github.com/onflow/flow-go@v0.35.7-crescendo-preview.23-atree-inlining/ledger/common/hash/keccakf.go (about) 1 // The functions below were copied from golang.org/x/crypto/sha3. 2 // 3 // Copyright (c) 2009 The Go Authors. All rights reserved. 4 5 // Redistribution and use in source and binary forms, with or without 6 // modification, are permitted provided that the following conditions are 7 // met: 8 9 // * Redistributions of source code must retain the above copyright 10 // notice, this list of conditions and the following disclaimer. 11 // * Redistributions in binary form must reproduce the above 12 // copyright notice, this list of conditions and the following disclaimer 13 // in the documentation and/or other materials provided with the 14 // distribution. 15 // * Neither the name of Google Inc. nor the names of its 16 // contributors may be used to endorse or promote products derived from 17 // this software without specific prior written permission. 18 19 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 22 // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 23 // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 24 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 25 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 31 //go:build !amd64 || purego || !gc 32 // +build !amd64 purego !gc 33 34 package hash 35 36 // rc stores the round constants for use in the ι step. 37 var rc = [24]uint64{ 38 0x0000000000000001, 39 0x0000000000008082, 40 0x800000000000808A, 41 0x8000000080008000, 42 0x000000000000808B, 43 0x0000000080000001, 44 0x8000000080008081, 45 0x8000000000008009, 46 0x000000000000008A, 47 0x0000000000000088, 48 0x0000000080008009, 49 0x000000008000000A, 50 0x000000008000808B, 51 0x800000000000008B, 52 0x8000000000008089, 53 0x8000000000008003, 54 0x8000000000008002, 55 0x8000000000000080, 56 0x000000000000800A, 57 0x800000008000000A, 58 0x8000000080008081, 59 0x8000000000008080, 60 0x0000000080000001, 61 0x8000000080008008, 62 } 63 64 // keccakF1600 applies the Keccak permutation to a 1600b-wide 65 // state represented as a slice of 25 uint64s. 66 func keccakF1600(a *[25]uint64) { 67 // Implementation translated from Keccak-inplace.c 68 // in the keccak reference code. 69 var t, bc0, bc1, bc2, bc3, bc4, d0, d1, d2, d3, d4 uint64 70 71 for i := 0; i < 24; i += 4 { 72 // Combines the 5 steps in each round into 2 steps. 73 // Unrolls 4 rounds per loop and spreads some steps across rounds. 