Merge branch 'evo' into feature-per-pool-algo

CMakeLists.txt

@@ -164,13 +164,48 @@ set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake")
 find_package(UV REQUIRED)
 
 if (WITH_RANDOMX)
-    find_package(RandomX REQUIRED)
-    include_directories(${RANDOMX_INCLUDE_DIR})
-
+    include_directories(src/crypto/randomx)
     add_definitions(/DXMRIG_ALGO_RANDOMX)
+    set(SOURCES_CRYPTO
+        "${SOURCES_CRYPTO}"
+        src/crypto/randomx/aes_hash.cpp
+        src/crypto/randomx/argon2_ref.c
+        src/crypto/randomx/bytecode_machine.cpp
+        src/crypto/randomx/dataset.cpp
+        src/crypto/randomx/soft_aes.cpp
+        src/crypto/randomx/virtual_memory.cpp
+        src/crypto/randomx/vm_interpreted.cpp
+        src/crypto/randomx/allocator.cpp
+        src/crypto/randomx/randomx.cpp
+        src/crypto/randomx/superscalar.cpp
+        src/crypto/randomx/vm_compiled.cpp
+        src/crypto/randomx/vm_interpreted_light.cpp
+        src/crypto/randomx/argon2_core.c
+        src/crypto/randomx/blake2_generator.cpp
+        src/crypto/randomx/instructions_portable.cpp
+        src/crypto/randomx/reciprocal.c
+        src/crypto/randomx/virtual_machine.cpp
+        src/crypto/randomx/vm_compiled_light.cpp
+        src/crypto/randomx/blake2/blake2b.c
+    )
+    if (NOT ARCH_ID)
+        set(ARCH_ID ${CMAKE_HOST_SYSTEM_PROCESSOR})
+    endif()
+    if (CMAKE_C_COMPILER_ID MATCHES MSVC)
+        enable_language(ASM_MASM)
+        list(APPEND SOURCES_CRYPTO
+             src/crypto/randomx/jit_compiler_x86_static.asm
+             src/crypto/randomx/jit_compiler_x86.cpp
+            )
+    elseif (NOT XMRIG_ARM AND CMAKE_SIZEOF_VOID_P EQUAL 8)
+        list(APPEND SOURCES_CRYPTO
+             src/crypto/randomx/jit_compiler_x86_static.S
+             src/crypto/randomx/jit_compiler_x86.cpp
+            )
+        # cheat because cmake and ccache hate each other
+        set_property(SOURCE src/crypto/randomx/jit_compiler_x86_static.S PROPERTY LANGUAGE C)
+    endif()
 else()
-    set(RANDOMX_LIBRARIES "")
-
     remove_definitions(/DXMRIG_ALGO_RANDOMX)
 endif()
 
@@ -227,4 +262,4 @@ if (WITH_DEBUG_LOG)
 endif()
 
 add_executable(${CMAKE_PROJECT_NAME} ${HEADERS} ${SOURCES} ${SOURCES_OS} ${SOURCES_CPUID} ${HEADERS_CRYPTO} ${SOURCES_CRYPTO} ${SOURCES_SYSLOG} ${HTTP_SOURCES} ${TLS_SOURCES} ${XMRIG_ASM_SOURCES} ${CN_GPU_SOURCES})
-target_link_libraries(${CMAKE_PROJECT_NAME} ${XMRIG_ASM_LIBRARY} ${OPENSSL_LIBRARIES} ${UV_LIBRARIES} ${RANDOMX_LIBRARIES} ${EXTRA_LIBS} ${CPUID_LIB})
+target_link_libraries(${CMAKE_PROJECT_NAME} ${XMRIG_ASM_LIBRARY} ${OPENSSL_LIBRARIES} ${UV_LIBRARIES} ${EXTRA_LIBS} ${CPUID_LIB})

cmake/FindRandomX.cmake

@@ -1,25 +0,0 @@
-find_path(
-    RANDOMX_INCLUDE_DIR
-    NAMES randomx.h
-    PATHS "${XMRIG_DEPS}" ENV "XMRIG_DEPS"
-    PATH_SUFFIXES "include"
-    NO_DEFAULT_PATH
-)
-
-find_path(RANDOMX_INCLUDE_DIR NAMES randomx.h)
-
-find_library(
-    RANDOMX_LIBRARY
-    NAMES librandomx.a randomx librandomx
-    PATHS "${XMRIG_DEPS}" ENV "XMRIG_DEPS"
-    PATH_SUFFIXES "lib"
-    NO_DEFAULT_PATH
-)
-
-find_library(RANDOMX_LIBRARY NAMES librandomx.a randomx librandomx)
-
-set(RANDOMX_LIBRARIES ${RANDOMX_LIBRARY})
-set(RANDOMX_INCLUDE_DIRS ${RANDOMX_INCLUDE_DIR})
-
-include(FindPackageHandleStandardArgs)
-find_package_handle_standard_args(RANDOMX DEFAULT_MSG RANDOMX_LIBRARY RANDOMX_INCLUDE_DIR)

cmake/flags.cmake

@@ -17,7 +17,7 @@ if (CMAKE_CXX_COMPILER_ID MATCHES GNU)
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wno-strict-aliasing")
     set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} -Ofast")
 
-    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall -fno-exceptions -fno-rtti -Wno-class-memaccess")
+    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall -fexceptions -fno-rtti -Wno-class-memaccess")
     set(CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE} -Ofast -s")
 
     if (XMRIG_ARMv8)

src/base/net/stratum/Client.cpp

@@ -728,7 +728,7 @@ void xmrig::Client::parseResponse(int64_t id, const rapidjson::Value &result, co
             LOG_ERR("[%s] error: " RED_BOLD("\"%s\"") RED_S ", code: %d", url(), message, error["code"].GetInt());
         }
 
-        if (isCriticalError(message)) {
+        if (m_id == 1 || isCriticalError(message)) {
             close();
         }
 

src/crypto/cn/CnAlgo.h

@@ -127,7 +127,11 @@ private:
 #       endif
 #       ifdef XMRIG_ALGO_CN_PICO
         CN_MEMORY / 8, // CN_PICO_0
+#       endif
+#       ifdef XMRIG_ALGO_RANDOMX
+        0,             // RX_0
         0,             // RX_WOW
+        0,             // RX_LOKI
 #       endif
     };
 
@@ -157,8 +161,12 @@ private:
         CN_ITER / 2, // CN_HEAVY_XHV
 #       endif
 #       ifdef XMRIG_ALGO_CN_PICO
-        CN_ITER / 8, // CN_PICO_0,
-        0,           // RX_WOW
+        CN_ITER / 8, // CN_PICO_0
+#       endif
+#       ifdef XMRIG_ALGO_RANDOMX
+        0,             // RX_0
+        0,             // RX_WOW
+        0,             // RX_LOKI
 #       endif
     };
 
