keccakf.go - gtsocial-umbx - Unnamed repository; edit this file 'description' to name the repository.

keccakf.go (10600B)
      1 // Copyright 2014 The Go Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style
      3 // license that can be found in the LICENSE file.
      4 
      5 //go:build !amd64 || purego || !gc
      6 // +build !amd64 purego !gc
      7 
      8 package sha3
      9 
     10 import "math/bits"
     11 
     12 // rc stores the round constants for use in the ι step.
     13 var rc = [24]uint64{
     14 	0x0000000000000001,
     15 	0x0000000000008082,
     16 	0x800000000000808A,
     17 	0x8000000080008000,
     18 	0x000000000000808B,
     19 	0x0000000080000001,
     20 	0x8000000080008081,
     21 	0x8000000000008009,
     22 	0x000000000000008A,
     23 	0x0000000000000088,
     24 	0x0000000080008009,
     25 	0x000000008000000A,
     26 	0x000000008000808B,
     27 	0x800000000000008B,
     28 	0x8000000000008089,
     29 	0x8000000000008003,
     30 	0x8000000000008002,
     31 	0x8000000000000080,
     32 	0x000000000000800A,
     33 	0x800000008000000A,
     34 	0x8000000080008081,
     35 	0x8000000000008080,
     36 	0x0000000080000001,
     37 	0x8000000080008008,
     38 }
     39 
     40 // keccakF1600 applies the Keccak permutation to a 1600b-wide
     41 // state represented as a slice of 25 uint64s.
     42 func keccakF1600(a *[25]uint64) {
     43 	// Implementation translated from Keccak-inplace.c
     44 	// in the keccak reference code.
     45 	var t, bc0, bc1, bc2, bc3, bc4, d0, d1, d2, d3, d4 uint64
     46 
     47 	for i := 0; i < 24; i += 4 {
     48 		// Combines the 5 steps in each round into 2 steps.
     49 		// Unrolls 4 rounds per loop and spreads some steps across rounds.
     50 
     51 		// Round 1
     52 		bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20]
     53 		bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21]
     54 		bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22]
     55 		bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23]
     56 		bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24]
     57 		d0 = bc4 ^ (bc1<<1 | bc1>>63)
     58 		d1 = bc0 ^ (bc2<<1 | bc2>>63)
     59 		d2 = bc1 ^ (bc3<<1 | bc3>>63)
     60 		d3 = bc2 ^ (bc4<<1 | bc4>>63)
     61 		d4 = bc3 ^ (bc0<<1 | bc0>>63)
     62 
     63 		bc0 = a[0] ^ d0
     64 		t = a[6] ^ d1
     65 		bc1 = bits.RotateLeft64(t, 44)
     66 		t = a[12] ^ d2
     67 		bc2 = bits.RotateLeft64(t, 43)
     68 		t = a[18] ^ d3
     69 		bc3 = bits.RotateLeft64(t, 21)
     70 		t = a[24] ^ d4
     71 		bc4 = bits.RotateLeft64(t, 14)
     72 		a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i]
     73 		a[6] = bc1 ^ (bc3 &^ bc2)
     74 		a[12] = bc2 ^ (bc4 &^ bc3)
     75 		a[18] = bc3 ^ (bc0 &^ bc4)
     76 		a[24] = bc4 ^ (bc1 &^ bc0)
     77 
     78 		t = a[10] ^ d0
     79 		bc2 = bits.RotateLeft64(t, 3)
