| // Copyright 2012 The Go Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file. |
| |
| package main |
| |
| // Based on original, public domain implementation from NaCl by D. J. |
| // Bernstein. |
| |
| import ( |
| "crypto/subtle" |
| "math" |
| ) |
| |
| const ( |
| alpham80 = 0.00000000558793544769287109375 |
| alpham48 = 24.0 |
| alpham16 = 103079215104.0 |
| alpha0 = 6755399441055744.0 |
| alpha18 = 1770887431076116955136.0 |
| alpha32 = 29014219670751100192948224.0 |
| alpha50 = 7605903601369376408980219232256.0 |
| alpha64 = 124615124604835863084731911901282304.0 |
| alpha82 = 32667107224410092492483962313449748299776.0 |
| alpha96 = 535217884764734955396857238543560676143529984.0 |
| alpha112 = 35076039295941670036888435985190792471742381031424.0 |
| alpha130 = 9194973245195333150150082162901855101712434733101613056.0 |
| scale = 0.0000000000000000000000000000000000000036734198463196484624023016788195177431833298649127735047148490821200539357960224151611328125 |
| offset0 = 6755408030990331.0 |
| offset1 = 29014256564239239022116864.0 |
| offset2 = 124615283061160854719918951570079744.0 |
| offset3 = 535219245894202480694386063513315216128475136.0 |
| ) |
| |
| // poly1305Verify returns true if mac is a valid authenticator for m with the |
| // given key. |
| func poly1305Verify(mac *[16]byte, m []byte, key *[32]byte) bool { |
| var tmp [16]byte |
| poly1305Sum(&tmp, m, key) |
| return subtle.ConstantTimeCompare(tmp[:], mac[:]) == 1 |
| } |
| |
| // poly1305Sum generates an authenticator for m using a one-time key and puts |
| // the 16-byte result into out. Authenticating two different messages with the |
| // same key allows an attacker to forge messages at will. |
| func poly1305Sum(out *[16]byte, m []byte, key *[32]byte) { |
| r := key |
| s := key[16:] |
| var ( |
| y7 float64 |
| y6 float64 |
| y1 float64 |
| y0 float64 |
| y5 float64 |
| y4 float64 |
| x7 float64 |
| x6 float64 |
| x1 float64 |
| x0 float64 |
| y3 float64 |
| y2 float64 |
| x5 float64 |
| r3lowx0 float64 |
| x4 float64 |
| r0lowx6 float64 |
| x3 float64 |
| r3highx0 float64 |
| x2 float64 |
| r0highx6 float64 |
| r0lowx0 float64 |
| sr1lowx6 float64 |
| r0highx0 float64 |
| sr1highx6 float64 |
| sr3low float64 |
| r1lowx0 float64 |
| sr2lowx6 float64 |
| r1highx0 float64 |
| sr2highx6 float64 |
| r2lowx0 float64 |
| sr3lowx6 float64 |
| r2highx0 float64 |
| sr3highx6 float64 |
| r1highx4 float64 |
| r1lowx4 float64 |
| r0highx4 float64 |
| r0lowx4 float64 |
| sr3highx4 float64 |
| sr3lowx4 float64 |
| sr2highx4 float64 |
| sr2lowx4 float64 |
| r0lowx2 float64 |
| r0highx2 float64 |
| r1lowx2 float64 |
| r1highx2 float64 |
| r2lowx2 float64 |
| r2highx2 float64 |
| sr3lowx2 float64 |
| sr3highx2 float64 |
| z0 float64 |
| z1 float64 |
| z2 float64 |
| z3 float64 |
| m0 int64 |
| m1 int64 |
| m2 int64 |
| m3 int64 |
| m00 uint32 |
| m01 uint32 |
| m02 uint32 |
| m03 uint32 |
| m10 uint32 |
| m11 uint32 |
| m12 uint32 |
| m13 uint32 |
| m20 uint32 |
| m21 uint32 |
| m22 uint32 |
| m23 uint32 |
| m30 uint32 |
| m31 uint32 |
| m32 uint32 |
| m33 uint64 |
| lbelow2 int32 |
| lbelow3 int32 |
