1 // SPDX-License-Identifier: GPL-2.0
2 #include <linux/bitops.h>
3 #include "threefish_api.h"
4
threefish_encrypt_256(struct threefish_key * key_ctx,u64 * input,u64 * output)5 void threefish_encrypt_256(struct threefish_key *key_ctx, u64 *input,
6 u64 *output)
7 {
8 u64 b0 = input[0], b1 = input[1],
9 b2 = input[2], b3 = input[3];
10 u64 k0 = key_ctx->key[0], k1 = key_ctx->key[1],
11 k2 = key_ctx->key[2], k3 = key_ctx->key[3],
12 k4 = key_ctx->key[4];
13 u64 t0 = key_ctx->tweak[0], t1 = key_ctx->tweak[1],
14 t2 = key_ctx->tweak[2];
15
16 b1 += k1 + t0;
17 b0 += b1 + k0;
18 b1 = rol64(b1, 14) ^ b0;
19
20 b3 += k3;
21 b2 += b3 + k2 + t1;
22 b3 = rol64(b3, 16) ^ b2;
23
24 b0 += b3;
25 b3 = rol64(b3, 52) ^ b0;
26
27 b2 += b1;
28 b1 = rol64(b1, 57) ^ b2;
29
30 b0 += b1;
31 b1 = rol64(b1, 23) ^ b0;
32
33 b2 += b3;
34 b3 = rol64(b3, 40) ^ b2;
35
36 b0 += b3;
37 b3 = rol64(b3, 5) ^ b0;
38
39 b2 += b1;
40 b1 = rol64(b1, 37) ^ b2;
41
42 b1 += k2 + t1;
43 b0 += b1 + k1;
44 b1 = rol64(b1, 25) ^ b0;
45
46 b3 += k4 + 1;
47 b2 += b3 + k3 + t2;
48 b3 = rol64(b3, 33) ^ b2;
49
50 b0 += b3;
51 b3 = rol64(b3, 46) ^ b0;
52
53 b2 += b1;
54 b1 = rol64(b1, 12) ^ b2;
55
56 b0 += b1;
57 b1 = rol64(b1, 58) ^ b0;
58
59 b2 += b3;
60 b3 = rol64(b3, 22) ^ b2;
61
62 b0 += b3;
63 b3 = rol64(b3, 32) ^ b0;
64
65 b2 += b1;
66 b1 = rol64(b1, 32) ^ b2;
67
68 b1 += k3 + t2;
69 b0 += b1 + k2;
70 b1 = rol64(b1, 14) ^ b0;
71
72 b3 += k0 + 2;
73 b2 += b3 + k4 + t0;
74 b3 = rol64(b3, 16) ^ b2;
75
76 b0 += b3;
77 b3 = rol64(b3, 52) ^ b0;
78
79 b2 += b1;
80 b1 = rol64(b1, 57) ^ b2;
81
82 b0 += b1;
83 b1 = rol64(b1, 23) ^ b0;
84
85 b2 += b3;
86 b3 = rol64(b3, 40) ^ b2;
87
88 b0 += b3;
89 b3 = rol64(b3, 5) ^ b0;
90
91 b2 += b1;
92 b1 = rol64(b1, 37) ^ b2;
93
94 b1 += k4 + t0;
95 b0 += b1 + k3;
96 b1 = rol64(b1, 25) ^ b0;
97
98 b3 += k1 + 3;
99 b2 += b3 + k0 + t1;
100 b3 = rol64(b3, 33) ^ b2;
101
102 b0 += b3;
103 b3 = rol64(b3, 46) ^ b0;
104
105 b2 += b1;
106 b1 = rol64(b1, 12) ^ b2;
107
108 b0 += b1;
109 b1 = rol64(b1, 58) ^ b0;
110
111 b2 += b3;
112 b3 = rol64(b3, 22) ^ b2;
113
114 b0 += b3;
115 b3 = rol64(b3, 32) ^ b0;
116
117 b2 += b1;
118 b1 = rol64(b1, 32) ^ b2;
119
120 b1 += k0 + t1;
121 b0 += b1 + k4;
122 b1 = rol64(b1, 14) ^ b0;
123
124 b3 += k2 + 4;
125 b2 += b3 + k1 + t2;
126 b3 = rol64(b3, 16) ^ b2;
127
128 b0 += b3;
129 b3 = rol64(b3, 52) ^ b0;
130
131 b2 += b1;
132 b1 = rol64(b1, 57) ^ b2;
133
134 b0 += b1;
135 b1 = rol64(b1, 23) ^ b0;
136
137 b2 += b3;
138 b3 = rol64(b3, 40) ^ b2;
139
140 b0 += b3;
141 b3 = rol64(b3, 5) ^ b0;
142
143 b2 += b1;
144 b1 = rol64(b1, 37) ^ b2;
145
146 b1 += k1 + t2;
147 b0 += b1 + k0;
148 b1 = rol64(b1, 25) ^ b0;
149
150 b3 += k3 + 5;
151 b2 += b3 + k2 + t0;
152 b3 = rol64(b3, 33) ^ b2;
153
154 b0 += b3;
155 b3 = rol64(b3, 46) ^ b0;
156
157 b2 += b1;
158 b1 = rol64(b1, 12) ^ b2;
159
160 b0 += b1;
161 b1 = rol64(b1, 58) ^ b0;
162
163 b2 += b3;
164 b3 = rol64(b3, 22) ^ b2;
165
166 b0 += b3;
167 b3 = rol64(b3, 32) ^ b0;
168
169 b2 += b1;
170 b1 = rol64(b1, 32) ^ b2;
171
172 b1 += k2 + t0;
173 b0 += b1 + k1;
174 b1 = rol64(b1, 14) ^ b0;
175
176 b3 += k4 + 6;
177 b2 += b3 + k3 + t1;
178 b3 = rol64(b3, 16) ^ b2;
179
180 b0 += b3;
181 b3 = rol64(b3, 52) ^ b0;
182
183 b2 += b1;
184 b1 = rol64(b1, 57) ^ b2;
185
186 b0 += b1;
187 b1 = rol64(b1, 23) ^ b0;
188
189 b2 += b3;
190 b3 = rol64(b3, 40) ^ b2;
191
192 b0 += b3;
193 b3 = rol64(b3, 5) ^ b0;
194
195 b2 += b1;
196 b1 = rol64(b1, 37) ^ b2;
197
198 b1 += k3 + t1;
199 b0 += b1 + k2;
200 b1 = rol64(b1, 25) ^ b0;
201
202 b3 += k0 + 7;
203 b2 += b3 + k4 + t2;
204 b3 = rol64(b3, 33) ^ b2;
205
206 b0 += b3;
207 b3 = rol64(b3, 46) ^ b0;
208
209 b2 += b1;
210 b1 = rol64(b1, 12) ^ b2;
211
212 b0 += b1;
213 b1 = rol64(b1, 58) ^ b0;
214
215 b2 += b3;
216 b3 = rol64(b3, 22) ^ b2;
217
218 b0 += b3;
219 b3 = rol64(b3, 32) ^ b0;
220
221 b2 += b1;
222 b1 = rol64(b1, 32) ^ b2;
223
224 b1 += k4 + t2;
225 b0 += b1 + k3;
226 b1 = rol64(b1, 14) ^ b0;
227
228 b3 += k1 + 8;
229 b2 += b3 + k0 + t0;
230 b3 = rol64(b3, 16) ^ b2;
231
232 b0 += b3;
233 b3 = rol64(b3, 52) ^ b0;
234
235 b2 += b1;
236 b1 = rol64(b1, 57) ^ b2;
237
238 b0 += b1;
239 b1 = rol64(b1, 23) ^ b0;
240
241 b2 += b3;
242 b3 = rol64(b3, 40) ^ b2;
243
244 b0 += b3;
245 b3 = rol64(b3, 5) ^ b0;
246
247 b2 += b1;
248 b1 = rol64(b1, 37) ^ b2;
249
250 b1 += k0 + t0;
251 b0 += b1 + k4;
252 b1 = rol64(b1, 25) ^ b0;
253
254 b3 += k2 + 9;
255 b2 += b3 + k1 + t1;
256 b3 = rol64(b3, 33) ^ b2;
257
258 b0 += b3;
259 b3 = rol64(b3, 46) ^ b0;
260
261 b2 += b1;
262 b1 = rol64(b1, 12) ^ b2;
263
264 b0 += b1;
265 b1 = rol64(b1, 58) ^ b0;
266
267 b2 += b3;
268 b3 = rol64(b3, 22) ^ b2;
269
270 b0 += b3;
271 b3 = rol64(b3, 32) ^ b0;
272
273 b2 += b1;
274 b1 = rol64(b1, 32) ^ b2;
275
276 b1 += k1 + t1;
277 b0 += b1 + k0;
278 b1 = rol64(b1, 14) ^ b0;
279
280 b3 += k3 + 10;
281 b2 += b3 + k2 + t2;
282 b3 = rol64(b3, 16) ^ b2;
283
284 b0 += b3;
285 b3 = rol64(b3, 52) ^ b0;
286
287 b2 += b1;
288 b1 = rol64(b1, 57) ^ b2;
289
290 b0 += b1;
291 b1 = rol64(b1, 23) ^ b0;
292
293 b2 += b3;
294 b3 = rol64(b3, 40) ^ b2;
295
296 b0 += b3;
297 b3 = rol64(b3, 5) ^ b0;
298
299 b2 += b1;
300 b1 = rol64(b1, 37) ^ b2;
301
302 b1 += k2 + t2;
303 b0 += b1 + k1;
304 b1 = rol64(b1, 25) ^ b0;
305
306 b3 += k4 + 11;
307 b2 += b3 + k3 + t0;
308 b3 = rol64(b3, 33) ^ b2;
309
310 b0 += b3;
311 b3 = rol64(b3, 46) ^ b0;
312
313 b2 += b1;
314 b1 = rol64(b1, 12) ^ b2;
315
316 b0 += b1;
317 b1 = rol64(b1, 58) ^ b0;
318
319 b2 += b3;
320 b3 = rol64(b3, 22) ^ b2;
321
322 b0 += b3;
323 b3 = rol64(b3, 32) ^ b0;
324
325 b2 += b1;
326 b1 = rol64(b1, 32) ^ b2;
327
328 b1 += k3 + t0;
329 b0 += b1 + k2;
330 b1 = rol64(b1, 14) ^ b0;
331
332 b3 += k0 + 12;
333 b2 += b3 + k4 + t1;
334 b3 = rol64(b3, 16) ^ b2;
335
336 b0 += b3;
337 b3 = rol64(b3, 52) ^ b0;
338
339 b2 += b1;
340 b1 = rol64(b1, 57) ^ b2;
341
342 b0 += b1;
343 b1 = rol64(b1, 23) ^ b0;
344
345 b2 += b3;
346 b3 = rol64(b3, 40) ^ b2;
347
348 b0 += b3;
349 b3 = rol64(b3, 5) ^ b0;
350
351 b2 += b1;
352 b1 = rol64(b1, 37) ^ b2;
353
354 b1 += k4 + t1;
355 b0 += b1 + k3;
356 b1 = rol64(b1, 25) ^ b0;
357
358 b3 += k1 + 13;
359 b2 += b3 + k0 + t2;
360 b3 = rol64(b3, 33) ^ b2;
361
362 b0 += b3;
363 b3 = rol64(b3, 46) ^ b0;
364
365 b2 += b1;
366 b1 = rol64(b1, 12) ^ b2;
367
368 b0 += b1;
369 b1 = rol64(b1, 58) ^ b0;
370
371 b2 += b3;
372 b3 = rol64(b3, 22) ^ b2;
373
374 b0 += b3;
375 b3 = rol64(b3, 32) ^ b0;
376
377 b2 += b1;
378 b1 = rol64(b1, 32) ^ b2;
379
380 b1 += k0 + t2;
381 b0 += b1 + k4;
382 b1 = rol64(b1, 14) ^ b0;
383
384 b3 += k2 + 14;
385 b2 += b3 + k1 + t0;
386 b3 = rol64(b3, 16) ^ b2;
387
388 b0 += b3;
389 b3 = rol64(b3, 52) ^ b0;
390
391 b2 += b1;
392 b1 = rol64(b1, 57) ^ b2;
393
394 b0 += b1;
395 b1 = rol64(b1, 23) ^ b0;
396
397 b2 += b3;
398 b3 = rol64(b3, 40) ^ b2;
399
400 b0 += b3;
401 b3 = rol64(b3, 5) ^ b0;
402
403 b2 += b1;
404 b1 = rol64(b1, 37) ^ b2;
405
406 b1 += k1 + t0;
407 b0 += b1 + k0;
408 b1 = rol64(b1, 25) ^ b0;
409
410 b3 += k3 + 15;
411 b2 += b3 + k2 + t1;
412 b3 = rol64(b3, 33) ^ b2;
413
414 b0 += b3;
415 b3 = rol64(b3, 46) ^ b0;
416
417 b2 += b1;
418 b1 = rol64(b1, 12) ^ b2;
419
420 b0 += b1;
421 b1 = rol64(b1, 58) ^ b0;
422
423 b2 += b3;
424 b3 = rol64(b3, 22) ^ b2;
425
426 b0 += b3;
427 b3 = rol64(b3, 32) ^ b0;
428
429 b2 += b1;
430 b1 = rol64(b1, 32) ^ b2;
431
432 b1 += k2 + t1;
433 b0 += b1 + k1;
434 b1 = rol64(b1, 14) ^ b0;
435
436 b3 += k4 + 16;
437 b2 += b3 + k3 + t2;
438 b3 = rol64(b3, 16) ^ b2;
439
440 b0 += b3;
441 b3 = rol64(b3, 52) ^ b0;
442
443 b2 += b1;
444 b1 = rol64(b1, 57) ^ b2;
445
446 b0 += b1;
447 b1 = rol64(b1, 23) ^ b0;
448
449 b2 += b3;
450 b3 = rol64(b3, 40) ^ b2;
451
452 b0 += b3;
453 b3 = rol64(b3, 5) ^ b0;
454
455 b2 += b1;
456 b1 = rol64(b1, 37) ^ b2;
457
458 b1 += k3 + t2;
459 b0 += b1 + k2;
460 b1 = rol64(b1, 25) ^ b0;
461
462 b3 += k0 + 17;
463 b2 += b3 + k4 + t0;
464 b3 = rol64(b3, 33) ^ b2;
465
466 b0 += b3;
467 b3 = rol64(b3, 46) ^ b0;
468
469 b2 += b1;
470 b1 = rol64(b1, 12) ^ b2;
471
472 b0 += b1;
473 b1 = rol64(b1, 58) ^ b0;
474
475 b2 += b3;
476 b3 = rol64(b3, 22) ^ b2;
477
478 b0 += b3;
479 b3 = rol64(b3, 32) ^ b0;
480
481 b2 += b1;
482 b1 = rol64(b1, 32) ^ b2;
483
484 output[0] = b0 + k3;
485 output[1] = b1 + k4 + t0;
486 output[2] = b2 + k0 + t1;
487 output[3] = b3 + k1 + 18;
488 }
489
threefish_decrypt_256(struct threefish_key * key_ctx,u64 * input,u64 * output)490 void threefish_decrypt_256(struct threefish_key *key_ctx, u64 *input,
491 u64 *output)
492 {
493 u64 b0 = input[0], b1 = input[1],
494 b2 = input[2], b3 = input[3];
495 u64 k0 = key_ctx->key[0], k1 = key_ctx->key[1],
496 k2 = key_ctx->key[2], k3 = key_ctx->key[3],
497 k4 = key_ctx->key[4];
498 u64 t0 = key_ctx->tweak[0], t1 = key_ctx->tweak[1],
499 t2 = key_ctx->tweak[2];
500
501 u64 tmp;
502
503 b0 -= k3;
504 b1 -= k4 + t0;
505 b2 -= k0 + t1;
506 b3 -= k1 + 18;
507 tmp = b3 ^ b0;
508 b3 = ror64(tmp, 32);
509 b0 -= b3;
510
511 tmp = b1 ^ b2;
512 b1 = ror64(tmp, 32);
513 b2 -= b1;
514
515 tmp = b1 ^ b0;
516 b1 = ror64(tmp, 58);
517 b0 -= b1;
518
519 tmp = b3 ^ b2;
520 b3 = ror64(tmp, 22);
521 b2 -= b3;
522
523 tmp = b3 ^ b0;
524 b3 = ror64(tmp, 46);
525 b0 -= b3;
526
527 tmp = b1 ^ b2;
528 b1 = ror64(tmp, 12);
529 b2 -= b1;
530
531 tmp = b1 ^ b0;
532 b1 = ror64(tmp, 25);
533 b0 -= b1 + k2;
534 b1 -= k3 + t2;
535
536 tmp = b3 ^ b2;
537 b3 = ror64(tmp, 33);
538 b2 -= b3 + k4 + t0;
539 b3 -= k0 + 17;
540
541 tmp = b3 ^ b0;
542 b3 = ror64(tmp, 5);
543 b0 -= b3;
544
545 tmp = b1 ^ b2;
546 b1 = ror64(tmp, 37);
547 b2 -= b1;
548
549 tmp = b1 ^ b0;
550 b1 = ror64(tmp, 23);
551 b0 -= b1;
552
553 tmp = b3 ^ b2;
554 b3 = ror64(tmp, 40);
555 b2 -= b3;
556
557 tmp = b3 ^ b0;
558 b3 = ror64(tmp, 52);
559 b0 -= b3;
560
561 tmp = b1 ^ b2;
562 b1 = ror64(tmp, 57);
563 b2 -= b1;
564
565 tmp = b1 ^ b0;
566 b1 = ror64(tmp, 14);
567 b0 -= b1 + k1;
568 b1 -= k2 + t1;
569
570 tmp = b3 ^ b2;
571 b3 = ror64(tmp, 16);
572 b2 -= b3 + k3 + t2;
573 b3 -= k4 + 16;
574
575 tmp = b3 ^ b0;
576 b3 = ror64(tmp, 32);
577 b0 -= b3;
578
579 tmp = b1 ^ b2;
580 b1 = ror64(tmp, 32);
581 b2 -= b1;
582
583 tmp = b1 ^ b0;
584 b1 = ror64(tmp, 58);
585 b0 -= b1;
586
587 tmp = b3 ^ b2;
588 b3 = ror64(tmp, 22);
589 b2 -= b3;
590
591 tmp = b3 ^ b0;
592 b3 = ror64(tmp, 46);
593 b0 -= b3;
594
595 tmp = b1 ^ b2;
596 b1 = ror64(tmp, 12);
597 b2 -= b1;
598
599 tmp = b1 ^ b0;
600 b1 = ror64(tmp, 25);
601 b0 -= b1 + k0;
602 b1 -= k1 + t0;
603
604 tmp = b3 ^ b2;
605 b3 = ror64(tmp, 33);
606 b2 -= b3 + k2 + t1;
607 b3 -= k3 + 15;
608
609 tmp = b3 ^ b0;
610 b3 = ror64(tmp, 5);
611 b0 -= b3;
612
613 tmp = b1 ^ b2;
614 b1 = ror64(tmp, 37);
615 b2 -= b1;
616
617 tmp = b1 ^ b0;
618 b1 = ror64(tmp, 23);
619 b0 -= b1;
620
621 tmp = b3 ^ b2;
622 b3 = ror64(tmp, 40);
623 b2 -= b3;
624
625 tmp = b3 ^ b0;
626 b3 = ror64(tmp, 52);
627 b0 -= b3;
628
629 tmp = b1 ^ b2;
630 b1 = ror64(tmp, 57);
631 b2 -= b1;
632
633 tmp = b1 ^ b0;
634 b1 = ror64(tmp, 14);
635 b0 -= b1 + k4;
636 b1 -= k0 + t2;
637
638 tmp = b3 ^ b2;
639 b3 = ror64(tmp, 16);
640 b2 -= b3 + k1 + t0;
641 b3 -= k2 + 14;
642
643 tmp = b3 ^ b0;
644 b3 = ror64(tmp, 32);
645 b0 -= b3;
646
647 tmp = b1 ^ b2;
648 b1 = ror64(tmp, 32);
649 b2 -= b1;
650
651 tmp = b1 ^ b0;
652 b1 = ror64(tmp, 58);
653 b0 -= b1;
654
655 tmp = b3 ^ b2;
656 b3 = ror64(tmp, 22);
657 b2 -= b3;
658
659 tmp = b3 ^ b0;
660 b3 = ror64(tmp, 46);
661 b0 -= b3;
662
663 tmp = b1 ^ b2;
664 b1 = ror64(tmp, 12);
665 b2 -= b1;
666
667 tmp = b1 ^ b0;
668 b1 = ror64(tmp, 25);
669 b0 -= b1 + k3;
670 b1 -= k4 + t1;
671
672 tmp = b3 ^ b2;
673 b3 = ror64(tmp, 33);
674 b2 -= b3 + k0 + t2;
675 b3 -= k1 + 13;
676
677 tmp = b3 ^ b0;
678 b3 = ror64(tmp, 5);
679 b0 -= b3;
680
681 tmp = b1 ^ b2;
682 b1 = ror64(tmp, 37);
683 b2 -= b1;
684
685 tmp = b1 ^ b0;
686 b1 = ror64(tmp, 23);
687 b0 -= b1;
688
689 tmp = b3 ^ b2;
690 b3 = ror64(tmp, 40);
691 b2 -= b3;
692
693 tmp = b3 ^ b0;
694 b3 = ror64(tmp, 52);
695 b0 -= b3;
696
697 tmp = b1 ^ b2;
698 b1 = ror64(tmp, 57);
699 b2 -= b1;
700
701 tmp = b1 ^ b0;
702 b1 = ror64(tmp, 14);
703 b0 -= b1 + k2;
704 b1 -= k3 + t0;
705
706 tmp = b3 ^ b2;
707 b3 = ror64(tmp, 16);
708 b2 -= b3 + k4 + t1;
709 b3 -= k0 + 12;
710
711 tmp = b3 ^ b0;
712 b3 = ror64(tmp, 32);
713 b0 -= b3;
714
715 tmp = b1 ^ b2;
716 b1 = ror64(tmp, 32);
717 b2 -= b1;
718
719 tmp = b1 ^ b0;
720 b1 = ror64(tmp, 58);
721 b0 -= b1;
722
723 tmp = b3 ^ b2;
724 b3 = ror64(tmp, 22);
725 b2 -= b3;
726
727 tmp = b3 ^ b0;
728 b3 = ror64(tmp, 46);
729 b0 -= b3;
730
731 tmp = b1 ^ b2;
732 b1 = ror64(tmp, 12);
733 b2 -= b1;
734
735 tmp = b1 ^ b0;
736 b1 = ror64(tmp, 25);
737 b0 -= b1 + k1;
738 b1 -= k2 + t2;
739
740 tmp = b3 ^ b2;
741 b3 = ror64(tmp, 33);
742 b2 -= b3 + k3 + t0;
743 b3 -= k4 + 11;
744
745 tmp = b3 ^ b0;
746 b3 = ror64(tmp, 5);
747 b0 -= b3;
748
749 tmp = b1 ^ b2;
750 b1 = ror64(tmp, 37);
751 b2 -= b1;
752
753 tmp = b1 ^ b0;
754 b1 = ror64(tmp, 23);
755 b0 -= b1;
756
757 tmp = b3 ^ b2;
758 b3 = ror64(tmp, 40);
759 b2 -= b3;
760
761 tmp = b3 ^ b0;
762 b3 = ror64(tmp, 52);
763 b0 -= b3;
764
765 tmp = b1 ^ b2;
766 b1 = ror64(tmp, 57);
767 b2 -= b1;
768
769 tmp = b1 ^ b0;
770 b1 = ror64(tmp, 14);
771 b0 -= b1 + k0;
772 b1 -= k1 + t1;
773
774 tmp = b3 ^ b2;
775 b3 = ror64(tmp, 16);
776 b2 -= b3 + k2 + t2;
777 b3 -= k3 + 10;
778
779 tmp = b3 ^ b0;
780 b3 = ror64(tmp, 32);
781 b0 -= b3;
782
783 tmp = b1 ^ b2;
784 b1 = ror64(tmp, 32);
785 b2 -= b1;
786
787 tmp = b1 ^ b0;
788 b1 = ror64(tmp, 58);
789 b0 -= b1;
790
791 tmp = b3 ^ b2;
792 b3 = ror64(tmp, 22);
793 b2 -= b3;
794
795 tmp = b3 ^ b0;
796 b3 = ror64(tmp, 46);
797 b0 -= b3;
798
799 tmp = b1 ^ b2;
800 b1 = ror64(tmp, 12);
801 b2 -= b1;
802
803 tmp = b1 ^ b0;
804 b1 = ror64(tmp, 25);
805 b0 -= b1 + k4;
806 b1 -= k0 + t0;
807
808 tmp = b3 ^ b2;
809 b3 = ror64(tmp, 33);
810 b2 -= b3 + k1 + t1;
811 b3 -= k2 + 9;
812
813 tmp = b3 ^ b0;
814 b3 = ror64(tmp, 5);
815 b0 -= b3;
816
817 tmp = b1 ^ b2;
818 b1 = ror64(tmp, 37);
819 b2 -= b1;
820
821 tmp = b1 ^ b0;
822 b1 = ror64(tmp, 23);
823 b0 -= b1;
824
825 tmp = b3 ^ b2;
826 b3 = ror64(tmp, 40);
827 b2 -= b3;
828
829 tmp = b3 ^ b0;
830 b3 = ror64(tmp, 52);
831 b0 -= b3;
832
833 tmp = b1 ^ b2;
834 b1 = ror64(tmp, 57);
835 b2 -= b1;
836
837 tmp = b1 ^ b0;
838 b1 = ror64(tmp, 14);
839 b0 -= b1 + k3;
840 b1 -= k4 + t2;
841
842 tmp = b3 ^ b2;
843 b3 = ror64(tmp, 16);
844 b2 -= b3 + k0 + t0;
845 b3 -= k1 + 8;
846
847 tmp = b3 ^ b0;
848 b3 = ror64(tmp, 32);
849 b0 -= b3;
850
851 tmp = b1 ^ b2;
852 b1 = ror64(tmp, 32);
853 b2 -= b1;
854
855 tmp = b1 ^ b0;
856 b1 = ror64(tmp, 58);
857 b0 -= b1;
858
859 tmp = b3 ^ b2;
860 b3 = ror64(tmp, 22);
861 b2 -= b3;
862
863 tmp = b3 ^ b0;
864 b3 = ror64(tmp, 46);
865 b0 -= b3;
866
867 tmp = b1 ^ b2;
868 b1 = ror64(tmp, 12);
869 b2 -= b1;
870
871 tmp = b1 ^ b0;
872 b1 = ror64(tmp, 25);
873 b0 -= b1 + k2;
874 b1 -= k3 + t1;
875
876 tmp = b3 ^ b2;
877 b3 = ror64(tmp, 33);
878 b2 -= b3 + k4 + t2;
879 b3 -= k0 + 7;
880
881 tmp = b3 ^ b0;
882 b3 = ror64(tmp, 5);
883 b0 -= b3;
884
885 tmp = b1 ^ b2;
886 b1 = ror64(tmp, 37);
887 b2 -= b1;
888
889 tmp = b1 ^ b0;
890 b1 = ror64(tmp, 23);
891 b0 -= b1;
892
893 tmp = b3 ^ b2;
894 b3 = ror64(tmp, 40);
895 b2 -= b3;
896
897 tmp = b3 ^ b0;
898 b3 = ror64(tmp, 52);
899 b0 -= b3;
900
901 tmp = b1 ^ b2;
902 b1 = ror64(tmp, 57);
903 b2 -= b1;
904
905 tmp = b1 ^ b0;
906 b1 = ror64(tmp, 14);
907 b0 -= b1 + k1;
908 b1 -= k2 + t0;
909
910 tmp = b3 ^ b2;
911 b3 = ror64(tmp, 16);
912 b2 -= b3 + k3 + t1;
913 b3 -= k4 + 6;
914
915 tmp = b3 ^ b0;
916 b3 = ror64(tmp, 32);
917 b0 -= b3;
918
919 tmp = b1 ^ b2;
920 b1 = ror64(tmp, 32);
921 b2 -= b1;
922
923 tmp = b1 ^ b0;
924 b1 = ror64(tmp, 58);
925 b0 -= b1;
926
927 tmp = b3 ^ b2;
928 b3 = ror64(tmp, 22);
929 b2 -= b3;
930
931 tmp = b3 ^ b0;
932 b3 = ror64(tmp, 46);
933 b0 -= b3;
934
935 tmp = b1 ^ b2;
936 b1 = ror64(tmp, 12);
937 b2 -= b1;
938
939 tmp = b1 ^ b0;
940 b1 = ror64(tmp, 25);
941 b0 -= b1 + k0;
942 b1 -= k1 + t2;
943
944 tmp = b3 ^ b2;
945 b3 = ror64(tmp, 33);
946 b2 -= b3 + k2 + t0;
947 b3 -= k3 + 5;
948
949 tmp = b3 ^ b0;
950 b3 = ror64(tmp, 5);
951 b0 -= b3;
952
953 tmp = b1 ^ b2;
954 b1 = ror64(tmp, 37);
955 b2 -= b1;
956
957 tmp = b1 ^ b0;
958 b1 = ror64(tmp, 23);
959 b0 -= b1;
960
961 tmp = b3 ^ b2;
962 b3 = ror64(tmp, 40);
963 b2 -= b3;
964
965 tmp = b3 ^ b0;
966 b3 = ror64(tmp, 52);
967 b0 -= b3;
968
969 tmp = b1 ^ b2;
970 b1 = ror64(tmp, 57);
971 b2 -= b1;
972
973 tmp = b1 ^ b0;
974 b1 = ror64(tmp, 14);
975 b0 -= b1 + k4;
976 b1 -= k0 + t1;
977
978 tmp = b3 ^ b2;
979 b3 = ror64(tmp, 16);
980 b2 -= b3 + k1 + t2;
981 b3 -= k2 + 4;
982
983 tmp = b3 ^ b0;
984 b3 = ror64(tmp, 32);
985 b0 -= b3;
986
987 tmp = b1 ^ b2;
988 b1 = ror64(tmp, 32);
989 b2 -= b1;
990
991 tmp = b1 ^ b0;
992 b1 = ror64(tmp, 58);
993 b0 -= b1;
994
995 tmp = b3 ^ b2;
996 b3 = ror64(tmp, 22);
997 b2 -= b3;
998
999 tmp = b3 ^ b0;
1000 b3 = ror64(tmp, 46);
1001 b0 -= b3;
1002
1003 tmp = b1 ^ b2;
1004 b1 = ror64(tmp, 12);
1005 b2 -= b1;
1006
1007 tmp = b1 ^ b0;
1008 b1 = ror64(tmp, 25);
1009 b0 -= b1 + k3;
1010 b1 -= k4 + t0;
1011
1012 tmp = b3 ^ b2;
1013 b3 = ror64(tmp, 33);
1014 b2 -= b3 + k0 + t1;
1015 b3 -= k1 + 3;
1016
1017 tmp = b3 ^ b0;
1018 b3 = ror64(tmp, 5);
1019 b0 -= b3;
1020
1021 tmp = b1 ^ b2;
1022 b1 = ror64(tmp, 37);
1023 b2 -= b1;
1024
1025 tmp = b1 ^ b0;
1026 b1 = ror64(tmp, 23);
1027 b0 -= b1;
1028
1029 tmp = b3 ^ b2;
1030 b3 = ror64(tmp, 40);
1031 b2 -= b3;
1032
1033 tmp = b3 ^ b0;
1034 b3 = ror64(tmp, 52);
1035 b0 -= b3;
1036
1037 tmp = b1 ^ b2;
1038 b1 = ror64(tmp, 57);
1039 b2 -= b1;
1040
1041 tmp = b1 ^ b0;
1042 b1 = ror64(tmp, 14);
1043 b0 -= b1 + k2;
1044 b1 -= k3 + t2;
1045
1046 tmp = b3 ^ b2;
1047 b3 = ror64(tmp, 16);
1048 b2 -= b3 + k4 + t0;
1049 b3 -= k0 + 2;
1050
1051 tmp = b3 ^ b0;
1052 b3 = ror64(tmp, 32);
1053 b0 -= b3;
1054
1055 tmp = b1 ^ b2;
1056 b1 = ror64(tmp, 32);
1057 b2 -= b1;
1058
1059 tmp = b1 ^ b0;
1060 b1 = ror64(tmp, 58);
1061 b0 -= b1;
1062
1063 tmp = b3 ^ b2;
1064 b3 = ror64(tmp, 22);
1065 b2 -= b3;
1066
1067 tmp = b3 ^ b0;
1068 b3 = ror64(tmp, 46);
1069 b0 -= b3;
1070
1071 tmp = b1 ^ b2;
1072 b1 = ror64(tmp, 12);
1073 b2 -= b1;
1074
1075 tmp = b1 ^ b0;
