github.com/deso-protocol/core@v1.2.9/desohash/sha3m/keccakf.go (about) 1 // Copyright 2014 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package sha3m 6 7 // rc stores the round constants for use in the ι step. 8 var rc = [24]uint64{ 9 0x0000000000000001, 10 0x0000000000008082, 11 0x800000000000808A, 12 0x8000000080008000, 13 0x000000000000808B, 14 0x0000000080000001, 15 0x8000000080008081, 16 0x8000000000008009, 17 0x000000000000008A, 18 0x0000000000000088, 19 0x0000000080008009, 20 0x000000008000000A, 21 0x000000008000808B, 22 0x800000000000008B, 23 0x8000000000008089, 24 0x8000000000008003, 25 0x8000000000008002, 26 0x8000000000000080, 27 0x000000000000800A, 28 0x800000008000000A, 29 0x8000000080008081, 30 0x8000000000008080, 31 0x0000000080000001, 32 0x8000000080008008, 33 } 34 35 func desoHashPermute(a uint64) uint64 { 36 const finmask = uint64(0b1100000000000000000000000000000000000000000000000000000000000011) 37 const rotmask = uint64(0b0010010010010010010010010010010010010010010010010010010010010000) 38 39 return ((rotmask & a) >> 2) | (rotmask >> 1 & a) | ((rotmask >> 2 & a) << 2) | (finmask & a) 40 } 41 42 // keccakF1600 applies the Keccak permutation to a 1600b-wide 43 // state represented as a slice of 25 uint64s. 44 func keccakF1600(a *[25]uint64) { 45 // Implementation translated from Keccak-inplace.c 46 // in the keccak reference code. 47 var t, bc0, bc1, bc2, bc3, bc4, d0, d1, d2, d3, d4 uint64 48 49 for i := 0; i < 24; i += 4 { 50 // Combines the 5 steps in each round into 2 steps. 51 // Unrolls 4 rounds per loop and spreads some steps across rounds. 52 53 // Round 1 54 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] 55 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] 56 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] 57 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] 58 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] 59 d0 = bc4 ^ (bc1<<1 | bc1>>63) 60 d1 = bc0 ^ (bc2<<1 | bc2>>63) 61 d2 = bc1 ^ (bc3<<1 | bc3>>63) 62 d3 = bc2 ^ (bc4<<1 | bc4>>63) 63 d4 = bc3 ^ (bc0<<1 | bc0>>63) 64 65 bc0 = a[0] ^ d0 66 t = a[6] ^ d1 67 bc1 = t<<44 | t>>(64-44) 68 t = a[12] ^ d2 69 bc2 = t<<43 | t>>(64-43) 70 t = a[18] ^ d3 71 bc3 = t<<21 | t>>(64-21) 72 t = a[24] ^ d4 73 bc4 = t<<14 | t>>(64-14) 74 a[0] = desoHashPermute(bc0 ^ (bc2 &^ bc1) ^ rc[i]) 75 a[6] = desoHashPermute(bc1 ^ (bc3 &^ bc2)) 76 a[12] = desoHashPermute(bc2 ^ (bc4 &^ bc3)) 77 a[18] = desoHashPermute(bc3 ^ (bc0 &^ bc4)) 78 a[24] = desoHashPermute(bc4 ^ (bc1 &^ bc0)) 79 80 t = a[10] ^ d0 81 bc2 = t<<3 | t>>(64-3) 82 t = a[16] ^ d1 83 bc3 = t<<45 | t>>(64-45) 84 t = a[22] ^ d2 85 bc4 = t<<61 | t>>(64-61) 86 t = a[3] ^ d3 87 bc0 = t<<28 | t>>(64-28) 88 t = a[9] ^ d4 89 bc1 = t<<20 | t>>(64-20) 90 a[10] = desoHashPermute(bc0 ^ (bc2 &^ bc1)) 91 a[16] = desoHashPermute(bc1 ^ (bc3 &^ bc2)) 92 a[22] = desoHashPermute(bc2 ^ (bc4 &^ bc3)) 93 a[3] = desoHashPermute(bc3 ^ (bc0 &^ bc4)) 94 a[9] = desoHashPermute(bc4 ^ (bc1 &^ bc0)) 95 96 t = a[20] ^ d0 97 bc4 = t<<18 | t>>(64-18) 98 t = a[1] ^ d1 99 bc0 = t<<1 | t>>(64-1) 100 t = a[7] ^ d2 101 bc1 = t<<6 | t>>(64-6) 102 t = a[13] ^ d3 103 bc2 = t<<25 | t>>(64-25) 104 t = a[19] ^ d4 105 bc3 = t<<8 | t>>(64-8) 106 a[20] = desoHashPermute(bc0 ^ (bc2 &^ bc1)) 107 a[1] = desoHashPermute(bc1 ^ (bc3 &^ bc2)) 108 a[7] = desoHashPermute(bc2 ^ (bc4 &^ bc3)) 109 a[13] = desoHashPermute(bc3 ^ (bc0 &^ bc4)) 110 a[19] = desoHashPermute(bc4 ^ (bc1 &^ bc0)) 111 112 t = a[5] ^ d0 113 bc1 = t<<36 | t>>(64-36) 114 t = a[11] ^ d1 115 bc2 = t<<10 | t>>(64-10) 116 t = a[17] ^ d2 117 bc3 = t<<15 | t>>(64-15) 118 t = a[23] ^ d3 119 bc4 = t<<56 | t>>(64-56) 120 t = a[4] ^ d4 121 bc0 = t<<27 | t>>(64-27) 122 a[5] = desoHashPermute(bc0 ^ (bc2 &^ bc1)) 123 a[11] = desoHashPermute(bc1 ^ (bc3 &^ bc2)) 124 a[17] = desoHashPermute(bc2 ^ (bc4 &^ bc3)) 125 a[23] = desoHashPermute(bc3 ^ (bc0 &^ bc4)) 126 a[4] = desoHashPermute(bc4 ^ (bc1 &^ bc0)) 127 128 t = a[15] ^ d0 129 bc3 = t<<41 | t>>(64-41) 130 t = a[21] ^ d1 131 bc4 = t<<2 | t>>(64-2) 132 t = a[2] ^ d2 133 bc0 = t<<62 | t>>(64-62) 134 t = a[8] ^ d3 135 bc1 = t<<55 | t>>(64-55) 136 t = a[14] ^ d4 137 bc2 = t<<39 | t>>(64-39) 138 a[15] = desoHashPermute(bc0 ^ (bc2 &^ bc1)) 139 a[21] = desoHashPermute(bc1 ^ (bc3 &^ bc2)) 140 a[2] = desoHashPermute(bc2 ^ (bc4 &^ bc3)) 141 a[8] = desoHashPermute(bc3 ^ (bc0 &^ bc4)) 142 a[14] = desoHashPermute(bc4 ^ (bc1 &^ bc0)) 143 144 // Round 2 145 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] 146 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] 147 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] 148 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] 149 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] 150 d0 = bc4 ^ (bc1<<1 | bc1>>63) 151 d1 = bc0 ^ (bc2<<1 | bc2>>63) 152 d2 = bc1 ^ (bc3<<1 | bc3>>63) 153 d3 = bc2 ^ (bc4<<1 | bc4>>63) 154 d4 = bc3 ^ (bc0<<1 | bc0>>63) 155 156 bc0 = a[0] ^ d0 157 t = a[16] ^ d1 158 bc1 = t<<44 | t>>(64-44) 159 t = a[7] ^ d2 160 bc2 = t<<43 | t>>(64-43) 161 t = a[23] ^ d3 162 bc3 = t<<21 | t>>(64-21) 163 t = a[14] ^ d4 164 bc4 = t<<14 | t>>(64-14) 165 a[0] = desoHashPermute(bc0 ^ (bc2 &^ bc1) ^ rc[i+1]) 166 a[16] = desoHashPermute(bc1 ^ (bc3 &^ bc2)) 167 a[7] = desoHashPermute(bc2 ^ (bc4 &^ bc3)) 168 a[23] = desoHashPermute(bc3 ^ (bc0 &^ bc4)) 169 a[14] = desoHashPermute(bc4 ^ (bc1 &^ bc0)) 170 171 t = a[20] ^ d0 172 bc2 = t<<3 | t>>(64-3) 173 t = a[11] ^ d1 174 bc3 = t<<45 | t>>(64-45) 175 t = a[2] ^ d2 176 bc4 = t<<61 | t>>(64-61) 177 t = a[18] ^ d3 178 bc0 = t<<28 | t>>(64-28) 179 t = a[9] ^ d4 180 bc1 = t<<20 | t>>(64-20) 181 a[20] = desoHashPermute(bc0 ^ (bc2 &^ bc1)) 182 a[11] = desoHashPermute(bc1 ^ (bc3 &^ bc2)) 183 a[2] = desoHashPermute(bc2 ^ (bc4 &^ bc3)) 184 a[18] = desoHashPermute(bc3 ^ (bc0 &^ bc4)) 185 a[9] = desoHashPermute(bc4 ^ (bc1 &^ bc0)) 186 187 t = a[15] ^ d0 188 bc4 = t<<18 | t>>(64-18) 189 t = a[6] ^ d1 190 bc0 = t<<1 | t>>(64-1) 191 t = a[22] ^ d2 192 bc1 = t<<6 | t>>(64-6) 193 t = a[13] ^ d3 194 bc2 = t<<25 | t>>(64-25) 195 t = a[4] ^ d4 196 bc3 = t<<8 | t>>(64-8) 197 a[15] = desoHashPermute(bc0 ^ (bc2 &^ bc1)) 198 a[6] = desoHashPermute(bc1 ^ (bc3 &^ bc2)) 199 a[22] = desoHashPermute(bc2 ^ (bc4 &^ bc3)) 200 a[13] = desoHashPermute(bc3 ^ (bc0 &^ bc4)) 201 a[4] = desoHashPermute(bc4 ^ (bc1 &^ bc0)) 202 203 t = a[10] ^ d0 204 bc1 = t<<36 | t>>(64-36) 205 t = a[1] ^ d1 206 bc2 = t<<10 | t>>(64-10) 207 t = a[17] ^ d2 208 bc3 = t<<15 | t>>(64-15) 209 t = a[8] ^ d3 210 bc4 = t<<56 | t>>(64-56) 211 t = a[24] ^ d4 212 bc0 = t<<27 | t>>(64-27) 213 a[10] = desoHashPermute(bc0 ^ (bc2 &^ bc1)) 214 a[1] = desoHashPermute(bc1 ^ (bc3 &^ bc2)) 215 a[17] = desoHashPermute(bc2 ^ (bc4 &^ bc3)) 216 a[8] = desoHashPermute(bc3 ^ (bc0 &^ bc4)) 217 a[24] = desoHashPermute(bc4 ^ (bc1 &^ bc0)) 218 219 t = a[5] ^ d0 220 bc3 = t<<41 | t>>(64-41) 221 t = a[21] ^ d1 222 bc4 = t<<2 | t>>(64-2) 223 t = a[12] ^ d2 224 bc0 = t<<62 | t>>(64-62) 225 t = a[3] ^ d3 226 bc1 = t<<55 | t>>(64-55) 227 t = a[19] ^ d4 228 bc2 = t<<39 | t>>(64-39) 229 a[5] = desoHashPermute(bc0 ^ (bc2 &^ bc1)) 230 a[21] = desoHashPermute(bc1 ^ (bc3 &^ bc2)) 231 a[12] = desoHashPermute(bc2 ^ (bc4 &^ bc3)) 232 a[3] = desoHashPermute(bc3 ^ (bc0 &^ bc4)) 233 a[19] = desoHashPermute(bc4 ^ (bc1 &^ bc0)) 234 235 // Round 3 236 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] 237 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] 238 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] 239 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] 240 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] 241 d0 = bc4 ^ (bc1<<1 | bc1>>63) 242 d1 = bc0 ^ (bc2<<1 | bc2>>63) 243 d2 = bc1 ^ (bc3<<1 | bc3>>63) 244 d3 = bc2 ^ (bc4<<1 | bc4>>63) 245 d4 = bc3 ^ (bc0<<1 | bc0>>63) 246 247 bc0 = a[0] ^ d0 248 t = a[11] ^ d1 