/rust/registry/src/index.crates.io-1949cf8c6b5b557f/rand_chacha-0.3.1/src/guts.rs

Source
// Copyright 2019 The CryptoCorrosion Contributors
// Copyright 2020 Developers of the Rand project.
//
// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
// option. This file may not be copied, modified, or distributed
// except according to those terms.

//! The ChaCha random number generator.

use ppv_lite86::{dispatch, dispatch_light128};

pub use ppv_lite86::Machine;
use ppv_lite86::{vec128_storage, ArithOps, BitOps32, LaneWords4, MultiLane, StoreBytes, Vec4};

pub(crate) const BLOCK: usize = 64;
pub(crate) const BLOCK64: u64 = BLOCK as u64;
const LOG2_BUFBLOCKS: u64 = 2;
const BUFBLOCKS: u64 = 1 << LOG2_BUFBLOCKS;
pub(crate) const BUFSZ64: u64 = BLOCK64 * BUFBLOCKS;
pub(crate) const BUFSZ: usize = BUFSZ64 as usize;

const STREAM_PARAM_NONCE: u32 = 1;
const STREAM_PARAM_BLOCK: u32 = 0;

#[derive(Clone, PartialEq, Eq)]
pub struct ChaCha {
    pub(crate) b: vec128_storage,
    pub(crate) c: vec128_storage,
    pub(crate) d: vec128_storage,
}

#[derive(Clone)]
pub struct State<V> {
    pub(crate) a: V,
    pub(crate) b: V,
    pub(crate) c: V,
    pub(crate) d: V,
}

#[inline(always)]
pub(crate) fn round<V: ArithOps + BitOps32>(mut x: State<V>) -> State<V> {
    x.a += x.b;
    x.d = (x.d ^ x.a).rotate_each_word_right16();
    x.c += x.d;
    x.b = (x.b ^ x.c).rotate_each_word_right20();
    x.a += x.b;
    x.d = (x.d ^ x.a).rotate_each_word_right24();
    x.c += x.d;
    x.b = (x.b ^ x.c).rotate_each_word_right25();
    x
}

#[inline(always)]
pub(crate) fn diagonalize<V: LaneWords4>(mut x: State<V>) -> State<V> {
    x.b = x.b.shuffle_lane_words3012();
    x.c = x.c.shuffle_lane_words2301();
    x.d = x.d.shuffle_lane_words1230();
    x
}
#[inline(always)]
pub(crate) fn undiagonalize<V: LaneWords4>(mut x: State<V>) -> State<V> {
    x.b = x.b.shuffle_lane_words1230();
    x.c = x.c.shuffle_lane_words2301();
    x.d = x.d.shuffle_lane_words3012();
    x
}

impl ChaCha {
    #[inline(always)]
    pub fn new(key: &[u8; 32], nonce: &[u8]) -> Self {
        init_chacha(key, nonce)
    }

    #[inline(always)]
    fn pos64<M: Machine>(&self, m: M) -> u64 {
        let d: M::u32x4 = m.unpack(self.d);
        ((d.extract(1) as u64) << 32) | d.extract(0) as u64
    }

    /// Produce 4 blocks of output, advancing the state
    #[inline(always)]
    pub fn refill4(&mut self, drounds: u32, out: &mut [u8; BUFSZ]) {
        refill_wide(self, drounds, out)
    }

    #[inline(always)]
    pub fn set_block_pos(&mut self, value: u64) {
        set_stream_param(self, STREAM_PARAM_BLOCK, value)
    }

    #[inline(always)]
    pub fn get_block_pos(&self) -> u64 {
        get_stream_param(self, STREAM_PARAM_BLOCK)
    }

    #[inline(always)]
    pub fn set_nonce(&mut self, value: u64) {
        set_stream_param(self, STREAM_PARAM_NONCE, value)
    }

    #[inline(always)]
    pub fn get_nonce(&self) -> u64 {
        get_stream_param(self, STREAM_PARAM_NONCE)
    }

