You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

541 lines
18 KiB

  1. // Copyright 2017-2018 DERO Project. All rights reserved.
  2. // Use of this source code in any form is governed by RESEARCH license.
  3. // license can be found in the LICENSE file.
  4. // GPG: 0F39 E425 8C65 3947 702A 8234 08B2 0360 A03A 9DE8
  5. //
  6. //
  7. // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
  8. // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
  9. // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
  10. // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  11. // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
  12. // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  13. // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  14. // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
  15. // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  16. package cryptonight
  17. import "fmt"
  18. import "unsafe"
  19. import "encoding/hex"
  20. import "encoding/binary"
  21. import "github.com/aead/skein"
  22. import "github.com/dchest/blake256"
  23. const MAX_ARRAY_LIMIT = (4 * 1024 * 1024)
  24. func cryptonight(input []byte) []byte {
  25. var dummy [256]byte
  26. var S [25]uint64
  27. var key1 [64]uint32
  28. var key2 [64]uint32
  29. var a [2]uint64
  30. var b [2]uint64
  31. var c [2]uint64
  32. a_uint32 := (*(*[4]uint32)(unsafe.Pointer(&a[0])))[:len(a)*2]
  33. //b_uint32 := (*(*[4]uint32)(unsafe.Pointer(&b[0])))[:len(b)*2]
  34. c_uint32 := (*(*[4]uint32)(unsafe.Pointer(&c[0])))[:len(c)*2]
  35. // same array is accessed as 3 different ways, buts it bettter than copying
  36. var ScratchPad = make([]uint64, 1<<18, 1<<18)
  37. ScratchPad_uint32 := (*(*[MAX_ARRAY_LIMIT]uint32)(unsafe.Pointer(&ScratchPad[0])))[:len(ScratchPad)*2]
  38. // ScratchPad_byte := (*(*[MAX_ARRAY_LIMIT]byte)(unsafe.Pointer(&ScratchPad[0])))[:len(ScratchPad)*8]
  39. copy(dummy[:], input)
  40. for i := 0; i < 16; i++ {
  41. S[i] = binary.LittleEndian.Uint64(dummy[i<<3:])
  42. }
  43. S[16] = 0x8000000000000000
  44. keccakf(&S)
  45. // lets convert everything back to bytes
  46. for i := 0; i < 25; i++ {
  47. binary.LittleEndian.PutUint64(dummy[i<<3:], S[i])
  48. }
  49. // extract keys
  50. /*for i := 0 ; i <8;i++{
  51. key1[i] = binary.LittleEndian.Uint32(dummy[i<<2:])
  52. key2[i] = binary.LittleEndian.Uint32(dummy[32+(i<<2):])
  53. }*/
  54. expandKeyGo(dummy[0:32], key1[:], nil)
  55. expandKeyGo(dummy[32:64], key2[:], nil)
  56. /* for i :=0; i< 60;i++{
  57. fmt.Printf("%2d %X\n", i, key2[i])
  58. }*/
  59. // var text [128]byte
  60. var text_uint32 [32]uint32
  61. //copy(text[:],dummy[64:64+128]) // copy 128 bytes
  62. for i := 0; i < 32; i++ {
  63. text_uint32[i] = binary.LittleEndian.Uint32(dummy[64+(i<<2):])
  64. }
  65. /* for i :=0; i< 32;i++{
  66. fmt.Printf("%2d %X i %08X %08X\n", i, text_uint32[i] , key1[i],key1[i<<1])
  67. }*/
  68. for i := 0; i < 0x4000; i++ {
  69. for j := 0; j < 8; j++ {
  70. CNAESTransform((text_uint32[(j << 2):]), key1[:])
  71. }
  72. //memcpy(CNCtx.Scratchpad + (i << 4), text, 128);
  73. copy(ScratchPad_uint32[i*32:], text_uint32[:])
  74. }
  75. a[0] = S[0] ^ S[4]
