Source

sha3 / block.go

// Copyright 2012 Eric Roshan-Eisner. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package sha3

var rndc = [24]uint64{
	0x0000000000000001, 0x0000000000008082, 0x800000000000808a,
	0x8000000080008000, 0x000000000000808b, 0x0000000080000001,
	0x8000000080008081, 0x8000000000008009, 0x000000000000008a,
	0x0000000000000088, 0x0000000080008009, 0x000000008000000a,
	0x000000008000808b, 0x800000000000008b, 0x8000000000008089,
	0x8000000000008003, 0x8000000000008002, 0x8000000000000080,
	0x000000000000800a, 0x800000008000000a, 0x8000000080008081,
	0x8000000000008080, 0x0000000080000001, 0x8000000080008008,
}

func block(st *[25]uint64) {
	var (
		t, bc0, bc1, bc2, bc3, bc4 uint64
	)
	for round := 0; round < 24; round++ {
		// Theta
		bc0 = st[0] ^ st[5] ^ st[10] ^ st[15] ^ st[20]
		bc1 = st[1] ^ st[6] ^ st[11] ^ st[16] ^ st[21]
		bc2 = st[2] ^ st[7] ^ st[12] ^ st[17] ^ st[22]
		bc3 = st[3] ^ st[8] ^ st[13] ^ st[18] ^ st[23]
		bc4 = st[4] ^ st[9] ^ st[14] ^ st[19] ^ st[24]
		t = bc4 ^ (bc1<<1 | bc1>>63)
		st[0] ^= t
		st[5] ^= t
		st[10] ^= t
		st[15] ^= t
		st[20] ^= t
		t = bc0 ^ (bc2<<1 | bc2>>63)
		st[1] ^= t
		st[6] ^= t
		st[11] ^= t
		st[16] ^= t
		st[21] ^= t
		t = bc1 ^ (bc3<<1 | bc3>>63)
		st[2] ^= t
		st[7] ^= t
		st[12] ^= t
		st[17] ^= t
		st[22] ^= t
		t = bc2 ^ (bc4<<1 | bc4>>63)
		st[3] ^= t
		st[8] ^= t
		st[13] ^= t
		st[18] ^= t
		st[23] ^= t
		t = bc3 ^ (bc0<<1 | bc0>>63)
		st[4] ^= t
		st[9] ^= t
		st[14] ^= t
		st[19] ^= t
		st[24] ^= t

		// Rho Pi
		t = st[1]

		bc0 = st[10]
		st[10] = t<<1 | t>>(64-1)
		t = bc0
		bc0 = st[7]
		st[7] = t<<3 | t>>(64-3)
		t = bc0
		bc0 = st[11]
		st[11] = t<<6 | t>>(64-6)
		t = bc0
		bc0 = st[17]
		st[17] = t<<10 | t>>(64-10)
		t = bc0
		bc0 = st[18]
		st[18] = t<<15 | t>>(64-15)
		t = bc0
		bc0 = st[3]
		st[3] = t<<21 | t>>(64-21)
		t = bc0
		bc0 = st[5]
		st[5] = t<<28 | t>>(64-28)
		t = bc0
		bc0 = st[16]
		st[16] = t<<36 | t>>(64-36)
		t = bc0
		bc0 = st[8]
		st[8] = t<<45 | t>>(64-45)
		t = bc0
		bc0 = st[21]
		st[21] = t<<55 | t>>(64-55)
		t = bc0
		bc0 = st[24]
		st[24] = t<<2 | t>>(64-2)
		t = bc0
		bc0 = st[4]
		st[4] = t<<14 | t>>(64-14)
		t = bc0
		bc0 = st[15]
		st[15] = t<<27 | t>>(64-27)
		t = bc0
		bc0 = st[23]
		st[23] = t<<41 | t>>(64-41)
		t = bc0
		bc0 = st[19]
		st[19] = t<<56 | t>>(64-56)
		t = bc0
		bc0 = st[13]
		st[13] = t<<8 | t>>(64-8)
		t = bc0
		bc0 = st[12]
		st[12] = t<<25 | t>>(64-25)
		t = bc0
		bc0 = st[2]
		st[2] = t<<43 | t>>(64-43)
		t = bc0
		bc0 = st[20]
		st[20] = t<<62 | t>>(64-62)
		t = bc0
		bc0 = st[14]
		st[14] = t<<18 | t>>(64-18)
		t = bc0
		bc0 = st[22]
		st[22] = t<<39 | t>>(64-39)
		t = bc0
		bc0 = st[9]
		st[9] = t<<61 | t>>(64-61)
		t = bc0
		bc0 = st[6]
		st[6] = t<<20 | t>>(64-20)
		t = bc0
		bc0 = st[1]
		st[1] = t<<44 | t>>(64-44)
		t = bc0

		//  Chi
		bc0 = st[0]
		bc1 = st[1]
		bc2 = st[2]
		bc3 = st[3]
		bc4 = st[4]
		st[0] ^= bc2 &^ bc1
		st[1] ^= bc3 &^ bc2
		st[2] ^= bc4 &^ bc3
		st[3] ^= bc0 &^ bc4
		st[4] ^= bc1 &^ bc0
		bc0 = st[5]
		bc1 = st[6]
		bc2 = st[7]
		bc3 = st[8]
		bc4 = st[9]
		st[5] ^= bc2 &^ bc1
		st[6] ^= bc3 &^ bc2
		st[7] ^= bc4 &^ bc3
		st[8] ^= bc0 &^ bc4
		st[9] ^= bc1 &^ bc0
		bc0 = st[10]
		bc1 = st[11]
		bc2 = st[12]
		bc3 = st[13]
		bc4 = st[14]
		st[10] ^= bc2 &^ bc1
		st[11] ^= bc3 &^ bc2
		st[12] ^= bc4 &^ bc3
		st[13] ^= bc0 &^ bc4
		st[14] ^= bc1 &^ bc0
		bc0 = st[15]
		bc1 = st[16]
		bc2 = st[17]
		bc3 = st[18]
		bc4 = st[19]
		st[15] ^= bc2 &^ bc1
		st[16] ^= bc3 &^ bc2
		st[17] ^= bc4 &^ bc3
		st[18] ^= bc0 &^ bc4
		st[19] ^= bc1 &^ bc0
		bc0 = st[20]
		bc1 = st[21]
		bc2 = st[22]
		bc3 = st[23]
		bc4 = st[24]
		st[20] ^= bc2 &^ bc1
		st[21] ^= bc3 &^ bc2
		st[22] ^= bc4 &^ bc3
		st[23] ^= bc0 &^ bc4
		st[24] ^= bc1 &^ bc0

		//  Iota
		st[0] ^= rndc[round]
	}
}