@@ -189,7 +197,11 @@ private:
 #       endif
 #       ifdef XMRIG_ALGO_CN_PICO
         Algorithm::CN_2,    // CN_PICO_0,
+#       endif
+#       ifdef XMRIG_ALGO_RANDOMX
+        Algorithm::INVALID, // RX_0
         Algorithm::INVALID, // RX_WOW
+        Algorithm::INVALID, // RX_LOKI
 #       endif
     };
 };

src/crypto/common/Algorithm.cpp

@@ -107,8 +107,12 @@ static AlgoName const algorithm_names[] = {
     { "cryptonight_turtle",        "cn_turtle",        Algorithm::CN_PICO_0       },
 #   endif
 #   ifdef XMRIG_ALGO_RANDOMX
+    { "randomx/0",                 "rx/0",             Algorithm::RX_0            },
+    { "RandomX",                   "rx",               Algorithm::RX_0            },
     { "randomx/wow",               "rx/wow",           Algorithm::RX_WOW          },
-    { "randomx",                   "rx",               Algorithm::RX_WOW          },
+    { "RandomWOW",                 nullptr,            Algorithm::RX_WOW          },
+    { "randomx/loki",              "rx/loki",          Algorithm::RX_LOKI         },
+    { "RandomXL",                  nullptr,            Algorithm::RX_LOKI         },
 #   endif
 };
 

src/crypto/common/Algorithm.h

@@ -69,7 +69,9 @@ public:
         CN_PICO_0,     // "cn-pico"          CryptoNight Turtle (TRTL)
 #       endif
 #       ifdef XMRIG_ALGO_RANDOMX
+        RX_0,          // "rx/0"             RandomX (reference configuration)
         RX_WOW,        // "rx/wow"           RandomWOW (Wownero)
+        RX_LOKI,       // "rx/loki"          RandomXL (Loki)
 #       endif
         MAX
     };

src/crypto/randomx/aes_hash.cpp

@@ -0,0 +1,214 @@
+/*
+Copyright (c) 2018-2019, tevador <tevador@gmail.com>
+
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+	* Redistributions of source code must retain the above copyright
+	  notice, this list of conditions and the following disclaimer.
+	* Redistributions in binary form must reproduce the above copyright
+	  notice, this list of conditions and the following disclaimer in the
+	  documentation and/or other materials provided with the distribution.
+	* Neither the name of the copyright holder nor the
+	  names of its contributors may be used to endorse or promote products
+	  derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#include "soft_aes.h"
+#include "randomx.h"
+
+#define AES_HASH_1R_STATE0 0xd7983aad, 0xcc82db47, 0x9fa856de, 0x92b52c0d
+#define AES_HASH_1R_STATE1 0xace78057, 0xf59e125a, 0x15c7b798, 0x338d996e
+#define AES_HASH_1R_STATE2 0xe8a07ce4, 0x5079506b, 0xae62c7d0, 0x6a770017
+#define AES_HASH_1R_STATE3 0x7e994948, 0x79a10005, 0x07ad828d, 0x630a240c
+
+#define AES_HASH_1R_XKEY0 0x06890201, 0x90dc56bf, 0x8b24949f, 0xf6fa8389
+#define AES_HASH_1R_XKEY1 0xed18f99b, 0xee1043c6, 0x51f4e03c, 0x61b263d1
+
+/*
+	Calculate a 512-bit hash of 'input' using 4 lanes of AES.
+	The input is treated as a set of round keys for the encryption
+	of the initial state.
+
+	'inputSize' must be a multiple of 64.
+
+	For a 2 MiB input, this has the same security as 32768-round
+	AES encryption.
+
+	Hashing throughput: >20 GiB/s per CPU core with hardware AES
+*/
+template<bool softAes>
+void hashAes1Rx4(const void *input, size_t inputSize, void *hash) {
+	const uint8_t* inptr = (uint8_t*)input;
+	const uint8_t* inputEnd = inptr + inputSize;
+
+	rx_vec_i128 state0, state1, state2, state3;
+	rx_vec_i128 in0, in1, in2, in3;
+
+	//intial state
+	state0 = rx_set_int_vec_i128(AES_HASH_1R_STATE0);
+	state1 = rx_set_int_vec_i128(AES_HASH_1R_STATE1);
+	state2 = rx_set_int_vec_i128(AES_HASH_1R_STATE2);
+	state3 = rx_set_int_vec_i128(AES_HASH_1R_STATE3);
+
+	//process 64 bytes at a time in 4 lanes
+	while (inptr < inputEnd) {
+		in0 = rx_load_vec_i128((rx_vec_i128*)inptr + 0);
+		in1 = rx_load_vec_i128((rx_vec_i128*)inptr + 1);
+		in2 = rx_load_vec_i128((rx_vec_i128*)inptr + 2);
+		in3 = rx_load_vec_i128((rx_vec_i128*)inptr + 3);
+
+		state0 = aesenc<softAes>(state0, in0);
+		state1 = aesdec<softAes>(state1, in1);
+		state2 = aesenc<softAes>(state2, in2);
+		state3 = aesdec<softAes>(state3, in3);
+
+		inptr += 64;
+	}
+
+	//two extra rounds to achieve full diffusion
+	rx_vec_i128 xkey0 = rx_set_int_vec_i128(AES_HASH_1R_XKEY0);
+	rx_vec_i128 xkey1 = rx_set_int_vec_i128(AES_HASH_1R_XKEY1);
+
+	state0 = aesenc<softAes>(state0, xkey0);
+	state1 = aesdec<softAes>(state1, xkey0);
+	state2 = aesenc<softAes>(state2, xkey0);
+	state3 = aesdec<softAes>(state3, xkey0);
+
+	state0 = aesenc<softAes>(state0, xkey1);
+	state1 = aesdec<softAes>(state1, xkey1);
+	state2 = aesenc<softAes>(state2, xkey1);
+	state3 = aesdec<softAes>(state3, xkey1);
+
+	//output hash
+	rx_store_vec_i128((rx_vec_i128*)hash + 0, state0);
+	rx_store_vec_i128((rx_vec_i128*)hash + 1, state1);
+	rx_store_vec_i128((rx_vec_i128*)hash + 2, state2);
+	rx_store_vec_i128((rx_vec_i128*)hash + 3, state3);
+}
+
+template void hashAes1Rx4<false>(const void *input, size_t inputSize, void *hash);
+template void hashAes1Rx4<true>(const void *input, size_t inputSize, void *hash);
+
+#define AES_GEN_1R_KEY0 0xb4f44917, 0xdbb5552b, 0x62716609, 0x6daca553
+#define AES_GEN_1R_KEY1 0x0da1dc4e, 0x1725d378, 0x846a710d, 0x6d7caf07
+#define AES_GEN_1R_KEY2 0x3e20e345, 0xf4c0794f, 0x9f947ec6, 0x3f1262f1
+#define AES_GEN_1R_KEY3 0x49169154, 0x16314c88, 0xb1ba317c, 0x6aef8135
+
+/*
+	Fill 'buffer' with pseudorandom data based on 512-bit 'state'.
+	The state is encrypted using a single AES round per 16 bytes of output
+	in 4 lanes.
+
+	'outputSize' must be a multiple of 64.
+
+	The modified state is written back to 'state' to allow multiple
+	calls to this function.
+*/
+template<bool softAes>
+void fillAes1Rx4(void *state, size_t outputSize, void *buffer) {
+	const uint8_t* outptr = (uint8_t*)buffer;
+	const uint8_t* outputEnd = outptr + outputSize;
+
+	rx_vec_i128 state0, state1, state2, state3;
+	rx_vec_i128 key0, key1, key2, key3;
+
+	key0 = rx_set_int_vec_i128(AES_GEN_1R_KEY0);
+	key1 = rx_set_int_vec_i128(AES_GEN_1R_KEY1);
+	key2 = rx_set_int_vec_i128(AES_GEN_1R_KEY2);
+	key3 = rx_set_int_vec_i128(AES_GEN_1R_KEY3);
+
+	state0 = rx_load_vec_i128((rx_vec_i128*)state + 0);
+	state1 = rx_load_vec_i128((rx_vec_i128*)state + 1);
+	state2 = rx_load_vec_i128((rx_vec_i128*)state + 2);
+	state3 = rx_load_vec_i128((rx_vec_i128*)state + 3);
+
+	while (outptr < outputEnd) {
+		state0 = aesdec<softAes>(state0, key0);
+		state1 = aesenc<softAes>(state1, key1);
+		state2 = aesdec<softAes>(state2, key2);
+		state3 = aesenc<softAes>(state3, key3);
+
+		rx_store_vec_i128((rx_vec_i128*)outptr + 0, state0);
+		rx_store_vec_i128((rx_vec_i128*)outptr + 1, state1);
+		rx_store_vec_i128((rx_vec_i128*)outptr + 2, state2);
+		rx_store_vec_i128((rx_vec_i128*)outptr + 3, state3);
+
+		outptr += 64;
+	}
+
+	rx_store_vec_i128((rx_vec_i128*)state + 0, state0);
+	rx_store_vec_i128((rx_vec_i128*)state + 1, state1);
+	rx_store_vec_i128((rx_vec_i128*)state + 2, state2);
+	rx_store_vec_i128((rx_vec_i128*)state + 3, state3);
+}
+
+template void fillAes1Rx4<true>(void *state, size_t outputSize, void *buffer);
+template void fillAes1Rx4<false>(void *state, size_t outputSize, void *buffer);
+
+template<bool softAes>
+void fillAes4Rx4(void *state, size_t outputSize, void *buffer) {
+	const uint8_t* outptr = (uint8_t*)buffer;
+	const uint8_t* outputEnd = outptr + outputSize;
+
+	rx_vec_i128 state0, state1, state2, state3;
+	rx_vec_i128 key0, key1, key2, key3, key4, key5, key6, key7;
+
+	key0 = RandomX_CurrentConfig.fillAes4Rx4_Key[0];
+	key1 = RandomX_CurrentConfig.fillAes4Rx4_Key[1];
+	key2 = RandomX_CurrentConfig.fillAes4Rx4_Key[2];
+	key3 = RandomX_CurrentConfig.fillAes4Rx4_Key[3];
+	key4 = RandomX_CurrentConfig.fillAes4Rx4_Key[4];
+	key5 = RandomX_CurrentConfig.fillAes4Rx4_Key[5];
+	key6 = RandomX_CurrentConfig.fillAes4Rx4_Key[6];
+	key7 = RandomX_CurrentConfig.fillAes4Rx4_Key[7];
+
+	state0 = rx_load_vec_i128((rx_vec_i128*)state + 0);
+	state1 = rx_load_vec_i128((rx_vec_i128*)state + 1);
+	state2 = rx_load_vec_i128((rx_vec_i128*)state + 2);
+	state3 = rx_load_vec_i128((rx_vec_i128*)state + 3);
+
+	while (outptr < outputEnd) {
+		state0 = aesdec<softAes>(state0, key0);
+		state1 = aesenc<softAes>(state1, key0);
+		state2 = aesdec<softAes>(state2, key4);
+		state3 = aesenc<softAes>(state3, key4);
+
+		state0 = aesdec<softAes>(state0, key1);
+		state1 = aesenc<softAes>(state1, key1);
+		state2 = aesdec<softAes>(state2, key5);
+		state3 = aesenc<softAes>(state3, key5);
+
+		state0 = aesdec<softAes>(state0, key2);
+		state1 = aesenc<softAes>(state1, key2);
+		state2 = aesdec<softAes>(state2, key6);
+		state3 = aesenc<softAes>(state3, key6);
+
+		state0 = aesdec<softAes>(state0, key3);
+		state1 = aesenc<softAes>(state1, key3);
+		state2 = aesdec<softAes>(state2, key7);
+		state3 = aesenc<softAes>(state3, key7);
+
+		rx_store_vec_i128((rx_vec_i128*)outptr + 0, state0);
+		rx_store_vec_i128((rx_vec_i128*)outptr + 1, state1);
+		rx_store_vec_i128((rx_vec_i128*)outptr + 2, state2);
+		rx_store_vec_i128((rx_vec_i128*)outptr + 3, state3);
+
+		outptr += 64;
+	}
+}
+
+template void fillAes4Rx4<true>(void *state, size_t outputSize, void *buffer);
+template void fillAes4Rx4<false>(void *state, size_t outputSize, void *buffer);

