64(b1, 23) ^ b14;
5023
5024 b8 += b5;
5025 b5 = rol64(b5, 31) ^ b8;
5026
5027 b10 += b3;
5028 b3 = rol64(b3, 37) ^ b10;
5029
5030 b12 += b7;
5031 b7 = rol64(b7, 20) ^ b12;
5032
5033 b1 += k0;
5034 b0 += b1 + k16;
5035 b1 = rol64(b1, 24) ^ b0;
5036
5037 b3 += k2;
5038 b2 += b3 + k1;
5039 b3 = rol64(b3, 13) ^ b2;
5040
5041 b5 += k4;
5042 b4 += b5 + k3;
5043 b5 = rol64(b5, 8) ^ b4;
5044
5045 b7 += k6;
5046 b6 += b7 + k5;
5047 b7 = rol64(b7, 47) ^ b6;
5048
5049 b9 += k8;
5050 b8 += b9 + k7;
5051 b9 = rol64(b9, 8) ^ b8;
5052
5053 b11 += k10;
5054 b10 += b11 + k9;
5055 b11 = rol64(b11, 17) ^ b10;
5056
5057 b13 += k12 + t1;
5058 b12 += b13 + k11;
5059 b13 = rol64(b13, 22) ^ b12;
5060
5061 b15 += k14 + 16;
5062 b14 += b15 + k13 + t2;
5063 b15 = rol64(b15, 37) ^ b14;
5064
5065 b0 += b9;
5066 b9 = rol64(b9, 38) ^ b0;
5067
5068 b2 += b13;
5069 b13 = rol64(b13, 19) ^ b2;
5070
5071 b6 += b11;
5072 b11 = rol64(b11, 10) ^ b6;
5073
5074 b4 += b15;
5075 b15 = rol64(b15, 55) ^ b4;
5076
5077 b10 += b7;
5078 b7 = rol64(b7, 49) ^ b10;
5079
5080 b12 += b3;
5081 b3 = rol64(b3, 18) ^ b12;
5082
5083 b14 += b5;
5084 b5 = rol64(b5, 23) ^ b14;
5085
5086 b8 += b1;
5087 b1 = rol64(b1, 52) ^ b8;
5088
5089 b0 += b7;
5090 b7 = rol64(b7, 33) ^ b0;
5091
5092 b2 += b5;
5093 b5 = rol64(b5, 4) ^ b2;
5094
5095 b4 += b3;
5096 b3 = rol64(b3, 51) ^ b4;
5097
5098 b6 += b1;
5099 b1 = rol64(b1, 13) ^ b6;
5100
5101 b12 += b15;
5102 b15 = rol64(b15, 34) ^ b12;
5103
5104 b14 += b13;
5105 b13 = rol64(b13, 41) ^ b14;
5106
5107 b8 += b11;
5108 b11 = rol64(b11, 59) ^ b8;
5109
5110 b10 += b9;
5111 b9 = rol64(b9, 17) ^ b10;
5112
5113 b0 += b15;
5114 b15 = rol64(b15, 5) ^ b0;
5115
5116 b2 += b11;
5117 b11 = rol64(b11, 20) ^ b2;
5118
5119 b6 += b13;
5120 b13 = rol64(b13, 48) ^ b6;
5121
5122 b4 += b9;
5123 b9 = rol64(b9, 41) ^ b4;
5124
5125 b14 += b1;
5126 b1 = rol64(b1, 47) ^ b14;
5127
5128 b8 += b5;
5129 b5 = rol64(b5, 28) ^ b8;
5130
5131 b10 += b3;
5132 b3 = rol64(b3, 16) ^ b10;
5133
5134 b12 += b7;
5135 b7 = rol64(b7, 25) ^ b12;
5136
5137 b1 += k1;
5138 b0 += b1 + k0;
5139 b1 = rol64(b1, 41) ^ b0;
5140
5141 b3 += k3;
5142 b2 += b3 + k2;
5143 b3 = rol64(b3, 9) ^ b2;
5144
5145 b5 += k5;
5146 b4 += b5 + k4;
5147 b5 = rol64(b5, 37) ^ b4;
5148
5149 b7 += k7;
5150 b6 += b7 + k6;
5151 b7 = rol64(b7, 31) ^ b6;
5152
5153 b9 += k9;
5154 b8 += b9 + k8;
5155 b9 = rol64(b9, 12) ^ b8;
5156
5157 b11 += k11;
5158 b10 += b11 + k10;
5159 b11 = rol64(b11, 47) ^ b10;
5160
5161 b13 += k13 + t2;
5162 b12 += b13 + k12;
5163 b13 = rol64(b13, 44) ^ b12;
5164
5165 b15 += k15 + 17;
5166 b14 += b15 + k14 + t0;
5167 b15 = rol64(b15, 30) ^ b14;
5168
5169 b0 += b9;
5170 b9 = rol64(b9, 16) ^ b0;
5171
5172 b2 += b13;
5173 b13 = rol64(b13, 34) ^ b2;
5174
5175 b6 += b11;
5176 b11 = rol64(b11, 56) ^ b6;
5177
5178 b4 += b15;
5179 b15 = rol64(b15, 51) ^ b4;
5180
5181 b10 += b7;
5182 b7 = rol64(b7, 4) ^ b10;
5183
5184 b12 += b3;
5185 b3 = rol64(b3, 53) ^ b12;
5186
5187 b14 += b5;
5188 b5 = rol64(b5, 42) ^ b14;
5189
5190 b8 += b1;
5191 b1 = rol64(b1, 41) ^ b8;
5192
5193 b0 += b7;
5194 b7 = rol64(b7, 31) ^ b0;
5195
5196 b2 += b5;
5197 b5 = rol64(b5, 44) ^ b2;
5198
5199 b4 += b3;
5200 b3 = rol64(b3, 47) ^ b4;
5201
5202 b6 += b1;
5203 b1 = rol64(b1, 46) ^ b6;
5204
5205 b12 += b15;
5206 b15 = rol64(b15, 19) ^ b12;
5207
5208 b14 += b13;
5209 b13 = rol64(b13, 42) ^ b14;
5210
5211 b8 += b11;
5212 b11 = rol64(b11, 44) ^ b8;
5213
5214 b10 += b9;
5215 b9 = rol64(b9, 25) ^ b10;
5216
5217 b0 += b15;
5218 b15 = rol64(b15, 9) ^ b0;
5219
5220 b2 += b11;
5221 b11 = rol64(b11, 48) ^ b2;
5222
5223 b6 += b13;
5224 b13 = rol64(b13, 35) ^ b6;
5225
5226 b4 += b9;
5227 b9 = rol64(b9, 52) ^ b4;
5228
5229 b14 += b1;
5230 b1 = rol64(b1, 23) ^ b14;
5231
5232 b8 += b5;
5233 b5 = rol64(b5, 31) ^ b8;
5234
5235 b10 += b3;
5236 b3 = rol64(b3, 37) ^ b10;
5237
5238 b12 += b7;
5239 b7 = rol64(b7, 20) ^ b12;
5240
5241 b1 += k2;
5242 b0 += b1 + k1;
5243 b1 = rol64(b1, 24) ^ b0;
5244
5245 b3 += k4;
5246 b2 += b3 + k3;
5247 b3 = rol64(b3, 13) ^ b2;
5248
5249 b5 += k6;
5250 b4 += b5 + k5;
5251 b5 = rol64(b5, 8) ^ b4;
5252
5253 b7 += k8;
5254 b6 += b7 + k7;
5255 b7 = rol64(b7, 47) ^ b6;
5256
5257 b9 += k10;
5258 b8 += b9 + k9;
5259 b9 = rol64(b9, 8) ^ b8;
5260
5261 b11 += k12;
5262 b10 += b11 + k11;
5263 b11 = rol64(b11, 17) ^ b10;
5264
5265 b13 += k14 + t0;
5266 b12 += b13 + k13;
5267 b13 = rol64(b13, 22) ^ b12;
5268
5269 b15 += k16 + 18;
5270 b14 += b15 + k15 + t1;
5271 b15 = rol64(b15, 37) ^ b14;
5272
5273 b0 += b9;
5274 b9 = rol64(b9, 38) ^ b0;
5275
5276 b2 += b13;
5277 b13 = rol64(b13, 19) ^ b2;
5278
5279 b6 += b11;
5280 b11 = rol64(b11, 10) ^ b6;
5281
5282 b4 += b15;
5283 b15 = rol64(b15, 55) ^ b4;
5284
5285 b10 += b7;
5286 b7 = rol64(b7, 49) ^ b10;
5287
5288 b12 += b3;
5289 b3 = rol64(b3, 18) ^ b12;
5290
5291 b14 += b5;
5292 b5 = rol64(b5, 23) ^ b14;
5293
5294 b8 += b1;
5295 b1 = rol64(b1, 52) ^ b8;
5296
5297 b0 += b7;
5298 b7 = rol64(b7, 33) ^ b0;
5299
5300 b2 += b5;
5301 b5 = rol64(b5, 4) ^ b2;
5302
5303 b4 += b3;
5304 b3 = rol64(b3, 51) ^ b4;
5305
5306 b6 += b1;
5307 b1 = rol64(b1, 13) ^ b6;
5308
5309 b12 += b15;
5310 b15 = rol64(b15, 34) ^ b12;
5311
5312 b14 += b13;
5313 b13 = rol64(b13, 41) ^ b14;
5314
5315 b8 += b11;
5316 b11 = rol64(b11, 59) ^ b8;
5317
5318 b10 += b9;
5319 b9 = rol64(b9, 17) ^ b10;
5320
5321 b0 += b15;
5322 b15 = rol64(b15, 5) ^ b0;
5323
5324 b2 += b11;
5325 b11 = rol64(b11, 20) ^ b2;
5326
5327 b6 += b13;
5328 b13 = rol64(b13, 48) ^ b6;
5329
5330 b4 += b9;
5331 b9 = rol64(b9, 41) ^ b4;
5332
5333 b14 += b1;
5334 b1 = rol64(b1, 47) ^ b14;
5335
5336 b8 += b5;
5337 b5 = rol64(b5, 28) ^ b8;
5338
5339 b10 += b3;
5340 b3 = rol64(b3, 16) ^ b10;
5341
5342 b12 += b7;
5343 b7 = rol64(b7, 25) ^ b12;
5344
5345 b1 += k3;
5346 b0 += b1 + k2;
5347 b1 = rol64(b1, 41) ^ b0;
5348
5349 b3 += k5;
5350 b2 += b3 + k4;
5351 b3 = rol64(b3, 9) ^ b2;
5352
5353 b5 += k7;
5354 b4 += b5 + k6;
5355 b5 = rol64(b5, 37) ^ b4;
5356
5357 b7 += k9;
5358 b6 += b7 + k8;
5359 b7 = rol64(b7, 31) ^ b6;
5360
5361 b9 += k11;
5362 b8 += b9 + k10;
5363 b9 = rol64(b9, 12) ^ b8;
5364
5365 b11 += k13;
5366 b10 += b11 + k12;
5367 b11 = rol64(b11, 47) ^ b10;
5368
5369 b13 += k15 + t1;
5370 b12 += b13 + k14;
5371 b13 = rol64(b13, 44) ^ b12;
5372
5373 b15 += k0 + 19;
5374 b14 += b15 + k16 + t2;
5375 b15 = rol64(b15, 30) ^ b14;
5376
5377 b0 += b9;
5378 b9 = rol64(b9, 16) ^ b0;
5379
5380 b2 += b13;
5381 b13 = rol64(b13, 34) ^ b2;
5382
5383 b6 += b11;
5384 b11 = rol64(b11, 56) ^ b6;
5385
5386 b4 += b15;
5387 b15 = rol64(b15, 51) ^ b4;
5388
5389 b10 += b7;
5390 b7 = rol64(b7, 4) ^ b10;
5391
5392 b12 += b3;
5393 b3 = rol64(b3, 53) ^ b12;
5394
5395 b14 += b5;
5396 b5 = rol64(b5, 42) ^ b14;
5397
5398 b8 += b1;
5399 b1 = rol64(b1, 41) ^ b8;
5400
5401 b0 += b7;
5402 b7 = rol64(b7, 31) ^ b0;
5403
5404 b2 += b5;
5405 b5 = rol64(b5, 44) ^ b2;
5406
5407 b4 += b3;
5408 b3 = rol64(b3, 47) ^ b4;
5409
5410 b6 += b1;
5411 b1 = rol64(b1, 46) ^ b6;
5412
5413 b12 += b15;
5414 b15 = rol64(b15, 19) ^ b12;
5415
5416 b14 += b13;
5417 b13 = rol64(b13, 42) ^ b14;
5418
5419 b8 += b11;
5420 b11 = rol64(b11, 44) ^ b8;
5421
