1
/* $Id: blake.c 252 2011-06-07 17:55:14Z tp $ */
2
/*
3
 * BLAKECOIN implementation. (Stripped to 256 bits only)
4
 *
5
 * ==========================(LICENSE BEGIN)============================
6
 *
7
 * Copyright (c) 2007-2010  Projet RNRT SAPHIR
8
 *
9
 * Permission is hereby granted, free of charge, to any person obtaining
10
 * a copy of this software and associated documentation files (the
11
 * "Software"), to deal in the Software without restriction, including
12
 * without limitation the rights to use, copy, modify, merge, publish,
13
 * distribute, sublicense, and/or sell copies of the Software, and to
14
 * permit persons to whom the Software is furnished to do so, subject to
15
 * the following conditions:
16
 *
17
 * The above copyright notice and this permission notice shall be
18
 * included in all copies or substantial portions of the Software.
19
 *
20
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21
 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22
 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
23
 * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
24
 * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
25
 * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
26
 * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
27
 *
28
 * ===========================(LICENSE END)=============================
29
 *
30
 * @author   Thomas Pornin <[email protected]>
31
 * @author   Tanguy Pruvot (cpuminer implementation)
32
 */
33

34
#include <stddef.h>
35
#include <string.h>
36
#include <limits.h>
37

38
#include "sph_blake.h"
39

40
#ifdef __cplusplus
41
extern "C"{
42
#endif
43

44
#ifdef _MSC_VER
45
#pragma warning (disable: 4146)
46
#endif
47

48
static const sph_u32 IV256[8] = {
49
	SPH_C32(0x6A09E667), SPH_C32(0xBB67AE85),
50
	SPH_C32(0x3C6EF372), SPH_C32(0xA54FF53A),
51
	SPH_C32(0x510E527F), SPH_C32(0x9B05688C),
52
	SPH_C32(0x1F83D9AB), SPH_C32(0x5BE0CD19)
53
};
54

55
#define Z00   0
56
#define Z01   1
57
#define Z02   2
58
#define Z03   3
59
#define Z04   4
60
#define Z05   5
61
#define Z06   6
62
#define Z07   7
63
#define Z08   8
64
#define Z09   9
65
#define Z0A   A
66
#define Z0B   B
67
#define Z0C   C
68
#define Z0D   D
69
#define Z0E   E
70
#define Z0F   F
71

72
#define Z10   E
73
#define Z11   A
74
#define Z12   4
75
#define Z13   8
76
#define Z14   9
77
#define Z15   F
78
#define Z16   D
79
#define Z17   6
80
#define Z18   1
81
#define Z19   C
82
#define Z1A   0
83
#define Z1B   2
84
#define Z1C   B
85
#define Z1D   7
86
#define Z1E   5
87
#define Z1F   3
88

89
#define Z20   B
90
#define Z21   8
91
#define Z22   C
92
#define Z23   0
93
#define Z24   5
94
#define Z25   2
95
#define Z26   F
96
#define Z27   D
97
#define Z28   A
98
#define Z29   E
99
#define Z2A   3
100
#define Z2B   6
101
#define Z2C   7
102
#define Z2D   1
103
#define Z2E   9
104
#define Z2F   4
105

106
#define Z30   7
107
#define Z31   9
108
#define Z32   3
109
#define Z33   1
110
#define Z34   D
111
#define Z35   C
112
#define Z36   B
113
#define Z37   E
114
#define Z38   2
115
#define Z39   6
116
#define Z3A   5
117
#define Z3B   A
118
#define Z3C   4
119
#define Z3D   0
120
#define Z3E   F
121
#define Z3F   8
122

123
#define Z40   9
124
#define Z41   0
125
#define Z42   5
126
#define Z43   7
127
#define Z44   2
128
#define Z45   4
129
#define Z46   A
130
#define Z47   F
131
#define Z48   E
132
#define Z49   1
133
#define Z4A   B
134
#define Z4B   C
135
#define Z4C   6
136
#define Z4D   8
137
#define Z4E   3
138
#define Z4F   D
139