src/crypto/randomx/aes_hash.hpp

@@ -0,0 +1,40 @@
+/*
+Copyright (c) 2018-2019, tevador <tevador@gmail.com>
+
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+	* Redistributions of source code must retain the above copyright
+	  notice, this list of conditions and the following disclaimer.
+	* Redistributions in binary form must reproduce the above copyright
+	  notice, this list of conditions and the following disclaimer in the
+	  documentation and/or other materials provided with the distribution.
+	* Neither the name of the copyright holder nor the
+	  names of its contributors may be used to endorse or promote products
+	  derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#pragma once
+
+#include <cstddef>
+
+template<bool softAes>
+void hashAes1Rx4(const void *input, size_t inputSize, void *hash);
+
+template<bool softAes>
+void fillAes1Rx4(void *state, size_t outputSize, void *buffer);
+
+template<bool softAes>
+void fillAes4Rx4(void *state, size_t outputSize, void *buffer);

src/crypto/randomx/allocator.cpp

@@ -0,0 +1,60 @@
+/*
+Copyright (c) 2018-2019, tevador <tevador@gmail.com>
+
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+	* Redistributions of source code must retain the above copyright
+	  notice, this list of conditions and the following disclaimer.
+	* Redistributions in binary form must reproduce the above copyright
+	  notice, this list of conditions and the following disclaimer in the
+	  documentation and/or other materials provided with the distribution.
+	* Neither the name of the copyright holder nor the
+	  names of its contributors may be used to endorse or promote products
+	  derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#include <new>
+#include "allocator.hpp"
+#include "intrin_portable.h"
+#include "virtual_memory.hpp"
+#include "common.hpp"
+
+namespace randomx {
+
+	template<size_t alignment>
+	void* AlignedAllocator<alignment>::allocMemory(size_t count) {
+		void *mem = rx_aligned_alloc(count, alignment);
+		if (mem == nullptr)
+			throw std::bad_alloc();
+		return mem;
+	}
+
+	template<size_t alignment>
+	void AlignedAllocator<alignment>::freeMemory(void* ptr, size_t count) {
+		rx_aligned_free(ptr);
+	}
+
+	template class AlignedAllocator<CacheLineSize>;
+
+	void* LargePageAllocator::allocMemory(size_t count) {
+		return allocLargePagesMemory(count);
+	}
+
+	void LargePageAllocator::freeMemory(void* ptr, size_t count) {
+		freePagedMemory(ptr, count);
+	};
+
+}

src/crypto/randomx/allocator.hpp

@@ -0,0 +1,46 @@
+/*
+Copyright (c) 2018-2019, tevador <tevador@gmail.com>
+
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+	* Redistributions of source code must retain the above copyright
+	  notice, this list of conditions and the following disclaimer.
+	* Redistributions in binary form must reproduce the above copyright
+	  notice, this list of conditions and the following disclaimer in the
+	  documentation and/or other materials provided with the distribution.
+	* Neither the name of the copyright holder nor the
+	  names of its contributors may be used to endorse or promote products
+	  derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#pragma once
+
+#include <cstddef>
+
+namespace randomx {
+
+	template<size_t alignment>
+	struct AlignedAllocator {
+		static void* allocMemory(size_t);
+		static void freeMemory(void*, size_t);
+	};
+
+	struct LargePageAllocator {
+		static void* allocMemory(size_t);
+		static void freeMemory(void*, size_t);
+	};
+
+}