     80 		t = a[16] ^ d1
     81 		bc3 = bits.RotateLeft64(t, 45)
     82 		t = a[22] ^ d2
     83 		bc4 = bits.RotateLeft64(t, 61)
     84 		t = a[3] ^ d3
     85 		bc0 = bits.RotateLeft64(t, 28)
     86 		t = a[9] ^ d4
     87 		bc1 = bits.RotateLeft64(t, 20)
     88 		a[10] = bc0 ^ (bc2 &^ bc1)
     89 		a[16] = bc1 ^ (bc3 &^ bc2)
     90 		a[22] = bc2 ^ (bc4 &^ bc3)
     91 		a[3] = bc3 ^ (bc0 &^ bc4)
     92 		a[9] = bc4 ^ (bc1 &^ bc0)
     93 
     94 		t = a[20] ^ d0
     95 		bc4 = bits.RotateLeft64(t, 18)
     96 		t = a[1] ^ d1
     97 		bc0 = bits.RotateLeft64(t, 1)
     98 		t = a[7] ^ d2
     99 		bc1 = bits.RotateLeft64(t, 6)
    100 		t = a[13] ^ d3
    101 		bc2 = bits.RotateLeft64(t, 25)
    102 		t = a[19] ^ d4
    103 		bc3 = bits.RotateLeft64(t, 8)
    104 		a[20] = bc0 ^ (bc2 &^ bc1)
    105 		a[1] = bc1 ^ (bc3 &^ bc2)
    106 		a[7] = bc2 ^ (bc4 &^ bc3)
    107 		a[13] = bc3 ^ (bc0 &^ bc4)
    108 		a[19] = bc4 ^ (bc1 &^ bc0)
    109 
    110 		t = a[5] ^ d0
    111 		bc1 = bits.RotateLeft64(t, 36)
    112 		t = a[11] ^ d1
    113 		bc2 = bits.RotateLeft64(t, 10)
    114 		t = a[17] ^ d2
    115 		bc3 = bits.RotateLeft64(t, 15)
    116 		t = a[23] ^ d3
    117 		bc4 = bits.RotateLeft64(t, 56)
    118 		t = a[4] ^ d4
    119 		bc0 = bits.RotateLeft64(t, 27)
    120 		a[5] = bc0 ^ (bc2 &^ bc1)
    121 		a[11] = bc1 ^ (bc3 &^ bc2)
    122 		a[17] = bc2 ^ (bc4 &^ bc3)
    123 		a[23] = bc3 ^ (bc0 &^ bc4)
    124 		a[4] = bc4 ^ (bc1 &^ bc0)
    125 
    126 		t = a[15] ^ d0
    127 		bc3 = bits.RotateLeft64(t, 41)
    128 		t = a[21] ^ d1
    129 		bc4 = bits.RotateLeft64(t, 2)
    130 		t = a[2] ^ d2
    131 		bc0 = bits.RotateLeft64(t, 62)
    132 		t = a[8] ^ d3
    133 		bc1 = bits.RotateLeft64(t, 55)
    134 		t = a[14] ^ d4
    135 		bc2 = bits.RotateLeft64(t, 39)
    136 		a[15] = bc0 ^ (bc2 &^ bc1)
    137 		a[21] = bc1 ^ (bc3 &^ bc2)
    138 		a[2] = bc2 ^ (bc4 &^ bc3)
    139 		a[8] = bc3 ^ (bc0 &^ bc4)
    140 		a[14] = bc4 ^ (bc1 &^ bc0)
    141 
    142 		// Round 2
    143 		bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20]
    144 		bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21]
    145 		bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22]
    146 		bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23]
    147 		bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24]
    148 		d0 = bc4 ^ (bc1<<1 | bc1>>63)
    149 		d1 = bc0 ^ (bc2<<1 | bc2>>63)
    150 		d2 = bc1 ^ (bc3<<1 | bc3>>63)
    151 		d3 = bc2 ^ (bc4<<1 | bc4>>63)
    152 		d4 = bc3 ^ (bc0<<1 | bc0>>63)
    153 
    154 		bc0 = a[0] ^ d0
    155 		t = a[16] ^ d1
    156 		bc1 = bits.RotateLeft64(t, 44)
    157 		t = a[7] ^ d2
    158 		bc2 = bits.RotateLeft64(t, 43)
    159 		t = a[23] ^ d3
    160 		bc3 = bits.RotateLeft64(t, 21)
    161 		t = a[14] ^ d4
    162 		bc4 = bits.RotateLeft64(t, 14)
