packages feed

web3-crypto (empty) → 1.0.0.0

raw patch · 21 files changed

+6566/−0 lines, 21 filesdep +aesondep +basedep +bytestringsetup-changed

Dependencies added: aeson, base, bytestring, containers, cryptonite, hspec, hspec-contrib, hspec-discover, hspec-expectations, memory, memory-hexstring, text, uuid-types, vector

Files

+ LICENSE view
@@ -0,0 +1,211 @@+                                Apache License+                        Version 2.0, January 2004+                    http://www.apache.org/licenses/++TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION++1. Definitions.++    "License" shall mean the terms and conditions for use, reproduction,+    and distribution as defined by Sections 1 through 9 of this document.++    "Licensor" shall mean the copyright owner or entity authorized by+    the copyright owner that is granting the License.++    "Legal Entity" shall mean the union of the acting entity and all+    other entities that control, are controlled by, or are under common+    control with that entity. For the purposes of this definition,+    "control" means (i) the power, direct or indirect, to cause the+    direction or management of such entity, whether by contract or+    otherwise, or (ii) ownership of fifty percent (50%) or more of the+    outstanding shares, or (iii) beneficial ownership of such entity.++    "You" (or "Your") shall mean an individual or Legal Entity+    exercising permissions granted by this License.++    "Source" form shall mean the preferred form for making modifications,+    including but not limited to software source code, documentation+    source, and configuration files.++    "Object" form shall mean any form resulting from mechanical+    transformation or translation of a Source form, including but+    not limited to compiled object code, generated documentation,+    and conversions to other media types.++    "Work" shall mean the work of authorship, whether in Source or+    Object form, made available under the License, as indicated by a+    copyright notice that is included in or attached to the work+    (an example is provided in the Appendix below).++    "Derivative Works" shall mean any work, whether in Source or Object+    form, that is based on (or derived from) the Work and for which the+    editorial revisions, annotations, elaborations, or other modifications+    represent, as a whole, an original work of authorship. For the purposes+    of this License, Derivative Works shall not include works that remain+    separable from, or merely link (or bind by name) to the interfaces of,+    the Work and Derivative Works thereof.++    "Contribution" shall mean any work of authorship, including+    the original version of the Work and any modifications or additions+    to that Work or Derivative Works thereof, that is intentionally+    submitted to Licensor for inclusion in the Work by the copyright owner+    or by an individual or Legal Entity authorized to submit on behalf of+    the copyright owner. For the purposes of this definition, "submitted"+    means any form of electronic, verbal, or written communication sent+    to the Licensor or its representatives, including but not limited to+    communication on electronic mailing lists, source code control systems,+    and issue tracking systems that are managed by, or on behalf of, the+    Licensor for the purpose of discussing and improving the Work, but+    excluding communication that is conspicuously marked or otherwise+    designated in writing by the copyright owner as "Not a Contribution."++    "Contributor" shall mean Licensor and any individual or Legal Entity+    on behalf of whom a Contribution has been received by Licensor and+    subsequently incorporated within the Work.++2. Grant of Copyright License. Subject to the terms and conditions of+    this License, each Contributor hereby grants to You a perpetual,+    worldwide, non-exclusive, no-charge, royalty-free, irrevocable+    copyright license to reproduce, prepare Derivative Works of,+    publicly display, publicly perform, sublicense, and distribute the+    Work and such Derivative Works in Source or Object form.++3. Grant of Patent License. Subject to the terms and conditions of+    this License, each Contributor hereby grants to You a perpetual,+    worldwide, non-exclusive, no-charge, royalty-free, irrevocable+    (except as stated in this section) patent license to make, have made,+    use, offer to sell, sell, import, and otherwise transfer the Work,+    where such license applies only to those patent claims licensable+    by such Contributor that are necessarily infringed by their+    Contribution(s) alone or by combination of their Contribution(s)+    with the Work to which such Contribution(s) was submitted. If You+    institute patent litigation against any entity (including a+    cross-claim or counterclaim in a lawsuit) alleging that the Work+    or a Contribution incorporated within the Work constitutes direct+    or contributory patent infringement, then any patent licenses+    granted to You under this License for that Work shall terminate+    as of the date such litigation is filed.++4. Redistribution. You may reproduce and distribute copies of the+    Work or Derivative Works thereof in any medium, with or without+    modifications, and in Source or Object form, provided that You+    meet the following conditions:++    (a) You must give any other recipients of the Work or+        Derivative Works a copy of this License; and++    (b) You must cause any modified files to carry prominent notices+        stating that You changed the files; and++    (c) You must retain, in the Source form of any Derivative Works+        that You distribute, all copyright, patent, trademark, and+        attribution notices from the Source form of the Work,+        excluding those notices that do not pertain to any part of+        the Derivative Works; and++    (d) If the Work includes a "NOTICE" text file as part of its+        distribution, then any Derivative Works that You distribute must+        include a readable copy of the attribution notices contained+        within such NOTICE file, excluding those notices that do not+        pertain to any part of the Derivative Works, in at least one+        of the following places: within a NOTICE text file distributed+        as part of the Derivative Works; within the Source form or+        documentation, if provided along with the Derivative Works; or,+        within a display generated by the Derivative Works, if and+        wherever such third-party notices normally appear. The contents+        of the NOTICE file are for informational purposes only and+        do not modify the License. You may add Your own attribution+        notices within Derivative Works that You distribute, alongside+        or as an addendum to the NOTICE text from the Work, provided+        that such additional attribution notices cannot be construed+        as modifying the License.++    You may add Your own copyright statement to Your modifications and+    may provide additional or different license terms and conditions+    for use, reproduction, or distribution of Your modifications, or+    for any such Derivative Works as a whole, provided Your use,+    reproduction, and distribution of the Work otherwise complies with+    the conditions stated in this License.++5. Submission of Contributions. Unless You explicitly state otherwise,+    any Contribution intentionally submitted for inclusion in the Work+    by You to the Licensor shall be under the terms and conditions of+    this License, without any additional terms or conditions.+    Notwithstanding the above, nothing herein shall supersede or modify+    the terms of any separate license agreement you may have executed+    with Licensor regarding such Contributions.++6. Trademarks. This License does not grant permission to use the trade+    names, trademarks, service marks, or product names of the Licensor,+    except as required for reasonable and customary use in describing the+    origin of the Work and reproducing the content of the NOTICE file.++7. Disclaimer of Warranty. Unless required by applicable law or+    agreed to in writing, Licensor provides the Work (and each+    Contributor provides its Contributions) on an "AS IS" BASIS,+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or+    implied, including, without limitation, any warranties or conditions+    of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A+    PARTICULAR PURPOSE. You are solely responsible for determining the+    appropriateness of using or redistributing the Work and assume any+    risks associated with Your exercise of permissions under this License.++8. Limitation of Liability. In no event and under no legal theory,+    whether in tort (including negligence), contract, or otherwise,+    unless required by applicable law (such as deliberate and grossly+    negligent acts) or agreed to in writing, shall any Contributor be+    liable to You for damages, including any direct, indirect, special,+    incidental, or consequential damages of any character arising as a+    result of this License or out of the use or inability to use the+    Work (including but not limited to damages for loss of goodwill,+    work stoppage, computer failure or malfunction, or any and all+    other commercial damages or losses), even if such Contributor+    has been advised of the possibility of such damages.++9. Accepting Warranty or Additional Liability. While redistributing+    the Work or Derivative Works thereof, You may choose to offer,+    and charge a fee for, acceptance of support, warranty, indemnity,+    or other liability obligations and/or rights consistent with this+    License. However, in accepting such obligations, You may act only+    on Your own behalf and on Your sole responsibility, not on behalf+    of any other Contributor, and only if You agree to indemnify,+    defend, and hold each Contributor harmless for any liability+    incurred by, or claims asserted against, such Contributor by reason+    of your accepting any such warranty or additional liability.++END OF TERMS AND CONDITIONS++APPENDIX: How to apply the Apache License to your work.++    To apply the Apache License to your work, attach the following+    boilerplate notice, with the fields enclosed by brackets "[]"+    replaced with your own identifying information. (Don't include+    the brackets!)  The text should be enclosed in the appropriate+    comment syntax for the file format. We also recommend that a+    file or class name and description of purpose be included on the+    same "printed page" as the copyright notice for easier+    identification within third-party archives.++Copyright 2016-2021 Aleksandr Krupenkin ++Licensed under the Apache License, Version 2.0 (the "License");+you may not use this file except in compliance with the License.+You may obtain a copy of the License at++    http://www.apache.org/licenses/LICENSE-2.0++Unless required by applicable law or agreed to in writing, software+distributed under the License is distributed on an "AS IS" BASIS,+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.+See the License for the specific language governing permissions and+limitations under the License.++                                    NOTE+                            +Individual files contain the following tag instead of the full license+text.++    SPDX-License-Identifier:  Apache-2.0++This enables machine processing of license information based on the SPDX+License Identifiers that are here available: http://spdx.org/licenses/
+ Setup.hs view
@@ -0,0 +1,2 @@+import Distribution.Simple+main = defaultMain
+ src/Crypto/Bip39.hs view
@@ -0,0 +1,550 @@+{-# LANGUAGE OverloadedStrings #-}++-- |+-- Module      :  Crypto.Bip39+-- Copyright   :  Aleksandr Krupenkin 2016-2021+-- License     :  Apache-2.0+--+-- Maintainer  :  mail@akru.me+-- Stability   :  experimental+-- Portability :  unportable+--+-- Mnemonic keys (BIP-39). Only English dictionary.+-- Thanks to Haskoin project <https://hackage.haskell.org/package/haskoin-core>.+--++module Crypto.Bip39+    ( -- * Mnemonic Sentences+      Entropy+    , Mnemonic+    , Passphrase+    , Seed+    , toMnemonic+    , fromMnemonic+    , mnemonicToSeed+    ) where++import           Control.Monad      (when)+import           Crypto.Hash        (SHA256 (..), hashWith)+import           Crypto.KDF.PBKDF2  (Parameters (..), fastPBKDF2_SHA512)+import           Data.Bits          (shiftL, shiftR, (.&.), (.|.))+import qualified Data.ByteArray     as BA+import           Data.ByteString    (ByteString)+import qualified Data.ByteString    as BS+import           Data.List+import qualified Data.Map.Strict    as M+import           Data.Maybe+import           Data.Text          (Text)+import qualified Data.Text          as T+import qualified Data.Text.Encoding as E+import           Data.Vector        (Vector, (!))+import qualified Data.Vector        as V+import           Data.Word          (Word8)++-- | Random data used to create a mnemonic sentence. Use a good entropy source.+-- You will get your coins stolen if you don't. You have been warned.+type Entropy = ByteString++-- | Human-readable mnemonic sentence.+type Mnemonic = Text++-- | Optional passphrase for mnemnoic sentence.+type Passphrase = Text++-- | Seed for a private key from a mnemonic sentence.+type Seed = ByteString++-- | Mnemonic key checksum.+type Checksum = ByteString++-- | Paremeters for PBKDF2 function.+pbkdfParams :: Parameters+pbkdfParams = Parameters {iterCounts = 2048, outputLength = 64}++-- | Provide intial 'Entropy' as a 'ByteString' of length multiple of 4 bytes.+-- Output a 'Mnemonic' sentence.+toMnemonic :: Entropy -> Either String Mnemonic+toMnemonic ent = do+    when (BS.null ent) $+        Left "toMnemonic: entropy can not be empty"+    when (remainder /= 0) $+        Left "toMnemonic: entropy must be multiples of 4 bytes"+    when (cs_len > 16) $+        Left "toMnemonic: maximum entropy is 64 bytes (512 bits)"+    return ms+  where+    (cs_len, remainder) = BS.length ent `quotRem` 4+    c = calcCS cs_len ent+    indices = bsToIndices $ ent `BS.append` c+    ms = T.unwords $ map (wl!) indices++-- | Revert 'toMnemonic'. Do not use this to generate a 'Seed'. Instead use+-- 'mnemonicToSeed'. This outputs the original 'Entropy' used to generate a+-- 'Mnemonic' sentence.+fromMnemonic :: Mnemonic -> Either String Entropy+fromMnemonic ms = do+    when (T.null ms) $+        Left "fromMnemonic: empty mnemonic"+    when (word_count > 48) $+        Left $ "fromMnemonic: too many words: " ++ show word_count+    when (word_count `mod` 3 /= 0) $+        Left $ "fromMnemonic: wrong number of words:" ++ show word_count+    ms_bs <- indicesToBS =<< getIndices ms_words+    let (ms_ent, ms_cs) = BS.splitAt (ent_len * 4) ms_bs+        ms_cs_num = numCS cs_len ms_cs+        ent_cs_num = numCS cs_len $ calcCS cs_len ms_ent+    when (ent_cs_num /= ms_cs_num) $+        Left $ "fromMnemonic: checksum failed: " ++ sh ent_cs_num ms_cs_num+    return ms_ent+  where+    ms_words = T.words ms+    word_count = length ms_words+    (ent_len, cs_len) = (word_count * 11) `quotRem` 32+    sh cs_a cs_b = show cs_a ++ " /= " ++ show cs_b++-- | Compute 'Checksum'.+calcCS :: Int -> Entropy -> Checksum+calcCS len = getBits len . BA.convert . hashWith SHA256++numCS :: Int -> Entropy -> Integer+numCS len =+    shiftCS . bsToInteger+  where+    shiftCS = case 8 - len `mod` 8 of+        8 -> id+        x -> flip shiftR x++-- | Turn an arbitrary sequence of characters into a 512-bit 'Seed'. Use+-- 'mnemonicToSeed' to get a seed from a 'Mnemonic' sentence. Warning: Does not+-- perform NFKD normalization.+anyToSeed :: Passphrase -> Mnemonic -> Seed+anyToSeed pf ms =+    fastPBKDF2_SHA512+    pbkdfParams+    (E.encodeUtf8 ms)+    ("mnemonic" `mappend` E.encodeUtf8 pf)++-- | Get a 512-bit 'Seed' from a 'Mnemonic' sentence. Will validate checksum.+-- 'Passphrase' can be used to protect the 'Mnemonic'. Use an empty string as+-- 'Passphrase' if none is required.+mnemonicToSeed :: Passphrase -> Mnemonic -> Either String Seed+mnemonicToSeed pf ms = do+    ent <- fromMnemonic ms+    mnm <- toMnemonic ent+    return $ anyToSeed pf mnm++-- | Get indices of words in word list.+getIndices :: [Text] -> Either String [Int]+getIndices ws+    | null n = return $ catMaybes i+    | otherwise = Left $ "getIndices: words not found: " ++ show w+  where+    i = map (`M.lookup` wl') ws+    n = elemIndices Nothing i+    w = T.unwords $ map (ws !!) n++-- | Turn a list of 11-bit numbers into a 'ByteString'+indicesToBS :: [Int] -> Either String ByteString+indicesToBS is = do+    when lrg $ Left "indicesToBS: index larger or equal than 2048"+    return . pad . integerToBS $ foldl' f 0 is `shiftL` shift_width+  where+    lrg = isJust $ find (>= 2048) is+    (q, r) = (length is * 11) `quotRem` 8+    shift_width =+        if r == 0+            then 0+            else 8 - r+    bl =+        if r == 0+            then q+            else q + 1 -- length of resulting ByteString+    pad bs = BS.append (BS.replicate (bl - BS.length bs) 0x00) bs+    f acc x = (acc `shiftL` 11) + fromIntegral x++-- | Turn a 'ByteString' into a list of 11-bit numbers.+bsToIndices :: ByteString -> [Int]+bsToIndices bs =+    reverse . go q $ bsToInteger bs `shiftR` r+  where+    (q, r) = (BS.length bs * 8) `quotRem` 11+    go 0 _ = []+    go n i = fromIntegral (i `mod` 2048) : go (n - 1) (i `shiftR` 11)++wl' :: M.Map Text Int+wl' = V.ifoldr' (\i w m -> M.insert w i m) M.empty wl++-- | Standard English dictionary from BIP-39 specification.+wl :: Vector Text+wl = V.fromListN 2048+    [ "abandon", "ability", "able", "about", "above", "absent"+    , "absorb", "abstract", "absurd", "abuse", "access", "accident"+    , "account", "accuse", "achieve", "acid", "acoustic", "acquire"+    , "across", "act", "action", "actor", "actress", "actual"+    , "adapt", "add", "addict", "address", "adjust", "admit"+    , "adult", "advance", "advice", "aerobic", "affair", "afford"+    , "afraid", "again", "age", "agent", "agree", "ahead"+    , "aim", "air", "airport", "aisle", "alarm", "album"+    , "alcohol", "alert", "alien", "all", "alley", "allow"+    , "almost", "alone", "alpha", "already", "also", "alter"+    , "always", "amateur", "amazing", "among", "amount", "amused"+    , "analyst", "anchor", "ancient", "anger", "angle", "angry"+    , "animal", "ankle", "announce", "annual", "another", "answer"+    , "antenna", "antique", "anxiety", "any", "apart", "apology"+    , "appear", "apple", "approve", "april", "arch", "arctic"+    , "area", "arena", "argue", "arm", "armed", "armor"+    , "army", "around", "arrange", "arrest", "arrive", "arrow"+    , "art", "artefact", "artist", "artwork", "ask", "aspect"+    , "assault", "asset", "assist", "assume", "asthma", "athlete"+    , "atom", "attack", "attend", "attitude", "attract", "auction"+    , "audit", "august", "aunt", "author", "auto", "autumn"+    , "average", "avocado", "avoid", "awake", "aware", "away"+    , "awesome", "awful", "awkward", "axis", "baby", "bachelor"+    , "bacon", "badge", "bag", "balance", "balcony", "ball"+    , "bamboo", "banana", "banner", "bar", "barely", "bargain"+    , "barrel", "base", "basic", "basket", "battle", "beach"+    , "bean", "beauty", "because", "become", "beef", "before"+    , "begin", "behave", "behind", "believe", "below", "belt"+    , "bench", "benefit", "best", "betray", "better", "between"+    , "beyond", "bicycle", "bid", "bike", "bind", "biology"+    , "bird", "birth", "bitter", "black", "blade", "blame"+    , "blanket", "blast", "bleak", "bless", "blind", "blood"+    , "blossom", "blouse", "blue", "blur", "blush", "board"+    , "boat", "body", "boil", "bomb", "bone", "bonus"+    , "book", "boost", "border", "boring", "borrow", "boss"+    , "bottom", "bounce", "box", "boy", "bracket", "brain"+    , "brand", "brass", "brave", "bread", "breeze", "brick"+    , "bridge", "brief", "bright", "bring", "brisk", "broccoli"+    , "broken", "bronze", "broom", "brother", "brown", "brush"+    , "bubble", "buddy", "budget", "buffalo", "build", "bulb"+    , "bulk", "bullet", "bundle", "bunker", "burden", "burger"+    , "burst", "bus", "business", "busy", "butter", "buyer"+    , "buzz", "cabbage", "cabin", "cable", "cactus", "cage"+    , "cake", "call", "calm", "camera", "camp", "can"+    , "canal", "cancel", "candy", "cannon", "canoe", "canvas"+    , "canyon", "capable", "capital", "captain", "car", "carbon"+    , "card", "cargo", "carpet", "carry", "cart", "case"+    , "cash", "casino", "castle", "casual", "cat", "catalog"+    , "catch", "category", "cattle", "caught", "cause", "caution"+    , "cave", "ceiling", "celery", "cement", "census", "century"+    , "cereal", "certain", "chair", "chalk", "champion", "change"+    , "chaos", "chapter", "charge", "chase", "chat", "cheap"+    , "check", "cheese", "chef", "cherry", "chest", "chicken"+    , "chief", "child", "chimney", "choice", "choose", "chronic"+    , "chuckle", "chunk", "churn", "cigar", "cinnamon", "circle"+    , "citizen", "city", "civil", "claim", "clap", "clarify"+    , "claw", "clay", "clean", "clerk", "clever", "click"+    , "client", "cliff", "climb", "clinic", "clip", "clock"+    , "clog", "close", "cloth", "cloud", "clown", "club"+    , "clump", "cluster", "clutch", "coach", "coast", "coconut"+    , "code", "coffee", "coil", "coin", "collect", "color"+    , "column", "combine", "come", "comfort", "comic", "common"+    , "company", "concert", "conduct", "confirm", "congress", "connect"+    , "consider", "control", "convince", "cook", "cool", "copper"+    , "copy", "coral", "core", "corn", "correct", "cost"+    , "cotton", "couch", "country", "couple", "course", "cousin"+    , "cover", "coyote", "crack", "cradle", "craft", "cram"+    , "crane", "crash", "crater", "crawl", "crazy", "cream"+    , "credit", "creek", "crew", "cricket", "crime", "crisp"+    , "critic", "crop", "cross", "crouch", "crowd", "crucial"+    , "cruel", "cruise", "crumble", "crunch", "crush", "cry"+    , "crystal", "cube", "culture", "cup", "cupboard", "curious"+    , "current", "curtain", "curve", "cushion", "custom", "cute"+    , "cycle", "dad", "damage", "damp", "dance", "danger"+    , "daring", "dash", "daughter", "dawn", "day", "deal"+    , "debate", "debris", "decade", "december", "decide", "decline"+    , "decorate", "decrease", "deer", "defense", "define", "defy"+    , "degree", "delay", "deliver", "demand", "demise", "denial"+    , "dentist", "deny", "depart", "depend", "deposit", "depth"+    , "deputy", "derive", "describe", "desert", "design", "desk"+    , "despair", "destroy", "detail", "detect", "develop", "device"+    , "devote", "diagram", "dial", "diamond", "diary", "dice"+    , "diesel", "diet", "differ", "digital", "dignity", "dilemma"+    , "dinner", "dinosaur", "direct", "dirt", "disagree", "discover"+    , "disease", "dish", "dismiss", "disorder", "display", "distance"+    , "divert", "divide", "divorce", "dizzy", "doctor", "document"+    , "dog", "doll", "dolphin", "domain", "donate", "donkey"+    , "donor", "door", "dose", "double", "dove", "draft"+    , "dragon", "drama", "drastic", "draw", "dream", "dress"+    , "drift", "drill", "drink", "drip", "drive", "drop"+    , "drum", "dry", "duck", "dumb", "dune", "during"+    , "dust", "dutch", "duty", "dwarf", "dynamic", "eager"+    , "eagle", "early", "earn", "earth", "easily", "east"+    , "easy", "echo", "ecology", "economy", "edge", "edit"+    , "educate", "effort", "egg", "eight", "either", "elbow"+    , "elder", "electric", "elegant", "element", "elephant", "elevator"+    , "elite", "else", "embark", "embody", "embrace", "emerge"+    , "emotion", "employ", "empower", "empty", "enable", "enact"+    , "end", "endless", "endorse", "enemy", "energy", "enforce"+    , "engage", "engine", "enhance", "enjoy", "enlist", "enough"+    , "enrich", "enroll", "ensure", "enter", "entire", "entry"+    , "envelope", "episode", "equal", "equip", "era", "erase"+    , "erode", "erosion", "error", "erupt", "escape", "essay"+    , "essence", "estate", "eternal", "ethics", "evidence", "evil"+    , "evoke", "evolve", "exact", "example", "excess", "exchange"+    , "excite", "exclude", "excuse", "execute", "exercise", "exhaust"+    , "exhibit", "exile", "exist", "exit", "exotic", "expand"+    , "expect", "expire", "explain", "expose", "express", "extend"+    , "extra", "eye", "eyebrow", "fabric", "face", "faculty"+    , "fade", "faint", "faith", "fall", "false", "fame"+    , "family", "famous", "fan", "fancy", "fantasy", "farm"+    , "fashion", "fat", "fatal", "father", "fatigue", "fault"+    , "favorite", "feature", "february", "federal", "fee", "feed"+    , "feel", "female", "fence", "festival", "fetch", "fever"+    , "few", "fiber", "fiction", "field", "figure", "file"+    , "film", "filter", "final", "find", "fine", "finger"+    , "finish", "fire", "firm", "first", "fiscal", "fish"+    , "fit", "fitness", "fix", "flag", "flame", "flash"+    , "flat", "flavor", "flee", "flight", "flip", "float"+    , "flock", "floor", "flower", "fluid", "flush", "fly"+    , "foam", "focus", "fog", "foil", "fold", "follow"+    , "food", "foot", "force", "forest", "forget", "fork"+    , "fortune", "forum", "forward", "fossil", "foster", "found"+    , "fox", "fragile", "frame", "frequent", "fresh", "friend"+    , "fringe", "frog", "front", "frost", "frown", "frozen"+    , "fruit", "fuel", "fun", "funny", "furnace", "fury"+    , "future", "gadget", "gain", "galaxy", "gallery", "game"+    , "gap", "garage", "garbage", "garden", "garlic", "garment"+    , "gas", "gasp", "gate", "gather", "gauge", "gaze"+    , "general", "genius", "genre", "gentle", "genuine", "gesture"+    , "ghost", "giant", "gift", "giggle", "ginger", "giraffe"+    , "girl", "give", "glad", "glance", "glare", "glass"+    , "glide", "glimpse", "globe", "gloom", "glory", "glove"+    , "glow", "glue", "goat", "goddess", "gold", "good"+    , "goose", "gorilla", "gospel", "gossip", "govern", "gown"+    , "grab", "grace", "grain", "grant", "grape", "grass"+    , "gravity", "great", "green", "grid", "grief", "grit"+    , "grocery", "group", "grow", "grunt", "guard", "guess"+    , "guide", "guilt", "guitar", "gun", "gym", "habit"+    , "hair", "half", "hammer", "hamster", "hand", "happy"+    , "harbor", "hard", "harsh", "harvest", "hat", "have"+    , "hawk", "hazard", "head", "health", "heart", "heavy"+    , "hedgehog", "height", "hello", "helmet", "help", "hen"+    , "hero", "hidden", "high", "hill", "hint", "hip"+    , "hire", "history", "hobby", "hockey", "hold", "hole"+    , "holiday", "hollow", "home", "honey", "hood", "hope"+    , "horn", "horror", "horse", "hospital", "host", "hotel"+    , "hour", "hover", "hub", "huge", "human", "humble"+    , "humor", "hundred", "hungry", "hunt", "hurdle", "hurry"+    , "hurt", "husband", "hybrid", "ice", "icon", "idea"+    , "identify", "idle", "ignore", "ill", "illegal", "illness"+    , "image", "imitate", "immense", "immune", "impact", "impose"+    , "improve", "impulse", "inch", "include", "income", "increase"+    , "index", "indicate", "indoor", "industry", "infant", "inflict"+    , "inform", "inhale", "inherit", "initial", "inject", "injury"+    , "inmate", "inner", "innocent", "input", "inquiry", "insane"+    , "insect", "inside", "inspire", "install", "intact", "interest"+    , "into", "invest", "invite", "involve", "iron", "island"+    , "isolate", "issue", "item", "ivory", "jacket", "jaguar"+    , "jar", "jazz", "jealous", "jeans", "jelly", "jewel"+    , "job", "join", "joke", "journey", "joy", "judge"+    , "juice", "jump", "jungle", "junior", "junk", "just"+    , "kangaroo", "keen", "keep", "ketchup", "key", "kick"+    , "kid", "kidney", "kind", "kingdom", "kiss", "kit"+    , "kitchen", "kite", "kitten", "kiwi", "knee", "knife"+    , "knock", "know", "lab", "label", "labor", "ladder"+    , "lady", "lake", "lamp", "language", "laptop", "large"+    , "later", "latin", "laugh", "laundry", "lava", "law"+    , "lawn", "lawsuit", "layer", "lazy", "leader", "leaf"+    , "learn", "leave", "lecture", "left", "leg", "legal"+    , "legend", "leisure", "lemon", "lend", "length", "lens"+    , "leopard", "lesson", "letter", "level", "liar", "liberty"+    , "library", "license", "life", "lift", "light", "like"+    , "limb", "limit", "link", "lion", "liquid", "list"+    , "little", "live", "lizard", "load", "loan", "lobster"+    , "local", "lock", "logic", "lonely", "long", "loop"+    , "lottery", "loud", "lounge", "love", "loyal", "lucky"+    , "luggage", "lumber", "lunar", "lunch", "luxury", "lyrics"+    , "machine", "mad", "magic", "magnet", "maid", "mail"+    , "main", "major", "make", "mammal", "man", "manage"+    , "mandate", "mango", "mansion", "manual", "maple", "marble"+    , "march", "margin", "marine", "market", "marriage", "mask"+    , "mass", "master", "match", "material", "math", "matrix"+    , "matter", "maximum", "maze", "meadow", "mean", "measure"+    , "meat", "mechanic", "medal", "media", "melody", "melt"+    , "member", "memory", "mention", "menu", "mercy", "merge"+    , "merit", "merry", "mesh", "message", "metal", "method"+    , "middle", "midnight", "milk", "million", "mimic", "mind"+    , "minimum", "minor", "minute", "miracle", "mirror", "misery"+    , "miss", "mistake", "mix", "mixed", "mixture", "mobile"+    , "model", "modify", "mom", "moment", "monitor", "monkey"+    , "monster", "month", "moon", "moral", "more", "morning"+    , "mosquito", "mother", "motion", "motor", "mountain", "mouse"+    , "move", "movie", "much", "muffin", "mule", "multiply"+    , "muscle", "museum", "mushroom", "music", "must", "mutual"+    , "myself", "mystery", "myth", "naive", "name", "napkin"+    , "narrow", "nasty", "nation", "nature", "near", "neck"+    , "need", "negative", "neglect", "neither", "nephew", "nerve"+    , "nest", "net", "network", "neutral", "never", "news"+    , "next", "nice", "night", "noble", "noise", "nominee"+    , "noodle", "normal", "north", "nose", "notable", "note"+    , "nothing", "notice", "novel", "now", "nuclear", "number"+    , "nurse", "nut", "oak", "obey", "object", "oblige"+    , "obscure", "observe", "obtain", "obvious", "occur", "ocean"+    , "october", "odor", "off", "offer", "office", "often"+    , "oil", "okay", "old", "olive", "olympic", "omit"+    , "once", "one", "onion", "online", "only", "open"+    , "opera", "opinion", "oppose", "option", "orange", "orbit"+    , "orchard", "order", "ordinary", "organ", "orient", "original"+    , "orphan", "ostrich", "other", "outdoor", "outer", "output"+    , "outside", "oval", "oven", "over", "own", "owner"+    , "oxygen", "oyster", "ozone", "pact", "paddle", "page"+    , "pair", "palace", "palm", "panda", "panel", "panic"+    , "panther", "paper", "parade", "parent", "park", "parrot"+    , "party", "pass", "patch", "path", "patient", "patrol"+    , "pattern", "pause", "pave", "payment", "peace", "peanut"+    , "pear", "peasant", "pelican", "pen", "penalty", "pencil"+    , "people", "pepper", "perfect", "permit", "person", "pet"+    , "phone", "photo", "phrase", "physical", "piano", "picnic"+    , "picture", "piece", "pig", "pigeon", "pill", "pilot"+    , "pink", "pioneer", "pipe", "pistol", "pitch", "pizza"+    , "place", "planet", "plastic", "plate", "play", "please"+    , "pledge", "pluck", "plug", "plunge", "poem", "poet"+    , "point", "polar", "pole", "police", "pond", "pony"+    , "pool", "popular", "portion", "position", "possible", "post"+    , "potato", "pottery", "poverty", "powder", "power", "practice"+    , "praise", "predict", "prefer", "prepare", "present", "pretty"+    , "prevent", "price", "pride", "primary", "print", "priority"+    , "prison", "private", "prize", "problem", "process", "produce"+    , "profit", "program", "project", "promote", "proof", "property"+    , "prosper", "protect", "proud", "provide", "public", "pudding"+    , "pull", "pulp", "pulse", "pumpkin", "punch", "pupil"+    , "puppy", "purchase", "purity", "purpose", "purse", "push"+    , "put", "puzzle", "pyramid", "quality", "quantum", "quarter"+    , "question", "quick", "quit", "quiz", "quote", "rabbit"+    , "raccoon", "race", "rack", "radar", "radio", "rail"+    , "rain", "raise", "rally", "ramp", "ranch", "random"+    , "range", "rapid", "rare", "rate", "rather", "raven"+    , "raw", "razor", "ready", "real", "reason", "rebel"+    , "rebuild", "recall", "receive", "recipe", "record", "recycle"+    , "reduce", "reflect", "reform", "refuse", "region", "regret"+    , "regular", "reject", "relax", "release", "relief", "rely"+    , "remain", "remember", "remind", "remove", "render", "renew"+    , "rent", "reopen", "repair", "repeat", "replace", "report"+    , "require", "rescue", "resemble", "resist", "resource", "response"+    , "result", "retire", "retreat", "return", "reunion", "reveal"+    , "review", "reward", "rhythm", "rib", "ribbon", "rice"+    , "rich", "ride", "ridge", "rifle", "right", "rigid"+    , "ring", "riot", "ripple", "risk", "ritual", "rival"+    , "river", "road", "roast", "robot", "robust", "rocket"+    , "romance", "roof", "rookie", "room", "rose", "rotate"+    , "rough", "round", "route", "royal", "rubber", "rude"+    , "rug", "rule", "run", "runway", "rural", "sad"+    , "saddle", "sadness", "safe", "sail", "salad", "salmon"+    , "salon", "salt", "salute", "same", "sample", "sand"+    , "satisfy", "satoshi", "sauce", "sausage", "save", "say"+    , "scale", "scan", "scare", "scatter", "scene", "scheme"+    , "school", "science", "scissors", "scorpion", "scout", "scrap"+    , "screen", "script", "scrub", "sea", "search", "season"+    , "seat", "second", "secret", "section", "security", "seed"+    , "seek", "segment", "select", "sell", "seminar", "senior"+    , "sense", "sentence", "series", "service", "session", "settle"+    , "setup", "seven", "shadow", "shaft", "shallow", "share"+    , "shed", "shell", "sheriff", "shield", "shift", "shine"+    , "ship", "shiver", "shock", "shoe", "shoot", "shop"+    , "short", "shoulder", "shove", "shrimp", "shrug", "shuffle"+    , "shy", "sibling", "sick", "side", "siege", "sight"+    , "sign", "silent", "silk", "silly", "silver", "similar"+    , "simple", "since", "sing", "siren", "sister", "situate"+    , "six", "size", "skate", "sketch", "ski", "skill"+    , "skin", "skirt", "skull", "slab", "slam", "sleep"+    , "slender", "slice", "slide", "slight", "slim", "slogan"+    , "slot", "slow", "slush", "small", "smart", "smile"+    , "smoke", "smooth", "snack", "snake", "snap", "sniff"+    , "snow", "soap", "soccer", "social", "sock", "soda"+    , "soft", "solar", "soldier", "solid", "solution", "solve"+    , "someone", "song", "soon", "sorry", "sort", "soul"+    , "sound", "soup", "source", "south", "space", "spare"+    , "spatial", "spawn", "speak", "special", "speed", "spell"+    , "spend", "sphere", "spice", "spider", "spike", "spin"+    , "spirit", "split", "spoil", "sponsor", "spoon", "sport"+    , "spot", "spray", "spread", "spring", "spy", "square"+    , "squeeze", "squirrel", "stable", "stadium", "staff", "stage"+    , "stairs", "stamp", "stand", "start", "state", "stay"+    , "steak", "steel", "stem", "step", "stereo", "stick"+    , "still", "sting", "stock", "stomach", "stone", "stool"+    , "story", "stove", "strategy", "street", "strike", "strong"+    , "struggle", "student", "stuff", "stumble", "style", "subject"+    , "submit", "subway", "success", "such", "sudden", "suffer"+    , "sugar", "suggest", "suit", "summer", "sun", "sunny"+    , "sunset", "super", "supply", "supreme", "sure", "surface"+    , "surge", "surprise", "surround", "survey", "suspect", "sustain"+    , "swallow", "swamp", "swap", "swarm", "swear", "sweet"+    , "swift", "swim", "swing", "switch", "sword", "symbol"+    , "symptom", "syrup", "system", "table", "tackle", "tag"+    , "tail", "talent", "talk", "tank", "tape", "target"+    , "task", "taste", "tattoo", "taxi", "teach", "team"+    , "tell", "ten", "tenant", "tennis", "tent", "term"+    , "test", "text", "thank", "that", "theme", "then"+    , "theory", "there", "they", "thing", "this", "thought"+    , "three", "thrive", "throw", "thumb", "thunder", "ticket"+    , "tide", "tiger", "tilt", "timber", "time", "tiny"+    , "tip", "tired", "tissue", "title", "toast", "tobacco"+    , "today", "toddler", "toe", "together", "toilet", "token"+    , "tomato", "tomorrow", "tone", "tongue", "tonight", "tool"+    , "tooth", "top", "topic", "topple", "torch", "tornado"+    , "tortoise", "toss", "total", "tourist", "toward", "tower"+    , "town", "toy", "track", "trade", "traffic", "tragic"+    , "train", "transfer", "trap", "trash", "travel", "tray"+    , "treat", "tree", "trend", "trial", "tribe", "trick"+    , "trigger", "trim", "trip", "trophy", "trouble", "truck"+    , "true", "truly", "trumpet", "trust", "truth", "try"+    , "tube", "tuition", "tumble", "tuna", "tunnel", "turkey"+    , "turn", "turtle", "twelve", "twenty", "twice", "twin"+    , "twist", "two", "type", "typical", "ugly", "umbrella"+    , "unable", "unaware", "uncle", "uncover", "under", "undo"+    , "unfair", "unfold", "unhappy", "uniform", "unique", "unit"+    , "universe", "unknown", "unlock", "until", "unusual", "unveil"+    , "update", "upgrade", "uphold", "upon", "upper", "upset"+    , "urban", "urge", "usage", "use", "used", "useful"+    , "useless", "usual", "utility", "vacant", "vacuum", "vague"+    , "valid", "valley", "valve", "van", "vanish", "vapor"+    , "various", "vast", "vault", "vehicle", "velvet", "vendor"+    , "venture", "venue", "verb", "verify", "version", "very"+    , "vessel", "veteran", "viable", "vibrant", "vicious", "victory"+    , "video", "view", "village", "vintage", "violin", "virtual"+    , "virus", "visa", "visit", "visual", "vital", "vivid"+    , "vocal", "voice", "void", "volcano", "volume", "vote"+    , "voyage", "wage", "wagon", "wait", "walk", "wall"+    , "walnut", "want", "warfare", "warm", "warrior", "wash"+    , "wasp", "waste", "water", "wave", "way", "wealth"+    , "weapon", "wear", "weasel", "weather", "web", "wedding"+    , "weekend", "weird", "welcome", "west", "wet", "whale"+    , "what", "wheat", "wheel", "when", "where", "whip"+    , "whisper", "wide", "width", "wife", "wild", "will"+    , "win", "window", "wine", "wing", "wink", "winner"+    , "winter", "wire", "wisdom", "wise", "wish", "witness"+    , "wolf", "woman", "wonder", "wood", "wool", "word"+    , "work", "world", "worry", "worth", "wrap", "wreck"+    , "wrestle", "wrist", "write", "wrong", "yard", "year"+    , "yellow", "you", "young", "youth", "zebra", "zero"+    , "zone", "zoo"+    ]++-- | Decode a big endian 'Integer' from a 'ByteString'.+bsToInteger :: ByteString -> Integer+bsToInteger = BS.foldr f 0 . BS.reverse+  where+    f w n = toInteger w .|. shiftL n 8++-- | Encode an 'Integer' to a 'ByteString' as big endian.+integerToBS :: Integer -> ByteString+integerToBS 0 = BS.pack [0]+integerToBS i+    | i > 0     = BS.reverse $ BS.unfoldr f i+    | otherwise = error "integerToBS not defined for negative values"+  where+    f 0 = Nothing+    f x = Just (fromInteger x :: Word8, x `shiftR` 8)+-- | Obtain 'Int' bits from beginning of 'ByteString'. Resulting 'ByteString'+-- will be smallest required to hold that many bits, padded with zeroes to the+-- right.+getBits :: Int -> ByteString -> ByteString+getBits b bs+    | r == 0 = BS.take q bs+    | otherwise = i `BS.snoc` l+  where+    (q, r) = b `quotRem` 8+    s = BS.take (q + 1) bs+    i = BS.init s+    l = BS.last s .&. (0xff `shiftL` (8 - r)) -- zero unneeded bits
+ src/Crypto/Ecdsa/Signature.hs view
@@ -0,0 +1,96 @@+{-# LANGUAGE OverloadedStrings #-}++-- |+-- Module      :  Crypto.Ecdsa.Signature+-- Copyright   :  Aleksandr Krupenkin 2016-2021+-- License     :  Apache-2.0+--+-- Maintainer  :  mail@akru.me+-- Stability   :  experimental+-- Portability :  portable+--+-- Recoverable ECC signature support.+--++module Crypto.Ecdsa.Signature+    (+      sign+    , pack+    , unpack+    ) where++import           Control.Monad               (when)+import           Crypto.Hash                 (SHA256)+import           Crypto.Number.Generate      (generateBetween)+import           Crypto.Number.ModArithmetic (inverse)+import           Crypto.Number.Serialize     (i2osp, os2ip)+import           Crypto.PubKey.ECC.ECDSA     (PrivateKey (..))+import           Crypto.PubKey.ECC.Prim      (pointMul)+import           Crypto.PubKey.ECC.Types     (CurveCommon (ecc_g, ecc_n),+                                              Point (..), common_curve)+import           Crypto.Random               (MonadRandom, withDRG)+import           Crypto.Random.HmacDrbg      (HmacDrbg, initialize)+import           Data.Bits                   (xor, (.|.))+import           Data.ByteArray              (ByteArray, ByteArrayAccess, Bytes,+                                              convert, singleton, takeView,+                                              view)+import qualified Data.ByteArray              as BA (unpack)+import           Data.Word                   (Word8)++import           Crypto.Ecdsa.Utils          (exportKey)++-- | Sign arbitrary data by given private key.+--+-- /WARNING:/ Vulnerable to timing attacks.+sign :: ByteArrayAccess bin+     => PrivateKey+     -> bin+     -> (Integer, Integer, Word8)+sign pk bin = fst $ withDRG hmac_drbg $ ecsign pk (os2ip truncated)+  where+    hmac_drbg :: HmacDrbg SHA256+    hmac_drbg = initialize $ exportKey pk <> truncated+    truncated = convert $ takeView bin 32 :: Bytes++ecsign :: MonadRandom m+       => PrivateKey+       -> Integer+       -> m (Integer, Integer, Word8)+ecsign pk@(PrivateKey curve d) z = do+    k <- generateBetween 0 (n - 1)+    case trySign k of+        Nothing  -> ecsign pk z+        Just rsv -> return rsv+  where+    n = ecc_n (common_curve curve)+    g = ecc_g (common_curve curve)+    recoveryParam x y r = fromIntegral $+        fromEnum (odd y) .|. if x /= r then 2 else 0+    trySign k = do+        (kpX, kpY) <- case pointMul curve k g of+            PointO    -> Nothing+            Point x y -> return (x, y)+        let r = kpX `mod` n+        kInv <- inverse k n+        let s = kInv * (z + r * d) `mod` n+        when (r == 0 || s == 0) Nothing+        -- Recovery param+        let v = recoveryParam kpX kpY r+        -- Use complement of s if it > n / 2+        let (s', v') | s > n `div` 2 = (n - s, v `xor` 1)+                     | otherwise = (s, v)+        return (r, s', v' + 27)++-- | Unpack recoverable signature from byte array.+--+-- Input array should have 65 byte length.+unpack :: ByteArrayAccess rsv => rsv -> (Integer, Integer, Word8)+unpack vrs = (r, s, v)+  where+    r = os2ip (view vrs 1 33)+    s = os2ip (view vrs 33 65)+    v = head (BA.unpack vrs)++-- | Pack recoverable signature as byte array (65 byte length).+pack :: ByteArray rsv => (Integer, Integer, Word8) -> rsv+pack (r, s, v) = i2osp r <> i2osp s <> singleton v
+ src/Crypto/Ecdsa/Utils.hs view
@@ -0,0 +1,53 @@+-- |+-- Module      :  Crypto.Ecdsa.Utils+-- Copyright   :  Aleksandr Krupenkin 2016-2021+-- License     :  Apache-2.0+--+-- Maintainer  :  mail@akru.me+-- Stability   :  experimental+-- Portability :  portable+--+-- ECDSA module helper functions.+--++module Crypto.Ecdsa.Utils where++import           Crypto.Number.Serialize    (i2osp, os2ip)+import           Crypto.PubKey.ECC.ECDSA    (PrivateKey (..), PublicKey (..))+import           Crypto.PubKey.ECC.Generate (generateQ)+import           Crypto.PubKey.ECC.Types    (CurveName (SEC_p256k1), Point (..),+                                             getCurveByName)+import           Data.ByteArray             (ByteArray, ByteArrayAccess,+                                             singleton)++-- | Import ECDSA private key from byte array.+--+-- Input array should have 32 byte length.+importKey :: ByteArrayAccess privateKey => privateKey -> PrivateKey+{-# INLINE importKey #-}+importKey = PrivateKey (getCurveByName SEC_p256k1) . os2ip++-- | Export private key to byte array (32 byte length).+exportKey :: ByteArray privateKey => PrivateKey -> privateKey+{-# INLINE exportKey #-}+exportKey (PrivateKey _ key) = i2osp key++-- | Get public key appropriate to private key.+--+-- /WARNING:/ Vulnerable to timing attacks.+derivePubKey :: PrivateKey -> PublicKey+{-# INLINE derivePubKey #-}+derivePubKey (PrivateKey curve p) = PublicKey curve (generateQ curve p)++-- | Export public key to byte array (64 byte length).+exportPubKey :: ByteArray publicKey => PublicKey -> publicKey+exportPubKey (PublicKey _ PointO)      = mempty+exportPubKey (PublicKey _ (Point x y)) = i2osp x <> i2osp y++-- | Export compressed public key to byte array (33 byte length).+exportPubKeyCompress :: ByteArray publicKey => PublicKey -> publicKey+exportPubKeyCompress (PublicKey _ PointO) = mempty+exportPubKeyCompress (PublicKey _ (Point x y)) = prefix <> i2osp x+  where+    prefix | even y = singleton 0x02+           | otherwise = singleton 0x03
+ src/Crypto/Ethereum.hs view
@@ -0,0 +1,31 @@+-- |+-- Module      :  Crypto.Ethereum+-- Copyright   :  Aleksandr Krupenkin 2016-2021+-- License     :  Apache-2.0+--+-- Maintainer  :  mail@akru.me+-- Stability   :  experimental+-- Portability :  unportable+--+-- Ethereum cryptography primitives.+--++module Crypto.Ethereum+    (+    -- * ECDSA crypto key ops+      PrivateKey+    , PublicKey+    , importKey+    , derivePubKey++    -- * Digital Signature Algorithm+    , signMessage++    -- * Hash function+    , keccak256+    ) where++import           Crypto.Ecdsa.Utils        (derivePubKey, importKey)+import           Crypto.Ethereum.Signature (signMessage)+import           Crypto.Ethereum.Utils     (keccak256)+import           Crypto.PubKey.ECC.ECDSA   (PrivateKey, PublicKey)
+ src/Crypto/Ethereum/Keyfile.hs view
@@ -0,0 +1,237 @@+{-# LANGUAGE LambdaCase        #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards   #-}++-- |+-- Module      :  Crypto.Ethereum.Keyfile+-- Copyright   :  Aleksandr Krupenkin 2016-2021+-- License     :  Apache-2.0+--+-- Maintainer  :  mail@akru.me+-- Stability   :  experimental+-- Portability :  portable+--+-- Ethereum Secret Storage implementation.+-- Spec https://github.com/ethereum/wiki/wiki/Web3-Secret-Storage-Definition.+--++module Crypto.Ethereum.Keyfile+    (+    -- * Encrypted Ethereum private key+      EncryptedKey(..)+    , Cipher(..)+    , Kdf(..)++    -- * Secret storage packers+    , decrypt+    , encrypt+    ) where++import           Crypto.Cipher.AES        (AES128)+import           Crypto.Cipher.Types      (IV, cipherInit, ctrCombine, makeIV)+import           Crypto.Error             (throwCryptoError)+import qualified Crypto.KDF.PBKDF2        as Pbkdf2 (Parameters (..),+                                                     fastPBKDF2_SHA256)+import qualified Crypto.KDF.Scrypt        as Scrypt (Parameters (..), generate)+import           Crypto.Random            (MonadRandom (getRandomBytes))+import           Data.Aeson               (FromJSON (..), ToJSON (..), Value,+                                           object, withObject, (.:), (.=))+import           Data.Aeson.Types         (Parser)+import           Data.ByteArray           (ByteArray, ByteArrayAccess, convert)+import qualified Data.ByteArray           as BA (drop, take, unpack)+import           Data.Maybe               (fromJust)+import           Data.Text                (Text)+import           Data.UUID.Types          (UUID)+import           Data.UUID.Types.Internal (buildFromBytes)++import           Crypto.Ethereum.Utils    (keccak256)+import           Data.ByteArray.HexString (HexString)++-- | Key derivation function parameters and salt.+data Kdf = Pbkdf2 !Pbkdf2.Parameters !HexString+    | Scrypt !Scrypt.Parameters !HexString++-- | Cipher parameters.+data Cipher = Aes128Ctr+    { cipherIv   :: !(IV AES128)+    , cipherText :: !HexString+    }++-- | Secret Storage representation on memory.+data EncryptedKey = EncryptedKey+    { encryptedKeyId      :: !UUID+    -- ^ Random key ID+    , encryptedKeyVersion :: !Int+    -- ^ Version (suppoted version 3 only)+    , encryptedKeyCipher  :: !Cipher+    -- ^ Cipher (supported AES-128-CTR only)+    , encryptedKeyKdf     :: !Kdf+    -- ^ Key derivation function+    , encryptedKeyMac     :: !HexString+    -- ^ MAC+    }++instance Eq EncryptedKey where+    a == b = encryptedKeyId a == encryptedKeyId b++instance Show EncryptedKey where+    show EncryptedKey{..} = "EncryptedKey " ++ show encryptedKeyId++instance FromJSON EncryptedKey where+    parseJSON = encryptedKeyParser++instance ToJSON EncryptedKey where+    toJSON = encryptedKeyBuilder++encryptedKeyBuilder :: EncryptedKey -> Value+encryptedKeyBuilder EncryptedKey{..} = object+    [ "id"      .= encryptedKeyId+    , "version" .= encryptedKeyVersion+    , "crypto"  .= object+        [ "cipher"        .= cipherName encryptedKeyCipher+        , "cipherparams"  .= cipherParams encryptedKeyCipher+        , "ciphertext"    .= cipherText encryptedKeyCipher+        , "kdf"           .= kdfName encryptedKeyKdf+        , "kdfparams"     .= kdfParams encryptedKeyKdf+        , "mac"           .= encryptedKeyMac+        ]+    ]+  where+    cipherName :: Cipher -> Text+    cipherName Aes128Ctr{..} = "aes-128-ctr"++    cipherParams :: Cipher -> Value+    cipherParams Aes128Ctr{..} = object [ "iv" .= (convert cipherIv :: HexString) ]++    kdfName :: Kdf -> Text+    kdfName = \case+        Pbkdf2 _ _ -> "pbkdf2"+        Scrypt _ _ -> "scrypt"++    kdfParams :: Kdf -> Value+    kdfParams = \case+        Pbkdf2 params salt ->+            object [ "salt"  .= salt+                   , "dklen" .= Pbkdf2.outputLength params+                   , "c"     .= Pbkdf2.iterCounts params+                   ]+        Scrypt params salt ->+            object [ "salt"  .= salt+                   , "dklen" .= Scrypt.outputLength params+                   , "p"     .= Scrypt.p params+                   , "r"     .= Scrypt.r params+                   , "n"     .= Scrypt.n params+                   ]++encryptedKeyParser :: Value -> Parser EncryptedKey+encryptedKeyParser = withObject "EncryptedKey" $ \v -> do+    uuid    <- v .: "id"+    version <- v .: "version"+    crypto  <- v .: "crypto"+    cipher  <- parseCipher crypto+    kdf     <- parseKdf crypto+    mac     <- withObject "Crypto" (.: "mac") crypto+    return $ EncryptedKey uuid version cipher kdf mac++parseCipher :: Value -> Parser Cipher+parseCipher = withObject "Cipher" $ \v -> do+    name <- v .: "cipher"+    case name :: Text of+        "aes-128-ctr" -> do+            params <- v .: "cipherparams"+            hexiv <- params .: "iv"+            text <- v .: "ciphertext"+            case makeIV (hexiv :: HexString) of+                Just iv -> return (Aes128Ctr iv text)+                Nothing -> fail $ "Unable to make IV from " ++ show hexiv+        _ -> fail $ show name ++ " not implemented yet"++parseKdf :: Value -> Parser Kdf+parseKdf = withObject "Kdf" $ \v -> do+    name   <- v .: "kdf"+    params <- v .: "kdfparams"+    dklen  <- params .: "dklen"+    salt   <- params .: "salt"+    case name :: Text of+        "pbkdf2" -> do+            iterations <- params .: "c"+            prf <- params .: "prf"+            case prf :: Text of+                "hmac-sha256" -> return $ Pbkdf2 (Pbkdf2.Parameters iterations dklen) salt+                _             -> fail $ show prf ++ " not implemented yet"+        "scrypt" -> do+            p <- params .: "p"+            r <- params .: "r"+            n <- params .: "n"+            return $ Scrypt (Scrypt.Parameters n r p dklen) salt+        _ -> fail $ show name ++ " not implemented yet"++defaultKdf :: HexString -> Kdf+defaultKdf = Scrypt (Scrypt.Parameters n r p dklen)+  where+    dklen = 32+    n = 262144+    r = 1+    p = 8++deriveKey :: (ByteArrayAccess password, ByteArray ba) => Kdf -> password -> ba+deriveKey kdf password =+    case kdf of+        Pbkdf2 params salt -> Pbkdf2.fastPBKDF2_SHA256 params password salt+        Scrypt params salt -> Scrypt.generate params password salt+++-- | Decrypt Ethereum private key.+--+-- Typically Web3 Secret Storage is JSON-encoded. 'EncryptedKey' data type has 'FromJSON' instance+-- to helps decode it from JSON-encoded string or file.+--+-- @+--   let decryptJSON pass = flip decrypt pass <=< decode+-- @+--+decrypt :: (ByteArrayAccess password, ByteArray privateKey)+         => EncryptedKey+         -> password+         -> Maybe privateKey+decrypt EncryptedKey{..} password+  | mac == encryptedKeyMac = Just (convert privateKey)+  | otherwise = Nothing+  where+    privateKey = ctrCombine cipher iv ciphertext+    cipher = throwCryptoError $ cipherInit (BA.take 16 derivedKey) :: AES128+    derivedKey = deriveKey encryptedKeyKdf password+    ciphertext = cipherText encryptedKeyCipher+    mac = keccak256 (BA.drop 16 derivedKey <> ciphertext)+    iv  = cipherIv encryptedKeyCipher++-- | Encrypt Ethereum private key.+--+-- @+--   let encryptJSON pass key = encode <$> encrypt key pass+-- @+encrypt :: (ByteArray privateKey, ByteArrayAccess password, MonadRandom m)+        => privateKey+        -> password+        -> m EncryptedKey+encrypt privateKey password = do+    kdf <- defaultKdf <$> getRandomBytes 16+    iv <- randomIV+    let derivedKey = deriveKey kdf password+        cipher = throwCryptoError $ cipherInit (BA.take 16 derivedKey) :: AES128+        ciphertext = ctrCombine cipher iv privateKey+        mac = keccak256 (BA.drop 16 derivedKey <> ciphertext)+    uuid <- randomUUID+    return $ EncryptedKey uuid 3 (Aes128Ctr iv $ convert ciphertext) kdf mac+  where+    randomUUID = do+        uuid <- getRandomBytes 16+        let bs = BA.unpack (uuid :: HexString)+        return $ buildFromBytes 4+            (head bs) (bs !! 1) (bs !! 2) (bs !! 3)+            (bs !! 4) (bs !! 5) (bs !! 6) (bs !! 7)+            (bs !! 8) (bs !! 9) (bs !! 10) (bs !! 11)+            (bs !! 12) (bs !! 13) (bs !! 14) (bs !! 15)+    randomIV = do+        iv <- getRandomBytes 16+        return $ fromJust $ makeIV (iv :: HexString)
+ src/Crypto/Ethereum/Signature.hs view
@@ -0,0 +1,68 @@+{-# LANGUAGE OverloadedStrings #-}++-- |+-- Module      :  Crypto.Ecdsa.Signature+-- Copyright   :  Aleksandr Krupenkin 2016-2021+-- License     :  Apache-2.0+--+-- Maintainer  :  mail@akru.me+-- Stability   :  experimental+-- Portability :  portable+--+-- Recoverable Ethereum signature support.+--++module Crypto.Ethereum.Signature+    (+      hashMessage+    , signMessage+    , signTransaction+    ) where++import           Crypto.Hash             (Digest, Keccak_256 (..), hashWith)+import           Crypto.PubKey.ECC.ECDSA (PrivateKey (..))+import           Data.ByteArray          (ByteArray, ByteArrayAccess, convert)+import qualified Data.ByteArray          as BA (length)+import           Data.ByteString.Builder (intDec, toLazyByteString)+import qualified Data.ByteString.Lazy    as LBS (toStrict)+import           Data.Word               (Word8)++import           Crypto.Ecdsa.Signature  (pack, sign)++-- | Make Ethereum standard signature.+--+-- The message is before enveloped as follows:+-- "\x19Ethereum Signed Message:\n" + message.length + message+--+-- /WARNING:/ Vulnerable to timing attacks.+signMessage :: (ByteArrayAccess message, ByteArray rsv)+            => PrivateKey+            -> message+            -> rsv+{-# INLINE signMessage #-}+signMessage pk = pack . sign pk . hashMessage++-- | Ethereum standard hashed message.+--+-- The data will be UTF-8 HEX decoded and enveloped as follows:+-- "\x19Ethereum Signed Message:\n" + message.length + message and hashed using keccak256.+hashMessage :: ByteArrayAccess message => message -> Digest Keccak_256+hashMessage msg = hashWith Keccak_256 prefixed+  where+    len = LBS.toStrict . toLazyByteString . intDec . BA.length+    prefixed = "\x19" <> "Ethereum Signed Message:\n" <> len msg <> convert msg++-- | Sign Ethereum transaction.+--+-- /WARNING:/ Vulnerable to timing attacks.+signTransaction :: ByteArray ba+                => (Maybe (Integer, Integer, Word8) -> ba)+                -- ^ Two way transaction packer (unsigned and signed)+                -> PrivateKey+                -- ^ Private key+                -> ba+                -- ^ Encoded transaction+signTransaction encode key = encode $ Just signed+  where+    unsigned = encode Nothing+    signed = sign key (hashWith Keccak_256 unsigned)
+ src/Crypto/Ethereum/Utils.hs view
@@ -0,0 +1,21 @@+-- |+-- Module      :  Crypto.Ethereum.Utils+-- Copyright   :  Aleksandr Krupenkin 2016-2021+-- License     :  Apache-2.0+--+-- Maintainer  :  mail@akru.me+-- Stability   :  experimental+-- Portability :  portable+--+-- Ethereum crypto module helper functions.+--++module Crypto.Ethereum.Utils where++import           Crypto.Hash    (Keccak_256 (..), hashWith)+import           Data.ByteArray (ByteArray, ByteArrayAccess, convert)++-- | Keccak 256 hash function.+keccak256 :: (ByteArrayAccess bin, ByteArray bout) => bin -> bout+{-# INLINE keccak256 #-}+keccak256 = convert . hashWith Keccak_256
+ src/Crypto/Random/HmacDrbg.hs view
@@ -0,0 +1,67 @@+-- |+-- Module      :  Crypto.Random.HmacDrbg+-- Copyright   :  Aleksandr Krupenkin 2016-2021+-- License     :  Apache-2.0+--+-- Maintainer  :  mail@akru.me+-- Stability   :  experimental+-- Portability :  portable+--+-- NIST standardized number-theoretically secure random number generator.+-- https://csrc.nist.gov/csrc/media/events/random-number-generation-workshop-2004/documents/hashblockcipherdrbg.pdf+--+-- XXX: This algorithm requires reseed after 2^48 iterations.+--+-- > Inspired by https://github.com/TomMD/DRBG and https://github.com/indutny/hmac-drbg.+--++module Crypto.Random.HmacDrbg+    (+      HmacDrbg+    , initialize+    ) where+++import           Crypto.Hash     (HashAlgorithm, digestFromByteString,+                                  hashDigestSize)+import           Crypto.MAC.HMAC (HMAC (..), hmac)+import           Crypto.Random   (DRG (..))+import           Data.ByteArray  (ByteArray, convert, singleton)+import qualified Data.ByteArray  as BA (null, take)+import qualified Data.ByteString as B (replicate)+import           Data.Maybe      (fromJust)+import           Data.Word       (Word8)++-- | HMAC Deterministic Random Bytes Generator.+newtype HmacDrbg a = HmacDrbg (HMAC a, HMAC a)+    deriving Eq++instance HashAlgorithm a => DRG (HmacDrbg a) where+    randomBytesGenerate = generate++update :: (ByteArray bin, HashAlgorithm a)+       => bin+       -> HmacDrbg a+       -> HmacDrbg a+update input | BA.null input = go 0x00+             | otherwise = go 0x01 . go 0x00+  where+    go :: HashAlgorithm a => Word8 -> HmacDrbg a -> HmacDrbg a+    go c (HmacDrbg (k, v)) = let k' = hmac k (convert v <> singleton c <> input)+                                 v' = hmac k' v+                             in HmacDrbg (k', v')++-- | Initialize HMAC-DRBG by seed.+initialize :: (ByteArray seed, HashAlgorithm a)+           => seed+           -> HmacDrbg a+initialize = flip update $ HmacDrbg (hmac0 undefined 0x00, hmac0 undefined 0x01)+  where+    hmac0 :: HashAlgorithm a => a -> Word8 -> HMAC a+    hmac0 a = HMAC . fromJust . digestFromByteString . B.replicate (hashDigestSize a)++generate :: (HashAlgorithm a, ByteArray output) => Int -> HmacDrbg a -> (output, HmacDrbg a)+generate reqBytes (HmacDrbg (k, v)) = (output, HmacDrbg (k, vFinal))+  where+    getV (u, rest) = let v' = hmac k u in (v', rest <> convert v')+    (vFinal, output) = BA.take reqBytes <$> iterate getV (v, mempty) !! reqBytes
+ src/Data/Digest/Blake2.hs view
@@ -0,0 +1,39 @@+{-# LANGUAGE DataKinds #-}++-- |+-- Module      :  Data.Digest.Blake2+-- Copyright   :  Aleksandr Krupenkin 2016-2021+-- License     :  Apache-2.0+--+-- Maintainer  :  mail@akru.me+-- Stability   :  experimental+-- Portability :  unportable+--+-- Cryptonite Blake2b wrappers.+--++module Data.Digest.Blake2 where++import           Crypto.Hash     (Blake2b, Digest, hash)+import           Data.ByteArray  (convert)+import           Data.ByteString (ByteString)++-- | Blake2b with 64 bit output.+blake2_64 :: ByteString -> ByteString+{-# INLINE blake2_64 #-}+blake2_64 = convert . (hash :: ByteString -> Digest (Blake2b 64))++-- | Blake2b with 128 bit output.+blake2_128 :: ByteString -> ByteString+{-# INLINE blake2_128 #-}+blake2_128 = convert . (hash :: ByteString -> Digest (Blake2b 128))++-- | Blake2b with 256 bit output.+blake2_256 :: ByteString -> ByteString+{-# INLINE blake2_256 #-}+blake2_256 = convert . (hash :: ByteString -> Digest (Blake2b 256))++-- | Blake2b with 512 bit output.+blake2_512 :: ByteString -> ByteString+{-# INLINE blake2_512 #-}+blake2_512 = convert . (hash :: ByteString -> Digest (Blake2b 512))
+ src/Data/Digest/XXHash.hsc view
@@ -0,0 +1,49 @@+{-# LANGUAGE CPP             #-}+{-# LANGUAGE RecordWildCards #-}++-- |+-- Module      :  Data.Digest.XXHash+-- Copyright   :  Aleksandr Krupenkin 2016-2021+-- License     :  Apache-2.0+--+-- Maintainer  :  mail@akru.me+-- Stability   :  experimental+-- Portability :  unportable+--+-- xxHash C library bindings.+--+-- Variable bitLength implementation corresponds to polkadot-util:+-- https://github.com/polkadot-js/common/tree/master/packages/util-crypto/src/xxhash+--++module Data.Digest.XXHash (xxhash) where++import           Data.ByteString         (ByteString, useAsCStringLen)+import           Data.ByteString.Builder (toLazyByteString, word64LE)+import           Data.ByteString.Lazy    (toStrict)+import           Foreign+import           Foreign.C.String+import           Foreign.C.Types+import           System.IO.Unsafe        (unsafePerformIO)++#include <xxhash.h>++foreign import ccall unsafe "xxhash.h XXH64"+  c_XXH64 :: CString -> CSize -> CUInt -> IO Word64++xxhash_64 :: CUInt -> ByteString -> Word64+xxhash_64 seed = unsafePerformIO . flip useAsCStringLen+    (\(str, len) -> c_XXH64 str (fromIntegral len) seed)++-- | Create the xxhash64 and return the result with the specified 'bitLength'.+xxhash :: Integral bitLength+       => bitLength+       -- ^ Bit lenght of output, will be ceiling to 64 bit.+       -> ByteString+       -- ^ Input data.+       -> ByteString+       -- ^ Output hash.+xxhash bitLength input = toStrict . toLazyByteString $ mconcat+    [ word64LE (xxhash_64 seed input) | seed <- [0 .. (iterations - 1)]]+  where+    iterations = ceiling (fromIntegral bitLength / 64)
+ src/cbits/xxhash.c view
@@ -0,0 +1,43 @@+/*+ * xxHash - Extremely Fast Hash algorithm+ * Copyright (C) 2012-2021 Yann Collet+ *+ * BSD 2-Clause License (https://www.opensource.org/licenses/bsd-license.php)+ *+ * Redistribution and use in source and binary forms, with or without+ * modification, are permitted provided that the following conditions are+ * met:+ *+ *    * Redistributions of source code must retain the above copyright+ *      notice, this list of conditions and the following disclaimer.+ *    * Redistributions in binary form must reproduce the above+ *      copyright notice, this list of conditions and the following disclaimer+ *      in the documentation and/or other materials provided with the+ *      distribution.+ *+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.+ *+ * You can contact the author at:+ *   - xxHash homepage: https://www.xxhash.com+ *   - xxHash source repository: https://github.com/Cyan4973/xxHash+ */+++/*+ * xxhash.c instantiates functions defined in xxhash.h+ */++#define XXH_STATIC_LINKING_ONLY   /* access advanced declarations */+#define XXH_IMPLEMENTATION   /* access definitions */++#include "xxhash.h"
+ src/cbits/xxhash.h view