src/crypto/randomx/argon2.h

@@ -0,0 +1,229 @@
+/*
+Copyright (c) 2018-2019, tevador <tevador@gmail.com>
+
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+	* Redistributions of source code must retain the above copyright
+	  notice, this list of conditions and the following disclaimer.
+	* Redistributions in binary form must reproduce the above copyright
+	  notice, this list of conditions and the following disclaimer in the
+	  documentation and/or other materials provided with the distribution.
+	* Neither the name of the copyright holder nor the
+	  names of its contributors may be used to endorse or promote products
+	  derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/* Original code from Argon2 reference source code package used under CC0 Licence
+ * https://github.com/P-H-C/phc-winner-argon2
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
+*/
+
+#pragma once
+
+#include <stdint.h>
+#include <stddef.h>
+#include <limits.h>
+
+/*
+ * Argon2 input parameter restrictions
+ */
+
+ /* Minimum and maximum number of lanes (degree of parallelism) */
+#define ARGON2_MIN_LANES UINT32_C(1)
+#define ARGON2_MAX_LANES UINT32_C(0xFFFFFF)
+
+/* Minimum and maximum number of threads */
+#define ARGON2_MIN_THREADS UINT32_C(1)
+#define ARGON2_MAX_THREADS UINT32_C(0xFFFFFF)
+
+/* Number of synchronization points between lanes per pass */
+#define ARGON2_SYNC_POINTS UINT32_C(4)
+
+/* Minimum and maximum digest size in bytes */
+#define ARGON2_MIN_OUTLEN UINT32_C(4)
+#define ARGON2_MAX_OUTLEN UINT32_C(0xFFFFFFFF)
+
+/* Minimum and maximum number of memory blocks (each of BLOCK_SIZE bytes) */
+#define ARGON2_MIN_MEMORY (2 * ARGON2_SYNC_POINTS) /* 2 blocks per slice */
+
+#define ARGON2_MIN(a, b) ((a) < (b) ? (a) : (b))
+/* Max memory size is addressing-space/2, topping at 2^32 blocks (4 TB) */
+#define ARGON2_MAX_MEMORY_BITS                                                 \
+    ARGON2_MIN(UINT32_C(32), (sizeof(void *) * CHAR_BIT - 10 - 1))
+#define ARGON2_MAX_MEMORY                                                      \
+    ARGON2_MIN(UINT32_C(0xFFFFFFFF), UINT64_C(1) << ARGON2_MAX_MEMORY_BITS)
+
+/* Minimum and maximum number of passes */
+#define ARGON2_MIN_TIME UINT32_C(1)
+#define ARGON2_MAX_TIME UINT32_C(0xFFFFFFFF)
+
+/* Minimum and maximum password length in bytes */
+#define ARGON2_MIN_PWD_LENGTH UINT32_C(0)
+#define ARGON2_MAX_PWD_LENGTH UINT32_C(0xFFFFFFFF)
+
+/* Minimum and maximum associated data length in bytes */
+#define ARGON2_MIN_AD_LENGTH UINT32_C(0)
+#define ARGON2_MAX_AD_LENGTH UINT32_C(0xFFFFFFFF)
+
+/* Minimum and maximum salt length in bytes */
+#define ARGON2_MIN_SALT_LENGTH UINT32_C(8)
+#define ARGON2_MAX_SALT_LENGTH UINT32_C(0xFFFFFFFF)
+
+/* Minimum and maximum key length in bytes */
+#define ARGON2_MIN_SECRET UINT32_C(0)
+#define ARGON2_MAX_SECRET UINT32_C(0xFFFFFFFF)
+
+/* Flags to determine which fields are securely wiped (default = no wipe). */
+#define ARGON2_DEFAULT_FLAGS UINT32_C(0)
+#define ARGON2_FLAG_CLEAR_PASSWORD (UINT32_C(1) << 0)
+#define ARGON2_FLAG_CLEAR_SECRET (UINT32_C(1) << 1)
+
+
+/* Error codes */
+typedef enum Argon2_ErrorCodes {
+	ARGON2_OK = 0,
+
+	ARGON2_OUTPUT_PTR_NULL = -1,
+
+	ARGON2_OUTPUT_TOO_SHORT = -2,
+	ARGON2_OUTPUT_TOO_LONG = -3,
+
+	ARGON2_PWD_TOO_SHORT = -4,
+	ARGON2_PWD_TOO_LONG = -5,
+
+	ARGON2_SALT_TOO_SHORT = -6,
+	ARGON2_SALT_TOO_LONG = -7,
+
+	ARGON2_AD_TOO_SHORT = -8,
+	ARGON2_AD_TOO_LONG = -9,
+
+	ARGON2_SECRET_TOO_SHORT = -10,
+	ARGON2_SECRET_TOO_LONG = -11,
+
+	ARGON2_TIME_TOO_SMALL = -12,
+	ARGON2_TIME_TOO_LARGE = -13,
+
+	ARGON2_MEMORY_TOO_LITTLE = -14,
+	ARGON2_MEMORY_TOO_MUCH = -15,
+
+	ARGON2_LANES_TOO_FEW = -16,
+	ARGON2_LANES_TOO_MANY = -17,
+
+	ARGON2_PWD_PTR_MISMATCH = -18,    /* NULL ptr with non-zero length */
+	ARGON2_SALT_PTR_MISMATCH = -19,   /* NULL ptr with non-zero length */
+	ARGON2_SECRET_PTR_MISMATCH = -20, /* NULL ptr with non-zero length */
+	ARGON2_AD_PTR_MISMATCH = -21,     /* NULL ptr with non-zero length */
+
+	ARGON2_MEMORY_ALLOCATION_ERROR = -22,
+
+	ARGON2_FREE_MEMORY_CBK_NULL = -23,
+	ARGON2_ALLOCATE_MEMORY_CBK_NULL = -24,
+
+	ARGON2_INCORRECT_PARAMETER = -25,
+	ARGON2_INCORRECT_TYPE = -26,
+
+	ARGON2_OUT_PTR_MISMATCH = -27,
+
+	ARGON2_THREADS_TOO_FEW = -28,
+	ARGON2_THREADS_TOO_MANY = -29,
+
+	ARGON2_MISSING_ARGS = -30,
+
+	ARGON2_ENCODING_FAIL = -31,
+
+	ARGON2_DECODING_FAIL = -32,
+
+	ARGON2_THREAD_FAIL = -33,
+
+	ARGON2_DECODING_LENGTH_FAIL = -34,
+
+	ARGON2_VERIFY_MISMATCH = -35
+} argon2_error_codes;
+
+/* Memory allocator types --- for external allocation */
+typedef int(*allocate_fptr)(uint8_t **memory, size_t bytes_to_allocate);
+typedef void(*deallocate_fptr)(uint8_t *memory, size_t bytes_to_allocate);
+
+/* Argon2 external data structures */
+
+/*
+	*****
+	* Context: structure to hold Argon2 inputs:
+	*  output array and its length,
+	*  password and its length,
+	*  salt and its length,
+	*  secret and its length,
+	*  associated data and its length,
+	*  number of passes, amount of used memory (in KBytes, can be rounded up a bit)
+	*  number of parallel threads that will be run.
+	* All the parameters above affect the output hash value.
+	* Additionally, two function pointers can be provided to allocate and
+	* deallocate the memory (if NULL, memory will be allocated internally).
+	* Also, three flags indicate whether to erase password, secret as soon as they
+	* are pre-hashed (and thus not needed anymore), and the entire memory
+	*****
+	* Simplest situation: you have output array out[8], password is stored in
+	* pwd[32], salt is stored in salt[16], you do not have keys nor associated
+	* data. You need to spend 1 GB of RAM and you run 5 passes of Argon2d with
+	* 4 parallel lanes.
+	* You want to erase the password, but you're OK with last pass not being
+	* erased. You want to use the default memory allocator.
+	* Then you initialize:
+	Argon2_Context(out,8,pwd,32,salt,16,NULL,0,NULL,0,5,1<<20,4,4,NULL,NULL,true,false,false,false)
+	*/
+typedef struct Argon2_Context {
+	uint8_t *out;    /* output array */
+	uint32_t outlen; /* digest length */
+
+	uint8_t *pwd;    /* password array */
+	uint32_t pwdlen; /* password length */
+
+	uint8_t *salt;    /* salt array */
+	uint32_t saltlen; /* salt length */
+
+	uint8_t *secret;    /* key array */
+	uint32_t secretlen; /* key length */
+
+	uint8_t *ad;    /* associated data array */
+	uint32_t adlen; /* associated data length */
+
+	uint32_t t_cost;  /* number of passes */
+	uint32_t m_cost;  /* amount of memory requested (KB) */
+	uint32_t lanes;   /* number of lanes */
+	uint32_t threads; /* maximum number of threads */
+
+	uint32_t version; /* version number */
+
+	allocate_fptr allocate_cbk; /* pointer to memory allocator */
+	deallocate_fptr free_cbk;   /* pointer to memory deallocator */
+
+	uint32_t flags; /* array of bool options */
+} argon2_context;
+
+/* Argon2 primitive type */
+typedef enum Argon2_type {
+	Argon2_d = 0,
+	Argon2_i = 1,
+	Argon2_id = 2
+} argon2_type;
+
+/* Version of the algorithm */
+typedef enum Argon2_version {
+	ARGON2_VERSION_10 = 0x10,
+	ARGON2_VERSION_13 = 0x13,
+	ARGON2_VERSION_NUMBER = ARGON2_VERSION_13
+} argon2_version;