    #[inline(always)]
    pub fn get_seed(&self) -> [u8; 32] {
        get_seed(self)
    }
}

#[allow(clippy::many_single_char_names)]
#[inline(always)]
fn refill_wide_impl<Mach: Machine>(
    m: Mach, state: &mut ChaCha, drounds: u32, out: &mut [u8; BUFSZ],
) {
    let k = m.vec([0x6170_7865, 0x3320_646e, 0x7962_2d32, 0x6b20_6574]);
    let mut pos = state.pos64(m);
    let d0: Mach::u32x4 = m.unpack(state.d);
    pos = pos.wrapping_add(1);
    let d1 = d0.insert((pos >> 32) as u32, 1).insert(pos as u32, 0);
    pos = pos.wrapping_add(1);
    let d2 = d0.insert((pos >> 32) as u32, 1).insert(pos as u32, 0);
    pos = pos.wrapping_add(1);
    let d3 = d0.insert((pos >> 32) as u32, 1).insert(pos as u32, 0);

    let b = m.unpack(state.b);
    let c = m.unpack(state.c);
    let mut x = State {
        a: Mach::u32x4x4::from_lanes([k, k, k, k]),
        b: Mach::u32x4x4::from_lanes([b, b, b, b]),
        c: Mach::u32x4x4::from_lanes([c, c, c, c]),
        d: m.unpack(Mach::u32x4x4::from_lanes([d0, d1, d2, d3]).into()),
    };
    for _ in 0..drounds {
        x = round(x);
        x = undiagonalize(round(diagonalize(x)));
    }
    let mut pos = state.pos64(m);
    let d0: Mach::u32x4 = m.unpack(state.d);
    pos = pos.wrapping_add(1);
    let d1 = d0.insert((pos >> 32) as u32, 1).insert(pos as u32, 0);
    pos = pos.wrapping_add(1);
    let d2 = d0.insert((pos >> 32) as u32, 1).insert(pos as u32, 0);
    pos = pos.wrapping_add(1);
    let d3 = d0.insert((pos >> 32) as u32, 1).insert(pos as u32, 0);
    pos = pos.wrapping_add(1);
    let d4 = d0.insert((pos >> 32) as u32, 1).insert(pos as u32, 0);

    let (a, b, c, d) = (
        x.a.to_lanes(),
        x.b.to_lanes(),
        x.c.to_lanes(),
        x.d.to_lanes(),
    );
    let sb = m.unpack(state.b);
    let sc = m.unpack(state.c);
    let sd = [m.unpack(state.d), d1, d2, d3];
    state.d = d4.into();
    let mut words = out.chunks_exact_mut(16);
    for ((((&a, &b), &c), &d), &sd) in a.iter().zip(&b).zip(&c).zip(&d).zip(&sd) {
        (a + k).write_le(words.next().unwrap());
        (b + sb).write_le(words.next().unwrap());
        (c + sc).write_le(words.next().unwrap());
        (d + sd).write_le(words.next().unwrap());
    }
}

dispatch!(m, Mach, {
    fn refill_wide(state: &mut ChaCha, drounds: u32, out: &mut [u8; BUFSZ]) {
        refill_wide_impl(m, state, drounds, out);
    }
});

// Single-block, rounds-only; shared by try_apply_keystream for tails shorter than BUFSZ
// and XChaCha's setup step.
dispatch!(m, Mach, {
    fn refill_narrow_rounds(state: &mut ChaCha, drounds: u32) -> State<vec128_storage> {
        let k: Mach::u32x4 = m.vec([0x6170_7865, 0x3320_646e, 0x7962_2d32, 0x6b20_6574]);
        let mut x = State {
            a: k,
            b: m.unpack(state.b),
            c: m.unpack(state.c),
            d: m.unpack(state.d),
        };
        for _ in 0..drounds {
            x = round(x);
            x = undiagonalize(round(diagonalize(x)));
        }
        State {
            a: x.a.into(),
            b: x.b.into(),
            c: x.c.into(),
            d: x.d.into(),
        }
    }
});