74 75 // Round 1 76 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] 77 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] 78 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] 79 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] 80 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] 81 d0 = bc4 ^ (bc1<<1 | bc1>>63) 82 d1 = bc0 ^ (bc2<<1 | bc2>>63) 83 d2 = bc1 ^ (bc3<<1 | bc3>>63) 84 d3 = bc2 ^ (bc4<<1 | bc4>>63) 85 d4 = bc3 ^ (bc0<<1 | bc0>>63) 86 87 bc0 = a[0] ^ d0 88 t = a[6] ^ d1 89 bc1 = t<<44 | t>>(64-44) 90 t = a[12] ^ d2 91 bc2 = t<<43 | t>>(64-43) 92 t = a[18] ^ d3 93 bc3 = t<<21 | t>>(64-21) 94 t = a[24] ^ d4 95 bc4 = t<<14 | t>>(64-14) 96 a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i] 97 a[6] = bc1 ^ (bc3 &^ bc2) 98 a[12] = bc2 ^ (bc4 &^ bc3) 99 a[18] = bc3 ^ (bc0 &^ bc4) 100 a[24] = bc4 ^ (bc1 &^ bc0) 101 102 t = a[10] ^ d0 103 bc2 = t<<3 | t>>(64-3) 104 t = a[16] ^ d1 105 bc3 = t<<45 | t>>(64-45) 106 t = a[22] ^ d2 107 bc4 = t<<61 | t>>(64-61) 108 t = a[3] ^ d3 109 bc0 = t<<28 | t>>(64-28) 110 t = a[9] ^ d4 111 bc1 = t<<20 | t>>(64-20) 112 a[10] = bc0 ^ (bc2 &^ bc1) 113 a[16] = bc1 ^ (bc3 &^ bc2) 114 a[22] = bc2 ^ (bc4 &^ bc3) 115 a[3] = bc3 ^ (bc0 &^ bc4) 116 a[9] = bc4 ^ (bc1 &^ bc0) 117 118 t = a[20] ^ d0 119 bc4 = t<<18 | t>>(64-18) 120 t = a[1] ^ d1 121 bc0 = t<<1 | t>>(64-1) 122 t = a[7] ^ d2 123 bc1 = t<<6 | t>>(64-6) 124 t = a[13] ^ d3 125 bc2 = t<<25 | t>>(64-25) 126 t = a[19] ^ d4 127 bc3 = t<<8 | t>>(64-8) 128 a[20] = bc0 ^ (bc2 &^ bc1) 129 a[1] = bc1 ^ (bc3 &^ bc2) 130 a[7] = bc2 ^ (bc4 &^ bc3) 131 a[13] = bc3 ^ (bc0 &^ bc4) 132 a[19] = bc4 ^ (bc1 &^ bc0) 133 134 t = a[5] ^ d0 135 bc1 = t<<36 | t>>(64-36) 136 t = a[11] ^ d1 137 bc2 = t<<10 | t>>(64-10) 138 t = a[17] ^ d2 139 bc3 = t<<15 | t>>(64-15) 140 t = a[23] ^ d3 141 bc4 = t<<56 | t>>(64-56) 142 t = a[4] ^ d4 143 bc0 = t<<27 | t>>(64-27) 144 a[5] = bc0 ^ (bc2 &^ bc1) 145 a[11] = bc1 ^ (bc3 &^ bc2) 146 a[17] = bc2 ^ (bc4 &^ bc3) 147 a[23] = bc3 ^ (bc0 &^ bc4) 148 a[4] = bc4 ^ (bc1 &^ bc0) 149 150 t = a[15] ^ d0 151 bc3 = t<<41 | t>>(64-41) 152 t = a[21] ^ d1 153 bc4 = t<<2 | t>>(64-2) 154 t = a[2] ^ d2 155 bc0 = t<<62 | t>>(64-62) 156 t = a[8] ^ d3 157 bc1 = t<<55 | t>>(64-55) 158 t = a[14] ^ d4 159 bc2 = t<<39 | t>>(64-39) 160 a[15] = bc0 ^ (bc2 &^ bc1) 161 a[21] = bc1 ^ (bc3 &^ bc2) 162 a[2] = bc2 ^ (bc4 &^ bc3) 163 a[8] = bc3 ^ (bc0 &^ bc4) 164 a[14] = bc4 ^ (bc1 &^ bc0) 165 166 // Round 