src/crypto/randomx/argon2_core.h

@@ -0,0 +1,254 @@
+/*
+Copyright (c) 2018-2019, tevador <tevador@gmail.com>
+
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+	* Redistributions of source code must retain the above copyright
+	  notice, this list of conditions and the following disclaimer.
+	* Redistributions in binary form must reproduce the above copyright
+	  notice, this list of conditions and the following disclaimer in the
+	  documentation and/or other materials provided with the distribution.
+	* Neither the name of the copyright holder nor the
+	  names of its contributors may be used to endorse or promote products
+	  derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/* Original code from Argon2 reference source code package used under CC0 Licence
+ * https://github.com/P-H-C/phc-winner-argon2
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
+*/
+
+#ifndef ARGON2_CORE_H
+#define ARGON2_CORE_H
+
+#include <stdint.h>
+#include "argon2.h"
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#define CONST_CAST(x) (x)(uintptr_t)
+
+ /**********************Argon2 internal constants*******************************/
+
+enum argon2_core_constants {
+	/* Memory block size in bytes */
+	ARGON2_BLOCK_SIZE = 1024,
+	ARGON2_QWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 8,
+	ARGON2_OWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 16,
+	ARGON2_HWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 32,
+	ARGON2_512BIT_WORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 64,
+
+	/* Number of pseudo-random values generated by one call to Blake in Argon2i
+	   to
+	   generate reference block positions */
+	ARGON2_ADDRESSES_IN_BLOCK = 128,
+
+	/* Pre-hashing digest length and its extension*/
+	ARGON2_PREHASH_DIGEST_LENGTH = 64,
+	ARGON2_PREHASH_SEED_LENGTH = 72
+};
+
+/*************************Argon2 internal data types***********************/
+
+/*
+ * Structure for the (1KB) memory block implemented as 128 64-bit words.
+ * Memory blocks can be copied, XORed. Internal words can be accessed by [] (no
+ * bounds checking).
+ */
+typedef struct block_ { uint64_t v[ARGON2_QWORDS_IN_BLOCK]; } block;
+
+/*****************Functions that work with the block******************/
+
+/* Initialize each byte of the block with @in */
+void rxa2_init_block_value(block *b, uint8_t in);
+
+/* Copy block @src to block @dst */
+void rxa2_copy_block(block *dst, const block *src);
+
+/* XOR @src onto @dst bytewise */
+void rxa2_xor_block(block *dst, const block *src);
+
+/*
+ * Argon2 instance: memory pointer, number of passes, amount of memory, type,
+ * and derived values.
+ * Used to evaluate the number and location of blocks to construct in each
+ * thread
+ */
+typedef struct Argon2_instance_t {
+	block *memory;          /* Memory pointer */
+	uint32_t version;
+	uint32_t passes;        /* Number of passes */
+	uint32_t memory_blocks; /* Number of blocks in memory */
+	uint32_t segment_length;
+	uint32_t lane_length;
+	uint32_t lanes;
+	uint32_t threads;
+	argon2_type type;
+	int print_internals; /* whether to print the memory blocks */
+	argon2_context *context_ptr; /* points back to original context */
+} argon2_instance_t;
+
+/*
+ * Argon2 position: where we construct the block right now. Used to distribute
+ * work between threads.
+ */
+typedef struct Argon2_position_t {
+	uint32_t pass;
+	uint32_t lane;
+	uint8_t slice;
+	uint32_t index;
+} argon2_position_t;
+
+/*Struct that holds the inputs for thread handling FillSegment*/
+typedef struct Argon2_thread_data {
+	argon2_instance_t *instance_ptr;
+	argon2_position_t pos;
+} argon2_thread_data;
+
+/*************************Argon2 core functions********************************/
+
+/* Allocates memory to the given pointer, uses the appropriate allocator as
+ * specified in the context. Total allocated memory is num*size.
+ * @param context argon2_context which specifies the allocator
+ * @param memory pointer to the pointer to the memory
+ * @param size the size in bytes for each element to be allocated
+ * @param num the number of elements to be allocated
+ * @return ARGON2_OK if @memory is a valid pointer and memory is allocated
+ */
+int rxa2_allocate_memory(const argon2_context *context, uint8_t **memory,
+	size_t num, size_t size);
+
+/*
+ * Frees memory at the given pointer, uses the appropriate deallocator as
+ * specified in the context. Also cleans the memory using clear_internal_memory.
+ * @param context argon2_context which specifies the deallocator
+ * @param memory pointer to buffer to be freed
+ * @param size the size in bytes for each element to be deallocated
+ * @param num the number of elements to be deallocated
+ */
+void rxa2_free_memory(const argon2_context *context, uint8_t *memory,
+	size_t num, size_t size);
+
+/* Function that securely cleans the memory. This ignores any flags set
+ * regarding clearing memory. Usually one just calls clear_internal_memory.
+ * @param mem Pointer to the memory
+ * @param s Memory size in bytes
+ */
+void rxa2_secure_wipe_memory(void *v, size_t n);
+
+/* Function that securely clears the memory if FLAG_clear_internal_memory is
+ * set. If the flag isn't set, this function does nothing.
+ * @param mem Pointer to the memory
+ * @param s Memory size in bytes
+ */
+void rxa2_clear_internal_memory(void *v, size_t n);
+
+/*
+ * Computes absolute position of reference block in the lane following a skewed
+ * distribution and using a pseudo-random value as input
+ * @param instance Pointer to the current instance
+ * @param position Pointer to the current position
+ * @param pseudo_rand 32-bit pseudo-random value used to determine the position
+ * @param same_lane Indicates if the block will be taken from the current lane.
+ * If so we can reference the current segment
+ * @pre All pointers must be valid
+ */
+uint32_t rxa2_index_alpha(const argon2_instance_t *instance,
+	const argon2_position_t *position, uint32_t pseudo_rand,
+	int same_lane);
+
+/*
+ * Function that validates all inputs against predefined restrictions and return
+ * an error code
+ * @param context Pointer to current Argon2 context
+ * @return ARGON2_OK if everything is all right, otherwise one of error codes
+ * (all defined in <argon2.h>
+ */
+int rxa2_validate_inputs(const argon2_context *context);
+
+/*
+ * Hashes all the inputs into @a blockhash[PREHASH_DIGEST_LENGTH], clears
+ * password and secret if needed
+ * @param  context  Pointer to the Argon2 internal structure containing memory
+ * pointer, and parameters for time and space requirements.
+ * @param  blockhash Buffer for pre-hashing digest
+ * @param  type Argon2 type
+ * @pre    @a blockhash must have at least @a PREHASH_DIGEST_LENGTH bytes
+ * allocated
+ */
+void rxa2_initial_hash(uint8_t *blockhash, argon2_context *context,
+	argon2_type type);
+
+/*
+ * Function creates first 2 blocks per lane
+ * @param instance Pointer to the current instance
+ * @param blockhash Pointer to the pre-hashing digest
+ * @pre blockhash must point to @a PREHASH_SEED_LENGTH allocated values
+ */
+void rxa2_fill_first_blocks(uint8_t *blockhash, const argon2_instance_t *instance);
+
+/*
+ * Function allocates memory, hashes the inputs with Blake,  and creates first
+ * two blocks. Returns the pointer to the main memory with 2 blocks per lane
+ * initialized
+ * @param  context  Pointer to the Argon2 internal structure containing memory
+ * pointer, and parameters for time and space requirements.
+ * @param  instance Current Argon2 instance
+ * @return Zero if successful, -1 if memory failed to allocate. @context->state
+ * will be modified if successful.
+ */
+int rxa2_argon_initialize(argon2_instance_t *instance, argon2_context *context);
+
+/*
+ * XORing the last block of each lane, hashing it, making the tag. Deallocates
+ * the memory.
+ * @param context Pointer to current Argon2 context (use only the out parameters
+ * from it)
+ * @param instance Pointer to current instance of Argon2
+ * @pre instance->state must point to necessary amount of memory
+ * @pre context->out must point to outlen bytes of memory
+ * @pre if context->free_cbk is not NULL, it should point to a function that
+ * deallocates memory
+ */
+void rxa2_finalize(const argon2_context *context, argon2_instance_t *instance);
+
+/*
+ * Function that fills the segment using previous segments also from other
+ * threads
+ * @param context current context
+ * @param instance Pointer to the current instance
+ * @param position Current position
+ * @pre all block pointers must be valid
+ */
+void rxa2_fill_segment(const argon2_instance_t *instance,
+	argon2_position_t position);
+
+/*
+ * Function that fills the entire memory t_cost times based on the first two
+ * blocks in each lane
+ * @param instance Pointer to the current instance
+ * @return ARGON2_OK if successful, @context->state
+ */
+int rxa2_fill_memory_blocks(argon2_instance_t *instance);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif

src/crypto/randomx/argon2_ref.c

@@ -0,0 +1,214 @@
+/*
+Copyright (c) 2018-2019, tevador <tevador@gmail.com>
+
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+	* Redistributions of source code must retain the above copyright
+	  notice, this list of conditions and the following disclaimer.
+	* Redistributions in binary form must reproduce the above copyright
+	  notice, this list of conditions and the following disclaimer in the
+	  documentation and/or other materials provided with the distribution.
+	* Neither the name of the copyright holder nor the
+	  names of its contributors may be used to endorse or promote products
+	  derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/* Original code from Argon2 reference source code package used under CC0 Licence
+ * https://github.com/P-H-C/phc-winner-argon2
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
+*/
+
+#include <stdint.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "argon2.h"
+#include "argon2_core.h"
+
+#include "blake2/blamka-round-ref.h"
+#include "blake2/blake2-impl.h"
+#include "blake2/blake2.h"
+
+ /*
+  * Function fills a new memory block and optionally XORs the old block over the new one.
+  * @next_block must be initialized.
+  * @param prev_block Pointer to the previous block
+  * @param ref_block Pointer to the reference block
+  * @param next_block Pointer to the block to be constructed
+  * @param with_xor Whether to XOR into the new block (1) or just overwrite (0)
+  * @pre all block pointers must be valid
+  */
+static void fill_block(const block *prev_block, const block *ref_block,
+	block *next_block, int with_xor) {
+	block blockR, block_tmp;
+	unsigned i;
+
+	rxa2_copy_block(&blockR, ref_block);
+	rxa2_xor_block(&blockR, prev_block);
+	rxa2_copy_block(&block_tmp, &blockR);
+	/* Now blockR = ref_block + prev_block and block_tmp = ref_block + prev_block */
+	if (with_xor) {
+		/* Saving the next block contents for XOR over: */
+		rxa2_xor_block(&block_tmp, next_block);
+		/* Now blockR = ref_block + prev_block and
+		   block_tmp = ref_block + prev_block + next_block */
+	}
+
+	/* Apply Blake2 on columns of 64-bit words: (0,1,...,15) , then
+	   (16,17,..31)... finally (112,113,...127) */
+	for (i = 0; i < 8; ++i) {
+		BLAKE2_ROUND_NOMSG(
+			blockR.v[16 * i], blockR.v[16 * i + 1], blockR.v[16 * i + 2],
+			blockR.v[16 * i + 3], blockR.v[16 * i + 4], blockR.v[16 * i + 5],
+			blockR.v[16 * i + 6], blockR.v[16 * i + 7], blockR.v[16 * i + 8],
+			blockR.v[16 * i + 9], blockR.v[16 * i + 10], blockR.v[16 * i + 11],
+			blockR.v[16 * i + 12], blockR.v[16 * i + 13], blockR.v[16 * i + 14],
+			blockR.v[16 * i + 15]);
+	}
+
+	/* Apply Blake2 on rows of 64-bit words: (0,1,16,17,...112,113), then
+	   (2,3,18,19,...,114,115).. finally (14,15,30,31,...,126,127) */
+	for (i = 0; i < 8; i++) {
+		BLAKE2_ROUND_NOMSG(
+			blockR.v[2 * i], blockR.v[2 * i + 1], blockR.v[2 * i + 16],
+			blockR.v[2 * i + 17], blockR.v[2 * i + 32], blockR.v[2 * i + 33],
+			blockR.v[2 * i + 48], blockR.v[2 * i + 49], blockR.v[2 * i + 64],
+			blockR.v[2 * i + 65], blockR.v[2 * i + 80], blockR.v[2 * i + 81],
+			blockR.v[2 * i + 96], blockR.v[2 * i + 97], blockR.v[2 * i + 112],
+			blockR.v[2 * i + 113]);
+	}
+
+	rxa2_copy_block(next_block, &block_tmp);
+	rxa2_xor_block(next_block, &blockR);
+}
+
+static void next_addresses(block *address_block, block *input_block,
+	const block *zero_block) {
+	input_block->v[6]++;
+	fill_block(zero_block, input_block, address_block, 0);
+	fill_block(zero_block, address_block, address_block, 0);
+}
+
+void rxa2_fill_segment(const argon2_instance_t *instance,
+	argon2_position_t position) {
+	block *ref_block = NULL, *curr_block = NULL;
+	block address_block, input_block, zero_block;
+	uint64_t pseudo_rand, ref_index, ref_lane;
+	uint32_t prev_offset, curr_offset;
+	uint32_t starting_index;
+	uint32_t i;
+	int data_independent_addressing;
+
+	if (instance == NULL) {
+		return;
+	}
+
+	data_independent_addressing =
+		(instance->type == Argon2_i) ||
+		(instance->type == Argon2_id && (position.pass == 0) &&
+		(position.slice < ARGON2_SYNC_POINTS / 2));
+
+	if (data_independent_addressing) {
+		rxa2_init_block_value(&zero_block, 0);
+		rxa2_init_block_value(&input_block, 0);
+
+		input_block.v[0] = position.pass;
+		input_block.v[1] = position.lane;
+		input_block.v[2] = position.slice;
+		input_block.v[3] = instance->memory_blocks;
+		input_block.v[4] = instance->passes;
+		input_block.v[5] = instance->type;
+	}
+
+	starting_index = 0;
+
+	if ((0 == position.pass) && (0 == position.slice)) {
+		starting_index = 2; /* we have already generated the first two blocks */
+
+		/* Don't forget to generate the first block of addresses: */
+		if (data_independent_addressing) {
+			next_addresses(&address_block, &input_block, &zero_block);
+		}
+	}
+
+	/* Offset of the current block */
+	curr_offset = position.lane * instance->lane_length +
+		position.slice * instance->segment_length + starting_index;
+
+	if (0 == curr_offset % instance->lane_length) {
+		/* Last block in this lane */
+		prev_offset = curr_offset + instance->lane_length - 1;
+	}
+	else {
+		/* Previous block */
+		prev_offset = curr_offset - 1;
+	}
+
+	for (i = starting_index; i < instance->segment_length;
+		++i, ++curr_offset, ++prev_offset) {
+		/*1.1 Rotating prev_offset if needed */
+		if (curr_offset % instance->lane_length == 1) {
+			prev_offset = curr_offset - 1;
+		}
+
+		/* 1.2 Computing the index of the reference block */
+		/* 1.2.1 Taking pseudo-random value from the previous block */
+		if (data_independent_addressing) {
+			if (i % ARGON2_ADDRESSES_IN_BLOCK == 0) {
+				next_addresses(&address_block, &input_block, &zero_block);
+			}
+			pseudo_rand = address_block.v[i % ARGON2_ADDRESSES_IN_BLOCK];
+		}
+		else {
+			pseudo_rand = instance->memory[prev_offset].v[0];
+		}
+
+		/* 1.2.2 Computing the lane of the reference block */
+		ref_lane = ((pseudo_rand >> 32)) % instance->lanes;
+
+		if ((position.pass == 0) && (position.slice == 0)) {
+			/* Can not reference other lanes yet */
+			ref_lane = position.lane;
+		}
+
+		/* 1.2.3 Computing the number of possible reference block within the
+		 * lane.
+		 */
+		position.index = i;
+		ref_index = rxa2_index_alpha(instance, &position, pseudo_rand & 0xFFFFFFFF,
+			ref_lane == position.lane);
+
+		/* 2 Creating a new block */
+		ref_block =
+			instance->memory + instance->lane_length * ref_lane + ref_index;
+		curr_block = instance->memory + curr_offset;
+		if (ARGON2_VERSION_10 == instance->version) {
+			/* version 1.2.1 and earlier: overwrite, not XOR */
+			fill_block(instance->memory + prev_offset, ref_block, curr_block, 0);
+		}
+		else {
+			if (0 == position.pass) {
+				fill_block(instance->memory + prev_offset, ref_block,
+					curr_block, 0);
+			}
+			else {
+				fill_block(instance->memory + prev_offset, ref_block,
+					curr_block, 1);
+			}
+		}
+	}
+}