@@ -0,0 +1,4766 @@+/*+ * xxHash - Extremely Fast Hash algorithm+ * Header File+ * Copyright (C) 2012-2021 Yann Collet+ *+ * BSD 2-Clause License (https://www.opensource.org/licenses/bsd-license.php)+ *+ * Redistribution and use in source and binary forms, with or without+ * modification, are permitted provided that the following conditions are+ * met:+ *+ *    * Redistributions of source code must retain the above copyright+ *      notice, this list of conditions and the following disclaimer.+ *    * Redistributions in binary form must reproduce the above+ *      copyright notice, this list of conditions and the following disclaimer+ *      in the documentation and/or other materials provided with the+ *      distribution.+ *+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.+ *+ * You can contact the author at:+ *   - xxHash homepage: https://www.xxhash.com+ *   - xxHash source repository: https://github.com/Cyan4973/xxHash+ */++/* TODO: update */+/* Notice extracted from xxHash homepage:++xxHash is an extremely fast hash algorithm, running at RAM speed limits.+It also successfully passes all tests from the SMHasher suite.++Comparison (single thread, Windows Seven 32 bits, using SMHasher on a Core 2 Duo @3GHz)++Name            Speed       Q.Score   Author+xxHash          5.4 GB/s     10+CrapWow         3.2 GB/s      2       Andrew+MumurHash 3a    2.7 GB/s     10       Austin Appleby+SpookyHash      2.0 GB/s     10       Bob Jenkins+SBox            1.4 GB/s      9       Bret Mulvey+Lookup3         1.2 GB/s      9       Bob Jenkins+SuperFastHash   1.2 GB/s      1       Paul Hsieh+CityHash64      1.05 GB/s    10       Pike & Alakuijala+FNV             0.55 GB/s     5       Fowler, Noll, Vo+CRC32           0.43 GB/s     9+MD5-32          0.33 GB/s    10       Ronald L. Rivest+SHA1-32         0.28 GB/s    10++Q.Score is a measure of quality of the hash function.+It depends on successfully passing SMHasher test set.+10 is a perfect score.++Note: SMHasher's CRC32 implementation is not the fastest one.+Other speed-oriented implementations can be faster,+especially in combination with PCLMUL instruction:+https://fastcompression.blogspot.com/2019/03/presenting-xxh3.html?showComment=1552696407071#c3490092340461170735++A 64-bit version, named XXH64, is available since r35.+It offers much better speed, but for 64-bit applications only.+Name     Speed on 64 bits    Speed on 32 bits+XXH64       13.8 GB/s            1.9 GB/s+XXH32        6.8 GB/s            6.0 GB/s+*/++#if defined (__cplusplus)+extern "C" {+#endif++/* ****************************+ *  INLINE mode+ ******************************/+/*!+ * XXH_INLINE_ALL (and XXH_PRIVATE_API)+ * Use these build macros to inline xxhash into the target unit.+ * Inlining improves performance on small inputs, especially when the length is+ * expressed as a compile-time constant:+ *+ *      https://fastcompression.blogspot.com/2018/03/xxhash-for-small-keys-impressive-power.html+ *+ * It also keeps xxHash symbols private to the unit, so they are not exported.+ *+ * Usage:+ *     #define XXH_INLINE_ALL+ *     #include "xxhash.h"+ *+ * Do not compile and link xxhash.o as a separate object, as it is not useful.+ */+#if (defined(XXH_INLINE_ALL) || defined(XXH_PRIVATE_API)) \+    && !defined(XXH_INLINE_ALL_31684351384)+   /* this section should be traversed only once */+#  define XXH_INLINE_ALL_31684351384+   /* give access to the advanced API, required to compile implementations */+#  undef XXH_STATIC_LINKING_ONLY   /* avoid macro redef */+#  define XXH_STATIC_LINKING_ONLY+   /* make all functions private */+#  undef XXH_PUBLIC_API+#  if defined(__GNUC__)+#    define XXH_PUBLIC_API static __inline __attribute__((unused))+#  elif defined (__cplusplus) || (defined (__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) /* C99 */)+#    define XXH_PUBLIC_API static inline+#  elif defined(_MSC_VER)+#    define XXH_PUBLIC_API static __inline+#  else+     /* note: this version may generate warnings for unused static functions */+#    define XXH_PUBLIC_API static+#  endif++   /*+    * This part deals with the special case where a unit wants to inline xxHash,+    * but "xxhash.h" has previously been included without XXH_INLINE_ALL, such+    * as part of some previously included *.h header file.+    * Without further action, the new include would just be ignored,+    * and functions would effectively _not_ be inlined (silent failure).+    * The following macros solve this situation by prefixing all inlined names,+    * avoiding naming collision with previous inclusions.+    */+#  ifdef XXH_NAMESPACE+#    error "XXH_INLINE_ALL with XXH_NAMESPACE is not supported"+     /*+      * Note: Alternative: #undef all symbols (it's a pretty large list).+      * Without #error: it compiles, but functions are actually not inlined.+      */+#  endif+#  define XXH_NAMESPACE XXH_INLINE_+   /*+    * Some identifiers (enums, type names) are not symbols, but they must+    * still be renamed to avoid redeclaration.+    * Alternative solution: do not redeclare them.+    * However, this requires some #ifdefs, and is a more dispersed action.+    * Meanwhile, renaming can be achieved in a single block+    */+#  define XXH_IPREF(Id)   XXH_INLINE_ ## Id+#  define XXH_OK XXH_IPREF(XXH_OK)+#  define XXH_ERROR XXH_IPREF(XXH_ERROR)+#  define XXH_errorcode XXH_IPREF(XXH_errorcode)+#  define XXH32_canonical_t  XXH_IPREF(XXH32_canonical_t)+#  define XXH64_canonical_t  XXH_IPREF(XXH64_canonical_t)+#  define XXH128_canonical_t XXH_IPREF(XXH128_canonical_t)+#  define XXH32_state_s XXH_IPREF(XXH32_state_s)+#  define XXH32_state_t XXH_IPREF(XXH32_state_t)+#  define XXH64_state_s XXH_IPREF(XXH64_state_s)+#  define XXH64_state_t XXH_IPREF(XXH64_state_t)+#  define XXH3_state_s  XXH_IPREF(XXH3_state_s)+#  define XXH3_state_t  XXH_IPREF(XXH3_state_t)+#  define XXH128_hash_t XXH_IPREF(XXH128_hash_t)+   /* Ensure the header is parsed again, even if it was previously included */+#  undef XXHASH_H_5627135585666179+#  undef XXHASH_H_STATIC_13879238742+#endif /* XXH_INLINE_ALL || XXH_PRIVATE_API */++++/* ****************************************************************+ *  Stable API+ *****************************************************************/+#ifndef XXHASH_H_5627135585666179+#define XXHASH_H_5627135585666179 1++/* specific declaration modes for Windows */+#if !defined(XXH_INLINE_ALL) && !defined(XXH_PRIVATE_API)+#  if defined(WIN32) && defined(_MSC_VER) && (defined(XXH_IMPORT) || defined(XXH_EXPORT))+#    ifdef XXH_EXPORT+#      define XXH_PUBLIC_API __declspec(dllexport)+#    elif XXH_IMPORT+#      define XXH_PUBLIC_API __declspec(dllimport)+#    endif+#  else+#    define XXH_PUBLIC_API   /* do nothing */+#  endif+#endif++/*!+ * XXH_NAMESPACE, aka Namespace Emulation:+ *+ * If you want to include _and expose_ xxHash functions from within your own+ * library, but also want to avoid symbol collisions with other libraries which+ * may also include xxHash, you can use XXH_NAMESPACE to automatically prefix+ * any public symbol from xxhash library with the value of XXH_NAMESPACE+ * (therefore, avoid empty or numeric values).+ *+ * Note that no change is required within the calling program as long as it+ * includes `xxhash.h`: Regular symbol names will be automatically translated+ * by this header.+ */+#ifdef XXH_NAMESPACE+#  define XXH_CAT(A,B) A##B+#  define XXH_NAME2(A,B) XXH_CAT(A,B)+#  define XXH_versionNumber XXH_NAME2(XXH_NAMESPACE, XXH_versionNumber)+/* XXH32 */+#  define XXH32 XXH_NAME2(XXH_NAMESPACE, XXH32)+#  define XXH32_createState XXH_NAME2(XXH_NAMESPACE, XXH32_createState)+#  define XXH32_freeState XXH_NAME2(XXH_NAMESPACE, XXH32_freeState)+#  define XXH32_reset XXH_NAME2(XXH_NAMESPACE, XXH32_reset)+#  define XXH32_update XXH_NAME2(XXH_NAMESPACE, XXH32_update)+#  define XXH32_digest XXH_NAME2(XXH_NAMESPACE, XXH32_digest)+#  define XXH32_copyState XXH_NAME2(XXH_NAMESPACE, XXH32_copyState)+#  define XXH32_canonicalFromHash XXH_NAME2(XXH_NAMESPACE, XXH32_canonicalFromHash)+#  define XXH32_hashFromCanonical XXH_NAME2(XXH_NAMESPACE, XXH32_hashFromCanonical)+/* XXH64 */+#  define XXH64 XXH_NAME2(XXH_NAMESPACE, XXH64)+#  define XXH64_createState XXH_NAME2(XXH_NAMESPACE, XXH64_createState)+#  define XXH64_freeState XXH_NAME2(XXH_NAMESPACE, XXH64_freeState)+#  define XXH64_reset XXH_NAME2(XXH_NAMESPACE, XXH64_reset)+#  define XXH64_update XXH_NAME2(XXH_NAMESPACE, XXH64_update)+#  define XXH64_digest XXH_NAME2(XXH_NAMESPACE, XXH64_digest)+#  define XXH64_copyState XXH_NAME2(XXH_NAMESPACE, XXH64_copyState)+#  define XXH64_canonicalFromHash XXH_NAME2(XXH_NAMESPACE, XXH64_canonicalFromHash)+#  define XXH64_hashFromCanonical XXH_NAME2(XXH_NAMESPACE, XXH64_hashFromCanonical)+/* XXH3_64bits */+#  define XXH3_64bits XXH_NAME2(XXH_NAMESPACE, XXH3_64bits)+#  define XXH3_64bits_withSecret XXH_NAME2(XXH_NAMESPACE, XXH3_64bits_withSecret)+#  define XXH3_64bits_withSeed XXH_NAME2(XXH_NAMESPACE, XXH3_64bits_withSeed)+#  define XXH3_createState XXH_NAME2(XXH_NAMESPACE, XXH3_createState)+#  define XXH3_freeState XXH_NAME2(XXH_NAMESPACE, XXH3_freeState)+#  define XXH3_copyState XXH_NAME2(XXH_NAMESPACE, XXH3_copyState)+#  define XXH3_64bits_reset XXH_NAME2(XXH_NAMESPACE, XXH3_64bits_reset)+#  define XXH3_64bits_reset_withSeed XXH_NAME2(XXH_NAMESPACE, XXH3_64bits_reset_withSeed)+#  define XXH3_64bits_reset_withSecret XXH_NAME2(XXH_NAMESPACE, XXH3_64bits_reset_withSecret)+#  define XXH3_64bits_update XXH_NAME2(XXH_NAMESPACE, XXH3_64bits_update)+#  define XXH3_64bits_digest XXH_NAME2(XXH_NAMESPACE, XXH3_64bits_digest)+#  define XXH3_generateSecret XXH_NAME2(XXH_NAMESPACE, XXH3_generateSecret)+/* XXH3_128bits */+#  define XXH128 XXH_NAME2(XXH_NAMESPACE, XXH128)+#  define XXH3_128bits XXH_NAME2(XXH_NAMESPACE, XXH3_128bits)+#  define XXH3_128bits_withSeed XXH_NAME2(XXH_NAMESPACE, XXH3_128bits_withSeed)+#  define XXH3_128bits_withSecret XXH_NAME2(XXH_NAMESPACE, XXH3_128bits_withSecret)+#  define XXH3_128bits_reset XXH_NAME2(XXH_NAMESPACE, XXH3_128bits_reset)+#  define XXH3_128bits_reset_withSeed XXH_NAME2(XXH_NAMESPACE, XXH3_128bits_reset_withSeed)+#  define XXH3_128bits_reset_withSecret XXH_NAME2(XXH_NAMESPACE, XXH3_128bits_reset_withSecret)+#  define XXH3_128bits_update XXH_NAME2(XXH_NAMESPACE, XXH3_128bits_update)+#  define XXH3_128bits_digest XXH_NAME2(XXH_NAMESPACE, XXH3_128bits_digest)+#  define XXH128_isEqual XXH_NAME2(XXH_NAMESPACE, XXH128_isEqual)+#  define XXH128_cmp     XXH_NAME2(XXH_NAMESPACE, XXH128_cmp)+#  define XXH128_canonicalFromHash XXH_NAME2(XXH_NAMESPACE, XXH128_canonicalFromHash)+#  define XXH128_hashFromCanonical XXH_NAME2(XXH_NAMESPACE, XXH128_hashFromCanonical)+#endif+++/* *************************************+*  Version+***************************************/+#define XXH_VERSION_MAJOR    0+#define XXH_VERSION_MINOR    8+#define XXH_VERSION_RELEASE  0+#define XXH_VERSION_NUMBER  (XXH_VERSION_MAJOR *100*100 + XXH_VERSION_MINOR *100 + XXH_VERSION_RELEASE)+XXH_PUBLIC_API unsigned XXH_versionNumber (void);+++/* ****************************+*  Definitions+******************************/+#include <stddef.h>   /* size_t */+typedef enum { XXH_OK=0, XXH_ERROR } XXH_errorcode;+++/*-**********************************************************************+*  32-bit hash+************************************************************************/+#if !defined (__VMS) \+  && (defined (__cplusplus) \+  || (defined (__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) /* C99 */) )+#   include <stdint.h>+    typedef uint32_t XXH32_hash_t;+#else+#   include <limits.h>+#   if UINT_MAX == 0xFFFFFFFFUL+      typedef unsigned int XXH32_hash_t;+#   else+#     if ULONG_MAX == 0xFFFFFFFFUL+        typedef unsigned long XXH32_hash_t;+#     else+#       error "unsupported platform: need a 32-bit type"+#     endif+#   endif+#endif++/*!+ * XXH32():+ *  Calculate the 32-bit hash of sequence "length" bytes stored at memory address "input".+ *  The memory between input & input+length must be valid (allocated and read-accessible).+ *  "seed" can be used to alter the result predictably.+ *  Speed on Core 2 Duo @ 3 GHz (single thread, SMHasher benchmark): 5.4 GB/s+ *+ * Note: XXH3 provides competitive speed for both 32-bit and 64-bit systems,+ * and offers true 64/128 bit hash results. It provides a superior level of+ * dispersion, and greatly reduces the risks of collisions.+ */+XXH_PUBLIC_API XXH32_hash_t XXH32 (const void* input, size_t length, XXH32_hash_t seed);++/*******   Streaming   *******/++/*+ * Streaming functions generate the xxHash value from an incrememtal input.+ * This method is slower than single-call functions, due to state management.+ * For small inputs, prefer `XXH32()` and `XXH64()`, which are better optimized.+ *+ * An XXH state must first be allocated using `XXH*_createState()`.+ *+ * Start a new hash by initializing the state with a seed using `XXH*_reset()`.+ *+ * Then, feed the hash state by calling `XXH*_update()` as many times as necessary.+ *+ * The function returns an error code, with 0 meaning OK, and any other value+ * meaning there is an error.+ *+ * Finally, a hash value can be produced anytime, by using `XXH*_digest()`.+ * This function returns the nn-bits hash as an int or long long.+ *+ * It's still possible to continue inserting input into the hash state after a+ * digest, and generate new hash values later on by invoking `XXH*_digest()`.+ *+ * When done, release the state using `XXH*_freeState()`.+ */++typedef struct XXH32_state_s XXH32_state_t;   /* incomplete type */+XXH_PUBLIC_API XXH32_state_t* XXH32_createState(void);+XXH_PUBLIC_API XXH_errorcode  XXH32_freeState(XXH32_state_t* statePtr);+XXH_PUBLIC_API void XXH32_copyState(XXH32_state_t* dst_state, const XXH32_state_t* src_state);++XXH_PUBLIC_API XXH_errorcode XXH32_reset  (XXH32_state_t* statePtr, XXH32_hash_t seed);+XXH_PUBLIC_API XXH_errorcode XXH32_update (XXH32_state_t* statePtr, const void* input, size_t length);+XXH_PUBLIC_API XXH32_hash_t  XXH32_digest (const XXH32_state_t* statePtr);++/*******   Canonical representation   *******/++/*+ * The default return values from XXH functions are unsigned 32 and 64 bit+ * integers.+ * This the simplest and fastest format for further post-processing.+ *+ * However, this leaves open the question of what is the order on the byte level,+ * since little and big endian conventions will store the same number differently.+ *+ * The canonical representation settles this issue by mandating big-endian+ * convention, the same convention as human-readable numbers (large digits first).+ *+ * When writing hash values to storage, sending them over a network, or printing+ * them, it's highly recommended to use the canonical representation to ensure+ * portability across a wider range of systems, present and future.+ *+ * The following functions allow transformation of hash values to and from+ * canonical format.+ */++typedef struct { unsigned char digest[4]; } XXH32_canonical_t;+XXH_PUBLIC_API void XXH32_canonicalFromHash(XXH32_canonical_t* dst, XXH32_hash_t hash);+XXH_PUBLIC_API XXH32_hash_t XXH32_hashFromCanonical(const XXH32_canonical_t* src);+++#ifndef XXH_NO_LONG_LONG+/*-**********************************************************************+*  64-bit hash+************************************************************************/+#if !defined (__VMS) \+  && (defined (__cplusplus) \+  || (defined (__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) /* C99 */) )+#   include <stdint.h>+    typedef uint64_t XXH64_hash_t;+#else+    /* the following type must have a width of 64-bit */+    typedef unsigned long long XXH64_hash_t;+#endif++/*!+ * XXH64():+ * Returns the 64-bit hash of sequence of length @length stored at memory+ * address @input.+ * @seed can be used to alter the result predictably.+ *+ * This function usually runs faster on 64-bit systems, but slower on 32-bit+ * systems (see benchmark).+ *+ * Note: XXH3 provides competitive speed for both 32-bit and 64-bit systems,+ * and offers true 64/128 bit hash results. It provides a superior level of+ * dispersion, and greatly reduces the risks of collisions.+ */+XXH_PUBLIC_API XXH64_hash_t XXH64 (const void* input, size_t length, XXH64_hash_t seed);++/*******   Streaming   *******/+typedef struct XXH64_state_s XXH64_state_t;   /* incomplete type */+XXH_PUBLIC_API XXH64_state_t* XXH64_createState(void);+XXH_PUBLIC_API XXH_errorcode  XXH64_freeState(XXH64_state_t* statePtr);+XXH_PUBLIC_API void XXH64_copyState(XXH64_state_t* dst_state, const XXH64_state_t* src_state);++XXH_PUBLIC_API XXH_errorcode XXH64_reset  (XXH64_state_t* statePtr, XXH64_hash_t seed);+XXH_PUBLIC_API XXH_errorcode XXH64_update (XXH64_state_t* statePtr, const void* input, size_t length);+XXH_PUBLIC_API XXH64_hash_t  XXH64_digest (const XXH64_state_t* statePtr);++/*******   Canonical representation   *******/+typedef struct { unsigned char digest[sizeof(XXH64_hash_t)]; } XXH64_canonical_t;+XXH_PUBLIC_API void XXH64_canonicalFromHash(XXH64_canonical_t* dst, XXH64_hash_t hash);+XXH_PUBLIC_API XXH64_hash_t XXH64_hashFromCanonical(const XXH64_canonical_t* src);+++/*-**********************************************************************+*  XXH3 64-bit variant+************************************************************************/++/* ************************************************************************+ * XXH3 is a new hash algorithm featuring:+ *  - Improved speed for both small and large inputs+ *  - True 64-bit and 128-bit outputs+ *  - SIMD acceleration+ *  - Improved 32-bit viability+ *+ * Speed analysis methodology is explained here:+ *+ *    https://fastcompression.blogspot.com/2019/03/presenting-xxh3.html+ *+ * In general, expect XXH3 to run about ~2x faster on large inputs and >3x+ * faster on small ones compared to XXH64, though exact differences depend on+ * the platform.+ *+ * The algorithm is portable: Like XXH32 and XXH64, it generates the same hash+ * on all platforms.+ *+ * It benefits greatly from SIMD and 64-bit arithmetic, but does not require it.+ *+ * Almost all 32-bit and 64-bit targets that can run XXH32 smoothly can run+ * XXH3 at competitive speeds, even if XXH64 runs slowly. Further details are+ * explained in the implementation.+ *+ * Optimized implementations are provided for AVX512, AVX2, SSE2, NEON, POWER8,+ * ZVector and scalar targets. This can be controlled with the XXH_VECTOR macro.+ *+ * XXH3 offers 2 variants, _64bits and _128bits.+ * When only 64 bits are needed, prefer calling the _64bits variant, as it+ * reduces the amount of mixing, resulting in faster speed on small inputs.+ *+ * It's also generally simpler to manipulate a scalar return type than a struct.+ *+ * The 128-bit version adds additional strength, but it is slightly slower.+ *+ * The XXH3 algorithm is still in development.+ * The results it produces may still change in future versions.+ *+ * Results produced by v0.7.x are not comparable with results from v0.7.y.+ * However, the API is completely stable, and it can safely be used for+ * ephemeral data (local sessions).+ *+ * Avoid storing values in long-term storage until the algorithm is finalized.+ * XXH3's return values will be officially finalized upon reaching v0.8.0.+ *+ * After which, return values of XXH3 and XXH128 will no longer change in+ * future versions.+ *+ * The API supports one-shot hashing, streaming mode, and custom secrets.+ */++/* XXH3_64bits():+ * default 64-bit variant, using default secret and default seed of 0.+ * It's the fastest variant. */+XXH_PUBLIC_API XXH64_hash_t XXH3_64bits(const void* data, size_t len);++/*+ * XXH3_64bits_withSeed():+ * This variant generates a custom secret on the fly+ * based on default secret altered using the `seed` value.+ * While this operation is decently fast, note that it's not completely free.+ * Note: seed==0 produces the same results as XXH3_64bits().+ */+XXH_PUBLIC_API XXH64_hash_t XXH3_64bits_withSeed(const void* data, size_t len, XXH64_hash_t seed);++/*+ * XXH3_64bits_withSecret():+ * It's possible to provide any blob of bytes as a "secret" to generate the hash.+ * This makes it more difficult for an external actor to prepare an intentional collision.+ * The main condition is that secretSize *must* be large enough (>= XXH3_SECRET_SIZE_MIN).+ * However, the quality of produced hash values depends on secret's entropy.+ * Technically, the secret must look like a bunch of random bytes.+ * Avoid "trivial" or structured data such as repeated sequences or a text document.+ * Whenever unsure about the "randomness" of the blob of bytes,+ * consider relabelling it as a "custom seed" instead,+ * and employ "XXH3_generateSecret()" (see below)+ * to generate a high entropy secret derived from the custom seed.+ */+#define XXH3_SECRET_SIZE_MIN 136+XXH_PUBLIC_API XXH64_hash_t XXH3_64bits_withSecret(const void* data, size_t len, const void* secret, size_t secretSize);+++/*******   Streaming   *******/+/*+ * Streaming requires state maintenance.+ * This operation costs memory and CPU.+ * As a consequence, streaming is slower than one-shot hashing.+ * For better performance, prefer one-shot functions whenever applicable.+ */+typedef struct XXH3_state_s XXH3_state_t;+XXH_PUBLIC_API XXH3_state_t* XXH3_createState(void);+XXH_PUBLIC_API XXH_errorcode XXH3_freeState(XXH3_state_t* statePtr);+XXH_PUBLIC_API void XXH3_copyState(XXH3_state_t* dst_state, const XXH3_state_t* src_state);++/*+ * XXH3_64bits_reset():+ * Initialize with default parameters.+ * digest will be equivalent to `XXH3_64bits()`.+ */+XXH_PUBLIC_API XXH_errorcode XXH3_64bits_reset(XXH3_state_t* statePtr);+/*+ * XXH3_64bits_reset_withSeed():+ * Generate a custom secret from `seed`, and store it into `statePtr`.+ * digest will be equivalent to `XXH3_64bits_withSeed()`.+ */+XXH_PUBLIC_API XXH_errorcode XXH3_64bits_reset_withSeed(XXH3_state_t* statePtr, XXH64_hash_t seed);+/*+ * XXH3_64bits_reset_withSecret():+ * `secret` is referenced, it _must outlive_ the hash streaming session.+ * Similar to one-shot API, `secretSize` must be >= `XXH3_SECRET_SIZE_MIN`,+ * and the quality of produced hash values depends on secret's entropy+ * (secret's content should look like a bunch of random bytes).+ * When in doubt about the randomness of a candidate `secret`,+ * consider employing `XXH3_generateSecret()` instead (see below).+ */+XXH_PUBLIC_API XXH_errorcode XXH3_64bits_reset_withSecret(XXH3_state_t* statePtr, const void* secret, size_t secretSize);++XXH_PUBLIC_API XXH_errorcode XXH3_64bits_update (XXH3_state_t* statePtr, const void* input, size_t length);+XXH_PUBLIC_API XXH64_hash_t  XXH3_64bits_digest (const XXH3_state_t* statePtr);++/* note : canonical representation of XXH3 is the same as XXH64+ * since they both produce XXH64_hash_t values */+++/*-**********************************************************************+*  XXH3 128-bit variant+************************************************************************/++typedef struct {+ XXH64_hash_t low64;+ XXH64_hash_t high64;+} XXH128_hash_t;++XXH_PUBLIC_API XXH128_hash_t XXH3_128bits(const void* data, size_t len);+XXH_PUBLIC_API XXH128_hash_t XXH3_128bits_withSeed(const void* data, size_t len, XXH64_hash_t seed);+XXH_PUBLIC_API XXH128_hash_t XXH3_128bits_withSecret(const void* data, size_t len, const void* secret, size_t secretSize);++/*******   Streaming   *******/+/*+ * Streaming requires state maintenance.+ * This operation costs memory and CPU.+ * As a consequence, streaming is slower than one-shot hashing.+ * For better performance, prefer one-shot functions whenever applicable.+ *+ * XXH3_128bits uses the same XXH3_state_t as XXH3_64bits().+ * Use already declared XXH3_createState() and XXH3_freeState().+ *+ * All reset and streaming functions have same meaning as their 64-bit counterpart.+ */++XXH_PUBLIC_API XXH_errorcode XXH3_128bits_reset(XXH3_state_t* statePtr);+XXH_PUBLIC_API XXH_errorcode XXH3_128bits_reset_withSeed(XXH3_state_t* statePtr, XXH64_hash_t seed);+XXH_PUBLIC_API XXH_errorcode XXH3_128bits_reset_withSecret(XXH3_state_t* statePtr, const void* secret, size_t secretSize);++XXH_PUBLIC_API XXH_errorcode XXH3_128bits_update (XXH3_state_t* statePtr, const void* input, size_t length);+XXH_PUBLIC_API XXH128_hash_t XXH3_128bits_digest (const XXH3_state_t* statePtr);++/* Following helper functions make it possible to compare XXH128_hast_t values.+ * Since XXH128_hash_t is a structure, this capability is not offered by the language.+ * Note: For better performance, these functions can be inlined using XXH_INLINE_ALL */++/*!+ * XXH128_isEqual():+ * Return: 1 if `h1` and `h2` are equal, 0 if they are not.+ */+XXH_PUBLIC_API int XXH128_isEqual(XXH128_hash_t h1, XXH128_hash_t h2);++/*!+ * XXH128_cmp():+ *+ * This comparator is compatible with stdlib's `qsort()`/`bsearch()`.+ *+ * return: >0 if *h128_1  > *h128_2+ *         =0 if *h128_1 == *h128_2+ *         <0 if *h128_1  < *h128_2+ */+XXH_PUBLIC_API int XXH128_cmp(const void* h128_1, const void* h128_2);+++/*******   Canonical representation   *******/+typedef struct { unsigned char digest[sizeof(XXH128_hash_t)]; } XXH128_canonical_t;+XXH_PUBLIC_API void XXH128_canonicalFromHash(XXH128_canonical_t* dst, XXH128_hash_t hash);+XXH_PUBLIC_API XXH128_hash_t XXH128_hashFromCanonical(const XXH128_canonical_t* src);+++#endif  /* XXH_NO_LONG_LONG */++#endif /* XXHASH_H_5627135585666179 */++++#if defined(XXH_STATIC_LINKING_ONLY) && !defined(XXHASH_H_STATIC_13879238742)+#define XXHASH_H_STATIC_13879238742+/* ****************************************************************************+ * This section contains declarations which are not guaranteed to remain stable.+ * They may change in future versions, becoming incompatible with a different+ * version of the library.+ * These declarations should only be used with static linking.+ * Never use them in association with dynamic linking!+ ***************************************************************************** */++/*+ * These definitions are only present to allow static allocation+ * of XXH states, on stack or in a struct, for example.+ * Never **ever** access their members directly.+ */++struct XXH32_state_s {+   XXH32_hash_t total_len_32;+   XXH32_hash_t large_len;+   XXH32_hash_t v1;+   XXH32_hash_t v2;+   XXH32_hash_t v3;+   XXH32_hash_t v4;+   XXH32_hash_t mem32[4];+   XXH32_hash_t memsize;+   XXH32_hash_t reserved;   /* never read nor write, might be removed in a future version */+};   /* typedef'd to XXH32_state_t */+++#ifndef XXH_NO_LONG_LONG  /* defined when there is no 64-bit support */++struct XXH64_state_s {+   XXH64_hash_t total_len;+   XXH64_hash_t v1;+   XXH64_hash_t v2;+   XXH64_hash_t v3;+   XXH64_hash_t v4;+   XXH64_hash_t mem64[4];+   XXH32_hash_t memsize;+   XXH32_hash_t reserved32;  /* required for padding anyway */+   XXH64_hash_t reserved64;  /* never read nor write, might be removed in a future version */+};   /* typedef'd to XXH64_state_t */++#if defined (__STDC_VERSION__) && (__STDC_VERSION__ >= 201112L)   /* C11+ */+#  include <stdalign.h>+#  define XXH_ALIGN(n)      alignas(n)+#elif defined(__GNUC__)+#  define XXH_ALIGN(n)      __attribute__ ((aligned(n)))+#elif defined(_MSC_VER)+#  define XXH_ALIGN(n)      __declspec(align(n))+#else+#  define XXH_ALIGN(n)   /* disabled */+#endif++/* Old GCC versions only accept the attribute after the type in structures. */+#if !(defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 201112L))   /* C11+ */ \+    && defined(__GNUC__)+#   define XXH_ALIGN_MEMBER(align, type) type XXH_ALIGN(align)+#else+#   define XXH_ALIGN_MEMBER(align, type) XXH_ALIGN(align) type+#endif++#define XXH3_INTERNALBUFFER_SIZE 256+#define XXH3_SECRET_DEFAULT_SIZE 192+struct XXH3_state_s {+   XXH_ALIGN_MEMBER(64, XXH64_hash_t acc[8]);+   /* used to store a custom secret generated from a seed */+   XXH_ALIGN_MEMBER(64, unsigned char customSecret[XXH3_SECRET_DEFAULT_SIZE]);+   XXH_ALIGN_MEMBER(64, unsigned char buffer[XXH3_INTERNALBUFFER_SIZE]);+   XXH32_hash_t bufferedSize;+   XXH32_hash_t reserved32;+   size_t nbStripesSoFar;+   XXH64_hash_t totalLen;+   size_t nbStripesPerBlock;+   size_t secretLimit;+   XXH64_hash_t seed;+   XXH64_hash_t reserved64;+   const unsigned char* extSecret;  /* reference to external secret;+                                     * if == NULL, use .customSecret instead */+   /* note: there may be some padding at the end due to alignment on 64 bytes */+}; /* typedef'd to XXH3_state_t */++#undef XXH_ALIGN_MEMBER++/* When the XXH3_state_t structure is merely emplaced on stack,+ * it should be initialized with XXH3_INITSTATE() or a memset()+ * in case its first reset uses XXH3_NNbits_reset_withSeed().+ * This init can be omitted if the first reset uses default or _withSecret mode.+ * This operation isn't necessary when the state is created with XXH3_createState().+ * Note that this doesn't prepare the state for a streaming operation,+ * it's still necessary to use XXH3_NNbits_reset*() afterwards.+ */+#define XXH3_INITSTATE(XXH3_state_ptr)   { (XXH3_state_ptr)->seed = 0; }+++/* ===   Experimental API   === */+/* Symbols defined below must be considered tied to a specific library version. */++/*+ * XXH3_generateSecret():+ *+ * Derive a high-entropy secret from any user-defined content, named customSeed.+ * The generated secret can be used in combination with `*_withSecret()` functions.+ * The `_withSecret()` variants are useful to provide a higher level of protection than 64-bit seed,+ * as it becomes much more difficult for an external actor to guess how to impact the calculation logic.+ *+ * The function accepts as input a custom seed of any length and any content,+ * and derives from it a high-entropy secret of length XXH3_SECRET_DEFAULT_SIZE+ * into an already allocated buffer secretBuffer.+ * The generated secret is _always_ XXH_SECRET_DEFAULT_SIZE bytes long.+ *+ * The generated secret can then be used with any `*_withSecret()` variant.+ * Functions `XXH3_128bits_withSecret()`, `XXH3_64bits_withSecret()`,+ * `XXH3_128bits_reset_withSecret()` and `XXH3_64bits_reset_withSecret()`+ * are part of this list. They all accept a `secret` parameter+ * which must be very long for implementation reasons (>= XXH3_SECRET_SIZE_MIN)+ * _and_ feature very high entropy (consist of random-looking bytes).+ * These conditions can be a high bar to meet, so+ * this function can be used to generate a secret of proper quality.+ *+ * customSeed can be anything. It can have any size, even small ones,+ * and its content can be anything, even stupidly "low entropy" source such as a bunch of zeroes.+ * The resulting `secret` will nonetheless provide all expected qualities.+ *+ * Supplying NULL as the customSeed copies the default secret into `secretBuffer`.+ * When customSeedSize > 0, supplying NULL as customSeed is undefined behavior.+ */+XXH_PUBLIC_API void XXH3_generateSecret(void* secretBuffer, const void* customSeed, size_t customSeedSize);+++/* simple short-cut to pre-selected XXH3_128bits variant */+XXH_PUBLIC_API XXH128_hash_t XXH128(const void* data, size_t len, XXH64_hash_t seed);+++#endif  /* XXH_NO_LONG_LONG */+++#if defined(XXH_INLINE_ALL) || defined(XXH_PRIVATE_API)+#  define XXH_IMPLEMENTATION+#endif++#endif  /* defined(XXH_STATIC_LINKING_ONLY) && !defined(XXHASH_H_STATIC_13879238742) */+++/* ======================================================================== */+/* ======================================================================== */+/* ======================================================================== */+++/*-**********************************************************************+ * xxHash implementation+ *-**********************************************************************+ * xxHash's implementation used to be hosted inside xxhash.c.+ *+ * However, inlining requires implementation to be visible to the compiler,+ * hence be included alongside the header.+ * Previously, implementation was hosted inside xxhash.c,+ * which was then #included when inlining was activated.+ * This construction created issues with a few build and install systems,+ * as it required xxhash.c to be stored in /include directory.+ *+ * xxHash implementation is now directly integrated within xxhash.h.+ * As a consequence, xxhash.c is no longer needed in /include.+ *+ * xxhash.c is still available and is still useful.+ * In a "normal" setup, when xxhash is not inlined,+ * xxhash.h only exposes the prototypes and public symbols,+ * while xxhash.c can be built into an object file xxhash.o+ * which can then be linked into the final binary.+ ************************************************************************/++#if ( defined(XXH_INLINE_ALL) || defined(XXH_PRIVATE_API) \+   || defined(XXH_IMPLEMENTATION) ) && !defined(XXH_IMPLEM_13a8737387)+#  define XXH_IMPLEM_13a8737387++/* *************************************+*  Tuning parameters+***************************************/+/*!+ * XXH_FORCE_MEMORY_ACCESS:+ * By default, access to unaligned memory is controlled by `memcpy()`, which is+ * safe and portable.+ *+ * Unfortunately, on some target/compiler combinations, the generated assembly+ * is sub-optimal.+ *+ * The below switch allow selection of a different access method+ * in the search for improved performance.+ * Method 0 (default):+ *     Use `memcpy()`. Safe and portable. Default.+ * Method 1:+ *     `__attribute__((packed))` statement. It depends on compiler extensions+ *     and is therefore not portable.+ *     This method is safe if your compiler supports it, and *generally* as+ *     fast or faster than `memcpy`.+ * Method 2:+ *     Direct access via cast. This method doesn't depend on the compiler but+ *     violates the C standard.+ *     It can generate buggy code on targets which do not support unaligned+ *     memory accesses.+ *     But in some circumstances, it's the only known way to get the most+ *     performance (example: GCC + ARMv6)+ * Method 3:+ *     Byteshift. This can generate the best code on old compilers which don't+ *     inline small `memcpy()` calls, and it might also be faster on big-endian+ *     systems which lack a native byteswap instruction.+ * See https://stackoverflow.com/a/32095106/646947 for details.+ * Prefer these methods in priority order (0 > 1 > 2 > 3)+ */+#ifndef XXH_FORCE_MEMORY_ACCESS   /* can be defined externally, on command line for example */+#  if !defined(__clang__) && defined(__GNUC__) && defined(__ARM_FEATURE_UNALIGNED) && defined(__ARM_ARCH) && (__ARM_ARCH == 6)+#    define XXH_FORCE_MEMORY_ACCESS 2+#  elif !defined(__clang__) && ((defined(__INTEL_COMPILER) && !defined(_WIN32)) || \+  (defined(__GNUC__) && (defined(__ARM_ARCH) && __ARM_ARCH >= 7)))+#    define XXH_FORCE_MEMORY_ACCESS 1+#  endif+#endif++/*!+ * XXH_ACCEPT_NULL_INPUT_POINTER:+ * If the input pointer is NULL, xxHash's default behavior is to dereference it,+ * triggering a segfault.+ * When this macro is enabled, xxHash actively checks the input for a null pointer.+ * If it is, the result for null input pointers is the same as a zero-length input.