5422 b10 += b9;
5423 b9 = rol64(b9, 25) ^ b10;
5424
5425 b0 += b15;
5426 b15 = rol64(b15, 9) ^ b0;
5427
5428 b2 += b11;
5429 b11 = rol64(b11, 48) ^ b2;
5430
5431 b6 += b13;
5432 b13 = rol64(b13, 35) ^ b6;
5433
5434 b4 += b9;
5435 b9 = rol64(b9, 52) ^ b4;
5436
5437 b14 += b1;
5438 b1 = rol64(b1, 23) ^ b14;
5439
5440 b8 += b5;
5441 b5 = rol64(b5, 31) ^ b8;
5442
5443 b10 += b3;
5444 b3 = rol64(b3, 37) ^ b10;
5445
5446 b12 += b7;
5447 b7 = rol64(b7, 20) ^ b12;
5448
5449 output[0] = b0 + k3;
5450 output[1] = b1 + k4;
5451 output[2] = b2 + k5;
5452 output[3] = b3 + k6;
5453 output[4] = b4 + k7;
5454 output[5] = b5 + k8;
5455 output[6] = b6 + k9;
5456 output[7] = b7 + k10;
5457 output[8] = b8 + k11;
5458 output[9] = b9 + k12;
5459 output[10] = b10 + k13;
5460 output[11] = b11 + k14;
5461 output[12] = b12 + k15;
5462 output[13] = b13 + k16 + t2;
5463 output[14] = b14 + k0 + t0;
5464 output[15] = b15 + k1 + 20;
5465 }
5466
5467 void threefish_decrypt_1024(struct threefish_key *key_ctx, u64 *input,
5468 u64 *output)
5469 {
5470 u64 b0 = input[0], b1 = input[1],
5471 b2 = input[2], b3 = input[3],
5472 b4 = input[4], b5 = input[5],
5473 b6 = input[6], b7 = input[7],
5474 b8 = input[8], b9 = input[9],
5475 b10 = input[10], b11 = input[11],
5476 b12 = input[12], b13 = input[13],
5477 b14 = input[14], b15 = input[15];
5478 u64 k0 = key_ctx->key[0], k1 = key_ctx->key[1],
5479 k2 = key_ctx->key[2], k3 = key_ctx->key[3],
5480 k4 = key_ctx->key[4], k5 = key_ctx->key[5],
5481 k6 = key_ctx->key[6], k7 = key_ctx->key[7],
5482 k8 = key_ctx->key[8], k9 = key_ctx->key[9],
5483 k10 = key_ctx->key[10], k11 = key_ctx->key[11],
5484 k12 = key_ctx->key[12], k13 = key_ctx->key[13],
5485 k14 = key_ctx->key[14], k15 = key_ctx->key[15],
5486 k16 = key_ctx->key[16];
5487 u64 t0 = key_ctx->tweak[0], t1 = key_ctx->tweak[1],
5488 t2 = key_ctx->tweak[2];
5489 u64 tmp;
5490
5491 b0 -= k3;
5492 b1 -= k4;
5493 b2 -= k5;
5494 b3 -= k6;
5495 b4 -= k7;
5496 b5 -= k8;
5497 b6 -= k9;
5498 b7 -= k10;
5499 b8 -= k11;
5500 b9 -= k12;
5501 b10 -= k13;
5502 b11 -= k14;
5503 b12 -= k15;
5504 b13 -= k16 + t2;
5505 b14 -= k0 + t0;
5506 b15 -= k1 + 20;
5507 tmp = b7 ^ b12;
5508 b7 = ror64(tmp, 20);
5509 b12 -= b7;
5510
5511 tmp = b3 ^ b10;
5512 b3 = ror64(tmp, 37);
5513 b10 -= b3;
5514
5515 tmp = b5 ^ b8;
5516 b5 = ror64(tmp, 31);
5517 b8 -= b5;
5518
5519 tmp = b1 ^ b14;
5520 b1 = ror64(tmp, 23);
5521 b14 -= b1;
5522
5523 tmp = b9 ^ b4;
5524 b9 = ror64(tmp, 52);
5525 b4 -= b9;
5526
5527 tmp = b13 ^ b6;
5528 b13 = ror64(tmp, 35);
5529 b6 -= b13;
5530
5531 tmp = b11 ^ b2;
5532 b11 = ror64(tmp, 48);
5533 b2 -= b11;
5534
5535 tmp = b15 ^ b0;
5536 b15 = ror64(tmp, 9);
5537 b0 -= b15;
5538
5539 tmp = b9 ^ b10;
5540 b9 = ror64(tmp, 25);
5541 b10 -= b9;
5542
5543 tmp = b11 ^ b8;
5544 b11 = ror64(tmp, 44);
5545 b8 -= b11;
5546
5547 tmp = b13 ^ b14;
5548 b13 = ror64(tmp, 42);
5549 b14 -= b13;
5550
5551 tmp = b15 ^ b12;
5552 b15 = ror64(tmp, 19);
5553 b12 -= b15;
5554
5555 tmp = b1 ^ b6;
5556 b1 = ror64(tmp, 46);
5557 b6 -= b1;
5558
5559 tmp = b3 ^ b4;
5560 b3 = ror64(tmp, 47);
5561 b4 -= b3;
5562
5563 tmp = b5 ^ b2;
5564 b5 = ror64(tmp, 44);
5565 b2 -= b5;
5566
5567 tmp = b7 ^ b0;
5568 b7 = ror64(tmp, 31);
5569 b0 -= b7;
5570
5571 tmp = b1 ^ b8;
5572 b1 = ror64(tmp, 41);
5573 b8 -= b1;
5574
5575 tmp = b5 ^ b14;
5576 b5 = ror64(tmp, 42);
5577 b14 -= b5;
5578
5579 tmp = b3 ^ b12;
5580 b3 = ror64(tmp, 53);
5581 b12 -= b3;
5582
5583 tmp = b7 ^ b10;
5584 b7 = ror64(tmp, 4);
5585 b10 -= b7;
5586
5587 tmp = b15 ^ b4;
5588 b15 = ror64(tmp, 51);
5589 b4 -= b15;
5590
5591 tmp = b11 ^ b6;
5592 b11 = ror64(tmp, 56);
5593 b6 -= b11;
5594
5595 tmp = b13 ^ b2;
5596 b13 = ror64(tmp, 34);
5597 b2 -= b13;
5598
5599 tmp = b9 ^ b0;
5600 b9 = ror64(tmp, 16);
5601 b0 -= b9;
5602
5603 tmp = b15 ^ b14;
5604 b15 = ror64(tmp, 30);
5605 b14 -= b15 + k16 + t2;
5606 b15 -= k0 + 19;
5607
5608 tmp = b13 ^ b12;
5609 b13 = ror64(tmp, 44);
5610 b12 -= b13 + k14;
5611 b13 -= k15 + t1;
5612
5613 tmp = b11 ^ b10;
5614 b11 = ror64(tmp, 47);
5615 b10 -= b11 + k12;
5616 b11 -= k13;
5617
5618 tmp = b9 ^ b8;
5619 b9 = ror64(tmp, 12);
5620 b8 -= b9 + k10;
5621 b9 -= k11;
5622
5623 tmp = b7 ^ b6;
5624 b7 = ror64(tmp, 31);
5625 b6 -= b7 + k8;
5626 b7 -= k9;
5627
5628 tmp = b5 ^ b4;
5629 b5 = ror64(tmp, 37);
5630 b4 -= b5 + k6;
5631 b5 -= k7;
5632
5633 tmp = b3 ^ b2;
5634 b3 = ror64(tmp, 9);
5635 b2 -= b3 + k4;
5636 b3 -= k5;
5637
5638 tmp = b1 ^ b0;
5639 b1 = ror64(tmp, 41);
5640 b0 -= b1 + k2;
5641 b1 -= k3;
5642
5643 tmp = b7 ^ b12;
5644 b7 = ror64(tmp, 25);
5645 b12 -= b7;
5646
5647 tmp = b3 ^ b10;
5648 b3 = ror64(tmp, 16);
5649 b10 -= b3;
5650
5651 tmp = b5 ^ b8;
5652 b5 = ror64(tmp, 28);
5653 b8 -= b5;
5654
5655 tmp = b1 ^ b14;
5656 b1 = ror64(tmp, 47);
5657 b14 -= b1;
5658
5659 tmp = b9 ^ b4;
5660 b9 = ror64(tmp, 41);
5661 b4 -= b9;
5662
5663 tmp = b13 ^ b6;
5664 b13 = ror64(tmp, 48);
5665 b6 -= b13;
5666
5667 tmp = b11 ^ b2;
5668 b11 = ror64(tmp, 20);
5669 b2 -= b11;
5670
5671 tmp = b15 ^ b0;
5672 b15 = ror64(tmp, 5);
5673 b0 -= b15;
5674
5675 tmp = b9 ^ b10;
5676 b9 = ror64(tmp, 17);
5677 b10 -= b9;
5678
5679 tmp = b11 ^ b8;
5680 b11 = ror64(tmp, 59);
5681 b8 -= b11;
5682
5683 tmp = b13 ^ b14;
5684 b13 = ror64(tmp, 41);
5685 b14 -= b13;
5686
5687 tmp = b15 ^ b12;
5688 b15 = ror64(tmp, 34);
5689 b12 -= b15;
5690
5691 tmp = b1 ^ b6;
5692 b1 = ror64(tmp, 13);
5693 b6 -= b1;
5694
5695 tmp = b3 ^ b4;
5696 b3 = ror64(tmp, 51);
5697 b4 -= b3;
5698
5699 tmp = b5 ^ b2;
5700 b5 = ror64(tmp, 4);
5701 b2 -= b5;
5702
5703 tmp = b7 ^ b0;
5704 b7 = ror64(tmp, 33);
5705 b0 -= b7;
5706
5707 tmp = b1 ^ b8;
5708 b1 = ror64(tmp, 52);
5709 b8 -= b1;
5710
5711 tmp = b5 ^ b14;
5712 b5 = ror64(tmp, 23);
5713 b14 -= b5;
5714
5715 tmp = b3 ^ b12;
5716 b3 = ror64(tmp, 18);
5717 b12 -= b3;
5718
5719 tmp = b7 ^ b10;
5720 b7 = ror64(tmp, 49);
5721 b10 -= b7;
5722
5723 tmp = b15 ^ b4;
5724 b15 = ror64(tmp, 55);
5725 b4 -= b15;
5726
5727 tmp = b11 ^ b6;
5728 b11 = ror64(tmp, 10);
5729 b6 -= b11;
5730
5731 tmp = b13 ^ b2;
5732 b13 = ror64(tmp, 19);
5733 b2 -= b13;
5734
5735 tmp = b9 ^ b0;
5736 b9 = ror64(tmp, 38);
5737 b0 -= b9;
5738
5739 tmp = b15 ^ b14;
5740 b15 = ror64(tmp, 37);
5741 b14 -= b15 + k15 + t1;
5742 b15 -= k16 + 18;
5743
5744 tmp = b13 ^ b12;
5745 b13 = ror64(tmp, 22);
5746 b12 -= b13 + k13;
5747 b13 -= k14 + t0;
5748
5749 tmp = b11 ^ b10;
5750 b11 = ror64(tmp, 17);
5751 b10 -= b11 + k11;
5752 b11 -= k12;
5753
5754 tmp = b9 ^ b8;
5755 b9 = ror64(tmp, 8);
5756 b8 -= b9 + k9;
5757 b9 -= k10;
5758
5759 tmp = b7 ^ b6;
5760 b7 = ror64(tmp, 47);
5761 b6 -= b7 + k7;
5762 b7 -= k8;
5763
5764 tmp = b5 ^ b4;
5765 b5 = ror64(tmp, 8);
5766 b4 -= b5 + k5;
5767 b5 -= k6;
5768
5769 tmp = b3 ^ b2;
5770 b3 = ror64(tmp, 13);
5771 b2 -= b3 + k3;
5772 b3 -= k4;
5773
5774 tmp = b1 ^ b0;
5775 b1 = ror64(tmp, 24);
5776 b0 -= b1 + k1;
5777 b1 -= k2;
5778
5779 tmp = b7 ^ b12;
5780 b7 = ror64(tmp, 20);
5781 b12 -= b7;
5782
5783 tmp = b3 ^ b10;
5784 b3 = ror64(tmp, 37);
5785 b10 -= b3;
5786
5787 tmp = b5 ^ b8;
5788 b5 = ror64(tmp, 31);
5789 b8 -= b5;
5790
5791 tmp = b1 ^ b14;
5792 b1 = ror64(tmp, 23);