dispatch_light128!(m, Mach, {
    fn set_stream_param(state: &mut ChaCha, param: u32, value: u64) {
        let d: Mach::u32x4 = m.unpack(state.d);
        state.d = d
            .insert((value >> 32) as u32, (param << 1) | 1)
            .insert(value as u32, param << 1)
            .into();
    }
});

dispatch_light128!(m, Mach, {
    fn get_stream_param(state: &ChaCha, param: u32) -> u64 {
        let d: Mach::u32x4 = m.unpack(state.d);
        ((d.extract((param << 1) | 1) as u64) << 32) | d.extract(param << 1) as u64
    }
});

dispatch_light128!(m, Mach, {
    fn get_seed(state: &ChaCha) -> [u8; 32] {
        let b: Mach::u32x4 = m.unpack(state.b);
        let c: Mach::u32x4 = m.unpack(state.c);
        let mut key = [0u8; 32];
        b.write_le(&mut key[..16]);
        c.write_le(&mut key[16..]);
        key
    }
});

fn read_u32le(xs: &[u8]) -> u32 {
    assert_eq!(xs.len(), 4);
    u32::from(xs[0]) | (u32::from(xs[1]) << 8) | (u32::from(xs[2]) << 16) | (u32::from(xs[3]) << 24)
}

dispatch_light128!(m, Mach, {
    fn init_chacha(key: &[u8; 32], nonce: &[u8]) -> ChaCha {
        let ctr_nonce = [
            0,
            if nonce.len() == 12 {
                read_u32le(&nonce[0..4])
            } else {
                0
            },
            read_u32le(&nonce[nonce.len() - 8..nonce.len() - 4]),
            read_u32le(&nonce[nonce.len() - 4..]),
        ];
        let key0: Mach::u32x4 = m.read_le(&key[..16]);
        let key1: Mach::u32x4 = m.read_le(&key[16..]);
        ChaCha {
            b: key0.into(),
            c: key1.into(),
            d: ctr_nonce.into(),
        }
    }
});

dispatch_light128!(m, Mach, {
    fn init_chacha_x(key: &[u8; 32], nonce: &[u8; 24], rounds: u32) -> ChaCha {
        let key0: Mach::u32x4 = m.read_le(&key[..16]);
        let key1: Mach::u32x4 = m.read_le(&key[16..]);
        let nonce0: Mach::u32x4 = m.read_le(&nonce[..16]);
        let mut state = ChaCha {
            b: key0.into(),
            c: key1.into(),
            d: nonce0.into(),
        };
        let x = refill_narrow_rounds(&mut state, rounds);
        let ctr_nonce1 = [0, 0, read_u32le(&nonce[16..20]), read_u32le(&nonce[20..24])];
        state.b = x.a;
        state.c = x.d;
        state.d = ctr_nonce1.into();
        state
    }
});

