*** empty log message ***

Rev: ChangeLog:1.360 Rev: src/nettle/.cvsignore:1.2 Rev: src/nettle/ChangeLog:1.3 Rev: src/nettle/aes.c:1.2 Rev: src/nettle/des.c:1.1 Rev: src/nettle/des.h:1.1 Rev: src/nettle/desCode.h:1.1 Rev: src/nettle/descore.README:1.1 Rev: src/nettle/desdata.c:1.1 Rev: src/nettle/desinfo.h:1.1 Rev: src/nettle/testsuite/.cvsignore:1.2

* empty log message *
Rev: ChangeLog:1.360 Rev: src/nettle/.cvsignore:1.2 Rev: src/nettle/ChangeLog:1.3 Rev: src/nettle/aes.c:1.2 Rev: src/nettle/des.c:1.1 Rev: src/nettle/des.h:1.1 Rev: src/nettle/desCode.h:1.1 Rev: src/nettle/descore.README:1.1 Rev: src/nettle/desdata.c:1.1 Rev: src/nettle/desinfo.h:1.1 Rev: src/nettle/testsuite/.cvsignore:1.2
df7d6bf6 · Niels Möller · caa82fb0 · df7d6bf6 · df7d6bf6 · df7d6bf6
Commit df7d6bf6 authored Jun 12, 2001 by Niels Möller
13 changed files
--- a/ChangeLog
+++ b/ChangeLog
+2001-06-12  Niels Mller  <nisse@cuckoo.hack.org>
+
+	* src/dsa.c, src/dsa_keygen.c, src/md5.c, src/rijndael.c,
+	src/sha.c: Adapted to the nettle API.
+
+	* configure.in: Use src/nettle instead of src/symmetric.
+	* src/Makefile.am.in: Likewise.
+
 2001-06-09  Niels Mller  <nisse@cuckoo.hack.org>

 	* src/io.c (do_consuming_read): In the EOF case, call

--- a/src/nettle/.cvsignore
+++ b/src/nettle/.cvsignore
@@ -8,5 +8,9 @@ config.h.in
 config.log
 config.status
 configure
+desdata
+keymap.h
+parity.h
+rotors.h
 stamp-h
 stamp-h.in
--- a/src/nettle/.gitignore
+++ b/src/nettle/.gitignore
@@ -8,5 +8,9 @@
 /config.log
 /config.status
 /configure
+/desdata
+/keymap.h
+/parity.h
+/rotors.h
 /stamp-h
 /stamp-h.in
--- a/src/nettle/ChangeLog
+++ b/src/nettle/ChangeLog
+2001-06-12  Niels Mller  <nisse@cuckoo.hack.org>
+
+	* testsuite/Makefile.am (TS_PROGS): Added tests for des and sha1. 
+
+	* testsuite/sha1-test.m4: New file.
+
+	* testsuite/des-test.m4: New file.
+
+	* Added SHA1 files.
+
+	* Added desCore files.
+	
+	* Makefile.am: Added desCore and sha1.
+
 2001-04-17  Niels Mller  <nisse@cuckoo.hack.org>

 	* install-sh: Copied the standard install script.

--- a/src/nettle/aes.c
+++ b/src/nettle/aes.c
-/* aes.h
+/* aes.c
 *
 * The aes/rijndael block cipher.
 */

--- a/src/nettle/des.c
+++ b/src/nettle/des.c
+/* des.c
+ *
+ * The des block cipher.
+ *
+ * $Id$
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2001 Niels Mller
+ *  
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ * 
+ * The GNU MP Library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the GNU MP Library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+/*	des - fast & portable DES encryption & decryption.
+ *	Copyright (C) 1992  Dana L. How
+ *	Please see the file `descore.README' for the complete copyright notice.
