1 // Copyright 2014 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
5 // +build !amd64 appengine gccgo
9 // rc stores the round constants for use in the ι step.
37 // keccakF1600 applies the Keccak permutation to a 1600b-wide
38 // state represented as a slice of 25 uint64s.
39 func keccakF1600(a *[25]uint64) {
40 // Implementation translated from Keccak-inplace.c
41 // in the keccak reference code.
42 var t, bc0, bc1, bc2, bc3, bc4, d0, d1, d2, d3, d4 uint64
44 for i := 0; i < 24; i += 4 {
45 // Combines the 5 steps in each round into 2 steps.
46 // Unrolls 4 rounds per loop and spreads some steps across rounds.
49 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20]
50 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21]
51 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22]
52 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23]
53 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24]
54 d0 = bc4 ^ (bc1<<1 | bc1>>63)
55 d1 = bc0 ^ (bc2<<1 | bc2>>63)
56 d2 = bc1 ^ (bc3<<1 | bc3>>63)
57 d3 = bc2 ^ (bc4<<1 | bc4>>63)
58 d4 = bc3 ^ (bc0<<1 | bc0>>63)
62 bc1 = t<<44 | t>>(64-44)
64 bc2 = t<<43 | t>>(64-43)
66 bc3 = t<<21 | t>>(64-21)
68 bc4 = t<<14 | t>>(64-14)
69 a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i]
70 a[6] = bc1 ^ (bc3 &^ bc2)
71 a[12] = bc2 ^ (bc4 &^ bc3)
72 a[18] = bc3 ^ (bc0 &^ bc4)
73 a[24] = bc4 ^ (bc1 &^ bc0)
76 bc2 = t<<3 | t>>(64-3)
78 bc3 = t<<45 | t>>(64-45)
80 bc4 = t<<61 | t>>(64-61)
82 bc0 = t<<28 | t>>(64-28)
84 bc1 = t<<20 | t>>(64-20)
85 a[10] = bc0 ^ (bc2 &^ bc1)
86 a[16] = bc1 ^ (bc3 &^ bc2)
87 a[22] = bc2 ^ (bc4 &^ bc3)
88 a[3] = bc3 ^ (bc0 &^ bc4)
89 a[9] = bc4 ^ (bc1 &^ bc0)
92 bc4 = t<<18 | t>>(64-18)
94 bc0 = t<<1 | t>>(64-1)
96 bc1 = t<<6 | t>>(64-6)
98 bc2 = t<<25 | t>>(64-25)
100 bc3 = t<<8 | t>>(64-8)
101 a[20] = bc0 ^ (bc2 &^ bc1)
102 a[1] = bc1 ^ (bc3 &^ bc2)
103 a[7] = bc2 ^ (bc4 &^ bc3)
104 a[13] = bc3 ^ (bc0 &^ bc4)
105 a[19] = bc4 ^ (bc1 &^ bc0)
108 bc1 = t<<36 | t>>(64-36)
110 bc2 = t<<10 | t>>(64-10)
112 bc3 = t<<15 | t>>(64-15)
114 bc4 = t<<56 | t>>(64-56)
116 bc0 = t<<27 | t>>(64-27)
117 a[5] = bc0 ^ (bc2 &^ bc1)
118 a[11] = bc1 ^ (bc3 &^ bc2)
119 a[17] = bc2 ^ (bc4 &^ bc3)
120 a[23] = bc3 ^ (bc0 &^ bc4)
121 a[4] = bc4 ^ (bc1 &^ bc0)
124 bc3 = t<<41 | t>>(64-41)
126 bc4 = t<<2 | t>>(64-2)
128 bc0 = t<<62 | t>>(64-62)
130 bc1 = t<<55 | t>>(64-55)
132 bc2 = t<<39 | t>>(64-39)
133 a[15] = bc0 ^ (bc2 &^ bc1)
134 a[21] = bc1 ^ (bc3 &^ bc2)
135 a[2] = bc2 ^ (bc4 &^ bc3)
136 a[8] = bc3 ^ (bc0 &^ bc4)
137 a[14] = bc4 ^ (bc1 &^ bc0)
140 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20]
141 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21]
142 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22]
143 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23]