1076 b1 = ror64(tmp, 25);
1077 b0 -= b1 + k1;
1078 b1 -= k2 + t1;
1079
1080 tmp = b3 ^ b2;
1081 b3 = ror64(tmp, 33);
1082 b2 -= b3 + k3 + t2;
1083 b3 -= k4 + 1;
1084
1085 tmp = b3 ^ b0;
1086 b3 = ror64(tmp, 5);
1087 b0 -= b3;
1088
1089 tmp = b1 ^ b2;
1090 b1 = ror64(tmp, 37);
1091 b2 -= b1;
1092
1093 tmp = b1 ^ b0;
1094 b1 = ror64(tmp, 23);
1095 b0 -= b1;
1096
1097 tmp = b3 ^ b2;
1098 b3 = ror64(tmp, 40);
1099 b2 -= b3;
1100
1101 tmp = b3 ^ b0;
1102 b3 = ror64(tmp, 52);
1103 b0 -= b3;
1104
1105 tmp = b1 ^ b2;
1106 b1 = ror64(tmp, 57);
1107 b2 -= b1;
1108
1109 tmp = b1 ^ b0;
1110 b1 = ror64(tmp, 14);
1111 b0 -= b1 + k0;
1112 b1 -= k1 + t0;
1113
1114 tmp = b3 ^ b2;
1115 b3 = ror64(tmp, 16);
1116 b2 -= b3 + k2 + t1;
1117 b3 -= k3;
1118
1119 output[0] = b0;
1120 output[1] = b1;
1121 output[2] = b2;
1122 output[3] = b3;
1123 }
1124
threefish_encrypt_512(struct threefish_key * key_ctx,u64 * input,u64 * output)1125 void threefish_encrypt_512(struct threefish_key *key_ctx, u64 *input,
1126 u64 *output)
1127 {
1128 u64 b0 = input[0], b1 = input[1],
1129 b2 = input[2], b3 = input[3],
1130 b4 = input[4], b5 = input[5],
1131 b6 = input[6], b7 = input[7];
1132 u64 k0 = key_ctx->key[0], k1 = key_ctx->key[1],
1133 k2 = key_ctx->key[2], k3 = key_ctx->key[3],
1134 k4 = key_ctx->key[4], k5 = key_ctx->key[5],
1135 k6 = key_ctx->key[6], k7 = key_ctx->key[7],
1136 k8 = key_ctx->key[8];
1137 u64 t0 = key_ctx->tweak[0], t1 = key_ctx->tweak[1],
1138 t2 = key_ctx->tweak[2];
1139
1140 b1 += k1;
1141 b0 += b1 + k0;
1142 b1 = rol64(b1, 46) ^ b0;
1143
1144 b3 += k3;
1145 b2 += b3 + k2;
1146 b3 = rol64(b3, 36) ^ b2;
1147
1148 b5 += k5 + t0;
1149 b4 += b5 + k4;
1150 b5 = rol64(b5, 19) ^ b4;
1151
1152 b7 += k7;
1153 b6 += b7 + k6 + t1;
1154 b7 = rol64(b7, 37) ^ b6;
1155
1156 b2 += b1;
1157 b1 = rol64(b1, 33) ^ b2;
1158
1159 b4 += b7;
1160 b7 = rol64(b7, 27) ^ b4;
1161
1162 b6 += b5;
1163 b5 = rol64(b5, 14) ^ b6;
1164
1165 b0 += b3;
1166 b3 = rol64(b3, 42) ^ b0;
1167
1168 b4 += b1;
1169 b1 = rol64(b1, 17) ^ b4;
1170
1171 b6 += b3;
1172 b3 = rol64(b3, 49) ^ b6;
1173
1174 b0 += b5;
1175 b5 = rol64(b5, 36) ^ b0;
1176
1177 b2 += b7;
1178 b7 = rol64(b7, 39) ^ b2;
1179
1180 b6 += b1;
1181 b1 = rol64(b1, 44) ^ b6;
1182
1183 b0 += b7;
1184 b7 = rol64(b7, 9) ^ b0;
1185
1186 b2 += b5;
1187 b5 = rol64(b5, 54) ^ b2;
1188
1189 b4 += b3;
1190 b3 = rol64(b3, 56) ^ b4;
1191
1192 b1 += k2;
1193 b0 += b1 + k1;
1194 b1 = rol64(b1, 39) ^ b0;
1195
1196 b3 += k4;
1197 b2 += b3 + k3;
1198 b3 = rol64(b3, 30) ^ b2;
1199
1200 b5 += k6 + t1;
1201 b4 += b5 + k5;
1202 b5 = rol64(b5, 34) ^ b4;
1203
1204 b7 += k8 + 1;
1205 b6 += b7 + k7 + t2;
1206 b7 = rol64(b7, 24) ^ b6;
1207
1208 b2 += b1;
1209 b1 = rol64(b1, 13) ^ b2;
1210
1211 b4 += b7;
1212 b7 = rol64(b7, 50) ^ b4;
1213
1214 b6 += b5;
1215 b5 = rol64(b5, 10) ^ b6;
1216
1217 b0 += b3;
1218 b3 = rol64(b3, 17) ^ b0;
1219
1220 b4 += b1;
1221 b1 = rol64(b1, 25) ^ b4;
1222
1223 b6 += b3;
1224 b3 = rol64(b3, 29) ^ b6;
1225
1226 b0 += b5;
1227 b5 = rol64(b5, 39) ^ b0;
1228
1229 b2 += b7;
1230 b7 = rol64(b7, 43) ^ b2;
1231
1232 b6 += b1;
1233 b1 = rol64(b1, 8) ^ b6;
1234
1235 b0 += b7;
1236 b7 = rol64(b7, 35) ^ b0;
1237
1238 b2 += b5;
1239 b5 = rol64(b5, 56) ^ b2;
1240
1241 b4 += b3;
1242 b3 = rol64(b3, 22) ^ b4;
1243
1244 b1 += k3;
1245 b0 += b1 + k2;
1246 b1 = rol64(b1, 46) ^ b0;
1247
1248 b3 += k5;
1249 b2 += b3 + k4;
1250 b3 = rol64(b3, 36) ^ b2;
1251
1252 b5 += k7 + t2;
1253 b4 += b5 + k6;
1254 b5 = rol64(b5, 19) ^ b4;
1255
1256 b7 += k0 + 2;
1257 b6 += b7 + k8 + t0;
1258 b7 = rol64(b7, 37) ^ b6;
1259
1260 b2 += b1;
1261 b1 = rol64(b1, 33) ^ b2;
1262
1263 b4 += b7;
1264 b7 = rol64(b7, 27) ^ b4;
1265
1266 b6 += b5;
1267 b5 = rol64(b5, 14) ^ b6;
1268
1269 b0 += b3;
1270 b3 = rol64(b3, 42) ^ b0;
1271
1272 b4 += b1;
1273 b1 = rol64(b1, 17) ^ b4;
1274
1275 b6 += b3;
1276 b3 = rol64(b3, 49) ^ b6;
1277
1278 b0 += b5;
1279 b5 = rol64(b5, 36) ^ b0;
1280
1281 b2 += b7;
1282 b7 = rol64(b7, 39) ^ b2;
1283
1284 b6 += b1;
1285 b1 = rol64(b1, 44) ^ b6;
1286
1287 b0 += b7;
1288 b7 = rol64(b7, 9) ^ b0;
1289
1290 b2 += b5;
1291 b5 = rol64(b5, 54) ^ b2;
1292
1293 b4 += b3;
1294 b3 = rol64(b3, 56) ^ b4;
1295
1296 b1 += k4;
1297 b0 += b1 + k3;
1298 b1 = rol64(b1, 39) ^ b0;
1299
1300 b3 += k6;
1301 b2 += b3 + k5;
1302 b3 = rol64(b3, 30) ^ b2;
1303
1304 b5 += k8 + t0;
1305 b4 += b5 + k7;
1306 b5 = rol64(b5, 34) ^ b4;
1307
1308 b7 += k1 + 3;
1309 b6 += b7 + k0 + t1;
1310 b7 = rol64(b7, 24) ^ b6;
1311
1312 b2 += b1;
1313 b1 = rol64(b1, 13) ^ b2;
1314
1315 b4 += b7;
1316 b7 = rol64(b7, 50) ^ b4;
1317
1318 b6 += b5;
1319 b5 = rol64(b5, 10) ^ b6;
1320
1321 b0 += b3;
1322 b3 = rol64(b3, 17) ^ b0;
1323
1324 b4 += b1;
1325 b1 = rol64(b1, 25) ^ b4;
1326
1327 b6 += b3;
1328 b3 = rol64(b3, 29) ^ b6;
1329
1330 b0 += b5;
1331 b5 = rol64(b5, 39) ^ b0;
1332
1333 b2 += b7;
1334 b7 = rol64(b7, 43) ^ b2;
1335
1336 b6 += b1;
1337 b1 = rol64(b1, 8) ^ b6;
1338
1339 b0 += b7;
1340 b7 = rol64(b7, 35) ^ b0;
1341
1342 b2 += b5;
1343 b5 = rol64(b5, 56) ^ b2;
1344
1345 b4 += b3;
1346 b3 = rol64(b3, 22) ^ b4;
1347
1348 b1 += k5;
1349 b0 += b1 + k4;
1350 b1 = rol64(b1, 46) ^ b0;
1351
1352 b3 += k7;
1353 b2 += b3 + k6;
1354 b3 = rol64(b3, 36) ^ b2;
1355
1356 b5 += k0 + t1;
1357 b4 += b5 + k8;
1358 b5 = rol64(b5, 19) ^ b4;
1359
1360 b7 += k2 + 4;
1361 b6 += b7 + k1 + t2;
1362 b7 = rol64(b7, 37) ^ b6;
1363
1364 b2 += b1;
1365 b1 = rol64(b1, 33) ^ b2;
1366
1367 b4 += b7;
1368 b7 = rol64(b7, 27) ^ b4;
1369
1370 b6 += b5;
1371 b5 = rol64(b5, 14) ^ b6;
1372
1373 b0 += b3;
1374 b3 = rol64(b3, 42) ^ b0;
1375
1376 b4 += b1;
1377 b1 = rol64(b1, 17) ^ b4;
1378
1379 b6 += b3;
1380 b3 = rol64(b3, 49) ^ b6;
1381
1382 b0 += b5;
1383 b5 = rol64(b5, 36) ^ b0;
1384
1385 b2 += b7;
1386 b7 = rol64(b7, 39) ^ b2;
1387
1388 b6 += b1;
1389 b1 = rol64(b1, 44) ^ b6;
1390
1391 b0 += b7;
1392 b7 = rol64(b7, 9) ^ b0;
1393
1394 b2 += b5;
1395 b5 = rol64(b5, 54) ^ b2;
1396
1397 b4 += b3;
1398 b3 = rol64(b3, 56) ^ b4;
1399
1400 b1 += k6;
1401 b0 += b1 + k5;
1402 b1 = rol64(b1, 39) ^ b0;
1403
1404 b3 += k8;
1405 b2 += b3 + k7;
1406 b3 = rol64(b3, 30) ^ b2;
1407
1408 b5 += k1 + t2;
1409 b4 += b5 + k0;
1410 b5 = rol64(b5, 34) ^ b4;
1411
1412 b7 += k3 + 5;
1413 b6 += b7 + k2 + t0;
1414 b7 = rol64(b7, 24) ^ b6;
1415
1416 b2 += b1;
1417 b1 = rol64(b1, 13) ^ b2;
1418
1419 b4 += b7;
1420 b7 = rol64(b7, 50) ^ b4;
1421
1422 b6 += b5;
1423 b5 = rol64(b5, 10) ^ b6;
1424
1425 b0 += b3;
1426 b3 = rol64(b3, 17) ^ b0;
1427
1428 b4 += b1;
1429 b1 = rol64(b1, 25) ^ b4;
1430
1431 b6 += b3;
1432 b3 = rol64(b3, 29) ^ b6;
1433
1434 b0 += b5;
1435 b5 = rol64(b5, 39) ^ b0;
1436
1437 b2 += b7;
1438 b7 = rol64(b7, 43) ^ b2;
1439
1440 b6 += b1;
1441 b1 = rol64(b1, 8) ^ b6;
1442
1443 b0 += b7;
1444 b7 = rol64(b7, 35) ^ b0;
1445
1446 b2 += b5;
1447 b5 = rol64(b5, 56) ^ b2;
1448
1449 b4 += b3;
1450 b3 = rol64(b3, 22) ^ b4;
1451
1452 b1 += k7;
1453 b0 += b1 + k6;
1454 b1 = rol64(b1, 46) ^ b0;
1455
1456 b3 += k0;
1457 b2 += b3 + k8;
1458 b3 = rol64(b3, 36) ^ b2;
1459
1460 b5 += k2 + t0;
1461 b4 += b5 + k1;
1462 b5 = rol64(b5, 19) ^ b4;
1463
1464 b7 += k4 + 6;
1465 b6 += b7 + k3 + t1;
1466 b7 = rol64(b7, 37) ^ b6;
1467
1468 b2 += b1;
1469 b1 = rol64(b1, 33) ^ b2;
1470
1471 b4 += b7;
1472 b7 = rol64(b7, 27) ^ b4;
1473
1474 b6 += b5;
1475 b5 = rol64(b5, 14) ^ b6;
1476
1477 b0 += b3;
1478 b3 = rol64(b3, 42) ^ b0;
1479
1480 b4 += b1;
1481 b1 = rol64(b1, 17) ^ b4;
1482
1483 b6 += b3;
1484 b3 = rol64(b3, 49) ^ b6;
1485
1486 b0 += b5;
1487 b5 = rol64(b5, 36) ^ b0;
1488
1489 b2 += b7;
1490 b7 = rol64(b7, 39) ^ b2;
1491
1492 b6 += b1;
1493 b1 = rol64(b1, 44) ^ b6;
1494
1495 b0 += b7;
1496 b7 = rol64(b7, 9) ^ b0;
1497
1498 b2 += b5;
1499 b5 = rol64(b5, 54) ^ b2;
1500
1501 b4 += b3;
1502 b3 = rol64(b3, 56) ^ b4;
1503
1504 b1 += k8;
1505 b0 += b1 + k7;
1506 b1 = rol64(b1, 39) ^ b0;
1507
1508 b3 += k1;
1509 b2 += b3 + k0;
1510 b3 = rol64(b3, 30) ^ b2;
1511
1512 b5 += k3 + t1;
1513 b4 += b5 + k2;
1514 b5 = rol64(b5, 34) ^ b4;
1515
1516 b7 += k5 + 7;
1517 b6 += b7 + k4 + t2;
1518 b7 = rol64(b7, 24) ^ b6;
1519
1520 b2 += b1;
1521 b1 = rol64(b1, 13) ^ b2;
1522
1523 b4 += b7;
1524 b7 = rol64(b7, 50) ^ b4;
1525
1526 b6 += b5;
1527 b5 = rol64(b5, 10) ^ b6;
1528
1529 b0 += b3;
1530 b3 = rol64(b3, 17) ^ b0;
1531
1532 b4 += b1;
1533 b1 = rol64(b1, 25) ^ b4;
1534
1535 b6 += b3;
1536 b3 = rol64(b3, 29) ^ b6;
1537
1538 b0 += b5;
1539 b5 = rol64(b5, 39) ^ b0;
1540
1541 b2 += b7;
1542 b7 = rol64(b7, 43) ^ b2;
1543
1544 b6 += b1;
1545 b1 = rol64(b1, 8) ^ b6;
1546
1547 b0 += b7;
1548 b7 = rol64(b7, 35) ^ b0;
1549
1550 b2 += b5;
1551 b5 = rol64(b5, 56) ^ b2;
1552
1553 b4 += b3;
1554 b3 = rol64(b3, 22) ^ b4;
1555
1556 b1 += k0;
1557 b0 += b1 + k8;
1558 b1 = rol64(b1, 46) ^ b0;
1559
1560 b3 += k2;
1561 b2 += b3 + k1;
1562 b3 = rol64(b3, 36) ^ b2;
1563
1564 b5 += k4 + t2;
1565 b4 += b5 + k3;
1566 b5 = rol64(b5, 19) ^ b4;
1567
1568 b7 += k6 + 8;
1569 b6 += b7 + k5 + t0;
1570 b7 = rol64(b7, 37) ^ b6;
1571
1572 b2 += b1;
1573 b1 = rol64(b1, 33) ^ b2;
1574
1575 b4 += b7;
1576 b7 = rol64(b7, 27) ^ b4;
1577
1578 b6 += b5;
1579 b5 = rol64(b5, 14) ^ b6;
1580
1581 b0 += b3;
1582 b3 = rol64(b3, 42) ^ b0;
1583
1584 b4 += b1;
1585 b1 = rol64(b1, 17) ^ b4;
1586
1587 b6 += b3;
1588 b3 = rol64(b3, 49) ^ b6;
1589
1590 b0 += b5;
1591 b5 = rol64(b5, 36) ^ b0;
1592
1593 b2 += b7;
1594 b7 = rol64(b7, 39) ^ b2;
1595
1596 b6 += b1;
1597 b1 = rol64(b1, 44) ^ b6;
1598
1599 b0 += b7;
1600 b7 = rol64(b7, 9) ^ b0;
1601
1602 b2 += b5;
1603 b5 = rol64(b5, 54) ^ b2;
1604
1605 b4 += b3;
1606 b3 = rol64(b3, 56) ^ b4;
1607
1608 b1 += k1;
1609 b0 += b1 + k0;
1610 b1 = rol64(b1, 39) ^ b0;
1611
1612 b3 += k3;
1613 b2 += b3 + k2;
1614 b3 = rol64(b3, 30) ^ b2;
1615
1616 b5 += k5 + t0;
1617 b4 += b5 + k4;
1618 b5 = rol64(b5, 34) ^ b4;
1619
1620 b7 += k7 + 9;
1621 b6 += b7 + k6 + t1;
1622 b7 = rol64(b7, 24) ^ b6;
1623
1624 b2 += b1;
1625 b1 = rol64(b1, 13) ^ b2;
1626
1627 b4 += b7;
1628 b7 = rol64(b7, 50) ^ b4;
1629
1630 b6 += b5;
1631 b5 = rol64(b5, 10) ^ b6;
1632
1633 b0 += b3;
1634 b3 = rol64(b3, 17) ^ b0;
1635
1636 b4 += b1;
1637 b1 = rol64(b1, 25) ^ b4;
1638
1639 b6 += b3;
1640 b3 = rol64(b3, 29) ^ b6;
1641
1642 b0 += b5;
1643 b5 = rol64(b5, 39) ^ b0;
1644
1645 b2 += b7;
1646 b7 = rol64(b7, 43) ^ b2;
1647
1648 b6 += b1;
1649 b1 = rol64(b1, 8) ^ b6;
1650
1651 b0 += b7;
1652 b7 = rol64(b7, 35) ^ b0;
1653
1654 b2 += b5;
1655 b5 = rol64(b5, 56) ^ b2;
1656
1657 b4 += b3;
1658 b3 = rol64(b3, 22) ^ b4;
1659
1660 b1 += k2;
1661 b0 += b1 + k1;
1662 b1 = rol64(b1, 46) ^ b0;
1663
1664 b3 += k4;
1665 b2 += b3 + k3;
1666 b3 = rol64(b3, 36) ^ b2;
1667
1668 b5 += k6 + t1;
1669 b4 += b5 + k5;
1670 b5 = rol64(b5, 19) ^ b4;
1671
1672 b7 += k8 + 10;
1673 b6 += b7 + k7 + t2;
1674 b7 = rol64(b7, 37) ^ b6;
1675
1676 b2 += b1;
1677 b1 = rol64(b1, 33) ^ b2;
1678
1679 b4 += b7;
1680 b7 = rol64(b7, 27) ^ b4;
1681
1682 b6 += b5;
1683 b5 = rol64(b5, 14) ^ b6;
1684
1685 b0 += b3;
1686 b3 = rol64(b3, 42) ^ b0;
1687
1688 b4 += b1;
1689 b1 = rol64(b1, 17) ^ b4;
1690
1691 b6 += b3;
1692 b3 = rol64(b3, 49) ^ b6;
1693
1694 b0 += b5;
1695 b5 = rol64(b5, 36) ^ b0;
1696
1697 b2 += b7;
1698 b7 = rol64(b7, 39) ^ b2;
1699
1700 b6 += b1;
1701 b1 = rol64(b1, 44) ^ b6;
1702
1703 b0 += b7;
1704 b7 = rol64(b7, 9) ^ b0;
1705
1706 b2 += b5;
1707 b5 = rol64(b5, 54) ^ b2;
1708
1709 b4 += b3;
1710 b3 = rol64(b3, 56) ^ b4;
1711
1712 b1 += k3;
1713 b0 += b1 + k2;
1714 b1 = rol64(b1, 39) ^ b0;
1715
1716 b3 += k5;
1717 b2 += b3 + k4;
1718 b3 = rol64(b3, 30) ^ b2;
1719
1720 b5 += k7 + t2;
1721 b4 += b5 + k6;
1722 b5 = rol64(b5, 34) ^ b4;
1723
1724 b7 += k0 + 11;
1725 b6 += b7 + k8 + t0;
1726 b7 = rol64(b7, 24) ^ b6;
1727
1728 b2 += b1;
1729 b1 = rol64(b1, 13) ^ b2;
1730
1731 b4 += b7;
1732 b7 = rol64(b7, 50) ^ b4;
1733
1734 b6 += b5;
1735 b5 = rol64(b5, 10) ^ b6;
1736
1737 b0 += b3;
1738 b3 = rol64(b3, 17) ^ b0;
1739
1740 b4 += b1;
1741 b1 = rol64(b1, 25) ^ b4;
1742
1743 b6 += b3;
1744 b3 = rol64(b3, 29) ^ b6;
1745
1746 b0 += b5;
1747 b5 = rol64(b5, 39) ^ b0;
1748
1749 b2 += b7;
1750 b7 = rol64(b7, 43) ^ b2;
1751
1752 b6 += b1;
1753 b1 = rol64(b1, 8) ^ b6;
1754
1755 b0 += b7;
1756 b7 = rol64(b7, 35) ^ b0;
1757
1758 b2 += b5;
1759 b5 = rol64(b5, 56) ^ b2;
1760
1761 b4 += b3;
1762 b3 = rol64(b3, 22) ^ b4;
1763
1764 b1 += k4;
1765 b0 += b1 + k3;
1766 b1 = rol64(b1, 46) ^ b0;
1767
1768 b3 += k6;
1769 b2 += b3 + k5;
1770 b3 = rol64(b3, 36) ^ b2;
1771
1772 b5 += k8 + t0;
1773 b4 += b5 + k7;
1774 b5 = rol64(b5, 19) ^ b4;
1775
1776 b7 += k1 + 12;
1777 b6 += b7 + k0 + t1;
1778 b7 = rol64(b7, 37) ^ b6;
1779
1780 b2 += b1;
1781 b1 = rol64(b1, 33) ^ b2;
1782
1783 b4 += b7;
1784 b7 = rol64(b7, 27) ^ b4;
1785
1786 b6 += b5;
1787 b5 = rol64(b5, 14) ^ b6;
1788
1789 b0 += b3;
1790 b3 = rol64(b3, 42) ^ b0;
1791
1792 b4 += b1;
1793 b1 = rol64(b1, 17) ^ b4;
1794
1795 b6 += b3;
1796 b3 = rol64(b3, 49) ^ b6;
1797
1798 b0 += b5;
1799 b5 = rol64(b5, 36) ^ b0;
1800
1801 b2 += b7;
1802 b7 = rol64(b7, 39) ^ b2;
1803
1804 b6 += b1;
1805 b1 = rol64(b1, 44) ^ b6;
1806
1807 b0 += b7;
1808 b7 = rol64(b7, 9) ^ b0;
1809
1810 b2 += b5;
1811 b5 = rol64(b5, 54) ^ b2;
1812
1813 b4 += b3;
1814 b3 = rol64(b3, 56) ^ b4;
1815
1816 b1 += k5;
1817 b0 += b1 + k4;
1818 b1 = rol64(b1, 39) ^ b0;
1819
1820 b3 += k7;
1821 b2 += b3 + k6;
1822 b3 = rol64(b3, 30) ^ b2;
1823
1824 b5 += k0 + t1;
1825 b4 += b5 + k8;
1826 b5 = rol64(b5, 34) ^ b4;
1827
1828 b7 += k2 + 13;
1829 b6 += b7 + k1 + t2;
1830 b7 = rol64(b7, 24) ^ b6;
1831
1832 b2 += b1;
1833 b1 = rol64(b1, 13) ^ b2;
1834
1835 b4 += b7;
1836 b7 = rol64(b7, 50) ^ b4;
1837
1838 b6 += b5;
1839 b5 = rol64(b5, 10) ^ b6;
1840
1841 b0 += b3;
1842 b3 = rol64(b3, 17) ^ b0;
1843
1844 b4 += b1;
1845 b1 = rol64(b1, 25) ^ b4;
1846
1847 b6 += b3;
1848 b3 = rol64(b3, 29) ^ b6;
1849
1850 b0 += b5;
1851 b5 = rol64(b5, 39) ^ b0;
1852
1853 b2 += b7;
1854 b7 = rol64(b7, 43) ^ b2;
1855
1856 b6 += b1;
1857 b1 = rol64(b1, 8) ^ b6;
1858
1859 b0 += b7;
1860 b7 = rol64(b7, 35) ^ b0;
1861
1862 b2 += b5;
1863 b5 = rol64(b5, 56) ^ b2;
1864
1865 b4 += b3;
1866 b3 = rol64(b3, 22) ^ b4;
1867
1868 b1 += k6;
1869 b0 += b1 + k5;
1870 b1 = rol64(b1, 46) ^ b0;
1871
1872 b3 += k8;
1873 b2 += b3 + k7;
1874 b3 = rol64(b3, 36) ^ b2;
1875
1876 b5 += k1 + t2;
1877 b4 += b5 + k0;
1878 b5 = rol64(b5, 19) ^ b4;
1879
1880 b7 += k3 + 14;
1881 b6 += b7 + k2 + t0;
1882 b7 = rol64(b7, 37) ^ b6;
1883
1884 b2 += b1;
1885 b1 = rol64(b1, 33) ^ b2;
1886
1887 b4 += b7;
1888 b7 = rol64(b7, 27) ^ b4;
1889
1890 b6 += b5;
1891 b5 = rol64(b5, 14) ^ b6;
1892
1893 b0 += b3;
1894 b3 = rol64(b3, 42) ^ b0;
1895
1896 b4 += b1;
1897 b1 = rol64(b1, 17) ^ b4;
1898
1899 b6 += b3;
1900 b3 = rol64(b3, 49) ^ b6;
1901
1902 b0 += b5;
1903 b5 = rol64(b5, 36) ^ b0;
1904
1905 b2 += b7;
1906 b7 = rol64(b7, 39) ^ b2;
1907
1908 b6 += b1;
1909 b1 = rol64(b1, 44) ^ b6;
1910
1911 b0 += b7;
1912 b7 = rol64(b7, 9) ^ b0;
1913
1914 b2 += b5;
1915 b5 = rol64(b5, 54) ^ b2;
1916
1917 b4 += b3;
1918 b3 = rol64(b3, 56) ^ b4;
1919
1920 b1 += k7;
1921 b0 += b1 + k6;
1922 b1 = rol64(b1, 39) ^ b0;
1923
1924 b3 += k0;
1925 b2 += b3 + k8;
1926 b3 = rol64(b3, 30) ^ b2;
1927
1928 b5 += k2 + t0;
1929 b4 += b5 + k1;
1930 b5 = rol64(b5, 34) ^ b4;
1931
1932 b7 += k4 + 15;
1933 b6 += b7 + k3 + t1;
1934 b7 = rol64(b7, 24) ^ b6;
1935
1936 b2 += b1;
1937 b1 = rol64(b1, 13) ^ b2;
1938
1939 b4 += b7;
1940 b7 = rol64(b7, 50) ^ b4;
1941
1942 b6 += b5;
1943 b5 = rol64(b5, 10) ^ b6;
1944
1945 b0 += b3;
1946 b3 = rol64(b3, 17) ^ b0;
1947
1948 b4 += b1;
1949 b1 = rol64(b1, 25) ^ b4;
1950
1951 b6 += b3;
1952 b3 = rol64(b3, 29) ^ b6;
1953
1954 b0 += b5;
1955 b5 = rol64(b5, 39) ^ b0;
1956
1957 b2 += b7;
1958 b7 = rol64(b7, 43) ^ b2;
1959
1960 b6 += b1;
1961 b1 = rol64(b1, 8) ^ b6;
1962
1963 b0 += b7;
1964 b7 = rol64(b7, 35) ^ b0;
1965
1966 b2 += b5;
1967 b5 = rol64(b5, 56) ^ b2;
1968
1969 b4 += b3;
1970 b3 = rol64(b3, 22) ^ b4;
1971
1972 b1 += k8;
1973 b0 += b1 + k7;
1974 b1 = rol64(b1, 46) ^ b0;
1975
1976 b3 += k1;
1977 b2 += b3 + k0;
1978 b3 = rol64(b3, 36) ^ b2;
1979
1980 b5 += k3 + t1;
1981 b4 += b5 + k2;
1982 b5 = rol64(b5, 19) ^ b4;
1983
1984 b7 += k5 + 16;
1985 b6 += b7 + k4 + t2;
1986 b7 = rol64(b7, 37) ^ b6;
1987
1988 b2 += b1;
1989 b1 = rol64(b1, 33) ^ b2;
1990
1991 b4 += b7;
1992 b7 = rol64(b7, 27) ^ b4;
1993
1994 b6 += b5;
1995 b5 = rol64(b5, 14) ^ b6;
1996
1997 b0 += b3;
1998 b3 = rol64(b3, 42) ^ b0;
1999
2000 b4 += b1;
2001 b1 = rol64(b1, 17) ^ b4;
2002
2003 b6 += b3;
2004 b3 = rol64(b3, 49) ^ b6;
2005
2006 b0 += b5;
2007 b5 = rol64(b5, 36) ^ b0;
2008
2009 b2 += b7;
2010 b7 = rol64(b7, 39) ^ b2;
2011
2012 b6 += b1;
2013 b1 = rol64(b1, 44) ^ b6;
2014
2015 b0 += b7;
2016 b7 = rol64(b7, 9) ^ b0;
2017
2018 b2 += b5;
2019 b5 = rol64(b5, 54) ^ b2;
2020
2021 b4 += b3;
2022 b3 = rol64(b3, 56) ^ b4;
2023
2024 b1 += k0;
2025 b0 += b1 + k8;
2026 b1 = rol64(b1, 39) ^ b0;
2027
2028 b3 += k2;
2029 b2 += b3 + k1;
2030 b3 = rol64(b3, 30) ^ b2;
2031
2032 b5 += k4 + t2;
2033 b4 += b5 + k3;
2034 b5 = rol64(b5, 34) ^ b4;
2035
2036 b7 += k6 + 17;
2037 b6 += b7 + k5 + t0;
2038 b7 = rol64(b7, 24) ^ b6;
2039
2040 b2 += b1;
2041 b1 = rol64(b1, 13) ^ b2;
2042
2043 b4 += b7;
2044 b7 = rol64(b7, 50) ^ b4;
2045
2046 b6 += b5;
2047 b5 = rol64(b5, 10) ^ b6;
2048
2049 b0 += b3;
2050 b3 = rol64(b3, 17) ^ b0;
2051
2052 b4 += b1;
2053 b1 = rol64(b1, 25) ^ b4;
2054
2055 b6 += b3;
2056 b3 = rol64(b3, 29) ^ b6;
2057
2058 b0 += b5;
2059 b5 = rol64(b5, 39) ^ b0;
2060
2061 b2 += b7;
2062 b7 = rol64(b7, 43) ^ b2;
2063
2064 b6 += b1;
2065 b1 = rol64(b1, 8) ^ b6;
2066
2067 b0 += b7;
2068 b7 = rol64(b7, 35) ^ b0;
2069
2070 b2 += b5;
2071 b5 = rol64(b5, 56) ^ b2;
2072
2073 b4 += b3;
2074 b3 = rol64(b3, 22) ^ b4;
2075
2076 output[0] = b0 + k0;
2077 output[1] = b1 + k1;
2078 output[2] = b2 + k2;
2079 output[3] = b3 + k3;
2080 output[4] = b4 + k4;
2081 output[5] = b5 + k5 + t0;
2082 output[6] = b6 + k6 + t1;
2083 output[7] = b7 + k7 + 18;
2084 }
2085
threefish_decrypt_512(struct threefish_key * key_ctx,u64 * input,u64 * output)2086 void threefish_decrypt_512(struct threefish_key *key_ctx, u64 *input,
2087 u64 *output)
2088 {
2089 u64 b0 = input[0], b1 = input[1],
2090 b2 = input[2], b3 = input[3],