+ */
+
+#include "des.h"
+
+#include "desCode.h"
+
+#include <assert.h>
+
+static ENCRYPT(DesSmallFipsEncrypt,TEMPSMALL, LOADFIPS,KEYMAPSMALL,SAVEFIPS)
+static DECRYPT(DesSmallFipsDecrypt,TEMPSMALL, LOADFIPS,KEYMAPSMALL,SAVEFIPS)
+
+/* various tables */
+
+uint32_t des_keymap[] = {
+#include	"keymap.h"
+};
+
+static uint8_t rotors[] = {
+#include	"rotors.h"
+};
+static char parity[] = {
+#include	"parity.h"
+};
+
+int
+des_set_key(struct des_ctx *ctx, const uint8_t *key)
+{
+  register uint32_t n, w;
+  register char * b0, * b1;
+  char bits0[56], bits1[56];
+  uint32_t *method;
+  uint8_t *k;
+  
+  /* check for bad parity and weak keys */
+  b0 = parity;
+  n  = b0[key[0]]; n <<= 4;
+  n |= b0[key[1]]; n <<= 4;
+  n |= b0[key[2]]; n <<= 4;
+  n |= b0[key[3]]; n <<= 4;
+  n |= b0[key[4]]; n <<= 4;
+  n |= b0[key[5]]; n <<= 4;
+  n |= b0[key[6]]; n <<= 4;
+  n |= b0[key[7]];
+  w  = 0x88888888l;
+  /* report bad parity in key */
+  if ( n & w )
+    {
+      ctx->status = DES_BAD_PARITY;
+      return 0;
+    }
+  ctx->status = DES_WEAK_KEY; 
+  /* report a weak or semi-weak key */
+  if ( !((n - (w >> 3)) & w) ) {	/* 1 in 10^10 keys passes this test */
+    if ( n < 0X41415151 ) {
+      if ( n < 0X31312121 ) {
+	if ( n < 0X14141515 ) {
+	  /* 01 01 01 01 01 01 01 01 */
+	  if ( n == 0X11111111 ) return 0;
+	  /* 01 1F 01 1F 01 0E 01 0E */
+	  if ( n == 0X13131212 ) return 0;
+	} else {
+	  /* 01 E0 01 E0 01 F1 01 F1 */
+	  if ( n == 0X14141515 ) return 0;
+	  /* 01 FE 01 FE 01 FE 01 FE */
+	  if ( n == 0X16161616 ) return 0;
+	}
+      } else {
+	if ( n < 0X34342525 ) {
+	  /* 1F 01 1F 01 0E 01 0E 01 */
+	  if ( n == 0X31312121 ) return 0;
+	  /* 1F 1F 1F 1F 0E 0E 0E 0E */	/* ? */
+	  if ( n == 0X33332222 ) return 0;;
+	} else {
+	  /* 1F E0 1F E0 0E F1 0E F1 */
+	  if ( n == 0X34342525 ) return 0;;
+	  /* 1F FE 1F FE 0E FE 0E FE */
+	  if ( n == 0X36362626 ) return 0;;
+	}
+      }
+    } else {
+      if ( n < 0X61616161 ) {
+	if ( n < 0X44445555 ) {
+	  /* E0 01 E0 01 F1 01 F1 01 */
+	  if ( n == 0X41415151 ) return 0;
+	  /* E0 1F E0 1F F1 0E F1 0E */
+	  if ( n == 0X43435252 ) return 0;
+	} else {
+	  /* E0 E0 E0 E0 F1 F1 F1 F1 */	/* ? */
+	  if ( n == 0X44445555 ) return 0;
+	  /* E0 FE E0 FE F1 FE F1 FE */
+	  if ( n == 0X46465656 ) return 0;
+	}
+      } else {
+	if ( n < 0X64646565 ) {
+	  /* FE 01 FE 01 FE 01 FE 01 */
+	  if ( n == 0X61616161 ) return 0;
+	  /* FE 1F FE 1F FE 0E FE 0E */
+	  if ( n == 0X63636262 ) return 0;
+	} else {
+	  /* FE E0 FE E0 FE F1 FE F1 */
+	  if ( n == 0X64646565 ) return 0;
+	  /* FE FE FE FE FE FE FE FE */
+	  if ( n == 0X66666666 ) return 0;
+	}
+      }
+    }
+  }
+
+  /* key is ok */
+  ctx->status = DES_OK;
+  
+  /* explode the bits */