| lbelow4 int32 |
| lbelow5 int32 |
| lbelow6 int32 |
| lbelow7 int32 |
| lbelow8 int32 |
| lbelow9 int32 |
| lbelow10 int32 |
| lbelow11 int32 |
| lbelow12 int32 |
| lbelow13 int32 |
| lbelow14 int32 |
| lbelow15 int32 |
| s00 uint32 |
| s01 uint32 |
| s02 uint32 |
| s03 uint32 |
| s10 uint32 |
| s11 uint32 |
| s12 uint32 |
| s13 uint32 |
| s20 uint32 |
| s21 uint32 |
| s22 uint32 |
| s23 uint32 |
| s30 uint32 |
| s31 uint32 |
| s32 uint32 |
| s33 uint32 |
| bits32 uint64 |
| f uint64 |
| f0 uint64 |
| f1 uint64 |
| f2 uint64 |
| f3 uint64 |
| f4 uint64 |
| g uint64 |
| g0 uint64 |
| g1 uint64 |
| g2 uint64 |
| g3 uint64 |
| g4 uint64 |
| ) |
| |
| var p int32 |
| |
| l := int32(len(m)) |
| |
| r00 := uint32(r[0]) |
| |
| r01 := uint32(r[1]) |
| |
| r02 := uint32(r[2]) |
| r0 := int64(2151) |
| |
| r03 := uint32(r[3]) |
| r03 &= 15 |
| r0 <<= 51 |
| |
| r10 := uint32(r[4]) |
| r10 &= 252 |
| r01 <<= 8 |
| r0 += int64(r00) |
| |
| r11 := uint32(r[5]) |
| r02 <<= 16 |
| r0 += int64(r01) |
| |
| r12 := uint32(r[6]) |
| r03 <<= 24 |
| r0 += int64(r02) |
| |
| r13 := uint32(r[7]) |
| r13 &= 15 |
| r1 := int64(2215) |
| r0 += int64(r03) |
| |
| d0 := r0 |
| r1 <<= 51 |
| r2 := int64(2279) |
| |
| r20 := uint32(r[8]) |
| r20 &= 252 |
| r11 <<= 8 |
| r1 += int64(r10) |
| |
| r21 := uint32(r[9]) |
| r12 <<= 16 |
| r1 += int64(r11) |
| |
| r22 := uint32(r[10]) |
| r13 <<= 24 |
| r1 += int64(r12) |
| |
| r23 := uint32(r[11]) |
| r23 &= 15 |
| r2 <<= 51 |
| r1 += int64(r13) |
| |
| d1 := r1 |
| r21 <<= 8 |
| r2 += int64(r20) |
| |
| r30 := uint32(r[12]) |
| r30 &= 252 |
| r22 <<= 16 |
| r2 += int64(r21) |
| |
| r31 := uint32(r[13]) |
| r23 <<= 24 |
| r2 += int64(r22) |
| |
| r32 := uint32(r[14]) |
| r2 += int64(r23) |
| r3 := int64(2343) |
| |
| d2 := r2 |
| r3 <<= 51 |
| |
| r33 := uint32(r[15]) |
| r33 &= 15 |
| r31 <<= 8 |
| r3 += int64(r30) |
| |
| r32 <<= 16 |
| r3 += int64(r31) |
| |
| r33 <<= 24 |
| r3 += int64(r32) |
| |
| r3 += int64(r33) |
| h0 := alpha32 - alpha32 |
| |
| d3 := r3 |
| h1 := alpha32 - alpha32 |
| |
| h2 := alpha32 - alpha32 |
| |
| h3 := alpha32 - alpha32 |
| |
| h4 := alpha32 - alpha32 |
| |
| r0low := math.Float64frombits(uint64(d0)) |
| h5 := alpha32 - alpha32 |
| |
| r1low := math.Float64frombits(uint64(d1)) |
| h6 := alpha32 - alpha32 |
| |
| r2low := math.Float64frombits(uint64(d2)) |
| h7 := alpha32 - alpha32 |
| |
| r0low -= alpha0 |
| |
| r1low -= alpha32 |
| |
| r2low -= alpha64 |
| |
| r0high := r0low + alpha18 |
| |
| r3low := math.Float64frombits(uint64(d3)) |
| |
| r1high := r1low + alpha50 |
| sr1low := scale * r1low |
| |
| r2high := r2low + alpha82 |
| sr2low := scale * r2low |
| |
| r0high -= alpha18 |
| r0high_stack := r0high |
| |
| r3low -= alpha96 |
| |
| r1high -= alpha50 |
| r1high_stack := r1high |
| |
| sr1high := sr1low + alpham80 |
| |
| r0low -= r0high |
| |
| r2high -= alpha82 |
| sr3low = scale * r3low |
| |
| sr2high := sr2low + alpham48 |
| |
| r1low -= r1high |
| r1low_stack := r1low |
| |
| sr1high -= alpham80 |
| sr1high_stack := sr1high |
| |
| r2low -= r2high |
| r2low_stack := r2low |
| |
| sr2high -= alpham48 |