5793 b14 -= b1;
5794
5795 tmp = b9 ^ b4;
5796 b9 = ror64(tmp, 52);
5797 b4 -= b9;
5798
5799 tmp = b13 ^ b6;
5800 b13 = ror64(tmp, 35);
5801 b6 -= b13;
5802
5803 tmp = b11 ^ b2;
5804 b11 = ror64(tmp, 48);
5805 b2 -= b11;
5806
5807 tmp = b15 ^ b0;
5808 b15 = ror64(tmp, 9);
5809 b0 -= b15;
5810
5811 tmp = b9 ^ b10;
5812 b9 = ror64(tmp, 25);
5813 b10 -= b9;
5814
5815 tmp = b11 ^ b8;
5816 b11 = ror64(tmp, 44);
5817 b8 -= b11;
5818
5819 tmp = b13 ^ b14;
5820 b13 = ror64(tmp, 42);
5821 b14 -= b13;
5822
5823 tmp = b15 ^ b12;
5824 b15 = ror64(tmp, 19);
5825 b12 -= b15;
5826
5827 tmp = b1 ^ b6;
5828 b1 = ror64(tmp, 46);
5829 b6 -= b1;
5830
5831 tmp = b3 ^ b4;
5832 b3 = ror64(tmp, 47);
5833 b4 -= b3;
5834
5835 tmp = b5 ^ b2;
5836 b5 = ror64(tmp, 44);
5837 b2 -= b5;
5838
5839 tmp = b7 ^ b0;
5840 b7 = ror64(tmp, 31);
5841 b0 -= b7;
5842
5843 tmp = b1 ^ b8;
5844 b1 = ror64(tmp, 41);
5845 b8 -= b1;
5846
5847 tmp = b5 ^ b14;
5848 b5 = ror64(tmp, 42);
5849 b14 -= b5;
5850
5851 tmp = b3 ^ b12;
5852 b3 = ror64(tmp, 53);
5853 b12 -= b3;
5854
5855 tmp = b7 ^ b10;
5856 b7 = ror64(tmp, 4);
5857 b10 -= b7;
5858
5859 tmp = b15 ^ b4;
5860 b15 = ror64(tmp, 51);
5861 b4 -= b15;
5862
5863 tmp = b11 ^ b6;
5864 b11 = ror64(tmp, 56);
5865 b6 -= b11;
5866
5867 tmp = b13 ^ b2;
5868 b13 = ror64(tmp, 34);
5869 b2 -= b13;
5870
5871 tmp = b9 ^ b0;
5872 b9 = ror64(tmp, 16);
5873 b0 -= b9;
5874
5875 tmp = b15 ^ b14;
5876 b15 = ror64(tmp, 30);
5877 b14 -= b15 + k14 + t0;
5878 b15 -= k15 + 17;
5879
5880 tmp = b13 ^ b12;
5881 b13 = ror64(tmp, 44);
5882 b12 -= b13 + k12;
5883 b13 -= k13 + t2;
5884
5885 tmp = b11 ^ b10;
5886 b11 = ror64(tmp, 47);
5887 b10 -= b11 + k10;
5888 b11 -= k11;
5889
5890 tmp = b9 ^ b8;
5891 b9 = ror64(tmp, 12);
5892 b8 -= b9 + k8;
5893 b9 -= k9;
5894
5895 tmp = b7 ^ b6;
5896 b7 = ror64(tmp, 31);
5897 b6 -= b7 + k6;
5898 b7 -= k7;
5899
5900 tmp = b5 ^ b4;
5901 b5 = ror64(tmp, 37);
5902 b4 -= b5 + k4;
5903 b5 -= k5;
5904
5905 tmp = b3 ^ b2;
5906 b3 = ror64(tmp, 9);
5907 b2 -= b3 + k2;
5908 b3 -= k3;
5909
5910 tmp = b1 ^ b0;
5911 b1 = ror64(tmp, 41);
5912 b0 -= b1 + k0;
5913 b1 -= k1;
5914
5915 tmp = b7 ^ b12;
5916 b7 = ror64(tmp, 25);
5917 b12 -= b7;
5918
5919 tmp = b3 ^ b10;
5920 b3 = ror64(tmp, 16);
5921 b10 -= b3;
5922
5923 tmp = b5 ^ b8;
5924 b5 = ror64(tmp, 28);
5925 b8 -= b5;
5926
5927 tmp = b1 ^ b14;
5928 b1 = ror64(tmp, 47);
5929 b14 -= b1;
5930
5931 tmp = b9 ^ b4;
5932 b9 = ror64(tmp, 41);
5933 b4 -= b9;
5934
5935 tmp = b13 ^ b6;
5936 b13 = ror64(tmp, 48);
5937 b6 -= b13;
5938
5939 tmp = b11 ^ b2;
5940 b11 = ror64(tmp, 20);
5941 b2 -= b11;
5942
5943 tmp = b15 ^ b0;
5944 b15 = ror64(tmp, 5);
5945 b0 -= b15;
5946
5947 tmp = b9 ^ b10;
5948 b9 = ror64(tmp, 17);
5949 b10 -= b9;
5950
5951 tmp = b11 ^ b8;
5952 b11 = ror64(tmp, 59);
5953 b8 -= b11;
5954
5955 tmp = b13 ^ b14;
5956 b13 = ror64(tmp, 41);
5957 b14 -= b13;
5958
5959 tmp = b15 ^ b12;
5960 b15 = ror64(tmp, 34);
5961 b12 -= b15;
5962
5963 tmp = b1 ^ b6;
5964 b1 = ror64(tmp, 13);
5965 b6 -= b1;
5966
5967 tmp = b3 ^ b4;
5968 b3 = ror64(tmp, 51);
5969 b4 -= b3;
5970
5971 tmp = b5 ^ b2;
5972 b5 = ror64(tmp, 4);
5973 b2 -= b5;
5974
5975 tmp = b7 ^ b0;
5976 b7 = ror64(tmp, 33);
5977 b0 -= b7;
5978
5979 tmp = b1 ^ b8;
5980 b1 = ror64(tmp, 52);
5981 b8 -= b1;
5982
5983 tmp = b5 ^ b14;
5984 b5 = ror64(tmp, 23);
5985 b14 -= b5;
5986
5987 tmp = b3 ^ b12;
5988 b3 = ror64(tmp, 18);
5989 b12 -= b3;
5990
5991 tmp = b7 ^ b10;
5992 b7 = ror64(tmp, 49);
5993 b10 -= b7;
5994
5995 tmp = b15 ^ b4;
5996 b15 = ror64(tmp, 55);
5997 b4 -= b15;
5998
5999 tmp = b11 ^ b6;
6000 b11 = ror64(tmp, 10);
6001 b6 -= b11;
6002
6003 tmp = b13 ^ b2;
6004 b13 = ror64(tmp, 19);
6005 b2 -= b13;
6006
6007 tmp = b9 ^ b0;
6008 b9 = ror64(tmp, 38);
6009 b0 -= b9;
6010
6011 tmp = b15 ^ b14;
6012 b15 = ror64(tmp, 37);
6013 b14 -= b15 + k13 + t2;
6014 b15 -= k14 + 16;
6015
6016 tmp = b13 ^ b12;
6017 b13 = ror64(tmp, 22);
6018 b12 -= b13 + k11;
6019 b13 -= k12 + t1;
6020
6021 tmp = b11 ^ b10;
6022 b11 = ror64(tmp, 17);
6023 b10 -= b11 + k9;
6024 b11 -= k10;
6025
6026 tmp = b9 ^ b8;
6027 b9 = ror64(tmp, 8);
6028 b8 -= b9 + k7;
6029 b9 -= k8;
6030
6031 tmp = b7 ^ b6;
6032 b7 = ror64(tmp, 47);
6033 b6 -= b7 + k5;
6034 b7 -= k6;
6035
6036 tmp = b5 ^ b4;
6037 b5 = ror64(tmp, 8);
6038 b4 -= b5 + k3;
6039 b5 -= k4;
6040
6041 tmp = b3 ^ b2;
6042 b3 = ror64(tmp, 13);
6043 b2 -= b3 + k1;
6044 b3 -= k2;
6045
6046 tmp = b1 ^ b0;
6047 b1 = ror64(tmp, 24);
6048 b0 -= b1 + k16;
6049 b1 -= k0;
6050
6051 tmp = b7 ^ b12;
6052 b7 = ror64(tmp, 20);
6053 b12 -= b7;
6054
6055 tmp = b3 ^ b10;
6056 b3 = ror64(tmp, 37);
6057 b10 -= b3;
6058
6059 tmp = b5 ^ b8;
6060 b5 = ror64(tmp, 31);
6061 b8 -= b5;
6062
6063 tmp = b1 ^ b14;
6064 b1 = ror64(tmp, 23);
6065 b14 -= b1;
6066
6067 tmp = b9 ^ b4;
6068 b9 = ror64(tmp, 52);
6069 b4 -= b9;
6070
6071 tmp = b13 ^ b6;
6072 b13 = ror64(tmp, 35);
6073 b6 -= b13;
6074
6075 tmp = b11 ^ b2;
6076 b11 = ror64(tmp, 48);
6077 b2 -= b11;
6078
6079 tmp = b15 ^ b0;
6080 b15 = ror64(tmp, 9);
6081 b0 -= b15;
6082
6083 tmp = b9 ^ b10;
6084 b9 = ror64(tmp, 25);
6085 b10 -= b9;
6086
6087 tmp = b11 ^ b8;
6088 b11 = ror64(tmp, 44);
6089 b8 -= b11;
6090
6091 tmp = b13 ^ b14;
6092 b13 = ror64(tmp, 42);
6093 b14 -= b13;
6094
6095 tmp = b15 ^ b12;
6096 b15 = ror64(tmp, 19);
6097 b12 -= b15;
6098
6099 tmp = b1 ^ b6;
6100 b1 = ror64(tmp, 46);
6101 b6 -= b1;
6102
6103 tmp = b3 ^ b4;
6104 b3 = ror64(tmp, 47);
6105 b4 -= b3;
6106
6107 tmp = b5 ^ b2;
6108 b5 = ror64(tmp, 44);
6109 b2 -= b5;
6110
6111 tmp = b7 ^ b0;
6112 b7 = ror64(tmp, 31);
6113 b0 -= b7;
6114
6115 tmp = b1 ^ b8;
6116 b1 = ror64(tmp, 41);
6117 b8 -= b1;
6118
6119 tmp = b5 ^ b14;
6120 b5 = ror64(tmp, 42);
6121 b14 -= b5;
6122
6123 tmp = b3 ^ b12;
6124 b3 = ror64(tmp, 53);
6125 b12 -= b3;
6126
6127 tmp = b7 ^ b10;
6128 b7 = ror64(tmp, 4);
6129 b10 -= b7;
6130
6131 tmp = b15 ^ b4;
6132 b15 = ror64(tmp, 51);
6133 b4 -= b15;
6134
6135 tmp = b11 ^ b6;
6136 b11 = ror64(tmp, 56);
6137 b6 -= b11;
6138
6139 tmp = b13 ^ b2;
6140 b13 = ror64(tmp, 34);
6141 b2 -= b13;
6142
6143 tmp = b9 ^ b0;
6144 b9 = ror64(tmp, 16);
6145 b0 -= b9;
6146
6147 tmp = b15 ^ b14;
6148 b15 = ror64(tmp, 30);
6149 b14 -= b15 + k12 + t1;
6150 b15 -= k13 + 15;
6151
6152 tmp = b13 ^ b12;
6153 b13 = ror64(tmp, 44);
6154 b12 -= b13 + k10;
6155 b13 -= k11 + t0;
6156
6157 tmp = b11 ^ b10;
6158 b11 = ror64(tmp, 47);
6159 b10 -= b11 + k8;
6160 b11 -= k9;
6161
6162 tmp = b9 ^ b8;
6163 b9 = ror64(tmp, 12);
6164 b8 -= b9 + k6;
6165 b9 -= k7;
6166
6167 tmp = b7 ^ b6;
6168 b7 = ror64(tmp, 31);
6169 b6 -= b7 + k4;
6170 b7 -= k5;
6171
6172 tmp = b5 ^ b4;
6173 b5 = ror64(tmp, 37);
6174 b4 -= b5 + k2;
6175 b5 -= k3;
6176
6177 tmp = b3 ^ b2;
6178 b3 = ror64(tmp, 9);
6179 b2 -= b3 + k0;
6180 b3 -= k1;
6181
6182 tmp = b1 ^ b0;
6183 b1 = ror64(tmp, 41);
6184 b0 -= b1 + k15;
6185 b1 -= k16;
6186
6187 tmp = b7 ^ b12;
6188 b7 = ror64(tmp, 25);
6189 b12 -= b7;
6190
6191 tmp = b3 ^ b10;
6192 b3 = ror64(tmp, 16);
6193 b10 -= b3;
6194
6195 tmp = b5 ^ b8;
6196 b5 = ror64(tmp, 28);
6197 b8 -= b5;
6198
6199 tmp = b1 ^ b14;
6200 b1 = ror64(tmp, 47);
6201 b14 -= b1;
