diff --git a/blake256/blake256.go b/blake256/blake256.go index cedcf7f..4e96af6 100644 --- a/blake256/blake256.go +++ b/blake256/blake256.go @@ -14,6 +14,18 @@ func NewWithSalt(salt []byte) hash.Hash { return d } +// Sum returns the BLAKE-256 checksum of the data. +func Sum(data []byte) (out [Size]byte) { + d := New() + d.Write(data) + sum := d.Sum(nil) + + copy(out[:], sum) + return +} + +// ======= + // New224 returns a new hash.Hash computing the BLAKE-224 checksum. func New224() hash.Hash { return newDigest(224, iv224) @@ -26,16 +38,6 @@ func New224WithSalt(salt []byte) hash.Hash { return d } -// Sum returns the BLAKE-256 checksum of the data. -func Sum(data []byte) (out [Size]byte) { - d := New() - d.Write(data) - sum := d.Sum(nil) - - copy(out[:], sum) - return -} - // Sum224 returns the BLAKE-224 checksum of the data. func Sum224(data []byte) (out [Size224]byte) { d := New224() diff --git a/blake512/blake512.go b/blake512/blake512.go index 1b17d71..b1ad4e8 100644 --- a/blake512/blake512.go +++ b/blake512/blake512.go @@ -14,6 +14,18 @@ func NewWithSalt(salt []byte) hash.Hash { return d } +// Sum returns the BLAKE-512 checksum of the data. +func Sum(data []byte) (out [Size]byte) { + d := New() + d.Write(data) + sum := d.Sum(nil) + + copy(out[:], sum) + return +} + +// ========== + // New384 returns a new hash.Hash computing the BLAKE-384 checksum. func New384() hash.Hash { return newDigest(48, iv384) @@ -26,16 +38,6 @@ func New384WithSalt(salt []byte) hash.Hash { return d } -// Sum returns the BLAKE-512 checksum of the data. -func Sum(data []byte) (out [Size]byte) { - d := New() - d.Write(data) - sum := d.Sum(nil) - - copy(out[:], sum) - return -} - // Sum384 returns the BLAKE-384 checksum of the data. func Sum384(data []byte) (out [Size384]byte) { d := New384() diff --git a/blake512/digest.go b/blake512/digest.go index cef8e39..238d037 100644 --- a/blake512/digest.go +++ b/blake512/digest.go @@ -107,7 +107,7 @@ func (d *digest) checkSum() (out []byte) { if ptr < 112 { for i := ptr + 1; i < 112; i++ { - tmpBuf[i] = 0x00; + tmpBuf[i] = 0x00 } if d.hs == 64 { @@ -190,84 +190,84 @@ func (d *digest) compress(data []uint8) { } for r := 0; r < 16; r++ { - var o0 = SIGMA[(r << 4) + 0x0] - var o1 = SIGMA[(r << 4) + 0x1] + var o0 = sigma[(r << 4) + 0x0] + var o1 = sigma[(r << 4) + 0x1] - v0 += v4 + (m[o0] ^ CB[o1]) + v0 += v4 + (m[o0] ^ cb[o1]) vC = circularRight(vC ^ v0, 32) v8 += vC v4 = circularRight(v4 ^ v8, 25) - v0 += v4 + (m[o1] ^ CB[o0]) + v0 += v4 + (m[o1] ^ cb[o0]) vC = circularRight(vC ^ v0, 16) v8 += vC v4 = circularRight(v4 ^ v8, 11) - o0 = SIGMA[(r << 4) + 0x2] - o1 = SIGMA[(r << 4) + 0x3] - v1 += v5 + (m[o0] ^ CB[o1]) + o0 = sigma[(r << 4) + 0x2] + o1 = sigma[(r << 4) + 0x3] + v1 += v5 + (m[o0] ^ cb[o1]) vD = circularRight(vD ^ v1, 32) v9 += vD v5 = circularRight(v5 ^ v9, 25) - v1 += v5 + (m[o1] ^ CB[o0]) + v1 += v5 + (m[o1] ^ cb[o0]) vD = circularRight(vD ^ v1, 16) v9 += vD v5 = circularRight(v5 ^ v9, 11) - o0 = SIGMA[(r << 4) + 0x4] - o1 = SIGMA[(r << 4) + 0x5] - v2 += v6 + (m[o0] ^ CB[o1]) + o0 = sigma[(r << 4) + 0x4] + o1 = sigma[(r << 4) + 0x5] + v2 += v6 + (m[o0] ^ cb[o1]) vE = circularRight(vE ^ v2, 32) vA += vE v6 = circularRight(v6 ^ vA, 25) - v2 += v6 + (m[o1] ^ CB[o0]) + v2 += v6 + (m[o1] ^ cb[o0]) vE = circularRight(vE ^ v2, 16) vA += vE v6 = circularRight(v6 ^ vA, 11) - o0 = SIGMA[(r << 4) + 0x6] - o1 = SIGMA[(r << 4) + 0x7] - v3 += v7 + (m[o0] ^ CB[o1]) + o0 = sigma[(r << 4) + 0x6] + o1 = sigma[(r << 4) + 0x7] + v3 += v7 + (m[o0] ^ cb[o1]) vF = circularRight(vF ^ v3, 32) vB += vF v7 = circularRight(v7 ^ vB, 25) - v3 += v7 + (m[o1] ^ CB[o0]) + v3 += v7 + (m[o1] ^ cb[o0]) vF = circularRight(vF ^ v3, 16) vB += vF v7 = circularRight(v7 ^ vB, 11) - o0 = SIGMA[(r << 4) + 0x8] - o1 = SIGMA[(r << 4) + 0x9] - v0 += v5 + (m[o0] ^ CB[o1]) + o0 = sigma[(r << 4) + 0x8] + o1 = sigma[(r << 4) + 0x9] + v0 += v5 + (m[o0] ^ cb[o1]) vF = circularRight(vF ^ v0, 32) vA += vF v5 = circularRight(v5 ^ vA, 25) - v0 += v5 + (m[o1] ^ CB[o0]) + v0 += v5 + (m[o1] ^ cb[o0]) vF = circularRight(vF ^ v0, 16) vA += vF v5 = circularRight(v5 ^ vA, 11) - o0 = SIGMA[(r << 4) + 0xA] - o1 = SIGMA[(r << 4) + 0xB] - v1 += v6 + (m[o0] ^ CB[o1]) + o0 = sigma[(r << 4) + 0xA] + o1 = sigma[(r << 4) + 0xB] + v1 += v6 + (m[o0] ^ cb[o1]) vC = circularRight(vC ^ v1, 32) vB += vC v6 = circularRight(v6 ^ vB, 25) - v1 += v6 + (m[o1] ^ CB[o0]) + v1 += v6 + (m[o1] ^ cb[o0]) vC = circularRight(vC ^ v1, 16) vB += vC v6 = circularRight(v6 ^ vB, 11) - o0 = SIGMA[(r << 4) + 0xC] - o1 = SIGMA[(r << 4) + 0xD] - v2 += v7 + (m[o0] ^ CB[o1]) + o0 = sigma[(r << 4) + 0xC] + o1 = sigma[(r << 4) + 0xD] + v2 += v7 + (m[o0] ^ cb[o1]) vD = circularRight(vD ^ v2, 32) v8 += vD v7 = circularRight(v7 ^ v8, 25) - v2 += v7 + (m[o1] ^ CB[o0]) + v2 += v7 + (m[o1] ^ cb[o0]) vD = circularRight(vD ^ v2, 16) v8 += vD v7 = circularRight(v7 ^ v8, 11) - o0 = SIGMA[(r << 4) + 0xE] - o1 = SIGMA[(r << 4) + 0xF] - v3 += v4 + (m[o0] ^ CB[o1]) + o0 = sigma[(r << 4) + 0xE] + o1 = sigma[(r << 4) + 0xF] + v3 += v4 + (m[o0] ^ cb[o1]) vE = circularRight(vE ^ v3, 32) v9 += vE v4 = circularRight(v4 ^ v9, 25) - v3 += v4 + (m[o1] ^ CB[o0]) + v3 += v4 + (m[o1] ^ cb[o0]) vE = circularRight(vE ^ v3, 16) v9 += vE v4 = circularRight(v4 ^ v9, 11) diff --git a/blake512/sbox.go b/blake512/sbox.go index 7ee0919..961942f 100644 --- a/blake512/sbox.go +++ b/blake512/sbox.go @@ -1,6 +1,6 @@ package blake512 -var SIGMA = []uint8{ +var sigma = []uint8{ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3, 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4, @@ -19,7 +19,7 @@ var SIGMA = []uint8{ 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9, } -var CB = []uint64{ +var cb = []uint64{ 0x243F6A8885A308D3, 0x13198A2E03707344, 0xA4093822299F31D0, 0x082EFA98EC4E6C89, 0x452821E638D01377, 0xBE5466CF34E90C6C, diff --git a/cubehash/digest.go b/cubehash/digest.go index 40778c4..c59c216 100644 --- a/cubehash/digest.go +++ b/cubehash/digest.go @@ -4,14 +4,16 @@ import ( "errors" ) -// The size of an cubehash checksum in bytes. -const Size512 = 64 -const Size384 = 48 -const Size256 = 32 -const Size224 = 28 -const Size192 = 24 -const Size160 = 20 -const Size128 = 16 +const ( + // The size of an cubehash checksum in bytes. + Size512 = 64 + Size384 = 48 + Size256 = 32 + Size224 = 28 + Size192 = 24 + Size160 = 20 + Size128 = 16 +) // The blocksize of cubehash in bytes. const BlockSize = 32 @@ -131,7 +133,7 @@ func (this *digest) initRound(r int) { func (this *digest) ingest(x *[32]uint32, p []byte) { for n := 0; n < this.bs/4; n++ { - x[n] ^= GETU32(p[n*4:]) + x[n] ^= getu32(p[n*4:]) } // the number of rounds per message block @@ -144,7 +146,7 @@ func (this *digest) MarshalBinary() ([]byte, error) { x := &this.s buf := make([]byte, 128+1, 128+1+this.nx) for n := 0; n < 32; n++ { - PUTU32(buf[n*4:], x[n]) + putu32(buf[n*4:], x[n]) } buf[128] = byte(this.nx) @@ -164,7 +166,7 @@ func (this *digest) UnmarshalBinary(data []byte) error { this.nx = n for n := 0; n < 32; n++ { - x[n] = GETU32(data[n*4:]) + x[n] = getu32(data[n*4:]) } this.len = 0 diff --git a/cubehash/utils.go b/cubehash/utils.go index 8b2bcac..ea1bf31 100644 --- a/cubehash/utils.go +++ b/cubehash/utils.go @@ -8,7 +8,7 @@ import ( // Endianness option const littleEndian bool = true -func GETU32(ptr []byte) uint32 { +func getu32(ptr []byte) uint32 { if littleEndian { return binary.LittleEndian.Uint32(ptr) } else { @@ -16,7 +16,7 @@ func GETU32(ptr []byte) uint32 { } } -func PUTU32(ptr []byte, a uint32) { +func putu32(ptr []byte, a uint32) { if littleEndian { binary.LittleEndian.PutUint32(ptr, a) } else { diff --git a/hamsi/digest256.go b/hamsi/digest256.go index 0a22a69..d96b25c 100644 --- a/hamsi/digest256.go +++ b/hamsi/digest256.go @@ -325,29 +325,29 @@ func (d *digest256) process(b0, b1, b2, b3 uint32) { m1 ^= m2 ^ c6 c5 ^= c6 ^ (m2 << 7) m1 = (m1 << 5) | (m1 >> (32 - 5)) - c5 = (c5 << 22) | (c5 >> (32 - 22)); - c0 = (c0 << 13) | (c0 >> (32 - 13)); - m4 = (m4 << 3) | (m4 >> (32 - 3)); - m3 ^= c0 ^ m4; - c7 ^= m4 ^ (c0 << 3); - m3 = (m3 << 1) | (m3 >> (32 - 1)); - c7 = (c7 << 7) | (c7 >> (32 - 7)); - c0 ^= m3 ^ c7; - m4 ^= c7 ^ (m3 << 7); - c0 = (c0 << 5) | (c0 >> (32 - 5)); - m4 = (m4 << 22) | (m4 >> (32 - 22)); - c1 = (c1 << 13) | (c1 >> (32 - 13)); - m5 = (m5 << 3) | (m5 >> (32 - 3)); - c2 ^= c1 ^ m5; - m6 ^= m5 ^ (c1 << 3); - c2 = (c2 << 1) | (c2 >> (32 - 1)); - m6 = (m6 << 7) | (m6 >> (32 - 7)); - c1 ^= c2 ^ m6; - m5 ^= m6 ^ (c2 << 7); - c1 = (c1 << 5) | (c1 >> (32 - 5)); - m5 = (m5 << 22) | (m5 >> (32 - 22)); + c5 = (c5 << 22) | (c5 >> (32 - 22)) + c0 = (c0 << 13) | (c0 >> (32 - 13)) + m4 = (m4 << 3) | (m4 >> (32 - 3)) + m3 ^= c0 ^ m4 + c7 ^= m4 ^ (c0 << 3) + m3 = (m3 << 1) | (m3 >> (32 - 1)) + c7 = (c7 << 7) | (c7 >> (32 - 7)) + c0 ^= m3 ^ c7 + m4 ^= c7 ^ (m3 << 7) + c0 = (c0 << 5) | (c0 >> (32 - 5)) + m4 = (m4 << 22) | (m4 >> (32 - 22)) + c1 = (c1 << 13) | (c1 >> (32 - 13)) + m5 = (m5 << 3) | (m5 >> (32 - 3)) + c2 ^= c1 ^ m5 + m6 ^= m5 ^ (c1 << 3) + c2 = (c2 << 1) | (c2 >> (32 - 1)) + m6 = (m6 << 7) | (m6 >> (32 - 7)) + c1 ^= c2 ^ m6 + m5 ^= m6 ^ (c2 << 7) + c1 = (c1 << 5) | (c1 >> (32 - 5)) + m5 = (m5 << 22) | (m5 >> (32 - 22)) m0 ^= ALPHA_N256[0x00] - m1 ^= ALPHA_N256[0x01] ^ 1; + m1 ^= ALPHA_N256[0x01] ^ 1 c0 ^= ALPHA_N256[0x02] c1 ^= ALPHA_N256[0x03] c2 ^= ALPHA_N256[0x08] @@ -362,124 +362,124 @@ func (d *digest256) process(b0, b1, b2, b3 uint32) { c7 ^= ALPHA_N256[0x19] m6 ^= ALPHA_N256[0x1A] m7 ^= ALPHA_N256[0x1B] - t = m0; - m0 &= m4; - m0 ^= c6; - m4 ^= c2; - m4 ^= m0; + t = m0 + m0 &= m4 + m0 ^= c6 + m4 ^= c2 + m4 ^= m0 c6 |= t - c6 ^= c2; - t ^= m4; - c2 = c6; + c6 ^= c2 + t ^= m4 + c2 = c6 c6 |= t - c6 ^= m0; - m0 &= c2; - t ^= m0; - c2 ^= c6; + c6 ^= m0 + m0 &= c2 + t ^= m0 + c2 ^= c6 c2 ^= t - m0 = m4; - m4 = c2; - c2 = c6; + m0 = m4 + m4 = c2 + c2 = c6 c6 = ^t - t = m1; - m1 &= m5; - m1 ^= c7; - m5 ^= c3; - m5 ^= m1; + t = m1 + m1 &= m5 + m1 ^= c7 + m5 ^= c3 + m5 ^= m1 c7 |= t - c7 ^= c3; - t ^= m5; - c3 = c7; + c7 ^= c3 + t ^= m5 + c3 = c7 c7 |= t - c7 ^= m1; - m1 &= c3; - t ^= m1; - c3 ^= c7; + c7 ^= m1 + m1 &= c3 + t ^= m1 + c3 ^= c7 c3 ^= t - m1 = m5; - m5 = c3; - c3 = c7; + m1 = m5 + m5 = c3 + c3 = c7 c7 = ^t - t = c0; - c0 &= c4; - c0 ^= m6; - c4 ^= m2; - c4 ^= c0; + t = c0 + c0 &= c4 + c0 ^= m6 + c4 ^= m2 + c4 ^= c0 m6 |= t - m6 ^= m2; - t ^= c4; - m2 = m6; + m6 ^= m2 + t ^= c4 + m2 = m6 m6 |= t - m6 ^= c0; - c0 &= m2; - t ^= c0; - m2 ^= m6; + m6 ^= c0 + c0 &= m2 + t ^= c0 + m2 ^= m6 m2 ^= t - c0 = c4; - c4 = m2; - m2 = m6; + c0 = c4 + c4 = m2 + m2 = m6 m6 = ^t - t = c1; - c1 &= c5; - c1 ^= m7; - c5 ^= m3; - c5 ^= c1; + t = c1 + c1 &= c5 + c1 ^= m7 + c5 ^= m3 + c5 ^= c1 m7 |= t - m7 ^= m3; - t ^= c5; - m3 = m7; + m7 ^= m3 + t ^= c5 + m3 = m7 m7 |= t - m7 ^= c1; - c1 &= m3; - t ^= c1; - m3 ^= m7; + m7 ^= c1 + c1 &= m3 + t ^= c1 + m3 ^= m7 m3 ^= t - c1 = c5; - c5 = m3; - m3 = m7; + c1 = c5 + c5 = m3 + m3 = m7 m7 = ^t - m0 = (m0 << 13) | (m0 >> (32 - 13)); - c4 = (c4 << 3) | (c4 >> (32 - 3)); - c3 ^= m0 ^ c4; - m7 ^= c4 ^ (m0 << 3); - c3 = (c3 << 1) | (c3 >> (32 - 1)); - m7 = (m7 << 7) | (m7 >> (32 - 7)); - m0 ^= c3 ^ m7; - c4 ^= m7 ^ (c3 << 7); - m0 = (m0 << 5) | (m0 >> (32 - 5)); - c4 = (c4 << 22) | (c4 >> (32 - 22)); - m1 = (m1 << 13) | (m1 >> (32 - 13)); - c5 = (c5 << 3) | (c5 >> (32 - 3)); - m2 ^= m1 ^ c5; - c6 ^= c5 ^ (m1 << 3); - m2 = (m2 << 1) | (m2 >> (32 - 1)); - c6 = (c6 << 7) | (c6 >> (32 - 7)); - m1 ^= m2 ^ c6; - c5 ^= c6 ^ (m2 << 7); - m1 = (m1 << 5) | (m1 >> (32 - 5)); - c5 = (c5 << 22) | (c5 >> (32 - 22)); - c0 = (c0 << 13) | (c0 >> (32 - 13)); - m4 = (m4 << 3) | (m4 >> (32 - 3)); - m3 ^= c0 ^ m4; - c7 ^= m4 ^ (c0 << 3); - m3 = (m3 << 1) | (m3 >> (32 - 1)); - c7 = (c7 << 7) | (c7 >> (32 - 7)); - c0 ^= m3 ^ c7; - m4 ^= c7 ^ (m3 << 7); - c0 = (c0 << 5) | (c0 >> (32 - 5)); - m4 = (m4 << 22) | (m4 >> (32 - 22)); - c1 = (c1 << 13) | (c1 >> (32 - 13)); - m5 = (m5 << 3) | (m5 >> (32 - 3)); - c2 ^= c1 ^ m5; - m6 ^= m5 ^ (c1 << 3); - c2 = (c2 << 1) | (c2 >> (32 - 1)); - m6 = (m6 << 7) | (m6 >> (32 - 7)); - c1 ^= c2 ^ m6; - m5 ^= m6 ^ (c2 << 7); - c1 = (c1 << 5) | (c1 >> (32 - 5)); - m5 = (m5 << 22) | (m5 >> (32 - 22)); + m0 = (m0 << 13) | (m0 >> (32 - 13)) + c4 = (c4 << 3) | (c4 >> (32 - 3)) + c3 ^= m0 ^ c4 + m7 ^= c4 ^ (m0 << 3) + c3 = (c3 << 1) | (c3 >> (32 - 1)) + m7 = (m7 << 7) | (m7 >> (32 - 7)) + m0 ^= c3 ^ m7 + c4 ^= m7 ^ (c3 << 7) + m0 = (m0 << 5) | (m0 >> (32 - 5)) + c4 = (c4 << 22) | (c4 >> (32 - 22)) + m1 = (m1 << 13) | (m1 >> (32 - 13)) + c5 = (c5 << 3) | (c5 >> (32 - 3)) + m2 ^= m1 ^ c5 + c6 ^= c5 ^ (m1 << 3) + m2 = (m2 << 1) | (m2 >> (32 - 1)) + c6 = (c6 << 7) | (c6 >> (32 - 7)) + m1 ^= m2 ^ c6 + c5 ^= c6 ^ (m2 << 7) + m1 = (m1 << 5) | (m1 >> (32 - 5)) + c5 = (c5 << 22) | (c5 >> (32 - 22)) + c0 = (c0 << 13) | (c0 >> (32 - 13)) + m4 = (m4 << 3) | (m4 >> (32 - 3)) + m3 ^= c0 ^ m4 + c7 ^= m4 ^ (c0 << 3) + m3 = (m3 << 1) | (m3 >> (32 - 1)) + c7 = (c7 << 7) | (c7 >> (32 - 7)) + c0 ^= m3 ^ c7 + m4 ^= c7 ^ (m3 << 7) + c0 = (c0 << 5) | (c0 >> (32 - 5)) + m4 = (m4 << 22) | (m4 >> (32 - 22)) + c1 = (c1 << 13) | (c1 >> (32 - 13)) + m5 = (m5 << 3) | (m5 >> (32 - 3)) + c2 ^= c1 ^ m5 + m6 ^= m5 ^ (c1 << 3) + c2 = (c2 << 1) | (c2 >> (32 - 1)) + m6 = (m6 << 7) | (m6 >> (32 - 7)) + c1 ^= c2 ^ m6 + m5 ^= m6 ^ (c2 << 7) + c1 = (c1 << 5) | (c1 >> (32 - 5)) + m5 = (m5 << 22) | (m5 >> (32 - 22)) m0 ^= ALPHA_N256[0x00] - m1 ^= ALPHA_N256[0x01] ^ 2; + m1 ^= ALPHA_N256[0x01] ^ 2 c0 ^= ALPHA_N256[0x02] c1 ^= ALPHA_N256[0x03] c2 ^= ALPHA_N256[0x08] @@ -494,131 +494,131 @@ func (d *digest256) process(b0, b1, b2, b3 uint32) { c7 ^= ALPHA_N256[0x19] m6 ^= ALPHA_N256[0x1A] m7 ^= ALPHA_N256[0x1B] - t = m0; - m0 &= m4; - m0 ^= c6; - m4 ^= c2; - m4 ^= m0; + t = m0 + m0 &= m4 + m0 ^= c6 + m4 ^= c2 + m4 ^= m0 c6 |= t - c6 ^= c2; - t ^= m4; - c2 = c6; + c6 ^= c2 + t ^= m4 + c2 = c6 c6 |= t - c6 ^= m0; - m0 &= c2; - t ^= m0; - c2 ^= c6; + c6 ^= m0 + m0 &= c2 + t ^= m0 + c2 ^= c6 c2 ^= t - m0 = m4; - m4 = c2; - c2 = c6; + m0 = m4 + m4 = c2 + c2 = c6 c6 = ^t - t = m1; - m1 &= m5; - m1 ^= c7; - m5 ^= c3; - m5 ^= m1; + t = m1 + m1 &= m5 + m1 ^= c7 + m5 ^= c3 + m5 ^= m1 c7 |= t - c7 ^= c3; - t ^= m5; - c3 = c7; + c7 ^= c3 + t ^= m5 + c3 = c7 c7 |= t - c7 ^= m1; - m1 &= c3; - t ^= m1; - c3 ^= c7; + c7 ^= m1 + m1 &= c3 + t ^= m1 + c3 ^= c7 c3 ^= t - m1 = m5; - m5 = c3; - c3 = c7; + m1 = m5 + m5 = c3 + c3 = c7 c7 = ^t - t = c0; - c0 &= c4; - c0 ^= m6; - c4 ^= m2; - c4 ^= c0; + t = c0 + c0 &= c4 + c0 ^= m6 + c4 ^= m2 + c4 ^= c0 m6 |= t - m6 ^= m2; - t ^= c4; - m2 = m6; + m6 ^= m2 + t ^= c4 + m2 = m6 m6 |= t - m6 ^= c0; - c0 &= m2; - t ^= c0; - m2 ^= m6; + m6 ^= c0 + c0 &= m2 + t ^= c0 + m2 ^= m6 m2 ^= t - c0 = c4; - c4 = m2; - m2 = m6; + c0 = c4 + c4 = m2 + m2 = m6 m6 = ^t - t = c1; - c1 &= c5; - c1 ^= m7; - c5 ^= m3; - c5 ^= c1; + t = c1 + c1 &= c5 + c1 ^= m7 + c5 ^= m3 + c5 ^= c1 m7 |= t - m7 ^= m3; - t ^= c5; - m3 = m7; + m7 ^= m3 + t ^= c5 + m3 = m7 m7 |= t - m7 ^= c1; - c1 &= m3; - t ^= c1; - m3 ^= m7; + m7 ^= c1 + c1 &= m3 + t ^= c1 + m3 ^= m7 m3 ^= t - c1 = c5; - c5 = m3; - m3 = m7; + c1 = c5 + c5 = m3 + m3 = m7 m7 = ^t - m0 = (m0 << 13) | (m0 >> (32 - 13)); - c4 = (c4 << 3) | (c4 >> (32 - 3)); - c3 ^= m0 ^ c4; - m7 ^= c4 ^ (m0 << 3); - c3 = (c3 << 1) | (c3 >> (32 - 1)); - m7 = (m7 << 7) | (m7 >> (32 - 7)); - m0 ^= c3 ^ m7; - c4 ^= m7 ^ (c3 << 7); - m0 = (m0 << 5) | (m0 >> (32 - 5)); - c4 = (c4 << 22) | (c4 >> (32 - 22)); - m1 = (m1 << 13) | (m1 >> (32 - 13)); - c5 = (c5 << 3) | (c5 >> (32 - 3)); - m2 ^= m1 ^ c5; - c6 ^= c5 ^ (m1 << 3); - m2 = (m2 << 1) | (m2 >> (32 - 1)); - c6 = (c6 << 7) | (c6 >> (32 - 7)); - m1 ^= m2 ^ c6; - c5 ^= c6 ^ (m2 << 7); - m1 = (m1 << 5) | (m1 >> (32 - 5)); - c5 = (c5 << 22) | (c5 >> (32 - 22)); - c0 = (c0 << 13) | (c0 >> (32 - 13)); - m4 = (m4 << 3) | (m4 >> (32 - 3)); - m3 ^= c0 ^ m4; - c7 ^= m4 ^ (c0 << 3); - m3 = (m3 << 1) | (m3 >> (32 - 1)); - c7 = (c7 << 7) | (c7 >> (32 - 7)); - c0 ^= m3 ^ c7; - m4 ^= c7 ^ (m3 << 7); - c0 = (c0 << 5) | (c0 >> (32 - 5)); - m4 = (m4 << 22) | (m4 >> (32 - 22)); - c1 = (c1 << 13) | (c1 >> (32 - 13)); - m5 = (m5 << 3) | (m5 >> (32 - 3)); - c2 ^= c1 ^ m5; - m6 ^= m5 ^ (c1 << 3); - c2 = (c2 << 1) | (c2 >> (32 - 1)); - m6 = (m6 << 7) | (m6 >> (32 - 7)); - c1 ^= c2 ^ m6; - m5 ^= m6 ^ (c2 << 7); - c1 = (c1 << 5) | (c1 >> (32 - 5)); - m5 = (m5 << 22) | (m5 >> (32 - 22)); - - d.s[7] ^= c5; - d.s[6] ^= c4; - d.s[5] ^= m5; - d.s[4] ^= m4; - d.s[3] ^= c1; - d.s[2] ^= c0; - d.s[1] ^= m1; - d.s[0] ^= m0; + m0 = (m0 << 13) | (m0 >> (32 - 13)) + c4 = (c4 << 3) | (c4 >> (32 - 3)) + c3 ^= m0 ^ c4 + m7 ^= c4 ^ (m0 << 3) + c3 = (c3 << 1) | (c3 >> (32 - 1)) + m7 = (m7 << 7) | (m7 >> (32 - 7)) + m0 ^= c3 ^ m7 + c4 ^= m7 ^ (c3 << 7) + m0 = (m0 << 5) | (m0 >> (32 - 5)) + c4 = (c4 << 22) | (c4 >> (32 - 22)) + m1 = (m1 << 13) | (m1 >> (32 - 13)) + c5 = (c5 << 3) | (c5 >> (32 - 3)) + m2 ^= m1 ^ c5 + c6 ^= c5 ^ (m1 << 3) + m2 = (m2 << 1) | (m2 >> (32 - 1)) + c6 = (c6 << 7) | (c6 >> (32 - 7)) + m1 ^= m2 ^ c6 + c5 ^= c6 ^ (m2 << 7) + m1 = (m1 << 5) | (m1 >> (32 - 5)) + c5 = (c5 << 22) | (c5 >> (32 - 22)) + c0 = (c0 << 13) | (c0 >> (32 - 13)) + m4 = (m4 << 3) | (m4 >> (32 - 3)) + m3 ^= c0 ^ m4 + c7 ^= m4 ^ (c0 << 3) + m3 = (m3 << 1) | (m3 >> (32 - 1)) + c7 = (c7 << 7) | (c7 >> (32 - 7)) + c0 ^= m3 ^ c7 + m4 ^= c7 ^ (m3 << 7) + c0 = (c0 << 5) | (c0 >> (32 - 5)) + m4 = (m4 << 22) | (m4 >> (32 - 22)) + c1 = (c1 << 13) | (c1 >> (32 - 13)) + m5 = (m5 << 3) | (m5 >> (32 - 3)) + c2 ^= c1 ^ m5 + m6 ^= m5 ^ (c1 << 3) + c2 = (c2 << 1) | (c2 >> (32 - 1)) + m6 = (m6 << 7) | (m6 >> (32 - 7)) + c1 ^= c2 ^ m6 + m5 ^= m6 ^ (c2 << 7) + c1 = (c1 << 5) | (c1 >> (32 - 5)) + m5 = (m5 << 22) | (m5 >> (32 - 22)) + + d.s[7] ^= c5 + d.s[6] ^= c4 + d.s[5] ^= m5 + d.s[4] ^= m4 + d.s[3] ^= c1 + d.s[2] ^= c0 + d.s[1] ^= m1 + d.s[0] ^= m0 } func (d *digest256) processFinal(b0, b1, b2, b3 uint32) { @@ -688,130 +688,130 @@ func (d *digest256) processFinal(b0, b1, b2, b3 uint32) { c7 ^= ALPHA_F256[0x19] m6 ^= ALPHA_F256[0x1A] m7 ^= ALPHA_F256[0x1B] - t = m0; - m0 &= m4; - m0 ^= c6; - m4 ^= c2; - m4 ^= m0; + t = m0 + m0 &= m4 + m0 ^= c6 + m4 ^= c2 + m4 ^= m0 c6 |= t - c6 ^= c2; - t ^= m4; - c2 = c6; + c6 ^= c2 + t ^= m4 + c2 = c6 c6 |= t - c6 ^= m0; - m0 &= c2; - t ^= m0; - c2 ^= c6; + c6 ^= m0 + m0 &= c2 + t ^= m0 + c2 ^= c6 c2 ^= t - m0 = m4; - m4 = c2; - c2 = c6; + m0 = m4 + m4 = c2 + c2 = c6 c6 = ^t - t = m1; - m1 &= m5; - m1 ^= c7; - m5 ^= c3; - m5 ^= m1; + t = m1 + m1 &= m5 + m1 ^= c7 + m5 ^= c3 + m5 ^= m1 c7 |= t - c7 ^= c3; - t ^= m5; - c3 = c7; + c7 ^= c3 + t ^= m5 + c3 = c7 c7 |= t - c7 ^= m1; - m1 &= c3; - t ^= m1; - c3 ^= c7; + c7 ^= m1 + m1 &= c3 + t ^= m1 + c3 ^= c7 c3 ^= t - m1 = m5; - m5 = c3; - c3 = c7; + m1 = m5 + m5 = c3 + c3 = c7 c7 = ^t - t = c0; - c0 &= c4; - c0 ^= m6; - c4 ^= m2; - c4 ^= c0; + t = c0 + c0 &= c4 + c0 ^= m6 + c4 ^= m2 + c4 ^= c0 m6 |= t - m6 ^= m2; - t ^= c4; - m2 = m6; + m6 ^= m2 + t ^= c4 + m2 = m6 m6 |= t - m6 ^= c0; - c0 &= m2; - t ^= c0; - m2 ^= m6; + m6 ^= c0 + c0 &= m2 + t ^= c0 + m2 ^= m6 m2 ^= t - c0 = c4; - c4 = m2; - m2 = m6; + c0 = c4 + c4 = m2 + m2 = m6 m6 = ^t - t = c1; - c1 &= c5; - c1 ^= m7; - c5 ^= m3; - c5 ^= c1; + t = c1 + c1 &= c5 + c1 ^= m7 + c5 ^= m3 + c5 ^= c1 m7 |= t - m7 ^= m3; - t ^= c5; - m3 = m7; + m7 ^= m3 + t ^= c5 + m3 = m7 m7 |= t - m7 ^= c1; - c1 &= m3; - t ^= c1; - m3 ^= m7; + m7 ^= c1 + c1 &= m3 + t ^= c1 + m3 ^= m7 m3 ^= t - c1 = c5; - c5 = m3; - m3 = m7; + c1 = c5 + c5 = m3 + m3 = m7 m7 = ^t - m0 = (m0 << 13) | (m0 >> (32 - 13)); - c4 = (c4 << 3) | (c4 >> (32 - 3)); - c3 ^= m0 ^ c4; - m7 ^= c4 ^ (m0 << 3); - c3 = (c3 << 1) | (c3 >> (32 - 1)); - m7 = (m7 << 7) | (m7 >> (32 - 7)); - m0 ^= c3 ^ m7; - c4 ^= m7 ^ (c3 << 7); - m0 = (m0 << 5) | (m0 >> (32 - 5)); - c4 = (c4 << 22) | (c4 >> (32 - 22)); - m1 = (m1 << 13) | (m1 >> (32 - 13)); - c5 = (c5 << 3) | (c5 >> (32 - 3)); - m2 ^= m1 ^ c5; - c6 ^= c5 ^ (m1 << 3); - m2 = (m2 << 1) | (m2 >> (32 - 1)); - c6 = (c6 << 7) | (c6 >> (32 - 7)); - m1 ^= m2 ^ c6; - c5 ^= c6 ^ (m2 << 7); - m1 = (m1 << 5) | (m1 >> (32 - 5)); - c5 = (c5 << 22) | (c5 >> (32 - 22)); - c0 = (c0 << 13) | (c0 >> (32 - 13)); - m4 = (m4 << 3) | (m4 >> (32 - 3)); - m3 ^= c0 ^ m4; - c7 ^= m4 ^ (c0 << 3); - m3 = (m3 << 1) | (m3 >> (32 - 1)); - c7 = (c7 << 7) | (c7 >> (32 - 7)); - c0 ^= m3 ^ c7; - m4 ^= c7 ^ (m3 << 7); - c0 = (c0 << 5) | (c0 >> (32 - 5)); - m4 = (m4 << 22) | (m4 >> (32 - 22)); - c1 = (c1 << 13) | (c1 >> (32 - 13)); - m5 = (m5 << 3) | (m5 >> (32 - 3)); - c2 ^= c1 ^ m5; - m6 ^= m5 ^ (c1 << 3); - c2 = (c2 << 1) | (c2 >> (32 - 1)); - m6 = (m6 << 7) | (m6 >> (32 - 7)); - c1 ^= c2 ^ m6; - m5 ^= m6 ^ (c2 << 7); - c1 = (c1 << 5) | (c1 >> (32 - 5)); - m5 = (m5 << 22) | (m5 >> (32 - 22)); + m0 = (m0 << 13) | (m0 >> (32 - 13)) + c4 = (c4 << 3) | (c4 >> (32 - 3)) + c3 ^= m0 ^ c4 + m7 ^= c4 ^ (m0 << 3) + c3 = (c3 << 1) | (c3 >> (32 - 1)) + m7 = (m7 << 7) | (m7 >> (32 - 7)) + m0 ^= c3 ^ m7 + c4 ^= m7 ^ (c3 << 7) + m0 = (m0 << 5) | (m0 >> (32 - 5)) + c4 = (c4 << 22) | (c4 >> (32 - 22)) + m1 = (m1 << 13) | (m1 >> (32 - 13)) + c5 = (c5 << 3) | (c5 >> (32 - 3)) + m2 ^= m1 ^ c5 + c6 ^= c5 ^ (m1 << 3) + m2 = (m2 << 1) | (m2 >> (32 - 1)) + c6 = (c6 << 7) | (c6 >> (32 - 7)) + m1 ^= m2 ^ c6 + c5 ^= c6 ^ (m2 << 7) + m1 = (m1 << 5) | (m1 >> (32 - 5)) + c5 = (c5 << 22) | (c5 >> (32 - 22)) + c0 = (c0 << 13) | (c0 >> (32 - 13)) + m4 = (m4 << 3) | (m4 >> (32 - 3)) + m3 ^= c0 ^ m4 + c7 ^= m4 ^ (c0 << 3) + m3 = (m3 << 1) | (m3 >> (32 - 1)) + c7 = (c7 << 7) | (c7 >> (32 - 7)) + c0 ^= m3 ^ c7 + m4 ^= c7 ^ (m3 << 7) + c0 = (c0 << 5) | (c0 >> (32 - 5)) + m4 = (m4 << 22) | (m4 >> (32 - 22)) + c1 = (c1 << 13) | (c1 >> (32 - 13)) + m5 = (m5 << 3) | (m5 >> (32 - 3)) + c2 ^= c1 ^ m5 + m6 ^= m5 ^ (c1 << 3) + c2 = (c2 << 1) | (c2 >> (32 - 1)) + m6 = (m6 << 7) | (m6 >> (32 - 7)) + c1 ^= c2 ^ m6 + m5 ^= m6 ^ (c2 << 7) + c1 = (c1 << 5) | (c1 >> (32 - 5)) + m5 = (m5 << 22) | (m5 >> (32 - 22)) } - d.s[7] ^= c5; - d.s[6] ^= c4; - d.s[5] ^= m5; - d.s[4] ^= m4; - d.s[3] ^= c1; - d.s[2] ^= c0; - d.s[1] ^= m1; - d.s[0] ^= m0; + d.s[7] ^= c5 + d.s[6] ^= c4 + d.s[5] ^= m5 + d.s[4] ^= m4 + d.s[3] ^= c1 + d.s[2] ^= c0 + d.s[1] ^= m1 + d.s[0] ^= m0 } diff --git a/hamsi/digest512.go b/hamsi/digest512.go index aba8a1d..d336a98 100644 --- a/hamsi/digest512.go +++ b/hamsi/digest512.go @@ -369,296 +369,296 @@ func (d *digest512) process( cF ^= ALPHA_N512[0x1D] mE ^= ALPHA_N512[0x1E] mF ^= ALPHA_N512[0x1F] - t = m0; - m0 &= m8; - m0 ^= cC; - m8 ^= c4; - m8 ^= m0; - cC |= t; - cC ^= c4; - t ^= m8; - c4 = cC; - cC |= t; - cC ^= m0; - m0 &= c4; - t ^= m0; - c4 ^= cC; - c4 ^= t; - m0 = m8; - m8 = c4; - c4 = cC; + t = m0 + m0 &= m8 + m0 ^= cC + m8 ^= c4 + m8 ^= m0 + cC |= t + cC ^= c4 + t ^= m8 + c4 = cC + cC |= t + cC ^= m0 + m0 &= c4 + t ^= m0 + c4 ^= cC + c4 ^= t + m0 = m8 + m8 = c4 + c4 = cC cC = ^t - t = m1; - m1 &= m9; - m1 ^= cD; - m9 ^= c5; - m9 ^= m1; - cD |= t; - cD ^= c5; - t ^= m9; - c5 = cD; - cD |= t; - cD ^= m1; - m1 &= c5; - t ^= m1; - c5 ^= cD; - c5 ^= t; - m1 = m9; - m9 = c5; - c5 = cD; + t = m1 + m1 &= m9 + m1 ^= cD + m9 ^= c5 + m9 ^= m1 + cD |= t + cD ^= c5 + t ^= m9 + c5 = cD + cD |= t + cD ^= m1 + m1 &= c5 + t ^= m1 + c5 ^= cD + c5 ^= t + m1 = m9 + m9 = c5 + c5 = cD cD = ^t - t = c0; - c0 &= c8; - c0 ^= mC; - c8 ^= m4; - c8 ^= c0; - mC |= t; - mC ^= m4; - t ^= c8; - m4 = mC; - mC |= t; - mC ^= c0; - c0 &= m4; - t ^= c0; - m4 ^= mC; - m4 ^= t; - c0 = c8; - c8 = m4; - m4 = mC; + t = c0 + c0 &= c8 + c0 ^= mC + c8 ^= m4 + c8 ^= c0 + mC |= t + mC ^= m4 + t ^= c8 + m4 = mC + mC |= t + mC ^= c0 + c0 &= m4 + t ^= c0 + m4 ^= mC + m4 ^= t + c0 = c8 + c8 = m4 + m4 = mC mC = ^t - t = c1; - c1 &= c9; - c1 ^= mD; - c9 ^= m5; - c9 ^= c1; - mD |= t; - mD ^= m5; - t ^= c9; - m5 = mD; - mD |= t; - mD ^= c1; - c1 &= m5; - t ^= c1; - m5 ^= mD; - m5 ^= t; - c1 = c9; - c9 = m5; - m5 = mD; + t = c1 + c1 &= c9 + c1 ^= mD + c9 ^= m5 + c9 ^= c1 + mD |= t + mD ^= m5 + t ^= c9 + m5 = mD + mD |= t + mD ^= c1 + c1 &= m5 + t ^= c1 + m5 ^= mD + m5 ^= t + c1 = c9 + c9 = m5 + m5 = mD mD = ^t - t = m2; - m2 &= mA; - m2 ^= cE; - mA ^= c6; - mA ^= m2; - cE |= t; - cE ^= c6; - t ^= mA; - c6 = cE; - cE |= t; - cE ^= m2; - m2 &= c6; - t ^= m2; - c6 ^= cE; - c6 ^= t; - m2 = mA; - mA = c6; - c6 = cE; + t = m2 + m2 &= mA + m2 ^= cE + mA ^= c6 + mA ^= m2 + cE |= t + cE ^= c6 + t ^= mA + c6 = cE + cE |= t + cE ^= m2 + m2 &= c6 + t ^= m2 + c6 ^= cE + c6 ^= t + m2 = mA + mA = c6 + c6 = cE cE = ^t - t = m3; - m3 &= mB; - m3 ^= cF; - mB ^= c7; - mB ^= m3; - cF |= t; - cF ^= c7; - t ^= mB; - c7 = cF; - cF |= t; - cF ^= m3; - m3 &= c7; - t ^= m3; - c7 ^= cF; - c7 ^= t; - m3 = mB; - mB = c7; - c7 = cF; + t = m3 + m3 &= mB + m3 ^= cF + mB ^= c7 + mB ^= m3 + cF |= t + cF ^= c7 + t ^= mB + c7 = cF + cF |= t + cF ^= m3 + m3 &= c7 + t ^= m3 + c7 ^= cF + c7 ^= t + m3 = mB + mB = c7 + c7 = cF cF = ^t - t = c2; - c2 &= cA; - c2 ^= mE; - cA ^= m6; - cA ^= c2; - mE |= t; - mE ^= m6; - t ^= cA; - m6 = mE; - mE |= t; - mE ^= c2; - c2 &= m6; - t ^= c2; - m6 ^= mE; - m6 ^= t; - c2 = cA; - cA = m6; - m6 = mE; + t = c2 + c2 &= cA + c2 ^= mE + cA ^= m6 + cA ^= c2 + mE |= t + mE ^= m6 + t ^= cA + m6 = mE + mE |= t + mE ^= c2 + c2 &= m6 + t ^= c2 + m6 ^= mE + m6 ^= t + c2 = cA + cA = m6 + m6 = mE mE = ^t - t = c3; - c3 &= cB; - c3 ^= mF; - cB ^= m7; - cB ^= c3; - mF |= t; - mF ^= m7; - t ^= cB; - m7 = mF; - mF |= t; - mF ^= c3; - c3 &= m7; - t ^= c3; - m7 ^= mF; - m7 ^= t; - c3 = cB; - cB = m7; - m7 = mF; + t = c3 + c3 &= cB + c3 ^= mF + cB ^= m7 + cB ^= c3 + mF |= t + mF ^= m7 + t ^= cB + m7 = mF + mF |= t + mF ^= c3 + c3 &= m7 + t ^= c3 + m7 ^= mF + m7 ^= t + c3 = cB + cB = m7 + m7 = mF mF = ^t - m0 = (m0 << 13) | (m0 >> (32 - 13)); - c8 = (c8 << 3) | (c8 >> (32 - 3)); - c5 ^= m0 ^ c8; - mD ^= c8 ^ (m0 << 3); - c5 = (c5 << 1) | (c5 >> (32 - 1)); - mD = (mD << 7) | (mD >> (32 - 7)); - m0 ^= c5 ^ mD; - c8 ^= mD ^ (c5 << 7); - m0 = (m0 << 5) | (m0 >> (32 - 5)); - c8 = (c8 << 22) | (c8 >> (32 - 22)); - m1 = (m1 << 13) | (m1 >> (32 - 13)); - c9 = (c9 << 3) | (c9 >> (32 - 3)); - m4 ^= m1 ^ c9; - cE ^= c9 ^ (m1 << 3); - m4 = (m4 << 1) | (m4 >> (32 - 1)); - cE = (cE << 7) | (cE >> (32 - 7)); - m1 ^= m4 ^ cE; - c9 ^= cE ^ (m4 << 7); - m1 = (m1 << 5) | (m1 >> (32 - 5)); - c9 = (c9 << 22) | (c9 >> (32 - 22)); - c0 = (c0 << 13) | (c0 >> (32 - 13)); - mA = (mA << 3) | (mA >> (32 - 3)); - m5 ^= c0 ^ mA; - cF ^= mA ^ (c0 << 3); - m5 = (m5 << 1) | (m5 >> (32 - 1)); - cF = (cF << 7) | (cF >> (32 - 7)); - c0 ^= m5 ^ cF; - mA ^= cF ^ (m5 << 7); - c0 = (c0 << 5) | (c0 >> (32 - 5)); - mA = (mA << 22) | (mA >> (32 - 22)); - c1 = (c1 << 13) | (c1 >> (32 - 13)); - mB = (mB << 3) | (mB >> (32 - 3)); - c6 ^= c1 ^ mB; - mE ^= mB ^ (c1 << 3); - c6 = (c6 << 1) | (c6 >> (32 - 1)); - mE = (mE << 7) | (mE >> (32 - 7)); - c1 ^= c6 ^ mE; - mB ^= mE ^ (c6 << 7); - c1 = (c1 << 5) | (c1 >> (32 - 5)); - mB = (mB << 22) | (mB >> (32 - 22)); - m2 = (m2 << 13) | (m2 >> (32 - 13)); - cA = (cA << 3) | (cA >> (32 - 3)); - c7 ^= m2 ^ cA; - mF ^= cA ^ (m2 << 3); - c7 = (c7 << 1) | (c7 >> (32 - 1)); - mF = (mF << 7) | (mF >> (32 - 7)); - m2 ^= c7 ^ mF; - cA ^= mF ^ (c7 << 7); - m2 = (m2 << 5) | (m2 >> (32 - 5)); - cA = (cA << 22) | (cA >> (32 - 22)); - m3 = (m3 << 13) | (m3 >> (32 - 13)); - cB = (cB << 3) | (cB >> (32 - 3)); - m6 ^= m3 ^ cB; - cC ^= cB ^ (m3 << 3); - m6 = (m6 << 1) | (m6 >> (32 - 1)); - cC = (cC << 7) | (cC >> (32 - 7)); - m3 ^= m6 ^ cC; - cB ^= cC ^ (m6 << 7); - m3 = (m3 << 5) | (m3 >> (32 - 5)); - cB = (cB << 22) | (cB >> (32 - 22)); - c2 = (c2 << 13) | (c2 >> (32 - 13)); - m8 = (m8 << 3) | (m8 >> (32 - 3)); - m7 ^= c2 ^ m8; - cD ^= m8 ^ (c2 << 3); - m7 = (m7 << 1) | (m7 >> (32 - 1)); - cD = (cD << 7) | (cD >> (32 - 7)); - c2 ^= m7 ^ cD; - m8 ^= cD ^ (m7 << 7); - c2 = (c2 << 5) | (c2 >> (32 - 5)); - m8 = (m8 << 22) | (m8 >> (32 - 22)); - c3 = (c3 << 13) | (c3 >> (32 - 13)); - m9 = (m9 << 3) | (m9 >> (32 - 3)); - c4 ^= c3 ^ m9; - mC ^= m9 ^ (c3 << 3); - c4 = (c4 << 1) | (c4 >> (32 - 1)); - mC = (mC << 7) | (mC >> (32 - 7)); - c3 ^= c4 ^ mC; - m9 ^= mC ^ (c4 << 7); - c3 = (c3 << 5) | (c3 >> (32 - 5)); - m9 = (m9 << 22) | (m9 >> (32 - 22)); - m0 = (m0 << 13) | (m0 >> (32 - 13)); - m3 = (m3 << 3) | (m3 >> (32 - 3)); - c0 ^= m0 ^ m3; - c3 ^= m3 ^ (m0 << 3); - c0 = (c0 << 1) | (c0 >> (32 - 1)); - c3 = (c3 << 7) | (c3 >> (32 - 7)); - m0 ^= c0 ^ c3; - m3 ^= c3 ^ (c0 << 7); - m0 = (m0 << 5) | (m0 >> (32 - 5)); - m3 = (m3 << 22) | (m3 >> (32 - 22)); - m8 = (m8 << 13) | (m8 >> (32 - 13)); - mB = (mB << 3) | (mB >> (32 - 3)); - c9 ^= m8 ^ mB; - cA ^= mB ^ (m8 << 3); - c9 = (c9 << 1) | (c9 >> (32 - 1)); - cA = (cA << 7) | (cA >> (32 - 7)); - m8 ^= c9 ^ cA; - mB ^= cA ^ (c9 << 7); - m8 = (m8 << 5) | (m8 >> (32 - 5)); - mB = (mB << 22) | (mB >> (32 - 22)); - c5 = (c5 << 13) | (c5 >> (32 - 13)); - c6 = (c6 << 3) | (c6 >> (32 - 3)); - m5 ^= c5 ^ c6; - m6 ^= c6 ^ (c5 << 3); - m5 = (m5 << 1) | (m5 >> (32 - 1)); - m6 = (m6 << 7) | (m6 >> (32 - 7)); - c5 ^= m5 ^ m6; - c6 ^= m6 ^ (m5 << 7); - c5 = (c5 << 5) | (c5 >> (32 - 5)); - c6 = (c6 << 22) | (c6 >> (32 - 22)); - cD = (cD << 13) | (cD >> (32 - 13)); - cE = (cE << 3) | (cE >> (32 - 3)); - mC ^= cD ^ cE; - mF ^= cE ^ (cD << 3); - mC = (mC << 1) | (mC >> (32 - 1)); - mF = (mF << 7) | (mF >> (32 - 7)); - cD ^= mC ^ mF; - cE ^= mF ^ (mC << 7); - cD = (cD << 5) | (cD >> (32 - 5)); - cE = (cE << 22) | (cE >> (32 - 22)); + m0 = (m0 << 13) | (m0 >> (32 - 13)) + c8 = (c8 << 3) | (c8 >> (32 - 3)) + c5 ^= m0 ^ c8 + mD ^= c8 ^ (m0 << 3) + c5 = (c5 << 1) | (c5 >> (32 - 1)) + mD = (mD << 7) | (mD >> (32 - 7)) + m0 ^= c5 ^ mD + c8 ^= mD ^ (c5 << 7) + m0 = (m0 << 5) | (m0 >> (32 - 5)) + c8 = (c8 << 22) | (c8 >> (32 - 22)) + m1 = (m1 << 13) | (m1 >> (32 - 13)) + c9 = (c9 << 3) | (c9 >> (32 - 3)) + m4 ^= m1 ^ c9 + cE ^= c9 ^ (m1 << 3) + m4 = (m4 << 1) | (m4 >> (32 - 1)) + cE = (cE << 7) | (cE >> (32 - 7)) + m1 ^= m4 ^ cE + c9 ^= cE ^ (m4 << 7) + m1 = (m1 << 5) | (m1 >> (32 - 5)) + c9 = (c9 << 22) | (c9 >> (32 - 22)) + c0 = (c0 << 13) | (c0 >> (32 - 13)) + mA = (mA << 3) | (mA >> (32 - 3)) + m5 ^= c0 ^ mA + cF ^= mA ^ (c0 << 3) + m5 = (m5 << 1) | (m5 >> (32 - 1)) + cF = (cF << 7) | (cF >> (32 - 7)) + c0 ^= m5 ^ cF + mA ^= cF ^ (m5 << 7) + c0 = (c0 << 5) | (c0 >> (32 - 5)) + mA = (mA << 22) | (mA >> (32 - 22)) + c1 = (c1 << 13) | (c1 >> (32 - 13)) + mB = (mB << 3) | (mB >> (32 - 3)) + c6 ^= c1 ^ mB + mE ^= mB ^ (c1 << 3) + c6 = (c6 << 1) | (c6 >> (32 - 1)) + mE = (mE << 7) | (mE >> (32 - 7)) + c1 ^= c6 ^ mE + mB ^= mE ^ (c6 << 7) + c1 = (c1 << 5) | (c1 >> (32 - 5)) + mB = (mB << 22) | (mB >> (32 - 22)) + m2 = (m2 << 13) | (m2 >> (32 - 13)) + cA = (cA << 3) | (cA >> (32 - 3)) + c7 ^= m2 ^ cA + mF ^= cA ^ (m2 << 3) + c7 = (c7 << 1) | (c7 >> (32 - 1)) + mF = (mF << 7) | (mF >> (32 - 7)) + m2 ^= c7 ^ mF + cA ^= mF ^ (c7 << 7) + m2 = (m2 << 5) | (m2 >> (32 - 5)) + cA = (cA << 22) | (cA >> (32 - 22)) + m3 = (m3 << 13) | (m3 >> (32 - 13)) + cB = (cB << 3) | (cB >> (32 - 3)) + m6 ^= m3 ^ cB + cC ^= cB ^ (m3 << 3) + m6 = (m6 << 1) | (m6 >> (32 - 1)) + cC = (cC << 7) | (cC >> (32 - 7)) + m3 ^= m6 ^ cC + cB ^= cC ^ (m6 << 7) + m3 = (m3 << 5) | (m3 >> (32 - 5)) + cB = (cB << 22) | (cB >> (32 - 22)) + c2 = (c2 << 13) | (c2 >> (32 - 13)) + m8 = (m8 << 3) | (m8 >> (32 - 3)) + m7 ^= c2 ^ m8 + cD ^= m8 ^ (c2 << 3) + m7 = (m7 << 1) | (m7 >> (32 - 1)) + cD = (cD << 7) | (cD >> (32 - 7)) + c2 ^= m7 ^ cD + m8 ^= cD ^ (m7 << 7) + c2 = (c2 << 5) | (c2 >> (32 - 5)) + m8 = (m8 << 22) | (m8 >> (32 - 22)) + c3 = (c3 << 13) | (c3 >> (32 - 13)) + m9 = (m9 << 3) | (m9 >> (32 - 3)) + c4 ^= c3 ^ m9 + mC ^= m9 ^ (c3 << 3) + c4 = (c4 << 1) | (c4 >> (32 - 1)) + mC = (mC << 7) | (mC >> (32 - 7)) + c3 ^= c4 ^ mC + m9 ^= mC ^ (c4 << 7) + c3 = (c3 << 5) | (c3 >> (32 - 5)) + m9 = (m9 << 22) | (m9 >> (32 - 22)) + m0 = (m0 << 13) | (m0 >> (32 - 13)) + m3 = (m3 << 3) | (m3 >> (32 - 3)) + c0 ^= m0 ^ m3 + c3 ^= m3 ^ (m0 << 3) + c0 = (c0 << 1) | (c0 >> (32 - 1)) + c3 = (c3 << 7) | (c3 >> (32 - 7)) + m0 ^= c0 ^ c3 + m3 ^= c3 ^ (c0 << 7) + m0 = (m0 << 5) | (m0 >> (32 - 5)) + m3 = (m3 << 22) | (m3 >> (32 - 22)) + m8 = (m8 << 13) | (m8 >> (32 - 13)) + mB = (mB << 3) | (mB >> (32 - 3)) + c9 ^= m8 ^ mB + cA ^= mB ^ (m8 << 3) + c9 = (c9 << 1) | (c9 >> (32 - 1)) + cA = (cA << 7) | (cA >> (32 - 7)) + m8 ^= c9 ^ cA + mB ^= cA ^ (c9 << 7) + m8 = (m8 << 5) | (m8 >> (32 - 5)) + mB = (mB << 22) | (mB >> (32 - 22)) + c5 = (c5 << 13) | (c5 >> (32 - 13)) + c6 = (c6 << 3) | (c6 >> (32 - 3)) + m5 ^= c5 ^ c6 + m6 ^= c6 ^ (c5 << 3) + m5 = (m5 << 1) | (m5 >> (32 - 1)) + m6 = (m6 << 7) | (m6 >> (32 - 7)) + c5 ^= m5 ^ m6 + c6 ^= m6 ^ (m5 << 7) + c5 = (c5 << 5) | (c5 >> (32 - 5)) + c6 = (c6 << 22) | (c6 >> (32 - 22)) + cD = (cD << 13) | (cD >> (32 - 13)) + cE = (cE << 3) | (cE >> (32 - 3)) + mC ^= cD ^ cE + mF ^= cE ^ (cD << 3) + mC = (mC << 1) | (mC >> (32 - 1)) + mF = (mF << 7) | (mF >> (32 - 7)) + cD ^= mC ^ mF + cE ^= mF ^ (mC << 7) + cD = (cD << 5) | (cD >> (32 - 5)) + cE = (cE << 22) | (cE >> (32 - 22)) } - d.s[0xF] ^= cB; - d.s[0xE] ^= cA; - d.s[0xD] ^= mB; - d.s[0xC] ^= mA; - d.s[0xB] ^= c9; - d.s[0xA] ^= c8; - d.s[0x9] ^= m9; - d.s[0x8] ^= m8; - d.s[0x7] ^= c3; - d.s[0x6] ^= c2; - d.s[0x5] ^= m3; - d.s[0x4] ^= m2; - d.s[0x3] ^= c1; - d.s[0x2] ^= c0; - d.s[0x1] ^= m1; - d.s[0x0] ^= m0; + d.s[0xF] ^= cB + d.s[0xE] ^= cA + d.s[0xD] ^= mB + d.s[0xC] ^= mA + d.s[0xB] ^= c9 + d.s[0xA] ^= c8 + d.s[0x9] ^= m9 + d.s[0x8] ^= m8 + d.s[0x7] ^= c3 + d.s[0x6] ^= c2 + d.s[0x5] ^= m3 + d.s[0x4] ^= m2 + d.s[0x3] ^= c1 + d.s[0x2] ^= c0 + d.s[0x1] ^= m1 + d.s[0x0] ^= m0 } func (d *digest512) processFinal( @@ -855,294 +855,294 @@ func (d *digest512) processFinal( cF ^= ALPHA_F512[0x1D] mE ^= ALPHA_F512[0x1E] mF ^= ALPHA_F512[0x1F] - t = m0; - m0 &= m8; - m0 ^= cC; - m8 ^= c4; - m8 ^= m0; - cC |= t; - cC ^= c4; - t ^= m8; - c4 = cC; - cC |= t; - cC ^= m0; - m0 &= c4; - t ^= m0; - c4 ^= cC; - c4 ^= t; - m0 = m8; - m8 = c4; - c4 = cC; + t = m0 + m0 &= m8 + m0 ^= cC + m8 ^= c4 + m8 ^= m0 + cC |= t + cC ^= c4 + t ^= m8 + c4 = cC + cC |= t + cC ^= m0 + m0 &= c4 + t ^= m0 + c4 ^= cC + c4 ^= t + m0 = m8 + m8 = c4 + c4 = cC cC = ^t - t = m1; - m1 &= m9; - m1 ^= cD; - m9 ^= c5; - m9 ^= m1; - cD |= t; - cD ^= c5; - t ^= m9; - c5 = cD; - cD |= t; - cD ^= m1; - m1 &= c5; - t ^= m1; - c5 ^= cD; - c5 ^= t; - m1 = m9; - m9 = c5; - c5 = cD; + t = m1 + m1 &= m9 + m1 ^= cD + m9 ^= c5 + m9 ^= m1 + cD |= t + cD ^= c5 + t ^= m9 + c5 = cD + cD |= t + cD ^= m1 + m1 &= c5 + t ^= m1 + c5 ^= cD + c5 ^= t + m1 = m9 + m9 = c5 + c5 = cD cD = ^t - t = c0; - c0 &= c8; - c0 ^= mC; - c8 ^= m4; - c8 ^= c0; - mC |= t; - mC ^= m4; - t ^= c8; - m4 = mC; - mC |= t; - mC ^= c0; - c0 &= m4; - t ^= c0; - m4 ^= mC; - m4 ^= t; - c0 = c8; - c8 = m4; - m4 = mC; + t = c0 + c0 &= c8 + c0 ^= mC + c8 ^= m4 + c8 ^= c0 + mC |= t + mC ^= m4 + t ^= c8 + m4 = mC + mC |= t + mC ^= c0 + c0 &= m4 + t ^= c0 + m4 ^= mC + m4 ^= t + c0 = c8 + c8 = m4 + m4 = mC mC = ^t - t = c1; - c1 &= c9; - c1 ^= mD; - c9 ^= m5; - c9 ^= c1; - mD |= t; - mD ^= m5; - t ^= c9; - m5 = mD; - mD |= t; - mD ^= c1; - c1 &= m5; - t ^= c1; - m5 ^= mD; - m5 ^= t; - c1 = c9; - c9 = m5; - m5 = mD; + t = c1 + c1 &= c9 + c1 ^= mD + c9 ^= m5 + c9 ^= c1 + mD |= t + mD ^= m5 + t ^= c9 + m5 = mD + mD |= t + mD ^= c1 + c1 &= m5 + t ^= c1 + m5 ^= mD + m5 ^= t + c1 = c9 + c9 = m5 + m5 = mD mD = ^t - t = m2; - m2 &= mA; - m2 ^= cE; - mA ^= c6; - mA ^= m2; - cE |= t; - cE ^= c6; - t ^= mA; - c6 = cE; - cE |= t; - cE ^= m2; - m2 &= c6; - t ^= m2; - c6 ^= cE; - c6 ^= t; - m2 = mA; - mA = c6; - c6 = cE; + t = m2 + m2 &= mA + m2 ^= cE + mA ^= c6 + mA ^= m2 + cE |= t + cE ^= c6 + t ^= mA + c6 = cE + cE |= t + cE ^= m2 + m2 &= c6 + t ^= m2 + c6 ^= cE + c6 ^= t + m2 = mA + mA = c6 + c6 = cE cE = ^t - t = m3; - m3 &= mB; - m3 ^= cF; - mB ^= c7; - mB ^= m3; - cF |= t; - cF ^= c7; - t ^= mB; - c7 = cF; - cF |= t; - cF ^= m3; - m3 &= c7; - t ^= m3; - c7 ^= cF; - c7 ^= t; - m3 = mB; - mB = c7; - c7 = cF; + t = m3 + m3 &= mB + m3 ^= cF + mB ^= c7 + mB ^= m3 + cF |= t + cF ^= c7 + t ^= mB + c7 = cF + cF |= t + cF ^= m3 + m3 &= c7 + t ^= m3 + c7 ^= cF + c7 ^= t + m3 = mB + mB = c7 + c7 = cF cF = ^t - t = c2; - c2 &= cA; - c2 ^= mE; - cA ^= m6; - cA ^= c2; - mE |= t; - mE ^= m6; - t ^= cA; - m6 = mE; - mE |= t; - mE ^= c2; - c2 &= m6; - t ^= c2; - m6 ^= mE; - m6 ^= t; - c2 = cA; - cA = m6; - m6 = mE; + t = c2 + c2 &= cA + c2 ^= mE + cA ^= m6 + cA ^= c2 + mE |= t + mE ^= m6 + t ^= cA + m6 = mE + mE |= t + mE ^= c2 + c2 &= m6 + t ^= c2 + m6 ^= mE + m6 ^= t + c2 = cA + cA = m6 + m6 = mE mE = ^t - t = c3; - c3 &= cB; - c3 ^= mF; - cB ^= m7; - cB ^= c3; - mF |= t; - mF ^= m7; - t ^= cB; - m7 = mF; - mF |= t; - mF ^= c3; - c3 &= m7; - t ^= c3; - m7 ^= mF; - m7 ^= t; - c3 = cB; - cB = m7; - m7 = mF; + t = c3 + c3 &= cB + c3 ^= mF + cB ^= m7 + cB ^= c3 + mF |= t + mF ^= m7 + t ^= cB + m7 = mF + mF |= t + mF ^= c3 + c3 &= m7 + t ^= c3 + m7 ^= mF + m7 ^= t + c3 = cB + cB = m7 + m7 = mF mF = ^t - m0 = (m0 << 13) | (m0 >> (32 - 13)); - c8 = (c8 << 3) | (c8 >> (32 - 3)); - c5 ^= m0 ^ c8; - mD ^= c8 ^ (m0 << 3); - c5 = (c5 << 1) | (c5 >> (32 - 1)); - mD = (mD << 7) | (mD >> (32 - 7)); - m0 ^= c5 ^ mD; - c8 ^= mD ^ (c5 << 7); - m0 = (m0 << 5) | (m0 >> (32 - 5)); - c8 = (c8 << 22) | (c8 >> (32 - 22)); - m1 = (m1 << 13) | (m1 >> (32 - 13)); - c9 = (c9 << 3) | (c9 >> (32 - 3)); - m4 ^= m1 ^ c9; - cE ^= c9 ^ (m1 << 3); - m4 = (m4 << 1) | (m4 >> (32 - 1)); - cE = (cE << 7) | (cE >> (32 - 7)); - m1 ^= m4 ^ cE; - c9 ^= cE ^ (m4 << 7); - m1 = (m1 << 5) | (m1 >> (32 - 5)); - c9 = (c9 << 22) | (c9 >> (32 - 22)); - c0 = (c0 << 13) | (c0 >> (32 - 13)); - mA = (mA << 3) | (mA >> (32 - 3)); - m5 ^= c0 ^ mA; - cF ^= mA ^ (c0 << 3); - m5 = (m5 << 1) | (m5 >> (32 - 1)); - cF = (cF << 7) | (cF >> (32 - 7)); - c0 ^= m5 ^ cF; - mA ^= cF ^ (m5 << 7); - c0 = (c0 << 5) | (c0 >> (32 - 5)); - mA = (mA << 22) | (mA >> (32 - 22)); - c1 = (c1 << 13) | (c1 >> (32 - 13)); - mB = (mB << 3) | (mB >> (32 - 3)); - c6 ^= c1 ^ mB; - mE ^= mB ^ (c1 << 3); - c6 = (c6 << 1) | (c6 >> (32 - 1)); - mE = (mE << 7) | (mE >> (32 - 7)); - c1 ^= c6 ^ mE; - mB ^= mE ^ (c6 << 7); - c1 = (c1 << 5) | (c1 >> (32 - 5)); - mB = (mB << 22) | (mB >> (32 - 22)); - m2 = (m2 << 13) | (m2 >> (32 - 13)); - cA = (cA << 3) | (cA >> (32 - 3)); - c7 ^= m2 ^ cA; - mF ^= cA ^ (m2 << 3); - c7 = (c7 << 1) | (c7 >> (32 - 1)); - mF = (mF << 7) | (mF >> (32 - 7)); - m2 ^= c7 ^ mF; - cA ^= mF ^ (c7 << 7); - m2 = (m2 << 5) | (m2 >> (32 - 5)); - cA = (cA << 22) | (cA >> (32 - 22)); - m3 = (m3 << 13) | (m3 >> (32 - 13)); - cB = (cB << 3) | (cB >> (32 - 3)); - m6 ^= m3 ^ cB; - cC ^= cB ^ (m3 << 3); - m6 = (m6 << 1) | (m6 >> (32 - 1)); - cC = (cC << 7) | (cC >> (32 - 7)); - m3 ^= m6 ^ cC; - cB ^= cC ^ (m6 << 7); - m3 = (m3 << 5) | (m3 >> (32 - 5)); - cB = (cB << 22) | (cB >> (32 - 22)); - c2 = (c2 << 13) | (c2 >> (32 - 13)); - m8 = (m8 << 3) | (m8 >> (32 - 3)); - m7 ^= c2 ^ m8; - cD ^= m8 ^ (c2 << 3); - m7 = (m7 << 1) | (m7 >> (32 - 1)); - cD = (cD << 7) | (cD >> (32 - 7)); - c2 ^= m7 ^ cD; - m8 ^= cD ^ (m7 << 7); - c2 = (c2 << 5) | (c2 >> (32 - 5)); - m8 = (m8 << 22) | (m8 >> (32 - 22)); - c3 = (c3 << 13) | (c3 >> (32 - 13)); - m9 = (m9 << 3) | (m9 >> (32 - 3)); - c4 ^= c3 ^ m9; - mC ^= m9 ^ (c3 << 3); - c4 = (c4 << 1) | (c4 >> (32 - 1)); - mC = (mC << 7) | (mC >> (32 - 7)); - c3 ^= c4 ^ mC; - m9 ^= mC ^ (c4 << 7); - c3 = (c3 << 5) | (c3 >> (32 - 5)); - m9 = (m9 << 22) | (m9 >> (32 - 22)); - m0 = (m0 << 13) | (m0 >> (32 - 13)); - m3 = (m3 << 3) | (m3 >> (32 - 3)); - c0 ^= m0 ^ m3; - c3 ^= m3 ^ (m0 << 3); - c0 = (c0 << 1) | (c0 >> (32 - 1)); - c3 = (c3 << 7) | (c3 >> (32 - 7)); - m0 ^= c0 ^ c3; - m3 ^= c3 ^ (c0 << 7); - m0 = (m0 << 5) | (m0 >> (32 - 5)); - m3 = (m3 << 22) | (m3 >> (32 - 22)); - m8 = (m8 << 13) | (m8 >> (32 - 13)); - mB = (mB << 3) | (mB >> (32 - 3)); - c9 ^= m8 ^ mB; - cA ^= mB ^ (m8 << 3); - c9 = (c9 << 1) | (c9 >> (32 - 1)); - cA = (cA << 7) | (cA >> (32 - 7)); - m8 ^= c9 ^ cA; - mB ^= cA ^ (c9 << 7); - m8 = (m8 << 5) | (m8 >> (32 - 5)); - mB = (mB << 22) | (mB >> (32 - 22)); - c5 = (c5 << 13) | (c5 >> (32 - 13)); - c6 = (c6 << 3) | (c6 >> (32 - 3)); - m5 ^= c5 ^ c6; - m6 ^= c6 ^ (c5 << 3); - m5 = (m5 << 1) | (m5 >> (32 - 1)); - m6 = (m6 << 7) | (m6 >> (32 - 7)); - c5 ^= m5 ^ m6; - c6 ^= m6 ^ (m5 << 7); - c5 = (c5 << 5) | (c5 >> (32 - 5)); - c6 = (c6 << 22) | (c6 >> (32 - 22)); - cD = (cD << 13) | (cD >> (32 - 13)); - cE = (cE << 3) | (cE >> (32 - 3)); - mC ^= cD ^ cE; - mF ^= cE ^ (cD << 3); - mC = (mC << 1) | (mC >> (32 - 1)); - mF = (mF << 7) | (mF >> (32 - 7)); - cD ^= mC ^ mF; - cE ^= mF ^ (mC << 7); - cD = (cD << 5) | (cD >> (32 - 5)); - cE = (cE << 22) | (cE >> (32 - 22)); + m0 = (m0 << 13) | (m0 >> (32 - 13)) + c8 = (c8 << 3) | (c8 >> (32 - 3)) + c5 ^= m0 ^ c8 + mD ^= c8 ^ (m0 << 3) + c5 = (c5 << 1) | (c5 >> (32 - 1)) + mD = (mD << 7) | (mD >> (32 - 7)) + m0 ^= c5 ^ mD + c8 ^= mD ^ (c5 << 7) + m0 = (m0 << 5) | (m0 >> (32 - 5)) + c8 = (c8 << 22) | (c8 >> (32 - 22)) + m1 = (m1 << 13) | (m1 >> (32 - 13)) + c9 = (c9 << 3) | (c9 >> (32 - 3)) + m4 ^= m1 ^ c9 + cE ^= c9 ^ (m1 << 3) + m4 = (m4 << 1) | (m4 >> (32 - 1)) + cE = (cE << 7) | (cE >> (32 - 7)) + m1 ^= m4 ^ cE + c9 ^= cE ^ (m4 << 7) + m1 = (m1 << 5) | (m1 >> (32 - 5)) + c9 = (c9 << 22) | (c9 >> (32 - 22)) + c0 = (c0 << 13) | (c0 >> (32 - 13)) + mA = (mA << 3) | (mA >> (32 - 3)) + m5 ^= c0 ^ mA + cF ^= mA ^ (c0 << 3) + m5 = (m5 << 1) | (m5 >> (32 - 1)) + cF = (cF << 7) | (cF >> (32 - 7)) + c0 ^= m5 ^ cF + mA ^= cF ^ (m5 << 7) + c0 = (c0 << 5) | (c0 >> (32 - 5)) + mA = (mA << 22) | (mA >> (32 - 22)) + c1 = (c1 << 13) | (c1 >> (32 - 13)) + mB = (mB << 3) | (mB >> (32 - 3)) + c6 ^= c1 ^ mB + mE ^= mB ^ (c1 << 3) + c6 = (c6 << 1) | (c6 >> (32 - 1)) + mE = (mE << 7) | (mE >> (32 - 7)) + c1 ^= c6 ^ mE + mB ^= mE ^ (c6 << 7) + c1 = (c1 << 5) | (c1 >> (32 - 5)) + mB = (mB << 22) | (mB >> (32 - 22)) + m2 = (m2 << 13) | (m2 >> (32 - 13)) + cA = (cA << 3) | (cA >> (32 - 3)) + c7 ^= m2 ^ cA + mF ^= cA ^ (m2 << 3) + c7 = (c7 << 1) | (c7 >> (32 - 1)) + mF = (mF << 7) | (mF >> (32 - 7)) + m2 ^= c7 ^ mF + cA ^= mF ^ (c7 << 7) + m2 = (m2 << 5) | (m2 >> (32 - 5)) + cA = (cA << 22) | (cA >> (32 - 22)) + m3 = (m3 << 13) | (m3 >> (32 - 13)) + cB = (cB << 3) | (cB >> (32 - 3)) + m6 ^= m3 ^ cB + cC ^= cB ^ (m3 << 3) + m6 = (m6 << 1) | (m6 >> (32 - 1)) + cC = (cC << 7) | (cC >> (32 - 7)) + m3 ^= m6 ^ cC + cB ^= cC ^ (m6 << 7) + m3 = (m3 << 5) | (m3 >> (32 - 5)) + cB = (cB << 22) | (cB >> (32 - 22)) + c2 = (c2 << 13) | (c2 >> (32 - 13)) + m8 = (m8 << 3) | (m8 >> (32 - 3)) + m7 ^= c2 ^ m8 + cD ^= m8 ^ (c2 << 3) + m7 = (m7 << 1) | (m7 >> (32 - 1)) + cD = (cD << 7) | (cD >> (32 - 7)) + c2 ^= m7 ^ cD + m8 ^= cD ^ (m7 << 7) + c2 = (c2 << 5) | (c2 >> (32 - 5)) + m8 = (m8 << 22) | (m8 >> (32 - 22)) + c3 = (c3 << 13) | (c3 >> (32 - 13)) + m9 = (m9 << 3) | (m9 >> (32 - 3)) + c4 ^= c3 ^ m9 + mC ^= m9 ^ (c3 << 3) + c4 = (c4 << 1) | (c4 >> (32 - 1)) + mC = (mC << 7) | (mC >> (32 - 7)) + c3 ^= c4 ^ mC + m9 ^= mC ^ (c4 << 7) + c3 = (c3 << 5) | (c3 >> (32 - 5)) + m9 = (m9 << 22) | (m9 >> (32 - 22)) + m0 = (m0 << 13) | (m0 >> (32 - 13)) + m3 = (m3 << 3) | (m3 >> (32 - 3)) + c0 ^= m0 ^ m3 + c3 ^= m3 ^ (m0 << 3) + c0 = (c0 << 1) | (c0 >> (32 - 1)) + c3 = (c3 << 7) | (c3 >> (32 - 7)) + m0 ^= c0 ^ c3 + m3 ^= c3 ^ (c0 << 7) + m0 = (m0 << 5) | (m0 >> (32 - 5)) + m3 = (m3 << 22) | (m3 >> (32 - 22)) + m8 = (m8 << 13) | (m8 >> (32 - 13)) + mB = (mB << 3) | (mB >> (32 - 3)) + c9 ^= m8 ^ mB + cA ^= mB ^ (m8 << 3) + c9 = (c9 << 1) | (c9 >> (32 - 1)) + cA = (cA << 7) | (cA >> (32 - 7)) + m8 ^= c9 ^ cA + mB ^= cA ^ (c9 << 7) + m8 = (m8 << 5) | (m8 >> (32 - 5)) + mB = (mB << 22) | (mB >> (32 - 22)) + c5 = (c5 << 13) | (c5 >> (32 - 13)) + c6 = (c6 << 3) | (c6 >> (32 - 3)) + m5 ^= c5 ^ c6 + m6 ^= c6 ^ (c5 << 3) + m5 = (m5 << 1) | (m5 >> (32 - 1)) + m6 = (m6 << 7) | (m6 >> (32 - 7)) + c5 ^= m5 ^ m6 + c6 ^= m6 ^ (m5 << 7) + c5 = (c5 << 5) | (c5 >> (32 - 5)) + c6 = (c6 << 22) | (c6 >> (32 - 22)) + cD = (cD << 13) | (cD >> (32 - 13)) + cE = (cE << 3) | (cE >> (32 - 3)) + mC ^= cD ^ cE + mF ^= cE ^ (cD << 3) + mC = (mC << 1) | (mC >> (32 - 1)) + mF = (mF << 7) | (mF >> (32 - 7)) + cD ^= mC ^ mF + cE ^= mF ^ (mC << 7) + cD = (cD << 5) | (cD >> (32 - 5)) + cE = (cE << 22) | (cE >> (32 - 22)) } - d.s[0xF] ^= cB; - d.s[0xE] ^= cA; - d.s[0xD] ^= mB; - d.s[0xC] ^= mA; - d.s[0xB] ^= c9; - d.s[0xA] ^= c8; - d.s[0x9] ^= m9; - d.s[0x8] ^= m8; - d.s[0x7] ^= c3; - d.s[0x6] ^= c2; - d.s[0x5] ^= m3; - d.s[0x4] ^= m2; - d.s[0x3] ^= c1; - d.s[0x2] ^= c0; - d.s[0x1] ^= m1; - d.s[0x0] ^= m0; + d.s[0xF] ^= cB + d.s[0xE] ^= cA + d.s[0xD] ^= mB + d.s[0xC] ^= mA + d.s[0xB] ^= c9 + d.s[0xA] ^= c8 + d.s[0x9] ^= m9 + d.s[0x8] ^= m8 + d.s[0x7] ^= c3 + d.s[0x6] ^= c2 + d.s[0x5] ^= m3 + d.s[0x4] ^= m2 + d.s[0x3] ^= c1 + d.s[0x2] ^= c0 + d.s[0x1] ^= m1 + d.s[0x0] ^= m0 } diff --git a/jh2/digest.go b/jh2/digest.go index d46403f..6508edd 100644 --- a/jh2/digest.go +++ b/jh2/digest.go @@ -92,7 +92,7 @@ func (d *digest) checkSum() (out []byte) { tmpBuf[0] = 0x80 for i := 1; i <= numz; i++ { - tmpBuf[i] = 0x00; + tmpBuf[i] = 0x00 } putu64(tmpBuf[numz + 1:], bc >> 55) @@ -172,89 +172,89 @@ func (d *digest) doS(r int) { var x0, x1, x2, x3, cc, tmp uint64 - cc = C[(r << 2) + 0]; - x0 = h[ 0]; - x1 = h[ 4]; - x2 = h[ 8]; - x3 = h[12]; - x3 = ^x3; - x0 ^= cc & ^x2; - tmp = cc ^ (x0 & x1); - x0 ^= x2 & x3; - x3 ^= ^x1 & x2; - x1 ^= x0 & x2; - x2 ^= x0 & ^x3; - x0 ^= x1 | x3; - x3 ^= x1 & x2; - x1 ^= tmp & x0; - x2 ^= tmp; - h[ 0] = x0; - h[ 4] = x1; - h[ 8] = x2; - h[12] = x3; - - cc = C[(r << 2) + 1]; - x0 = h[ 1]; - x1 = h[ 5]; - x2 = h[ 9]; - x3 = h[13]; - x3 = ^x3; - x0 ^= cc & ^x2; - tmp = cc ^ (x0 & x1); - x0 ^= x2 & x3; - x3 ^= ^x1 & x2; - x1 ^= x0 & x2; - x2 ^= x0 & ^x3; - x0 ^= x1 | x3; - x3 ^= x1 & x2; - x1 ^= tmp & x0; - x2 ^= tmp; - h[ 1] = x0; - h[ 5] = x1; - h[ 9] = x2; - h[13] = x3; - - cc = C[(r << 2) + 2]; - x0 = h[ 2]; - x1 = h[ 6]; - x2 = h[10]; - x3 = h[14]; - x3 = ^x3; - x0 ^= cc & ^x2; - tmp = cc ^ (x0 & x1); - x0 ^= x2 & x3; - x3 ^= ^x1 & x2; - x1 ^= x0 & x2; - x2 ^= x0 & ^x3; - x0 ^= x1 | x3; - x3 ^= x1 & x2; - x1 ^= tmp & x0; - x2 ^= tmp; - h[ 2] = x0; - h[ 6] = x1; - h[10] = x2; - h[14] = x3; - - cc = C[(r << 2) + 3]; - x0 = h[ 3]; - x1 = h[ 7]; - x2 = h[11]; - x3 = h[15]; - x3 = ^x3; - x0 ^= cc & ^x2; - tmp = cc ^ (x0 & x1); - x0 ^= x2 & x3; - x3 ^= ^x1 & x2; - x1 ^= x0 & x2; - x2 ^= x0 & ^x3; - x0 ^= x1 | x3; - x3 ^= x1 & x2; - x1 ^= tmp & x0; - x2 ^= tmp; - h[ 3] = x0; - h[ 7] = x1; - h[11] = x2; - h[15] = x3; + cc = C[(r << 2) + 0] + x0 = h[ 0] + x1 = h[ 4] + x2 = h[ 8] + x3 = h[12] + x3 = ^x3 + x0 ^= cc & ^x2 + tmp = cc ^ (x0 & x1) + x0 ^= x2 & x3 + x3 ^= ^x1 & x2 + x1 ^= x0 & x2 + x2 ^= x0 & ^x3 + x0 ^= x1 | x3 + x3 ^= x1 & x2 + x1 ^= tmp & x0 + x2 ^= tmp + h[ 0] = x0 + h[ 4] = x1 + h[ 8] = x2 + h[12] = x3 + + cc = C[(r << 2) + 1] + x0 = h[ 1] + x1 = h[ 5] + x2 = h[ 9] + x3 = h[13] + x3 = ^x3 + x0 ^= cc & ^x2 + tmp = cc ^ (x0 & x1) + x0 ^= x2 & x3 + x3 ^= ^x1 & x2 + x1 ^= x0 & x2 + x2 ^= x0 & ^x3 + x0 ^= x1 | x3 + x3 ^= x1 & x2 + x1 ^= tmp & x0 + x2 ^= tmp + h[ 1] = x0 + h[ 5] = x1 + h[ 9] = x2 + h[13] = x3 + + cc = C[(r << 2) + 2] + x0 = h[ 2] + x1 = h[ 6] + x2 = h[10] + x3 = h[14] + x3 = ^x3 + x0 ^= cc & ^x2 + tmp = cc ^ (x0 & x1) + x0 ^= x2 & x3 + x3 ^= ^x1 & x2 + x1 ^= x0 & x2 + x2 ^= x0 & ^x3 + x0 ^= x1 | x3 + x3 ^= x1 & x2 + x1 ^= tmp & x0 + x2 ^= tmp + h[ 2] = x0 + h[ 6] = x1 + h[10] = x2 + h[14] = x3 + + cc = C[(r << 2) + 3] + x0 = h[ 3] + x1 = h[ 7] + x2 = h[11] + x3 = h[15] + x3 = ^x3 + x0 ^= cc & ^x2 + tmp = cc ^ (x0 & x1) + x0 ^= x2 & x3 + x3 ^= ^x1 & x2 + x1 ^= x0 & x2 + x2 ^= x0 & ^x3 + x0 ^= x1 | x3 + x3 ^= x1 & x2 + x1 ^= tmp & x0 + x2 ^= tmp + h[ 3] = x0 + h[ 7] = x1 + h[11] = x2 + h[15] = x3 } func (d *digest) doL() { @@ -262,76 +262,76 @@ func (d *digest) doL() { var x0, x1, x2, x3, x4, x5, x6, x7 uint64 - x0 = h[ 0]; - x1 = h[ 4]; - x2 = h[ 8]; - x3 = h[12]; - x4 = h[ 2]; - x5 = h[ 6]; - x6 = h[10]; - x7 = h[14]; - x4 ^= x1; - x5 ^= x2; - x6 ^= x3 ^ x0; - x7 ^= x0; - x0 ^= x5; - x1 ^= x6; - x2 ^= x7 ^ x4; - x3 ^= x4; - h[ 0] = x0; - h[ 4] = x1; - h[ 8] = x2; - h[12] = x3; - h[ 2] = x4; - h[ 6] = x5; - h[10] = x6; - h[14] = x7; - - x0 = h[ 1]; - x1 = h[ 5]; - x2 = h[ 9]; - x3 = h[13]; - x4 = h[ 3]; - x5 = h[ 7]; - x6 = h[11]; - x7 = h[15]; - x4 ^= x1; - x5 ^= x2; - x6 ^= x3 ^ x0; - x7 ^= x0; - x0 ^= x5; - x1 ^= x6; - x2 ^= x7 ^ x4; - x3 ^= x4; - h[ 1] = x0; - h[ 5] = x1; - h[ 9] = x2; - h[13] = x3; - h[ 3] = x4; - h[ 7] = x5; - h[11] = x6; - h[15] = x7; + x0 = h[ 0] + x1 = h[ 4] + x2 = h[ 8] + x3 = h[12] + x4 = h[ 2] + x5 = h[ 6] + x6 = h[10] + x7 = h[14] + x4 ^= x1 + x5 ^= x2 + x6 ^= x3 ^ x0 + x7 ^= x0 + x0 ^= x5 + x1 ^= x6 + x2 ^= x7 ^ x4 + x3 ^= x4 + h[ 0] = x0 + h[ 4] = x1 + h[ 8] = x2 + h[12] = x3 + h[ 2] = x4 + h[ 6] = x5 + h[10] = x6 + h[14] = x7 + + x0 = h[ 1] + x1 = h[ 5] + x2 = h[ 9] + x3 = h[13] + x4 = h[ 3] + x5 = h[ 7] + x6 = h[11] + x7 = h[15] + x4 ^= x1 + x5 ^= x2 + x6 ^= x3 ^ x0 + x7 ^= x0 + x0 ^= x5 + x1 ^= x6 + x2 ^= x7 ^ x4 + x3 ^= x4 + h[ 1] = x0 + h[ 5] = x1 + h[ 9] = x2 + h[13] = x3 + h[ 3] = x4 + h[ 7] = x5 + h[11] = x6 + h[15] = x7 } func (d *digest) doWgen(c uint64, n int) { h := &d.s - h[ 2] = ((h[ 2] & c) << n) | ((h[ 2] >> n) & c); - h[ 3] = ((h[ 3] & c) << n) | ((h[ 3] >> n) & c); - h[ 6] = ((h[ 6] & c) << n) | ((h[ 6] >> n) & c); - h[ 7] = ((h[ 7] & c) << n) | ((h[ 7] >> n) & c); - h[10] = ((h[10] & c) << n) | ((h[10] >> n) & c); - h[11] = ((h[11] & c) << n) | ((h[11] >> n) & c); - h[14] = ((h[14] & c) << n) | ((h[14] >> n) & c); - h[15] = ((h[15] & c) << n) | ((h[15] >> n) & c); + h[ 2] = ((h[ 2] & c) << n) | ((h[ 2] >> n) & c) + h[ 3] = ((h[ 3] & c) << n) | ((h[ 3] >> n) & c) + h[ 6] = ((h[ 6] & c) << n) | ((h[ 6] >> n) & c) + h[ 7] = ((h[ 7] & c) << n) | ((h[ 7] >> n) & c) + h[10] = ((h[10] & c) << n) | ((h[10] >> n) & c) + h[11] = ((h[11] & c) << n) | ((h[11] >> n) & c) + h[14] = ((h[14] & c) << n) | ((h[14] >> n) & c) + h[15] = ((h[15] & c) << n) | ((h[15] >> n) & c) } func (d *digest) doW6() { h := &d.s var t uint64 - t = h[ 2]; h[ 2] = h[ 3]; h[ 3] = t; - t = h[ 6]; h[ 6] = h[ 7]; h[ 7] = t; - t = h[10]; h[10] = h[11]; h[11] = t; - t = h[14]; h[14] = h[15]; h[15] = t; + t = h[ 2]; h[ 2] = h[ 3]; h[ 3] = t + t = h[ 6]; h[ 6] = h[ 7]; h[ 7] = t + t = h[10]; h[10] = h[11]; h[11] = t + t = h[14]; h[14] = h[15]; h[15] = t } diff --git a/luffa/digest256.go b/luffa/digest256.go index 0b2f350..da4c7a8 100644 --- a/luffa/digest256.go +++ b/luffa/digest256.go @@ -41,30 +41,30 @@ func (d *digest256) Reset() { d.tmpBuf = [32]byte{} - d.V00 = IV_256[ 0]; - d.V01 = IV_256[ 1]; - d.V02 = IV_256[ 2]; - d.V03 = IV_256[ 3]; - d.V04 = IV_256[ 4]; - d.V05 = IV_256[ 5]; - d.V06 = IV_256[ 6]; - d.V07 = IV_256[ 7]; - d.V10 = IV_256[ 8]; - d.V11 = IV_256[ 9]; - d.V12 = IV_256[10]; - d.V13 = IV_256[11]; - d.V14 = IV_256[12]; - d.V15 = IV_256[13]; - d.V16 = IV_256[14]; - d.V17 = IV_256[15]; - d.V20 = IV_256[16]; - d.V21 = IV_256[17]; - d.V22 = IV_256[18]; - d.V23 = IV_256[19]; - d.V24 = IV_256[20]; - d.V25 = IV_256[21]; - d.V26 = IV_256[22]; - d.V27 = IV_256[23]; + d.V00 = IV_256[ 0] + d.V01 = IV_256[ 1] + d.V02 = IV_256[ 2] + d.V03 = IV_256[ 3] + d.V04 = IV_256[ 4] + d.V05 = IV_256[ 5] + d.V06 = IV_256[ 6] + d.V07 = IV_256[ 7] + d.V10 = IV_256[ 8] + d.V11 = IV_256[ 9] + d.V12 = IV_256[10] + d.V13 = IV_256[11] + d.V14 = IV_256[12] + d.V15 = IV_256[13] + d.V16 = IV_256[14] + d.V17 = IV_256[15] + d.V20 = IV_256[16] + d.V21 = IV_256[17] + d.V22 = IV_256[18] + d.V23 = IV_256[19] + d.V24 = IV_256[20] + d.V25 = IV_256[21] + d.V26 = IV_256[22] + d.V27 = IV_256[23] } func (d *digest256) Size() int { @@ -181,281 +181,281 @@ func (d *digest256) processBlock(data []byte) { V26 := d.V26 V27 := d.V27 - a0 = V00 ^ V10; - a1 = V01 ^ V11; - a2 = V02 ^ V12; - a3 = V03 ^ V13; - a4 = V04 ^ V14; - a5 = V05 ^ V15; - a6 = V06 ^ V16; - a7 = V07 ^ V17; - a0 = a0 ^ V20; - a1 = a1 ^ V21; - a2 = a2 ^ V22; - a3 = a3 ^ V23; - a4 = a4 ^ V24; - a5 = a5 ^ V25; - a6 = a6 ^ V26; - a7 = a7 ^ V27; - tmp = a7; - a7 = a6; - a6 = a5; - a5 = a4; - a4 = a3 ^ tmp; - a3 = a2 ^ tmp; - a2 = a1; - a1 = a0 ^ tmp; - a0 = tmp; - V00 = a0 ^ V00; - V01 = a1 ^ V01; - V02 = a2 ^ V02; - V03 = a3 ^ V03; - V04 = a4 ^ V04; - V05 = a5 ^ V05; - V06 = a6 ^ V06; - V07 = a7 ^ V07; - V00 = M0 ^ V00; - V01 = M1 ^ V01; - V02 = M2 ^ V02; - V03 = M3 ^ V03; - V04 = M4 ^ V04; - V05 = M5 ^ V05; - V06 = M6 ^ V06; - V07 = M7 ^ V07; - tmp = M7; - M7 = M6; - M6 = M5; - M5 = M4; - M4 = M3 ^ tmp; - M3 = M2 ^ tmp; - M2 = M1; - M1 = M0 ^ tmp; - M0 = tmp; - V10 = a0 ^ V10; - V11 = a1 ^ V11; - V12 = a2 ^ V12; - V13 = a3 ^ V13; - V14 = a4 ^ V14; - V15 = a5 ^ V15; - V16 = a6 ^ V16; - V17 = a7 ^ V17; - V10 = M0 ^ V10; - V11 = M1 ^ V11; - V12 = M2 ^ V12; - V13 = M3 ^ V13; - V14 = M4 ^ V14; - V15 = M5 ^ V15; - V16 = M6 ^ V16; - V17 = M7 ^ V17; - tmp = M7; - M7 = M6; - M6 = M5; - M5 = M4; - M4 = M3 ^ tmp; - M3 = M2 ^ tmp; - M2 = M1; - M1 = M0 ^ tmp; - M0 = tmp; - V20 = a0 ^ V20; - V21 = a1 ^ V21; - V22 = a2 ^ V22; - V23 = a3 ^ V23; - V24 = a4 ^ V24; - V25 = a5 ^ V25; - V26 = a6 ^ V26; - V27 = a7 ^ V27; - V20 = M0 ^ V20; - V21 = M1 ^ V21; - V22 = M2 ^ V22; - V23 = M3 ^ V23; - V24 = M4 ^ V24; - V25 = M5 ^ V25; - V26 = M6 ^ V26; - V27 = M7 ^ V27; - V14 = (V14 << 1) | (V14 >> 31); - V15 = (V15 << 1) | (V15 >> 31); - V16 = (V16 << 1) | (V16 >> 31); - V17 = (V17 << 1) | (V17 >> 31); - V24 = (V24 << 2) | (V24 >> 30); - V25 = (V25 << 2) | (V25 >> 30); - V26 = (V26 << 2) | (V26 >> 30); - V27 = (V27 << 2) | (V27 >> 30); + a0 = V00 ^ V10 + a1 = V01 ^ V11 + a2 = V02 ^ V12 + a3 = V03 ^ V13 + a4 = V04 ^ V14 + a5 = V05 ^ V15 + a6 = V06 ^ V16 + a7 = V07 ^ V17 + a0 = a0 ^ V20 + a1 = a1 ^ V21 + a2 = a2 ^ V22 + a3 = a3 ^ V23 + a4 = a4 ^ V24 + a5 = a5 ^ V25 + a6 = a6 ^ V26 + a7 = a7 ^ V27 + tmp = a7 + a7 = a6 + a6 = a5 + a5 = a4 + a4 = a3 ^ tmp + a3 = a2 ^ tmp + a2 = a1 + a1 = a0 ^ tmp + a0 = tmp + V00 = a0 ^ V00 + V01 = a1 ^ V01 + V02 = a2 ^ V02 + V03 = a3 ^ V03 + V04 = a4 ^ V04 + V05 = a5 ^ V05 + V06 = a6 ^ V06 + V07 = a7 ^ V07 + V00 = M0 ^ V00 + V01 = M1 ^ V01 + V02 = M2 ^ V02 + V03 = M3 ^ V03 + V04 = M4 ^ V04 + V05 = M5 ^ V05 + V06 = M6 ^ V06 + V07 = M7 ^ V07 + tmp = M7 + M7 = M6 + M6 = M5 + M5 = M4 + M4 = M3 ^ tmp + M3 = M2 ^ tmp + M2 = M1 + M1 = M0 ^ tmp + M0 = tmp + V10 = a0 ^ V10 + V11 = a1 ^ V11 + V12 = a2 ^ V12 + V13 = a3 ^ V13 + V14 = a4 ^ V14 + V15 = a5 ^ V15 + V16 = a6 ^ V16 + V17 = a7 ^ V17 + V10 = M0 ^ V10 + V11 = M1 ^ V11 + V12 = M2 ^ V12 + V13 = M3 ^ V13 + V14 = M4 ^ V14 + V15 = M5 ^ V15 + V16 = M6 ^ V16 + V17 = M7 ^ V17 + tmp = M7 + M7 = M6 + M6 = M5 + M5 = M4 + M4 = M3 ^ tmp + M3 = M2 ^ tmp + M2 = M1 + M1 = M0 ^ tmp + M0 = tmp + V20 = a0 ^ V20 + V21 = a1 ^ V21 + V22 = a2 ^ V22 + V23 = a3 ^ V23 + V24 = a4 ^ V24 + V25 = a5 ^ V25 + V26 = a6 ^ V26 + V27 = a7 ^ V27 + V20 = M0 ^ V20 + V21 = M1 ^ V21 + V22 = M2 ^ V22 + V23 = M3 ^ V23 + V24 = M4 ^ V24 + V25 = M5 ^ V25 + V26 = M6 ^ V26 + V27 = M7 ^ V27 + V14 = (V14 << 1) | (V14 >> 31) + V15 = (V15 << 1) | (V15 >> 31) + V16 = (V16 << 1) | (V16 >> 31) + V17 = (V17 << 1) | (V17 >> 31) + V24 = (V24 << 2) | (V24 >> 30) + V25 = (V25 << 2) | (V25 >> 30) + V26 = (V26 << 2) | (V26 >> 30) + V27 = (V27 << 2) | (V27 >> 30) for r := 0; r < 8; r++ { - tmp = V00; - V00 |= V01; - V02 ^= V03; - V01 = ^V01; - V00 ^= V03; - V03 &= tmp; - V01 ^= V03; - V03 ^= V02; - V02 &= V00; - V00 = ^V00; - V02 ^= V01; - V01 |= V03; - tmp ^= V01; - V03 ^= V02; - V02 &= V01; - V01 ^= V00; - V00 = tmp; - tmp = V05; - V05 |= V06; - V07 ^= V04; - V06 = ^V06; - V05 ^= V04; - V04 &= tmp; - V06 ^= V04; - V04 ^= V07; - V07 &= V05; - V05 = ^V05; - V07 ^= V06; - V06 |= V04; - tmp ^= V06; - V04 ^= V07; - V07 &= V06; - V06 ^= V05; - V05 = tmp; - V04 ^= V00; - V00 = ((V00 << 2) | (V00 >> 30)) ^ V04; - V04 = ((V04 << 14) | (V04 >> 18)) ^ V00; - V00 = ((V00 << 10) | (V00 >> 22)) ^ V04; - V04 = (V04 << 1) | (V04 >> 31); - V05 ^= V01; - V01 = ((V01 << 2) | (V01 >> 30)) ^ V05; - V05 = ((V05 << 14) | (V05 >> 18)) ^ V01; - V01 = ((V01 << 10) | (V01 >> 22)) ^ V05; - V05 = (V05 << 1) | (V05 >> 31); - V06 ^= V02; - V02 = ((V02 << 2) | (V02 >> 30)) ^ V06; - V06 = ((V06 << 14) | (V06 >> 18)) ^ V02; - V02 = ((V02 << 10) | (V02 >> 22)) ^ V06; - V06 = (V06 << 1) | (V06 >> 31); - V07 ^= V03; - V03 = ((V03 << 2) | (V03 >> 30)) ^ V07; - V07 = ((V07 << 14) | (V07 >> 18)) ^ V03; - V03 = ((V03 << 10) | (V03 >> 22)) ^ V07; - V07 = (V07 << 1) | (V07 >> 31); - V00 ^= RC00_256[r]; - V04 ^= RC04_256[r]; + tmp = V00 + V00 |= V01 + V02 ^= V03 + V01 = ^V01 + V00 ^= V03 + V03 &= tmp + V01 ^= V03 + V03 ^= V02 + V02 &= V00 + V00 = ^V00 + V02 ^= V01 + V01 |= V03 + tmp ^= V01 + V03 ^= V02 + V02 &= V01 + V01 ^= V00 + V00 = tmp + tmp = V05 + V05 |= V06 + V07 ^= V04 + V06 = ^V06 + V05 ^= V04 + V04 &= tmp + V06 ^= V04 + V04 ^= V07 + V07 &= V05 + V05 = ^V05 + V07 ^= V06 + V06 |= V04 + tmp ^= V06 + V04 ^= V07 + V07 &= V06 + V06 ^= V05 + V05 = tmp + V04 ^= V00 + V00 = ((V00 << 2) | (V00 >> 30)) ^ V04 + V04 = ((V04 << 14) | (V04 >> 18)) ^ V00 + V00 = ((V00 << 10) | (V00 >> 22)) ^ V04 + V04 = (V04 << 1) | (V04 >> 31) + V05 ^= V01 + V01 = ((V01 << 2) | (V01 >> 30)) ^ V05 + V05 = ((V05 << 14) | (V05 >> 18)) ^ V01 + V01 = ((V01 << 10) | (V01 >> 22)) ^ V05 + V05 = (V05 << 1) | (V05 >> 31) + V06 ^= V02 + V02 = ((V02 << 2) | (V02 >> 30)) ^ V06 + V06 = ((V06 << 14) | (V06 >> 18)) ^ V02 + V02 = ((V02 << 10) | (V02 >> 22)) ^ V06 + V06 = (V06 << 1) | (V06 >> 31) + V07 ^= V03 + V03 = ((V03 << 2) | (V03 >> 30)) ^ V07 + V07 = ((V07 << 14) | (V07 >> 18)) ^ V03 + V03 = ((V03 << 10) | (V03 >> 22)) ^ V07 + V07 = (V07 << 1) | (V07 >> 31) + V00 ^= RC00_256[r] + V04 ^= RC04_256[r] } for r := 0; r < 8; r++ { - tmp = V10; - V10 |= V11; - V12 ^= V13; - V11 = ^V11; - V10 ^= V13; - V13 &= tmp; - V11 ^= V13; - V13 ^= V12; - V12 &= V10; - V10 = ^V10; - V12 ^= V11; - V11 |= V13; - tmp ^= V11; - V13 ^= V12; - V12 &= V11; - V11 ^= V10; - V10 = tmp; - tmp = V15; - V15 |= V16; - V17 ^= V14; - V16 = ^V16; - V15 ^= V14; - V14 &= tmp; - V16 ^= V14; - V14 ^= V17; - V17 &= V15; - V15 = ^V15; - V17 ^= V16; - V16 |= V14; - tmp ^= V16; - V14 ^= V17; - V17 &= V16; - V16 ^= V15; - V15 = tmp; - V14 ^= V10; - V10 = ((V10 << 2) | (V10 >> 30)) ^ V14; - V14 = ((V14 << 14) | (V14 >> 18)) ^ V10; - V10 = ((V10 << 10) | (V10 >> 22)) ^ V14; - V14 = (V14 << 1) | (V14 >> 31); - V15 ^= V11; - V11 = ((V11 << 2) | (V11 >> 30)) ^ V15; - V15 = ((V15 << 14) | (V15 >> 18)) ^ V11; - V11 = ((V11 << 10) | (V11 >> 22)) ^ V15; - V15 = (V15 << 1) | (V15 >> 31); - V16 ^= V12; - V12 = ((V12 << 2) | (V12 >> 30)) ^ V16; - V16 = ((V16 << 14) | (V16 >> 18)) ^ V12; - V12 = ((V12 << 10) | (V12 >> 22)) ^ V16; - V16 = (V16 << 1) | (V16 >> 31); - V17 ^= V13; - V13 = ((V13 << 2) | (V13 >> 30)) ^ V17; - V17 = ((V17 << 14) | (V17 >> 18)) ^ V13; - V13 = ((V13 << 10) | (V13 >> 22)) ^ V17; - V17 = (V17 << 1) | (V17 >> 31); - V10 ^= RC10_256[r]; - V14 ^= RC14_256[r]; + tmp = V10 + V10 |= V11 + V12 ^= V13 + V11 = ^V11 + V10 ^= V13 + V13 &= tmp + V11 ^= V13 + V13 ^= V12 + V12 &= V10 + V10 = ^V10 + V12 ^= V11 + V11 |= V13 + tmp ^= V11 + V13 ^= V12 + V12 &= V11 + V11 ^= V10 + V10 = tmp + tmp = V15 + V15 |= V16 + V17 ^= V14 + V16 = ^V16 + V15 ^= V14 + V14 &= tmp + V16 ^= V14 + V14 ^= V17 + V17 &= V15 + V15 = ^V15 + V17 ^= V16 + V16 |= V14 + tmp ^= V16 + V14 ^= V17 + V17 &= V16 + V16 ^= V15 + V15 = tmp + V14 ^= V10 + V10 = ((V10 << 2) | (V10 >> 30)) ^ V14 + V14 = ((V14 << 14) | (V14 >> 18)) ^ V10 + V10 = ((V10 << 10) | (V10 >> 22)) ^ V14 + V14 = (V14 << 1) | (V14 >> 31) + V15 ^= V11 + V11 = ((V11 << 2) | (V11 >> 30)) ^ V15 + V15 = ((V15 << 14) | (V15 >> 18)) ^ V11 + V11 = ((V11 << 10) | (V11 >> 22)) ^ V15 + V15 = (V15 << 1) | (V15 >> 31) + V16 ^= V12 + V12 = ((V12 << 2) | (V12 >> 30)) ^ V16 + V16 = ((V16 << 14) | (V16 >> 18)) ^ V12 + V12 = ((V12 << 10) | (V12 >> 22)) ^ V16 + V16 = (V16 << 1) | (V16 >> 31) + V17 ^= V13 + V13 = ((V13 << 2) | (V13 >> 30)) ^ V17 + V17 = ((V17 << 14) | (V17 >> 18)) ^ V13 + V13 = ((V13 << 10) | (V13 >> 22)) ^ V17 + V17 = (V17 << 1) | (V17 >> 31) + V10 ^= RC10_256[r] + V14 ^= RC14_256[r] } for r := 0; r < 8; r++ { - tmp = V20; - V20 |= V21; - V22 ^= V23; - V21 = ^V21; - V20 ^= V23; - V23 &= tmp; - V21 ^= V23; - V23 ^= V22; - V22 &= V20; - V20 = ^V20; - V22 ^= V21; - V21 |= V23; - tmp ^= V21; - V23 ^= V22; - V22 &= V21; - V21 ^= V20; - V20 = tmp; - tmp = V25; - V25 |= V26; - V27 ^= V24; - V26 = ^V26; - V25 ^= V24; - V24 &= tmp; - V26 ^= V24; - V24 ^= V27; - V27 &= V25; - V25 = ^V25; - V27 ^= V26; - V26 |= V24; - tmp ^= V26; - V24 ^= V27; - V27 &= V26; - V26 ^= V25; - V25 = tmp; - V24 ^= V20; - V20 = ((V20 << 2) | (V20 >> 30)) ^ V24; - V24 = ((V24 << 14) | (V24 >> 18)) ^ V20; - V20 = ((V20 << 10) | (V20 >> 22)) ^ V24; - V24 = (V24 << 1) | (V24 >> 31); - V25 ^= V21; - V21 = ((V21 << 2) | (V21 >> 30)) ^ V25; - V25 = ((V25 << 14) | (V25 >> 18)) ^ V21; - V21 = ((V21 << 10) | (V21 >> 22)) ^ V25; - V25 = (V25 << 1) | (V25 >> 31); - V26 ^= V22; - V22 = ((V22 << 2) | (V22 >> 30)) ^ V26; - V26 = ((V26 << 14) | (V26 >> 18)) ^ V22; - V22 = ((V22 << 10) | (V22 >> 22)) ^ V26; - V26 = (V26 << 1) | (V26 >> 31); - V27 ^= V23; - V23 = ((V23 << 2) | (V23 >> 30)) ^ V27; - V27 = ((V27 << 14) | (V27 >> 18)) ^ V23; - V23 = ((V23 << 10) | (V23 >> 22)) ^ V27; - V27 = (V27 << 1) | (V27 >> 31); - V20 ^= RC20_256[r]; - V24 ^= RC24_256[r]; + tmp = V20 + V20 |= V21 + V22 ^= V23 + V21 = ^V21 + V20 ^= V23 + V23 &= tmp + V21 ^= V23 + V23 ^= V22 + V22 &= V20 + V20 = ^V20 + V22 ^= V21 + V21 |= V23 + tmp ^= V21 + V23 ^= V22 + V22 &= V21 + V21 ^= V20 + V20 = tmp + tmp = V25 + V25 |= V26 + V27 ^= V24 + V26 = ^V26 + V25 ^= V24 + V24 &= tmp + V26 ^= V24 + V24 ^= V27 + V27 &= V25 + V25 = ^V25 + V27 ^= V26 + V26 |= V24 + tmp ^= V26 + V24 ^= V27 + V27 &= V26 + V26 ^= V25 + V25 = tmp + V24 ^= V20 + V20 = ((V20 << 2) | (V20 >> 30)) ^ V24 + V24 = ((V24 << 14) | (V24 >> 18)) ^ V20 + V20 = ((V20 << 10) | (V20 >> 22)) ^ V24 + V24 = (V24 << 1) | (V24 >> 31) + V25 ^= V21 + V21 = ((V21 << 2) | (V21 >> 30)) ^ V25 + V25 = ((V25 << 14) | (V25 >> 18)) ^ V21 + V21 = ((V21 << 10) | (V21 >> 22)) ^ V25 + V25 = (V25 << 1) | (V25 >> 31) + V26 ^= V22 + V22 = ((V22 << 2) | (V22 >> 30)) ^ V26 + V26 = ((V26 << 14) | (V26 >> 18)) ^ V22 + V22 = ((V22 << 10) | (V22 >> 22)) ^ V26 + V26 = (V26 << 1) | (V26 >> 31) + V27 ^= V23 + V23 = ((V23 << 2) | (V23 >> 30)) ^ V27 + V27 = ((V27 << 14) | (V27 >> 18)) ^ V23 + V23 = ((V23 << 10) | (V23 >> 22)) ^ V27 + V27 = (V27 << 1) | (V27 >> 31) + V20 ^= RC20_256[r] + V24 ^= RC24_256[r] } d.V00 = V00 diff --git a/luffa/digest384.go b/luffa/digest384.go index 86a0d5c..49c96f4 100644 --- a/luffa/digest384.go +++ b/luffa/digest384.go @@ -36,38 +36,38 @@ func (d *digest384) Reset() { d.tmpBuf = [32]byte{} - d.V00 = IV_384[ 0]; - d.V01 = IV_384[ 1]; - d.V02 = IV_384[ 2]; - d.V03 = IV_384[ 3]; - d.V04 = IV_384[ 4]; - d.V05 = IV_384[ 5]; - d.V06 = IV_384[ 6]; - d.V07 = IV_384[ 7]; - d.V10 = IV_384[ 8]; - d.V11 = IV_384[ 9]; - d.V12 = IV_384[10]; - d.V13 = IV_384[11]; - d.V14 = IV_384[12]; - d.V15 = IV_384[13]; - d.V16 = IV_384[14]; - d.V17 = IV_384[15]; - d.V20 = IV_384[16]; - d.V21 = IV_384[17]; - d.V22 = IV_384[18]; - d.V23 = IV_384[19]; - d.V24 = IV_384[20]; - d.V25 = IV_384[21]; - d.V26 = IV_384[22]; - d.V27 = IV_384[23]; - d.V30 = IV_384[24]; - d.V31 = IV_384[25]; - d.V32 = IV_384[26]; - d.V33 = IV_384[27]; - d.V34 = IV_384[28]; - d.V35 = IV_384[29]; - d.V36 = IV_384[30]; - d.V37 = IV_384[31]; + d.V00 = IV_384[ 0] + d.V01 = IV_384[ 1] + d.V02 = IV_384[ 2] + d.V03 = IV_384[ 3] + d.V04 = IV_384[ 4] + d.V05 = IV_384[ 5] + d.V06 = IV_384[ 6] + d.V07 = IV_384[ 7] + d.V10 = IV_384[ 8] + d.V11 = IV_384[ 9] + d.V12 = IV_384[10] + d.V13 = IV_384[11] + d.V14 = IV_384[12] + d.V15 = IV_384[13] + d.V16 = IV_384[14] + d.V17 = IV_384[15] + d.V20 = IV_384[16] + d.V21 = IV_384[17] + d.V22 = IV_384[18] + d.V23 = IV_384[19] + d.V24 = IV_384[20] + d.V25 = IV_384[21] + d.V26 = IV_384[22] + d.V27 = IV_384[23] + d.V30 = IV_384[24] + d.V31 = IV_384[25] + d.V32 = IV_384[26] + d.V33 = IV_384[27] + d.V34 = IV_384[28] + d.V35 = IV_384[29] + d.V36 = IV_384[30] + d.V37 = IV_384[31] } func (d *digest384) Size() int { @@ -193,445 +193,445 @@ func (d *digest384) processBlock(data []byte) { V36 := d.V36 V37 := d.V37 - a0 = V00 ^ V10; - a1 = V01 ^ V11; - a2 = V02 ^ V12; - a3 = V03 ^ V13; - a4 = V04 ^ V14; - a5 = V05 ^ V15; - a6 = V06 ^ V16; - a7 = V07 ^ V17; - b0 = V20 ^ V30; - b1 = V21 ^ V31; - b2 = V22 ^ V32; - b3 = V23 ^ V33; - b4 = V24 ^ V34; - b5 = V25 ^ V35; - b6 = V26 ^ V36; - b7 = V27 ^ V37; - a0 = a0 ^ b0; - a1 = a1 ^ b1; - a2 = a2 ^ b2; - a3 = a3 ^ b3; - a4 = a4 ^ b4; - a5 = a5 ^ b5; - a6 = a6 ^ b6; - a7 = a7 ^ b7; - tmp = a7; - a7 = a6; - a6 = a5; - a5 = a4; - a4 = a3 ^ tmp; - a3 = a2 ^ tmp; - a2 = a1; - a1 = a0 ^ tmp; - a0 = tmp; - V00 = a0 ^ V00; - V01 = a1 ^ V01; - V02 = a2 ^ V02; - V03 = a3 ^ V03; - V04 = a4 ^ V04; - V05 = a5 ^ V05; - V06 = a6 ^ V06; - V07 = a7 ^ V07; - V10 = a0 ^ V10; - V11 = a1 ^ V11; - V12 = a2 ^ V12; - V13 = a3 ^ V13; - V14 = a4 ^ V14; - V15 = a5 ^ V15; - V16 = a6 ^ V16; - V17 = a7 ^ V17; - V20 = a0 ^ V20; - V21 = a1 ^ V21; - V22 = a2 ^ V22; - V23 = a3 ^ V23; - V24 = a4 ^ V24; - V25 = a5 ^ V25; - V26 = a6 ^ V26; - V27 = a7 ^ V27; - V30 = a0 ^ V30; - V31 = a1 ^ V31; - V32 = a2 ^ V32; - V33 = a3 ^ V33; - V34 = a4 ^ V34; - V35 = a5 ^ V35; - V36 = a6 ^ V36; - V37 = a7 ^ V37; - tmp = V07; - b7 = V06; - b6 = V05; - b5 = V04; - b4 = V03 ^ tmp; - b3 = V02 ^ tmp; - b2 = V01; - b1 = V00 ^ tmp; - b0 = tmp; - b0 = b0 ^ V30; - b1 = b1 ^ V31; - b2 = b2 ^ V32; - b3 = b3 ^ V33; - b4 = b4 ^ V34; - b5 = b5 ^ V35; - b6 = b6 ^ V36; - b7 = b7 ^ V37; - tmp = V37; - V37 = V36; - V36 = V35; - V35 = V34; - V34 = V33 ^ tmp; - V33 = V32 ^ tmp; - V32 = V31; - V31 = V30 ^ tmp; - V30 = tmp; - V30 = V30 ^ V20; - V31 = V31 ^ V21; - V32 = V32 ^ V22; - V33 = V33 ^ V23; - V34 = V34 ^ V24; - V35 = V35 ^ V25; - V36 = V36 ^ V26; - V37 = V37 ^ V27; - tmp = V27; - V27 = V26; - V26 = V25; - V25 = V24; - V24 = V23 ^ tmp; - V23 = V22 ^ tmp; - V22 = V21; - V21 = V20 ^ tmp; - V20 = tmp; - V20 = V20 ^ V10; - V21 = V21 ^ V11; - V22 = V22 ^ V12; - V23 = V23 ^ V13; - V24 = V24 ^ V14; - V25 = V25 ^ V15; - V26 = V26 ^ V16; - V27 = V27 ^ V17; - tmp = V17; - V17 = V16; - V16 = V15; - V15 = V14; - V14 = V13 ^ tmp; - V13 = V12 ^ tmp; - V12 = V11; - V11 = V10 ^ tmp; - V10 = tmp; - V10 = V10 ^ V00; - V11 = V11 ^ V01; - V12 = V12 ^ V02; - V13 = V13 ^ V03; - V14 = V14 ^ V04; - V15 = V15 ^ V05; - V16 = V16 ^ V06; - V17 = V17 ^ V07; - V00 = b0 ^ M0; - V01 = b1 ^ M1; - V02 = b2 ^ M2; - V03 = b3 ^ M3; - V04 = b4 ^ M4; - V05 = b5 ^ M5; - V06 = b6 ^ M6; - V07 = b7 ^ M7; - tmp = M7; - M7 = M6; - M6 = M5; - M5 = M4; - M4 = M3 ^ tmp; - M3 = M2 ^ tmp; - M2 = M1; - M1 = M0 ^ tmp; - M0 = tmp; - V10 = V10 ^ M0; - V11 = V11 ^ M1; - V12 = V12 ^ M2; - V13 = V13 ^ M3; - V14 = V14 ^ M4; - V15 = V15 ^ M5; - V16 = V16 ^ M6; - V17 = V17 ^ M7; - tmp = M7; - M7 = M6; - M6 = M5; - M5 = M4; - M4 = M3 ^ tmp; - M3 = M2 ^ tmp; - M2 = M1; - M1 = M0 ^ tmp; - M0 = tmp; - V20 = V20 ^ M0; - V21 = V21 ^ M1; - V22 = V22 ^ M2; - V23 = V23 ^ M3; - V24 = V24 ^ M4; - V25 = V25 ^ M5; - V26 = V26 ^ M6; - V27 = V27 ^ M7; - tmp = M7; - M7 = M6; - M6 = M5; - M5 = M4; - M4 = M3 ^ tmp; - M3 = M2 ^ tmp; - M2 = M1; - M1 = M0 ^ tmp; - M0 = tmp; - V30 = V30 ^ M0; - V31 = V31 ^ M1; - V32 = V32 ^ M2; - V33 = V33 ^ M3; - V34 = V34 ^ M4; - V35 = V35 ^ M5; - V36 = V36 ^ M6; - V37 = V37 ^ M7; - V14 = (V14 << 1) | (V14 >> 31); - V15 = (V15 << 1) | (V15 >> 31); - V16 = (V16 << 1) | (V16 >> 31); - V17 = (V17 << 1) | (V17 >> 31); - V24 = (V24 << 2) | (V24 >> 30); - V25 = (V25 << 2) | (V25 >> 30); - V26 = (V26 << 2) | (V26 >> 30); - V27 = (V27 << 2) | (V27 >> 30); - V34 = (V34 << 3) | (V34 >> 29); - V35 = (V35 << 3) | (V35 >> 29); - V36 = (V36 << 3) | (V36 >> 29); - V37 = (V37 << 3) | (V37 >> 29); + a0 = V00 ^ V10 + a1 = V01 ^ V11 + a2 = V02 ^ V12 + a3 = V03 ^ V13 + a4 = V04 ^ V14 + a5 = V05 ^ V15 + a6 = V06 ^ V16 + a7 = V07 ^ V17 + b0 = V20 ^ V30 + b1 = V21 ^ V31 + b2 = V22 ^ V32 + b3 = V23 ^ V33 + b4 = V24 ^ V34 + b5 = V25 ^ V35 + b6 = V26 ^ V36 + b7 = V27 ^ V37 + a0 = a0 ^ b0 + a1 = a1 ^ b1 + a2 = a2 ^ b2 + a3 = a3 ^ b3 + a4 = a4 ^ b4 + a5 = a5 ^ b5 + a6 = a6 ^ b6 + a7 = a7 ^ b7 + tmp = a7 + a7 = a6 + a6 = a5 + a5 = a4 + a4 = a3 ^ tmp + a3 = a2 ^ tmp + a2 = a1 + a1 = a0 ^ tmp + a0 = tmp + V00 = a0 ^ V00 + V01 = a1 ^ V01 + V02 = a2 ^ V02 + V03 = a3 ^ V03 + V04 = a4 ^ V04 + V05 = a5 ^ V05 + V06 = a6 ^ V06 + V07 = a7 ^ V07 + V10 = a0 ^ V10 + V11 = a1 ^ V11 + V12 = a2 ^ V12 + V13 = a3 ^ V13 + V14 = a4 ^ V14 + V15 = a5 ^ V15 + V16 = a6 ^ V16 + V17 = a7 ^ V17 + V20 = a0 ^ V20 + V21 = a1 ^ V21 + V22 = a2 ^ V22 + V23 = a3 ^ V23 + V24 = a4 ^ V24 + V25 = a5 ^ V25 + V26 = a6 ^ V26 + V27 = a7 ^ V27 + V30 = a0 ^ V30 + V31 = a1 ^ V31 + V32 = a2 ^ V32 + V33 = a3 ^ V33 + V34 = a4 ^ V34 + V35 = a5 ^ V35 + V36 = a6 ^ V36 + V37 = a7 ^ V37 + tmp = V07 + b7 = V06 + b6 = V05 + b5 = V04 + b4 = V03 ^ tmp + b3 = V02 ^ tmp + b2 = V01 + b1 = V00 ^ tmp + b0 = tmp + b0 = b0 ^ V30 + b1 = b1 ^ V31 + b2 = b2 ^ V32 + b3 = b3 ^ V33 + b4 = b4 ^ V34 + b5 = b5 ^ V35 + b6 = b6 ^ V36 + b7 = b7 ^ V37 + tmp = V37 + V37 = V36 + V36 = V35 + V35 = V34 + V34 = V33 ^ tmp + V33 = V32 ^ tmp + V32 = V31 + V31 = V30 ^ tmp + V30 = tmp + V30 = V30 ^ V20 + V31 = V31 ^ V21 + V32 = V32 ^ V22 + V33 = V33 ^ V23 + V34 = V34 ^ V24 + V35 = V35 ^ V25 + V36 = V36 ^ V26 + V37 = V37 ^ V27 + tmp = V27 + V27 = V26 + V26 = V25 + V25 = V24 + V24 = V23 ^ tmp + V23 = V22 ^ tmp + V22 = V21 + V21 = V20 ^ tmp + V20 = tmp + V20 = V20 ^ V10 + V21 = V21 ^ V11 + V22 = V22 ^ V12 + V23 = V23 ^ V13 + V24 = V24 ^ V14 + V25 = V25 ^ V15 + V26 = V26 ^ V16 + V27 = V27 ^ V17 + tmp = V17 + V17 = V16 + V16 = V15 + V15 = V14 + V14 = V13 ^ tmp + V13 = V12 ^ tmp + V12 = V11 + V11 = V10 ^ tmp + V10 = tmp + V10 = V10 ^ V00 + V11 = V11 ^ V01 + V12 = V12 ^ V02 + V13 = V13 ^ V03 + V14 = V14 ^ V04 + V15 = V15 ^ V05 + V16 = V16 ^ V06 + V17 = V17 ^ V07 + V00 = b0 ^ M0 + V01 = b1 ^ M1 + V02 = b2 ^ M2 + V03 = b3 ^ M3 + V04 = b4 ^ M4 + V05 = b5 ^ M5 + V06 = b6 ^ M6 + V07 = b7 ^ M7 + tmp = M7 + M7 = M6 + M6 = M5 + M5 = M4 + M4 = M3 ^ tmp + M3 = M2 ^ tmp + M2 = M1 + M1 = M0 ^ tmp + M0 = tmp + V10 = V10 ^ M0 + V11 = V11 ^ M1 + V12 = V12 ^ M2 + V13 = V13 ^ M3 + V14 = V14 ^ M4 + V15 = V15 ^ M5 + V16 = V16 ^ M6 + V17 = V17 ^ M7 + tmp = M7 + M7 = M6 + M6 = M5 + M5 = M4 + M4 = M3 ^ tmp + M3 = M2 ^ tmp + M2 = M1 + M1 = M0 ^ tmp + M0 = tmp + V20 = V20 ^ M0 + V21 = V21 ^ M1 + V22 = V22 ^ M2 + V23 = V23 ^ M3 + V24 = V24 ^ M4 + V25 = V25 ^ M5 + V26 = V26 ^ M6 + V27 = V27 ^ M7 + tmp = M7 + M7 = M6 + M6 = M5 + M5 = M4 + M4 = M3 ^ tmp + M3 = M2 ^ tmp + M2 = M1 + M1 = M0 ^ tmp + M0 = tmp + V30 = V30 ^ M0 + V31 = V31 ^ M1 + V32 = V32 ^ M2 + V33 = V33 ^ M3 + V34 = V34 ^ M4 + V35 = V35 ^ M5 + V36 = V36 ^ M6 + V37 = V37 ^ M7 + V14 = (V14 << 1) | (V14 >> 31) + V15 = (V15 << 1) | (V15 >> 31) + V16 = (V16 << 1) | (V16 >> 31) + V17 = (V17 << 1) | (V17 >> 31) + V24 = (V24 << 2) | (V24 >> 30) + V25 = (V25 << 2) | (V25 >> 30) + V26 = (V26 << 2) | (V26 >> 30) + V27 = (V27 << 2) | (V27 >> 30) + V34 = (V34 << 3) | (V34 >> 29) + V35 = (V35 << 3) | (V35 >> 29) + V36 = (V36 << 3) | (V36 >> 29) + V37 = (V37 << 3) | (V37 >> 29) for r := 0; r < 8; r++ { - tmp = V00; - V00 |= V01; - V02 ^= V03; - V01 = ^V01; - V00 ^= V03; - V03 &= tmp; - V01 ^= V03; - V03 ^= V02; - V02 &= V00; - V00 = ^V00; - V02 ^= V01; - V01 |= V03; - tmp ^= V01; - V03 ^= V02; - V02 &= V01; - V01 ^= V00; - V00 = tmp; - tmp = V05; - V05 |= V06; - V07 ^= V04; - V06 = ^V06; - V05 ^= V04; - V04 &= tmp; - V06 ^= V04; - V04 ^= V07; - V07 &= V05; - V05 = ^V05; - V07 ^= V06; - V06 |= V04; - tmp ^= V06; - V04 ^= V07; - V07 &= V06; - V06 ^= V05; - V05 = tmp; - V04 ^= V00; - V00 = ((V00 << 2) | (V00 >> 30)) ^ V04; - V04 = ((V04 << 14) | (V04 >> 18)) ^ V00; - V00 = ((V00 << 10) | (V00 >> 22)) ^ V04; - V04 = (V04 << 1) | (V04 >> 31); - V05 ^= V01; - V01 = ((V01 << 2) | (V01 >> 30)) ^ V05; - V05 = ((V05 << 14) | (V05 >> 18)) ^ V01; - V01 = ((V01 << 10) | (V01 >> 22)) ^ V05; - V05 = (V05 << 1) | (V05 >> 31); - V06 ^= V02; - V02 = ((V02 << 2) | (V02 >> 30)) ^ V06; - V06 = ((V06 << 14) | (V06 >> 18)) ^ V02; - V02 = ((V02 << 10) | (V02 >> 22)) ^ V06; - V06 = (V06 << 1) | (V06 >> 31); - V07 ^= V03; - V03 = ((V03 << 2) | (V03 >> 30)) ^ V07; - V07 = ((V07 << 14) | (V07 >> 18)) ^ V03; - V03 = ((V03 << 10) | (V03 >> 22)) ^ V07; - V07 = (V07 << 1) | (V07 >> 31); - V00 ^= RC00_384[r]; - V04 ^= RC04_384[r]; + tmp = V00 + V00 |= V01 + V02 ^= V03 + V01 = ^V01 + V00 ^= V03 + V03 &= tmp + V01 ^= V03 + V03 ^= V02 + V02 &= V00 + V00 = ^V00 + V02 ^= V01 + V01 |= V03 + tmp ^= V01 + V03 ^= V02 + V02 &= V01 + V01 ^= V00 + V00 = tmp + tmp = V05 + V05 |= V06 + V07 ^= V04 + V06 = ^V06 + V05 ^= V04 + V04 &= tmp + V06 ^= V04 + V04 ^= V07 + V07 &= V05 + V05 = ^V05 + V07 ^= V06 + V06 |= V04 + tmp ^= V06 + V04 ^= V07 + V07 &= V06 + V06 ^= V05 + V05 = tmp + V04 ^= V00 + V00 = ((V00 << 2) | (V00 >> 30)) ^ V04 + V04 = ((V04 << 14) | (V04 >> 18)) ^ V00 + V00 = ((V00 << 10) | (V00 >> 22)) ^ V04 + V04 = (V04 << 1) | (V04 >> 31) + V05 ^= V01 + V01 = ((V01 << 2) | (V01 >> 30)) ^ V05 + V05 = ((V05 << 14) | (V05 >> 18)) ^ V01 + V01 = ((V01 << 10) | (V01 >> 22)) ^ V05 + V05 = (V05 << 1) | (V05 >> 31) + V06 ^= V02 + V02 = ((V02 << 2) | (V02 >> 30)) ^ V06 + V06 = ((V06 << 14) | (V06 >> 18)) ^ V02 + V02 = ((V02 << 10) | (V02 >> 22)) ^ V06 + V06 = (V06 << 1) | (V06 >> 31) + V07 ^= V03 + V03 = ((V03 << 2) | (V03 >> 30)) ^ V07 + V07 = ((V07 << 14) | (V07 >> 18)) ^ V03 + V03 = ((V03 << 10) | (V03 >> 22)) ^ V07 + V07 = (V07 << 1) | (V07 >> 31) + V00 ^= RC00_384[r] + V04 ^= RC04_384[r] } for r := 0; r < 8; r++ { - tmp = V10; - V10 |= V11; - V12 ^= V13; - V11 = ^V11; - V10 ^= V13; - V13 &= tmp; - V11 ^= V13; - V13 ^= V12; - V12 &= V10; - V10 = ^V10; - V12 ^= V11; - V11 |= V13; - tmp ^= V11; - V13 ^= V12; - V12 &= V11; - V11 ^= V10; - V10 = tmp; - tmp = V15; - V15 |= V16; - V17 ^= V14; - V16 = ^V16; - V15 ^= V14; - V14 &= tmp; - V16 ^= V14; - V14 ^= V17; - V17 &= V15; - V15 = ^V15; - V17 ^= V16; - V16 |= V14; - tmp ^= V16; - V14 ^= V17; - V17 &= V16; - V16 ^= V15; - V15 = tmp; - V14 ^= V10; - V10 = ((V10 << 2) | (V10 >> 30)) ^ V14; - V14 = ((V14 << 14) | (V14 >> 18)) ^ V10; - V10 = ((V10 << 10) | (V10 >> 22)) ^ V14; - V14 = (V14 << 1) | (V14 >> 31); - V15 ^= V11; - V11 = ((V11 << 2) | (V11 >> 30)) ^ V15; - V15 = ((V15 << 14) | (V15 >> 18)) ^ V11; - V11 = ((V11 << 10) | (V11 >> 22)) ^ V15; - V15 = (V15 << 1) | (V15 >> 31); - V16 ^= V12; - V12 = ((V12 << 2) | (V12 >> 30)) ^ V16; - V16 = ((V16 << 14) | (V16 >> 18)) ^ V12; - V12 = ((V12 << 10) | (V12 >> 22)) ^ V16; - V16 = (V16 << 1) | (V16 >> 31); - V17 ^= V13; - V13 = ((V13 << 2) | (V13 >> 30)) ^ V17; - V17 = ((V17 << 14) | (V17 >> 18)) ^ V13; - V13 = ((V13 << 10) | (V13 >> 22)) ^ V17; - V17 = (V17 << 1) | (V17 >> 31); - V10 ^= RC10_384[r]; - V14 ^= RC14_384[r]; + tmp = V10 + V10 |= V11 + V12 ^= V13 + V11 = ^V11 + V10 ^= V13 + V13 &= tmp + V11 ^= V13 + V13 ^= V12 + V12 &= V10 + V10 = ^V10 + V12 ^= V11 + V11 |= V13 + tmp ^= V11 + V13 ^= V12 + V12 &= V11 + V11 ^= V10 + V10 = tmp + tmp = V15 + V15 |= V16 + V17 ^= V14 + V16 = ^V16 + V15 ^= V14 + V14 &= tmp + V16 ^= V14 + V14 ^= V17 + V17 &= V15 + V15 = ^V15 + V17 ^= V16 + V16 |= V14 + tmp ^= V16 + V14 ^= V17 + V17 &= V16 + V16 ^= V15 + V15 = tmp + V14 ^= V10 + V10 = ((V10 << 2) | (V10 >> 30)) ^ V14 + V14 = ((V14 << 14) | (V14 >> 18)) ^ V10 + V10 = ((V10 << 10) | (V10 >> 22)) ^ V14 + V14 = (V14 << 1) | (V14 >> 31) + V15 ^= V11 + V11 = ((V11 << 2) | (V11 >> 30)) ^ V15 + V15 = ((V15 << 14) | (V15 >> 18)) ^ V11 + V11 = ((V11 << 10) | (V11 >> 22)) ^ V15 + V15 = (V15 << 1) | (V15 >> 31) + V16 ^= V12 + V12 = ((V12 << 2) | (V12 >> 30)) ^ V16 + V16 = ((V16 << 14) | (V16 >> 18)) ^ V12 + V12 = ((V12 << 10) | (V12 >> 22)) ^ V16 + V16 = (V16 << 1) | (V16 >> 31) + V17 ^= V13 + V13 = ((V13 << 2) | (V13 >> 30)) ^ V17 + V17 = ((V17 << 14) | (V17 >> 18)) ^ V13 + V13 = ((V13 << 10) | (V13 >> 22)) ^ V17 + V17 = (V17 << 1) | (V17 >> 31) + V10 ^= RC10_384[r] + V14 ^= RC14_384[r] } for r := 0; r < 8; r++ { - tmp = V20; - V20 |= V21; - V22 ^= V23; - V21 = ^V21; - V20 ^= V23; - V23 &= tmp; - V21 ^= V23; - V23 ^= V22; - V22 &= V20; - V20 = ^V20; - V22 ^= V21; - V21 |= V23; - tmp ^= V21; - V23 ^= V22; - V22 &= V21; - V21 ^= V20; - V20 = tmp; - tmp = V25; - V25 |= V26; - V27 ^= V24; - V26 = ^V26; - V25 ^= V24; - V24 &= tmp; - V26 ^= V24; - V24 ^= V27; - V27 &= V25; - V25 = ^V25; - V27 ^= V26; - V26 |= V24; - tmp ^= V26; - V24 ^= V27; - V27 &= V26; - V26 ^= V25; - V25 = tmp; - V24 ^= V20; - V20 = ((V20 << 2) | (V20 >> 30)) ^ V24; - V24 = ((V24 << 14) | (V24 >> 18)) ^ V20; - V20 = ((V20 << 10) | (V20 >> 22)) ^ V24; - V24 = (V24 << 1) | (V24 >> 31); - V25 ^= V21; - V21 = ((V21 << 2) | (V21 >> 30)) ^ V25; - V25 = ((V25 << 14) | (V25 >> 18)) ^ V21; - V21 = ((V21 << 10) | (V21 >> 22)) ^ V25; - V25 = (V25 << 1) | (V25 >> 31); - V26 ^= V22; - V22 = ((V22 << 2) | (V22 >> 30)) ^ V26; - V26 = ((V26 << 14) | (V26 >> 18)) ^ V22; - V22 = ((V22 << 10) | (V22 >> 22)) ^ V26; - V26 = (V26 << 1) | (V26 >> 31); - V27 ^= V23; - V23 = ((V23 << 2) | (V23 >> 30)) ^ V27; - V27 = ((V27 << 14) | (V27 >> 18)) ^ V23; - V23 = ((V23 << 10) | (V23 >> 22)) ^ V27; - V27 = (V27 << 1) | (V27 >> 31); - V20 ^= RC20_384[r]; - V24 ^= RC24_384[r]; + tmp = V20 + V20 |= V21 + V22 ^= V23 + V21 = ^V21 + V20 ^= V23 + V23 &= tmp + V21 ^= V23 + V23 ^= V22 + V22 &= V20 + V20 = ^V20 + V22 ^= V21 + V21 |= V23 + tmp ^= V21 + V23 ^= V22 + V22 &= V21 + V21 ^= V20 + V20 = tmp + tmp = V25 + V25 |= V26 + V27 ^= V24 + V26 = ^V26 + V25 ^= V24 + V24 &= tmp + V26 ^= V24 + V24 ^= V27 + V27 &= V25 + V25 = ^V25 + V27 ^= V26 + V26 |= V24 + tmp ^= V26 + V24 ^= V27 + V27 &= V26 + V26 ^= V25 + V25 = tmp + V24 ^= V20 + V20 = ((V20 << 2) | (V20 >> 30)) ^ V24 + V24 = ((V24 << 14) | (V24 >> 18)) ^ V20 + V20 = ((V20 << 10) | (V20 >> 22)) ^ V24 + V24 = (V24 << 1) | (V24 >> 31) + V25 ^= V21 + V21 = ((V21 << 2) | (V21 >> 30)) ^ V25 + V25 = ((V25 << 14) | (V25 >> 18)) ^ V21 + V21 = ((V21 << 10) | (V21 >> 22)) ^ V25 + V25 = (V25 << 1) | (V25 >> 31) + V26 ^= V22 + V22 = ((V22 << 2) | (V22 >> 30)) ^ V26 + V26 = ((V26 << 14) | (V26 >> 18)) ^ V22 + V22 = ((V22 << 10) | (V22 >> 22)) ^ V26 + V26 = (V26 << 1) | (V26 >> 31) + V27 ^= V23 + V23 = ((V23 << 2) | (V23 >> 30)) ^ V27 + V27 = ((V27 << 14) | (V27 >> 18)) ^ V23 + V23 = ((V23 << 10) | (V23 >> 22)) ^ V27 + V27 = (V27 << 1) | (V27 >> 31) + V20 ^= RC20_384[r] + V24 ^= RC24_384[r] } for r := 0; r < 8; r++ { - tmp = V30; - V30 |= V31; - V32 ^= V33; - V31 = ^V31; - V30 ^= V33; - V33 &= tmp; - V31 ^= V33; - V33 ^= V32; - V32 &= V30; - V30 = ^V30; - V32 ^= V31; - V31 |= V33; - tmp ^= V31; - V33 ^= V32; - V32 &= V31; - V31 ^= V30; - V30 = tmp; - tmp = V35; - V35 |= V36; - V37 ^= V34; - V36 = ^V36; - V35 ^= V34; - V34 &= tmp; - V36 ^= V34; - V34 ^= V37; - V37 &= V35; - V35 = ^V35; - V37 ^= V36; - V36 |= V34; - tmp ^= V36; - V34 ^= V37; - V37 &= V36; - V36 ^= V35; - V35 = tmp; - V34 ^= V30; - V30 = ((V30 << 2) | (V30 >> 30)) ^ V34; - V34 = ((V34 << 14) | (V34 >> 18)) ^ V30; - V30 = ((V30 << 10) | (V30 >> 22)) ^ V34; - V34 = (V34 << 1) | (V34 >> 31); - V35 ^= V31; - V31 = ((V31 << 2) | (V31 >> 30)) ^ V35; - V35 = ((V35 << 14) | (V35 >> 18)) ^ V31; - V31 = ((V31 << 10) | (V31 >> 22)) ^ V35; - V35 = (V35 << 1) | (V35 >> 31); - V36 ^= V32; - V32 = ((V32 << 2) | (V32 >> 30)) ^ V36; - V36 = ((V36 << 14) | (V36 >> 18)) ^ V32; - V32 = ((V32 << 10) | (V32 >> 22)) ^ V36; - V36 = (V36 << 1) | (V36 >> 31); - V37 ^= V33; - V33 = ((V33 << 2) | (V33 >> 30)) ^ V37; - V37 = ((V37 << 14) | (V37 >> 18)) ^ V33; - V33 = ((V33 << 10) | (V33 >> 22)) ^ V37; - V37 = (V37 << 1) | (V37 >> 31); - V30 ^= RC30_384[r]; - V34 ^= RC34_384[r]; + tmp = V30 + V30 |= V31 + V32 ^= V33 + V31 = ^V31 + V30 ^= V33 + V33 &= tmp + V31 ^= V33 + V33 ^= V32 + V32 &= V30 + V30 = ^V30 + V32 ^= V31 + V31 |= V33 + tmp ^= V31 + V33 ^= V32 + V32 &= V31 + V31 ^= V30 + V30 = tmp + tmp = V35 + V35 |= V36 + V37 ^= V34 + V36 = ^V36 + V35 ^= V34 + V34 &= tmp + V36 ^= V34 + V34 ^= V37 + V37 &= V35 + V35 = ^V35 + V37 ^= V36 + V36 |= V34 + tmp ^= V36 + V34 ^= V37 + V37 &= V36 + V36 ^= V35 + V35 = tmp + V34 ^= V30 + V30 = ((V30 << 2) | (V30 >> 30)) ^ V34 + V34 = ((V34 << 14) | (V34 >> 18)) ^ V30 + V30 = ((V30 << 10) | (V30 >> 22)) ^ V34 + V34 = (V34 << 1) | (V34 >> 31) + V35 ^= V31 + V31 = ((V31 << 2) | (V31 >> 30)) ^ V35 + V35 = ((V35 << 14) | (V35 >> 18)) ^ V31 + V31 = ((V31 << 10) | (V31 >> 22)) ^ V35 + V35 = (V35 << 1) | (V35 >> 31) + V36 ^= V32 + V32 = ((V32 << 2) | (V32 >> 30)) ^ V36 + V36 = ((V36 << 14) | (V36 >> 18)) ^ V32 + V32 = ((V32 << 10) | (V32 >> 22)) ^ V36 + V36 = (V36 << 1) | (V36 >> 31) + V37 ^= V33 + V33 = ((V33 << 2) | (V33 >> 30)) ^ V37 + V37 = ((V37 << 14) | (V37 >> 18)) ^ V33 + V33 = ((V33 << 10) | (V33 >> 22)) ^ V37 + V37 = (V37 << 1) | (V37 >> 31) + V30 ^= RC30_384[r] + V34 ^= RC34_384[r] } d.V00 = V00 diff --git a/luffa/digest512.go b/luffa/digest512.go index 7ccc658..cad770b 100644 --- a/luffa/digest512.go +++ b/luffa/digest512.go @@ -37,46 +37,46 @@ func (d *digest512) Reset() { d.tmpBuf = [32]byte{} - d.V00 = IV_512[ 0]; - d.V01 = IV_512[ 1]; - d.V02 = IV_512[ 2]; - d.V03 = IV_512[ 3]; - d.V04 = IV_512[ 4]; - d.V05 = IV_512[ 5]; - d.V06 = IV_512[ 6]; - d.V07 = IV_512[ 7]; - d.V10 = IV_512[ 8]; - d.V11 = IV_512[ 9]; - d.V12 = IV_512[10]; - d.V13 = IV_512[11]; - d.V14 = IV_512[12]; - d.V15 = IV_512[13]; - d.V16 = IV_512[14]; - d.V17 = IV_512[15]; - d.V20 = IV_512[16]; - d.V21 = IV_512[17]; - d.V22 = IV_512[18]; - d.V23 = IV_512[19]; - d.V24 = IV_512[20]; - d.V25 = IV_512[21]; - d.V26 = IV_512[22]; - d.V27 = IV_512[23]; - d.V30 = IV_512[24]; - d.V31 = IV_512[25]; - d.V32 = IV_512[26]; - d.V33 = IV_512[27]; - d.V34 = IV_512[28]; - d.V35 = IV_512[29]; - d.V36 = IV_512[30]; - d.V37 = IV_512[31]; - d.V40 = IV_512[32]; - d.V41 = IV_512[33]; - d.V42 = IV_512[34]; - d.V43 = IV_512[35]; - d.V44 = IV_512[36]; - d.V45 = IV_512[37]; - d.V46 = IV_512[38]; - d.V47 = IV_512[39]; + d.V00 = IV_512[ 0] + d.V01 = IV_512[ 1] + d.V02 = IV_512[ 2] + d.V03 = IV_512[ 3] + d.V04 = IV_512[ 4] + d.V05 = IV_512[ 5] + d.V06 = IV_512[ 6] + d.V07 = IV_512[ 7] + d.V10 = IV_512[ 8] + d.V11 = IV_512[ 9] + d.V12 = IV_512[10] + d.V13 = IV_512[11] + d.V14 = IV_512[12] + d.V15 = IV_512[13] + d.V16 = IV_512[14] + d.V17 = IV_512[15] + d.V20 = IV_512[16] + d.V21 = IV_512[17] + d.V22 = IV_512[18] + d.V23 = IV_512[19] + d.V24 = IV_512[20] + d.V25 = IV_512[21] + d.V26 = IV_512[22] + d.V27 = IV_512[23] + d.V30 = IV_512[24] + d.V31 = IV_512[25] + d.V32 = IV_512[26] + d.V33 = IV_512[27] + d.V34 = IV_512[28] + d.V35 = IV_512[29] + d.V36 = IV_512[30] + d.V37 = IV_512[31] + d.V40 = IV_512[32] + d.V41 = IV_512[33] + d.V42 = IV_512[34] + d.V43 = IV_512[35] + d.V44 = IV_512[36] + d.V45 = IV_512[37] + d.V46 = IV_512[38] + d.V47 = IV_512[39] } func (d *digest512) Size() int { @@ -136,25 +136,25 @@ func (d *digest512) checkSum() (out []byte) { out = make([]byte, 64) - putu32(out[0:], d.V00 ^ d.V10 ^ d.V20 ^ d.V30 ^ d.V40); - putu32(out[4:], d.V01 ^ d.V11 ^ d.V21 ^ d.V31 ^ d.V41); - putu32(out[8:], d.V02 ^ d.V12 ^ d.V22 ^ d.V32 ^ d.V42); - putu32(out[12:], d.V03 ^ d.V13 ^ d.V23 ^ d.V33 ^ d.V43); - putu32(out[16:], d.V04 ^ d.V14 ^ d.V24 ^ d.V34 ^ d.V44); - putu32(out[20:], d.V05 ^ d.V15 ^ d.V25 ^ d.V35 ^ d.V45); - putu32(out[24:], d.V06 ^ d.V16 ^ d.V26 ^ d.V36 ^ d.V46); - putu32(out[28:], d.V07 ^ d.V17 ^ d.V27 ^ d.V37 ^ d.V47); + putu32(out[0:], d.V00 ^ d.V10 ^ d.V20 ^ d.V30 ^ d.V40) + putu32(out[4:], d.V01 ^ d.V11 ^ d.V21 ^ d.V31 ^ d.V41) + putu32(out[8:], d.V02 ^ d.V12 ^ d.V22 ^ d.V32 ^ d.V42) + putu32(out[12:], d.V03 ^ d.V13 ^ d.V23 ^ d.V33 ^ d.V43) + putu32(out[16:], d.V04 ^ d.V14 ^ d.V24 ^ d.V34 ^ d.V44) + putu32(out[20:], d.V05 ^ d.V15 ^ d.V25 ^ d.V35 ^ d.V45) + putu32(out[24:], d.V06 ^ d.V16 ^ d.V26 ^ d.V36 ^ d.V46) + putu32(out[28:], d.V07 ^ d.V17 ^ d.V27 ^ d.V37 ^ d.V47) d.Write(d.tmpBuf[:]) - putu32(out[32:], d.V00 ^ d.V10 ^ d.V20 ^ d.V30 ^ d.V40); - putu32(out[36:], d.V01 ^ d.V11 ^ d.V21 ^ d.V31 ^ d.V41); - putu32(out[40:], d.V02 ^ d.V12 ^ d.V22 ^ d.V32 ^ d.V42); - putu32(out[44:], d.V03 ^ d.V13 ^ d.V23 ^ d.V33 ^ d.V43); - putu32(out[48:], d.V04 ^ d.V14 ^ d.V24 ^ d.V34 ^ d.V44); - putu32(out[52:], d.V05 ^ d.V15 ^ d.V25 ^ d.V35 ^ d.V45); - putu32(out[56:], d.V06 ^ d.V16 ^ d.V26 ^ d.V36 ^ d.V46); - putu32(out[60:], d.V07 ^ d.V17 ^ d.V27 ^ d.V37 ^ d.V47); + putu32(out[32:], d.V00 ^ d.V10 ^ d.V20 ^ d.V30 ^ d.V40) + putu32(out[36:], d.V01 ^ d.V11 ^ d.V21 ^ d.V31 ^ d.V41) + putu32(out[40:], d.V02 ^ d.V12 ^ d.V22 ^ d.V32 ^ d.V42) + putu32(out[44:], d.V03 ^ d.V13 ^ d.V23 ^ d.V33 ^ d.V43) + putu32(out[48:], d.V04 ^ d.V14 ^ d.V24 ^ d.V34 ^ d.V44) + putu32(out[52:], d.V05 ^ d.V15 ^ d.V25 ^ d.V35 ^ d.V45) + putu32(out[56:], d.V06 ^ d.V16 ^ d.V26 ^ d.V36 ^ d.V46) + putu32(out[60:], d.V07 ^ d.V17 ^ d.V27 ^ d.V37 ^ d.V47) return } @@ -214,643 +214,643 @@ func (d *digest512) processBlock(data []byte) { V46 := d.V46 V47 := d.V47 - a0 = V00 ^ V10; - a1 = V01 ^ V11; - a2 = V02 ^ V12; - a3 = V03 ^ V13; - a4 = V04 ^ V14; - a5 = V05 ^ V15; - a6 = V06 ^ V16; - a7 = V07 ^ V17; - b0 = V20 ^ V30; - b1 = V21 ^ V31; - b2 = V22 ^ V32; - b3 = V23 ^ V33; - b4 = V24 ^ V34; - b5 = V25 ^ V35; - b6 = V26 ^ V36; - b7 = V27 ^ V37; - a0 = a0 ^ b0; - a1 = a1 ^ b1; - a2 = a2 ^ b2; - a3 = a3 ^ b3; - a4 = a4 ^ b4; - a5 = a5 ^ b5; - a6 = a6 ^ b6; - a7 = a7 ^ b7; - a0 = a0 ^ V40; - a1 = a1 ^ V41; - a2 = a2 ^ V42; - a3 = a3 ^ V43; - a4 = a4 ^ V44; - a5 = a5 ^ V45; - a6 = a6 ^ V46; - a7 = a7 ^ V47; - tmp = a7; - a7 = a6; - a6 = a5; - a5 = a4; - a4 = a3 ^ tmp; - a3 = a2 ^ tmp; - a2 = a1; - a1 = a0 ^ tmp; - a0 = tmp; - V00 = a0 ^ V00; - V01 = a1 ^ V01; - V02 = a2 ^ V02; - V03 = a3 ^ V03; - V04 = a4 ^ V04; - V05 = a5 ^ V05; - V06 = a6 ^ V06; - V07 = a7 ^ V07; - V10 = a0 ^ V10; - V11 = a1 ^ V11; - V12 = a2 ^ V12; - V13 = a3 ^ V13; - V14 = a4 ^ V14; - V15 = a5 ^ V15; - V16 = a6 ^ V16; - V17 = a7 ^ V17; - V20 = a0 ^ V20; - V21 = a1 ^ V21; - V22 = a2 ^ V22; - V23 = a3 ^ V23; - V24 = a4 ^ V24; - V25 = a5 ^ V25; - V26 = a6 ^ V26; - V27 = a7 ^ V27; - V30 = a0 ^ V30; - V31 = a1 ^ V31; - V32 = a2 ^ V32; - V33 = a3 ^ V33; - V34 = a4 ^ V34; - V35 = a5 ^ V35; - V36 = a6 ^ V36; - V37 = a7 ^ V37; - V40 = a0 ^ V40; - V41 = a1 ^ V41; - V42 = a2 ^ V42; - V43 = a3 ^ V43; - V44 = a4 ^ V44; - V45 = a5 ^ V45; - V46 = a6 ^ V46; - V47 = a7 ^ V47; - tmp = V07; - b7 = V06; - b6 = V05; - b5 = V04; - b4 = V03 ^ tmp; - b3 = V02 ^ tmp; - b2 = V01; - b1 = V00 ^ tmp; - b0 = tmp; - b0 = b0 ^ V10; - b1 = b1 ^ V11; - b2 = b2 ^ V12; - b3 = b3 ^ V13; - b4 = b4 ^ V14; - b5 = b5 ^ V15; - b6 = b6 ^ V16; - b7 = b7 ^ V17; - tmp = V17; - V17 = V16; - V16 = V15; - V15 = V14; - V14 = V13 ^ tmp; - V13 = V12 ^ tmp; - V12 = V11; - V11 = V10 ^ tmp; - V10 = tmp; - V10 = V10 ^ V20; - V11 = V11 ^ V21; - V12 = V12 ^ V22; - V13 = V13 ^ V23; - V14 = V14 ^ V24; - V15 = V15 ^ V25; - V16 = V16 ^ V26; - V17 = V17 ^ V27; - tmp = V27; - V27 = V26; - V26 = V25; - V25 = V24; - V24 = V23 ^ tmp; - V23 = V22 ^ tmp; - V22 = V21; - V21 = V20 ^ tmp; - V20 = tmp; - V20 = V20 ^ V30; - V21 = V21 ^ V31; - V22 = V22 ^ V32; - V23 = V23 ^ V33; - V24 = V24 ^ V34; - V25 = V25 ^ V35; - V26 = V26 ^ V36; - V27 = V27 ^ V37; - tmp = V37; - V37 = V36; - V36 = V35; - V35 = V34; - V34 = V33 ^ tmp; - V33 = V32 ^ tmp; - V32 = V31; - V31 = V30 ^ tmp; - V30 = tmp; - V30 = V30 ^ V40; - V31 = V31 ^ V41; - V32 = V32 ^ V42; - V33 = V33 ^ V43; - V34 = V34 ^ V44; - V35 = V35 ^ V45; - V36 = V36 ^ V46; - V37 = V37 ^ V47; - tmp = V47; - V47 = V46; - V46 = V45; - V45 = V44; - V44 = V43 ^ tmp; - V43 = V42 ^ tmp; - V42 = V41; - V41 = V40 ^ tmp; - V40 = tmp; - V40 = V40 ^ V00; - V41 = V41 ^ V01; - V42 = V42 ^ V02; - V43 = V43 ^ V03; - V44 = V44 ^ V04; - V45 = V45 ^ V05; - V46 = V46 ^ V06; - V47 = V47 ^ V07; - tmp = b7; - V07 = b6; - V06 = b5; - V05 = b4; - V04 = b3 ^ tmp; - V03 = b2 ^ tmp; - V02 = b1; - V01 = b0 ^ tmp; - V00 = tmp; - V00 = V00 ^ V40; - V01 = V01 ^ V41; - V02 = V02 ^ V42; - V03 = V03 ^ V43; - V04 = V04 ^ V44; - V05 = V05 ^ V45; - V06 = V06 ^ V46; - V07 = V07 ^ V47; - tmp = V47; - V47 = V46; - V46 = V45; - V45 = V44; - V44 = V43 ^ tmp; - V43 = V42 ^ tmp; - V42 = V41; - V41 = V40 ^ tmp; - V40 = tmp; - V40 = V40 ^ V30; - V41 = V41 ^ V31; - V42 = V42 ^ V32; - V43 = V43 ^ V33; - V44 = V44 ^ V34; - V45 = V45 ^ V35; - V46 = V46 ^ V36; - V47 = V47 ^ V37; - tmp = V37; - V37 = V36; - V36 = V35; - V35 = V34; - V34 = V33 ^ tmp; - V33 = V32 ^ tmp; - V32 = V31; - V31 = V30 ^ tmp; - V30 = tmp; - V30 = V30 ^ V20; - V31 = V31 ^ V21; - V32 = V32 ^ V22; - V33 = V33 ^ V23; - V34 = V34 ^ V24; - V35 = V35 ^ V25; - V36 = V36 ^ V26; - V37 = V37 ^ V27; - tmp = V27; - V27 = V26; - V26 = V25; - V25 = V24; - V24 = V23 ^ tmp; - V23 = V22 ^ tmp; - V22 = V21; - V21 = V20 ^ tmp; - V20 = tmp; - V20 = V20 ^ V10; - V21 = V21 ^ V11; - V22 = V22 ^ V12; - V23 = V23 ^ V13; - V24 = V24 ^ V14; - V25 = V25 ^ V15; - V26 = V26 ^ V16; - V27 = V27 ^ V17; - tmp = V17; - V17 = V16; - V16 = V15; - V15 = V14; - V14 = V13 ^ tmp; - V13 = V12 ^ tmp; - V12 = V11; - V11 = V10 ^ tmp; - V10 = tmp; - V10 = V10 ^ b0; - V11 = V11 ^ b1; - V12 = V12 ^ b2; - V13 = V13 ^ b3; - V14 = V14 ^ b4; - V15 = V15 ^ b5; - V16 = V16 ^ b6; - V17 = V17 ^ b7; - V00 = V00 ^ M0; - V01 = V01 ^ M1; - V02 = V02 ^ M2; - V03 = V03 ^ M3; - V04 = V04 ^ M4; - V05 = V05 ^ M5; - V06 = V06 ^ M6; - V07 = V07 ^ M7; - tmp = M7; - M7 = M6; - M6 = M5; - M5 = M4; - M4 = M3 ^ tmp; - M3 = M2 ^ tmp; - M2 = M1; - M1 = M0 ^ tmp; - M0 = tmp; - V10 = V10 ^ M0; - V11 = V11 ^ M1; - V12 = V12 ^ M2; - V13 = V13 ^ M3; - V14 = V14 ^ M4; - V15 = V15 ^ M5; - V16 = V16 ^ M6; - V17 = V17 ^ M7; - tmp = M7; - M7 = M6; - M6 = M5; - M5 = M4; - M4 = M3 ^ tmp; - M3 = M2 ^ tmp; - M2 = M1; - M1 = M0 ^ tmp; - M0 = tmp; - V20 = V20 ^ M0; - V21 = V21 ^ M1; - V22 = V22 ^ M2; - V23 = V23 ^ M3; - V24 = V24 ^ M4; - V25 = V25 ^ M5; - V26 = V26 ^ M6; - V27 = V27 ^ M7; - tmp = M7; - M7 = M6; - M6 = M5; - M5 = M4; - M4 = M3 ^ tmp; - M3 = M2 ^ tmp; - M2 = M1; - M1 = M0 ^ tmp; - M0 = tmp; - V30 = V30 ^ M0; - V31 = V31 ^ M1; - V32 = V32 ^ M2; - V33 = V33 ^ M3; - V34 = V34 ^ M4; - V35 = V35 ^ M5; - V36 = V36 ^ M6; - V37 = V37 ^ M7; - tmp = M7; - M7 = M6; - M6 = M5; - M5 = M4; - M4 = M3 ^ tmp; - M3 = M2 ^ tmp; - M2 = M1; - M1 = M0 ^ tmp; - M0 = tmp; - V40 = V40 ^ M0; - V41 = V41 ^ M1; - V42 = V42 ^ M2; - V43 = V43 ^ M3; - V44 = V44 ^ M4; - V45 = V45 ^ M5; - V46 = V46 ^ M6; - V47 = V47 ^ M7; - V14 = (V14 << 1) | (V14 >> 31); - V15 = (V15 << 1) | (V15 >> 31); - V16 = (V16 << 1) | (V16 >> 31); - V17 = (V17 << 1) | (V17 >> 31); - V24 = (V24 << 2) | (V24 >> 30); - V25 = (V25 << 2) | (V25 >> 30); - V26 = (V26 << 2) | (V26 >> 30); - V27 = (V27 << 2) | (V27 >> 30); - V34 = (V34 << 3) | (V34 >> 29); - V35 = (V35 << 3) | (V35 >> 29); - V36 = (V36 << 3) | (V36 >> 29); - V37 = (V37 << 3) | (V37 >> 29); - V44 = (V44 << 4) | (V44 >> 28); - V45 = (V45 << 4) | (V45 >> 28); - V46 = (V46 << 4) | (V46 >> 28); - V47 = (V47 << 4) | (V47 >> 28); + a0 = V00 ^ V10 + a1 = V01 ^ V11 + a2 = V02 ^ V12 + a3 = V03 ^ V13 + a4 = V04 ^ V14 + a5 = V05 ^ V15 + a6 = V06 ^ V16 + a7 = V07 ^ V17 + b0 = V20 ^ V30 + b1 = V21 ^ V31 + b2 = V22 ^ V32 + b3 = V23 ^ V33 + b4 = V24 ^ V34 + b5 = V25 ^ V35 + b6 = V26 ^ V36 + b7 = V27 ^ V37 + a0 = a0 ^ b0 + a1 = a1 ^ b1 + a2 = a2 ^ b2 + a3 = a3 ^ b3 + a4 = a4 ^ b4 + a5 = a5 ^ b5 + a6 = a6 ^ b6 + a7 = a7 ^ b7 + a0 = a0 ^ V40 + a1 = a1 ^ V41 + a2 = a2 ^ V42 + a3 = a3 ^ V43 + a4 = a4 ^ V44 + a5 = a5 ^ V45 + a6 = a6 ^ V46 + a7 = a7 ^ V47 + tmp = a7 + a7 = a6 + a6 = a5 + a5 = a4 + a4 = a3 ^ tmp + a3 = a2 ^ tmp + a2 = a1 + a1 = a0 ^ tmp + a0 = tmp + V00 = a0 ^ V00 + V01 = a1 ^ V01 + V02 = a2 ^ V02 + V03 = a3 ^ V03 + V04 = a4 ^ V04 + V05 = a5 ^ V05 + V06 = a6 ^ V06 + V07 = a7 ^ V07 + V10 = a0 ^ V10 + V11 = a1 ^ V11 + V12 = a2 ^ V12 + V13 = a3 ^ V13 + V14 = a4 ^ V14 + V15 = a5 ^ V15 + V16 = a6 ^ V16 + V17 = a7 ^ V17 + V20 = a0 ^ V20 + V21 = a1 ^ V21 + V22 = a2 ^ V22 + V23 = a3 ^ V23 + V24 = a4 ^ V24 + V25 = a5 ^ V25 + V26 = a6 ^ V26 + V27 = a7 ^ V27 + V30 = a0 ^ V30 + V31 = a1 ^ V31 + V32 = a2 ^ V32 + V33 = a3 ^ V33 + V34 = a4 ^ V34 + V35 = a5 ^ V35 + V36 = a6 ^ V36 + V37 = a7 ^ V37 + V40 = a0 ^ V40 + V41 = a1 ^ V41 + V42 = a2 ^ V42 + V43 = a3 ^ V43 + V44 = a4 ^ V44 + V45 = a5 ^ V45 + V46 = a6 ^ V46 + V47 = a7 ^ V47 + tmp = V07 + b7 = V06 + b6 = V05 + b5 = V04 + b4 = V03 ^ tmp + b3 = V02 ^ tmp + b2 = V01 + b1 = V00 ^ tmp + b0 = tmp + b0 = b0 ^ V10 + b1 = b1 ^ V11 + b2 = b2 ^ V12 + b3 = b3 ^ V13 + b4 = b4 ^ V14 + b5 = b5 ^ V15 + b6 = b6 ^ V16 + b7 = b7 ^ V17 + tmp = V17 + V17 = V16 + V16 = V15 + V15 = V14 + V14 = V13 ^ tmp + V13 = V12 ^ tmp + V12 = V11 + V11 = V10 ^ tmp + V10 = tmp + V10 = V10 ^ V20 + V11 = V11 ^ V21 + V12 = V12 ^ V22 + V13 = V13 ^ V23 + V14 = V14 ^ V24 + V15 = V15 ^ V25 + V16 = V16 ^ V26 + V17 = V17 ^ V27 + tmp = V27 + V27 = V26 + V26 = V25 + V25 = V24 + V24 = V23 ^ tmp + V23 = V22 ^ tmp + V22 = V21 + V21 = V20 ^ tmp + V20 = tmp + V20 = V20 ^ V30 + V21 = V21 ^ V31 + V22 = V22 ^ V32 + V23 = V23 ^ V33 + V24 = V24 ^ V34 + V25 = V25 ^ V35 + V26 = V26 ^ V36 + V27 = V27 ^ V37 + tmp = V37 + V37 = V36 + V36 = V35 + V35 = V34 + V34 = V33 ^ tmp + V33 = V32 ^ tmp + V32 = V31 + V31 = V30 ^ tmp + V30 = tmp + V30 = V30 ^ V40 + V31 = V31 ^ V41 + V32 = V32 ^ V42 + V33 = V33 ^ V43 + V34 = V34 ^ V44 + V35 = V35 ^ V45 + V36 = V36 ^ V46 + V37 = V37 ^ V47 + tmp = V47 + V47 = V46 + V46 = V45 + V45 = V44 + V44 = V43 ^ tmp + V43 = V42 ^ tmp + V42 = V41 + V41 = V40 ^ tmp + V40 = tmp + V40 = V40 ^ V00 + V41 = V41 ^ V01 + V42 = V42 ^ V02 + V43 = V43 ^ V03 + V44 = V44 ^ V04 + V45 = V45 ^ V05 + V46 = V46 ^ V06 + V47 = V47 ^ V07 + tmp = b7 + V07 = b6 + V06 = b5 + V05 = b4 + V04 = b3 ^ tmp + V03 = b2 ^ tmp + V02 = b1 + V01 = b0 ^ tmp + V00 = tmp + V00 = V00 ^ V40 + V01 = V01 ^ V41 + V02 = V02 ^ V42 + V03 = V03 ^ V43 + V04 = V04 ^ V44 + V05 = V05 ^ V45 + V06 = V06 ^ V46 + V07 = V07 ^ V47 + tmp = V47 + V47 = V46 + V46 = V45 + V45 = V44 + V44 = V43 ^ tmp + V43 = V42 ^ tmp + V42 = V41 + V41 = V40 ^ tmp + V40 = tmp + V40 = V40 ^ V30 + V41 = V41 ^ V31 + V42 = V42 ^ V32 + V43 = V43 ^ V33 + V44 = V44 ^ V34 + V45 = V45 ^ V35 + V46 = V46 ^ V36 + V47 = V47 ^ V37 + tmp = V37 + V37 = V36 + V36 = V35 + V35 = V34 + V34 = V33 ^ tmp + V33 = V32 ^ tmp + V32 = V31 + V31 = V30 ^ tmp + V30 = tmp + V30 = V30 ^ V20 + V31 = V31 ^ V21 + V32 = V32 ^ V22 + V33 = V33 ^ V23 + V34 = V34 ^ V24 + V35 = V35 ^ V25 + V36 = V36 ^ V26 + V37 = V37 ^ V27 + tmp = V27 + V27 = V26 + V26 = V25 + V25 = V24 + V24 = V23 ^ tmp + V23 = V22 ^ tmp + V22 = V21 + V21 = V20 ^ tmp + V20 = tmp + V20 = V20 ^ V10 + V21 = V21 ^ V11 + V22 = V22 ^ V12 + V23 = V23 ^ V13 + V24 = V24 ^ V14 + V25 = V25 ^ V15 + V26 = V26 ^ V16 + V27 = V27 ^ V17 + tmp = V17 + V17 = V16 + V16 = V15 + V15 = V14 + V14 = V13 ^ tmp + V13 = V12 ^ tmp + V12 = V11 + V11 = V10 ^ tmp + V10 = tmp + V10 = V10 ^ b0 + V11 = V11 ^ b1 + V12 = V12 ^ b2 + V13 = V13 ^ b3 + V14 = V14 ^ b4 + V15 = V15 ^ b5 + V16 = V16 ^ b6 + V17 = V17 ^ b7 + V00 = V00 ^ M0 + V01 = V01 ^ M1 + V02 = V02 ^ M2 + V03 = V03 ^ M3 + V04 = V04 ^ M4 + V05 = V05 ^ M5 + V06 = V06 ^ M6 + V07 = V07 ^ M7 + tmp = M7 + M7 = M6 + M6 = M5 + M5 = M4 + M4 = M3 ^ tmp + M3 = M2 ^ tmp + M2 = M1 + M1 = M0 ^ tmp + M0 = tmp + V10 = V10 ^ M0 + V11 = V11 ^ M1 + V12 = V12 ^ M2 + V13 = V13 ^ M3 + V14 = V14 ^ M4 + V15 = V15 ^ M5 + V16 = V16 ^ M6 + V17 = V17 ^ M7 + tmp = M7 + M7 = M6 + M6 = M5 + M5 = M4 + M4 = M3 ^ tmp + M3 = M2 ^ tmp + M2 = M1 + M1 = M0 ^ tmp + M0 = tmp + V20 = V20 ^ M0 + V21 = V21 ^ M1 + V22 = V22 ^ M2 + V23 = V23 ^ M3 + V24 = V24 ^ M4 + V25 = V25 ^ M5 + V26 = V26 ^ M6 + V27 = V27 ^ M7 + tmp = M7 + M7 = M6 + M6 = M5 + M5 = M4 + M4 = M3 ^ tmp + M3 = M2 ^ tmp + M2 = M1 + M1 = M0 ^ tmp + M0 = tmp + V30 = V30 ^ M0 + V31 = V31 ^ M1 + V32 = V32 ^ M2 + V33 = V33 ^ M3 + V34 = V34 ^ M4 + V35 = V35 ^ M5 + V36 = V36 ^ M6 + V37 = V37 ^ M7 + tmp = M7 + M7 = M6 + M6 = M5 + M5 = M4 + M4 = M3 ^ tmp + M3 = M2 ^ tmp + M2 = M1 + M1 = M0 ^ tmp + M0 = tmp + V40 = V40 ^ M0 + V41 = V41 ^ M1 + V42 = V42 ^ M2 + V43 = V43 ^ M3 + V44 = V44 ^ M4 + V45 = V45 ^ M5 + V46 = V46 ^ M6 + V47 = V47 ^ M7 + V14 = (V14 << 1) | (V14 >> 31) + V15 = (V15 << 1) | (V15 >> 31) + V16 = (V16 << 1) | (V16 >> 31) + V17 = (V17 << 1) | (V17 >> 31) + V24 = (V24 << 2) | (V24 >> 30) + V25 = (V25 << 2) | (V25 >> 30) + V26 = (V26 << 2) | (V26 >> 30) + V27 = (V27 << 2) | (V27 >> 30) + V34 = (V34 << 3) | (V34 >> 29) + V35 = (V35 << 3) | (V35 >> 29) + V36 = (V36 << 3) | (V36 >> 29) + V37 = (V37 << 3) | (V37 >> 29) + V44 = (V44 << 4) | (V44 >> 28) + V45 = (V45 << 4) | (V45 >> 28) + V46 = (V46 << 4) | (V46 >> 28) + V47 = (V47 << 4) | (V47 >> 28) for r := 0; r < 8; r++ { - tmp = V00; - V00 |= V01; - V02 ^= V03; - V01 = ^V01; - V00 ^= V03; - V03 &= tmp; - V01 ^= V03; - V03 ^= V02; - V02 &= V00; - V00 = ^V00; - V02 ^= V01; - V01 |= V03; - tmp ^= V01; - V03 ^= V02; - V02 &= V01; - V01 ^= V00; - V00 = tmp; - tmp = V05; - V05 |= V06; - V07 ^= V04; - V06 = ^V06; - V05 ^= V04; - V04 &= tmp; - V06 ^= V04; - V04 ^= V07; - V07 &= V05; - V05 = ^V05; - V07 ^= V06; - V06 |= V04; - tmp ^= V06; - V04 ^= V07; - V07 &= V06; - V06 ^= V05; - V05 = tmp; - V04 ^= V00; - V00 = ((V00 << 2) | (V00 >> 30)) ^ V04; - V04 = ((V04 << 14) | (V04 >> 18)) ^ V00; - V00 = ((V00 << 10) | (V00 >> 22)) ^ V04; - V04 = (V04 << 1) | (V04 >> 31); - V05 ^= V01; - V01 = ((V01 << 2) | (V01 >> 30)) ^ V05; - V05 = ((V05 << 14) | (V05 >> 18)) ^ V01; - V01 = ((V01 << 10) | (V01 >> 22)) ^ V05; - V05 = (V05 << 1) | (V05 >> 31); - V06 ^= V02; - V02 = ((V02 << 2) | (V02 >> 30)) ^ V06; - V06 = ((V06 << 14) | (V06 >> 18)) ^ V02; - V02 = ((V02 << 10) | (V02 >> 22)) ^ V06; - V06 = (V06 << 1) | (V06 >> 31); - V07 ^= V03; - V03 = ((V03 << 2) | (V03 >> 30)) ^ V07; - V07 = ((V07 << 14) | (V07 >> 18)) ^ V03; - V03 = ((V03 << 10) | (V03 >> 22)) ^ V07; - V07 = (V07 << 1) | (V07 >> 31); - V00 ^= RC00_512[r]; - V04 ^= RC04_512[r]; + tmp = V00 + V00 |= V01 + V02 ^= V03 + V01 = ^V01 + V00 ^= V03 + V03 &= tmp + V01 ^= V03 + V03 ^= V02 + V02 &= V00 + V00 = ^V00 + V02 ^= V01 + V01 |= V03 + tmp ^= V01 + V03 ^= V02 + V02 &= V01 + V01 ^= V00 + V00 = tmp + tmp = V05 + V05 |= V06 + V07 ^= V04 + V06 = ^V06 + V05 ^= V04 + V04 &= tmp + V06 ^= V04 + V04 ^= V07 + V07 &= V05 + V05 = ^V05 + V07 ^= V06 + V06 |= V04 + tmp ^= V06 + V04 ^= V07 + V07 &= V06 + V06 ^= V05 + V05 = tmp + V04 ^= V00 + V00 = ((V00 << 2) | (V00 >> 30)) ^ V04 + V04 = ((V04 << 14) | (V04 >> 18)) ^ V00 + V00 = ((V00 << 10) | (V00 >> 22)) ^ V04 + V04 = (V04 << 1) | (V04 >> 31) + V05 ^= V01 + V01 = ((V01 << 2) | (V01 >> 30)) ^ V05 + V05 = ((V05 << 14) | (V05 >> 18)) ^ V01 + V01 = ((V01 << 10) | (V01 >> 22)) ^ V05 + V05 = (V05 << 1) | (V05 >> 31) + V06 ^= V02 + V02 = ((V02 << 2) | (V02 >> 30)) ^ V06 + V06 = ((V06 << 14) | (V06 >> 18)) ^ V02 + V02 = ((V02 << 10) | (V02 >> 22)) ^ V06 + V06 = (V06 << 1) | (V06 >> 31) + V07 ^= V03 + V03 = ((V03 << 2) | (V03 >> 30)) ^ V07 + V07 = ((V07 << 14) | (V07 >> 18)) ^ V03 + V03 = ((V03 << 10) | (V03 >> 22)) ^ V07 + V07 = (V07 << 1) | (V07 >> 31) + V00 ^= RC00_512[r] + V04 ^= RC04_512[r] } for r := 0; r < 8; r++ { - tmp = V10; - V10 |= V11; - V12 ^= V13; - V11 = ^V11; - V10 ^= V13; - V13 &= tmp; - V11 ^= V13; - V13 ^= V12; - V12 &= V10; - V10 = ^V10; - V12 ^= V11; - V11 |= V13; - tmp ^= V11; - V13 ^= V12; - V12 &= V11; - V11 ^= V10; - V10 = tmp; - tmp = V15; - V15 |= V16; - V17 ^= V14; - V16 = ^V16; - V15 ^= V14; - V14 &= tmp; - V16 ^= V14; - V14 ^= V17; - V17 &= V15; - V15 = ^V15; - V17 ^= V16; - V16 |= V14; - tmp ^= V16; - V14 ^= V17; - V17 &= V16; - V16 ^= V15; - V15 = tmp; - V14 ^= V10; - V10 = ((V10 << 2) | (V10 >> 30)) ^ V14; - V14 = ((V14 << 14) | (V14 >> 18)) ^ V10; - V10 = ((V10 << 10) | (V10 >> 22)) ^ V14; - V14 = (V14 << 1) | (V14 >> 31); - V15 ^= V11; - V11 = ((V11 << 2) | (V11 >> 30)) ^ V15; - V15 = ((V15 << 14) | (V15 >> 18)) ^ V11; - V11 = ((V11 << 10) | (V11 >> 22)) ^ V15; - V15 = (V15 << 1) | (V15 >> 31); - V16 ^= V12; - V12 = ((V12 << 2) | (V12 >> 30)) ^ V16; - V16 = ((V16 << 14) | (V16 >> 18)) ^ V12; - V12 = ((V12 << 10) | (V12 >> 22)) ^ V16; - V16 = (V16 << 1) | (V16 >> 31); - V17 ^= V13; - V13 = ((V13 << 2) | (V13 >> 30)) ^ V17; - V17 = ((V17 << 14) | (V17 >> 18)) ^ V13; - V13 = ((V13 << 10) | (V13 >> 22)) ^ V17; - V17 = (V17 << 1) | (V17 >> 31); - V10 ^= RC10_512[r]; - V14 ^= RC14_512[r]; + tmp = V10 + V10 |= V11 + V12 ^= V13 + V11 = ^V11 + V10 ^= V13 + V13 &= tmp + V11 ^= V13 + V13 ^= V12 + V12 &= V10 + V10 = ^V10 + V12 ^= V11 + V11 |= V13 + tmp ^= V11 + V13 ^= V12 + V12 &= V11 + V11 ^= V10 + V10 = tmp + tmp = V15 + V15 |= V16 + V17 ^= V14 + V16 = ^V16 + V15 ^= V14 + V14 &= tmp + V16 ^= V14 + V14 ^= V17 + V17 &= V15 + V15 = ^V15 + V17 ^= V16 + V16 |= V14 + tmp ^= V16 + V14 ^= V17 + V17 &= V16 + V16 ^= V15 + V15 = tmp + V14 ^= V10 + V10 = ((V10 << 2) | (V10 >> 30)) ^ V14 + V14 = ((V14 << 14) | (V14 >> 18)) ^ V10 + V10 = ((V10 << 10) | (V10 >> 22)) ^ V14 + V14 = (V14 << 1) | (V14 >> 31) + V15 ^= V11 + V11 = ((V11 << 2) | (V11 >> 30)) ^ V15 + V15 = ((V15 << 14) | (V15 >> 18)) ^ V11 + V11 = ((V11 << 10) | (V11 >> 22)) ^ V15 + V15 = (V15 << 1) | (V15 >> 31) + V16 ^= V12 + V12 = ((V12 << 2) | (V12 >> 30)) ^ V16 + V16 = ((V16 << 14) | (V16 >> 18)) ^ V12 + V12 = ((V12 << 10) | (V12 >> 22)) ^ V16 + V16 = (V16 << 1) | (V16 >> 31) + V17 ^= V13 + V13 = ((V13 << 2) | (V13 >> 30)) ^ V17 + V17 = ((V17 << 14) | (V17 >> 18)) ^ V13 + V13 = ((V13 << 10) | (V13 >> 22)) ^ V17 + V17 = (V17 << 1) | (V17 >> 31) + V10 ^= RC10_512[r] + V14 ^= RC14_512[r] } for r := 0; r < 8; r++ { - tmp = V20; - V20 |= V21; - V22 ^= V23; - V21 = ^V21; - V20 ^= V23; - V23 &= tmp; - V21 ^= V23; - V23 ^= V22; - V22 &= V20; - V20 = ^V20; - V22 ^= V21; - V21 |= V23; - tmp ^= V21; - V23 ^= V22; - V22 &= V21; - V21 ^= V20; - V20 = tmp; - tmp = V25; - V25 |= V26; - V27 ^= V24; - V26 = ^V26; - V25 ^= V24; - V24 &= tmp; - V26 ^= V24; - V24 ^= V27; - V27 &= V25; - V25 = ^V25; - V27 ^= V26; - V26 |= V24; - tmp ^= V26; - V24 ^= V27; - V27 &= V26; - V26 ^= V25; - V25 = tmp; - V24 ^= V20; - V20 = ((V20 << 2) | (V20 >> 30)) ^ V24; - V24 = ((V24 << 14) | (V24 >> 18)) ^ V20; - V20 = ((V20 << 10) | (V20 >> 22)) ^ V24; - V24 = (V24 << 1) | (V24 >> 31); - V25 ^= V21; - V21 = ((V21 << 2) | (V21 >> 30)) ^ V25; - V25 = ((V25 << 14) | (V25 >> 18)) ^ V21; - V21 = ((V21 << 10) | (V21 >> 22)) ^ V25; - V25 = (V25 << 1) | (V25 >> 31); - V26 ^= V22; - V22 = ((V22 << 2) | (V22 >> 30)) ^ V26; - V26 = ((V26 << 14) | (V26 >> 18)) ^ V22; - V22 = ((V22 << 10) | (V22 >> 22)) ^ V26; - V26 = (V26 << 1) | (V26 >> 31); - V27 ^= V23; - V23 = ((V23 << 2) | (V23 >> 30)) ^ V27; - V27 = ((V27 << 14) | (V27 >> 18)) ^ V23; - V23 = ((V23 << 10) | (V23 >> 22)) ^ V27; - V27 = (V27 << 1) | (V27 >> 31); - V20 ^= RC20_512[r]; - V24 ^= RC24_512[r]; + tmp = V20 + V20 |= V21 + V22 ^= V23 + V21 = ^V21 + V20 ^= V23 + V23 &= tmp + V21 ^= V23 + V23 ^= V22 + V22 &= V20 + V20 = ^V20 + V22 ^= V21 + V21 |= V23 + tmp ^= V21 + V23 ^= V22 + V22 &= V21 + V21 ^= V20 + V20 = tmp + tmp = V25 + V25 |= V26 + V27 ^= V24 + V26 = ^V26 + V25 ^= V24 + V24 &= tmp + V26 ^= V24 + V24 ^= V27 + V27 &= V25 + V25 = ^V25 + V27 ^= V26 + V26 |= V24 + tmp ^= V26 + V24 ^= V27 + V27 &= V26 + V26 ^= V25 + V25 = tmp + V24 ^= V20 + V20 = ((V20 << 2) | (V20 >> 30)) ^ V24 + V24 = ((V24 << 14) | (V24 >> 18)) ^ V20 + V20 = ((V20 << 10) | (V20 >> 22)) ^ V24 + V24 = (V24 << 1) | (V24 >> 31) + V25 ^= V21 + V21 = ((V21 << 2) | (V21 >> 30)) ^ V25 + V25 = ((V25 << 14) | (V25 >> 18)) ^ V21 + V21 = ((V21 << 10) | (V21 >> 22)) ^ V25 + V25 = (V25 << 1) | (V25 >> 31) + V26 ^= V22 + V22 = ((V22 << 2) | (V22 >> 30)) ^ V26 + V26 = ((V26 << 14) | (V26 >> 18)) ^ V22 + V22 = ((V22 << 10) | (V22 >> 22)) ^ V26 + V26 = (V26 << 1) | (V26 >> 31) + V27 ^= V23 + V23 = ((V23 << 2) | (V23 >> 30)) ^ V27 + V27 = ((V27 << 14) | (V27 >> 18)) ^ V23 + V23 = ((V23 << 10) | (V23 >> 22)) ^ V27 + V27 = (V27 << 1) | (V27 >> 31) + V20 ^= RC20_512[r] + V24 ^= RC24_512[r] } for r := 0; r < 8; r++ { - tmp = V30; - V30 |= V31; - V32 ^= V33; - V31 = ^V31; - V30 ^= V33; - V33 &= tmp; - V31 ^= V33; - V33 ^= V32; - V32 &= V30; - V30 = ^V30; - V32 ^= V31; - V31 |= V33; - tmp ^= V31; - V33 ^= V32; - V32 &= V31; - V31 ^= V30; - V30 = tmp; - tmp = V35; - V35 |= V36; - V37 ^= V34; - V36 = ^V36; - V35 ^= V34; - V34 &= tmp; - V36 ^= V34; - V34 ^= V37; - V37 &= V35; - V35 = ^V35; - V37 ^= V36; - V36 |= V34; - tmp ^= V36; - V34 ^= V37; - V37 &= V36; - V36 ^= V35; - V35 = tmp; - V34 ^= V30; - V30 = ((V30 << 2) | (V30 >> 30)) ^ V34; - V34 = ((V34 << 14) | (V34 >> 18)) ^ V30; - V30 = ((V30 << 10) | (V30 >> 22)) ^ V34; - V34 = (V34 << 1) | (V34 >> 31); - V35 ^= V31; - V31 = ((V31 << 2) | (V31 >> 30)) ^ V35; - V35 = ((V35 << 14) | (V35 >> 18)) ^ V31; - V31 = ((V31 << 10) | (V31 >> 22)) ^ V35; - V35 = (V35 << 1) | (V35 >> 31); - V36 ^= V32; - V32 = ((V32 << 2) | (V32 >> 30)) ^ V36; - V36 = ((V36 << 14) | (V36 >> 18)) ^ V32; - V32 = ((V32 << 10) | (V32 >> 22)) ^ V36; - V36 = (V36 << 1) | (V36 >> 31); - V37 ^= V33; - V33 = ((V33 << 2) | (V33 >> 30)) ^ V37; - V37 = ((V37 << 14) | (V37 >> 18)) ^ V33; - V33 = ((V33 << 10) | (V33 >> 22)) ^ V37; - V37 = (V37 << 1) | (V37 >> 31); - V30 ^= RC30_512[r]; - V34 ^= RC34_512[r]; + tmp = V30 + V30 |= V31 + V32 ^= V33 + V31 = ^V31 + V30 ^= V33 + V33 &= tmp + V31 ^= V33 + V33 ^= V32 + V32 &= V30 + V30 = ^V30 + V32 ^= V31 + V31 |= V33 + tmp ^= V31 + V33 ^= V32 + V32 &= V31 + V31 ^= V30 + V30 = tmp + tmp = V35 + V35 |= V36 + V37 ^= V34 + V36 = ^V36 + V35 ^= V34 + V34 &= tmp + V36 ^= V34 + V34 ^= V37 + V37 &= V35 + V35 = ^V35 + V37 ^= V36 + V36 |= V34 + tmp ^= V36 + V34 ^= V37 + V37 &= V36 + V36 ^= V35 + V35 = tmp + V34 ^= V30 + V30 = ((V30 << 2) | (V30 >> 30)) ^ V34 + V34 = ((V34 << 14) | (V34 >> 18)) ^ V30 + V30 = ((V30 << 10) | (V30 >> 22)) ^ V34 + V34 = (V34 << 1) | (V34 >> 31) + V35 ^= V31 + V31 = ((V31 << 2) | (V31 >> 30)) ^ V35 + V35 = ((V35 << 14) | (V35 >> 18)) ^ V31 + V31 = ((V31 << 10) | (V31 >> 22)) ^ V35 + V35 = (V35 << 1) | (V35 >> 31) + V36 ^= V32 + V32 = ((V32 << 2) | (V32 >> 30)) ^ V36 + V36 = ((V36 << 14) | (V36 >> 18)) ^ V32 + V32 = ((V32 << 10) | (V32 >> 22)) ^ V36 + V36 = (V36 << 1) | (V36 >> 31) + V37 ^= V33 + V33 = ((V33 << 2) | (V33 >> 30)) ^ V37 + V37 = ((V37 << 14) | (V37 >> 18)) ^ V33 + V33 = ((V33 << 10) | (V33 >> 22)) ^ V37 + V37 = (V37 << 1) | (V37 >> 31) + V30 ^= RC30_512[r] + V34 ^= RC34_512[r] } for r := 0; r < 8; r++ { - tmp = V40; - V40 |= V41; - V42 ^= V43; - V41 = ^V41; - V40 ^= V43; - V43 &= tmp; - V41 ^= V43; - V43 ^= V42; - V42 &= V40; - V40 = ^V40; - V42 ^= V41; - V41 |= V43; - tmp ^= V41; - V43 ^= V42; - V42 &= V41; - V41 ^= V40; - V40 = tmp; - tmp = V45; - V45 |= V46; - V47 ^= V44; - V46 = ^V46; - V45 ^= V44; - V44 &= tmp; - V46 ^= V44; - V44 ^= V47; - V47 &= V45; - V45 = ^V45; - V47 ^= V46; - V46 |= V44; - tmp ^= V46; - V44 ^= V47; - V47 &= V46; - V46 ^= V45; - V45 = tmp; - V44 ^= V40; - V40 = ((V40 << 2) | (V40 >> 30)) ^ V44; - V44 = ((V44 << 14) | (V44 >> 18)) ^ V40; - V40 = ((V40 << 10) | (V40 >> 22)) ^ V44; - V44 = (V44 << 1) | (V44 >> 31); - V45 ^= V41; - V41 = ((V41 << 2) | (V41 >> 30)) ^ V45; - V45 = ((V45 << 14) | (V45 >> 18)) ^ V41; - V41 = ((V41 << 10) | (V41 >> 22)) ^ V45; - V45 = (V45 << 1) | (V45 >> 31); - V46 ^= V42; - V42 = ((V42 << 2) | (V42 >> 30)) ^ V46; - V46 = ((V46 << 14) | (V46 >> 18)) ^ V42; - V42 = ((V42 << 10) | (V42 >> 22)) ^ V46; - V46 = (V46 << 1) | (V46 >> 31); - V47 ^= V43; - V43 = ((V43 << 2) | (V43 >> 30)) ^ V47; - V47 = ((V47 << 14) | (V47 >> 18)) ^ V43; - V43 = ((V43 << 10) | (V43 >> 22)) ^ V47; - V47 = (V47 << 1) | (V47 >> 31); - V40 ^= RC40_512[r]; - V44 ^= RC44_512[r]; + tmp = V40 + V40 |= V41 + V42 ^= V43 + V41 = ^V41 + V40 ^= V43 + V43 &= tmp + V41 ^= V43 + V43 ^= V42 + V42 &= V40 + V40 = ^V40 + V42 ^= V41 + V41 |= V43 + tmp ^= V41 + V43 ^= V42 + V42 &= V41 + V41 ^= V40 + V40 = tmp + tmp = V45 + V45 |= V46 + V47 ^= V44 + V46 = ^V46 + V45 ^= V44 + V44 &= tmp + V46 ^= V44 + V44 ^= V47 + V47 &= V45 + V45 = ^V45 + V47 ^= V46 + V46 |= V44 + tmp ^= V46 + V44 ^= V47 + V47 &= V46 + V46 ^= V45 + V45 = tmp + V44 ^= V40 + V40 = ((V40 << 2) | (V40 >> 30)) ^ V44 + V44 = ((V44 << 14) | (V44 >> 18)) ^ V40 + V40 = ((V40 << 10) | (V40 >> 22)) ^ V44 + V44 = (V44 << 1) | (V44 >> 31) + V45 ^= V41 + V41 = ((V41 << 2) | (V41 >> 30)) ^ V45 + V45 = ((V45 << 14) | (V45 >> 18)) ^ V41 + V41 = ((V41 << 10) | (V41 >> 22)) ^ V45 + V45 = (V45 << 1) | (V45 >> 31) + V46 ^= V42 + V42 = ((V42 << 2) | (V42 >> 30)) ^ V46 + V46 = ((V46 << 14) | (V46 >> 18)) ^ V42 + V42 = ((V42 << 10) | (V42 >> 22)) ^ V46 + V46 = (V46 << 1) | (V46 >> 31) + V47 ^= V43 + V43 = ((V43 << 2) | (V43 >> 30)) ^ V47 + V47 = ((V47 << 14) | (V47 >> 18)) ^ V43 + V43 = ((V43 << 10) | (V43 >> 22)) ^ V47 + V47 = (V47 << 1) | (V47 >> 31) + V40 ^= RC40_512[r] + V44 ^= RC44_512[r] } d.V00 = V00 diff --git a/rabin/chunker.go b/rabin/chunker.go index 297ec52..d6de13e 100644 --- a/rabin/chunker.go +++ b/rabin/chunker.go @@ -4,6 +4,22 @@ import ( "io" ) +type errReadZero struct{} + +func (e *errReadZero) Error() string { + return "io.Reader returned 0 bytes and no error" +} + +// A Discarder supports discarding bytes from an input stream. +type Discarder interface { + // Discard skips the next n bytes, returning the number of + // bytes discarded. + // + // If Discard skips fewer than n bytes, it also returns an + // error. Discard must not skip beyond the end of the file. + Discard(n int) (discarded int, err error) +} + // A Chunker performs content-defined chunking. It divides a sequence // of bytes into chunks such that insertions and deletions in the // sequence will only affect chunk boundaries near those @@ -32,16 +48,6 @@ type Chunker struct { ioErr error } -// A Discarder supports discarding bytes from an input stream. -type Discarder interface { - // Discard skips the next n bytes, returning the number of - // bytes discarded. - // - // If Discard skips fewer than n bytes, it also returns an - // error. Discard must not skip beyond the end of the file. - Discard(n int) (discarded int, err error) -} - // NewChunker returns a content-defined chunker for data read from r // using the Rabin hash defined by table. The chunks produced by this // Chunker will be at least minBytes and at most maxBytes large and @@ -262,9 +268,3 @@ func (c *Chunker) more() error { c.ioErr = err return err } - -type errReadZero struct{} - -func (e *errReadZero) Error() string { - return "io.Reader returned 0 bytes and no error" -} diff --git a/rabin/digest.go b/rabin/digest.go new file mode 100644 index 0000000..27e64a5 --- /dev/null +++ b/rabin/digest.go @@ -0,0 +1,127 @@ +package rabin + +// digest computes Rabin hashes (often called fingerprints). +// +// digest implements hash.Hash64. +type digest struct { + tab *Table + hash uint64 + msg []byte + pos int +} + +// New returns a new Rabin hash using the polynomial and window size +// represented by table. +func newDigest(table *Table) *digest { + d := new(digest) + d.tab = table + + if table.window > 0 { + // Leading zeros don't affect the hash, so we can + // start with a full window of zeros and keep the + // later logic simpler. + d.msg = make([]byte, table.window) + } + + return d +} + +// Reset resets h to its initial state. +func (h *digest) Reset() { + h.hash = 0 + if h.msg != nil { + for i := range h.msg { + h.msg[i] = 0 + } + h.pos = 0 + } +} + +// Size returns the number of bytes Sum will append. This is the +// minimum number of bytes necessary to represent the hash. +func (h *digest) Size() int { + bits := h.tab.degree + 1 + return (bits + 7) / 8 +} + +// BlockSize returns the window size if a window is configured, and +// otherwise returns 1. +// +// This satisfies the hash.Hash interface and indicates that Write is +// most efficient if writes are a multiple of the returned size. +func (h *digest) BlockSize() int { + if h.msg != nil { + return len(h.msg) + } + + return 1 +} + +// Write adds p to the running hash h. +// +// If h is windowed, this may also expire previously written bytes +// from the running hash so that h represents the hash of only the +// most recently written window bytes. +// +// It always returns len(p), nil. +func (h *digest) Write(p []byte) (n int, err error) { + n = len(p) + + if h.msg == nil { + h.hash = h.tab.update(h.hash, p) + return + } + + window := len(h.msg) + if len(p) >= window { + // p covers the entire window. Discard our entire + // state and just hash the last window bytes of p. + p = p[len(p)-window:] + copy(h.msg, p) + + h.pos, h.hash = 0, 0 + h.hash = h.tab.update(h.hash, p) + return + } + + // Add and remove bytes as we overwrite them in the window. + tab := h.tab + pos, hash, shift := h.pos, h.hash, tab.shift%64 + for _, b := range p { + pop := h.msg[pos] + h.msg[pos] = b + if pos++; pos == window { + pos = 0 + } + + hash ^= tab.pop[pop] + top := uint8(hash >> shift) + hash = (hash<<8 | uint64(b)) ^ tab.push[top] + } + + h.pos, h.hash = int(pos), hash + return +} + +// Sum appends the least-significant byte first representation of the +// current hash to b and returns the resulting slice. +func (h *digest) Sum(in []byte) []byte { + // Make a copy of d so that caller can keep writing and summing. + d0 := *h + hash := d0.checkSum() + return append(in, hash[:]...) +} + +func (h *digest) checkSum() []byte { + var hbytes [8]byte + for i := range hbytes { + hbytes[i] = byte(h.hash >> uint(i*8)) + } + + return hbytes[:h.Size()] +} + +// Sum64 returns the hash of all bytes written to h. +func (h *digest) Sum64() uint64 { + return h.hash +} diff --git a/rabin/rabin.go b/rabin/rabin.go index 7c12a25..f8032f7 100644 --- a/rabin/rabin.go +++ b/rabin/rabin.go @@ -1,4 +1,10 @@ // Package rabin implements Rabin hashing (fingerprinting). +package rabin + +import ( + "hash" +) + // // A given Rabin hash function is defined by a polynomial over GF(2): // @@ -21,248 +27,9 @@ // (1981). "Fingerprinting by Random Polynomials." Center for Research // in Computing Technology, Harvard University. Tech Report // TR-CSE-03-01. -package rabin - -// Poly64 is an 64-bit (degree 63) irreducible polynomial over GF(2). -// -// This is a convenient polynomial to use for computing 64-bit Rabin -// hashes. -const Poly64 = 0xbfe6b8a5bf378d83 - -// Table is a set of pre-computed tables for computing Rabin -// fingerprints for a given polynomial and window size. -type Table struct { - push [256]uint64 - pop [256]uint64 - degree int - shift uint - window int -} - -// NewTable returns a Table for constructing Rabin hashes using the -// polynomial -// -// p(x) = ... + p₂x² + p₁x + p₀ where pₙ ∈ GF(2) -// -// where pₙ = (polynomial >> n) & 1. This polynomial must be -// irreducible and must have degree >= 8. The number of bits in the -// resulting hash values will be the same as the number of bits in -// polynomial. -// -// This package defines Poly64 as a convenient 64-bit irreducible -// polynomial that can be used with this function. -// -// If window > 0, hashes constructed from this Table will be rolling -// hash over only the most recently written window bytes of data. -func NewTable(polynomial uint64, window int) *Table { - tab := &Table{} - p := newPolyGF2(polynomial) - tab.degree = p.Degree() - if tab.degree < 8 { - panic("polynomial must have degree >= 8") - } - tab.shift = uint(tab.degree - 8) - tab.window = window - - // Pre-compute the push table. - var f, f2 polyGF2 - for i := 0; i < 256; i++ { - // We shift out 8 bits of the hash at a time, so - // pre-compute the update (i(x) * xⁿ mod p(x)) for all - // possible top 8 bits of the hash. - f.coeff.SetInt64(int64(i)) - f.MulX(&f, p.Degree()) - f2.Mod(&f, p) - // To avoid explicitly masking away the bits that we - // want to shift out of the hash, we add in (i(x) * - // x^n). This is exactly equal to the bits we want to - // mask out, so when we xor with this, it will take - // care of zeroing out these bits. - f.Add(&f, &f2) - tab.push[i] = f.coeff.Uint64() - } - - // Pre-compute the pop table. - if window > 0 { - for i := 0; i < 256; i++ { - f.coeff.SetInt64(int64(i)) - f.MulX(&f, (window-1)*8) - f2.Mod(&f, p) - tab.pop[i] = f2.coeff.Uint64() - } - } - - return tab -} - -// update updates the hash as if p had been appended to the currently -// hashed message. -func (tab *Table) update(hash uint64, p []byte) uint64 { - // Given the current message - // - // m(x) = ... + m₂x² + m₁x + m₀ - // - // and hash - // - // h(x) = m(x) mod p(x) - // - // we can extend the message by one bit b: - // - // m'(x) = ... + m₂x³ + m₁x² + m₀x + b = m(x)*x + b - // - // This yields the hash update: - // - // h'(x) = m'(x) mod p(x) - // = (m(x)*x + b) mod p(x) - // = ((m(x) mod p(x)) * x + b) mod p(x) - // = (h(x)*x + b) mod p(x) - // = hₙ₋₂xⁿ⁻¹ + ... + h₀x + b + hₙ₋₁(pₙ₋₁xⁿ⁻¹ + ... + p₀) - // - // where n is the degree of p(x). - // - // In general, we can extend the hash with any i bit message - // m2 using the fact that - // - // r(concat(m1, m2)) = r(r(m1) * r(xⁱ)) + r(m2) - // - // where r(M) = M(x) mod p(x). Below, we update it 8 bits at a - // time and, since we require p(x) to have degree >= 8, this - // simplifies to - // - // r(concat(m1, m2)) = r(r(m1) * x⁸) + m2 - // - // r(m1) is the current hash value. Multiplication by x⁸ is a - // shift. We can compute r(r(m1) * x⁸) using the lookup table - // we