github.com/klaytn/klaytn@v1.12.1/crypto/sha3/keccakf.go (about) 1 // Copyright 2014 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 //go:build !amd64 || appengine || gccgo 6 // +build !amd64 appengine gccgo 7 8 package sha3 9 10 // rc stores the round constants for use in the ι step. 11 var rc = [24]uint64{ 12 0x0000000000000001, 13 0x0000000000008082, 14 0x800000000000808A, 15 0x8000000080008000, 16 0x000000000000808B, 17 0x0000000080000001, 18 0x8000000080008081, 19 0x8000000000008009, 20 0x000000000000008A, 21 0x0000000000000088, 22 0x0000000080008009, 23 0x000000008000000A, 24 0x000000008000808B, 25 0x800000000000008B, 26 0x8000000000008089, 27 0x8000000000008003, 28 0x8000000000008002, 29 0x8000000000000080, 30 0x000000000000800A, 31 0x800000008000000A, 32 0x8000000080008081, 33 0x8000000000008080, 34 0x0000000080000001, 35 0x8000000080008008, 36 } 37 38 // keccakF1600 applies the Keccak permutation to a 1600b-wide 39 // state represented as a slice of 25 uint64s. 40 func keccakF1600(a *[25]uint64) { 41 // Implementation translated from Keccak-inplace.c 42 // in the keccak reference code. 43 var t, bc0, bc1, bc2, bc3, bc4, d0, d1, d2, d3, d4 uint64 44 45 for i := 0; i < 24; i += 4 { 46 // Combines the 5 steps in each round into 2 steps. 47 // Unrolls 4 rounds per loop and spreads some steps across rounds. 48 49 // Round 1 50 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] 51 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] 52 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] 53 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] 54 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] 55 d0 = bc4 ^ (bc1<<1 | bc1>>63) 56 d1 = bc0 ^ (bc2<<1 | bc2>>63) 57 d2 = bc1 ^ (bc3<<1 | bc3>>63) 58 d3 = bc2 ^ (bc4<<1 | bc4>>63) 59 d4 = bc3 ^ (bc0<<1 | bc0>>63) 60 61 bc0 = a[0] ^ d0 62 t = a[6] ^ d1 63 bc1 = t<<44 | t>>(64-44) 64 t = a[12] ^ d2 65 bc2 = t<<43 | t>>(64-43) 66 t = a[18] ^ d3 67 bc3 = t<<21 | t>>(64-21) 68 t = a[24] ^ d4 69 bc4 = t<<14 | t>>(64-14) 70 a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i] 71 a[6] = bc1 ^ (bc3 &^ bc2) 72 a[12] = bc2 ^ (bc4 &^ bc3) 73 a[18] = bc3 ^ (bc0 &^ bc4) 74 a[24] = bc4 ^ (bc1 &^ bc0) 75 76 t = a[10] ^ d0 77 bc2 = t<<3 | t>>(64-3) 78 t = a[16] ^ d1 79 bc3 = t<<45 | t>>(64-45) 80 t = a[22] ^ d2 81 bc4 = t<<61 | t>>(64-61) 82 t = a[3] ^ d3 83 bc0 = t<<28 | t>>(64-28) 84 t = a[9] ^ d4 85 bc1 = t<<20 | t>>(64-20) 86 a[10] = bc0 ^ (bc2 &^ bc1) 87 a[16] = bc1 ^ (bc3 &^ bc2) 88 a[22] = bc2 ^ (bc4 &^ bc3) 89 a[3] = bc3 ^ (bc0 &^ bc4) 90 a[9] = bc4 ^ (bc1 &^ bc0) 91 92 t = a[20] ^ d0 93 bc4 = t<<18 | t>>(64-18) 94 t = a[1] ^ d1 95 bc0 = t<<1 | t>>(64-1) 96 t = a[7] ^ d2 97 bc1 = t<<6 | t>>(64-6) 98 t = a[13] ^ d3 99 bc2 = t<<25 | t>>(64-25) 100 t = a[19] ^ d4 101 bc3 = t<<8 | t>>(64-8) 102 a[20] = bc0 ^ (bc2 &^ bc1) 103 a[1] = bc1 ^ (bc3 &^ bc2) 104 a[7] = bc2 ^ (bc4 &^ bc3) 105 a[13] = bc3 ^ (bc0 &^ bc4) 106 a[19] = bc4 ^ (bc1 &^ bc0) 107 108 t = a[5] ^ d0 109 bc1 = t<<36 | t>>(64-36) 110 t = a[11] ^ d1 111 bc2 = t<<10 | t>>(64-10) 112 t = a[17] ^ d2 113 bc3 = t<<15 | t>>(64-15) 114 t = a[23] ^ d3 115 bc4 = t<<56 | t>>(64-56) 116 t = a[4] ^ d4 117 bc0 = t<<27 | t>>(64-27) 118 a[5] = bc0 ^ (bc2 &^ bc1) 119 a[11] = bc1 ^ (bc3 &^ bc2) 120 a[17] = bc2 ^ (bc4 &^ bc3) 121 a[23] = bc3 ^ (bc0 &^ bc4) 122 a[4] = bc4 ^ (bc1 &^ bc0) 123 124 t = a[15] ^ d0 125 bc3 = t<<41 | t>>(64-41) 126 t = a[21] ^ d1 127 bc4 = t<<2 | t>>(64-2) 128 t = a[2] ^ d2 129 bc0 = t<<62 | t>>(64-62) 130 t = a[8] ^ d3 131 bc1 = t<<55 | t>>(64-55) 132 t = a[14] ^ d4 133 bc2 = t<<39 | t>>(64-39) 134 a[15] = bc0 ^ (bc2 &^ bc1) 135 a[21] = bc1 ^ (bc3 &^ bc2) 136 a[2] = bc2 ^ (bc4 &^ bc3) 137 a[8] = bc3 ^ (bc0 &^ bc4) 138 a[14] = bc4 ^ (bc1 &^ bc0) 139 140 // Round 2 141 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] 142 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] 143 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] 144 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] 145 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] 146 d0 = bc4 ^ (bc1<<1 | bc1>>63) 147 d1 = bc0 ^ (bc2<<1 | bc2>>63) 148 d2 = bc1 ^ (bc3<<1 | bc3>>63) 149 d3 = bc2 ^ (bc4<<1 | bc4>>63) 150 d4 = bc3 ^ (bc0<<1 | bc0>>63) 151 152 bc0 = a[0] ^ d0 153 t = a[16] ^ d1 154 bc1 = t<<44 | t>>(64-44) 155 t = a[7] ^ d2 156 bc2 = t<<43 | t>>(64-43) 157 t = a[23] ^ d3 158 bc3 = t<<21 | t>>(64-21) 159 t = a[14] ^ d4 160 bc4 = t<<14 | t>>(64-14) 161 a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+1] 162 a[16] = bc1 ^ (bc3 &^ bc2) 163 a[7] = bc2 ^ (bc4 &^ bc3) 164 a[23] = bc3 ^ (bc0 &^ bc4) 165 a[14] = bc4 ^ (bc1 &^ bc0) 166 167 t = a[20] ^ d0 168 bc2 = t<<3 | t>>(64-3) 169 t = a[11] ^ d1 170 bc3 = t<<45 | t>>(64-45) 171 t = a[2] ^ d2 172 bc4 = t<<61 | t>>(64-61) 173 t = a[18] ^ d3 174 bc0 = t<<28 | t>>(64-28) 175 t = a[9] ^ d4 176 bc1 = t<<20 | t>>(64-20) 177 a[20] = bc0 ^ (bc2 &^ bc1) 178 a[11] = bc1 ^ (bc3 &^ bc2) 179 a[2] = bc2 ^ (bc4 &^ bc3) 180 a[18] = bc3 ^ (bc0 &^ bc4) 181 a[9] = bc4 ^ (bc1 &^ bc0) 182 183 t = a[15] ^ d0 184 bc4 = t<<18 | t>>(64-18) 185 t = a[6] ^ d1 186 bc0 = t<<1 | t>>(64-1) 187 t = a[22] ^ d2 188 bc1 = t<<6 | t>>(64-6) 189 t = a[13] ^ d3 190 bc2 = t<<25 | t>>(64-25) 191 t = a[4] ^ d4 192 bc3 = t<<8 | t>>(64-8) 193 a[15] = bc0 ^ (bc2 &^ bc1) 194 a[6] = bc1 ^ (bc3 &^ bc2) 195 a[22] = bc2 ^ (bc4 &^ bc3) 196 a[13] = bc3 ^ (bc0 &^ bc4) 197 a[4] = bc4 ^ (bc1 &^ bc0) 198 199 t = a[10] ^ d0 200 bc1 = t<<36 | t>>(64-36) 201 t = a[1] ^ d1 202 bc2 = t<<10 | t>>(64-10) 203 t = a[17] ^ d2 204 bc3 = t<<15 | t>>(64-15) 205 