public static void WriteKeyStreamBlock(ReadOnlySpan <uint> state, ulong iv, uint numRounds, Span <byte> destination)
{
var destinationAsUInt = MemoryMarshal.Cast <byte, uint>(destination);
var ivLow = ((uint)Operations.ExtractLow(iv));
var ivHigh = ((uint)Operations.ExtractHigh(iv));
var t0 = state[0];
var t1 = state[1];
var t2 = state[2];
var t3 = state[3];
var t4 = state[4];
var t5 = state[5];
var t6 = state[6];
var t7 = state[7];
var t8 = state[8];
var t9 = state[9];
var tA = state[10];
var tB = state[11];
var tC = ivLow;
var tD = ivHigh;
var tE = state[14];
var tF = state[15];
numRounds = (numRounds >> 1);
for (var i = 0U; (i < numRounds); i++)
{
DoubleRound(
ref t0, ref t1, ref t2, ref t3,
ref t4, ref t5, ref t6, ref t7,
ref t8, ref t9, ref tA, ref tB,
ref tC, ref tD, ref tE, ref tF
);
}
destinationAsUInt[0] = (t0 + state[0]);
destinationAsUInt[1] = (t1 + state[1]);
destinationAsUInt[2] = (t2 + state[2]);
destinationAsUInt[3] = (t3 + state[3]);
destinationAsUInt[4] = (t4 + state[4]);
destinationAsUInt[5] = (t5 + state[5]);
destinationAsUInt[6] = (t6 + state[6]);
destinationAsUInt[7] = (t7 + state[7]);
destinationAsUInt[8] = (t8 + state[8]);
destinationAsUInt[9] = (t9 + state[9]);
destinationAsUInt[10] = (tA + state[10]);
destinationAsUInt[11] = (tB + state[11]);
destinationAsUInt[12] = (tC + ivLow);
destinationAsUInt[13] = (tD + ivHigh);
destinationAsUInt[14] = (tE + state[14]);
destinationAsUInt[15] = (tF + state[15]);
}
/// <summary>
/// Creates a symmetric decryptor object with the current Key property and one-time use state parameter.
/// </summary>
/// <param name="key">The secret that will be used during decryption.</param>
/// <param name="nonce">The one-time use state parameter.</param>
public override ICryptoTransform CreateDecryptor(byte[] key, byte[] nonce)
{
if (nonce.Length != XChaCha20.NonceLength)
{
throw new ArgumentOutOfRangeException(actualValue: nonce.Length, message: NONCE_LENGTH_ERROR, paramName: nameof(nonce));
}
var derivedKey = ComputeHash(key, nonce.AsSpan(0, 16));
var derivedNonce = (Span <byte>) stackalloc byte[ChaCha.NonceLength];
BinaryPrimitives.WriteUInt32BigEndian(derivedNonce, ((uint)Operations.ExtractHigh(m_iv)));
nonce.AsSpan(16, 8).CopyTo(derivedNonce.Slice(WordLength));
return(ChaChaTransform.New(Initialize(derivedKey, derivedNonce, ((uint)Operations.ExtractLow(m_iv))), m_iv, 20U));
}
private static void Compress(ReadOnlySpan <byte> data, Span <uint> state, ulong iv, uint finalizer)
{
var dataAsUInt = MemoryMarshal.Cast <byte, uint>(data);
var d0 = dataAsUInt[0];
var d1 = dataAsUInt[1];
var d2 = dataAsUInt[2];
var d3 = dataAsUInt[3];
var d4 = dataAsUInt[4];
var d5 = dataAsUInt[5];
var d6 = dataAsUInt[6];
var d7 = dataAsUInt[7];
var d8 = dataAsUInt[8];
var d9 = dataAsUInt[9];
var dA = dataAsUInt[10];
var dB = dataAsUInt[11];
var dC = dataAsUInt[12];
var dD = dataAsUInt[13];
var dE = dataAsUInt[14];
var dF = dataAsUInt[15];
