github.com/mdaxf/iac@v0.0.0-20240519030858-58a061660378/vendor_skip/golang.org/x/crypto/sha3/keccakf.go (about) 1 // Copyright 2014 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 //go:build !amd64 || purego || !gc 6 7 package sha3 8 9 import "math/bits" 10 11 // rc stores the round constants for use in the ι step. 12 var rc = [24]uint64{ 13 0x0000000000000001, 14 0x0000000000008082, 15 0x800000000000808A, 16 0x8000000080008000, 17 0x000000000000808B, 18 0x0000000080000001, 19 0x8000000080008081, 20 0x8000000000008009, 21 0x000000000000008A, 22 0x0000000000000088, 23 0x0000000080008009, 24 0x000000008000000A, 25 0x000000008000808B, 26 0x800000000000008B, 27 0x8000000000008089, 28 0x8000000000008003, 29 0x8000000000008002, 30 0x8000000000000080, 31 0x000000000000800A, 32 0x800000008000000A, 33 0x8000000080008081, 34 0x8000000000008080, 35 0x0000000080000001, 36 0x8000000080008008, 37 } 38 39 // keccakF1600 applies the Keccak permutation to a 1600b-wide 40 // state represented as a slice of 25 uint64s. 41 func keccakF1600(a *[25]uint64) { 42 // Implementation translated from Keccak-inplace.c 43 // in the keccak reference code. 44 var t, bc0, bc1, bc2, bc3, bc4, d0, d1, d2, d3, d4 uint64 45 46 for i := 0; i < 24; i += 4 { 47 // Combines the 5 steps in each round into 2 steps. 48 // Unrolls 4 rounds per loop and spreads some steps across rounds. 49 50 // Round 1 51 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] 52 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] 53 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] 54 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] 55 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] 56 d0 = bc4 ^ (bc1<<1 | bc1>>63) 57 d1 = bc0 ^ (bc2<<1 | bc2>>63) 58 d2 = bc1 ^ (bc3<<1 | bc3>>63) 59 d3 = bc2 ^ (bc4<<1 | bc4>>63) 60 d4 = bc3 ^ (bc0<<1 | bc0>>63) 61 62 bc0 = a[0] ^ d0 63 t = a[6] ^ d1 64 bc1 = bits.RotateLeft64(t, 44) 65 t = a[12] ^ d2 66 bc2 = bits.RotateLeft64(t, 43) 67 t = a[18] ^ d3 68 bc3 = bits.RotateLeft64(t, 21) 69 t = a[24] ^ d4 70 bc4 = bits.RotateLeft64(t, 14) 71 a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i] 72 a[6] = bc1 ^ (bc3 &^ bc2) 73 a[12] = bc2 ^ (bc4 &^ bc3) 74 a[18] = bc3 ^ (bc0 &^ bc4) 75 a[24] = bc4 ^ (bc1 &^ bc0) 76 77 t = a[10] ^ d0 78 bc2 = bits.RotateLeft64(t, 3) 79 t = a[16] ^ d1 80 bc3 = bits.RotateLeft64(t, 