53     W[i  ] = (W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16]) rol 1
54     W[i+1] = (W[i-2] ^ W[i-7] ^ W[i-13] ^ W[i-15]) rol 1
55     W[i+2] = (W[i-1] ^ W[i-6] ^ W[i-12] ^ W[i-14]) rol 1
56     W[i+3] = (   0   ^ W[i-5] ^ W[i-11] ^ W[i-13]) rol 1
59     W[i+3] ^= W[i] rol 1
68 	2. W[i+3] ^= W[i] rol 1
71 	For i>=32, the Intel online article suggests that (using a basic identity (X rol 1) rol 1 = X rol 2) the update equation is equivalent to
274 	W[i  ] = (W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16]) rol 1
275     W[i+1] = (W[i-2] ^ W[i-7] ^ W[i-13] ^ W[i-15]) rol 1
276     W[i+2] = (W[i-1] ^ W[i-6] ^ W[i-12] ^ W[i-14]) rol 1
277     W[i+3] = (   0   ^ W[i-5] ^ W[i-11] ^ W[i-13]) rol 1
279 	W[i+3] ^= W[i] rol 1;	// this W[i] is already rol by 1, if we are taking from the intial W before rol 1, we should rol this by 2
285 	2. W_TMP = (W3 ^ W8 ^ W14 ^ W16) rol 1; split (W[i] 0 0 0) rol 2 in W_TMP2 and W
286 	3. W = W_TMP = W_TMP ^ W_TMP2 ^ W = (W3 ^ W8 ^ W14 ^ W16) rol 1 ^ (W[i] 0 0 0) rol 2; WK = W _TMP+K;  
309 	por		$0, W_TMP				// W_TMP = (W3 ^ W16 ^ W8 ^ W14) rol 1
311 	psrld	$$30, W_TMP2			// W_TMP2 = W[i] lower 2 bits after rol 2
312 	pslld	$$2, $0					// W = W[i] higher 30 bits after rol 2
320 	pxor	W_TMP2, W_TMP			// W_TMP = (W3 ^ W16 ^ W8 ^ W14) rol 1 ^ (W[i] 0 0 0) rol 2
355 	2. W_tmp = (W6 ^ W16 ^ W28 ^ W32) rol 2;
407 	por		$0, W_TMP					// W_tmp = (W6 ^ W16 ^ W28 ^ W32) rol 2
417     por     $0, W_TMP					// W_tmp = (W6 ^ W16 ^ W28 ^ W32) rol 2
422 	xmov	W_TMP, $0					// W = (W6 ^ W16 ^ W28 ^ W32) rol 2
427     xmov    W_TMP, $0					// W = (W6 ^ W16 ^ W28 ^ W32) rol 2
444 		A1 = FN + E0 + rol(A0,5) + WK;
446 		C1 = rol(B0, 30);
451 			1. A1 = FN + E0 + rol(A0,5) + WK; can be temporarily saved in E0, 
452 			2. C1 = rol(B0,30) can be temporarily saved in B0. 
455 			1. E = FN(B,C,D) + E + rol(A,5) + WK(i)
456 			2. B = rol(B,30)
461 		1. E = FN(B,C,D) + E + rol(A,5) + WK(i)
462 		2. B = rol(B,30)
464 		3. D = FN(A,B,C) + D + rol(E,5) + WK(i+1)
465 		4. A = rol(A,30)
475 	rol		$$30, $2		// B = rol(B,30)
478 	rol		$$5, T2			// rol(A,5)
483 	add		$5, T2			// T2 = FN(B,C,D) + E + rol(A,5) + WK(i)
484 	mov		T2, $5			// E = FN(B,C,D) + E + rol(A,5) + WK(i)
485 	rol		$$5, T2			// rol(E,5)
486 	add		T2, $4			// D + WK(i+1) + rol(E,5)
488 	add		T1, $4			// D = FN(A,B,C) + D + rol(E,5) + WK(i+1)
489 	rol		$$30, $1		// A = rol(A,30)

Indexes created Wed Sep 11 23:09:49 MDT 2024