Coverage Report

Created: 2025-11-16 06:37

Line	Count	Source
1		// Copyright 2019 The CryptoCorrosion Contributors
2		// Copyright 2020 Developers of the Rand project.
3		//
4		// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
5		// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
6		// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
7		// option. This file may not be copied, modified, or distributed
8		// except according to those terms.
9
10		//! The ChaCha random number generator.
11
12		use ppv_lite86::{dispatch, dispatch_light128};
13
14		pub use ppv_lite86::Machine;
15		use ppv_lite86::{vec128_storage, ArithOps, BitOps32, LaneWords4, MultiLane, StoreBytes, Vec4};
16
17		pub(crate) const BLOCK: usize = 64;
18		pub(crate) const BLOCK64: u64 = BLOCK as u64;
19		const LOG2_BUFBLOCKS: u64 = 2;
20		const BUFBLOCKS: u64 = 1 << LOG2_BUFBLOCKS;
21		pub(crate) const BUFSZ64: u64 = BLOCK64 * BUFBLOCKS;
22		pub(crate) const BUFSZ: usize = BUFSZ64 as usize;
23
24		const STREAM_PARAM_NONCE: u32 = 1;
25		const STREAM_PARAM_BLOCK: u32 = 0;
26
27		#[derive(Clone, PartialEq, Eq)]
28		pub struct ChaCha {
29		pub(crate) b: vec128_storage,
30		pub(crate) c: vec128_storage,
31		pub(crate) d: vec128_storage,
32		}
33
34		#[derive(Clone)]
35		pub struct State<V> {
36		pub(crate) a: V,
37		pub(crate) b: V,
38		pub(crate) c: V,
39		pub(crate) d: V,
40		}
41
42		#[inline(always)]
43	0	pub(crate) fn round<V: ArithOps + BitOps32>(mut x: State<V>) -> State<V> {
44	0	x.a += x.b;
45	0	x.d = (x.d ^ x.a).rotate_each_word_right16();
46	0	x.c += x.d;
47	0	x.b = (x.b ^ x.c).rotate_each_word_right20();
48	0	x.a += x.b;
49	0	x.d = (x.d ^ x.a).rotate_each_word_right24();
50	0	x.c += x.d;
51	0	x.b = (x.b ^ x.c).rotate_each_word_right25();
52	0	x
53	0	} Unexecuted instantiation: rand_chacha::guts::round::<ppv_lite86::soft::x2<ppv_lite86::x86_64::sse2::avx2::u32x4x2_avx2<ppv_lite86::x86_64::NoNI>, ppv_lite86::x86_64::sse2::G0>> Unexecuted instantiation: rand_chacha::guts::round::<ppv_lite86::soft::x4<ppv_lite86::x86_64::sse2::u32x4_sse2<ppv_lite86::x86_64::NoS3, ppv_lite86::x86_64::NoS4, ppv_lite86::x86_64::NoNI>>> Unexecuted instantiation: rand_chacha::guts::round::<ppv_lite86::soft::x4<ppv_lite86::x86_64::sse2::u32x4_sse2<ppv_lite86::x86_64::YesS3, ppv_lite86::x86_64::NoS4, ppv_lite86::x86_64::NoNI>>> Unexecuted instantiation: rand_chacha::guts::round::<ppv_lite86::soft::x4<ppv_lite86::x86_64::sse2::u32x4_sse2<ppv_lite86::x86_64::YesS3, ppv_lite86::x86_64::YesS4, ppv_lite86::x86_64::NoNI>>>
54
55		#[inline(always)]
56	0	pub(crate) fn diagonalize<V: LaneWords4>(mut x: State<V>) -> State<V> {
57	0	x.b = x.b.shuffle_lane_words3012();
58	0	x.c = x.c.shuffle_lane_words2301();
59	0	x.d = x.d.shuffle_lane_words1230();
60	0	x