+  n = 56;
+  b0 = bits0;
+  b1 = bits1;
+  do {
+    w = (256 | *key++) << 2;
+    do {
+      --n;
+      b1[n] = 8 & w;
+      w >>= 1;
+      b0[n] = 4 & w;
+    } while ( w >= 16 );
+  } while ( n );
+
+  /* put the bits in the correct places */
+  n = 16;
+  k = rotors;
+  method = ctx->key;
+  
+  do {
+    w   = (b1[k[ 0   ]] | b0[k[ 1   ]]) << 4;
+    w  |= (b1[k[ 2   ]] | b0[k[ 3   ]]) << 2;
+    w  |=  b1[k[ 4   ]] | b0[k[ 5   ]];
+    w <<= 8;
+    w  |= (b1[k[ 6   ]] | b0[k[ 7   ]]) << 4;
+    w  |= (b1[k[ 8   ]] | b0[k[ 9   ]]) << 2;
+    w  |=  b1[k[10   ]] | b0[k[11   ]];
+    w <<= 8;
+    w  |= (b1[k[12   ]] | b0[k[13   ]]) << 4;
+    w  |= (b1[k[14   ]] | b0[k[15   ]]) << 2;
+    w  |=  b1[k[16   ]] | b0[k[17   ]];
+    w <<= 8;
+    w  |= (b1[k[18   ]] | b0[k[19   ]]) << 4;
+    w  |= (b1[k[20   ]] | b0[k[21   ]]) << 2;
+    w  |=  b1[k[22   ]] | b0[k[23   ]];
+
+    method[0] = w;
+
+    w   = (b1[k[ 0+24]] | b0[k[ 1+24]]) << 4;
+    w  |= (b1[k[ 2+24]] | b0[k[ 3+24]]) << 2;
+    w  |=  b1[k[ 4+24]] | b0[k[ 5+24]];
+    w <<= 8;
+    w  |= (b1[k[ 6+24]] | b0[k[ 7+24]]) << 4;
+    w  |= (b1[k[ 8+24]] | b0[k[ 9+24]]) << 2;
+    w  |=  b1[k[10+24]] | b0[k[11+24]];
+    w <<= 8;
+    w  |= (b1[k[12+24]] | b0[k[13+24]]) << 4;
+    w  |= (b1[k[14+24]] | b0[k[15+24]]) << 2;
+    w  |=  b1[k[16+24]] | b0[k[17+24]];
+    w <<= 8;
+    w  |= (b1[k[18+24]] | b0[k[19+24]]) << 4;
+    w  |= (b1[k[20+24]] | b0[k[21+24]]) << 2;
+    w  |=  b1[k[22+24]] | b0[k[23+24]];
+
+    ROR(w, 4, 28);		/* could be eliminated */
+    method[1] = w;
+
+    k	+= 48;
+    method	+= 2;
+  } while ( --n );
+
+  return 1;
+}
+
+void
+des_encrypt(struct des_ctx *ctx,
+	    unsigned length, uint8_t *dst,
+	    const uint8_t *src)
+{
+  assert(!(length % DES_BLOCK_SIZE));
+
+  while (length)
+    {
+      DesSmallFipsEncrypt(dst, ctx->key, src);
+      length -= DES_BLOCK_SIZE;
+      src += DES_BLOCK_SIZE;
+      dst += DES_BLOCK_SIZE;
+    }
+}
+
+void
+des_decrypt(struct des_ctx *ctx,
+	    unsigned length, uint8_t *dst,
+	    const uint8_t *src)
+{
+  assert(!(length % DES_BLOCK_SIZE));
+
+  while (length)
+    {
+      DesSmallFipsDecrypt(dst, ctx->key, src);
+      length -= DES_BLOCK_SIZE;
+      src += DES_BLOCK_SIZE;
+      dst += DES_BLOCK_SIZE;
+    }
+}
--- a/src/nettle/des.h
+++ b/src/nettle/des.h
+/* des.h
+ *
+ * The des block cipher.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 1992, 2001, Dana L. How, Niels Mller
+ * 
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ * 
+ * The GNU MP Library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the GNU MP Library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+/*
+ *	des - fast & portable DES encryption & decryption.