var t0 = state[0];
var t1 = state[1];
var t2 = state[2];
var t3 = state[3];
var t4 = state[4];
var t5 = state[5];
var t6 = state[6];
var t7 = state[7];
var t8 = IV0;
var t9 = IV1;
var tA = IV2;
var tB = IV3;
var tC = (IV4 ^ ((uint)Operations.ExtractLow(iv)));
var tD = (IV5 ^ ((uint)Operations.ExtractHigh(iv)));
var tE = finalizer;
var tF = IV7;
// round 0
t0 += t4;
t0 += d0;
tC ^= t0;
tC = Operations.RotateRight(tC, 16);
t8 += tC;
t4 ^= t8;
t4 = Operations.RotateRight(t4, 12);
t0 += t4;
t0 += d1;
tC ^= t0;
tC = Operations.RotateRight(tC, 8);
t8 += tC;
t4 ^= t8;
t4 = Operations.RotateRight(t4, 7);
t1 += t5;
t1 += d2;
tD ^= t1;
tD = Operations.RotateRight(tD, 16);
t9 += tD;
t5 ^= t9;
t5 = Operations.RotateRight(t5, 12);
t1 += t5;
t1 += d3;
tD ^= t1;
tD = Operations.RotateRight(tD, 8);
t9 += tD;
t5 ^= t9;
t5 = Operations.RotateRight(t5, 7);
t2 += t6;
t2 += d4;
tE ^= t2;
tE = Operations.RotateRight(tE, 16);
tA += tE;
t6 ^= tA;
t6 = Operations.RotateRight(t6, 12);
t2 += t6;
t2 += d5;
tE ^= t2;
tE = Operations.RotateRight(tE, 8);
tA += tE;
t6 ^= tA;
t6 = Operations.RotateRight(t6, 7);
t3 += t7;
t3 += d6;
tF ^= t3;
tF = Operations.RotateRight(tF, 16);
tB += tF;
t7 ^= tB;
t7 = Operations.RotateRight(t7, 12);
t3 += t7;
t3 += d7;
tF ^= t3;
tF = Operations.RotateRight(tF, 8);
tB += tF;
t7 ^= tB;
t7 = Operations.RotateRight(t7, 7);
t0 += t5;
t0 += d8;
tF ^= t0;
tF = Operations.RotateRight(tF, 16);
tA += tF;
t5 ^= tA;
t5 = Operations.RotateRight(t5, 12);
t0 += t5;
t0 += d9;
tF ^= t0;
tF = Operations.RotateRight(tF, 8);
tA += tF;
t5 ^= tA;
t5 = Operations.RotateRight(t5, 7);
t1 += t6;
t1 += dA;
tC ^= t1;
tC = Operations.RotateRight(tC, 16);
tB += tC;
t6 ^= tB;
t6 = Operations.RotateRight(t6, 12);
t1 += t6;
t1 += dB;
tC ^= t1;
tC = Operations.RotateRight(tC, 8);
tB += tC;
t6 ^= tB;
t6 = Operations.RotateRight(t6, 7);
t2 += t7;
t2 += dC;
tD ^= t2;
tD = Operations.RotateRight(tD, 16);
t8 += tD;
t7 ^= t8;
t7 = Operations.RotateRight(t7, 12);
t2 += t7;
t2 += dD;
tD ^= t2;
tD = Operations.RotateRight(tD, 8);
t8 += tD;
t7 ^= t8;
t7 = Operations.RotateRight(t7, 7);
t3 += t4;
t3 += dE;
tE ^= t3;
tE = Operations.RotateRight(tE, 16);
t9 += tE;
t4 ^= t9;
t4 = Operations.RotateRight(t4, 12);
t3 += t4;
t3 += dF;
tE ^= t3;
tE = Operations.RotateRight(tE, 8);
t9 += tE;
t4 ^= t9;
t4 = Operations.RotateRight(t4, 7);
// round 1
t0 += t4;
t0 += dE;
tC ^= t0;
tC = Operations.RotateRight(tC, 16);
t8 += tC;
t4 ^= t8;
t4 = Operations.RotateRight(t4, 12);
t0 += t4;
t0 += dA;
tC ^= t0;
tC = Operations.RotateRight(tC, 8);
t8 += tC;
t4 ^= t8;
t4 = Operations.RotateRight(t4, 7);
t1 += t5;
t1 += d4;
tD ^= t1;
tD = Operations.RotateRight(tD, 16);
t9 += tD;
t5 ^= t9;
t5 = Operations.RotateRight(t5, 12);
t1 += t5;
t1 += d8;
tD ^= t1;
tD = Operations.RotateRight(tD, 8);
t9 += tD;
t5 ^= t9;
t5 = Operations.RotateRight(t5, 7);
t2 += t6;
t2 += d9;
tE ^= t2;
tE = Operations.RotateRight(tE, 16);