249 bc1 = t<<44 | t>>(64-44) 250 t = a[22] ^ d2 251 bc2 = t<<43 | t>>(64-43) 252 t = a[8] ^ d3 253 bc3 = t<<21 | t>>(64-21) 254 t = a[19] ^ d4 255 bc4 = t<<14 | t>>(64-14) 256 a[0] = desoHashPermute(bc0 ^ (bc2 &^ bc1) ^ rc[i+2]) 257 a[11] = desoHashPermute(bc1 ^ (bc3 &^ bc2)) 258 a[22] = desoHashPermute(bc2 ^ (bc4 &^ bc3)) 259 a[8] = desoHashPermute(bc3 ^ (bc0 &^ bc4)) 260 a[19] = desoHashPermute(bc4 ^ (bc1 &^ bc0)) 261 262 t = a[15] ^ d0 263 bc2 = t<<3 | t>>(64-3) 264 t = a[1] ^ d1 265 bc3 = t<<45 | t>>(64-45) 266 t = a[12] ^ d2 267 bc4 = t<<61 | t>>(64-61) 268 t = a[23] ^ d3 269 bc0 = t<<28 | t>>(64-28) 270 t = a[9] ^ d4 271 bc1 = t<<20 | t>>(64-20) 272 a[15] = desoHashPermute(bc0 ^ (bc2 &^ bc1)) 273 a[1] = desoHashPermute(bc1 ^ (bc3 &^ bc2)) 274 a[12] = desoHashPermute(bc2 ^ (bc4 &^ bc3)) 275 a[23] = desoHashPermute(bc3 ^ (bc0 &^ bc4)) 276 a[9] = desoHashPermute(bc4 ^ (bc1 &^ bc0)) 277 278 t = a[5] ^ d0 279 bc4 = t<<18 | t>>(64-18) 280 t = a[16] ^ d1 281 bc0 = t<<1 | t>>(64-1) 282 t = a[2] ^ d2 283 bc1 = t<<6 | t>>(64-6) 284 t = a[13] ^ d3 285 bc2 = t<<25 | t>>(64-25) 286 t = a[24] ^ d4 287 bc3 = t<<8 | t>>(64-8) 288 a[5] = desoHashPermute(bc0 ^ (bc2 &^ bc1)) 289 a[16] = desoHashPermute(bc1 ^ (bc3 &^ bc2)) 290 a[2] = desoHashPermute(bc2 ^ (bc4 &^ bc3)) 291 a[13] = desoHashPermute(bc3 ^ (bc0 &^ bc4)) 292 a[24] = desoHashPermute(bc4 ^ (bc1 &^ bc0)) 293 294 t = a[20] ^ d0 295 bc1 = t<<36 | t>>(64-36) 296 t = a[6] ^ d1 297 bc2 = t<<10 | t>>(64-10) 298 t = a[17] ^ d2 299 bc3 = t<<15 | t>>(64-15) 300 t = a[3] ^ d3 301 bc4 = t<<56 | t>>(64-56) 302 t = a[14] ^ d4 303 bc0 = t<<27 | t>>(64-27) 304 a[20] = desoHashPermute(bc0 ^ (bc2 &^ bc1)) 305 a[6] = desoHashPermute(bc1 ^ (bc3 &^ bc2)) 306 a[17] = desoHashPermute(bc2 ^ (bc4 &^ bc3)) 307 a[3] = desoHashPermute(bc3 ^ (bc0 &^ bc4)) 308 a[14] = desoHashPermute(bc4 ^ (bc1 &^ bc0)) 309 310 t = a[10] ^ d0 311 bc3 = t<<41 | t>>(64-41) 312 t = a[21] ^ d1 313 bc4 = t<<2 | t>>(64-2) 314 t = a[7] ^ d2 315 bc0 = t<<62 | t>>(64-62) 316 t = a[18] ^ d3 317 bc1 = t<<55 | t>>(64-55) 318 t = a[4] ^ d4 319 bc2 = t<<39 | t>>(64-39) 320 a[10] = desoHashPermute(bc0 ^ (bc2 &^ bc1)) 321 a[21] = desoHashPermute(bc1 ^ (bc3 &^ bc2)) 322 a[7] = desoHashPermute(bc2 ^ (bc4 &^ bc3)) 323 a[18] = desoHashPermute(bc3 ^ (bc0 &^ bc4)) 324 a[4] = desoHashPermute(bc4 ^ (bc1 &^ bc0)) 325 326 // Round 4 327 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] 328 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] 329 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] 330 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] 331 