+ *	Copyright (C) 1992  Dana L. How
+ *	Please see the file `../lib/descore.README' for the complete copyright
+ *	notice.
+ *
+ * Slightly edited by Niels Mller, 1997
+ */
+
+#ifndef NETTLE_DES_H
+#define NETTLE_DES_H
+
+#include <stdint.h>
+
+#define DES_KEY_SIZE 8
+#define DES_BLOCK_SIZE 8
+
+/* Expanded key length */
+#define _DES_KEY_LENGTH 32
+
+enum des_error { DES_OK, DES_BAD_PARITY, DES_WEAK_KEY };
+
+struct des_ctx
+{
+  uint32_t key[_DES_KEY_LENGTH];
+  enum des_error status;
+};
+
+/* On success, returns 1 and sets ctx->status to DES_OK. On error,
+ * returns 0 and sets ctx->status accordingly. */
+int
+des_set_key(struct des_ctx *ctx, const uint8_t *key);
+
+void
+des_encrypt(struct des_ctx *ctx,
+	    unsigned length, uint8_t *dst,
+	    const uint8_t *src);
+void
+des_decrypt(struct des_ctx *ctx,
+	    unsigned length, uint8_t *dst,
+	    const uint8_t *src);
+
+#endif /* NETTLE_DES_H */
--- a/src/nettle/desCode.h
+++ b/src/nettle/desCode.h
+/* desCode.h
+ *
+ * $Id$ */
+
+/*	des - fast & portable DES encryption & decryption.
+ *	Copyright (C) 1992  Dana L. How
+ *	Please see the file `descore.README' for the complete copyright notice.
+ */
+
+#include "des.h"
+
+extern uint32_t des_keymap[];
+extern uint32_t des_bigmap[];
+
+/* optional customization:
+ * the idea here is to alter the code so it will still run correctly
+ * on any machine,  but the quickest on the specific machine in mind.
+ * note that these silly tweaks can give you a 15%-20% speed improvement
+ * on the sparc -- it's probably even more significant on the 68000. */
+
+/* take care of machines with incredibly few registers */
+#if	defined(i386)
+#define	REGISTER		/* only x, y, z will be declared register */
+#else
+#define	REGISTER	register
+#endif	/* i386 */
+
+/* is auto inc/dec faster than 7bit unsigned indexing? */
+#if	defined(vax) || defined(mc68000)
+#define	FIXR		r += 32;
+#define	FIXS		s +=  8;
+#define	PREV(v,o)	*--v
+#define	NEXT(v,o)	*v++
+#else
+#define	FIXR
+#define	FIXS
+#define	PREV(v,o)	v[o]
+#define	NEXT(v,o)	v[o]
+#endif
+
+/* if no machine type, default is indexing, 6 registers and cheap literals */
+#if	!defined(i386) && !defined(vax) && !defined(mc68000) && !defined(sparc)
+#define	vax
+#endif
+
+
+/* handle a compiler which can't reallocate registers */
+/* The BYTE type is used as parameter for the encrypt/decrypt functions.