2 167 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] 168 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] 169 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] 170 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] 171 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] 172 d0 = bc4 ^ (bc1<<1 | bc1>>63) 173 d1 = bc0 ^ (bc2<<1 | bc2>>63) 174 d2 = bc1 ^ (bc3<<1 | bc3>>63) 175 d3 = bc2 ^ (bc4<<1 | bc4>>63) 176 d4 = bc3 ^ (bc0<<1 | bc0>>63) 177 178 bc0 = a[0] ^ d0 179 t = a[16] ^ d1 180 bc1 = t<<44 | t>>(64-44) 181 t = a[7] ^ d2 182 bc2 = t<<43 | t>>(64-43) 183 t = a[23] ^ d3 184 bc3 = t<<21 | t>>(64-21) 185 t = a[14] ^ d4 186 bc4 = t<<14 | t>>(64-14) 187 a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+1] 188 a[16] = bc1 ^ (bc3 &^ bc2) 189 a[7] = bc2 ^ (bc4 &^ bc3) 190 a[23] = bc3 ^ (bc0 &^ bc4) 191 a[14] = bc4 ^ (bc1 &^ bc0) 192 193 t = a[20] ^ d0 194 bc2 = t<<3 | t>>(64-3) 195 t = a[11] ^ d1 196 bc3 = t<<45 | t>>(64-45) 197 t = a[2] ^ d2 198 bc4 = t<<61 | t>>(64-61) 199 t = a[18] ^ d3 200 bc0 = t<<28 | t>>(64-28) 201 t = a[9] ^ d4 202 bc1 = t<<20 | t>>(64-20) 203 a[20] = bc0 ^ (bc2 &^ bc1) 204 a[11] = bc1 ^ (bc3 &^ bc2) 205 a[2] = bc2 ^ (bc4 &^ bc3) 206 a[18] = bc3 ^ (bc0 &^ bc4) 207 a[9] = bc4 ^ (bc1 &^ bc0) 208 209 t = a[15] ^ d0 210 bc4 = t<<18 | t>>(64-18) 211 t = a[6] ^ d1 212 bc0 = t<<1 | t>>(64-1) 213 t = a[22] ^ d2 214 bc1 = t<<6 | t>>(64-6) 215 t = a[13] ^ d3 216 bc2 = t<<25 | t>>(64-25) 217 t = a[4] ^ d4 218 bc3 = t<<8 | t>>(64-8) 219 a[15] = bc0 ^ (bc2 &^ bc1) 220 a[6] = bc1 ^ (bc3 &^ bc2) 221 a[22] = bc2 ^ (bc4 &^ bc3) 222 a[13] = bc3 ^ (bc0 &^ bc4) 223 a[4] = bc4 ^ (bc1 &^ bc0) 224 225 t = a[10] ^ d0 226 bc1 = t<<36 | t>>(64-36) 227 t = a[1] ^ d1 228 bc2 = t<<10 | t>>(64-10) 229 t = a[17] ^ d2 230 bc3 = t<<15 | t>>(64-15) 231 t = a[8] ^ d3 232 bc4 = t<<56 | t>>(64-56) 233 t = a[24] ^ d4 234 bc0 = t<<27 | t>>(64-27) 235 a[10] = bc0 ^ (bc2 &^ bc1) 236 a[1] = bc1 ^ (bc3 &^ bc2) 237 a[17] = bc2 ^ (bc4 &^ bc3) 238 a[8] = bc3 ^ (bc0 &^ bc4) 239 a[24] = bc4 ^ (bc1 &^ bc0) 240 241 t = a[5] ^ d0 242 bc3 = t<<41 | t>>(64-41) 243 t = a[21] ^ d1 244 bc4 = t<<2 | t>>(64-2) 245 t = a[12] ^ d2 246 bc0 = t<<62 | t>>(64-62) 247 t = a[3] ^ d3 248 bc1 = t<<55 | t>>(64-55) 249 t = a[19] ^ d4 250 bc2 = t<<39 | t>>(64-39) 251 a[5] = bc0 ^ (bc2 &^ bc1) 252 a[21] = bc1 ^ (bc3 &^ bc2) 253 a[12] = bc2 ^ (bc4 &^ bc3) 254 a[3] = bc3 ^ (bc0 &^ bc4) 255 a[19] = bc4 ^ (bc1 &^ bc0) 256 257 // Round 