186d7f5d3SJohn Marino /* $FreeBSD: src/sys/opencrypto/rmd160.c,v 1.3 2005/01/07 02:29:16 imp Exp $ */
286d7f5d3SJohn Marino /* $OpenBSD: rmd160.c,v 1.3 2001/09/26 21:40:13 markus Exp $ */
386d7f5d3SJohn Marino /*-
486d7f5d3SJohn Marino * Copyright (c) 2001 Markus Friedl. All rights reserved.
586d7f5d3SJohn Marino *
686d7f5d3SJohn Marino * Redistribution and use in source and binary forms, with or without
786d7f5d3SJohn Marino * modification, are permitted provided that the following conditions
886d7f5d3SJohn Marino * are met:
986d7f5d3SJohn Marino * 1. Redistributions of source code must retain the above copyright
1086d7f5d3SJohn Marino * notice, this list of conditions and the following disclaimer.
1186d7f5d3SJohn Marino * 2. Redistributions in binary form must reproduce the above copyright
1286d7f5d3SJohn Marino * notice, this list of conditions and the following disclaimer in the
1386d7f5d3SJohn Marino * documentation and/or other materials provided with the distribution.
1486d7f5d3SJohn Marino *
1586d7f5d3SJohn Marino * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
1686d7f5d3SJohn Marino * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
1786d7f5d3SJohn Marino * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
1886d7f5d3SJohn Marino * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
1986d7f5d3SJohn Marino * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
2086d7f5d3SJohn Marino * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
2186d7f5d3SJohn Marino * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
2286d7f5d3SJohn Marino * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
2386d7f5d3SJohn Marino * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
2486d7f5d3SJohn Marino * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
2586d7f5d3SJohn Marino */
2686d7f5d3SJohn Marino
2786d7f5d3SJohn Marino /*
2886d7f5d3SJohn Marino * Preneel, Bosselaers, Dobbertin, "The Cryptographic Hash Function RIPEMD-160",
2986d7f5d3SJohn Marino * RSA Laboratories, CryptoBytes, Volume 3, Number 2, Autumn 1997,
3086d7f5d3SJohn Marino * ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto3n2.pdf
3186d7f5d3SJohn Marino */
3286d7f5d3SJohn Marino
3386d7f5d3SJohn Marino #include <sys/param.h>
3486d7f5d3SJohn Marino #include <sys/systm.h>
3586d7f5d3SJohn Marino #include <sys/endian.h>
3686d7f5d3SJohn Marino #include <opencrypto/rmd160.h>
3786d7f5d3SJohn Marino
3886d7f5d3SJohn Marino #define PUT_64BIT_LE(cp, value) do { \
3986d7f5d3SJohn Marino (cp)[7] = (value) >> 56; \
4086d7f5d3SJohn Marino (cp)[6] = (value) >> 48; \
4186d7f5d3SJohn Marino (cp)[5] = (value) >> 40; \
4286d7f5d3SJohn Marino (cp)[4] = (value) >> 32; \
4386d7f5d3SJohn Marino (cp)[3] = (value) >> 24; \