+ * It's pretty bad to have the function prototypes depend on
+ * a macro definition that the users of the function doesn't
+ * know about. /Niels */
+#if	0			/* didn't feel like deleting */
+#define	SREGFREE	; s = (uint8_t *) D
+#define	DEST		s
+#define	D		m0
+#define	BYTE		uint32_t
+#else
+#define	SREGFREE
+#define	DEST		d
+#define	D		d
+#define	BYTE		uint8_t
+#endif
+
+/* handle constants in the optimal way for 386 & vax */
+/* 386: we declare 3 register variables (see above) and use 3 more variables;
+ * vax: we use 6 variables, all declared register;
+ * we assume address literals are cheap & unrestricted;
+ * we assume immediate constants are cheap & unrestricted. */
+#if	defined(i386) || defined(vax)
+#define	MQ0	 des_bigmap
+#define	MQ1	(des_bigmap +  64)
+#define	MQ2	(des_bigmap + 128)
+#define	MQ3	(des_bigmap + 192)
+#define	HQ0(z)				/*	z |= 0x01000000L; */
+#define	HQ2(z)				/*	z |= 0x03000200L; */
+#define	LQ0(z)	0xFCFC & z
+#define	LQ1(z)	0xFCFC & z
+#define	LQ2(z)	0xFCFC & z
+#define	LQ3(z)	0xFCFC & z
+#define	SQ	16
+#define	MS0	 des_keymap 
+#define	MS1	(des_keymap +  64)
+#define	MS2	(des_keymap + 128)
+#define	MS3	(des_keymap + 192)
+#define	MS4	(des_keymap + 256)
+#define	MS5	(des_keymap + 320)
+#define	MS6	(des_keymap + 384)
+#define	MS7	(des_keymap + 448)
+#define	HS(z)
+#define	LS0(z)	0xFC & z
+#define	LS1(z)	0xFC & z
+#define	LS2(z)	0xFC & z
+#define	LS3(z)	0xFC & z
+#define	REGQUICK
+#define	SETQUICK
+#define	REGSMALL
+#define	SETSMALL
+#endif	/* defined(i386) || defined(vax) */
+
+/* handle constants in the optimal way for mc68000 */
+/* in addition to the core 6 variables, we declare 3 registers holding constants
+ * and 4 registers holding address literals.
+ * at most 6 data values and 5 address values are actively used at once.
+ * we assume address literals are so expensive we never use them;
+ * we assume constant index offsets > 127 are expensive, so they are not used.
+ * we assume all constants are expensive and put them in registers,
+ * including shift counts greater than 8. */
+#if	defined(mc68000)
+#define	MQ0	m0
+#define	MQ1	m1
+#define	MQ2	m2
+#define	MQ3	m3
+#define	HQ0(z)
+#define	HQ2(z)
+#define	LQ0(z)	k0 & z
+#define	LQ1(z)	k0 & z
+#define	LQ2(z)	k0 & z
+#define	LQ3(z)	k0 & z
+#define	SQ	k1
+#define	MS0	m0
+#define	MS1	m0
+#define	MS2	m1
+#define	MS3	m1
+#define	MS4	m2
+#define	MS5	m2
+#define	MS6	m3
+#define	MS7	m3
+#define	HS(z)	z |= k0;
+#define	LS0(z)	k1 & z
+#define	LS1(z)	k2 & z
+#define	LS2(z)	k1 & z
+#define	LS3(z)	k2 & z
+#define	REGQUICK				\
+	register uint32_t k0, k1;		\
+	register uint32_t *m0, *m1, *m2, *m3;
+#define	SETQUICK				\
+	; k0 = 0xFCFC				\
+	; k1 = 16				\
+	/*k2 = 28 to speed up ROL */		\
+	; m0 = des_bigmap			\
+	; m1 = m0 + 64				\
+	; m2 = m1 + 64				\
+	; m3 = m2 + 64
+#define	REGSMALL				\
+	register uint32_t k0, k1, k2;		\
+	register uint32_t *m0, *m1, *m2, *m3;
+#define	SETSMALL				\
+	; k0 = 0x01000100L			\
+	; k1 = 0x0FC				\
+	; k2 = 0x1FC				\
+	; m0 = des_keymap			\
+	; m1 = m0 + 128				\
+	; m2 = m1 + 128				\
+	; m3 = m2 + 128
+#endif	/* defined(mc68000) */
+
+/* handle constants in the optimal way for sparc */
+/* in addition to the core 6 variables, we either declare:
+ * 4 registers holding address literals and 1 register holding a constant, or
+ * 8 registers holding address literals.
+ * up to 14 register variables are declared (sparc has %i0-%i5, %l0-%l7).