144 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24]
145 d0 = bc4 ^ (bc1<<1 | bc1>>63)
146 d1 = bc0 ^ (bc2<<1 | bc2>>63)
147 d2 = bc1 ^ (bc3<<1 | bc3>>63)
148 d3 = bc2 ^ (bc4<<1 | bc4>>63)
149 d4 = bc3 ^ (bc0<<1 | bc0>>63)
153 bc1 = t<<44 | t>>(64-44)
155 bc2 = t<<43 | t>>(64-43)
157 bc3 = t<<21 | t>>(64-21)
159 bc4 = t<<14 | t>>(64-14)
160 a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+1]
161 a[16] = bc1 ^ (bc3 &^ bc2)
162 a[7] = bc2 ^ (bc4 &^ bc3)
163 a[23] = bc3 ^ (bc0 &^ bc4)
164 a[14] = bc4 ^ (bc1 &^ bc0)
167 bc2 = t<<3 | t>>(64-3)
169 bc3 = t<<45 | t>>(64-45)
171 bc4 = t<<61 | t>>(64-61)
173 bc0 = t<<28 | t>>(64-28)
175 bc1 = t<<20 | t>>(64-20)
176 a[20] = bc0 ^ (bc2 &^ bc1)
177 a[11] = bc1 ^ (bc3 &^ bc2)
178 a[2] = bc2 ^ (bc4 &^ bc3)
179 a[18] = bc3 ^ (bc0 &^ bc4)
180 a[9] = bc4 ^ (bc1 &^ bc0)
183 bc4 = t<<18 | t>>(64-18)
185 bc0 = t<<1 | t>>(64-1)
187 bc1 = t<<6 | t>>(64-6)
189 bc2 = t<<25 | t>>(64-25)
191 bc3 = t<<8 | t>>(64-8)
192 a[15] = bc0 ^ (bc2 &^ bc1)
193 a[6] = bc1 ^ (bc3 &^ bc2)
194 a[22] = bc2 ^ (bc4 &^ bc3)
195 a[13] = bc3 ^ (bc0 &^ bc4)
196 a[4] = bc4 ^ (bc1 &^ bc0)
199 bc1 = t<<36 | t>>(64-36)
201 bc2 = t<<10 | t>>(64-10)
203 bc3 = t<<15 | t>>(64-15)
205 bc4 = t<<56 | t>>(64-56)
207 bc0 = t<<27 | t>>(64-27)
208 a[10] = bc0 ^ (bc2 &^ bc1)
209 a[1] = bc1 ^ (bc3 &^ bc2)
210 a[17] = bc2 ^ (bc4 &^ bc3)
211 a[8] = bc3 ^ (bc0 &^ bc4)
212 a[24] = bc4 ^ (bc1 &^ bc0)
215 bc3 = t<<41 | t>>(64-41)
217 bc4 = t<<2 | t>>(64-2)
219 bc0 = t<<62 | t>>(64-62)
221 bc1 = t<<55 | t>>(64-55)
223 bc2 = t<<39 | t>>(64-39)
224 a[5] = bc0 ^ (bc2 &^ bc1)
225 a[21] = bc1 ^ (bc3 &^ bc2)
226 a[12] = bc2 ^ (bc4 &^ bc3)
227 a[3] = bc3 ^ (bc0 &^ bc4)
228 a[19] = bc4 ^ (bc1 &^ bc0)
231 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20]
232 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21]
233 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22]
234 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23]
235 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24]
236 d0 = bc4 ^ (bc1<<1 | bc1>>63)
237 d1 = bc0 ^ (bc2<<1 | bc2>>63)
238 d2 = bc1 ^ (bc3<<1 | bc3>>63)
239 d3 = bc2 ^ (bc4<<1 | bc4>>63)
240 d4 = bc3 ^ (bc0<<1 | bc0>>63)
244 bc1 = t<<44 | t>>(64-44)
246 bc2 = t<<43 | t>>(64-43)
248 bc3 = t<<21 | t>>(64-21)
250 bc4 = t<<14 | t>>(64-14)
251 a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+2]
252 a[11] = bc1 ^ (bc3 &^ bc2)
253 a[22] = bc2 ^ (bc4 &^ bc3)
254 a[8] = bc3 ^ (bc0 &^ bc4)
255 a[19] = bc4 ^ (bc1 &^ bc0)
258 bc2 = t<<3 | t>>(64-3)
260 bc3 = t<<45 | t>>(64-45)
262 bc4 = t<<61 | t>>(64-61)
264 bc0 = t<<28 | t>>(64-28)
266 bc1 = t<<20 | t>>(64-20)
267 a[15] = bc0 ^ (bc2 &^ bc1)
268 a[1] = bc1 ^ (bc3 &^ bc2)
269 a[12] = bc2 ^ (bc4 &^ bc3)
270 a[23] = bc3 ^ (bc0 &^ bc4)
271 a[9] = bc4 ^ (bc1 &^ bc0)
274 bc4 = t<<18 | t>>(64-18)
276 bc0 = t<<1 | t>>(64-1)