4486d7f5d3SJohn Marino (cp)[2] = (value) >> 16; \
4586d7f5d3SJohn Marino (cp)[1] = (value) >> 8; \
4686d7f5d3SJohn Marino (cp)[0] = (value); } while (0)
4786d7f5d3SJohn Marino
4886d7f5d3SJohn Marino #define PUT_32BIT_LE(cp, value) do { \
4986d7f5d3SJohn Marino (cp)[3] = (value) >> 24; \
5086d7f5d3SJohn Marino (cp)[2] = (value) >> 16; \
5186d7f5d3SJohn Marino (cp)[1] = (value) >> 8; \
5286d7f5d3SJohn Marino (cp)[0] = (value); } while (0)
5386d7f5d3SJohn Marino
5486d7f5d3SJohn Marino #define H0 0x67452301U
5586d7f5d3SJohn Marino #define H1 0xEFCDAB89U
5686d7f5d3SJohn Marino #define H2 0x98BADCFEU
5786d7f5d3SJohn Marino #define H3 0x10325476U
5886d7f5d3SJohn Marino #define H4 0xC3D2E1F0U
5986d7f5d3SJohn Marino
6086d7f5d3SJohn Marino #define K0 0x00000000U
6186d7f5d3SJohn Marino #define K1 0x5A827999U
6286d7f5d3SJohn Marino #define K2 0x6ED9EBA1U
6386d7f5d3SJohn Marino #define K3 0x8F1BBCDCU
6486d7f5d3SJohn Marino #define K4 0xA953FD4EU
6586d7f5d3SJohn Marino
6686d7f5d3SJohn Marino #define KK0 0x50A28BE6U
6786d7f5d3SJohn Marino #define KK1 0x5C4DD124U
6886d7f5d3SJohn Marino #define KK2 0x6D703EF3U
6986d7f5d3SJohn Marino #define KK3 0x7A6D76E9U
7086d7f5d3SJohn Marino #define KK4 0x00000000U
7186d7f5d3SJohn Marino
7286d7f5d3SJohn Marino /* rotate x left n bits. */
7386d7f5d3SJohn Marino #define ROL(n, x) (((x) << (n)) | ((x) >> (32-(n))))
7486d7f5d3SJohn Marino
7586d7f5d3SJohn Marino #define F0(x, y, z) ((x) ^ (y) ^ (z))
7686d7f5d3SJohn Marino #define F1(x, y, z) (((x) & (y)) | ((~x) & (z)))
7786d7f5d3SJohn Marino #define F2(x, y, z) (((x) | (~y)) ^ (z))
7886d7f5d3SJohn Marino #define F3(x, y, z) (((x) & (z)) | ((y) & (~z)))
7986d7f5d3SJohn Marino #define F4(x, y, z) ((x) ^ ((y) | (~z)))
8086d7f5d3SJohn Marino
8186d7f5d3SJohn Marino #define R(a, b, c, d, e, Fj, Kj, sj, rj) \
8286d7f5d3SJohn Marino do { \
8386d7f5d3SJohn Marino a = ROL(sj, a + Fj(b,c,d) + X(rj) + Kj) + e; \
8486d7f5d3SJohn Marino c = ROL(10, c); \
8586d7f5d3SJohn Marino } while(0)
8686d7f5d3SJohn Marino
8786d7f5d3SJohn Marino #define X(i) x[i]
8886d7f5d3SJohn Marino
8986d7f5d3SJohn Marino static u_char PADDING[64] = {
9086d7f5d3SJohn Marino 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
9186d7f5d3SJohn Marino 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
9286d7f5d3SJohn Marino 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
9386d7f5d3SJohn Marino };
9486d7f5d3SJohn Marino
9586d7f5d3SJohn Marino void
RMD160Init(RMD160_CTX * ctx)9686d7f5d3SJohn Marino RMD160Init(RMD160_CTX *ctx)
9786d7f5d3SJohn Marino {
9886d7f5d3SJohn Marino ctx->count = 0;
9986d7f5d3SJohn Marino ctx->state[0] = H0;
10086d7f5d3SJohn Marino ctx->state[1] = H1;
10186d7f5d3SJohn Marino ctx->state[2] = H2;
10286d7f5d3SJohn Marino ctx->state[3] = H3;