t = a[8] ^ d3 206 bc4 = t<<56 | t>>(64-56) 207 t = a[24] ^ d4 208 bc0 = t<<27 | t>>(64-27) 209 a[10] = bc0 ^ (bc2 &^ bc1) 210 a[1] = bc1 ^ (bc3 &^ bc2) 211 a[17] = bc2 ^ (bc4 &^ bc3) 212 a[8] = bc3 ^ (bc0 &^ bc4) 213 a[24] = bc4 ^ (bc1 &^ bc0) 214 215 t = a[5] ^ d0 216 bc3 = t<<41 | t>>(64-41) 217 t = a[21] ^ d1 218 bc4 = t<<2 | t>>(64-2) 219 t = a[12] ^ d2 220 bc0 = t<<62 | t>>(64-62) 221 t = a[3] ^ d3 222 bc1 = t<<55 | t>>(64-55) 223 t = a[19] ^ d4 224 bc2 = t<<39 | t>>(64-39) 225 a[5] = bc0 ^ (bc2 &^ bc1) 226 a[21] = bc1 ^ (bc3 &^ bc2) 227 a[12] = bc2 ^ (bc4 &^ bc3) 228 a[3] = bc3 ^ (bc0 &^ bc4) 229 a[19] = bc4 ^ (bc1 &^ bc0) 230 231 // Round 3 232 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] 233 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] 234 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] 235 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] 236 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] 237 d0 = bc4 ^ (bc1<<1 | bc1>>63) 238 d1 = bc0 ^ (bc2<<1 | bc2>>63) 239 d2 = bc1 ^ (bc3<<1 | bc3>>63) 240 d3 = bc2 ^ (bc4<<1 | bc4>>63) 241 d4 = bc3 ^ (bc0<<1 | bc0>>63) 242 243 bc0 = a[0] ^ d0 244 t = a[11] ^ d1 245 bc1 = t<<44 | t>>(64-44) 246 t = a[22] ^ d2 247 bc2 = t<<43 | t>>(64-43) 248 t = a[8] ^ d3 249 bc3 = t<<21 | t>>(64-21) 250 t = a[19] ^ d4 251 bc4 = t<<14 | t>>(64-14) 252 a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+2] 253 a[11] = bc1 ^ (bc3 &^ bc2) 254 a[22] = bc2 ^ (bc4 &^ bc3) 255 a[8] = bc3 ^ (bc0 &^ bc4) 256 a[19] = bc4 ^ (bc1 &^ bc0) 257 258 t = a[15] ^ d0 259 bc2 = t<<3 | t>>(64-3) 260 t = a[1] ^ d1 261 bc3 = t<<45 | t>>(64-45) 262 t = a[12] ^ d2 263 bc4 = t<<61 | t>>(64-61) 264 t = a[23] ^ d3 265 bc0 = t<<28 | t>>(64-28) 266 t = a[9] ^ d4 267 bc1 = t<<20 | t>>(64-20) 268 a[15] = bc0 ^ (bc2 &^ bc1) 269 a[1] = bc1 ^ (bc3 &^ bc2) 270 a[12] = bc2 ^ (bc4 &^ bc3) 271 a[23] = bc3 ^ (bc0 &^ bc4) 272 a[9] = bc4 ^ (bc1 &^ bc0) 273 274 t = a[5] ^ d0 275 bc4 = t<<18 | t>>(64-18) 276 t = a[16] ^ d1 277 bc0 = t<<1 | t>>(64-1) 278 t = a[2] ^ d2 279 bc1 = t<<6 | t>>(64-6) 280 t = a[13] ^ d3 281 bc2 = t<<25 | t>>(64-25) 282 t = a[24] ^ d4 283 bc3 = t<<8 | t>>(64-8) 284 a[5] = bc0 ^ (bc2 &^ bc1) 285 a[16] = bc1 ^ (bc3 &^ bc2) 286 a[2] = bc2 ^ (bc4 &^ bc3) 287 a[13] = bc3 ^ (bc0 &^ bc4) 288 a[24] = bc4 ^ (bc1 &^ bc0) 289 290 t = a[20] ^ d0 291 bc1 = t<<36 | t>>(64-36) 292 t = a[6] ^ d1 293 bc2 = t<<10 | t>>(64-10) 294 t = a[17] ^ d2 295 bc3 = t<<15 | t>>(64-15) 296 t = a[3] ^ d3 297 bc4 = t<<56 | t>>(64-56) 298 t = a[14] ^ d4 299 bc0 = t<<27 | t>>(64-27) 300 a[20] = bc0 ^ (bc2 &^ bc1) 301 a[6] = bc1 ^ (bc3 &^ bc2) 302 a[17] = bc2 ^ (bc4 &^ bc3) 303 a[3] = bc3 ^ (bc0 &^ bc4) 304 a[14] = bc4 ^ (bc1 &^ bc0) 305 306 t = a[10] ^ d0 307 bc3 = t<<41 | t>>(64-41) 308 t = a[21] ^ d1 309 bc4 = t<<2 | t>>(64-2) 310 t = a[7] ^ d2 311 bc0 = t<<62 | t>>(64-62) 312 t = a[18] ^ d3 313 bc1 = t<<55 | t>>(64-55) 314 t = a[4] ^ d4 315 bc2 = t<<39 | t>>(64-39) 316 a[10] = bc0 ^ (bc2 &^ bc1) 317 a[21] = bc1 ^ (bc3 &^ bc2) 318 a[7] = bc2 ^ (bc4 &^ bc3) 319 a[18] = bc3 ^ (bc0 &^ bc4) 320 a[4] = bc4 ^ (bc1 &^ bc0) 321 322 // Round 4 323 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] 324 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] 325 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] 326 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] 327 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] 328 d0 = bc4 ^ (bc1<<1 | bc1>>63) 329 d1 = bc0 ^ (bc2<<1 | bc2>>63) 330 d2 = bc1 ^ (bc3<<1 | bc3>>63) 331 d3 = bc2 ^ (bc4<<1 | bc4>>63) 332 d4 = bc3 ^ (bc0<<1 | bc0>>63) 333 334 bc0 = a[0] ^ d0 335 t = a[1] ^ d1 336 bc1 = t<<44 | t>>(64-44) 337 t = a[2] ^ d2 338 bc2 = t<<43 | t>>(64-43) 339 t = a[3] ^ d3 340 bc3 = t<<21 | t>>(64-21) 341 t = a[4] ^ d4 342 bc4 = t<<14 | t>>(64-14) 343 a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+3] 344 a[1] = bc1 ^ (bc3 &^ bc2) 345 a[2] = bc2 ^ (bc4 &^ bc3) 346 a[3] = bc3 ^ (bc0 &^ bc4) 347 a[4] = bc4 ^ (bc1 &^ bc0) 348 349 t = a[5] ^ d0 350 bc2 = t<<3 | t>>(64-3) 351 t = a[6] ^ d1 352 bc3 = t<<45 | t>>(64-45) 353 t = a[7] ^ d2 354 bc4 = t<<61 | t>>(64-61) 355 t = a[8] ^ d3 356 bc0 = t<<28 | t>>(64-28) 357 t = a[9] ^ d4 358 bc1 = t<<20 | t>>(64-20) 359 a[5] = bc0 ^ (bc2 &^ bc1) 360 a[6] = bc1 ^ (bc3 &^ bc2) 361 a[7] = bc2 ^ (bc4 &^ bc3) 362 a[8] = bc3 ^ (bc0 &^ bc4) 363 a[9] = bc4 ^ (bc1 &^ bc0) 364 365 t = a[10] ^ d0 366 bc4 = t<<18 | t>>(64-18) 367 t = a[11] ^ d1 368 bc0 = t<<1 | t>>(64-1) 369 t = a[12] ^ d2 370 bc1 = t<<6 | t>>(64-6) 371 t = a[13] ^ d3 372 bc2 = t<<25 | t>>(64-25) 373 t = a[14] ^ d4 374 bc3 = t<<8 | t>>(64-8) 375 a[10] = bc0 ^ (bc2 &^ bc1) 376 a[11] = bc1 ^ (bc3 &^ bc2) 377 a[12] = bc2 ^ (bc4 &^ bc3) 378 a[13] = bc3 ^ (bc0 &^ bc4) 379 a[14] = bc4 ^ (bc1 &^ bc0) 380 381 t = a[15] ^ d0 382 bc1 = t<<36 | t>>(64-36) 383 t = a[16] ^ d1 384 bc2 = t<<10 | t>>(64-10) 385 t = a[17] ^ d2 386 bc3 = t<<15 | t>>(64-15) 387 t = a[18] ^ d3 388 bc4 = t<<56 | t>>(64-56) 389 t = a[19] ^ d4 390 bc0 = t<<27 | t>>(64-27) 391 a[15] = bc0 ^ (bc2 &^ bc1) 392 a[16] = bc1 ^ (bc3 &^ bc2) 393 a[17] = bc2 ^ (bc4 &^ bc3) 394 a[18] = bc3 ^ (bc0 &^ bc4) 395 a[19] = bc4 ^ (bc1 &^ bc0) 396 397 t = a[20] ^ d0 398 bc3 = t<<41 | t>>(64-41) 399 t = a[21] ^ d1 400 bc4 = t<<2 | t>>(64-2) 401 t = a[22] ^ d2 402 bc0 = t<<62 | t>>(64-62) 403 t = a[23] ^ d3 404 bc1 = t<<55 | t>>(64-55) 405 t = a[24] ^ d4 406 bc2 = t<<39 | t>>(64-39) 407 a[20] = bc0 ^ (bc2 &^ bc1) 408 a[21] = bc1 ^ (bc3 &^ bc2) 409 a[22] = bc2 ^ (bc4 &^ bc3) 410 a[23] = bc3 ^ (bc0 &^ bc4) 411 a[24] = bc4 ^ (bc1 &^ bc0) 412 } 413 }