45) 81 t = a[22] ^ d2 82 bc4 = bits.RotateLeft64(t, 61) 83 t = a[3] ^ d3 84 bc0 = bits.RotateLeft64(t, 28) 85 t = a[9] ^ d4 86 bc1 = bits.RotateLeft64(t, 20) 87 a[10] = bc0 ^ (bc2 &^ bc1) 88 a[16] = bc1 ^ (bc3 &^ bc2) 89 a[22] = bc2 ^ (bc4 &^ bc3) 90 a[3] = bc3 ^ (bc0 &^ bc4) 91 a[9] = bc4 ^ (bc1 &^ bc0) 92 93 t = a[20] ^ d0 94 bc4 = bits.RotateLeft64(t, 18) 95 t = a[1] ^ d1 96 bc0 = bits.RotateLeft64(t, 1) 97 t = a[7] ^ d2 98 bc1 = bits.RotateLeft64(t, 6) 99 t = a[13] ^ d3 100 bc2 = bits.RotateLeft64(t, 25) 101 t = a[19] ^ d4 102 bc3 = bits.RotateLeft64(t, 8) 103 a[20] = bc0 ^ (bc2 &^ bc1) 104 a[1] = bc1 ^ (bc3 &^ bc2) 105 a[7] = bc2 ^ (bc4 &^ bc3) 106 a[13] = bc3 ^ (bc0 &^ bc4) 107 a[19] = bc4 ^ (bc1 &^ bc0) 108 109 t = a[5] ^ d0 110 bc1 = bits.RotateLeft64(t, 36) 111 t = a[11] ^ d1 112 bc2 = bits.RotateLeft64(t, 10) 113 t = a[17] ^ d2 114 bc3 = bits.RotateLeft64(t, 15) 115 t = a[23] ^ d3 116 bc4 = bits.RotateLeft64(t, 56) 117 t = a[4] ^ d4 118 bc0 = bits.RotateLeft64(t, 27) 119 a[5] = bc0 ^ (bc2 &^ bc1) 120 a[11] = bc1 ^ (bc3 &^ bc2) 121 a[17] = bc2 ^ (bc4 &^ bc3) 122 a[23] = bc3 ^ (bc0 &^ bc4) 123 a[4] = bc4 ^ (bc1 &^ bc0) 124 125 t = a[15] ^ d0 126 bc3 = bits.RotateLeft64(t, 41) 127 t = a[21] ^ d1 128 bc4 = bits.RotateLeft64(t, 2) 129 t = a[2] ^ d2 130 bc0 = bits.RotateLeft64(t, 62) 131 t = a[8] ^ d3 132 bc1 = bits.RotateLeft64(t, 55) 133 t = a[14] ^ d4 134 bc2 = bits.RotateLeft64(t, 39) 135 a[15] = bc0 ^ (bc2 &^ bc1) 136 a[21] = bc1 ^ (bc3 &^ bc2) 137 a[2] = bc2 ^ (bc4 &^ bc3) 138 a[8] = bc3 ^ (bc0 &^ bc4) 139 a[14] = bc4 ^ (bc1 &^ bc0) 140 141 // Round 2 142 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] 143 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] 144 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] 145 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] 146 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] 147 d0 = bc4 ^ (bc1<<1 | bc1>>63) 148 d1 = bc0 ^ (bc2<<1 | bc2>>63) 149 d2 = bc1 ^ (bc3<<1 | bc3>>63) 150 d3 = bc2 ^ (bc4<<1 | bc4>>63) 151 d4 = bc3 ^ (bc0<<1 | bc0>>63) 152 153 bc0 = a[0] ^ d0 154 t = a[16] ^ d1 155 bc1 = bits.RotateLeft64(t, 44) 156 t = a[7] ^ d2 157 bc2 = bits.RotateLeft64(t, 43) 158 t = a[23] ^ d3 159 bc3 = bits.RotateLeft64(t, 21) 160 t = a[14] ^ d4 161 bc4 = bits.RotateLeft64(t, 14) 162 a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+1] 