2091 b4 = input[4], b5 = input[5],
2092 b6 = input[6], b7 = input[7];
2093 u64 k0 = key_ctx->key[0], k1 = key_ctx->key[1],
2094 k2 = key_ctx->key[2], k3 = key_ctx->key[3],
2095 k4 = key_ctx->key[4], k5 = key_ctx->key[5],
2096 k6 = key_ctx->key[6], k7 = key_ctx->key[7],
2097 k8 = key_ctx->key[8];
2098 u64 t0 = key_ctx->tweak[0], t1 = key_ctx->tweak[1],
2099 t2 = key_ctx->tweak[2];
2100
2101 u64 tmp;
2102
2103 b0 -= k0;
2104 b1 -= k1;
2105 b2 -= k2;
2106 b3 -= k3;
2107 b4 -= k4;
2108 b5 -= k5 + t0;
2109 b6 -= k6 + t1;
2110 b7 -= k7 + 18;
2111
2112 tmp = b3 ^ b4;
2113 b3 = ror64(tmp, 22);
2114 b4 -= b3;
2115
2116 tmp = b5 ^ b2;
2117 b5 = ror64(tmp, 56);
2118 b2 -= b5;
2119
2120 tmp = b7 ^ b0;
2121 b7 = ror64(tmp, 35);
2122 b0 -= b7;
2123
2124 tmp = b1 ^ b6;
2125 b1 = ror64(tmp, 8);
2126 b6 -= b1;
2127
2128 tmp = b7 ^ b2;
2129 b7 = ror64(tmp, 43);
2130 b2 -= b7;
2131
2132 tmp = b5 ^ b0;
2133 b5 = ror64(tmp, 39);
2134 b0 -= b5;
2135
2136 tmp = b3 ^ b6;
2137 b3 = ror64(tmp, 29);
2138 b6 -= b3;
2139
2140 tmp = b1 ^ b4;
2141 b1 = ror64(tmp, 25);
2142 b4 -= b1;
2143
2144 tmp = b3 ^ b0;
2145 b3 = ror64(tmp, 17);
2146 b0 -= b3;
2147
2148 tmp = b5 ^ b6;
2149 b5 = ror64(tmp, 10);
2150 b6 -= b5;
2151
2152 tmp = b7 ^ b4;
2153 b7 = ror64(tmp, 50);
2154 b4 -= b7;
2155
2156 tmp = b1 ^ b2;
2157 b1 = ror64(tmp, 13);
2158 b2 -= b1;
2159
2160 tmp = b7 ^ b6;
2161 b7 = ror64(tmp, 24);
2162 b6 -= b7 + k5 + t0;
2163 b7 -= k6 + 17;
2164
2165 tmp = b5 ^ b4;
2166 b5 = ror64(tmp, 34);
2167 b4 -= b5 + k3;
2168 b5 -= k4 + t2;
2169
2170 tmp = b3 ^ b2;
2171 b3 = ror64(tmp, 30);
2172 b2 -= b3 + k1;
2173 b3 -= k2;
2174
2175 tmp = b1 ^ b0;
2176 b1 = ror64(tmp, 39);
2177 b0 -= b1 + k8;
2178 b1 -= k0;
2179
2180 tmp = b3 ^ b4;
2181 b3 = ror64(tmp, 56);
2182 b4 -= b3;
2183
2184 tmp = b5 ^ b2;
2185 b5 = ror64(tmp, 54);
2186 b2 -= b5;
2187
2188 tmp = b7 ^ b0;
2189 b7 = ror64(tmp, 9);
2190 b0 -= b7;
2191
2192 tmp = b1 ^ b6;
2193 b1 = ror64(tmp, 44);
2194 b6 -= b1;
2195
2196 tmp = b7 ^ b2;
2197 b7 = ror64(tmp, 39);
2198 b2 -= b7;
2199
2200 tmp = b5 ^ b0;
2201 b5 = ror64(tmp, 36);
2202 b0 -= b5;
2203
2204 tmp = b3 ^ b6;
2205 b3 = ror64(tmp, 49);
2206 b6 -= b3;
2207
2208 tmp = b1 ^ b4;
2209 b1 = ror64(tmp, 17);
2210 b4 -= b1;
2211
2212 tmp = b3 ^ b0;
2213 b3 = ror64(tmp, 42);
2214 b0 -= b3;
2215
2216 tmp = b5 ^ b6;
2217 b5 = ror64(tmp, 14);
2218 b6 -= b5;
2219
2220 tmp = b7 ^ b4;
2221 b7 = ror64(tmp, 27);
2222 b4 -= b7;
2223
2224 tmp = b1 ^ b2;
2225 b1 = ror64(tmp, 33);
2226 b2 -= b1;
2227
2228 tmp = b7 ^ b6;
2229 b7 = ror64(tmp, 37);
2230 b6 -= b7 + k4 + t2;
2231 b7 -= k5 + 16;
2232
2233 tmp = b5 ^ b4;
2234 b5 = ror64(tmp, 19);
2235 b4 -= b5 + k2;
2236 b5 -= k3 + t1;
2237
2238 tmp = b3 ^ b2;
2239 b3 = ror64(tmp, 36);
2240 b2 -= b3 + k0;
2241 b3 -= k1;
2242
2243 tmp = b1 ^ b0;
2244 b1 = ror64(tmp, 46);
2245 b0 -= b1 + k7;
2246 b1 -= k8;
2247
2248 tmp = b3 ^ b4;
2249 b3 = ror64(tmp, 22);
2250 b4 -= b3;
2251
2252 tmp = b5 ^ b2;
2253 b5 = ror64(tmp, 56);
2254 b2 -= b5;
2255
2256 tmp = b7 ^ b0;
2257 b7 = ror64(tmp, 35);
2258 b0 -= b7;
2259
2260 tmp = b1 ^ b6;
2261 b1 = ror64(tmp, 8);
2262 b6 -= b1;
2263
2264 tmp = b7 ^ b2;
2265 b7 = ror64(tmp, 43);
2266 b2 -= b7;
2267
2268 tmp = b5 ^ b0;
2269 b5 = ror64(tmp, 39);
2270 b0 -= b5;
2271
2272 tmp = b3 ^ b6;
2273 b3 = ror64(tmp, 29);
2274 b6 -= b3;
2275
2276 tmp = b1 ^ b4;
2277 b1 = ror64(tmp, 25);
2278 b4 -= b1;
2279
2280 tmp = b3 ^ b0;
2281 b3 = ror64(tmp, 17);
2282 b0 -= b3;
2283
2284 tmp = b5 ^ b6;
2285 b5 = ror64(tmp, 10);
2286 b6 -= b5;
2287
2288 tmp = b7 ^ b4;
2289 b7 = ror64(tmp, 50);
2290 b4 -= b7;
2291
2292 tmp = b1 ^ b2;
2293 b1 = ror64(tmp, 13);
2294 b2 -= b1;
2295
2296 tmp = b7 ^ b6;
2297 b7 = ror64(tmp, 24);
2298 b6 -= b7 + k3 + t1;
2299 b7 -= k4 + 15;
2300
2301 tmp = b5 ^ b4;
2302 b5 = ror64(tmp, 34);
2303 b4 -= b5 + k1;
2304 b5 -= k2 + t0;
2305
2306 tmp = b3 ^ b2;
2307 b3 = ror64(tmp, 30);
2308 b2 -= b3 + k8;
2309 b3 -= k0;
2310
2311 tmp = b1 ^ b0;
2312 b1 = ror64(tmp, 39);
2313 b0 -= b1 + k6;
2314 b1 -= k7;
2315
2316 tmp = b3 ^ b4;
2317 b3 = ror64(tmp, 56);
2318 b4 -= b3;
2319
2320 tmp = b5 ^ b2;
2321 b5 = ror64(tmp, 54);
2322 b2 -= b5;
2323
2324 tmp = b7 ^ b0;
2325 b7 = ror64(tmp, 9);
2326 b0 -= b7;
2327
2328 tmp = b1 ^ b6;
2329 b1 = ror64(tmp, 44);
2330 b6 -= b1;
2331
2332 tmp = b7 ^ b2;
2333 b7 = ror64(tmp, 39);
2334 b2 -= b7;
2335
2336 tmp = b5 ^ b0;
2337 b5 = ror64(tmp, 36);
2338 b0 -= b5;
2339
2340 tmp = b3 ^ b6;
2341 b3 = ror64(tmp, 49);
2342 b6 -= b3;
2343
2344 tmp = b1 ^ b4;
2345 b1 = ror64(tmp, 17);
2346 b4 -= b1;
2347
2348 tmp = b3 ^ b0;
2349 b3 = ror64(tmp, 42);
2350 b0 -= b3;
2351
2352 tmp = b5 ^ b6;
2353 b5 = ror64(tmp, 14);
2354 b6 -= b5;
2355
2356 tmp = b7 ^ b4;
2357 b7 = ror64(tmp, 27);
2358 b4 -= b7;
2359
2360 tmp = b1 ^ b2;
2361 b1 = ror64(tmp, 33);
2362 b2 -= b1;
2363
2364 tmp = b7 ^ b6;
2365 b7 = ror64(tmp, 37);
2366 b6 -= b7 + k2 + t0;
2367 b7 -= k3 + 14;
2368
2369 tmp = b5 ^ b4;
2370 b5 = ror64(tmp, 19);
2371 b4 -= b5 + k0;
2372 b5 -= k1 + t2;
2373
2374 tmp = b3 ^ b2;
2375 b3 = ror64(tmp, 36);
2376 b2 -= b3 + k7;
2377 b3 -= k8;
2378
2379 tmp = b1 ^ b0;
2380 b1 = ror64(tmp, 46);
2381 b0 -= b1 + k5;
2382 b1 -= k6;
2383
2384 tmp = b3 ^ b4;
2385 b3 = ror64(tmp, 22);
2386 b4 -= b3;
2387
2388 tmp = b5 ^ b2;
2389 b5 = ror64(tmp, 56);
2390 b2 -= b5;
2391
2392 tmp = b7 ^ b0;
2393 b7 = ror64(tmp, 35);
2394 b0 -= b7;
2395
2396 tmp = b1 ^ b6;
2397 b1 = ror64(tmp, 8);
2398 b6 -= b1;
2399
2400 tmp = b7 ^ b2;
2401 b7 = ror64(tmp, 43);
2402 b2 -= b7;
2403
2404 tmp = b5 ^ b0;
2405 b5 = ror64(tmp, 39);
2406 b0 -= b5;
2407
2408 tmp = b3 ^ b6;
2409 b3 = ror64(tmp, 29);
2410 b6 -= b3;
2411
2412 tmp = b1 ^ b4;
2413 b1 = ror64(tmp, 25);
2414 b4 -= b1;
2415
2416 tmp = b3 ^ b0;
2417 b3 = ror64(tmp, 17);
2418 b0 -= b3;
2419
2420 tmp = b5 ^ b6;
2421 b5 = ror64(tmp, 10);
2422 b6 -= b5;
2423
2424 tmp = b7 ^ b4;
2425 b7 = ror64(tmp, 50);
2426 b4 -= b7;
2427
2428 tmp = b1 ^ b2;
2429 b1 = ror64(tmp, 13);
2430 b2 -= b1;
2431
2432 tmp = b7 ^ b6;
2433 b7 = ror64(tmp, 24);
2434 b6 -= b7 + k1 + t2;
2435 b7 -= k2 + 13;
2436
2437 tmp = b5 ^ b4;
2438 b5 = ror64(tmp, 34);
2439 b4 -= b5 + k8;
2440 b5 -= k0 + t1;
2441
2442 tmp = b3 ^ b2;
2443 b3 = ror64(tmp, 30);
2444 b2 -= b3 + k6;
2445 b3 -= k7;
2446
2447 tmp = b1 ^ b0;
2448 b1 = ror64(tmp, 39);
2449 b0 -= b1 + k4;
2450 b1 -= k5;
2451
2452 tmp = b3 ^ b4;
2453 b3 = ror64(tmp, 56);
2454 b4 -= b3;
2455
2456 tmp = b5 ^ b2;
2457 b5 = ror64(tmp, 54);
2458 b2 -= b5;
2459
2460 tmp = b7 ^ b0;
2461 b7 = ror64(tmp, 9);
2462 b0 -= b7;
2463
2464 tmp = b1 ^ b6;
2465 b1 = ror64(tmp, 44);
2466 b6 -= b1;
2467
2468 tmp = b7 ^ b2;
2469 b7 = ror64(tmp, 39);
2470 b2 -= b7;
2471
2472 tmp = b5 ^ b0;
2473 b5 = ror64(tmp, 36);
2474 b0 -= b5;
2475
2476 tmp = b3 ^ b6;
2477 b3 = ror64(tmp, 49);
2478 b6 -= b3;
2479
2480 tmp = b1 ^ b4;
2481 b1 = ror64(tmp, 17);
2482 b4 -= b1;
2483
2484 tmp = b3 ^ b0;
2485 b3 = ror64(tmp, 42);
2486 b0 -= b3;
2487
2488 tmp = b5 ^ b6;
2489 b5 = ror64(tmp, 14);
2490 b6 -= b5;
2491
2492 tmp = b7 ^ b4;
2493 b7 = ror64(tmp, 27);
2494 b4 -= b7;
2495
2496 tmp = b1 ^ b2;
2497 b1 = ror64(tmp, 33);
2498 b2 -= b1;
2499
2500 tmp = b7 ^ b6;
2501 b7 = ror64(tmp, 37);
2502 b6 -= b7 + k0 + t1;
2503 b7 -= k1 + 12;
2504
2505 tmp = b5 ^ b4;
2506 b5 = ror64(tmp, 19);
2507 b4 -= b5 + k7;
2508 b5 -= k8 + t0;
2509
2510 tmp = b3 ^ b2;
2511 b3 = ror64(tmp, 36);
2512 b2 -= b3 + k5;
2513 b3 -= k6;
2514
2515 tmp = b1 ^ b0;
2516 b1 = ror64(tmp, 46);
2517 b0 -= b1 + k3;
2518 b1 -= k4;
2519
2520 tmp = b3 ^ b4;
2521 b3 = ror64(tmp, 22);
2522 b4 -= b3;
2523
2524 tmp = b5 ^ b2;
2525 b5 = ror64(tmp, 56);
2526 b2 -= b5;
2527
2528 tmp = b7 ^ b0;
2529 b7 = ror64(tmp, 35);
2530 b0 -= b7;
2531
2532 tmp = b1 ^ b6;
2533 b1 = ror64(tmp, 8);
2534 b6 -= b1;
2535
2536 tmp = b7 ^ b2;
2537 b7 = ror64(tmp, 43);
2538 b2 -= b7;
2539
2540 tmp = b5 ^ b0;
2541 b5 = ror64(tmp, 39);
2542 b0 -= b5;
2543
2544 tmp = b3 ^ b6;
2545 b3 = ror64(tmp, 29);
2546 b6 -= b3;
2547
2548 tmp = b1 ^ b4;
2549 b1 = ror64(tmp, 25);
2550 b4 -= b1;
2551
2552 tmp = b3 ^ b0;
2553 b3 = ror64(tmp, 17);
2554 b0 -= b3;
2555
2556 tmp = b5 ^ b6;
2557 b5 = ror64(tmp, 10);
2558 b6 -= b5;
2559
2560 tmp = b7 ^ b4;
2561 b7 = ror64(tmp, 50);
2562 b4 -= b7;
2563
2564 tmp = b1 ^ b2;
2565 b1 = ror64(tmp, 13);
2566 b2 -= b1;
2567
2568 tmp = b7 ^ b6;
2569 b7 = ror64(tmp, 24);
2570 b6 -= b7 + k8 + t0;
2571 b7 -= k0 + 11;
2572
2573 tmp = b5 ^ b4;
2574 b5 = ror64(tmp, 34);
2575 b4 -= b5 + k6;
2576 b5 -= k7 + t2;
2577
2578 tmp = b3 ^ b2;
2579 b3 = ror64(tmp, 30);
2580 b2 -= b3 + k4;
2581 b3 -= k5;
2582
2583 tmp = b1 ^ b0;
2584 b1 = ror64(tmp, 39);
2585 b0 -= b1 + k2;
2586 b1 -= k3;
2587
2588 tmp = b3 ^ b4;
2589 b3 = ror64(tmp, 56);
2590 b4 -= b3;
2591
2592 tmp = b5 ^ b2;
2593 b5 = ror64(tmp, 54);
2594 b2 -= b5;
2595
2596 tmp = b7 ^ b0;
2597 b7 = ror64(tmp, 9);
2598 b0 -= b7;
2599
2600 tmp = b1 ^ b6;
2601 b1 = ror64(tmp, 44);
2602 b6 -= b1;
2603
2604 tmp = b7 ^ b2;
2605 b7 = ror64(tmp, 39);
2606 b2 -= b7;
2607
2608 tmp = b5 ^ b0;
2609 b5 = ror64(tmp, 36);
2610 b0 -= b5;
2611
2612 tmp = b3 ^ b6;
2613 b3 = ror64(tmp, 49);
2614 b6 -= b3;
2615
2616 tmp = b1 ^ b4;
2617 b1 = ror64(tmp, 17);
2618 b4 -= b1;
2619
2620 tmp = b3 ^ b0;
2621 b3 = ror64(tmp, 42);
2622 b0 -= b3;
2623
2624 tmp = b5 ^ b6;
2625 b5 = ror64(tmp, 14);
2626 b6 -= b5;
2627
2628 tmp = b7 ^ b4;
2629 b7 = ror64(tmp, 27);
2630 b4 -= b7;
2631
2632 tmp = b1 ^ b2;
2633 b1 = ror64(tmp, 33);
2634 b2 -= b1;
2635
2636 tmp = b7 ^ b6;
2637 b7 = ror64(tmp, 37);
2638 b6 -= b7 + k7 + t2;
2639 b7 -= k8 + 10;
2640
2641 tmp = b5 ^ b4;
2642 b5 = ror64(tmp, 19);
2643 b4 -= b5 + k5;
2644 b5 -= k6 + t1;
2645
2646 tmp = b3 ^ b2;
2647 b3 = ror64(tmp, 36);
2648 b2 -= b3 + k3;
2649 b3 -= k4;
2650
2651 tmp = b1 ^ b0;
2652 b1 = ror64(tmp, 46);
2653 b0 -= b1 + k1;
2654 b1 -= k2;
2655
2656 tmp = b3 ^ b4;
2657 b3 = ror64(tmp, 22);
2658 b4 -= b3;
2659
2660 tmp = b5 ^ b2;
2661 b5 = ror64(tmp, 56);
2662 b2 -= b5;
2663
2664 tmp = b7 ^ b0;
2665 b7 = ror64(tmp, 35);
2666 b0 -= b7;
2667
2668 tmp = b1 ^ b6;
2669 b1 = ror64(tmp, 8);
2670 b6 -= b1;
2671
2672 tmp = b7 ^ b2;
2673 b7 = ror64(tmp, 43);
2674 b2 -= b7;
2675
2676 tmp = b5 ^ b0;
2677 b5 = ror64(tmp, 39);
2678 b0 -= b5;
2679
2680 tmp = b3 ^ b6;
2681 b3 = ror64(tmp, 29);
2682 b6 -= b3;
2683
2684 tmp = b1 ^ b4;
2685 b1 = ror64(tmp, 25);
2686 b4 -= b1;
2687
2688 tmp = b3 ^ b0;
2689 b3 = ror64(tmp, 17);
2690 b0 -= b3;
2691
2692 tmp = b5 ^ b6;
2693 b5 = ror64(tmp, 10);
2694 b6 -= b5;
2695
2696 tmp = b7 ^ b4;
2697 b7 = ror64(tmp, 50);
2698 b4 -= b7;
2699
2700 tmp = b1 ^ b2;
2701 b1 = ror64(tmp, 13);
2702 b2 -= b1;
2703
2704 tmp = b7 ^ b6;
2705 b7 = ror64(tmp, 24);
2706 b6 -= b7 + k6 + t1;
2707 b7 -= k7 + 9;
2708
2709 tmp = b5 ^ b4;
2710 b5 = ror64(tmp, 34);
2711 b4 -= b5 + k4;
2712 b5 -= k5 + t0;
2713
2714 tmp = b3 ^ b2;
2715 b3 = ror64(tmp, 30);
2716 b2 -= b3 + k2;
2717 b3 -= k3;
2718
2719 tmp = b1 ^ b0;
2720 b1 = ror64(tmp, 39);
2721 b0 -= b1 + k0;
2722 b1 -= k1;
2723
2724 tmp = b3 ^ b4;
2725 b3 = ror64(tmp, 56);
2726 b4 -= b3;
2727
2728 tmp = b5 ^ b2;
2729 b5 = ror64(tmp, 54);
2730 b2 -= b5;
2731
2732 tmp = b7 ^ b0;
2733 b7 = ror64(tmp, 9);
2734 b0 -= b7;
2735
2736 tmp = b1 ^ b6;
2737 b1 = ror64(tmp, 44);
2738 b6 -= b1;
2739
2740 tmp = b7 ^ b2;
2741 b7 = ror64(tmp, 39);
2742 b2 -= b7;
2743
2744 tmp = b5 ^ b0;
2745 b5 = ror64(tmp, 36);
2746 b0 -= b5;
2747
2748 tmp = b3 ^ b6;
2749 b3 = ror64(tmp, 49);
2750 b6 -= b3;
2751
2752 tmp = b1 ^ b4;
2753 b1 = ror64(tmp, 17);
2754 b4 -= b1;
2755
2756 tmp = b3 ^ b0;
2757 b3 = ror64(tmp, 42);
2758 b0 -= b3;
2759
2760 tmp = b5 ^ b6;
2761 b5 = ror64(tmp, 14);
2762 b6 -= b5;
2763
2764 tmp = b7 ^ b4;
2765 b7 = ror64(tmp, 27);
2766 b4 -= b7;
2767
2768 tmp = b1 ^ b2;
2769 b1 = ror64(tmp, 33);
2770 b2 -= b1;
2771
2772 tmp = b7 ^ b6;
2773 b7 = ror64(tmp, 37);
2774 b6 -= b7 + k5 + t0;
2775 b7 -= k6 + 8;
2776
2777 tmp = b5 ^ b4;
2778 b5 = ror64(tmp, 19);
2779 b4 -= b5 + k3;
2780 b5 -= k4 + t2;
2781
2782 tmp = b3 ^ b2;
2783 b3 = ror64(tmp, 36);
2784 b2 -= b3 + k1;
2785 b3 -= k2;
2786
2787 tmp = b1 ^ b0;
2788 b1 = ror64(tmp, 46);
2789 b0 -= b1 + k8;
2790 b1 -= k0;
2791
2792 tmp = b3 ^ b4;
2793 b3 = ror64(tmp, 22);
2794 b4 -= b3;
2795
2796 tmp = b5 ^ b2;
2797 b5 = ror64(tmp, 56);
2798 b2 -= b5;
2799
2800 tmp = b7 ^ b0;
2801 b7 = ror64(tmp, 35);
2802 b0 -= b7;
2803
2804 tmp = b1 ^ b6;
2805 b1 = ror64(tmp, 8);
2806 b6 -= b1;
2807
2808 tmp = b7 ^ b2;
2809 b7 = ror64(tmp, 43);
2810 b2 -= b7;
2811
2812 tmp = b5 ^ b0;
2813 b5 = ror64(tmp, 39);
2814 b0 -= b5;
2815
2816 tmp = b3 ^ b6;
2817 b3 = ror64(tmp, 29);
2818 b6 -= b3;
2819
2820 tmp = b1 ^ b4;
2821 b1 = ror64(tmp, 25);
2822 b4 -= b1;
2823
2824 tmp = b3 ^ b0;
2825 b3 = ror64(tmp, 17);
2826 b0 -= b3;
2827
2828 tmp = b5 ^ b6;
2829 b5 = ror64(tmp, 10);
2830 b6 -= b5;
2831
2832 tmp = b7 ^ b4;
2833 b7 = ror64(tmp, 50);
2834 b4 -= b7;
2835
2836 tmp = b1 ^ b2;
2837 b1 = ror64(tmp, 13);
2838 b2 -= b1;
2839
2840 tmp = b7 ^ b6;
2841 b7 = ror64(tmp, 24);
2842 b6 -= b7 + k4 + t2;
2843 b7 -= k5 + 7;
2844
2845 tmp = b5 ^ b4;
2846 b5 = ror64(tmp, 34);
2847 b4 -= b5 + k2;
2848 b5 -= k3 + t1;
2849
2850 tmp = b3 ^ b2;
2851 b3 = ror64(tmp, 30);
2852 b2 -= b3 + k0;
2853 b3 -= k1;
2854
2855 tmp = b1 ^ b0;
2856 b1 = ror64(tmp, 39);
2857 b0 -= b1 + k7;
2858 b1 -= k8;
2859
2860 tmp = b3 ^ b4;
2861 b3 = ror64(tmp, 56);
2862 b4 -= b3;
2863
2864 tmp = b5 ^ b2;
2865 b5 = ror64(tmp, 54);
2866 b2 -= b5;
2867
2868 tmp = b7 ^ b0;
2869 b7 = ror64(tmp, 9);
2870 b0 -= b7;
2871
2872 tmp = b1 ^ b6;
2873 b1 = ror64(tmp, 44);
2874 b6 -= b1;
2875
2876 tmp = b7 ^ b2;
2877 b7 = ror64(tmp, 39);
2878 b2 -= b7;
2879
2880 tmp = b5 ^ b0;
2881 b5 = ror64(tmp, 36);
2882 b0 -= b5;
2883
2884 tmp = b3 ^ b6;
2885 b3 = ror64(tmp, 49);
2886 b6 -= b3;
2887
2888 tmp = b1 ^ b4;
2889 b1 = ror64(tmp, 17);
2890 b4 -= b1;
2891
2892 tmp = b3 ^ b0;
2893 b3 = ror64(tmp, 42);
2894 b0 -= b3;
2895
2896 tmp = b5 ^ b6;
2897 b5 = ror64(tmp, 14);
2898 b6 -= b5;
2899
2900 tmp = b7 ^ b4;
2901 b7 = ror64(tmp, 27);
2902 b4 -= b7;
2903
2904 tmp = b1 ^ b2;
2905 b1 = ror64(tmp, 33);
2906 b2 -= b1;
2907
2908 tmp = b7 ^ b6;
2909 b7 = ror64(tmp, 37);
2910 b6 -= b7 + k3 + t1;
2911 b7 -= k4 + 6;
2912
2913 tmp = b5 ^ b4;
2914 b5 = ror64(tmp, 19);
2915 b4 -= b5 + k1;
2916 b5 -= k2 + t0;
2917
2918 tmp = b3 ^ b2;
2919 b3 = ror64(tmp, 36);
2920 b2 -= b3 + k8;
2921 b3 -= k0;
2922
2923 tmp = b1 ^ b0;
2924 b1 = ror64(tmp, 46);
2925 b0 -= b1 + k6;
2926 b1 -= k7;
2927
2928 tmp = b3 ^ b4;
2929 b3 = ror64(tmp, 22);
2930 b4 -= b3;
2931
2932 tmp = b5 ^ b2;
2933 b5 = ror64(tmp, 56);
2934 b2 -= b5;
2935
2936 tmp = b7 ^ b0;
2937 b7 = ror64(tmp, 35);
2938 b0 -= b7;
2939
2940 tmp = b1 ^ b6;
2941 b1 = ror64(tmp, 8);
2942 b6 -= b1;
2943
2944 tmp = b7 ^ b2;
2945 b7 = ror64(tmp, 43);
2946 b2 -= b7;
2947
2948 tmp = b5 ^ b0;
2949 b5 = ror64(tmp, 39);
2950 b0 -= b5;
2951
2952 tmp = b3 ^ b6;
2953 b3 = ror64(tmp, 29);
2954 b6 -= b3;
2955
2956 tmp = b1 ^ b4;
2957 b1 = ror64(tmp, 25);
2958 b4 -= b1;
2959
2960 tmp = b3 ^ b0;
2961 b3 = ror64(tmp, 17);
2962 b0 -= b3;
2963
2964 tmp = b5 ^ b6;
2965 b5 = ror64(tmp, 10);
2966 b6 -= b5;
2967
2968 tmp = b7 ^ b4;
2969 b7 = ror64(tmp, 50);
2970 b4 -= b7;
2971
2972 tmp = b1 ^ b2;
2973 b1 = ror64(tmp, 13);
2974 b2 -= b1;
2975
2976 tmp = b7 ^ b6;
2977 b7 = ror64(tmp, 24);
2978 b6 -= b7 + k2 + t0;
2979 b7 -= k3 + 5;
2980
2981 tmp = b5 ^ b4;
2982 b5 = ror64(tmp, 34);
2983 b4 -= b5 + k0;
2984 b5 -= k1 + t2;
2985
2986 tmp = b3 ^ b2;
2987 b3 = ror64(tmp, 30);
2988 b2 -= b3 + k7;
2989 b3 -= k8;
2990
2991 tmp = b1 ^ b0;
2992 b1 = ror64(tmp, 39);
2993 b0 -= b1 + k5;
2994 b1 -= k6;
2995
2996 tmp = b3 ^ b4;
2997 b3 = ror64(tmp, 56);
2998 b4 -= b3;
2999
3000 tmp = b5 ^ b2;
3001 b5 = ror64(tmp, 54);
3002 b2 -= b5;
3003
3004 tmp = b7 ^ b0;
3005 b7 = ror64(tmp, 9);
3006 b0 -= b7;
3007
3008 tmp = b1 ^ b6;
3009 b1 = ror64(tmp, 44);
3010 b6 -= b1;
3011
3012 tmp = b7 ^ b2;
3013 b7 = ror64(tmp, 39);
3014 b2 -= b7;
3015
3016 tmp = b5 ^ b0;
3017 b5 = ror64(tmp, 36);
3018 b0 -= b5;
3019
3020 tmp = b3 ^ b6;
3021 b3 = ror64(tmp, 49);
3022 b6 -= b3;
3023
3024 tmp = b1 ^ b4;
3025 b1 = ror64(tmp, 17);
3026 b4 -= b1;
3027
3028 tmp = b3 ^ b0;
3029 b3 = ror64(tmp, 42);
3030 b0 -= b3;
3031
3032 tmp = b5 ^ b6;
3033 b5 = ror64(tmp, 14);
3034 b6 -= b5;
3035
3036 tmp = b7 ^ b4;
3037 b7 = ror64(tmp, 27);
3038 b4 -= b7;
3039
3040 tmp = b1 ^ b2;
3041 b1 = ror64(tmp, 33);
3042 b2 -= b1;
3043
3044 tmp = b7 ^ b6;
3045 b7 = ror64(tmp, 37);
3046 b6 -= b7 + k1 + t2;
3047 b7 -= k2 + 4;
3048
3049 tmp = b5 ^ b4;
3050 b5 = ror64(tmp, 19);
3051 b4 -= b5 + k8;
3052 b5 -= k0 + t1;
3053
3054 tmp = b3 ^ b2;
3055 b3 = ror64(tmp, 36);
3056 b2 -= b3 + k6;
3057 b3 -= k7;
3058
3059 tmp = b1 ^ b0;
3060 b1 = ror64(tmp, 46);
3061 b0 -= b1 + k4;
3062 b1 -= k5;
3063
3064 tmp = b3 ^ b4;
3065 b3 = ror64(tmp, 22);
3066 b4 -= b3;
3067
3068 tmp = b5 ^ b2;
3069 b5 = ror64(tmp, 56);
3070 b2 -= b5;
3071
3072 tmp = b7 ^ b0;
3073 b7 = ror64(tmp, 35);
3074 b0 -= b7;
3075
3076 tmp = b1 ^ b6;
3077 b1 = ror64(tmp, 8);
3078 b6 -= b1;
3079
3080 tmp = b7 ^ b2;
3081 b7 = ror64(tmp, 43);
3082 b2 -= b7;
3083
3084 tmp = b5 ^ b0;
3085 b5 = ror64(tmp, 39);
3086 b0 -= b5;
3087
3088 tmp = b3 ^ b6;
3089 b3 = ror64(tmp, 29);
3090 b6 -= b3;
3091
3092 tmp = b1 ^ b4;
3093 b1 = ror64(tmp, 25);
3094 b4 -= b1;
3095
3096 tmp = b3 ^ b0;
3097 b3 = ror64(tmp, 17);
3098 b0 -= b3;
3099
3100 tmp = b5 ^ b6;
3101 b5 = ror64(tmp, 10);
3102 b6 -= b5;
3103
3104 tmp = b7 ^ b4;
3105 b7 = ror64(tmp, 50);
3106 b4 -= b7;
3107
3108 tmp = b1 ^ b2;
3109 b1 = ror64(tmp, 13);
3110 b2 -= b1;
3111
3112 tmp = b7 ^ b6;
3113 b7 = ror64(tmp, 24);
3114 b6 -= b7 + k0 + t1;
3115 b7 -= k1 + 3;
3116
3117 tmp = b5 ^ b4;
3118 b5 = ror64(tmp, 34);
3119 b4 -= b5 + k7;
3120 b5 -= k8 + t0;
3121
3122 tmp = b3 ^ b2;
3123 b3 = ror64(tmp, 30);
3124 b2 -= b3 + k5;
3125 b3 -= k6;
3126
3127 tmp = b1 ^ b0;
3128 b1 = ror64(tmp, 39);
3129 b0 -= b1 + k3;
3130 b1 -= k4;
3131
3132 tmp = b3 ^ b4;
3133 b3 = ror64(tmp, 56);
3134 b4 -= b3;
3135
3136 tmp = b5 ^ b2;
3137 b5 = ror64(tmp, 54);
3138 b2 -= b5;
3139
3140 tmp = b7 ^ b0;
3141 b7 = ror64(tmp, 9);
3142 b0 -= b7;
3143
3144 tmp = b1 ^ b6;
3145 b1 = ror64(tmp, 44);
3146 b6 -= b1;
3147
3148 tmp = b7 ^ b2;
