github.com/anthdm/go-ethereum@v1.8.4-0.20180412101906-60516c83b011/crypto/sha3/keccakf.go (about) 1 // Copyright 2014 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // +build !amd64 appengine gccgo 6 7 package sha3 8 9 // rc stores the round constants for use in the ι step. 10 var rc = [24]uint64{ 11 0x0000000000000001, 12 0x0000000000008082, 13 0x800000000000808A, 14 0x8000000080008000, 15 0x000000000000808B, 16 0x0000000080000001, 17 0x8000000080008081, 18 0x8000000000008009, 19 0x000000000000008A, 20 0x0000000000000088, 21 0x0000000080008009, 22 0x000000008000000A, 23 0x000000008000808B, 24 0x800000000000008B, 25 0x8000000000008089, 26 0x8000000000008003, 27 0x8000000000008002, 28 0x8000000000000080, 29 0x000000000000800A, 30 0x800000008000000A, 31 0x8000000080008081, 32 0x8000000000008080, 33 0x0000000080000001, 34 0x8000000080008008, 35 } 36 37 // keccakF1600 applies the Keccak permutation to a 1600b-wide 38 // state represented as a slice of 25 uint64s. 39 func keccakF1600(a *[25]uint64) { 40 // Implementation translated from Keccak-inplace.c 41 // in the keccak reference code. 42 var t, bc0, bc1, bc2, bc3, bc4, d0, d1, d2, d3, d4 uint64 43 44 for i := 0; i < 24; i += 4 { 45 // Combines the 5 steps in each round into 2 steps. 46 // Unrolls 4 rounds per loop and spreads some steps across rounds. 47 48 // Round 1 49 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] 50 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] 51 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] 52 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] 53 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] 54 d0 = bc4 ^ (bc1<<1 | bc1>>63) 55 d1 = bc0 ^ (bc2<<1 | bc2>>63) 56 d2 = bc1 ^ (bc3<<1 | bc3>>63) 57 d3 = bc2 ^ (bc4<<1 | bc4>>63) 58 d4 = bc3 ^ (bc0<<1 | bc0>>63) 59 60 bc0 = a[0] ^ d0 61 t = a[6] ^ d1 62 bc1 = t<<44 | t>>(64-44) 63 t = a[12] ^ d2 64 bc2 = t<<43 | t>>(64-43) 65 t = a[18] ^ d3 66 bc3 = t<<21 | t>>(64-21) 67 t = a[24] ^ d4 68 bc4 = t<<14 | t>>(64-14) 69 a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i] 70 a[6] = bc1 ^ (bc3 &^ bc2) 71 a[12] = bc2 ^ (bc4 &^ bc3) 72 a[18] = bc3 ^ (bc0 &^ bc4) 73 a[24] = bc4 ^ (bc1 &^ bc0) 74 75 t = a[10] ^ d0 76 bc2 = t<<3 | t>>(64-3) 77 t = a[16] ^ d1 78 bc3 = t<<45 | t>>(64-45) 79 t = a[22] ^ d2 80 bc4 = t<<61 | t>>(64-61) 81 t = a[3] ^ d3 82 bc0 = t<<28 | t>>(64-28) 83 t = a[9] ^ d4 84 bc1 = t<<20 | t>>(64-20) 85 a[10] = bc0 ^ (bc2 &^ bc1) 86 a[16] = bc1 ^ (bc3 &^ bc2) 87 a[22] = bc2 ^ (bc4 &^ bc3) 88 a[3] = bc3 ^ (bc0 &^ bc4) 89 a[9] = bc4 ^ (bc1 &^ bc0) 90 91 t = a[20] ^ d0 92 bc4 = t<<18 | t>>(64-18) 93 t = a[1] ^ d1 94 bc0 = t<<1 | t>>(64-1) 95 t = a[7] ^ d2 96 bc1 = t<<6 | t>>(64-6) 97 t = a[13] ^ d3 98 bc2 = t<<25 | t>>(64-25) 99 t = a[19] ^ d4 100 bc3 = t<<8 | t>>(64-8) 101 a[20] = bc0 ^ (bc2 &^ bc1) 102 a[1] = bc1 ^ (bc3 &^ bc2) 103 a[7] = bc2 ^ (bc4 &^ bc3) 104 a[13] = bc3 ^ (bc0 &^ bc4) 105 a[19] = bc4 ^ (bc1 &^ bc0) 106 107 t = a[5] ^ d0 108 bc1 = t<<36 | t>>(64-36) 109 t = a[11] ^ d1 110 bc2 = t<<10 | t>>(64-10) 111 t = a[17] ^ d2 112 bc3 = t<<15 | t>>(64-15) 113 t = a[23] ^ d3 114 bc4 = t<<56 | t>>(64-56) 115 t = a[4] ^ d4 116 bc0 = t<<27 | t>>(64-27) 117 a[5] = bc0 ^ (bc2 &^ bc1) 118 a[11] = bc1 ^ (bc3 &^ bc2) 119 a[17] = bc2 ^ (bc4 &^ bc3) 120 a[23] = bc3 ^ (bc0 &^ bc4) 121 a[4] = bc4 ^ (bc1 &^ bc0) 122 123 t = a[15] ^ d0 124 bc3 = t<<41 | t>>(64-41) 125 t = a[21] ^ d1 126 bc4 = t<<2 | t>>(64-2) 127 t = a[2] ^ d2 128 bc0 = t<<62 | t>>(64-62) 129 t = a[8] ^ d3 130 bc1 = t<<55 | t>>(64-55) 131 t = a[14] ^ d4 132 bc2 = t<<39 | t>>(64-39) 133 a[15] = bc0 ^ (bc2 &^ bc1) 134 a[21] = bc1 ^ (bc3 &^ bc2) 135 a[2] = bc2 ^ (bc4 &^ bc3) 136 a[8] = bc3 ^ (bc0 &^ bc4) 137 a[14] = bc4 ^ (bc1 &^ bc0) 138 139 // Round 2 140 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] 141 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] 142 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] 143 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] 144 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] 145 d0 = bc4 ^ (bc1<<1 | bc1>>63) 146 d1 = bc0 ^ (bc2<<1 | bc2>>63) 147 d2 = bc1 ^ (bc3<<1 | bc3>>63) 148 d3 = bc2 ^ (bc4<<1 | bc4>>63) 149 d4 = bc3 ^ (bc0<<1 | bc0>>63) 150 151 bc0 = a[0] ^ d0 152 t = a[16] ^ d1 153 bc1 = t<<44 | t>>(64-44) 154 t = a[7] ^ d2 155 bc2 = t<<43 | t>>(64-43) 156 t = a[23] ^ d3 157 bc3 = t<<21 | t>>(64-21) 158 t = a[14] ^ d4 159 bc4 = t<<14 | t>>(64-14) 160 a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+1] 161 a[16] = bc1 ^ (bc3 &^ bc2) 162 a[7] = bc2 ^ (bc4 &^ bc3) 163 a[23] = bc3 ^ (bc0 &^ bc4) 164 a[14] = bc4 ^ (bc1 &^ bc0) 165 166 t = a[20] ^ d0 167 bc2 = t<<3 | t>>(64-3) 168 t = a[11] ^ d1 169 bc3 = t<<45 | t>>(64-45) 170 t = a[2] ^ d2 171 bc4 = t<<61 | t>>(64-61) 172 t = a[18] ^ d3 173 bc0 = t<<28 | t>>(64-28) 174 t = a[9] ^ d4 175 bc1 = t<<20 | t>>(64-20) 176 a[20] = bc0 ^ (bc2 &^ bc1) 177 a[11] = bc1 ^ (bc3 &^ bc2) 178 a[2] = bc2 ^ (bc4 &^ bc3) 179 a[18] = bc3 ^ (bc0 &^ bc4) 180 a[9] = bc4 ^ (bc1 &^ bc0) 181 182 t = a[15] ^ d0 183 bc4 = t<<18 | t>>(64-18) 184 t = a[6] ^ d1 185 bc0 = t<<1 | t>>(64-1) 186 t = a[22] ^ d2 187 bc1 = t<<6 | t>>(64-6) 188 t = a[13] ^ d3 189 bc2 = t<<25 | t>>(64-25) 190 t = a[4] ^ d4 191 bc3 = t<<8 | t>>(64-8) 192 a[15] = bc0 ^ (bc2 &^ bc1) 193 a[6] = bc1 ^ (bc3 &^ bc2) 194 a[22] = bc2 ^ (bc4 &^ bc3) 195 a[13] = bc3 ^ (bc0 &^ bc4) 196 a[4] = bc4 ^ (bc1 &^ bc0) 197 198 t = a[10] ^ d0 199 bc1 = t<<36 | t>>(64-36) 200 t = a[1] ^ d1 201 bc2 = t<<10 | t>>(64-10) 202 t = a[17] ^ d2 203 bc3 = t<<15 | t>>(64-15) 204 t = a[8] ^ d3 205 bc4 = t<<56 | t>>(64-56) 206 t = a[24] ^ d4 207 bc0 = t<<27 | t>>(64-27) 208 a[10] = bc0 ^ (bc2 &^ bc1) 209 a[1] = bc1 ^ (bc3 &^ bc2) 210 a[17] = bc2 ^ (bc4 &^ bc3) 211 a[8] = bc3 ^ (bc0 &^ bc4) 212 a[24] = bc4 ^ (bc1 &^ bc0) 213 214 t = a[5] ^ d0 215 bc3 = t<<41 | t>>(64-41) 216 t = a[21] ^ d1 217 bc4 = t<<2 | t>>(64-2) 218 t = a[12] ^ d2 219 bc0 = t<<62 | t>>(64-62) 220 t = a[3] ^ d3 221 bc1 = t<<55 | t>>(64-55) 222 t = a[19] ^ d4 223 bc2 = t<<39 | t>>(64-39) 224 a[5] = bc0 ^ (bc2 &^ bc1) 225 a[21] = bc1 ^ (bc3 &^ bc2) 226 a[12] = bc2 ^ (bc4 &^ bc3) 227 a[3] = bc3 ^ (bc0 &^ bc4) 228 a[19] = bc4 ^ (bc1 &^ bc0) 229 230 // Round 3 231 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] 232 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] 233 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] 234 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] 235 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] 236 d0 = bc4 ^ (bc1<<1 | bc1>>63) 237 d1 = bc0 ^ (bc2<<1 | bc2>>63) 238 d2 = bc1 ^ (bc3<<1 | bc3>>63) 239 d3 = bc2 ^ (bc4<<1 | bc4>>63) 240 d4 = bc3 ^ (bc0<<1 | bc0>>63) 241 242 bc0 = a[0] ^ d0 243 t = a[11] ^ d1 244 bc1 = t<<44 | t>>(64-44) 245 t = a[22] ^ d2 246 bc2 = t<<43 | t>>(64-43) 247 t = a[8] ^ d3 248 bc3 = t<<21 | t>>(64-21) 249 t = a[19] ^ d4 250 bc4 = t<<14 | t>>(64-14) 251 a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+2] 252 a[11] = bc1 ^ (bc3 &^ bc2) 253 a[22] = bc2 ^ (bc4 &^ bc3) 254 a[8] = bc3 ^ (bc0 &^ bc4) 255 a[19] = bc4 ^ (bc1 &^ bc0) 256 257 t = a[15] ^ d0 258 bc2 = t<<3 | t>>(64-3) 259 t = a[1] ^ d1 260 bc3 = t<<45 | t>>(64-45) 261 t = a[12] ^ d2 262 bc4 = t<<61 | t>>(64-61) 263 t = a[23] ^ d3 264 bc0 = t<<28 | t>>(64-28) 265 t = a[9] ^ d4 266 bc1 = t<<20 | t>>(64-20) 267 a[15] = bc0 ^ (bc2 &^ bc1) 268 a[1] = bc1 ^ (bc3 &^ bc2) 269 a[12] = bc2 ^ (bc4 &^ bc3) 270 a[23] = bc3 ^ (bc0 &^ bc4) 271 a[9] = bc4 ^ (bc1 &^ bc0) 272 273 t = a[5] ^ d0 274 bc4 = t<<18 | t>>(64-18) 275 t = a[16] ^ d1 276 bc0 = t<<1 | t>>(64-1) 277 t = a[2] ^ d2 278 bc1 = t<<6 | t>>(64-6) 279 t = a[13] ^ d3 280 bc2 = t<<25 | t>>(64-25) 281 t = a[24] ^ d4 282 bc3 = t<<8 | t>>(64-8) 283 a[5] = bc0 ^ (bc2 &^ bc1) 284 a[16] = bc1 ^ (bc3 &^ bc2) 285 a[2] = bc2 ^ (bc4 &^ bc3) 286 a[13] = bc3 ^ (bc0 &^ bc4) 287 a[24] = bc4 ^ (bc1 &^ bc0) 288 289 t = a[20] ^ d0 290 bc1 = t<<36 | t>>(64-36) 291 t = a[6] ^ d1 292 bc2 = t<<10 | t>>(64-10) 293 t = a[17] ^ d2 294 bc3 = t<<15 | t>>(64-15) 295 t = a[3] ^ d3 296 bc4 = t<<56 | t>>(64-56) 297 t = a[14] ^ d4 298 bc0 = t<<27 | t>>(64-27) 299 a[20] = bc0 ^ (bc2 &^ bc1) 300 a[6] = bc1 ^ (bc3 &^ bc2) 301 a[17] = bc2 ^ (bc4 &^ bc3) 302 a[3] = bc3 ^ (bc0 &^ bc4) 303 a[14] = bc4 ^ (bc1 &^ bc0) 304 305 t = a[10] ^ d0 306 bc3 = t<<41 | t>>(64-41) 307 t = a[21] ^ d1 308 bc4 = t<<2 | t>>(64-2) 309 t = a[7] ^ d2 310 bc0 = t<<62 | t>>(64-62) 311 t = a[18] ^ d3 312 bc1 = t<<55 | t>>(64-55) 313 t = a[4] ^ d4 314 bc2 = t<<39 | t>>(64-39) 315 a[10] = bc0 ^ (bc2 &^ bc1) 316 a[21] = bc1 ^ (bc3 &^ bc2) 317 a[7] = bc2 ^ (bc4 &^ bc3) 318 a[18] = bc3 ^ (bc0 &^ bc4) 319 a[4] = bc4 ^ (bc1 &^ bc0) 320 321 // Round 4 322 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] 323 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] 324 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] 325 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] 326 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] 327 d0 = bc4 ^ (bc1<<1 | bc1>>63) 328 d1 = bc0 ^ (bc2<<1 | bc2>>63) 329 d2 = bc1 ^ (bc3<<1 | bc3>>63) 330 d3 = bc2 ^ (bc4<<1 | bc4>>63) 331 d4 = bc3 ^ (bc0<<1 | bc0>>63) 332 333 bc0 = a[0] ^ d0 334 t = a[1] ^ d1 335 bc1 = t<<44 | t>>(64-44) 336 t = a[2] ^ d2 337 bc2 = t<<43 | t>>(64-43) 338 t = a[3] ^ d3 339 bc3 = t<<21 | t>>(64-21) 340 t = a[4] ^ d4 341 bc4 = t<<14 | t>>(64-14) 342 a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+3] 343 a[1] = bc1 ^ (bc3 &^ bc2) 344 a[2] = bc2 ^ (bc4 &^ bc3) 345 a[3] = bc3 ^ (bc0 &^ bc4) 346 a[4] = bc4 ^ (bc1 &^ bc0) 347 348 t = a[5] ^ d0 349 bc2 = t<<3 | t>>(64-3) 350 t = a[6] ^ d1 351 bc3 = t<<45 | t>>(64-45) 352 t = a[7] ^ d2 353 bc4 = t<<61 | t>>(64-61) 354 t = a[8] ^ d3 355 bc0 = t<<28 | t>>(64-28) 356 t = a[9] ^ d4 357 bc1 = t<<20 | t>>(64-20) 358 a[5] = bc0 ^ (bc2 &^ bc1) 359 a[6] = bc1 ^ (bc3 &^ bc2) 360 a[7] = bc2 ^ (bc4 &^ bc3) 361 a[8] = bc3 ^ (bc0 &^ bc4) 362 a[9] = bc4 ^ (bc1 &^ bc0) 363 364 t = a[10] ^ d0 365 bc4 = t<<18 | t>>(64-18) 366 t = a[11] ^ d1 367 bc0 = t<<1 | t>>(64-1) 368 t = a[12] ^ d2 369 bc1 = t<<6 | t>>(64-6) 370 t = a[13] ^ d3 371 bc2 = t<<25 | t>>(64-25) 372 t = a[14] ^ d4 373 bc3 = t<<8 | t>>(64-8) 374 a[10] = bc0 ^ (bc2 &^ bc1) 375 a[11] = bc1 ^ (bc3 &^ bc2) 376 a[12] = bc2 ^ (bc4 &^ bc3) 377 a[13] = bc3 ^ (bc0 &^ bc4) 378 a[14] = bc4 ^ (bc1 &^ bc0) 379 380 t = a[15] ^ d0 381 bc1 = t<<36 | t>>(64-36) 382 t = a[16] ^ d1 383 bc2 = t<<10 | t>>(64-10) 384 t = a[17] ^ d2 385 bc3 = t<<15 | t>>(64-15) 386 t = a[18] ^ d3 387 bc4 = t<<56 | t>>(64-56) 388 t = a[19] ^ d4 389 bc0 = t<<27 | t>>(64-27) 390 a[15] = bc0 ^ (bc2 &^ bc1) 391 a[16] = bc1 ^ (bc3 &^ bc2) 392 a[17] = bc2 ^ (bc4 &^ bc3) 393 a[18] = bc3 ^ (bc0 &^ bc4) 394 a[19] = bc4 ^ (bc1 &^ bc0) 395 396 t = a[20] ^ d0 397 bc3 = t<<41 | t>>(64-41) 398 t = a[21] ^ d1 399 bc4 = t<<2 | t>>(64-2) 400 t = a[22] ^ d2 401 bc0 = t<<62 | t>>(64-62) 402 t = a[23] ^ d3 403 bc1 = t<<55 | t>>(64-55) 404 t = a[24] ^ d4 405 bc2 = t<<39 | t>>(64-39) 406 a[20] = bc0 ^ (bc2 &^ bc1) 407 a[21] = bc1 ^ (bc3 &^ bc2) 408 a[22] = bc2 ^ (bc4 &^ bc3) 409 a[23] = bc3 ^ (bc0 &^ bc4) 410 a[24] = bc4 ^ (bc1 &^ bc0) 411 } 412 }