10386d7f5d3SJohn Marino ctx->state[4] = H4;
10486d7f5d3SJohn Marino }
10586d7f5d3SJohn Marino
10686d7f5d3SJohn Marino void
RMD160Update(RMD160_CTX * ctx,const u_char * input,u_int32_t len)10786d7f5d3SJohn Marino RMD160Update(RMD160_CTX *ctx, const u_char *input, u_int32_t len)
10886d7f5d3SJohn Marino {
10986d7f5d3SJohn Marino u_int32_t have, off, need;
11086d7f5d3SJohn Marino
11186d7f5d3SJohn Marino have = (ctx->count/8) % 64;
11286d7f5d3SJohn Marino need = 64 - have;
11386d7f5d3SJohn Marino ctx->count += 8 * len;
11486d7f5d3SJohn Marino off = 0;
11586d7f5d3SJohn Marino
11686d7f5d3SJohn Marino if (len >= need) {
11786d7f5d3SJohn Marino if (have) {
11886d7f5d3SJohn Marino memcpy(ctx->buffer + have, input, need);
11986d7f5d3SJohn Marino RMD160Transform(ctx->state, ctx->buffer);
12086d7f5d3SJohn Marino off = need;
12186d7f5d3SJohn Marino have = 0;
12286d7f5d3SJohn Marino }
12386d7f5d3SJohn Marino /* now the buffer is empty */
12486d7f5d3SJohn Marino while (off + 64 <= len) {
12586d7f5d3SJohn Marino RMD160Transform(ctx->state, input+off);
12686d7f5d3SJohn Marino off += 64;
12786d7f5d3SJohn Marino }
12886d7f5d3SJohn Marino }
12986d7f5d3SJohn Marino if (off < len)
13086d7f5d3SJohn Marino memcpy(ctx->buffer + have, input+off, len-off);
13186d7f5d3SJohn Marino }
13286d7f5d3SJohn Marino
13386d7f5d3SJohn Marino void
RMD160Final(u_char digest[20],RMD160_CTX * ctx)13486d7f5d3SJohn Marino RMD160Final(u_char digest[20], RMD160_CTX *ctx)
13586d7f5d3SJohn Marino {
13686d7f5d3SJohn Marino int i;
13786d7f5d3SJohn Marino u_char size[8];
13886d7f5d3SJohn Marino u_int32_t padlen;
13986d7f5d3SJohn Marino
14086d7f5d3SJohn Marino PUT_64BIT_LE(size, ctx->count);
14186d7f5d3SJohn Marino
14286d7f5d3SJohn Marino /*
14386d7f5d3SJohn Marino * pad to 64 byte blocks, at least one byte from PADDING plus 8 bytes
14486d7f5d3SJohn Marino * for the size
14586d7f5d3SJohn Marino */
14686d7f5d3SJohn Marino padlen = 64 - ((ctx->count/8) % 64);
14786d7f5d3SJohn Marino if (padlen < 1 + 8)
14886d7f5d3SJohn Marino padlen += 64;
14986d7f5d3SJohn Marino RMD160Update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */
15086d7f5d3SJohn Marino RMD160Update(ctx, size, 8);
15186d7f5d3SJohn Marino
15286d7f5d3SJohn Marino if (digest != NULL)
15386d7f5d3SJohn Marino for (i = 0; i < 5; i++)
15486d7f5d3SJohn Marino PUT_32BIT_LE(digest + i*4, ctx->state[i]);
15586d7f5d3SJohn Marino
15686d7f5d3SJohn Marino memset(ctx, 0, sizeof (*ctx));
15786d7f5d3SJohn Marino }
15886d7f5d3SJohn Marino
15986d7f5d3SJohn Marino void
RMD160Transform(u_int32_t state[5],const u_char block[64])16086d7f5d3SJohn Marino RMD160Transform(u_int32_t state[5], const u_char block[64])
16186d7f5d3SJohn Marino {
16286d7f5d3SJohn Marino u_int32_t a, b, c, d, e, aa, bb, cc, dd, ee, t, x[16];
16386d7f5d3SJohn Marino