3149 b7 = ror64(tmp, 39);
3150 b2 -= b7;
3151
3152 tmp = b5 ^ b0;
3153 b5 = ror64(tmp, 36);
3154 b0 -= b5;
3155
3156 tmp = b3 ^ b6;
3157 b3 = ror64(tmp, 49);
3158 b6 -= b3;
3159
3160 tmp = b1 ^ b4;
3161 b1 = ror64(tmp, 17);
3162 b4 -= b1;
3163
3164 tmp = b3 ^ b0;
3165 b3 = ror64(tmp, 42);
3166 b0 -= b3;
3167
3168 tmp = b5 ^ b6;
3169 b5 = ror64(tmp, 14);
3170 b6 -= b5;
3171
3172 tmp = b7 ^ b4;
3173 b7 = ror64(tmp, 27);
3174 b4 -= b7;
3175
3176 tmp = b1 ^ b2;
3177 b1 = ror64(tmp, 33);
3178 b2 -= b1;
3179
3180 tmp = b7 ^ b6;
3181 b7 = ror64(tmp, 37);
3182 b6 -= b7 + k8 + t0;
3183 b7 -= k0 + 2;
3184
3185 tmp = b5 ^ b4;
3186 b5 = ror64(tmp, 19);
3187 b4 -= b5 + k6;
3188 b5 -= k7 + t2;
3189
3190 tmp = b3 ^ b2;
3191 b3 = ror64(tmp, 36);
3192 b2 -= b3 + k4;
3193 b3 -= k5;
3194
3195 tmp = b1 ^ b0;
3196 b1 = ror64(tmp, 46);
3197 b0 -= b1 + k2;
3198 b1 -= k3;
3199
3200 tmp = b3 ^ b4;
3201 b3 = ror64(tmp, 22);
3202 b4 -= b3;
3203
3204 tmp = b5 ^ b2;
3205 b5 = ror64(tmp, 56);
3206 b2 -= b5;
3207
3208 tmp = b7 ^ b0;
3209 b7 = ror64(tmp, 35);
3210 b0 -= b7;
3211
3212 tmp = b1 ^ b6;
3213 b1 = ror64(tmp, 8);
3214 b6 -= b1;
3215
3216 tmp = b7 ^ b2;
3217 b7 = ror64(tmp, 43);
3218 b2 -= b7;
3219
3220 tmp = b5 ^ b0;
3221 b5 = ror64(tmp, 39);
3222 b0 -= b5;
3223
3224 tmp = b3 ^ b6;
3225 b3 = ror64(tmp, 29);
3226 b6 -= b3;
3227
3228 tmp = b1 ^ b4;
3229 b1 = ror64(tmp, 25);
3230 b4 -= b1;
3231
3232 tmp = b3 ^ b0;
3233 b3 = ror64(tmp, 17);
3234 b0 -= b3;
3235
3236 tmp = b5 ^ b6;
3237 b5 = ror64(tmp, 10);
3238 b6 -= b5;
3239
3240 tmp = b7 ^ b4;
3241 b7 = ror64(tmp, 50);
3242 b4 -= b7;
3243
3244 tmp = b1 ^ b2;
3245 b1 = ror64(tmp, 13);
3246 b2 -= b1;
3247
3248 tmp = b7 ^ b6;
3249 b7 = ror64(tmp, 24);
3250 b6 -= b7 + k7 + t2;
3251 b7 -= k8 + 1;
3252
3253 tmp = b5 ^ b4;
3254 b5 = ror64(tmp, 34);
3255 b4 -= b5 + k5;
3256 b5 -= k6 + t1;
3257
3258 tmp = b3 ^ b2;
3259 b3 = ror64(tmp, 30);
3260 b2 -= b3 + k3;
3261 b3 -= k4;
3262
3263 tmp = b1 ^ b0;
3264 b1 = ror64(tmp, 39);
3265 b0 -= b1 + k1;
3266 b1 -= k2;
3267
3268 tmp = b3 ^ b4;
3269 b3 = ror64(tmp, 56);
3270 b4 -= b3;
3271
3272 tmp = b5 ^ b2;
3273 b5 = ror64(tmp, 54);
3274 b2 -= b5;
3275
3276 tmp = b7 ^ b0;
3277 b7 = ror64(tmp, 9);
3278 b0 -= b7;
3279
3280 tmp = b1 ^ b6;
3281 b1 = ror64(tmp, 44);
3282 b6 -= b1;
3283
3284 tmp = b7 ^ b2;
3285 b7 = ror64(tmp, 39);
3286 b2 -= b7;
3287
3288 tmp = b5 ^ b0;
3289 b5 = ror64(tmp, 36);
3290 b0 -= b5;
3291
3292 tmp = b3 ^ b6;
3293 b3 = ror64(tmp, 49);
3294 b6 -= b3;
3295
3296 tmp = b1 ^ b4;
3297 b1 = ror64(tmp, 17);
3298 b4 -= b1;
3299
3300 tmp = b3 ^ b0;
3301 b3 = ror64(tmp, 42);
3302 b0 -= b3;
3303
3304 tmp = b5 ^ b6;
3305 b5 = ror64(tmp, 14);
3306 b6 -= b5;
3307
3308 tmp = b7 ^ b4;
3309 b7 = ror64(tmp, 27);
3310 b4 -= b7;
3311
3312 tmp = b1 ^ b2;
3313 b1 = ror64(tmp, 33);
3314 b2 -= b1;
3315
3316 tmp = b7 ^ b6;
3317 b7 = ror64(tmp, 37);
3318 b6 -= b7 + k6 + t1;
3319 b7 -= k7;
3320
3321 tmp = b5 ^ b4;
3322 b5 = ror64(tmp, 19);
3323 b4 -= b5 + k4;
3324 b5 -= k5 + t0;
3325
3326 tmp = b3 ^ b2;
3327 b3 = ror64(tmp, 36);
3328 b2 -= b3 + k2;
3329 b3 -= k3;
3330
3331 tmp = b1 ^ b0;
3332 b1 = ror64(tmp, 46);
3333 b0 -= b1 + k0;
3334 b1 -= k1;
3335
3336 output[0] = b0;
3337 output[1] = b1;
3338 output[2] = b2;
3339 output[3] = b3;
3340
3341 output[7] = b7;
3342 output[6] = b6;
3343 output[5] = b5;
3344 output[4] = b4;
3345 }
3346
threefish_encrypt_1024(struct threefish_key * key_ctx,u64 * input,u64 * output)3347 void threefish_encrypt_1024(struct threefish_key *key_ctx, u64 *input,
3348 u64 *output)
3349 {
3350 u64 b0 = input[0], b1 = input[1],
3351 b2 = input[2], b3 = input[3],
3352 b4 = input[4], b5 = input[5],
3353 b6 = input[6], b7 = input[7],
3354 b8 = input[8], b9 = input[9],
3355 b10 = input[10], b11 = input[11],
3356 b12 = input[12], b13 = input[13],
3357 b14 = input[14], b15 = input[15];
3358 u64 k0 = key_ctx->key[0], k1 = key_ctx->key[1],
3359 k2 = key_ctx->key[2], k3 = key_ctx->key[3],
3360 k4 = key_ctx->key[4], k5 = key_ctx->key[5],
3361 k6 = key_ctx->key[6], k7 = key_ctx->key[7],
3362 k8 = key_ctx->key[8], k9 = key_ctx->key[9],
3363 k10 = key_ctx->key[10], k11 = key_ctx->key[11],
3364 k12 = key_ctx->key[12], k13 = key_ctx->key[13],
3365 k14 = key_ctx->key[14], k15 = key_ctx->key[15],
3366 k16 = key_ctx->key[16];
3367 u64 t0 = key_ctx->tweak[0], t1 = key_ctx->tweak[1],
3368 t2 = key_ctx->tweak[2];
3369
3370 b1 += k1;
3371 b0 += b1 + k0;
3372 b1 = rol64(b1, 24) ^ b0;
3373
3374 b3 += k3;
3375 b2 += b3 + k2;
3376 b3 = rol64(b3, 13) ^ b2;
3377
3378 b5 += k5;
3379 b4 += b5 + k4;
3380 b5 = rol64(b5, 8) ^ b4;
3381
3382 b7 += k7;
3383 b6 += b7 + k6;
3384 b7 = rol64(b7, 47) ^ b6;
3385
3386 b9 += k9;
3387 b8 += b9 + k8;
3388 b9 = rol64(b9, 8) ^ b8;
3389
3390 b11 += k11;
3391 b10 += b11 + k10;
3392 b11 = rol64(b11, 17) ^ b10;
3393
3394 b13 += k13 + t0;
3395 b12 += b13 + k12;
3396 b13 = rol64(b13, 22) ^ b12;
3397
3398 b15 += k15;
3399 b14 += b15 + k14 + t1;
3400 b15 = rol64(b15, 37) ^ b14;
3401
3402 b0 += b9;
3403 b9 = rol64(b9, 38) ^ b0;
3404
3405 b2 += b13;
3406 b13 = rol64(b13, 19) ^ b2;
3407
3408 b6 += b11;
3409 b11 = rol64(b11, 10) ^ b6;
3410
3411 b4 += b15;
3412 b15 = rol64(b15, 55) ^ b4;
3413
3414 b10 += b7;
3415 b7 = rol64(b7, 49) ^ b10;
3416
3417 b12 += b3;
3418 b3 = rol64(b3, 18) ^ b12;
3419
3420 b14 += b5;
3421 b5 = rol64(b5, 23) ^ b14;
3422
3423 b8 += b1;
3424 b1 = rol64(b1, 52) ^ b8;
3425
3426 b0 += b7;
3427 b7 = rol64(b7, 33) ^ b0;
3428
3429 b2 += b5;
3430 b5 = rol64(b5, 4) ^ b2;
3431
3432 b4 += b3;
3433 b3 = rol64(b3, 51) ^ b4;
3434
3435 b6 += b1;
3436 b1 = rol64(b1, 13) ^ b6;
3437
3438 b12 += b15;
3439 b15 = rol64(b15, 34) ^ b12;
3440
3441 b14 += b13;
3442 b13 = rol64(b13, 41) ^ b14;
3443
3444 b8 += b11;
3445 b11 = rol64(b11, 59) ^ b8;
3446
3447 b10 += b9;
3448 b9 = rol64(b9, 17) ^ b10;
3449
3450 b0 += b15;
3451 b15 = rol64(b15, 5) ^ b0;
3452
3453 b2 += b11;
3454 b11 = rol64(b11, 20) ^ b2;
3455
3456 b6 += b13;
3457 b13 = rol64(b13, 48) ^ b6;
3458
3459 b4 += b9;
3460 b9 = rol64(b9, 41) ^ b4;
3461
3462 b14 += b1;
3463 b1 = rol64(b1, 47) ^ b14;
3464
3465 b8 += b5;
3466 b5 = rol64(b5, 28) ^ b8;
3467
3468 b10 += b3;
3469 b3 = rol64(b3, 16) ^ b10;
3470
3471 b12 += b7;
3472 b7 = rol64(b7, 25) ^ b12;
3473
3474 b1 += k2;
3475 b0 += b1 + k1;
3476 b1 = rol64(b1, 41) ^ b0;
3477
3478 b3 += k4;
3479 b2 += b3 + k3;
3480 b3 = rol64(b3, 9) ^ b2;
3481
3482 b5 += k6;
3483 b4 += b5 + k5;
3484 b5 = rol64(b5, 37) ^ b4;
3485
3486 b7 += k8;
3487 b6 += b7 + k7;
3488 b7 = rol64(b7, 31) ^ b6;
3489
3490 b9 += k10;
3491 b8 += b9 + k9;
3492 b9 = rol64(b9, 12) ^ b8;
3493
3494 b11 += k12;
3495 b10 += b11 + k11;
3496 b11 = rol64(b11, 47) ^ b10;
3497
3498 b13 += k14 + t1;
3499 b12 += b13 + k13;
3500 b13 = rol64(b13, 44) ^ b12;
3501
3502 b15 += k16 + 1;
3503 b14 += b15 + k15 + t2;
3504 b15 = rol64(b15, 30) ^ b14;
3505
3506 b0 += b9;
3507 b9 = rol64(b9, 16) ^ b0;
3508
3509 b2 += b13;
3510 b13 = rol64(b13, 34) ^ b2;
3511
3512 b6 += b11;
3513 b11 = rol64(b11, 56) ^ b6;
3514
3515 b4 += b15;
3516 b15 = rol64(b15, 51) ^ b4;
3517
3518 b10 += b7;
3519 b7 = rol64(b7, 4) ^ b10;
3520
3521 b12 += b3;
3522 b3 = rol64(b3, 53) ^ b12;
3523
3524 b14 += b5;
3525 b5 = rol64(b5, 42) ^ b14;
3526
3527 b8 += b1;
3528 b1 = rol64(b1, 41) ^ b8;
3529
3530 b0 += b7;
3531 b7 = rol64(b7, 31) ^ b0;
3532
3533 b2 += b5;
3534 b5 = rol64(b5, 44) ^ b2;
3535
3536 b4 += b3;
3537 b3 = rol64(b3, 47) ^ b4;
3538
3539 b6 += b1;
3540 b1 = rol64(b1, 46) ^ b6;
3541
3542 b12 += b15;
3543 b15 = rol64(b15, 19) ^ b12;
3544
3545 b14 += b13;
3546 b13 = rol64(b13, 42) ^ b14;
3547
3548 b8 += b11;
3549 b11 = rol64(b11, 44) ^ b8;
3550
3551 b10 += b9;
3552 b9 = rol64(b9, 25) ^ b10;
3553
3554 b0 += b15;
3555 b15 = rol64(b15, 9) ^ b0;
3556
3557 b2 += b11;
3558 b11 = rol64(b11, 48) ^ b2;
3559
3560 b6 += b13;
3561 b13 = rol64(b13, 35) ^ b6;
3562
3563 b4 += b9;
3564 b9 = rol64(b9, 52) ^ b4;
3565
3566 b14 += b1;
3567 b1 = rol64(b1, 23) ^ b14;
3568
3569 b8 += b5;
3570 b5 = rol64(b5, 31) ^ b8;
3571
3572 b10 += b3;
3573 b3 = rol64(b3, 37) ^ b10;
3574
3575 b12 += b7;
3576 b7 = rol64(b7, 20) ^ b12;
3577
3578 b1 += k3;
3579 b0 += b1 + k2;
3580 b1 = rol64(b1, 24) ^ b0;
3581
3582 b3 += k5;
3583 b2 += b3 + k4;
3584 b3 = rol64(b3, 13) ^ b2;
3585
3586 b5 += k7;
3587 b4 += b5 + k6;
3588 b5 = rol64(b5, 8) ^ b4;
3589
3590 b7 += k9;
3591 b6 += b7 + k8;
3592 b7 = rol64(b7, 47) ^ b6;
3593
3594 b9 += k11;
3595 b8 += b9 + k10;
3596 b9 = rol64(b9, 8) ^ b8;
3597
3598 b11 += k13;
3599 b10 += b11 + k12;
3600 b11 = rol64(b11, 17) ^ b10;
3601
3602 b13 += k15 + t2;
3603 b12 += b13 + k14;
3604 b13 = rol64(b13, 22) ^ b12;
3605
3606 b15 += k0 + 2;
3607 b14 += b15 + k16 + t0;
3608 b15 = rol64(b15, 37) ^ b14;
3609
3610 b0 += b9;
3611 b9 = rol64(b9, 38) ^ b0;
3612
3613 b2 += b13;
3614 b13 = rol64(b13, 19) ^ b2;
3615
3616 b6 += b11;
3617 b11 = rol64(b11, 10) ^ b6;
3618
3619 b4 += b15;
3620 b15 = rol64(b15, 55) ^ b4;
3621
3622 b10 += b7;
3623 b7 = rol64(b7, 49) ^ b10;
3624
3625 b12 += b3;
3626 b3 = rol64(b3, 18) ^ b12;
3627
3628 b14 += b5;
3629 b5 = rol64(b5, 23) ^ b14;
3630
3631 b8 += b1;
3632 b1 = rol64(b1, 52) ^ b8;
3633
3634 b0 += b7;
3635 b7 = rol64(b7, 33) ^ b0;
3636
3637 b2 += b5;
3638 b5 = rol64(b5, 4) ^ b2;
3639
3640 b4 += b3;
3641 b3 = rol64(b3, 51) ^ b4;
3642
3643 b6 += b1;
3644 b1 = rol64(b1, 13) ^ b6;
3645
3646 b12 += b15;
3647 b15 = rol64(b15, 34) ^ b12;
3648
3649 b14 += b13;
3650 b13 = rol64(b13, 41) ^ b14;
3651
3652 b8 += b11;
3653 b11 = rol64(b11, 59) ^ b8;
3654
3655 b10 += b9;
3656 b9 = rol64(b9, 17) ^ b10;
3657
3658 b0 += b15;
3659 b15 = rol64(b15, 5) ^ b0;
3660
3661 b2 += b11;
3662 b11 = rol64(b11, 20) ^ b2;
3663
3664 b6 += b13;
3665 b13 = rol64(b13, 48) ^ b6;
3666
3667 b4 += b9;
3668 b9 = rol64(b9, 41) ^ b4;
3669
3670 b14 += b1;
3671 b1 = rol64(b1, 47) ^ b14;
3672
3673 b8 += b5;
3674 b5 = rol64(b5, 28) ^ b8;
3675
3676 b10 += b3;
3677 b3 = rol64(b3, 16) ^ b10;
3678
3679 b12 += b7;
3680 b7 = rol64(b7, 25) ^ b12;
3681
3682 b1 += k4;
3683 b0 += b1 + k3;
3684 b1 = rol64(b1, 41) ^ b0;
3685
3686 b3 += k6;
3687 b2 += b3 + k5;
3688 b3 = rol64(b3, 9) ^ b2;
3689
3690 b5 += k8;
3691 b4 += b5 + k7;
3692 b5 = rol64(b5, 37) ^ b4;
3693
3694 b7 += k10;
3695 b6 += b7 + k9;
3696 b7 = rol64(b7, 31) ^ b6;
3697
3698 b9 += k12;
3699 b8 += b9 + k11;
3700 b9 = rol64(b9, 12) ^ b8;
3701
3702 b11 += k14;
3703 b10 += b11 + k13;
3704 b11 = rol64(b11, 47) ^ b10;
3705
3706 b13 += k16 + t0;
3707 b12 += b13 + k15;
3708 b13 = rol64(b13, 44) ^ b12;
3709
3710 b15 += k1 + 3;
3711 b14 += b15 + k0 + t1;
3712 b15 = rol64(b15, 30) ^ b14;
3713
3714 b0 += b9;
3715 b9 = rol64(b9, 16) ^ b0;
3716
3717 b2 += b13;
3718 b13 = rol64(b13, 34) ^ b2;
3719
3720 b6 += b11;
3721 b11 = rol64(b11, 56) ^ b6;
3722
3723 b4 += b15;
3724 b15 = rol64(b15, 51) ^ b4;
3725
3726 b10 += b7;
3727 b7 = rol64(b7, 4) ^ b10;
3728
3729 b12 += b3;
3730 b3 = rol64(b3, 53) ^ b12;
3731
3732 b14 += b5;
3733 b5 = rol64(b5, 42) ^ b14;
3734
3735 b8 += b1;
3736 b1 = rol64(b1, 41) ^ b8;
3737
3738 b0 += b7;
3739 b7 = rol64(b7, 31) ^ b0;
3740
3741 b2 += b5;
3742 b5 = rol64(b5, 44) ^ b2;
3743
3744 b4 += b3;
3745 b3 = rol64(b3, 47) ^ b4;
3746
3747 b6 += b1;
3748 b1 = rol64(b1, 46) ^ b6;
3749
3750 b12 += b15;
3751 b15 = rol64(b15, 19) ^ b12;
3752
3753 b14 += b13;
3754 b13 = rol64(b13, 42) ^ b14;
3755
3756 b8 += b11;
3757 b11 = rol64(b11, 44) ^ b8;
3758
3759 b10 += b9;
3760 b9 = rol64(b9, 25) ^ b10;
3761
3762 b0 += b15;
3763 b15 = rol64(b15, 9) ^ b0;
3764
3765 b2 += b11;
3766 b11 = rol64(b11, 48) ^ b2;
3767
3768 b6 += b13;
3769 b13 = rol64(b13, 35) ^ b6;
3770
3771 b4 += b9;
3772 b9 = rol64(b9, 52) ^ b4;
3773
3774 b14 += b1;
3775 b1 = rol64(b1, 23) ^ b14;
3776
3777 b8 += b5;
3778 b5 = rol64(b5, 31) ^ b8;
3779
3780 b10 += b3;
3781 b3 = rol64(b3, 37) ^ b10;
3782
3783 b12 += b7;
3784 b7 = rol64(b7, 20) ^ b12;
3785
3786 b1 += k5;
3787 b0 += b1 + k4;
3788 b1 = rol64(b1, 24) ^ b0;
3789
3790 b3 += k7;
3791 b2 += b3 + k6;
3792 b3 = rol64(b3, 13) ^ b2;
3793
3794 b5 += k9;
3795 b4 += b5 + k8;
3796 b5 = rol64(b5, 8) ^ b4;
3797
3798 b7 += k11;
3799 b6 += b7 + k10;
3800 b7 = rol64(b7, 47) ^ b6;
3801
3802 b9 += k13;
3803 b8 += b9 + k12;
3804 b9 = rol64(b9, 8) ^ b8;
3805
3806 b11 += k15;
3807 b10 += b11 + k14;
3808 b11 = rol64(b11, 17) ^ b10;
3809
3810 b13 += k0 + t1;
3811 b12 += b13 + k16;
3812 b13 = rol64(b13, 22) ^ b12;
3813
3814 b15 += k2 + 4;
3815 b14 += b15 + k1 + t2;
3816 b15 = rol64(b15, 37) ^ b14;
3817
3818 b0 += b9;
3819 b9 = rol64(b9, 38) ^ b0;
3820
3821 b2 += b13;
3822 b13 = rol64(b13, 19) ^ b2;
3823
3824 b6 += b11;
3825 b11 = rol64(b11, 10) ^ b6;
3826
3827 b4 += b15;
3828 b15 = rol64(b15, 55) ^ b4;
3829
3830 b10 += b7;
3831 b7 = rol64(b7, 49) ^ b10;
3832
3833 b12 += b3;
3834 b3 = rol64(b3, 18) ^ b12;
3835
3836 b14 += b5;
3837 b5 = rol64(b5, 23) ^ b14;
3838
3839 b8 += b1;
3840 b1 = rol64(b1, 52) ^ b8;
3841
3842 b0 += b7;
3843 b7 = rol64(b7, 33) ^ b0;
3844
3845 b2 += b5;
3846 b5 = rol64(b5, 4) ^ b2;
3847
3848 b4 += b3;
3849 b3 = rol64(b3, 51) ^ b4;
3850
3851 b6 += b1;
3852 b1 = rol64(b1, 13) ^ b6;
3853
3854 b12 += b15;
3855 b15 = rol64(b15, 34) ^ b12;
3856
3857 b14 += b13;
3858 b13 = rol64(b13, 41) ^ b14;
3859
3860 b8 += b11;
3861 b11 = rol64(b11, 59) ^ b8;
3862
3863 b10 += b9;
3864 b9 = rol64(b9, 17) ^ b10;
3865
3866 b0 += b15;
3867 b15 = rol64(b15, 5) ^ b0;
3868
3869 b2 += b11;
3870 b11 = rol64(b11, 20) ^ b2;
3871
3872 b6 += b13;
3873 b13 = rol64(b13, 48) ^ b6;
3874
3875 b4 += b9;
3876 b9 = rol64(b9, 41) ^ b4;
3877
3878 b14 += b1;
3879 b1 = rol64(b1, 47) ^ b14;
3880
3881 b8 += b5;
3882 b5 = rol64(b5, 28) ^ b8;
3883
3884 b10 += b3;
3885 b3 = rol64(b3, 16) ^ b10;
3886
3887 b12 += b7;
3888 b7 = rol64(b7, 25) ^ b12;
3889
3890 b1 += k6;
3891 b0 += b1 + k5;
3892 b1 = rol64(b1, 41) ^ b0;
3893
3894 b3 += k8;
3895 b2 += b3 + k7;
3896 b3 = rol64(b3, 9) ^ b2;
3897
3898 b5 += k10;
3899 b4 += b5 + k9;
3900 b5 = rol64(b5, 37) ^ b4;
3901
3902 b7 += k12;
3903 b6 += b7 + k11;
3904 b7 = rol64(b7, 31) ^ b6;
3905
3906 b9 += k14;
3907 b8 += b9 + k13;
3908 b9 = rol64(b9, 12) ^ b8;
3909
3910 b11 += k16;
3911 b10 += b11 + k15;
3912 b11 = rol64(b11, 47) ^ b10;
3913
3914 b13 += k1 + t2;
3915 b12 += b13 + k0;
3916 b13 = rol64(b13, 44) ^ b12;
3917
3918 b15 += k3 + 5;
3919 b14 += b15 + k2 + t0;
3920 b15 = rol64(b15, 30) ^ b14;
3921
3922 b0 += b9;
3923 b9 = rol64(b9, 16) ^ b0;
3924
3925 b2 += b13;
3926 b13 = rol64(b13, 34) ^ b2;
3927
3928 b6 += b11;
3929 b11 = rol64(b11, 56) ^ b6;
3930
3931 b4 += b15;
3932 b15 = rol64(b15, 51) ^ b4;
3933
3934 b10 += b7;
3935 b7 = rol64(b7, 4) ^ b10;
3936
3937 b12 += b3;
3938 b3 = rol64(b3, 53) ^ b12;
3939
3940 b14 += b5;
3941 b5 = rol64(b5, 42) ^ b14;
3942
3943 b8 += b1;
3944 b1 = rol64(b1, 41) ^ b8;
3945
3946 b0 += b7;
3947 b7 = rol64(b7, 31) ^ b0;
3948
3949 b2 += b5;
3950 b5 = rol64(b5, 44) ^ b2;
3951
3952 b4 += b3;
3953 b3 = rol64(b3, 47) ^ b4;
3954
3955 b6 += b1;
3956 b1 = rol64(b1, 46) ^ b6;
3957
3958 b12 += b15;
3959 b15 = rol64(b15, 19) ^ b12;
3960
3961 b14 += b13;
3962 b13 = rol64(b13, 42) ^ b14;
3963
3964 b8 += b11;
3965 b11 = rol64(b11, 44) ^ b8;
3966
3967 b10 += b9;
3968 b9 = rol64(b9, 25) ^ b10;
3969
3970 b0 += b15;
3971 b15 = rol64(b15, 9) ^ b0;
3972
3973 b2 += b11;
3974 b11 = rol64(b11, 48) ^ b2;
3975
3976 b6 += b13;
3977 b13 = rol64(b13, 35) ^ b6;
3978
3979 b4 += b9;
3980 b9 = rol64(b9, 52) ^ b4;
3981
3982 b14 += b1;
3983 b1 = rol64(b1, 23) ^ b14;
3984
3985 b8 += b5;
3986 b5 = rol64(b5, 31) ^ b8;
3987
3988 b10 += b3;
3989 b3 = rol64(b3, 37) ^ b10;
3990
3991 b12 += b7;
3992 b7 = rol64(b7, 20) ^ b12;
3993
3994 b1 += k7;
3995 b0 += b1 + k6;
3996 b1 = rol64(b1, 24) ^ b0;
3997
3998 b3 += k9;
3999 b2 += b3 + k8;
4000 b3 = rol64(b3, 13) ^ b2;
4001
4002 b5 += k11;
4003 b4 += b5 + k10;
4004 b5 = rol64(b5, 8) ^ b4;
4005
4006 b7 += k13;
4007 b6 += b7 + k12;
4008 b7 = rol64(b7, 47) ^ b6;
4009
4010 b9 += k15;
4011 b8 += b9 + k14;
4012 b9 = rol64(b9, 8) ^ b8;
4013
4014 b11 += k0;
4015 b10 += b11 + k16;
4016 b11 = rol64(b11, 17) ^ b10;
4017
4018 b13 += k2 + t0;
4019 b12 += b13 + k1;
4020 b13 = rol64(b13, 22) ^ b12;
4021
4022 b15 += k4 + 6;
4023 b14 += b15 + k3 + t1;
4024 b15 = rol64(b15, 37) ^ b14;
4025
4026 b0 += b9;
4027 b9 = rol64(b9, 38) ^ b0;
4028
4029 b2 += b13;
4030 b13 = rol64(b13, 19) ^ b2;
4031
4032 b6 += b11;
4033 b11 = rol64(b11, 10) ^ b6;
4034
4035 b4 += b15;
4036 b15 = rol64(b15, 55) ^ b4;
4037
4038 b10 += b7;
4039 b7 = rol64(b7, 49) ^ b10;
4040
4041 b12 += b3;
4042 b3 = rol64(b3, 18) ^ b12;
4043
4044 b14 += b5;
4045 b5 = rol64(b5, 23) ^ b14;
4046
4047 b8 += b1;
4048 b1 = rol64(b1, 52) ^ b8;
4049
4050 b0 += b7;
4051 b7 = rol64(b7, 33) ^ b0;
4052
4053 b2 += b5;
4054 b5 = rol64(b5, 4) ^ b2;
4055
4056 b4 += b3;
4057 b3 = rol64(b3, 51) ^ b4;
4058
4059 b6 += b1;
4060 b1 = rol64(b1, 13) ^ b6;
4061
4062 b12 += b15;
4063 b15 = rol64(b15, 34) ^ b12;
4064
4065 b14 += b13;
4066 b13 = rol64(b13, 41) ^ b14;
4067
4068 b8 += b11;
4069 b11 = rol64(b11, 59) ^ b8;
4070
4071 b10 += b9;
4072 b9 = rol64(b9, 17) ^ b10;
4073
4074 b0 += b15;
4075 b15 = rol64(b15, 5) ^ b0;
4076
4077 b2 += b11;
4078 b11 = rol64(b11, 20) ^ b2;
4079
4080 b6 += b13;
4081 b13 = rol64(b13, 48) ^ b6;
4082
4083 b4 += b9;
4084 b9 = rol64(b9, 41) ^ b4;
4085
4086 b14 += b1;
4087 b1 = rol64(b1, 47) ^ b14;
4088
4089 b8 += b5;
4090 b5 = rol64(b5, 28) ^ b8;
4091
4092 b10 += b3;
4093 b3 = rol64(b3, 16) ^ b10;
4094
4095 b12 += b7;
4096 b7 = rol64(b7, 25) ^ b12;
4097
4098 b1 += k8;
4099 b0 += b1 + k7;
4100 b1 = rol64(b1, 41) ^ b0;
4101
4102 b3 += k10;
4103 b2 += b3 + k9;
4104 b3 = rol64(b3, 9) ^ b2;
4105
4106 b5 += k12;
4107 b4 += b5 + k11;
4108 b5 = rol64(b5, 37) ^ b4;
4109
4110 b7 += k14;
4111 b6 += b7 + k13;
4112 b7 = rol64(b7, 31) ^ b6;
4113
4114 b9 += k16;
4115 b8 += b9 + k15;
4116 b9 = rol64(b9, 12) ^ b8;
4117
4118 b11 += k1;
4119 b10 += b11 + k0;
4120 b11 = rol64(b11, 47) ^ b10;
4121
4122 b13 += k3 + t1;
4123 b12 += b13 + k2;
4124 b13 = rol64(b13, 44) ^ b12;
4125
4126 b15 += k5 + 7;
4127 b14 += b15 + k4 + t2;
4128 b15 = rol64(b15, 30) ^ b14;
4129
4130 b0 += b9;
4131 b9 = rol64(b9, 16) ^ b0;
4132
4133 b2 += b13;
4134 b13 = rol64(b13, 34) ^ b2;
4135
4136 b6 += b11;
4137 b11 = rol64(b11, 56) ^ b6;
4138
4139 b4 += b15;
4140 b15 = rol64(b15, 51) ^ b4;
4141
4142 b10 += b7;