61	0	} Unexecuted instantiation: rand_chacha::guts::diagonalize::<ppv_lite86::soft::x2<ppv_lite86::x86_64::sse2::avx2::u32x4x2_avx2<ppv_lite86::x86_64::NoNI>, ppv_lite86::x86_64::sse2::G0>> Unexecuted instantiation: rand_chacha::guts::diagonalize::<ppv_lite86::soft::x4<ppv_lite86::x86_64::sse2::u32x4_sse2<ppv_lite86::x86_64::NoS3, ppv_lite86::x86_64::NoS4, ppv_lite86::x86_64::NoNI>>> Unexecuted instantiation: rand_chacha::guts::diagonalize::<ppv_lite86::soft::x4<ppv_lite86::x86_64::sse2::u32x4_sse2<ppv_lite86::x86_64::YesS3, ppv_lite86::x86_64::NoS4, ppv_lite86::x86_64::NoNI>>> Unexecuted instantiation: rand_chacha::guts::diagonalize::<ppv_lite86::soft::x4<ppv_lite86::x86_64::sse2::u32x4_sse2<ppv_lite86::x86_64::YesS3, ppv_lite86::x86_64::YesS4, ppv_lite86::x86_64::NoNI>>>
62		#[inline(always)]
63	0	pub(crate) fn undiagonalize<V: LaneWords4>(mut x: State<V>) -> State<V> {
64	0	x.b = x.b.shuffle_lane_words1230();
65	0	x.c = x.c.shuffle_lane_words2301();
66	0	x.d = x.d.shuffle_lane_words3012();
67	0	x
68	0	} Unexecuted instantiation: rand_chacha::guts::undiagonalize::<ppv_lite86::soft::x2<ppv_lite86::x86_64::sse2::avx2::u32x4x2_avx2<ppv_lite86::x86_64::NoNI>, ppv_lite86::x86_64::sse2::G0>> Unexecuted instantiation: rand_chacha::guts::undiagonalize::<ppv_lite86::soft::x4<ppv_lite86::x86_64::sse2::u32x4_sse2<ppv_lite86::x86_64::NoS3, ppv_lite86::x86_64::NoS4, ppv_lite86::x86_64::NoNI>>> Unexecuted instantiation: rand_chacha::guts::undiagonalize::<ppv_lite86::soft::x4<ppv_lite86::x86_64::sse2::u32x4_sse2<ppv_lite86::x86_64::YesS3, ppv_lite86::x86_64::NoS4, ppv_lite86::x86_64::NoNI>>> Unexecuted instantiation: rand_chacha::guts::undiagonalize::<ppv_lite86::soft::x4<ppv_lite86::x86_64::sse2::u32x4_sse2<ppv_lite86::x86_64::YesS3, ppv_lite86::x86_64::YesS4, ppv_lite86::x86_64::NoNI>>>
69
70		impl ChaCha {
71		#[inline(always)]
72	0	pub fn new(key: &[u8; 32], nonce: &[u8]) -> Self {
73	0	init_chacha(key, nonce)
74	0	}
75
76		#[inline(always)]
77	0	fn pos64<M: Machine>(&self, m: M) -> u64 {
78	0	let d: M::u32x4 = m.unpack(self.d);
79	0	((d.extract(1) as u64) << 32) \| d.extract(0) as u64
80	0	} Unexecuted instantiation: <rand_chacha::guts::ChaCha>::pos64::<ppv_lite86::x86_64::SseMachine<ppv_lite86::x86_64::NoS3, ppv_lite86::x86_64::NoS4, ppv_lite86::x86_64::NoNI>> Unexecuted instantiation: <rand_chacha::guts::ChaCha>::pos64::<ppv_lite86::x86_64::SseMachine<ppv_lite86::x86_64::YesS3, ppv_lite86::x86_64::NoS4, ppv_lite86::x86_64::NoNI>> Unexecuted instantiation: <rand_chacha::guts::ChaCha>::pos64::<ppv_lite86::x86_64::SseMachine<ppv_lite86::x86_64::YesS3, ppv_lite86::x86_64::YesS4, ppv_lite86::x86_64::NoNI>> Unexecuted instantiation: <rand_chacha::guts::ChaCha>::pos64::<ppv_lite86::x86_64::Avx2Machine<ppv_lite86::x86_64::NoNI>>
81
82		/// Produce 4 blocks of output, advancing the state
83		#[inline(always)]
84	0	pub fn refill4(&mut self, drounds: u32, out: &mut [u8; BUFSZ]) {
85	0	refill_wide(self, drounds, out)
86	0	}
87
88		#[inline(always)]
89	0	pub fn set_block_pos(&mut self, value: u64) {