278 bc1 = t<<6 | t>>(64-6)
280 bc2 = t<<25 | t>>(64-25)
282 bc3 = t<<8 | t>>(64-8)
283 a[5] = bc0 ^ (bc2 &^ bc1)
284 a[16] = bc1 ^ (bc3 &^ bc2)
285 a[2] = bc2 ^ (bc4 &^ bc3)
286 a[13] = bc3 ^ (bc0 &^ bc4)
287 a[24] = bc4 ^ (bc1 &^ bc0)
290 bc1 = t<<36 | t>>(64-36)
292 bc2 = t<<10 | t>>(64-10)
294 bc3 = t<<15 | t>>(64-15)
296 bc4 = t<<56 | t>>(64-56)
298 bc0 = t<<27 | t>>(64-27)
299 a[20] = bc0 ^ (bc2 &^ bc1)
300 a[6] = bc1 ^ (bc3 &^ bc2)
301 a[17] = bc2 ^ (bc4 &^ bc3)
302 a[3] = bc3 ^ (bc0 &^ bc4)
303 a[14] = bc4 ^ (bc1 &^ bc0)
306 bc3 = t<<41 | t>>(64-41)
308 bc4 = t<<2 | t>>(64-2)
310 bc0 = t<<62 | t>>(64-62)
312 bc1 = t<<55 | t>>(64-55)
314 bc2 = t<<39 | t>>(64-39)
315 a[10] = bc0 ^ (bc2 &^ bc1)
316 a[21] = bc1 ^ (bc3 &^ bc2)
317 a[7] = bc2 ^ (bc4 &^ bc3)
318 a[18] = bc3 ^ (bc0 &^ bc4)
319 a[4] = bc4 ^ (bc1 &^ bc0)
322 bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20]
323 bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21]
324 bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22]
325 bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23]
326 bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24]
327 d0 = bc4 ^ (bc1<<1 | bc1>>63)
328 d1 = bc0 ^ (bc2<<1 | bc2>>63)
329 d2 = bc1 ^ (bc3<<1 | bc3>>63)
330 d3 = bc2 ^ (bc4<<1 | bc4>>63)
331 d4 = bc3 ^ (bc0<<1 | bc0>>63)
335 bc1 = t<<44 | t>>(64-44)
337 bc2 = t<<43 | t>>(64-43)
339 bc3 = t<<21 | t>>(64-21)
341 bc4 = t<<14 | t>>(64-14)
342 a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+3]
343 a[1] = bc1 ^ (bc3 &^ bc2)
344 a[2] = bc2 ^ (bc4 &^ bc3)
345 a[3] = bc3 ^ (bc0 &^ bc4)
346 a[4] = bc4 ^ (bc1 &^ bc0)
349 bc2 = t<<3 | t>>(64-3)
351 bc3 = t<<45 | t>>(64-45)
353 bc4 = t<<61 | t>>(64-61)
355 bc0 = t<<28 | t>>(64-28)
357 bc1 = t<<20 | t>>(64-20)
358 a[5] = bc0 ^ (bc2 &^ bc1)
359 a[6] = bc1 ^ (bc3 &^ bc2)
360 a[7] = bc2 ^ (bc4 &^ bc3)
361 a[8] = bc3 ^ (bc0 &^ bc4)
362 a[9] = bc4 ^ (bc1 &^ bc0)
365 bc4 = t<<18 | t>>(64-18)
367 bc0 = t<<1 | t>>(64-1)
369 bc1 = t<<6 | t>>(64-6)
371 bc2 = t<<25 | t>>(64-25)
373 bc3 = t<<8 | t>>(64-8)
374 a[10] = bc0 ^ (bc2 &^ bc1)
375 a[11] = bc1 ^ (bc3 &^ bc2)
376 a[12] = bc2 ^ (bc4 &^ bc3)
377 a[13] = bc3 ^ (bc0 &^ bc4)
378 a[14] = bc4 ^ (bc1 &^ bc0)
381 bc1 = t<<36 | t>>(64-36)
383 bc2 = t<<10 | t>>(64-10)
385 bc3 = t<<15 | t>>(64-15)
387 bc4 = t<<56 | t>>(64-56)
389 bc0 = t<<27 | t>>(64-27)
390 a[15] = bc0 ^ (bc2 &^ bc1)
391 a[16] = bc1 ^ (bc3 &^ bc2)
392 a[17] = bc2 ^ (bc4 &^ bc3)
393 a[18] = bc3 ^ (bc0 &^ bc4)
394 a[19] = bc4 ^ (bc1 &^ bc0)
397 bc3 = t<<41 | t>>(64-41)
399 bc4 = t<<2 | t>>(64-2)
401 bc0 = t<<62 | t>>(64-62)
403 bc1 = t<<55 | t>>(64-55)
405 bc2 = t<<39 | t>>(64-39)
406 a[20] = bc0 ^ (bc2 &^ bc1)
407 a[21] = bc1 ^ (bc3 &^ bc2)
408 a[22] = bc2 ^ (bc4 &^ bc3)
409 a[23] = bc3 ^ (bc0 &^ bc4)
410 a[24] = bc4 ^ (bc1 &^ bc0)
OSDN Git Service