| sr2high_stack := sr2high |
| |
| r3high := r3low + alpha112 |
| r0low_stack := r0low |
| |
| sr1low -= sr1high |
| sr1low_stack := sr1low |
| |
| sr3high := sr3low + alpham16 |
| r2high_stack := r2high |
| |
| sr2low -= sr2high |
| sr2low_stack := sr2low |
| |
| r3high -= alpha112 |
| r3high_stack := r3high |
| |
| sr3high -= alpham16 |
| sr3high_stack := sr3high |
| |
| r3low -= r3high |
| r3low_stack := r3low |
| |
| sr3low -= sr3high |
| sr3low_stack := sr3low |
| |
| if l < 16 { |
| goto addatmost15bytes |
| } |
| |
| m00 = uint32(m[p+0]) |
| m0 = 2151 |
| |
| m0 <<= 51 |
| m1 = 2215 |
| m01 = uint32(m[p+1]) |
| |
| m1 <<= 51 |
| m2 = 2279 |
| m02 = uint32(m[p+2]) |
| |
| m2 <<= 51 |
| m3 = 2343 |
| m03 = uint32(m[p+3]) |
| |
| m10 = uint32(m[p+4]) |
| m01 <<= 8 |
| m0 += int64(m00) |
| |
| m11 = uint32(m[p+5]) |
| m02 <<= 16 |
| m0 += int64(m01) |
| |
| m12 = uint32(m[p+6]) |
| m03 <<= 24 |
| m0 += int64(m02) |
| |
| m13 = uint32(m[p+7]) |
| m3 <<= 51 |
| m0 += int64(m03) |
| |
| m20 = uint32(m[p+8]) |
| m11 <<= 8 |
| m1 += int64(m10) |
| |
| m21 = uint32(m[p+9]) |
| m12 <<= 16 |
| m1 += int64(m11) |
| |
| m22 = uint32(m[p+10]) |
| m13 <<= 24 |
| m1 += int64(m12) |
| |
| m23 = uint32(m[p+11]) |
| m1 += int64(m13) |
| |
| m30 = uint32(m[p+12]) |
| m21 <<= 8 |
| m2 += int64(m20) |
| |
| m31 = uint32(m[p+13]) |
| m22 <<= 16 |
| m2 += int64(m21) |
| |
| m32 = uint32(m[p+14]) |
| m23 <<= 24 |
| m2 += int64(m22) |
| |
| m33 = uint64(m[p+15]) |
| m2 += int64(m23) |
| |
| d0 = m0 |
| m31 <<= 8 |
| m3 += int64(m30) |
| |
| d1 = m1 |
| m32 <<= 16 |
| m3 += int64(m31) |
| |
| d2 = m2 |
| m33 += 256 |
| |
| m33 <<= 24 |
| m3 += int64(m32) |
| |
| m3 += int64(m33) |
| d3 = m3 |
| |
| p += 16 |
| l -= 16 |
| |
| z0 = math.Float64frombits(uint64(d0)) |
| |
| z1 = math.Float64frombits(uint64(d1)) |
| |
| z2 = math.Float64frombits(uint64(d2)) |
| |
| z3 = math.Float64frombits(uint64(d3)) |
| |
| z0 -= alpha0 |
| |
| z1 -= alpha32 |
| |
| z2 -= alpha64 |
| |
| z3 -= alpha96 |
| |
| h0 += z0 |
| |
| h1 += z1 |
| |
| h3 += z2 |
| |
| h5 += z3 |
| |
| if l < 16 { |
| goto multiplyaddatmost15bytes |
| } |
| |
| multiplyaddatleast16bytes: |
| |
| m2 = 2279 |
| m20 = uint32(m[p+8]) |
| y7 = h7 + alpha130 |
| |
| m2 <<= 51 |
| m3 = 2343 |
| m21 = uint32(m[p+9]) |
| y6 = h6 + alpha130 |
| |
| m3 <<= 51 |
| m0 = 2151 |
| m22 = uint32(m[p+10]) |
| y1 = h1 + alpha32 |
| |
| m0 <<= 51 |
| m1 = 2215 |
| m23 = uint32(m[p+11]) |
| y0 = h0 + alpha32 |
| |
| m1 <<= 51 |
| m30 = uint32(m[p+12]) |
| y7 -= alpha130 |
| |
| m21 <<= 8 |
| m2 += int64(m20) |
| m31 = uint32(m[p+13]) |
| y6 -= alpha130 |
| |
| m22 <<= 16 |
| m2 += int64(m21) |
| m32 = uint32(m[p+14]) |
| y1 -= alpha32 |
| |
| m23 <<= 24 |
| m2 += int64(m22) |
| m33 = uint64(m[p+15]) |
| y0 -= alpha32 |
| |
| m2 += int64(m23) |
| m00 = uint32(m[p+0]) |
| y5 = h5 + alpha96 |
| |
| m31 <<= 8 |
| m3 += int64(m30) |
| m01 = uint32(m[p+1]) |
| y4 = h4 + alpha96 |
| |
| m32 <<= 16 |
| m02 = uint32(m[p+2]) |
| x7 = h7 - y7 |
| y7 *= scale |
| |
| m33 += 256 |
| m03 = uint32(m[p+3]) |
| x6 = h6 - y6 |
| y6 *= scale |
| |
| m33 <<= 24 |
| m3 += int64(m31) |