+ */+#ifndef XXH_ACCEPT_NULL_INPUT_POINTER   /* can be defined externally */+#  define XXH_ACCEPT_NULL_INPUT_POINTER 0+#endif++/*!+ * XXH_FORCE_ALIGN_CHECK:+ * This is an important performance trick+ * for architectures without decent unaligned memory access performance.+ * It checks for input alignment, and when conditions are met,+ * uses a "fast path" employing direct 32-bit/64-bit read,+ * resulting in _dramatically faster_ read speed.+ *+ * The check costs one initial branch per hash, which is generally negligible, but not zero.+ * Moreover, it's not useful to generate binary for an additional code path+ * if memory access uses same instruction for both aligned and unaligned adresses.+ *+ * In these cases, the alignment check can be removed by setting this macro to 0.+ * Then the code will always use unaligned memory access.+ * Align check is automatically disabled on x86, x64 & arm64,+ * which are platforms known to offer good unaligned memory accesses performance.+ *+ * This option does not affect XXH3 (only XXH32 and XXH64).+ */+#ifndef XXH_FORCE_ALIGN_CHECK  /* can be defined externally */+#  if defined(__i386)  || defined(__x86_64__) || defined(__aarch64__) \+   || defined(_M_IX86) || defined(_M_X64)     || defined(_M_ARM64) /* visual */+#    define XXH_FORCE_ALIGN_CHECK 0+#  else+#    define XXH_FORCE_ALIGN_CHECK 1+#  endif+#endif++/*!+ * XXH_NO_INLINE_HINTS:+ *+ * By default, xxHash tries to force the compiler to inline almost all internal+ * functions.+ *+ * This can usually improve performance due to reduced jumping and improved+ * constant folding, but significantly increases the size of the binary which+ * might not be favorable.+ *+ * Additionally, sometimes the forced inlining can be detrimental to performance,+ * depending on the architecture.+ *+ * XXH_NO_INLINE_HINTS marks all internal functions as static, giving the+ * compiler full control on whether to inline or not.+ *+ * When not optimizing (-O0), optimizing for size (-Os, -Oz), or using+ * -fno-inline with GCC or Clang, this will automatically be defined.+ */+#ifndef XXH_NO_INLINE_HINTS+#  if defined(__OPTIMIZE_SIZE__) /* -Os, -Oz */ \+   || defined(__NO_INLINE__)     /* -O0, -fno-inline */+#    define XXH_NO_INLINE_HINTS 1+#  else+#    define XXH_NO_INLINE_HINTS 0+#  endif+#endif++/*!+ * XXH_REROLL:+ * Whether to reroll XXH32_finalize, and XXH64_finalize,+ * instead of using an unrolled jump table/if statement loop.+ *+ * This is automatically defined on -Os/-Oz on GCC and Clang.+ */+#ifndef XXH_REROLL+#  if defined(__OPTIMIZE_SIZE__)+#    define XXH_REROLL 1+#  else+#    define XXH_REROLL 0+#  endif+#endif+++/* *************************************+*  Includes & Memory related functions+***************************************/+/*!+ * Modify the local functions below should you wish to use+ * different memory routines for malloc() and free()+ */+#include <stdlib.h>++static void* XXH_malloc(size_t s) { return malloc(s); }+static void XXH_free(void* p) { free(p); }++/*! and for memcpy() */+#include <string.h>+static void* XXH_memcpy(void* dest, const void* src, size_t size)+{+    return memcpy(dest,src,size);+}++#include <limits.h>   /* ULLONG_MAX */+++/* *************************************+*  Compiler Specific Options+***************************************/+#ifdef _MSC_VER /* Visual Studio warning fix */+#  pragma warning(disable : 4127) /* disable: C4127: conditional expression is constant */+#endif++#if XXH_NO_INLINE_HINTS  /* disable inlining hints */+#  if defined(__GNUC__)+#    define XXH_FORCE_INLINE static __attribute__((unused))+#  else+#    define XXH_FORCE_INLINE static+#  endif+#  define XXH_NO_INLINE static+/* enable inlining hints */+#elif defined(_MSC_VER)  /* Visual Studio */+#  define XXH_FORCE_INLINE static __forceinline+#  define XXH_NO_INLINE static __declspec(noinline)+#elif defined(__GNUC__)+#  define XXH_FORCE_INLINE static __inline__ __attribute__((always_inline, unused))+#  define XXH_NO_INLINE static __attribute__((noinline))+#elif defined (__cplusplus) \+  || (defined (__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L))   /* C99 */+#  define XXH_FORCE_INLINE static inline+#  define XXH_NO_INLINE static+#else+#  define XXH_FORCE_INLINE static+#  define XXH_NO_INLINE static+#endif++++/* *************************************+*  Debug+***************************************/+/*+ * XXH_DEBUGLEVEL is expected to be defined externally, typically via the+ * compiler's command line options. The value must be a number.+ */+#ifndef XXH_DEBUGLEVEL+#  ifdef DEBUGLEVEL /* backwards compat */+#    define XXH_DEBUGLEVEL DEBUGLEVEL+#  else+#    define XXH_DEBUGLEVEL 0+#  endif+#endif++#if (XXH_DEBUGLEVEL>=1)+#  include <assert.h>   /* note: can still be disabled with NDEBUG */+#  define XXH_ASSERT(c)   assert(c)+#else+#  define XXH_ASSERT(c)   ((void)0)+#endif++/* note: use after variable declarations */+#define XXH_STATIC_ASSERT(c)  do { enum { XXH_sa = 1/(int)(!!(c)) }; } while (0)+++/* *************************************+*  Basic Types+***************************************/+#if !defined (__VMS) \+ && (defined (__cplusplus) \+ || (defined (__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) /* C99 */) )+# include <stdint.h>+  typedef uint8_t xxh_u8;+#else+  typedef unsigned char xxh_u8;+#endif+typedef XXH32_hash_t xxh_u32;++#ifdef XXH_OLD_NAMES+#  define BYTE xxh_u8+#  define U8   xxh_u8+#  define U32  xxh_u32+#endif++/* ***   Memory access   *** */++#if (defined(XXH_FORCE_MEMORY_ACCESS) && (XXH_FORCE_MEMORY_ACCESS==3))+/*+ * Manual byteshift. Best for old compilers which don't inline memcpy.+ * We actually directly use XXH_readLE32 and XXH_readBE32.+ */+#elif (defined(XXH_FORCE_MEMORY_ACCESS) && (XXH_FORCE_MEMORY_ACCESS==2))++/*+ * Force direct memory access. Only works on CPU which support unaligned memory+ * access in hardware.+ */+static xxh_u32 XXH_read32(const void* memPtr) { return *(const xxh_u32*) memPtr; }++#elif (defined(XXH_FORCE_MEMORY_ACCESS) && (XXH_FORCE_MEMORY_ACCESS==1))++/*+ * __pack instructions are safer but compiler specific, hence potentially+ * problematic for some compilers.+ *+ * Currently only defined for GCC and ICC.+ */+#ifdef XXH_OLD_NAMES+typedef union { xxh_u32 u32; } __attribute__((packed)) unalign;+#endif+static xxh_u32 XXH_read32(const void* ptr)+{+    typedef union { xxh_u32 u32; } __attribute__((packed)) xxh_unalign;+    return ((const xxh_unalign*)ptr)->u32;+}++#else++/*+ * Portable and safe solution. Generally efficient.+ * see: https://stackoverflow.com/a/32095106/646947+ */+static xxh_u32 XXH_read32(const void* memPtr)+{+    xxh_u32 val;+    memcpy(&val, memPtr, sizeof(val));+    return val;+}++#endif   /* XXH_FORCE_DIRECT_MEMORY_ACCESS */+++/* ***   Endianess   *** */+typedef enum { XXH_bigEndian=0, XXH_littleEndian=1 } XXH_endianess;++/*!+ * XXH_CPU_LITTLE_ENDIAN:+ * Defined to 1 if the target is little endian, or 0 if it is big endian.+ * It can be defined externally, for example on the compiler command line.+ *+ * If it is not defined, a runtime check (which is usually constant folded)+ * is used instead.+ */+#ifndef XXH_CPU_LITTLE_ENDIAN+/*+ * Try to detect endianness automatically, to avoid the nonstandard behavior+ * in `XXH_isLittleEndian()`+ */+#  if defined(_WIN32) /* Windows is always little endian */ \+     || defined(__LITTLE_ENDIAN__) \+     || (defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)+#    define XXH_CPU_LITTLE_ENDIAN 1+#  elif defined(__BIG_ENDIAN__) \+     || (defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__)+#    define XXH_CPU_LITTLE_ENDIAN 0+#  else+/*+ * runtime test, presumed to simplify to a constant by compiler+ */+static int XXH_isLittleEndian(void)+{+    /*+     * Portable and well-defined behavior.+     * Don't use static: it is detrimental to performance.+     */+    const union { xxh_u32 u; xxh_u8 c[4]; } one = { 1 };+    return one.c[0];+}+#   define XXH_CPU_LITTLE_ENDIAN   XXH_isLittleEndian()+#  endif+#endif+++++/* ****************************************+*  Compiler-specific Functions and Macros+******************************************/+#define XXH_GCC_VERSION (__GNUC__ * 100 + __GNUC_MINOR__)++#ifdef __has_builtin+#  define XXH_HAS_BUILTIN(x) __has_builtin(x)+#else+#  define XXH_HAS_BUILTIN(x) 0+#endif++#if !defined(NO_CLANG_BUILTIN) && XXH_HAS_BUILTIN(__builtin_rotateleft32) \+                               && XXH_HAS_BUILTIN(__builtin_rotateleft64)+#  define XXH_rotl32 __builtin_rotateleft32+#  define XXH_rotl64 __builtin_rotateleft64+/* Note: although _rotl exists for minGW (GCC under windows), performance seems poor */+#elif defined(_MSC_VER)+#  define XXH_rotl32(x,r) _rotl(x,r)+#  define XXH_rotl64(x,r) _rotl64(x,r)+#else+#  define XXH_rotl32(x,r) (((x) << (r)) | ((x) >> (32 - (r))))+#  define XXH_rotl64(x,r) (((x) << (r)) | ((x) >> (64 - (r))))+#endif++#if defined(_MSC_VER)     /* Visual Studio */+#  define XXH_swap32 _byteswap_ulong+#elif XXH_GCC_VERSION >= 403+#  define XXH_swap32 __builtin_bswap32+#else+static xxh_u32 XXH_swap32 (xxh_u32 x)+{+    return  ((x << 24) & 0xff000000 ) |+            ((x <<  8) & 0x00ff0000 ) |+            ((x >>  8) & 0x0000ff00 ) |+            ((x >> 24) & 0x000000ff );+}+#endif+++/* ***************************+*  Memory reads+*****************************/+typedef enum { XXH_aligned, XXH_unaligned } XXH_alignment;++/*+ * XXH_FORCE_MEMORY_ACCESS==3 is an endian-independent byteshift load.+ *+ * This is ideal for older compilers which don't inline memcpy.+ */+#if (defined(XXH_FORCE_MEMORY_ACCESS) && (XXH_FORCE_MEMORY_ACCESS==3))++XXH_FORCE_INLINE xxh_u32 XXH_readLE32(const void* memPtr)+{+    const xxh_u8* bytePtr = (const xxh_u8 *)memPtr;+    return bytePtr[0]+         | ((xxh_u32)bytePtr[1] << 8)+         | ((xxh_u32)bytePtr[2] << 16)+         | ((xxh_u32)bytePtr[3] << 24);+}++XXH_FORCE_INLINE xxh_u32 XXH_readBE32(const void* memPtr)+{+    const xxh_u8* bytePtr = (const xxh_u8 *)memPtr;+    return bytePtr[3]+         | ((xxh_u32)bytePtr[2] << 8)+         | ((xxh_u32)bytePtr[1] << 16)+         | ((xxh_u32)bytePtr[0] << 24);+}++#else+XXH_FORCE_INLINE xxh_u32 XXH_readLE32(const void* ptr)+{+    return XXH_CPU_LITTLE_ENDIAN ? XXH_read32(ptr) : XXH_swap32(XXH_read32(ptr));+}++static xxh_u32 XXH_readBE32(const void* ptr)+{+    return XXH_CPU_LITTLE_ENDIAN ? XXH_swap32(XXH_read32(ptr)) : XXH_read32(ptr);+}+#endif++XXH_FORCE_INLINE xxh_u32+XXH_readLE32_align(const void* ptr, XXH_alignment align)+{+    if (align==XXH_unaligned) {+        return XXH_readLE32(ptr);+    } else {+        return XXH_CPU_LITTLE_ENDIAN ? *(const xxh_u32*)ptr : XXH_swap32(*(const xxh_u32*)ptr);+    }+}+++/* *************************************+*  Misc+***************************************/+XXH_PUBLIC_API unsigned XXH_versionNumber (void) { return XXH_VERSION_NUMBER; }+++/* *******************************************************************+*  32-bit hash functions+*********************************************************************/+static const xxh_u32 XXH_PRIME32_1 = 0x9E3779B1U;   /* 0b10011110001101110111100110110001 */+static const xxh_u32 XXH_PRIME32_2 = 0x85EBCA77U;   /* 0b10000101111010111100101001110111 */+static const xxh_u32 XXH_PRIME32_3 = 0xC2B2AE3DU;   /* 0b11000010101100101010111000111101 */+static const xxh_u32 XXH_PRIME32_4 = 0x27D4EB2FU;   /* 0b00100111110101001110101100101111 */+static const xxh_u32 XXH_PRIME32_5 = 0x165667B1U;   /* 0b00010110010101100110011110110001 */++#ifdef XXH_OLD_NAMES+#  define PRIME32_1 XXH_PRIME32_1+#  define PRIME32_2 XXH_PRIME32_2+#  define PRIME32_3 XXH_PRIME32_3+#  define PRIME32_4 XXH_PRIME32_4+#  define PRIME32_5 XXH_PRIME32_5+#endif++static xxh_u32 XXH32_round(xxh_u32 acc, xxh_u32 input)+{+    acc += input * XXH_PRIME32_2;+    acc  = XXH_rotl32(acc, 13);+    acc *= XXH_PRIME32_1;+#if defined(__GNUC__) && defined(__SSE4_1__) && !defined(XXH_ENABLE_AUTOVECTORIZE)+    /*+     * UGLY HACK:+     * This inline assembly hack forces acc into a normal register. This is the+     * only thing that prevents GCC and Clang from autovectorizing the XXH32+     * loop (pragmas and attributes don't work for some resason) without globally+     * disabling SSE4.1.+     *+     * The reason we want to avoid vectorization is because despite working on+     * 4 integers at a time, there are multiple factors slowing XXH32 down on+     * SSE4:+     * - There's a ridiculous amount of lag from pmulld (10 cycles of latency on+     *   newer chips!) making it slightly slower to multiply four integers at+     *   once compared to four integers independently. Even when pmulld was+     *   fastest, Sandy/Ivy Bridge, it is still not worth it to go into SSE+     *   just to multiply unless doing a long operation.+     *+     * - Four instructions are required to rotate,+     *      movqda tmp,  v // not required with VEX encoding+     *      pslld  tmp, 13 // tmp <<= 13+     *      psrld  v,   19 // x >>= 19+     *      por    v,  tmp // x |= tmp+     *   compared to one for scalar:+     *      roll   v, 13    // reliably fast across the board+     *      shldl  v, v, 13 // Sandy Bridge and later prefer this for some reason+     *+     * - Instruction level parallelism is actually more beneficial here because+     *   the SIMD actually serializes this operation: While v1 is rotating, v2+     *   can load data, while v3 can multiply. SSE forces them to operate+     *   together.+     *+     * How this hack works:+     * __asm__(""       // Declare an assembly block but don't declare any instructions+     *          :       // However, as an Input/Output Operand,+     *          "+r"    // constrain a read/write operand (+) as a general purpose register (r).+     *          (acc)   // and set acc as the operand+     * );+     *+     * Because of the 'r', the compiler has promised that seed will be in a+     * general purpose register and the '+' says that it will be 'read/write',+     * so it has to assume it has changed. It is like volatile without all the+     * loads and stores.+     *+     * Since the argument has to be in a normal register (not an SSE register),+     * each time XXH32_round is called, it is impossible to vectorize.+     */+    __asm__("" : "+r" (acc));+#endif+    return acc;+}++/* mix all bits */+static xxh_u32 XXH32_avalanche(xxh_u32 h32)+{+    h32 ^= h32 >> 15;+    h32 *= XXH_PRIME32_2;+    h32 ^= h32 >> 13;+    h32 *= XXH_PRIME32_3;+    h32 ^= h32 >> 16;+    return(h32);+}++#define XXH_get32bits(p) XXH_readLE32_align(p, align)++static xxh_u32+XXH32_finalize(xxh_u32 h32, const xxh_u8* ptr, size_t len, XXH_alignment align)+{+#define XXH_PROCESS1 do {                           \+    h32 += (*ptr++) * XXH_PRIME32_5;                \+    h32 = XXH_rotl32(h32, 11) * XXH_PRIME32_1;      \+} while (0)++#define XXH_PROCESS4 do {                           \+    h32 += XXH_get32bits(ptr) * XXH_PRIME32_3;      \+    ptr += 4;                                   \+    h32  = XXH_rotl32(h32, 17) * XXH_PRIME32_4;     \+} while (0)++    /* Compact rerolled version */+    if (XXH_REROLL) {+        len &= 15;+        while (len >= 4) {+            XXH_PROCESS4;+            len -= 4;+        }+        while (len > 0) {+            XXH_PROCESS1;+            --len;+        }+        return XXH32_avalanche(h32);+    } else {+         switch(len&15) /* or switch(bEnd - p) */ {+           case 12:      XXH_PROCESS4;+                         /* fallthrough */+           case 8:       XXH_PROCESS4;+                         /* fallthrough */+           case 4:       XXH_PROCESS4;+                         return XXH32_avalanche(h32);++           case 13:      XXH_PROCESS4;+                         /* fallthrough */+           case 9:       XXH_PROCESS4;+                         /* fallthrough */+           case 5:       XXH_PROCESS4;+                         XXH_PROCESS1;+                         return XXH32_avalanche(h32);++           case 14:      XXH_PROCESS4;+                         /* fallthrough */+           case 10:      XXH_PROCESS4;+                         /* fallthrough */+           case 6:       XXH_PROCESS4;+                         XXH_PROCESS1;+                         XXH_PROCESS1;+                         return XXH32_avalanche(h32);++           case 15:      XXH_PROCESS4;+                         /* fallthrough */+           case 11:      XXH_PROCESS4;+                         /* fallthrough */+           case 7:       XXH_PROCESS4;+                         /* fallthrough */+           case 3:       XXH_PROCESS1;+                         /* fallthrough */+           case 2:       XXH_PROCESS1;+                         /* fallthrough */+           case 1:       XXH_PROCESS1;+                         /* fallthrough */+           case 0:       return XXH32_avalanche(h32);+        }+        XXH_ASSERT(0);+        return h32;   /* reaching this point is deemed impossible */+    }+}++#ifdef XXH_OLD_NAMES+#  define PROCESS1 XXH_PROCESS1+#  define PROCESS4 XXH_PROCESS4+#else+#  undef XXH_PROCESS1+#  undef XXH_PROCESS4+#endif++XXH_FORCE_INLINE xxh_u32+XXH32_endian_align(const xxh_u8* input, size_t len, xxh_u32 seed, XXH_alignment align)+{+    const xxh_u8* bEnd = input + len;+    xxh_u32 h32;++#if defined(XXH_ACCEPT_NULL_INPUT_POINTER) && (XXH_ACCEPT_NULL_INPUT_POINTER>=1)+    if (input==NULL) {+        len=0;+        bEnd=input=(const xxh_u8*)(size_t)16;+    }+#endif++    if (len>=16) {+        const xxh_u8* const limit = bEnd - 15;+        xxh_u32 v1 = seed + XXH_PRIME32_1 + XXH_PRIME32_2;+        xxh_u32 v2 = seed + XXH_PRIME32_2;+        xxh_u32 v3 = seed + 0;+        xxh_u32 v4 = seed - XXH_PRIME32_1;++        do {+            v1 = XXH32_round(v1, XXH_get32bits(input)); input += 4;+            v2 = XXH32_round(v2, XXH_get32bits(input)); input += 4;+            v3 = XXH32_round(v3, XXH_get32bits(input)); input += 4;+            v4 = XXH32_round(v4, XXH_get32bits(input)); input += 4;+        } while (input < limit);++        h32 = XXH_rotl32(v1, 1)  + XXH_rotl32(v2, 7)+            + XXH_rotl32(v3, 12) + XXH_rotl32(v4, 18);+    } else {+        h32  = seed + XXH_PRIME32_5;+    }++    h32 += (xxh_u32)len;++    return XXH32_finalize(h32, input, len&15, align);+}+++XXH_PUBLIC_API XXH32_hash_t XXH32 (const void* input, size_t len, XXH32_hash_t seed)+{+#if 0+    /* Simple version, good for code maintenance, but unfortunately slow for small inputs */+    XXH32_state_t state;+    XXH32_reset(&state, seed);+    XXH32_update(&state, (const xxh_u8*)input, len);+    return XXH32_digest(&state);++#else++    if (XXH_FORCE_ALIGN_CHECK) {+        if ((((size_t)input) & 3) == 0) {   /* Input is 4-bytes aligned, leverage the speed benefit */+            return XXH32_endian_align((const xxh_u8*)input, len, seed, XXH_aligned);+    }   }++    return XXH32_endian_align((const xxh_u8*)input, len, seed, XXH_unaligned);+#endif+}++++/*******   Hash streaming   *******/++XXH_PUBLIC_API XXH32_state_t* XXH32_createState(void)+{+    return (XXH32_state_t*)XXH_malloc(sizeof(XXH32_state_t));+}+XXH_PUBLIC_API XXH_errorcode XXH32_freeState(XXH32_state_t* statePtr)+{+    XXH_free(statePtr);+    return XXH_OK;+}++XXH_PUBLIC_API void XXH32_copyState(XXH32_state_t* dstState, const XXH32_state_t* srcState)+{+    memcpy(dstState, srcState, sizeof(*dstState));+}++XXH_PUBLIC_API XXH_errorcode XXH32_reset(XXH32_state_t* statePtr, XXH32_hash_t seed)+{+    XXH32_state_t state;   /* using a local state to memcpy() in order to avoid strict-aliasing warnings */+    memset(&state, 0, sizeof(state));+    state.v1 = seed + XXH_PRIME32_1 + XXH_PRIME32_2;+    state.v2 = seed + XXH_PRIME32_2;+    state.v3 = seed + 0;+    state.v4 = seed - XXH_PRIME32_1;+    /* do not write into reserved, planned to be removed in a future version */+    memcpy(statePtr, &state, sizeof(state) - sizeof(state.reserved));+    return XXH_OK;+}+++XXH_PUBLIC_API XXH_errorcode+XXH32_update(XXH32_state_t* state, const void* input, size_t len)+{+    if (input==NULL)+#if defined(XXH_ACCEPT_NULL_INPUT_POINTER) && (XXH_ACCEPT_NULL_INPUT_POINTER>=1)+        return XXH_OK;+#else+        return XXH_ERROR;+#endif++    {   const xxh_u8* p = (const xxh_u8*)input;+        const xxh_u8* const bEnd = p + len;++        state->total_len_32 += (XXH32_hash_t)len;+        state->large_len |= (XXH32_hash_t)((len>=16) | (state->total_len_32>=16));++        if (state->memsize + len < 16)  {   /* fill in tmp buffer */+            XXH_memcpy((xxh_u8*)(state->mem32) + state->memsize, input, len);+            state->memsize += (XXH32_hash_t)len;+            return XXH_OK;+        }++        if (state->memsize) {   /* some data left from previous update */+            XXH_memcpy((xxh_u8*)(state->mem32) + state->memsize, input, 16-state->memsize);+            {   const xxh_u32* p32 = state->mem32;+                state->v1 = XXH32_round(state->v1, XXH_readLE32(p32)); p32++;+                state->v2 = XXH32_round(state->v2, XXH_readLE32(p32)); p32++;+                state->v3 = XXH32_round(state->v3, XXH_readLE32(p32)); p32++;+                state->v4 = XXH32_round(state->v4, XXH_readLE32(p32));+            }+            p += 16-state->memsize;+            state->memsize = 0;+        }++        if (p <= bEnd-16) {+            const xxh_u8* const limit = bEnd - 16;+            xxh_u32 v1 = state->v1;+            xxh_u32 v2 = state->v2;+            xxh_u32 v3 = state->v3;+            xxh_u32 v4 = state->v4;++            do {+                v1 = XXH32_round(v1, XXH_readLE32(p)); p+=4;+                v2 = XXH32_round(v2, XXH_readLE32(p)); p+=4;+                v3 = XXH32_round(v3, XXH_readLE32(p)); p+=4;+                v4 = XXH32_round(v4, XXH_readLE32(p)); p+=4;+            } while (p<=limit);++            state->v1 = v1;+            state->v2 = v2;+            state->v3 = v3;+            state->v4 = v4;+        }++        if (p < bEnd) {+            XXH_memcpy(state->mem32, p, (size_t)(bEnd-p));+            state->memsize = (unsigned)(bEnd-p);+        }+    }++    return XXH_OK;+}+++XXH_PUBLIC_API XXH32_hash_t XXH32_digest (const XXH32_state_t* state)+{+    xxh_u32 h32;++    if (state->large_len) {+        h32 = XXH_rotl32(state->v1, 1)+            + XXH_rotl32(state->v2, 7)+            + XXH_rotl32(state->v3, 12)+            + XXH_rotl32(state->v4, 18);+    } else {+        h32 = state->v3 /* == seed */ + XXH_PRIME32_5;+    }++    h32 += state->total_len_32;++    return XXH32_finalize(h32, (const xxh_u8*)state->mem32, state->memsize, XXH_aligned);+}+++/*******   Canonical representation   *******/++/*+ * The default return values from XXH functions are unsigned 32 and 64 bit+ * integers.+ *+ * The canonical representation uses big endian convention, the same convention+ * as human-readable numbers (large digits first).+ *+ * This way, hash values can be written into a file or buffer, remaining+ * comparable across different systems.+ *+ * The following functions allow transformation of hash values to and from their+ * canonical format.+ */+XXH_PUBLIC_API void XXH32_canonicalFromHash(XXH32_canonical_t* dst, XXH32_hash_t hash)+{+    XXH_STATIC_ASSERT(sizeof(XXH32_canonical_t) == sizeof(XXH32_hash_t));+    if (XXH_CPU_LITTLE_ENDIAN) hash = XXH_swap32(hash);+    memcpy(dst, &hash, sizeof(*dst));+}++XXH_PUBLIC_API XXH32_hash_t XXH32_hashFromCanonical(const XXH32_canonical_t* src)+{+    return XXH_readBE32(src);+}+++#ifndef XXH_NO_LONG_LONG++/* *******************************************************************+*  64-bit hash functions+*********************************************************************/++/*******   Memory access   *******/++typedef XXH64_hash_t xxh_u64;++#ifdef XXH_OLD_NAMES+#  define U64 xxh_u64+#endif++/*!+ * XXH_REROLL_XXH64:+ * Whether to reroll the XXH64_finalize() loop.+ *+ * Just like XXH32, we can unroll the XXH64_finalize() loop. This can be a+ * performance gain on 64-bit hosts, as only one jump is required.+ *+ * However, on 32-bit hosts, because arithmetic needs to be done with two 32-bit+ * registers, and 64-bit arithmetic needs to be simulated, it isn't beneficial+ * to unroll. The code becomes ridiculously large (the largest function in the+ * binary on i386!), and rerolling it saves anywhere from 3kB to 20kB. It is+ * also slightly faster because it fits into cache better and is more likely+ * to be inlined by the compiler.+ *+ * If XXH_REROLL is defined, this is ignored and the loop is always rerolled.+ */+#ifndef XXH_REROLL_XXH64+#  if (defined(__ILP32__) || defined(_ILP32)) /* ILP32 is often defined on 32-bit GCC family */ \+   || !(defined(__x86_64__) || defined(_M_X64) || defined(_M_AMD64) /* x86-64 */ \+     || defined(_M_ARM64) || defined(__aarch64__) || defined(__arm64__) /* aarch64 */ \+     || defined(__PPC64__) || defined(__PPC64LE__) || defined(__ppc64__) || defined(__powerpc64__) /* ppc64 */ \+     || defined(__mips64__) || defined(__mips64)) /* mips64 */ \+   || (!defined(SIZE_MAX) || SIZE_MAX < ULLONG_MAX) /* check limits */+#    define XXH_REROLL_XXH64 1+#  else+#    define XXH_REROLL_XXH64 0+#  endif+#endif /* !defined(XXH_REROLL_XXH64) */++#if (defined(XXH_FORCE_MEMORY_ACCESS) && (XXH_FORCE_MEMORY_ACCESS==3))+/*+ * Manual byteshift. Best for old compilers which don't inline memcpy.+ * We actually directly use XXH_readLE64 and XXH_readBE64.+ */+#elif (defined(XXH_FORCE_MEMORY_ACCESS) && (XXH_FORCE_MEMORY_ACCESS==2))++/* Force direct memory access. Only works on CPU which support unaligned memory access in hardware */+static xxh_u64 XXH_read64(const void* memPtr) { return *(const xxh_u64*) memPtr; }++#elif (defined(XXH_FORCE_MEMORY_ACCESS) && (XXH_FORCE_MEMORY_ACCESS==1))++/*+ * __pack instructions are safer, but compiler specific, hence potentially+ * problematic for some compilers.+ *+ * Currently only defined for GCC and ICC.+ */+#ifdef XXH_OLD_NAMES+typedef union { xxh_u32 u32; xxh_u64 u64; } __attribute__((packed)) unalign64;+#endif+static xxh_u64 XXH_read64(const void* ptr)+{+    typedef union { xxh_u32 u32; xxh_u64 u64; } __attribute__((packed)) xxh_unalign64;+    return ((const xxh_unalign64*)ptr)->u64;+}++#else++/*+ * Portable and safe solution. Generally efficient.+ * see: https://stackoverflow.com/a/32095106/646947+ */+static xxh_u64 XXH_read64(const void* memPtr)+{+    xxh_u64 val;+    memcpy(&val, memPtr, sizeof(val));+    return val;+}++#endif   /* XXH_FORCE_DIRECT_MEMORY_ACCESS */++#if defined(_MSC_VER)     /* Visual Studio */+#  define XXH_swap64 _byteswap_uint64+#elif XXH_GCC_VERSION >= 403+#  define XXH_swap64 __builtin_bswap64+#else+static xxh_u64 XXH_swap64 (xxh_u64 x)+{+    return  ((x << 56) & 0xff00000000000000ULL) |+            ((x << 40) & 0x00ff000000000000ULL) |+            ((x << 24) & 0x0000ff0000000000ULL) |+            ((x << 8)  & 0x000000ff00000000ULL) |+            ((x >> 8)  & 0x00000000ff000000ULL) |+            ((x >> 24) & 0x0000000000ff0000ULL) |+            ((x >> 40) & 0x000000000000ff00ULL) |+            ((x >> 56) & 0x00000000000000ffULL);+}+#endif+++/* XXH_FORCE_MEMORY_ACCESS==3 is an endian-independent byteshift load. */+#if (defined(XXH_FORCE_MEMORY_ACCESS) && (XXH_FORCE_MEMORY_ACCESS==3))++XXH_FORCE_INLINE xxh_u64 XXH_readLE64(const void* memPtr)+{+    const xxh_u8* bytePtr = (const xxh_u8 *)memPtr;+    return bytePtr[0]+         | ((xxh_u64)bytePtr[1] << 8)+         | ((xxh_u64)bytePtr[2] << 16)+         | ((xxh_u64)bytePtr[3] << 24)+         | ((xxh_u64)bytePtr[4] << 32)+         | ((xxh_u64)bytePtr[5] << 40)+         | ((xxh_u64)bytePtr[6] << 48)+         | ((xxh_u64)bytePtr[7] << 56);+}++XXH_FORCE_INLINE xxh_u64 XXH_readBE64(const void* memPtr)+{+    const xxh_u8* bytePtr = (const xxh_u8 *)memPtr;+    return bytePtr[7]+         | ((xxh_u64)bytePtr[6] << 8)+         | ((xxh_u64)bytePtr[5] << 16)+         | ((xxh_u64)bytePtr[4] << 24)+         | ((xxh_u64)bytePtr[3] << 32)+         | ((xxh_u64)bytePtr[2] << 40)+         | ((xxh_u64)bytePtr[1] << 48)+         | ((xxh_u64)bytePtr[0] << 56);+}++#else+XXH_FORCE_INLINE xxh_u64 XXH_readLE64(const void* ptr)+{+    return XXH_CPU_LITTLE_ENDIAN ? XXH_read64(ptr) : XXH_swap64(XXH_read64(ptr));+}++static xxh_u64 XXH_readBE64(const void* ptr)+{+    return XXH_CPU_LITTLE_ENDIAN ? XXH_swap64(XXH_read64(ptr)) : XXH_read64(ptr);+}+#endif++XXH_FORCE_INLINE xxh_u64+XXH_readLE64_align(const void* ptr, XXH_alignment align)+{+    if (align==XXH_unaligned)+        return XXH_readLE64(ptr);+    else+        return XXH_CPU_LITTLE_ENDIAN ? *(const xxh_u64*)ptr : XXH_swap64(*(const xxh_u64*)ptr);+}+++/*******   xxh64   *******/++static const xxh_u64 XXH_PRIME64_1 = 0x9E3779B185EBCA87ULL;   /* 0b1001111000110111011110011011000110000101111010111100101010000111 */+static const xxh_u64 XXH_PRIME64_2 = 0xC2B2AE3D27D4EB4FULL;   /* 0b1100001010110010101011100011110100100111110101001110101101001111 */+static const xxh_u64 XXH_PRIME64_3 = 0x165667B19E3779F9ULL;   /* 0b0001011001010110011001111011000110011110001101110111100111111001 */+static const xxh_u64 XXH_PRIME64_4 = 0x85EBCA77C2B2AE63ULL;   /* 0b1000010111101011110010100111011111000010101100101010111001100011 */+static const xxh_u64 XXH_PRIME64_5 = 0x27D4EB2F165667C5ULL;   /* 0b0010011111010100111010110010111100010110010101100110011111000101 */++#ifdef XXH_OLD_NAMES+#  define PRIME64_1 XXH_PRIME64_1+#  define PRIME64_2 XXH_PRIME64_2+#  define PRIME64_3 XXH_PRIME64_3+#  define PRIME64_4 XXH_PRIME64_4+#  define PRIME64_5 XXH_PRIME64_5+#endif++static xxh_u64 XXH64_round(xxh_u64 acc, xxh_u64 input)+{+    acc += input * XXH_PRIME64_2;+    acc  = XXH_rotl64(acc, 31);+    acc *= XXH_PRIME64_1;+    return acc;+}++static xxh_u64 XXH64_mergeRound(xxh_u64 acc, xxh_u64 val)+{+    val  = XXH64_round(0, val);+    acc ^= val;+    acc  = acc * XXH_PRIME64_1 + XXH_PRIME64_4;+    return acc;+}++static xxh_u64 XXH64_avalanche(xxh_u64 h64)+{+    h64 ^= h64 >> 33;+    h64 *= XXH_PRIME64_2;+    h64 ^= h64 >> 29;+    h64 *= XXH_PRIME64_3;+    h64 ^= h64 >> 32;+    return h64;+}+++#define XXH_get64bits(p) XXH_readLE64_align(p, align)++static xxh_u64+XXH64_finalize(xxh_u64 h64, const xxh_u8* ptr, size_t len, XXH_alignment align)+{+#define XXH_PROCESS1_64 do {                                   \+    h64 ^= (*ptr++) * XXH_PRIME64_5;                           \+    h64 = XXH_rotl64(h64, 11) * XXH_PRIME64_1;                 \+} while (0)++#define XXH_PROCESS4_64 do {                                   \+    h64 ^= (xxh_u64)(XXH_get32bits(ptr)) * XXH_PRIME64_1;      \+    ptr += 4;                                              \+    h64 = XXH_rotl64(h64, 23) * XXH_PRIME64_2 + XXH_PRIME64_3;     \+} while (0)++#define XXH_PROCESS8_64 do {                                   \+    xxh_u64 const k1 = XXH64_round(0, XXH_get64bits(ptr)); \+    ptr += 8;                                              \+    h64 ^= k1;                                             \+    h64  = XXH_rotl64(h64,27) * XXH_PRIME64_1 + XXH_PRIME64_4;     \+} while (0)++    /* Rerolled version for 32-bit targets is faster and much smaller. */+    if (XXH_REROLL || XXH_REROLL_XXH64) {+        len &= 31;+        while (len >= 8) {+            XXH_PROCESS8_64;+            len -= 8;+        }+        if (len >= 4) {+            XXH_PROCESS4_64;+            len -= 4;+        }+        while (len > 0) {+            XXH_PROCESS1_64;+            --len;+        }+         return  XXH64_avalanche(h64);+    } else {+        switch(len & 31) {+           case 24: XXH_PROCESS8_64;+                         /* fallthrough */+           case 16: XXH_PROCESS8_64;+                         /* fallthrough */+           case  8: XXH_PROCESS8_64;+                    return XXH64_avalanche(h64);++           case 28: XXH_PROCESS8_64;+                         /* fallthrough */+           case 20: XXH_PROCESS8_64;+                         /* fallthrough */+           case 12: XXH_PROCESS8_64;+                         /* fallthrough */+           case  4: XXH_PROCESS4_64;+                    return XXH64_avalanche(h64);++           case 25: XXH_PROCESS8_64;+                         /* fallthrough */+           case 17: XXH_PROCESS8_64;+                         /* fallthrough */+           case  9: XXH_PROCESS8_64;+                    XXH_PROCESS1_64;+                    return XXH64_avalanche(h64);++           case 29: XXH_PROCESS8_64;+                         /* fallthrough */+           case 21: XXH_PROCESS8_64;+                         /* fallthrough */+           case 13: XXH_PROCESS8_64;+                         /* fallthrough */+           case  5: XXH_PROCESS4_64;+                    XXH_PROCESS1_64;+                    return XXH64_avalanche(h64);++           case 26: XXH_PROCESS8_64;+                         /* fallthrough */+           case 18: XXH_PROCESS8_64;+                         /* fallthrough */+           case 10: XXH_PROCESS8_64;+                    XXH_PROCESS1_64;+                    XXH_PROCESS1_64;+                    return XXH64_avalanche(h64);++           case 30: XXH_PROCESS8_64;+                         /* fallthrough */+           case 22: XXH_PROCESS8_64;+                         /* fallthrough */+           case 14: XXH_PROCESS8_64;+                         /* fallthrough */+           case  6: XXH_PROCESS4_64;+                    XXH_PROCESS1_64;+                    XXH_PROCESS1_64;+                    return XXH64_avalanche(h64);++           case 27: XXH_PROCESS8_64;+                         /* fallthrough */+           case 19: XXH_PROCESS8_64;+                         /* fallthrough */+           case 11: XXH_PROCESS8_64;+                    XXH_PROCESS1_64;+                    XXH_PROCESS1_64;+                    XXH_PROCESS1_64;+                    return XXH64_avalanche(h64);++           case 31: XXH_PROCESS8_64;+                         /* fallthrough */+           case 23: XXH_PROCESS8_64;+                         /* fallthrough */+           case 15: XXH_PROCESS8_64;+                         /* fallthrough */+           case  7: XXH_PROCESS4_64;+                         /* fallthrough */+           case  3: XXH_PROCESS1_64;+                         /* fallthrough */+           case  2: XXH_PROCESS1_64;+                         /* fallthrough */+           case  1: XXH_PROCESS1_64;+                         /* fallthrough */+           case  0: return XXH64_avalanche(h64);+        }+    }+    /* impossible to reach */+    XXH_ASSERT(0);+    return 0;  /* unreachable, but some compilers complain without it */+}++#ifdef XXH_OLD_NAMES+#  define PROCESS1_64 XXH_PROCESS1_64+#  define PROCESS4_64 XXH_PROCESS4_64+#  define PROCESS8_64 XXH_PROCESS8_64+#else+#  undef XXH_PROCESS1_64+#  undef XXH_PROCESS4_64+#  undef XXH_PROCESS8_64+#endif++XXH_FORCE_INLINE xxh_u64+XXH64_endian_align(const xxh_u8* input, size_t len, xxh_u64 seed, XXH_alignment align)+{+    const xxh_u8* bEnd = input + len;+    xxh_u64 h64;++#if defined(XXH_ACCEPT_NULL_INPUT_POINTER) && (XXH_ACCEPT_NULL_INPUT_POINTER>=1)+    if (input==NULL) {+        len=0;+        bEnd=input=(const xxh_u8*)(size_t)32;+    }+#endif++    if (len>=32) {+        const xxh_u8* const limit = bEnd - 32;+        xxh_u64 v1 = seed + XXH_PRIME64_1 + XXH_PRIME64_2;+        xxh_u64 v2 = seed + XXH_PRIME64_2;+        xxh_u64 v3 = seed + 0;+        xxh_u64 v4 = seed - XXH_PRIME64_1;++        do {+            v1 = XXH64_round(v1, XXH_get64bits(input)); input+=8;+            v2 = XXH64_round(v2, XXH_get64bits(input)); input+=8;+            v3 = XXH64_round(v3, XXH_get64bits(input)); input+=8;+            v4 = XXH64_round(v4, XXH_get64bits(input)); input+=8;+        } while (input<=limit);++        h64 = XXH_rotl64(v1, 1) + XXH_rotl64(v2, 7) + XXH_rotl64(v3, 12) + XXH_rotl64(v4, 18);+        h64 = XXH64_mergeRound(h64, v1);+        h64 = XXH64_mergeRound(h64, v2);+        h64 = XXH64_mergeRound(h64, v3);+        h64 = XXH64_mergeRound(h64, v4);++    } else {+        h64  = seed + XXH_PRIME64_5;+    }++    h64 += (xxh_u64) len;++    return XXH64_finalize(h64, input, len, align);+}+++XXH_PUBLIC_API XXH64_hash_t XXH64 (const void* input, size_t len, XXH64_hash_t seed)+{+#if 0+    /* Simple version, good for code maintenance, but unfortunately slow for small inputs */+    XXH64_state_t state;+    XXH64_reset(&state, seed);+    XXH64_update(&state, (const xxh_u8*)input, len);+    return XXH64_digest(&state);++#else++    if (XXH_FORCE_ALIGN_CHECK) {+        if ((((size_t)input) & 7)==0) {  /* Input is aligned, let's leverage the speed advantage */+            return XXH64_endian_align((const xxh_u8*)input, len, seed, XXH_aligned);+    }   }++    return XXH64_endian_align((const xxh_u8*)input, len, seed, XXH_unaligned);++#endif+}++/*******   Hash Streaming   *******/++XXH_PUBLIC_API XXH64_state_t* XXH64_createState(void)+{+    return (XXH64_state_t*)XXH_malloc(sizeof(XXH64_state_t));+}+XXH_PUBLIC_API XXH_errorcode XXH64_freeState(XXH64_state_t* statePtr)+{+    XXH_free(statePtr);+    return XXH_OK;+}++XXH_PUBLIC_API void XXH64_copyState(XXH64_state_t* dstState, const XXH64_state_t* srcState)+{+    memcpy(dstState, srcState, sizeof(*dstState));+}++XXH_PUBLIC_API XXH_errorcode XXH64_reset(XXH64_state_t* statePtr, XXH64_hash_t seed)+{+    XXH64_state_t state;   /* use a local state to memcpy() in order to avoid strict-aliasing warnings */+    memset(&state, 0, sizeof(state));+    state.v1 = seed + XXH_PRIME64_1 + XXH_PRIME64_2;+    state.v2 = seed + XXH_PRIME64_2;+    state.v3 = seed + 0;+    state.v4 = seed - XXH_PRIME64_1;+     /* do not write into reserved64, might be removed in a future version */+    memcpy(statePtr, &state, sizeof(state) - sizeof(state.reserved64));+    return XXH_OK;+}++XXH_PUBLIC_API XXH_errorcode+XXH64_update (XXH64_state_t* state, const void* input, size_t len)+{+    if (input==NULL)+#if defined(XXH_ACCEPT_NULL_INPUT_POINTER) && (XXH_ACCEPT_NULL_INPUT_POINTER>=1)+        return XXH_OK;+#else+        return XXH_ERROR;+#endif++    {   const xxh_u8* p = (const xxh_u8*)input;+        const xxh_u8* const bEnd = p + len;++        state->total_len += len;++        if (state->memsize + len < 32) {  /* fill in tmp buffer */+            XXH_memcpy(((xxh_u8*)state->mem64) + state->memsize, input, len);+            state->memsize += (xxh_u32)len;+            return XXH_OK;+        }++        if (state->memsize) {   /* tmp buffer is full */+            XXH_memcpy(((xxh_u8*)state->mem64) + state->memsize, input, 32-state->memsize);+            state->v1 = XXH64_round(state->v1, XXH_readLE64(state->mem64+0));+            state->v2 = XXH64_round(state->v2, XXH_readLE64(state->mem64+1));+            state->v3 = XXH64_round(state->v3, XXH_readLE64(state->mem64+2));+            state->v4 = XXH64_round(state->v4, XXH_readLE64(state->mem64+3));+            p += 32-state->memsize;+            state->memsize = 0;+        }++        if (p+32 <= bEnd) {+            const xxh_u8* const limit = bEnd - 32;+            xxh_u64 v1 = state->v1;+            xxh_u64 v2 = state->v2;+            xxh_u64 v3 = state->v3;+            xxh_u64 v4 = state->v4;++            do {+                v1 = XXH64_round(v1, XXH_readLE64(p)); p+=8;+                v2 = XXH64_round(v2, XXH_readLE64(p)); p+=8;+                v3 = XXH64_round(v3, XXH_readLE64(p)); p+=8;+                v4 = XXH64_round(v4, XXH_readLE64(p)); p+=8;+            } while (p<=limit);++            state->v1 = v1;+            state->v2 = v2;+            state->v3 = v3;+            state->v4 = v4;+        }++        if (p < bEnd) {+            XXH_memcpy(state->mem64, p, (size_t)(bEnd-p));+            state->memsize = (unsigned)(bEnd-p);+        }+    }++    return XXH_OK;+}+++XXH_PUBLIC_API XXH64_hash_t XXH64_digest (const XXH64_state_t* state)+{+    xxh_u64 h64;++    if (state->total_len >= 32) {+        xxh_u64 const v1 = state->v1;+        xxh_u64 const v2 = state->v2;+        xxh_u64 const v3 = state->v3;+        xxh_u64 const v4 = state->v4;++        h64 = XXH_rotl64(v1, 1) + XXH_rotl64(v2, 7) + XXH_rotl64(v3, 12) + XXH_rotl64(v4, 18);+        h64 = XXH64_mergeRound(h64, v1);+        h64 = XXH64_mergeRound(h64, v2);+        h64 = XXH64_mergeRound(h64, v3);+        h64 = XXH64_mergeRound(h64, v4);+    } else {+        h64  = state->v3 /*seed*/ + XXH_PRIME64_5;+    }++    h64 += (xxh_u64) state->total_len;++    return XXH64_finalize(h64, (const xxh_u8*)state->mem64, (size_t)state->total_len, XXH_aligned);+}+++/******* Canonical representation   *******/++XXH_PUBLIC_API void XXH64_canonicalFromHash(XXH64_canonical_t* dst, XXH64_hash_t hash)+{+    XXH_STATIC_ASSERT(sizeof(XXH64_canonical_t) == sizeof(XXH64_hash_t));+    if (XXH_CPU_LITTLE_ENDIAN) hash = XXH_swap64(hash);+    memcpy(dst, &hash, sizeof(*dst));+}++XXH_PUBLIC_API XXH64_hash_t XXH64_hashFromCanonical(const XXH64_canonical_t* src)+{+    return XXH_readBE64(src);+}++++/* *********************************************************************+*  XXH3+*  New generation hash designed for speed on small keys and vectorization+************************************************************************ */++/* ===   Compiler specifics   === */++#if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 199901L   /* >= C99 */+#  define XXH_RESTRICT   restrict+#else+/* Note: it might be useful to define __restrict or __restrict__ for some C++ compilers */+#  define XXH_RESTRICT   /* disable */+#endif++#if (defined(__GNUC__) && (__GNUC__ >= 3))  \+  || (defined(__INTEL_COMPILER) && (__INTEL_COMPILER >= 800)) \+  || defined(__clang__)+#    define XXH_likely(x) __builtin_expect(x, 1)+#    define XXH_unlikely(x) __builtin_expect(x, 0)+#else+#    define XXH_likely(x) (x)+#    define XXH_unlikely(x) (x)+#endif++#if defined(__GNUC__)+#  if defined(__AVX2__)+#    include <immintrin.h>+#  elif defined(__SSE2__)+#    include <emmintrin.h>+#  elif defined(__ARM_NEON__) || defined(__ARM_NEON)+#    define inline __inline__  /* circumvent a clang bug */+#    include <arm_neon.h>+#    undef inline+#  endif+#elif defined(_MSC_VER)+#  include <intrin.h>+#endif++/*+ * One goal of XXH3 is to make it fast on both 32-bit and 64-bit, while+ * remaining a true 64-bit/128-bit hash function.+ *+ * This is done by prioritizing a subset of 64-bit operations that can be+ * emulated without too many steps on the average 32-bit machine.+ *+ * For example, these two lines seem similar, and run equally fast on 64-bit:+ *+ *   xxh_u64 x;+ *   x ^= (x >> 47); // good+ *   x ^= (x >> 13); // bad+ *+ * However, to a 32-bit machine, there is a major difference.+ *+ * x ^= (x >> 47) looks like this:+ *+ *   x.lo ^= (x.hi >> (47 - 32));+ *+ * while x ^= (x >> 13) looks like this:+ *+ *   // note: funnel shifts are not usually cheap.+ *   x.lo ^= (x.lo >> 13) | (x.hi << (32 - 13));+ *   x.hi ^= (x.hi >> 13);+ *+ * The first one is significantly faster than the second, simply because the+ * shift is larger than 32. This means:+ *  - All the bits we need are in the upper 32 bits, so we can ignore the lower+ *    32 bits in the shift.+ *  - The shift result will always fit in the lower 32 bits, and therefore,+ *    we can ignore the upper 32 bits in the xor.+ *+ * Thanks to this optimization, XXH3 only requires these features to be efficient:+ *+ *  - Usable unaligned access+ *  - A 32-bit or 64-bit ALU+ *      - If 32-bit, a decent ADC instruction+ *  - A 32 or 64-bit multiply with a 64-bit result+ *  - For the 128-bit variant, a decent byteswap helps short inputs.+ *+ * The first two are already required by XXH32, and almost all 32-bit and 64-bit+ * platforms which can run XXH32 can run XXH3 efficiently.+ *+ * Thumb-1, the classic 16-bit only subset of ARM's instruction set, is one+ * notable exception.+ *+ * First of all, Thumb-1 lacks support for the UMULL instruction which+ * performs the important long multiply. This means numerous __aeabi_lmul+ * calls.+ *+ * Second of all, the 8 functional registers are just not enough.+ * Setup for __aeabi_lmul, byteshift loads, pointers, and all arithmetic need+ * Lo registers, and this shuffling results in thousands more MOVs than A32.+ *+ * A32 and T32 don't have this limitation. They can access all 14 registers,+ * do a 32->64 multiply with UMULL, and the flexible operand allowing free+ * shifts is helpful, too.+ *+ * Therefore, we do a quick sanity check.+ *+ * If compiling Thumb-1 for a target which supports ARM instructions, we will+ * emit a warning, as it is not a "sane" platform to compile for.+ *+ * Usually, if this happens, it is because of an accident and you probably need+ * to specify -march, as you likely meant to compile for a newer architecture.+ *+ * Credit: large sections of the vectorial and asm source code paths+ *         have been contributed by @easyaspi314+ */+#if defined(__thumb__) && !defined(__thumb2__) && defined(__ARM_ARCH_ISA_ARM)+#   warning "XXH3 is highly inefficient without ARM or Thumb-2."+#endif++/* ==========================================+ * Vectorization detection+ * ========================================== */+#define XXH_SCALAR 0  /* Portable scalar version */+#define XXH_SSE2   1  /* SSE2 for Pentium 4 and all x86_64 */+#define XXH_AVX2   2  /* AVX2 for Haswell and Bulldozer */+#define XXH_AVX512 3  /* AVX512 for Skylake and Icelake */+#define XXH_NEON   4  /* NEON for most ARMv7-A and all AArch64 */+#define XXH_VSX    5  /* VSX and ZVector for POWER8/z13 */++#ifndef XXH_VECTOR    /* can be defined on command line */+#  if defined(__AVX512F__)+#    define XXH_VECTOR XXH_AVX512+#  elif defined(__AVX2__)+#    define XXH_VECTOR XXH_AVX2+#  elif defined(__SSE2__) || defined(_M_AMD64) || defined(_M_X64) || (defined(_M_IX86_FP) && (_M_IX86_FP == 2))+#    define XXH_VECTOR XXH_SSE2+#  elif defined(__GNUC__) /* msvc support maybe later */ \+  && (defined(__ARM_NEON__) || defined(__ARM_NEON)) \+  && (defined(__LITTLE_ENDIAN__) /* We only support little endian NEON */ \+    || (defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__))+#    define XXH_VECTOR XXH_NEON+#  elif (defined(__PPC64__) && defined(__POWER8_VECTOR__)) \+     || (defined(__s390x__) && defined(__VEC__)) \+     && defined(__GNUC__) /* TODO: IBM XL */+#    define XXH_VECTOR XXH_VSX+#  else+#    define XXH_VECTOR XXH_SCALAR+#  endif+#endif++/*+ * Controls the alignment of the accumulator,+ * for compatibility with aligned vector loads, which are usually faster.+ */+#ifndef XXH_ACC_ALIGN+#  if defined(XXH_X86DISPATCH)+#     define XXH_ACC_ALIGN 64  /* for compatibility with avx512 */+#  elif XXH_VECTOR == XXH_SCALAR  /* scalar */+#     define XXH_ACC_ALIGN 8+#  elif XXH_VECTOR == XXH_SSE2  /* sse2 */+#     define XXH_ACC_ALIGN 16+#  elif XXH_VECTOR == XXH_AVX2  /* avx2 */+#     define XXH_ACC_ALIGN 32+#  elif XXH_VECTOR == XXH_NEON  /* neon */+#     define XXH_ACC_ALIGN 16+#  elif XXH_VECTOR == XXH_VSX   /* vsx */+#     define XXH_ACC_ALIGN 16+#  elif XXH_VECTOR == XXH_AVX512  /* avx512 */+#     define XXH_ACC_ALIGN 64+#  endif+#endif++#if defined(XXH_X86DISPATCH) || XXH_VECTOR == XXH_SSE2 \+    || XXH_VECTOR == XXH_AVX2 || XXH_VECTOR == XXH_AVX512+#  define XXH_SEC_ALIGN XXH_ACC_ALIGN+#else+#  define XXH_SEC_ALIGN 8+#endif++/*+ * UGLY HACK:+ * GCC usually generates the best code with -O3 for xxHash.+ *+ * However, when targeting AVX2, it is overzealous in its unrolling resulting+ * in code roughly 3/4 the speed of Clang.+ *+ * There are other issues, such as GCC splitting _mm256_loadu_si256 into+ * _mm_loadu_si128 + _mm256_inserti128_si256. This is an optimization which+ * only applies to Sandy and Ivy Bridge... which don't even support AVX2.+ *+ * That is why when compiling the AVX2 version, it is recommended to use either+ *   -O2 -mavx2 -march=haswell+ * or+ *   -O2 -mavx2 -mno-avx256-split-unaligned-load+ * for decent performance, or to use Clang instead.+ *+ * Fortunately, we can control the first one with a pragma that forces GCC into+ * -O2, but the other one we can't control without "failed to inline always+ * inline function due to target mismatch" warnings.+ */+#if XXH_VECTOR == XXH_AVX2 /* AVX2 */ \+  && defined(__GNUC__) && !defined(__clang__) /* GCC, not Clang */ \+  && defined(__OPTIMIZE__) && !defined(__OPTIMIZE_SIZE__) /* respect -O0 and -Os */+#  pragma GCC push_options+#  pragma GCC optimize("-O2")+#endif+++#if XXH_VECTOR == XXH_NEON+/*+ * NEON's setup for vmlal_u32 is a little more complicated than it is on+ * SSE2, AVX2, and VSX.+ *+ * While PMULUDQ and VMULEUW both perform a mask, VMLAL.U32 performs an upcast.+ *+ * To do the same operation, the 128-bit 'Q' register needs to be split into+ * two 64-bit 'D' registers, performing this operation::+ *+ *   [                a                 |                 b                ]+ *            |              '---------. .--------'                |+ *            |                         x                          |+ *            |              .---------' '--------.                |+ *   [ a & 0xFFFFFFFF | b & 0xFFFFFFFF ],[    a >> 32     |     b >> 32    ]+ *+ * Due to significant changes in aarch64, the fastest method for aarch64 is+ * completely different than the fastest method for ARMv7-A.+ *+ * ARMv7-A treats D registers as unions overlaying Q registers, so modifying+ * D11 will modify the high half of Q5. This is similar to how modifying AH+ * will only affect bits 8-15 of AX on x86.+ *+ * VZIP takes two registers, and puts even lanes in one register and odd lanes+ * in the other.+ *+ * On ARMv7-A, this strangely modifies both parameters in place instead of+ * taking the usual 3-operand form.+ *+ * Therefore, if we want to do this, we can simply use a D-form VZIP.32 on the+ * lower and upper halves of the Q register to end up with the high and low+ * halves where we want - all in one instruction.+ *+ *   vzip.32   d10, d11       @ d10 = { d10[0], d11[0] }; d11 = { d10[1], d11[1] }+ *+ * Unfortunately we need inline assembly for this: Instructions modifying two+ * registers at once is not possible in GCC or Clang's IR, and they have to+ * create a copy.+ *+ * aarch64 requires a different approach.+ *+ * In order to make it easier to write a decent compiler for aarch64, many+ * quirks were removed, such as conditional execution.+ *+ * NEON was also affected by this.+ *+ * aarch64 cannot access the high bits of a Q-form register, and writes to a+ * D-form register zero the high bits, similar to how writes to W-form scalar+ * registers (or DWORD registers on x86_64) work.+ *+ * The formerly free vget_high intrinsics now require a vext (with a few+ * exceptions)+ *+ * Additionally, VZIP was replaced by ZIP1 and ZIP2, which are the equivalent+ * of PUNPCKL* and PUNPCKH* in SSE, respectively, in order to only modify one+ * operand.+ *+ * The equivalent of the VZIP.32 on the lower and upper halves would be this+ * mess:+ *+ *   ext     v2.4s, v0.4s, v0.4s, #2 // v2 = { v0[2], v0[3], v0[0], v0[1] }+ *   zip1    v1.2s, v0.2s, v2.2s     // v1 = { v0[0], v2[0] }+ *   zip2    v0.2s, v0.2s, v1.2s     // v0 = { v0[1], v2[1] }+ *+ * Instead, we use a literal downcast, vmovn_u64 (XTN), and vshrn_n_u64 (SHRN):+ *+ *   shrn    v1.2s, v0.2d, #32  // v1 = (uint32x2_t)(v0 >> 32);+ *   xtn     v0.2s, v0.2d       // v0 = (uint32x2_t)(v0 & 0xFFFFFFFF);+ *+ * This is available on ARMv7-A, but is less efficient than a single VZIP.32.+ */++/*+ * Function-like macro:+ * void XXH_SPLIT_IN_PLACE(uint64x2_t &in, uint32x2_t &outLo, uint32x2_t &outHi)+ * {+ *     outLo = (uint32x2_t)(in & 0xFFFFFFFF);+ *     outHi = (uint32x2_t)(in >> 32);+ *     in = UNDEFINED;+ * }+ */+# if !defined(XXH_NO_VZIP_HACK) /* define to disable */ \+   && defined(__GNUC__) \+   && !defined(__aarch64__) && !defined(__arm64__)+#  define XXH_SPLIT_IN_PLACE(in, outLo, outHi)                                              \+    do {                                                                                    \+      /* Undocumented GCC/Clang operand modifier: %e0 = lower D half, %f0 = upper D half */ \+      /* https://github.com/gcc-mirror/gcc/blob/38cf91e5/gcc/config/arm/arm.c#L22486 */     \+      /* https://github.com/llvm-mirror/llvm/blob/2c4ca683/lib/Target/ARM/ARMAsmPrinter.cpp#L399 */ \+      __asm__("vzip.32  %e0, %f0" : "+w" (in));                                             \+      (outLo) = vget_low_u32 (vreinterpretq_u32_u64(in));                                   \+      (outHi) = vget_high_u32(vreinterpretq_u32_u64(in));                                   \+   } while (0)+# else+#  define XXH_SPLIT_IN_PLACE(in, outLo, outHi)                                            \+    do {                                                                                  \+      (outLo) = vmovn_u64    (in);                                                        \+      (outHi) = vshrn_n_u64  ((in), 32);                                                  \+    } while (0)+# endif+#endif  /* XXH_VECTOR == XXH_NEON */++/*+ * VSX and Z Vector helpers.+ *+ * This is very messy, and any pull requests to clean this up are welcome.+ *+ * There are a lot of problems with supporting VSX and s390x, due to+ * inconsistent intrinsics, spotty coverage, and multiple endiannesses.+ */+#if XXH_VECTOR == XXH_VSX+#  if defined(__s390x__)+#    include <s390intrin.h>+#  else+/* gcc's altivec.h can have the unwanted consequence to unconditionally+ * #define bool, vector, and pixel keywords,+ * with bad consequences for programs already using these keywords for other purposes.+ * The paragraph defining these macros is skipped when __APPLE_ALTIVEC__ is defined.+ * __APPLE_ALTIVEC__ is _generally_ defined automatically by the compiler,+ * but it seems that, in some cases, it isn't.+ * Force the build macro to be defined, so that keywords are not altered.+ */+#    if defined(__GNUC__) && !defined(__APPLE_ALTIVEC__)+#      define __APPLE_ALTIVEC__+#    endif+#    include <altivec.h>+#  endif++typedef __vector unsigned long long xxh_u64x2;+typedef __vector unsigned char xxh_u8x16;+typedef __vector unsigned xxh_u32x4;++# ifndef XXH_VSX_BE+#  if defined(__BIG_ENDIAN__) \+  || (defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__)+#    define XXH_VSX_BE 1+#  elif defined(__VEC_ELEMENT_REG_ORDER__) && __VEC_ELEMENT_REG_ORDER__ == __ORDER_BIG_ENDIAN__+#    warning "-maltivec=be is not recommended. Please use native endianness."+#    define XXH_VSX_BE 1+#  else+#    define XXH_VSX_BE 0+#  endif+# endif /* !defined(XXH_VSX_BE) */++# if XXH_VSX_BE+/* A wrapper for POWER9's vec_revb. */+#  if defined(__POWER9_VECTOR__) || (defined(__clang__) && defined(__s390x__))+#    define XXH_vec_revb vec_revb+#  else+XXH_FORCE_INLINE xxh_u64x2 XXH_vec_revb(xxh_u64x2 val)+{+    xxh_u8x16 const vByteSwap = { 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,+                                  0x0F, 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08 };+    return vec_perm(val, val, vByteSwap);+}+#  endif+# endif /* XXH_VSX_BE */++/*+ * Performs an unaligned load and byte swaps it on big endian.+ */+XXH_FORCE_INLINE xxh_u64x2 XXH_vec_loadu(const void *ptr)+{+    xxh_u64x2 ret;+    memcpy(&ret, ptr, sizeof(xxh_u64x2));+# if XXH_VSX_BE+    ret = XXH_vec_revb(ret);+# endif+    return ret;+}++/*+ * vec_mulo and vec_mule are very problematic intrinsics on PowerPC+ *+ * These intrinsics weren't added until GCC 8, despite existing for a while,+ * and they are endian dependent. Also, their meaning swap depending on version.+ * */+# if defined(__s390x__)+ /* s390x is always big endian, no issue on this platform */+#  define XXH_vec_mulo vec_mulo+#  define XXH_vec_mule vec_mule+# elif defined(__clang__) && XXH_HAS_BUILTIN(__builtin_altivec_vmuleuw)+/* Clang has a better way to control this, we can just use the builtin which doesn't swap. */+#  define XXH_vec_mulo __builtin_altivec_vmulouw+#  define XXH_vec_mule __builtin_altivec_vmuleuw+# else+/* gcc needs inline assembly */+/* Adapted from https://github.com/google/highwayhash/blob/master/highwayhash/hh_vsx.h. */+XXH_FORCE_INLINE xxh_u64x2 XXH_vec_mulo(xxh_u32x4 a, xxh_u32x4 b)+{+    xxh_u64x2 result;+    __asm__("vmulouw %0, %1, %2" : "=v" (result) : "v" (a), "v" (b));+    return result;+}+XXH_FORCE_INLINE xxh_u64x2 XXH_vec_mule(xxh_u32x4 a, xxh_u32x4 b)+{+    xxh_u64x2 result;+    __asm__("vmuleuw %0, %1, %2" : "=v" (result) : "v" (a), "v" (b));+    return result;+}+# endif /* XXH_vec_mulo, XXH_vec_mule */+#endif /* XXH_VECTOR == XXH_VSX */+++/* prefetch+ * can be disabled, by declaring XXH_NO_PREFETCH build macro */+#if defined(XXH_NO_PREFETCH)+#  define XXH_PREFETCH(ptr)  (void)(ptr)  /* disabled */+#else+#  if defined(_MSC_VER) && (defined(_M_X64) || defined(_M_I86))  /* _mm_prefetch() is not defined outside of x86/x64 */+#    include <mmintrin.h>   /* https://msdn.microsoft.com/fr-fr/library/84szxsww(v=vs.90).aspx */+#    define XXH_PREFETCH(ptr)  _mm_prefetch((const char*)(ptr), _MM_HINT_T0)+#  elif defined(__GNUC__) && ( (__GNUC__ >= 4) || ( (__GNUC__ == 3) && (__GNUC_MINOR__ >= 1) ) )+#    define XXH_PREFETCH(ptr)  __builtin_prefetch((ptr), 0 /* rw==read */, 3 /* locality */)+#  else+#    define XXH_PREFETCH(ptr) (void)(ptr)  /* disabled */+#  endif+#endif  /* XXH_NO_PREFETCH */+++/* ==========================================+ * XXH3 default settings+ * ========================================== */++#define XXH_SECRET_DEFAULT_SIZE 192   /* minimum XXH3_SECRET_SIZE_MIN */++#if (XXH_SECRET_DEFAULT_SIZE < XXH3_SECRET_SIZE_MIN)+#  error "default keyset is not large enough"+#endif++/* Pseudorandom secret taken directly from FARSH */+XXH_ALIGN(64) static const xxh_u8 XXH3_kSecret[XXH_SECRET_DEFAULT_SIZE] = {+    0xb8, 0xfe, 0x6c, 0x39, 0x23, 0xa4, 0x4b, 0xbe, 0x7c, 0x01, 0x81, 0x2c, 0xf7, 0x21, 0xad, 0x1c,+    0xde, 0xd4, 0x6d, 0xe9, 0x83, 0x90, 0x97, 0xdb, 0x72, 0x40, 0xa4, 0xa4, 0xb7, 0xb3, 0x67, 0x1f,+    0xcb, 0x79, 0xe6, 0x4e, 0xcc, 0xc0, 0xe5, 0x78, 0x82, 0x5a, 0xd0, 0x7d, 0xcc, 0xff, 0x72, 0x21,+    0xb8, 0x08, 0x46, 0x74, 0xf7, 0x43, 0x24, 0x8e, 0xe0, 0x35, 0x90, 0xe6, 0x81, 0x3a, 0x26, 0x4c,+    0x3c, 0x28, 0x52, 0xbb, 0x91, 0xc3, 0x00, 0xcb, 0x88, 0xd0, 0x65, 0x8b, 0x1b, 0x53, 0x2e, 0xa3,+    0x71, 0x64, 0x48, 0x97, 0xa2, 0x0d, 0xf9, 0x4e, 0x38, 0x19, 0xef, 0x46, 0xa9, 0xde, 0xac, 0xd8,+    0xa8, 0xfa, 0x76, 0x3f, 0xe3, 0x9c, 0x34, 0x3f, 0xf9, 0xdc, 0xbb, 0xc7, 0xc7, 0x0b, 0x4f, 0x1d,+    0x8a, 0x51, 0xe0, 0x4b, 0xcd, 0xb4, 0x59, 0x31, 0xc8, 0x9f, 0x7e, 0xc9, 0xd9, 0x78, 0x73, 0x64,+    0xea, 0xc5, 0xac, 0x83, 0x34, 0xd3, 0xeb, 0xc3, 0xc5, 0x81, 0xa0, 0xff, 0xfa, 0x13, 0x63, 0xeb,+    0x17, 0x0d, 0xdd, 0x51, 0xb7, 0xf0, 0xda, 0x49, 0xd3, 0x16, 0x55, 0x26, 0x29, 0xd4, 0x68, 0x9e,+    0x2b, 0x16, 0xbe, 0x58, 0x7d, 0x47, 0xa1, 0xfc, 0x8f, 0xf8, 0xb8, 0xd1, 0x7a, 0xd0, 0x31, 0xce,+    0x45, 0xcb, 0x3a, 0x8f, 0x95, 0x16, 0x04, 0x28, 0xaf, 0xd7, 0xfb, 0xca, 0xbb, 0x4b, 0x40, 0x7e,+};+++#ifdef XXH_OLD_NAMES+#  define kSecret XXH3_kSecret+#endif++/*+ * Calculates a 32-bit to 64-bit long multiply.+ *+ * Wraps __emulu on MSVC x86 because it tends to call __allmul when it doesn't+ * need to (but it shouldn't need to anyways, it is about 7 instructions to do+ * a 64x64 multiply...). Since we know that this will _always_ emit MULL, we+ * use that instead of the normal method.+ *+ * If you are compiling for platforms like Thumb-1 and don't have a better option,+ * you may also want to write your own long multiply routine here.+ *+ * XXH_FORCE_INLINE xxh_u64 XXH_mult32to64(xxh_u64 x, xxh_u64 y)+ * {+ *    return (x & 0xFFFFFFFF) * (y & 0xFFFFFFFF);+ * }+ */+#if defined(_MSC_VER) && defined(_M_IX86)+#    include <intrin.h>+#    define XXH_mult32to64(x, y) __emulu((unsigned)(x), (unsigned)(y))+#else+/*+ * Downcast + upcast is usually better than masking on older compilers like+ * GCC 4.2 (especially 32-bit ones), all without affecting newer compilers.+ *+ * The other method, (x & 0xFFFFFFFF) * (y & 0xFFFFFFFF), will AND both operands+ * and perform a full 64x64 multiply -- entirely redundant on 32-bit.+ */+#    define XXH_mult32to64(x, y) ((xxh_u64)(xxh_u32)(x) * (xxh_u64)(xxh_u32)(y))+#endif++/*+ * Calculates a 64->128-bit long multiply.+ *+ * Uses __uint128_t and _umul128 if available, otherwise uses a scalar version.+ */+static XXH128_hash_t+XXH_mult64to128(xxh_u64 lhs, xxh_u64 rhs)+{+    /*+     * GCC/Clang __uint128_t method.+     *+     * On most 64-bit targets, GCC and Clang define a __uint128_t type.+     * This is usually the best way as it usually uses a native long 64-bit+     * multiply, such as MULQ on x86_64 or MUL + UMULH on aarch64.+     *+     * Usually.+     *+     * Despite being a 32-bit platform, Clang (and emscripten) define this type+     * despite not having the arithmetic for it. This results in a laggy+     * compiler builtin call which calculates a full 128-bit multiply.+     * In that case it is best to use the portable one.+     * https://github.com/Cyan4973/xxHash/issues/211#issuecomment-515575677+     */+#if defined(__GNUC__) && !defined(__wasm__) \+    && defined(__SIZEOF_INT128__) \+    || (defined(_INTEGRAL_MAX_BITS) && _INTEGRAL_MAX_BITS >= 128)++    __uint128_t const product = (__uint128_t)lhs * (__uint128_t)rhs;+    XXH128_hash_t r128;+    r128.low64  = (xxh_u64)(product);+    r128.high64 = (xxh_u64)(product >> 64);+    return r128;++    /*+     * MSVC for x64's _umul128 method.+     *+     * xxh_u64 _umul128(xxh_u64 Multiplier, xxh_u64 Multiplicand, xxh_u64 *HighProduct);+     *+     * This compiles to single operand MUL on x64.+     */+#elif defined(_M_X64) || defined(_M_IA64)++#ifndef _MSC_VER+#   pragma intrinsic(_umul128)+#endif+    xxh_u64 product_high;+    xxh_u64 const product_low = _umul128(lhs, rhs, &product_high);+    XXH128_hash_t r128;+    r128.low64  = product_low;+    r128.high64 = product_high;+    return r128;++#else+    /*+     * Portable scalar method. Optimized for 32-bit and 64-bit ALUs.+     *+     * This is a fast and simple grade school multiply, which is shown below+     * with base 10 arithmetic instead of base 0x100000000.+     *+     *           9 3 // D2 lhs = 93+     *         x 7 5 // D2 rhs = 75+     *     ----------+     *           1 5 // D2 lo_lo = (93 % 10) * (75 % 10) = 15+     *         4 5 | // D2 hi_lo = (93 / 10) * (75 % 10) = 45+     *         2 1 | // D2 lo_hi = (93 % 10) * (75 / 10) = 21+     *     + 6 3 | | // D2 hi_hi = (93 / 10) * (75 / 10) = 63+     *     ---------+     *         2 7 | // D2 cross = (15 / 10) + (45 % 10) + 21 = 27+     *     + 6 7 | | // D2 upper = (27 / 10) + (45 / 10) + 63 = 67+     *     ---------+     *       6 9 7 5 // D4 res = (27 * 10) + (15 % 10) + (67 * 100) = 6975+     *+     * The reasons for adding the products like this are:+     *  1. It avoids manual carry tracking. Just like how+     *     (9 * 9) + 9 + 9 = 99, the same applies with this for UINT64_MAX.+     *     This avoids a lot of complexity.+     *+     *  2. It hints for, and on Clang, compiles to, the powerful UMAAL+     *     instruction available in ARM's Digital Signal Processing extension+     *     in 32-bit ARMv6 and later, which is shown below:+     *+     *         void UMAAL(xxh_u32 *RdLo, xxh_u32 *RdHi, xxh_u32 Rn, xxh_u32 Rm)+     *         {+     *             xxh_u64 product = (xxh_u64)*RdLo * (xxh_u64)*RdHi + Rn + Rm;+     *             *RdLo = (xxh_u32)(product & 0xFFFFFFFF);+     *             *RdHi = (xxh_u32)(product >> 32);+     *         }+     *+     *     This instruction was designed for efficient long multiplication, and+     *     allows this to be calculated in only 4 instructions at speeds+     *     comparable to some 64-bit ALUs.+     *+     *  3. It isn't terrible on other platforms. Usually this will be a couple+     *     of 32-bit ADD/ADCs.+     */++    /* First calculate all of the cross products. */+    xxh_u64 const lo_lo = XXH_mult32to64(lhs & 0xFFFFFFFF, rhs & 0xFFFFFFFF);+    xxh_u64 const hi_lo = XXH_mult32to64(lhs >> 32,        rhs & 0xFFFFFFFF);+    xxh_u64 const lo_hi = XXH_mult32to64(lhs & 0xFFFFFFFF, rhs >> 32);+    xxh_u64 const hi_hi = XXH_mult32to64(lhs >> 32,        rhs >> 32);++    /* Now add the products together. These will never overflow. */+    xxh_u64 const cross = (lo_lo >> 32) + (hi_lo & 0xFFFFFFFF) + lo_hi;+    xxh_u64 const upper = (hi_lo >> 32) + (cross >> 32)        + hi_hi;+    xxh_u64 const lower = (cross << 32) | (lo_lo & 0xFFFFFFFF);++    XXH128_hash_t r128;+    r128.low64  = lower;+    r128.high64 = upper;+    return r128;+#endif+}++/*+ * Does a 64-bit to 128-bit multiply, then XOR folds it.+ *+ * The reason for the separate function is to prevent passing too many structs+ * around by value. This will hopefully inline the multiply, but we don't force it.+ */+static xxh_u64+XXH3_mul128_fold64(xxh_u64 lhs, xxh_u64 rhs)+{+    XXH128_hash_t product = XXH_mult64to128(lhs, rhs);+    return product.low64 ^ product.high64;+}++/* Seems to produce slightly better code on GCC for some reason. */+XXH_FORCE_INLINE xxh_u64 XXH_xorshift64(xxh_u64 v64, int shift)+{+    XXH_ASSERT(0 <= shift && shift < 64);+    return v64 ^ (v64 >> shift);+}++/*+ * This is a fast avalanche stage,+ * suitable when input bits are already partially mixed+ */+static XXH64_hash_t XXH3_avalanche(xxh_u64 h64)+{+    h64 = XXH_xorshift64(h64, 37);+    h64 *= 0x165667919E3779F9ULL;+    h64 = XXH_xorshift64(h64, 32);+    return h64;+}++/*+ * This is a stronger avalanche,+ * inspired by Pelle Evensen's rrmxmx+ * preferable when input has not been previously mixed+ */+static XXH64_hash_t XXH3_rrmxmx(xxh_u64 h64, xxh_u64 len)+{+    /* this mix is inspired by Pelle Evensen's rrmxmx */+    h64 ^= XXH_rotl64(h64, 49) ^ XXH_rotl64(h64, 24);+    h64 *= 0x9FB21C651E98DF25ULL;+    h64 ^= (h64 >> 35) + len ;+    h64 *= 0x9FB21C651E98DF25ULL;+    return XXH_xorshift64(h64, 28);+}+++/* ==========================================+ * Short keys+ * ==========================================+ * One of the shortcomings of XXH32 and XXH64 was that their performance was+ * sub-optimal on short lengths. It used an iterative algorithm which strongly+ * favored lengths that were a multiple of 4 or 8.