  76. a[1] = S[1] ^ S[5]
  77. b[0] = S[2] ^ S[6]
  78. b[1] = S[3] ^ S[7]
  79. for i := 0; i < 0x80000; i++ {
  80. // {
  81. c[0] = ScratchPad[((a[0]&0x1FFFF0)>>3)+0]
  82. c[1] = ScratchPad[((a[0]&0x1FFFF0)>>3)+1]
  83. CNAESRnd(c_uint32, a_uint32)
  84. b[0] ^= c[0]
  85. b[1] ^= c[1]
  86. ScratchPad[((a[0]&0x1FFFF0)>>3)+0] = b[0]
  87. ScratchPad[((a[0]&0x1FFFF0)>>3)+1] = b[1]
  88. b[0] = ScratchPad[((c[0]&0x1FFFF0)>>3)+0]
  89. b[1] = ScratchPad[((c[0]&0x1FFFF0)>>3)+1]
  90. // time to do 64 bit * 64 bit multiply
  91. var lower64, upper64 uint64
  92. {
  93. x := c[0]
  94. y := b[0]
  95. a := x >> 32
  96. b := x & 0xffffffff
  97. c := y >> 32
  98. d := y & 0xffffffff
  99. ac := a * c
  100. bc := b * c
  101. ad := a * d
  102. bd := b * d
  103. mid34 := (bd >> 32) + (bc & 0xffffffff) + (ad & 0xffffffff)
  104. upper64 = ac + (bc >> 32) + (ad >> 32) + (mid34 >> 32)
  105. lower64 = (mid34 << 32) | (bd & 0xffffffff)
  106. _ = lower64
  107. _ = upper64
  108. }
  109. a[1] += lower64
  110. a[0] += upper64
  111. ScratchPad[((c[0]&0x1FFFF0)>>3)+0] = a[0]
  112. ScratchPad[((c[0]&0x1FFFF0)>>3)+1] = a[1]
  113. a[0] ^= b[0]
  114. a[1] ^= b[1]
  115. b[0] = c[0]
  116. b[1] = c[1]
  117. }
  118. // fmt.Printf(" a %X %X\n", a[0],a[1]);
  119. // fmt.Printf(" b %X %X\n", b[0],b[1]);
  120. for i := 0; i < 32; i++ {
  121. text_uint32[i] = binary.LittleEndian.Uint32(dummy[64+(i<<2):])
  122. }
  123. for i := 0; i < 0x4000; i++ {
  124. for j := 0; j < 32; j++ {
  125. text_uint32[j] ^= ScratchPad_uint32[(i*32)+j]
  126. }
  127. for j := 0; j < 8; j++ {
  128. CNAESTransform((text_uint32[(j << 2):]), key2[:])
  129. }
  130. }
  131. /*for i :=0; i< 32;i++{
  132. fmt.Printf("%2d %X\n", i, text_uint32[i])
  133. }*/
  134. for i := 0; i < 32; i++ {
  135. binary.LittleEndian.PutUint32(dummy[64+(i<<2):], text_uint32[i])
  136. }
  137. for i := 8; i < 25; i++ {
  138. S[i] = binary.LittleEndian.Uint64(dummy[i<<3:])
  139. }
  140. keccakf(&S) // do the keccak round
  141. /* for i :=0; i< 25;i++{
  142. fmt.Printf("S %02d %X\n", i, S[i])
  143. }*/
  144. // lets convert everything back to bytes
  145. for i := 0; i < 25; i++ {
  146. binary.LittleEndian.PutUint64(dummy[i<<3:], S[i])
  147. }
  148. var resulthash []byte
  149. switch S[0] & 3 {
  150. case 0:
  151. // fmt.Printf("blake\n")
  152. // blake
  153. blakehash := blake256.New()
  154. blakehash.Write(dummy[:200])
  155. resulthash = blakehash.Sum(nil) //matching
  156. case 1: // groestl
  157. // fmt.Printf("groestl not implemented\n")
  158. var output [32]byte
  159. var input = dummy[:200]
  160. crypto_hash(output[:], input, uint64(len(input)))
  161. resulthash = output[:]
  162. case 2: // jh
  163. //fmt.Printf("jh not implemented\n")
  164. myjhash := NewJhash256()
  165. myjhash.Write(dummy[:200])
  166. resulthash = myjhash.Sum(nil)
  167. case 3: // skein
  168. // fmt.Printf("skein\n")
  169. skeinhash := skein.New256(nil)
  170. skeinhash.Write(dummy[:200])
  171. resulthash = skeinhash.Sum(nil) //matchin
  172. }
  173. //fmt.Printf("result hash %x\n", resulthash)
  174. return resulthash
  175. }
  176. /* from original cryptonote source