140
#define Z50   2
141
#define Z51   C
142
#define Z52   6
143
#define Z53   A
144
#define Z54   0
145
#define Z55   B
146
#define Z56   8
147
#define Z57   3
148
#define Z58   4
149
#define Z59   D
150
#define Z5A   7
151
#define Z5B   5
152
#define Z5C   F
153
#define Z5D   E
154
#define Z5E   1
155
#define Z5F   9
156

157
#define Z60   C
158
#define Z61   5
159
#define Z62   1
160
#define Z63   F
161
#define Z64   E
162
#define Z65   D
163
#define Z66   4
164
#define Z67   A
165
#define Z68   0
166
#define Z69   7
167
#define Z6A   6
168
#define Z6B   3
169
#define Z6C   9
170
#define Z6D   2
171
#define Z6E   8
172
#define Z6F   B
173

174
#define Z70   D
175
#define Z71   B
176
#define Z72   7
177
#define Z73   E
178
#define Z74   C
179
#define Z75   1
180
#define Z76   3
181
#define Z77   9
182
#define Z78   5
183
#define Z79   0
184
#define Z7A   F
185
#define Z7B   4
186
#define Z7C   8
187
#define Z7D   6
188
#define Z7E   2
189
#define Z7F   A
190

191
#define Z80   6
192
#define Z81   F
193
#define Z82   E
194
#define Z83   9
195
#define Z84   B
196
#define Z85   3
197
#define Z86   0
198
#define Z87   8
199
#define Z88   C
200
#define Z89   2
201
#define Z8A   D
202
#define Z8B   7
203
#define Z8C   1
204
#define Z8D   4
205
#define Z8E   A
206
#define Z8F   5
207

208
#define Z90   A
209
#define Z91   2
210
#define Z92   8
211
#define Z93   4
212
#define Z94   7
213
#define Z95   6
214
#define Z96   1
215
#define Z97   5
216
#define Z98   F
217
#define Z99   B
218
#define Z9A   9
219
#define Z9B   E
220
#define Z9C   3
221
#define Z9D   C
222
#define Z9E   D
223
#define Z9F   0
224

225
#define Mx(r, i)    Mx_(Z ## r ## i)
226
#define Mx_(n)      Mx__(n)
227
#define Mx__(n)     M ## n
228

229
#define CSx(r, i)   CSx_(Z ## r ## i)
230
#define CSx_(n)     CSx__(n)
231
#define CSx__(n)    CS ## n
232

233
#define CS0   SPH_C32(0x243F6A88)
234
#define CS1   SPH_C32(0x85A308D3)
235
#define CS2   SPH_C32(0x13198A2E)
236
#define CS3   SPH_C32(0x03707344)
237
#define CS4   SPH_C32(0xA4093822)
238
#define CS5   SPH_C32(0x299F31D0)
239
#define CS6   SPH_C32(0x082EFA98)
240
#define CS7   SPH_C32(0xEC4E6C89)
241
#define CS8   SPH_C32(0x452821E6)
242
#define CS9   SPH_C32(0x38D01377)
243
#define CSA   SPH_C32(0xBE5466CF)
244
#define CSB   SPH_C32(0x34E90C6C)
245
#define CSC   SPH_C32(0xC0AC29B7)
246
#define CSD   SPH_C32(0xC97C50DD)
247
#define CSE   SPH_C32(0x3F84D5B5)
248
#define CSF   SPH_C32(0xB5470917)
249

250
#if SPH_64
251

252
#define CBx(r, i)   CBx_(Z ## r ## i)
253
#define CBx_(n)     CBx__(n)
254
#define CBx__(n)    CB ## n
255