+ *+ * Instead of iterating over individual inputs, we use a set of single shot+ * functions which piece together a range of lengths and operate in constant time.+ *+ * Additionally, the number of multiplies has been significantly reduced. This+ * reduces latency, especially when emulating 64-bit multiplies on 32-bit.+ *+ * Depending on the platform, this may or may not be faster than XXH32, but it+ * is almost guaranteed to be faster than XXH64.+ */++/*+ * At very short lengths, there isn't enough input to fully hide secrets, or use+ * the entire secret.+ *+ * There is also only a limited amount of mixing we can do before significantly+ * impacting performance.+ *+ * Therefore, we use different sections of the secret and always mix two secret+ * samples with an XOR. This should have no effect on performance on the+ * seedless or withSeed variants because everything _should_ be constant folded+ * by modern compilers.+ *+ * The XOR mixing hides individual parts of the secret and increases entropy.+ *+ * This adds an extra layer of strength for custom secrets.+ */+XXH_FORCE_INLINE XXH64_hash_t+XXH3_len_1to3_64b(const xxh_u8* input, size_t len, const xxh_u8* secret, XXH64_hash_t seed)+{+    XXH_ASSERT(input != NULL);+    XXH_ASSERT(1 <= len && len <= 3);+    XXH_ASSERT(secret != NULL);+    /*+     * len = 1: combined = { input[0], 0x01, input[0], input[0] }+     * len = 2: combined = { input[1], 0x02, input[0], input[1] }+     * len = 3: combined = { input[2], 0x03, input[0], input[1] }+     */+    {   xxh_u8  const c1 = input[0];+        xxh_u8  const c2 = input[len >> 1];+        xxh_u8  const c3 = input[len - 1];+        xxh_u32 const combined = ((xxh_u32)c1 << 16) | ((xxh_u32)c2  << 24)+                               | ((xxh_u32)c3 <<  0) | ((xxh_u32)len << 8);+        xxh_u64 const bitflip = (XXH_readLE32(secret) ^ XXH_readLE32(secret+4)) + seed;+        xxh_u64 const keyed = (xxh_u64)combined ^ bitflip;+        return XXH64_avalanche(keyed);+    }+}++XXH_FORCE_INLINE XXH64_hash_t+XXH3_len_4to8_64b(const xxh_u8* input, size_t len, const xxh_u8* secret, XXH64_hash_t seed)+{+    XXH_ASSERT(input != NULL);+    XXH_ASSERT(secret != NULL);+    XXH_ASSERT(4 <= len && len < 8);+    seed ^= (xxh_u64)XXH_swap32((xxh_u32)seed) << 32;+    {   xxh_u32 const input1 = XXH_readLE32(input);+        xxh_u32 const input2 = XXH_readLE32(input + len - 4);+        xxh_u64 const bitflip = (XXH_readLE64(secret+8) ^ XXH_readLE64(secret+16)) - seed;+        xxh_u64 const input64 = input2 + (((xxh_u64)input1) << 32);+        xxh_u64 const keyed = input64 ^ bitflip;+        return XXH3_rrmxmx(keyed, len);+    }+}++XXH_FORCE_INLINE XXH64_hash_t+XXH3_len_9to16_64b(const xxh_u8* input, size_t len, const xxh_u8* secret, XXH64_hash_t seed)+{+    XXH_ASSERT(input != NULL);+    XXH_ASSERT(secret != NULL);+    XXH_ASSERT(8 <= len && len <= 16);+    {   xxh_u64 const bitflip1 = (XXH_readLE64(secret+24) ^ XXH_readLE64(secret+32)) + seed;+        xxh_u64 const bitflip2 = (XXH_readLE64(secret+40) ^ XXH_readLE64(secret+48)) - seed;+        xxh_u64 const input_lo = XXH_readLE64(input)           ^ bitflip1;+        xxh_u64 const input_hi = XXH_readLE64(input + len - 8) ^ bitflip2;+        xxh_u64 const acc = len+                          + XXH_swap64(input_lo) + input_hi+                          + XXH3_mul128_fold64(input_lo, input_hi);+        return XXH3_avalanche(acc);+    }+}++XXH_FORCE_INLINE XXH64_hash_t+XXH3_len_0to16_64b(const xxh_u8* input, size_t len, const xxh_u8* secret, XXH64_hash_t seed)+{+    XXH_ASSERT(len <= 16);+    {   if (XXH_likely(len >  8)) return XXH3_len_9to16_64b(input, len, secret, seed);+        if (XXH_likely(len >= 4)) return XXH3_len_4to8_64b(input, len, secret, seed);+        if (len) return XXH3_len_1to3_64b(input, len, secret, seed);+        return XXH64_avalanche(seed ^ (XXH_readLE64(secret+56) ^ XXH_readLE64(secret+64)));+    }+}++/*+ * DISCLAIMER: There are known *seed-dependent* multicollisions here due to+ * multiplication by zero, affecting hashes of lengths 17 to 240.+ *+ * However, they are very unlikely.+ *+ * Keep this in mind when using the unseeded XXH3_64bits() variant: As with all+ * unseeded non-cryptographic hashes, it does not attempt to defend itself+ * against specially crafted inputs, only random inputs.+ *+ * Compared to classic UMAC where a 1 in 2^31 chance of 4 consecutive bytes+ * cancelling out the secret is taken an arbitrary number of times (addressed+ * in XXH3_accumulate_512), this collision is very unlikely with random inputs+ * and/or proper seeding:+ *+ * This only has a 1 in 2^63 chance of 8 consecutive bytes cancelling out, in a+ * function that is only called up to 16 times per hash with up to 240 bytes of+ * input.+ *+ * This is not too bad for a non-cryptographic hash function, especially with+ * only 64 bit outputs.+ *+ * The 128-bit variant (which trades some speed for strength) is NOT affected+ * by this, although it is always a good idea to use a proper seed if you care+ * about strength.+ */+XXH_FORCE_INLINE xxh_u64 XXH3_mix16B(const xxh_u8* XXH_RESTRICT input,+                                     const xxh_u8* XXH_RESTRICT secret, xxh_u64 seed64)+{+#if defined(__GNUC__) && !defined(__clang__) /* GCC, not Clang */ \+  && defined(__i386__) && defined(__SSE2__)  /* x86 + SSE2 */ \+  && !defined(XXH_ENABLE_AUTOVECTORIZE)      /* Define to disable like XXH32 hack */+    /*+     * UGLY HACK:+     * GCC for x86 tends to autovectorize the 128-bit multiply, resulting in+     * slower code.+     *+     * By forcing seed64 into a register, we disrupt the cost model and+     * cause it to scalarize. See `XXH32_round()`+     *+     * FIXME: Clang's output is still _much_ faster -- On an AMD Ryzen 3600,+     * XXH3_64bits @ len=240 runs at 4.6 GB/s with Clang 9, but 3.3 GB/s on+     * GCC 9.2, despite both emitting scalar code.+     *+     * GCC generates much better scalar code than Clang for the rest of XXH3,+     * which is why finding a more optimal codepath is an interest.+     */+    __asm__ ("" : "+r" (seed64));+#endif+    {   xxh_u64 const input_lo = XXH_readLE64(input);+        xxh_u64 const input_hi = XXH_readLE64(input+8);+        return XXH3_mul128_fold64(+            input_lo ^ (XXH_readLE64(secret)   + seed64),+            input_hi ^ (XXH_readLE64(secret+8) - seed64)+        );+    }+}++/* For mid range keys, XXH3 uses a Mum-hash variant. */+XXH_FORCE_INLINE XXH64_hash_t+XXH3_len_17to128_64b(const xxh_u8* XXH_RESTRICT input, size_t len,+                     const xxh_u8* XXH_RESTRICT secret, size_t secretSize,+                     XXH64_hash_t seed)+{+    XXH_ASSERT(secretSize >= XXH3_SECRET_SIZE_MIN); (void)secretSize;+    XXH_ASSERT(16 < len && len <= 128);++    {   xxh_u64 acc = len * XXH_PRIME64_1;+        if (len > 32) {+            if (len > 64) {+                if (len > 96) {+                    acc += XXH3_mix16B(input+48, secret+96, seed);+                    acc += XXH3_mix16B(input+len-64, secret+112, seed);+                }+                acc += XXH3_mix16B(input+32, secret+64, seed);+                acc += XXH3_mix16B(input+len-48, secret+80, seed);+            }+            acc += XXH3_mix16B(input+16, secret+32, seed);+            acc += XXH3_mix16B(input+len-32, secret+48, seed);+        }+        acc += XXH3_mix16B(input+0, secret+0, seed);+        acc += XXH3_mix16B(input+len-16, secret+16, seed);++        return XXH3_avalanche(acc);+    }+}++#define XXH3_MIDSIZE_MAX 240++XXH_NO_INLINE XXH64_hash_t+XXH3_len_129to240_64b(const xxh_u8* XXH_RESTRICT input, size_t len,+                      const xxh_u8* XXH_RESTRICT secret, size_t secretSize,+                      XXH64_hash_t seed)+{+    XXH_ASSERT(secretSize >= XXH3_SECRET_SIZE_MIN); (void)secretSize;+    XXH_ASSERT(128 < len && len <= XXH3_MIDSIZE_MAX);++    #define XXH3_MIDSIZE_STARTOFFSET 3+    #define XXH3_MIDSIZE_LASTOFFSET  17++    {   xxh_u64 acc = len * XXH_PRIME64_1;+        int const nbRounds = (int)len / 16;+        int i;+        for (i=0; i<8; i++) {+            acc += XXH3_mix16B(input+(16*i), secret+(16*i), seed);+        }+        acc = XXH3_avalanche(acc);+        XXH_ASSERT(nbRounds >= 8);+#if defined(__clang__)                                /* Clang */ \+    && (defined(__ARM_NEON) || defined(__ARM_NEON__)) /* NEON */ \+    && !defined(XXH_ENABLE_AUTOVECTORIZE)             /* Define to disable */+        /*+         * UGLY HACK:+         * Clang for ARMv7-A tries to vectorize this loop, similar to GCC x86.+         * In everywhere else, it uses scalar code.+         *+         * For 64->128-bit multiplies, even if the NEON was 100% optimal, it+         * would still be slower than UMAAL (see XXH_mult64to128).+         *+         * Unfortunately, Clang doesn't handle the long multiplies properly and+         * converts them to the nonexistent "vmulq_u64" intrinsic, which is then+         * scalarized into an ugly mess of VMOV.32 instructions.+         *+         * This mess is difficult to avoid without turning autovectorization+         * off completely, but they are usually relatively minor and/or not+         * worth it to fix.+         *+         * This loop is the easiest to fix, as unlike XXH32, this pragma+         * _actually works_ because it is a loop vectorization instead of an+         * SLP vectorization.+         */+        #pragma clang loop vectorize(disable)+#endif+        for (i=8 ; i < nbRounds; i++) {+            acc += XXH3_mix16B(input+(16*i), secret+(16*(i-8)) + XXH3_MIDSIZE_STARTOFFSET, seed);+        }+        /* last bytes */+        acc += XXH3_mix16B(input + len - 16, secret + XXH3_SECRET_SIZE_MIN - XXH3_MIDSIZE_LASTOFFSET, seed);+        return XXH3_avalanche(acc);+    }+}+++/* =======     Long Keys     ======= */++#define XXH_STRIPE_LEN 64+#define XXH_SECRET_CONSUME_RATE 8   /* nb of secret bytes consumed at each accumulation */+#define XXH_ACC_NB (XXH_STRIPE_LEN / sizeof(xxh_u64))++#ifdef XXH_OLD_NAMES+#  define STRIPE_LEN XXH_STRIPE_LEN+#  define ACC_NB XXH_ACC_NB+#endif++XXH_FORCE_INLINE void XXH_writeLE64(void* dst, xxh_u64 v64)+{+    if (!XXH_CPU_LITTLE_ENDIAN) v64 = XXH_swap64(v64);+    memcpy(dst, &v64, sizeof(v64));+}++/* Several intrinsic functions below are supposed to accept __int64 as argument,+ * as documented in https://software.intel.com/sites/landingpage/IntrinsicsGuide/ .+ * However, several environments do not define __int64 type,+ * requiring a workaround.+ */+#if !defined (__VMS) \+  && (defined (__cplusplus) \+  || (defined (__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) /* C99 */) )+    typedef int64_t xxh_i64;+#else+    /* the following type must have a width of 64-bit */+    typedef long long xxh_i64;+#endif++/*+ * XXH3_accumulate_512 is the tightest loop for long inputs, and it is the most optimized.+ *+ * It is a hardened version of UMAC, based off of FARSH's implementation.+ *+ * This was chosen because it adapts quite well to 32-bit, 64-bit, and SIMD+ * implementations, and it is ridiculously fast.+ *+ * We harden it by mixing the original input to the accumulators as well as the product.+ *+ * This means that in the (relatively likely) case of a multiply by zero, the+ * original input is preserved.+ *+ * On 128-bit inputs, we swap 64-bit pairs when we add the input to improve+ * cross-pollination, as otherwise the upper and lower halves would be+ * essentially independent.+ *+ * This doesn't matter on 64-bit hashes since they all get merged together in+ * the end, so we skip the extra step.+ *+ * Both XXH3_64bits and XXH3_128bits use this subroutine.+ */++#if (XXH_VECTOR == XXH_AVX512) || defined(XXH_X86DISPATCH)++#ifndef XXH_TARGET_AVX512+# define XXH_TARGET_AVX512  /* disable attribute target */+#endif++XXH_FORCE_INLINE XXH_TARGET_AVX512 void+XXH3_accumulate_512_avx512(void* XXH_RESTRICT acc,+                     const void* XXH_RESTRICT input,+                     const void* XXH_RESTRICT secret)+{+    XXH_ALIGN(64) __m512i* const xacc = (__m512i *) acc;+    XXH_ASSERT((((size_t)acc) & 63) == 0);+    XXH_STATIC_ASSERT(XXH_STRIPE_LEN == sizeof(__m512i));++    {+        /* data_vec    = input[0]; */+        __m512i const data_vec    = _mm512_loadu_si512   (input);+        /* key_vec     = secret[0]; */+        __m512i const key_vec     = _mm512_loadu_si512   (secret);+        /* data_key    = data_vec ^ key_vec; */+        __m512i const data_key    = _mm512_xor_si512     (data_vec, key_vec);+        /* data_key_lo = data_key >> 32; */+        __m512i const data_key_lo = _mm512_shuffle_epi32 (data_key, (_MM_PERM_ENUM)_MM_SHUFFLE(0, 3, 0, 1));+        /* product     = (data_key & 0xffffffff) * (data_key_lo & 0xffffffff); */+        __m512i const product     = _mm512_mul_epu32     (data_key, data_key_lo);+        /* xacc[0] += swap(data_vec); */+        __m512i const data_swap = _mm512_shuffle_epi32(data_vec, (_MM_PERM_ENUM)_MM_SHUFFLE(1, 0, 3, 2));+        __m512i const sum       = _mm512_add_epi64(*xacc, data_swap);+        /* xacc[0] += product; */+        *xacc = _mm512_add_epi64(product, sum);+    }+}++/*+ * XXH3_scrambleAcc: Scrambles the accumulators to improve mixing.+ *+ * Multiplication isn't perfect, as explained by Google in HighwayHash:+ *+ *  // Multiplication mixes/scrambles bytes 0-7 of the 64-bit result to+ *  // varying degrees. In descending order of goodness, bytes+ *  // 3 4 2 5 1 6 0 7 have quality 228 224 164 160 100 96 36 32.+ *  // As expected, the upper and lower bytes are much worse.+ *+ * Source: https://github.com/google/highwayhash/blob/0aaf66b/highwayhash/hh_avx2.h#L291+ *+ * Since our algorithm uses a pseudorandom secret to add some variance into the+ * mix, we don't need to (or want to) mix as often or as much as HighwayHash does.+ *+ * This isn't as tight as XXH3_accumulate, but still written in SIMD to avoid+ * extraction.+ *+ * Both XXH3_64bits and XXH3_128bits use this subroutine.+ */++XXH_FORCE_INLINE XXH_TARGET_AVX512 void+XXH3_scrambleAcc_avx512(void* XXH_RESTRICT acc, const void* XXH_RESTRICT secret)+{+    XXH_ASSERT((((size_t)acc) & 63) == 0);+    XXH_STATIC_ASSERT(XXH_STRIPE_LEN == sizeof(__m512i));+    {   XXH_ALIGN(64) __m512i* const xacc = (__m512i*) acc;+        const __m512i prime32 = _mm512_set1_epi32((int)XXH_PRIME32_1);++        /* xacc[0] ^= (xacc[0] >> 47) */+        __m512i const acc_vec     = *xacc;+        __m512i const shifted     = _mm512_srli_epi64    (acc_vec, 47);+        __m512i const data_vec    = _mm512_xor_si512     (acc_vec, shifted);+        /* xacc[0] ^= secret; */+        __m512i const key_vec     = _mm512_loadu_si512   (secret);+        __m512i const data_key    = _mm512_xor_si512     (data_vec, key_vec);++        /* xacc[0] *= XXH_PRIME32_1; */+        __m512i const data_key_hi = _mm512_shuffle_epi32 (data_key, (_MM_PERM_ENUM)_MM_SHUFFLE(0, 3, 0, 1));+        __m512i const prod_lo     = _mm512_mul_epu32     (data_key, prime32);+        __m512i const prod_hi     = _mm512_mul_epu32     (data_key_hi, prime32);+        *xacc = _mm512_add_epi64(prod_lo, _mm512_slli_epi64(prod_hi, 32));+    }+}++XXH_FORCE_INLINE XXH_TARGET_AVX512 void+XXH3_initCustomSecret_avx512(void* XXH_RESTRICT customSecret, xxh_u64 seed64)+{+    XXH_STATIC_ASSERT((XXH_SECRET_DEFAULT_SIZE & 63) == 0);+    XXH_STATIC_ASSERT(XXH_SEC_ALIGN == 64);+    XXH_ASSERT(((size_t)customSecret & 63) == 0);+    (void)(&XXH_writeLE64);+    {   int const nbRounds = XXH_SECRET_DEFAULT_SIZE / sizeof(__m512i);+        __m512i const seed = _mm512_mask_set1_epi64(_mm512_set1_epi64((xxh_i64)seed64), 0xAA, -(xxh_i64)seed64);++        XXH_ALIGN(64) const __m512i* const src  = (const __m512i*) XXH3_kSecret;+        XXH_ALIGN(64)       __m512i* const dest = (      __m512i*) customSecret;+        int i;+        for (i=0; i < nbRounds; ++i) {+            /* GCC has a bug, _mm512_stream_load_si512 accepts 'void*', not 'void const*',+             * this will warn "discards ‘const’ qualifier". */+            union {+                XXH_ALIGN(64) const __m512i* cp;+                XXH_ALIGN(64) void* p;+            } remote_const_void;+            remote_const_void.cp = src + i;+            dest[i] = _mm512_add_epi64(_mm512_stream_load_si512(remote_const_void.p), seed);+    }   }+}++#endif++#if (XXH_VECTOR == XXH_AVX2) || defined(XXH_X86DISPATCH)++#ifndef XXH_TARGET_AVX2+# define XXH_TARGET_AVX2  /* disable attribute target */+#endif++XXH_FORCE_INLINE XXH_TARGET_AVX2 void+XXH3_accumulate_512_avx2( void* XXH_RESTRICT acc,+                    const void* XXH_RESTRICT input,+                    const void* XXH_RESTRICT secret)+{+    XXH_ASSERT((((size_t)acc) & 31) == 0);+    {   XXH_ALIGN(32) __m256i* const xacc    =       (__m256i *) acc;+        /* Unaligned. This is mainly for pointer arithmetic, and because+         * _mm256_loadu_si256 requires  a const __m256i * pointer for some reason. */+        const         __m256i* const xinput  = (const __m256i *) input;+        /* Unaligned. This is mainly for pointer arithmetic, and because+         * _mm256_loadu_si256 requires a const __m256i * pointer for some reason. */+        const         __m256i* const xsecret = (const __m256i *) secret;++        size_t i;+        for (i=0; i < XXH_STRIPE_LEN/sizeof(__m256i); i++) {+            /* data_vec    = xinput[i]; */+            __m256i const data_vec    = _mm256_loadu_si256    (xinput+i);+            /* key_vec     = xsecret[i]; */+            __m256i const key_vec     = _mm256_loadu_si256   (xsecret+i);+            /* data_key    = data_vec ^ key_vec; */+            __m256i const data_key    = _mm256_xor_si256     (data_vec, key_vec);+            /* data_key_lo = data_key >> 32; */+            __m256i const data_key_lo = _mm256_shuffle_epi32 (data_key, _MM_SHUFFLE(0, 3, 0, 1));+            /* product     = (data_key & 0xffffffff) * (data_key_lo & 0xffffffff); */+            __m256i const product     = _mm256_mul_epu32     (data_key, data_key_lo);+            /* xacc[i] += swap(data_vec); */+            __m256i const data_swap = _mm256_shuffle_epi32(data_vec, _MM_SHUFFLE(1, 0, 3, 2));+            __m256i const sum       = _mm256_add_epi64(xacc[i], data_swap);+            /* xacc[i] += product; */+            xacc[i] = _mm256_add_epi64(product, sum);+    }   }+}++XXH_FORCE_INLINE XXH_TARGET_AVX2 void+XXH3_scrambleAcc_avx2(void* XXH_RESTRICT acc, const void* XXH_RESTRICT secret)+{+    XXH_ASSERT((((size_t)acc) & 31) == 0);+    {   XXH_ALIGN(32) __m256i* const xacc = (__m256i*) acc;+        /* Unaligned. This is mainly for pointer arithmetic, and because+         * _mm256_loadu_si256 requires a const __m256i * pointer for some reason. */+        const         __m256i* const xsecret = (const __m256i *) secret;+        const __m256i prime32 = _mm256_set1_epi32((int)XXH_PRIME32_1);++        size_t i;+        for (i=0; i < XXH_STRIPE_LEN/sizeof(__m256i); i++) {+            /* xacc[i] ^= (xacc[i] >> 47) */+            __m256i const acc_vec     = xacc[i];+            __m256i const shifted     = _mm256_srli_epi64    (acc_vec, 47);+            __m256i const data_vec    = _mm256_xor_si256     (acc_vec, shifted);+            /* xacc[i] ^= xsecret; */+            __m256i const key_vec     = _mm256_loadu_si256   (xsecret+i);+            __m256i const data_key    = _mm256_xor_si256     (data_vec, key_vec);++            /* xacc[i] *= XXH_PRIME32_1; */+            __m256i const data_key_hi = _mm256_shuffle_epi32 (data_key, _MM_SHUFFLE(0, 3, 0, 1));+            __m256i const prod_lo     = _mm256_mul_epu32     (data_key, prime32);+            __m256i const prod_hi     = _mm256_mul_epu32     (data_key_hi, prime32);+            xacc[i] = _mm256_add_epi64(prod_lo, _mm256_slli_epi64(prod_hi, 32));+        }+    }+}++XXH_FORCE_INLINE XXH_TARGET_AVX2 void XXH3_initCustomSecret_avx2(void* XXH_RESTRICT customSecret, xxh_u64 seed64)+{+    XXH_STATIC_ASSERT((XXH_SECRET_DEFAULT_SIZE & 31) == 0);+    XXH_STATIC_ASSERT((XXH_SECRET_DEFAULT_SIZE / sizeof(__m256i)) == 6);+    XXH_STATIC_ASSERT(XXH_SEC_ALIGN <= 64);+    (void)(&XXH_writeLE64);+    XXH_PREFETCH(customSecret);+    {   __m256i const seed = _mm256_set_epi64x(-(xxh_i64)seed64, (xxh_i64)seed64, -(xxh_i64)seed64, (xxh_i64)seed64);++        XXH_ALIGN(64) const __m256i* const src  = (const __m256i*) XXH3_kSecret;+        XXH_ALIGN(64)       __m256i*       dest = (      __m256i*) customSecret;++#       if defined(__GNUC__) || defined(__clang__)+        /*+         * On GCC & Clang, marking 'dest' as modified will cause the compiler:+         *   - do not extract the secret from sse registers in the internal loop+         *   - use less common registers, and avoid pushing these reg into stack+         * The asm hack causes Clang to assume that XXH3_kSecretPtr aliases with+         * customSecret, and on aarch64, this prevented LDP from merging two+         * loads together for free. Putting the loads together before the stores+         * properly generates LDP.+         */+        __asm__("" : "+r" (dest));+#       endif++        /* GCC -O2 need unroll loop manually */+        dest[0] = _mm256_add_epi64(_mm256_stream_load_si256(src+0), seed);+        dest[1] = _mm256_add_epi64(_mm256_stream_load_si256(src+1), seed);+        dest[2] = _mm256_add_epi64(_mm256_stream_load_si256(src+2), seed);+        dest[3] = _mm256_add_epi64(_mm256_stream_load_si256(src+3), seed);+        dest[4] = _mm256_add_epi64(_mm256_stream_load_si256(src+4), seed);+        dest[5] = _mm256_add_epi64(_mm256_stream_load_si256(src+5), seed);+    }+}++#endif++#if (XXH_VECTOR == XXH_SSE2) || defined(XXH_X86DISPATCH)++#ifndef XXH_TARGET_SSE2+# define XXH_TARGET_SSE2  /* disable attribute target */+#endif++XXH_FORCE_INLINE XXH_TARGET_SSE2 void+XXH3_accumulate_512_sse2( void* XXH_RESTRICT acc,+                    const void* XXH_RESTRICT input,+                    const void* XXH_RESTRICT secret)+{+    /* SSE2 is just a half-scale version of the AVX2 version. */+    XXH_ASSERT((((size_t)acc) & 15) == 0);+    {   XXH_ALIGN(16) __m128i* const xacc    =       (__m128i *) acc;+        /* Unaligned. This is mainly for pointer arithmetic, and because+         * _mm_loadu_si128 requires a const __m128i * pointer for some reason. */+        const         __m128i* const xinput  = (const __m128i *) input;+        /* Unaligned. This is mainly for pointer arithmetic, and because+         * _mm_loadu_si128 requires a const __m128i * pointer for some reason. */+        const         __m128i* const xsecret = (const __m128i *) secret;++        size_t i;+        for (i=0; i < XXH_STRIPE_LEN/sizeof(__m128i); i++) {+            /* data_vec    = xinput[i]; */+            __m128i const data_vec    = _mm_loadu_si128   (xinput+i);+            /* key_vec     = xsecret[i]; */+            __m128i const key_vec     = _mm_loadu_si128   (xsecret+i);+            /* data_key    = data_vec ^ key_vec; */+            __m128i const data_key    = _mm_xor_si128     (data_vec, key_vec);+            /* data_key_lo = data_key >> 32; */+            __m128i const data_key_lo = _mm_shuffle_epi32 (data_key, _MM_SHUFFLE(0, 3, 0, 1));+            /* product     = (data_key & 0xffffffff) * (data_key_lo & 0xffffffff); */+            __m128i const product     = _mm_mul_epu32     (data_key, data_key_lo);+            /* xacc[i] += swap(data_vec); */+            __m128i const data_swap = _mm_shuffle_epi32(data_vec, _MM_SHUFFLE(1,0,3,2));+            __m128i const sum       = _mm_add_epi64(xacc[i], data_swap);+            /* xacc[i] += product; */+            xacc[i] = _mm_add_epi64(product, sum);+    }   }+}++XXH_FORCE_INLINE XXH_TARGET_SSE2 void+XXH3_scrambleAcc_sse2(void* XXH_RESTRICT acc, const void* XXH_RESTRICT secret)+{+    XXH_ASSERT((((size_t)acc) & 15) == 0);+    {   XXH_ALIGN(16) __m128i* const xacc = (__m128i*) acc;+        /* Unaligned. This is mainly for pointer arithmetic, and because+         * _mm_loadu_si128 requires a const __m128i * pointer for some reason. */+        const         __m128i* const xsecret = (const __m128i *) secret;+        const __m128i prime32 = _mm_set1_epi32((int)XXH_PRIME32_1);++        size_t i;+        for (i=0; i < XXH_STRIPE_LEN/sizeof(__m128i); i++) {+            /* xacc[i] ^= (xacc[i] >> 47) */+            __m128i const acc_vec     = xacc[i];+            __m128i const shifted     = _mm_srli_epi64    (acc_vec, 47);+            __m128i const data_vec    = _mm_xor_si128     (acc_vec, shifted);+            /* xacc[i] ^= xsecret[i]; */+            __m128i const key_vec     = _mm_loadu_si128   (xsecret+i);+            __m128i const data_key    = _mm_xor_si128     (data_vec, key_vec);++            /* xacc[i] *= XXH_PRIME32_1; */+            __m128i const data_key_hi = _mm_shuffle_epi32 (data_key, _MM_SHUFFLE(0, 3, 0, 1));+            __m128i const prod_lo     = _mm_mul_epu32     (data_key, prime32);+            __m128i const prod_hi     = _mm_mul_epu32     (data_key_hi, prime32);+            xacc[i] = _mm_add_epi64(prod_lo, _mm_slli_epi64(prod_hi, 32));+        }+    }+}++XXH_FORCE_INLINE XXH_TARGET_SSE2 void XXH3_initCustomSecret_sse2(void* XXH_RESTRICT customSecret, xxh_u64 seed64)+{+    XXH_STATIC_ASSERT((XXH_SECRET_DEFAULT_SIZE & 15) == 0);+    (void)(&XXH_writeLE64);+    {   int const nbRounds = XXH_SECRET_DEFAULT_SIZE / sizeof(__m128i);++#       if defined(_MSC_VER) && defined(_M_IX86) && _MSC_VER < 1900+        // MSVC 32bit mode does not support _mm_set_epi64x before 2015+        XXH_ALIGN(16) const xxh_i64 seed64x2[2] = { (xxh_i64)seed64, -(xxh_i64)seed64 };+        __m128i const seed = _mm_load_si128((__m128i const*)seed64x2);+#       else+        __m128i const seed = _mm_set_epi64x(-(xxh_i64)seed64, (xxh_i64)seed64);+#       endif+        int i;++        XXH_ALIGN(64)        const float* const src  = (float const*) XXH3_kSecret;+        XXH_ALIGN(XXH_SEC_ALIGN) __m128i*       dest = (__m128i*) customSecret;+#       if defined(__GNUC__) || defined(__clang__)+        /*+         * On GCC & Clang, marking 'dest' as modified will cause the compiler:+         *   - do not extract the secret from sse registers in the internal loop+         *   - use less common registers, and avoid pushing these reg into stack+         */+        __asm__("" : "+r" (dest));+#       endif++        for (i=0; i < nbRounds; ++i) {+            dest[i] = _mm_add_epi64(_mm_castps_si128(_mm_load_ps(src+i*4)), seed);+    }   }+}++#endif++#if (XXH_VECTOR == XXH_NEON)++XXH_FORCE_INLINE void+XXH3_accumulate_512_neon( void* XXH_RESTRICT acc,+                    const void* XXH_RESTRICT input,+                    const void* XXH_RESTRICT secret)+{+    XXH_ASSERT((((size_t)acc) & 15) == 0);+    {+        XXH_ALIGN(16) uint64x2_t* const xacc = (uint64x2_t *) acc;+        /* We don't use a uint32x4_t pointer because it causes bus errors on ARMv7. */+        uint8_t const* const xinput = (const uint8_t *) input;+        uint8_t const* const xsecret  = (const uint8_t *) secret;++        size_t i;+        for (i=0; i < XXH_STRIPE_LEN / sizeof(uint64x2_t); i++) {+            /* data_vec = xinput[i]; */+            uint8x16_t data_vec    = vld1q_u8(xinput  + (i * 16));+            /* key_vec  = xsecret[i];  */+            uint8x16_t key_vec     = vld1q_u8(xsecret + (i * 16));+            uint64x2_t data_key;+            uint32x2_t data_key_lo, data_key_hi;+            /* xacc[i] += swap(data_vec); */+            uint64x2_t const data64  = vreinterpretq_u64_u8(data_vec);+            uint64x2_t const swapped = vextq_u64(data64, data64, 1);+            xacc[i] = vaddq_u64 (xacc[i], swapped);+            /* data_key = data_vec ^ key_vec; */+            data_key = vreinterpretq_u64_u8(veorq_u8(data_vec, key_vec));+            /* data_key_lo = (uint32x2_t) (data_key & 0xFFFFFFFF);+             * data_key_hi = (uint32x2_t) (data_key >> 32);+             * data_key = UNDEFINED; */+            XXH_SPLIT_IN_PLACE(data_key, data_key_lo, data_key_hi);+            /* xacc[i] += (uint64x2_t) data_key_lo * (uint64x2_t) data_key_hi; */+            xacc[i] = vmlal_u32 (xacc[i], data_key_lo, data_key_hi);++        }+    }+}++XXH_FORCE_INLINE void+XXH3_scrambleAcc_neon(void* XXH_RESTRICT acc, const void* XXH_RESTRICT secret)+{+    XXH_ASSERT((((size_t)acc) & 15) == 0);++    {   uint64x2_t* xacc       = (uint64x2_t*) acc;+        uint8_t const* xsecret = (uint8_t const*) secret;+        uint32x2_t prime       = vdup_n_u32 (XXH_PRIME32_1);++        size_t i;+        for (i=0; i < XXH_STRIPE_LEN/sizeof(uint64x2_t); i++) {+            /* xacc[i] ^= (xacc[i] >> 47); */+            uint64x2_t acc_vec  = xacc[i];+            uint64x2_t shifted  = vshrq_n_u64 (acc_vec, 47);+            uint64x2_t data_vec = veorq_u64   (acc_vec, shifted);++            /* xacc[i] ^= xsecret[i]; */+            uint8x16_t key_vec  = vld1q_u8(xsecret + (i * 16));+            uint64x2_t data_key = veorq_u64(data_vec, vreinterpretq_u64_u8(key_vec));++            /* xacc[i] *= XXH_PRIME32_1 */+            uint32x2_t data_key_lo, data_key_hi;+            /* data_key_lo = (uint32x2_t) (xacc[i] & 0xFFFFFFFF);+             * data_key_hi = (uint32x2_t) (xacc[i] >> 32);+             * xacc[i] = UNDEFINED; */+            XXH_SPLIT_IN_PLACE(data_key, data_key_lo, data_key_hi);+            {   /*+                 * prod_hi = (data_key >> 32) * XXH_PRIME32_1;+                 *+                 * Avoid vmul_u32 + vshll_n_u32 since Clang 6 and 7 will+                 * incorrectly "optimize" this:+                 *   tmp     = vmul_u32(vmovn_u64(a), vmovn_u64(b));+                 *   shifted = vshll_n_u32(tmp, 32);+                 * to this:+                 *   tmp     = "vmulq_u64"(a, b); // no such thing!+                 *   shifted = vshlq_n_u64(tmp, 32);+                 *+                 * However, unlike SSE, Clang lacks a 64-bit multiply routine+                 * for NEON, and it scalarizes two 64-bit multiplies instead.+                 *+                 * vmull_u32 has the same timing as vmul_u32, and it avoids+                 * this bug completely.+                 * See https://bugs.llvm.org/show_bug.cgi?id=39967+                 */+                uint64x2_t prod_hi = vmull_u32 (data_key_hi, prime);+                /* xacc[i] = prod_hi << 32; */+                xacc[i] = vshlq_n_u64(prod_hi, 32);+                /* xacc[i] += (prod_hi & 0xFFFFFFFF) * XXH_PRIME32_1; */+                xacc[i] = vmlal_u32(xacc[i], data_key_lo, prime);+            }+    }   }+}++#endif++#if (XXH_VECTOR == XXH_VSX)++XXH_FORCE_INLINE void+XXH3_accumulate_512_vsx(  void* XXH_RESTRICT acc,+                    const void* XXH_RESTRICT input,+                    const void* XXH_RESTRICT secret)+{+          xxh_u64x2* const xacc     =       (xxh_u64x2*) acc;    /* presumed aligned */+    xxh_u64x2 const* const xinput   = (xxh_u64x2 const*) input;   /* no alignment restriction */+    xxh_u64x2 const* const xsecret  = (xxh_u64x2 const*) secret;    /* no alignment restriction */+    xxh_u64x2 const v32 = { 32, 32 };+    size_t i;+    for (i = 0; i < XXH_STRIPE_LEN / sizeof(xxh_u64x2); i++) {+        /* data_vec = xinput[i]; */+        xxh_u64x2 const data_vec = XXH_vec_loadu(xinput + i);+        /* key_vec = xsecret[i]; */+        xxh_u64x2 const key_vec  = XXH_vec_loadu(xsecret + i);+        xxh_u64x2 const data_key = data_vec ^ key_vec;+        /* shuffled = (data_key << 32) | (data_key >> 32); */+        xxh_u32x4 const shuffled = (xxh_u32x4)vec_rl(data_key, v32);+        /* product = ((xxh_u64x2)data_key & 0xFFFFFFFF) * ((xxh_u64x2)shuffled & 0xFFFFFFFF); */+        xxh_u64x2 const product  = XXH_vec_mulo((xxh_u32x4)data_key, shuffled);+        xacc[i] += product;++        /* swap high and low halves */+#ifdef __s390x__+        xacc[i] += vec_permi(data_vec, data_vec, 2);+#else+        xacc[i] += vec_xxpermdi(data_vec, data_vec, 2);+#endif+    }+}++XXH_FORCE_INLINE void+XXH3_scrambleAcc_vsx(void* XXH_RESTRICT acc, const void* XXH_RESTRICT secret)+{+    XXH_ASSERT((((size_t)acc) & 15) == 0);++    {         xxh_u64x2* const xacc    =       (xxh_u64x2*) acc;+        const xxh_u64x2* const xsecret = (const xxh_u64x2*) secret;+        /* constants */+        xxh_u64x2 const v32  = { 32, 32 };+        xxh_u64x2 const v47 = { 47, 47 };+        xxh_u32x4 const prime = { XXH_PRIME32_1, XXH_PRIME32_1, XXH_PRIME32_1, XXH_PRIME32_1 };+        size_t i;+        for (i = 0; i < XXH_STRIPE_LEN / sizeof(xxh_u64x2); i++) {+            /* xacc[i] ^= (xacc[i] >> 47); */+            xxh_u64x2 const acc_vec  = xacc[i];+            xxh_u64x2 const data_vec = acc_vec ^ (acc_vec >> v47);++            /* xacc[i] ^= xsecret[i]; */+            xxh_u64x2 const key_vec  = XXH_vec_loadu(xsecret + i);+            xxh_u64x2 const data_key = data_vec ^ key_vec;++            /* xacc[i] *= XXH_PRIME32_1 */+            /* prod_lo = ((xxh_u64x2)data_key & 0xFFFFFFFF) * ((xxh_u64x2)prime & 0xFFFFFFFF);  */+            xxh_u64x2 const prod_even  = XXH_vec_mule((xxh_u32x4)data_key, prime);+            /* prod_hi = ((xxh_u64x2)data_key >> 32) * ((xxh_u64x2)prime >> 32);  */+            xxh_u64x2 const prod_odd  = XXH_vec_mulo((xxh_u32x4)data_key, prime);+            xacc[i] = prod_odd + (prod_even << v32);+    }   }+}++#endif++/* scalar variants - universal */++XXH_FORCE_INLINE void+XXH3_accumulate_512_scalar(void* XXH_RESTRICT acc,+                     const void* XXH_RESTRICT input,+                     const void* XXH_RESTRICT secret)+{+    XXH_ALIGN(XXH_ACC_ALIGN) xxh_u64* const xacc = (xxh_u64*) acc; /* presumed aligned */+    const xxh_u8* const xinput  = (const xxh_u8*) input;  /* no alignment restriction */+    const xxh_u8* const xsecret = (const xxh_u8*) secret;   /* no alignment restriction */+    size_t i;+    XXH_ASSERT(((size_t)acc & (XXH_ACC_ALIGN-1)) == 0);+    for (i=0; i < XXH_ACC_NB; i++) {+        xxh_u64 const data_val = XXH_readLE64(xinput + 8*i);+        xxh_u64 const data_key = data_val ^ XXH_readLE64(xsecret + i*8);+        xacc[i ^ 1] += data_val; /* swap adjacent lanes */+        xacc[i] += XXH_mult32to64(data_key & 0xFFFFFFFF, data_key >> 32);+    }+}++XXH_FORCE_INLINE void+XXH3_scrambleAcc_scalar(void* XXH_RESTRICT acc, const void* XXH_RESTRICT secret)+{+    XXH_ALIGN(XXH_ACC_ALIGN) xxh_u64* const xacc = (xxh_u64*) acc;   /* presumed aligned */+    const xxh_u8* const xsecret = (const xxh_u8*) secret;   /* no alignment restriction */+    size_t i;+    XXH_ASSERT((((size_t)acc) & (XXH_ACC_ALIGN-1)) == 0);+    for (i=0; i < XXH_ACC_NB; i++) {+        xxh_u64 const key64 = XXH_readLE64(xsecret + 8*i);+        xxh_u64 acc64 = xacc[i];+        acc64 = XXH_xorshift64(acc64, 47);+        acc64 ^= key64;+        acc64 *= XXH_PRIME32_1;+        xacc[i] = acc64;+    }+}++XXH_FORCE_INLINE void+XXH3_initCustomSecret_scalar(void* XXH_RESTRICT customSecret, xxh_u64 seed64)+{+    /*+     * We need a separate pointer for the hack below,+     * which requires a non-const pointer.