github.com/turingchain2020/turingchain@v1.1.21/common/crypto/sha3/keccakf.go (about) 1 // Copyright Turing Corp. 2018 All Rights Reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // Copyright 2014 The Go Authors. All rights reserved. 6 // Use of this source code is governed by a BSD-style 7 // license that can be found in the LICENSE file. 8 9 // +build !amd64 appengine gccgo 10 11 package sha3 12 13 // rc stores the round constants for use in the ι step. 14 var rc = [24]uint64{ 15 0x0000000000000001, 16 0x0000000000008082, 17 0x800000000000808A, 18 0x8000000080008000, 19 0x000000000000808B, 20 0x0000000080000001, 21 0x8000000080008081, 22 0x8000000000008009, 23 0x000000000000008A, 24 0x0000000000000088, 25 0x0000000080008009, 26 0x000000008000000A, 27 0x000000008000808B, 28 0x800000000000008B, 29 0x8000000000008089, 30 0x8000000000008003, 31 0x8000000000008002, 32 0x8000000000000080, 33 0x000000000000800A, 34 0x800000008000000A, 35 0x8000000080008081, 36 0x8000000000008080, 37 0x0000000080000001, 38 0x8000000080008008, 39 } 40 41 // keccakF1600 applies the Keccak permutation to a 1600b-wide 42 // state represented as a slice of 25 uint64s. 43 func keccakF1600(a *[25]uint64) { 44 // Implementation translated from Keccak-inplace.c 45 // in the keccak reference code. 46 var t, bc0, bc1, bc2, bc3, bc4, d0, d1, d2, d3, d4 uint64 47 48 for i := 0; i < 24; i += 4 { 49 // Combines the 5 steps in each round into 2 steps. 50 // Unrolls 4 rounds per loop and spreads some steps across rounds. 51 52 // Round 1 53 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] 54 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] 55 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] 56 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] 57 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] 58 d0 = bc4 ^ (bc1<<1 | bc1>>63) 59 d1 = bc0 ^ (bc2<<1 | bc2>>63) 60 d2 = bc1 ^ (bc3<<1 | bc3>>63) 61 d3 = bc2 ^ (bc4<<1 | bc4>>63) 62 d4 = bc3 ^ (bc0<<1 | bc0>>63) 63 64 bc0 = a[0] ^ d0 65 t = a[6] ^ d1 66 bc1 = t<<44 | t>>(64-44) 67 t = a[12] ^ d2 68 bc2 = t<<43 | t>>(64-43) 69 t = a[18] ^ d3 70 bc3 = t<<21 | t>>(64-21) 71 t = a[24] ^ d4 72 bc4 = t<<14 | t>>(64-14) 73 a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i] 74 a[6] = bc1 ^ (bc3 &^ bc2) 75 a[12] = bc2 ^ (bc4 &^ bc3) 76 a[18] = bc3 ^ (bc0 &^ bc4) 77 a[24] = bc4 ^ (bc1 &^ bc0) 78 79 t = a[10] ^ d0 80 bc2 = t<<3 | t>>(64-3) 81 t = a[16] ^ d1 82 bc3 = t<<45 | t>>(64-45) 83 t = a[22] ^ d2 84 bc4 = t<<61 | t>>(64-61) 85 t = a[3] ^ d3 86 bc0 = t<<28 | t>>(64-28) 87 t = a[9] ^ d4 88 bc1 = t<<20 | t>>(64-20) 89 a[10] = bc0 ^ (bc2 &^ bc1) 90 a[16] = bc1 ^ (bc3 &^ bc2) 91 a[22] = bc2 ^ (bc4 &^ bc3) 92 a[3] = bc3 ^ (bc0 &^ bc4) 93 a[9] = bc4 ^ (bc1 &^ bc0) 94 95 t = a[20] ^ d0 96 bc4 = t<<18 | t>>(64-18) 97 t = a[1] ^ d1 98 bc0 = t<<1 | t>>(64-1) 99 t = a[7] ^ d2 100 bc1 = t<<6 | t>>(64-6) 101 t = a[13] ^ d3 102 bc2 = t<<25 | t>>(64-25) 103 t = a[19] ^ d4 104 bc3 = t<<8 | t>>(64-8) 105 a[20] = bc0 ^ (bc2 &^ bc1) 106 a[1] = bc1 ^ (bc3 &^ bc2) 107 a[7] = bc2 ^ (bc4 &^ bc3) 108 a[13] = bc3 ^ (bc0 &^ bc4) 109 a[19] = bc4 ^ (bc1 &^ bc0) 110 111 t = a[5] ^ d0 112 bc1 = t<<36 | t>>(64-36) 113 t = a[11] ^ d1 114 bc2 = t<<10 | t>>(64-10) 115 t = a[17] ^ d2 116 bc3 = t<<15 | t>>(64-15) 117 t = a[23] ^ d3 118 bc4 = t<<56 | t>>(64-56) 119 t = a[4] ^ d4 120 bc0 = t<<27 | t>>(64-27) 121 a[5] = bc0 ^ (bc2 &^ bc1) 122 a[11] = bc1 ^ (bc3 &^ bc2) 123 a[17] = bc2 ^ (bc4 &^ bc3) 124 a[23] = bc3 ^ (bc0 &^ bc4) 125 a[4] = bc4 ^ (bc1 &^ bc0) 126 127 t = a[15] ^ d0 128 bc3 = t<<41 | t>>(64-41) 129 t = a[21] ^ d1 130 bc4 = t<<2 | t>>(64-2) 131 t = a[2] ^ d2 132 bc0 = t<<62 | t>>(64-62) 133 t = a[8] ^ d3 134 bc1 = t<<55 | t>>(64-55) 135 t = a[14] ^ d4 136 bc2 = t<<39 | t>>(64-39) 137 a[15] = bc0 ^ (bc2 &^ bc1) 138 a[21] = bc1 ^ (bc3 &^ bc2) 139 a[2] = bc2 ^ (bc4 &^ bc3) 140 a[8] = bc3 ^ (bc0 &^ bc4) 141 a[14] = bc4 ^ (bc1 &^ bc0) 142 143 // Round 2 144 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] 145 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] 146 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] 147 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] 148 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] 149 d0 = bc4 ^ (bc1<<1 | bc1>>63) 150 d1 = bc0 ^ (bc2<<1 | bc2>>63) 151 d2 = bc1 ^ (bc3<<1 | bc3>>63) 152 d3 = bc2 ^ (bc4<<1 | bc4>>63) 153 d4 = bc3 ^ (bc0<<1 | bc0>>63) 154 155 bc0 = a[0] ^ d0 156 t = a[16] ^ d1 157 bc1 = t<<44 | t>>(64-44) 158 t = a[7] ^ d2 159 bc2 = t<<43 | t>>(64-43) 160 t = a[23] ^ d3 161 bc3 = t<<21 | t>>(64-21) 162 t = a[14] ^ d4 163 bc4 = t<<14 | t>>(64-14) 164 a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+1] 165 a[16] = bc1 ^ (bc3 &^ bc2) 166 a[7] = bc2 ^ (bc4 &^ bc3) 167 a[23] = bc3 ^ (bc0 &^ bc4) 168 a[14] = bc4 ^ (bc1 &^ bc0) 169 170 t = a[20] ^ d0 171 bc2 = t<<3 | t>>(64-3) 172 t = a[11] ^ d1 173 bc3 = t<<45 | t>>(64-45) 174 t = a[2] ^ d2 175 bc4 = t<<61 | t>>(64-61) 176 t = a[18] ^ d3 177 bc0 = t<<28 | t>>(64-28) 178 t = a[9] ^ d4 179 bc1 = t<<20 | t>>(64-20) 180 a[20] = bc0 ^ (bc2 &^ bc1) 181 a[11] = bc1 ^ (bc3 &^ bc2) 182 a[2] = bc2 ^ (bc4 &^ bc3) 183 a[18] = bc3 ^ (bc0 &^ bc4) 184 a[9] = bc4 ^ (bc1 &^ bc0) 185 186 t = a[15] ^ d0 187 bc4 = t<<18 | t>>(64-18) 188 t = a[6] ^ d1 189 bc0 = t<<1 | t>>(64-1) 190 t = a[22] ^ d2 191 bc1 = t<<6 | t>>(64-6) 192 t = a[13] ^ d3 193 bc2 = t<<25 | t>>(64-25) 194 t = a[4] ^ d4 195 bc3 = t<<8 | t>>(64-8) 196 a[15] = bc0 ^ (bc2 &^ bc1) 197 a[6] = bc1 ^ (bc3 &^ bc2) 198 a[22] = bc2 ^ (bc4 &^ bc3) 199 a[13] = bc3 ^ (bc0 &^ bc4) 200 a[4] = bc4 ^ (bc1 &^ bc0) 201 202 t = a[10] ^ d0 203 bc1 = t<<36 | t>>(64-36) 204 t = a[1] ^ d1 205 bc2 = t<<10 | t>>(64-10) 206 t = a[17] ^ d2 207 bc3 = t<<15 | t>>(64-15) 208 t = a[8] ^ d3 209 bc4 = t<<56 | t>>(64-56) 210 t = a[24] ^ d4 211 bc0 = t<<27 | t>>(64-27) 212 a[10] = bc0 ^ (bc2 &^ bc1) 213 a[1] = bc1 ^ (bc3 &^ bc2) 214 a[17] = bc2 ^ (bc4 &^ bc3) 215 a[8] = bc3 ^ (bc0 &^ bc4) 216 a[24] = bc4 ^ (bc1 &^ bc0) 217 218 t = a[5] ^ d0 219 bc3 = t<<41 | t>>(64-41) 220 t = a[21] ^ d1 221 bc4 = t<<2 | t>>(64-2) 222 t = a[12] ^ d2 223 bc0 = t<<62 | t>>(64-62) 224 t = a[3] ^ d3 225 bc1 = t<<55 | t>>(64-55) 226 t = a[19] ^ d4 227 bc2 = t<<39 | t>>(64-39) 228 a[5] = bc0 ^ (bc2 &^ bc1) 229 a[21] = bc1 ^ (bc3 &^ bc2) 230 a[12] = bc2 ^ (bc4 &^ bc3) 231 a[3] = bc3 ^ (bc0 &^ bc4) 232 a[19] = bc4 ^ (bc1 &^ bc0) 233 234 // Round 3 235 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] 236 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] 237 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] 238 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] 239 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] 240 d0 = bc4 ^ (bc1<<1 | bc1>>63) 241 d1 = bc0 ^ (bc2<<1 | bc2>>63) 242 d2 = bc1 ^ (bc3<<1 | bc3>>63) 243 d3 = bc2 ^ (bc4<<1 | bc4>>63) 244 d4 = bc3 ^ (bc0<<1 | bc0>>63) 245 246 bc0 = a[0] ^ d0 247 t = a[11] ^ d1 248 bc1 = t<<44 | t>>(64-44) 249 t = a[22] ^ d2 250 bc2 = t<<43 | t>>(64-43) 251 t = a[8] ^ d3 252 bc3 = t<<21 | t>>(64-21) 253 t = a[19] ^ d4 254 bc4 = t<<14 | t>>(64-14) 255 a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+2] 256 a[11] = bc1 ^ (bc3 &^ bc2) 257 a[22] = bc2 ^ (bc4 &^ bc3) 258 a[8] = bc3 ^ (bc0 &^ bc4) 259 a[19] = bc4 ^ (bc1 &^ bc0) 260 261 t = a[15] ^ d0 262 bc2 = t<<3 | t>>(64-3) 263 t = a[1] ^ d1 264 bc3 = t<<45 | t>>(64-45) 265 t = a[12] ^ d2 266 bc4 = t<<61 | t>>(64-61) 267 t = a[23] ^ d3 268 bc0 = t<<28 | t>>(64-28) 269 t = a[9] ^ d4 270 bc1 = t<<20 | t>>(64-20) 271 a[15] = bc0 ^ (bc2 &^ bc1) 272 a[1] = bc1 ^ (bc3 &^ bc2) 273 a[12] = bc2 ^ (bc4 &^ bc3) 274 a[23] = bc3 ^ (bc0 &^ bc4) 275 a[9] = bc4 ^ (bc1 &^ bc0) 276 277 t = a[5] ^ d0 278 bc4 = t<<18 | t>>(64-18) 279 t = a[16] ^ d1 280 bc0 = t<<1 | t>>(64-1) 281 t = a[2] ^ d2 282 bc1 = t<<6 | t>>(64-6) 283 t = a[13] ^ d3 284 bc2 = t<<25 | t>>(64-25) 285 t = a[24] ^ d4 286 bc3 = t<<8 | t>>(64-8) 287 a[5] = bc0 ^ (bc2 &^ bc1) 288 a[16] = bc1 ^ (bc3 &^ bc2) 289 a[2] = bc2 ^ (bc4 &^ bc3) 290 a[13] = bc3 ^ (bc0 &^ bc4) 291 a[24] = bc4 ^ (bc1 &^ bc0) 292 293 t = a[20] ^ d0 294 bc1 = t<<36 | t>>(64-36) 295 t = a[6] ^ d1 296 bc2 = t<<10 | t>>(64-10) 297 t = a[17] ^ d2 298 bc3 = t<<15 | t>>(64-15) 299 t = a[3] ^ d3 300 bc4 = t<<56 | t>>(64-56) 301 t = a[14] ^ d4 302 bc0 = t<<27 | t>>(64-27) 303 a[20] = bc0 ^ (bc2 &^ bc1) 304 a[6] = bc1 ^ (bc3 &^ bc2) 305 a[17] = bc2 ^ (bc4 &^ bc3) 306 a[3] = bc3 ^ (bc0 &^ bc4) 307 a[14] = bc4 ^ (bc1 &^ bc0) 308 309 t = a[10] ^ d0 310 bc3 = t<<41 | t>>(64-41) 311 t = a[21] ^ d1 312 bc4 = t<<2 | t>>(64-2) 313 t = a[7] ^ d2 314 bc0 = t<<62 | t>>(64-62) 315 t = a[18] ^ d3 316 bc1 = t<<55 | t>>(64-55) 317 t = a[4] ^ d4 318 bc2 = t<<39 | t>>(64-39) 319 a[10] = bc0 ^ (bc2 &^ bc1) 320 a[21] = bc1 ^ (bc3 &^ bc2) 321 a[7] = bc2 ^ (bc4 &^ bc3) 322 a[18] = bc3 ^ (bc0 &^ bc4) 323 a[4] = bc4 ^ (bc1 &^ bc0) 324 325 // Round 4 326 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] 327 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] 328 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] 329 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] 330 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] 331 d0 = bc4 ^ (bc1<<1 | bc1>>63) 332 d1 = bc0 ^ (bc2<<1 | bc2>>63) 333 d2 = bc1 ^ (bc3<<1 | bc3>>63) 334 d3 = bc2 ^ (bc4<<1 | bc4>>63) 335 d4 = bc3 ^ (bc0<<1 | bc0>>63) 336 337 bc0 = a[0] ^ d0 338 t = a[1] ^ d1 339 bc1 = t<<44 | t>>(64-44) 340 t = a[2] ^ d2 341 bc2 = t<<43 | t>>(64-43) 342 t = a[3] ^ d3 343 bc3 = t<<21 | t>>(64-21) 344 t = a[4] ^ d4 345 bc4 = t<<14 | t>>(64-14) 346 a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+3] 347 a[1] = bc1 ^ (bc3 &^ bc2) 348 a[2] = bc2 ^ (bc4 &^ bc3) 349 a[3] = bc3 ^ (bc0 &^ bc4) 350 a[4] = bc4 ^ (bc1 &^ bc0) 351 352 t = a[5] ^ d0 353 bc2 = t<<3 | t>>(64-3) 354 t = a[6] ^ d1 355 bc3 = t<<45 | t>>(64-45) 356 t = a[7] ^ d2 357 bc4 = t<<61 | t>>(64-61) 358 t = a[8] ^ d3 359 bc0 = t<<28 | t>>(64-28) 360 t = a[9] ^ d4 361 bc1 = t<<20 | t>>(64-20) 362 a[5] = bc0 ^ (bc2 &^ bc1) 363 a[6] = bc1 ^ (bc3 &^ bc2) 364 a[7] = bc2 ^ (bc4 &^ bc3) 365 a[8] = bc3 ^ (bc0 &^ bc4) 366 a[9] = bc4 ^ (bc1 &^ bc0) 367 368 t = a[10] ^ d0 369 bc4 = t<<18 | t>>(64-18) 370 t = a[11] ^ d1 371 bc0 = t<<1 | t>>(64-1) 372 t = a[12] ^ d2 373 bc1 = t<<6 | t>>(64-6) 374 t = a[13] ^ d3 375 bc2 = t<<25 | t>>(64-25) 376 t = a[14] ^ d4 377 bc3 = t<<8 | t>>(64-8) 378 a[10] = bc0 ^ (bc2 &^ bc1) 379 a[11] = bc1 ^ (bc3 &^ bc2) 380 a[12] = bc2 ^ (bc4 &^ bc3) 381 a[13] = bc3 ^ (bc0 &^ bc4) 382 a[14] = bc4 ^ (bc1 &^ bc0) 383 384 t = a[15] ^ d0 385 bc1 = t<<36 | t>>(64-36) 386 t = a[16] ^ d1 387 bc2 = t<<10 | t>>(64-10) 388 t = a[17] ^ d2 389 bc3 = t<<15 | t>>(64-15) 390 t = a[18] ^ d3 391 bc4 = t<<56 | t>>(64-56) 392 t = a[19] ^ d4 393 bc0 = t<<27 | t>>(64-27) 394 a[15] = bc0 ^ (bc2 &^ bc1) 395 a[16] = bc1 ^ (bc3 &^ bc2) 396 a[17] = bc2 ^ (bc4 &^ bc3) 397 a[18] = bc3 ^ (bc0 &^ bc4) 398 a[19] = bc4 ^ (bc1 &^ bc0) 399 400 t = a[20] ^ d0 401 bc3 = t<<41 | t>>(64-41) 402 t = a[21] ^ d1 403 bc4 = t<<2 | t>>(64-2) 404 t = a[22] ^ d2 405 bc0 = t<<62 | t>>(64-62) 406 t = a[23] ^ d3 407 bc1 = t<<55 | t>>(64-55) 408 t = a[24] ^ d4 409 bc2 = t<<39 | t>>(64-39) 410 a[20] = bc0 ^ (bc2 &^ bc1) 411 a[21] = bc1 ^ (bc3 &^ bc2) 412 a[22] = bc2 ^ (bc4 &^ bc3) 413 a[23] = bc3 ^ (bc0 &^ bc4) 414 a[24] = bc4 ^ (bc1 &^ bc0) 415 } 416 }