constructed in New. - shift := tab.shift % 64 // shift%64 eliminates checks below - for _, b := range p { - top := uint8(hash >> shift) - hash = (hash<<8 | uint64(b)) ^ tab.push[top] - } - - return hash -} - -// Hash computes Rabin hashes (often called fingerprints). -// -// Hash implements hash.Hash64. -type Hash struct { - tab *Table - hash uint64 - msg []byte - pos int -} // New returns a new Rabin hash using the polynomial and window size // represented by table. -func New(table *Table) *Hash { - hash := &Hash{tab: table} - if table.window > 0 { - // Leading zeros don't affect the hash, so we can - // start with a full window of zeros and keep the - // later logic simpler. - hash.msg = make([]byte, table.window) - } - - return hash -} - -// Reset resets h to its initial state. -func (h *Hash) Reset() { - h.hash = 0 - if h.msg != nil { - for i := range h.msg { - h.msg[i] = 0 - } - h.pos = 0 - } -} - -// Size returns the number of bytes Sum will append. This is the -// minimum number of bytes necessary to represent the hash. -func (h *Hash) Size() int { - bits := h.tab.degree + 1 - return (bits + 7) / 8 -} - -// BlockSize returns the window size if a window is configured, and -// otherwise returns 1. -// -// This satisfies the hash.Hash interface and indicates that Write is -// most efficient if writes are a multiple of the returned size. -func (h *Hash) BlockSize() int { - if h.msg != nil { - return len(h.msg) - } - - return 1 -} - -// Write adds p to the running hash h. -// -// If h is windowed, this may also expire previously written bytes -// from the running hash so that h represents the hash of only the -// most recently written window bytes. -// -// It always returns len(p), nil. -func (h *Hash) Write(p []byte) (n int, err error) { - n = len(p) - - if h.msg == nil { - h.hash = h.tab.update(h.hash, p) - return - } - - window := len(h.msg) - if len(p) >= window { - // p covers the entire window. Discard our entire - // state and just hash the last window bytes of p. - p = p[len(p)-window:] - copy(h.msg, p) - - h.pos, h.hash = 0, 0 - h.hash = h.tab.update(h.hash, p) - return - } - - // Add and remove bytes as we overwrite them in the window. - tab := h.tab - pos, hash, shift := h.pos, h.hash, tab.shift%64 - for _, b := range p { - pop := h.msg[pos] - h.msg[pos] = b - if pos++; pos == window { - pos = 0 - } - - hash ^= tab.pop[pop] - top := uint8(hash >> shift) - hash = (hash<<8 | uint64(b)) ^ tab.push[top] - } - - h.pos, h.hash = int(pos), hash - return -} - -// Sum appends the least-significant byte first representation of the -// current hash to b and returns the resulting slice. -func (h *Hash) Sum(in []byte) []byte { - // Make a copy of d so that caller can keep writing and summing. - d0 := *h - hash := d0.checkSum() - return append(in, hash[:]...) -} - -func (h *Hash) checkSum() []byte { - var hbytes [8]byte - for i := range hbytes { - hbytes[i] = byte(h.hash >> uint(i*8)) - } - - return hbytes[:h.Size()] -} - -// Sum64 returns the hash of all bytes written to h. -func (h *Hash) Sum64() uint64 { - return h.hash +func New(table *Table) hash.Hash64 { + return newDigest(table) } diff --git a/rabin/table.go b/rabin/table.go new file mode 100644 index 0000000..2b2e921 --- /dev/null +++ b/rabin/table.go @@ -0,0 +1,121 @@ +package rabin + +// Poly64 is an 64-bit (degree 63) irreducible polynomial over GF(2). +// +// This is a convenient polynomial to use for computing 64-bit Rabin +// hashes. +const Poly64 = 0xbfe6b8a5bf378d83 + +// Table is a set of pre-computed tables for computing Rabin +// fingerprints for a given polynomial and window size. +type Table struct { + push [256]uint64 + pop [256]uint64 + degree int + shift uint + window int +} + +// NewTable returns a Table for constructing Rabin hashes using the +// polynomial +// +// p(x) = ... + p₂x² + p₁x + p₀ where pₙ ∈ GF(2) +// +// where pₙ = (polynomial >> n) & 1. This polynomial must be +// irreducible and must have degree >= 8. The number of bits in the +// resulting hash values will be the same as the number of bits in +// polynomial. +// +// This package defines Poly64 as a convenient 64-bit irreducible +// polynomial that can be used with this function. +// +// If window > 0, hashes constructed from this Table will be rolling +// hash over only the most recently written window bytes of data. +func NewTable(polynomial uint64, window int) *Table { + tab := &Table{} + p := newPolyGF2(polynomial) + tab.degree = p.Degree() + if tab.degree < 8 { + panic("polynomial must have degree >= 8") + } + tab.shift = uint(tab.degree - 8) + tab.window = window + + // Pre-compute the push table. + var f, f2 polyGF2 + for i := 0; i < 256; i++ { + // We shift out 8 bits of the hash at a time, so + // pre-compute the update (i(x) * xⁿ mod p(x)) for all + // possible top 8 bits of the hash. + f.coeff.SetInt64(int64(i)) + f.MulX(&f, p.Degree()) + f2.Mod(&f, p) + // To avoid explicitly masking away the bits that we + // want to shift out of the hash, we add in (i(x) * + // x^n). This is exactly equal to the bits we want to + // mask out, so when we xor with this, it will take + // care of zeroing out these bits. + f.Add(&f, &f2) + tab.push[i] = f.coeff.Uint64() + } + + // Pre-compute the pop table. + if window > 0 { + for i := 0; i < 256; i++ { + f.coeff.SetInt64(int64(i)) + f.MulX(&f, (window-1)*8) + f2.Mod(&f, p) + tab.pop[i] = f2.coeff.Uint64() + } + } + + return tab +} + +// update updates the hash as if p had been appended to the currently +// hashed message. +func (tab *Table) update(hash uint64, p []byte) uint64 { + // Given the current message + // + // m(x) = ... + m₂x² + m₁x + m₀ + // + // and hash + // + // h(x) = m(x) mod p(x) + // + // we can extend the message by one bit b: + // + // m'(x) = ... + m₂x³ + m₁x² + m₀x + b = m(x)*x + b + // + // This yields the hash update: + // + // h'(x) = m'(x) mod p(x) + // = (m(x)*x + b) mod p(x) + // = ((m(x) mod p(x)) * x + b) mod p(x) + // = (h(x)*x + b) mod p(x) + // = hₙ₋₂xⁿ⁻¹ + ... + h₀x + b + hₙ₋₁(pₙ₋₁xⁿ⁻¹ + ... + p₀) + // + // where n is the degree of p(x). + // + // In general, we can extend the hash with any i bit message + // m2 using the fact that + // + // r(concat(m1, m2)) = r(r(m1) * r(xⁱ)) + r(m2) + // + // where r(M) = M(x) mod p(x). Below, we update it 8 bits at a + // time and, since we require p(x) to have degree >= 8, this + // simplifies to + // + // r(concat(m1, m2)) = r(r(m1) * x⁸) + m2 + // + // r(m1) is the current hash value. Multiplication by x⁸ is a + // shift. We can compute r(r(m1) * x⁸) using the lookup table + // we constructed in New. + shift := tab.shift % 64 // shift%64 eliminates checks below + for _, b := range p { + top := uint8(hash >> shift) + hash = (hash<<8 | uint64(b)) ^ tab.push[top] + } + + return hash +} diff --git a/radio_gatun/digest32.go b/radio_gatun/digest32.go index 9fbfd98..b676ff0 100644 --- a/radio_gatun/digest32.go +++ b/radio_gatun/digest32.go @@ -102,33 +102,33 @@ func (d *digest32) checkSum() (out []byte) { } func (d *digest32) processBlock(data []byte) { - var a00 = d.a[ 0]; - var a01 = d.a[ 1]; - var a02 = d.a[ 2]; - var a03 = d.a[ 3]; - var a04 = d.a[ 4]; - var a05 = d.a[ 5]; - var a06 = d.a[ 6]; - var a07 = d.a[ 7]; - var a08 = d.a[ 8]; - var a09 = d.a[ 9]; - var a10 = d.a[10]; - var a11 = d.a[11]; - var a12 = d.a[12]; - var a13 = d.a[13]; - var a14 = d.a[14]; - var a15 = d.a[15]; - var a16 = d.a[16]; - var a17 = d.a[17]; - var a18 = d.a[18]; - - dp := 0; + var a00 = d.a[ 0] + var a01 = d.a[ 1] + var a02 = d.a[ 2] + var a03 = d.a[ 3] + var a04 = d.a[ 4] + var a05 = d.a[ 5] + var a06 = d.a[ 6] + var a07 = d.a[ 7] + var a08 = d.a[ 8] + var a09 = d.a[ 9] + var a10 = d.a[10] + var a11 = d.a[11] + var a12 = d.a[12] + var a13 = d.a[13] + var a14 = d.a[14] + var a15 = d.a[15] + var a16 = d.a[16] + var a17 = d.a[17] + var a18 = d.a[18] + + dp := 0 for mk := 12; mk >= 0; mk-- { - var p0 = getu32(data[dp + 0:]); - var p1 = getu32(data[dp + 4:]); - var p2 = getu32(data[dp + 8:]); + var p0 = getu32(data[dp + 0:]) + var p1 = getu32(data[dp + 4:]) + var p2 = getu32(data[dp + 8:]) - dp += 12; + dp += 12 var bj int if mk == 12 { @@ -137,330 +137,330 @@ func (d *digest32) processBlock(data []byte) { bj = 3 * (mk + 1) } - d.b[bj + 0] ^= p0; - d.b[bj + 1] ^= p1; - d.b[bj + 2] ^= p2; - a16 ^= p0; - a17 ^= p1; - a18 ^= p2; + d.b[bj + 0] ^= p0 + d.b[bj + 1] ^= p1 + d.b[bj + 2] ^= p2 + a16 ^= p0 + a17 ^= p1 + a18 ^= p2 - bj = mk * 3; + bj = mk * 3 bj += 3 if bj == 39 { - bj = 0; + bj = 0 } - d.b[bj + 0] ^= a01; + d.b[bj + 0] ^= a01 bj += 3 if bj == 39 { - bj = 0; + bj = 0 } - d.b[bj + 1] ^= a02; + d.b[bj + 1] ^= a02 bj += 3 if bj == 39 { - bj = 0; + bj = 0 } - d.b[bj + 2] ^= a03; + d.b[bj + 2] ^= a03 bj += 3 if bj == 39 { - bj = 0; + bj = 0 } - d.b[bj + 0] ^= a04; + d.b[bj + 0] ^= a04 bj += 3 if bj == 39 { - bj = 0; + bj = 0 } - d.b[bj + 1] ^= a05; + d.b[bj + 1] ^= a05 bj += 3 if bj == 39 { - bj = 0; + bj = 0 } - d.b[bj + 2] ^= a06; + d.b[bj + 2] ^= a06 bj += 3 if bj == 39 { - bj = 0; + bj = 0 } - d.b[bj + 0] ^= a07; + d.b[bj + 0] ^= a07 bj += 3 if bj == 39 { - bj = 0; + bj = 0 } - d.b[bj + 1] ^= a08; + d.b[bj + 1] ^= a08 bj += 3 if bj == 39 { - bj = 0; + bj = 0 } - d.b[bj + 2] ^= a09; + d.b[bj + 2] ^= a09 bj += 3 if bj == 39 { - bj = 0; + bj = 0 } - d.b[bj + 0] ^= a10; + d.b[bj + 0] ^= a10 bj += 3 if bj == 39 { - bj = 0; + bj = 0 } - d.b[bj + 1] ^= a11; + d.b[bj + 1] ^= a11 bj += 3 if bj == 39 { - bj = 0; + bj = 0 } - d.b[bj + 2] ^= a12; - - var t00 = a00 ^ (a01 | ^a02); - var t01 = a01 ^ (a02 | ^a03); - var t02 = a02 ^ (a03 | ^a04); - var t03 = a03 ^ (a04 | ^a05); - var t04 = a04 ^ (a05 | ^a06); - var t05 = a05 ^ (a06 | ^a07); - var t06 = a06 ^ (a07 | ^a08); - var t07 = a07 ^ (a08 | ^a09); - var t08 = a08 ^ (a09 | ^a10); - var t09 = a09 ^ (a10 | ^a11); - var t10 = a10 ^ (a11 | ^a12); - var t11 = a11 ^ (a12 | ^a13); - var t12 = a12 ^ (a13 | ^a14); - var t13 = a13 ^ (a14 | ^a15); - var t14 = a14 ^ (a15 | ^a16); - var t15 = a15 ^ (a16 | ^a17); - var t16 = a16 ^ (a17 | ^a18); - var t17 = a17 ^ (a18 | ^a00); - var t18 = a18 ^ (a00 | ^a01); - - a00 = t00; - a01 = (t07 << 31) | (t07 >> 1); - a02 = (t14 << 29) | (t14 >> 3); - a03 = (t02 << 26) | (t02 >> 6); - a04 = (t09 << 22) | (t09 >> 10); - a05 = (t16 << 17) | (t16 >> 15); - a06 = (t04 << 11) | (t04 >> 21); - a07 = (t11 << 4) | (t11 >> 28); - a08 = (t18 << 28) | (t18 >> 4); - a09 = (t06 << 19) | (t06 >> 13); - a10 = (t13 << 9) | (t13 >> 23); - a11 = (t01 << 30) | (t01 >> 2); - a12 = (t08 << 18) | (t08 >> 14); - a13 = (t15 << 5) | (t15 >> 27); - a14 = (t03 << 23) | (t03 >> 9); - a15 = (t10 << 8) | (t10 >> 24); - a16 = (t17 << 24) | (t17 >> 8); - a17 = (t05 << 7) | (t05 >> 25); - a18 = (t12 << 21) | (t12 >> 11); - - t00 = a00 ^ a01 ^ a04; - t01 = a01 ^ a02 ^ a05; - t02 = a02 ^ a03 ^ a06; - t03 = a03 ^ a04 ^ a07; - t04 = a04 ^ a05 ^ a08; - t05 = a05 ^ a06 ^ a09; - t06 = a06 ^ a07 ^ a10; - t07 = a07 ^ a08 ^ a11; - t08 = a08 ^ a09 ^ a12; - t09 = a09 ^ a10 ^ a13; - t10 = a10 ^ a11 ^ a14; - t11 = a11 ^ a12 ^ a15; - t12 = a12 ^ a13 ^ a16; - t13 = a13 ^ a14 ^ a17; - t14 = a14 ^ a15 ^ a18; - t15 = a15 ^ a16 ^ a00; - t16 = a16 ^ a17 ^ a01; - t17 = a17 ^ a18 ^ a02; - t18 = a18 ^ a00 ^ a03; - - a00 = t00 ^ 1; - a01 = t01; - a02 = t02; - a03 = t03; - a04 = t04; - a05 = t05; - a06 = t06; - a07 = t07; - a08 = t08; - a09 = t09; - a10 = t10; - a11 = t11; - a12 = t12; - a13 = t13; - a14 = t14; - a15 = t15; - a16 = t16; - a17 = t17; - a18 = t18; - - bj = mk * 3; - a13 ^= d.b[bj + 0]; - a14 ^= d.b[bj + 1]; - a15 ^= d.b[bj + 2]; + d.b[bj + 2] ^= a12 + + var t00 = a00 ^ (a01 | ^a02) + var t01 = a01 ^ (a02 | ^a03) + var t02 = a02 ^ (a03 | ^a04) + var t03 = a03 ^ (a04 | ^a05) + var t04 = a04 ^ (a05 | ^a06) + var t05 = a05 ^ (a06 | ^a07) + var t06 = a06 ^ (a07 | ^a08) + var t07 = a07 ^ (a08 | ^a09) + var t08 = a08 ^ (a09 | ^a10) + var t09 = a09 ^ (a10 | ^a11) + var t10 = a10 ^ (a11 | ^a12) + var t11 = a11 ^ (a12 | ^a13) + var t12 = a12 ^ (a13 | ^a14) + var t13 = a13 ^ (a14 | ^a15) + var t14 = a14 ^ (a15 | ^a16) + var t15 = a15 ^ (a16 | ^a17) + var t16 = a16 ^ (a17 | ^a18) + var t17 = a17 ^ (a18 | ^a00) + var t18 = a18 ^ (a00 | ^a01) + + a00 = t00 + a01 = (t07 << 31) | (t07 >> 1) + a02 = (t14 << 29) | (t14 >> 3) + a03 = (t02 << 26) | (t02 >> 6) + a04 = (t09 << 22) | (t09 >> 10) + a05 = (t16 << 17) | (t16 >> 15) + a06 = (t04 << 11) | (t04 >> 21) + a07 = (t11 << 4) | (t11 >> 28) + a08 = (t18 << 28) | (t18 >> 4) + a09 = (t06 << 19) | (t06 >> 13) + a10 = (t13 << 9) | (t13 >> 23) + a11 = (t01 << 30) | (t01 >> 2) + a12 = (t08 << 18) | (t08 >> 14) + a13 = (t15 << 5) | (t15 >> 27) + a14 = (t03 << 23) | (t03 >> 9) + a15 = (t10 << 8) | (t10 >> 24) + a16 = (t17 << 24) | (t17 >> 8) + a17 = (t05 << 7) | (t05 >> 25) + a18 = (t12 << 21) | (t12 >> 11) + + t00 = a00 ^ a01 ^ a04 + t01 = a01 ^ a02 ^ a05 + t02 = a02 ^ a03 ^ a06 + t03 = a03 ^ a04 ^ a07 + t04 = a04 ^ a05 ^ a08 + t05 = a05 ^ a06 ^ a09 + t06 = a06 ^ a07 ^ a10 + t07 = a07 ^ a08 ^ a11 + t08 = a08 ^ a09 ^ a12 + t09 = a09 ^ a10 ^ a13 + t10 = a10 ^ a11 ^ a14 + t11 = a11 ^ a12 ^ a15 + t12 = a12 ^ a13 ^ a16 + t13 = a13 ^ a14 ^ a17 + t14 = a14 ^ a15 ^ a18 + t15 = a15 ^ a16 ^ a00 + t16 = a16 ^ a17 ^ a01 + t17 = a17 ^ a18 ^ a02 + t18 = a18 ^ a00 ^ a03 + + a00 = t00 ^ 1 + a01 = t01 + a02 = t02 + a03 = t03 + a04 = t04 + a05 = t05 + a06 = t06 + a07 = t07 + a08 = t08 + a09 = t09 + a10 = t10 + a11 = t11 + a12 = t12 + a13 = t13 + a14 = t14 + a15 = t15 + a16 = t16 + a17 = t17 + a18 = t18 + + bj = mk * 3 + a13 ^= d.b[bj + 0] + a14 ^= d.b[bj + 1] + a15 ^= d.b[bj + 2] } - d.a[ 0] = a00; - d.a[ 1] = a01; - d.a[ 2] = a02; - d.a[ 3] = a03; - d.a[ 4] = a04; - d.a[ 5] = a05; - d.a[ 6] = a06; - d.a[ 7] = a07; - d.a[ 8] = a08; - d.a[ 9] = a09; - d.a[10] = a10; - d.a[11] = a11; - d.a[12] = a12; - d.a[13] = a13; - d.a[14] = a14; - d.a[15] = a15; - d.a[16] = a16; - d.a[17] = a17; - d.a[18] = a18; + d.a[ 0] = a00 + d.a[ 1] = a01 + d.a[ 2] = a02 + d.a[ 3] = a03 + d.a[ 4] = a04 + d.a[ 5] = a05 + d.a[ 6] = a06 + d.a[ 7] = a07 + d.a[ 8] = a08 + d.a[ 9] = a09 + d.a[10] = a10 + d.a[11] = a11 + d.a[12] = a12 + d.a[13] = a13 + d.a[14] = a14 + d.a[15] = a15 + d.a[16] = a16 + d.a[17] = a17 + d.a[18] = a18 } func (d *digest32) blank(num int) (out []byte) { - var a00 = d.a[ 0]; - var a01 = d.a[ 1]; - var a02 = d.a[ 2]; - var a03 = d.a[ 3]; - var a04 = d.a[ 4]; - var a05 = d.a[ 5]; - var a06 = d.a[ 6]; - var a07 = d.a[ 7]; - var a08 = d.a[ 8]; - var a09 = d.a[ 9]; - var a10 = d.a[10]; - var a11 = d.a[11]; - var a12 = d.a[12]; - var a13 = d.a[13]; - var a14 = d.a[14]; - var a15 = d.a[15]; - var a16 = d.a[16]; - var a17 = d.a[17]; - var a18 = d.a[18]; + var a00 = d.a[ 0] + var a01 = d.a[ 1] + var a02 = d.a[ 2] + var a03 = d.a[ 3] + var a04 = d.a[ 4] + var a05 = d.a[ 5] + var a06 = d.a[ 6] + var a07 = d.a[ 7] + var a08 = d.a[ 8] + var a09 = d.a[ 9] + var a10 = d.a[10] + var a11 = d.a[11] + var a12 = d.a[12] + var a13 = d.a[13] + var a14 = d.a[14] + var a15 = d.a[15] + var a16 = d.a[16] + var a17 = d.a[17] + var a18 = d.a[18] out = make([]byte, Size32) off := 0 for num > 0 { - d.b[ 0] ^= a01; - d.b[ 4] ^= a02; - d.b[ 8] ^= a03; - d.b[ 9] ^= a04; - d.b[13] ^= a05; - d.b[17] ^= a06; - d.b[18] ^= a07; - d.b[22] ^= a08; - d.b[26] ^= a09; - d.b[27] ^= a10; - d.b[31] ^= a11; - d.b[35] ^= a12; - - var t00 = a00 ^ (a01 | ^a02); - var t01 = a01 ^ (a02 | ^a03); - var t02 = a02 ^ (a03 | ^a04); - var t03 = a03 ^ (a04 | ^a05); - var t04 = a04 ^ (a05 | ^a06); - var t05 = a05 ^ (a06 | ^a07); - var t06 = a06 ^ (a07 | ^a08); - var t07 = a07 ^ (a08 | ^a09); - var t08 = a08 ^ (a09 | ^a10); - var t09 = a09 ^ (a10 | ^a11); - var t10 = a10 ^ (a11 | ^a12); - var t11 = a11 ^ (a12 | ^a13); - var t12 = a12 ^ (a13 | ^a14); - var t13 = a13 ^ (a14 | ^a15); - var t14 = a14 ^ (a15 | ^a16); - var t15 = a15 ^ (a16 | ^a17); - var t16 = a16 ^ (a17 | ^a18); - var t17 = a17 ^ (a18 | ^a00); - var t18 = a18 ^ (a00 | ^a01); - - a00 = t00; - a01 = (t07 << 31) | (t07 >> 1); - a02 = (t14 << 29) | (t14 >> 3); - a03 = (t02 << 26) | (t02 >> 6); - a04 = (t09 << 22) | (t09 >> 10); - a05 = (t16 << 17) | (t16 >> 15); - a06 = (t04 << 11) | (t04 >> 21); - a07 = (t11 << 4) | (t11 >> 28); - a08 = (t18 << 28) | (t18 >> 4); - a09 = (t06 << 19) | (t06 >> 13); - a10 = (t13 << 9) | (t13 >> 23); - a11 = (t01 << 30) | (t01 >> 2); - a12 = (t08 << 18) | (t08 >> 14); - a13 = (t15 << 5) | (t15 >> 27); - a14 = (t03 << 23) | (t03 >> 9); - a15 = (t10 << 8) | (t10 >> 24); - a16 = (t17 << 24) | (t17 >> 8); - a17 = (t05 << 7) | (t05 >> 25); - a18 = (t12 << 21) | (t12 >> 11); - - t00 = a00 ^ a01 ^ a04; - t01 = a01 ^ a02 ^ a05; - t02 = a02 ^ a03 ^ a06; - t03 = a03 ^ a04 ^ a07; - t04 = a04 ^ a05 ^ a08; - t05 = a05 ^ a06 ^ a09; - t06 = a06 ^ a07 ^ a10; - t07 = a07 ^ a08 ^ a11; - t08 = a08 ^ a09 ^ a12; - t09 = a09 ^ a10 ^ a13; - t10 = a10 ^ a11 ^ a14; - t11 = a11 ^ a12 ^ a15; - t12 = a12 ^ a13 ^ a16; - t13 = a13 ^ a14 ^ a17; - t14 = a14 ^ a15 ^ a18; - t15 = a15 ^ a16 ^ a00; - t16 = a16 ^ a17 ^ a01; - t17 = a17 ^ a18 ^ a02; - t18 = a18 ^ a00 ^ a03; - - a00 = t00 ^ 1; - a01 = t01; - a02 = t02; - a03 = t03; - a04 = t04; - a05 = t05; - a06 = t06; - a07 = t07; - a08 = t08; - a09 = t09; - a10 = t10; - a11 = t11; - a12 = t12; - a13 = t13; - a14 = t14; - a15 = t15; - a16 = t16; - a17 = t17; - a18 = t18; - - var bt0 = d.b[36]; - var bt1 = d.b[37]; - var bt2 = d.b[38]; - a13 ^= bt0; - a14 ^= bt1; - a15 ^= bt2; + d.b[ 0] ^= a01 + d.b[ 4] ^= a02 + d.b[ 8] ^= a03 + d.b[ 9] ^= a04 + d.b[13] ^= a05 + d.b[17] ^= a06 + d.b[18] ^= a07 + d.b[22] ^= a08 + d.b[26] ^= a09 + d.b[27] ^= a10 + d.b[31] ^= a11 + d.b[35] ^= a12 + + var t00 = a00 ^ (a01 | ^a02) + var t01 = a01 ^ (a02 | ^a03) + var t02 = a02 ^ (a03 | ^a04) + var t03 = a03 ^ (a04 | ^a05) + var t04 = a04 ^ (a05 | ^a06) + var t05 = a05 ^ (a06 | ^a07) + var t06 = a06 ^ (a07 | ^a08) + var t07 = a07 ^ (a08 | ^a09) + var t08 = a08 ^ (a09 | ^a10) + var t09 = a09 ^ (a10 | ^a11) + var t10 = a10 ^ (a11 | ^a12) + var t11 = a11 ^ (a12 | ^a13) + var t12 = a12 ^ (a13 | ^a14) + var t13 = a13 ^ (a14 | ^a15) + var t14 = a14 ^ (a15 | ^a16) + var t15 = a15 ^ (a16 | ^a17) + var t16 = a16 ^ (a17 | ^a18) + var t17 = a17 ^ (a18 | ^a00) + var t18 = a18 ^ (a00 | ^a01) + + a00 = t00 + a01 = (t07 << 31) | (t07 >> 1) + a02 = (t14 << 29) | (t14 >> 3) + a03 = (t02 << 26) | (t02 >> 6) + a04 = (t09 << 22) | (t09 >> 10) + a05 = (t16 << 17) | (t16 >> 15) + a06 = (t04 << 11) | (t04 >> 21) + a07 = (t11 << 4) | (t11 >> 28) + a08 = (t18 << 28) | (t18 >> 4) + a09 = (t06 << 19) | (t06 >> 13) + a10 = (t13 << 9) | (t13 >> 23) + a11 = (t01 << 30) | (t01 >> 2) + a12 = (t08 << 18) | (t08 >> 14) + a13 = (t15 << 5) | (t15 >> 27) + a14 = (t03 << 23) | (t03 >> 9) + a15 = (t10 << 8) | (t10 >> 24) + a16 = (t17 << 24) | (t17 >> 8) + a17 = (t05 << 7) | (t05 >> 25) + a18 = (t12 << 21) | (t12 >> 11) + + t00 = a00 ^ a01 ^ a04 + t01 = a01 ^ a02 ^ a05 + t02 = a02 ^ a03 ^ a06 + t03 = a03 ^ a04 ^ a07 + t04 = a04 ^ a05 ^ a08 + t05 = a05 ^ a06 ^ a09 + t06 = a06 ^ a07 ^ a10 + t07 = a07 ^ a08 ^ a11 + t08 = a08 ^ a09 ^ a12 + t09 = a09 ^ a10 ^ a13 + t10 = a10 ^ a11 ^ a14 + t11 = a11 ^ a12 ^ a15 + t12 = a12 ^ a13 ^ a16 + t13 = a13 ^ a14 ^ a17 + t14 = a14 ^ a15 ^ a18 + t15 = a15 ^ a16 ^ a00 + t16 = a16 ^ a17 ^ a01 + t17 = a17 ^ a18 ^ a02 + t18 = a18 ^ a00 ^ a03 + + a00 = t00 ^ 1 + a01 = t01 + a02 = t02 + a03 = t03 + a04 = t04 + a05 = t05 + a06 = t06 + a07 = t07 + a08 = t08 + a09 = t09 + a10 = t10 + a11 = t11 + a12 = t12 + a13 = t13 + a14 = t14 + a15 = t15 + a16 = t16 + a17 = t17 + a18 = t18 + + var bt0 = d.b[36] + var bt1 = d.b[37] + var bt2 = d.b[38] + a13 ^= bt0 + a14 ^= bt1 + a15 ^= bt2 copy(d.b[3:], d.b[0:36]) - d.b[0] = bt0; - d.b[1] = bt1; - d.b[2] = bt2; + d.b[0] = bt0 + d.b[1] = bt1 + d.b[2] = bt2 if num <= 4 { putu32(out[off + 0:], a01) putu32(out[off + 4:], a02) - off += 8; + off += 8 } num-- diff --git a/radio_gatun/digest64.go b/radio_gatun/digest64.go index bbbd882..3a7c8ab 100644 --- a/radio_gatun/digest64.go +++ b/radio_gatun/digest64.go @@ -102,33 +102,33 @@ func (d *digest64) checkSum() (out []byte) { } func (d *digest64) processBlock(data []byte) { - var a00 = d.a[ 0]; - var a01 = d.a[ 1]; - var a02 = d.a[ 2]; - var a03 = d.a[ 3]; - var a04 = d.a[ 4]; - var a05 = d.a[ 5]; - var a06 = d.a[ 6]; - var a07 = d.a[ 7]; - var a08 = d.a[ 8]; - var a09 = d.a[ 9]; - var a10 = d.a[10]; - var a11 = d.a[11]; - var a12 = d.a[12]; - var a13 = d.a[13]; - var a14 = d.a[14]; - var a15 = d.a[15]; - var a16 = d.a[16]; - var a17 = d.a[17]; - var a18 = d.a[18]; + var a00 = d.a[ 0] + var a01 = d.a[ 1] + var a02 = d.a[ 2] + var a03 = d.a[ 3] + var a04 = d.a[ 4] + var a05 = d.a[ 5] + var a06 = d.a[ 6] + var a07 = d.a[ 7] + var a08 = d.a[ 8] + var a09 = d.a[ 9] + var a10 = d.a[10] + var a11 = d.a[11] + var a12 = d.a[12] + var a13 = d.a[13] + var a14 = d.a[14] + var a15 = d.a[15] + var a16 = d.a[16] + var a17 = d.a[17] + var a18 = d.a[18] dp := 0 for mk := 12; mk >= 0; mk-- { - var p0 = getu64(data[dp + 0:]); - var p1 = getu64(data[dp + 8:]); - var p2 = getu64(data[dp + 16:]); + var p0 = getu64(data[dp + 0:]) + var p1 = getu64(data[dp + 8:]) + var p2 = getu64(data[dp + 16:]) - dp += 24; + dp += 24 var bj int if mk == 12 { @@ -137,331 +137,331 @@ func (d *digest64) processBlock(data []byte) { bj = 3 * (mk + 1) } - d.b[bj + 0] ^= p0; - d.b[bj + 1] ^= p1; - d.b[bj + 2] ^= p2; - a16 ^= p0; - a17 ^= p1; - a18 ^= p2; + d.b[bj + 0] ^= p0 + d.b[bj + 1] ^= p1 + d.b[bj + 2] ^= p2 + a16 ^= p0 + a17 ^= p1 + a18 ^= p2 - bj = mk * 3; + bj = mk * 3 bj += 3 if bj == 39 { - bj = 0; + bj = 0 } - d.b[bj + 0] ^= a01; + d.b[bj + 0] ^= a01 bj += 3 if bj == 39 { - bj = 0; + bj = 0 } - d.b[bj + 1] ^= a02; + d.b[bj + 1] ^= a02 bj += 3 if bj == 39 { - bj = 0; + bj = 0 } - d.b[bj + 2] ^= a03; + d.b[bj + 2] ^= a03 bj += 3 if bj == 39 { - bj = 0; + bj = 0 } - d.b[bj + 0] ^= a04; + d.b[bj + 0] ^= a04 bj += 3 if bj == 39 { - bj = 0; + bj = 0 } - d.b[bj + 1] ^= a05; + d.b[bj + 1] ^= a05 bj += 3 if bj == 39 { - bj = 0; + bj = 0 } - d.b[bj + 2] ^= a06; + d.b[bj + 2] ^= a06 bj += 3 if bj == 39 { - bj = 0; + bj = 0 } - d.b[bj + 0] ^= a07; + d.b[bj + 0] ^= a07 bj += 3 if bj == 39 { - bj = 0; + bj = 0 } - d.b[bj + 1] ^= a08; + d.b[bj + 1] ^= a08 bj += 3 if bj == 39 { - bj = 0; + bj = 0 } - d.b[bj + 2] ^= a09; + d.b[bj + 2] ^= a09 bj += 3 if bj == 39 { - bj = 0; + bj = 0 } - d.b[bj + 0] ^= a10; + d.b[bj + 0] ^= a10 bj += 3 if bj == 39 { - bj = 0; + bj = 0 } - d.b[bj + 1] ^= a11; + d.b[bj + 1] ^= a11 bj += 3 if bj == 39 { - bj = 0; + bj = 0 } - d.b[bj + 2] ^= a12; - - var t00 = a00 ^ (a01 | ^a02); - var t01 = a01 ^ (a02 | ^a03); - var t02 = a02 ^ (a03 | ^a04); - var t03 = a03 ^ (a04 | ^a05); - var t04 = a04 ^ (a05 | ^a06); - var t05 = a05 ^ (a06 | ^a07); - var t06 = a06 ^ (a07 | ^a08); - var t07 = a07 ^ (a08 | ^a09); - var t08 = a08 ^ (a09 | ^a10); - var t09 = a09 ^ (a10 | ^a11); - var t10 = a10 ^ (a11 | ^a12); - var t11 = a11 ^ (a12 | ^a13); - var t12 = a12 ^ (a13 | ^a14); - var t13 = a13 ^ (a14 | ^a15); - var t14 = a14 ^ (a15 | ^a16); - var t15 = a15 ^ (a16 | ^a17); - var t16 = a16 ^ (a17 | ^a18); - var t17 = a17 ^ (a18 | ^a00); - var t18 = a18 ^ (a00 | ^a01); - - a00 = t00; - a01 = (t07 << 63) | (t07 >> 1); - a02 = (t14 << 61) | (t14 >> 3); - a03 = (t02 << 58) | (t02 >> 6); - a04 = (t09 << 54) | (t09 >> 10); - a05 = (t16 << 49) | (t16 >> 15); - a06 = (t04 << 43) | (t04 >> 21); - a07 = (t11 << 36) | (t11 >> 28); - a08 = (t18 << 28) | (t18 >> 36); - a09 = (t06 << 19) | (t06 >> 45); - a10 = (t13 << 9) | (t13 >> 55); - a11 = (t01 << 62) | (t01 >> 2); - a12 = (t08 << 50) | (t08 >> 14); - a13 = (t15 << 37) | (t15 >> 27); - a14 = (t03 << 23) | (t03 >> 41); - a15 = (t10 << 8) | (t10 >> 56); - a16 = (t17 << 56) | (t17 >> 8); - a17 = (t05 << 39) | (t05 >> 25); - a18 = (t12 << 21) | (t12 >> 43); - - t00 = a00 ^ a01 ^ a04; - t01 = a01 ^ a02 ^ a05; - t02 = a02 ^ a03 ^ a06; - t03 = a03 ^ a04 ^ a07; - t04 = a04 ^ a05 ^ a08; - t05 = a05 ^ a06 ^ a09; - t06 = a06 ^ a07 ^ a10; - t07 = a07 ^ a08 ^ a11; - t08 = a08 ^ a09 ^ a12; - t09 = a09 ^ a10 ^ a13; - t10 = a10 ^ a11 ^ a14; - t11 = a11 ^ a12 ^ a15; - t12 = a12 ^ a13 ^ a16; - t13 = a13 ^ a14 ^ a17; - t14 = a14 ^ a15 ^ a18; - t15 = a15 ^ a16 ^ a00; - t16 = a16 ^ a17 ^ a01; - t17 = a17 ^ a18 ^ a02; - t18 = a18 ^ a00 ^ a03; - - a00 = t00 ^ 1; - a01 = t01; - a02 = t02; - a03 = t03; - a04 = t04; - a05 = t05; - a06 = t06; - a07 = t07; - a08 = t08; - a09 = t09; - a10 = t10; - a11 = t11; - a12 = t12; - a13 = t13; - a14 = t14; - a15 = t15; - a16 = t16; - a17 = t17; - a18 = t18; - - bj = mk * 3; - a13 ^= d.b[bj + 0]; - a14 ^= d.b[bj + 1]; - a15 ^= d.b[bj + 2]; + d.b[bj + 2] ^= a12 + + var t00 = a00 ^ (a01 | ^a02) + var t01 = a01 ^ (a02 | ^a03) + var t02 = a02 ^ (a03 | ^a04) + var t03 = a03 ^ (a04 | ^a05) + var t04 = a04 ^ (a05 | ^a06) + var t05 = a05 ^ (a06 | ^a07) + var t06 = a06 ^ (a07 | ^a08) + var t07 = a07 ^ (a08 | ^a09) + var t08 = a08 ^ (a09 | ^a10) + var t09 = a09 ^ (a10 | ^a11) + var t10 = a10 ^ (a11 | ^a12) + var t11 = a11 ^ (a12 | ^a13) + var t12 = a12 ^ (a13 | ^a14) + var t13 = a13 ^ (a14 | ^a15) + var t14 = a14 ^ (a15 | ^a16) + var t15 = a15 ^ (a16 | ^a17) + var t16 = a16 ^ (a17 | ^a18) + var t17 = a17 ^ (a18 | ^a00) + var t18 = a18 ^ (a00 | ^a01) + + a00 = t00 + a01 = (t07 << 63) | (t07 >> 1) + a02 = (t14 << 61) | (t14 >> 3) + a03 = (t02 << 58) | (t02 >> 6) + a04 = (t09 << 54) | (t09 >> 10) + a05 = (t16 << 49) | (t16 >> 15) + a06 = (t04 << 43) | (t04 >> 21) + a07 = (t11 << 36) | (t11 >> 28) + a08 = (t18 << 28) | (t18 >> 36) + a09 = (t06 << 19) | (t06 >> 45) + a10 = (t13 << 9) | (t13 >> 55) + a11 = (t01 << 62) | (t01 >> 2) + a12 = (t08 << 50) | (t08 >> 14) + a13 = (t15 << 37) | (t15 >> 27) + a14 = (t03 << 23) | (t03 >> 41) + a15 = (t10 << 8) | (t10 >> 56) + a16 = (t17 << 56) | (t17 >> 8) + a17 = (t05 << 39) | (t05 >> 25) + a18 = (t12 << 21) | (t12 >> 43) + + t00 = a00 ^ a01 ^ a04 + t01 = a01 ^ a02 ^ a05 + t02 = a02 ^ a03 ^ a06 + t03 = a03 ^ a04 ^ a07 + t04 = a04 ^ a05 ^ a08 + t05 = a05 ^ a06 ^ a09 + t06 = a06 ^ a07 ^ a10 + t07 = a07 ^ a08 ^ a11 + t08 = a08 ^ a09 ^ a12 + t09 = a09 ^ a10 ^ a13 + t10 = a10 ^ a11 ^ a14 + t11 = a11 ^ a12 ^ a15 + t12 = a12 ^ a13 ^ a16 + t13 = a13 ^ a14 ^ a17 + t14 = a14 ^ a15 ^ a18 + t15 = a15 ^ a16 ^ a00 + t16 = a16 ^ a17 ^ a01 + t17 = a17 ^ a18 ^ a02 + t18 = a18 ^ a00 ^ a03 + + a00 = t00 ^ 1 + a01 = t01 + a02 = t02 + a03 = t03 + a04 = t04 + a05 = t05 + a06 = t06 + a07 = t07 + a08 = t08 + a09 = t09 + a10 = t10 + a11 = t11 + a12 = t12 + a13 = t13 + a14 = t14 + a15 = t15 + a16 = t16 + a17 = t17 + a18 = t18 + + bj = mk * 3 + a13 ^= d.b[bj + 0] + a14 ^= d.b[bj + 1] + a15 ^= d.b[bj + 2] } - d.a[ 0] = a00; - d.a[ 1] = a01; - d.a[ 2] = a02; - d.a[ 3] = a03; - d.a[ 4] = a04; - d.a[ 5] = a05; - d.a[ 6] = a06; - d.a[ 7] = a07; - d.a[ 8] = a08; - d.a[ 9] = a09; - d.a[10] = a10; - d.a[11] = a11; - d.a[12] = a12; - d.a[13] = a13; - d.a[14] = a14; - d.a[15] = a15; - d.a[16] = a16; - d.a[17] = a17; - d.a[18] = a18; + d.a[ 0] = a00 + d.a[ 1] = a01 + d.a[ 2] = a02 + d.a[ 3] = a03 + d.a[ 4] = a04 + d.a[ 5] = a05 + d.a[ 6] = a06 + d.a[ 7] = a07 + d.a[ 8] = a08 + d.a[ 9] = a09 + d.a[10] = a10 + d.a[11] = a11 + d.a[12] = a12 + d.a[13] = a13 + d.a[14] = a14 + d.a[15] = a15 + d.a[16] = a16 + d.a[17] = a17 + d.a[18] = a18 } func (d *digest64) blank(num int) (out []byte) { - var a00 = d.a[ 0]; - var a01 = d.a[ 1]; - var a02 = d.a[ 2]; - var a03 = d.a[ 3]; - var a04 = d.a[ 4]; - var a05 = d.a[ 5]; - var a06 = d.a[ 6]; - var a07 = d.a[ 7]; - var a08 = d.a[ 8]; - var a09 = d.a[ 9]; - var a10 = d.a[10]; - var a11 = d.a[11]; - var a12 = d.a[12]; - var a13 = d.a[13]; - var a14 = d.a[14]; - var a15 = d.a[15]; - var a16 = d.a[16]; - var a17 = d.a[17]; - var a18 = d.a[18]; + var a00 = d.a[ 0] + var a01 = d.a[ 1] + var a02 = d.a[ 2] + var a03 = d.a[ 3] + var a04 = d.a[ 4] + var a05 = d.a[ 5] + var a06 = d.a[ 6] + var a07 = d.a[ 7] + var a08 = d.a[ 8] + var a09 = d.a[ 9] + var a10 = d.a[10] + var a11 = d.a[11] + var a12 = d.a[12] + var a13 = d.a[13] + var a14 = d.a[14] + var a15 = d.a[15] + var a16 = d.a[16] + var a17 = d.a[17] + var a18 = d.a[18] out = make([]byte, Size64) off := 0 for num > 0 { - d.b[ 0] ^= a01; - d.b[ 4] ^= a02; - d.b[ 8] ^= a03; - d.b[ 9] ^= a04; - d.b[13] ^= a05; - d.b[17] ^= a06; - d.b[18] ^= a07; - d.b[22] ^= a08; - d.b[26] ^= a09; - d.b[27] ^= a10; - d.b[31] ^= a11; - d.b[35] ^= a12; - - var t00 = a00 ^ (a01 | ^a02); - var t01 = a01 ^ (a02 | ^a03); - var t02 = a02 ^ (a03 | ^a04); - var t03 = a03 ^ (a04 | ^a05); - var t04 = a04 ^ (a05 | ^a06); - var t05 = a05 ^ (a06 | ^a07); - var t06 = a06 ^ (a07 | ^a08); - var t07 = a07 ^ (a08 | ^a09); - var t08 = a08 ^ (a09 | ^a10); - var t09 = a09 ^ (a10 | ^a11); - var t10 = a10 ^ (a11 | ^a12); - var t11 = a11 ^ (a12 | ^a13); - var t12 = a12 ^ (a13 | ^a14); - var t13 = a13 ^ (a14 | ^a15); - var t14 = a14 ^ (a15 | ^a16); - var t15 = a15 ^ (a16 | ^a17); - var t16 = a16 ^ (a17 | ^a18); - var t17 = a17 ^ (a18 | ^a00); - var t18 = a18 ^ (a00 | ^a01); - - a00 = t00; - a01 = (t07 << 63) | (t07 >> 1); - a02 = (t14 << 61) | (t14 >> 3); - a03 = (t02 << 58) | (t02 >> 6); - a04 = (t09 << 54) | (t09 >> 10); - a05 = (t16 << 49) | (t16 >> 15); - a06 = (t04 << 43) | (t04 >> 21); - a07 = (t11 << 36) | (t11 >> 28); - a08 = (t18 << 28) | (t18 >> 36); - a09 = (t06 << 19) | (t06 >> 45); - a10 = (t13 << 9) | (t13 >> 55); - a11 = (t01 << 62) | (t01 >> 2); - a12 = (t08 << 50) | (t08 >> 14); - a13 = (t15 << 37) | (t15 >> 27); - a14 = (t03 << 23) | (t03 >> 41); - a15 = (t10 << 8) | (t10 >> 56); - a16 = (t17 << 56) | (t17 >> 8); - a17 = (t05 << 39) | (t05 >> 25); - a18 = (t12 << 21) | (t12 >> 43); - - t00 = a00 ^ a01 ^ a04; - t01 = a01 ^ a02 ^ a05; - t02 = a02 ^ a03 ^ a06; - t03 = a03 ^ a04 ^ a07; - t04 = a04 ^ a05 ^ a08; - t05 = a05 ^ a06 ^ a09; - t06 = a06 ^ a07 ^ a10; - t07 = a07 ^ a08 ^ a11; - t08 = a08 ^ a09 ^ a12; - t09 = a09 ^ a10 ^ a13; - t10 = a10 ^ a11 ^ a14; - t11 = a11 ^ a12 ^ a15; - t12 = a12 ^ a13 ^ a16; - t13 = a13 ^ a14 ^ a17; - t14 = a14 ^ a15 ^ a18; - t15 = a15 ^ a16 ^ a00; - t16 = a16 ^ a17 ^ a01; - t17 = a17 ^ a18 ^ a02; - t18 = a18 ^ a00 ^ a03; - - a00 = t00 ^ 1; - a01 = t01; - a02 = t02; - a03 = t03; - a04 = t04; - a05 = t05; - a06 = t06; - a07 = t07; - a08 = t08; - a09 = t09; - a10 = t10; - a11 = t11; - a12 = t12; - a13 = t13; - a14 = t14; - a15 = t15; - a16 = t16; - a17 = t17; - a18 = t18; - - var bt0 = d.b[36]; - var bt1 = d.b[37]; - var bt2 = d.b[38]; - - a13 ^= bt0; - a14 ^= bt1; - a15 ^= bt2; + d.b[ 0] ^= a01 + d.b[ 4] ^= a02 + d.b[ 8] ^= a03 + d.b[ 9] ^= a04 + d.b[13] ^= a05 + d.b[17] ^= a06 + d.b[18] ^= a07 + d.b[22] ^= a08 + d.b[26] ^= a09 + d.b[27] ^= a10 + d.b[31] ^= a11 + d.b[35] ^= a12 + + var t00 = a00 ^ (a01 | ^a02) + var t01 = a01 ^ (a02 | ^a03) + var t02 = a02 ^ (a03 | ^a04) + var t03 = a03 ^ (a04 | ^a05) + var t04 = a04 ^ (a05 | ^a06) + var t05 = a05 ^ (a06 | ^a07) + var t06 = a06 ^ (a07 | ^a08) + var t07 = a07 ^ (a08 | ^a09) + var t08 = a08 ^ (a09 | ^a10) + var t09 = a09 ^ (a10 | ^a11) + var t10 = a10 ^ (a11 | ^a12) + var t11 = a11 ^ (a12 | ^a13) + var t12 = a12 ^ (a13 | ^a14) + var t13 = a13 ^ (a14 | ^a15) + var t14 = a14 ^ (a15 | ^a16) + var t15 = a15 ^ (a16 | ^a17) + var t16 = a16 ^ (a17 | ^a18) + var t17 = a17 ^ (a18 | ^a00) + var t18 = a18 ^ (a00 | ^a01) + + a00 = t00 + a01 = (t07 << 63) | (t07 >> 1) + a02 = (t14 << 61) | (t14 >> 3) + a03 = (t02 << 58) | (t02 >> 6) + a04 = (t09 << 54) | (t09 >> 10) + a05 = (t16 << 49) | (t16 >> 15) + a06 = (t04 << 43) | (t04 >> 21) + a07 = (t11 << 36) | (t11 >> 28) + a08 = (t18 << 28) | (t18 >> 36) + a09 = (t06 << 19) | (t06 >> 45) + a10 = (t13 << 9) | (t13 >> 55) + a11 = (t01 << 62) | (t01 >> 2) + a12 = (t08 << 50) | (t08 >> 14) + a13 = (t15 << 37) | (t15 >> 27) + a14 = (t03 << 23) | (t03 >> 41) + a15 = (t10 << 8) | (t10 >> 56) + a16 = (t17 << 56) | (t17 >> 8) + a17 = (t05 << 39) | (t05 >> 25) + a18 = (t12 << 21) | (t12 >> 43) + + t00 = a00 ^ a01 ^ a04 + t01 = a01 ^ a02 ^ a05 + t02 = a02 ^ a03 ^ a06 + t03 = a03 ^ a04 ^ a07 + t04 = a04 ^ a05 ^ a08 + t05 = a05 ^ a06 ^ a09 + t06 = a06 ^ a07 ^ a10 + t07 = a07 ^ a08 ^ a11 + t08 = a08 ^ a09 ^ a12 + t09 = a09 ^ a10 ^ a13 + t10 = a10 ^ a11 ^ a14 + t11 = a11 ^ a12 ^ a15 + t12 = a12 ^ a13 ^ a16 + t13 = a13 ^ a14 ^ a17 + t14 = a14 ^ a15 ^ a18 + t15 = a15 ^ a16 ^ a00 + t16 = a16 ^ a17 ^ a01 + t17 = a17 ^ a18 ^ a02 + t18 = a18 ^ a00 ^ a03 + + a00 = t00 ^ 1 + a01 = t01 + a02 = t02 + a03 = t03 + a04 = t04 + a05 = t05 + a06 = t06 + a07 = t07 + a08 = t08 + a09 = t09 + a10 = t10 + a11 = t11 + a12 = t12 + a13 = t13 + a14 = t14 + a15 = t15 + a16 = t16 + a17 = t17 + a18 = t18 + + var bt0 = d.b[36] + var bt1 = d.b[37] + var bt2 = d.b[38] + + a13 ^= bt0 + a14 ^= bt1 + a15 ^= bt2 copy(d.b[3:], d.b[0:36]) - d.b[0] = bt0; - d.b[1] = bt1; - d.b[2] = bt2; + d.b[0] = bt0 + d.b[1] = bt1 + d.b[2] = bt2 if num <= 2 { putu64(out[off + 0:], a01) putu64(out[off + 8:], a02) - off += 16; + off += 16 } num-- diff --git a/sha0/digest.go b/sha0/digest.go index c910bd2..e99a0b5 100644 --- a/sha0/digest.go +++ b/sha0/digest.go @@ -107,268 +107,268 @@ func (d *digest) processBlock(data []byte) { var D = currentVal[3] var E = currentVal[4] - var W0 = getu32(data[0:]); - E = ((A << 5) | (A >> 27)) + ((B & C) | (^B & D)) + E + W0 + 0x5A827999; - B = (B << 30) | (B >> 2); - - var W1 = getu32(data[4:]); - D = ((E << 5) | (E >> 27)) + ((A & B) | (^A & C)) + D + W1 + 0x5A827999; - A = (A << 30) | (A >> 2); - - var W2 = getu32(data[8:]); - C = ((D << 5) | (D >> 27)) + ((E & A) | (^E & B)) + C + W2 + 0x5A827999; - E = (E << 30) | (E >> 2); - - var W3 = getu32(data[12:]); - B = ((C << 5) | (C >> 27)) + ((D & E) | (^D & A)) + B + W3 + 0x5A827999; - D = (D << 30) | (D >> 2); - - var W4 = getu32(data[16:]); - A = ((B << 5) | (B >> 27)) + ((C & D) | (^C & E)) + A + W4 + 0x5A827999; - C = (C << 30) | (C >> 2); - - var W5 = getu32(data[20:]); - E = ((A << 5) | (A >> 27)) + ((B & C) | (^B & D)) + E + W5 + 0x5A827999; - B = (B << 30) | (B >> 2); - - var W6 = getu32(data[24:]); - D = ((E << 5) | (E >> 27)) + ((A & B) | (^A & C)) + D + W6 + 0x5A827999; - A = (A << 30) | (A >> 2); - - var W7 = getu32(data[28:]); - C = ((D << 5) | (D >> 27)) + ((E & A) | (^E & B)) + C + W7 + 0x5A827999; - E = (E << 30) | (E >> 2); - - var W8 = getu32(data[32:]); - B = ((C << 5) | (C >> 27)) + ((D & E) | (^D & A)) + B + W8 + 0x5A827999; - D = (D << 30) | (D >> 2); - - var W9 = getu32(data[36:]); - A = ((B << 5) | (B >> 27)) + ((C & D) | (^C & E)) + A + W9 + 0x5A827999; - C = (C << 30) | (C >> 2); - - var Wa = getu32(data[40:]); - E = ((A << 5) | (A >> 27)) + ((B & C) | (^B & D)) + E + Wa + 0x5A827999; - B = (B << 30) | (B >> 2); - - var Wb = getu32(data[44:]); - D = ((E << 5) | (E >> 27)) + ((A & B) | (^A & C)) + D + Wb + 0x5A827999; - A = (A << 30) | (A >> 2); - - var Wc = getu32(data[48:]); - C = ((D << 5) | (D >> 27)) + ((E & A) | (^E & B)) + C + Wc + 0x5A827999; - E = (E << 30) | (E >> 2); - - var Wd = getu32(data[52:]); - B = ((C << 5) | (C >> 27)) + ((D & E) | (^D & A)) + B + Wd + 0x5A827999; - D = (D << 30) | (D >> 2); - - var We = getu32(data[56:]); - A = ((B << 5) | (B >> 27)) + ((C & D) | (^C & E)) + A + We + 0x5A827999; - C = (C << 30) | (C >> 2); - - var Wf = getu32(data[60:]); - E = ((A << 5) | (A >> 27)) + ((B & C) | (^B & D)) + E + Wf + 0x5A827999; - B = (B << 30) | (B >> 2); - - W0 = Wd ^ W8 ^ W2 ^ W0; - D = ((E << 5) | (E >> 27)) + ((A & B) | (^A & C)) + D + W0 + 0x5A827999; - A = (A << 30) | (A >> 2); - W1 = We ^ W9 ^ W3 ^ W1; - C = ((D << 5) | (D >> 27)) + ((E & A) | (^E & B)) + C + W1 + 0x5A827999; - E = (E << 30) | (E >> 2); - W2 = Wf ^ Wa ^ W4 ^ W2; - B = ((C << 5) | (C >> 27)) + ((D & E) | (^D & A)) + B + W2 + 0x5A827999; - D = (D << 30) | (D >> 2); - W3 = W0 ^ Wb ^ W5 ^ W3; - A = ((B << 5) | (B >> 27)) + ((C & D) | (^C & E)) + A + W3 + 0x5A827999; - C = (C << 30) | (C >> 2); - W4 = W1 ^ Wc ^ W6 ^ W4; - E = ((A << 5) | (A >> 27)) + (B ^ C ^ D) + E + W4 + 0x6ED9EBA1; - B = (B << 30) | (B >> 2); - W5 = W2 ^ Wd ^ W7 ^ W5; - D = ((E << 5) | (E >> 27)) + (A ^ B ^ C) + D + W5 + 0x6ED9EBA1; - A = (A << 30) | (A >> 2); - W6 = W3 ^ We ^ W8 ^ W6; - C = ((D << 5) | (D >> 27)) + (E ^ A ^ B) + C + W6 + 0x6ED9EBA1; - E = (E << 30) | (E >> 2); - W7 = W4 ^ Wf ^ W9 ^ W7; - B = ((C << 5) | (C >> 27)) + (D ^ E ^ A) + B + W7 + 0x6ED9EBA1; - D = (D << 30) | (D >> 2); - W8 = W5 ^ W0 ^ Wa ^ W8; - A = ((B << 5) | (B >> 27)) + (C ^ D ^ E) + A + W8 + 0x6ED9EBA1; - C = (C << 30) | (C >> 2); - W9 = W6 ^ W1 ^ Wb ^ W9; - E = ((A << 5) | (A >> 27)) + (B ^ C ^ D) + E + W9 + 0x6ED9EBA1; - B = (B << 30) | (B >> 2); - Wa = W7 ^ W2 ^ Wc ^ Wa; - D = ((E << 5) | (E >> 27)) + (A ^ B ^ C) + D + Wa + 0x6ED9EBA1; - A = (A << 30) | (A >> 2); - Wb = W8 ^ W3 ^ Wd ^ Wb; - C = ((D << 5) | (D >> 27)) + (E ^ A ^ B) + C + Wb + 0x6ED9EBA1; - E = (E << 30) | (E >> 2); - Wc = W9 ^ W4 ^ We ^ Wc; - B = ((C << 5) | (C >> 27)) + (D ^ E ^ A) + B + Wc + 0x6ED9EBA1; - D = (D << 30) | (D >> 2); - Wd = Wa ^ W5 ^ Wf ^ Wd; - A = ((B << 5) | (B >> 27)) + (C ^ D ^ E) + A + Wd + 0x6ED9EBA1; - C = (C << 30) | (C >> 2); - We = Wb ^ W6 ^ W0 ^ We; - E = ((A << 5) | (A >> 27)) + (B ^ C ^ D) + E + We + 0x6ED9EBA1; - B = (B << 30) | (B >> 2); - Wf = Wc ^ W7 ^ W1 ^ Wf; - D = ((E << 5) | (E >> 27)) + (A ^ B ^ C) + D + Wf + 0x6ED9EBA1; - A = (A << 30) | (A >> 2); - W0 = Wd ^ W8 ^ W2 ^ W0; - C = ((D << 5) | (D >> 27)) + (E ^ A ^ B) + C + W0 + 0x6ED9EBA1; - E = (E << 30) | (E >> 2); - W1 = We ^ W9 ^ W3 ^ W1; - B = ((C << 5) | (C >> 27)) + (D ^ E ^ A) + B + W1 + 0x6ED9EBA1; - D = (D << 30) | (D >> 2); - W2 = Wf ^ Wa ^ W4 ^ W2; - A = ((B << 5) | (B >> 27)) + (C ^ D ^ E) + A + W2 + 0x6ED9EBA1; - C = (C << 30) | (C >> 2); - W3 = W0 ^ Wb ^ W5 ^ W3; - E = ((A << 5) | (A >> 27)) + (B ^ C ^ D) + E + W3 + 0x6ED9EBA1; - B = (B << 30) | (B >> 2); - W4 = W1 ^ Wc ^ W6 ^ W4; - D = ((E << 5) | (E >> 27)) + (A ^ B ^ C) + D + W4 + 0x6ED9EBA1; - A = (A << 30) | (A >> 2); - W5 = W2 ^ Wd ^ W7 ^ W5; - C = ((D << 5) | (D >> 27)) + (E ^ A ^ B) + C + W5 + 0x6ED9EBA1; - E = (E << 30) | (E >> 2); - W6 = W3 ^ We ^ W8 ^ W6; - B = ((C << 5) | (C >> 27)) + (D ^ E ^ A) + B + W6 + 0x6ED9EBA1; - D = (D << 30) | (D >> 2); - W7 = W4 ^ Wf ^ W9 ^ W7; - A = ((B << 5) | (B >> 27)) + (C ^ D ^ E) + A + W7 + 0x6ED9EBA1; - C = (C << 30) | (C >> 2); - W8 = W5 ^ W0 ^ Wa ^ W8; - E = ((A << 5) | (A >> 27)) + ((B & C) | (B & D) | (C & D)) + E + W8 + 0x8F1BBCDC; - B = (B << 30) | (B >> 2); - W9 = W6 ^ W1 ^ Wb ^ W9; - D = ((E << 5) | (E >> 27)) + ((A & B) | (A & C) | (B & C)) + D + W9 + 0x8F1BBCDC; - A = (A << 30) | (A >> 2); - Wa = W7 ^ W2 ^ Wc ^ Wa; - C = ((D << 5) | (D >> 27)) + ((E & A) | (E & B) | (A & B)) + C + Wa + 0x8F1BBCDC; - E = (E << 30) | (E >> 2); - Wb = W8 ^ W3 ^ Wd ^ Wb; - B = ((C << 5) | (C >> 27)) + ((D & E) | (D & A) | (E & A)) + B + Wb + 0x8F1BBCDC; - D = (D << 30) | (D >> 2); - Wc = W9 ^ W4 ^ We ^ Wc; - A = ((B << 5) | (B >> 27)) + ((C & D) | (C & E) | (D & E)) + A + Wc + 0x8F1BBCDC; - C = (C << 30) | (C >> 2); - Wd = Wa ^ W5 ^ Wf ^ Wd; - E = ((A << 5) | (A >> 27)) + ((B & C) | (B & D) | (C & D)) + E + Wd + 0x8F1BBCDC; - B = (B << 30) | (B >> 2); - We = Wb ^ W6 ^ W0 ^ We; - D = ((E << 5) | (E >> 27)) + ((A & B) | (A & C) | (B & C)) + D + We + 0x8F1BBCDC; - A = (A << 30) | (A >> 2); - Wf = Wc ^ W7 ^ W1 ^ Wf; - C = ((D << 5) | (D >> 27)) + ((E & A) | (E & B) | (A & B)) + C + Wf + 0x8F1BBCDC; - E = (E << 30) | (E >> 2); - - W0 = Wd ^ W8 ^ W2 ^ W0; - B = ((C << 5) | (C >> 27)) + ((D & E) | (D & A) | (E & A)) + B + W0 + 0x8F1BBCDC; - D = (D << 30) | (D >> 2); - W1 = We ^ W9 ^ W3 ^ W1; - A = ((B << 5) | (B >> 27)) + ((C & D) | (C & E) | (D & E)) + A + W1 + 0x8F1BBCDC; - C = (C << 30) | (C >> 2); - W2 = Wf ^ Wa ^ W4 ^ W2; - E = ((A << 5) | (A >> 27)) + ((B & C) | (B & D) | (C & D)) + E + W2 + 0x8F1BBCDC; - B = (B << 30) | (B >> 2); - W3 = W0 ^ Wb ^ W5 ^ W3; - D = ((E << 5) | (E >> 27)) + ((A & B) | (A & C) | (B & C)) + D + W3 + 0x8F1BBCDC; - A = (A << 30) | (A >> 2); - W4 = W1 ^ Wc ^ W6 ^ W4; - C = ((D << 5) | (D >> 27)) + ((E & A) | (E & B) | (A & B)) + C + W4 + 0x8F1BBCDC; - E = (E << 30) | (E >> 2); - W5 = W2 ^ Wd ^ W7 ^ W5; - B = ((C << 5) | (C >> 27)) + ((D & E) | (D & A) | (E & A)) + B + W5 + 0x8F1BBCDC; - D = (D << 30) | (D >> 2); - W6 = W3 ^ We ^ W8 ^ W6; - A = ((B << 5) | (B >> 27)) + ((C & D) | (C & E) | (D & E)) + A + W6 + 0x8F1BBCDC; - C = (C << 30) | (C >> 2); - W7 = W4 ^ Wf ^ W9 ^ W7; - E = ((A << 5) | (A >> 27)) + ((B & C) | (B & D) | (C & D)) + E + W7 + 0x8F1BBCDC; - B = (B << 30) | (B >> 2); - W8 = W5 ^ W0 ^ Wa ^ W8; - D = ((E << 5) | (E >> 27)) + ((A & B) | (A & C) | (B & C)) + D + W8 + 0x8F1BBCDC; - A = (A << 30) | (A >> 2); - W9 = W6 ^ W1 ^ Wb ^ W9; - C = ((D << 5) | (D >> 27)) + ((E & A) | (E & B) | (A & B)) + C + W9 + 0x8F1BBCDC; - E = (E << 30) | (E >> 2); - Wa = W7 ^ W2 ^ Wc ^ Wa; - B = ((C << 5) | (C >> 27)) + ((D & E) | (D & A) | (E & A)) + B + Wa + 0x8F1BBCDC; - D = (D << 30) | (D >> 2); - Wb = W8 ^ W3 ^ Wd ^ Wb; - A = ((B << 5) | (B >> 27)) + ((C & D) | (C & E) | (D & E)) + A + Wb + 0x8F1BBCDC; - C = (C << 30) | (C >> 2); - Wc = W9 ^ W4 ^ We ^ Wc; - E = ((A << 5) | (A >> 27)) + (B ^ C ^ D) + E + Wc + 0xCA62C1D6; - B = (B << 30) | (B >> 2); - Wd = Wa ^ W5 ^ Wf ^ Wd; - D = ((E << 5) | (E >> 27)) + (A ^ B ^ C) + D + Wd + 0xCA62C1D6; - A = (A << 30) | (A >> 2); - We = Wb ^ W6 ^ W0 ^ We; - C = ((D << 5) | (D >> 27)) + (E ^ A ^ B) + C + We + 0xCA62C1D6; - E = (E << 30) | (E >> 2); - Wf = Wc ^ W7 ^ W1 ^ Wf; - B = ((C << 5) | (C >> 27)) + (D ^ E ^ A) + B + Wf + 0xCA62C1D6; - D = (D << 30) | (D >> 2); - - W0 = Wd ^ W8 ^ W2 ^ W0; - A = ((B << 5) | (B >> 27)) + (C ^ D ^ E) + A + W0 + 0xCA62C1D6; - C = (C << 30) | (C >> 2); - W1 = We ^ W9 ^ W3 ^ W1; - E = ((A << 5) | (A >> 27)) + (B ^ C ^ D) + E + W1 + 0xCA62C1D6; - B = (B << 30) | (B >> 2); - W2 = Wf ^ Wa ^ W4 ^ W2; - D = ((E << 5) | (E >> 27)) + (A ^ B ^ C) + D + W2 + 0xCA62C1D6; - A = (A << 30) | (A >> 2); - W3 = W0 ^ Wb ^ W5 ^ W3; - C = ((D << 5) | (D >> 27)) + (E ^ A ^ B) + C + W3 + 0xCA62C1D6; - E = (E << 30) | (E >> 2); - W4 = W1 ^ Wc ^ W6 ^ W4; - B = ((C << 5) | (C >> 27)) + (D ^ E ^ A) + B + W4 + 0xCA62C1D6; - D = (D << 30) | (D >> 2); - W5 = W2 ^ Wd ^ W7 ^ W5; - A = ((B << 5) | (B >> 27)) + (C ^ D ^ E) + A + W5 + 0xCA62C1D6; - C = (C << 30) | (C >> 2); - W6 = W3 ^ We ^ W8 ^ W6; - E = ((A << 5) | (A >> 27)) + (B ^ C ^ D) + E + W6 + 0xCA62C1D6; - B = (B << 30) | (B >> 2); - W7 = W4 ^ Wf ^ W9 ^ W7; - D = ((E << 5) | (E >> 27)) + (A ^ B ^ C) + D + W7 + 0xCA62C1D6; - A = (A << 30) | (A >> 2); - W8 = W5 ^ W0 ^ Wa ^ W8; - C = ((D << 5) | (D >> 27)) + (E ^ A ^ B) + C + W8 + 0xCA62C1D6; - E = (E << 30) | (E >> 2); - W9 = W6 ^ W1 ^ Wb ^ W9; - B = ((C << 5) | (C >> 27)) + (D ^ E ^ A) + B + W9 + 0xCA62C1D6; - D = (D << 30) | (D >> 2); - Wa = W7 ^ W2 ^ Wc ^ Wa; - A = ((B << 5) | (B >> 27)) + (C ^ D ^ E) + A + Wa + 0xCA62C1D6; - C = (C << 30) | (C >> 2); - Wb = W8 ^ W3 ^ Wd ^ Wb; - E = ((A << 5) | (A >> 27)) + (B ^ C ^ D) + E + Wb + 0xCA62C1D6; - B = (B << 30) | (B >> 2); - Wc = W9 ^ W4 ^ We ^ Wc; - D = ((E << 5) | (E >> 27)) + (A ^ B ^ C) + D + Wc + 0xCA62C1D6; - A = (A << 30) | (A >> 2); - Wd = Wa ^ W5 ^ Wf ^ Wd; - C = ((D << 5) | (D >> 27)) + (E ^ A ^ B) + C + Wd + 0xCA62C1D6; - E = (E << 30) | (E >> 2); - We = Wb ^ W6 ^ W0 ^ We; - B = ((C << 5) | (C >> 27)) + (D ^ E ^ A) + B + We + 0xCA62C1D6; - D = (D << 30) | (D >> 2); - Wf = Wc ^ W7 ^ W1 ^ Wf; - A = ((B << 5) | (B >> 27)) + (C ^ D ^ E) + A + Wf + 0xCA62C1D6; - C = (C << 30) | (C >> 2); - - currentVal[0] += A; - currentVal[1] += B; - currentVal[2] += C; - currentVal[3] += D; - currentVal[4] += E; + var W0 = getu32(data[0:]) + E = ((A << 5) | (A >> 27)) + ((B & C) | (^B & D)) + E + W0 + sbox[0] + B = (B << 30) | (B >> 2) + + var W1 = getu32(data[4:]) + D = ((E << 5) | (E >> 27)) + ((A & B) | (^A & C)) + D + W1 + sbox[0] + A = (A << 30) | (A >> 2) + + var W2 = getu32(data[8:]) + C = ((D << 5) | (D >> 27)) + ((E & A) | (^E & B)) + C + W2 + sbox[0] + E = (E << 30) | (E >> 2) + + var W3 = getu32(data[12:]) + B = ((C << 5) | (C >> 27)) + ((D & E) | (^D & A)) + B + W3 + sbox[0] + D = (D << 30) | (D >> 2) + + var W4 = getu32(data[16:]) + A = ((B << 5) | (B >> 27)) + ((C & D) | (^C & E)) + A + W4 + sbox[0] + C = (C << 30) | (C >> 2) + + var W5 = getu32(data[20:]) + E = ((A << 5) | (A >> 27)) + ((B & C) | (^B & D)) + E + W5 + sbox[0] + B = (B << 30) | (B >> 2) + + var W6 = getu32(data[24:]) + D = ((E << 5) | (E >> 27)) + ((A & B) | (^A & C)) + D + W6 + sbox[0] + A = (A << 30) | (A >> 2) + + var W7 = getu32(data[28:]) + C = ((D << 5) | (D >> 27)) + ((E & A) | (^E & B)) + C + W7 + sbox[0] + E = (E << 30) | (E >> 2) + + var W8 = getu32(data[32:]) + B = ((C << 5) | (C >> 27)) + ((D & E) | (^D & A)) + B + W8 + sbox[0] + D = (D << 30) | (D >> 2) + + var W9 = getu32(data[36:]) + A = ((B << 5) | (B >> 27)) + ((C & D) | (^C & E)) + A + W9 + sbox[0] + C = (C << 30) | (C >> 2) + + var Wa = getu32(data[40:]) + E = ((A << 5) | (A >> 27)) + ((B & C) | (^B & D)) + E + Wa + sbox[0] + B = (B << 30) | (B >> 2) + + var Wb = getu32(data[44:]) + D = ((E << 5) | (E >> 27)) + ((A & B) | (^A & C)) + D + Wb + sbox[0] + A = (A << 30) | (A >> 2) + + var Wc = getu32(data[48:]) + C = ((D << 5) | (D >> 27)) + ((E & A) | (^E & B)) + C + Wc + sbox[0] + E = (E << 30) | (E >> 2) + + var Wd = getu32(data[52:]) + B = ((C << 5) | (C >> 27)) + ((D & E) | (^D & A)) + B + Wd + sbox[0] + D = (D << 30) | (D >> 2) + + var We = getu32(data[56:]) + A = ((B << 5) | (B >> 27)) + ((C & D) | (^C & E)) + A + We + sbox[0] + C = (C << 30) | (C >> 2) + + var Wf = getu32(data[60:]) + E = ((A << 5) | (A >> 27)) + ((B & C) | (^B & D)) + E + Wf + sbox[0] + B = (B << 30) | (B >> 2) + + W0 = Wd ^ W8 ^ W2 ^ W0 + D = ((E << 5) | (E >> 27)) + ((A & B) | (^A & C)) + D + W0 + sbox[0] + A = (A << 30) | (A >> 2) + W1 = We ^ W9 ^ W3 ^ W1 + C = ((D << 5) | (D >> 27)) + ((E & A) | (^E & B)) + C + W1 + sbox[0] + E = (E << 30) | (E >> 2) + W2 = Wf ^ Wa ^ W4 ^ W2 + B = ((C << 5) | (C >> 27)) + ((D & E) | (^D & A)) + B + W2 + sbox[0] + D = (D << 30) | (D >> 2) + W3 = W0 ^ Wb ^ W5 ^ W3 + A = ((B << 5) | (B >> 27)) + ((C & D) | (^C & E)) + A + W3 + sbox[0] + C = (C << 30) | (C >> 2) + W4 = W1 ^ Wc ^ W6 ^ W4 + E = ((A << 5) | (A >> 27)) + (B ^ C ^ D) + E + W4 + sbox[1] + B = (B << 30) | (B >> 2) + W5 = W2 ^ Wd ^ W7 ^ W5 + D = ((E << 5) | (E >> 27)) + (A ^ B ^ C) + D + W5 + sbox[1] + A = (A << 30) | (A >> 2) + W6 = W3 ^ We ^ W8 ^ W6 + C = ((D << 5) | (D >> 27)) + (E ^ A ^ B) + C + W6 + sbox[1] + E = (E << 30) | (E >> 2) + W7 = W4 ^ Wf ^ W9 ^ W7 + B = ((C << 5) | (C >> 27)) + (D ^ E ^ A) + B + W7 + sbox[1] + D = (D << 30) | (D >> 2) + W8 = W5 ^ W0 ^ Wa ^ W8 + A = ((B << 5) | (B >> 27)) + (C ^ D ^ E) + A + W8 + sbox[1] + C = (C << 30) | (C >> 2) + W9 = W6 ^ W1 ^ Wb ^ W9 + E = ((A << 5) | (A >> 27)) + (B ^ C ^ D) + E + W9 + sbox[1] + B = (B << 30) | (B >> 2) + Wa = W7 ^ W2 ^ Wc ^ Wa + D = ((E << 5) | (E >> 27)) + (A ^ B ^ C) + D + Wa + sbox[1] + A = (A << 30) | (A >> 2) + Wb = W8 ^ W3 ^ Wd ^ Wb + C = ((D << 