| m10 = uint32(m[p+4]) |
| x1 = h1 - y1 |
| |
| m01 <<= 8 |
| m3 += int64(m32) |
| m11 = uint32(m[p+5]) |
| x0 = h0 - y0 |
| |
| m3 += int64(m33) |
| m0 += int64(m00) |
| m12 = uint32(m[p+6]) |
| y5 -= alpha96 |
| |
| m02 <<= 16 |
| m0 += int64(m01) |
| m13 = uint32(m[p+7]) |
| y4 -= alpha96 |
| |
| m03 <<= 24 |
| m0 += int64(m02) |
| d2 = m2 |
| x1 += y7 |
| |
| m0 += int64(m03) |
| d3 = m3 |
| x0 += y6 |
| |
| m11 <<= 8 |
| m1 += int64(m10) |
| d0 = m0 |
| x7 += y5 |
| |
| m12 <<= 16 |
| m1 += int64(m11) |
| x6 += y4 |
| |
| m13 <<= 24 |
| m1 += int64(m12) |
| y3 = h3 + alpha64 |
| |
| m1 += int64(m13) |
| d1 = m1 |
| y2 = h2 + alpha64 |
| |
| x0 += x1 |
| |
| x6 += x7 |
| |
| y3 -= alpha64 |
| r3low = r3low_stack |
| |
| y2 -= alpha64 |
| r0low = r0low_stack |
| |
| x5 = h5 - y5 |
| r3lowx0 = r3low * x0 |
| r3high = r3high_stack |
| |
| x4 = h4 - y4 |
| r0lowx6 = r0low * x6 |
| r0high = r0high_stack |
| |
| x3 = h3 - y3 |
| r3highx0 = r3high * x0 |
| sr1low = sr1low_stack |
| |
| x2 = h2 - y2 |
| r0highx6 = r0high * x6 |
| sr1high = sr1high_stack |
| |
| x5 += y3 |
| r0lowx0 = r0low * x0 |
| r1low = r1low_stack |
| |
| h6 = r3lowx0 + r0lowx6 |
| sr1lowx6 = sr1low * x6 |
| r1high = r1high_stack |
| |
| x4 += y2 |
| r0highx0 = r0high * x0 |
| sr2low = sr2low_stack |
| |
| h7 = r3highx0 + r0highx6 |
| sr1highx6 = sr1high * x6 |
| sr2high = sr2high_stack |
| |
| x3 += y1 |
| r1lowx0 = r1low * x0 |
| r2low = r2low_stack |
| |
| h0 = r0lowx0 + sr1lowx6 |
| sr2lowx6 = sr2low * x6 |
| r2high = r2high_stack |
| |
| x2 += y0 |
| r1highx0 = r1high * x0 |
| sr3low = sr3low_stack |
| |
| h1 = r0highx0 + sr1highx6 |
| sr2highx6 = sr2high * x6 |
| sr3high = sr3high_stack |
| |
| x4 += x5 |
| r2lowx0 = r2low * x0 |
| z2 = math.Float64frombits(uint64(d2)) |
| |
| h2 = r1lowx0 + sr2lowx6 |
| sr3lowx6 = sr3low * x6 |
| |
| x2 += x3 |
| r2highx0 = r2high * x0 |
| z3 = math.Float64frombits(uint64(d3)) |
| |
| h3 = r1highx0 + sr2highx6 |
| sr3highx6 = sr3high * x6 |
| |
| r1highx4 = r1high * x4 |
| z2 -= alpha64 |
| |
| h4 = r2lowx0 + sr3lowx6 |
| r1lowx4 = r1low * x4 |
| |
| r0highx4 = r0high * x4 |
| z3 -= alpha96 |
| |
| h5 = r2highx0 + sr3highx6 |
| r0lowx4 = r0low * x4 |
| |
| h7 += r1highx4 |
| sr3highx4 = sr3high * x4 |
| |
| h6 += r1lowx4 |
| sr3lowx4 = sr3low * x4 |
| |
| h5 += r0highx4 |
| sr2highx4 = sr2high * x4 |
| |
| h4 += r0lowx4 |
| sr2lowx4 = sr2low * x4 |
| |
| h3 += sr3highx4 |
| r0lowx2 = r0low * x2 |
| |
| h2 += sr3lowx4 |
| r0highx2 = r0high * x2 |
| |
| h1 += sr2highx4 |
| r1lowx2 = r1low * x2 |
| |
| h0 += sr2lowx4 |
| r1highx2 = r1high * x2 |
| |
| h2 += r0lowx2 |
| r2lowx2 = r2low * x2 |
| |
| h3 += r0highx2 |
| r2highx2 = r2high * x2 |
| |
| h4 += r1lowx2 |
| sr3lowx2 = sr3low * x2 |
| |
| h5 += r1highx2 |
| sr3highx2 = sr3high * x2 |
| |
| p += 16 |
| l -= 16 |
| h6 += r2lowx2 |
| |
| h7 += r2highx2 |
| |
| z1 = math.Float64frombits(uint64(d1)) |
| h0 += sr3lowx2 |
| |
| z0 = math.Float64frombits(uint64(d0)) |
| h1 += sr3highx2 |
| |
| z1 -= alpha32 |
| |
| z0 -= alpha0 |
| |
| h5 += z3 |
| |
| h3 += z2 |
| |
| h1 += z1 |
| |
| h0 += z0 |
| |
| if l >= 16 { |