    163 		a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+1]
    164 		a[16] = bc1 ^ (bc3 &^ bc2)
    165 		a[7] = bc2 ^ (bc4 &^ bc3)
    166 		a[23] = bc3 ^ (bc0 &^ bc4)
    167 		a[14] = bc4 ^ (bc1 &^ bc0)
    168 
    169 		t = a[20] ^ d0
    170 		bc2 = bits.RotateLeft64(t, 3)
    171 		t = a[11] ^ d1
    172 		bc3 = bits.RotateLeft64(t, 45)
    173 		t = a[2] ^ d2
    174 		bc4 = bits.RotateLeft64(t, 61)
    175 		t = a[18] ^ d3
    176 		bc0 = bits.RotateLeft64(t, 28)
    177 		t = a[9] ^ d4
    178 		bc1 = bits.RotateLeft64(t, 20)
    179 		a[20] = bc0 ^ (bc2 &^ bc1)
    180 		a[11] = bc1 ^ (bc3 &^ bc2)
    181 		a[2] = bc2 ^ (bc4 &^ bc3)
    182 		a[18] = bc3 ^ (bc0 &^ bc4)
    183 		a[9] = bc4 ^ (bc1 &^ bc0)
    184 
    185 		t = a[15] ^ d0
    186 		bc4 = bits.RotateLeft64(t, 18)
    187 		t = a[6] ^ d1
    188 		bc0 = bits.RotateLeft64(t, 1)
    189 		t = a[22] ^ d2
    190 		bc1 = bits.RotateLeft64(t, 6)
    191 		t = a[13] ^ d3
    192 		bc2 = bits.RotateLeft64(t, 25)
    193 		t = a[4] ^ d4
    194 		bc3 = bits.RotateLeft64(t, 8)
    195 		a[15] = bc0 ^ (bc2 &^ bc1)
    196 		a[6] = bc1 ^ (bc3 &^ bc2)
    197 		a[22] = bc2 ^ (bc4 &^ bc3)
    198 		a[13] = bc3 ^ (bc0 &^ bc4)
    199 		a[4] = bc4 ^ (bc1 &^ bc0)
    200 
    201 		t = a[10] ^ d0
    202 		bc1 = bits.RotateLeft64(t, 36)
    203 		t = a[1] ^ d1
    204 		bc2 = bits.RotateLeft64(t, 10)
    205 		t = a[17] ^ d2
    206 		bc3 = bits.RotateLeft64(t, 15)
    207 		t = a[8] ^ d3
    208 		bc4 = bits.RotateLeft64(t, 56)
    209 		t = a[24] ^ d4
    210 		bc0 = bits.RotateLeft64(t, 27)
    211 		a[10] = bc0 ^ (bc2 &^ bc1)
    212 		a[1] = bc1 ^ (bc3 &^ bc2)
    213 		a[17] = bc2 ^ (bc4 &^ bc3)
    214 		a[8] = bc3 ^ (bc0 &^ bc4)
    215 		a[24] = bc4 ^ (bc1 &^ bc0)
    216 
    217 		t = a[5] ^ d0
    218 		bc3 = bits.RotateLeft64(t, 41)
    219 		t = a[21] ^ d1
    220 		bc4 = bits.RotateLeft64(t, 2)
    221 		t = a[12] ^ d2
    222 		bc0 = bits.RotateLeft64(t, 62)
    223 		t = a[3] ^ d3
    224 		bc1 = bits.RotateLeft64(t, 55)
    225 		t = a[19] ^ d4
    226 		bc2 = bits.RotateLeft64(t, 39)
    227 		a[5] = bc0 ^ (bc2 &^ bc1)
    228 		a[21] = bc1 ^ (bc3 &^ bc2)
    229 		a[12] = bc2 ^ (bc4 &^ bc3)
    230 		a[3] = bc3 ^ (bc0 &^ bc4)
    231 		a[19] = bc4 ^ (bc1 &^ bc0)
    232 
    233 		// Round 3
    234 		bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20]
    235 		bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21]
    236 		bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22]
    237 		bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23]
    238 		bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24]
    239 		d0 = bc4 ^ (bc1<<1 | bc1>>63)
    240 		d1 = bc0 ^ (bc2<<1 | bc2>>63)
    241 		d2 = bc1 ^ (bc3<<1 | bc3>>63)
    242 		d3 = bc2 ^ (bc4<<1 | bc4>>63)
    243 		d4 = bc3 ^ (bc0<<1 | bc0>>63)
    244 
    245 		bc0 = a[0] ^ d0
    246 		t = a[11] ^ d1