src/crypto/randomx/asm/program_epilogue_linux.inc

@@ -0,0 +1,10 @@
+	;# restore callee-saved registers - System V AMD64 ABI
+	pop r15
+	pop r14
+	pop r13
+	pop r12
+	pop rbp
+	pop rbx
+
+	;# program finished
+	ret 0

src/crypto/randomx/asm/program_epilogue_store.inc

@@ -0,0 +1,19 @@
+	;# save VM register values
+	pop rcx
+	mov qword ptr [rcx+0], r8
+	mov qword ptr [rcx+8], r9
+	mov qword ptr [rcx+16], r10
+	mov qword ptr [rcx+24], r11
+	mov qword ptr [rcx+32], r12
+	mov qword ptr [rcx+40], r13
+	mov qword ptr [rcx+48], r14
+	mov qword ptr [rcx+56], r15
+	movdqa xmmword ptr [rcx+64], xmm0
+	movdqa xmmword ptr [rcx+80], xmm1
+	movdqa xmmword ptr [rcx+96], xmm2
+	movdqa xmmword ptr [rcx+112], xmm3
+	lea rcx, [rcx+64]
+	movdqa xmmword ptr [rcx+64], xmm4
+	movdqa xmmword ptr [rcx+80], xmm5
+	movdqa xmmword ptr [rcx+96], xmm6
+	movdqa xmmword ptr [rcx+112], xmm7

src/crypto/randomx/asm/program_epilogue_win64.inc

@@ -0,0 +1,24 @@
+	;# restore callee-saved registers - Microsoft x64 calling convention
+	movdqu xmm15, xmmword ptr [rsp]
+	movdqu xmm14, xmmword ptr [rsp+16]
+	movdqu xmm13, xmmword ptr [rsp+32]
+	movdqu xmm12, xmmword ptr [rsp+48]
+	movdqu xmm11, xmmword ptr [rsp+64]
+	add rsp, 80
+	movdqu xmm10, xmmword ptr [rsp]
+	movdqu xmm9, xmmword ptr [rsp+16]
+	movdqu xmm8, xmmword ptr [rsp+32]
+	movdqu xmm7, xmmword ptr [rsp+48]
+	movdqu xmm6, xmmword ptr [rsp+64]
+	add rsp, 80
+	pop r15
+	pop r14
+	pop r13
+	pop r12
+	pop rsi
+	pop rdi
+	pop rbp
+	pop rbx
+
+	;# program finished
+	ret

src/crypto/randomx/asm/program_loop_load.inc

@@ -0,0 +1,32 @@
+	mov rdx, rax
+	and eax, RANDOMX_SCRATCHPAD_MASK
+	lea rcx, [rsi+rax]
+	push rcx
+	xor r8,  qword ptr [rcx+0]
+	xor r9,  qword ptr [rcx+8]
+	xor r10, qword ptr [rcx+16]
+	xor r11, qword ptr [rcx+24]
+	xor r12, qword ptr [rcx+32]
+	xor r13, qword ptr [rcx+40]
+	xor r14, qword ptr [rcx+48]
+	xor r15, qword ptr [rcx+56]
+	ror rdx, 32
+	and edx, RANDOMX_SCRATCHPAD_MASK
+	lea rcx, [rsi+rdx]
+	push rcx
+	cvtdq2pd xmm0, qword ptr [rcx+0]
+	cvtdq2pd xmm1, qword ptr [rcx+8]
+	cvtdq2pd xmm2, qword ptr [rcx+16]
+	cvtdq2pd xmm3, qword ptr [rcx+24]
+	cvtdq2pd xmm4, qword ptr [rcx+32]
+	cvtdq2pd xmm5, qword ptr [rcx+40]
+	cvtdq2pd xmm6, qword ptr [rcx+48]
+	cvtdq2pd xmm7, qword ptr [rcx+56]
+	andps xmm4, xmm13
+	andps xmm5, xmm13
+	andps xmm6, xmm13
+	andps xmm7, xmm13
+	orps xmm4, xmm14
+	orps xmm5, xmm14
+	orps xmm6, xmm14
+	orps xmm7, xmm14

src/crypto/randomx/asm/program_loop_store.inc

@@ -0,0 +1,19 @@
+	xor eax, eax
+	pop rcx
+	mov qword ptr [rcx+0], r8
+	mov qword ptr [rcx+8], r9
+	mov qword ptr [rcx+16], r10
+	mov qword ptr [rcx+24], r11
+	mov qword ptr [rcx+32], r12
+	mov qword ptr [rcx+40], r13
+	mov qword ptr [rcx+48], r14
+	mov qword ptr [rcx+56], r15
+	pop rcx
+	xorpd xmm0, xmm4
+	xorpd xmm1, xmm5
+	xorpd xmm2, xmm6
+	xorpd xmm3, xmm7
+	movapd xmmword ptr [rcx+0], xmm0
+	movapd xmmword ptr [rcx+16], xmm1
+	movapd xmmword ptr [rcx+32], xmm2
+	movapd xmmword ptr [rcx+48], xmm3