4143 b7 = rol64(b7, 4) ^ b10;
4144
4145 b12 += b3;
4146 b3 = rol64(b3, 53) ^ b12;
4147
4148 b14 += b5;
4149 b5 = rol64(b5, 42) ^ b14;
4150
4151 b8 += b1;
4152 b1 = rol64(b1, 41) ^ b8;
4153
4154 b0 += b7;
4155 b7 = rol64(b7, 31) ^ b0;
4156
4157 b2 += b5;
4158 b5 = rol64(b5, 44) ^ b2;
4159
4160 b4 += b3;
4161 b3 = rol64(b3, 47) ^ b4;
4162
4163 b6 += b1;
4164 b1 = rol64(b1, 46) ^ b6;
4165
4166 b12 += b15;
4167 b15 = rol64(b15, 19) ^ b12;
4168
4169 b14 += b13;
4170 b13 = rol64(b13, 42) ^ b14;
4171
4172 b8 += b11;
4173 b11 = rol64(b11, 44) ^ b8;
4174
4175 b10 += b9;
4176 b9 = rol64(b9, 25) ^ b10;
4177
4178 b0 += b15;
4179 b15 = rol64(b15, 9) ^ b0;
4180
4181 b2 += b11;
4182 b11 = rol64(b11, 48) ^ b2;
4183
4184 b6 += b13;
4185 b13 = rol64(b13, 35) ^ b6;
4186
4187 b4 += b9;
4188 b9 = rol64(b9, 52) ^ b4;
4189
4190 b14 += b1;
4191 b1 = rol64(b1, 23) ^ b14;
4192
4193 b8 += b5;
4194 b5 = rol64(b5, 31) ^ b8;
4195
4196 b10 += b3;
4197 b3 = rol64(b3, 37) ^ b10;
4198
4199 b12 += b7;
4200 b7 = rol64(b7, 20) ^ b12;
4201
4202 b1 += k9;
4203 b0 += b1 + k8;
4204 b1 = rol64(b1, 24) ^ b0;
4205
4206 b3 += k11;
4207 b2 += b3 + k10;
4208 b3 = rol64(b3, 13) ^ b2;
4209
4210 b5 += k13;
4211 b4 += b5 + k12;
4212 b5 = rol64(b5, 8) ^ b4;
4213
4214 b7 += k15;
4215 b6 += b7 + k14;
4216 b7 = rol64(b7, 47) ^ b6;
4217
4218 b9 += k0;
4219 b8 += b9 + k16;
4220 b9 = rol64(b9, 8) ^ b8;
4221
4222 b11 += k2;
4223 b10 += b11 + k1;
4224 b11 = rol64(b11, 17) ^ b10;
4225
4226 b13 += k4 + t2;
4227 b12 += b13 + k3;
4228 b13 = rol64(b13, 22) ^ b12;
4229
4230 b15 += k6 + 8;
4231 b14 += b15 + k5 + t0;
4232 b15 = rol64(b15, 37) ^ b14;
4233
4234 b0 += b9;
4235 b9 = rol64(b9, 38) ^ b0;
4236
4237 b2 += b13;
4238 b13 = rol64(b13, 19) ^ b2;
4239
4240 b6 += b11;
4241 b11 = rol64(b11, 10) ^ b6;
4242
4243 b4 += b15;
4244 b15 = rol64(b15, 55) ^ b4;
4245
4246 b10 += b7;
4247 b7 = rol64(b7, 49) ^ b10;
4248
4249 b12 += b3;
4250 b3 = rol64(b3, 18) ^ b12;
4251
4252 b14 += b5;
4253 b5 = rol64(b5, 23) ^ b14;
4254
4255 b8 += b1;
4256 b1 = rol64(b1, 52) ^ b8;
4257
4258 b0 += b7;
4259 b7 = rol64(b7, 33) ^ b0;
4260
4261 b2 += b5;
4262 b5 = rol64(b5, 4) ^ b2;
4263
4264 b4 += b3;
4265 b3 = rol64(b3, 51) ^ b4;
4266
4267 b6 += b1;
4268 b1 = rol64(b1, 13) ^ b6;
4269
4270 b12 += b15;
4271 b15 = rol64(b15, 34) ^ b12;
4272
4273 b14 += b13;
4274 b13 = rol64(b13, 41) ^ b14;
4275
4276 b8 += b11;
4277 b11 = rol64(b11, 59) ^ b8;
4278
4279 b10 += b9;
4280 b9 = rol64(b9, 17) ^ b10;
4281
4282 b0 += b15;
4283 b15 = rol64(b15, 5) ^ b0;
4284
4285 b2 += b11;
4286 b11 = rol64(b11, 20) ^ b2;
4287
4288 b6 += b13;
4289 b13 = rol64(b13, 48) ^ b6;
4290
4291 b4 += b9;
4292 b9 = rol64(b9, 41) ^ b4;
4293
4294 b14 += b1;
4295 b1 = rol64(b1, 47) ^ b14;
4296
4297 b8 += b5;
4298 b5 = rol64(b5, 28) ^ b8;
4299
4300 b10 += b3;
4301 b3 = rol64(b3, 16) ^ b10;
4302
4303 b12 += b7;
4304 b7 = rol64(b7, 25) ^ b12;
4305
4306 b1 += k10;
4307 b0 += b1 + k9;
4308 b1 = rol64(b1, 41) ^ b0;
4309
4310 b3 += k12;
4311 b2 += b3 + k11;
4312 b3 = rol64(b3, 9) ^ b2;
4313
4314 b5 += k14;
4315 b4 += b5 + k13;
4316 b5 = rol64(b5, 37) ^ b4;
4317
4318 b7 += k16;
4319 b6 += b7 + k15;
4320 b7 = rol64(b7, 31) ^ b6;
4321
4322 b9 += k1;
4323 b8 += b9 + k0;
4324 b9 = rol64(b9, 12) ^ b8;
4325
4326 b11 += k3;
4327 b10 += b11 + k2;
4328 b11 = rol64(b11, 47) ^ b10;
4329
4330 b13 += k5 + t0;
4331 b12 += b13 + k4;
4332 b13 = rol64(b13, 44) ^ b12;
4333
4334 b15 += k7 + 9;
4335 b14 += b15 + k6 + t1;
4336 b15 = rol64(b15, 30) ^ b14;
4337
4338 b0 += b9;
4339 b9 = rol64(b9, 16) ^ b0;
4340
4341 b2 += b13;
4342 b13 = rol64(b13, 34) ^ b2;
4343
4344 b6 += b11;
4345 b11 = rol64(b11, 56) ^ b6;
4346
4347 b4 += b15;
4348 b15 = rol64(b15, 51) ^ b4;
4349
4350 b10 += b7;
4351 b7 = rol64(b7, 4) ^ b10;
4352
4353 b12 += b3;
4354 b3 = rol64(b3, 53) ^ b12;
4355
4356 b14 += b5;
4357 b5 = rol64(b5, 42) ^ b14;
4358
4359 b8 += b1;
4360 b1 = rol64(b1, 41) ^ b8;
4361
4362 b0 += b7;
4363 b7 = rol64(b7, 31) ^ b0;
4364
4365 b2 += b5;
4366 b5 = rol64(b5, 44) ^ b2;
4367
4368 b4 += b3;
4369 b3 = rol64(b3, 47) ^ b4;
4370
4371 b6 += b1;
4372 b1 = rol64(b1, 46) ^ b6;
4373
4374 b12 += b15;
4375 b15 = rol64(b15, 19) ^ b12;
4376
4377 b14 += b13;
4378 b13 = rol64(b13, 42) ^ b14;
4379
4380 b8 += b11;
4381 b11 = rol64(b11, 44) ^ b8;
4382
4383 b10 += b9;
4384 b9 = rol64(b9, 25) ^ b10;
4385
4386 b0 += b15;
4387 b15 = rol64(b15, 9) ^ b0;
4388
4389 b2 += b11;
4390 b11 = rol64(b11, 48) ^ b2;
4391
4392 b6 += b13;
4393 b13 = rol64(b13, 35) ^ b6;
4394
4395 b4 += b9;
4396 b9 = rol64(b9, 52) ^ b4;
4397
4398 b14 += b1;
4399 b1 = rol64(b1, 23) ^ b14;
4400
4401 b8 += b5;
4402 b5 = rol64(b5, 31) ^ b8;
4403
4404 b10 += b3;
4405 b3 = rol64(b3, 37) ^ b10;
4406
4407 b12 += b7;
4408 b7 = rol64(b7, 20) ^ b12;
4409
4410 b1 += k11;
4411 b0 += b1 + k10;
4412 b1 = rol64(b1, 24) ^ b0;
4413
4414 b3 += k13;
4415 b2 += b3 + k12;
4416 b3 = rol64(b3, 13) ^ b2;
4417
4418 b5 += k15;
4419 b4 += b5 + k14;
4420 b5 = rol64(b5, 8) ^ b4;
4421
4422 b7 += k0;
4423 b6 += b7 + k16;
4424 b7 = rol64(b7, 47) ^ b6;
4425
4426 b9 += k2;
4427 b8 += b9 + k1;
4428 b9 = rol64(b9, 8) ^ b8;
4429
4430 b11 += k4;
4431 b10 += b11 + k3;
4432 b11 = rol64(b11, 17) ^ b10;
4433
4434 b13 += k6 + t1;
4435 b12 += b13 + k5;
4436 b13 = rol64(b13, 22) ^ b12;
4437
4438 b15 += k8 + 10;
4439 b14 += b15 + k7 + t2;
4440 b15 = rol64(b15, 37) ^ b14;
4441
4442 b0 += b9;
4443 b9 = rol64(b9, 38) ^ b0;
4444
4445 b2 += b13;
4446 b13 = rol64(b13, 19) ^ b2;
4447
4448 b6 += b11;
4449 b11 = rol64(b11, 10) ^ b6;
4450
4451 b4 += b15;
4452 b15 = rol64(b15, 55) ^ b4;
4453
4454 b10 += b7;
4455 b7 = rol64(b7, 49) ^ b10;
4456
4457 b12 += b3;
4458 b3 = rol64(b3, 18) ^ b12;
4459
4460 b14 += b5;
4461 b5 = rol64(b5, 23) ^ b14;
4462
4463 b8 += b1;
4464 b1 = rol64(b1, 52) ^ b8;
4465
4466 b0 += b7;
4467 b7 = rol64(b7, 33) ^ b0;
4468
4469 b2 += b5;
4470 b5 = rol64(b5, 4) ^ b2;
4471
4472 b4 += b3;
4473 b3 = rol64(b3, 51) ^ b4;
4474
4475 b6 += b1;
4476 b1 = rol64(b1, 13) ^ b6;
4477
4478 b12 += b15;
4479 b15 = rol64(b15, 34) ^ b12;
4480
4481 b14 += b13;
4482 b13 = rol64(b13, 41) ^ b14;
4483
4484 b8 += b11;
4485 b11 = rol64(b11, 59) ^ b8;
4486
4487 b10 += b9;
4488 b9 = rol64(b9, 17) ^ b10;
4489
4490 b0 += b15;
4491 b15 = rol64(b15, 5) ^ b0;
4492
4493 b2 += b11;
4494 b11 = rol64(b11, 20) ^ b2;
4495
4496 b6 += b13;
4497 b13 = rol64(b13, 48) ^ b6;
4498
4499 b4 += b9;
4500 b9 = rol64(b9, 41) ^ b4;
4501
4502 b14 += b1;
4503 b1 = rol64(b1, 47) ^ b14;
4504
4505 b8 += b5;
4506 b5 = rol64(b5, 28) ^ b8;
4507
4508 b10 += b3;
4509 b3 = rol64(b3, 16) ^ b10;
4510
4511 b12 += b7;
4512 b7 = rol64(b7, 25) ^ b12;
4513
4514 b1 += k12;
4515 b0 += b1 + k11;
4516 b1 = rol64(b1, 41) ^ b0;
4517
4518 b3 += k14;
4519 b2 += b3 + k13;
4520 b3 = rol64(b3, 9) ^ b2;
4521
4522 b5 += k16;
4523 b4 += b5 + k15;
4524 b5 = rol64(b5, 37) ^ b4;
4525
4526 b7 += k1;
4527 b6 += b7 + k0;
4528 b7 = rol64(b7, 31) ^ b6;
4529
4530 b9 += k3;
4531 b8 += b9 + k2;
4532 b9 = rol64(b9, 12) ^ b8;
4533
4534 b11 += k5;
4535 b10 += b11 + k4;
4536 b11 = rol64(b11, 47) ^ b10;
4537
4538 b13 += k7 + t2;
4539 b12 += b13 + k6;
4540 b13 = rol64(b13, 44) ^ b12;
4541
4542 b15 += k9 + 11;
4543 b14 += b15 + k8 + t0;
4544 b15 = rol64(b15, 30) ^ b14;
4545
4546 b0 += b9;
4547 b9 = rol64(b9, 16) ^ b0;
4548
4549 b2 += b13;
4550 b13 = rol64(b13, 34) ^ b2;
4551
4552 b6 += b11;
4553 b11 = rol64(b11, 56) ^ b6;
4554
4555 b4 += b15;
4556 b15 = rol64(b15, 51) ^ b4;
4557
4558 b10 += b7;
4559 b7 = rol64(b7, 4) ^ b10;
4560
4561 b12 += b3;
4562 b3 = rol64(b3, 53) ^ b12;
4563
4564 b14 += b5;
4565 b5 = rol64(b5, 42) ^ b14;
4566
4567 b8 += b1;
4568 b1 = rol64(b1, 41) ^ b8;
4569
4570 b0 += b7;
4571 b7 = rol64(b7, 31) ^ b0;
4572
4573 b2 += b5;
4574 b5 = rol64(b5, 44) ^ b2;
4575
4576 b4 += b3;
4577 b3 = rol64(b3, 47) ^ b4;
4578
4579 b6 += b1;
4580 b1 = rol64(b1, 46) ^ b6;
4581
4582 b12 += b15;
4583 b15 = rol64(b15, 19) ^ b12;
4584
4585 b14 += b13;
4586 b13 = rol64(b13, 42) ^ b14;
4587
4588 b8 += b11;
4589 b11 = rol64(b11, 44) ^ b8;
4590
4591 b10 += b9;
4592 b9 = rol64(b9, 25) ^ b10;
4593
4594 b0 += b15;
4595 b15 = rol64(b15, 9) ^ b0;
4596
4597 b2 += b11;
4598 b11 = rol64(b11, 48) ^ b2;
4599
4600 b6 += b13;
4601 b13 = rol64(b13, 35) ^ b6;
4602
4603 b4 += b9;
4604 b9 = rol64(b9, 52) ^ b4;
4605
4606 b14 += b1;
4607 b1 = rol64(b1, 23) ^ b14;
4608
4609 b8 += b5;
4610 b5 = rol64(b5, 31) ^ b8;
4611
4612 b10 += b3;
4613 b3 = rol64(b3, 37) ^ b10;
4614
4615 b12 += b7;
4616 b7 = rol64(b7, 20) ^ b12;
4617
4618 b1 += k13;
4619 b0 += b1 + k12;
4620 b1 = rol64(b1, 24) ^ b0;
4621
4622 b3 += k15;
4623 b2 += b3 + k14;
4624 b3 = rol64(b3, 13) ^ b2;
4625
4626 b5 += k0;
4627 b4 += b5 + k16;
4628 b5 = rol64(b5, 8) ^ b4;
4629
4630 b7 += k2;
4631 b6 += b7 + k1;
4632 b7 = rol64(b7, 47) ^ b6;
4633
4634 b9 += k4;
4635 b8 += b9 + k3;
4636 b9 = rol64(b9, 8) ^ b8;
4637
4638 b11 += k6;
4639 b10 += b11 + k5;
4640 b11 = rol64(b11, 17) ^ b10;
4641
4642 b13 += k8 + t0;
4643 b12 += b13 + k7;
4644 b13 = rol64(b13, 22) ^ b12;
4645
4646 b15 += k10 + 12;
4647 b14 += b15 + k9 + t1;
4648 b15 = rol64(b15, 37) ^ b14;
4649
4650 b0 += b9;
4651 b9 = rol64(b9, 38) ^ b0;
4652
4653 b2 += b13;
4654 b13 = rol64(b13, 19) ^ b2;
4655
4656 b6 += b11;
4657 b11 = rol64(b11, 10) ^ b6;
4658
4659 b4 += b15;
4660 b15 = rol64(b15, 55) ^ b4;
4661
4662 b10 += b7;
4663 b7 = rol64(b7, 49) ^ b10;
4664
4665 b12 += b3;
4666 b3 = rol64(b3, 18) ^ b12;
4667
4668 b14 += b5;
4669 b5 = rol64(b5, 23) ^ b14;
4670
4671 b8 += b1;
4672 b1 = rol64(b1, 52) ^ b8;
4673
4674 b0 += b7;
4675 b7 = rol64(b7, 33) ^ b0;
4676
4677 b2 += b5;
4678 b5 = rol64(b5, 4) ^ b2;
4679
4680 b4 += b3;
4681 b3 = rol64(b3, 51) ^ b4;
4682
4683 b6 += b1;
4684 b1 = rol64(b1, 13) ^ b6;
4685
4686 b12 += b15;
4687 b15 = rol64(b15, 34) ^ b12;
4688
4689 b14 += b13;
4690 b13 = rol64(b13, 41) ^ b14;
4691
4692 b8 += b11;
4693 b11 = rol64(b11, 59) ^ b8;
4694
4695 b10 += b9;
4696 b9 = rol64(b9, 17) ^ b10;
4697
4698 b0 += b15;
4699 b15 = rol64(b15, 5) ^ b0;
4700
4701 b2 += b11;
4702 b11 = rol64(b11, 20) ^ b2;
4703
4704 b6 += b13;
4705 b13 = rol64(b13, 48) ^ b6;
4706
4707 b4 += b9;
4708 b9 = rol64(b9, 41) ^ b4;
4709
4710 b14 += b1;
4711 b1 = rol64(b1, 47) ^ b14;
4712
4713 b8 += b5;
4714 b5 = rol64(b5, 28) ^ b8;
4715
4716 b10 += b3;
4717 b3 = rol64(b3, 16) ^ b10;
4718
4719 b12 += b7;
4720 b7 = rol64(b7, 25) ^ b12;
4721
4722 b1 += k14;
4723 b0 += b1 + k13;
4724 b1 = rol64(b1, 41) ^ b0;
4725
4726 b3 += k16;
4727 b2 += b3 + k15;
4728 b3 = rol64(b3, 9) ^ b2;
4729
4730 b5 += k1;
4731 b4 += b5 + k0;
4732 b5 = rol64(b5, 37) ^ b4;
4733
4734 b7 += k3;
4735 b6 += b7 + k2;
4736 b7 = rol64(b7, 31) ^ b6;
4737
4738 b9 += k5;
4739 b8 += b9 + k4;
4740 b9 = rol64(b9, 12) ^ b8;
4741
4742 b11 += k7;
4743 b10 += b11 + k6;
4744 b11 = rol64(b11, 47) ^ b10;
4745
4746 b13 += k9 + t1;
4747 b12 += b13 + k8;
4748 b13 = rol64(b13, 44) ^ b12;
4749
4750 b15 += k11 + 13;
4751 b14 += b15 + k10 + t2;
4752 b15 = rol64(b15, 30) ^ b14;
4753
4754 b0 += b9;
4755 b9 = rol64(b9, 16) ^ b0;
4756
4757 b2 += b13;
4758 b13 = rol64(b13, 34) ^ b2;
4759
4760 b6 += b11;
4761 b11 = rol64(b11, 56) ^ b6;
4762
4763 b4 += b15;
4764 b15 = rol64(b15, 51) ^ b4;
4765
4766 b10 += b7;
4767 b7 = rol64(b7, 4) ^ b10;
4768
4769 b12 += b3;
4770 b3 = rol64(b3, 53) ^ b12;
4771
4772 b14 += b5;
4773 b5 = rol64(b5, 42) ^ b14;
4774
4775 b8 += b1;
4776 b1 = rol64(b1, 41) ^ b8;
4777
4778 b0 += b7;
4779 b7 = rol64(b7, 31) ^ b0;
4780
4781 b2 += b5;
4782 b5 = rol64(b5, 44) ^ b2;
4783
4784 b4 += b3;
4785 b3 = rol64(b3, 47) ^ b4;
4786
4787 b6 += b1;
4788 b1 = rol64(b1, 46) ^ b6;
4789
4790 b12 += b15;
4791 b15 = rol64(b15, 19) ^ b12;
4792
4793 b14 += b13;
4794 b13 = rol64(b13, 42) ^ b14;
4795
4796 b8 += b11;
4797 b11 = rol64(b11, 44) ^ b8;
4798
4799 b10 += b9;
4800 b9 = rol64(b9, 25) ^ b10;
4801
4802 b0 += b15;
4803 b15 = rol64(b15, 9) ^ b0;
4804
4805 b2 += b11;
4806 b11 = rol64(b11, 48) ^ b2;
4807
4808 b6 += b13;
4809 b13 = rol64(b13, 35) ^ b6;
4810
4811 b4 += b9;
4812 b9 = rol64(b9, 52) ^ b4;
4813
4814 b14 += b1;
4815 b1 = rol64(b1, 23) ^ b14;
4816
4817 b8 += b5;
4818 b5 = rol64(b5, 31) ^ b8;
4819
4820 b10 += b3;
4821 b3 = rol64(b3, 37) ^ b10;
4822
4823 b12 += b7;
4824 b7 = rol64(b7, 20) ^ b12;
4825
4826 b1 += k15;
4827 b0 += b1 + k14;
4828 b1 = rol64(b1, 24) ^ b0;
4829
4830 b3 += k0;
4831 b2 += b3 + k16;
4832 b3 = rol64(b3, 13) ^ b2;
4833
4834 b5 += k2;
4835 b4 += b5 + k1;
4836 b5 = rol64(b5, 8) ^ b4;
4837
4838 b7 += k4;
4839 b6 += b7 + k3;
4840 b7 = rol64(b7, 47) ^ b6;
4841
4842 b9 += k6;
4843 b8 += b9 + k5;
4844 b9 = rol64(b9, 8) ^ b8;
4845
4846 b11 += k8;
4847 b10 += b11 + k7;
4848 b11 = rol64(b11, 17) ^ b10;
4849
4850 b13 += k10 + t2;
4851 b12 += b13 + k9;
4852 b13 = rol64(b13, 22) ^ b12;
4853
4854 b15 += k12 + 14;
4855 b14 += b15 + k11 + t0;
4856 b15 = rol64(b15, 37) ^ b14;
4857
4858 b0 += b9;
4859 b9 = rol64(b9, 38) ^ b0;
4860
4861 b2 += b13;
4862 b13 = rol64(b13, 19) ^ b2;
4863
4864 b6 += b11;
4865 b11 = rol64(b11, 10) ^ b6;
4866
4867 b4 += b15;
4868 b15 = rol64(b15, 55) ^ b4;
4869
4870 b10 += b7;
4871 b7 = rol64(b7, 49) ^ b10;
4872
4873 b12 += b3;
4874 b3 = rol64(b3, 18) ^ b12;
4875
4876 b14 += b5;
4877 b5 = rol64(b5, 23) ^ b14;
4878
4879 b8 += b1;
4880 b1 = rol64(b1, 52) ^ b8;
4881
4882 b0 += b7;
4883 b7 = rol64(b7, 33) ^ b0;
4884
4885 b2 += b5;
4886 b5 = rol64(b5, 4) ^ b2;
4887
4888 b4 += b3;
4889 b3 = rol64(b3, 51) ^ b4;
4890
4891 b6 += b1;
4892 b1 = rol64(b1, 13) ^ b6;
4893
4894 b12 += b15;
4895 b15 = rol64(b15, 34) ^ b12;
4896
4897 b14 += b13;
4898 b13 = rol64(b13, 41) ^ b14;
4899
4900 b8 += b11;
4901 b11 = rol64(b11, 59) ^ b8;
4902
4903 b10 += b9;
4904 b9 = rol64(b9, 17) ^ b10;
4905
4906 b0 += b15;
4907 b15 = rol64(b15, 5) ^ b0;
4908
4909 b2 += b11;
4910 b11 = rol64(b11, 20) ^ b2;
4911
4912 b6 += b13;
4913 b13 = rol64(b13, 48) ^ b6;
4914
4915 b4 += b9;
4916 b9 = rol64(b9, 41) ^ b4;
4917
4918 b14 += b1;
4919 b1 = rol64(b1, 47) ^ b14;
4920
4921 b8 += b5;
4922 b5 = rol64(b5, 28) ^ b8;
4923
4924 b10 += b3;
4925 b3 = rol64(b3, 16) ^ b10;
4926
4927 b12 += b7;
4928 b7 = rol64(b7, 25) ^ b12;
4929
4930 b1 += k16;
4931 b0 += b1 + k15;
4932 b1 = rol64(b1, 41) ^ b0;
4933
4934 b3 += k1;
4935 b2 += b3 + k0;
4936 b3 = rol64(b3, 9) ^ b2;
4937
4938 b5 += k3;
4939 b4 += b5 + k2;
4940 b5 = rol64(b5, 37) ^ b4;
4941
4942 b7 += k5;
4943 b6 += b7 + k4;
4944 b7 = rol64(b7, 31) ^ b6;
4945
4946 b9 += k7;
4947 b8 += b9 + k6;
4948 b9 = rol64(b9, 12) ^ b8;
4949
4950 b11 += k9;
4951 b10 += b11 + k8;
4952 b11 = rol64(b11, 47) ^ b10;
4953
4954 b13 += k11 + t0;
4955 b12 += b13 + k10;
4956 b13 = rol64(b13, 44) ^ b12;
4957
4958 b15 += k13 + 15;
4959 b14 += b15 + k12 + t1;
4960 b15 = rol64(b15, 30) ^ b14;
4961
4962 b0 += b9;
4963 b9 = rol64(b9, 16) ^ b0;
4964
4965 b2 += b13;
4966 b13 = rol64(b13, 34) ^ b2;
4967
4968 b6 += b11;
4969 b11 = rol64(b11, 56) ^ b6;
4970
4971 b4 += b15;
4972 b15 = rol64(b15, 51) ^ b4;
4973
4974 b10 += b7;
4975 b7 = rol64(b7, 4) ^ b10;
4976
4977 b12 += b3;
4978 b3 = rol64(b3, 53) ^ b12;
4979
4980 b14 += b5;
4981 b5 = rol64(b5, 42) ^ b14;
4982
4983 b8 += b1;
4984 b1 = rol64(b1, 41) ^ b8;
4985
4986 b0 += b7;
4987 b7 = rol64(b7, 31) ^ b0;
4988
4989 b2 += b5;
4990 b5 = rol64(b5, 44) ^ b2;
4991
4992 b4 += b3;
4993 b3 = rol64(b3, 47) ^ b4;
4994
4995 b6 += b1;
4996 b1 = rol64(b1, 46) ^ b6;
4997
4998 b12 += b15;
4999 b15 = rol64(b15, 19) ^ b12;
5000
5001 b14 += b13;
5002 b13 = rol64(b13, 42) ^ b14;
5003
5004 b8 += b11;
5005 b11 = rol64(b11, 44) ^ b8;
5006
5007 b10 += b9;
5008 b9 = rol64(b9, 25) ^ b10;
5009
5010 b0 += b15;
5011 b15 = rol64(b15, 9) ^ b0;
5012
5013 b2 += b11;
5014 b11 = rol64(b11, 48) ^ b2;
5015
5016 b6 += b13;
5017 b13 = rol64(b13, 35) ^ b6;
5018
5019 b4 += b9;
5020 b9 = rol64(b9, 52) ^ b4;
5021
5022 b14 += b1;
5023 b1 = rol64(b1, 23) ^ b14;
5024
5025 b8 += b5;
5026 b5 = rol64(b5, 31) ^ b8;
5027
5028 b10 += b3;
5029 b3 = rol64(b3, 37) ^ b10;
5030
5031 b12 += b7;
5032 b7 = rol64(b7, 20) ^ b12;
5033
5034 b1 += k0;
5035 b0 += b1 + k16;
5036 b1 = rol64(b1, 24) ^ b0;
5037
5038 b3 += k2;
5039 b2 += b3 + k1;
5040 b3 = rol64(b3, 13) ^ b2;
5041
5042 b5 += k4;
5043 b4 += b5 + k3;
5044 b5 = rol64(b5, 8) ^ b4;
5045
5046 b7 += k6;
5047 b6 += b7 + k5;
5048 b7 = rol64(b7, 47) ^ b6;
5049
5050 b9 += k8;
5051 b8 += b9 + k7;
5052 b9 = rol64(b9, 8) ^ b8;
5053
5054 b11 += k10;
5055 b10 += b11 + k9;
5056 b11 = rol64(b11, 17) ^ b10;
5057
5058 b13 += k12 + t1;
5059 b12 += b13 + k11;
5060 b13 = rol64(b13, 22) ^ b12;
5061
5062 b15 += k14 + 16;
5063 b14 += b15 + k13 + t2;
5064 b15 = rol64(b15, 37) ^ b14;
5065
5066 b0 += b9;
5067 b9 = rol64(b9, 38) ^ b0;
5068
5069 b2 += b13;
5070 b13 = rol64(b13, 19) ^ b2;
5071
5072 b6 += b11;
5073 b11 = rol64(b11, 10) ^ b6;
5074
5075 b4 += b15;
5076 b15 = rol64(b15, 55) ^ b4;
5077
5078 b10 += b7;
5079 b7 = rol64(b7, 49) ^ b10;
5080
5081 b12 += b3;
5082 b3 = rol64(b3, 18) ^ b12;
5083
5084 b14 += b5;
5085 b5 = rol64(b5, 23) ^ b14;
5086
5087 b8 += b1;
5088 b1 = rol64(b1, 52) ^ b8;
5089
5090 b0 += b7;
5091 b7 = rol64(b7, 33) ^ b0;
5092
5093 b2 += b5;
5094 b5 = rol64(b5, 4) ^ b2;
5095
5096 b4 += b3;
5097 b3 = rol64(b3, 51) ^ b4;
5098
5099 b6 += b1;
5100 b1 = rol64(b1, 13) ^ b6;
5101
5102 b12 += b15;
5103 b15 = rol64(b15, 34) ^ b12;
5104
5105 b14 += b13;
5106 b13 = rol64(b13, 41) ^ b14;
5107
5108 b8 += b11;
5109 b11 = rol64(b11, 59) ^ b8;
5110
5111 b10 += b9;
5112 b9 = rol64(b9, 17) ^ b10;
5113
5114 b0 += b15;
5115 b15 = rol64(b15, 5) ^ b0;
5116
5117 b2 += b11;
5118 b11 = rol64(b11, 20) ^ b2;
5119
5120 b6 += b13;
5121 b13 = rol64(b13, 48) ^ b6;
5122
5123 b4 += b9;
5124 b9 = rol64(b9, 41) ^ b4;
5125
5126 b14 += b1;
5127 b1 = rol64(b1, 47) ^ b14;
5128
5129 b8 += b5;
5130 b5 = rol64(b5, 28) ^ b8;
5131
5132 b10 += b3;
5133 b3 = rol64(b3, 16) ^ b10;
5134
5135 b12 += b7;
5136 b7 = rol64(b7, 25) ^ b12;
5137
5138 b1 += k1;
5139 b0 += b1 + k0;
5140 b1 = rol64(b1, 41) ^ b0;
5141
5142 b3 += k3;
5143 b2 += b3 + k2;
5144 b3 = rol64(b3, 9) ^ b2;
5145
5146 b5 += k5;
5147 b4 += b5 + k4;
5148 b5 = rol64(b5, 37) ^ b4;
5149
5150 b7 += k7;
5151 b6 += b7 + k6;
5152 b7 = rol64(b7, 31) ^ b6;
5153
5154 b9 += k9;
5155 b8 += b9 + k8;
5156 b9 = rol64(b9, 12) ^ b8;
5157
5158 b11 += k11;
5159 b10 += b11 + k10;
5160 b11 = rol64(b11, 47) ^ b10;
5161
5162 b13 += k13 + t2;
5163 b12 += b13 + k12;
5164 b13 = rol64(b13, 44) ^ b12;