  177. 0100000000000000000000000000000000000000000000000000000000000000000000102700005a18d9489bcd353aeaf4a19323d04e90353f98f0d7cc2a030cfd76e19495547d01
  178. a73bd37aba3454776b40733854a8349fe6359eb2c91d93bc727c69431c1d1f95hash of blob
  179. // from our implementation
  180. Get long hash a73bd37aba3454776b40733854a8349fe6359eb2c91d93bc727c69431c1d1f95
  181. */
  182. func SlowHash(msg []byte) []byte {
  183. hash := cryptonight(append(msg, byte(0x01)))
  184. // hash := cryptonight(msg)
  185. return hash
  186. }
  187. func main() {
  188. fmt.Printf("Hello World\n")
  189. // convert initial input to first 15 uint64
  190. var msg = []byte("This is a testi" + "\x01") // append final 1 blake
  191. // var msg = []byte("This is a test" + "\x01") // append final 1 groestl
  192. // var msg = []byte("This is a test2" + "\x01") // append final 1 jh hash
  193. //var msg = []byte("This is a testw" + "\x01") // append final 1 skein
  194. hash := cryptonight(msg)
  195. fmt.Printf("hash in hex %s\n", hex.EncodeToString(hash))
  196. //keccak := New256()
  197. //keccak.Sum([]byte("This is a test"));
  198. /* var JH256_H0 = [128]uint8{0xeb,0x98,0xa3,0x41,0x2c,0x20,0xd3,0xeb,0x92,0xcd,0xbe,0x7b,0x9c,0xb2,0x45,0xc1,0x1c,0x93,0x51,0x91,0x60,0xd4,0xc7,0xfa,0x26,0x0,0x82,0xd6,0x7e,0x50,0x8a,0x3,0xa4,0x23,0x9e,0x26,0x77,0x26,0xb9,0x45,0xe0,0xfb,0x1a,0x48,0xd4,0x1a,0x94,0x77,0xcd,0xb5,0xab,0x26,0x2,0x6b,0x17,0x7a,0x56,0xf0,0x24,0x42,0xf,0xff,0x2f,0xa8,0x71,0xa3,0x96,0x89,0x7f,0x2e,0x4d,0x75,0x1d,0x14,0x49,0x8,0xf7,0x7d,0xe2,0x62,0x27,0x76,0x95,0xf7,0x76,0x24,0x8f,0x94,0x87,0xd5,0xb6,0x57,0x47,0x80,0x29,0x6c,0x5c,0x5e,0x27,0x2d,0xac,0x8e,0xd,0x6c,0x51,0x84,0x50,0xc6,0x57,0x5,0x7a,0xf,0x7b,0xe4,0xd3,0x67,0x70,0x24,0x12,0xea,0x89,0xe3,0xab,0x13,0xd3,0x1c,0xd7,0x69}
  199. for i := 0 ; i <16;i++{
  200. // fmt.Printf("%d %X\n",i, binary.LittleEndian.Uint64(JH256_H0[i<<3:]))
  201. }*/
  202. var output [32]byte
  203. var input = []byte("hello")
  204. crypto_hash(output[:], input, uint64(len(input)))
  205. fmt.Printf("Output GROEestl hash %x\n", output)
  206. }
  207. // Rotate
  208. func ROTL32(x uint32, y uint32) uint32 { return (((x) << (y)) | ((x) >> (32 - (y)))) }
  209. func BYTE(x, y uint32) uint32 { return (((x) >> ((y) << 3)) & 0xFF) }
  210. func SubWord(inw uint32) uint32 {
  211. return ((CNAESSbox[BYTE(inw, 3)] << 24) | (CNAESSbox[BYTE(inw, 2)] << 16) | (CNAESSbox[BYTE(inw, 1)] << 8) | CNAESSbox[BYTE(inw, 0)])
  212. }
  213. /*
  214. func AESExpandKey256(keybuf []uint32){
  215. i := uint32(1)
  216. t := uint32(0)
  217. for c := 8 ; c < 60; c++ {
  218. // For 256-bit keys, an sbox permutation is done every other 4th uint generated, AND every 8th
  219. // t := ((!(c & 3))) ? SubWord(keybuf[c - 1]) : keybuf[c - 1];
  220. if (c & 3) == 0 {
  221. t = SubWord(keybuf[c - 1])
  222. }else{
  223. t = keybuf[c - 1];
  224. }
  225. // If the uint we're generating has an index that is a multiple of 8, rotate and XOR with the round constant,
  226. // then XOR this with previously generated uint. If it's 4 after a multiple of 8, only the sbox permutation
  227. // is done, followed by the XOR. If neither are true, only the XOR with the previously generated uint is done.