6202
6203 tmp = b9 ^ b4;
6204 b9 = ror64(tmp, 41);
6205 b4 -= b9;
6206
6207 tmp = b13 ^ b6;
6208 b13 = ror64(tmp, 48);
6209 b6 -= b13;
6210
6211 tmp = b11 ^ b2;
6212 b11 = ror64(tmp, 20);
6213 b2 -= b11;
6214
6215 tmp = b15 ^ b0;
6216 b15 = ror64(tmp, 5);
6217 b0 -= b15;
6218
6219 tmp = b9 ^ b10;
6220 b9 = ror64(tmp, 17);
6221 b10 -= b9;
6222
6223 tmp = b11 ^ b8;
6224 b11 = ror64(tmp, 59);
6225 b8 -= b11;
6226
6227 tmp = b13 ^ b14;
6228 b13 = ror64(tmp, 41);
6229 b14 -= b13;
6230
6231 tmp = b15 ^ b12;
6232 b15 = ror64(tmp, 34);
6233 b12 -= b15;
6234
6235 tmp = b1 ^ b6;
6236 b1 = ror64(tmp, 13);
6237 b6 -= b1;
6238
6239 tmp = b3 ^ b4;
6240 b3 = ror64(tmp, 51);
6241 b4 -= b3;
6242
6243 tmp = b5 ^ b2;
6244 b5 = ror64(tmp, 4);
6245 b2 -= b5;
6246
6247 tmp = b7 ^ b0;
6248 b7 = ror64(tmp, 33);
6249 b0 -= b7;
6250
6251 tmp = b1 ^ b8;
6252 b1 = ror64(tmp, 52);
6253 b8 -= b1;
6254
6255 tmp = b5 ^ b14;
6256 b5 = ror64(tmp, 23);
6257 b14 -= b5;
6258
6259 tmp = b3 ^ b12;
6260 b3 = ror64(tmp, 18);
6261 b12 -= b3;
6262
6263 tmp = b7 ^ b10;
6264 b7 = ror64(tmp, 49);
6265 b10 -= b7;
6266
6267 tmp = b15 ^ b4;
6268 b15 = ror64(tmp, 55);
6269 b4 -= b15;
6270
6271 tmp = b11 ^ b6;
6272 b11 = ror64(tmp, 10);
6273 b6 -= b11;
6274
6275 tmp = b13 ^ b2;
6276 b13 = ror64(tmp, 19);
6277 b2 -= b13;
6278
6279 tmp = b9 ^ b0;
6280 b9 = ror64(tmp, 38);
6281 b0 -= b9;
6282
6283 tmp = b15 ^ b14;
6284 b15 = ror64(tmp, 37);
6285 b14 -= b15 + k11 + t0;
6286 b15 -= k12 + 14;
6287
6288 tmp = b13 ^ b12;
6289 b13 = ror64(tmp, 22);
6290 b12 -= b13 + k9;
6291 b13 -= k10 + t2;
6292
6293 tmp = b11 ^ b10;
6294 b11 = ror64(tmp, 17);
6295 b10 -= b11 + k7;
6296 b11 -= k8;
6297
6298 tmp = b9 ^ b8;
6299 b9 = ror64(tmp, 8);
6300 b8 -= b9 + k5;
6301 b9 -= k6;
6302
6303 tmp = b7 ^ b6;
6304 b7 = ror64(tmp, 47);
6305 b6 -= b7 + k3;
6306 b7 -= k4;
6307
6308 tmp = b5 ^ b4;
6309 b5 = ror64(tmp, 8);
6310 b4 -= b5 + k1;
6311 b5 -= k2;
6312
6313 tmp = b3 ^ b2;
6314 b3 = ror64(tmp, 13);
6315 b2 -= b3 + k16;
6316 b3 -= k0;
6317
6318 tmp = b1 ^ b0;
6319 b1 = ror64(tmp, 24);
6320 b0 -= b1 + k14;
6321 b1 -= k15;
6322
6323 tmp = b7 ^ b12;
6324 b7 = ror64(tmp, 20);
6325 b12 -= b7;
6326
6327 tmp = b3 ^ b10;
6328 b3 = ror64(tmp, 37);
6329 b10 -= b3;
6330
6331 tmp = b5 ^ b8;
6332 b5 = ror64(tmp, 31);
6333 b8 -= b5;
6334
6335 tmp = b1 ^ b14;
6336 b1 = ror64(tmp, 23);
6337 b14 -= b1;
6338
6339 tmp = b9 ^ b4;
6340 b9 = ror64(tmp, 52);
6341 b4 -= b9;
6342
6343 tmp = b13 ^ b6;
6344 b13 = ror64(tmp, 35);
6345 b6 -= b13;
6346
6347 tmp = b11 ^ b2;
6348 b11 = ror64(tmp, 48);
6349 b2 -= b11;
6350
6351 tmp = b15 ^ b0;
6352 b15 = ror64(tmp, 9);
6353 b0 -= b15;
6354
6355 tmp = b9 ^ b10;
6356 b9 = ror64(tmp, 25);
6357 b10 -= b9;
6358
6359 tmp = b11 ^ b8;
6360 b11 = ror64(tmp, 44);
6361 b8 -= b11;
6362
6363 tmp = b13 ^ b14;
6364 b13 = ror64(tmp, 42);
6365 b14 -= b13;
6366
6367 tmp = b15 ^ b12;
6368 b15 = ror64(tmp, 19);
6369 b12 -= b15;
6370
6371 tmp = b1 ^ b6;
6372 b1 = ror64(tmp, 46);
6373 b6 -= b1;
6374
6375 tmp = b3 ^ b4;
6376 b3 = ror64(tmp, 47);
6377 b4 -= b3;
6378
6379 tmp = b5 ^ b2;
6380 b5 = ror64(tmp, 44);
6381 b2 -= b5;
6382
6383 tmp = b7 ^ b0;
6384 b7 = ror64(tmp, 31);
6385 b0 -= b7;
6386
6387 tmp = b1 ^ b8;
6388 b1 = ror64(tmp, 41);
6389 b8 -= b1;
6390
6391 tmp = b5 ^ b14;
6392 b5 = ror64(tmp, 42);
6393 b14 -= b5;
6394
6395 tmp = b3 ^ b12;
6396 b3 = ror64(tmp, 53);
6397 b12 -= b3;
6398
6399 tmp = b7 ^ b10;
6400 b7 = ror64(tmp, 4);
6401 b10 -= b7;
6402
6403 tmp = b15 ^ b4;
6404 b15 = ror64(tmp, 51);
6405 b4 -= b15;
6406
6407 tmp = b11 ^ b6;
6408 b11 = ror64(tmp, 56);
6409 b6 -= b11;
6410
6411 tmp = b13 ^ b2;
6412 b13 = ror64(tmp, 34);
6413 b2 -= b13;
6414
6415 tmp = b9 ^ b0;
6416 b9 = ror64(tmp, 16);
6417 b0 -= b9;
6418
6419 tmp = b15 ^ b14;
6420 b15 = ror64(tmp, 30);
6421 b14 -= b15 + k10 + t2;
6422 b15 -= k11 + 13;
6423
6424 tmp = b13 ^ b12;
6425 b13 = ror64(tmp, 44);
6426 b12 -= b13 + k8;
6427 b13 -= k9 + t1;
6428
6429 tmp = b11 ^ b10;
6430 b11 = ror64(tmp, 47);
6431 b10 -= b11 + k6;
6432 b11 -= k7;
6433
6434 tmp = b9 ^ b8;
6435 b9 = ror64(tmp, 12);
6436 b8 -= b9 + k4;
6437 b9 -= k5;
6438
6439 tmp = b7 ^ b6;
6440 b7 = ror64(tmp, 31);
6441 b6 -= b7 + k2;
6442 b7 -= k3;
6443
6444 tmp = b5 ^ b4;
6445 b5 = ror64(tmp, 37);
6446 b4 -= b5 + k0;
6447 b5 -= k1;
6448
6449 tmp = b3 ^ b2;
6450 b3 = ror64(tmp, 9);
6451 b2 -= b3 + k15;
6452 b3 -= k16;
6453
6454 tmp = b1 ^ b0;
6455 b1 = ror64(tmp, 41);
6456 b0 -= b1 + k13;
6457 b1 -= k14;
6458
6459 tmp = b7 ^ b12;
6460 b7 = ror64(tmp, 25);
6461 b12 -= b7;
6462
6463 tmp = b3 ^ b10;
6464 b3 = ror64(tmp, 16);
6465 b10 -= b3;
6466
6467 tmp = b5 ^ b8;
6468 b5 = ror64(tmp, 28);
6469 b8 -= b5;
6470
6471 tmp = b1 ^ b14;
6472 b1 = ror64(tmp, 47);
6473 b14 -= b1;
6474
6475 tmp = b9 ^ b4;
6476 b9 = ror64(tmp, 41);
6477 b4 -= b9;
6478
6479 tmp = b13 ^ b6;
6480 b13 = ror64(tmp, 48);
6481 b6 -= b13;
6482
6483 tmp = b11 ^ b2;
6484 b11 = ror64(tmp, 20);
6485 b2 -= b11;
6486
6487 tmp = b15 ^ b0;
6488 b15 = ror64(tmp, 5);
6489 b0 -= b15;
6490
6491 tmp = b9 ^ b10;
6492 b9 = ror64(tmp, 17);
6493 b10 -= b9;
6494
6495 tmp = b11 ^ b8;
6496 b11 = ror64(tmp, 59);
6497 b8 -= b11;
6498
6499 tmp = b13 ^ b14;
6500 b13 = ror64(tmp, 41);
6501 b14 -= b13;
6502
6503 tmp = b15 ^ b12;
6504 b15 = ror64(tmp, 34);
6505 b12 -= b15;
6506
6507 tmp = b1 ^ b6;
6508 b1 = ror64(tmp, 13);
6509 b6 -= b1;
6510
6511 tmp = b3 ^ b4;
6512 b3 = ror64(tmp, 51);
6513 b4 -= b3;
6514
6515 tmp = b5 ^ b2;
6516 b5 = ror64(tmp, 4);
6517 b2 -= b5;
6518
6519 tmp = b7 ^ b0;
6520 b7 = ror64(tmp, 33);
6521 b0 -= b7;
6522
6523 tmp = b1 ^ b8;
6524 b1 = ror64(tmp, 52);
6525 b8 -= b1;
6526
6527 tmp = b5 ^ b14;
6528 b5 = ror64(tmp, 23);
6529 b14 -= b5;
6530
6531 tmp = b3 ^ b12;
6532 b3 = ror64(tmp, 18);
6533 b12 -= b3;
6534
6535 tmp = b7 ^ b10;
6536 b7 = ror64(tmp, 49);
6537 b10 -= b7;
6538
6539 tmp = b15 ^ b4;
6540 b15 = ror64(tmp, 55);
6541 b4 -= b15;
6542
6543 tmp = b11 ^ b6;
6544 b11 = ror64(tmp, 10);
6545 b6 -= b11;
6546
6547 tmp = b13 ^ b2;
6548 b13 = ror64(tmp, 19);
6549 b2 -= b13;
6550
6551 tmp = b9 ^ b0;
6552 b9 = ror64(tmp, 38);
6553 b0 -= b9;
6554
6555 tmp = b15 ^ b14;
6556 b15 = ror64(tmp, 37);
6557 b14 -= b15 + k9 + t1;
6558 b15 -= k10 + 12;
6559
6560 tmp = b13 ^ b12;
6561 b13 = ror64(tmp, 22);
6562 b12 -= b13 + k7;
6563 b13 -= k8 + t0;
6564
6565 tmp = b11 ^ b10;
6566 b11 = ror64(tmp, 17);
6567 b10 -= b11 + k5;
6568 b11 -= k6;
6569
6570 tmp = b9 ^ b8;
6571 b9 = ror64(tmp, 8);
6572 b8 -= b9 + k3;
6573 b9 -= k4;
6574
6575 tmp = b7 ^ b6;
6576 b7 = ror64(tmp, 47);
6577 b6 -= b7 + k1;
6578 b7 -= k2;
6579
6580 tmp = b5 ^ b4;
6581 b5 = ror64(tmp, 8);
6582 b4 -= b5 + k16;
6583 b5 -= k0;
6584
6585 tmp = b3 ^ b2;
6586 b3 = ror64(tmp, 13);
6587 b2 -= b3 + k14;
6588 b3 -= k15;
6589
6590 tmp = b1 ^ b0;
6591 b1 = ror64(tmp, 24);
6592 b0 -= b1 + k12;
6593 b1 -= k13;
6594
6595 tmp = b7 ^ b12;
6596 b7 = ror64(tmp, 20);
6597 b12 -= b7;
6598
6599 tmp = b3 ^ b10;
6600 b3 = ror64(tmp, 37);
6601 b10 -= b3;
6602
6603 tmp = b5 ^ b8;
6604 b5 = ror64(tmp, 31);
6605 b8 -= b5;
6606
6607 tmp = b1 ^ b14;
6608 b1 = ror64(tmp, 23);
6609 b14 -= b1;
6610
6611 tmp = b9 ^ b4;