16486d7f5d3SJohn Marino #if BYTE_ORDER == LITTLE_ENDIAN
16586d7f5d3SJohn Marino memcpy(x, block, 64);
16686d7f5d3SJohn Marino #else
16786d7f5d3SJohn Marino int i;
16886d7f5d3SJohn Marino
16986d7f5d3SJohn Marino for (i = 0; i < 16; i++)
17086d7f5d3SJohn Marino x[i] = bswap32(*(const u_int32_t*)(block+i*4));
17186d7f5d3SJohn Marino #endif
17286d7f5d3SJohn Marino
17386d7f5d3SJohn Marino a = state[0];
17486d7f5d3SJohn Marino b = state[1];
17586d7f5d3SJohn Marino c = state[2];
17686d7f5d3SJohn Marino d = state[3];
17786d7f5d3SJohn Marino e = state[4];
17886d7f5d3SJohn Marino
17986d7f5d3SJohn Marino /* Round 1 */
18086d7f5d3SJohn Marino R(a, b, c, d, e, F0, K0, 11, 0);
18186d7f5d3SJohn Marino R(e, a, b, c, d, F0, K0, 14, 1);
18286d7f5d3SJohn Marino R(d, e, a, b, c, F0, K0, 15, 2);
18386d7f5d3SJohn Marino R(c, d, e, a, b, F0, K0, 12, 3);
18486d7f5d3SJohn Marino R(b, c, d, e, a, F0, K0, 5, 4);
18586d7f5d3SJohn Marino R(a, b, c, d, e, F0, K0, 8, 5);
18686d7f5d3SJohn Marino R(e, a, b, c, d, F0, K0, 7, 6);
18786d7f5d3SJohn Marino R(d, e, a, b, c, F0, K0, 9, 7);
18886d7f5d3SJohn Marino R(c, d, e, a, b, F0, K0, 11, 8);
18986d7f5d3SJohn Marino R(b, c, d, e, a, F0, K0, 13, 9);
19086d7f5d3SJohn Marino R(a, b, c, d, e, F0, K0, 14, 10);
19186d7f5d3SJohn Marino R(e, a, b, c, d, F0, K0, 15, 11);
19286d7f5d3SJohn Marino R(d, e, a, b, c, F0, K0, 6, 12);
19386d7f5d3SJohn Marino R(c, d, e, a, b, F0, K0, 7, 13);
19486d7f5d3SJohn Marino R(b, c, d, e, a, F0, K0, 9, 14);
19586d7f5d3SJohn Marino R(a, b, c, d, e, F0, K0, 8, 15); /* #15 */
19686d7f5d3SJohn Marino /* Round 2 */
19786d7f5d3SJohn Marino R(e, a, b, c, d, F1, K1, 7, 7);
19886d7f5d3SJohn Marino R(d, e, a, b, c, F1, K1, 6, 4);
19986d7f5d3SJohn Marino R(c, d, e, a, b, F1, K1, 8, 13);
20086d7f5d3SJohn Marino R(b, c, d, e, a, F1, K1, 13, 1);
20186d7f5d3SJohn Marino R(a, b, c, d, e, F1, K1, 11, 10);
20286d7f5d3SJohn Marino R(e, a, b, c, d, F1, K1, 9, 6);
20386d7f5d3SJohn Marino R(d, e, a, b, c, F1, K1, 7, 15);
20486d7f5d3SJohn Marino R(c, d, e, a, b, F1, K1, 15, 3);
20586d7f5d3SJohn Marino R(b, c, d, e, a, F1, K1, 7, 12);
20686d7f5d3SJohn Marino R(a, b, c, d, e, F1, K1, 12, 0);
20786d7f5d3SJohn Marino R(e, a, b, c, d, F1, K1, 15, 9);
20886d7f5d3SJohn Marino R(d, e, a, b, c, F1, K1, 9, 5);
20986d7f5d3SJohn Marino R(c, d, e, a, b, F1, K1, 11, 2);
21086d7f5d3SJohn Marino R(b, c, d, e, a, F1, K1, 7, 14);
21186d7f5d3SJohn Marino R(a, b, c, d, e, F1, K1, 13, 11);
21286d7f5d3SJohn Marino R(e, a, b, c, d, F1, K1, 12, 8); /* #31 */
21386d7f5d3SJohn Marino /* Round 3 */
21486d7f5d3SJohn Marino R(d, e, a, b, c, F2, K2, 11, 3);
21586d7f5d3SJohn Marino R(c, d, e, a, b, F2, K2, 13, 10);
21686d7f5d3SJohn Marino R(b, c, d, e, a, F2, K2, 6, 14);
21786d7f5d3SJohn Marino R(a, b, c, d, e, F2, K2, 7, 4);