  228. //keybuf[c] = keybuf[c - 8] ^ ((!(c & 7)) ? ROTL32(t, 24U) ^ ((uint32_t)(CNAESRcon[i++])) : t);
  229. if (keybuf[c - 8] ^ ((!(c & 7))) > 0) {
  230. keybuf[c] = ROTL32(t, 24) ^ ((uint32)(CNAESRcon[i]))
  231. i++
  232. }else{
  233. keybuf[c] = t;
  234. }
  235. }
  236. }
  237. */
  238. func CNAESTransform(X, Key []uint32) {
  239. // fmt.Printf("X %08X %08X \n", X[0],X[1]) ;
  240. for i := uint32(0); i < 10; i++ {
  241. CNAESRnd(X, Key[(i<<2):])
  242. }
  243. }
  244. func CNAESRnd(X, key []uint32) {
  245. var Y [4]uint32
  246. Y[0] = CNAESTbl[BYTE(X[0], 0)] ^ ROTL32(CNAESTbl[BYTE(X[1], 1)], 8) ^ ROTL32(CNAESTbl[BYTE(X[2], 2)], 16) ^ ROTL32(CNAESTbl[BYTE(X[3], 3)], 24)
  247. Y[1] = CNAESTbl[BYTE(X[1], 0)] ^ ROTL32(CNAESTbl[BYTE(X[2], 1)], 8) ^ ROTL32(CNAESTbl[BYTE(X[3], 2)], 16) ^ ROTL32(CNAESTbl[BYTE(X[0], 3)], 24)
  248. Y[2] = CNAESTbl[BYTE(X[2], 0)] ^ ROTL32(CNAESTbl[BYTE(X[3], 1)], 8) ^ ROTL32(CNAESTbl[BYTE(X[0], 2)], 16) ^ ROTL32(CNAESTbl[BYTE(X[1], 3)], 24)
  249. Y[3] = CNAESTbl[BYTE(X[3], 0)] ^ ROTL32(CNAESTbl[BYTE(X[0], 1)], 8) ^ ROTL32(CNAESTbl[BYTE(X[1], 2)], 16) ^ ROTL32(CNAESTbl[BYTE(X[2], 3)], 24)
  250. for i := 0; i < 4; i++ {
  251. X[i] = Y[i] ^ key[i]
  252. }
  253. }
  254. // copied from https://golang.org/src/crypto/aes/block.go
  255. // Apply sbox0 to each byte in w.
  256. func subw(w uint32) uint32 {
  257. return uint32(sbox0[w>>24])<<24 |
  258. uint32(sbox0[w>>16&0xff])<<16 |
  259. uint32(sbox0[w>>8&0xff])<<8 |
  260. uint32(sbox0[w&0xff])
  261. }
  262. // Rotate
  263. func rotw(w uint32) uint32 { return w<<8 | w>>24 }
  264. func swap_uint32(val uint32) uint32 {
  265. val = ((val << 8) & 0xFF00FF00) | ((val >> 8) & 0xFF00FF)
  266. return (val << 16) | (val >> 16)
  267. }
  268. // Key expansion algorithm. See FIPS-197, Figure 11.
  269. // Their rcon[i] is our powx[i-1] << 24.
  270. func expandKeyGo(key []byte, enc, dec []uint32) {
  271. // Encryption key setup.
  272. var i int
  273. nk := len(key) / 4
  274. for i = 0; i < nk; i++ {
  275. enc[i] = uint32(key[4*i])<<24 | uint32(key[4*i+1])<<16 | uint32(key[4*i+2])<<8 | uint32(key[4*i+3])
  276. }
  277. for ; i < len(enc); i++ {
  278. t := enc[i-1]
  279. if i%nk == 0 {
  280. t = subw(rotw(t)) ^ (uint32(powx[i/nk-1]) << 24)
  281. } else if nk > 6 && i%nk == 4 {
  282. t = subw(t)
  283. }
  284. enc[i] = enc[i-nk] ^ t
  285. // fmt.Printf("%2d %X\n", i, enc[i])
  286. }
  287. // key generated by golang need to be swapped
  288. for i := 0; i < 60; i++ {
  289. enc[i] = swap_uint32(enc[i])
  290. //fmt.Printf("%2d %X\n", i, enc[i])
  291. }
  292. /*
  293. // Derive decryption key from encryption key.
  294. // Reverse the 4-word round key sets from enc to produce dec.
  295. // All sets but the first and last get the MixColumn transform applied.