6612 b9 = ror64(tmp, 52);
6613 b4 -= b9;
6614
6615 tmp = b13 ^ b6;
6616 b13 = ror64(tmp, 35);
6617 b6 -= b13;
6618
6619 tmp = b11 ^ b2;
6620 b11 = ror64(tmp, 48);
6621 b2 -= b11;
6622
6623 tmp = b15 ^ b0;
6624 b15 = ror64(tmp, 9);
6625 b0 -= b15;
6626
6627 tmp = b9 ^ b10;
6628 b9 = ror64(tmp, 25);
6629 b10 -= b9;
6630
6631 tmp = b11 ^ b8;
6632 b11 = ror64(tmp, 44);
6633 b8 -= b11;
6634
6635 tmp = b13 ^ b14;
6636 b13 = ror64(tmp, 42);
6637 b14 -= b13;
6638
6639 tmp = b15 ^ b12;
6640 b15 = ror64(tmp, 19);
6641 b12 -= b15;
6642
6643 tmp = b1 ^ b6;
6644 b1 = ror64(tmp, 46);
6645 b6 -= b1;
6646
6647 tmp = b3 ^ b4;
6648 b3 = ror64(tmp, 47);
6649 b4 -= b3;
6650
6651 tmp = b5 ^ b2;
6652 b5 = ror64(tmp, 44);
6653 b2 -= b5;
6654
6655 tmp = b7 ^ b0;
6656 b7 = ror64(tmp, 31);
6657 b0 -= b7;
6658
6659 tmp = b1 ^ b8;
6660 b1 = ror64(tmp, 41);
6661 b8 -= b1;
6662
6663 tmp = b5 ^ b14;
6664 b5 = ror64(tmp, 42);
6665 b14 -= b5;
6666
6667 tmp = b3 ^ b12;
6668 b3 = ror64(tmp, 53);
6669 b12 -= b3;
6670
6671 tmp = b7 ^ b10;
6672 b7 = ror64(tmp, 4);
6673 b10 -= b7;
6674
6675 tmp = b15 ^ b4;
6676 b15 = ror64(tmp, 51);
6677 b4 -= b15;
6678
6679 tmp = b11 ^ b6;
6680 b11 = ror64(tmp, 56);
6681 b6 -= b11;
6682
6683 tmp = b13 ^ b2;
6684 b13 = ror64(tmp, 34);
6685 b2 -= b13;
6686
6687 tmp = b9 ^ b0;
6688 b9 = ror64(tmp, 16);
6689 b0 -= b9;
6690
6691 tmp = b15 ^ b14;
6692 b15 = ror64(tmp, 30);
6693 b14 -= b15 + k8 + t0;
6694 b15 -= k9 + 11;
6695
6696 tmp = b13 ^ b12;
6697 b13 = ror64(tmp, 44);
6698 b12 -= b13 + k6;
6699 b13 -= k7 + t2;
6700
6701 tmp = b11 ^ b10;
6702 b11 = ror64(tmp, 47);
6703 b10 -= b11 + k4;
6704 b11 -= k5;
6705
6706 tmp = b9 ^ b8;
6707 b9 = ror64(tmp, 12);
6708 b8 -= b9 + k2;
6709 b9 -= k3;
6710
6711 tmp = b7 ^ b6;
6712 b7 = ror64(tmp, 31);
6713 b6 -= b7 + k0;
6714 b7 -= k1;
6715
6716 tmp = b5 ^ b4;
6717 b5 = ror64(tmp, 37);
6718 b4 -= b5 + k15;
6719 b5 -= k16;
6720
6721 tmp = b3 ^ b2;
6722 b3 = ror64(tmp, 9);
6723 b2 -= b3 + k13;
6724 b3 -= k14;
6725
6726 tmp = b1 ^ b0;
6727 b1 = ror64(tmp, 41);
6728 b0 -= b1 + k11;
6729 b1 -= k12;
6730
6731 tmp = b7 ^ b12;
6732 b7 = ror64(tmp, 25);
6733 b12 -= b7;
6734
6735 tmp = b3 ^ b10;
6736 b3 = ror64(tmp, 16);
6737 b10 -= b3;
6738
6739 tmp = b5 ^ b8;
6740 b5 = ror64(tmp, 28);
6741 b8 -= b5;
6742
6743 tmp = b1 ^ b14;
6744 b1 = ror64(tmp, 47);
6745 b14 -= b1;
6746
6747 tmp = b9 ^ b4;
6748 b9 = ror64(tmp, 41);
6749 b4 -= b9;
6750
6751 tmp = b13 ^ b6;
6752 b13 = ror64(tmp, 48);
6753 b6 -= b13;
6754
6755 tmp = b11 ^ b2;
6756 b11 = ror64(tmp, 20);
6757 b2 -= b11;
6758
6759 tmp = b15 ^ b0;
6760 b15 = ror64(tmp, 5);
6761 b0 -= b15;
6762
6763 tmp = b9 ^ b10;
6764 b9 = ror64(tmp, 17);
6765 b10 -= b9;
6766
6767 tmp = b11 ^ b8;
6768 b11 = ror64(tmp, 59);
6769 b8 -= b11;
6770
6771 tmp = b13 ^ b14;
6772 b13 = ror64(tmp, 41);
6773 b14 -= b13;
6774
6775 tmp = b15 ^ b12;
6776 b15 = ror64(tmp, 34);
6777 b12 -= b15;
6778
6779 tmp = b1 ^ b6;
6780 b1 = ror64(tmp, 13);
6781 b6 -= b1;
6782
6783 tmp = b3 ^ b4;
6784 b3 = ror64(tmp, 51);
6785 b4 -= b3;
6786
6787 tmp = b5 ^ b2;
6788 b5 = ror64(tmp, 4);
6789 b2 -= b5;
6790
6791 tmp = b7 ^ b0;
6792 b7 = ror64(tmp, 33);
6793 b0 -= b7;
6794
6795 tmp = b1 ^ b8;
6796 b1 = ror64(tmp, 52);
6797 b8 -= b1;
6798
6799 tmp = b5 ^ b14;
6800 b5 = ror64(tmp, 23);
6801 b14 -= b5;
6802
6803 tmp = b3 ^ b12;
6804 b3 = ror64(tmp, 18);
6805 b12 -= b3;
6806
6807 tmp = b7 ^ b10;
6808 b7 = ror64(tmp, 49);
6809 b10 -= b7;
6810
6811 tmp = b15 ^ b4;
6812 b15 = ror64(tmp, 55);
6813 b4 -= b15;
6814
6815 tmp = b11 ^ b6;
6816 b11 = ror64(tmp, 10);
6817 b6 -= b11;
6818
6819 tmp = b13 ^ b2;
6820 b13 = ror64(tmp, 19);
6821 b2 -= b13;
6822
6823 tmp = b9 ^ b0;
6824 b9 = ror64(tmp, 38);
6825 b0 -= b9;
6826
6827 tmp = b15 ^ b14;
6828 b15 = ror64(tmp, 37);
6829 b14 -= b15 + k7 + t2;
6830 b15 -= k8 + 10;
6831
6832 tmp = b13 ^ b12;
6833 b13 = ror64(tmp, 22);
6834 b12 -= b13 + k5;
6835 b13 -= k6 + t1;
6836
6837 tmp = b11 ^ b10;
6838 b11 = ror64(tmp, 17);
6839 b10 -= b11 + k3;
6840 b11 -= k4;
6841
6842 tmp = b9 ^ b8;
6843 b9 = ror64(tmp, 8);
6844 b8 -= b9 + k1;
6845 b9 -= k2;
6846
6847 tmp = b7 ^ b6;
6848 b7 = ror64(tmp, 47);
6849 b6 -= b7 + k16;
6850 b7 -= k0;
6851
6852 tmp = b5 ^ b4;
6853 b5 = ror64(tmp, 8);
6854 b4 -= b5 + k14;
6855 b5 -= k15;
6856
6857 tmp = b3 ^ b2;
6858 b3 = ror64(tmp, 13);
6859 b2 -= b3 + k12;
6860 b3 -= k13;
6861
6862 tmp = b1 ^ b0;
6863 b1 = ror64(tmp, 24);
6864 b0 -= b1 + k10;
6865 b1 -= k11;
6866
6867 tmp = b7 ^ b12;
6868 b7 = ror64(tmp, 20);
6869 b12 -= b7;
6870
6871 tmp = b3 ^ b10;
6872 b3 = ror64(tmp, 37);
6873 b10 -= b3;
6874
6875 tmp = b5 ^ b8;
6876 b5 = ror64(tmp, 31);
6877 b8 -= b5;
6878
6879 tmp = b1 ^ b14;
6880 b1 = ror64(tmp, 23);
6881 b14 -= b1;
6882
6883 tmp = b9 ^ b4;
6884 b9 = ror64(tmp, 52);
6885 b4 -= b9;
6886
6887 tmp = b13 ^ b6;
6888 b13 = ror64(tmp, 35);
6889 b6 -= b13;
6890
6891 tmp = b11 ^ b2;
6892 b11 = ror64(tmp, 48);
6893 b2 -= b11;
6894
6895 tmp = b15 ^ b0;
6896 b15 = ror64(tmp, 9);
6897 b0 -= b15;
6898
6899 tmp = b9 ^ b10;
6900 b9 = ror64(tmp, 25);
6901 b10 -= b9;
6902
6903 tmp = b11 ^ b8;
6904 b11 = ror64(tmp, 44);
6905 b8 -= b11;
6906
6907 tmp = b13 ^ b14;
6908 b13 = ror64(tmp, 42);
6909 b14 -= b13;
6910
6911 tmp = b15 ^ b12;
6912 b15 = ror64(tmp, 19);
6913 b12 -= b15;
6914
6915 tmp = b1 ^ b6;
6916 b1 = ror64(tmp, 46);
6917 b6 -= b1;
6918
6919 tmp = b3 ^ b4;
6920 b3 = ror64(tmp, 47);
6921 b4 -= b3;
6922
6923 tmp = b5 ^ b2;
6924 b5 = ror64(tmp, 44);
6925 b2 -= b5;
6926
6927 tmp = b7 ^ b0;
6928 b7 = ror64(tmp, 31);
6929 b0 -= b7;
6930
6931 tmp = b1 ^ b8;
6932 b1 = ror64(tmp, 41);
6933 b8 -= b1;
6934
6935 tmp = b5 ^ b14;
6936 b5 = ror64(tmp, 42);
6937 b14 -= b5;
6938
6939 tmp = b3 ^ b12;
6940 b3 = ror64(tmp, 53);
6941 b12 -= b3;
6942
6943 tmp = b7 ^ b10;
6944 b7 = ror64(tmp, 4);
6945 b10 -= b7;
6946
6947 tmp = b15 ^ b4;
6948 b15 = ror64(tmp, 51);
6949 b4 -= b15;
6950
6951 tmp = b11 ^ b6;
6952 b11 = ror64(tmp, 56);
6953 b6 -= b11;
6954
6955 tmp = b13 ^ b2;
6956 b13 = ror64(tmp, 34);
6957 b2 -= b13;
6958
6959 tmp = b9 ^ b0;
6960 b9 = ror64(tmp, 16);
6961 b0 -= b9;
6962
6963 tmp = b15 ^ b14;
6964 b15 = ror64(tmp, 30);
6965 b14 -= b15 + k6 + t1;
6966 b15 -= k7 + 9;
6967
6968 tmp = b13 ^ b12;
6969 b13 = ror64(tmp, 44);
6970 b12 -= b13 + k4;
6971 b13 -= k5 + t0;
6972
6973 tmp = b11 ^ b10;
6974 b11 = ror64(tmp, 47);
6975 b10 -= b11 + k2;
6976 b11 -= k3;
6977
6978 tmp = b9 ^ b8;
6979 b9 = ror64(tmp, 12);
6980 b8 -= b9 + k0;
6981 b9 -= k1;
6982
6983 tmp = b7 ^ b6;
6984 b7 = ror64(tmp, 31);
6985 b6 -= b7 + k15;
6986 b7 -= k16;
6987
6988 tmp = b5 ^ b4;
6989 b5 = ror64(tmp, 37);
6990 b4 -= b5 + k13;
6991 b5 -= k14;
6992
6993 tmp = b3 ^ b2;
6994 b3 = ror64(tmp, 9);
6995 b2 -= b3 + k11;
6996 b3 -= k12;
6997
6998 tmp = b1 ^ b0;
6999 b1 = ror64(tmp, 41);
7000 b0 -= b1 + k9;
7001 b1 -= k10;
7002
7003 tmp = b7 ^ b12;
7004 b7 = ror64(tmp, 25);
7005 b12 -= b7;
7006
7007 tmp = b3 ^ b10;
7008 b3 = ror64(tmp, 16);
7009 b10 -= b3;
7010
7011 tmp = b5 ^ b8;
7012 b5 = ror64(tmp, 28);
7013 b8 -= b5;
7014
7015 tmp = b1 ^ b14;
7016 b1 = ror64(tmp, 47);
7017 b14 -= b1;
7018
7019 tmp = b9 ^ b4;
7020 b9 = ror64(tmp, 41);