21886d7f5d3SJohn Marino R(e, a, b, c, d, F2, K2, 14, 9);
21986d7f5d3SJohn Marino R(d, e, a, b, c, F2, K2, 9, 15);
22086d7f5d3SJohn Marino R(c, d, e, a, b, F2, K2, 13, 8);
22186d7f5d3SJohn Marino R(b, c, d, e, a, F2, K2, 15, 1);
22286d7f5d3SJohn Marino R(a, b, c, d, e, F2, K2, 14, 2);
22386d7f5d3SJohn Marino R(e, a, b, c, d, F2, K2, 8, 7);
22486d7f5d3SJohn Marino R(d, e, a, b, c, F2, K2, 13, 0);
22586d7f5d3SJohn Marino R(c, d, e, a, b, F2, K2, 6, 6);
22686d7f5d3SJohn Marino R(b, c, d, e, a, F2, K2, 5, 13);
22786d7f5d3SJohn Marino R(a, b, c, d, e, F2, K2, 12, 11);
22886d7f5d3SJohn Marino R(e, a, b, c, d, F2, K2, 7, 5);
22986d7f5d3SJohn Marino R(d, e, a, b, c, F2, K2, 5, 12); /* #47 */
23086d7f5d3SJohn Marino /* Round 4 */
23186d7f5d3SJohn Marino R(c, d, e, a, b, F3, K3, 11, 1);
23286d7f5d3SJohn Marino R(b, c, d, e, a, F3, K3, 12, 9);
23386d7f5d3SJohn Marino R(a, b, c, d, e, F3, K3, 14, 11);
23486d7f5d3SJohn Marino R(e, a, b, c, d, F3, K3, 15, 10);
23586d7f5d3SJohn Marino R(d, e, a, b, c, F3, K3, 14, 0);
23686d7f5d3SJohn Marino R(c, d, e, a, b, F3, K3, 15, 8);
23786d7f5d3SJohn Marino R(b, c, d, e, a, F3, K3, 9, 12);
23886d7f5d3SJohn Marino R(a, b, c, d, e, F3, K3, 8, 4);
23986d7f5d3SJohn Marino R(e, a, b, c, d, F3, K3, 9, 13);
24086d7f5d3SJohn Marino R(d, e, a, b, c, F3, K3, 14, 3);
24186d7f5d3SJohn Marino R(c, d, e, a, b, F3, K3, 5, 7);
24286d7f5d3SJohn Marino R(b, c, d, e, a, F3, K3, 6, 15);
24386d7f5d3SJohn Marino R(a, b, c, d, e, F3, K3, 8, 14);
24486d7f5d3SJohn Marino R(e, a, b, c, d, F3, K3, 6, 5);
24586d7f5d3SJohn Marino R(d, e, a, b, c, F3, K3, 5, 6);
24686d7f5d3SJohn Marino R(c, d, e, a, b, F3, K3, 12, 2); /* #63 */
24786d7f5d3SJohn Marino /* Round 5 */
24886d7f5d3SJohn Marino R(b, c, d, e, a, F4, K4, 9, 4);
24986d7f5d3SJohn Marino R(a, b, c, d, e, F4, K4, 15, 0);
25086d7f5d3SJohn Marino R(e, a, b, c, d, F4, K4, 5, 5);
25186d7f5d3SJohn Marino R(d, e, a, b, c, F4, K4, 11, 9);
25286d7f5d3SJohn Marino R(c, d, e, a, b, F4, K4, 6, 7);
25386d7f5d3SJohn Marino R(b, c, d, e, a, F4, K4, 8, 12);
25486d7f5d3SJohn Marino R(a, b, c, d, e, F4, K4, 13, 2);
25586d7f5d3SJohn Marino R(e, a, b, c, d, F4, K4, 12, 10);
25686d7f5d3SJohn Marino R(d, e, a, b, c, F4, K4, 5, 14);
25786d7f5d3SJohn Marino R(c, d, e, a, b, F4, K4, 12, 1);
25886d7f5d3SJohn Marino R(b, c, d, e, a, F4, K4, 13, 3);
25986d7f5d3SJohn Marino R(a, b, c, d, e, F4, K4, 14, 8);
26086d7f5d3SJohn Marino R(e, a, b, c, d, F4, K4, 11, 11);
26186d7f5d3SJohn Marino R(d, e, a, b, c, F4, K4, 8, 6);
26286d7f5d3SJohn Marino R(c, d, e, a, b, F4, K4, 5, 15);
26386d7f5d3SJohn Marino R(b, c, d, e, a, F4, K4, 6, 13); /* #79 */
26486d7f5d3SJohn Marino
26586d7f5d3SJohn Marino aa = a ; bb = b; cc = c; dd = d; ee = e;
26686d7f5d3SJohn Marino