| goto multiplyaddatleast16bytes |
| } |
| |
| multiplyaddatmost15bytes: |
| |
| y7 = h7 + alpha130 |
| |
| y6 = h6 + alpha130 |
| |
| y1 = h1 + alpha32 |
| |
| y0 = h0 + alpha32 |
| |
| y7 -= alpha130 |
| |
| y6 -= alpha130 |
| |
| y1 -= alpha32 |
| |
| y0 -= alpha32 |
| |
| y5 = h5 + alpha96 |
| |
| y4 = h4 + alpha96 |
| |
| x7 = h7 - y7 |
| y7 *= scale |
| |
| x6 = h6 - y6 |
| y6 *= scale |
| |
| x1 = h1 - y1 |
| |
| x0 = h0 - y0 |
| |
| y5 -= alpha96 |
| |
| y4 -= alpha96 |
| |
| x1 += y7 |
| |
| x0 += y6 |
| |
| x7 += y5 |
| |
| x6 += y4 |
| |
| y3 = h3 + alpha64 |
| |
| y2 = h2 + alpha64 |
| |
| x0 += x1 |
| |
| x6 += x7 |
| |
| y3 -= alpha64 |
| r3low = r3low_stack |
| |
| y2 -= alpha64 |
| r0low = r0low_stack |
| |
| x5 = h5 - y5 |
| r3lowx0 = r3low * x0 |
| r3high = r3high_stack |
| |
| x4 = h4 - y4 |
| r0lowx6 = r0low * x6 |
| r0high = r0high_stack |
| |
| x3 = h3 - y3 |
| r3highx0 = r3high * x0 |
| sr1low = sr1low_stack |
| |
| x2 = h2 - y2 |
| r0highx6 = r0high * x6 |
| sr1high = sr1high_stack |
| |
| x5 += y3 |
| r0lowx0 = r0low * x0 |
| r1low = r1low_stack |
| |
| h6 = r3lowx0 + r0lowx6 |
| sr1lowx6 = sr1low * x6 |
| r1high = r1high_stack |
| |
| x4 += y2 |
| r0highx0 = r0high * x0 |
| sr2low = sr2low_stack |
| |
| h7 = r3highx0 + r0highx6 |
| sr1highx6 = sr1high * x6 |
| sr2high = sr2high_stack |
| |
| x3 += y1 |
| r1lowx0 = r1low * x0 |
| r2low = r2low_stack |
| |
| h0 = r0lowx0 + sr1lowx6 |
| sr2lowx6 = sr2low * x6 |
| r2high = r2high_stack |
| |
| x2 += y0 |
| r1highx0 = r1high * x0 |
| sr3low = sr3low_stack |
| |
| h1 = r0highx0 + sr1highx6 |
| sr2highx6 = sr2high * x6 |
| sr3high = sr3high_stack |
| |
| x4 += x5 |
| r2lowx0 = r2low * x0 |
| |
| h2 = r1lowx0 + sr2lowx6 |
| sr3lowx6 = sr3low * x6 |
| |
| x2 += x3 |
| r2highx0 = r2high * x0 |
| |
| h3 = r1highx0 + sr2highx6 |
| sr3highx6 = sr3high * x6 |
| |
| r1highx4 = r1high * x4 |
| |
| h4 = r2lowx0 + sr3lowx6 |
| r1lowx4 = r1low * x4 |
| |
| r0highx4 = r0high * x4 |
| |
| h5 = r2highx0 + sr3highx6 |
| r0lowx4 = r0low * x4 |
| |
| h7 += r1highx4 |
| sr3highx4 = sr3high * x4 |
| |
| h6 += r1lowx4 |
| sr3lowx4 = sr3low * x4 |
| |
| h5 += r0highx4 |
| sr2highx4 = sr2high * x4 |
| |
| h4 += r0lowx4 |
| sr2lowx4 = sr2low * x4 |
| |
| h3 += sr3highx4 |
| r0lowx2 = r0low * x2 |
| |
| h2 += sr3lowx4 |
| r0highx2 = r0high * x2 |
| |
| h1 += sr2highx4 |
| r1lowx2 = r1low * x2 |
| |
| h0 += sr2lowx4 |
| r1highx2 = r1high * x2 |
| |
| h2 += r0lowx2 |
| r2lowx2 = r2low * x2 |
| |
| h3 += r0highx2 |
| r2highx2 = r2high * x2 |
| |
| h4 += r1lowx2 |
| sr3lowx2 = sr3low * x2 |
| |
| h5 += r1highx2 |
| sr3highx2 = sr3high * x2 |
| |
| h6 += r2lowx2 |
| |
| h7 += r2highx2 |
| |
| h0 += sr3lowx2 |
| |
| h1 += sr3highx2 |
| |
| addatmost15bytes: |
| |
| if l == 0 { |
| goto nomorebytes |
| } |
| |
| lbelow2 = l - 2 |
| |
| lbelow3 = l - 3 |
| |
| lbelow2 >>= 31 |
| lbelow4 = l - 4 |
| |
| m00 = uint32(m[p+0]) |
| lbelow3 >>= 31 |
| p += lbelow2 |
| |
| m01 = uint32(m[p+1]) |
| lbelow4 >>= 31 |
| p += lbelow3 |
| |
| m02 = uint32(m[p+2]) |
| p += lbelow4 |
| m0 = 2151 |
| |
| m03 = uint32(m[p+3]) |
| m0 <<= 51 |