256
#define CB0   SPH_C64(0x243F6A8885A308D3)
257
#define CB1   SPH_C64(0x13198A2E03707344)
258
#define CB2   SPH_C64(0xA4093822299F31D0)
259
#define CB3   SPH_C64(0x082EFA98EC4E6C89)
260
#define CB4   SPH_C64(0x452821E638D01377)
261
#define CB5   SPH_C64(0xBE5466CF34E90C6C)
262
#define CB6   SPH_C64(0xC0AC29B7C97C50DD)
263
#define CB7   SPH_C64(0x3F84D5B5B5470917)
264
#define CB8   SPH_C64(0x9216D5D98979FB1B)
265
#define CB9   SPH_C64(0xD1310BA698DFB5AC)
266
#define CBA   SPH_C64(0x2FFD72DBD01ADFB7)
267
#define CBB   SPH_C64(0xB8E1AFED6A267E96)
268
#define CBC   SPH_C64(0xBA7C9045F12C7F99)
269
#define CBD   SPH_C64(0x24A19947B3916CF7)
270
#define CBE   SPH_C64(0x0801F2E2858EFC16)
271
#define CBF   SPH_C64(0x636920D871574E69)
272

273
#endif
274

275
#define GS(m0, m1, c0, c1, a, b, c, d)   do { \
276
		a = SPH_T32(a + b + (m0 ^ c1)); \
277
		d = SPH_ROTR32(d ^ a, 16); \
278
		c = SPH_T32(c + d); \
279
		b = SPH_ROTR32(b ^ c, 12); \
280
		a = SPH_T32(a + b + (m1 ^ c0)); \
281
		d = SPH_ROTR32(d ^ a, 8); \
282
		c = SPH_T32(c + d); \
283
		b = SPH_ROTR32(b ^ c, 7); \
284
	} while (0)
285

286
#define ROUND_S(r)   do { \
287
		GS(Mx(r, 0), Mx(r, 1), CSx(r, 0), CSx(r, 1), V0, V4, V8, VC); \
288
		GS(Mx(r, 2), Mx(r, 3), CSx(r, 2), CSx(r, 3), V1, V5, V9, VD); \
289
		GS(Mx(r, 4), Mx(r, 5), CSx(r, 4), CSx(r, 5), V2, V6, VA, VE); \
290
		GS(Mx(r, 6), Mx(r, 7), CSx(r, 6), CSx(r, 7), V3, V7, VB, VF); \
291
		GS(Mx(r, 8), Mx(r, 9), CSx(r, 8), CSx(r, 9), V0, V5, VA, VF); \
292
		GS(Mx(r, A), Mx(r, B), CSx(r, A), CSx(r, B), V1, V6, VB, VC); \
293
		GS(Mx(r, C), Mx(r, D), CSx(r, C), CSx(r, D), V2, V7, V8, VD); \
294
		GS(Mx(r, E), Mx(r, F), CSx(r, E), CSx(r, F), V3, V4, V9, VE); \
295
	} while (0)
296

297
#define DECL_STATE32 \
298
	sph_u32 H0, H1, H2, H3, H4, H5, H6, H7; \
299
	sph_u32 S0, S1, S2, S3, T0, T1;
300

301
#define READ_STATE32(state)   do { \
302
		H0 = (state)->H[0]; \
303
		H1 = (state)->H[1]; \
304
		H2 = (state)->H[2]; \
305
		H3 = (state)->H[3]; \
306
		H4 = (state)->H[4]; \
307
		H5 = (state)->H[5]; \
308
		H6 = (state)->H[6]; \
309
		H7 = (state)->H[7]; \
310
		S0 = (state)->S[0]; \
311
		S1 = (state)->S[1]; \
312
		S2 = (state)->S[2]; \
313
		S3 = (state)->S[3]; \
314
		T0 = (state)->T0; \
315
		T1 = (state)->T1; \
316
	} while (0)
317

318
#define WRITE_STATE32(state)   do { \
319
		(state)->H[0] = H0; \
320
		(state)->H[1] = H1; \
321
		(state)->H[2] = H2; \
322
		(state)->H[3] = H3; \
323
		(state)->H[4] = H4; \
324
		(state)->H[5] = H5; \
325
		(state)->H[6] = H6; \
326
		(state)->H[7] = H7; \
327
		(state)->S[0] = S0; \
328
		(state)->S[1] = S1; \
329
		(state)->S[2] = S2; \
330
		(state)->S[3] = S3; \
331
		(state)->T0 = T0; \
332
		(state)->T1 = T1; \
333
	} while (0)
334