  296. if dec == nil {
  297. return
  298. }
  299. n := len(enc)
  300. for i := 0; i < n; i += 4 {
  301. ei := n - i - 4
  302. for j := 0; j < 4; j++ {
  303. x := enc[ei+j]
  304. if i > 0 && i+4 < n {
  305. x = td0[sbox0[x>>24]] ^ td1[sbox0[x>>16&0xff]] ^ td2[sbox0[x>>8&0xff]] ^ td3[sbox0[x&0xff]]
  306. }
  307. dec[i+j] = x
  308. }
  309. }
  310. */
  311. }
  312. // copied from https://golang.org/src/crypto/aes/const.go
  313. // Powers of x mod poly in GF(2).
  314. var powx = [16]byte{
  315. 0x01,
  316. 0x02,
  317. 0x04,
  318. 0x08,
  319. 0x10,
  320. 0x20,
  321. 0x40,
  322. 0x80,
  323. 0x1b,
  324. 0x36,
  325. 0x6c,
  326. 0xd8,
  327. 0xab,
  328. 0x4d,
  329. 0x9a,
  330. 0x2f,
  331. }
  332. // FIPS-197 Figure 7. S-box substitution values in hexadecimal format.
  333. var sbox0 = [256]byte{
  334. 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
  335. 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
  336. 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
  337. 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
  338. 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
  339. 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
  340. 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
  341. 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
  342. 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
  343. 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
  344. 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
  345. 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
  346. 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
  347. 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
  348. 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
  349. 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16,
  350. }
  351. var CNAESSbox = [256]uint32{
  352. 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
  353. 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
  354. 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
  355. 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
  356. 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
  357. 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
  358. 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
  359. 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
  360. 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
  361. 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
  362. 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
  363. 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
  364. 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
  365. 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
  366. 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
  367. 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16,
  368. }
  369. var CNAESRcon = [8]uint32{0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40}
  370. var CNAESTbl = [256]uint32{0xA56363C6, 0x847C7CF8, 0x997777EE, 0x8D7B7BF6,
  371. 0x0DF2F2FF, 0xBD6B6BD6, 0xB16F6FDE, 0x54C5C591,
  372. 0x50303060, 0x03010102, 0xA96767CE, 0x7D2B2B56,
  373. 0x19FEFEE7, 0x62D7D7B5, 0xE6ABAB4D, 0x9A7676EC,
  374. 0x45CACA8F, 0x9D82821F, 0x40C9C989, 0x877D7DFA,