    247 		bc1 = bits.RotateLeft64(t, 44)
    248 		t = a[22] ^ d2
    249 		bc2 = bits.RotateLeft64(t, 43)
    250 		t = a[8] ^ d3
    251 		bc3 = bits.RotateLeft64(t, 21)
    252 		t = a[19] ^ d4
    253 		bc4 = bits.RotateLeft64(t, 14)
    254 		a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+2]
    255 		a[11] = bc1 ^ (bc3 &^ bc2)
    256 		a[22] = bc2 ^ (bc4 &^ bc3)
    257 		a[8] = bc3 ^ (bc0 &^ bc4)
    258 		a[19] = bc4 ^ (bc1 &^ bc0)
    259 
    260 		t = a[15] ^ d0
    261 		bc2 = bits.RotateLeft64(t, 3)
    262 		t = a[1] ^ d1
    263 		bc3 = bits.RotateLeft64(t, 45)
    264 		t = a[12] ^ d2
    265 		bc4 = bits.RotateLeft64(t, 61)
    266 		t = a[23] ^ d3
    267 		bc0 = bits.RotateLeft64(t, 28)
    268 		t = a[9] ^ d4
    269 		bc1 = bits.RotateLeft64(t, 20)
    270 		a[15] = bc0 ^ (bc2 &^ bc1)
    271 		a[1] = bc1 ^ (bc3 &^ bc2)
    272 		a[12] = bc2 ^ (bc4 &^ bc3)
    273 		a[23] = bc3 ^ (bc0 &^ bc4)
    274 		a[9] = bc4 ^ (bc1 &^ bc0)
    275 
    276 		t = a[5] ^ d0
    277 		bc4 = bits.RotateLeft64(t, 18)
    278 		t = a[16] ^ d1
    279 		bc0 = bits.RotateLeft64(t, 1)
    280 		t = a[2] ^ d2
    281 		bc1 = bits.RotateLeft64(t, 6)
    282 		t = a[13] ^ d3
    283 		bc2 = bits.RotateLeft64(t, 25)
    284 		t = a[24] ^ d4
    285 		bc3 = bits.RotateLeft64(t, 8)
    286 		a[5] = bc0 ^ (bc2 &^ bc1)
    287 		a[16] = bc1 ^ (bc3 &^ bc2)
    288 		a[2] = bc2 ^ (bc4 &^ bc3)
    289 		a[13] = bc3 ^ (bc0 &^ bc4)
    290 		a[24] = bc4 ^ (bc1 &^ bc0)
    291 
    292 		t = a[20] ^ d0
    293 		bc1 = bits.RotateLeft64(t, 36)
    294 		t = a[6] ^ d1
    295 		bc2 = bits.RotateLeft64(t, 10)
    296 		t = a[17] ^ d2
    297 		bc3 = bits.RotateLeft64(t, 15)
    298 		t = a[3] ^ d3
    299 		bc4 = bits.RotateLeft64(t, 56)
    300 		t = a[14] ^ d4
    301 		bc0 = bits.RotateLeft64(t, 27)
    302 		a[20] = bc0 ^ (bc2 &^ bc1)
    303 		a[6] = bc1 ^ (bc3 &^ bc2)
    304 		a[17] = bc2 ^ (bc4 &^ bc3)
    305 		a[3] = bc3 ^ (bc0 &^ bc4)
    306 		a[14] = bc4 ^ (bc1 &^ bc0)
    307 
    308 		t = a[10] ^ d0
    309 		bc3 = bits.RotateLeft64(t, 41)
    310 		t = a[21] ^ d1
    311 		bc4 = bits.RotateLeft64(t, 2)
    312 		t = a[7] ^ d2
    313 		bc0 = bits.RotateLeft64(t, 62)
    314 		t = a[18] ^ d3
    315 		bc1 = bits.RotateLeft64(t, 55)
    316 		t = a[4] ^ d4
    317 		bc2 = bits.RotateLeft64(t, 39)
    318 		a[10] = bc0 ^ (bc2 &^ bc1)
    319 		a[21] = bc1 ^ (bc3 &^ bc2)
    320 		a[7] = bc2 ^ (bc4 &^ bc3)
    321 		a[18] = bc3 ^ (bc0 &^ bc4)
    322 		a[4] = bc4 ^ (bc1 &^ bc0)
    323 
    324 		// Round 4
    325 		bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20]
    326 		bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21]
    327 		bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22]
    328 		bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23]
    329 		bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24]
    330 		d0 = bc4 ^ (bc1<<1 | bc1>>63)