tA += tE;
t6 ^= tA;
t6 = Operations.RotateRight(t6, 12);
t2 += t6;
t2 += dF;
tE ^= t2;
tE = Operations.RotateRight(tE, 8);
tA += tE;
t6 ^= tA;
t6 = Operations.RotateRight(t6, 7);
t3 += t7;
t3 += dD;
tF ^= t3;
tF = Operations.RotateRight(tF, 16);
tB += tF;
t7 ^= tB;
t7 = Operations.RotateRight(t7, 12);
t3 += t7;
t3 += d6;
tF ^= t3;
tF = Operations.RotateRight(tF, 8);
tB += tF;
t7 ^= tB;
t7 = Operations.RotateRight(t7, 7);
t0 += t5;
t0 += d1;
tF ^= t0;
tF = Operations.RotateRight(tF, 16);
tA += tF;
t5 ^= tA;
t5 = Operations.RotateRight(t5, 12);
t0 += t5;
t0 += dC;
tF ^= t0;
tF = Operations.RotateRight(tF, 8);
tA += tF;
t5 ^= tA;
t5 = Operations.RotateRight(t5, 7);
t1 += t6;
t1 += d0;
tC ^= t1;
tC = Operations.RotateRight(tC, 16);
tB += tC;
t6 ^= tB;
t6 = Operations.RotateRight(t6, 12);
t1 += t6;
t1 += d2;
tC ^= t1;
tC = Operations.RotateRight(tC, 8);
tB += tC;
t6 ^= tB;
t6 = Operations.RotateRight(t6, 7);
t2 += t7;
t2 += dB;
tD ^= t2;
tD = Operations.RotateRight(tD, 16);
t8 += tD;
t7 ^= t8;
t7 = Operations.RotateRight(t7, 12);
t2 += t7;
t2 += d7;
tD ^= t2;
tD = Operations.RotateRight(tD, 8);
t8 += tD;
t7 ^= t8;
t7 = Operations.RotateRight(t7, 7);
t3 += t4;
t3 += d5;
tE ^= t3;
tE = Operations.RotateRight(tE, 16);
t9 += tE;
t4 ^= t9;
t4 = Operations.RotateRight(t4, 12);
t3 += t4;
t3 += d3;
tE ^= t3;
tE = Operations.RotateRight(tE, 8);
t9 += tE;
t4 ^= t9;
t4 = Operations.RotateRight(t4, 7);
// round 2
t0 += t4;
t0 += dB;
tC ^= t0;
tC = Operations.RotateRight(tC, 16);
t8 += tC;
t4 ^= t8;
t4 = Operations.RotateRight(t4, 12);
t0 += t4;
t0 += d8;
tC ^= t0;
tC = Operations.RotateRight(tC, 8);
t8 += tC;
t4 ^= t8;
t4 = Operations.RotateRight(t4, 7);
t1 += t5;
t1 += dC;
tD ^= t1;
tD = Operations.RotateRight(tD, 16);
t9 += tD;
t5 ^= t9;
t5 = Operations.RotateRight(t5, 12);
t1 += t5;
t1 += d0;
tD ^= t1;
tD = Operations.RotateRight(tD, 8);
t9 += tD;
t5 ^= t9;
t5 = Operations.RotateRight(t5, 7);
t2 += t6;
t2 += d5;
tE ^= t2;
tE = Operations.RotateRight(tE, 16);
tA += tE;
t6 ^= tA;
t6 = Operations.RotateRight(t6, 12);
t2 += t6;
t2 += d2;
tE ^= t2;
tE = Operations.RotateRight(tE, 8);
tA += tE;
t6 ^= tA;
t6 = Operations.RotateRight(t6, 7);
t3 += t7;
t3 += dF;
tF ^= t3;
tF = Operations.RotateRight(tF, 16);
tB += tF;
t7 ^= tB;
t7 = Operations.RotateRight(t7, 12);
t3 += t7;
t3 += dD;
tF ^= t3;
tF = Operations.RotateRight(tF, 8);
tB += tF;
t7 ^= tB;
t7 = Operations.RotateRight(t7, 7);
t0 += t5;
t0 += dA;
tF ^= t0;
tF = Operations.RotateRight(tF, 16);
tA += tF;
t5 ^= tA;
t5 = Operations.RotateRight(t5, 12);
t0 += t5;
t0 += dE;
tF ^= t0;
tF = Operations.RotateRight(tF, 8);
tA += tF;
t5 ^= tA;
t5 = Operations.RotateRight(t5, 7);
t1 += t6;
t1 += d3;
tC ^= t1;
tC = Operations.RotateRight(tC, 16);
tB += tC;
t6 ^= tB;
t6 = Operations.RotateRight(t6, 12);
t1 += t6;
t1 += d6;
tC ^= t1;
tC = Operations.RotateRight(tC, 8);
tB += tC;
t6 ^= tB;
t6 = Operations.RotateRight(t6, 7);
t2 += t7;