+     * Any decent compiler will optimize this out otherwise.+     */+    const xxh_u8* kSecretPtr = XXH3_kSecret;+    XXH_STATIC_ASSERT((XXH_SECRET_DEFAULT_SIZE & 15) == 0);++#if defined(__clang__) && defined(__aarch64__)+    /*+     * UGLY HACK:+     * Clang generates a bunch of MOV/MOVK pairs for aarch64, and they are+     * placed sequentially, in order, at the top of the unrolled loop.+     *+     * While MOVK is great for generating constants (2 cycles for a 64-bit+     * constant compared to 4 cycles for LDR), long MOVK chains stall the+     * integer pipelines:+     *   I   L   S+     * MOVK+     * MOVK+     * MOVK+     * MOVK+     * ADD+     * SUB      STR+     *          STR+     * By forcing loads from memory (as the asm line causes Clang to assume+     * that XXH3_kSecretPtr has been changed), the pipelines are used more+     * efficiently:+     *   I   L   S+     *      LDR+     *  ADD LDR+     *  SUB     STR+     *          STR+     * XXH3_64bits_withSeed, len == 256, Snapdragon 835+     *   without hack: 2654.4 MB/s+     *   with hack:    3202.9 MB/s+     */+    __asm__("" : "+r" (kSecretPtr));+#endif+    /*+     * Note: in debug mode, this overrides the asm optimization+     * and Clang will emit MOVK chains again.+     */+    XXH_ASSERT(kSecretPtr == XXH3_kSecret);++    {   int const nbRounds = XXH_SECRET_DEFAULT_SIZE / 16;+        int i;+        for (i=0; i < nbRounds; i++) {+            /*+             * The asm hack causes Clang to assume that kSecretPtr aliases with+             * customSecret, and on aarch64, this prevented LDP from merging two+             * loads together for free. Putting the loads together before the stores+             * properly generates LDP.+             */+            xxh_u64 lo = XXH_readLE64(kSecretPtr + 16*i)     + seed64;+            xxh_u64 hi = XXH_readLE64(kSecretPtr + 16*i + 8) - seed64;+            XXH_writeLE64((xxh_u8*)customSecret + 16*i,     lo);+            XXH_writeLE64((xxh_u8*)customSecret + 16*i + 8, hi);+    }   }+}+++typedef void (*XXH3_f_accumulate_512)(void* XXH_RESTRICT, const void*, const void*);+typedef void (*XXH3_f_scrambleAcc)(void* XXH_RESTRICT, const void*);+typedef void (*XXH3_f_initCustomSecret)(void* XXH_RESTRICT, xxh_u64);+++#if (XXH_VECTOR == XXH_AVX512)++#define XXH3_accumulate_512 XXH3_accumulate_512_avx512+#define XXH3_scrambleAcc    XXH3_scrambleAcc_avx512+#define XXH3_initCustomSecret XXH3_initCustomSecret_avx512++#elif (XXH_VECTOR == XXH_AVX2)++#define XXH3_accumulate_512 XXH3_accumulate_512_avx2+#define XXH3_scrambleAcc    XXH3_scrambleAcc_avx2+#define XXH3_initCustomSecret XXH3_initCustomSecret_avx2++#elif (XXH_VECTOR == XXH_SSE2)++#define XXH3_accumulate_512 XXH3_accumulate_512_sse2+#define XXH3_scrambleAcc    XXH3_scrambleAcc_sse2+#define XXH3_initCustomSecret XXH3_initCustomSecret_sse2++#elif (XXH_VECTOR == XXH_NEON)++#define XXH3_accumulate_512 XXH3_accumulate_512_neon+#define XXH3_scrambleAcc    XXH3_scrambleAcc_neon+#define XXH3_initCustomSecret XXH3_initCustomSecret_scalar++#elif (XXH_VECTOR == XXH_VSX)++#define XXH3_accumulate_512 XXH3_accumulate_512_vsx+#define XXH3_scrambleAcc    XXH3_scrambleAcc_vsx+#define XXH3_initCustomSecret XXH3_initCustomSecret_scalar++#else /* scalar */++#define XXH3_accumulate_512 XXH3_accumulate_512_scalar+#define XXH3_scrambleAcc    XXH3_scrambleAcc_scalar+#define XXH3_initCustomSecret XXH3_initCustomSecret_scalar++#endif++++#ifndef XXH_PREFETCH_DIST+#  ifdef __clang__+#    define XXH_PREFETCH_DIST 320+#  else+#    if (XXH_VECTOR == XXH_AVX512)+#      define XXH_PREFETCH_DIST 512+#    else+#      define XXH_PREFETCH_DIST 384+#    endif+#  endif  /* __clang__ */+#endif  /* XXH_PREFETCH_DIST */++/*+ * XXH3_accumulate()+ * Loops over XXH3_accumulate_512().+ * Assumption: nbStripes will not overflow the secret size+ */+XXH_FORCE_INLINE void+XXH3_accumulate(     xxh_u64* XXH_RESTRICT acc,+                const xxh_u8* XXH_RESTRICT input,+                const xxh_u8* XXH_RESTRICT secret,+                      size_t nbStripes,+                      XXH3_f_accumulate_512 f_acc512)+{+    size_t n;+    for (n = 0; n < nbStripes; n++ ) {+        const xxh_u8* const in = input + n*XXH_STRIPE_LEN;+        XXH_PREFETCH(in + XXH_PREFETCH_DIST);+        f_acc512(acc,+                 in,+                 secret + n*XXH_SECRET_CONSUME_RATE);+    }+}++XXH_FORCE_INLINE void+XXH3_hashLong_internal_loop(xxh_u64* XXH_RESTRICT acc,+                      const xxh_u8* XXH_RESTRICT input, size_t len,+                      const xxh_u8* XXH_RESTRICT secret, size_t secretSize,+                            XXH3_f_accumulate_512 f_acc512,+                            XXH3_f_scrambleAcc f_scramble)+{+    size_t const nbStripesPerBlock = (secretSize - XXH_STRIPE_LEN) / XXH_SECRET_CONSUME_RATE;+    size_t const block_len = XXH_STRIPE_LEN * nbStripesPerBlock;+    size_t const nb_blocks = (len - 1) / block_len;++    size_t n;++    XXH_ASSERT(secretSize >= XXH3_SECRET_SIZE_MIN);++    for (n = 0; n < nb_blocks; n++) {+        XXH3_accumulate(acc, input + n*block_len, secret, nbStripesPerBlock, f_acc512);+        f_scramble(acc, secret + secretSize - XXH_STRIPE_LEN);+    }++    /* last partial block */+    XXH_ASSERT(len > XXH_STRIPE_LEN);+    {   size_t const nbStripes = ((len - 1) - (block_len * nb_blocks)) / XXH_STRIPE_LEN;+        XXH_ASSERT(nbStripes <= (secretSize / XXH_SECRET_CONSUME_RATE));+        XXH3_accumulate(acc, input + nb_blocks*block_len, secret, nbStripes, f_acc512);++        /* last stripe */+        {   const xxh_u8* const p = input + len - XXH_STRIPE_LEN;+#define XXH_SECRET_LASTACC_START 7  /* not aligned on 8, last secret is different from acc & scrambler */+            f_acc512(acc, p, secret + secretSize - XXH_STRIPE_LEN - XXH_SECRET_LASTACC_START);+    }   }+}++XXH_FORCE_INLINE xxh_u64+XXH3_mix2Accs(const xxh_u64* XXH_RESTRICT acc, const xxh_u8* XXH_RESTRICT secret)+{+    return XXH3_mul128_fold64(+               acc[0] ^ XXH_readLE64(secret),+               acc[1] ^ XXH_readLE64(secret+8) );+}++static XXH64_hash_t+XXH3_mergeAccs(const xxh_u64* XXH_RESTRICT acc, const xxh_u8* XXH_RESTRICT secret, xxh_u64 start)+{+    xxh_u64 result64 = start;+    size_t i = 0;++    for (i = 0; i < 4; i++) {+        result64 += XXH3_mix2Accs(acc+2*i, secret + 16*i);+#if defined(__clang__)                                /* Clang */ \+    && (defined(__arm__) || defined(__thumb__))       /* ARMv7 */ \+    && (defined(__ARM_NEON) || defined(__ARM_NEON__)) /* NEON */  \+    && !defined(XXH_ENABLE_AUTOVECTORIZE)             /* Define to disable */+        /*+         * UGLY HACK:+         * Prevent autovectorization on Clang ARMv7-a. Exact same problem as+         * the one in XXH3_len_129to240_64b. Speeds up shorter keys > 240b.+         * XXH3_64bits, len == 256, Snapdragon 835:+         *   without hack: 2063.7 MB/s+         *   with hack:    2560.7 MB/s+         */+        __asm__("" : "+r" (result64));+#endif+    }++    return XXH3_avalanche(result64);+}++#define XXH3_INIT_ACC { XXH_PRIME32_3, XXH_PRIME64_1, XXH_PRIME64_2, XXH_PRIME64_3, \+                        XXH_PRIME64_4, XXH_PRIME32_2, XXH_PRIME64_5, XXH_PRIME32_1 }++XXH_FORCE_INLINE XXH64_hash_t+XXH3_hashLong_64b_internal(const void* XXH_RESTRICT input, size_t len,+                           const void* XXH_RESTRICT secret, size_t secretSize,+                           XXH3_f_accumulate_512 f_acc512,+                           XXH3_f_scrambleAcc f_scramble)+{+    XXH_ALIGN(XXH_ACC_ALIGN) xxh_u64 acc[XXH_ACC_NB] = XXH3_INIT_ACC;++    XXH3_hashLong_internal_loop(acc, (const xxh_u8*)input, len, (const xxh_u8*)secret, secretSize, f_acc512, f_scramble);++    /* converge into final hash */+    XXH_STATIC_ASSERT(sizeof(acc) == 64);+    /* do not align on 8, so that the secret is different from the accumulator */+#define XXH_SECRET_MERGEACCS_START 11+    XXH_ASSERT(secretSize >= sizeof(acc) + XXH_SECRET_MERGEACCS_START);+    return XXH3_mergeAccs(acc, (const xxh_u8*)secret + XXH_SECRET_MERGEACCS_START, (xxh_u64)len * XXH_PRIME64_1);+}++/*+ * It's important for performance that XXH3_hashLong is not inlined.+ */+XXH_NO_INLINE XXH64_hash_t+XXH3_hashLong_64b_withSecret(const void* XXH_RESTRICT input, size_t len,+                             XXH64_hash_t seed64, const xxh_u8* XXH_RESTRICT secret, size_t secretLen)+{+    (void)seed64;+    return XXH3_hashLong_64b_internal(input, len, secret, secretLen, XXH3_accumulate_512, XXH3_scrambleAcc);+}++/*+ * It's important for performance that XXH3_hashLong is not inlined.+ * Since the function is not inlined, the compiler may not be able to understand that,+ * in some scenarios, its `secret` argument is actually a compile time constant.+ * This variant enforces that the compiler can detect that,+ * and uses this opportunity to streamline the generated code for better performance.+ */+XXH_NO_INLINE XXH64_hash_t+XXH3_hashLong_64b_default(const void* XXH_RESTRICT input, size_t len,+                          XXH64_hash_t seed64, const xxh_u8* XXH_RESTRICT secret, size_t secretLen)+{+    (void)seed64; (void)secret; (void)secretLen;+    return XXH3_hashLong_64b_internal(input, len, XXH3_kSecret, sizeof(XXH3_kSecret), XXH3_accumulate_512, XXH3_scrambleAcc);+}++/*+ * XXH3_hashLong_64b_withSeed():+ * Generate a custom key based on alteration of default XXH3_kSecret with the seed,+ * and then use this key for long mode hashing.+ *+ * This operation is decently fast but nonetheless costs a little bit of time.+ * Try to avoid it whenever possible (typically when seed==0).+ *+ * It's important for performance that XXH3_hashLong is not inlined. Not sure+ * why (uop cache maybe?), but the difference is large and easily measurable.+ */+XXH_FORCE_INLINE XXH64_hash_t+XXH3_hashLong_64b_withSeed_internal(const void* input, size_t len,+                                    XXH64_hash_t seed,+                                    XXH3_f_accumulate_512 f_acc512,+                                    XXH3_f_scrambleAcc f_scramble,+                                    XXH3_f_initCustomSecret f_initSec)+{+    if (seed == 0)+        return XXH3_hashLong_64b_internal(input, len,+                                          XXH3_kSecret, sizeof(XXH3_kSecret),+                                          f_acc512, f_scramble);+    {   XXH_ALIGN(XXH_SEC_ALIGN) xxh_u8 secret[XXH_SECRET_DEFAULT_SIZE];+        f_initSec(secret, seed);+        return XXH3_hashLong_64b_internal(input, len, secret, sizeof(secret),+                                          f_acc512, f_scramble);+    }+}++/*+ * It's important for performance that XXH3_hashLong is not inlined.+ */+XXH_NO_INLINE XXH64_hash_t+XXH3_hashLong_64b_withSeed(const void* input, size_t len,+                           XXH64_hash_t seed, const xxh_u8* secret, size_t secretLen)+{+    (void)secret; (void)secretLen;+    return XXH3_hashLong_64b_withSeed_internal(input, len, seed,+                XXH3_accumulate_512, XXH3_scrambleAcc, XXH3_initCustomSecret);+}+++typedef XXH64_hash_t (*XXH3_hashLong64_f)(const void* XXH_RESTRICT, size_t,+                                          XXH64_hash_t, const xxh_u8* XXH_RESTRICT, size_t);++XXH_FORCE_INLINE XXH64_hash_t+XXH3_64bits_internal(const void* XXH_RESTRICT input, size_t len,+                     XXH64_hash_t seed64, const void* XXH_RESTRICT secret, size_t secretLen,+                     XXH3_hashLong64_f f_hashLong)+{+    XXH_ASSERT(secretLen >= XXH3_SECRET_SIZE_MIN);+    /*+     * If an action is to be taken if `secretLen` condition is not respected,+     * it should be done here.+     * For now, it's a contract pre-condition.+     * Adding a check and a branch here would cost performance at every hash.+     * Also, note that function signature doesn't offer room to return an error.+     */+    if (len <= 16)+        return XXH3_len_0to16_64b((const xxh_u8*)input, len, (const xxh_u8*)secret, seed64);+    if (len <= 128)+        return XXH3_len_17to128_64b((const xxh_u8*)input, len, (const xxh_u8*)secret, secretLen, seed64);+    if (len <= XXH3_MIDSIZE_MAX)+        return XXH3_len_129to240_64b((const xxh_u8*)input, len, (const xxh_u8*)secret, secretLen, seed64);+    return f_hashLong(input, len, seed64, (const xxh_u8*)secret, secretLen);+}+++/* ===   Public entry point   === */++XXH_PUBLIC_API XXH64_hash_t XXH3_64bits(const void* input, size_t len)+{+    return XXH3_64bits_internal(input, len, 0, XXH3_kSecret, sizeof(XXH3_kSecret), XXH3_hashLong_64b_default);+}++XXH_PUBLIC_API XXH64_hash_t+XXH3_64bits_withSecret(const void* input, size_t len, const void* secret, size_t secretSize)+{+    return XXH3_64bits_internal(input, len, 0, secret, secretSize, XXH3_hashLong_64b_withSecret);+}++XXH_PUBLIC_API XXH64_hash_t+XXH3_64bits_withSeed(const void* input, size_t len, XXH64_hash_t seed)+{+    return XXH3_64bits_internal(input, len, seed, XXH3_kSecret, sizeof(XXH3_kSecret), XXH3_hashLong_64b_withSeed);+}+++/* ===   XXH3 streaming   === */++/*+ * Malloc's a pointer that is always aligned to align.+ *+ * This must be freed with `XXH_alignedFree()`.+ *+ * malloc typically guarantees 16 byte alignment on 64-bit systems and 8 byte+ * alignment on 32-bit. This isn't enough for the 32 byte aligned loads in AVX2+ * or on 32-bit, the 16 byte aligned loads in SSE2 and NEON.+ *+ * This underalignment previously caused a rather obvious crash which went+ * completely unnoticed due to XXH3_createState() not actually being tested.+ * Credit to RedSpah for noticing this bug.+ *+ * The alignment is done manually: Functions like posix_memalign or _mm_malloc+ * are avoided: To maintain portability, we would have to write a fallback+ * like this anyways, and besides, testing for the existence of library+ * functions without relying on external build tools is impossible.+ *+ * The method is simple: Overallocate, manually align, and store the offset+ * to the original behind the returned pointer.+ *+ * Align must be a power of 2 and 8 <= align <= 128.+ */+static void* XXH_alignedMalloc(size_t s, size_t align)+{+    XXH_ASSERT(align <= 128 && align >= 8); /* range check */+    XXH_ASSERT((align & (align-1)) == 0);   /* power of 2 */+    XXH_ASSERT(s != 0 && s < (s + align));  /* empty/overflow */+    {   /* Overallocate to make room for manual realignment and an offset byte */+        xxh_u8* base = (xxh_u8*)XXH_malloc(s + align);+        if (base != NULL) {+            /*+             * Get the offset needed to align this pointer.+             *+             * Even if the returned pointer is aligned, there will always be+             * at least one byte to store the offset to the original pointer.+             */+            size_t offset = align - ((size_t)base & (align - 1)); /* base % align */+            /* Add the offset for the now-aligned pointer */+            xxh_u8* ptr = base + offset;++            XXH_ASSERT((size_t)ptr % align == 0);++            /* Store the offset immediately before the returned pointer. */+            ptr[-1] = (xxh_u8)offset;+            return ptr;+        }+        return NULL;+    }+}+/*+ * Frees an aligned pointer allocated by XXH_alignedMalloc(). Don't pass+ * normal malloc'd pointers, XXH_alignedMalloc has a specific data layout.+ */+static void XXH_alignedFree(void* p)+{+    if (p != NULL) {+        xxh_u8* ptr = (xxh_u8*)p;+        /* Get the offset byte we added in XXH_malloc. */+        xxh_u8 offset = ptr[-1];+        /* Free the original malloc'd pointer */+        xxh_u8* base = ptr - offset;+        XXH_free(base);+    }+}+XXH_PUBLIC_API XXH3_state_t* XXH3_createState(void)+{+    XXH3_state_t* const state = (XXH3_state_t*)XXH_alignedMalloc(sizeof(XXH3_state_t), 64);+    if (state==NULL) return NULL;+    XXH3_INITSTATE(state);+    return state;+}++XXH_PUBLIC_API XXH_errorcode XXH3_freeState(XXH3_state_t* statePtr)+{+    XXH_alignedFree(statePtr);+    return XXH_OK;+}++XXH_PUBLIC_API void+XXH3_copyState(XXH3_state_t* dst_state, const XXH3_state_t* src_state)+{+    memcpy(dst_state, src_state, sizeof(*dst_state));+}++static void+XXH3_64bits_reset_internal(XXH3_state_t* statePtr,+                           XXH64_hash_t seed,+                           const void* secret, size_t secretSize)+{+    size_t const initStart = offsetof(XXH3_state_t, bufferedSize);+    size_t const initLength = offsetof(XXH3_state_t, nbStripesPerBlock) - initStart;+    XXH_ASSERT(offsetof(XXH3_state_t, nbStripesPerBlock) > initStart);+    XXH_ASSERT(statePtr != NULL);+    /* set members from bufferedSize to nbStripesPerBlock (excluded) to 0 */+    memset((char*)statePtr + initStart, 0, initLength);+    statePtr->acc[0] = XXH_PRIME32_3;+    statePtr->acc[1] = XXH_PRIME64_1;+    statePtr->acc[2] = XXH_PRIME64_2;+    statePtr->acc[3] = XXH_PRIME64_3;+    statePtr->acc[4] = XXH_PRIME64_4;+    statePtr->acc[5] = XXH_PRIME32_2;+    statePtr->acc[6] = XXH_PRIME64_5;+    statePtr->acc[7] = XXH_PRIME32_1;+    statePtr->seed = seed;+    statePtr->extSecret = (const unsigned char*)secret;+    XXH_ASSERT(secretSize >= XXH3_SECRET_SIZE_MIN);+    statePtr->secretLimit = secretSize - XXH_STRIPE_LEN;+    statePtr->nbStripesPerBlock = statePtr->secretLimit / XXH_SECRET_CONSUME_RATE;+}++XXH_PUBLIC_API XXH_errorcode+XXH3_64bits_reset(XXH3_state_t* statePtr)+{+    if (statePtr == NULL) return XXH_ERROR;+    XXH3_64bits_reset_internal(statePtr, 0, XXH3_kSecret, XXH_SECRET_DEFAULT_SIZE);+    return XXH_OK;+}++XXH_PUBLIC_API XXH_errorcode+XXH3_64bits_reset_withSecret(XXH3_state_t* statePtr, const void* secret, size_t secretSize)+{+    if (statePtr == NULL) return XXH_ERROR;+    XXH3_64bits_reset_internal(statePtr, 0, secret, secretSize);+    if (secret == NULL) return XXH_ERROR;+    if (secretSize < XXH3_SECRET_SIZE_MIN) return XXH_ERROR;+    return XXH_OK;+}++XXH_PUBLIC_API XXH_errorcode+XXH3_64bits_reset_withSeed(XXH3_state_t* statePtr, XXH64_hash_t seed)+{+    if (statePtr == NULL) return XXH_ERROR;+    if (seed==0) return XXH3_64bits_reset(statePtr);+    if (seed != statePtr->seed) XXH3_initCustomSecret(statePtr->customSecret, seed);+    XXH3_64bits_reset_internal(statePtr, seed, NULL, XXH_SECRET_DEFAULT_SIZE);+    return XXH_OK;+}++/* Note : when XXH3_consumeStripes() is invoked,+ * there must be a guarantee that at least one more byte must be consumed from input+ * so that the function can blindly consume all stripes using the "normal" secret segment */+XXH_FORCE_INLINE void+XXH3_consumeStripes(xxh_u64* XXH_RESTRICT acc,+                    size_t* XXH_RESTRICT nbStripesSoFarPtr, size_t nbStripesPerBlock,+                    const xxh_u8* XXH_RESTRICT input, size_t nbStripes,+                    const xxh_u8* XXH_RESTRICT secret, size_t secretLimit,+                    XXH3_f_accumulate_512 f_acc512,+                    XXH3_f_scrambleAcc f_scramble)+{+    XXH_ASSERT(nbStripes <= nbStripesPerBlock);  /* can handle max 1 scramble per invocation */+    XXH_ASSERT(*nbStripesSoFarPtr < nbStripesPerBlock);+    if (nbStripesPerBlock - *nbStripesSoFarPtr <= nbStripes) {+        /* need a scrambling operation */+        size_t const nbStripesToEndofBlock = nbStripesPerBlock - *nbStripesSoFarPtr;+        size_t const nbStripesAfterBlock = nbStripes - nbStripesToEndofBlock;+        XXH3_accumulate(acc, input, secret + nbStripesSoFarPtr[0] * XXH_SECRET_CONSUME_RATE, nbStripesToEndofBlock, f_acc512);+        f_scramble(acc, secret + secretLimit);+        XXH3_accumulate(acc, input + nbStripesToEndofBlock * XXH_STRIPE_LEN, secret, nbStripesAfterBlock, f_acc512);+        *nbStripesSoFarPtr = nbStripesAfterBlock;+    } else {+        XXH3_accumulate(acc, input, secret + nbStripesSoFarPtr[0] * XXH_SECRET_CONSUME_RATE, nbStripes, f_acc512);+        *nbStripesSoFarPtr += nbStripes;+    }+}++/*+ * Both XXH3_64bits_update and XXH3_128bits_update use this routine.+ */+XXH_FORCE_INLINE XXH_errorcode+XXH3_update(XXH3_state_t* state,+            const xxh_u8* input, size_t len,+            XXH3_f_accumulate_512 f_acc512,+            XXH3_f_scrambleAcc f_scramble)+{+    if (input==NULL)+#if defined(XXH_ACCEPT_NULL_INPUT_POINTER) && (XXH_ACCEPT_NULL_INPUT_POINTER>=1)+        return XXH_OK;+#else+        return XXH_ERROR;+#endif++    {   const xxh_u8* const bEnd = input + len;+        const unsigned char* const secret = (state->extSecret == NULL) ? state->customSecret : state->extSecret;++        state->totalLen += len;++        if (state->bufferedSize + len <= XXH3_INTERNALBUFFER_SIZE) {  /* fill in tmp buffer */+            XXH_memcpy(state->buffer + state->bufferedSize, input, len);+            state->bufferedSize += (XXH32_hash_t)len;+            return XXH_OK;+        }+        /* total input is now > XXH3_INTERNALBUFFER_SIZE */++        #define XXH3_INTERNALBUFFER_STRIPES (XXH3_INTERNALBUFFER_SIZE / XXH_STRIPE_LEN)+        XXH_STATIC_ASSERT(XXH3_INTERNALBUFFER_SIZE % XXH_STRIPE_LEN == 0);   /* clean multiple */++        /*+         * Internal buffer is partially filled (always, except at beginning)+         * Complete it, then consume it.+         */+        if (state->bufferedSize) {+            size_t const loadSize = XXH3_INTERNALBUFFER_SIZE - state->bufferedSize;+            XXH_memcpy(state->buffer + state->bufferedSize, input, loadSize);+            input += loadSize;+            XXH3_consumeStripes(state->acc,+                               &state->nbStripesSoFar, state->nbStripesPerBlock,+                                state->buffer, XXH3_INTERNALBUFFER_STRIPES,+                                secret, state->secretLimit,+                                f_acc512, f_scramble);+            state->bufferedSize = 0;+        }+        XXH_ASSERT(input < bEnd);++        /* Consume input by a multiple of internal buffer size */+        if (input+XXH3_INTERNALBUFFER_SIZE < bEnd) {+            const xxh_u8* const limit = bEnd - XXH3_INTERNALBUFFER_SIZE;+            do {+                XXH3_consumeStripes(state->acc,+                                   &state->nbStripesSoFar, state->nbStripesPerBlock,+                                    input, XXH3_INTERNALBUFFER_STRIPES,+                                    secret, state->secretLimit,+                                    f_acc512, f_scramble);+                input += XXH3_INTERNALBUFFER_SIZE;+            } while (input<limit);+            /* for last partial stripe */+            memcpy(state->buffer + sizeof(state->buffer) - XXH_STRIPE_LEN, input - XXH_STRIPE_LEN, XXH_STRIPE_LEN);+        }+        XXH_ASSERT(input < bEnd);++        /* Some remaining input (always) : buffer it */+        XXH_memcpy(state->buffer, input, (size_t)(bEnd-input));+        state->bufferedSize = (XXH32_hash_t)(bEnd-input);+    }++    return XXH_OK;+}++XXH_PUBLIC_API XXH_errorcode+XXH3_64bits_update(XXH3_state_t* state, const void* input, size_t len)+{+    return XXH3_update(state, (const xxh_u8*)input, len,+                       XXH3_accumulate_512, XXH3_scrambleAcc);+}+++XXH_FORCE_INLINE void+XXH3_digest_long (XXH64_hash_t* acc,+                  const XXH3_state_t* state,+                  const unsigned char* secret)+{+    /*+     * Digest on a local copy. This way, the state remains unaltered, and it can+     * continue ingesting more input afterwards.+     */+    memcpy(acc, state->acc, sizeof(state->acc));+    if (state->bufferedSize >= XXH_STRIPE_LEN) {+        size_t const nbStripes = (state->bufferedSize - 1) / XXH_STRIPE_LEN;+        size_t nbStripesSoFar = state->nbStripesSoFar;+        XXH3_consumeStripes(acc,+                           &nbStripesSoFar, state->nbStripesPerBlock,+                            state->buffer, nbStripes,+                            secret, state->secretLimit,+                            XXH3_accumulate_512, XXH3_scrambleAcc);+        /* last stripe */+        XXH3_accumulate_512(acc,+                            state->buffer + state->bufferedSize - XXH_STRIPE_LEN,+                            secret + state->secretLimit - XXH_SECRET_LASTACC_START);+    } else {  /* bufferedSize < XXH_STRIPE_LEN */+        xxh_u8 lastStripe[XXH_STRIPE_LEN];+        size_t const catchupSize = XXH_STRIPE_LEN - state->bufferedSize;+        XXH_ASSERT(state->bufferedSize > 0);  /* there is always some input buffered */+        memcpy(lastStripe, state->buffer + sizeof(state->buffer) - catchupSize, catchupSize);+        memcpy(lastStripe + catchupSize, state->buffer, state->bufferedSize);+        XXH3_accumulate_512(acc,+                            lastStripe,+                            secret + state->secretLimit - XXH_SECRET_LASTACC_START);+    }+}++XXH_PUBLIC_API XXH64_hash_t XXH3_64bits_digest (const XXH3_state_t* state)+{+    const unsigned char* const secret = (state->extSecret == NULL) ? state->customSecret : state->extSecret;+    if (state->totalLen > XXH3_MIDSIZE_MAX) {+        XXH_ALIGN(XXH_ACC_ALIGN) XXH64_hash_t acc[XXH_ACC_NB];+        XXH3_digest_long(acc, state, secret);+        return XXH3_mergeAccs(acc,+                              secret + XXH_SECRET_MERGEACCS_START,+                              (xxh_u64)state->totalLen * XXH_PRIME64_1);+    }+    /* totalLen <= XXH3_MIDSIZE_MAX: digesting a short input */+    if (state->seed)+        return XXH3_64bits_withSeed(state->buffer, (size_t)state->totalLen, state->seed);+    return XXH3_64bits_withSecret(state->buffer, (size_t)(state->totalLen),+                                  secret, state->secretLimit + XXH_STRIPE_LEN);+}+++#define XXH_MIN(x, y) (((x) > (y)) ? (y) : (x))++XXH_PUBLIC_API void+XXH3_generateSecret(void* secretBuffer, const void* customSeed, size_t customSeedSize)+{+    XXH_ASSERT(secretBuffer != NULL);+    if (customSeedSize == 0) {+        memcpy(secretBuffer, XXH3_kSecret, XXH_SECRET_DEFAULT_SIZE);+        return;+    }+    XXH_ASSERT(customSeed != NULL);++    {   size_t const segmentSize = sizeof(XXH128_hash_t);+        size_t const nbSegments = XXH_SECRET_DEFAULT_SIZE / segmentSize;+        XXH128_canonical_t scrambler;+        XXH64_hash_t seeds[12];+        size_t segnb;+        XXH_ASSERT(nbSegments == 12);+        XXH_ASSERT(segmentSize * nbSegments == XXH_SECRET_DEFAULT_SIZE); /* exact multiple */+        XXH128_canonicalFromHash(&scrambler, XXH128(customSeed, customSeedSize, 0));++        /*+        * Copy customSeed to seeds[], truncating or repeating as necessary.+        */+        {   size_t toFill = XXH_MIN(customSeedSize, sizeof(seeds));+            size_t filled = toFill;+            memcpy(seeds, customSeed, toFill);+            while (filled < sizeof(seeds)) {+                toFill = XXH_MIN(filled, sizeof(seeds) - filled);+                memcpy((char*)seeds + filled, seeds, toFill);+                filled += toFill;+        }   }++        /* generate secret */+        memcpy(secretBuffer, &scrambler, sizeof(scrambler));+        for (segnb=1; segnb < nbSegments; segnb++) {+            size_t const segmentStart = segnb * segmentSize;+            XXH128_canonical_t segment;+            XXH128_canonicalFromHash(&segment,+                XXH128(&scrambler, sizeof(scrambler), XXH_readLE64(seeds + segnb) + segnb) );+            memcpy((char*)secretBuffer + segmentStart, &segment, sizeof(segment));+    }   }+}+++/* ==========================================+ * XXH3 128 bits (a.k.a XXH128)+ * ==========================================+ * XXH3's 128-bit variant has better mixing and strength than the 64-bit variant,+ * even without counting the significantly larger output size.+ *+ * For example, extra steps are taken to avoid the seed-dependent collisions+ * in 17-240 byte inputs (See XXH3_mix16B and XXH128_mix32B).+ *+ * This strength naturally comes at the cost of some speed, especially on short+ * lengths. Note that longer hashes are about as fast as the 64-bit version+ * due to it using only a slight modification of the 64-bit loop.+ *+ * XXH128 is also more oriented towards 64-bit machines. It is still extremely+ * fast for a _128-bit_ hash on 32-bit (it usually clears XXH64).+ */++XXH_FORCE_INLINE XXH128_hash_t+XXH3_len_1to3_128b(const xxh_u8* input, size_t len, const xxh_u8* secret, XXH64_hash_t seed)+{+    /* A doubled version of 1to3_64b with different constants. */+    XXH_ASSERT(input != NULL);+    XXH_ASSERT(1 <= len && len <= 3);+    XXH_ASSERT(secret != NULL);+    /*+     * len = 1: combinedl = { input[0], 0x01, input[0], input[0] }+     * len = 2: combinedl = { input[1], 0x02, input[0], input[1] }+     * len = 3: combinedl = { input[2], 0x03, input[0], input[1] }+     */+    {   xxh_u8 const c1 = input[0];+        xxh_u8 const c2 = input[len >> 1];+        xxh_u8 const c3 = input[len - 1];+        xxh_u32 const combinedl = ((xxh_u32)c1 <<16) | ((xxh_u32)c2 << 24)+                                | ((xxh_u32)c3 << 0) | ((xxh_u32)len << 8);+        xxh_u32 const combinedh = XXH_rotl32(XXH_swap32(combinedl), 13);+        xxh_u64 const bitflipl = (XXH_readLE32(secret) ^ XXH_readLE32(secret+4)) + seed;+        xxh_u64 const bitfliph = (XXH_readLE32(secret+8) ^ XXH_readLE32(secret+12)) - seed;+        xxh_u64 const keyed_lo = (xxh_u64)combinedl ^ bitflipl;+        xxh_u64 const keyed_hi = (xxh_u64)combinedh ^ bitfliph;+        XXH128_hash_t h128;+        h128.low64  = XXH64_avalanche(keyed_lo);+        h128.high64 = XXH64_avalanche(keyed_hi);+        return h128;+    }+}++XXH_FORCE_INLINE XXH128_hash_t+XXH3_len_4to8_128b(const xxh_u8* input, size_t len, const xxh_u8* secret, XXH64_hash_t seed)+{+    XXH_ASSERT(input != NULL);+    XXH_ASSERT(secret != NULL);+    XXH_ASSERT(4 <= len && len <= 8);+    seed ^= (xxh_u64)XXH_swap32((xxh_u32)seed) << 32;+    {   xxh_u32 const input_lo = XXH_readLE32(input);+        xxh_u32 const input_hi = XXH_readLE32(input + len - 4);+        xxh_u64 const input_64 = input_lo + ((xxh_u64)input_hi << 32);+        xxh_u64 const bitflip = (XXH_readLE64(secret+16) ^ XXH_readLE64(secret+24)) + seed;+        xxh_u64 const keyed = input_64 ^ bitflip;++        /* Shift len to the left to ensure it is even, this avoids even multiplies. */+        XXH128_hash_t m128 = XXH_mult64to128(keyed, XXH_PRIME64_1 + (len << 2));++        m128.high64 += (m128.low64 << 1);+        m128.low64  ^= (m128.high64 >> 3);++        m128.low64   = XXH_xorshift64(m128.low64, 35);+        m128.low64  *= 0x9FB21C651E98DF25ULL;+        m128.low64   = XXH_xorshift64(m128.low64, 28);+        m128.high64  = XXH3_avalanche(m128.high64);+        return m128;+    }+}++XXH_FORCE_INLINE XXH128_hash_t+XXH3_len_9to16_128b(const xxh_u8* input, size_t len, const xxh_u8* secret, XXH64_hash_t seed)+{+    XXH_ASSERT(input != NULL);+    XXH_ASSERT(secret != NULL);+    XXH_ASSERT(9 <= len && len <= 16);+    {   xxh_u64 const bitflipl = (XXH_readLE64(secret+32) ^ XXH_readLE64(secret+40)) - seed;+        xxh_u64 const bitfliph = (XXH_readLE64(secret+48) ^ XXH_readLE64(secret+56)) + seed;+        xxh_u64 const input_lo = XXH_readLE64(input);+        xxh_u64       input_hi = XXH_readLE64(input + len - 8);+        XXH128_hash_t m128 = XXH_mult64to128(input_lo ^ input_hi ^ bitflipl, XXH_PRIME64_1);+        /*+         * Put len in the middle of m128 to ensure that the length gets mixed to+         * both the low and high bits in the 128x64 multiply below.