26786d7f5d3SJohn Marino a = state[0];
26886d7f5d3SJohn Marino b = state[1];
26986d7f5d3SJohn Marino c = state[2];
27086d7f5d3SJohn Marino d = state[3];
27186d7f5d3SJohn Marino e = state[4];
27286d7f5d3SJohn Marino
27386d7f5d3SJohn Marino /* Parallel round 1 */
27486d7f5d3SJohn Marino R(a, b, c, d, e, F4, KK0, 8, 5);
27586d7f5d3SJohn Marino R(e, a, b, c, d, F4, KK0, 9, 14);
27686d7f5d3SJohn Marino R(d, e, a, b, c, F4, KK0, 9, 7);
27786d7f5d3SJohn Marino R(c, d, e, a, b, F4, KK0, 11, 0);
27886d7f5d3SJohn Marino R(b, c, d, e, a, F4, KK0, 13, 9);
27986d7f5d3SJohn Marino R(a, b, c, d, e, F4, KK0, 15, 2);
28086d7f5d3SJohn Marino R(e, a, b, c, d, F4, KK0, 15, 11);
28186d7f5d3SJohn Marino R(d, e, a, b, c, F4, KK0, 5, 4);
28286d7f5d3SJohn Marino R(c, d, e, a, b, F4, KK0, 7, 13);
28386d7f5d3SJohn Marino R(b, c, d, e, a, F4, KK0, 7, 6);
28486d7f5d3SJohn Marino R(a, b, c, d, e, F4, KK0, 8, 15);
28586d7f5d3SJohn Marino R(e, a, b, c, d, F4, KK0, 11, 8);
28686d7f5d3SJohn Marino R(d, e, a, b, c, F4, KK0, 14, 1);
28786d7f5d3SJohn Marino R(c, d, e, a, b, F4, KK0, 14, 10);
28886d7f5d3SJohn Marino R(b, c, d, e, a, F4, KK0, 12, 3);
28986d7f5d3SJohn Marino R(a, b, c, d, e, F4, KK0, 6, 12); /* #15 */
29086d7f5d3SJohn Marino /* Parallel round 2 */
29186d7f5d3SJohn Marino R(e, a, b, c, d, F3, KK1, 9, 6);
29286d7f5d3SJohn Marino R(d, e, a, b, c, F3, KK1, 13, 11);
29386d7f5d3SJohn Marino R(c, d, e, a, b, F3, KK1, 15, 3);
29486d7f5d3SJohn Marino R(b, c, d, e, a, F3, KK1, 7, 7);
29586d7f5d3SJohn Marino R(a, b, c, d, e, F3, KK1, 12, 0);
29686d7f5d3SJohn Marino R(e, a, b, c, d, F3, KK1, 8, 13);
29786d7f5d3SJohn Marino R(d, e, a, b, c, F3, KK1, 9, 5);
29886d7f5d3SJohn Marino R(c, d, e, a, b, F3, KK1, 11, 10);
29986d7f5d3SJohn Marino R(b, c, d, e, a, F3, KK1, 7, 14);
30086d7f5d3SJohn Marino R(a, b, c, d, e, F3, KK1, 7, 15);
30186d7f5d3SJohn Marino R(e, a, b, c, d, F3, KK1, 12, 8);
30286d7f5d3SJohn Marino R(d, e, a, b, c, F3, KK1, 7, 12);
30386d7f5d3SJohn Marino R(c, d, e, a, b, F3, KK1, 6, 4);
30486d7f5d3SJohn Marino R(b, c, d, e, a, F3, KK1, 15, 9);
30586d7f5d3SJohn Marino R(a, b, c, d, e, F3, KK1, 13, 1);
30686d7f5d3SJohn Marino R(e, a, b, c, d, F3, KK1, 11, 2); /* #31 */
30786d7f5d3SJohn Marino /* Parallel round 3 */
30886d7f5d3SJohn Marino R(d, e, a, b, c, F2, KK2, 9, 15);
30986d7f5d3SJohn Marino R(c, d, e, a, b, F2, KK2, 7, 5);
31086d7f5d3SJohn Marino R(b, c, d, e, a, F2, KK2, 15, 1);
31186d7f5d3SJohn Marino R(a, b, c, d, e, F2, KK2, 11, 3);
31286d7f5d3SJohn Marino R(e, a, b, c, d, F2, KK2, 8, 7);
31386d7f5d3SJohn Marino R(d, e, a, b, c, F2, KK2, 6, 14);
31486d7f5d3SJohn Marino R(c, d, e, a, b, F2, KK2, 6, 6);
31586d7f5d3SJohn Marino R(b, c, d, e, a, F2, KK2, 14, 9);
31686d7f5d3SJohn Marino R(a, b, c, d, e, F2, KK2, 12, 11);