90	0	set_stream_param(self, STREAM_PARAM_BLOCK, value)
91	0	}
92
93		#[inline(always)]
94	0	pub fn get_block_pos(&self) -> u64 {
95	0	get_stream_param(self, STREAM_PARAM_BLOCK)
96	0	}
97
98		#[inline(always)]
99	0	pub fn set_nonce(&mut self, value: u64) {
100	0	set_stream_param(self, STREAM_PARAM_NONCE, value)
101	0	}
102
103		#[inline(always)]
104	0	pub fn get_nonce(&self) -> u64 {
105	0	get_stream_param(self, STREAM_PARAM_NONCE)
106	0	}
107
108		#[inline(always)]
109	0	pub fn get_seed(&self) -> [u8; 32] {
110	0	get_seed(self)
111	0	}
112		}
113
114		#[allow(clippy::many_single_char_names)]
115		#[inline(always)]
116	0	fn refill_wide_impl<Mach: Machine>(
117	0	m: Mach, state: &mut ChaCha, drounds: u32, out: &mut [u8; BUFSZ],
118	0	) {
119	0	let k = m.vec([0x6170_7865, 0x3320_646e, 0x7962_2d32, 0x6b20_6574]);
120	0	let mut pos = state.pos64(m);
121	0	let d0: Mach::u32x4 = m.unpack(state.d);
122	0	pos = pos.wrapping_add(1);
123	0	let d1 = d0.insert((pos >> 32) as u32, 1).insert(pos as u32, 0);
124	0	pos = pos.wrapping_add(1);
125	0	let d2 = d0.insert((pos >> 32) as u32, 1).insert(pos as u32, 0);
126	0	pos = pos.wrapping_add(1);
127	0	let d3 = d0.insert((pos >> 32) as u32, 1).insert(pos as u32, 0);
128
129	0	let b = m.unpack(state.b);
130	0	let c = m.unpack(state.c);
131	0	let mut x = State {
132	0	a: Mach::u32x4x4::from_lanes([k, k, k, k]),
133	0	b: Mach::u32x4x4::from_lanes([b, b, b, b]),
134	0	c: Mach::u32x4x4::from_lanes([c, c, c, c]),
135	0	d: m.unpack(Mach::u32x4x4::from_lanes([d0, d1, d2, d3]).into()),
136	0	};
137	0	for _ in 0..drounds {
138	0	x = round(x);
139	0	x = undiagonalize(round(diagonalize(x)));
140	0	}
141	0	let mut pos = state.pos64(m);
142	0	let d0: Mach::u32x4 = m.unpack(state.d);
143	0	pos = pos.wrapping_add(1);
144	0	let d1 = d0.insert((pos >> 32) as u32, 1).insert(pos as u32, 0);
145	0	pos = pos.wrapping_add(1);
146	0	let d2 = d0.insert((pos >> 32) as u32, 1).insert(pos as u32, 0);
147	0	pos = pos.wrapping_add(1);
148	0	let d3 = d0.insert((pos >> 32) as u32, 1).insert(pos as u32, 0);
149	0	pos = pos.wrapping_add(1);
150	0	let d4 = d0.insert((pos >> 32) as u32, 1).insert(pos as u32, 0);
151
152	0	let (a, b, c, d) = (
153	0	x.a.to_lanes(),
154	0	x.b.to_lanes(),
155	0	x.c.to_lanes(),
156	0	x.d.to_lanes(),
157	0	);
158	0	let sb = m.unpack(state.b);
159	0	let sc = m.unpack(state.c);
160	0	let sd = [m.unpack(state.d), d1, d2, d3];
161	0	state.d = d4.into();
162	0	let mut words = out.chunks_exact_mut(16);
163	0	for ((((&a, &b), &c), &d), &sd) in a.iter().zip(&b).zip(&c).zip(&d).zip(&sd) {
164	0	(a + k).write_le(words.next().unwrap());
165	0	(b + sb).write_le(words.next().unwrap());
166	0	(c + sc).write_le(words.next().unwrap());
167	0	(d + sd).write_le(words.next().unwrap());
168	0	}