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] 332 d0 = bc4 ^ (bc1<<1 | bc1>>63) 333 d1 = bc0 ^ (bc2<<1 | bc2>>63) 334 d2 = bc1 ^ (bc3<<1 | bc3>>63) 335 d3 = bc2 ^ (bc4<<1 | bc4>>63) 336 d4 = bc3 ^ (bc0<<1 | bc0>>63) 337 338 bc0 = a[0] ^ d0 339 t = a[1] ^ d1 340 bc1 = t<<44 | t>>(64-44) 341 t = a[2] ^ d2 342 bc2 = t<<43 | t>>(64-43) 343 t = a[3] ^ d3 344 bc3 = t<<21 | t>>(64-21) 345 t = a[4] ^ d4 346 bc4 = t<<14 | t>>(64-14) 347 a[0] = desoHashPermute(bc0 ^ (bc2 &^ bc1) ^ rc[i+3]) 348 a[1] = desoHashPermute(bc1 ^ (bc3 &^ bc2)) 349 a[2] = desoHashPermute(bc2 ^ (bc4 &^ bc3)) 350 a[3] = desoHashPermute(bc3 ^ (bc0 &^ bc4)) 351 a[4] = desoHashPermute(bc4 ^ (bc1 &^ bc0)) 352 353 t = a[5] ^ d0 354 bc2 = t<<3 | t>>(64-3) 355 t = a[6] ^ d1 356 bc3 = t<<45 | t>>(64-45) 357 t = a[7] ^ d2 358 bc4 = t<<61 | t>>(64-61) 359 t = a[8] ^ d3 360 bc0 = t<<28 | t>>(64-28) 361 t = a[9] ^ d4 362 bc1 = t<<20 | t>>(64-20) 363 a[5] = desoHashPermute(bc0 ^ (bc2 &^ bc1)) 364 a[6] = desoHashPermute(bc1 ^ (bc3 &^ bc2)) 365 a[7] = desoHashPermute(bc2 ^ (bc4 &^ bc3)) 366 a[8] = desoHashPermute(bc3 ^ (bc0 &^ bc4)) 367 a[9] = desoHashPermute(bc4 ^ (bc1 &^ bc0)) 368 369 t = a[10] ^ d0 370 bc4 = t<<18 | t>>(64-18) 371 t = a[11] ^ d1 372 bc0 = t<<1 | t>>(64-1) 373 t = a[12] ^ d2 374 bc1 = t<<6 | t>>(64-6) 375 t = a[13] ^ d3 376 bc2 = t<<25 | t>>(64-25) 377 t = a[14] ^ d4 378 bc3 = t<<8 | t>>(64-8) 379 a[10] = desoHashPermute(bc0 ^ (bc2 &^ bc1)) 380 a[11] = desoHashPermute(bc1 ^ (bc3 &^ bc2)) 381 a[12] = desoHashPermute(bc2 ^ (bc4 &^ bc3)) 382 a[13] = desoHashPermute(bc3 ^ (bc0 &^ bc4)) 383 a[14] = desoHashPermute(bc4 ^ (bc1 &^ bc0)) 384 385 t = a[15] ^ d0 386 bc1 = t<<36 | t>>(64-36) 387 t = a[16] ^ d1 388 bc2 = t<<10 | t>>(64-10) 389 t = a[17] ^ d2 390 bc3 = t<<15 | t>>(64-15) 391 t = a[18] ^ d3 392 bc4 = t<<56 | t>>(64-56) 393 t = a[19] ^ d4 394 bc0 = t<<27 | t>>(64-27) 395 a[15] = desoHashPermute(bc0 ^ (bc2 &^ bc1)) 396 a[16] = desoHashPermute(bc1 ^ (bc3 &^ bc2)) 397 a[17] = desoHashPermute(bc2 ^ (bc4 &^ bc3)) 398 a[18] = desoHashPermute(bc3 ^ (bc0 &^ bc4)) 399 a[19] = desoHashPermute(bc4 ^ (bc1 &^ bc0)) 400 401 t = a[20] ^ d0 402 bc3 = t<<41 | t>>(64-41) 403 t = a[21] ^ d1 404 bc4 = t<<2 | t>>(64-2) 405 t = a[22] ^ d2 406 bc0 = t<<62 | t>>(64-62) 407 t = a[23] ^ d3 408 bc1 = t<<55 | t>>(64-55) 409 t = a[24] ^ d4 410 bc2 = t<<39 | t>>(64-39) 411 a[20] = desoHashPermute(bc0 ^ (bc2 &^ bc1)) 412 a[21] = desoHashPermute(bc1 ^ (bc3 &^ bc2)) 413 a[22] = desoHashPermute(bc2 ^ (bc4 &^ bc3)) 414 a[23] = desoHashPermute(bc3 ^ (bc0 &^ bc4)) 415 a[24] = desoHashPermute(bc4 ^ (bc1 &^ bc0)) 416 } 417 }