src/crypto/randomx/asm/program_prologue_linux.inc

@@ -0,0 +1,34 @@
+	;# callee-saved registers - System V AMD64 ABI
+	push rbx
+	push rbp
+	push r12
+	push r13
+	push r14
+	push r15
+
+	;# function arguments
+	mov rbx, rcx                ;# loop counter
+	push rdi                    ;# RegisterFile& registerFile
+	mov rcx, rdi
+	mov rbp, qword ptr [rsi]    ;# "mx", "ma"
+	mov rdi, qword ptr [rsi+8]  ;# uint8_t* dataset
+	mov rsi, rdx                ;# uint8_t* scratchpad
+
+	mov rax, rbp
+
+	;# zero integer registers
+	xor r8, r8
+	xor r9, r9
+	xor r10, r10
+	xor r11, r11
+	xor r12, r12
+	xor r13, r13
+	xor r14, r14
+	xor r15, r15
+
+	;# load constant registers
+	lea rcx, [rcx+120]
+	movapd xmm8, xmmword ptr [rcx+72]
+	movapd xmm9, xmmword ptr [rcx+88]
+	movapd xmm10, xmmword ptr [rcx+104]
+	movapd xmm11, xmmword ptr [rcx+120]

src/crypto/randomx/asm/program_prologue_win64.inc

@@ -0,0 +1,47 @@
+	;# callee-saved registers - Microsoft x64 calling convention
+	push rbx
+	push rbp
+	push rdi
+	push rsi
+	push r12
+	push r13
+	push r14
+	push r15
+	sub rsp, 80
+	movdqu xmmword ptr [rsp+64], xmm6
+	movdqu xmmword ptr [rsp+48], xmm7
+	movdqu xmmword ptr [rsp+32], xmm8
+	movdqu xmmword ptr [rsp+16], xmm9
+	movdqu xmmword ptr [rsp+0], xmm10
+	sub rsp, 80
+	movdqu xmmword ptr [rsp+64], xmm11
+	movdqu xmmword ptr [rsp+48], xmm12
+	movdqu xmmword ptr [rsp+32], xmm13
+	movdqu xmmword ptr [rsp+16], xmm14
+	movdqu xmmword ptr [rsp+0], xmm15
+
+	;# function arguments
+	push rcx                    ;# RegisterFile& registerFile
+	mov rbp, qword ptr [rdx]    ;# "mx", "ma"
+	mov rdi, qword ptr [rdx+8]  ;# uint8_t* dataset
+	mov rsi, r8                 ;# uint8_t* scratchpad
+	mov rbx, r9                 ;# loop counter
+
+	mov rax, rbp
+
+	;# zero integer registers
+	xor r8, r8
+	xor r9, r9
+	xor r10, r10
+	xor r11, r11
+	xor r12, r12
+	xor r13, r13
+	xor r14, r14
+	xor r15, r15
+
+	;# load constant registers
+	lea rcx, [rcx+120]
+	movapd xmm8, xmmword ptr [rcx+72]
+	movapd xmm9, xmmword ptr [rcx+88]
+	movapd xmm10, xmmword ptr [rcx+104]
+	movapd xmm11, xmmword ptr [rcx+120]

src/crypto/randomx/asm/program_read_dataset.inc

@@ -0,0 +1,17 @@
+	xor rbp, rax                       ;# modify "mx"
+	mov edx, ebp                       ;# edx = mx
+	and edx, RANDOMX_DATASET_BASE_MASK
+	prefetchnta byte ptr [rdi+rdx]
+	ror rbp, 32                        ;# swap "ma" and "mx"
+	mov edx, ebp                       ;# edx = ma
+	and edx, RANDOMX_DATASET_BASE_MASK
+	lea rcx, [rdi+rdx]                 ;# dataset cache line
+	xor r8,  qword ptr [rcx+0]
+	xor r9,  qword ptr [rcx+8]
+	xor r10, qword ptr [rcx+16]
+	xor r11, qword ptr [rcx+24]
+	xor r12, qword ptr [rcx+32]
+	xor r13, qword ptr [rcx+40]
+	xor r14, qword ptr [rcx+48]
+	xor r15, qword ptr [rcx+56]
+	

src/crypto/randomx/asm/program_read_dataset_sshash_fin.inc

@@ -0,0 +1,10 @@
+	mov rbx, qword ptr [rsp+64]
+	xor r8, qword ptr [rsp+56]
+	xor r9, qword ptr [rsp+48]
+	xor r10, qword ptr [rsp+40]
+	xor r11, qword ptr [rsp+32]
+	xor r12, qword ptr [rsp+24]
+	xor r13, qword ptr [rsp+16]
+	xor r14, qword ptr [rsp+8]
+	xor r15, qword ptr [rsp+0]
+	add rsp, 72

src/crypto/randomx/asm/program_read_dataset_sshash_init.inc

@@ -0,0 +1,17 @@
+	sub rsp, 72
+	mov qword ptr [rsp+64], rbx
+	mov qword ptr [rsp+56], r8
+	mov qword ptr [rsp+48], r9
+	mov qword ptr [rsp+40], r10
+	mov qword ptr [rsp+32], r11
+	mov qword ptr [rsp+24], r12
+	mov qword ptr [rsp+16], r13
+	mov qword ptr [rsp+8], r14
+	mov qword ptr [rsp+0], r15
+	xor rbp, rax                       ;# modify "mx"
+	ror rbp, 32                        ;# swap "ma" and "mx"
+	mov ebx, ebp                       ;# ecx = ma
+	and ebx, RANDOMX_DATASET_BASE_MASK
+	shr ebx, 6                         ;# ebx = Dataset block number
+	;# add ebx, datasetOffset / 64
+	;# call 32768

src/crypto/randomx/asm/program_sshash_constants.inc

@@ -0,0 +1,24 @@
+r0_mul:
+	;#/ 6364136223846793005
+	db 45, 127, 149, 76, 45, 244, 81, 88
+r1_add:
+	;#/ 9298411001130361340
+	db 252, 161, 245, 89, 138, 151, 10, 129
+r2_add:
+	;#/ 12065312585734608966
+	db 70, 216, 194, 56, 223, 153, 112, 167
+r3_add:
+	;#/ 9306329213124626780
+	db 92, 73, 34, 191, 28, 185, 38, 129
+r4_add:
+	;#/ 5281919268842080866
+	db 98, 138, 159, 23, 151, 37, 77, 73
+r5_add:
+	;#/ 10536153434571861004
+	db 12, 236, 170, 206, 185, 239, 55, 146
+r6_add:
+	;#/ 3398623926847679864
+	db 120, 45, 230, 108, 116, 86, 42, 47
+r7_add:
+	;#/ 9549104520008361294
+	db 78, 229, 44, 182, 247, 59, 133, 132

src/crypto/randomx/asm/program_sshash_load.inc

@@ -0,0 +1,8 @@
+	xor r8, qword ptr [rbx+0]
+	xor r9, qword ptr [rbx+8]
+	xor r10, qword ptr [rbx+16]
+	xor r11, qword ptr [rbx+24]
+	xor r12, qword ptr [rbx+32]
+	xor r13, qword ptr [rbx+40]
+	xor r14, qword ptr [rbx+48]
+	xor r15, qword ptr [rbx+56]

src/crypto/randomx/asm/program_sshash_prefetch.inc

@@ -0,0 +1,4 @@
+	and rbx, RANDOMX_CACHE_MASK
+	shl rbx, 6
+	add rbx, rdi
+	prefetchnta byte ptr [rbx]

src/crypto/randomx/asm/program_xmm_constants.inc

@@ -0,0 +1,6 @@
+mantissaMask:
+	db 255, 255, 255, 255, 255, 255, 255, 0, 255, 255, 255, 255, 255, 255, 255, 0
+exp240:
+	db 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+scaleMask:
+	db 0, 0, 0, 0, 0, 0, 240, 128, 0, 0, 0, 0, 0, 0, 240, 128

src/crypto/randomx/asm/randomx_reciprocal.inc

@@ -0,0 +1,7 @@
+	mov edx, 1
+	mov r8, rcx
+	xor eax, eax
+	bsr rcx, rcx
+	shl rdx, cl
+	div r8
+	ret