t2 += d7;
tD ^= t2;
tD = Operations.RotateRight(tD, 16);
t8 += tD;
t7 ^= t8;
t7 = Operations.RotateRight(t7, 12);
t2 += t7;
t2 += d1;
tD ^= t2;
tD = Operations.RotateRight(tD, 8);
t8 += tD;
t7 ^= t8;
t7 = Operations.RotateRight(t7, 7);
t3 += t4;
t3 += d9;
tE ^= t3;
tE = Operations.RotateRight(tE, 16);
t9 += tE;
t4 ^= t9;
t4 = Operations.RotateRight(t4, 12);
t3 += t4;
t3 += d4;
tE ^= t3;
tE = Operations.RotateRight(tE, 8);
t9 += tE;
t4 ^= t9;
t4 = Operations.RotateRight(t4, 7);
// round 3
t0 += t4;
t0 += d7;
tC ^= t0;
tC = Operations.RotateRight(tC, 16);
t8 += tC;
t4 ^= t8;
t4 = Operations.RotateRight(t4, 12);
t0 += t4;
t0 += d9;
tC ^= t0;
tC = Operations.RotateRight(tC, 8);
t8 += tC;
t4 ^= t8;
t4 = Operations.RotateRight(t4, 7);
t1 += t5;
t1 += d3;
tD ^= t1;
tD = Operations.RotateRight(tD, 16);
t9 += tD;
t5 ^= t9;
t5 = Operations.RotateRight(t5, 12);
t1 += t5;
t1 += d1;
tD ^= t1;
tD = Operations.RotateRight(tD, 8);
t9 += tD;
t5 ^= t9;
t5 = Operations.RotateRight(t5, 7);
t2 += t6;
t2 += dD;
tE ^= t2;
tE = Operations.RotateRight(tE, 16);
tA += tE;
t6 ^= tA;
t6 = Operations.RotateRight(t6, 12);
t2 += t6;
t2 += dC;
tE ^= t2;
tE = Operations.RotateRight(tE, 8);
tA += tE;
t6 ^= tA;
t6 = Operations.RotateRight(t6, 7);
t3 += t7;
t3 += dB;
tF ^= t3;
tF = Operations.RotateRight(tF, 16);
tB += tF;
t7 ^= tB;
t7 = Operations.RotateRight(t7, 12);
t3 += t7;
t3 += dE;
tF ^= t3;
tF = Operations.RotateRight(tF, 8);
tB += tF;
t7 ^= tB;
t7 = Operations.RotateRight(t7, 7);
t0 += t5;
t0 += d2;
tF ^= t0;
tF = Operations.RotateRight(tF, 16);
tA += tF;
t5 ^= tA;
t5 = Operations.RotateRight(t5, 12);
t0 += t5;
t0 += d6;
tF ^= t0;
tF = Operations.RotateRight(tF, 8);
tA += tF;
t5 ^= tA;
t5 = Operations.RotateRight(t5, 7);
t1 += t6;
t1 += d5;
tC ^= t1;
tC = Operations.RotateRight(tC, 16);
tB += tC;
t6 ^= tB;
t6 = Operations.RotateRight(t6, 12);
t1 += t6;
t1 += dA;
tC ^= t1;
tC = Operations.RotateRight(tC, 8);
tB += tC;
t6 ^= tB;
t6 = Operations.RotateRight(t6, 7);
t2 += t7;
t2 += d4;
tD ^= t2;
tD = Operations.RotateRight(tD, 16);
t8 += tD;
t7 ^= t8;
t7 = Operations.RotateRight(t7, 12);
t2 += t7;
t2 += d0;
tD ^= t2;
tD = Operations.RotateRight(tD, 8);
t8 += tD;
t7 ^= t8;
t7 = Operations.RotateRight(t7, 7);
t3 += t4;
t3 += dF;
tE ^= t3;
tE = Operations.RotateRight(tE, 16);
t9 += tE;
t4 ^= t9;
t4 = Operations.RotateRight(t4, 12);
t3 += t4;
t3 += d8;
tE ^= t3;
tE = Operations.RotateRight(tE, 8);
t9 += tE;
t4 ^= t9;
t4 = Operations.RotateRight(t4, 7);
// round 4
t0 += t4;
t0 += d9;
tC ^= t0;
tC = Operations.RotateRight(tC, 16);
t8 += tC;
t4 ^= t8;
t4 = Operations.RotateRight(t4, 12);
t0 += t4;
t0 += d0;
tC ^= t0;
tC = Operations.RotateRight(tC, 8);
t8 += tC;
t4 ^= t8;
t4 = Operations.RotateRight(t4, 7);
t1 += t5;
t1 += d5;
tD ^= t1;
tD = Operations.RotateRight(tD, 16);
t9 += tD;
t5 ^= t9;
t5 = Operations.RotateRight(t5, 12);
t1 += t5;
t1 += d7;
tD ^= t1;
tD = Operations.RotateRight(tD, 8);