| m1 = 2215 |
| |
| m0 += int64(m00) |
| m01 &^= uint32(lbelow2) |
| |
| m02 &^= uint32(lbelow3) |
| m01 -= uint32(lbelow2) |
| |
| m01 <<= 8 |
| m03 &^= uint32(lbelow4) |
| |
| m0 += int64(m01) |
| lbelow2 -= lbelow3 |
| |
| m02 += uint32(lbelow2) |
| lbelow3 -= lbelow4 |
| |
| m02 <<= 16 |
| m03 += uint32(lbelow3) |
| |
| m03 <<= 24 |
| m0 += int64(m02) |
| |
| m0 += int64(m03) |
| lbelow5 = l - 5 |
| |
| lbelow6 = l - 6 |
| lbelow7 = l - 7 |
| |
| lbelow5 >>= 31 |
| lbelow8 = l - 8 |
| |
| lbelow6 >>= 31 |
| p += lbelow5 |
| |
| m10 = uint32(m[p+4]) |
| lbelow7 >>= 31 |
| p += lbelow6 |
| |
| m11 = uint32(m[p+5]) |
| lbelow8 >>= 31 |
| p += lbelow7 |
| |
| m12 = uint32(m[p+6]) |
| m1 <<= 51 |
| p += lbelow8 |
| |
| m13 = uint32(m[p+7]) |
| m10 &^= uint32(lbelow5) |
| lbelow4 -= lbelow5 |
| |
| m10 += uint32(lbelow4) |
| lbelow5 -= lbelow6 |
| |
| m11 &^= uint32(lbelow6) |
| m11 += uint32(lbelow5) |
| |
| m11 <<= 8 |
| m1 += int64(m10) |
| |
| m1 += int64(m11) |
| m12 &^= uint32(lbelow7) |
| |
| lbelow6 -= lbelow7 |
| m13 &^= uint32(lbelow8) |
| |
| m12 += uint32(lbelow6) |
| lbelow7 -= lbelow8 |
| |
| m12 <<= 16 |
| m13 += uint32(lbelow7) |
| |
| m13 <<= 24 |
| m1 += int64(m12) |
| |
| m1 += int64(m13) |
| m2 = 2279 |
| |
| lbelow9 = l - 9 |
| m3 = 2343 |
| |
| lbelow10 = l - 10 |
| lbelow11 = l - 11 |
| |
| lbelow9 >>= 31 |
| lbelow12 = l - 12 |
| |
| lbelow10 >>= 31 |
| p += lbelow9 |
| |
| m20 = uint32(m[p+8]) |
| lbelow11 >>= 31 |
| p += lbelow10 |
| |
| m21 = uint32(m[p+9]) |
| lbelow12 >>= 31 |
| p += lbelow11 |
| |
| m22 = uint32(m[p+10]) |
| m2 <<= 51 |
| p += lbelow12 |
| |
| m23 = uint32(m[p+11]) |
| m20 &^= uint32(lbelow9) |
| lbelow8 -= lbelow9 |
| |
| m20 += uint32(lbelow8) |
| lbelow9 -= lbelow10 |
| |
| m21 &^= uint32(lbelow10) |
| m21 += uint32(lbelow9) |
| |
| m21 <<= 8 |
| m2 += int64(m20) |
| |
| m2 += int64(m21) |
| m22 &^= uint32(lbelow11) |
| |
| lbelow10 -= lbelow11 |
| m23 &^= uint32(lbelow12) |
| |
| m22 += uint32(lbelow10) |
| lbelow11 -= lbelow12 |
| |
| m22 <<= 16 |
| m23 += uint32(lbelow11) |
| |
| m23 <<= 24 |
| m2 += int64(m22) |
| |
| m3 <<= 51 |
| lbelow13 = l - 13 |
| |
| lbelow13 >>= 31 |
| lbelow14 = l - 14 |
| |
| lbelow14 >>= 31 |
| p += lbelow13 |
| lbelow15 = l - 15 |
| |
| m30 = uint32(m[p+12]) |
| lbelow15 >>= 31 |
| p += lbelow14 |
| |
| m31 = uint32(m[p+13]) |
| p += lbelow15 |
| m2 += int64(m23) |
| |
| m32 = uint32(m[p+14]) |
| m30 &^= uint32(lbelow13) |
| lbelow12 -= lbelow13 |
| |
| m30 += uint32(lbelow12) |
| lbelow13 -= lbelow14 |
| |
| m3 += int64(m30) |
| m31 &^= uint32(lbelow14) |
| |
| m31 += uint32(lbelow13) |
| m32 &^= uint32(lbelow15) |
| |
| m31 <<= 8 |
| lbelow14 -= lbelow15 |
| |
| m3 += int64(m31) |
| m32 += uint32(lbelow14) |
| d0 = m0 |
| |
| m32 <<= 16 |
| m33 = uint64(lbelow15 + 1) |
| d1 = m1 |
| |
| m33 <<= 24 |
| m3 += int64(m32) |
| d2 = m2 |
| |
| m3 += int64(m33) |
| d3 = m3 |
| |
| z3 = math.Float64frombits(uint64(d3)) |
| |
| z2 = math.Float64frombits(uint64(d2)) |
| |
| z1 = math.Float64frombits(uint64(d1)) |
| |
| z0 = math.Float64frombits(uint64(d0)) |
| |
| z3 -= alpha96 |
| |
| z2 -= alpha64 |