    331 		d1 = bc0 ^ (bc2<<1 | bc2>>63)
    332 		d2 = bc1 ^ (bc3<<1 | bc3>>63)
    333 		d3 = bc2 ^ (bc4<<1 | bc4>>63)
    334 		d4 = bc3 ^ (bc0<<1 | bc0>>63)
    335 
    336 		bc0 = a[0] ^ d0
    337 		t = a[1] ^ d1
    338 		bc1 = bits.RotateLeft64(t, 44)
    339 		t = a[2] ^ d2
    340 		bc2 = bits.RotateLeft64(t, 43)
    341 		t = a[3] ^ d3
    342 		bc3 = bits.RotateLeft64(t, 21)
    343 		t = a[4] ^ d4
    344 		bc4 = bits.RotateLeft64(t, 14)
    345 		a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+3]
    346 		a[1] = bc1 ^ (bc3 &^ bc2)
    347 		a[2] = bc2 ^ (bc4 &^ bc3)
    348 		a[3] = bc3 ^ (bc0 &^ bc4)
    349 		a[4] = bc4 ^ (bc1 &^ bc0)
    350 
    351 		t = a[5] ^ d0
    352 		bc2 = bits.RotateLeft64(t, 3)
    353 		t = a[6] ^ d1
    354 		bc3 = bits.RotateLeft64(t, 45)
    355 		t = a[7] ^ d2
    356 		bc4 = bits.RotateLeft64(t, 61)
    357 		t = a[8] ^ d3
    358 		bc0 = bits.RotateLeft64(t, 28)
    359 		t = a[9] ^ d4
    360 		bc1 = bits.RotateLeft64(t, 20)
    361 		a[5] = bc0 ^ (bc2 &^ bc1)
    362 		a[6] = bc1 ^ (bc3 &^ bc2)
    363 		a[7] = bc2 ^ (bc4 &^ bc3)
    364 		a[8] = bc3 ^ (bc0 &^ bc4)
    365 		a[9] = bc4 ^ (bc1 &^ bc0)
    366 
    367 		t = a[10] ^ d0
    368 		bc4 = bits.RotateLeft64(t, 18)
    369 		t = a[11] ^ d1
    370 		bc0 = bits.RotateLeft64(t, 1)
    371 		t = a[12] ^ d2
    372 		bc1 = bits.RotateLeft64(t, 6)
    373 		t = a[13] ^ d3
    374 		bc2 = bits.RotateLeft64(t, 25)
    375 		t = a[14] ^ d4
    376 		bc3 = bits.RotateLeft64(t, 8)
    377 		a[10] = bc0 ^ (bc2 &^ bc1)
    378 		a[11] = bc1 ^ (bc3 &^ bc2)
    379 		a[12] = bc2 ^ (bc4 &^ bc3)
    380 		a[13] = bc3 ^ (bc0 &^ bc4)
    381 		a[14] = bc4 ^ (bc1 &^ bc0)
    382 
    383 		t = a[15] ^ d0
    384 		bc1 = bits.RotateLeft64(t, 36)
    385 		t = a[16] ^ d1
    386 		bc2 = bits.RotateLeft64(t, 10)
    387 		t = a[17] ^ d2
    388 		bc3 = bits.RotateLeft64(t, 15)
    389 		t = a[18] ^ d3
    390 		bc4 = bits.RotateLeft64(t, 56)
    391 		t = a[19] ^ d4
    392 		bc0 = bits.RotateLeft64(t, 27)
    393 		a[15] = bc0 ^ (bc2 &^ bc1)
    394 		a[16] = bc1 ^ (bc3 &^ bc2)
    395 		a[17] = bc2 ^ (bc4 &^ bc3)
    396 		a[18] = bc3 ^ (bc0 &^ bc4)
    397 		a[19] = bc4 ^ (bc1 &^ bc0)
    398 
    399 		t = a[20] ^ d0
    400 		bc3 = bits.RotateLeft64(t, 41)
    401 		t = a[21] ^ d1
    402 		bc4 = bits.RotateLeft64(t, 2)
    403 		t = a[22] ^ d2
    404 		bc0 = bits.RotateLeft64(t, 62)
    405 		t = a[23] ^ d3
    406 		bc1 = bits.RotateLeft64(t, 55)
    407 		t = a[24] ^ d4
    408 		bc2 = bits.RotateLeft64(t, 39)
    409 		a[20] = bc0 ^ (bc2 &^ bc1)
    410 		a[21] = bc1 ^ (bc3 &^ bc2)
    411 		a[22] = bc2 ^ (bc4 &^ bc3)
    412 		a[23] = bc3 ^ (bc0 &^ bc4)
    413 		a[24] = bc4 ^ (bc1 &^ bc0)
    414 	}
    415 }
	gtsocial-umbx Unnamed repository; edit this file 'description' to name the repository.
	Log \| Files \| Refs \| README \| LICENSE