t9 += tD;
t5 ^= t9;
t5 = Operations.RotateRight(t5, 7);
t2 += t6;
t2 += d2;
tE ^= t2;
tE = Operations.RotateRight(tE, 16);
tA += tE;
t6 ^= tA;
t6 = Operations.RotateRight(t6, 12);
t2 += t6;
t2 += d4;
tE ^= t2;
tE = Operations.RotateRight(tE, 8);
tA += tE;
t6 ^= tA;
t6 = Operations.RotateRight(t6, 7);
t3 += t7;
t3 += dA;
tF ^= t3;
tF = Operations.RotateRight(tF, 16);
tB += tF;
t7 ^= tB;
t7 = Operations.RotateRight(t7, 12);
t3 += t7;
t3 += dF;
tF ^= t3;
tF = Operations.RotateRight(tF, 8);
tB += tF;
t7 ^= tB;
t7 = Operations.RotateRight(t7, 7);
t0 += t5;
t0 += dE;
tF ^= t0;
tF = Operations.RotateRight(tF, 16);
tA += tF;
t5 ^= tA;
t5 = Operations.RotateRight(t5, 12);
t0 += t5;
t0 += d1;
tF ^= t0;
tF = Operations.RotateRight(tF, 8);
tA += tF;
t5 ^= tA;
t5 = Operations.RotateRight(t5, 7);
t1 += t6;
t1 += dB;
tC ^= t1;
tC = Operations.RotateRight(tC, 16);
tB += tC;
t6 ^= tB;
t6 = Operations.RotateRight(t6, 12);
t1 += t6;
t1 += dC;
tC ^= t1;
tC = Operations.RotateRight(tC, 8);
tB += tC;
t6 ^= tB;
t6 = Operations.RotateRight(t6, 7);
t2 += t7;
t2 += d6;
tD ^= t2;
tD = Operations.RotateRight(tD, 16);
t8 += tD;
t7 ^= t8;
t7 = Operations.RotateRight(t7, 12);
t2 += t7;
t2 += d8;
tD ^= t2;
tD = Operations.RotateRight(tD, 8);
t8 += tD;
t7 ^= t8;
t7 = Operations.RotateRight(t7, 7);
t3 += t4;
t3 += d3;
tE ^= t3;
tE = Operations.RotateRight(tE, 16);
t9 += tE;
t4 ^= t9;
t4 = Operations.RotateRight(t4, 12);
t3 += t4;
t3 += dD;
tE ^= t3;
tE = Operations.RotateRight(tE, 8);
t9 += tE;
t4 ^= t9;
t4 = Operations.RotateRight(t4, 7);
// round 5
t0 += t4;
t0 += d2;
tC ^= t0;
tC = Operations.RotateRight(tC, 16);
t8 += tC;
t4 ^= t8;
t4 = Operations.RotateRight(t4, 12);
t0 += t4;
t0 += dC;
tC ^= t0;
tC = Operations.RotateRight(tC, 8);
t8 += tC;
t4 ^= t8;
t4 = Operations.RotateRight(t4, 7);
t1 += t5;
t1 += d6;
tD ^= t1;
tD = Operations.RotateRight(tD, 16);
t9 += tD;
t5 ^= t9;
t5 = Operations.RotateRight(t5, 12);
t1 += t5;
t1 += dA;
tD ^= t1;
tD = Operations.RotateRight(tD, 8);
t9 += tD;
t5 ^= t9;
t5 = Operations.RotateRight(t5, 7);
t2 += t6;
t2 += d0;
tE ^= t2;
tE = Operations.RotateRight(tE, 16);
tA += tE;
t6 ^= tA;
t6 = Operations.RotateRight(t6, 12);
t2 += t6;
t2 += dB;
tE ^= t2;
tE = Operations.RotateRight(tE, 8);
tA += tE;
t6 ^= tA;
t6 = Operations.RotateRight(t6, 7);
t3 += t7;
t3 += d8;
tF ^= t3;
tF = Operations.RotateRight(tF, 16);
tB += tF;
t7 ^= tB;
t7 = Operations.RotateRight(t7, 12);
t3 += t7;
t3 += d3;
tF ^= t3;
tF = Operations.RotateRight(tF, 8);
tB += tF;
t7 ^= tB;
t7 = Operations.RotateRight(t7, 7);
t0 += t5;
t0 += d4;
tF ^= t0;
tF = Operations.RotateRight(tF, 16);
tA += tF;
t5 ^= tA;
t5 = Operations.RotateRight(t5, 12);
t0 += t5;
t0 += dD;
tF ^= t0;
tF = Operations.RotateRight(tF, 8);
tA += tF;
t5 ^= tA;
t5 = Operations.RotateRight(t5, 7);
t1 += t6;
t1 += d7;
tC ^= t1;
tC = Operations.RotateRight(tC, 16);
tB += tC;
t6 ^= tB;
t6 = Operations.RotateRight(t6, 12);