169	0	} Unexecuted instantiation: rand_chacha::guts::refill_wide_impl::<ppv_lite86::x86_64::SseMachine<ppv_lite86::x86_64::NoS3, ppv_lite86::x86_64::NoS4, ppv_lite86::x86_64::NoNI>> Unexecuted instantiation: rand_chacha::guts::refill_wide_impl::<ppv_lite86::x86_64::SseMachine<ppv_lite86::x86_64::YesS3, ppv_lite86::x86_64::NoS4, ppv_lite86::x86_64::NoNI>> Unexecuted instantiation: rand_chacha::guts::refill_wide_impl::<ppv_lite86::x86_64::SseMachine<ppv_lite86::x86_64::YesS3, ppv_lite86::x86_64::YesS4, ppv_lite86::x86_64::NoNI>> Unexecuted instantiation: rand_chacha::guts::refill_wide_impl::<ppv_lite86::x86_64::Avx2Machine<ppv_lite86::x86_64::NoNI>>
170
171		dispatch!(m, Mach, {
172	0	fn refill_wide(state: &mut ChaCha, drounds: u32, out: &mut [u8; BUFSZ]) {
173	0	refill_wide_impl(m, state, drounds, out); Unexecuted instantiation: rand_chacha::guts::refill_wide::fn_impl::<ppv_lite86::x86_64::SseMachine<ppv_lite86::x86_64::NoS3, ppv_lite86::x86_64::NoS4, ppv_lite86::x86_64::NoNI>> Unexecuted instantiation: rand_chacha::guts::refill_wide::fn_impl::<ppv_lite86::x86_64::SseMachine<ppv_lite86::x86_64::YesS3, ppv_lite86::x86_64::NoS4, ppv_lite86::x86_64::NoNI>> Unexecuted instantiation: rand_chacha::guts::refill_wide::fn_impl::<ppv_lite86::x86_64::SseMachine<ppv_lite86::x86_64::YesS3, ppv_lite86::x86_64::YesS4, ppv_lite86::x86_64::NoNI>> Unexecuted instantiation: rand_chacha::guts::refill_wide::fn_impl::<ppv_lite86::x86_64::Avx2Machine<ppv_lite86::x86_64::NoNI>>
174		}
175		});
176
177		// Single-block, rounds-only; shared by try_apply_keystream for tails shorter than BUFSZ
178		// and XChaCha's setup step.
179		dispatch!(m, Mach, {
180	0	fn refill_narrow_rounds(state: &mut ChaCha, drounds: u32) -> State<vec128_storage> {
181	0	let k: Mach::u32x4 = m.vec([0x6170_7865, 0x3320_646e, 0x7962_2d32, 0x6b20_6574]);
182	0	let mut x = State {
183	0	a: k,
184	0	b: m.unpack(state.b),
185	0	c: m.unpack(state.c),
186	0	d: m.unpack(state.d),
187	0	};
188	0	for _ in 0..drounds {
189	0	x = round(x);
190	0	x = undiagonalize(round(diagonalize(x)));
191	0	}
192	0	State {
193	0	a: x.a.into(),
194	0	b: x.b.into(),
195	0	c: x.c.into(),
196	0	d: x.d.into(),
197	0	}
198		}
199		});
200
201		dispatch_light128!(m, Mach, {
202	0	fn set_stream_param(state: &mut ChaCha, param: u32, value: u64) {
203	0	let d: Mach::u32x4 = m.unpack(state.d);
204	0	state.d = d
205	0	.insert((value >> 32) as u32, (param << 1) \| 1)
206	0	.insert(value as u32, param << 1)
207	0	.into(); Unexecuted instantiation: rand_chacha::guts::set_stream_param::fn_impl::<ppv_lite86::x86_64::SseMachine<ppv_lite86::x86_64::NoS3, ppv_lite86::x86_64::NoS4, ppv_lite86::x86_64::NoNI>> Unexecuted instantiation: rand_chacha::guts::set_stream_param::fn_impl::<ppv_lite86::x86_64::SseMachine<ppv_lite86::x86_64::YesS3, ppv_lite86::x86_64::YesS4, ppv_lite86::x86_64::NoNI>>
208		}
209		});
210
211		dispatch_light128!(m, Mach, {
212	0	fn get_stream_param(state: &ChaCha, param: u32) -> u64 {
213	0	let d: Mach::u32x4 = m.unpack(state.d);