5165
5166 b15 += k15 + 17;
5167 b14 += b15 + k14 + t0;
5168 b15 = rol64(b15, 30) ^ b14;
5169
5170 b0 += b9;
5171 b9 = rol64(b9, 16) ^ b0;
5172
5173 b2 += b13;
5174 b13 = rol64(b13, 34) ^ b2;
5175
5176 b6 += b11;
5177 b11 = rol64(b11, 56) ^ b6;
5178
5179 b4 += b15;
5180 b15 = rol64(b15, 51) ^ b4;
5181
5182 b10 += b7;
5183 b7 = rol64(b7, 4) ^ b10;
5184
5185 b12 += b3;
5186 b3 = rol64(b3, 53) ^ b12;
5187
5188 b14 += b5;
5189 b5 = rol64(b5, 42) ^ b14;
5190
5191 b8 += b1;
5192 b1 = rol64(b1, 41) ^ b8;
5193
5194 b0 += b7;
5195 b7 = rol64(b7, 31) ^ b0;
5196
5197 b2 += b5;
5198 b5 = rol64(b5, 44) ^ b2;
5199
5200 b4 += b3;
5201 b3 = rol64(b3, 47) ^ b4;
5202
5203 b6 += b1;
5204 b1 = rol64(b1, 46) ^ b6;
5205
5206 b12 += b15;
5207 b15 = rol64(b15, 19) ^ b12;
5208
5209 b14 += b13;
5210 b13 = rol64(b13, 42) ^ b14;
5211
5212 b8 += b11;
5213 b11 = rol64(b11, 44) ^ b8;
5214
5215 b10 += b9;
5216 b9 = rol64(b9, 25) ^ b10;
5217
5218 b0 += b15;
5219 b15 = rol64(b15, 9) ^ b0;
5220
5221 b2 += b11;
5222 b11 = rol64(b11, 48) ^ b2;
5223
5224 b6 += b13;
5225 b13 = rol64(b13, 35) ^ b6;
5226
5227 b4 += b9;
5228 b9 = rol64(b9, 52) ^ b4;
5229
5230 b14 += b1;
5231 b1 = rol64(b1, 23) ^ b14;
5232
5233 b8 += b5;
5234 b5 = rol64(b5, 31) ^ b8;
5235
5236 b10 += b3;
5237 b3 = rol64(b3, 37) ^ b10;
5238
5239 b12 += b7;
5240 b7 = rol64(b7, 20) ^ b12;
5241
5242 b1 += k2;
5243 b0 += b1 + k1;
5244 b1 = rol64(b1, 24) ^ b0;
5245
5246 b3 += k4;
5247 b2 += b3 + k3;
5248 b3 = rol64(b3, 13) ^ b2;
5249
5250 b5 += k6;
5251 b4 += b5 + k5;
5252 b5 = rol64(b5, 8) ^ b4;
5253
5254 b7 += k8;
5255 b6 += b7 + k7;
5256 b7 = rol64(b7, 47) ^ b6;
5257
5258 b9 += k10;
5259 b8 += b9 + k9;
5260 b9 = rol64(b9, 8) ^ b8;
5261
5262 b11 += k12;
5263 b10 += b11 + k11;
5264 b11 = rol64(b11, 17) ^ b10;
5265
5266 b13 += k14 + t0;
5267 b12 += b13 + k13;
5268 b13 = rol64(b13, 22) ^ b12;
5269
5270 b15 += k16 + 18;
5271 b14 += b15 + k15 + t1;
5272 b15 = rol64(b15, 37) ^ b14;
5273
5274 b0 += b9;
5275 b9 = rol64(b9, 38) ^ b0;
5276
5277 b2 += b13;
5278 b13 = rol64(b13, 19) ^ b2;
5279
5280 b6 += b11;
5281 b11 = rol64(b11, 10) ^ b6;
5282
5283 b4 += b15;
5284 b15 = rol64(b15, 55) ^ b4;
5285
5286 b10 += b7;
5287 b7 = rol64(b7, 49) ^ b10;
5288
5289 b12 += b3;
5290 b3 = rol64(b3, 18) ^ b12;
5291
5292 b14 += b5;
5293 b5 = rol64(b5, 23) ^ b14;
5294
5295 b8 += b1;
5296 b1 = rol64(b1, 52) ^ b8;
5297
5298 b0 += b7;
5299 b7 = rol64(b7, 33) ^ b0;
5300
5301 b2 += b5;
5302 b5 = rol64(b5, 4) ^ b2;
5303
5304 b4 += b3;
5305 b3 = rol64(b3, 51) ^ b4;
5306
5307 b6 += b1;
5308 b1 = rol64(b1, 13) ^ b6;
5309
5310 b12 += b15;
5311 b15 = rol64(b15, 34) ^ b12;
5312
5313 b14 += b13;
5314 b13 = rol64(b13, 41) ^ b14;
5315
5316 b8 += b11;
5317 b11 = rol64(b11, 59) ^ b8;
5318
5319 b10 += b9;
5320 b9 = rol64(b9, 17) ^ b10;
5321
5322 b0 += b15;
5323 b15 = rol64(b15, 5) ^ b0;
5324
5325 b2 += b11;
5326 b11 = rol64(b11, 20) ^ b2;
5327
5328 b6 += b13;
5329 b13 = rol64(b13, 48) ^ b6;
5330
5331 b4 += b9;
5332 b9 = rol64(b9, 41) ^ b4;
5333
5334 b14 += b1;
5335 b1 = rol64(b1, 47) ^ b14;
5336
5337 b8 += b5;
5338 b5 = rol64(b5, 28) ^ b8;
5339
5340 b10 += b3;
5341 b3 = rol64(b3, 16) ^ b10;
5342
5343 b12 += b7;
5344 b7 = rol64(b7, 25) ^ b12;
5345
5346 b1 += k3;
5347 b0 += b1 + k2;
5348 b1 = rol64(b1, 41) ^ b0;
5349
5350 b3 += k5;
5351 b2 += b3 + k4;
5352 b3 = rol64(b3, 9) ^ b2;
5353
5354 b5 += k7;
5355 b4 += b5 + k6;
5356 b5 = rol64(b5, 37) ^ b4;
5357
5358 b7 += k9;
5359 b6 += b7 + k8;
5360 b7 = rol64(b7, 31) ^ b6;
5361
5362 b9 += k11;
5363 b8 += b9 + k10;
5364 b9 = rol64(b9, 12) ^ b8;
5365
5366 b11 += k13;
5367 b10 += b11 + k12;
5368 b11 = rol64(b11, 47) ^ b10;
5369
5370 b13 += k15 + t1;
5371 b12 += b13 + k14;
5372 b13 = rol64(b13, 44) ^ b12;
5373
5374 b15 += k0 + 19;
5375 b14 += b15 + k16 + t2;
5376 b15 = rol64(b15, 30) ^ b14;
5377
5378 b0 += b9;
5379 b9 = rol64(b9, 16) ^ b0;
5380
5381 b2 += b13;
5382 b13 = rol64(b13, 34) ^ b2;
5383
5384 b6 += b11;
5385 b11 = rol64(b11, 56) ^ b6;
5386
5387 b4 += b15;
5388 b15 = rol64(b15, 51) ^ b4;
5389
5390 b10 += b7;
5391 b7 = rol64(b7, 4) ^ b10;
5392
5393 b12 += b3;
5394 b3 = rol64(b3, 53) ^ b12;
5395
5396 b14 += b5;
5397 b5 = rol64(b5, 42) ^ b14;
5398
5399 b8 += b1;
5400 b1 = rol64(b1, 41) ^ b8;
5401
5402 b0 += b7;
5403 b7 = rol64(b7, 31) ^ b0;
5404
5405 b2 += b5;
5406 b5 = rol64(b5, 44) ^ b2;
5407
5408 b4 += b3;
5409 b3 = rol64(b3, 47) ^ b4;
5410
5411 b6 += b1;
5412 b1 = rol64(b1, 46) ^ b6;
5413
5414 b12 += b15;
5415 b15 = rol64(b15, 19) ^ b12;
5416
5417 b14 += b13;
5418 b13 = rol64(b13, 42) ^ b14;
5419
5420 b8 += b11;
5421 b11 = rol64(b11, 44) ^ b8;
5422
5423 b10 += b9;
5424 b9 = rol64(b9, 25) ^ b10;
5425
5426 b0 += b15;
5427 b15 = rol64(b15, 9) ^ b0;
5428
5429 b2 += b11;
5430 b11 = rol64(b11, 48) ^ b2;
5431
5432 b6 += b13;
5433 b13 = rol64(b13, 35) ^ b6;
5434
5435 b4 += b9;
5436 b9 = rol64(b9, 52) ^ b4;
5437
5438 b14 += b1;
5439 b1 = rol64(b1, 23) ^ b14;
5440
5441 b8 += b5;
5442 b5 = rol64(b5, 31) ^ b8;
5443
5444 b10 += b3;
5445 b3 = rol64(b3, 37) ^ b10;
5446
5447 b12 += b7;
5448 b7 = rol64(b7, 20) ^ b12;
5449
5450 output[0] = b0 + k3;
5451 output[1] = b1 + k4;
5452 output[2] = b2 + k5;
5453 output[3] = b3 + k6;
5454 output[4] = b4 + k7;
5455 output[5] = b5 + k8;
5456 output[6] = b6 + k9;
5457 output[7] = b7 + k10;
5458 output[8] = b8 + k11;
5459 output[9] = b9 + k12;
5460 output[10] = b10 + k13;
5461 output[11] = b11 + k14;
5462 output[12] = b12 + k15;
5463 output[13] = b13 + k16 + t2;
5464 output[14] = b14 + k0 + t0;
5465 output[15] = b15 + k1 + 20;
5466 }
5467
threefish_decrypt_1024(struct threefish_key * key_ctx,u64 * input,u64 * output)5468 void threefish_decrypt_1024(struct threefish_key *key_ctx, u64 *input,
5469 u64 *output)
5470 {
5471 u64 b0 = input[0], b1 = input[1],
5472 b2 = input[2], b3 = input[3],
5473 b4 = input[4], b5 = input[5],
5474 b6 = input[6], b7 = input[7],
5475 b8 = input[8], b9 = input[9],
5476 b10 = input[10], b11 = input[11],
5477 b12 = input[12], b13 = input[13],
5478 b14 = input[14], b15 = input[15];
5479 u64 k0 = key_ctx->key[0], k1 = key_ctx->key[1],
5480 k2 = key_ctx->key[2], k3 = key_ctx->key[3],
5481 k4 = key_ctx->key[4], k5 = key_ctx->key[5],
5482 k6 = key_ctx->key[6], k7 = key_ctx->key[7],
5483 k8 = key_ctx->key[8], k9 = key_ctx->key[9],
5484 k10 = key_ctx->key[10], k11 = key_ctx->key[11],
5485 k12 = key_ctx->key[12], k13 = key_ctx->key[13],
5486 k14 = key_ctx->key[14], k15 = key_ctx->key[15],
5487 k16 = key_ctx->key[16];
5488 u64 t0 = key_ctx->tweak[0], t1 = key_ctx->tweak[1],
5489 t2 = key_ctx->tweak[2];
5490 u64 tmp;
5491
5492 b0 -= k3;
5493 b1 -= k4;
5494 b2 -= k5;
5495 b3 -= k6;
5496 b4 -= k7;
5497 b5 -= k8;
5498 b6 -= k9;
5499 b7 -= k10;
5500 b8 -= k11;
5501 b9 -= k12;
5502 b10 -= k13;
5503 b11 -= k14;
5504 b12 -= k15;
5505 b13 -= k16 + t2;
5506 b14 -= k0 + t0;
5507 b15 -= k1 + 20;
5508 tmp = b7 ^ b12;
5509 b7 = ror64(tmp, 20);
5510 b12 -= b7;
5511
5512 tmp = b3 ^ b10;
5513 b3 = ror64(tmp, 37);
5514 b10 -= b3;
5515
5516 tmp = b5 ^ b8;
5517 b5 = ror64(tmp, 31);
5518 b8 -= b5;
5519
5520 tmp = b1 ^ b14;
5521 b1 = ror64(tmp, 23);
5522 b14 -= b1;
5523
5524 tmp = b9 ^ b4;
5525 b9 = ror64(tmp, 52);
5526 b4 -= b9;
5527
5528 tmp = b13 ^ b6;
5529 b13 = ror64(tmp, 35);
5530 b6 -= b13;
5531
5532 tmp = b11 ^ b2;
5533 b11 = ror64(tmp, 48);
5534 b2 -= b11;
5535
5536 tmp = b15 ^ b0;
5537 b15 = ror64(tmp, 9);
5538 b0 -= b15;
5539
5540 tmp = b9 ^ b10;
5541 b9 = ror64(tmp, 25);
5542 b10 -= b9;
5543
5544 tmp = b11 ^ b8;
5545 b11 = ror64(tmp, 44);
5546 b8 -= b11;
5547
5548 tmp = b13 ^ b14;
5549 b13 = ror64(tmp, 42);
5550 b14 -= b13;
5551
5552 tmp = b15 ^ b12;
5553 b15 = ror64(tmp, 19);
5554 b12 -= b15;
5555
5556 tmp = b1 ^ b6;
5557 b1 = ror64(tmp, 46);
5558 b6 -= b1;
5559
5560 tmp = b3 ^ b4;
5561 b3 = ror64(tmp, 47);
5562 b4 -= b3;
5563
5564 tmp = b5 ^ b2;
5565 b5 = ror64(tmp, 44);
5566 b2 -= b5;
5567
5568 tmp = b7 ^ b0;
5569 b7 = ror64(tmp, 31);
5570 b0 -= b7;
5571
5572 tmp = b1 ^ b8;
5573 b1 = ror64(tmp, 41);
5574 b8 -= b1;
5575
5576 tmp = b5 ^ b14;
5577 b5 = ror64(tmp, 42);
5578 b14 -= b5;
5579
5580 tmp = b3 ^ b12;
5581 b3 = ror64(tmp, 53);
5582 b12 -= b3;
5583
5584 tmp = b7 ^ b10;
5585 b7 = ror64(tmp, 4);
5586 b10 -= b7;
5587
5588 tmp = b15 ^ b4;
5589 b15 = ror64(tmp, 51);
5590 b4 -= b15;
5591
5592 tmp = b11 ^ b6;
5593 b11 = ror64(tmp, 56);
5594 b6 -= b11;
5595
5596 tmp = b13 ^ b2;
5597 b13 = ror64(tmp, 34);
5598 b2 -= b13;
5599
5600 tmp = b9 ^ b0;
5601 b9 = ror64(tmp, 16);
5602 b0 -= b9;
5603
5604 tmp = b15 ^ b14;
5605 b15 = ror64(tmp, 30);
5606 b14 -= b15 + k16 + t2;
5607 b15 -= k0 + 19;
5608
5609 tmp = b13 ^ b12;
5610 b13 = ror64(tmp, 44);
5611 b12 -= b13 + k14;
5612 b13 -= k15 + t1;
5613
5614 tmp = b11 ^ b10;
5615 b11 = ror64(tmp, 47);
5616 b10 -= b11 + k12;
5617 b11 -= k13;
5618
5619 tmp = b9 ^ b8;
5620 b9 = ror64(tmp, 12);
5621 b8 -= b9 + k10;
5622 b9 -= k11;
5623
5624 tmp = b7 ^ b6;
5625 b7 = ror64(tmp, 31);
5626 b6 -= b7 + k8;
5627 b7 -= k9;
5628
5629 tmp = b5 ^ b4;
5630 b5 = ror64(tmp, 37);
5631 b4 -= b5 + k6;
5632 b5 -= k7;
5633
5634 tmp = b3 ^ b2;
5635 b3 = ror64(tmp, 9);
5636 b2 -= b3 + k4;
5637 b3 -= k5;
5638
5639 tmp = b1 ^ b0;
5640 b1 = ror64(tmp, 41);
5641 b0 -= b1 + k2;
5642 b1 -= k3;
5643
5644 tmp = b7 ^ b12;
5645 b7 = ror64(tmp, 25);
5646 b12 -= b7;
5647
5648 tmp = b3 ^ b10;
5649 b3 = ror64(tmp, 16);
5650 b10 -= b3;
5651
5652 tmp = b5 ^ b8;
5653 b5 = ror64(tmp, 28);
5654 b8 -= b5;
5655
5656 tmp = b1 ^ b14;
5657 b1 = ror64(tmp, 47);
5658 b14 -= b1;
5659
5660 tmp = b9 ^ b4;
5661 b9 = ror64(tmp, 41);
5662 b4 -= b9;
5663
5664 tmp = b13 ^ b6;
5665 b13 = ror64(tmp, 48);
5666 b6 -= b13;
5667
5668 tmp = b11 ^ b2;
5669 b11 = ror64(tmp, 20);
5670 b2 -= b11;
5671
5672 tmp = b15 ^ b0;
5673 b15 = ror64(tmp, 5);
5674 b0 -= b15;
5675
5676 tmp = b9 ^ b10;
5677 b9 = ror64(tmp, 17);
5678 b10 -= b9;
5679
5680 tmp = b11 ^ b8;
5681 b11 = ror64(tmp, 59);
5682 b8 -= b11;
5683
5684 tmp = b13 ^ b14;
5685 b13 = ror64(tmp, 41);
5686 b14 -= b13;
5687
5688 tmp = b15 ^ b12;
5689 b15 = ror64(tmp, 34);
5690 b12 -= b15;
5691
5692 tmp = b1 ^ b6;
5693 b1 = ror64(tmp, 13);
5694 b6 -= b1;
5695
5696 tmp = b3 ^ b4;
5697 b3 = ror64(tmp, 51);
5698 b4 -= b3;
5699
5700 tmp = b5 ^ b2;
5701 b5 = ror64(tmp, 4);
5702 b2 -= b5;
5703
5704 tmp = b7 ^ b0;
5705 b7 = ror64(tmp, 33);
5706 b0 -= b7;
5707
5708 tmp = b1 ^ b8;
5709 b1 = ror64(tmp, 52);
5710 b8 -= b1;
5711
5712 tmp = b5 ^ b14;
5713 b5 = ror64(tmp, 23);
5714 b14 -= b5;
5715
5716 tmp = b3 ^ b12;
5717 b3 = ror64(tmp, 18);
5718 b12 -= b3;
5719
5720 tmp = b7 ^ b10;
5721 b7 = ror64(tmp, 49);
5722 b10 -= b7;
5723
5724 tmp = b15 ^ b4;
5725 b15 = ror64(tmp, 55);
5726 b4 -= b15;
5727
5728 tmp = b11 ^ b6;
5729 b11 = ror64(tmp, 10);
5730 b6 -= b11;
5731
5732 tmp = b13 ^ b2;
5733 b13 = ror64(tmp, 19);
5734 b2 -= b13;
5735
5736 tmp = b9 ^ b0;
5737 b9 = ror64(tmp, 38);
5738 b0 -= b9;
5739
5740 tmp = b15 ^ b14;
5741 b15 = ror64(tmp, 37);
5742 b14 -= b15 + k15 + t1;
5743 b15 -= k16 + 18;
5744
5745 tmp = b13 ^ b12;
5746 b13 = ror64(tmp, 22);
5747 b12 -= b13 + k13;
5748 b13 -= k14 + t0;
5749
5750 tmp = b11 ^ b10;
5751 b11 = ror64(tmp, 17);
5752 b10 -= b11 + k11;
5753 b11 -= k12;
5754
5755 tmp = b9 ^ b8;
5756 b9 = ror64(tmp, 8);
5757 b8 -= b9 + k9;
5758 b9 -= k10;
5759
5760 tmp = b7 ^ b6;
5761 b7 = ror64(tmp, 47);
5762 b6 -= b7 + k7;
5763 b7 -= k8;
5764
5765 tmp = b5 ^ b4;
5766 b5 = ror64(tmp, 8);
5767 b4 -= b5 + k5;
5768 b5 -= k6;
5769
5770 tmp = b3 ^ b2;
5771 b3 = ror64(tmp, 13);
5772 b2 -= b3 + k3;
5773 b3 -= k4;
5774
5775 tmp = b1 ^ b0;
5776 b1 = ror64(tmp, 24);
5777 b0 -= b1 + k1;
5778 b1 -= k2;
5779
5780 tmp = b7 ^ b12;
5781 b7 = ror64(tmp, 20);
5782 b12 -= b7;
5783
5784 tmp = b3 ^ b10;
5785 b3 = ror64(tmp, 37);
5786 b10 -= b3;
5787
5788 tmp = b5 ^ b8;
5789 b5 = ror64(tmp, 31);
5790 b8 -= b5;
5791
5792 tmp = b1 ^ b14;
5793 b1 = ror64(tmp, 23);
5794 b14 -= b1;
5795
5796 tmp = b9 ^ b4;
5797 b9 = ror64(tmp, 52);
5798 b4 -= b9;
5799
5800 tmp = b13 ^ b6;
5801 b13 = ror64(tmp, 35);
5802 b6 -= b13;
5803
5804 tmp = b11 ^ b2;
5805 b11 = ror64(tmp, 48);
5806 b2 -= b11;
5807
5808 tmp = b15 ^ b0;
5809 b15 = ror64(tmp, 9);
5810 b0 -= b15;
5811
5812 tmp = b9 ^ b10;
5813 b9 = ror64(tmp, 25);
5814 b10 -= b9;
5815
5816 tmp = b11 ^ b8;
5817 b11 = ror64(tmp, 44);
5818 b8 -= b11;
5819
5820 tmp = b13 ^ b14;
5821 b13 = ror64(tmp, 42);
5822 b14 -= b13;
5823
5824 tmp = b15 ^ b12;
5825 b15 = ror64(tmp, 19);
5826 b12 -= b15;
5827
5828 tmp = b1 ^ b6;
5829 b1 = ror64(tmp, 46);
5830 b6 -= b1;
5831
5832 tmp = b3 ^ b4;
5833 b3 = ror64(tmp, 47);
5834 b4 -= b3;
5835
5836 tmp = b5 ^ b2;
5837 b5 = ror64(tmp, 44);
5838 b2 -= b5;
5839
5840 tmp = b7 ^ b0;
5841 b7 = ror64(tmp, 31);
5842 b0 -= b7;
5843
5844 tmp = b1 ^ b8;
5845 b1 = ror64(tmp, 41);
5846 b8 -= b1;
5847
5848 tmp = b5 ^ b14;
5849 b5 = ror64(tmp, 42);
5850 b14 -= b5;
5851
5852 tmp = b3 ^ b12;
5853 b3 = ror64(tmp, 53);
5854 b12 -= b3;
5855
5856 tmp = b7 ^ b10;
5857 b7 = ror64(tmp, 4);
5858 b10 -= b7;
5859
5860 tmp = b15 ^ b4;
5861 b15 = ror64(tmp, 51);
5862 b4 -= b15;
5863
5864 tmp = b11 ^ b6;
5865 b11 = ror64(tmp, 56);
5866 b6 -= b11;
5867
5868 tmp = b13 ^ b2;
5869 b13 = ror64(tmp, 34);
5870 b2 -= b13;
5871
5872 tmp = b9 ^ b0;
5873 b9 = ror64(tmp, 16);
5874 b0 -= b9;
5875
5876 tmp = b15 ^ b14;
5877 b15 = ror64(tmp, 30);
5878 b14 -= b15 + k14 + t0;
5879 b15 -= k15 + 17;
5880
5881 tmp = b13 ^ b12;
5882 b13 = ror64(tmp, 44);
5883 b12 -= b13 + k12;
5884 b13 -= k13 + t2;
5885
5886 tmp = b11 ^ b10;
5887 b11 = ror64(tmp, 47);
5888 b10 -= b11 + k10;
5889 b11 -= k11;
5890
5891 tmp = b9 ^ b8;
5892 b9 = ror64(tmp, 12);
5893 b8 -= b9 + k8;
5894 b9 -= k9;
5895
5896 tmp = b7 ^ b6;
5897 b7 = ror64(tmp, 31);
5898 b6 -= b7 + k6;
5899 b7 -= k7;
5900
5901 tmp = b5 ^ b4;
5902 b5 = ror64(tmp, 37);
5903 b4 -= b5 + k4;
5904 b5 -= k5;
5905
5906 tmp = b3 ^ b2;
5907 b3 = ror64(tmp, 9);
5908 b2 -= b3 + k2;
5909 b3 -= k3;
5910
5911 tmp = b1 ^ b0;
5912 b1 = ror64(tmp, 41);
5913 b0 -= b1 + k0;
5914 b1 -= k1;
5915
5916 tmp = b7 ^ b12;
5917 b7 = ror64(tmp, 25);
5918 b12 -= b7;
5919
5920 tmp = b3 ^ b10;
5921 b3 = ror64(tmp, 16);
5922 b10 -= b3;
5923
5924 tmp = b5 ^ b8;
5925 b5 = ror64(tmp, 28);
5926 b8 -= b5;
5927
5928 tmp = b1 ^ b14;
5929 b1 = ror64(tmp, 47);
5930 b14 -= b1;
5931
5932 tmp = b9 ^ b4;
5933 b9 = ror64(tmp, 41);
5934 b4 -= b9;
5935
5936 tmp = b13 ^ b6;
5937 b13 = ror64(tmp, 48);
5938 b6 -= b13;
5939
5940 tmp = b11 ^ b2;
5941 b11 = ror64(tmp, 20);
5942 b2 -= b11;
5943
5944 tmp = b15 ^ b0;
5945 b15 = ror64(tmp, 5);
5946 b0 -= b15;
5947
5948 tmp = b9 ^ b10;
5949 b9 = ror64(tmp, 17);
5950 b10 -= b9;
5951
5952 tmp = b11 ^ b8;
5953 b11 = ror64(tmp, 59);
5954 b8 -= b11;
5955
5956 tmp = b13 ^ b14;
5957 b13 = ror64(tmp, 41);
5958 b14 -= b13;
5959
5960 tmp = b15 ^ b12;
5961 b15 = ror64(tmp, 34);
5962 b12 -= b15;
5963
5964 tmp = b1 ^ b6;
5965 b1 = ror64(tmp, 13);
5966 b6 -= b1;
5967
5968 tmp = b3 ^ b4;
5969 b3 = ror64(tmp, 51);
5970 b4 -= b3;
5971
5972 tmp = b5 ^ b2;
5973 b5 = ror64(tmp, 4);
5974 b2 -= b5;
5975
5976 tmp = b7 ^ b0;
5977 b7 = ror64(tmp, 33);
5978 b0 -= b7;
5979
5980 tmp = b1 ^ b8;
5981 b1 = ror64(tmp, 52);
5982 b8 -= b1;
5983
5984 tmp = b5 ^ b14;
5985 b5 = ror64(tmp, 23);
5986 b14 -= b5;
5987
5988 tmp = b3 ^ b12;
5989 b3 = ror64(tmp, 18);
5990 b12 -= b3;
5991
5992 tmp = b7 ^ b10;
5993 b7 = ror64(tmp, 49);
5994 b10 -= b7;
5995
5996 tmp = b15 ^ b4;
5997 b15 = ror64(tmp, 55);
5998 b4 -= b15;
5999
6000 tmp = b11 ^ b6;
6001 b11 = ror64(tmp, 10);
6002 b6 -= b11;
6003
6004 tmp = b13 ^ b2;
6005 b13 = ror64(tmp, 19);
6006 b2 -= b13;
6007
6008 tmp = b9 ^ b0;
6009 b9 = ror64(tmp, 38);
6010 b0 -= b9;
6011
6012 tmp = b15 ^ b14;
6013 b15 = ror64(tmp, 37);
6014 b14 -= b15 + k13 + t2;
6015 b15 -= k14 + 16;
6016
6017 tmp = b13 ^ b12;
6018 b13 = ror64(tmp, 22);
6019 b12 -= b13 + k11;
6020 b13 -= k12 + t1;
6021
6022 tmp = b11 ^ b10;
6023 b11 = ror64(tmp, 17);
6024 b10 -= b11 + k9;
6025 b11 -= k10;
6026
6027 tmp = b9 ^ b8;
6028 b9 = ror64(tmp, 8);
6029 b8 -= b9 + k7;
6030 b9 -= k8;
6031
6032 tmp = b7 ^ b6;
6033 b7 = ror64(tmp, 47);
6034 b6 -= b7 + k5;
6035 b7 -= k6;
6036
6037 tmp = b5 ^ b4;
6038 b5 = ror64(tmp, 8);
6039 b4 -= b5 + k3;
6040 b5 -= k4;
6041
6042 tmp = b3 ^ b2;
6043 b3 = ror64(tmp, 13);
6044 b2 -= b3 + k1;
6045 b3 -= k2;
6046
6047 tmp = b1 ^ b0;
6048 b1 = ror64(tmp, 24);
6049 b0 -= b1 + k16;
6050 b1 -= k0;
6051
6052 tmp = b7 ^ b12;
6053 b7 = ror64(tmp, 20);
6054 b12 -= b7;
6055
6056 tmp = b3 ^ b10;
6057 b3 = ror64(tmp, 37);
6058 b10 -= b3;
6059
6060 tmp = b5 ^ b8;
6061 b5 = ror64(tmp, 31);
6062 b8 -= b5;
6063
6064 tmp = b1 ^ b14;
6065 b1 = ror64(tmp, 23);
6066 b14 -= b1;
6067
6068 tmp = b9 ^ b4;
6069 b9 = ror64(tmp, 52);
6070 b4 -= b9;
6071
6072 tmp = b13 ^ b6;
6073 b13 = ror64(tmp, 35);
6074 b6 -= b13;
6075
6076 tmp = b11 ^ b2;
6077 b11 = ror64(tmp, 48);
6078 b2 -= b11;
6079
6080 tmp = b15 ^ b0;
6081 b15 = ror64(tmp, 9);
6082 b0 -= b15;
6083
6084 tmp = b9 ^ b10;
6085 b9 = ror64(tmp, 25);
6086 b10 -= b9;
6087
6088 tmp = b11 ^ b8;
6089 b11 = ror64(tmp, 44);
6090 b8 -= b11;
6091
6092 tmp = b13 ^ b14;
6093 b13 = ror64(tmp, 42);
6094 b14 -= b13;
6095
6096 tmp = b15 ^ b12;
6097 b15 = ror64(tmp, 19);
6098 b12 -= b15;
6099
6100 tmp = b1 ^ b6;
6101 b1 = ror64(tmp, 46);
6102 b6 -= b1;
6103
6104 tmp = b3 ^ b4;
6105 b3 = ror64(tmp, 47);
6106 b4 -= b3;
6107
6108 tmp = b5 ^ b2;
6109 b5 = ror64(tmp, 44);
6110 b2 -= b5;
6111
6112 tmp = b7 ^ b0;
6113 b7 = ror64(tmp, 31);
6114 b0 -= b7;
6115
6116 tmp = b1 ^ b8;
6117 b1 = ror64(tmp, 41);
6118 b8 -= b1;
6119
6120 tmp = b5 ^ b14;
6121 b5 = ror64(tmp, 42);
6122 b14 -= b5;
6123
6124 tmp = b3 ^ b12;
6125 b3 = ror64(tmp, 53);
6126 b12 -= b3;
6127
6128 tmp = b7 ^ b10;
6129 b7 = ror64(tmp, 4);
6130 b10 -= b7;
6131
6132 tmp = b15 ^ b4;
6133 b15 = ror64(tmp, 51);
6134 b4 -= b15;
6135
6136 tmp = b11 ^ b6;
6137 b11 = ror64(tmp, 56);
6138 b6 -= b11;
6139
6140 tmp = b13 ^ b2;
6141 b13 = ror64(tmp, 34);
6142 b2 -= b13;
6143
6144 tmp = b9 ^ b0;
6145 b9 = ror64(tmp, 16);
6146 b0 -= b9;
6147
6148 tmp = b15 ^ b14;
6149 b15 = ror64(tmp, 30);
6150 b14 -= b15 + k12 + t1;
6151 b15 -= k13 + 15;
6152
6153 tmp = b13 ^ b12;
6154 b13 = ror64(tmp, 44);
6155 b12 -= b13 + k10;
6156 b13 -= k11 + t0;
6157
6158 tmp = b11 ^ b10;
6159 b11 = ror64(tmp, 47);
