github.com/ethereumproject/go-ethereum@v5.5.2+incompatible/crypto/sha3/keccakf.go (about) 1 // Copyright 2014 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package sha3 6 7 // rc stores the round constants for use in the ι step. 8 var rc = [24]uint64{ 9 0x0000000000000001, 10 0x0000000000008082, 11 0x800000000000808A, 12 0x8000000080008000, 13 0x000000000000808B, 14 0x0000000080000001, 15 0x8000000080008081, 16 0x8000000000008009, 17 0x000000000000008A, 18 0x0000000000000088, 19 0x0000000080008009, 20 0x000000008000000A, 21 0x000000008000808B, 22 0x800000000000008B, 23 0x8000000000008089, 24 0x8000000000008003, 25 0x8000000000008002, 26 0x8000000000000080, 27 0x000000000000800A, 28 0x800000008000000A, 29 0x8000000080008081, 30 0x8000000000008080, 31 0x0000000080000001, 32 0x8000000080008008, 33 } 34 35 // keccakF1600 applies the Keccak permutation to a 1600b-wide 36 // state represented as a slice of 25 uint64s. 37 func keccakF1600(a *[25]uint64) { 38 // Implementation translated from Keccak-inplace.c 39 // in the keccak reference code. 40 var t, bc0, bc1, bc2, bc3, bc4, d0, d1, d2, d3, d4 uint64 41 42 for i := 0; i < 24; i += 4 { 43 // Combines the 5 steps in each round into 2 steps. 44 // Unrolls 4 rounds per loop and spreads some steps across rounds. 45 46 // Round 1 47 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] 48 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] 49 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] 50 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] 51 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] 52 d0 = bc4 ^ (bc1<<1 | bc1>>63) 53 d1 = bc0 ^ (bc2<<1 | bc2>>63) 54 d2 = bc1 ^ (bc3<<1 | bc3>>63) 55 d3 = bc2 ^ (bc4<<1 | bc4>>63) 56 d4 = bc3 ^ (bc0<<1 | bc0>>63) 57 58 bc0 = a[0] ^ d0 59 t = a[6] ^ d1 60 bc1 = t<<44 | t>>(64-44) 61 t = a[12] ^ d2 62 bc2 = t<<43 | t>>(64-43) 63 t = a[18] ^ d3 64 bc3 = t<<21 | t>>(64-21) 65 t = a[24] ^ d4 66 bc4 = t<<14 | t>>(64-14) 67 a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i] 68 a[6] = bc1 ^ (bc3 &^ bc2) 69 a[12] = bc2 ^ (bc4 &^ bc3) 70 a[18] = bc3 ^ (bc0 &^ bc4) 71 a[24] = bc4 ^ (bc1 &^ bc0) 72 73 t = a[10] ^ d0 74 bc2 = t<<3 | t>>(64-3) 75 t = a[16] ^ d1 76 bc3 = t<<45 | t>>(64-45) 77 t = a[22] ^ d2 78 bc4 = t<<61 | t>>(64-61) 79 t = a[3] ^ d3 80 bc0 = t<<28 | t>>(64-28) 81 t = a[9] ^ d4 82 bc1 = t<<20 | t>>(64-20) 83 a[10] = bc0 ^ (bc2 &^ bc1) 84 a[16] = bc1 ^ (bc3 &^ bc2) 85 a[22] = bc2 ^ (bc4 &^ bc3) 86 a[3] = bc3 ^ (bc0 &^ bc4) 87 a[9] = bc4 ^ (bc1 &^ bc0) 88 89 t = a[20] ^ d0 90 bc4 = t<<18 | t>>(64-18) 91 t = a[1] ^ d1 92 bc0 = t<<1 | t>>(64-1) 93 t = a[7] ^ d2 94 bc1 = t<<6 | t>>(64-6) 95 t = a[13] ^ d3 96 bc2 = t<<25 | t>>(64-25) 97 t = a[19] ^ d4 98 bc3 = t<<8 | t>>(64-8) 99 a[20] = bc0 ^ (bc2 &^ bc1) 100 a[1] = bc1 ^ (bc3 &^ bc2) 101 a[7] = bc2 ^ (bc4 &^ bc3) 102 a[13] = bc3 ^ (bc0 &^ bc4) 103 a[19] = bc4 ^ (bc1 &^ bc0) 104 105 t = a[5] ^ d0 106 bc1 = t<<36 | t>>(64-36) 107 t = a[11] ^ d1 108 bc2 = t<<10 | t>>(64-10) 109 t = a[17] ^ d2 110 bc3 = t<<15 | t>>(64-15) 111 t = a[23] ^ d3 112 bc4 = t<<56 | t>>(64-56) 113 t = a[4] ^ d4 114 bc0 = t<<27 | t>>(64-27) 115 a[5] = bc0 ^ (bc2 &^ bc1) 116 a[11] = bc1 ^ (bc3 &^ bc2) 117 a[17] = bc2 ^ (bc4 &^ bc3) 118 a[23] = bc3 ^ (bc0 &^ bc4) 119 a[4] = bc4 ^ (bc1 &^ bc0) 120 121 t = a[15] ^ d0 122 bc3 = t<<41 | t>>(64-41) 123 t = a[21] ^ d1 124 bc4 = t<<2 | t>>(64-2) 125 t = a[2] ^ d2 126 bc0 = t<<62 | t>>(64-62) 127 t = a[8] ^ d3 128 bc1 = t<<55 | t>>(64-55) 129 t = a[14] ^ d4 130 bc2 = t<<39 | t>>(64-39) 131 a[15] = bc0 ^ (bc2 &^ bc1) 132 a[21] = bc1 ^ (bc3 &^ bc2) 133 a[2] = bc2 ^ (bc4 &^ bc3) 134 a[8] = bc3 ^ (bc0 &^ bc4) 135 a[14] = bc4 ^ (bc1 &^ bc0) 136 137 // Round 2 138 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] 139 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] 140 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] 141 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] 142 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] 143 d0 = bc4 ^ (bc1<<1 | bc1>>63) 144 d1 = bc0 ^ (bc2<<1 | bc2>>63) 145 d2 = bc1 ^ (bc3<<1 | bc3>>63) 146 d3 = bc2 ^ (bc4<<1 | bc4>>63) 147 d4 = bc3 ^ (bc0<<1 | bc0>>63) 148 149 bc0 = a[0] ^ d0 150 t = a[16] ^ d1 151 bc1 = t<<44 | t>>(64-44) 152 t = a[7] ^ d2 153 bc2 = t<<43 | t>>(64-43) 154 t = a[23] ^ d3 155 bc3 = t<<21 | t>>(64-21) 156 t = a[14] ^ d4 157 bc4 = t<<14 | t>>(64-14) 158 a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+1] 159 a[16] = bc1 ^ (bc3 &^ bc2) 160 a[7] = bc2 ^ (bc4 &^ bc3) 161 a[23] = bc3 ^ (bc0 &^ bc4) 162 a[14] = bc4 ^ (bc1 &^ bc0) 163 164 t = a[20] ^ d0 165 bc2 = t<<3 | t>>(64-3) 166 t = a[11] ^ d1 167 bc3 = t<<45 | t>>(64-45) 168 t = a[2] ^ d2 169 bc4 = t<<61 | t>>(64-61) 170 t = a[18] ^ d3 171 bc0 = t<<28 | t>>(64-28) 172 t = a[9] ^ d4 173 bc1 = t<<20 | t>>(64-20) 174 a[20] = bc0 ^ (bc2 &^ bc1) 175 a[11] = bc1 ^ (bc3 &^ bc2) 176 a[2] = bc2 ^ (bc4 &^ bc3) 177 a[18] = bc3 ^ (bc0 &^ bc4) 178 a[9] = bc4 ^ (bc1 &^ bc0) 179 180 t = a[15] ^ d0 181 bc4 = t<<18 | t>>(64-18) 182 t = a[6] ^ d1 183 bc0 = t<<1 | t>>(64-1) 184 t = a[22] ^ d2 185 bc1 = t<<6 | t>>(64-6) 186 t = a[13] ^ d3 187 bc2 = t<<25 | t>>(64-25) 188 t = a[4] ^ d4 189 bc3 = t<<8 | t>>(64-8) 190 a[15] = bc0 ^ (bc2 &^ bc1) 191 a[6] = bc1 ^ (bc3 &^ bc2) 192 a[22] = bc2 ^ (bc4 &^ bc3) 193 a[13] = bc3 ^ (bc0 &^ bc4) 194 a[4] = bc4 ^ (bc1 &^ bc0) 195 196 t = a[10] ^ d0 197 bc1 = t<<36 | t>>(64-36) 198 t = a[1] ^ d1 199 bc2 = t<<10 | t>>(64-10) 200 t = a[17] ^ d2 201 bc3 = t<<15 | t>>(64-15) 202 t = a[8] ^ d3 203 bc4 = t<<56 | t>>(64-56) 204 t = a[24] ^ d4 205 bc0 = t<<27 | t>>(64-27) 206 a[10] = bc0 ^ (bc2 &^ bc1) 207 a[1] = bc1 ^ (bc3 &^ bc2) 208 a[17] = bc2 ^ (bc4 &^ bc3) 209 a[8] = bc3 ^ (bc0 &^ bc4) 210 a[24] = bc4 ^ (bc1 &^ bc0) 211 212 t = a[5] ^ d0 213 bc3 = t<<41 | t>>(64-41) 214 t = a[21] ^ d1 215 bc4 = t<<2 | t>>(64-2) 216 t = a[12] ^ d2 217 bc0 = t<<62 | t>>(64-62) 218 t = a[3] ^ d3 219 bc1 = t<<55 | t>>(64-55) 220 t = a[19] ^ d4 221 bc2 = t<<39 | t>>(64-39) 222 a[5] = bc0 ^ (bc2 &^ bc1) 223 a[21] = bc1 ^ (bc3 &^ bc2) 224 a[12] = bc2 ^ (bc4 &^ bc3) 225 a[3] = bc3 ^ (bc0 &^ bc4) 226 a[19] = bc4 ^ (bc1 &^ bc0) 227 228 // Round 3 229 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] 230 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] 231 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] 232 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] 233 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] 234 d0 = bc4 ^ (bc1<<1 | bc1>>63) 235 d1 = bc0 ^ (bc2<<1 | bc2>>63) 236 d2 = bc1 ^ (bc3<<1 | bc3>>63) 237 d3 = bc2 ^ (bc4<<1 | bc4>>63) 238 d4 = bc3 ^ (bc0<<1 | bc0>>63) 239 240 bc0 = a[0] ^ d0 241 t = a[11] ^ d1 242 bc1 = t<<44 | t>>(64-44) 243 t = a[22] ^ d2 244 bc2 = t<<43 | t>>(64-43) 245 t = a[8] ^ d3 246 bc3 = t<<21 | t>>(64-21) 247 t = a[19] ^ d4 248 bc4 = t<<14 | t>>(64-14) 249 a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+2] 250 a[11] = bc1 ^ (bc3 &^ bc2) 251 a[22] = bc2 ^ (bc4 &^ bc3) 252 a[8] = bc3 ^ (bc0 &^ bc4) 253 a[19] = bc4 ^ (bc1 &^ bc0) 254 255 t = a[15] ^ d0 256 bc2 = t<<3 | t>>(64-3) 257 t = a[1] ^ d1 258 bc3 = t<<45 | t>>(64-45) 259 t = a[12] ^ d2 260 bc4 = t<<61 | t>>(64-61) 261 t = a[23] ^ d3 262 bc0 = t<<28 | t>>(64-28) 263 t = a[9] ^ d4 264 bc1 = t<<20 | t>>(64-20) 265 a[15] = bc0 ^ (bc2 &^ bc1) 266 a[1] = bc1 ^ (bc3 &^ bc2) 267 a[12] = bc2 ^ (bc4 &^ bc3) 268 a[23] = bc3 ^ (bc0 &^ bc4) 269 a[9] = bc4 ^ (bc1 &^ bc0) 270 271 t = a[5] ^ d0 272 bc4 = t<<18 | t>>(64-18) 273 t = a[16] ^ d1 274 bc0 = t<<1 | t>>(64-1) 275 t = a[2] ^ d2 276 bc1 = t<<6 | t>>(64-6) 277 t = a[13] ^ d3 278 bc2 = t<<25 | t>>(64-25) 279 t = a[24] ^ d4 280 bc3 = t<<8 | t>>(64-8) 281 a[5] = bc0 ^ (bc2 &^ bc1) 282 a[16] = bc1 ^ (bc3 &^ bc2) 283 a[2] = bc2 ^ (bc4 &^ bc3) 284 a[13] = bc3 ^ (bc0 &^ bc4) 285 a[24] = bc4 ^ (bc1 &^ bc0) 286 287 t = a[20] ^ d0 288 bc1 = t<<36 | t>>(64-36) 289 t = a[6] ^ d1 290 bc2 = t<<10 | t>>(64-10) 291 t = a[17] ^ d2 292 bc3 = t<<15 | t>>(64-15) 293 t = a[3] ^ d3 294 bc4 = t<<56 | t>>(64-56) 295 t = a[14] ^ d4 296 bc0 = t<<27 | t>>(64-27) 297 a[20] = bc0 ^ (bc2 &^ bc1) 298 a[6] = bc1 ^ (bc3 &^ bc2) 299 a[17] = bc2 ^ (bc4 &^ bc3) 300 a[3] = bc3 ^ (bc0 &^ bc4) 301 a[14] = bc4 ^ (bc1 &^ bc0) 302 303 t = a[10] ^ d0 304 bc3 = t<<41 | t>>(64-41) 305 t = a[21] ^ d1 306 bc4 = t<<2 | t>>(64-2) 