+ * we assume address literals are so expensive we never use them;
+ * we assume any constant with >10 bits is expensive and put it in a register,
+ * and any other is cheap and is coded in-line. */
+#if	defined(sparc)
+#define	MQ0	m0
+#define	MQ1	m1
+#define	MQ2	m2
+#define	MQ3	m3
+#define	HQ0(z)
+#define	HQ2(z)
+#define	LQ0(z)	k0 & z
+#define	LQ1(z)	k0 & z
+#define	LQ2(z)	k0 & z
+#define	LQ3(z)	k0 & z
+#define	SQ	16
+#define	MS0	m0
+#define	MS1	m1
+#define	MS2	m2
+#define	MS3	m3
+#define	MS4	m4
+#define	MS5	m5
+#define	MS6	m6
+#define	MS7	m7
+#define	HS(z)
+#define	LS0(z)	0xFC & z
+#define	LS1(z)	0xFC & z
+#define	LS2(z)	0xFC & z
+#define	LS3(z)	0xFC & z
+#define	REGQUICK				\
+	register uint32_t k0;			\
+	register uint32_t *m0, *m1, *m2, *m3;
+#define	SETQUICK				\
+	; k0 = 0xFCFC				\
+	; m0 = des_bigmap			\
+	; m1 = m0 + 64				\
+	; m2 = m1 + 64				\
+	; m3 = m2 + 64
+#define	REGSMALL				\
+	register uint32_t *m0, *m1, *m2, *m3, *m4, *m5, *m6, *m7;
+#define	SETSMALL				\
+	; m0 = des_keymap			\
+	; m1 = m0 + 64				\
+	; m2 = m1 + 64				\
+	; m3 = m2 + 64				\
+	; m4 = m3 + 64				\
+	; m5 = m4 + 64				\
+	; m6 = m5 + 64				\
+	; m7 = m6 + 64
+#endif	/* defined(sparc) */
+
+
+/* some basic stuff */
+
+/* generate addresses from a base and an index */
+/* FIXME: This is used only as *ADD(msi,lsi(z)) or *ADD(mqi,lqi(z)).
+ * Why not use plain indexing instead? /Niels */
+#define	ADD(b,x)	(uint32_t *) ((uint8_t *)b + (x))
+
+/* low level rotate operations */
+#define	NOP(d,c,o)
+#define	ROL(d,c,o)	d = d << c | d >> o
+#define	ROR(d,c,o)	d = d >> c | d << o
+#define	ROL1(d)		ROL(d, 1, 31)
+#define	ROR1(d)		ROR(d, 1, 31)
+
+/* elementary swap for doing IP/FP */
+#define	SWAP(x,y,m,b)				\
+	z  = ((x >> b) ^ y) & m;		\
+	x ^= z << b;				\
+	y ^= z
+
+
+/* the following macros contain all the important code fragments */
+
+/* load input data, then setup special registers holding constants */
+#define	TEMPQUICK(LOAD)				\
+	REGQUICK				\
+	LOAD()					\
+	SETQUICK
+#define	TEMPSMALL(LOAD)				\
+	REGSMALL				\
+	LOAD()					\
+	SETSMALL
+
+/* load data */
+#define	LOADDATA(x,y)				\
+	FIXS					\
+	y  = PREV(s, 7); y<<= 8;		\
+	y |= PREV(s, 6); y<<= 8;		\
+	y |= PREV(s, 5); y<<= 8;		\
+	y |= PREV(s, 4);			\
+	x  = PREV(s, 3); x<<= 8;		\
+	x |= PREV(s, 2); x<<= 8;		\
+	x |= PREV(s, 1); x<<= 8;		\
+	x |= PREV(s, 0)				\
+	SREGFREE
+/* load data without initial permutation and put into efficient position */
+#define	LOADCORE()				\
+	LOADDATA(x, y);				\
+	ROR1(x);				\
+	ROR1(y)
+/* load data, do the initial permutation and put into efficient position */
+#define	LOADFIPS()				\
+	LOADDATA(y, x);				\
+	SWAP(x, y, 0x0F0F0F0FL, 004);		\
+	SWAP(y, x, 0x0000FFFFL, 020);		\
+	SWAP(x, y, 0x33333333L, 002);		\
+	SWAP(y, x, 0x00FF00FFL, 010);		\
+	ROR1(x);				\
+	z  = (x ^ y) & 0x55555555L;		\
+	y ^= z;					\
+	x ^= z;					\
+	ROR1(y)