7021 b4 -= b9;
7022
7023 tmp = b13 ^ b6;
7024 b13 = ror64(tmp, 48);
7025 b6 -= b13;
7026
7027 tmp = b11 ^ b2;
7028 b11 = ror64(tmp, 20);
7029 b2 -= b11;
7030
7031 tmp = b15 ^ b0;
7032 b15 = ror64(tmp, 5);
7033 b0 -= b15;
7034
7035 tmp = b9 ^ b10;
7036 b9 = ror64(tmp, 17);
7037 b10 -= b9;
7038
7039 tmp = b11 ^ b8;
7040 b11 = ror64(tmp, 59);
7041 b8 -= b11;
7042
7043 tmp = b13 ^ b14;
7044 b13 = ror64(tmp, 41);
7045 b14 -= b13;
7046
7047 tmp = b15 ^ b12;
7048 b15 = ror64(tmp, 34);
7049 b12 -= b15;
7050
7051 tmp = b1 ^ b6;
7052 b1 = ror64(tmp, 13);
7053 b6 -= b1;
7054
7055 tmp = b3 ^ b4;
7056 b3 = ror64(tmp, 51);
7057 b4 -= b3;
7058
7059 tmp = b5 ^ b2;
7060 b5 = ror64(tmp, 4);
7061 b2 -= b5;
7062
7063 tmp = b7 ^ b0;
7064 b7 = ror64(tmp, 33);
7065 b0 -= b7;
7066
7067 tmp = b1 ^ b8;
7068 b1 = ror64(tmp, 52);
7069 b8 -= b1;
7070
7071 tmp = b5 ^ b14;
7072 b5 = ror64(tmp, 23);
7073 b14 -= b5;
7074
7075 tmp = b3 ^ b12;
7076 b3 = ror64(tmp, 18);
7077 b12 -= b3;
7078
7079 tmp = b7 ^ b10;
7080 b7 = ror64(tmp, 49);
7081 b10 -= b7;
7082
7083 tmp = b15 ^ b4;
7084 b15 = ror64(tmp, 55);
7085 b4 -= b15;
7086
7087 tmp = b11 ^ b6;
7088 b11 = ror64(tmp, 10);
7089 b6 -= b11;
7090
7091 tmp = b13 ^ b2;
7092 b13 = ror64(tmp, 19);
7093 b2 -= b13;
7094
7095 tmp = b9 ^ b0;
7096 b9 = ror64(tmp, 38);
7097 b0 -= b9;
7098
7099 tmp = b15 ^ b14;
7100 b15 = ror64(tmp, 37);
7101 b14 -= b15 + k5 + t0;
7102 b15 -= k6 + 8;
7103
7104 tmp = b13 ^ b12;
7105 b13 = ror64(tmp, 22);
7106 b12 -= b13 + k3;
7107 b13 -= k4 + t2;
7108
7109 tmp = b11 ^ b10;
7110 b11 = ror64(tmp, 17);
7111 b10 -= b11 + k1;
7112 b11 -= k2;
7113
7114 tmp = b9 ^ b8;
7115 b9 = ror64(tmp, 8);
7116 b8 -= b9 + k16;
7117 b9 -= k0;
7118
7119 tmp = b7 ^ b6;
7120 b7 = ror64(tmp, 47);
7121 b6 -= b7 + k14;
7122 b7 -= k15;
7123
7124 tmp = b5 ^ b4;
7125 b5 = ror64(tmp, 8);
7126 b4 -= b5 + k12;
7127 b5 -= k13;
7128
7129 tmp = b3 ^ b2;
7130 b3 = ror64(tmp, 13);
7131 b2 -= b3 + k10;
7132 b3 -= k11;
7133
7134 tmp = b1 ^ b0;
7135 b1 = ror64(tmp, 24);
7136 b0 -= b1 + k8;
7137 b1 -= k9;
7138
7139 tmp = b7 ^ b12;
7140 b7 = ror64(tmp, 20);
7141 b12 -= b7;
7142
7143 tmp = b3 ^ b10;
7144 b3 = ror64(tmp, 37);
7145 b10 -= b3;
7146
7147 tmp = b5 ^ b8;
7148 b5 = ror64(tmp, 31);
7149 b8 -= b5;
7150
7151 tmp = b1 ^ b14;
7152 b1 = ror64(tmp, 23);
7153 b14 -= b1;
7154
7155 tmp = b9 ^ b4;
7156 b9 = ror64(tmp, 52);
7157 b4 -= b9;
7158
7159 tmp = b13 ^ b6;
7160 b13 = ror64(tmp, 35);
7161 b6 -= b13;
7162
7163 tmp = b11 ^ b2;
7164 b11 = ror64(tmp, 48);
7165 b2 -= b11;
7166
7167 tmp = b15 ^ b0;
7168 b15 = ror64(tmp, 9);
7169 b0 -= b15;
7170
7171 tmp = b9 ^ b10;
7172 b9 = ror64(tmp, 25);
7173 b10 -= b9;
7174
7175 tmp = b11 ^ b8;
7176 b11 = ror64(tmp, 44);
7177 b8 -= b11;
7178
7179 tmp = b13 ^ b14;
7180 b13 = ror64(tmp, 42);
7181 b14 -= b13;
7182
7183 tmp = b15 ^ b12;
7184 b15 = ror64(tmp, 19);
7185 b12 -= b15;
7186
7187 tmp = b1 ^ b6;
7188 b1 = ror64(tmp, 46);
7189 b6 -= b1;
7190
7191 tmp = b3 ^ b4;
7192 b3 = ror64(tmp, 47);
7193 b4 -= b3;
7194
7195 tmp = b5 ^ b2;
7196 b5 = ror64(tmp, 44);
7197 b2 -= b5;
7198
7199 tmp = b7 ^ b0;
7200 b7 = ror64(tmp, 31);
7201 b0 -= b7;
7202
7203 tmp = b1 ^ b8;
7204 b1 = ror64(tmp, 41);
7205 b8 -= b1;
7206
7207 tmp = b5 ^ b14;
7208 b5 = ror64(tmp, 42);
7209 b14 -= b5;
7210
7211 tmp = b3 ^ b12;
7212 b3 = ror64(tmp, 53);
7213 b12 -= b3;
7214
7215 tmp = b7 ^ b10;
7216 b7 = ror64(tmp, 4);
7217 b10 -= b7;
7218
7219 tmp = b15 ^ b4;
7220 b15 = ror64(tmp, 51);
7221 b4 -= b15;
7222
7223 tmp = b11 ^ b6;
7224 b11 = ror64(tmp, 56);
7225 b6 -= b11;
7226
7227 tmp = b13 ^ b2;
7228 b13 = ror64(tmp, 34);
7229 b2 -= b13;
7230
7231 tmp = b9 ^ b0;
7232 b9 = ror64(tmp, 16);
7233 b0 -= b9;
7234
7235 tmp = b15 ^ b14;
7236 b15 = ror64(tmp, 30);
7237 b14 -= b15 + k4 + t2;
7238 b15 -= k5 + 7;
7239
7240 tmp = b13 ^ b12;
7241 b13 = ror64(tmp, 44);
7242 b12 -= b13 + k2;
7243 b13 -= k3 + t1;
7244
7245 tmp = b11 ^ b10;
7246 b11 = ror64(tmp, 47);
7247 b10 -= b11 + k0;
7248 b11 -= k1;
7249
7250 tmp = b9 ^ b8;
7251 b9 = ror64(tmp, 12);
7252 b8 -= b9 + k15;
7253 b9 -= k16;
7254
7255 tmp = b7 ^ b6;
7256 b7 = ror64(tmp, 31);
7257 b6 -= b7 + k13;
7258 b7 -= k14;
7259
7260 tmp = b5 ^ b4;
7261 b5 = ror64(tmp, 37);
7262 b4 -= b5 + k11;
7263 b5 -= k12;
7264
7265 tmp = b3 ^ b2;
7266 b3 = ror64(tmp, 9);
7267 b2 -= b3 + k9;
7268 b3 -= k10;
7269
7270 tmp = b1 ^ b0;
7271 b1 = ror64(tmp, 41);
7272 b0 -= b1 + k7;
7273 b1 -= k8;
7274
7275 tmp = b7 ^ b12;
7276 b7 = ror64(tmp, 25);
7277 b12 -= b7;
7278
7279 tmp = b3 ^ b10;
7280 b3 = ror64(tmp, 16);
7281 b10 -= b3;
7282
7283 tmp = b5 ^ b8;
7284 b5 = ror64(tmp, 28);
7285 b8 -= b5;
7286
7287 tmp = b1 ^ b14;
7288 b1 = ror64(tmp, 47);
7289 b14 -= b1;
7290
7291 tmp = b9 ^ b4;
7292 b9 = ror64(tmp, 41);
7293 b4 -= b9;
7294
7295 tmp = b13 ^ b6;
7296 b13 = ror64(tmp, 48);
7297 b6 -= b13;
7298
7299 tmp = b11 ^ b2;
7300 b11 = ror64(tmp, 20);
7301 b2 -= b11;
7302
7303 tmp = b15 ^ b0;
7304 b15 = ror64(tmp, 5);
7305 b0 -= b15;
7306
7307 tmp = b9 ^ b10;
7308 b9 = ror64(tmp, 17);
7309 b10 -= b9;
7310
7311 tmp = b11 ^ b8;
7312 b11 = ror64(tmp, 59);
7313 b8 -= b11;
7314
7315 tmp = b13 ^ b14;
7316 b13 = ror64(tmp, 41);
7317 b14 -= b13;
7318
7319 tmp = b15 ^ b12;
7320 b15 = ror64(tmp, 34);
7321 b12 -= b15;
7322
7323 tmp = b1 ^ b6;
7324 b1 = ror64(tmp, 13);
7325 b6 -= b1;
7326
7327 tmp = b3 ^ b4;
7328 b3 = ror64(tmp, 51);
7329 b4 -= b3;
7330
7331 tmp = b5 ^ b2;
7332 b5 = ror64(tmp, 4);
7333 b2 -= b5;
7334
7335 tmp = b7 ^ b0;
7336 b7 = ror64(tmp, 33);
7337 b0 -= b7;
7338
7339 tmp = b1 ^ b8;
7340 b1 = ror64(tmp, 52);
7341 b8 -= b1;
7342
7343 tmp = b5 ^ b14;
7344 b5 = ror64(tmp, 23);
7345 b14 -= b5;
7346
7347 tmp = b3 ^ b12;
7348 b3 = ror64(tmp, 18);
7349 b12 -= b3;
7350
7351 tmp = b7 ^ b10;
7352 b7 = ror64(tmp, 49);
7353 b10 -= b7;
7354
7355 tmp = b15 ^ b4;
7356 b15 = ror64(tmp, 55);
7357 b4 -= b15;
7358
7359 tmp = b11 ^ b6;
7360 b11 = ror64(tmp, 10);
7361 b6 -= b11;
7362
7363 tmp = b13 ^ b2;
7364 b13 = ror64(tmp, 19);
7365 b2 -= b13;
7366
7367 tmp = b9 ^ b0;
7368 b9 = ror64(tmp, 38);
7369 b0 -= b9;
7370
7371 tmp = b15 ^ b14;
7372 b15 = ror64(tmp, 37);
7373 b14 -= b15 + k3 + t1;
7374 b15 -= k4 + 6;
7375
7376 tmp = b13 ^ b12;
7377 b13 = ror64(tmp, 22);
7378 b12 -= b13 + k1;
7379 b13 -= k2 + t0;
7380
7381 tmp = b11 ^ b10;
7382 b11 = ror64(tmp, 17);
7383 b10 -= b11 + k16;
7384 b11 -= k0;
7385
7386 tmp = b9 ^ b8;
7387 b9 = ror64(tmp, 8);
7388 b8 -= b9 + k14;
7389 b9 -= k15;
7390
7391 tmp = b7 ^ b6;
7392 b7 = ror64(tmp, 47);
7393 b6 -= b7 + k12;
7394 b7 -= k13;
7395
7396 tmp = b5 ^ b4;
7397 b5 = ror64(tmp, 8);
7398 b4 -= b5 + k10;
7399 b5 -= k11;
7400
7401 tmp = b3 ^ b2;
7402 b3 = ror64(tmp, 13);
7403 b2 -= b3 + k8;
7404 b3 -= k9;
7405
7406 tmp = b1 ^ b0;
7407 b1 = ror64(tmp, 24);
7408 b0 -= b1 + k6;
7409 b1 -= k7;
7410
7411 tmp = b7 ^ b12;
7412 b7 = ror64(tmp, 20);
7413 b12 -= b7;
7414
7415 tmp = b3 ^ b10;
7416 b3 = ror64(tmp, 37);
7417 b10 -= b3;
7418
7419 tmp = b5 ^ b8;
7420 b5 = ror64(tmp, 31);
7421 b8 -= b5;
7422
7423 tmp = b1 ^ b14;
7424 b1 = ror64(tmp, 23);
7425 b14 -= b1;
7426
7427 tmp = b9 ^ b4;
7428 b9 = ror64(tmp, 52);
7429 b4 -= b9;
7430