307 t = a[7] ^ d2 308 bc0 = t<<62 | t>>(64-62) 309 t = a[18] ^ d3 310 bc1 = t<<55 | t>>(64-55) 311 t = a[4] ^ d4 312 bc2 = t<<39 | t>>(64-39) 313 a[10] = bc0 ^ (bc2 &^ bc1) 314 a[21] = bc1 ^ (bc3 &^ bc2) 315 a[7] = bc2 ^ (bc4 &^ bc3) 316 a[18] = bc3 ^ (bc0 &^ bc4) 317 a[4] = bc4 ^ (bc1 &^ bc0) 318 319 // Round 4 320 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] 321 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] 322 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] 323 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] 324 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] 325 d0 = bc4 ^ (bc1<<1 | bc1>>63) 326 d1 = bc0 ^ (bc2<<1 | bc2>>63) 327 d2 = bc1 ^ (bc3<<1 | bc3>>63) 328 d3 = bc2 ^ (bc4<<1 | bc4>>63) 329 d4 = bc3 ^ (bc0<<1 | bc0>>63) 330 331 bc0 = a[0] ^ d0 332 t = a[1] ^ d1 333 bc1 = t<<44 | t>>(64-44) 334 t = a[2] ^ d2 335 bc2 = t<<43 | t>>(64-43) 336 t = a[3] ^ d3 337 bc3 = t<<21 | t>>(64-21) 338 t = a[4] ^ d4 339 bc4 = t<<14 | t>>(64-14) 340 a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+3] 341 a[1] = bc1 ^ (bc3 &^ bc2) 342 a[2] = bc2 ^ (bc4 &^ bc3) 343 a[3] = bc3 ^ (bc0 &^ bc4) 344 a[4] = bc4 ^ (bc1 &^ bc0) 345 346 t = a[5] ^ d0 347 bc2 = t<<3 | t>>(64-3) 348 t = a[6] ^ d1 349 bc3 = t<<45 | t>>(64-45) 350 t = a[7] ^ d2 351 bc4 = t<<61 | t>>(64-61) 352 t = a[8] ^ d3 353 bc0 = t<<28 | t>>(64-28) 354 t = a[9] ^ d4 355 bc1 = t<<20 | t>>(64-20) 356 a[5] = bc0 ^ (bc2 &^ bc1) 357 a[6] = bc1 ^ (bc3 &^ bc2) 358 a[7] = bc2 ^ (bc4 &^ bc3) 359 a[8] = bc3 ^ (bc0 &^ bc4) 360 a[9] = bc4 ^ (bc1 &^ bc0) 361 362 t = a[10] ^ d0 363 bc4 = t<<18 | t>>(64-18) 364 t = a[11] ^ d1 365 bc0 = t<<1 | t>>(64-1) 366 t = a[12] ^ d2 367 bc1 = t<<6 | t>>(64-6) 368 t = a[13] ^ d3 369 bc2 = t<<25 | t>>(64-25) 370 t = a[14] ^ d4 371 bc3 = t<<8 | t>>(64-8) 372 a[10] = bc0 ^ (bc2 &^ bc1) 373 a[11] = bc1 ^ (bc3 &^ bc2) 374 a[12] = bc2 ^ (bc4 &^ bc3) 375 a[13] = bc3 ^ (bc0 &^ bc4) 376 a[14] = bc4 ^ (bc1 &^ bc0) 377 378 t = a[15] ^ d0 379 bc1 = t<<36 | t>>(64-36) 380 t = a[16] ^ d1 381 bc2 = t<<10 | t>>(64-10) 382 t = a[17] ^ d2 383 bc3 = t<<15 | t>>(64-15) 384 t = a[18] ^ d3 385 bc4 = t<<56 | t>>(64-56) 386 t = a[19] ^ d4 387 bc0 = t<<27 | t>>(64-27) 388 a[15] = bc0 ^ (bc2 &^ bc1) 389 a[16] = bc1 ^ (bc3 &^ bc2) 390 a[17] = bc2 ^ (bc4 &^ bc3) 391 a[18] = bc3 ^ (bc0 &^ bc4) 392 a[19] = bc4 ^ (bc1 &^ bc0) 393 394 t = a[20] ^ d0 395 bc3 = t<<41 | t>>(64-41) 396 t = a[21] ^ d1 397 bc4 = t<<2 | t>>(64-2) 398 t = a[22] ^ d2 399 bc0 = t<<62 | t>>(64-62) 400 t = a[23] ^ d3 401 bc1 = t<<55 | t>>(64-55) 402 t = a[24] ^ d4 403 bc2 = t<<39 | t>>(64-39) 404 a[20] = bc0 ^ (bc2 &^ bc1) 405 a[21] = bc1 ^ (bc3 &^ bc2) 406 a[22] = bc2 ^ (bc4 &^ bc3) 407 a[23] = bc3 ^ (bc0 &^ bc4) 408 a[24] = bc4 ^ (bc1 &^ bc0) 409 } 410 }