t1 += t6;
t1 += d5;
tC ^= t1;
tC = Operations.RotateRight(tC, 8);
tB += tC;
t6 ^= tB;
t6 = Operations.RotateRight(t6, 7);
t2 += t7;
t2 += dF;
tD ^= t2;
tD = Operations.RotateRight(tD, 16);
t8 += tD;
t7 ^= t8;
t7 = Operations.RotateRight(t7, 12);
t2 += t7;
t2 += dE;
tD ^= t2;
tD = Operations.RotateRight(tD, 8);
t8 += tD;
t7 ^= t8;
t7 = Operations.RotateRight(t7, 7);
t3 += t4;
t3 += d1;
tE ^= t3;
tE = Operations.RotateRight(tE, 16);
t9 += tE;
t4 ^= t9;
t4 = Operations.RotateRight(t4, 12);
t3 += t4;
t3 += d9;
tE ^= t3;
tE = Operations.RotateRight(tE, 8);
t9 += tE;
t4 ^= t9;
t4 = Operations.RotateRight(t4, 7);
// round 6
t0 += t4;
t0 += dC;
tC ^= t0;
tC = Operations.RotateRight(tC, 16);
t8 += tC;
t4 ^= t8;
t4 = Operations.RotateRight(t4, 12);
t0 += t4;
t0 += d5;
tC ^= t0;
tC = Operations.RotateRight(tC, 8);
t8 += tC;
t4 ^= t8;
t4 = Operations.RotateRight(t4, 7);
t1 += t5;
t1 += d1;
tD ^= t1;
tD = Operations.RotateRight(tD, 16);
t9 += tD;
t5 ^= t9;
t5 = Operations.RotateRight(t5, 12);
t1 += t5;
t1 += dF;
tD ^= t1;
tD = Operations.RotateRight(tD, 8);
t9 += tD;
t5 ^= t9;
t5 = Operations.RotateRight(t5, 7);
t2 += t6;
t2 += dE;
tE ^= t2;
tE = Operations.RotateRight(tE, 16);
tA += tE;
t6 ^= tA;
t6 = Operations.RotateRight(t6, 12);
t2 += t6;
t2 += dD;
tE ^= t2;
tE = Operations.RotateRight(tE, 8);
tA += tE;
t6 ^= tA;
t6 = Operations.RotateRight(t6, 7);
t3 += t7;
t3 += d4;
tF ^= t3;
tF = Operations.RotateRight(tF, 16);
tB += tF;
t7 ^= tB;
t7 = Operations.RotateRight(t7, 12);
t3 += t7;
t3 += dA;
tF ^= t3;
tF = Operations.RotateRight(tF, 8);
tB += tF;
t7 ^= tB;
t7 = Operations.RotateRight(t7, 7);
t0 += t5;
t0 += d0;
tF ^= t0;
tF = Operations.RotateRight(tF, 16);
tA += tF;
t5 ^= tA;
t5 = Operations.RotateRight(t5, 12);
t0 += t5;
t0 += d7;
tF ^= t0;
tF = Operations.RotateRight(tF, 8);
tA += tF;
t5 ^= tA;
t5 = Operations.RotateRight(t5, 7);
t1 += t6;
t1 += d6;
tC ^= t1;
tC = Operations.RotateRight(tC, 16);
tB += tC;
t6 ^= tB;
t6 = Operations.RotateRight(t6, 12);
t1 += t6;
t1 += d3;
tC ^= t1;
tC = Operations.RotateRight(tC, 8);
tB += tC;
t6 ^= tB;
t6 = Operations.RotateRight(t6, 7);
t2 += t7;
t2 += d9;
tD ^= t2;
tD = Operations.RotateRight(tD, 16);
t8 += tD;
t7 ^= t8;
t7 = Operations.RotateRight(t7, 12);
t2 += t7;
t2 += d2;
tD ^= t2;
tD = Operations.RotateRight(tD, 8);
t8 += tD;
t7 ^= t8;
t7 = Operations.RotateRight(t7, 7);
t3 += t4;
t3 += d8;
tE ^= t3;
tE = Operations.RotateRight(tE, 16);
t9 += tE;
t4 ^= t9;
t4 = Operations.RotateRight(t4, 12);
t3 += t4;
t3 += dB;
tE ^= t3;
tE = Operations.RotateRight(tE, 8);
t9 += tE;
t4 ^= t9;
t4 = Operations.RotateRight(t4, 7);
// round 7
t0 += t4;
t0 += dD;
tC ^= t0;
tC = Operations.RotateRight(tC, 16);
t8 += tC;
t4 ^= t8;
t4 = Operations.RotateRight(t4, 12);
t0 += t4;
t0 += dB;
tC ^= t0;
tC = Operations.RotateRight(tC, 8);
t8 += tC;
t4 ^= t8;
t4 = Operations.RotateRight(t4, 7);
t1 += t5;
t1 += d7;
tD ^= t1;
tD = Operations.RotateRight(tD, 16);