214	0	((d.extract((param << 1) \| 1) as u64) << 32) \| d.extract(param << 1) as u64 Unexecuted instantiation: rand_chacha::guts::get_stream_param::fn_impl::<ppv_lite86::x86_64::SseMachine<ppv_lite86::x86_64::NoS3, ppv_lite86::x86_64::NoS4, ppv_lite86::x86_64::NoNI>> Unexecuted instantiation: rand_chacha::guts::get_stream_param::fn_impl::<ppv_lite86::x86_64::SseMachine<ppv_lite86::x86_64::YesS3, ppv_lite86::x86_64::YesS4, ppv_lite86::x86_64::NoNI>>
215		}
216		});
217
218		dispatch_light128!(m, Mach, {
219	0	fn get_seed(state: &ChaCha) -> [u8; 32] {
220	0	let b: Mach::u32x4 = m.unpack(state.b);
221	0	let c: Mach::u32x4 = m.unpack(state.c);
222	0	let mut key = [0u8; 32];
223	0	b.write_le(&mut key[..16]);
224	0	c.write_le(&mut key[16..]);
225	0	key Unexecuted instantiation: rand_chacha::guts::get_seed::fn_impl::<ppv_lite86::x86_64::SseMachine<ppv_lite86::x86_64::NoS3, ppv_lite86::x86_64::NoS4, ppv_lite86::x86_64::NoNI>> Unexecuted instantiation: rand_chacha::guts::get_seed::fn_impl::<ppv_lite86::x86_64::SseMachine<ppv_lite86::x86_64::YesS3, ppv_lite86::x86_64::YesS4, ppv_lite86::x86_64::NoNI>>
226		}
227		});
228
229	0	fn read_u32le(xs: &[u8]) -> u32 {
230	0	assert_eq!(xs.len(), 4);
231	0	u32::from(xs[0]) \| (u32::from(xs[1]) << 8) \| (u32::from(xs[2]) << 16) \| (u32::from(xs[3]) << 24)
232	0	}
233
234		dispatch_light128!(m, Mach, {
235	0	fn init_chacha(key: &[u8; 32], nonce: &[u8]) -> ChaCha {
236	0	let ctr_nonce = [
237		0,
238	0	if nonce.len() == 12 {
239	0	read_u32le(&nonce[0..4])
240		} else {
241	0	0
242		},
243	0	read_u32le(&nonce[nonce.len() - 8..nonce.len() - 4]),
244	0	read_u32le(&nonce[nonce.len() - 4..]),
245		];
246	0	let key0: Mach::u32x4 = m.read_le(&key[..16]);
247	0	let key1: Mach::u32x4 = m.read_le(&key[16..]);
248	0	ChaCha {
249	0	b: key0.into(),
250	0	c: key1.into(),
251	0	d: ctr_nonce.into(),
252	0	} Unexecuted instantiation: rand_chacha::guts::init_chacha::fn_impl::<ppv_lite86::x86_64::SseMachine<ppv_lite86::x86_64::NoS3, ppv_lite86::x86_64::NoS4, ppv_lite86::x86_64::NoNI>> Unexecuted instantiation: rand_chacha::guts::init_chacha::fn_impl::<ppv_lite86::x86_64::SseMachine<ppv_lite86::x86_64::YesS3, ppv_lite86::x86_64::YesS4, ppv_lite86::x86_64::NoNI>>
253		}
254		});
255
256		dispatch_light128!(m, Mach, {
257	0	fn init_chacha_x(key: &[u8; 32], nonce: &[u8; 24], rounds: u32) -> ChaCha {
258	0	let key0: Mach::u32x4 = m.read_le(&key[..16]);
259	0	let key1: Mach::u32x4 = m.read_le(&key[16..]);
260	0	let nonce0: Mach::u32x4 = m.read_le(&nonce[..16]);
261	0	let mut state = ChaCha {
262	0	b: key0.into(),
263	0	c: key1.into(),
264	0	d: nonce0.into(),
265	0	};
266	0	let x = refill_narrow_rounds(&mut state, rounds);
267	0	let ctr_nonce1 = [0, 0, read_u32le(&nonce[16..20]), read_u32le(&nonce[20..24])];
268	0	state.b = x.a;
269	0	state.c = x.d;
270	0	state.d = ctr_nonce1.into();
271	0	state
272		}
273		});