7431 tmp = b13 ^ b6;
7432 b13 = ror64(tmp, 35);
7433 b6 -= b13;
7434
7435 tmp = b11 ^ b2;
7436 b11 = ror64(tmp, 48);
7437 b2 -= b11;
7438
7439 tmp = b15 ^ b0;
7440 b15 = ror64(tmp, 9);
7441 b0 -= b15;
7442
7443 tmp = b9 ^ b10;
7444 b9 = ror64(tmp, 25);
7445 b10 -= b9;
7446
7447 tmp = b11 ^ b8;
7448 b11 = ror64(tmp, 44);
7449 b8 -= b11;
7450
7451 tmp = b13 ^ b14;
7452 b13 = ror64(tmp, 42);
7453 b14 -= b13;
7454
7455 tmp = b15 ^ b12;
7456 b15 = ror64(tmp, 19);
7457 b12 -= b15;
7458
7459 tmp = b1 ^ b6;
7460 b1 = ror64(tmp, 46);
7461 b6 -= b1;
7462
7463 tmp = b3 ^ b4;
7464 b3 = ror64(tmp, 47);
7465 b4 -= b3;
7466
7467 tmp = b5 ^ b2;
7468 b5 = ror64(tmp, 44);
7469 b2 -= b5;
7470
7471 tmp = b7 ^ b0;
7472 b7 = ror64(tmp, 31);
7473 b0 -= b7;
7474
7475 tmp = b1 ^ b8;
7476 b1 = ror64(tmp, 41);
7477 b8 -= b1;
7478
7479 tmp = b5 ^ b14;
7480 b5 = ror64(tmp, 42);
7481 b14 -= b5;
7482
7483 tmp = b3 ^ b12;
7484 b3 = ror64(tmp, 53);
7485 b12 -= b3;
7486
7487 tmp = b7 ^ b10;
7488 b7 = ror64(tmp, 4);
7489 b10 -= b7;
7490
7491 tmp = b15 ^ b4;
7492 b15 = ror64(tmp, 51);
7493 b4 -= b15;
7494
7495 tmp = b11 ^ b6;
7496 b11 = ror64(tmp, 56);
7497 b6 -= b11;
7498
7499 tmp = b13 ^ b2;
7500 b13 = ror64(tmp, 34);
7501 b2 -= b13;
7502
7503 tmp = b9 ^ b0;
7504 b9 = ror64(tmp, 16);
7505 b0 -= b9;
7506
7507 tmp = b15 ^ b14;
7508 b15 = ror64(tmp, 30);
7509 b14 -= b15 + k2 + t0;
7510 b15 -= k3 + 5;
7511
7512 tmp = b13 ^ b12;
7513 b13 = ror64(tmp, 44);
7514 b12 -= b13 + k0;
7515 b13 -= k1 + t2;
7516
7517 tmp = b11 ^ b10;
7518 b11 = ror64(tmp, 47);
7519 b10 -= b11 + k15;
7520 b11 -= k16;
7521
7522 tmp = b9 ^ b8;
7523 b9 = ror64(tmp, 12);
7524 b8 -= b9 + k13;
7525 b9 -= k14;
7526
7527 tmp = b7 ^ b6;
7528 b7 = ror64(tmp, 31);
7529 b6 -= b7 + k11;
7530 b7 -= k12;
7531
7532 tmp = b5 ^ b4;
7533 b5 = ror64(tmp, 37);
7534 b4 -= b5 + k9;
7535 b5 -= k10;
7536
7537 tmp = b3 ^ b2;
7538 b3 = ror64(tmp, 9);
7539 b2 -= b3 + k7;
7540 b3 -= k8;
7541
7542 tmp = b1 ^ b0;
7543 b1 = ror64(tmp, 41);
7544 b0 -= b1 + k5;
7545 b1 -= k6;
7546
7547 tmp = b7 ^ b12;
7548 b7 = ror64(tmp, 25);
7549 b12 -= b7;
7550
7551 tmp = b3 ^ b10;
7552 b3 = ror64(tmp, 16);
7553 b10 -= b3;
7554
7555 tmp = b5 ^ b8;
7556 b5 = ror64(tmp, 28);
7557 b8 -= b5;
7558
7559 tmp = b1 ^ b14;
7560 b1 = ror64(tmp, 47);
7561 b14 -= b1;
7562
7563 tmp = b9 ^ b4;
7564 b9 = ror64(tmp, 41);
7565 b4 -= b9;
7566
7567 tmp = b13 ^ b6;
7568 b13 = ror64(tmp, 48);
7569 b6 -= b13;
7570
7571 tmp = b11 ^ b2;
7572 b11 = ror64(tmp, 20);
7573 b2 -= b11;
7574
7575 tmp = b15 ^ b0;
7576 b15 = ror64(tmp, 5);
7577 b0 -= b15;
7578
7579 tmp = b9 ^ b10;
7580 b9 = ror64(tmp, 17);
7581 b10 -= b9;
7582
7583 tmp = b11 ^ b8;
7584 b11 = ror64(tmp, 59);
7585 b8 -= b11;
7586
7587 tmp = b13 ^ b14;
7588 b13 = ror64(tmp, 41);
7589 b14 -= b13;
7590
7591 tmp = b15 ^ b12;
7592 b15 = ror64(tmp, 34);
7593 b12 -= b15;
7594
7595 tmp = b1 ^ b6;
7596 b1 = ror64(tmp, 13);
7597 b6 -= b1;
7598
7599 tmp = b3 ^ b4;
7600 b3 = ror64(tmp, 51);
7601 b4 -= b3;
7602
7603 tmp = b5 ^ b2;
7604 b5 = ror64(tmp, 4);
7605 b2 -= b5;
7606
7607 tmp = b7 ^ b0;
7608 b7 = ror64(tmp, 33);
7609 b0 -= b7;
7610
7611 tmp = b1 ^ b8;
7612 b1 = ror64(tmp, 52);
7613 b8 -= b1;
7614
7615 tmp = b5 ^ b14;
7616 b5 = ror64(tmp, 23);
7617 b14 -= b5;
7618
7619 tmp = b3 ^ b12;
7620 b3 = ror64(tmp, 18);
7621 b12 -= b3;
7622
7623 tmp = b7 ^ b10;
7624 b7 = ror64(tmp, 49);
7625 b10 -= b7;
7626
7627 tmp = b15 ^ b4;
7628 b15 = ror64(tmp, 55);
7629 b4 -= b15;
7630
7631 tmp = b11 ^ b6;
7632 b11 = ror64(tmp, 10);
7633 b6 -= b11;
7634
7635 tmp = b13 ^ b2;
7636 b13 = ror64(tmp, 19);
7637 b2 -= b13;
7638
7639 tmp = b9 ^ b0;
7640 b9 = ror64(tmp, 38);
7641 b0 -= b9;
7642
7643 tmp = b15 ^ b14;
7644 b15 = ror64(tmp, 37);
7645 b14 -= b15 + k1 + t2;
7646 b15 -= k2 + 4;
7647
7648 tmp = b13 ^ b12;
7649 b13 = ror64(tmp, 22);
7650 b12 -= b13 + k16;
7651 b13 -= k0 + t1;
7652
7653 tmp = b11 ^ b10;
7654 b11 = ror64(tmp, 17);
7655 b10 -= b11 + k14;
7656 b11 -= k15;
7657
7658 tmp = b9 ^ b8;
7659 b9 = ror64(tmp, 8);
7660 b8 -= b9 + k12;
7661 b9 -= k13;
7662
7663 tmp = b7 ^ b6;
7664 b7 = ror64(tmp, 47);
7665 b6 -= b7 + k10;
7666 b7 -= k11;
7667
7668 tmp = b5 ^ b4;
7669 b5 = ror64(tmp, 8);
7670 b4 -= b5 + k8;
7671 b5 -= k9;
7672
7673 tmp = b3 ^ b2;
7674 b3 = ror64(tmp, 13);
7675 b2 -= b3 + k6;
7676 b3 -= k7;
7677
7678 tmp = b1 ^ b0;
7679 b1 = ror64(tmp, 24);
7680 b0 -= b1 + k4;
7681 b1 -= k5;
7682
7683 tmp = b7 ^ b12;
7684 b7 = ror64(tmp, 20);
7685 b12 -= b7;
7686
7687 tmp = b3 ^ b10;
7688 b3 = ror64(tmp, 37);
7689 b10 -= b3;
7690
7691 tmp = b5 ^ b8;
7692 b5 = ror64(tmp, 31);
7693 b8 -= b5;
7694
7695 tmp = b1 ^ b14;
7696 b1 = ror64(tmp, 23);
7697 b14 -= b1;
7698
7699 tmp = b9 ^ b4;
7700 b9 = ror64(tmp, 52);
7701 b4 -= b9;
7702
7703 tmp = b13 ^ b6;
7704 b13 = ror64(tmp, 35);
7705 b6 -= b13;
7706
7707 tmp = b11 ^ b2;
7708 b11 = ror64(tmp, 48);
7709 b2 -= b11;
7710
7711 tmp = b15 ^ b0;
7712 b15 = ror64(tmp, 9);
7713 b0 -= b15;
7714
7715 tmp = b9 ^ b10;
7716 b9 = ror64(tmp, 25);
7717 b10 -= b9;
7718
7719 tmp = b11 ^ b8;
7720 b11 = ror64(tmp, 44);
7721 b8 -= b11;
7722
7723 tmp = b13 ^ b14;
7724 b13 = ror64(tmp, 42);
7725 b14 -= b13;
7726
7727 tmp = b15 ^ b12;
7728 b15 = ror64(tmp, 19);
7729 b12 -= b15;
7730
7731 tmp = b1 ^ b6;
7732 b1 = ror64(tmp, 46);
7733 b6 -= b1;
7734
7735 tmp = b3 ^ b4;
7736 b3 = ror64(tmp, 47);
7737 b4 -= b3;
7738
7739 tmp = b5 ^ b2;
7740 b5 = ror64(tmp, 44);
7741 b2 -= b5;
7742
7743 tmp = b7 ^ b0;
7744 b7 = ror64(tmp, 31);
7745 b0 -= b7;
7746
7747 tmp = b1 ^ b8;
7748 b1 = ror64(tmp, 41);
7749 b8 -= b1;
7750
7751 tmp = b5 ^ b14;
7752 b5 = ror64(tmp, 42);
7753 b14 -= b5;
7754
7755 tmp = b3 ^ b12;
7756 b3 = ror64(tmp, 53);
7757 b12 -= b3;
7758
7759 tmp = b7 ^ b10;
7760 b7 = ror64(tmp, 4);
7761 b10 -= b7;
7762
7763 tmp = b15 ^ b4;
7764 b15 = ror64(tmp, 51);
7765 b4 -= b15;
7766
7767 tmp = b11 ^ b6;
7768 b11 = ror64(tmp, 56);
7769 b6 -= b11;
7770
7771 tmp = b13 ^ b2;
7772 b13 = ror64(tmp, 34);
7773 b2 -= b13;
7774
7775 tmp = b9 ^ b0;
7776 b9 = ror64(tmp, 16);
7777 b0 -= b9;
7778
7779 tmp = b15 ^ b14;
7780 b15 = ror64(tmp, 30);
7781 b14 -= b15 + k0 + t1;
7782 b15 -= k1 + 3;
7783
7784 tmp = b13 ^ b12;
7785 b13 = ror64(tmp, 44);
7786 b12 -= b13 + k15;
7787 b13 -= k16 + t0;
7788
7789 tmp = b11 ^ b10;
7790 b11 = ror64(tmp, 47);
7791 b10 -= b11 + k13;
7792 b11 -= k14;
7793
7794 tmp = b9 ^ b8;
7795 b9 = ror64(tmp, 12);
7796 b8 -= b9 + k11;
7797 b9 -= k12;
7798
7799 tmp = b7 ^ b6;
7800 b7 = ror64(tmp, 31);
7801 b6 -= b7 + k9;
7802 b7 -= k10;
7803
7804 tmp = b5 ^ b4;
7805 b5 = ror64(tmp, 37);
7806 b4 -= b5 + k7;
7807 b5 -= k8;
7808
7809 tmp = b3 ^ b2;
7810 b3 = ror64(tmp, 9);
7811 b2 -= b3 + k5;
7812 b3 -= k6;
7813
7814 tmp = b1 ^ b0;
7815 b1 = ror64(tmp, 41);
7816 b0 -= b1 + k3;
7817 b1 -= k4;
7818
7819 tmp = b7 ^ b12;
7820 b7 = ror64(tmp, 25);
7821 b12 -= b7;
7822
7823 tmp = b3 ^ b10;
7824 b3 = ror64(tmp, 16);
7825 b10 -= b3;
7826
7827 tmp = b5 ^ b8;
7828 b5 = ror64(tmp, 28);
7829 b8 -= b5;
7830
7831 tmp = b1 ^ b14;
7832 b1 = ror64(tmp, 47);
7833 b14 -= b1;
7834
7835 tmp = b9 ^ b4;
7836 b9 = ror64(tmp, 41);
7837 b4 -= b9;
7838
7839 tmp = b13 ^ b6;