335
#define BLAKE32_ROUNDS 8
336

337
#define COMPRESS32   do { \
338
		sph_u32 M0, M1, M2, M3, M4, M5, M6, M7; \
339
		sph_u32 M8, M9, MA, MB, MC, MD, ME, MF; \
340
		sph_u32 V0, V1, V2, V3, V4, V5, V6, V7; \
341
		sph_u32 V8, V9, VA, VB, VC, VD, VE, VF; \
342
		V0 = H0; \
343
		V1 = H1; \
344
		V2 = H2; \
345
		V3 = H3; \
346
		V4 = H4; \
347
		V5 = H5; \
348
		V6 = H6; \
349
		V7 = H7; \
350
		V8 = S0 ^ CS0; \
351
		V9 = S1 ^ CS1; \
352
		VA = S2 ^ CS2; \
353
		VB = S3 ^ CS3; \
354
		VC = T0 ^ CS4; \
355
		VD = T0 ^ CS5; \
356
		VE = T1 ^ CS6; \
357
		VF = T1 ^ CS7; \
358
		M0 = sph_dec32be_aligned(buf +  0); \
359
		M1 = sph_dec32be_aligned(buf +  4); \
360
		M2 = sph_dec32be_aligned(buf +  8); \
361
		M3 = sph_dec32be_aligned(buf + 12); \
362
		M4 = sph_dec32be_aligned(buf + 16); \
363
		M5 = sph_dec32be_aligned(buf + 20); \
364
		M6 = sph_dec32be_aligned(buf + 24); \
365
		M7 = sph_dec32be_aligned(buf + 28); \
366
		M8 = sph_dec32be_aligned(buf + 32); \
367
		M9 = sph_dec32be_aligned(buf + 36); \
368
		MA = sph_dec32be_aligned(buf + 40); \
369
		MB = sph_dec32be_aligned(buf + 44); \
370
		MC = sph_dec32be_aligned(buf + 48); \
371
		MD = sph_dec32be_aligned(buf + 52); \
372
		ME = sph_dec32be_aligned(buf + 56); \
373
		MF = sph_dec32be_aligned(buf + 60); \
374
		ROUND_S(0); \
375
		ROUND_S(1); \
376
		ROUND_S(2); \
377
		ROUND_S(3); \
378
		ROUND_S(4); \
379
		ROUND_S(5); \
380
		ROUND_S(6); \
381
		ROUND_S(7); \
382
		if (BLAKE32_ROUNDS == 14) { \
383
		ROUND_S(8); \
384
		ROUND_S(9); \
385
		ROUND_S(0); \
386
		ROUND_S(1); \
387
		ROUND_S(2); \
388
		ROUND_S(3); \
389
		} \
390
		H0 ^= S0 ^ V0 ^ V8; \
391
		H1 ^= S1 ^ V1 ^ V9; \
392
		H2 ^= S2 ^ V2 ^ VA; \
393
		H3 ^= S3 ^ V3 ^ VB; \
394
		H4 ^= S0 ^ V4 ^ VC; \
395
		H5 ^= S1 ^ V5 ^ VD; \
396
		H6 ^= S2 ^ V6 ^ VE; \
397
		H7 ^= S3 ^ V7 ^ VF; \
398
	} while (0)
399

400

401
static const sph_u32 salt_zero_small[4] = { 0, 0, 0, 0 };
402

403
static void
404
blake32_init(sph_blake_small_context *sc,
405
	const sph_u32 *iv, const sph_u32 *salt)
406
{
407
	memcpy(sc->H, iv, 8 * sizeof(sph_u32));
408
	memcpy(sc->S, salt, 4 * sizeof(sph_u32));
409
	sc->T0 = sc->T1 = 0;
410
	sc->ptr = 0;
411
}
412

413
static void
414
blake32(sph_blake_small_context *sc, const void *data, size_t len)
415
{
416
	unsigned char *buf;
417
	size_t ptr;
418
	DECL_STATE32
419

