github.com/emmansun/gmsm@v0.29.1/sm3/sm3block.go (about) 1 package sm3 2 3 import "math/bits" 4 5 const ( 6 _T0 = 0x79cc4519 7 _T1 = 0x7a879d8a 8 ) 9 10 var _K = [64]uint32{ 11 0x79cc4519, 0xf3988a32, 0xe7311465, 0xce6228cb, 0x9cc45197, 0x3988a32f, 0x7311465e, 0xe6228cbc, 12 0xcc451979, 0x988a32f3, 0x311465e7, 0x6228cbce, 0xc451979c, 0x88a32f39, 0x11465e73, 0x228cbce6, 13 0x9d8a7a87, 0x3b14f50f, 0x7629ea1e, 0xec53d43c, 0xd8a7a879, 0xb14f50f3, 0x629ea1e7, 0xc53d43ce, 14 0x8a7a879d, 0x14f50f3b, 0x29ea1e76, 0x53d43cec, 0xa7a879d8, 0x4f50f3b1, 0x9ea1e762, 0x3d43cec5, 15 0x7a879d8a, 0xf50f3b14, 0xea1e7629, 0xd43cec53, 0xa879d8a7, 0x50f3b14f, 0xa1e7629e, 0x43cec53d, 16 0x879d8a7a, 0xf3b14f5, 0x1e7629ea, 0x3cec53d4, 0x79d8a7a8, 0xf3b14f50, 0xe7629ea1, 0xcec53d43, 17 0x9d8a7a87, 0x3b14f50f, 0x7629ea1e, 0xec53d43c, 0xd8a7a879, 0xb14f50f3, 0x629ea1e7, 0xc53d43ce, 18 0x8a7a879d, 0x14f50f3b, 0x29ea1e76, 0x53d43cec, 0xa7a879d8, 0x4f50f3b1, 0x9ea1e762, 0x3d43cec5, 19 } 20 21 func p1(x uint32) uint32 { 22 return x ^ (x<<15 | x>>17) ^ (x<<23 | x>>9) 23 } 24 25 func blockGeneric(dig *digest, p []byte) { 26 var w [68]uint32 27 h0, h1, h2, h3, h4, h5, h6, h7 := dig.h[0], dig.h[1], dig.h[2], dig.h[3], dig.h[4], dig.h[5], dig.h[6], dig.h[7] 28 29 for len(p) >= chunk { 30 // first 16 words handling 31 w[0] = uint32(p[0])<<24 | uint32(p[1])<<16 | uint32(p[2])<<8 | uint32(p[3]) 32 w[1] = uint32(p[4])<<24 | uint32(p[4+1])<<16 | uint32(p[4+2])<<8 | uint32(p[4+3]) 33 w[2] = uint32(p[8])<<24 | uint32(p[8+1])<<16 | uint32(p[8+2])<<8 | uint32(p[8+3]) 34 w[3] = uint32(p[12])<<24 | uint32(p[12+1])<<16 | uint32(p[12+2])<<8 | uint32(p[12+3]) 35 w[4] = uint32(p[16])<<24 | uint32(p[16+1])<<16 | uint32(p[16+2])<<8 | uint32(p[16+3]) 36 w[5] = uint32(p[20])<<24 | uint32(p[20+1])<<16 | uint32(p[20+2])<<8 | uint32(p[20+3]) 37 w[6] = uint32(p[24])<<24 | uint32(p[24+1])<<16 | uint32(p[24+2])<<8 | uint32(p[24+3]) 38 w[7] = uint32(p[28])<<24 | uint32(p[28+1])<<16 | uint32(p[28+2])<<8 | uint32(p[28+3]) 39 w[8] = uint32(p[32])<<24 | uint32(p[32+1])<<16 | uint32(p[32+2])<<8 | uint32(p[32+3]) 40 w[9] = uint32(p[36])<<24 | uint32(p[36+1])<<16 | uint32(p[36+2])<<8 | uint32(p[36+3]) 41 w[10] = uint32(p[40])<<24 | uint32(p[40+1])<<16 | uint32(p[40+2])<<8 | uint32(p[40+3]) 42 w[11] = uint32(p[44])<<24 | uint32(p[44+1])<<16 | uint32(p[44+2])<<8 | uint32(p[44+3]) 43 w[12] = uint32(p[48])<<24 | uint32(p[48+1])<<16 | uint32(p[48+2])<<8 | uint32(p[48+3]) 44 w[13] = uint32(p[52])<<24 | uint32(p[52+1])<<16 | uint32(p[52+2])<<8 | uint32(p[52+3]) 45 w[14] = uint32(p[56])<<24 | uint32(p[56+1])<<16 | uint32(p[56+2])<<8 | uint32(p[56+3]) 46 w[15] = uint32(p[60])<<24 | uint32(p[60+1])<<16 | uint32(p[60+2])<<8 | uint32(p[60+3]) 47 48 // init state 49 a, b, c, d, e, f, g, h := h0, h1, h2, h3, h4, h5, h6, h7 50 51 // Round 1 52 tt2 := bits.RotateLeft32(a, 12) 53 ss1 := bits.RotateLeft32(tt2+e+_K[0], 7) 54 d = a ^ b ^ c + d + (ss1 ^ tt2) + (w[0] ^ w[4]) 55 tt2 = e ^ f ^ g + h + ss1 + w[0] 56 b = bits.RotateLeft32(b, 9) 57 f = bits.RotateLeft32(f, 19) 58 h = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 59 60 // Round 2 61 tt2 = bits.RotateLeft32(d, 12) 62 ss1 = bits.RotateLeft32(tt2+h+_K[1], 7) 63 c = d ^ a ^ b + c + (ss1 ^ tt2) + (w[1] ^ w[5]) 64 tt2 = h ^ e ^ f + g + ss1 + w[1] 65 a = bits.RotateLeft32(a, 9) 66 e = bits.RotateLeft32(e, 19) 67 g = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 68 69 // Round 3 70 tt2 = bits.RotateLeft32(c, 12) 71 ss1 = bits.RotateLeft32(tt2+g+_K[2], 7) 72 b = c ^ d ^ a + b + (ss1 ^ tt2) + (w[2] ^ w[6]) 73 tt2 = g ^ h ^ e + f + ss1 + w[2] 74 d = bits.RotateLeft32(d, 9) 75 h = bits.RotateLeft32(h, 19) 76 f = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 77 78 // Round 4 79 tt2 = bits.RotateLeft32(b, 12) 80 ss1 = bits.RotateLeft32(tt2+f+_K[3], 7) 81 a = b ^ c ^ d + a + (ss1 ^ tt2) + (w[3] ^ w[7]) 82 tt2 = f ^ g ^ h + e + ss1 + w[3] 83 c = bits.RotateLeft32(c, 9) 84 g = bits.RotateLeft32(g, 19) 85 e = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 86 87 // Round 5 88 tt2 = bits.RotateLeft32(a, 12) 89 ss1 = bits.RotateLeft32(tt2+e+_K[4], 7) 90 d = a ^ b ^ c + d + (ss1 ^ tt2) + (w[4] ^ w[8]) 91 tt2 = e ^ f ^ g + h + ss1 + w[4] 92 b = bits.RotateLeft32(b, 9) 93 f = bits.RotateLeft32(f, 19) 94 h = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 95 96 // Round 6 97 tt2 = bits.RotateLeft32(d, 12) 98 ss1 = bits.RotateLeft32(tt2+h+_K[5], 7) 99 c = d ^ a ^ b + c + (ss1 ^ tt2) + (w[5] ^ w[9]) 100 tt2 = h ^ e ^ f + g + ss1 + w[5] 101 a = bits.RotateLeft32(a, 9) 102 e = bits.RotateLeft32(e, 19) 103 g = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 104 105 // Round 7 106 tt2 = bits.RotateLeft32(c, 12) 107 ss1 = bits.RotateLeft32(tt2+g+_K[6], 7) 108 b = c ^ d ^ a + b + (ss1 ^ tt2) + (w[6] ^ w[10]) 109 tt2 = g ^ h ^ e + f + ss1 + w[6] 110 d = bits.RotateLeft32(d, 9) 111 h = bits.RotateLeft32(h, 19) 112 f = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 113 114 // Round 8 115 tt2 = bits.RotateLeft32(b, 12) 116 ss1 = bits.RotateLeft32(tt2+f+_K[7], 7) 117 a = b ^ c ^ d + a + (ss1 ^ tt2) + (w[7] ^ w[11]) 118 tt2 = f ^ g ^ h + e + ss1 + w[7] 119 c = bits.RotateLeft32(c, 9) 120 g = bits.RotateLeft32(g, 19) 121 e = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 122 123 // Round 9 124 tt2 = bits.RotateLeft32(a, 12) 125 ss1 = bits.RotateLeft32(tt2+e+_K[8], 7) 126 d = a ^ b ^ c + d + (ss1 ^ tt2) + (w[8] ^ w[12]) 127 tt2 = e ^ f ^ g + h + ss1 + w[8] 128 b = bits.RotateLeft32(b, 9) 129 f = bits.RotateLeft32(f, 19) 130 h = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 131 132 // Round 10 133 tt2 = bits.RotateLeft32(d, 12) 134 ss1 = bits.RotateLeft32(tt2+h+_K[9], 7) 135 c = d ^ a ^ b + c + (ss1 ^ tt2) + (w[9] ^ w[13]) 136 tt2 = h ^ e ^ f + g + ss1 + w[9] 137 a = bits.RotateLeft32(a, 9) 138 e = bits.RotateLeft32(e, 19) 139 g = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 140 141 // Round 11 142 tt2 = bits.RotateLeft32(c, 12) 143 ss1 = bits.RotateLeft32(tt2+g+_K[10], 7) 144 b = c ^ d ^ a + b + (ss1 ^ tt2) + (w[10] ^ w[14]) 145 tt2 = g ^ h ^ e + f + ss1 + w[10] 146 d = bits.RotateLeft32(d, 9) 147 h = bits.RotateLeft32(h, 19) 148 f = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 149 150 // Round 12 151 tt2 = bits.RotateLeft32(b, 12) 152 ss1 = bits.RotateLeft32(tt2+f+_K[11], 7) 153 a = b ^ c ^ d + a + (ss1 ^ tt2) + (w[11] ^ w[15]) 154 tt2 = f ^ g ^ h + e + ss1 + w[11] 155 c = bits.RotateLeft32(c, 9) 156 g = bits.RotateLeft32(g, 19) 157 e = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 158 159 // Round 13 160 w[16] = p1(w[0]^w[7]^bits.RotateLeft32(w[13], 15)) ^ bits.RotateLeft32(w[3], 7) ^ w[10] 161 tt2 = bits.RotateLeft32(a, 12) 162 ss1 = bits.RotateLeft32(tt2+e+_K[12], 7) 163 d = a ^ b ^ c + d + (ss1 ^ tt2) + (w[12] ^ w[16]) 164 tt2 = e ^ f ^ g + h + ss1 + w[12] 165 b = bits.RotateLeft32(b, 9) 166 f = bits.RotateLeft32(f, 19) 167 h = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 168 169 // Round 14 170 w[17] = p1(w[1]^w[8]^bits.RotateLeft32(w[14], 15)) ^ bits.RotateLeft32(w[4], 7) ^ w[11] 171 tt2 = bits.RotateLeft32(d, 12) 172 ss1 = bits.RotateLeft32(tt2+h+_K[13], 7) 173 c = d ^ a ^ b + c + (ss1 ^ tt2) + (w[13] ^ w[17]) 174 tt2 = h ^ e ^ f + g + ss1 + w[13] 175 a = bits.RotateLeft32(a, 9) 176 e = bits.RotateLeft32(e, 19) 177 g = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 178 179 // Round 15 180 w[18] = p1(w[2]^w[9]^bits.RotateLeft32(w[15], 15)) ^ bits.RotateLeft32(w[5], 7) ^ w[12] 181 tt2 = bits.RotateLeft32(c, 12) 182 ss1 = bits.RotateLeft32(tt2+g+_K[14], 7) 183 b = c ^ d ^ a + b + (ss1 ^ tt2) + (w[14] ^ w[18]) 184 tt2 = g ^ h ^ e + f + ss1 + w[14] 185 d = bits.RotateLeft32(d, 9) 186 h = bits.RotateLeft32(h, 19) 187 f = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 188 189 // Round 16 190 w[19] = p1(w[3]^w[10]^bits.RotateLeft32(w[16], 15)) ^ bits.RotateLeft32(w[6], 7) ^ w[13] 191 tt2 = bits.RotateLeft32(b, 12) 192 ss1 = bits.RotateLeft32(tt2+f+_K[15], 7) 193 a = b ^ c ^ d + a + (ss1 ^ tt2) + (w[15] ^ w[19]) 194 tt2 = f ^ g ^ h + e + ss1 + w[15] 195 c = bits.RotateLeft32(c, 9) 196 g = bits.RotateLeft32(g, 19) 197 e = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 198 199 // Round 17 200 w[20] = p1(w[4]^w[11]^bits.RotateLeft32(w[17], 15)) ^ bits.RotateLeft32(w[7], 7) ^ w[14] 201 tt2 = bits.RotateLeft32(a, 12) 202 ss1 = bits.RotateLeft32(tt2+e+_K[16], 7) 203 d = c&(a|b) | (a & b) + d + (ss1 ^ tt2) + (w[16] ^ w[20]) 204 tt2 = (f^g)&e ^ g + h + ss1 + w[16] 205 b = bits.RotateLeft32(b, 9) 206 f = bits.RotateLeft32(f, 19) 207 h = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 208 209 // Round 18 210 w[21] = p1(w[5]^w[12]^bits.RotateLeft32(w[18], 15)) ^ bits.RotateLeft32(w[8], 7) ^ w[15] 211 tt2 = bits.RotateLeft32(d, 12) 212 ss1 = bits.RotateLeft32(tt2+h+_K[17], 7) 213 c = d&(a|b) | (a & b) + c + (ss1 ^ tt2) + (w[17] ^ w[21]) 214 tt2 = (e^f)&h ^ f + g + ss1 + w[17] 215 a = bits.RotateLeft32(a, 9) 216 e = bits.RotateLeft32(e, 19) 217 g = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 218 219 // Round 19 220 w[22] = p1(w[6]^w[13]^bits.RotateLeft32(w[19], 15)) ^ bits.RotateLeft32(w[9], 7) ^ w[16] 221 tt2 = bits.RotateLeft32(c, 12) 222 ss1 = bits.RotateLeft32(tt2+g+_K[18], 7) 223 b = c&(d|a) | (d & a) + b + (ss1 ^ tt2) + (w[18] ^ w[22]) 224 tt2 = (h^e)&g ^ e + f + ss1 + w[18] 225 d = bits.RotateLeft32(d, 9) 226 h = bits.RotateLeft32(h, 19) 227 f = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 228 229 // Round 20 230 w[23] = p1(w[7]^w[14]^bits.RotateLeft32(w[20], 15)) ^ bits.RotateLeft32(w[10], 7) ^ w[17] 231 tt2 = bits.RotateLeft32(b, 12) 232 ss1 = bits.RotateLeft32(tt2+f+_K[19], 7) 233 a = b&(c|d) | (c & d) + a + (ss1 ^ tt2) + (w[19] ^ w[23]) 234 tt2 = (g^h)&f ^ h + e + ss1 + w[19] 235 c = bits.RotateLeft32(c, 9) 236 g = bits.RotateLeft32(g, 19) 237 e = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 238 239 // Round 21 240 w[24] = p1(w[8]^w[15]^bits.RotateLeft32(w[21], 15)) ^ bits.RotateLeft32(w[11], 7) ^ w[18] 241 tt2 = bits.RotateLeft32(a, 12) 242 ss1 = bits.RotateLeft32(tt2+e+_K[20], 7) 243 d = a&(b|c) | (b & c) + d + (ss1 ^ tt2) + (w[20] ^ w[24]) 244 tt2 = (f^g)&e ^ g + h + ss1 + w[20] 245 b = bits.RotateLeft32(b, 9) 246 f = bits.RotateLeft32(f, 19) 247 h = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 248 249 // Round 22 250 w[25] = p1(w[9]^w[16]^bits.RotateLeft32(w[22], 15)) ^ bits.RotateLeft32(w[12], 7) ^ w[19] 251 tt2 = bits.RotateLeft32(d, 12) 252 ss1 = bits.RotateLeft32(tt2+h+_K[21], 7) 253 c = d&(a|b) | (a & b) + c + (ss1 ^ tt2) + (w[21] ^ w[25]) 254 tt2 = (e^f)&h ^ f + g + ss1 + w[21] 255 a = bits.RotateLeft32(a, 9) 256 e = bits.RotateLeft32(e, 19) 257 g = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 258 259 // Round 23 260 w[26] = p1(w[10]^w[17]^bits.RotateLeft32(w[23], 15)) ^ bits.RotateLeft32(w[13], 