7840 b13 = ror64(tmp, 48);
7841 b6 -= b13;
7842
7843 tmp = b11 ^ b2;
7844 b11 = ror64(tmp, 20);
7845 b2 -= b11;
7846
7847 tmp = b15 ^ b0;
7848 b15 = ror64(tmp, 5);
7849 b0 -= b15;
7850
7851 tmp = b9 ^ b10;
7852 b9 = ror64(tmp, 17);
7853 b10 -= b9;
7854
7855 tmp = b11 ^ b8;
7856 b11 = ror64(tmp, 59);
7857 b8 -= b11;
7858
7859 tmp = b13 ^ b14;
7860 b13 = ror64(tmp, 41);
7861 b14 -= b13;
7862
7863 tmp = b15 ^ b12;
7864 b15 = ror64(tmp, 34);
7865 b12 -= b15;
7866
7867 tmp = b1 ^ b6;
7868 b1 = ror64(tmp, 13);
7869 b6 -= b1;
7870
7871 tmp = b3 ^ b4;
7872 b3 = ror64(tmp, 51);
7873 b4 -= b3;
7874
7875 tmp = b5 ^ b2;
7876 b5 = ror64(tmp, 4);
7877 b2 -= b5;
7878
7879 tmp = b7 ^ b0;
7880 b7 = ror64(tmp, 33);
7881 b0 -= b7;
7882
7883 tmp = b1 ^ b8;
7884 b1 = ror64(tmp, 52);
7885 b8 -= b1;
7886
7887 tmp = b5 ^ b14;
7888 b5 = ror64(tmp, 23);
7889 b14 -= b5;
7890
7891 tmp = b3 ^ b12;
7892 b3 = ror64(tmp, 18);
7893 b12 -= b3;
7894
7895 tmp = b7 ^ b10;
7896 b7 = ror64(tmp, 49);
7897 b10 -= b7;
7898
7899 tmp = b15 ^ b4;
7900 b15 = ror64(tmp, 55);
7901 b4 -= b15;
7902
7903 tmp = b11 ^ b6;
7904 b11 = ror64(tmp, 10);
7905 b6 -= b11;
7906
7907 tmp = b13 ^ b2;
7908 b13 = ror64(tmp, 19);
7909 b2 -= b13;
7910
7911 tmp = b9 ^ b0;
7912 b9 = ror64(tmp, 38);
7913 b0 -= b9;
7914
7915 tmp = b15 ^ b14;
7916 b15 = ror64(tmp, 37);
7917 b14 -= b15 + k16 + t0;
7918 b15 -= k0 + 2;
7919
7920 tmp = b13 ^ b12;
7921 b13 = ror64(tmp, 22);
7922 b12 -= b13 + k14;
7923 b13 -= k15 + t2;
7924
7925 tmp = b11 ^ b10;
7926 b11 = ror64(tmp, 17);
7927 b10 -= b11 + k12;
7928 b11 -= k13;
7929
7930 tmp = b9 ^ b8;
7931 b9 = ror64(tmp, 8);
7932 b8 -= b9 + k10;
7933 b9 -= k11;
7934
7935 tmp = b7 ^ b6;
7936 b7 = ror64(tmp, 47);
7937 b6 -= b7 + k8;
7938 b7 -= k9;
7939
7940 tmp = b5 ^ b4;
7941 b5 = ror64(tmp, 8);
7942 b4 -= b5 + k6;
7943 b5 -= k7;
7944
7945 tmp = b3 ^ b2;
7946 b3 = ror64(tmp, 13);
7947 b2 -= b3 + k4;
7948 b3 -= k5;
7949
7950 tmp = b1 ^ b0;
7951 b1 = ror64(tmp, 24);
7952 b0 -= b1 + k2;
7953 b1 -= k3;
7954
7955 tmp = b7 ^ b12;
7956 b7 = ror64(tmp, 20);
7957 b12 -= b7;
7958
7959 tmp = b3 ^ b10;
7960 b3 = ror64(tmp, 37);
7961 b10 -= b3;
7962
7963 tmp = b5 ^ b8;
7964 b5 = ror64(tmp, 31);
7965 b8 -= b5;
7966
7967 tmp = b1 ^ b14;
7968 b1 = ror64(tmp, 23);
7969 b14 -= b1;
7970
7971 tmp = b9 ^ b4;
7972 b9 = ror64(tmp, 52);
7973 b4 -= b9;
7974
7975 tmp = b13 ^ b6;
7976 b13 = ror64(tmp, 35);
7977 b6 -= b13;
7978
7979 tmp = b11 ^ b2;
7980 b11 = ror64(tmp, 48);
7981 b2 -= b11;
7982
7983 tmp = b15 ^ b0;
7984 b15 = ror64(tmp, 9);
7985 b0 -= b15;
7986
7987 tmp = b9 ^ b10;
7988 b9 = ror64(tmp, 25);
7989 b10 -= b9;
7990
7991 tmp = b11 ^ b8;
7992 b11 = ror64(tmp, 44);
7993 b8 -= b11;
7994
7995 tmp = b13 ^ b14;
7996 b13 = ror64(tmp, 42);
7997 b14 -= b13;
7998
7999 tmp = b15 ^ b12;
8000 b15 = ror64(tmp, 19);
8001 b12 -= b15;
8002
8003 tmp = b1 ^ b6;
8004 b1 = ror64(tmp, 46);
8005 b6 -= b1;
8006
8007 tmp = b3 ^ b4;
8008 b3 = ror64(tmp, 47);
8009 b4 -= b3;
8010
8011 tmp = b5 ^ b2;
8012 b5 = ror64(tmp, 44);
8013 b2 -= b5;
8014
8015 tmp = b7 ^ b0;
8016 b7 = ror64(tmp, 31);
8017 b0 -= b7;
8018
8019 tmp = b1 ^ b8;
8020 b1 = ror64(tmp, 41);
8021 b8 -= b1;
8022
8023 tmp = b5 ^ b14;
8024 b5 = ror64(tmp, 42);
8025 b14 -= b5;
8026
8027 tmp = b3 ^ b12;
8028 b3 = ror64(tmp, 53);
8029 b12 -= b3;
8030
8031 tmp = b7 ^ b10;
8032 b7 = ror64(tmp, 4);
8033 b10 -= b7;
8034
8035 tmp = b15 ^ b4;
8036 b15 = ror64(tmp, 51);
8037 b4 -= b15;
8038
8039 tmp = b11 ^ b6;
8040 b11 = ror64(tmp, 56);
8041 b6 -= b11;
8042
8043 tmp = b13 ^ b2;
8044 b13 = ror64(tmp, 34);
8045 b2 -= b13;
8046
8047 tmp = b9 ^ b0;
8048 b9 = ror64(tmp, 16);
8049 b0 -= b9;
8050
8051 tmp = b15 ^ b14;
8052 b15 = ror64(tmp, 30);
8053 b14 -= b15 + k15 + t2;
8054 b15 -= k16 + 1;
8055
8056 tmp = b13 ^ b12;
8057 b13 = ror64(tmp, 44);
8058 b12 -= b13 + k13;
8059 b13 -= k14 + t1;
8060
8061 tmp = b11 ^ b10;
8062 b11 = ror64(tmp, 47);
8063 b10 -= b11 + k11;
8064 b11 -= k12;
8065
8066 tmp = b9 ^ b8;
8067 b9 = ror64(tmp, 12);
8068 b8 -= b9 + k9;
8069 b9 -= k10;
8070
8071 tmp = b7 ^ b6;
8072 b7 = ror64(tmp, 31);
8073 b6 -= b7 + k7;
8074 b7 -= k8;
8075
8076 tmp = b5 ^ b4;
8077 b5 = ror64(tmp, 37);
8078 b4 -= b5 + k5;
8079 b5 -= k6;
8080
8081 tmp = b3 ^ b2;
8082 b3 = ror64(tmp, 9);
8083 b2 -= b3 + k3;
8084 b3 -= k4;
8085
8086 tmp = b1 ^ b0;
8087 b1 = ror64(tmp, 41);
8088 b0 -= b1 + k1;
8089 b1 -= k2;
8090
8091 tmp = b7 ^ b12;
8092 b7 = ror64(tmp, 25);
8093 b12 -= b7;
8094
8095 tmp = b3 ^ b10;
8096 b3 = ror64(tmp, 16);
8097 b10 -= b3;
8098
8099 tmp = b5 ^ b8;
8100 b5 = ror64(tmp, 28);
8101 b8 -= b5;
8102
8103 tmp = b1 ^ b14;
8104 b1 = ror64(tmp, 47);
8105 b14 -= b1;
8106
8107 tmp = b9 ^ b4;
8108 b9 = ror64(tmp, 41);
8109 b4 -= b9;
8110
8111 tmp = b13 ^ b6;
8112 b13 = ror64(tmp, 48);
8113 b6 -= b13;
8114
8115 tmp = b11 ^ b2;
8116 b11 = ror64(tmp, 20);
8117 b2 -= b11;
8118
8119 tmp = b15 ^ b0;
8120 b15 = ror64(tmp, 5);
8121 b0 -= b15;
8122
8123 tmp = b9 ^ b10;
8124 b9 = ror64(tmp, 17);
8125 b10 -= b9;
8126
8127 tmp = b11 ^ b8;
8128 b11 = ror64(tmp, 59);
8129 b8 -= b11;
8130
8131 tmp = b13 ^ b14;
8132 b13 = ror64(tmp, 41);
8133 b14 -= b13;
8134
8135 tmp = b15 ^ b12;
8136 b15 = ror64(tmp, 34);
8137 b12 -= b15;
8138
8139 tmp = b1 ^ b6;
8140 b1 = ror64(tmp, 13);
8141 b6 -= b1;
8142
8143 tmp = b3 ^ b4;
8144 b3 = ror64(tmp, 51);
8145 b4 -= b3;
8146
8147 tmp = b5 ^ b2;
8148 b5 = ror64(tmp, 4);
8149 b2 -= b5;
8150
8151 tmp = b7 ^ b0;
8152 b7 = ror64(tmp, 33);
8153 b0 -= b7;
8154
8155 tmp = b1 ^ b8;
8156 b1 = ror64(tmp, 52);
8157 b8 -= b1;
8158
8159 tmp = b5 ^ b14;
8160 b5 = ror64(tmp, 23);
8161 b14 -= b5;
8162
8163 tmp = b3 ^ b12;
8164 b3 = ror64(tmp, 18);
8165 b12 -= b3;
8166
8167 tmp = b7 ^ b10;
8168 b7 = ror64(tmp, 49);
8169 b10 -= b7;
8170
8171 tmp = b15 ^ b4;
8172 b15 = ror64(tmp, 55);
8173 b4 -= b15;
8174
8175 tmp = b11 ^ b6;
8176 b11 = ror64(tmp, 10);
8177 b6 -= b11;
8178
8179 tmp = b13 ^ b2;
8180 b13 = ror64(tmp, 19);
8181 b2 -= b13;
8182
8183 tmp = b9 ^ b0;
8184 b9 = ror64(tmp, 38);
8185 b0 -= b9;
8186
8187 tmp = b15 ^ b14;
8188 b15 = ror64(tmp, 37);
8189 b14 -= b15 + k14 + t1;
8190 b15 -= k15;
8191
8192 tmp = b13 ^ b12;
8193 b13 = ror64(tmp, 22);
8194 b12 -= b13 + k12;
8195 b13 -= k13 + t0;
8196
8197 tmp = b11 ^ b10;
8198 b11 = ror64(tmp, 17);
8199 b10 -= b11 + k10;
8200 b11 -= k11;
8201
8202 tmp = b9 ^ b8;
8203 b9 = ror64(tmp, 8);
8204 b8 -= b9 + k8;
8205 b9 -= k9;
8206
8207 tmp = b7 ^ b6;
8208 b7 = ror64(tmp, 47);
8209 b6 -= b7 + k6;
8210 b7 -= k7;
8211
8212 tmp = b5 ^ b4;
8213 b5 = ror64(tmp, 8);
8214 b4 -= b5 + k4;
8215 b5 -= k5;
8216
8217 tmp = b3 ^ b2;
8218 b3 = ror64(tmp, 13);
8219 b2 -= b3 + k2;
8220 b3 -= k3;
8221
8222 tmp = b1 ^ b0;
8223 b1 = ror64(tmp, 24);
8224 b0 -= b1 + k0;
8225 b1 -= k1;
8226
8227 output[15] = b15;
8228 output[14] = b14;
8229 output[13] = b13;
8230 output[12] = b12;
8231 output[11] = b11;
8232 output[10] = b10;
8233 output[9] = b9;
8234 output[8] = b8;
8235 output[7] = b7;
8236 output[6] = b6;
8237 output[5] = b5;
8238 output[4] = b4;
8239 output[3] = b3;
8240 output[2] = b2;
8241 output[1] = b1;
8242 output[0] = b0;
8243 }
Ubuntu Focal Linux kernel mirror