31786d7f5d3SJohn Marino R(e, a, b, c, d, F2, KK2, 13, 8);
31886d7f5d3SJohn Marino R(d, e, a, b, c, F2, KK2, 5, 12);
31986d7f5d3SJohn Marino R(c, d, e, a, b, F2, KK2, 14, 2);
32086d7f5d3SJohn Marino R(b, c, d, e, a, F2, KK2, 13, 10);
32186d7f5d3SJohn Marino R(a, b, c, d, e, F2, KK2, 13, 0);
32286d7f5d3SJohn Marino R(e, a, b, c, d, F2, KK2, 7, 4);
32386d7f5d3SJohn Marino R(d, e, a, b, c, F2, KK2, 5, 13); /* #47 */
32486d7f5d3SJohn Marino /* Parallel round 4 */
32586d7f5d3SJohn Marino R(c, d, e, a, b, F1, KK3, 15, 8);
32686d7f5d3SJohn Marino R(b, c, d, e, a, F1, KK3, 5, 6);
32786d7f5d3SJohn Marino R(a, b, c, d, e, F1, KK3, 8, 4);
32886d7f5d3SJohn Marino R(e, a, b, c, d, F1, KK3, 11, 1);
32986d7f5d3SJohn Marino R(d, e, a, b, c, F1, KK3, 14, 3);
33086d7f5d3SJohn Marino R(c, d, e, a, b, F1, KK3, 14, 11);
33186d7f5d3SJohn Marino R(b, c, d, e, a, F1, KK3, 6, 15);
33286d7f5d3SJohn Marino R(a, b, c, d, e, F1, KK3, 14, 0);
33386d7f5d3SJohn Marino R(e, a, b, c, d, F1, KK3, 6, 5);
33486d7f5d3SJohn Marino R(d, e, a, b, c, F1, KK3, 9, 12);
33586d7f5d3SJohn Marino R(c, d, e, a, b, F1, KK3, 12, 2);
33686d7f5d3SJohn Marino R(b, c, d, e, a, F1, KK3, 9, 13);
33786d7f5d3SJohn Marino R(a, b, c, d, e, F1, KK3, 12, 9);
33886d7f5d3SJohn Marino R(e, a, b, c, d, F1, KK3, 5, 7);
33986d7f5d3SJohn Marino R(d, e, a, b, c, F1, KK3, 15, 10);
34086d7f5d3SJohn Marino R(c, d, e, a, b, F1, KK3, 8, 14); /* #63 */
34186d7f5d3SJohn Marino /* Parallel round 5 */
34286d7f5d3SJohn Marino R(b, c, d, e, a, F0, KK4, 8, 12);
34386d7f5d3SJohn Marino R(a, b, c, d, e, F0, KK4, 5, 15);
34486d7f5d3SJohn Marino R(e, a, b, c, d, F0, KK4, 12, 10);
34586d7f5d3SJohn Marino R(d, e, a, b, c, F0, KK4, 9, 4);
34686d7f5d3SJohn Marino R(c, d, e, a, b, F0, KK4, 12, 1);
34786d7f5d3SJohn Marino R(b, c, d, e, a, F0, KK4, 5, 5);
34886d7f5d3SJohn Marino R(a, b, c, d, e, F0, KK4, 14, 8);
34986d7f5d3SJohn Marino R(e, a, b, c, d, F0, KK4, 6, 7);
35086d7f5d3SJohn Marino R(d, e, a, b, c, F0, KK4, 8, 6);
35186d7f5d3SJohn Marino R(c, d, e, a, b, F0, KK4, 13, 2);
35286d7f5d3SJohn Marino R(b, c, d, e, a, F0, KK4, 6, 13);
35386d7f5d3SJohn Marino R(a, b, c, d, e, F0, KK4, 5, 14);
35486d7f5d3SJohn Marino R(e, a, b, c, d, F0, KK4, 15, 0);
35586d7f5d3SJohn Marino R(d, e, a, b, c, F0, KK4, 13, 3);
35686d7f5d3SJohn Marino R(c, d, e, a, b, F0, KK4, 11, 9);
35786d7f5d3SJohn Marino R(b, c, d, e, a, F0, KK4, 11, 11); /* #79 */
35886d7f5d3SJohn Marino
35986d7f5d3SJohn Marino t = state[1] + cc + d;
36086d7f5d3SJohn Marino state[1] = state[2] + dd + e;
36186d7f5d3SJohn Marino state[2] = state[3] + ee + a;
36286d7f5d3SJohn Marino state[3] = state[4] + aa + b;
36386d7f5d3SJohn Marino state[4] = state[0] + bb + c;
36486d7f5d3SJohn Marino state[0] = t;
36586d7f5d3SJohn Marino }
366