3 258 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] 259 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] 260 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] 261 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] 262 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] 263 d0 = bc4 ^ (bc1<<1 | bc1>>63) 264 d1 = bc0 ^ (bc2<<1 | bc2>>63) 265 d2 = bc1 ^ (bc3<<1 | bc3>>63) 266 d3 = bc2 ^ (bc4<<1 | bc4>>63) 267 d4 = bc3 ^ (bc0<<1 | bc0>>63) 268 269 bc0 = a[0] ^ d0 270 t = a[11] ^ d1 271 bc1 = t<<44 | t>>(64-44) 272 t = a[22] ^ d2 273 bc2 = t<<43 | t>>(64-43) 274 t = a[8] ^ d3 275 bc3 = t<<21 | t>>(64-21) 276 t = a[19] ^ d4 277 bc4 = t<<14 | t>>(64-14) 278 a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+2] 279 a[11] = bc1 ^ (bc3 &^ bc2) 280 a[22] = bc2 ^ (bc4 &^ bc3) 281 a[8] = bc3 ^ (bc0 &^ bc4) 282 a[19] = bc4 ^ (bc1 &^ bc0) 283 284 t = a[15] ^ d0 285 bc2 = t<<3 | t>>(64-3) 286 t = a[1] ^ d1 287 bc3 = t<<45 | t>>(64-45) 288 t = a[12] ^ d2 289 bc4 = t<<61 | t>>(64-61) 290 t = a[23] ^ d3 291 bc0 = t<<28 | t>>(64-28) 292 t = a[9] ^ d4 293 bc1 = t<<20 | t>>(64-20) 294 a[15] = bc0 ^ (bc2 &^ bc1) 295 a[1] = bc1 ^ (bc3 &^ bc2) 296 a[12] = bc2 ^ (bc4 &^ bc3) 297 a[23] = bc3 ^ (bc0 &^ bc4) 298 a[9] = bc4 ^ (bc1 &^ bc0) 299 300 t = a[5] ^ d0 301 bc4 = t<<18 | t>>(64-18) 302 t = a[16] ^ d1 303 bc0 = t<<1 | t>>(64-1) 304 t = a[2] ^ d2 305 bc1 = t<<6 | t>>(64-6) 306 t = a[13] ^ d3 307 bc2 = t<<25 | t>>(64-25) 308 t = a[24] ^ d4 309 bc3 = t<<8 | t>>(64-8) 310 a[5] = bc0 ^ (bc2 &^ bc1) 311 a[16] = bc1 ^ (bc3 &^ bc2) 312 a[2] = bc2 ^ (bc4 &^ bc3) 313 a[13] = bc3 ^ (bc0 &^ bc4) 314 a[24] = bc4 ^ (bc1 &^ bc0) 315 316 t = a[20] ^ d0 317 bc1 = t<<36 | t>>(64-36) 318 t = a[6] ^ d1 319 bc2 = t<<10 | t>>(64-10) 320 t = a[17] ^ d2 321 bc3 = t<<15 | t>>(64-15) 322 t = a[3] ^ d3 323 bc4 = t<<56 | t>>(64-56) 324 t = a[14] ^ d4 325 bc0 = t<<27 | t>>(64-27) 326 a[20] = bc0 ^ (bc2 &^ bc1) 327 a[6] = bc1 ^ (bc3 &^ bc2) 328 a[17] = bc2 ^ (bc4 &^ bc3) 329 a[3] = bc3 ^ (bc0 &^ bc4) 330 a[14] = bc4 ^ (bc1 &^ bc0) 331 332 t = a[10] ^ d0 333 bc3 = t<<41 | t>>(64-41) 334 t = a[21] ^ d1 335 bc4 = t<<2 | t>>(64-2) 336 t = a[7] ^ d2 337 bc0 = t<<62 | t>>(64-62) 338 t = a[18] ^ d3 339 bc1 = t<<55 | t>>(64-55) 340 t = a[4] ^ d4 341 bc2 = t<<39 | t>>(64-39) 342 a[10] = bc0 ^ (bc2 &^ bc1) 343 a[21] = bc1 ^ (bc3 &^ bc2) 344 a[7] = bc2 ^ (bc4 &^ bc3) 345 a[18] = bc3 ^ (bc0 &^ bc4) 346 a[4] = bc4 ^ (bc1 &^ bc0) 347 348 // Round 