163 a[16] = bc1 ^ (bc3 &^ bc2) 164 a[7] = bc2 ^ (bc4 &^ bc3) 165 a[23] = bc3 ^ (bc0 &^ bc4) 166 a[14] = bc4 ^ (bc1 &^ bc0) 167 168 t = a[20] ^ d0 169 bc2 = bits.RotateLeft64(t, 3) 170 t = a[11] ^ d1 171 bc3 = bits.RotateLeft64(t, 45) 172 t = a[2] ^ d2 173 bc4 = bits.RotateLeft64(t, 61) 174 t = a[18] ^ d3 175 bc0 = bits.RotateLeft64(t, 28) 176 t = a[9] ^ d4 177 bc1 = bits.RotateLeft64(t, 20) 178 a[20] = bc0 ^ (bc2 &^ bc1) 179 a[11] = bc1 ^ (bc3 &^ bc2) 180 a[2] = bc2 ^ (bc4 &^ bc3) 181 a[18] = bc3 ^ (bc0 &^ bc4) 182 a[9] = bc4 ^ (bc1 &^ bc0) 183 184 t = a[15] ^ d0 185 bc4 = bits.RotateLeft64(t, 18) 186 t = a[6] ^ d1 187 bc0 = bits.RotateLeft64(t, 1) 188 t = a[22] ^ d2 189 bc1 = bits.RotateLeft64(t, 6) 190 t = a[13] ^ d3 191 bc2 = bits.RotateLeft64(t, 25) 192 t = a[4] ^ d4 193 bc3 = bits.RotateLeft64(t, 8) 194 a[15] = bc0 ^ (bc2 &^ bc1) 195 a[6] = bc1 ^ (bc3 &^ bc2) 196 a[22] = bc2 ^ (bc4 &^ bc3) 197 a[13] = bc3 ^ (bc0 &^ bc4) 198 a[4] = bc4 ^ (bc1 &^ bc0) 199 200 t = a[10] ^ d0 201 bc1 = bits.RotateLeft64(t, 36) 202 t = a[1] ^ d1 203 bc2 = bits.RotateLeft64(t, 10) 204 t = a[17] ^ d2 205 bc3 = bits.RotateLeft64(t, 15) 206 t = a[8] ^ d3 207 bc4 = bits.RotateLeft64(t, 56) 208 t = a[24] ^ d4 209 bc0 = bits.RotateLeft64(t, 27) 210 a[10] = bc0 ^ (bc2 &^ bc1) 211 a[1] = bc1 ^ (bc3 &^ bc2) 212 a[17] = bc2 ^ (bc4 &^ bc3) 213 a[8] = bc3 ^ (bc0 &^ bc4) 214 a[24] = bc4 ^ (bc1 &^ bc0) 215 216 t = a[5] ^ d0 217 bc3 = bits.RotateLeft64(t, 41) 218 t = a[21] ^ d1 219 bc4 = bits.RotateLeft64(t, 2) 220 t = a[12] ^ d2 221 bc0 = bits.RotateLeft64(t, 62) 222 t = a[3] ^ d3 223 bc1 = bits.RotateLeft64(t, 55) 224 t = a[19] ^ d4 225 bc2 = bits.RotateLeft64(t, 39) 226 a[5] = bc0 ^ (bc2 &^ bc1) 227 a[21] = bc1 ^ (bc3 &^ bc2) 228 a[12] = bc2 ^ (bc4 &^ bc3) 229 a[3] = bc3 ^ (bc0 &^ bc4) 230 a[19] = bc4 ^ (bc1 &^ bc0) 231 232 // Round 3 233 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] 234 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] 235 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] 236 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] 237 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] 238 d0 = bc4 ^ (bc1<<1 | bc1>>63) 239 d1 = bc0 ^ (bc2<<1 | bc2>>63) 240 d2 = bc1 ^ (bc3<<1 | bc3>>63) 241 d3 = bc2 ^ (bc4<<1 | bc4>>63) 242 d4 = bc3 ^ (bc0<<1 | bc0>>63) 243 244 bc0 = a[0] ^ d0 245 t = a[11] ^ d1 246 bc1 = bits.RotateLeft64(t, 44) 247 t = a[22] ^ d2 248 bc2 = bits.RotateLeft64(t, 43) 249 t = a[8] ^ d3 250 bc3 = bits.RotateLeft64(t, 21) 251 t = a[19] ^ d4 252 bc4 = bits.RotateLeft64(t, 14) 253 a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+2] 254 a[11] = bc1 ^ (bc3 &^ bc2) 255 a[22] = bc2 ^ (bc4 &^ bc3) 256 a[8] = bc3 ^ (bc0 &^ bc4) 257 a[19] = bc4 ^ (bc1 &^ bc0) 258 259 t = a[15] ^ d0 260 bc2 = bits.RotateLeft64(t, 3) 261 t = a[1] ^ d1 262 bc3 = bits.RotateLeft64(t, 45) 263 t = a[12] ^ d2 264 bc4 = bits.RotateLeft64(t, 61) 265 t = a[23] ^ d3 266 bc0 = bits.RotateLeft64(t, 28) 267 t = a[9] ^ d4 268 bc1 = bits.RotateLeft64(t, 20) 269 a[15] = bc0 ^ (bc2 &^ bc1) 270 a[1] = bc1 ^ (bc3 &^ bc2) 271 a[12] = bc2 ^ (bc4 &^ bc3) 272 a[23] = bc3 ^ (bc0 &^ bc4) 273 a[9] = bc4 ^ (bc1 &^ bc0) 274 275 t = a[5] ^ d0 276 bc4 = bits.RotateLeft64(t, 18) 277 t = a[16] ^ d1 278 bc0 = bits.RotateLeft64(t, 1) 279 t = a[2] ^ d2 280 bc1 = bits.RotateLeft64(t, 6) 281 t = a[13] ^ d3 282 bc2 = bits.RotateLeft64(t, 25) 283 t = a[24] ^ d4 284 bc3 = bits.RotateLeft64(t, 8) 285 a[5] = bc0 ^ (bc2 &^ bc1) 286 a[16] = bc1 ^ (bc3 &^ bc2) 287 a[2] = bc2 ^ (bc4 &^ bc3) 288 a[13] = bc3 ^ (bc0 &^ bc4) 289 a[24] = bc4 ^ (bc1 &^ bc0) 290 291 t = a[20] ^ d0 292 bc1 = bits.RotateLeft64(t, 36) 293 t = a[6] ^ d1 294 bc2 = bits.RotateLeft64(t, 10) 295 t = a[17] ^ d2 296 bc3 = bits.RotateLeft64(t, 15) 297 t = a[3] ^ d3 298 bc4 = bits.RotateLeft64(t, 56) 299 t = a[14] ^ d4 300 bc0 = bits.RotateLeft64(t, 27) 301 a[20] = bc0 ^ (bc2 &^ bc1) 302 a[6] = bc1 ^ (bc3 &^ bc2) 303 a[17] = bc2 ^ (bc4 &^ bc3) 304 a[3] = bc3 ^ (bc0 &^ bc4) 305 a[14] = bc4 ^ (bc1 &^ bc0) 306 307 t = a[10] ^ d0 308 bc3 = bits.RotateLeft64(t, 41) 309 t = a[21] ^ d1 310 bc4 = bits.RotateLeft64(t, 2) 311 t = a[7] ^ d2 312 bc0 = bits.RotateLeft64(t, 62) 313 t = a[18] ^ d3 314 bc1 = bits.RotateLeft64(t, 55) 315 t = a[4] ^ d4 316 bc2 = bits.RotateLeft64(t, 39) 317 a[10] = bc0 ^ (bc2 &^ bc1) 318 a[21] = bc1 ^ (bc3 &^ bc2) 319 a[7] = bc2 ^ (bc4 &^ bc3) 320 a[18] = bc3 ^ (bc0 &^ bc4) 321 a[4] = bc4 ^ (bc1 &^ bc0) 322 323 // Round 4 324 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] 325 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] 326 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] 327 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] 328 