| |
| z1 -= alpha32 |
| |
| z0 -= alpha0 |
| |
| h5 += z3 |
| |
| h3 += z2 |
| |
| h1 += z1 |
| |
| h0 += z0 |
| |
| y7 = h7 + alpha130 |
| |
| y6 = h6 + alpha130 |
| |
| y1 = h1 + alpha32 |
| |
| y0 = h0 + alpha32 |
| |
| y7 -= alpha130 |
| |
| y6 -= alpha130 |
| |
| y1 -= alpha32 |
| |
| y0 -= alpha32 |
| |
| y5 = h5 + alpha96 |
| |
| y4 = h4 + alpha96 |
| |
| x7 = h7 - y7 |
| y7 *= scale |
| |
| x6 = h6 - y6 |
| y6 *= scale |
| |
| x1 = h1 - y1 |
| |
| x0 = h0 - y0 |
| |
| y5 -= alpha96 |
| |
| y4 -= alpha96 |
| |
| x1 += y7 |
| |
| x0 += y6 |
| |
| x7 += y5 |
| |
| x6 += y4 |
| |
| y3 = h3 + alpha64 |
| |
| y2 = h2 + alpha64 |
| |
| x0 += x1 |
| |
| x6 += x7 |
| |
| y3 -= alpha64 |
| r3low = r3low_stack |
| |
| y2 -= alpha64 |
| r0low = r0low_stack |
| |
| x5 = h5 - y5 |
| r3lowx0 = r3low * x0 |
| r3high = r3high_stack |
| |
| x4 = h4 - y4 |
| r0lowx6 = r0low * x6 |
| r0high = r0high_stack |
| |
| x3 = h3 - y3 |
| r3highx0 = r3high * x0 |
| sr1low = sr1low_stack |
| |
| x2 = h2 - y2 |
| r0highx6 = r0high * x6 |
| sr1high = sr1high_stack |
| |
| x5 += y3 |
| r0lowx0 = r0low * x0 |
| r1low = r1low_stack |
| |
| h6 = r3lowx0 + r0lowx6 |
| sr1lowx6 = sr1low * x6 |
| r1high = r1high_stack |
| |
| x4 += y2 |
| r0highx0 = r0high * x0 |
| sr2low = sr2low_stack |
| |
| h7 = r3highx0 + r0highx6 |
| sr1highx6 = sr1high * x6 |
| sr2high = sr2high_stack |
| |
| x3 += y1 |
| r1lowx0 = r1low * x0 |
| r2low = r2low_stack |
| |
| h0 = r0lowx0 + sr1lowx6 |
| sr2lowx6 = sr2low * x6 |
| r2high = r2high_stack |
| |
| x2 += y0 |
| r1highx0 = r1high * x0 |
| sr3low = sr3low_stack |
| |
| h1 = r0highx0 + sr1highx6 |
| sr2highx6 = sr2high * x6 |
| sr3high = sr3high_stack |
| |
| x4 += x5 |
| r2lowx0 = r2low * x0 |
| |
| h2 = r1lowx0 + sr2lowx6 |
| sr3lowx6 = sr3low * x6 |
| |
| x2 += x3 |
| r2highx0 = r2high * x0 |
| |
| h3 = r1highx0 + sr2highx6 |
| sr3highx6 = sr3high * x6 |
| |
| r1highx4 = r1high * x4 |
| |
| h4 = r2lowx0 + sr3lowx6 |
| r1lowx4 = r1low * x4 |
| |
| r0highx4 = r0high * x4 |
| |
| h5 = r2highx0 + sr3highx6 |
| r0lowx4 = r0low * x4 |
| |
| h7 += r1highx4 |
| sr3highx4 = sr3high * x4 |
| |
| h6 += r1lowx4 |
| sr3lowx4 = sr3low * x4 |
| |
| h5 += r0highx4 |
| sr2highx4 = sr2high * x4 |
| |
| h4 += r0lowx4 |
| sr2lowx4 = sr2low * x4 |
| |
| h3 += sr3highx4 |
| r0lowx2 = r0low * x2 |
| |
| h2 += sr3lowx4 |
| r0highx2 = r0high * x2 |
| |
| h1 += sr2highx4 |
| r1lowx2 = r1low * x2 |
| |
| h0 += sr2lowx4 |
| r1highx2 = r1high * x2 |
| |
| h2 += r0lowx2 |
| r2lowx2 = r2low * x2 |
| |
| h3 += r0highx2 |
| r2highx2 = r2high * x2 |
| |
| h4 += r1lowx2 |
| sr3lowx2 = sr3low * x2 |
| |
| h5 += r1highx2 |
| sr3highx2 = sr3high * x2 |
| |
| h6 += r2lowx2 |
| |
| h7 += r2highx2 |
| |
| h0 += sr3lowx2 |
| |
| h1 += sr3highx2 |
| |
| nomorebytes: |
| |
| y7 = h7 + alpha130 |
| |
| y0 = h0 + alpha32 |
| |
| y1 = h1 + alpha32 |
| |
| y2 = h2 + alpha64 |
| |
| y7 -= alpha130 |
| |
| y3 = h3 + alpha64 |
| |
| y4 = h4 + alpha96 |
| |
| y5 = h5 + alpha96 |
| |
| x7 = h7 - y7 |
| y7 *= scale |
| |
| y0 -= alpha32 |
| |
| y1 -= alpha32 |
| |
| y2 -= alpha64 |
| |
| h6 += x7 |
| |
| y3 -= alpha64 |