420
	buf = sc->buf;
421
	ptr = sc->ptr;
422
	if (len < (sizeof sc->buf) - ptr) {
423
		memcpy(buf + ptr, data, len);
424
		ptr += len;
425
		sc->ptr = ptr;
426
		return;
427
	}
428

429
	READ_STATE32(sc);
430
	while (len > 0) {
431
		size_t clen;
432

433
		clen = (sizeof sc->buf) - ptr;
434
		if (clen > len)
435
			clen = len;
436
		memcpy(buf + ptr, data, clen);
437
		ptr += clen;
438
		data = (const unsigned char *)data + clen;
439
		len -= clen;
440
		if (ptr == sizeof sc->buf) {
441
			if ((T0 = SPH_T32(T0 + 512)) < 512)
442
				T1 = SPH_T32(T1 + 1);
443
			COMPRESS32;
444
			ptr = 0;
445
		}
446
	}
447
	WRITE_STATE32(sc);
448
	sc->ptr = ptr;
449
}
450

451
static void
452
blake32_close(sph_blake_small_context *sc,
453
	unsigned ub, unsigned n, void *dst, size_t out_size_w32)
454
{
455
	union {
456
		unsigned char buf[64];
457
		sph_u32 dummy;
458
	} u;
459
	size_t ptr, k;
460
	unsigned bit_len;
461
	unsigned z;
462
	sph_u32 th, tl;
463
	unsigned char *out;
464

465
	ptr = sc->ptr;
466
	bit_len = ((unsigned)ptr << 3) + n;
467
	z = 0x80 >> n;
468
	u.buf[ptr] = ((ub & -z) | z) & 0xFF;
469
	tl = sc->T0 + bit_len;
470
	th = sc->T1;
471
	if (ptr == 0 && n == 0) {
472
		sc->T0 = SPH_C32(0xFFFFFE00);
473
		sc->T1 = SPH_C32(0xFFFFFFFF);
474
	} else if (sc->T0 == 0) {
475
		sc->T0 = SPH_C32(0xFFFFFE00) + bit_len;
476
		sc->T1 = SPH_T32(sc->T1 - 1);
477
	} else {
478
		sc->T0 -= 512 - bit_len;
479
	}
480
	if (bit_len <= 446) {
481
		memset(u.buf + ptr + 1, 0, 55 - ptr);
482
		if (out_size_w32 == 8)
483
			u.buf[55] |= 1;
484
		sph_enc32be_aligned(u.buf + 56, th);
485
		sph_enc32be_aligned(u.buf + 60, tl);
486
		blake32(sc, u.buf + ptr, 64 - ptr);
487
	} else {
488
		memset(u.buf + ptr + 1, 0, 63 - ptr);
489
		blake32(sc, u.buf + ptr, 64 - ptr);
490
		sc->T0 = SPH_C32(0xFFFFFE00);
491
		sc->T1 = SPH_C32(0xFFFFFFFF);
492
		memset(u.buf, 0, 56);
493
		if (out_size_w32 == 8)
494
			u.buf[55] = 1;
495
		sph_enc32be_aligned(u.buf + 56, th);
496
		sph_enc32be_aligned(u.buf + 60, tl);
497
		blake32(sc, u.buf, 64);
498
	}
499
	out = dst;
500
	for (k = 0; k < out_size_w32; k ++)
501
		sph_enc32be(out + (k << 2), sc->H[k]);
502
}
503

504
void
505
blakecoin_init(void *cc)
506
{
507
	blake32_init(cc, IV256, salt_zero_small);
508
}
509

510
void
511
blakecoin(void *cc, const void *data, size_t len)
512
{
513
	blake32(cc, data, len);
514
}
515

516
static void
517
blakecoin_addbits_and_close(void *cc, unsigned ub, unsigned n, void *dst)
518
{
519
	blake32_close(cc, ub, n, dst, 8);
520
	blakecoin_init(cc);
521
}
522

523
void
524
blakecoin_close(void *cc, void *dst)
525
{
526
	blakecoin_addbits_and_close(cc, 0, 0, dst);
527
}
528

529
#ifdef __cplusplus
530
}
531
#endif
532

533