6160 b10 -= b11 + k8;
6161 b11 -= k9;
6162
6163 tmp = b9 ^ b8;
6164 b9 = ror64(tmp, 12);
6165 b8 -= b9 + k6;
6166 b9 -= k7;
6167
6168 tmp = b7 ^ b6;
6169 b7 = ror64(tmp, 31);
6170 b6 -= b7 + k4;
6171 b7 -= k5;
6172
6173 tmp = b5 ^ b4;
6174 b5 = ror64(tmp, 37);
6175 b4 -= b5 + k2;
6176 b5 -= k3;
6177
6178 tmp = b3 ^ b2;
6179 b3 = ror64(tmp, 9);
6180 b2 -= b3 + k0;
6181 b3 -= k1;
6182
6183 tmp = b1 ^ b0;
6184 b1 = ror64(tmp, 41);
6185 b0 -= b1 + k15;
6186 b1 -= k16;
6187
6188 tmp = b7 ^ b12;
6189 b7 = ror64(tmp, 25);
6190 b12 -= b7;
6191
6192 tmp = b3 ^ b10;
6193 b3 = ror64(tmp, 16);
6194 b10 -= b3;
6195
6196 tmp = b5 ^ b8;
6197 b5 = ror64(tmp, 28);
6198 b8 -= b5;
6199
6200 tmp = b1 ^ b14;
6201 b1 = ror64(tmp, 47);
6202 b14 -= b1;
6203
6204 tmp = b9 ^ b4;
6205 b9 = ror64(tmp, 41);
6206 b4 -= b9;
6207
6208 tmp = b13 ^ b6;
6209 b13 = ror64(tmp, 48);
6210 b6 -= b13;
6211
6212 tmp = b11 ^ b2;
6213 b11 = ror64(tmp, 20);
6214 b2 -= b11;
6215
6216 tmp = b15 ^ b0;
6217 b15 = ror64(tmp, 5);
6218 b0 -= b15;
6219
6220 tmp = b9 ^ b10;
6221 b9 = ror64(tmp, 17);
6222 b10 -= b9;
6223
6224 tmp = b11 ^ b8;
6225 b11 = ror64(tmp, 59);
6226 b8 -= b11;
6227
6228 tmp = b13 ^ b14;
6229 b13 = ror64(tmp, 41);
6230 b14 -= b13;
6231
6232 tmp = b15 ^ b12;
6233 b15 = ror64(tmp, 34);
6234 b12 -= b15;
6235
6236 tmp = b1 ^ b6;
6237 b1 = ror64(tmp, 13);
6238 b6 -= b1;
6239
6240 tmp = b3 ^ b4;
6241 b3 = ror64(tmp, 51);
6242 b4 -= b3;
6243
6244 tmp = b5 ^ b2;
6245 b5 = ror64(tmp, 4);
6246 b2 -= b5;
6247
6248 tmp = b7 ^ b0;
6249 b7 = ror64(tmp, 33);
6250 b0 -= b7;
6251
6252 tmp = b1 ^ b8;
6253 b1 = ror64(tmp, 52);
6254 b8 -= b1;
6255
6256 tmp = b5 ^ b14;
6257 b5 = ror64(tmp, 23);
6258 b14 -= b5;
6259
6260 tmp = b3 ^ b12;
6261 b3 = ror64(tmp, 18);
6262 b12 -= b3;
6263
6264 tmp = b7 ^ b10;
6265 b7 = ror64(tmp, 49);
6266 b10 -= b7;
6267
6268 tmp = b15 ^ b4;
6269 b15 = ror64(tmp, 55);
6270 b4 -= b15;
6271
6272 tmp = b11 ^ b6;
6273 b11 = ror64(tmp, 10);
6274 b6 -= b11;
6275
6276 tmp = b13 ^ b2;
6277 b13 = ror64(tmp, 19);
6278 b2 -= b13;
6279
6280 tmp = b9 ^ b0;
6281 b9 = ror64(tmp, 38);
6282 b0 -= b9;
6283
6284 tmp = b15 ^ b14;
6285 b15 = ror64(tmp, 37);
6286 b14 -= b15 + k11 + t0;
6287 b15 -= k12 + 14;
6288
6289 tmp = b13 ^ b12;
6290 b13 = ror64(tmp, 22);
6291 b12 -= b13 + k9;
6292 b13 -= k10 + t2;
6293
6294 tmp = b11 ^ b10;
6295 b11 = ror64(tmp, 17);
6296 b10 -= b11 + k7;
6297 b11 -= k8;
6298
6299 tmp = b9 ^ b8;
6300 b9 = ror64(tmp, 8);
6301 b8 -= b9 + k5;
6302 b9 -= k6;
6303
6304 tmp = b7 ^ b6;
6305 b7 = ror64(tmp, 47);
6306 b6 -= b7 + k3;
6307 b7 -= k4;
6308
6309 tmp = b5 ^ b4;
6310 b5 = ror64(tmp, 8);
6311 b4 -= b5 + k1;
6312 b5 -= k2;
6313
6314 tmp = b3 ^ b2;
6315 b3 = ror64(tmp, 13);
6316 b2 -= b3 + k16;
6317 b3 -= k0;
6318
6319 tmp = b1 ^ b0;
6320 b1 = ror64(tmp, 24);
6321 b0 -= b1 + k14;
6322 b1 -= k15;
6323
6324 tmp = b7 ^ b12;
6325 b7 = ror64(tmp, 20);
6326 b12 -= b7;
6327
6328 tmp = b3 ^ b10;
6329 b3 = ror64(tmp, 37);
6330 b10 -= b3;
6331
6332 tmp = b5 ^ b8;
6333 b5 = ror64(tmp, 31);
6334 b8 -= b5;
6335
6336 tmp = b1 ^ b14;
6337 b1 = ror64(tmp, 23);
6338 b14 -= b1;
6339
6340 tmp = b9 ^ b4;
6341 b9 = ror64(tmp, 52);
6342 b4 -= b9;
6343
6344 tmp = b13 ^ b6;
6345 b13 = ror64(tmp, 35);
6346 b6 -= b13;
6347
6348 tmp = b11 ^ b2;
6349 b11 = ror64(tmp, 48);
6350 b2 -= b11;
6351
6352 tmp = b15 ^ b0;
6353 b15 = ror64(tmp, 9);
6354 b0 -= b15;
6355
6356 tmp = b9 ^ b10;
6357 b9 = ror64(tmp, 25);
6358 b10 -= b9;
6359
6360 tmp = b11 ^ b8;
6361 b11 = ror64(tmp, 44);
6362 b8 -= b11;
6363
6364 tmp = b13 ^ b14;
6365 b13 = ror64(tmp, 42);
6366 b14 -= b13;
6367
6368 tmp = b15 ^ b12;
6369 b15 = ror64(tmp, 19);
6370 b12 -= b15;
6371
6372 tmp = b1 ^ b6;
6373 b1 = ror64(tmp, 46);
6374 b6 -= b1;
6375
6376 tmp = b3 ^ b4;
6377 b3 = ror64(tmp, 47);
6378 b4 -= b3;
6379
6380 tmp = b5 ^ b2;
6381 b5 = ror64(tmp, 44);
6382 b2 -= b5;
6383
6384 tmp = b7 ^ b0;
6385 b7 = ror64(tmp, 31);
6386 b0 -= b7;
6387
6388 tmp = b1 ^ b8;
6389 b1 = ror64(tmp, 41);
6390 b8 -= b1;
6391
6392 tmp = b5 ^ b14;
6393 b5 = ror64(tmp, 42);
6394 b14 -= b5;
6395
6396 tmp = b3 ^ b12;
6397 b3 = ror64(tmp, 53);
6398 b12 -= b3;
6399
6400 tmp = b7 ^ b10;
6401 b7 = ror64(tmp, 4);
6402 b10 -= b7;
6403
6404 tmp = b15 ^ b4;
6405 b15 = ror64(tmp, 51);
6406 b4 -= b15;
6407
6408 tmp = b11 ^ b6;
6409 b11 = ror64(tmp, 56);
6410 b6 -= b11;
6411
6412 tmp = b13 ^ b2;
6413 b13 = ror64(tmp, 34);
6414 b2 -= b13;
6415
6416 tmp = b9 ^ b0;
6417 b9 = ror64(tmp, 16);
6418 b0 -= b9;
6419
6420 tmp = b15 ^ b14;
6421 b15 = ror64(tmp, 30);
6422 b14 -= b15 + k10 + t2;
6423 b15 -= k11 + 13;
6424
6425 tmp = b13 ^ b12;
6426 b13 = ror64(tmp, 44);
6427 b12 -= b13 + k8;
6428 b13 -= k9 + t1;
6429
6430 tmp = b11 ^ b10;
6431 b11 = ror64(tmp, 47);
6432 b10 -= b11 + k6;
6433 b11 -= k7;
6434
6435 tmp = b9 ^ b8;
6436 b9 = ror64(tmp, 12);
6437 b8 -= b9 + k4;
6438 b9 -= k5;
6439
6440 tmp = b7 ^ b6;
6441 b7 = ror64(tmp, 31);
6442 b6 -= b7 + k2;
6443 b7 -= k3;
6444
6445 tmp = b5 ^ b4;
6446 b5 = ror64(tmp, 37);
6447 b4 -= b5 + k0;
6448 b5 -= k1;
6449
6450 tmp = b3 ^ b2;
6451 b3 = ror64(tmp, 9);
6452 b2 -= b3 + k15;
6453 b3 -= k16;
6454
6455 tmp = b1 ^ b0;
6456 b1 = ror64(tmp, 41);
6457 b0 -= b1 + k13;
6458 b1 -= k14;
6459
6460 tmp = b7 ^ b12;
6461 b7 = ror64(tmp, 25);
6462 b12 -= b7;
6463
6464 tmp = b3 ^ b10;
6465 b3 = ror64(tmp, 16);
6466 b10 -= b3;
6467
6468 tmp = b5 ^ b8;
6469 b5 = ror64(tmp, 28);
6470 b8 -= b5;
6471
6472 tmp = b1 ^ b14;
6473 b1 = ror64(tmp, 47);
6474 b14 -= b1;
6475
6476 tmp = b9 ^ b4;
6477 b9 = ror64(tmp, 41);
6478 b4 -= b9;
6479
6480 tmp = b13 ^ b6;
6481 b13 = ror64(tmp, 48);
6482 b6 -= b13;
6483
6484 tmp = b11 ^ b2;
6485 b11 = ror64(tmp, 20);
6486 b2 -= b11;
6487
6488 tmp = b15 ^ b0;
6489 b15 = ror64(tmp, 5);
6490 b0 -= b15;
6491
6492 tmp = b9 ^ b10;
6493 b9 = ror64(tmp, 17);
6494 b10 -= b9;
6495
6496 tmp = b11 ^ b8;
6497 b11 = ror64(tmp, 59);
6498 b8 -= b11;
6499
6500 tmp = b13 ^ b14;
6501 b13 = ror64(tmp, 41);
6502 b14 -= b13;
6503
6504 tmp = b15 ^ b12;
6505 b15 = ror64(tmp, 34);
6506 b12 -= b15;
6507
6508 tmp = b1 ^ b6;
6509 b1 = ror64(tmp, 13);
6510 b6 -= b1;
6511
6512 tmp = b3 ^ b4;
6513 b3 = ror64(tmp, 51);
6514 b4 -= b3;
6515
6516 tmp = b5 ^ b2;
6517 b5 = ror64(tmp, 4);
6518 b2 -= b5;
6519
6520 tmp = b7 ^ b0;
6521 b7 = ror64(tmp, 33);
6522 b0 -= b7;
6523
6524 tmp = b1 ^ b8;
6525 b1 = ror64(tmp, 52);
6526 b8 -= b1;
6527
6528 tmp = b5 ^ b14;
6529 b5 = ror64(tmp, 23);
6530 b14 -= b5;
6531
6532 tmp = b3 ^ b12;
6533 b3 = ror64(tmp, 18);
6534 b12 -= b3;
6535
6536 tmp = b7 ^ b10;
6537 b7 = ror64(tmp, 49);
6538 b10 -= b7;
6539
6540 tmp = b15 ^ b4;
6541 b15 = ror64(tmp, 55);
6542 b4 -= b15;
6543
6544 tmp = b11 ^ b6;
6545 b11 = ror64(tmp, 10);
6546 b6 -= b11;
6547
6548 tmp = b13 ^ b2;
6549 b13 = ror64(tmp, 19);
6550 b2 -= b13;
6551
6552 tmp = b9 ^ b0;
6553 b9 = ror64(tmp, 38);
6554 b0 -= b9;
6555
6556 tmp = b15 ^ b14;
6557 b15 = ror64(tmp, 37);
6558 b14 -= b15 + k9 + t1;
6559 b15 -= k10 + 12;
6560
6561 tmp = b13 ^ b12;
6562 b13 = ror64(tmp, 22);
6563 b12 -= b13 + k7;
6564 b13 -= k8 + t0;
6565
6566 tmp = b11 ^ b10;
6567 b11 = ror64(tmp, 17);
6568 b10 -= b11 + k5;
6569 b11 -= k6;
6570
6571 tmp = b9 ^ b8;
6572 b9 = ror64(tmp, 8);
6573 b8 -= b9 + k3;
6574 b9 -= k4;
6575
6576 tmp = b7 ^ b6;
6577 b7 = ror64(tmp, 47);
6578 b6 -= b7 + k1;
6579 b7 -= k2;
6580
6581 tmp = b5 ^ b4;
6582 b5 = ror64(tmp, 8);
6583 b4 -= b5 + k16;
6584 b5 -= k0;
6585
6586 tmp = b3 ^ b2;
6587 b3 = ror64(tmp, 13);
6588 b2 -= b3 + k14;
6589 b3 -= k15;
6590
6591 tmp = b1 ^ b0;
6592 b1 = ror64(tmp, 24);
6593 b0 -= b1 + k12;
6594 b1 -= k13;
6595
6596 tmp = b7 ^ b12;
6597 b7 = ror64(tmp, 20);
6598 b12 -= b7;
6599
6600 tmp = b3 ^ b10;
6601 b3 = ror64(tmp, 37);
6602 b10 -= b3;
6603
6604 tmp = b5 ^ b8;
6605 b5 = ror64(tmp, 31);
6606 b8 -= b5;
6607
6608 tmp = b1 ^ b14;
6609 b1 = ror64(tmp, 23);
6610 b14 -= b1;
6611
6612 tmp = b9 ^ b4;
6613 b9 = ror64(tmp, 52);
6614 b4 -= b9;
6615
6616 tmp = b13 ^ b6;
6617 b13 = ror64(tmp, 35);
6618 b6 -= b13;
6619
6620 tmp = b11 ^ b2;
6621 b11 = ror64(tmp, 48);
6622 b2 -= b11;
6623
6624 tmp = b15 ^ b0;
6625 b15 = ror64(tmp, 9);
6626 b0 -= b15;
6627
6628 tmp = b9 ^ b10;
6629 b9 = ror64(tmp, 25);
6630 b10 -= b9;
6631
6632 tmp = b11 ^ b8;
6633 b11 = ror64(tmp, 44);
6634 b8 -= b11;
6635
6636 tmp = b13 ^ b14;
6637 b13 = ror64(tmp, 42);
6638 b14 -= b13;
6639
6640 tmp = b15 ^ b12;
6641 b15 = ror64(tmp, 19);
6642 b12 -= b15;
6643
6644 tmp = b1 ^ b6;
6645 b1 = ror64(tmp, 46);
6646 b6 -= b1;
6647
6648 tmp = b3 ^ b4;
6649 b3 = ror64(tmp, 47);
6650 b4 -= b3;
6651
6652 tmp = b5 ^ b2;
6653 b5 = ror64(tmp, 44);
6654 b2 -= b5;
6655
6656 tmp = b7 ^ b0;
6657 b7 = ror64(tmp, 31);
6658 b0 -= b7;
6659
6660 tmp = b1 ^ b8;
6661 b1 = ror64(tmp, 41);
6662 b8 -= b1;
6663
6664 tmp = b5 ^ b14;
6665 b5 = ror64(tmp, 42);
6666 b14 -= b5;
6667
6668 tmp = b3 ^ b12;
6669 b3 = ror64(tmp, 53);
6670 b12 -= b3;
6671
6672 tmp = b7 ^ b10;
6673 b7 = ror64(tmp, 4);
6674 b10 -= b7;
6675
6676 tmp = b15 ^ b4;
6677 b15 = ror64(tmp, 51);
6678 b4 -= b15;
6679
6680 tmp = b11 ^ b6;
6681 b11 = ror64(tmp, 56);
6682 b6 -= b11;
6683
6684 tmp = b13 ^ b2;
6685 b13 = ror64(tmp, 34);
6686 b2 -= b13;
6687
6688 tmp = b9 ^ b0;
6689 b9 = ror64(tmp, 16);
6690 b0 -= b9;
6691
6692 tmp = b15 ^ b14;
6693 b15 = ror64(tmp, 30);
6694 b14 -= b15 + k8 + t0;
6695 b15 -= k9 + 11;
6696
6697 tmp = b13 ^ b12;
6698 b13 = ror64(tmp, 44);
6699 b12 -= b13 + k6;
6700 b13 -= k7 + t2;
6701
6702 tmp = b11 ^ b10;
6703 b11 = ror64(tmp, 47);
6704 b10 -= b11 + k4;
6705 b11 -= k5;
6706
6707 tmp = b9 ^ b8;
6708 b9 = ror64(tmp, 12);
6709 b8 -= b9 + k2;
6710 b9 -= k3;
6711
6712 tmp = b7 ^ b6;
6713 b7 = ror64(tmp, 31);
6714 b6 -= b7 + k0;
6715 b7 -= k1;
6716
6717 tmp = b5 ^ b4;
6718 b5 = ror64(tmp, 37);
6719 b4 -= b5 + k15;
6720 b5 -= k16;
6721
6722 tmp = b3 ^ b2;
6723 b3 = ror64(tmp, 9);
6724 b2 -= b3 + k13;
6725 b3 -= k14;
6726
6727 tmp = b1 ^ b0;
6728 b1 = ror64(tmp, 41);
6729 b0 -= b1 + k11;
6730 b1 -= k12;
6731
6732 tmp = b7 ^ b12;
6733 b7 = ror64(tmp, 25);
6734 b12 -= b7;
6735
6736 tmp = b3 ^ b10;
6737 b3 = ror64(tmp, 16);
6738 b10 -= b3;
6739
6740 tmp = b5 ^ b8;
6741 b5 = ror64(tmp, 28);
6742 b8 -= b5;
6743
6744 tmp = b1 ^ b14;
6745 b1 = ror64(tmp, 47);
6746 b14 -= b1;
6747
6748 tmp = b9 ^ b4;
6749 b9 = ror64(tmp, 41);
6750 b4 -= b9;
6751
6752 tmp = b13 ^ b6;
6753 b13 = ror64(tmp, 48);
6754 b6 -= b13;
6755
6756 tmp = b11 ^ b2;
6757 b11 = ror64(tmp, 20);
6758 b2 -= b11;
6759
6760 tmp = b15 ^ b0;
6761 b15 = ror64(tmp, 5);
6762 b0 -= b15;
6763
6764 tmp = b9 ^ b10;
6765 b9 = ror64(tmp, 17);
6766 b10 -= b9;
6767
6768 tmp = b11 ^ b8;
6769 b11 = ror64(tmp, 59);
6770 b8 -= b11;
6771
6772 tmp = b13 ^ b14;
6773 b13 = ror64(tmp, 41);
6774 b14 -= b13;
6775
6776 tmp = b15 ^ b12;
6777 b15 = ror64(tmp, 34);
6778 b12 -= b15;
6779
6780 tmp = b1 ^ b6;
6781 b1 = ror64(tmp, 13);
6782 b6 -= b1;
6783
6784 tmp = b3 ^ b4;
6785 b3 = ror64(tmp, 51);
6786 b4 -= b3;
6787
6788 tmp = b5 ^ b2;
6789 b5 = ror64(tmp, 4);
6790 b2 -= b5;
6791
6792 tmp = b7 ^ b0;
6793 b7 = ror64(tmp, 33);
6794 b0 -= b7;
6795
6796 tmp = b1 ^ b8;
6797 b1 = ror64(tmp, 52);
6798 b8 -= b1;
6799
6800 tmp = b5 ^ b14;
6801 b5 = ror64(tmp, 23);
6802 b14 -= b5;
6803
6804 tmp = b3 ^ b12;
6805 b3 = ror64(tmp, 18);
6806 b12 -= b3;
6807
6808 tmp = b7 ^ b10;
6809 b7 = ror64(tmp, 49);
6810 b10 -= b7;
6811
6812 tmp = b15 ^ b4;
6813 b15 = ror64(tmp, 55);
6814 b4 -= b15;
6815
6816 tmp = b11 ^ b6;
6817 b11 = ror64(tmp, 10);
6818 b6 -= b11;
6819
6820 tmp = b13 ^ b2;
6821 b13 = ror64(tmp, 19);
6822 b2 -= b13;
6823
6824 tmp = b9 ^ b0;
6825 b9 = ror64(tmp, 38);
6826 b0 -= b9;
6827
6828 tmp = b15 ^ b14;
6829 b15 = ror64(tmp, 37);
6830 b14 -= b15 + k7 + t2;
6831 b15 -= k8 + 10;
6832
6833 tmp = b13 ^ b12;
6834 b13 = ror64(tmp, 22);
6835 b12 -= b13 + k5;
6836 b13 -= k6 + t1;
6837
6838 tmp = b11 ^ b10;
6839 b11 = ror64(tmp, 17);
6840 b10 -= b11 + k3;
6841 b11 -= k4;
6842
6843 tmp = b9 ^ b8;
6844 b9 = ror64(tmp, 8);
6845 b8 -= b9 + k1;
6846 b9 -= k2;
6847
6848 tmp = b7 ^ b6;
6849 b7 = ror64(tmp, 47);
6850 b6 -= b7 + k16;
6851 b7 -= k0;
6852
6853 tmp = b5 ^ b4;
6854 b5 = ror64(tmp, 8);
6855 b4 -= b5 + k14;
6856 b5 -= k15;
6857
6858 tmp = b3 ^ b2;
6859 b3 = ror64(tmp, 13);
6860 b2 -= b3 + k12;
6861 b3 -= k13;
6862
6863 tmp = b1 ^ b0;
6864 b1 = ror64(tmp, 24);
6865 b0 -= b1 + k10;
6866 b1 -= k11;
6867
6868 tmp = b7 ^ b12;
6869 b7 = ror64(tmp, 20);
6870 b12 -= b7;
6871
6872 tmp = b3 ^ b10;
6873 b3 = ror64(tmp, 37);
6874 b10 -= b3;
6875
6876 tmp = b5 ^ b8;
6877 b5 = ror64(tmp, 31);
6878 b8 -= b5;
6879
6880 tmp = b1 ^ b14;
6881 b1 = ror64(tmp, 23);
6882 b14 -= b1;
6883
6884 tmp = b9 ^ b4;
6885 b9 = ror64(tmp, 52);
6886 b4 -= b9;
6887
6888 tmp = b13 ^ b6;
6889 b13 = ror64(tmp, 35);
6890 b6 -= b13;
6891
6892 tmp = b11 ^ b2;
6893 b11 = ror64(tmp, 48);
6894 b2 -= b11;
6895
6896 tmp = b15 ^ b0;
6897 b15 = ror64(tmp, 9);
6898 b0 -= b15;
6899
6900 tmp = b9 ^ b10;
6901 b9 = ror64(tmp, 25);
6902 b10 -= b9;
6903
6904 tmp = b11 ^ b8;
6905 b11 = ror64(tmp, 44);
6906 b8 -= b11;
6907
6908 tmp = b13 ^ b14;
6909 b13 = ror64(tmp, 42);
6910 b14 -= b13;
6911
6912 tmp = b15 ^ b12;
6913 b15 = ror64(tmp, 19);
6914 b12 -= b15;
6915
6916 tmp = b1 ^ b6;
6917 b1 = ror64(tmp, 46);
6918 b6 -= b1;
6919
6920 tmp = b3 ^ b4;
6921 b3 = ror64(tmp, 47);
6922 b4 -= b3;
6923
6924 tmp = b5 ^ b2;
6925 b5 = ror64(tmp, 44);
6926 b2 -= b5;
6927
6928 tmp = b7 ^ b0;
6929 b7 = ror64(tmp, 31);
6930 b0 -= b7;
6931
6932 tmp = b1 ^ b8;
6933 b1 = ror64(tmp, 41);
6934 b8 -= b1;
6935
6936 tmp = b5 ^ b14;
6937 b5 = ror64(tmp, 42);
6938 b14 -= b5;
6939
6940 tmp = b3 ^ b12;
6941 b3 = ror64(tmp, 53);
6942 b12 -= b3;
6943
6944 tmp = b7 ^ b10;
6945 b7 = ror64(tmp, 4);
6946 b10 -= b7;
6947
6948 tmp = b15 ^ b4;
6949 b15 = ror64(tmp, 51);
6950 b4 -= b15;
6951
6952 tmp = b11 ^ b6;
6953 b11 = ror64(tmp, 56);
6954 b6 -= b11;
6955
6956 tmp = b13 ^ b2;
6957 b13 = ror64(tmp, 34);
6958 b2 -= b13;
6959
6960 tmp = b9 ^ b0;
6961 b9 = ror64(tmp, 16);
6962 b0 -= b9;
6963
6964 tmp = b15 ^ b14;
6965 b15 = ror64(tmp, 30);
6966 b14 -= b15 + k6 + t1;
6967 b15 -= k7 + 9;
6968
6969 tmp = b13 ^ b12;
6970 b13 = ror64(tmp, 44);
6971 b12 -= b13 + k4;
6972 b13 -= k5 + t0;
6973
6974 tmp = b11 ^ b10;
6975 b11 = ror64(tmp, 47);
6976 b10 -= b11 + k2;
6977 b11 -= k3;
6978
6979 tmp = b9 ^ b8;
6980 b9 = ror64(tmp, 12);
6981 b8 -= b9 + k0;
6982 b9 -= k1;
6983
6984 tmp = b7 ^ b6;
6985 b7 = ror64(tmp, 31);
6986 b6 -= b7 + k15;
6987 b7 -= k16;
6988
6989 tmp = b5 ^ b4;
6990 b5 = ror64(tmp, 37);
6991 b4 -= b5 + k13;
6992 b5 -= k14;
6993
6994 tmp = b3 ^ b2;
6995 b3 = ror64(tmp, 9);
6996 b2 -= b3 + k11;
6997 b3 -= k12;
6998
6999 tmp = b1 ^ b0;
7000 b1 = ror64(tmp, 41);
7001 b0 -= b1 + k9;
7002 b1 -= k10;
7003
7004 tmp = b7 ^ b12;
7005 b7 = ror64(tmp, 25);
7006 b12 -= b7;
7007
7008 tmp = b3 ^ b10;
7009 b3 = ror64(tmp, 16);
7010 b10 -= b3;
7011
7012 tmp = b5 ^ b8;
7013 b5 = ror64(tmp, 28);
7014 b8 -= b5;
7015
7016 tmp = b1 ^ b14;
7017 b1 = ror64(tmp, 47);
7018 b14 -= b1;
7019
7020 tmp = b9 ^ b4;
7021 b9 = ror64(tmp, 41);
7022 b4 -= b9;
7023
7024 tmp = b13 ^ b6;
7025 b13 = ror64(tmp, 48);
7026 b6 -= b13;
7027
7028 tmp = b11 ^ b2;
7029 b11 = ror64(tmp, 20);
7030 b2 -= b11;
7031
7032 tmp = b15 ^ b0;
7033 b15 = ror64(tmp, 5);
7034 b0 -= b15;
7035
7036 tmp = b9 ^ b10;
7037 b9 = ror64(tmp, 17);
7038 b10 -= b9;
7039
7040 tmp = b11 ^ b8;
7041 b11 = ror64(tmp, 59);
7042 b8 -= b11;
7043
7044 tmp = b13 ^ b14;
7045 b13 = ror64(tmp, 41);
7046 b14 -= b13;
7047
7048 tmp = b15 ^ b12;
7049 b15 = ror64(tmp, 34);
7050 b12 -= b15;
7051
7052 tmp = b1 ^ b6;
7053 b1 = ror64(tmp, 13);
7054 b6 -= b1;
7055
7056 tmp = b3 ^ b4;
7057 b3 = ror64(tmp, 51);
7058 b4 -= b3;
7059
7060 tmp = b5 ^ b2;
7061 b5 = ror64(tmp, 4);
7062 b2 -= b5;
7063
7064 tmp = b7 ^ b0;
7065 b7 = ror64(tmp, 33);
7066 b0 -= b7;
7067
7068 tmp = b1 ^ b8;
7069 b1 = ror64(tmp, 52);
7070 b8 -= b1;
7071
7072 tmp = b5 ^ b14;
7073 b5 = ror64(tmp, 23);
7074 b14 -= b5;
7075
7076 tmp = b3 ^ b12;
7077 b3 = ror64(tmp, 18);
7078 b12 -= b3;
7079
7080 tmp = b7 ^ b10;
7081 b7 = ror64(tmp, 49);
7082 b10 -= b7;
7083
7084 tmp = b15 ^ b4;
7085 b15 = ror64(tmp, 55);
7086 b4 -= b15;
7087
7088 tmp = b11 ^ b6;
7089 b11 = ror64(tmp, 10);
7090 b6 -= b11;
7091
7092 tmp = b13 ^ b2;
7093 b13 = ror64(tmp, 19);
7094 b2 -= b13;
7095
7096 tmp = b9 ^ b0;
7097 b9 = ror64(tmp, 38);
7098 b0 -= b9;
7099
7100 tmp = b15 ^ b14;
7101 b15 = ror64(tmp, 37);
7102 b14 -= b15 + k5 + t0;
7103 b15 -= k6 + 8;
7104
7105 tmp = b13 ^ b12;
7106 b13 = ror64(tmp, 22);
7107 b12 -= b13 + k3;
7108 b13 -= k4 + t2;
7109
7110 tmp = b11 ^ b10;
7111 b11 = ror64(tmp, 17);
7112 b10 -= b11 + k1;
7113 b11 -= k2;
7114
7115 tmp = b9 ^ b8;
7116 b9 = ror64(tmp, 8);
7117 b8 -= b9 + k16;
7118 b9 -= k0;
7119
7120 tmp = b7 ^ b6;
7121 b7 = ror64(tmp, 47);
7122 b6 -= b7 + k14;
7123 b7 -= k15;
7124
7125 tmp = b5 ^ b4;
7126 b5 = ror64(tmp, 8);
7127 b4 -= b5 + k12;
7128 b5 -= k13;
7129
7130 tmp = b3 ^ b2;
7131 b3 = ror64(tmp, 13);
7132 b2 -= b3 + k10;
7133 b3 -= k11;
7134
7135 tmp = b1 ^ b0;
7136 b1 = ror64(tmp, 24);
7137 b0 -= b1 + k8;
7138 b1 -= k9;
7139
7140 tmp = b7 ^ b12;
7141 b7 = ror64(tmp, 20);
7142 b12 -= b7;
7143
7144 tmp = b3 ^ b10;
7145 b3 = ror64(tmp, 37);
7146 b10 -= b3;
7147
7148 tmp = b5 ^ b8;
7149 b5 = ror64(tmp, 31);
7150 b8 -= b5;
7151
7152 tmp = b1 ^ b14;
7153 b1 = ror64(tmp, 23);
7154 b14 -= b1;
7155
7156 tmp = b9 ^ b4;
7157 b9 = ror64(tmp, 52);
7158 b4 -= b9;
7159
7160 tmp = b13 ^ b6;
7161 b13 = ror64(tmp, 35);
7162 b6 -= b13;
7163
7164 tmp = b11 ^ b2;
7165 b11 = ror64(tmp, 48);
7166 b2 -= b11;
7167
7168 tmp = b15 ^ b0;
7169 b15 = ror64(tmp, 9);
7170 b0 -= b15;
7171
7172 tmp = b9 ^ b10;
7173 b9 = ror64(tmp, 25);
7174 b10 -= b9;
7175
7176 tmp = b11 ^ b8;
7177 b11 = ror64(tmp, 44);
7178 b8 -= b11;
7179
7180 tmp = b13 ^ b14;
7181 b13 = ror64(tmp, 42);
7182 b14 -= b13;
7183
7184 tmp = b15 ^ b12;
7185 b15 = ror64(tmp, 19);
7186 b12 -= b15;
7187
7188 tmp = b1 ^ b6;
7189 b1 = ror64(tmp, 46);
7190 b6 -= b1;
7191
7192 tmp = b3 ^ b4;
7193 b3 = ror64(tmp, 47);
7194 b4 -= b3;
7195
7196 tmp = b5 ^ b2;
7197 b5 = ror64(tmp, 44);
7198 b2 -= b5;
7199
7200 tmp = b7 ^ b0;
7201 b7 = ror64(tmp, 31);
7202 b0 -= b7;
7203
7204 tmp = b1 ^ b8;