| |
| y4 -= alpha96 |
| |
| y5 -= alpha96 |
| |
| y6 = h6 + alpha130 |
| |
| x0 = h0 - y0 |
| |
| x1 = h1 - y1 |
| |
| x2 = h2 - y2 |
| |
| y6 -= alpha130 |
| |
| x0 += y7 |
| |
| x3 = h3 - y3 |
| |
| x4 = h4 - y4 |
| |
| x5 = h5 - y5 |
| |
| x6 = h6 - y6 |
| |
| y6 *= scale |
| |
| x2 += y0 |
| |
| x3 += y1 |
| |
| x4 += y2 |
| |
| x0 += y6 |
| |
| x5 += y3 |
| |
| x6 += y4 |
| |
| x2 += x3 |
| |
| x0 += x1 |
| |
| x4 += x5 |
| |
| x6 += y5 |
| |
| x2 += offset1 |
| d1 = int64(math.Float64bits(x2)) |
| |
| x0 += offset0 |
| d0 = int64(math.Float64bits(x0)) |
| |
| x4 += offset2 |
| d2 = int64(math.Float64bits(x4)) |
| |
| x6 += offset3 |
| d3 = int64(math.Float64bits(x6)) |
| |
| f0 = uint64(d0) |
| |
| f1 = uint64(d1) |
| bits32 = math.MaxUint64 |
| |
| f2 = uint64(d2) |
| bits32 >>= 32 |
| |
| f3 = uint64(d3) |
| f = f0 >> 32 |
| |
| f0 &= bits32 |
| f &= 255 |
| |
| f1 += f |
| g0 = f0 + 5 |
| |
| g = g0 >> 32 |
| g0 &= bits32 |
| |
| f = f1 >> 32 |
| f1 &= bits32 |
| |
| f &= 255 |
| g1 = f1 + g |
| |
| g = g1 >> 32 |
| f2 += f |
| |
| f = f2 >> 32 |
| g1 &= bits32 |
| |
| f2 &= bits32 |
| f &= 255 |
| |
| f3 += f |
| g2 = f2 + g |
| |
| g = g2 >> 32 |
| g2 &= bits32 |
| |
| f4 = f3 >> 32 |
| f3 &= bits32 |
| |
| f4 &= 255 |
| g3 = f3 + g |
| |
| g = g3 >> 32 |
| g3 &= bits32 |
| |
| g4 = f4 + g |
| |
| g4 = g4 - 4 |
| s00 = uint32(s[0]) |
| |
| f = uint64(int64(g4) >> 63) |
| s01 = uint32(s[1]) |
| |
| f0 &= f |
| g0 &^= f |
| s02 = uint32(s[2]) |
| |
| f1 &= f |
| f0 |= g0 |
| s03 = uint32(s[3]) |
| |
| g1 &^= f |
| f2 &= f |
| s10 = uint32(s[4]) |
| |
| f3 &= f |
| g2 &^= f |
| s11 = uint32(s[5]) |
| |
| g3 &^= f |
| f1 |= g1 |
| s12 = uint32(s[6]) |
| |
| f2 |= g2 |
| f3 |= g3 |
| s13 = uint32(s[7]) |
| |
| s01 <<= 8 |
| f0 += uint64(s00) |
| s20 = uint32(s[8]) |
| |
| s02 <<= 16 |
| f0 += uint64(s01) |
| s21 = uint32(s[9]) |
| |
| s03 <<= 24 |
| f0 += uint64(s02) |
| s22 = uint32(s[10]) |
| |
| s11 <<= 8 |
| f1 += uint64(s10) |
| s23 = uint32(s[11]) |
| |
| s12 <<= 16 |
| f1 += uint64(s11) |
| s30 = uint32(s[12]) |
| |
| s13 <<= 24 |
| f1 += uint64(s12) |
| s31 = uint32(s[13]) |
| |
| f0 += uint64(s03) |
| f1 += uint64(s13) |
| s32 = uint32(s[14]) |
| |
| s21 <<= 8 |
| f2 += uint64(s20) |
| s33 = uint32(s[15]) |
| |
| s22 <<= 16 |
| f2 += uint64(s21) |
| |
| s23 <<= 24 |
| f2 += uint64(s22) |
| |
| s31 <<= 8 |
| f3 += uint64(s30) |
| |
| s32 <<= 16 |
| f3 += uint64(s31) |
| |
| s33 <<= 24 |
| f3 += uint64(s32) |
| |
| f2 += uint64(s23) |
| f3 += uint64(s33) |
| |
| out[0] = byte(f0) |
| f0 >>= 8 |
| out[1] = byte(f0) |
| f0 >>= 8 |
| out[2] = byte(f0) |
| f0 >>= 8 |
| out[3] = byte(f0) |
| f0 >>= 8 |
| f1 += f0 |
| |
| out[4] = byte(f1) |
| f1 >>= 8 |
| out[5] = byte(f1) |
| f1 >>= 8 |
| out[6] = byte(f1) |
| f1 >>= 8 |
| out[7] = byte(f1) |
| f1 >>= 8 |
| f2 += f1 |
| |
| out[8] = byte(f2) |
| f2 >>= 8 |
| out[9] = byte(f2) |
| f2 >>= 8 |
| out[10] = byte(f2) |
| f2 >>= 8 |
| out[11] = byte(f2) |
| f2 >>= 8 |
| f3 += f2 |
| |
| out[12] = byte(f3) |
| f3 >>= 8 |
| out[13] = byte(f3) |
| f3 >>= 8 |
| out[14] = byte(f3) |
| f3 >>= 8 |
| out[15] = byte(f3) |
| } |