t9 += tD;
t5 ^= t9;
t5 = Operations.RotateRight(t5, 12);
t1 += t5;
t1 += dE;
tD ^= t1;
tD = Operations.RotateRight(tD, 8);
t9 += tD;
t5 ^= t9;
t5 = Operations.RotateRight(t5, 7);
t2 += t6;
t2 += dC;
tE ^= t2;
tE = Operations.RotateRight(tE, 16);
tA += tE;
t6 ^= tA;
t6 = Operations.RotateRight(t6, 12);
t2 += t6;
t2 += d1;
tE ^= t2;
tE = Operations.RotateRight(tE, 8);
tA += tE;
t6 ^= tA;
t6 = Operations.RotateRight(t6, 7);
t3 += t7;
t3 += d3;
tF ^= t3;
tF = Operations.RotateRight(tF, 16);
tB += tF;
t7 ^= tB;
t7 = Operations.RotateRight(t7, 12);
t3 += t7;
t3 += d9;
tF ^= t3;
tF = Operations.RotateRight(tF, 8);
tB += tF;
t7 ^= tB;
t7 = Operations.RotateRight(t7, 7);
t0 += t5;
t0 += d5;
tF ^= t0;
tF = Operations.RotateRight(tF, 16);
tA += tF;
t5 ^= tA;
t5 = Operations.RotateRight(t5, 12);
t0 += t5;
t0 += d0;
tF ^= t0;
tF = Operations.RotateRight(tF, 8);
tA += tF;
t5 ^= tA;
t5 = Operations.RotateRight(t5, 7);
t1 += t6;
t1 += dF;
tC ^= t1;
tC = Operations.RotateRight(tC, 16);
tB += tC;
t6 ^= tB;
t6 = Operations.RotateRight(t6, 12);
t1 += t6;
t1 += d4;
tC ^= t1;
tC = Operations.RotateRight(tC, 8);
tB += tC;
t6 ^= tB;
t6 = Operations.RotateRight(t6, 7);
t2 += t7;
t2 += d8;
tD ^= t2;
tD = Operations.RotateRight(tD, 16);
t8 += tD;
t7 ^= t8;
t7 = Operations.RotateRight(t7, 12);
t2 += t7;
t2 += d6;
tD ^= t2;
tD = Operations.RotateRight(tD, 8);
t8 += tD;
t7 ^= t8;
t7 = Operations.RotateRight(t7, 7);
t3 += t4;
t3 += d2;
tE ^= t3;
tE = Operations.RotateRight(tE, 16);
t9 += tE;
t4 ^= t9;
t4 = Operations.RotateRight(t4, 12);
t3 += t4;
t3 += dA;
tE ^= t3;
tE = Operations.RotateRight(tE, 8);
t9 += tE;
t4 ^= t9;
t4 = Operations.RotateRight(t4, 7);
// round 8
t0 += t4;
t0 += d6;
tC ^= t0;
tC = Operations.RotateRight(tC, 16);
t8 += tC;
t4 ^= t8;
t4 = Operations.RotateRight(t4, 12);
t0 += t4;
t0 += dF;
tC ^= t0;
tC = Operations.RotateRight(tC, 8);
t8 += tC;
t4 ^= t8;
t4 = Operations.RotateRight(t4, 7);
t1 += t5;
t1 += dE;
tD ^= t1;
tD = Operations.RotateRight(tD, 16);
t9 += tD;
t5 ^= t9;
t5 = Operations.RotateRight(t5, 12);
t1 += t5;
t1 += d9;
tD ^= t1;
tD = Operations.RotateRight(tD, 8);
t9 += tD;
t5 ^= t9;
t5 = Operations.RotateRight(t5, 7);
t2 += t6;
t2 += dB;
tE ^= t2;
tE = Operations.RotateRight(tE, 16);
tA += tE;
t6 ^= tA;
t6 = Operations.RotateRight(t6, 12);
t2 += t6;
t2 += d3;
tE ^= t2;
tE = Operations.RotateRight(tE, 8);
tA += tE;
t6 ^= tA;
t6 = Operations.RotateRight(t6, 7);
t3 += t7;
t3 += d0;
tF ^= t3;
tF = Operations.RotateRight(tF, 16);
tB += tF;
t7 ^= tB;
t7 = Operations.RotateRight(t7, 12);
t3 += t7;
t3 += d8;
tF ^= t3;
tF = Operations.RotateRight(tF, 8);
tB += tF;
t7 ^= tB;
t7 = Operations.RotateRight(t7, 7);
t0 += t5;
t0 += dC;
tF ^= t0;
tF = Operations.RotateRight(tF, 16);
tA += tF;
t5 ^= tA;
t5 = Operations.RotateRight(t5, 12);
t0 += t5;
t0 += d2;
tF ^= t0;
tF = Operations.RotateRight(tF, 8);
tA += tF;
t5 ^= tA;
t5 = Operations.RotateRight(t5, 7);