7) ^ w[20] 261 tt2 = bits.RotateLeft32(c, 12) 262 ss1 = bits.RotateLeft32(tt2+g+_K[22], 7) 263 b = c&(d|a) | (d & a) + b + (ss1 ^ tt2) + (w[22] ^ w[26]) 264 tt2 = (h^e)&g ^ e + f + ss1 + w[22] 265 d = bits.RotateLeft32(d, 9) 266 h = bits.RotateLeft32(h, 19) 267 f = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 268 269 // Round 24 270 w[27] = p1(w[11]^w[18]^bits.RotateLeft32(w[24], 15)) ^ bits.RotateLeft32(w[14], 7) ^ w[21] 271 tt2 = bits.RotateLeft32(b, 12) 272 ss1 = bits.RotateLeft32(tt2+f+_K[23], 7) 273 a = b&(c|d) | (c & d) + a + (ss1 ^ tt2) + (w[23] ^ w[27]) 274 tt2 = (g^h)&f ^ h + e + ss1 + w[23] 275 c = bits.RotateLeft32(c, 9) 276 g = bits.RotateLeft32(g, 19) 277 e = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 278 279 // Round 25 280 w[28] = p1(w[12]^w[19]^bits.RotateLeft32(w[25], 15)) ^ bits.RotateLeft32(w[15], 7) ^ w[22] 281 tt2 = bits.RotateLeft32(a, 12) 282 ss1 = bits.RotateLeft32(tt2+e+_K[24], 7) 283 d = a&(b|c) | (b & c) + d + (ss1 ^ tt2) + (w[24] ^ w[28]) 284 tt2 = (f^g)&e ^ g + h + ss1 + w[24] 285 b = bits.RotateLeft32(b, 9) 286 f = bits.RotateLeft32(f, 19) 287 h = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 288 289 // Round 26 290 w[29] = p1(w[13]^w[20]^bits.RotateLeft32(w[26], 15)) ^ bits.RotateLeft32(w[16], 7) ^ w[23] 291 tt2 = bits.RotateLeft32(d, 12) 292 ss1 = bits.RotateLeft32(tt2+h+_K[25], 7) 293 c = d&(a|b) | (a & b) + c + (ss1 ^ tt2) + (w[25] ^ w[29]) 294 tt2 = (e^f)&h ^ f + g + ss1 + w[25] 295 a = bits.RotateLeft32(a, 9) 296 e = bits.RotateLeft32(e, 19) 297 g = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 298 299 // Round 27 300 w[30] = p1(w[14]^w[21]^bits.RotateLeft32(w[27], 15)) ^ bits.RotateLeft32(w[17], 7) ^ w[24] 301 tt2 = bits.RotateLeft32(c, 12) 302 ss1 = bits.RotateLeft32(tt2+g+_K[26], 7) 303 b = c&(d|a) | (d & a) + b + (ss1 ^ tt2) + (w[26] ^ w[30]) 304 tt2 = (h^e)&g ^ e + f + ss1 + w[26] 305 d = bits.RotateLeft32(d, 9) 306 h = bits.RotateLeft32(h, 19) 307 f = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 308 309 // Round 28 310 w[31] = p1(w[15]^w[22]^bits.RotateLeft32(w[28], 15)) ^ bits.RotateLeft32(w[18], 7) ^ w[25] 311 tt2 = bits.RotateLeft32(b, 12) 312 ss1 = bits.RotateLeft32(tt2+f+_K[27], 7) 313 a = b&(c|d) | (c & d) + a + (ss1 ^ tt2) + (w[27] ^ w[31]) 314 tt2 = (g^h)&f ^ h + e + ss1 + w[27] 315 c = bits.RotateLeft32(c, 9) 316 g = bits.RotateLeft32(g, 19) 317 e = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 318 319 // Round 29 320 w[32] = p1(w[16]^w[23]^bits.RotateLeft32(w[29], 15)) ^ bits.RotateLeft32(w[19], 7) ^ w[26] 321 tt2 = bits.RotateLeft32(a, 12) 322 ss1 = bits.RotateLeft32(tt2+e+_K[28], 7) 323 d = a&(b|c) | (b & c) + d + (ss1 ^ tt2) + (w[28] ^ w[32]) 324 tt2 = (f^g)&e ^ g + h + ss1 + w[28] 325 b = bits.RotateLeft32(b, 9) 326 f = bits.RotateLeft32(f, 19) 327 h = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 328 329 // Round 30 330 w[33] = p1(w[17]^w[24]^bits.RotateLeft32(w[30], 15)) ^ bits.RotateLeft32(w[20], 7) ^ w[27] 331 tt2 = bits.RotateLeft32(d, 12) 332 ss1 = bits.RotateLeft32(tt2+h+_K[29], 7) 333 c = d&(a|b) | (a & b) + c + (ss1 ^ tt2) + (w[29] ^ w[33]) 334 tt2 = (e^f)&h ^ f + g + ss1 + w[29] 335 a = bits.RotateLeft32(a, 9) 336 e = bits.RotateLeft32(e, 19) 337 g = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 338 339 // Round 31 340 w[34] = p1(w[18]^w[25]^bits.RotateLeft32(w[31], 15)) ^ bits.RotateLeft32(w[21], 7) ^ w[28] 341 tt2 = bits.RotateLeft32(c, 12) 342 ss1 = bits.RotateLeft32(tt2+g+_K[30], 7) 343 b = c&(d|a) | (d & a) + b + (ss1 ^ tt2) + (w[30] ^ w[34]) 344 tt2 = (h^e)&g ^ e + f + ss1 + w[30] 345 d = bits.RotateLeft32(d, 9) 346 h = bits.RotateLeft32(h, 19) 347 f = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 348 349 // Round 32 350 w[35] = p1(w[19]^w[26]^bits.RotateLeft32(w[32], 15)) ^ bits.RotateLeft32(w[22], 7) ^ w[29] 351 tt2 = bits.RotateLeft32(b, 12) 352 ss1 = bits.RotateLeft32(tt2+f+_K[31], 7) 353 a = b&(c|d) | (c & d) + a + (ss1 ^ tt2) + (w[31] ^ w[35]) 354 tt2 = (g^h)&f ^ h + e + ss1 + w[31] 355 c = bits.RotateLeft32(c, 9) 356 g = bits.RotateLeft32(g, 19) 357 e = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 358 359 // Round 33 360 w[36] = p1(w[20]^w[27]^bits.RotateLeft32(w[33], 15)) ^ bits.RotateLeft32(w[23], 7) ^ w[30] 361 tt2 = bits.RotateLeft32(a, 12) 362 ss1 = bits.RotateLeft32(tt2+e+_K[32], 7) 363 d = a&(b|c) | (b & c) + d + (ss1 ^ tt2) + (w[32] ^ w[36]) 364 tt2 = (f^g)&e ^ g + h + ss1 + w[32] 365 b = bits.RotateLeft32(b, 9) 366 f = bits.RotateLeft32(f, 19) 367 h = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 368 369 // Round 34 370 w[37] = p1(w[21]^w[28]^bits.RotateLeft32(w[34], 15)) ^ bits.RotateLeft32(w[24], 7) ^ w[31] 371 tt2 = bits.RotateLeft32(d, 12) 372 ss1 = bits.RotateLeft32(tt2+h+_K[33], 7) 373 c = d&(a|b) | (a & b) + c + (ss1 ^ tt2) + (w[33] ^ w[37]) 374 tt2 = (e^f)&h ^ f + g + ss1 + w[33] 375 a = bits.RotateLeft32(a, 9) 376 e = bits.RotateLeft32(e, 19) 377 g = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 378 379 // Round 35 380 w[38] = p1(w[22]^w[29]^bits.RotateLeft32(w[35], 15)) ^ bits.RotateLeft32(w[25], 7) ^ w[32] 381 tt2 = bits.RotateLeft32(c, 12) 382 ss1 = bits.RotateLeft32(tt2+g+_K[34], 7) 383 b = c&(d|a) | (d & a) + b + (ss1 ^ tt2) + (w[34] ^ w[38]) 384 tt2 = (h^e)&g ^ e + f + ss1 + w[34] 385 d = bits.RotateLeft32(d, 9) 386 h = bits.RotateLeft32(h, 19) 387 f = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 388 389 // Round 36 390 w[39] = p1(w[23]^w[30]^bits.RotateLeft32(w[36], 15)) ^ bits.RotateLeft32(w[26], 7) ^ w[33] 391 tt2 = bits.RotateLeft32(b, 12) 392 ss1 = bits.RotateLeft32(tt2+f+_K[35], 7) 393 a = b&(c|d) | (c & d) + a + (ss1 ^ tt2) + (w[35] ^ w[39]) 394 tt2 = (g^h)&f ^ h + e + ss1 + w[35] 395 c = bits.RotateLeft32(c, 9) 396 g = bits.RotateLeft32(g, 19) 397 e = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 398 399 // Round 37 400 w[40] = p1(w[24]^w[31]^bits.RotateLeft32(w[37], 15)) ^ bits.RotateLeft32(w[27], 7) ^ w[34] 401 tt2 = bits.RotateLeft32(a, 12) 402 ss1 = bits.RotateLeft32(tt2+e+_K[36], 7) 403 d = a&(b|c) | (b & c) + d + (ss1 ^ tt2) + (w[36] ^ w[40]) 404 tt2 = (f^g)&e ^ g + h + ss1 + w[36] 405 b = bits.RotateLeft32(b, 9) 406 f = bits.RotateLeft32(f, 19) 407 h = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 408 409 // Round 38 410 w[41] = p1(w[25]^w[32]^bits.RotateLeft32(w[38], 15)) ^ bits.RotateLeft32(w[28], 7) ^ w[35] 411 tt2 = bits.RotateLeft32(d, 12) 412 ss1 = bits.RotateLeft32(tt2+h+_K[37], 7) 413 c = d&(a|b) | (a & b) + c + (ss1 ^ tt2) + (w[37] ^ w[41]) 414 tt2 = (e^f)&h ^ f + g + ss1 + w[37] 415 a = bits.RotateLeft32(a, 9) 416 e = bits.RotateLeft32(e, 19) 417 g = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 418 419 // Round 39 420 w[42] = p1(w[26]^w[33]^bits.RotateLeft32(w[39], 15)) ^ bits.RotateLeft32(w[29], 7) ^ w[36] 421 tt2 = bits.RotateLeft32(c, 12) 422 ss1 = bits.RotateLeft32(tt2+g+_K[38], 7) 423 b = c&(d|a) | (d & a) + b + (ss1 ^ tt2) + (w[38] ^ w[42]) 424 tt2 = (h^e)&g ^ e + f + ss1 + w[38] 425 d = bits.RotateLeft32(d, 9) 426 h = bits.RotateLeft32(h, 19) 427 f = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 428 429 // Round 40 430 w[43] = p1(w[27]^w[34]^bits.RotateLeft32(w[40], 15)) ^ bits.RotateLeft32(w[30], 7) ^ w[37] 431 tt2 = bits.RotateLeft32(b, 12) 432 ss1 = bits.RotateLeft32(tt2+f+_K[39], 7) 433 a = b&(c|d) | (c & d) + a + (ss1 ^ tt2) + (w[39] ^ w[43]) 434 tt2 = (g^h)&f ^ h + e + ss1 + w[39] 435 c = bits.RotateLeft32(c, 9) 436 g = bits.RotateLeft32(g, 19) 437 e = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 438 439 // Round 41 440 w[44] = p1(w[28]^w[35]^bits.RotateLeft32(w[41], 15)) ^ bits.RotateLeft32(w[31], 7) ^ w[38] 441 tt2 = bits.RotateLeft32(a, 12) 442 ss1 = bits.RotateLeft32(tt2+e+_K[40], 7) 443 d = a&(b|c) | (b & c) + d + (ss1 ^ tt2) + (w[40] ^ w[44]) 444 tt2 = (f^g)&e ^ g + h + ss1 + w[40] 445 b = bits.RotateLeft32(b, 9) 446 f = bits.RotateLeft32(f, 19) 447 h = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 448 449 // Round 42 450 w[45] = p1(w[29]^w[36]^bits.RotateLeft32(w[42], 15)) ^ bits.RotateLeft32(w[32], 7) ^ w[39] 451 tt2 = bits.RotateLeft32(d, 12) 452 ss1 = bits.RotateLeft32(tt2+h+_K[41], 7) 453 c = d&(a|b) | (a & b) + c + (ss1 ^ tt2) + (w[41] ^ w[45]) 454 tt2 = (e^f)&h ^ f + g + ss1 + w[41] 455 a = bits.RotateLeft32(a, 9) 456 e = bits.RotateLeft32(e, 19) 457 g = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 458 459 // Round 43 460 w[46] = p1(w[30]^w[37]^bits.RotateLeft32(w[43], 15)) ^ bits.RotateLeft32(w[33], 7) ^ w[40] 461 tt2 = bits.RotateLeft32(c, 12) 462 ss1 = bits.RotateLeft32(tt2+g+_K[42], 7) 463 b = c&(d|a) | (d & a) + b + (ss1 ^ tt2) + (w[42] ^ w[46]) 464 tt2 = (h^e)&g ^ e + f + ss1 + w[42] 465 d = bits.RotateLeft32(d, 9) 466 h = bits.RotateLeft32(h, 19) 467 f = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 468 469 // Round 44 470 w[47] = p1(w[31]^w[38]^bits.RotateLeft32(w[44], 15)) ^ bits.RotateLeft32(w[34], 7) ^ w[41] 471 tt2 = bits.RotateLeft32(b, 12) 472 ss1 = bits.RotateLeft32(tt2+f+_K[43], 7) 473 a = b&(c|d) | (c & d) + a + (ss1 ^ tt2) + (w[43] ^ w[47]) 474 tt2 = (g^h)&f ^ h + e + ss1 + w[43] 475 c = bits.RotateLeft32(c, 9) 476 g = bits.RotateLeft32(g, 19) 477 e = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 478 479 // Round 45 480 w[48] = p1(w[32]^w[39]^bits.RotateLeft32(w[45], 15)) ^ bits.RotateLeft32(w[35], 7) ^ w[42] 481 tt2 = bits.RotateLeft32(a, 12) 482 ss1 = bits.RotateLeft32(tt2+e+_K[44], 7) 483 d = a&(b|c) | (b & c) + d + (ss1 ^ tt2) + (w[44] ^ w[48]) 484 tt2 = (f^g)&e ^ g + h + ss1 + w[44] 485 b = bits.RotateLeft32(b, 9) 486 f = bits.RotateLeft32(f, 19) 487 h = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 488 489 // Round 46 490 w[49] = p1(w[33]^w[40]^bits.RotateLeft32(w[46], 15)) ^ bits.RotateLeft32(w[36], 7) ^ w[43] 491 tt2 = bits.RotateLeft32(d, 12) 492 ss1 = bits.RotateLeft32(tt2+h+_K[45], 7) 493 c = d&(a|b) | (a & b) + c + (ss1 ^ tt2) + (w[45] ^ w[49]) 494 tt2 = (e^f)&h ^ f + g + ss1 + w[45] 495 a = bits.RotateLeft32(a, 9) 496 e = bits.RotateLeft32(e, 19) 497 g = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 498 499 // Round 47 500 w[50] = p1(w[34]^w[41]^bits.RotateLeft32(w[47], 15)) ^ bits.RotateLeft32(w[37], 7) ^ w[44] 501 tt2 = bits.RotateLeft32(c, 12) 502 ss1 = bits.RotateLeft32(tt2+g+_K[46], 7) 503 b = c&(d|a) | (d & a) + b + (ss1 ^ tt2) + (w[46] ^ w[50]) 504 tt2 = (h^e)&g ^ e + f + ss1 + w[46] 505 d = bits.RotateLeft32(d, 9) 506 h = bits.RotateLeft32(h, 19) 507 f = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 508 509 // Round 48 510 w[51] = p1(w[35]^w[42]^bits.RotateLeft32(w[48], 15)) ^ bits.RotateLeft32(w[38], 7) ^ w[45] 511 tt2 = bits.RotateLeft32(b, 12) 512 ss1 = bits.RotateLeft32(tt2+f+_K[47], 7) 513 a = b&(c|d) | (c & d) + a + (ss1 ^ tt2) + (w[47] ^ w[51]) 514 tt2 = (g^h)&f ^ h + e + ss1 + w[47] 