4 349 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] 350 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] 351 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] 352 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] 353 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] 354 d0 = bc4 ^ (bc1<<1 | bc1>>63) 355 d1 = bc0 ^ (bc2<<1 | bc2>>63) 356 d2 = bc1 ^ (bc3<<1 | bc3>>63) 357 d3 = bc2 ^ (bc4<<1 | bc4>>63) 358 d4 = bc3 ^ (bc0<<1 | bc0>>63) 359 360 bc0 = a[0] ^ d0 361 t = a[1] ^ d1 362 bc1 = t<<44 | t>>(64-44) 363 t = a[2] ^ d2 364 bc2 = t<<43 | t>>(64-43) 365 t = a[3] ^ d3 366 bc3 = t<<21 | t>>(64-21) 367 t = a[4] ^ d4 368 bc4 = t<<14 | t>>(64-14) 369 a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+3] 370 a[1] = bc1 ^ (bc3 &^ bc2) 371 a[2] = bc2 ^ (bc4 &^ bc3) 372 a[3] = bc3 ^ (bc0 &^ bc4) 373 a[4] = bc4 ^ (bc1 &^ bc0) 374 375 t = a[5] ^ d0 376 bc2 = t<<3 | t>>(64-3) 377 t = a[6] ^ d1 378 bc3 = t<<45 | t>>(64-45) 379 t = a[7] ^ d2 380 bc4 = t<<61 | t>>(64-61) 381 t = a[8] ^ d3 382 bc0 = t<<28 | t>>(64-28) 383 t = a[9] ^ d4 384 bc1 = t<<20 | t>>(64-20) 385 a[5] = bc0 ^ (bc2 &^ bc1) 386 a[6] = bc1 ^ (bc3 &^ bc2) 387 a[7] = bc2 ^ (bc4 &^ bc3) 388 a[8] = bc3 ^ (bc0 &^ bc4) 389 a[9] = bc4 ^ (bc1 &^ bc0) 390 391 t = a[10] ^ d0 392 bc4 = t<<18 | t>>(64-18) 393 t = a[11] ^ d1 394 bc0 = t<<1 | t>>(64-1) 395 t = a[12] ^ d2 396 bc1 = t<<6 | t>>(64-6) 397 t = a[13] ^ d3 398 bc2 = t<<25 | t>>(64-25) 399 t = a[14] ^ d4 400 bc3 = t<<8 | t>>(64-8) 401 a[10] = bc0 ^ (bc2 &^ bc1) 402 a[11] = bc1 ^ (bc3 &^ bc2) 403 a[12] = bc2 ^ (bc4 &^ bc3) 404 a[13] = bc3 ^ (bc0 &^ bc4) 405 a[14] = bc4 ^ (bc1 &^ bc0) 406 407 t = a[15] ^ d0 408 bc1 = t<<36 | t>>(64-36) 409 t = a[16] ^ d1 410 bc2 = t<<10 | t>>(64-10) 411 t = a[17] ^ d2 412 bc3 = t<<15 | t>>(64-15) 413 t = a[18] ^ d3 414 bc4 = t<<56 | t>>(64-56) 415 t = a[19] ^ d4 416 bc0 = t<<27 | t>>(64-27) 417 a[15] = bc0 ^ (bc2 &^ bc1) 418 a[16] = bc1 ^ (bc3 &^ bc2) 419 a[17] = bc2 ^ (bc4 &^ bc3) 420 a[18] = bc3 ^ (bc0 &^ bc4) 421 a[19] = bc4 ^ (bc1 &^ bc0) 422 423 t = a[20] ^ d0 424 bc3 = t<<41 | t>>(64-41) 425 t = a[21] ^ d1 426 bc4 = t<<2 | t>>(64-2) 427 t = a[22] ^ d2 428 bc0 = t<<62 | t>>(64-62) 429 t = a[23] ^ d3 430 bc1 = t<<55 | t>>(64-55) 431 t = a[24] ^ d4 432 bc2 = t<<39 | t>>(64-39) 433 a[20] = bc0 ^ (bc2 &^ bc1) 434 a[21] = bc1 ^ (bc3 &^ bc2) 435 a[22] = bc2 ^ (bc4 &^ bc3) 436 a[23] = bc3 ^ (bc0 &^ bc4) 437 a[24] = bc4 ^ (bc1 &^ bc0) 438 } 439 }