t1 += t6;
t1 += dD;
tC ^= t1;
tC = Operations.RotateRight(tC, 16);
tB += tC;
t6 ^= tB;
t6 = Operations.RotateRight(t6, 12);
t1 += t6;
t1 += d7;
tC ^= t1;
tC = Operations.RotateRight(tC, 8);
tB += tC;
t6 ^= tB;
t6 = Operations.RotateRight(t6, 7);
t2 += t7;
t2 += d1;
tD ^= t2;
tD = Operations.RotateRight(tD, 16);
t8 += tD;
t7 ^= t8;
t7 = Operations.RotateRight(t7, 12);
t2 += t7;
t2 += d4;
tD ^= t2;
tD = Operations.RotateRight(tD, 8);
t8 += tD;
t7 ^= t8;
t7 = Operations.RotateRight(t7, 7);
t3 += t4;
t3 += dA;
tE ^= t3;
tE = Operations.RotateRight(tE, 16);
t9 += tE;
t4 ^= t9;
t4 = Operations.RotateRight(t4, 12);
t3 += t4;
t3 += d5;
tE ^= t3;
tE = Operations.RotateRight(tE, 8);
t9 += tE;
t4 ^= t9;
t4 = Operations.RotateRight(t4, 7);
// round 9
t0 += t4;
t0 += dA;
tC ^= t0;
tC = Operations.RotateRight(tC, 16);
t8 += tC;
t4 ^= t8;
t4 = Operations.RotateRight(t4, 12);
t0 += t4;
t0 += d2;
tC ^= t0;
tC = Operations.RotateRight(tC, 8);
t8 += tC;
t4 ^= t8;
t4 = Operations.RotateRight(t4, 7);
t1 += t5;
t1 += d8;
tD ^= t1;
tD = Operations.RotateRight(tD, 16);
t9 += tD;
t5 ^= t9;
t5 = Operations.RotateRight(t5, 12);
t1 += t5;
t1 += d4;
tD ^= t1;
tD = Operations.RotateRight(tD, 8);
t9 += tD;
t5 ^= t9;
t5 = Operations.RotateRight(t5, 7);
t2 += t6;
t2 += d7;
tE ^= t2;
tE = Operations.RotateRight(tE, 16);
tA += tE;
t6 ^= tA;
t6 = Operations.RotateRight(t6, 12);
t2 += t6;
t2 += d6;
tE ^= t2;
tE = Operations.RotateRight(tE, 8);
tA += tE;
t6 ^= tA;
t6 = Operations.RotateRight(t6, 7);
t3 += t7;
t3 += d1;
tF ^= t3;
tF = Operations.RotateRight(tF, 16);
tB += tF;
t7 ^= tB;
t7 = Operations.RotateRight(t7, 12);
t3 += t7;
t3 += d5;
tF ^= t3;
tF = Operations.RotateRight(tF, 8);
tB += tF;
t7 ^= tB;
t7 = Operations.RotateRight(t7, 7);
t0 += t5;
t0 += dF;
tF ^= t0;
tF = Operations.RotateRight(tF, 16);
tA += tF;
t5 ^= tA;
t5 = Operations.RotateRight(t5, 12);
t0 += t5;
t0 += dB;
tF ^= t0;
tF = Operations.RotateRight(tF, 8);
tA += tF;
t5 ^= tA;
t5 = Operations.RotateRight(t5, 7);
t1 += t6;
t1 += d9;
tC ^= t1;
tC = Operations.RotateRight(tC, 16);
tB += tC;
t6 ^= tB;
t6 = Operations.RotateRight(t6, 12);
t1 += t6;
t1 += dE;
tC ^= t1;
tC = Operations.RotateRight(tC, 8);
tB += tC;
t6 ^= tB;
t6 = Operations.RotateRight(t6, 7);
t2 += t7;
t2 += d3;
tD ^= t2;
tD = Operations.RotateRight(tD, 16);
t8 += tD;
t7 ^= t8;
t7 = Operations.RotateRight(t7, 12);
t2 += t7;
t2 += dC;
tD ^= t2;
tD = Operations.RotateRight(tD, 8);
t8 += tD;
t7 ^= t8;
t7 = Operations.RotateRight(t7, 7);
t3 += t4;
t3 += dD;
tE ^= t3;
tE = Operations.RotateRight(tE, 16);
t9 += tE;
t4 ^= t9;
t4 = Operations.RotateRight(t4, 12);
t3 += t4;
t3 += d0;
tE ^= t3;
tE = Operations.RotateRight(tE, 8);
t9 += tE;
t4 ^= t9;
t4 = Operations.RotateRight(t4, 7);
state[0] ^= (t0 ^ t8);
state[1] ^= (t1 ^ t9);
state[2] ^= (t2 ^ tA);
state[3] ^= (t3 ^ tB);
state[4] ^= (t4 ^ tC);
state[5] ^= (t5 ^ tD);
state[6] ^= (t6 ^ tE);
state[7] ^= (t7 ^ tF);
}