  375. 0x15FAFAEF, 0xEB5959B2, 0xC947478E, 0x0BF0F0FB,
  376. 0xECADAD41, 0x67D4D4B3, 0xFDA2A25F, 0xEAAFAF45,
  377. 0xBF9C9C23, 0xF7A4A453, 0x967272E4, 0x5BC0C09B,
  378. 0xC2B7B775, 0x1CFDFDE1, 0xAE93933D, 0x6A26264C,
  379. 0x5A36366C, 0x413F3F7E, 0x02F7F7F5, 0x4FCCCC83,
  380. 0x5C343468, 0xF4A5A551, 0x34E5E5D1, 0x08F1F1F9,
  381. 0x937171E2, 0x73D8D8AB, 0x53313162, 0x3F15152A,
  382. 0x0C040408, 0x52C7C795, 0x65232346, 0x5EC3C39D,
  383. 0x28181830, 0xA1969637, 0x0F05050A, 0xB59A9A2F,
  384. 0x0907070E, 0x36121224, 0x9B80801B, 0x3DE2E2DF,
  385. 0x26EBEBCD, 0x6927274E, 0xCDB2B27F, 0x9F7575EA,
  386. 0x1B090912, 0x9E83831D, 0x742C2C58, 0x2E1A1A34,
  387. 0x2D1B1B36, 0xB26E6EDC, 0xEE5A5AB4, 0xFBA0A05B,
  388. 0xF65252A4, 0x4D3B3B76, 0x61D6D6B7, 0xCEB3B37D,
  389. 0x7B292952, 0x3EE3E3DD, 0x712F2F5E, 0x97848413,
  390. 0xF55353A6, 0x68D1D1B9, 0x00000000, 0x2CEDEDC1,
  391. 0x60202040, 0x1FFCFCE3, 0xC8B1B179, 0xED5B5BB6,
  392. 0xBE6A6AD4, 0x46CBCB8D, 0xD9BEBE67, 0x4B393972,
  393. 0xDE4A4A94, 0xD44C4C98, 0xE85858B0, 0x4ACFCF85,
  394. 0x6BD0D0BB, 0x2AEFEFC5, 0xE5AAAA4F, 0x16FBFBED,
  395. 0xC5434386, 0xD74D4D9A, 0x55333366, 0x94858511,
  396. 0xCF45458A, 0x10F9F9E9, 0x06020204, 0x817F7FFE,
  397. 0xF05050A0, 0x443C3C78, 0xBA9F9F25, 0xE3A8A84B,
  398. 0xF35151A2, 0xFEA3A35D, 0xC0404080, 0x8A8F8F05,
  399. 0xAD92923F, 0xBC9D9D21, 0x48383870, 0x04F5F5F1,
  400. 0xDFBCBC63, 0xC1B6B677, 0x75DADAAF, 0x63212142,
  401. 0x30101020, 0x1AFFFFE5, 0x0EF3F3FD, 0x6DD2D2BF,
  402. 0x4CCDCD81, 0x140C0C18, 0x35131326, 0x2FECECC3,
  403. 0xE15F5FBE, 0xA2979735, 0xCC444488, 0x3917172E,
  404. 0x57C4C493, 0xF2A7A755, 0x827E7EFC, 0x473D3D7A,
  405. 0xAC6464C8, 0xE75D5DBA, 0x2B191932, 0x957373E6,
  406. 0xA06060C0, 0x98818119, 0xD14F4F9E, 0x7FDCDCA3,
  407. 0x66222244, 0x7E2A2A54, 0xAB90903B, 0x8388880B,
  408. 0xCA46468C, 0x29EEEEC7, 0xD3B8B86B, 0x3C141428,
  409. 0x79DEDEA7, 0xE25E5EBC, 0x1D0B0B16, 0x76DBDBAD,
  410. 0x3BE0E0DB, 0x56323264, 0x4E3A3A74, 0x1E0A0A14,
  411. 0xDB494992, 0x0A06060C, 0x6C242448, 0xE45C5CB8,
  412. 0x5DC2C29F, 0x6ED3D3BD, 0xEFACAC43, 0xA66262C4,
  413. 0xA8919139, 0xA4959531, 0x37E4E4D3, 0x8B7979F2,
  414. 0x32E7E7D5, 0x43C8C88B, 0x5937376E, 0xB76D6DDA,
  415. 0x8C8D8D01, 0x64D5D5B1, 0xD24E4E9C, 0xE0A9A949,
  416. 0xB46C6CD8, 0xFA5656AC, 0x07F4F4F3, 0x25EAEACF,
  417. 0xAF6565CA, 0x8E7A7AF4, 0xE9AEAE47, 0x18080810,
  418. 0xD5BABA6F, 0x887878F0, 0x6F25254A, 0x722E2E5C,
  419. 0x241C1C38, 0xF1A6A657, 0xC7B4B473, 0x51C6C697,
  420. 0x23E8E8CB, 0x7CDDDDA1, 0x9C7474E8, 0x211F1F3E,
  421. 0xDD4B4B96, 0xDCBDBD61, 0x868B8B0D, 0x858A8A0F,
  422. 0x907070E0, 0x423E3E7C, 0xC4B5B571, 0xAA6666CC,
  423. 0xD8484890, 0x05030306, 0x01F6F6F7, 0x120E0E1C,
  424. 0xA36161C2, 0x5F35356A, 0xF95757AE, 0xD0B9B969,
  425. 0x91868617, 0x58C1C199, 0x271D1D3A, 0xB99E9E27,
  426. 0x38E1E1D9, 0x13F8F8EB, 0xB398982B, 0x33111122,
  427. 0xBB6969D2, 0x70D9D9A9, 0x898E8E07, 0xA7949433,
  428. 0xB69B9B2D, 0x221E1E3C, 0x92878715, 0x20E9E9C9,
  429. 0x49CECE87, 0xFF5555AA, 0x78282850, 0x7ADFDFA5,
  430. 0x8F8C8C03, 0xF8A1A159, 0x80898909, 0x170D0D1A,
  431. 0xDABFBF65, 0x31E6E6D7, 0xC6424284, 0xB86868D0,
  432. 0xC3414182, 0xB0999929, 0x772D2D5A, 0x110F0F1E,
  433. 0xCBB0B07B, 0xFC5454A8, 0xD6BBBB6D, 0x3A16162C,
  434. }