7205 b1 = ror64(tmp, 41);
7206 b8 -= b1;
7207
7208 tmp = b5 ^ b14;
7209 b5 = ror64(tmp, 42);
7210 b14 -= b5;
7211
7212 tmp = b3 ^ b12;
7213 b3 = ror64(tmp, 53);
7214 b12 -= b3;
7215
7216 tmp = b7 ^ b10;
7217 b7 = ror64(tmp, 4);
7218 b10 -= b7;
7219
7220 tmp = b15 ^ b4;
7221 b15 = ror64(tmp, 51);
7222 b4 -= b15;
7223
7224 tmp = b11 ^ b6;
7225 b11 = ror64(tmp, 56);
7226 b6 -= b11;
7227
7228 tmp = b13 ^ b2;
7229 b13 = ror64(tmp, 34);
7230 b2 -= b13;
7231
7232 tmp = b9 ^ b0;
7233 b9 = ror64(tmp, 16);
7234 b0 -= b9;
7235
7236 tmp = b15 ^ b14;
7237 b15 = ror64(tmp, 30);
7238 b14 -= b15 + k4 + t2;
7239 b15 -= k5 + 7;
7240
7241 tmp = b13 ^ b12;
7242 b13 = ror64(tmp, 44);
7243 b12 -= b13 + k2;
7244 b13 -= k3 + t1;
7245
7246 tmp = b11 ^ b10;
7247 b11 = ror64(tmp, 47);
7248 b10 -= b11 + k0;
7249 b11 -= k1;
7250
7251 tmp = b9 ^ b8;
7252 b9 = ror64(tmp, 12);
7253 b8 -= b9 + k15;
7254 b9 -= k16;
7255
7256 tmp = b7 ^ b6;
7257 b7 = ror64(tmp, 31);
7258 b6 -= b7 + k13;
7259 b7 -= k14;
7260
7261 tmp = b5 ^ b4;
7262 b5 = ror64(tmp, 37);
7263 b4 -= b5 + k11;
7264 b5 -= k12;
7265
7266 tmp = b3 ^ b2;
7267 b3 = ror64(tmp, 9);
7268 b2 -= b3 + k9;
7269 b3 -= k10;
7270
7271 tmp = b1 ^ b0;
7272 b1 = ror64(tmp, 41);
7273 b0 -= b1 + k7;
7274 b1 -= k8;
7275
7276 tmp = b7 ^ b12;
7277 b7 = ror64(tmp, 25);
7278 b12 -= b7;
7279
7280 tmp = b3 ^ b10;
7281 b3 = ror64(tmp, 16);
7282 b10 -= b3;
7283
7284 tmp = b5 ^ b8;
7285 b5 = ror64(tmp, 28);
7286 b8 -= b5;
7287
7288 tmp = b1 ^ b14;
7289 b1 = ror64(tmp, 47);
7290 b14 -= b1;
7291
7292 tmp = b9 ^ b4;
7293 b9 = ror64(tmp, 41);
7294 b4 -= b9;
7295
7296 tmp = b13 ^ b6;
7297 b13 = ror64(tmp, 48);
7298 b6 -= b13;
7299
7300 tmp = b11 ^ b2;
7301 b11 = ror64(tmp, 20);
7302 b2 -= b11;
7303
7304 tmp = b15 ^ b0;
7305 b15 = ror64(tmp, 5);
7306 b0 -= b15;
7307
7308 tmp = b9 ^ b10;
7309 b9 = ror64(tmp, 17);
7310 b10 -= b9;
7311
7312 tmp = b11 ^ b8;
7313 b11 = ror64(tmp, 59);
7314 b8 -= b11;
7315
7316 tmp = b13 ^ b14;
7317 b13 = ror64(tmp, 41);
7318 b14 -= b13;
7319
7320 tmp = b15 ^ b12;
7321 b15 = ror64(tmp, 34);
7322 b12 -= b15;
7323
7324 tmp = b1 ^ b6;
7325 b1 = ror64(tmp, 13);
7326 b6 -= b1;
7327
7328 tmp = b3 ^ b4;
7329 b3 = ror64(tmp, 51);
7330 b4 -= b3;
7331
7332 tmp = b5 ^ b2;
7333 b5 = ror64(tmp, 4);
7334 b2 -= b5;
7335
7336 tmp = b7 ^ b0;
7337 b7 = ror64(tmp, 33);
7338 b0 -= b7;
7339
7340 tmp = b1 ^ b8;
7341 b1 = ror64(tmp, 52);
7342 b8 -= b1;
7343
7344 tmp = b5 ^ b14;
7345 b5 = ror64(tmp, 23);
7346 b14 -= b5;
7347
7348 tmp = b3 ^ b12;
7349 b3 = ror64(tmp, 18);
7350 b12 -= b3;
7351
7352 tmp = b7 ^ b10;
7353 b7 = ror64(tmp, 49);
7354 b10 -= b7;
7355
7356 tmp = b15 ^ b4;
7357 b15 = ror64(tmp, 55);
7358 b4 -= b15;
7359
7360 tmp = b11 ^ b6;
7361 b11 = ror64(tmp, 10);
7362 b6 -= b11;
7363
7364 tmp = b13 ^ b2;
7365 b13 = ror64(tmp, 19);
7366 b2 -= b13;
7367
7368 tmp = b9 ^ b0;
7369 b9 = ror64(tmp, 38);
7370 b0 -= b9;
7371
7372 tmp = b15 ^ b14;
7373 b15 = ror64(tmp, 37);
7374 b14 -= b15 + k3 + t1;
7375 b15 -= k4 + 6;
7376
7377 tmp = b13 ^ b12;
7378 b13 = ror64(tmp, 22);
7379 b12 -= b13 + k1;
7380 b13 -= k2 + t0;
7381
7382 tmp = b11 ^ b10;
7383 b11 = ror64(tmp, 17);
7384 b10 -= b11 + k16;
7385 b11 -= k0;
7386
7387 tmp = b9 ^ b8;
7388 b9 = ror64(tmp, 8);
7389 b8 -= b9 + k14;
7390 b9 -= k15;
7391
7392 tmp = b7 ^ b6;
7393 b7 = ror64(tmp, 47);
7394 b6 -= b7 + k12;
7395 b7 -= k13;
7396
7397 tmp = b5 ^ b4;
7398 b5 = ror64(tmp, 8);
7399 b4 -= b5 + k10;
7400 b5 -= k11;
7401
7402 tmp = b3 ^ b2;
7403 b3 = ror64(tmp, 13);
7404 b2 -= b3 + k8;
7405 b3 -= k9;
7406
7407 tmp = b1 ^ b0;
7408 b1 = ror64(tmp, 24);
7409 b0 -= b1 + k6;
7410 b1 -= k7;
7411
7412 tmp = b7 ^ b12;
7413 b7 = ror64(tmp, 20);
7414 b12 -= b7;
7415
7416 tmp = b3 ^ b10;
7417 b3 = ror64(tmp, 37);
7418 b10 -= b3;
7419
7420 tmp = b5 ^ b8;
7421 b5 = ror64(tmp, 31);
7422 b8 -= b5;
7423
7424 tmp = b1 ^ b14;
7425 b1 = ror64(tmp, 23);
7426 b14 -= b1;
7427
7428 tmp = b9 ^ b4;
7429 b9 = ror64(tmp, 52);
7430 b4 -= b9;
7431
7432 tmp = b13 ^ b6;
7433 b13 = ror64(tmp, 35);
7434 b6 -= b13;
7435
7436 tmp = b11 ^ b2;
7437 b11 = ror64(tmp, 48);
7438 b2 -= b11;
7439
7440 tmp = b15 ^ b0;
7441 b15 = ror64(tmp, 9);
7442 b0 -= b15;
7443
7444 tmp = b9 ^ b10;
7445 b9 = ror64(tmp, 25);
7446 b10 -= b9;
7447
7448 tmp = b11 ^ b8;
7449 b11 = ror64(tmp, 44);
7450 b8 -= b11;
7451
7452 tmp = b13 ^ b14;
7453 b13 = ror64(tmp, 42);
7454 b14 -= b13;
7455
7456 tmp = b15 ^ b12;
7457 b15 = ror64(tmp, 19);
7458 b12 -= b15;
7459
7460 tmp = b1 ^ b6;
7461 b1 = ror64(tmp, 46);
7462 b6 -= b1;
7463
7464 tmp = b3 ^ b4;
7465 b3 = ror64(tmp, 47);
7466 b4 -= b3;
7467
7468 tmp = b5 ^ b2;
7469 b5 = ror64(tmp, 44);
7470 b2 -= b5;
7471
7472 tmp = b7 ^ b0;
7473 b7 = ror64(tmp, 31);
7474 b0 -= b7;
7475
7476 tmp = b1 ^ b8;
7477 b1 = ror64(tmp, 41);
7478 b8 -= b1;
7479
7480 tmp = b5 ^ b14;
7481 b5 = ror64(tmp, 42);
7482 b14 -= b5;
7483
7484 tmp = b3 ^ b12;
7485 b3 = ror64(tmp, 53);
7486 b12 -= b3;
7487
7488 tmp = b7 ^ b10;
7489 b7 = ror64(tmp, 4);
7490 b10 -= b7;
7491
7492 tmp = b15 ^ b4;
7493 b15 = ror64(tmp, 51);
7494 b4 -= b15;
7495
7496 tmp = b11 ^ b6;
7497 b11 = ror64(tmp, 56);
7498 b6 -= b11;
7499
7500 tmp = b13 ^ b2;
7501 b13 = ror64(tmp, 34);
7502 b2 -= b13;
7503
7504 tmp = b9 ^ b0;
7505 b9 = ror64(tmp, 16);
7506 b0 -= b9;
7507
7508 tmp = b15 ^ b14;
7509 b15 = ror64(tmp, 30);
7510 b14 -= b15 + k2 + t0;
7511 b15 -= k3 + 5;
7512
7513 tmp = b13 ^ b12;
7514 b13 = ror64(tmp, 44);
7515 b12 -= b13 + k0;
7516 b13 -= k1 + t2;
7517
7518 tmp = b11 ^ b10;
7519 b11 = ror64(tmp, 47);
7520 b10 -= b11 + k15;
7521 b11 -= k16;
7522
7523 tmp = b9 ^ b8;
7524 b9 = ror64(tmp, 12);
7525 b8 -= b9 + k13;
7526 b9 -= k14;
7527
7528 tmp = b7 ^ b6;
7529 b7 = ror64(tmp, 31);
7530 b6 -= b7 + k11;
7531 b7 -= k12;
7532
7533 tmp = b5 ^ b4;
7534 b5 = ror64(tmp, 37);
7535 b4 -= b5 + k9;
7536 b5 -= k10;
7537
7538 tmp = b3 ^ b2;
7539 b3 = ror64(tmp, 9);
7540 b2 -= b3 + k7;
7541 b3 -= k8;
7542
7543 tmp = b1 ^ b0;
7544 b1 = ror64(tmp, 41);
7545 b0 -= b1 + k5;
7546 b1 -= k6;
7547
7548 tmp = b7 ^ b12;
7549 b7 = ror64(tmp, 25);
7550 b12 -= b7;
7551
7552 tmp = b3 ^ b10;
7553 b3 = ror64(tmp, 16);
7554 b10 -= b3;
7555
7556 tmp = b5 ^ b8;
7557 b5 = ror64(tmp, 28);
7558 b8 -= b5;
7559
7560 tmp = b1 ^ b14;
7561 b1 = ror64(tmp, 47);
7562 b14 -= b1;
7563
7564 tmp = b9 ^ b4;
7565 b9 = ror64(tmp, 41);
7566 b4 -= b9;
7567
7568 tmp = b13 ^ b6;
7569 b13 = ror64(tmp, 48);
7570 b6 -= b13;
7571
7572 tmp = b11 ^ b2;
7573 b11 = ror64(tmp, 20);
7574 b2 -= b11;
7575
7576 tmp = b15 ^ b0;
7577 b15 = ror64(tmp, 5);
7578 b0 -= b15;
7579
7580 tmp = b9 ^ b10;
7581 b9 = ror64(tmp, 17);
7582 b10 -= b9;
7583
7584 tmp = b11 ^ b8;
7585 b11 = ror64(tmp, 59);
7586 b8 -= b11;
7587
7588 tmp = b13 ^ b14;
7589 b13 = ror64(tmp, 41);
7590 b14 -= b13;
7591
7592 tmp = b15 ^ b12;
7593 b15 = ror64(tmp, 34);
7594 b12 -= b15;
7595
7596 tmp = b1 ^ b6;
7597 b1 = ror64(tmp, 13);
7598 b6 -= b1;
7599
7600 tmp = b3 ^ b4;
7601 b3 = ror64(tmp, 51);
7602 b4 -= b3;
7603
7604 tmp = b5 ^ b2;
7605 b5 = ror64(tmp, 4);
7606 b2 -= b5;
7607
7608 tmp = b7 ^ b0;
7609 b7 = ror64(tmp, 33);
7610 b0 -= b7;
7611
7612 tmp = b1 ^ b8;
7613 b1 = ror64(tmp, 52);
7614 b8 -= b1;
7615
7616 tmp = b5 ^ b14;
7617 b5 = ror64(tmp, 23);
7618 b14 -= b5;
7619
7620 tmp = b3 ^ b12;
7621 b3 = ror64(tmp, 18);
7622 b12 -= b3;
7623
7624 tmp = b7 ^ b10;
7625 b7 = ror64(tmp, 49);
7626 b10 -= b7;
7627
7628 tmp = b15 ^ b4;
7629 b15 = ror64(tmp, 55);
7630 b4 -= b15;
7631
7632 tmp = b11 ^ b6;
7633 b11 = ror64(tmp, 10);
7634 b6 -= b11;
7635
7636 tmp = b13 ^ b2;
7637 b13 = ror64(tmp, 19);
7638 b2 -= b13;
7639
7640 tmp = b9 ^ b0;
7641 b9 = ror64(tmp, 38);
7642 b0 -= b9;
7643
7644 tmp = b15 ^ b14;
7645 b15 = ror64(tmp, 37);
7646 b14 -= b15 + k1 + t2;
7647 b15 -= k2 + 4;
7648
7649 tmp = b13 ^ b12;
7650 b13 = ror64(tmp, 22);
7651 b12 -= b13 + k16;
7652 b13 -= k0 + t1;
7653
7654 tmp = b11 ^ b10;
7655 b11 = ror64(tmp, 17);
7656 b10 -= b11 + k14;
7657 b11 -= k15;
7658
7659 tmp = b9 ^ b8;
7660 b9 = ror64(tmp, 8);
7661 b8 -= b9 + k12;
7662 b9 -= k13;
7663
7664 tmp = b7 ^ b6;
7665 b7 = ror64(tmp, 47);
7666 b6 -= b7 + k10;
7667 b7 -= k11;
7668
7669 tmp = b5 ^ b4;
7670 b5 = ror64(tmp, 8);
7671 b4 -= b5 + k8;
7672 b5 -= k9;
7673
7674 tmp = b3 ^ b2;
7675 b3 = ror64(tmp, 13);
7676 b2 -= b3 + k6;
7677 b3 -= k7;
7678
7679 tmp = b1 ^ b0;
7680 b1 = ror64(tmp, 24);
7681 b0 -= b1 + k4;
7682 b1 -= k5;
7683
7684 tmp = b7 ^ b12;
7685 b7 = ror64(tmp, 20);
7686 b12 -= b7;
7687
7688 tmp = b3 ^ b10;
7689 b3 = ror64(tmp, 37);
7690 b10 -= b3;
7691
7692 tmp = b5 ^ b8;
7693 b5 = ror64(tmp, 31);
7694 b8 -= b5;
7695
7696 tmp = b1 ^ b14;
7697 b1 = ror64(tmp, 23);
7698 b14 -= b1;
7699
7700 tmp = b9 ^ b4;
7701 b9 = ror64(tmp, 52);
7702 b4 -= b9;
7703
7704 tmp = b13 ^ b6;
7705 b13 = ror64(tmp, 35);
7706 b6 -= b13;
7707
7708 tmp = b11 ^ b2;
7709 b11 = ror64(tmp, 48);
7710 b2 -= b11;
7711
7712 tmp = b15 ^ b0;
7713 b15 = ror64(tmp, 9);
7714 b0 -= b15;
7715
7716 tmp = b9 ^ b10;
7717 b9 = ror64(tmp, 25);
7718 b10 -= b9;
7719
7720 tmp = b11 ^ b8;
7721 b11 = ror64(tmp, 44);
7722 b8 -= b11;
7723
7724 tmp = b13 ^ b14;
7725 b13 = ror64(tmp, 42);
7726 b14 -= b13;
7727
7728 tmp = b15 ^ b12;
7729 b15 = ror64(tmp, 19);
7730 b12 -= b15;
7731
7732 tmp = b1 ^ b6;
7733 b1 = ror64(tmp, 46);
7734 b6 -= b1;
7735
7736 tmp = b3 ^ b4;
7737 b3 = ror64(tmp, 47);
7738 b4 -= b3;
7739
7740 tmp = b5 ^ b2;
7741 b5 = ror64(tmp, 44);
7742 b2 -= b5;
7743
7744 tmp = b7 ^ b0;
7745 b7 = ror64(tmp, 31);
7746 b0 -= b7;
7747
7748 tmp = b1 ^ b8;
7749 b1 = ror64(tmp, 41);
7750 b8 -= b1;
7751
7752 tmp = b5 ^ b14;
7753 b5 = ror64(tmp, 42);
7754 b14 -= b5;
7755
7756 tmp = b3 ^ b12;
7757 b3 = ror64(tmp, 53);
7758 b12 -= b3;
7759
7760 tmp = b7 ^ b10;
7761 b7 = ror64(tmp, 4);
7762 b10 -= b7;
7763
7764 tmp = b15 ^ b4;
7765 b15 = ror64(tmp, 51);
7766 b4 -= b15;
7767
7768 tmp = b11 ^ b6;
7769 b11 = ror64(tmp, 56);
7770 b6 -= b11;
7771
7772 tmp = b13 ^ b2;
7773 b13 = ror64(tmp, 34);
7774 b2 -= b13;
7775
7776 tmp = b9 ^ b0;
7777 b9 = ror64(tmp, 16);
7778 b0 -= b9;
7779
7780 tmp = b15 ^ b14;
7781 b15 = ror64(tmp, 30);
7782 b14 -= b15 + k0 + t1;
7783 b15 -= k1 + 3;
7784
7785 tmp = b13 ^ b12;
7786 b13 = ror64(tmp, 44);
7787 b12 -= b13 + k15;
7788 b13 -= k16 + t0;
7789
7790 tmp = b11 ^ b10;
7791 b11 = ror64(tmp, 47);
7792 b10 -= b11 + k13;
7793 b11 -= k14;
7794
7795 tmp = b9 ^ b8;
7796 b9 = ror64(tmp, 12);
7797 b8 -= b9 + k11;
7798 b9 -= k12;
7799
7800 tmp = b7 ^ b6;
7801 b7 = ror64(tmp, 31);
7802 b6 -= b7 + k9;
7803 b7 -= k10;
7804
7805 tmp = b5 ^ b4;
7806 b5 = ror64(tmp, 37);
7807 b4 -= b5 + k7;
7808 b5 -= k8;
7809
7810 tmp = b3 ^ b2;
7811 b3 = ror64(tmp, 9);
7812 b2 -= b3 + k5;
7813 b3 -= k6;
7814
7815 tmp = b1 ^ b0;
7816 b1 = ror64(tmp, 41);
7817 b0 -= b1 + k3;
7818 b1 -= k4;
7819
7820 tmp = b7 ^ b12;
7821 b7 = ror64(tmp, 25);
7822 b12 -= b7;
7823
7824 tmp = b3 ^ b10;
7825 b3 = ror64(tmp, 16);
7826 b10 -= b3;
7827
7828 tmp = b5 ^ b8;
7829 b5 = ror64(tmp, 28);
7830 b8 -= b5;
7831
7832 tmp = b1 ^ b14;
7833 b1 = ror64(tmp, 47);
7834 b14 -= b1;
7835
7836 tmp = b9 ^ b4;
7837 b9 = ror64(tmp, 41);
7838 b4 -= b9;
7839
7840 tmp = b13 ^ b6;
7841 b13 = ror64(tmp, 48);
7842 b6 -= b13;
7843
7844 tmp = b11 ^ b2;
7845 b11 = ror64(tmp, 20);
7846 b2 -= b11;
7847
7848 tmp = b15 ^ b0;
7849 b15 = ror64(tmp, 5);
7850 b0 -= b15;
7851
7852 tmp = b9 ^ b10;
7853 b9 = ror64(tmp, 17);
7854 b10 -= b9;
7855
7856 tmp = b11 ^ b8;
7857 b11 = ror64(tmp, 59);
7858 b8 -= b11;
7859
7860 tmp = b13 ^ b14;
7861 b13 = ror64(tmp, 41);
7862 b14 -= b13;
7863
7864 tmp = b15 ^ b12;
7865 b15 = ror64(tmp, 34);
7866 b12 -= b15;
7867
7868 tmp = b1 ^ b6;
7869 b1 = ror64(tmp, 13);
7870 b6 -= b1;
7871
7872 tmp = b3 ^ b4;
7873 b3 = ror64(tmp, 51);
7874 b4 -= b3;
7875
7876 tmp = b5 ^ b2;
7877 b5 = ror64(tmp, 4);
7878 b2 -= b5;
7879
7880 tmp = b7 ^ b0;
7881 b7 = ror64(tmp, 33);
7882 b0 -= b7;
7883
7884 tmp = b1 ^ b8;
7885 b1 = ror64(tmp, 52);
7886 b8 -= b1;
7887
7888 tmp = b5 ^ b14;
7889 b5 = ror64(tmp, 23);
7890 b14 -= b5;
7891
7892 tmp = b3 ^ b12;
7893 b3 = ror64(tmp, 18);
7894 b12 -= b3;
7895
7896 tmp = b7 ^ b10;
7897 b7 = ror64(tmp, 49);
7898 b10 -= b7;
7899
7900 tmp = b15 ^ b4;
7901 b15 = ror64(tmp, 55);
7902 b4 -= b15;
7903
7904 tmp = b11 ^ b6;
7905 b11 = ror64(tmp, 10);
7906 b6 -= b11;
7907
7908 tmp = b13 ^ b2;
7909 b13 = ror64(tmp, 19);
7910 b2 -= b13;
7911
7912 tmp = b9 ^ b0;
7913 b9 = ror64(tmp, 38);
7914 b0 -= b9;
7915
7916 tmp = b15 ^ b14;
7917 b15 = ror64(tmp, 37);
7918 b14 -= b15 + k16 + t0;
7919 b15 -= k0 + 2;
7920
7921 tmp = b13 ^ b12;
7922 b13 = ror64(tmp, 22);
7923 b12 -= b13 + k14;
7924 b13 -= k15 + t2;
7925
7926 tmp = b11 ^ b10;
7927 b11 = ror64(tmp, 17);
7928 b10 -= b11 + k12;
7929 b11 -= k13;
7930
7931 tmp = b9 ^ b8;
7932 b9 = ror64(tmp, 8);
7933 b8 -= b9 + k10;
7934 b9 -= k11;
7935
7936 tmp = b7 ^ b6;
7937 b7 = ror64(tmp, 47);
7938 b6 -= b7 + k8;
7939 b7 -= k9;
7940
7941 tmp = b5 ^ b4;
7942 b5 = ror64(tmp, 8);
7943 b4 -= b5 + k6;
7944 b5 -= k7;
7945
7946 tmp = b3 ^ b2;
7947 b3 = ror64(tmp, 13);
7948 b2 -= b3 + k4;
7949 b3 -= k5;
7950
7951 tmp = b1 ^ b0;
7952 b1 = ror64(tmp, 24);
7953 b0 -= b1 + k2;
7954 b1 -= k3;
7955
7956 tmp = b7 ^ b12;
7957 b7 = ror64(tmp, 20);
7958 b12 -= b7;
7959
7960 tmp = b3 ^ b10;
7961 b3 = ror64(tmp, 37);
7962 b10 -= b3;
7963
7964 tmp = b5 ^ b8;
7965 b5 = ror64(tmp, 31);
7966 b8 -= b5;
7967
7968 tmp = b1 ^ b14;
7969 b1 = ror64(tmp, 23);
7970 b14 -= b1;
7971
7972 tmp = b9 ^ b4;
7973 b9 = ror64(tmp, 52);
7974 b4 -= b9;
7975
7976 tmp = b13 ^ b6;
7977 b13 = ror64(tmp, 35);
7978 b6 -= b13;
7979
7980 tmp = b11 ^ b2;
7981 b11 = ror64(tmp, 48);
7982 b2 -= b11;
7983
7984 tmp = b15 ^ b0;
7985 b15 = ror64(tmp, 9);
7986 b0 -= b15;
7987
7988 tmp = b9 ^ b10;
7989 b9 = ror64(tmp, 25);
7990 b10 -= b9;
7991
7992 tmp = b11 ^ b8;
7993 b11 = ror64(tmp, 44);
7994 b8 -= b11;
7995
7996 tmp = b13 ^ b14;
7997 b13 = ror64(tmp, 42);
7998 b14 -= b13;
7999
8000 tmp = b15 ^ b12;
8001 b15 = ror64(tmp, 19);
8002 b12 -= b15;
8003
8004 tmp = b1 ^ b6;
8005 b1 = ror64(tmp, 46);
8006 b6 -= b1;
8007
8008 tmp = b3 ^ b4;
8009 b3 = ror64(tmp, 47);
8010 b4 -= b3;
8011
8012 tmp = b5 ^ b2;
8013 b5 = ror64(tmp, 44);
8014 b2 -= b5;
8015
8016 tmp = b7 ^ b0;
8017 b7 = ror64(tmp, 31);
8018 b0 -= b7;
8019
8020 tmp = b1 ^ b8;
8021 b1 = ror64(tmp, 41);
8022 b8 -= b1;
8023
8024 tmp = b5 ^ b14;
8025 b5 = ror64(tmp, 42);
8026 b14 -= b5;
8027
8028 tmp = b3 ^ b12;
8029 b3 = ror64(tmp, 53);
8030 b12 -= b3;
8031
8032 tmp = b7 ^ b10;
8033 b7 = ror64(tmp, 4);
8034 b10 -= b7;
8035
8036 tmp = b15 ^ b4;
8037 b15 = ror64(tmp, 51);
8038 b4 -= b15;
8039
8040 tmp = b11 ^ b6;
8041 b11 = ror64(tmp, 56);
8042 b6 -= b11;
8043
8044 tmp = b13 ^ b2;
8045 b13 = ror64(tmp, 34);
8046 b2 -= b13;
8047
8048 tmp = b9 ^ b0;
8049 b9 = ror64(tmp, 16);
8050 b0 -= b9;
8051
8052 tmp = b15 ^ b14;
8053 b15 = ror64(tmp, 30);
8054 b14 -= b15 + k15 + t2;
8055 b15 -= k16 + 1;
8056
8057 tmp = b13 ^ b12;
8058 b13 = ror64(tmp, 44);
8059 b12 -= b13 + k13;
8060 b13 -= k14 + t1;
8061
8062 tmp = b11 ^ b10;
8063 b11 = ror64(tmp, 47);
8064 b10 -= b11 + k11;
8065 b11 -= k12;
8066
8067 tmp = b9 ^ b8;
8068 b9 = ror64(tmp, 12);
8069 b8 -= b9 + k9;
8070 b9 -= k10;
8071
8072 tmp = b7 ^ b6;
8073 b7 = ror64(tmp, 31);
8074 b6 -= b7 + k7;
8075 b7 -= k8;
8076
8077 tmp = b5 ^ b4;
8078 b5 = ror64(tmp, 37);
8079 b4 -= b5 + k5;
8080 b5 -= k6;
8081
8082 tmp = b3 ^ b2;
8083 b3 = ror64(tmp, 9);
8084 b2 -= b3 + k3;
8085 b3 -= k4;
8086
8087 tmp = b1 ^ b0;
8088 b1 = ror64(tmp, 41);
8089 b0 -= b1 + k1;
8090 b1 -= k2;
8091
8092 tmp = b7 ^ b12;
8093 b7 = ror64(tmp, 25);
8094 b12 -= b7;
8095
8096 tmp = b3 ^ b10;
8097 b3 = ror64(tmp, 16);
8098 b10 -= b3;
8099
8100 tmp = b5 ^ b8;
8101 b5 = ror64(tmp, 28);
8102 b8 -= b5;
8103
8104 tmp = b1 ^ b14;
8105 b1 = ror64(tmp, 47);
8106 b14 -= b1;
8107
8108 tmp = b9 ^ b4;
8109 b9 = ror64(tmp, 41);
8110 b4 -= b9;
8111
8112 tmp = b13 ^ b6;
8113 b13 = ror64(tmp, 48);
8114 b6 -= b13;
8115
8116 tmp = b11 ^ b2;
8117 b11 = ror64(tmp, 20);
8118 b2 -= b11;
8119
8120 tmp = b15 ^ b0;
8121 b15 = ror64(tmp, 5);
8122 b0 -= b15;
8123
8124 tmp = b9 ^ b10;
8125 b9 = ror64(tmp, 17);
8126 b10 -= b9;
8127
8128 tmp = b11 ^ b8;
8129 b11 = ror64(tmp, 59);
8130 b8 -= b11;
8131
8132 tmp = b13 ^ b14;
8133 b13 = ror64(tmp, 41);
8134 b14 -= b13;
8135
8136 tmp = b15 ^ b12;
8137 b15 = ror64(tmp, 34);
8138 b12 -= b15;
8139
8140 tmp = b1 ^ b6;
8141 b1 = ror64(tmp, 13);
8142 b6 -= b1;
8143
8144 tmp = b3 ^ b4;
8145 b3 = ror64(tmp, 51);
8146 b4 -= b3;
8147
8148 tmp = b5 ^ b2;
8149 b5 = ror64(tmp, 4);
8150 b2 -= b5;
8151
8152 tmp = b7 ^ b0;
8153 b7 = ror64(tmp, 33);
8154 b0 -= b7;
8155
8156 tmp = b1 ^ b8;
8157 b1 = ror64(tmp, 52);
8158 b8 -= b1;
8159
8160 tmp = b5 ^ b14;
8161 b5 = ror64(tmp, 23);
8162 b14 -= b5;
8163
8164 tmp = b3 ^ b12;
8165 b3 = ror64(tmp, 18);
8166 b12 -= b3;
8167
8168 tmp = b7 ^ b10;
8169 b7 = ror64(tmp, 49);
8170 b10 -= b7;
8171
8172 tmp = b15 ^ b4;
8173 b15 = ror64(tmp, 55);
8174 b4 -= b15;
8175
8176 tmp = b11 ^ b6;
8177 b11 = ror64(tmp, 10);
8178 b6 -= b11;
8179
8180 tmp = b13 ^ b2;
8181 b13 = ror64(tmp, 19);
8182 b2 -= b13;
8183
8184 tmp = b9 ^ b0;
8185 b9 = ror64(tmp, 38);
8186 b0 -= b9;
8187
8188 tmp = b15 ^ b14;
8189 b15 = ror64(tmp, 37);
8190 b14 -= b15 + k14 + t1;
8191 b15 -= k15;
8192
8193 tmp = b13 ^ b12;
8194 b13 = ror64(tmp, 22);
8195 b12 -= b13 + k12;
8196 b13 -= k13 + t0;
8197
8198 tmp = b11 ^ b10;
8199 b11 = ror64(tmp, 17);
8200 b10 -= b11 + k10;
8201 b11 -= k11;
8202
8203 tmp = b9 ^ b8;
8204 b9 = ror64(tmp, 8);
8205 b8 -= b9 + k8;
8206 b9 -= k9;
8207
8208 tmp = b7 ^ b6;
8209 b7 = ror64(tmp, 47);
8210 b6 -= b7 + k6;
8211 b7 -= k7;
8212
8213 tmp = b5 ^ b4;
8214 b5 = ror64(tmp, 8);
8215 b4 -= b5 + k4;
8216 b5 -= k5;
8217
8218 tmp = b3 ^ b2;
8219 b3 = ror64(tmp, 13);
8220 b2 -= b3 + k2;
8221 b3 -= k3;
8222
8223 tmp = b1 ^ b0;
8224 b1 = ror64(tmp, 24);
8225 b0 -= b1 + k0;
8226 b1 -= k1;
8227
8228 output[15] = b15;
8229 output[14] = b14;
8230 output[13] = b13;
8231 output[12] = b12;
8232 output[11] = b11;
8233 output[10] = b10;
8234 output[9] = b9;
8235 output[8] = b8;
8236 output[7] = b7;
8237 output[6] = b6;
8238 output[5] = b5;
8239 output[4] = b4;
8240 output[3] = b3;
8241 output[2] = b2;
8242 output[1] = b1;
8243 output[0] = b0;
8244 }
8245