515 c = bits.RotateLeft32(c, 9) 516 g = bits.RotateLeft32(g, 19) 517 e = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 518 519 // Round 49 520 w[52] = p1(w[36]^w[43]^bits.RotateLeft32(w[49], 15)) ^ bits.RotateLeft32(w[39], 7) ^ w[46] 521 tt2 = bits.RotateLeft32(a, 12) 522 ss1 = bits.RotateLeft32(tt2+e+_K[48], 7) 523 d = a&(b|c) | (b & c) + d + (ss1 ^ tt2) + (w[48] ^ w[52]) 524 tt2 = (f^g)&e ^ g + h + ss1 + w[48] 525 b = bits.RotateLeft32(b, 9) 526 f = bits.RotateLeft32(f, 19) 527 h = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 528 529 // Round 50 530 w[53] = p1(w[37]^w[44]^bits.RotateLeft32(w[50], 15)) ^ bits.RotateLeft32(w[40], 7) ^ w[47] 531 tt2 = bits.RotateLeft32(d, 12) 532 ss1 = bits.RotateLeft32(tt2+h+_K[49], 7) 533 c = d&(a|b) | (a & b) + c + (ss1 ^ tt2) + (w[49] ^ w[53]) 534 tt2 = (e^f)&h ^ f + g + ss1 + w[49] 535 a = bits.RotateLeft32(a, 9) 536 e = bits.RotateLeft32(e, 19) 537 g = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 538 539 // Round 51 540 w[54] = p1(w[38]^w[45]^bits.RotateLeft32(w[51], 15)) ^ bits.RotateLeft32(w[41], 7) ^ w[48] 541 tt2 = bits.RotateLeft32(c, 12) 542 ss1 = bits.RotateLeft32(tt2+g+_K[50], 7) 543 b = c&(d|a) | (d & a) + b + (ss1 ^ tt2) + (w[50] ^ w[54]) 544 tt2 = (h^e)&g ^ e + f + ss1 + w[50] 545 d = bits.RotateLeft32(d, 9) 546 h = bits.RotateLeft32(h, 19) 547 f = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 548 549 // Round 52 550 w[55] = p1(w[39]^w[46]^bits.RotateLeft32(w[52], 15)) ^ bits.RotateLeft32(w[42], 7) ^ w[49] 551 tt2 = bits.RotateLeft32(b, 12) 552 ss1 = bits.RotateLeft32(tt2+f+_K[51], 7) 553 a = b&(c|d) | (c & d) + a + (ss1 ^ tt2) + (w[51] ^ w[55]) 554 tt2 = (g^h)&f ^ h + e + ss1 + w[51] 555 c = bits.RotateLeft32(c, 9) 556 g = bits.RotateLeft32(g, 19) 557 e = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 558 559 // Round 53 560 w[56] = p1(w[40]^w[47]^bits.RotateLeft32(w[53], 15)) ^ bits.RotateLeft32(w[43], 7) ^ w[50] 561 tt2 = bits.RotateLeft32(a, 12) 562 ss1 = bits.RotateLeft32(tt2+e+_K[52], 7) 563 d = a&(b|c) | (b & c) + d + (ss1 ^ tt2) + (w[52] ^ w[56]) 564 tt2 = (f^g)&e ^ g + h + ss1 + w[52] 565 b = bits.RotateLeft32(b, 9) 566 f = bits.RotateLeft32(f, 19) 567 h = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 568 569 // Round 54 570 w[57] = p1(w[41]^w[48]^bits.RotateLeft32(w[54], 15)) ^ bits.RotateLeft32(w[44], 7) ^ w[51] 571 tt2 = bits.RotateLeft32(d, 12) 572 ss1 = bits.RotateLeft32(tt2+h+_K[53], 7) 573 c = d&(a|b) | (a & b) + c + (ss1 ^ tt2) + (w[53] ^ w[57]) 574 tt2 = (e^f)&h ^ f + g + ss1 + w[53] 575 a = bits.RotateLeft32(a, 9) 576 e = bits.RotateLeft32(e, 19) 577 g = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 578 579 // Round 55 580 w[58] = p1(w[42]^w[49]^bits.RotateLeft32(w[55], 15)) ^ bits.RotateLeft32(w[45], 7) ^ w[52] 581 tt2 = bits.RotateLeft32(c, 12) 582 ss1 = bits.RotateLeft32(tt2+g+_K[54], 7) 583 b = c&(d|a) | (d & a) + b + (ss1 ^ tt2) + (w[54] ^ w[58]) 584 tt2 = (h^e)&g ^ e + f + ss1 + w[54] 585 d = bits.RotateLeft32(d, 9) 586 h = bits.RotateLeft32(h, 19) 587 f = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 588 589 // Round 56 590 w[59] = p1(w[43]^w[50]^bits.RotateLeft32(w[56], 15)) ^ bits.RotateLeft32(w[46], 7) ^ w[53] 591 tt2 = bits.RotateLeft32(b, 12) 592 ss1 = bits.RotateLeft32(tt2+f+_K[55], 7) 593 a = b&(c|d) | (c & d) + a + (ss1 ^ tt2) + (w[55] ^ w[59]) 594 tt2 = (g^h)&f ^ h + e + ss1 + w[55] 595 c = bits.RotateLeft32(c, 9) 596 g = bits.RotateLeft32(g, 19) 597 e = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 598 599 // Round 57 600 w[60] = p1(w[44]^w[51]^bits.RotateLeft32(w[57], 15)) ^ bits.RotateLeft32(w[47], 7) ^ w[54] 601 tt2 = bits.RotateLeft32(a, 12) 602 ss1 = bits.RotateLeft32(tt2+e+_K[56], 7) 603 d = a&(b|c) | (b & c) + d + (ss1 ^ tt2) + (w[56] ^ w[60]) 604 tt2 = (f^g)&e ^ g + h + ss1 + w[56] 605 b = bits.RotateLeft32(b, 9) 606 f = bits.RotateLeft32(f, 19) 607 h = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 608 609 // Round 58 610 w[61] = p1(w[45]^w[52]^bits.RotateLeft32(w[58], 15)) ^ bits.RotateLeft32(w[48], 7) ^ w[55] 611 tt2 = bits.RotateLeft32(d, 12) 612 ss1 = bits.RotateLeft32(tt2+h+_K[57], 7) 613 c = d&(a|b) | (a & b) + c + (ss1 ^ tt2) + (w[57] ^ w[61]) 614 tt2 = (e^f)&h ^ f + g + ss1 + w[57] 615 a = bits.RotateLeft32(a, 9) 616 e = bits.RotateLeft32(e, 19) 617 g = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 618 619 // Round 59 620 w[62] = p1(w[46]^w[53]^bits.RotateLeft32(w[59], 15)) ^ bits.RotateLeft32(w[49], 7) ^ w[56] 621 tt2 = bits.RotateLeft32(c, 12) 622 ss1 = bits.RotateLeft32(tt2+g+_K[58], 7) 623 b = c&(d|a) | (d & a) + b + (ss1 ^ tt2) + (w[58] ^ w[62]) 624 tt2 = (h^e)&g ^ e + f + ss1 + w[58] 625 d = bits.RotateLeft32(d, 9) 626 h = bits.RotateLeft32(h, 19) 627 f = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 628 629 // Round 60 630 w[63] = p1(w[47]^w[54]^bits.RotateLeft32(w[60], 15)) ^ bits.RotateLeft32(w[50], 7) ^ w[57] 631 tt2 = bits.RotateLeft32(b, 12) 632 ss1 = bits.RotateLeft32(tt2+f+_K[59], 7) 633 a = b&(c|d) | (c & d) + a + (ss1 ^ tt2) + (w[59] ^ w[63]) 634 tt2 = (g^h)&f ^ h + e + ss1 + w[59] 635 c = bits.RotateLeft32(c, 9) 636 g = bits.RotateLeft32(g, 19) 637 e = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 638 639 // Round 61 640 w[64] = p1(w[48]^w[55]^bits.RotateLeft32(w[61], 15)) ^ bits.RotateLeft32(w[51], 7) ^ w[58] 641 tt2 = bits.RotateLeft32(a, 12) 642 ss1 = bits.RotateLeft32(tt2+e+_K[60], 7) 643 d = a&(b|c) | (b & c) + d + (ss1 ^ tt2) + (w[60] ^ w[64]) 644 tt2 = (f^g)&e ^ g + h + ss1 + w[60] 645 b = bits.RotateLeft32(b, 9) 646 f = bits.RotateLeft32(f, 19) 647 h = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 648 649 // Round 62 650 w[65] = p1(w[49]^w[56]^bits.RotateLeft32(w[62], 15)) ^ bits.RotateLeft32(w[52], 7) ^ w[59] 651 tt2 = bits.RotateLeft32(d, 12) 652 ss1 = bits.RotateLeft32(tt2+h+_K[61], 7) 653 c = d&(a|b) | (a & b) + c + (ss1 ^ tt2) + (w[61] ^ w[65]) 654 tt2 = (e^f)&h ^ f + g + ss1 + w[61] 655 a = bits.RotateLeft32(a, 9) 656 e = bits.RotateLeft32(e, 19) 657 g = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 658 659 // Round 63 660 w[66] = p1(w[50]^w[57]^bits.RotateLeft32(w[63], 15)) ^ bits.RotateLeft32(w[53], 7) ^ w[60] 661 tt2 = bits.RotateLeft32(c, 12) 662 ss1 = bits.RotateLeft32(tt2+g+_K[62], 7) 663 b = c&(d|a) | (d & a) + b + (ss1 ^ tt2) + (w[62] ^ w[66]) 664 tt2 = (h^e)&g ^ e + f + ss1 + w[62] 665 d = bits.RotateLeft32(d, 9) 666 h = bits.RotateLeft32(h, 19) 667 f = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 668 669 // Round 64 670 w[67] = p1(w[51]^w[58]^bits.RotateLeft32(w[64], 15)) ^ bits.RotateLeft32(w[54], 7) ^ w[61] 671 tt2 = bits.RotateLeft32(b, 12) 672 ss1 = bits.RotateLeft32(tt2+f+_K[63], 7) 673 a = b&(c|d) | (c & d) + a + (ss1 ^ tt2) + (w[63] ^ w[67]) 674 tt2 = (g^h)&f ^ h + e + ss1 + w[63] 675 c = bits.RotateLeft32(c, 9) 676 g = bits.RotateLeft32(g, 19) 677 e = tt2 ^ bits.RotateLeft32(tt2, 9) ^ bits.RotateLeft32(tt2, 17) 678 679 // restore state 680 h0 ^= a 681 h1 ^= b 682 h2 ^= c 683 h3 ^= d 684 h4 ^= e 685 h5 ^= f 686 h6 ^= g 687 h7 ^= h 688 // next chunk 689 p = p[chunk:] 690 } 691 dig.h[0], dig.h[1], dig.h[2], dig.h[3], dig.h[4], dig.h[5], dig.h[6], dig.h[7] = h0, h1, h2, h3, h4, h5, h6, h7 692 }