+         */+        m128.low64 += (xxh_u64)(len - 1) << 54;+        input_hi   ^= bitfliph;+        /*+         * Add the high 32 bits of input_hi to the high 32 bits of m128, then+         * add the long product of the low 32 bits of input_hi and XXH_PRIME32_2 to+         * the high 64 bits of m128.+         *+         * The best approach to this operation is different on 32-bit and 64-bit.+         */+        if (sizeof(void *) < sizeof(xxh_u64)) { /* 32-bit */+            /*+             * 32-bit optimized version, which is more readable.+             *+             * On 32-bit, it removes an ADC and delays a dependency between the two+             * halves of m128.high64, but it generates an extra mask on 64-bit.+             */+            m128.high64 += (input_hi & 0xFFFFFFFF00000000ULL) + XXH_mult32to64((xxh_u32)input_hi, XXH_PRIME32_2);+        } else {+            /*+             * 64-bit optimized (albeit more confusing) version.+             *+             * Uses some properties of addition and multiplication to remove the mask:+             *+             * Let:+             *    a = input_hi.lo = (input_hi & 0x00000000FFFFFFFF)+             *    b = input_hi.hi = (input_hi & 0xFFFFFFFF00000000)+             *    c = XXH_PRIME32_2+             *+             *    a + (b * c)+             * Inverse Property: x + y - x == y+             *    a + (b * (1 + c - 1))+             * Distributive Property: x * (y + z) == (x * y) + (x * z)+             *    a + (b * 1) + (b * (c - 1))+             * Identity Property: x * 1 == x+             *    a + b + (b * (c - 1))+             *+             * Substitute a, b, and c:+             *    input_hi.hi + input_hi.lo + ((xxh_u64)input_hi.lo * (XXH_PRIME32_2 - 1))+             *+             * Since input_hi.hi + input_hi.lo == input_hi, we get this:+             *    input_hi + ((xxh_u64)input_hi.lo * (XXH_PRIME32_2 - 1))+             */+            m128.high64 += input_hi + XXH_mult32to64((xxh_u32)input_hi, XXH_PRIME32_2 - 1);+        }+        /* m128 ^= XXH_swap64(m128 >> 64); */+        m128.low64  ^= XXH_swap64(m128.high64);++        {   /* 128x64 multiply: h128 = m128 * XXH_PRIME64_2; */+            XXH128_hash_t h128 = XXH_mult64to128(m128.low64, XXH_PRIME64_2);+            h128.high64 += m128.high64 * XXH_PRIME64_2;++            h128.low64   = XXH3_avalanche(h128.low64);+            h128.high64  = XXH3_avalanche(h128.high64);+            return h128;+    }   }+}++/*+ * Assumption: `secret` size is >= XXH3_SECRET_SIZE_MIN+ */+XXH_FORCE_INLINE XXH128_hash_t+XXH3_len_0to16_128b(const xxh_u8* input, size_t len, const xxh_u8* secret, XXH64_hash_t seed)+{+    XXH_ASSERT(len <= 16);+    {   if (len > 8) return XXH3_len_9to16_128b(input, len, secret, seed);+        if (len >= 4) return XXH3_len_4to8_128b(input, len, secret, seed);+        if (len) return XXH3_len_1to3_128b(input, len, secret, seed);+        {   XXH128_hash_t h128;+            xxh_u64 const bitflipl = XXH_readLE64(secret+64) ^ XXH_readLE64(secret+72);+            xxh_u64 const bitfliph = XXH_readLE64(secret+80) ^ XXH_readLE64(secret+88);+            h128.low64 = XXH64_avalanche(seed ^ bitflipl);+            h128.high64 = XXH64_avalanche( seed ^ bitfliph);+            return h128;+    }   }+}++/*+ * A bit slower than XXH3_mix16B, but handles multiply by zero better.+ */+XXH_FORCE_INLINE XXH128_hash_t+XXH128_mix32B(XXH128_hash_t acc, const xxh_u8* input_1, const xxh_u8* input_2,+              const xxh_u8* secret, XXH64_hash_t seed)+{+    acc.low64  += XXH3_mix16B (input_1, secret+0, seed);+    acc.low64  ^= XXH_readLE64(input_2) + XXH_readLE64(input_2 + 8);+    acc.high64 += XXH3_mix16B (input_2, secret+16, seed);+    acc.high64 ^= XXH_readLE64(input_1) + XXH_readLE64(input_1 + 8);+    return acc;+}+++XXH_FORCE_INLINE XXH128_hash_t+XXH3_len_17to128_128b(const xxh_u8* XXH_RESTRICT input, size_t len,+                      const xxh_u8* XXH_RESTRICT secret, size_t secretSize,+                      XXH64_hash_t seed)+{+    XXH_ASSERT(secretSize >= XXH3_SECRET_SIZE_MIN); (void)secretSize;+    XXH_ASSERT(16 < len && len <= 128);++    {   XXH128_hash_t acc;+        acc.low64 = len * XXH_PRIME64_1;+        acc.high64 = 0;+        if (len > 32) {+            if (len > 64) {+                if (len > 96) {+                    acc = XXH128_mix32B(acc, input+48, input+len-64, secret+96, seed);+                }+                acc = XXH128_mix32B(acc, input+32, input+len-48, secret+64, seed);+            }+            acc = XXH128_mix32B(acc, input+16, input+len-32, secret+32, seed);+        }+        acc = XXH128_mix32B(acc, input, input+len-16, secret, seed);+        {   XXH128_hash_t h128;+            h128.low64  = acc.low64 + acc.high64;+            h128.high64 = (acc.low64    * XXH_PRIME64_1)+                        + (acc.high64   * XXH_PRIME64_4)+                        + ((len - seed) * XXH_PRIME64_2);+            h128.low64  = XXH3_avalanche(h128.low64);+            h128.high64 = (XXH64_hash_t)0 - XXH3_avalanche(h128.high64);+            return h128;+        }+    }+}++XXH_NO_INLINE XXH128_hash_t+XXH3_len_129to240_128b(const xxh_u8* XXH_RESTRICT input, size_t len,+                       const xxh_u8* XXH_RESTRICT secret, size_t secretSize,+                       XXH64_hash_t seed)+{+    XXH_ASSERT(secretSize >= XXH3_SECRET_SIZE_MIN); (void)secretSize;+    XXH_ASSERT(128 < len && len <= XXH3_MIDSIZE_MAX);++    {   XXH128_hash_t acc;+        int const nbRounds = (int)len / 32;+        int i;+        acc.low64 = len * XXH_PRIME64_1;+        acc.high64 = 0;+        for (i=0; i<4; i++) {+            acc = XXH128_mix32B(acc,+                                input  + (32 * i),+                                input  + (32 * i) + 16,+                                secret + (32 * i),+                                seed);+        }+        acc.low64 = XXH3_avalanche(acc.low64);+        acc.high64 = XXH3_avalanche(acc.high64);+        XXH_ASSERT(nbRounds >= 4);+        for (i=4 ; i < nbRounds; i++) {+            acc = XXH128_mix32B(acc,+                                input + (32 * i),+                                input + (32 * i) + 16,+                                secret + XXH3_MIDSIZE_STARTOFFSET + (32 * (i - 4)),+                                seed);+        }+        /* last bytes */+        acc = XXH128_mix32B(acc,+                            input + len - 16,+                            input + len - 32,+                            secret + XXH3_SECRET_SIZE_MIN - XXH3_MIDSIZE_LASTOFFSET - 16,+                            0ULL - seed);++        {   XXH128_hash_t h128;+            h128.low64  = acc.low64 + acc.high64;+            h128.high64 = (acc.low64    * XXH_PRIME64_1)+                        + (acc.high64   * XXH_PRIME64_4)+                        + ((len - seed) * XXH_PRIME64_2);+            h128.low64  = XXH3_avalanche(h128.low64);+            h128.high64 = (XXH64_hash_t)0 - XXH3_avalanche(h128.high64);+            return h128;+        }+    }+}++XXH_FORCE_INLINE XXH128_hash_t+XXH3_hashLong_128b_internal(const void* XXH_RESTRICT input, size_t len,+                            const xxh_u8* XXH_RESTRICT secret, size_t secretSize,+                            XXH3_f_accumulate_512 f_acc512,+                            XXH3_f_scrambleAcc f_scramble)+{+    XXH_ALIGN(XXH_ACC_ALIGN) xxh_u64 acc[XXH_ACC_NB] = XXH3_INIT_ACC;++    XXH3_hashLong_internal_loop(acc, (const xxh_u8*)input, len, secret, secretSize, f_acc512, f_scramble);++    /* converge into final hash */+    XXH_STATIC_ASSERT(sizeof(acc) == 64);+    XXH_ASSERT(secretSize >= sizeof(acc) + XXH_SECRET_MERGEACCS_START);+    {   XXH128_hash_t h128;+        h128.low64  = XXH3_mergeAccs(acc,+                                     secret + XXH_SECRET_MERGEACCS_START,+                                     (xxh_u64)len * XXH_PRIME64_1);+        h128.high64 = XXH3_mergeAccs(acc,+                                     secret + secretSize+                                            - sizeof(acc) - XXH_SECRET_MERGEACCS_START,+                                     ~((xxh_u64)len * XXH_PRIME64_2));+        return h128;+    }+}++/*+ * It's important for performance that XXH3_hashLong is not inlined.+ */+XXH_NO_INLINE XXH128_hash_t+XXH3_hashLong_128b_default(const void* XXH_RESTRICT input, size_t len,+                           XXH64_hash_t seed64,+                           const void* XXH_RESTRICT secret, size_t secretLen)+{+    (void)seed64; (void)secret; (void)secretLen;+    return XXH3_hashLong_128b_internal(input, len, XXH3_kSecret, sizeof(XXH3_kSecret),+                                       XXH3_accumulate_512, XXH3_scrambleAcc);+}++/*+ * It's important for performance that XXH3_hashLong is not inlined.+ */+XXH_NO_INLINE XXH128_hash_t+XXH3_hashLong_128b_withSecret(const void* XXH_RESTRICT input, size_t len,+                              XXH64_hash_t seed64,+                              const void* XXH_RESTRICT secret, size_t secretLen)+{+    (void)seed64;+    return XXH3_hashLong_128b_internal(input, len, (const xxh_u8*)secret, secretLen,+                                       XXH3_accumulate_512, XXH3_scrambleAcc);+}++XXH_FORCE_INLINE XXH128_hash_t+XXH3_hashLong_128b_withSeed_internal(const void* XXH_RESTRICT input, size_t len,+                                XXH64_hash_t seed64,+                                XXH3_f_accumulate_512 f_acc512,+                                XXH3_f_scrambleAcc f_scramble,+                                XXH3_f_initCustomSecret f_initSec)+{+    if (seed64 == 0)+        return XXH3_hashLong_128b_internal(input, len,+                                           XXH3_kSecret, sizeof(XXH3_kSecret),+                                           f_acc512, f_scramble);+    {   XXH_ALIGN(XXH_SEC_ALIGN) xxh_u8 secret[XXH_SECRET_DEFAULT_SIZE];+        f_initSec(secret, seed64);+        return XXH3_hashLong_128b_internal(input, len, (const xxh_u8*)secret, sizeof(secret),+                                           f_acc512, f_scramble);+    }+}++/*+ * It's important for performance that XXH3_hashLong is not inlined.+ */+XXH_NO_INLINE XXH128_hash_t+XXH3_hashLong_128b_withSeed(const void* input, size_t len,+                            XXH64_hash_t seed64, const void* XXH_RESTRICT secret, size_t secretLen)+{+    (void)secret; (void)secretLen;+    return XXH3_hashLong_128b_withSeed_internal(input, len, seed64,+                XXH3_accumulate_512, XXH3_scrambleAcc, XXH3_initCustomSecret);+}++typedef XXH128_hash_t (*XXH3_hashLong128_f)(const void* XXH_RESTRICT, size_t,+                                            XXH64_hash_t, const void* XXH_RESTRICT, size_t);++XXH_FORCE_INLINE XXH128_hash_t+XXH3_128bits_internal(const void* input, size_t len,+                      XXH64_hash_t seed64, const void* XXH_RESTRICT secret, size_t secretLen,+                      XXH3_hashLong128_f f_hl128)+{+    XXH_ASSERT(secretLen >= XXH3_SECRET_SIZE_MIN);+    /*+     * If an action is to be taken if `secret` conditions are not respected,+     * it should be done here.+     * For now, it's a contract pre-condition.+     * Adding a check and a branch here would cost performance at every hash.+     */+    if (len <= 16)+        return XXH3_len_0to16_128b((const xxh_u8*)input, len, (const xxh_u8*)secret, seed64);+    if (len <= 128)+        return XXH3_len_17to128_128b((const xxh_u8*)input, len, (const xxh_u8*)secret, secretLen, seed64);+    if (len <= XXH3_MIDSIZE_MAX)+        return XXH3_len_129to240_128b((const xxh_u8*)input, len, (const xxh_u8*)secret, secretLen, seed64);+    return f_hl128(input, len, seed64, secret, secretLen);+}+++/* ===   Public XXH128 API   === */++XXH_PUBLIC_API XXH128_hash_t XXH3_128bits(const void* input, size_t len)+{+    return XXH3_128bits_internal(input, len, 0,+                                 XXH3_kSecret, sizeof(XXH3_kSecret),+                                 XXH3_hashLong_128b_default);+}++XXH_PUBLIC_API XXH128_hash_t+XXH3_128bits_withSecret(const void* input, size_t len, const void* secret, size_t secretSize)+{+    return XXH3_128bits_internal(input, len, 0,+                                 (const xxh_u8*)secret, secretSize,+                                 XXH3_hashLong_128b_withSecret);+}++XXH_PUBLIC_API XXH128_hash_t+XXH3_128bits_withSeed(const void* input, size_t len, XXH64_hash_t seed)+{+    return XXH3_128bits_internal(input, len, seed,+                                 XXH3_kSecret, sizeof(XXH3_kSecret),+                                 XXH3_hashLong_128b_withSeed);+}++XXH_PUBLIC_API XXH128_hash_t+XXH128(const void* input, size_t len, XXH64_hash_t seed)+{+    return XXH3_128bits_withSeed(input, len, seed);+}+++/* ===   XXH3 128-bit streaming   === */++/*+ * All the functions are actually the same as for 64-bit streaming variant.+ * The only difference is the finalizatiom routine.+ */++static void+XXH3_128bits_reset_internal(XXH3_state_t* statePtr,+                            XXH64_hash_t seed,+                            const void* secret, size_t secretSize)+{+    XXH3_64bits_reset_internal(statePtr, seed, secret, secretSize);+}++XXH_PUBLIC_API XXH_errorcode+XXH3_128bits_reset(XXH3_state_t* statePtr)+{+    if (statePtr == NULL) return XXH_ERROR;+    XXH3_128bits_reset_internal(statePtr, 0, XXH3_kSecret, XXH_SECRET_DEFAULT_SIZE);+    return XXH_OK;+}++XXH_PUBLIC_API XXH_errorcode+XXH3_128bits_reset_withSecret(XXH3_state_t* statePtr, const void* secret, size_t secretSize)+{+    if (statePtr == NULL) return XXH_ERROR;+    XXH3_128bits_reset_internal(statePtr, 0, secret, secretSize);+    if (secret == NULL) return XXH_ERROR;+    if (secretSize < XXH3_SECRET_SIZE_MIN) return XXH_ERROR;+    return XXH_OK;+}++XXH_PUBLIC_API XXH_errorcode+XXH3_128bits_reset_withSeed(XXH3_state_t* statePtr, XXH64_hash_t seed)+{+    if (statePtr == NULL) return XXH_ERROR;+    if (seed==0) return XXH3_128bits_reset(statePtr);+    if (seed != statePtr->seed) XXH3_initCustomSecret(statePtr->customSecret, seed);+    XXH3_128bits_reset_internal(statePtr, seed, NULL, XXH_SECRET_DEFAULT_SIZE);+    return XXH_OK;+}++XXH_PUBLIC_API XXH_errorcode+XXH3_128bits_update(XXH3_state_t* state, const void* input, size_t len)+{+    return XXH3_update(state, (const xxh_u8*)input, len,+                       XXH3_accumulate_512, XXH3_scrambleAcc);+}++XXH_PUBLIC_API XXH128_hash_t XXH3_128bits_digest (const XXH3_state_t* state)+{+    const unsigned char* const secret = (state->extSecret == NULL) ? state->customSecret : state->extSecret;+    if (state->totalLen > XXH3_MIDSIZE_MAX) {+        XXH_ALIGN(XXH_ACC_ALIGN) XXH64_hash_t acc[XXH_ACC_NB];+        XXH3_digest_long(acc, state, secret);+        XXH_ASSERT(state->secretLimit + XXH_STRIPE_LEN >= sizeof(acc) + XXH_SECRET_MERGEACCS_START);+        {   XXH128_hash_t h128;+            h128.low64  = XXH3_mergeAccs(acc,+                                         secret + XXH_SECRET_MERGEACCS_START,+                                         (xxh_u64)state->totalLen * XXH_PRIME64_1);+            h128.high64 = XXH3_mergeAccs(acc,+                                         secret + state->secretLimit + XXH_STRIPE_LEN+                                                - sizeof(acc) - XXH_SECRET_MERGEACCS_START,+                                         ~((xxh_u64)state->totalLen * XXH_PRIME64_2));+            return h128;+        }+    }+    /* len <= XXH3_MIDSIZE_MAX : short code */+    if (state->seed)+        return XXH3_128bits_withSeed(state->buffer, (size_t)state->totalLen, state->seed);+    return XXH3_128bits_withSecret(state->buffer, (size_t)(state->totalLen),+                                   secret, state->secretLimit + XXH_STRIPE_LEN);+}++/* 128-bit utility functions */++#include <string.h>   /* memcmp, memcpy */++/* return : 1 is equal, 0 if different */+XXH_PUBLIC_API int XXH128_isEqual(XXH128_hash_t h1, XXH128_hash_t h2)+{+    /* note : XXH128_hash_t is compact, it has no padding byte */+    return !(memcmp(&h1, &h2, sizeof(h1)));+}++/* This prototype is compatible with stdlib's qsort().+ * return : >0 if *h128_1  > *h128_2+ *          <0 if *h128_1  < *h128_2+ *          =0 if *h128_1 == *h128_2  */+XXH_PUBLIC_API int XXH128_cmp(const void* h128_1, const void* h128_2)+{+    XXH128_hash_t const h1 = *(const XXH128_hash_t*)h128_1;+    XXH128_hash_t const h2 = *(const XXH128_hash_t*)h128_2;+    int const hcmp = (h1.high64 > h2.high64) - (h2.high64 > h1.high64);+    /* note : bets that, in most cases, hash values are different */+    if (hcmp) return hcmp;+    return (h1.low64 > h2.low64) - (h2.low64 > h1.low64);+}+++/*======   Canonical representation   ======*/+XXH_PUBLIC_API void+XXH128_canonicalFromHash(XXH128_canonical_t* dst, XXH128_hash_t hash)+{+    XXH_STATIC_ASSERT(sizeof(XXH128_canonical_t) == sizeof(XXH128_hash_t));+    if (XXH_CPU_LITTLE_ENDIAN) {+        hash.high64 = XXH_swap64(hash.high64);+        hash.low64  = XXH_swap64(hash.low64);+    }+    memcpy(dst, &hash.high64, sizeof(hash.high64));+    memcpy((char*)dst + sizeof(hash.high64), &hash.low64, sizeof(hash.low64));+}++XXH_PUBLIC_API XXH128_hash_t+XXH128_hashFromCanonical(const XXH128_canonical_t* src)+{+    XXH128_hash_t h;+    h.high64 = XXH_readBE64(src);+    h.low64  = XXH_readBE64(src->digest + 8);+    return h;+}++/* Pop our optimization override from above */+#if XXH_VECTOR == XXH_AVX2 /* AVX2 */ \+  && defined(__GNUC__) && !defined(__clang__) /* GCC, not Clang */ \+  && defined(__OPTIMIZE__) && !defined(__OPTIMIZE_SIZE__) /* respect -O0 and -Os */+#  pragma GCC pop_options+#endif++#endif  /* XXH_NO_LONG_LONG */+++#endif  /* XXH_IMPLEMENTATION */+++#if defined (__cplusplus)+}+#endif
+ tests/Crypto/Ethereum/Test/KeyfileSpec.hs view
@@ -0,0 +1,99 @@+{-# LANGUAGE OverloadedStrings #-}+module Crypto.Ethereum.Test.KeyfileSpec where++import           Data.Aeson               (eitherDecode)+import           Data.ByteString          (ByteString)+import qualified Data.ByteString.Lazy     as L (ByteString)+import           Data.UUID.Types          (UUID)+import           Test.Hspec++import           Crypto.Ethereum.Keyfile+import           Data.ByteArray.HexString (HexString)++pbkdf2_test_keyfile :: L.ByteString+pbkdf2_test_keyfile = "\+\{\+\    \"crypto\" : {\+\        \"cipher\" : \"aes-128-ctr\",\+\        \"cipherparams\" : {\+\            \"iv\" : \"6087dab2f9fdbbfaddc31a909735c1e6\"\+\        },\+\        \"ciphertext\" : \"5318b4d5bcd28de64ee5559e671353e16f075ecae9f99c7a79a38af5f869aa46\",\+\        \"kdf\" : \"pbkdf2\",\+\        \"kdfparams\" : {\+\            \"c\" : 262144,\+\            \"dklen\" : 32,\+\            \"prf\" : \"hmac-sha256\",\+\            \"salt\" : \"ae3cd4e7013836a3df6bd7241b12db061dbe2c6785853cce422d148a624ce0bd\"\+\        },\+\        \"mac\" : \"517ead924a9d0dc3124507e3393d175ce3ff7c1e96529c6c555ce9e51205e9b2\"\+\    },\+\    \"id\" : \"3198bc9c-6672-5ab3-d995-4942343ae5b6\",\+\    \"version\" : 3\+\}"++scrypt_test_keyfile :: L.ByteString+scrypt_test_keyfile = "\+\{\+\    \"crypto\" : {\+\        \"cipher\" : \"aes-128-ctr\",\+\        \"cipherparams\" : {\+\            \"iv\" : \"83dbcc02d8ccb40e466191a123791e0e\"\+\        },\+\        \"ciphertext\" : \"d172bf743a674da9cdad04534d56926ef8358534d458fffccd4e6ad2fbde479c\",\+\        \"kdf\" : \"scrypt\",\+\        \"kdfparams\" : {\+\            \"dklen\" : 32,\+\            \"n\" : 262144,\+\            \"r\" : 1,\+\            \"p\" : 8,\+\            \"salt\" : \"ab0c7876052600dd703518d6fc3fe8984592145b591fc8fb5c6d43190334ba19\"\+\        },\+\        \"mac\" : \"2103ac29920d71da29f15d75b4a16dbe95cfd7ff8faea1056c33131d846e3097\"\+\    },\+\    \"id\" : \"3198bc9c-6672-5ab3-d995-4942343ae5b6\",\+\    \"version\" : 3\+\}"++test_uuid :: UUID+test_uuid = read "3198bc9c-6672-5ab3-d995-4942343ae5b6"++test_pbkdf2_mac :: HexString+test_pbkdf2_mac = "517ead924a9d0dc3124507e3393d175ce3ff7c1e96529c6c555ce9e51205e9b2"++test_scrypt_mac :: HexString+test_scrypt_mac = "2103ac29920d71da29f15d75b4a16dbe95cfd7ff8faea1056c33131d846e3097"++test_password :: ByteString+test_password = "testpassword"++test_private :: HexString+test_private = "7a28b5ba57c53603b0b07b56bba752f7784bf506fa95edc395f5cf6c7514fe9d"++spec :: Spec+spec = parallel $ do+    describe "AES-128-CTR and PBKDF2-SHA-256" $ do+        it "can decode keyfile" $+            case eitherDecode pbkdf2_test_keyfile of+                Left e     -> error e+                Right ekey -> do+                    encryptedKeyId ekey `shouldBe` test_uuid+                    encryptedKeyMac ekey `shouldBe` test_pbkdf2_mac++        it "can decrypt keyfile" $ do+            case eitherDecode pbkdf2_test_keyfile of+                Left e     -> error e+                Right ekey -> decrypt ekey test_password `shouldBe` Just test_private++    describe "AES-128-CTR and Scrypt" $ do+        it "can decode keyfile" $+            case eitherDecode scrypt_test_keyfile of+                Left e     -> error e+                Right ekey -> do+                    encryptedKeyId ekey `shouldBe` test_uuid+                    encryptedKeyMac ekey `shouldBe` test_scrypt_mac++        it "can decrypt keyfile" $+            case eitherDecode scrypt_test_keyfile of+                Left e     -> error e+                Right ekey -> decrypt ekey test_password `shouldBe` Just test_private
+ tests/Crypto/Ethereum/Test/SignatureSpec.hs view
@@ -0,0 +1,35 @@+{-# LANGUAGE OverloadedStrings #-}+module Crypto.Ethereum.Test.SignatureSpec where++import           Crypto.Ecdsa.Utils        (importKey)+import           Crypto.Ethereum.Signature (hashMessage, signMessage)+import           Data.ByteArray            (convert)+import           Data.ByteArray.HexString  (HexString)+import           Data.Foldable             (for_)+import           Test.Hspec++test_vector :: [(HexString, HexString, HexString)]+test_vector = [+    ("0xa8510b592963f52d2d8b3413ab5822111c68d45370f6104a869fe6e72c58952fe6b420115a9dfadaae2956ad761db2f113", "0x5cc3704a552b40515909a220d3cb91e850d4d6c6c0180424e433d00400612ed6", "0x3477bfac3621680c30cf3ad59da9288bc53e46773af4911592c6f3b2ba9029861fac19b0fa0cc543731133346eb817cd7f3aa4cabac5e613919567bc9704af861c"),+    ("0x5680f1d195bbe2b0f1601a039ad23a6ad488c1f0949a68e84bffe398ad", "0xcaf03f0aa6862758e526dd76782a4afa7ad48533f00f8f9e8731d4a6b1656d9f", "0x659263cb4d54c653e5ef41550f959e15a71b01f19bce88750c8c3cad8ab293d12138db412f471df6c67575d49e9c25b6973a3405396a3e6985a3f391efee74751c"),+    ("0x487f9a", "0xa13bf6fdb2e2a5790f4a80d822180c7851b227d16c1893de2359dc98b1e27756", "0x143da940f9e144218979074cfde306d0697b3ddaec4c5e464a5aa093733f957776ba158ec4492a6cdc9951c6e0c1b10040916cb503ad240ed3b76677f9ac4ad41c"),+    ("0x958c2c5bafc5eb97004774f4c9b56aaecd37c06befac0042a93c67", "0x496b49cc02b63f927f2669a32dece10876e1a33dc0bd684f7643f849ecbe7c73", "0x34e768e959b89d305f16f796d0ff2da4e5923d6a6f33ba66b29471953e10be1a183743fb764f806ca8d97ad29dad94115d0368f374d5e085348267cc1c5bce411b"),+    ("0x02e2", "0x0425c9ac326acac4b93ff871f22c1dfe69c05038c2ac5b9eadb7e09743baa603", "0xbf52108b598a02aeeea1f9ee84947300985953edcfd07351f038bfe0de4c62df5cf467caaa7a33c3c4ebdf4aeaf05b1f4674f6b82b27e87fbf8d2a0980e68f1d1b"),+    ("0x74391586ff29f0638d7f7971640cefac3bfa3865ec5310e15a", "0x104432a31597e399f3f0f34e70b52a062feeb65aa3ad5383d2d7b90b0ab50126", "0x78c81fff1acdd1773badea5f35b0149e14b3dffe8de0e554b0edd80526acd55f1fc315b96afe5964df24f28b756f5651a6a52b2b9e0ffc87cda2a4a8f448a8951c"),+    ("0xd3ba712ef9dd8f8b37d805a9d1c2b5ee92db66dda0fd8582d55cec1b2519d18dfff2333e29081e80544af7244f2f22", "0x330ee59f080c59252218d1245029d8689b48b021dcf2c438938264bbc61d05af", "0xcf96a0f05e40d05ebcedbff0af522a68e6c846e63b44245a1208592ddf03cc12136ad522656f08fd838c55ff78e093d387d23b30b88a57e467636e63c786e04e1c"),+    ("0x1e99da3e7bb02e1f239bbf0b2ea113848673dd52da24c87f2f40", "0x52c58101fe861f9292fb6ad3df74551b5fb3feca9983b108645a5a9354bfbe99", "0x8eebcef599eb67e9379e7d6b074123628c1a65f1b754647704eb003fa61aff0a0e5c79fb022970fea80409e20a12bd4b8e1a79a787394a547fbc93c2d3c1e2dc1c"),+    ("0x1e973d1b5b158acc7d710099700c793e702b215a1fa534317d5c44406000fc727c", "0x1280413acfcd88a97b759e72e60069a1dc4f0a595e815aad9a1a83fa73f81af2", "0x7a77a37f2f4378dab5a0ba7f55b858a2a116f885f2eeab30dcd0b6d1f7286fbb7cbdccbd52721ce68fbcf2448a2f450a6bc6bc7f0027906259821bb3800133181b"),+    ("0x95da865540bd1336402a325a0435a920768f47d4b1ec0d89e0063f811872d1cb6423b5f4a4b931c9f41b216def", "0x0d537e54120ea923621225e3114b91a568a1abe7b7315b642017cad28cfad40b", "0xe04196529154ab89ceb598654f7d1ae178ecdcf73395aa8e8abb9200b504c39c58a93a6e502aaaddc2cbd712b436e9c9fb1010323927835ac54a7a77f11957f91c")+    ]++test_key :: HexString+test_key = "29461542faa1acbc968bcb332115e0537c023f8df416317602ca5d15ca12d02d"++spec :: Spec+spec = parallel $ do+    describe "Ethereum ECDSA" $ do+        it "can hash Ethereum prefixed message" $ for_ test_vector $ \(msg, msgHash, _) ->+            convert (hashMessage msg) `shouldBe` msgHash++        it "can sign Ethereum prefixed message" $ for_ test_vector $ \(msg, _, msgSig) ->+            signMessage (importKey test_key) msg `shouldBe` msgSig
+ tests/Crypto/Random/Test/HmacDrbgSpec.hs view
@@ -0,0 +1,24 @@+{-# LANGUAGE OverloadedStrings #-}+-- Inspired by https://github.com/indutny/hmac-drbg+module Crypto.Random.Test.HmacDrbgSpec where++import           Crypto.Hash.Algorithms   (SHA256)+import           Crypto.Random            (randomBytesGenerate)+import           Data.ByteString          (ByteString)+import           Test.Hspec++import           Crypto.Random.HmacDrbg+import           Data.ByteArray.HexString (HexString)++spec :: Spec+spec = parallel $ do+    describe "HMAC-DRBG-SHA256" $ do+        it "indutny/hmac-drbg test vectors" $ do+            let doDrbg :: ByteString -> HexString+                doDrbg seed = fst (randomBytesGenerate 32 (initialize seed) :: (HexString, HmacDrbg SHA256))++            doDrbg "totally random0123456789secret noncemy drbg"+                `shouldBe` "018ec5f8e08c41e5ac974eb129ac297c5388ee1864324fa13d9b15cf98d9a157"++            doDrbg "totally random0123456789secret nonce"+                `shouldBe` "ed5d61ecf0ef38258e62f03bbb49f19f2cd07ba5145a840d83b134d5963b3633"
+ tests/Data/Digest/Test/Blake2Spec.hs view
@@ -0,0 +1,27 @@+{-# LANGUAGE OverloadedStrings #-}+module Data.Digest.Test.Blake2Spec where++import           Data.ByteArray           (convert)+import           Data.ByteArray.HexString (HexString)+import           Test.Hspec++import           Data.Digest.Blake2++spec :: Spec+spec = parallel $ do+    describe "Variable lenght Blake2" $ do+        it "64-bit output (Blake2b 64)" $+            let hash = convert (blake2_64 "abc") :: HexString+             in hash `shouldBe` "0xd8bb14d833d59559"++        it "128-bit output (Blake2b 128)" $+            let hash = convert (blake2_128 "abc") :: HexString+             in hash `shouldBe` "0xcf4ab791c62b8d2b2109c90275287816"++        it "256-bit output (Blake2b 256)" $+            let hash = convert (blake2_256 "abc") :: HexString+             in hash `shouldBe` "0xbddd813c634239723171ef3fee98579b94964e3bb1cb3e427262c8c068d52319"++        it "512-bit output (Blake2b 512)" $+            let hash = convert (blake2_512 "abc") :: HexString+             in hash `shouldBe` "0xba80a53f981c4d0d6a2797b69f12f6e94c212f14685ac4b74b12bb6fdbffa2d17d87c5392aab792dc252d5de4533cc9518d38aa8dbf1925ab92386edd4009923"
+ tests/Data/Digest/Test/XXHashSpec.hs view
@@ -0,0 +1,32 @@+{-# LANGUAGE OverloadedStrings #-}+module Data.Digest.Test.XXHashSpec where++import           Data.ByteArray           (convert)+import           Test.Hspec++import           Data.ByteArray.HexString (HexString)+import           Data.Digest.XXHash       (xxhash)++spec :: Spec+spec = parallel $ do+    describe "Variable lenght Twox" $ do+        it "64-bit output (Twox64)" $ do+            let hash = convert (xxhash 32 "abc") :: HexString+            hash `shouldBe` "0x990977adf52cbc44"++            let hash' = convert (xxhash 64 "abc") :: HexString+            hash' `shouldBe` "0x990977adf52cbc44"++        it "128-bit output (Twox128)" $ do+            let hash = convert (xxhash 65 "abc") :: HexString+            hash `shouldBe` "0x990977adf52cbc440889329981caa9be"++            let hash' = convert (xxhash 128 "abc") :: HexString+            hash' `shouldBe` "0x990977adf52cbc440889329981caa9be"++        it "256-bit output (Twox256)" $ do+            let hash = convert (xxhash 255 "abc") :: HexString+            hash `shouldBe` "0x990977adf52cbc440889329981caa9bef7da5770b2b8a05303b75d95360dd62b"++            let hash' = convert (xxhash 256 "abc") :: HexString+            hash' `shouldBe` "0x990977adf52cbc440889329981caa9bef7da5770b2b8a05303b75d95360dd62b"
+ tests/Spec.hs view
@@ -0,0 +1,1 @@+{-# OPTIONS_GHC -F -pgmF hspec-discover #-}
+ web3-crypto.cabal view
@@ -0,0 +1,115 @@+cabal-version:      1.12+name:               web3-crypto+version:            1.0.0.0+license:            Apache-2.0+license-file:       LICENSE+copyright:          (c) Aleksandr Krupenkin 2016-2021+maintainer:         mail@akru.me+author:             Aleksandr Krupenkin+homepage:           https://github.com/airalab/hs-web3#readme+bug-reports:        https://github.com/airalab/hs-web3/issues+synopsis:           Cryptograhical primitives for Haskell Web3 library.+description:+    This package implements Web3 specific cryptography and helper functions.++category:           Network+build-type:         Simple+extra-source-files:+    src/cbits/xxhash.h+    src/cbits/xxhash.c++source-repository head+    type:     git+    location: https://github.com/airalab/hs-web3++library+    exposed-modules:+        Crypto.Bip39+        Crypto.Ecdsa.Signature+        Crypto.Ecdsa.Utils+        Crypto.Ethereum+        Crypto.Ethereum.Keyfile+        Crypto.Ethereum.Signature+        Crypto.Ethereum.Utils+        Crypto.Random.HmacDrbg+        Data.Digest.Blake2+        Data.Digest.XXHash++    c-sources:        src/cbits/xxhash.c+    hs-source-dirs:   src+    other-modules:    Paths_web3_crypto+    default-language: Haskell2010+    include-dirs:     src/cbits+    ghc-options:+        -funbox-strict-fields -Wduplicate-exports -Whi-shadowing+        -Widentities -Woverlapping-patterns -Wpartial-type-signatures+        -Wunrecognised-pragmas -Wtyped-holes -Wincomplete-patterns+        -Wincomplete-uni-patterns -Wmissing-fields -Wmissing-methods+        -Wmissing-exported-signatures -Wmissing-monadfail-instances+        -Wmissing-signatures -Wname-shadowing -Wunused-binds+        -Wunused-top-binds -Wunused-local-binds -Wunused-pattern-binds+        -Wunused-imports -Wunused-matches -Wunused-foralls -Wtabs++    build-depends:+        aeson >1.2 && <1.6,+        base >4.11 && <4.15,+        bytestring >0.10 && <0.11,+        containers >0.6 && <0.7,+        cryptonite >0.22 && <0.30,+        memory >0.14 && <0.16,+        memory-hexstring ==1.0.*,+        text >1.2 && <1.3,+        uuid-types >1.0 && <1.1,+        vector >0.12 && <0.13++test-suite tests+    type:             exitcode-stdio-1.0+    main-is:          Spec.hs+    c-sources:        src/cbits/xxhash.c+    hs-source-dirs:   tests src+    other-modules:+        Crypto.Ethereum.Test.KeyfileSpec+        Crypto.Ethereum.Test.SignatureSpec+        Crypto.Random.Test.HmacDrbgSpec+        Data.Digest.Test.Blake2Spec+        Data.Digest.Test.XXHashSpec+        Crypto.Bip39+        Crypto.Ecdsa.Signature+        Crypto.Ecdsa.Utils+        Crypto.Ethereum+        Crypto.Ethereum.Keyfile+        Crypto.Ethereum.Signature+        Crypto.Ethereum.Utils+        Crypto.Random.HmacDrbg+        Data.Digest.Blake2+        Data.Digest.XXHash+        Paths_web3_crypto++    default-language: Haskell2010+    include-dirs:     src/cbits+    ghc-options:+        -funbox-strict-fields -Wduplicate-exports -Whi-shadowing+        -Widentities -Woverlapping-patterns -Wpartial-type-signatures+        -Wunrecognised-pragmas -Wtyped-holes -Wincomplete-patterns+        -Wincomplete-uni-patterns -Wmissing-fields -Wmissing-methods+        -Wmissing-exported-signatures -Wmissing-monadfail-instances+        -Wmissing-signatures -Wname-shadowing -Wunused-binds+        -Wunused-top-binds -Wunused-local-binds -Wunused-pattern-binds+        -Wunused-imports -Wunused-matches -Wunused-foralls -Wtabs -threaded+        -rtsopts -with-rtsopts=-N++    build-depends:+        aeson >1.2 && <1.6,+        base >4.11 && <4.15,+        bytestring >0.10 && <0.11,+        containers >0.6 && <0.7,+        cryptonite >0.22 && <0.30,+        hspec >=2.4.4 && <2.8,+        hspec-contrib >=0.4.0 && <0.6,+        hspec-discover >=2.4.4 && <2.8,+        hspec-expectations >=0.8.2 && <0.9,+        memory >0.14 && <0.16,+        memory-hexstring ==1.0.*,+        text >1.2 && <1.3,+        uuid-types >1.0 && <1.1,+        vector >0.12 && <0.13