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] 329 d0 = bc4 ^ (bc1<<1 | bc1>>63) 330 d1 = bc0 ^ (bc2<<1 | bc2>>63) 331 d2 = bc1 ^ (bc3<<1 | bc3>>63) 332 d3 = bc2 ^ (bc4<<1 | bc4>>63) 333 d4 = bc3 ^ (bc0<<1 | bc0>>63) 334 335 bc0 = a[0] ^ d0 336 t = a[1] ^ d1 337 bc1 = bits.RotateLeft64(t, 44) 338 t = a[2] ^ d2 339 bc2 = bits.RotateLeft64(t, 43) 340 t = a[3] ^ d3 341 bc3 = bits.RotateLeft64(t, 21) 342 t = a[4] ^ d4 343 bc4 = bits.RotateLeft64(t, 14) 344 a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+3] 345 a[1] = bc1 ^ (bc3 &^ bc2) 346 a[2] = bc2 ^ (bc4 &^ bc3) 347 a[3] = bc3 ^ (bc0 &^ bc4) 348 a[4] = bc4 ^ (bc1 &^ bc0) 349 350 t = a[5] ^ d0 351 bc2 = bits.RotateLeft64(t, 3) 352 t = a[6] ^ d1 353 bc3 = bits.RotateLeft64(t, 45) 354 t = a[7] ^ d2 355 bc4 = bits.RotateLeft64(t, 61) 356 t = a[8] ^ d3 357 bc0 = bits.RotateLeft64(t, 28) 358 t = a[9] ^ d4 359 bc1 = bits.RotateLeft64(t, 20) 360 a[5] = bc0 ^ (bc2 &^ bc1) 361 a[6] = bc1 ^ (bc3 &^ bc2) 362 a[7] = bc2 ^ (bc4 &^ bc3) 363 a[8] = bc3 ^ (bc0 &^ bc4) 364 a[9] = bc4 ^ (bc1 &^ bc0) 365 366 t = a[10] ^ d0 367 bc4 = bits.RotateLeft64(t, 18) 368 t = a[11] ^ d1 369 bc0 = bits.RotateLeft64(t, 1) 370 t = a[12] ^ d2 371 bc1 = bits.RotateLeft64(t, 6) 372 t = a[13] ^ d3 373 bc2 = bits.RotateLeft64(t, 25) 374 t = a[14] ^ d4 375 bc3 = bits.RotateLeft64(t, 8) 376 a[10] = bc0 ^ (bc2 &^ bc1) 377 a[11] = bc1 ^ (bc3 &^ bc2) 378 a[12] = bc2 ^ (bc4 &^ bc3) 379 a[13] = bc3 ^ (bc0 &^ bc4) 380 a[14] = bc4 ^ (bc1 &^ bc0) 381 382 t = a[15] ^ d0 383 bc1 = bits.RotateLeft64(t, 36) 384 t = a[16] ^ d1 385 bc2 = bits.RotateLeft64(t, 10) 386 t = a[17] ^ d2 387 bc3 = bits.RotateLeft64(t, 15) 388 t = a[18] ^ d3 389 bc4 = bits.RotateLeft64(t, 56) 390 t = a[19] ^ d4 391 bc0 = bits.RotateLeft64(t, 27) 392 a[15] = bc0 ^ (bc2 &^ bc1) 393 a[16] = bc1 ^ (bc3 &^ bc2) 394 a[17] = bc2 ^ (bc4 &^ bc3) 395 a[18] = bc3 ^ (bc0 &^ bc4) 396 a[19] = bc4 ^ (bc1 &^ bc0) 397 398 t = a[20] ^ d0 399 bc3 = bits.RotateLeft64(t, 41) 400 t = a[21] ^ d1 401 bc4 = bits.RotateLeft64(t, 2) 402 t = a[22] ^ d2 403 bc0 = bits.RotateLeft64(t, 62) 404 t = a[23] ^ d3 405 bc1 = bits.RotateLeft64(t, 55) 406 t = a[24] ^ d4 407 bc2 = bits.RotateLeft64(t, 39) 408 a[20] = bc0 ^ (bc2 &^ bc1) 409 a[21] = bc1 ^ (bc3 &^ bc2) 410 a[22] = bc2 ^ (bc4 &^ bc3) 411 a[23] = bc3 ^ (bc0 &^ bc4) 412 a[24] = bc4 ^ (bc1 &^ bc0) 413 } 414 }