5) | (D >> 27)) + (E ^ A ^ B) + C + Wb + sbox[1] + E = (E << 30) | (E >> 2) + Wc = W9 ^ W4 ^ We ^ Wc + B = ((C << 5) | (C >> 27)) + (D ^ E ^ A) + B + Wc + sbox[1] + D = (D << 30) | (D >> 2) + Wd = Wa ^ W5 ^ Wf ^ Wd + A = ((B << 5) | (B >> 27)) + (C ^ D ^ E) + A + Wd + sbox[1] + C = (C << 30) | (C >> 2) + We = Wb ^ W6 ^ W0 ^ We + E = ((A << 5) | (A >> 27)) + (B ^ C ^ D) + E + We + sbox[1] + B = (B << 30) | (B >> 2) + Wf = Wc ^ W7 ^ W1 ^ Wf + D = ((E << 5) | (E >> 27)) + (A ^ B ^ C) + D + Wf + sbox[1] + A = (A << 30) | (A >> 2) + W0 = Wd ^ W8 ^ W2 ^ W0 + C = ((D << 5) | (D >> 27)) + (E ^ A ^ B) + C + W0 + sbox[1] + E = (E << 30) | (E >> 2) + W1 = We ^ W9 ^ W3 ^ W1 + B = ((C << 5) | (C >> 27)) + (D ^ E ^ A) + B + W1 + sbox[1] + D = (D << 30) | (D >> 2) + W2 = Wf ^ Wa ^ W4 ^ W2 + A = ((B << 5) | (B >> 27)) + (C ^ D ^ E) + A + W2 + sbox[1] + C = (C << 30) | (C >> 2) + W3 = W0 ^ Wb ^ W5 ^ W3 + E = ((A << 5) | (A >> 27)) + (B ^ C ^ D) + E + W3 + sbox[1] + B = (B << 30) | (B >> 2) + W4 = W1 ^ Wc ^ W6 ^ W4 + D = ((E << 5) | (E >> 27)) + (A ^ B ^ C) + D + W4 + sbox[1] + A = (A << 30) | (A >> 2) + W5 = W2 ^ Wd ^ W7 ^ W5 + C = ((D << 5) | (D >> 27)) + (E ^ A ^ B) + C + W5 + sbox[1] + E = (E << 30) | (E >> 2) + W6 = W3 ^ We ^ W8 ^ W6 + B = ((C << 5) | (C >> 27)) + (D ^ E ^ A) + B + W6 + sbox[1] + D = (D << 30) | (D >> 2) + W7 = W4 ^ Wf ^ W9 ^ W7 + A = ((B << 5) | (B >> 27)) + (C ^ D ^ E) + A + W7 + sbox[1] + C = (C << 30) | (C >> 2) + W8 = W5 ^ W0 ^ Wa ^ W8 + E = ((A << 5) | (A >> 27)) + ((B & C) | (B & D) | (C & D)) + E + W8 + sbox[2] + B = (B << 30) | (B >> 2) + W9 = W6 ^ W1 ^ Wb ^ W9 + D = ((E << 5) | (E >> 27)) + ((A & B) | (A & C) | (B & C)) + D + W9 + sbox[2] + A = (A << 30) | (A >> 2) + Wa = W7 ^ W2 ^ Wc ^ Wa + C = ((D << 5) | (D >> 27)) + ((E & A) | (E & B) | (A & B)) + C + Wa + sbox[2] + E = (E << 30) | (E >> 2) + Wb = W8 ^ W3 ^ Wd ^ Wb + B = ((C << 5) | (C >> 27)) + ((D & E) | (D & A) | (E & A)) + B + Wb + sbox[2] + D = (D << 30) | (D >> 2) + Wc = W9 ^ W4 ^ We ^ Wc + A = ((B << 5) | (B >> 27)) + ((C & D) | (C & E) | (D & E)) + A + Wc + sbox[2] + C = (C << 30) | (C >> 2) + Wd = Wa ^ W5 ^ Wf ^ Wd + E = ((A << 5) | (A >> 27)) + ((B & C) | (B & D) | (C & D)) + E + Wd + sbox[2] + B = (B << 30) | (B >> 2) + We = Wb ^ W6 ^ W0 ^ We + D = ((E << 5) | (E >> 27)) + ((A & B) | (A & C) | (B & C)) + D + We + sbox[2] + A = (A << 30) | (A >> 2) + Wf = Wc ^ W7 ^ W1 ^ Wf + C = ((D << 5) | (D >> 27)) + ((E & A) | (E & B) | (A & B)) + C + Wf + sbox[2] + E = (E << 30) | (E >> 2) + + W0 = Wd ^ W8 ^ W2 ^ W0 + B = ((C << 5) | (C >> 27)) + ((D & E) | (D & A) | (E & A)) + B + W0 + sbox[2] + D = (D << 30) | (D >> 2) + W1 = We ^ W9 ^ W3 ^ W1 + A = ((B << 5) | (B >> 27)) + ((C & D) | (C & E) | (D & E)) + A + W1 + sbox[2] + C = (C << 30) | (C >> 2) + W2 = Wf ^ Wa ^ W4 ^ W2 + E = ((A << 5) | (A >> 27)) + ((B & C) | (B & D) | (C & D)) + E + W2 + sbox[2] + B = (B << 30) | (B >> 2) + W3 = W0 ^ Wb ^ W5 ^ W3 + D = ((E << 5) | (E >> 27)) + ((A & B) | (A & C) | (B & C)) + D + W3 + sbox[2] + A = (A << 30) | (A >> 2) + W4 = W1 ^ Wc ^ W6 ^ W4 + C = ((D << 5) | (D >> 27)) + ((E & A) | (E & B) | (A & B)) + C + W4 + sbox[2] + E = (E << 30) | (E >> 2) + W5 = W2 ^ Wd ^ W7 ^ W5 + B = ((C << 5) | (C >> 27)) + ((D & E) | (D & A) | (E & A)) + B + W5 + sbox[2] + D = (D << 30) | (D >> 2) + W6 = W3 ^ We ^ W8 ^ W6 + A = ((B << 5) | (B >> 27)) + ((C & D) | (C & E) | (D & E)) + A + W6 + sbox[2] + C = (C << 30) | (C >> 2) + W7 = W4 ^ Wf ^ W9 ^ W7 + E = ((A << 5) | (A >> 27)) + ((B & C) | (B & D) | (C & D)) + E + W7 + sbox[2] + B = (B << 30) | (B >> 2) + W8 = W5 ^ W0 ^ Wa ^ W8 + D = ((E << 5) | (E >> 27)) + ((A & B) | (A & C) | (B & C)) + D + W8 + sbox[2] + A = (A << 30) | (A >> 2) + W9 = W6 ^ W1 ^ Wb ^ W9 + C = ((D << 5) | (D >> 27)) + ((E & A) | (E & B) | (A & B)) + C + W9 + sbox[2] + E = (E << 30) | (E >> 2) + Wa = W7 ^ W2 ^ Wc ^ Wa + B = ((C << 5) | (C >> 27)) + ((D & E) | (D & A) | (E & A)) + B + Wa + sbox[2] + D = (D << 30) | (D >> 2) + Wb = W8 ^ W3 ^ Wd ^ Wb + A = ((B << 5) | (B >> 27)) + ((C & D) | (C & E) | (D & E)) + A + Wb + sbox[2] + C = (C << 30) | (C >> 2) + Wc = W9 ^ W4 ^ We ^ Wc + E = ((A << 5) | (A >> 27)) + (B ^ C ^ D) + E + Wc + sbox[3] + B = (B << 30) | (B >> 2) + Wd = Wa ^ W5 ^ Wf ^ Wd + D = ((E << 5) | (E >> 27)) + (A ^ B ^ C) + D + Wd + sbox[3] + A = (A << 30) | (A >> 2) + We = Wb ^ W6 ^ W0 ^ We + C = ((D << 5) | (D >> 27)) + (E ^ A ^ B) + C + We + sbox[3] + E = (E << 30) | (E >> 2) + Wf = Wc ^ W7 ^ W1 ^ Wf + B = ((C << 5) | (C >> 27)) + (D ^ E ^ A) + B + Wf + sbox[3] + D = (D << 30) | (D >> 2) + + W0 = Wd ^ W8 ^ W2 ^ W0 + A = ((B << 5) | (B >> 27)) + (C ^ D ^ E) + A + W0 + sbox[3] + C = (C << 30) | (C >> 2) + W1 = We ^ W9 ^ W3 ^ W1 + E = ((A << 5) | (A >> 27)) + (B ^ C ^ D) + E + W1 + sbox[3] + B = (B << 30) | (B >> 2) + W2 = Wf ^ Wa ^ W4 ^ W2 + D = ((E << 5) | (E >> 27)) + (A ^ B ^ C) + D + W2 + sbox[3] + A = (A << 30) | (A >> 2) + W3 = W0 ^ Wb ^ W5 ^ W3 + C = ((D << 5) | (D >> 27)) + (E ^ A ^ B) + C + W3 + sbox[3] + E = (E << 30) | (E >> 2) + W4 = W1 ^ Wc ^ W6 ^ W4 + B = ((C << 5) | (C >> 27)) + (D ^ E ^ A) + B + W4 + sbox[3] + D = (D << 30) | (D >> 2) + W5 = W2 ^ Wd ^ W7 ^ W5 + A = ((B << 5) | (B >> 27)) + (C ^ D ^ E) + A + W5 + sbox[3] + C = (C << 30) | (C >> 2) + W6 = W3 ^ We ^ W8 ^ W6 + E = ((A << 5) | (A >> 27)) + (B ^ C ^ D) + E + W6 + sbox[3] + B = (B << 30) | (B >> 2) + W7 = W4 ^ Wf ^ W9 ^ W7 + D = ((E << 5) | (E >> 27)) + (A ^ B ^ C) + D + W7 + sbox[3] + A = (A << 30) | (A >> 2) + W8 = W5 ^ W0 ^ Wa ^ W8 + C = ((D << 5) | (D >> 27)) + (E ^ A ^ B) + C + W8 + sbox[3] + E = (E << 30) | (E >> 2) + W9 = W6 ^ W1 ^ Wb ^ W9 + B = ((C << 5) | (C >> 27)) + (D ^ E ^ A) + B + W9 + sbox[3] + D = (D << 30) | (D >> 2) + Wa = W7 ^ W2 ^ Wc ^ Wa + A = ((B << 5) | (B >> 27)) + (C ^ D ^ E) + A + Wa + sbox[3] + C = (C << 30) | (C >> 2) + Wb = W8 ^ W3 ^ Wd ^ Wb + E = ((A << 5) | (A >> 27)) + (B ^ C ^ D) + E + Wb + sbox[3] + B = (B << 30) | (B >> 2) + Wc = W9 ^ W4 ^ We ^ Wc + D = ((E << 5) | (E >> 27)) + (A ^ B ^ C) + D + Wc + sbox[3] + A = (A << 30) | (A >> 2) + Wd = Wa ^ W5 ^ Wf ^ Wd + C = ((D << 5) | (D >> 27)) + (E ^ A ^ B) + C + Wd + sbox[3] + E = (E << 30) | (E >> 2) + We = Wb ^ W6 ^ W0 ^ We + B = ((C << 5) | (C >> 27)) + (D ^ E ^ A) + B + We + sbox[3] + D = (D << 30) | (D >> 2) + Wf = Wc ^ W7 ^ W1 ^ Wf + A = ((B << 5) | (B >> 27)) + (C ^ D ^ E) + A + Wf + sbox[3] + C = (C << 30) | (C >> 2) + + currentVal[0] += A + currentVal[1] += B + currentVal[2] += C + currentVal[3] += D + currentVal[4] += E } diff --git a/sha0/sbox.go b/sha0/sbox.go index b3ea005..ea5b7b1 100644 --- a/sha0/sbox.go +++ b/sha0/sbox.go @@ -7,3 +7,10 @@ var initVal = [5]uint32{ 0x10325476, 0xC3D2E1F0, } + +var sbox = []uint32{ + 0x5A827999, + 0x6ED9EBA1, + 0x8F1BBCDC, + 0xCA62C1D6, +} diff --git a/shabal/digest.go b/shabal/digest.go index 6e949ee..6d90127 100644 --- a/shabal/digest.go +++ b/shabal/digest.go @@ -159,12 +159,12 @@ func (d *digest) getIV(outSizeW32 int) [44]uint32 { sg.state = [44]uint32{} for i := 0; i < 44; i++ { - sg.state[i] = 0; + sg.state[i] = 0 } sg.W = int64(-1) for i := 0; i < 16; i++ { - sg.buf[(i << 2) + 0] = byte(outSize + i); + sg.buf[(i << 2) + 0] = byte(outSize + i) sg.buf[(i << 2) + 1] = byte((outSize + i) >> 8) } @@ -182,284 +182,284 @@ func (d *digest) getIV(outSizeW32 int) [44]uint32 { func (d *digest) core(data []byte, num int) { state := &d.state - var A0 = state[ 0]; - var A1 = state[ 1]; - var A2 = state[ 2]; - var A3 = state[ 3]; - var A4 = state[ 4]; - var A5 = state[ 5]; - var A6 = state[ 6]; - var A7 = state[ 7]; - var A8 = state[ 8]; - var A9 = state[ 9]; - var AA = state[10]; - var AB = state[11]; - - var B0 = state[12]; - var B1 = state[13]; - var B2 = state[14]; - var B3 = state[15]; - var B4 = state[16]; - var B5 = state[17]; - var B6 = state[18]; - var B7 = state[19]; - var B8 = state[20]; - var B9 = state[21]; - var BA = state[22]; - var BB = state[23]; - var BC = state[24]; - var BD = state[25]; - var BE = state[26]; - var BF = state[27]; - - var C0 = state[28]; - var C1 = state[29]; - var C2 = state[30]; - var C3 = state[31]; - var C4 = state[32]; - var C5 = state[33]; - var C6 = state[34]; - var C7 = state[35]; - var C8 = state[36]; - var C9 = state[37]; - var CA = state[38]; - var CB = state[39]; - var CC = state[40]; - var CD = state[41]; - var CE = state[42]; - var CF = state[43]; + var A0 = state[ 0] + var A1 = state[ 1] + var A2 = state[ 2] + var A3 = state[ 3] + var A4 = state[ 4] + var A5 = state[ 5] + var A6 = state[ 6] + var A7 = state[ 7] + var A8 = state[ 8] + var A9 = state[ 9] + var AA = state[10] + var AB = state[11] + + var B0 = state[12] + var B1 = state[13] + var B2 = state[14] + var B3 = state[15] + var B4 = state[16] + var B5 = state[17] + var B6 = state[18] + var B7 = state[19] + var B8 = state[20] + var B9 = state[21] + var BA = state[22] + var BB = state[23] + var BC = state[24] + var BD = state[25] + var BE = state[26] + var BF = state[27] + + var C0 = state[28] + var C1 = state[29] + var C2 = state[30] + var C3 = state[31] + var C4 = state[32] + var C5 = state[33] + var C6 = state[34] + var C7 = state[35] + var C8 = state[36] + var C9 = state[37] + var CA = state[38] + var CB = state[39] + var CC = state[40] + var CD = state[41] + var CE = state[42] + var CF = state[43] off := 0 for num > 0 { - var M0 = getu32(data[off + 0:]); - B0 += M0; - B0 = (B0 << 17) | (B0 >> 15); - var M1 = getu32(data[off + 4:]); - B1 += M1; - B1 = (B1 << 17) | (B1 >> 15); - var M2 = getu32(data[off + 8:]); - B2 += M2; - B2 = (B2 << 17) | (B2 >> 15); - var M3 = getu32(data[off + 12:]); - B3 += M3; - B3 = (B3 << 17) | (B3 >> 15); - var M4 = getu32(data[off + 16:]); - B4 += M4; - B4 = (B4 << 17) | (B4 >> 15); - var M5 = getu32(data[off + 20:]); - B5 += M5; - B5 = (B5 << 17) | (B5 >> 15); - var M6 = getu32(data[off + 24:]); - B6 += M6; - B6 = (B6 << 17) | (B6 >> 15); - var M7 = getu32(data[off + 28:]); - B7 += M7; - B7 = (B7 << 17) | (B7 >> 15); - var M8 = getu32(data[off + 32:]); - B8 += M8; - B8 = (B8 << 17) | (B8 >> 15); - var M9 = getu32(data[off + 36:]); - B9 += M9; - B9 = (B9 << 17) | (B9 >> 15); - var MA = getu32(data[off + 40:]); - BA += MA; - BA = (BA << 17) | (BA >> 15); - var MB = getu32(data[off + 44:]); - BB += MB; - BB = (BB << 17) | (BB >> 15); - var MC = getu32(data[off + 48:]); - BC += MC; - BC = (BC << 17) | (BC >> 15); - var MD = getu32(data[off + 52:]); - BD += MD; - BD = (BD << 17) | (BD >> 15); - var ME = getu32(data[off + 56:]); - BE += ME; - BE = (BE << 17) | (BE >> 15); - var MF = getu32(data[off + 60:]); - BF += MF; - BF = (BF << 17) | (BF >> 15); - - off += 64; + var M0 = getu32(data[off + 0:]) + B0 += M0 + B0 = (B0 << 17) | (B0 >> 15) + var M1 = getu32(data[off + 4:]) + B1 += M1 + B1 = (B1 << 17) | (B1 >> 15) + var M2 = getu32(data[off + 8:]) + B2 += M2 + B2 = (B2 << 17) | (B2 >> 15) + var M3 = getu32(data[off + 12:]) + B3 += M3 + B3 = (B3 << 17) | (B3 >> 15) + var M4 = getu32(data[off + 16:]) + B4 += M4 + B4 = (B4 << 17) | (B4 >> 15) + var M5 = getu32(data[off + 20:]) + B5 += M5 + B5 = (B5 << 17) | (B5 >> 15) + var M6 = getu32(data[off + 24:]) + B6 += M6 + B6 = (B6 << 17) | (B6 >> 15) + var M7 = getu32(data[off + 28:]) + B7 += M7 + B7 = (B7 << 17) | (B7 >> 15) + var M8 = getu32(data[off + 32:]) + B8 += M8 + B8 = (B8 << 17) | (B8 >> 15) + var M9 = getu32(data[off + 36:]) + B9 += M9 + B9 = (B9 << 17) | (B9 >> 15) + var MA = getu32(data[off + 40:]) + BA += MA + BA = (BA << 17) | (BA >> 15) + var MB = getu32(data[off + 44:]) + BB += MB + BB = (BB << 17) | (BB >> 15) + var MC = getu32(data[off + 48:]) + BC += MC + BC = (BC << 17) | (BC >> 15) + var MD = getu32(data[off + 52:]) + BD += MD + BD = (BD << 17) | (BD >> 15) + var ME = getu32(data[off + 56:]) + BE += ME + BE = (BE << 17) | (BE >> 15) + var MF = getu32(data[off + 60:]) + BF += MF + BF = (BF << 17) | (BF >> 15) + + off += 64 A0 ^= uint32(d.W) A1 ^= uint32(d.W >> 32) d.W++ - A0 = ((A0 ^ (((AB << 15) | (AB >> 17)) * 5) ^ C8) * 3) ^ BD ^ (B9 & ^B6) ^ M0; - B0 = ^((B0 << 1) | (B0 >> 31)) ^ A0; - A1 = ((A1 ^ (((A0 << 15) | (A0 >> 17)) * 5) ^ C7) * 3) ^ BE ^ (BA & ^B7) ^ M1; - B1 = ^((B1 << 1) | (B1 >> 31)) ^ A1; - A2 = ((A2 ^ (((A1 << 15) | (A1 >> 17)) * 5) ^ C6) * 3) ^ BF ^ (BB & ^B8) ^ M2; - B2 = ^((B2 << 1) | (B2 >> 31)) ^ A2; - A3 = ((A3 ^ (((A2 << 15) | (A2 >> 17)) * 5) ^ C5) * 3) ^ B0 ^ (BC & ^B9) ^ M3; - B3 = ^((B3 << 1) | (B3 >> 31)) ^ A3; - A4 = ((A4 ^ (((A3 << 15) | (A3 >> 17)) * 5) ^ C4) * 3) ^ B1 ^ (BD & ^BA) ^ M4; - B4 = ^((B4 << 1) | (B4 >> 31)) ^ A4; - A5 = ((A5 ^ (((A4 << 15) | (A4 >> 17)) * 5) ^ C3) * 3) ^ B2 ^ (BE & ^BB) ^ M5; - B5 = ^((B5 << 1) | (B5 >> 31)) ^ A5; - A6 = ((A6 ^ (((A5 << 15) | (A5 >> 17)) * 5) ^ C2) * 3) ^ B3 ^ (BF & ^BC) ^ M6; - B6 = ^((B6 << 1) | (B6 >> 31)) ^ A6; - A7 = ((A7 ^ (((A6 << 15) | (A6 >> 17)) * 5) ^ C1) * 3) ^ B4 ^ (B0 & ^BD) ^ M7; - B7 = ^((B7 << 1) | (B7 >> 31)) ^ A7; - A8 = ((A8 ^ (((A7 << 15) | (A7 >> 17)) * 5) ^ C0) * 3) ^ B5 ^ (B1 & ^BE) ^ M8; - B8 = ^((B8 << 1) | (B8 >> 31)) ^ A8; - A9 = ((A9 ^ (((A8 << 15) | (A8 >> 17)) * 5) ^ CF) * 3) ^ B6 ^ (B2 & ^BF) ^ M9; - B9 = ^((B9 << 1) | (B9 >> 31)) ^ A9; - AA = ((AA ^ (((A9 << 15) | (A9 >> 17)) * 5) ^ CE) * 3) ^ B7 ^ (B3 & ^B0) ^ MA; - BA = ^((BA << 1) | (BA >> 31)) ^ AA; - AB = ((AB ^ (((AA << 15) | (AA >> 17)) * 5) ^ CD) * 3) ^ B8 ^ (B4 & ^B1) ^ MB; - BB = ^((BB << 1) | (BB >> 31)) ^ AB; - A0 = ((A0 ^ (((AB << 15) | (AB >> 17)) * 5) ^ CC) * 3) ^ B9 ^ (B5 & ^B2) ^ MC; - BC = ^((BC << 1) | (BC >> 31)) ^ A0; - A1 = ((A1 ^ (((A0 << 15) | (A0 >> 17)) * 5) ^ CB) * 3) ^ BA ^ (B6 & ^B3) ^ MD; - BD = ^((BD << 1) | (BD >> 31)) ^ A1; - A2 = ((A2 ^ (((A1 << 15) | (A1 >> 17)) * 5) ^ CA) * 3) ^ BB ^ (B7 & ^B4) ^ ME; - BE = ^((BE << 1) | (BE >> 31)) ^ A2; - A3 = ((A3 ^ (((A2 << 15) | (A2 >> 17)) * 5) ^ C9) * 3) ^ BC ^ (B8 & ^B5) ^ MF; - BF = ^((BF << 1) | (BF >> 31)) ^ A3; - A4 = ((A4 ^ (((A3 << 15) | (A3 >> 17)) * 5) ^ C8) * 3) ^ BD ^ (B9 & ^B6) ^ M0; - B0 = ^((B0 << 1) | (B0 >> 31)) ^ A4; - A5 = ((A5 ^ (((A4 << 15) | (A4 >> 17)) * 5) ^ C7) * 3) ^ BE ^ (BA & ^B7) ^ M1; - B1 = ^((B1 << 1) | (B1 >> 31)) ^ A5; - A6 = ((A6 ^ (((A5 << 15) | (A5 >> 17)) * 5) ^ C6) * 3) ^ BF ^ (BB & ^B8) ^ M2; - B2 = ^((B2 << 1) | (B2 >> 31)) ^ A6; - A7 = ((A7 ^ (((A6 << 15) | (A6 >> 17)) * 5) ^ C5) * 3) ^ B0 ^ (BC & ^B9) ^ M3; - B3 = ^((B3 << 1) | (B3 >> 31)) ^ A7; - A8 = ((A8 ^ (((A7 << 15) | (A7 >> 17)) * 5) ^ C4) * 3) ^ B1 ^ (BD & ^BA) ^ M4; - B4 = ^((B4 << 1) | (B4 >> 31)) ^ A8; - A9 = ((A9 ^ (((A8 << 15) | (A8 >> 17)) * 5) ^ C3) * 3) ^ B2 ^ (BE & ^BB) ^ M5; - B5 = ^((B5 << 1) | (B5 >> 31)) ^ A9; - AA = ((AA ^ (((A9 << 15) | (A9 >> 17)) * 5) ^ C2) * 3) ^ B3 ^ (BF & ^BC) ^ M6; - B6 = ^((B6 << 1) | (B6 >> 31)) ^ AA; - AB = ((AB ^ (((AA << 15) | (AA >> 17)) * 5) ^ C1) * 3) ^ B4 ^ (B0 & ^BD) ^ M7; - B7 = ^((B7 << 1) | (B7 >> 31)) ^ AB; - A0 = ((A0 ^ (((AB << 15) | (AB >> 17)) * 5) ^ C0) * 3) ^ B5 ^ (B1 & ^BE) ^ M8; - B8 = ^((B8 << 1) | (B8 >> 31)) ^ A0; - A1 = ((A1 ^ (((A0 << 15) | (A0 >> 17)) * 5) ^ CF) * 3) ^ B6 ^ (B2 & ^BF) ^ M9; - B9 = ^((B9 << 1) | (B9 >> 31)) ^ A1; - A2 = ((A2 ^ (((A1 << 15) | (A1 >> 17)) * 5) ^ CE) * 3) ^ B7 ^ (B3 & ^B0) ^ MA; - BA = ^((BA << 1) | (BA >> 31)) ^ A2; - A3 = ((A3 ^ (((A2 << 15) | (A2 >> 17)) * 5) ^ CD) * 3) ^ B8 ^ (B4 & ^B1) ^ MB; - BB = ^((BB << 1) | (BB >> 31)) ^ A3; - A4 = ((A4 ^ (((A3 << 15) | (A3 >> 17)) * 5) ^ CC) * 3) ^ B9 ^ (B5 & ^B2) ^ MC; - BC = ^((BC << 1) | (BC >> 31)) ^ A4; - A5 = ((A5 ^ (((A4 << 15) | (A4 >> 17)) * 5) ^ CB) * 3) ^ BA ^ (B6 & ^B3) ^ MD; - BD = ^((BD << 1) | (BD >> 31)) ^ A5; - A6 = ((A6 ^ (((A5 << 15) | (A5 >> 17)) * 5) ^ CA) * 3) ^ BB ^ (B7 & ^B4) ^ ME; - BE = ^((BE << 1) | (BE >> 31)) ^ A6; - A7 = ((A7 ^ (((A6 << 15) | (A6 >> 17)) * 5) ^ C9) * 3) ^ BC ^ (B8 & ^B5) ^ MF; - BF = ^((BF << 1) | (BF >> 31)) ^ A7; - A8 = ((A8 ^ (((A7 << 15) | (A7 >> 17)) * 5) ^ C8) * 3) ^ BD ^ (B9 & ^B6) ^ M0; - B0 = ^((B0 << 1) | (B0 >> 31)) ^ A8; - A9 = ((A9 ^ (((A8 << 15) | (A8 >> 17)) * 5) ^ C7) * 3) ^ BE ^ (BA & ^B7) ^ M1; - B1 = ^((B1 << 1) | (B1 >> 31)) ^ A9; - AA = ((AA ^ (((A9 << 15) | (A9 >> 17)) * 5) ^ C6) * 3) ^ BF ^ (BB & ^B8) ^ M2; - B2 = ^((B2 << 1) | (B2 >> 31)) ^ AA; - AB = ((AB ^ (((AA << 15) | (AA >> 17)) * 5) ^ C5) * 3) ^ B0 ^ (BC & ^B9) ^ M3; - B3 = ^((B3 << 1) | (B3 >> 31)) ^ AB; - A0 = ((A0 ^ (((AB << 15) | (AB >> 17)) * 5) ^ C4) * 3) ^ B1 ^ (BD & ^BA) ^ M4; - B4 = ^((B4 << 1) | (B4 >> 31)) ^ A0; - A1 = ((A1 ^ (((A0 << 15) | (A0 >> 17)) * 5) ^ C3) * 3) ^ B2 ^ (BE & ^BB) ^ M5; - B5 = ^((B5 << 1) | (B5 >> 31)) ^ A1; - A2 = ((A2 ^ (((A1 << 15) | (A1 >> 17)) * 5) ^ C2) * 3) ^ B3 ^ (BF & ^BC) ^ M6; - B6 = ^((B6 << 1) | (B6 >> 31)) ^ A2; - A3 = ((A3 ^ (((A2 << 15) | (A2 >> 17)) * 5) ^ C1) * 3) ^ B4 ^ (B0 & ^BD) ^ M7; - B7 = ^((B7 << 1) | (B7 >> 31)) ^ A3; - A4 = ((A4 ^ (((A3 << 15) | (A3 >> 17)) * 5) ^ C0) * 3) ^ B5 ^ (B1 & ^BE) ^ M8; - B8 = ^((B8 << 1) | (B8 >> 31)) ^ A4; - A5 = ((A5 ^ (((A4 << 15) | (A4 >> 17)) * 5) ^ CF) * 3) ^ B6 ^ (B2 & ^BF) ^ M9; - B9 = ^((B9 << 1) | (B9 >> 31)) ^ A5; - A6 = ((A6 ^ (((A5 << 15) | (A5 >> 17)) * 5) ^ CE) * 3) ^ B7 ^ (B3 & ^B0) ^ MA; - BA = ^((BA << 1) | (BA >> 31)) ^ A6; - A7 = ((A7 ^ (((A6 << 15) | (A6 >> 17)) * 5) ^ CD) * 3) ^ B8 ^ (B4 & ^B1) ^ MB; - BB = ^((BB << 1) | (BB >> 31)) ^ A7; - A8 = ((A8 ^ (((A7 << 15) | (A7 >> 17)) * 5) ^ CC) * 3) ^ B9 ^ (B5 & ^B2) ^ MC; - BC = ^((BC << 1) | (BC >> 31)) ^ A8; - A9 = ((A9 ^ (((A8 << 15) | (A8 >> 17)) * 5) ^ CB) * 3) ^ BA ^ (B6 & ^B3) ^ MD; - BD = ^((BD << 1) | (BD >> 31)) ^ A9; - AA = ((AA ^ (((A9 << 15) | (A9 >> 17)) * 5) ^ CA) * 3) ^ BB ^ (B7 & ^B4) ^ ME; - BE = ^((BE << 1) | (BE >> 31)) ^ AA; - AB = ((AB ^ (((AA << 15) | (AA >> 17)) * 5) ^ C9) * 3) ^ BC ^ (B8 & ^B5) ^ MF; - BF = ^((BF << 1) | (BF >> 31)) ^ AB; - - AB += C6 + CA + CE; - AA += C5 + C9 + CD; - A9 += C4 + C8 + CC; - A8 += C3 + C7 + CB; - A7 += C2 + C6 + CA; - A6 += C1 + C5 + C9; - A5 += C0 + C4 + C8; - A4 += CF + C3 + C7; - A3 += CE + C2 + C6; - A2 += CD + C1 + C5; - A1 += CC + C0 + C4; - A0 += CB + CF + C3; + A0 = ((A0 ^ (((AB << 15) | (AB >> 17)) * 5) ^ C8) * 3) ^ BD ^ (B9 & ^B6) ^ M0 + B0 = ^((B0 << 1) | (B0 >> 31)) ^ A0 + A1 = ((A1 ^ (((A0 << 15) | (A0 >> 17)) * 5) ^ C7) * 3) ^ BE ^ (BA & ^B7) ^ M1 + B1 = ^((B1 << 1) | (B1 >> 31)) ^ A1 + A2 = ((A2 ^ (((A1 << 15) | (A1 >> 17)) * 5) ^ C6) * 3) ^ BF ^ (BB & ^B8) ^ M2 + B2 = ^((B2 << 1) | (B2 >> 31)) ^ A2 + A3 = ((A3 ^ (((A2 << 15) | (A2 >> 17)) * 5) ^ C5) * 3) ^ B0 ^ (BC & ^B9) ^ M3 + B3 = ^((B3 << 1) | (B3 >> 31)) ^ A3 + A4 = ((A4 ^ (((A3 << 15) | (A3 >> 17)) * 5) ^ C4) * 3) ^ B1 ^ (BD & ^BA) ^ M4 + B4 = ^((B4 << 1) | (B4 >> 31)) ^ A4 + A5 = ((A5 ^ (((A4 << 15) | (A4 >> 17)) * 5) ^ C3) * 3) ^ B2 ^ (BE & ^BB) ^ M5 + B5 = ^((B5 << 1) | (B5 >> 31)) ^ A5 + A6 = ((A6 ^ (((A5 << 15) | (A5 >> 17)) * 5) ^ C2) * 3) ^ B3 ^ (BF & ^BC) ^ M6 + B6 = ^((B6 << 1) | (B6 >> 31)) ^ A6 + A7 = ((A7 ^ (((A6 << 15) | (A6 >> 17)) * 5) ^ C1) * 3) ^ B4 ^ (B0 & ^BD) ^ M7 + B7 = ^((B7 << 1) | (B7 >> 31)) ^ A7 + A8 = ((A8 ^ (((A7 << 15) | (A7 >> 17)) * 5) ^ C0) * 3) ^ B5 ^ (B1 & ^BE) ^ M8 + B8 = ^((B8 << 1) | (B8 >> 31)) ^ A8 + A9 = ((A9 ^ (((A8 << 15) | (A8 >> 17)) * 5) ^ CF) * 3) ^ B6 ^ (B2 & ^BF) ^ M9 + B9 = ^((B9 << 1) | (B9 >> 31)) ^ A9 + AA = ((AA ^ (((A9 << 15) | (A9 >> 17)) * 5) ^ CE) * 3) ^ B7 ^ (B3 & ^B0) ^ MA + BA = ^((BA << 1) | (BA >> 31)) ^ AA + AB = ((AB ^ (((AA << 15) | (AA >> 17)) * 5) ^ CD) * 3) ^ B8 ^ (B4 & ^B1) ^ MB + BB = ^((BB << 1) | (BB >> 31)) ^ AB + A0 = ((A0 ^ (((AB << 15) | (AB >> 17)) * 5) ^ CC) * 3) ^ B9 ^ (B5 & ^B2) ^ MC + BC = ^((BC << 1) | (BC >> 31)) ^ A0 + A1 = ((A1 ^ (((A0 << 15) | (A0 >> 17)) * 5) ^ CB) * 3) ^ BA ^ (B6 & ^B3) ^ MD + BD = ^((BD << 1) | (BD >> 31)) ^ A1 + A2 = ((A2 ^ (((A1 << 15) | (A1 >> 17)) * 5) ^ CA) * 3) ^ BB ^ (B7 & ^B4) ^ ME + BE = ^((BE << 1) | (BE >> 31)) ^ A2 + A3 = ((A3 ^ (((A2 << 15) | (A2 >> 17)) * 5) ^ C9) * 3) ^ BC ^ (B8 & ^B5) ^ MF + BF = ^((BF << 1) | (BF >> 31)) ^ A3 + A4 = ((A4 ^ (((A3 << 15) | (A3 >> 17)) * 5) ^ C8) * 3) ^ BD ^ (B9 & ^B6) ^ M0 + B0 = ^((B0 << 1) | (B0 >> 31)) ^ A4 + A5 = ((A5 ^ (((A4 << 15) | (A4 >> 17)) * 5) ^ C7) * 3) ^ BE ^ (BA & ^B7) ^ M1 + B1 = ^((B1 << 1) | (B1 >> 31)) ^ A5 + A6 = ((A6 ^ (((A5 << 15) | (A5 >> 17)) * 5) ^ C6) * 3) ^ BF ^ (BB & ^B8) ^ M2 + B2 = ^((B2 << 1) | (B2 >> 31)) ^ A6 + A7 = ((A7 ^ (((A6 << 15) | (A6 >> 17)) * 5) ^ C5) * 3) ^ B0 ^ (BC & ^B9) ^ M3 + B3 = ^((B3 << 1) | (B3 >> 31)) ^ A7 + A8 = ((A8 ^ (((A7 << 15) | (A7 >> 17)) * 5) ^ C4) * 3) ^ B1 ^ (BD & ^BA) ^ M4 + B4 = ^((B4 << 1) | (B4 >> 31)) ^ A8 + A9 = ((A9 ^ (((A8 << 15) | (A8 >> 17)) * 5) ^ C3) * 3) ^ B2 ^ (BE & ^BB) ^ M5 + B5 = ^((B5 << 1) | (B5 >> 31)) ^ A9 + AA = ((AA ^ (((A9 << 15) | (A9 >> 17)) * 5) ^ C2) * 3) ^ B3 ^ (BF & ^BC) ^ M6 + B6 = ^((B6 << 1) | (B6 >> 31)) ^ AA + AB = ((AB ^ (((AA << 15) | (AA >> 17)) * 5) ^ C1) * 3) ^ B4 ^ (B0 & ^BD) ^ M7 + B7 = ^((B7 << 1) | (B7 >> 31)) ^ AB + A0 = ((A0 ^ (((AB << 15) | (AB >> 17)) * 5) ^ C0) * 3) ^ B5 ^ (B1 & ^BE) ^ M8 + B8 = ^((B8 << 1) | (B8 >> 31)) ^ A0 + A1 = ((A1 ^ (((A0 << 15) | (A0 >> 17)) * 5) ^ CF) * 3) ^ B6 ^ (B2 & ^BF) ^ M9 + B9 = ^((B9 << 1) | (B9 >> 31)) ^ A1 + A2 = ((A2 ^ (((A1 << 15) | (A1 >> 17)) * 5) ^ CE) * 3) ^ B7 ^ (B3 & ^B0) ^ MA + BA = ^((BA << 1) | (BA >> 31)) ^ A2 + A3 = ((A3 ^ (((A2 << 15) | (A2 >> 17)) * 5) ^ CD) * 3) ^ B8 ^ (B4 & ^B1) ^ MB + BB = ^((BB << 1) | (BB >> 31)) ^ A3 + A4 = ((A4 ^ (((A3 << 15) | (A3 >> 17)) * 5) ^ CC) * 3) ^ B9 ^ (B5 & ^B2) ^ MC + BC = ^((BC << 1) | (BC >> 31)) ^ A4 + A5 = ((A5 ^ (((A4 << 15) | (A4 >> 17)) * 5) ^ CB) * 3) ^ BA ^ (B6 & ^B3) ^ MD + BD = ^((BD << 1) | (BD >> 31)) ^ A5 + A6 = ((A6 ^ (((A5 << 15) | (A5 >> 17)) * 5) ^ CA) * 3) ^ BB ^ (B7 & ^B4) ^ ME + BE = ^((BE << 1) | (BE >> 31)) ^ A6 + A7 = ((A7 ^ (((A6 << 15) | (A6 >> 17)) * 5) ^ C9) * 3) ^ BC ^ (B8 & ^B5) ^ MF + BF = ^((BF << 1) | (BF >> 31)) ^ A7 + A8 = ((A8 ^ (((A7 << 15) | (A7 >> 17)) * 5) ^ C8) * 3) ^ BD ^ (B9 & ^B6) ^ M0 + B0 = ^((B0 << 1) | (B0 >> 31)) ^ A8 + A9 = ((A9 ^ (((A8 << 15) | (A8 >> 17)) * 5) ^ C7) * 3) ^ BE ^ (BA & ^B7) ^ M1 + B1 = ^((B1 << 1) | (B1 >> 31)) ^ A9 + AA = ((AA ^ (((A9 << 15) | (A9 >> 17)) * 5) ^ C6) * 3) ^ BF ^ (BB & ^B8) ^ M2 + B2 = ^((B2 << 1) | (B2 >> 31)) ^ AA + AB = ((AB ^ (((AA << 15) | (AA >> 17)) * 5) ^ C5) * 3) ^ B0 ^ (BC & ^B9) ^ M3 + B3 = ^((B3 << 1) | (B3 >> 31)) ^ AB + A0 = ((A0 ^ (((AB << 15) | (AB >> 17)) * 5) ^ C4) * 3) ^ B1 ^ (BD & ^BA) ^ M4 + B4 = ^((B4 << 1) | (B4 >> 31)) ^ A0 + A1 = ((A1 ^ (((A0 << 15) | (A0 >> 17)) * 5) ^ C3) * 3) ^ B2 ^ (BE & ^BB) ^ M5 + B5 = ^((B5 << 1) | (B5 >> 31)) ^ A1 + A2 = ((A2 ^ (((A1 << 15) | (A1 >> 17)) * 5) ^ C2) * 3) ^ B3 ^ (BF & ^BC) ^ M6 + B6 = ^((B6 << 1) | (B6 >> 31)) ^ A2 + A3 = ((A3 ^ (((A2 << 15) | (A2 >> 17)) * 5) ^ C1) * 3) ^ B4 ^ (B0 & ^BD) ^ M7 + B7 = ^((B7 << 1) | (B7 >> 31)) ^ A3 + A4 = ((A4 ^ (((A3 << 15) | (A3 >> 17)) * 5) ^ C0) * 3) ^ B5 ^ (B1 & ^BE) ^ M8 + B8 = ^((B8 << 1) | (B8 >> 31)) ^ A4 + A5 = ((A5 ^ (((A4 << 15) | (A4 >> 17)) * 5) ^ CF) * 3) ^ B6 ^ (B2 & ^BF) ^ M9 + B9 = ^((B9 << 1) | (B9 >> 31)) ^ A5 + A6 = ((A6 ^ (((A5 << 15) | (A5 >> 17)) * 5) ^ CE) * 3) ^ B7 ^ (B3 & ^B0) ^ MA + BA = ^((BA << 1) | (BA >> 31)) ^ A6 + A7 = ((A7 ^ (((A6 << 15) | (A6 >> 17)) * 5) ^ CD) * 3) ^ B8 ^ (B4 & ^B1) ^ MB + BB = ^((BB << 1) | (BB >> 31)) ^ A7 + A8 = ((A8 ^ (((A7 << 15) | (A7 >> 17)) * 5) ^ CC) * 3) ^ B9 ^ (B5 & ^B2) ^ MC + BC = ^((BC << 1) | (BC >> 31)) ^ A8 + A9 = ((A9 ^ (((A8 << 15) | (A8 >> 17)) * 5) ^ CB) * 3) ^ BA ^ (B6 & ^B3) ^ MD + BD = ^((BD << 1) | (BD >> 31)) ^ A9 + AA = ((AA ^ (((A9 << 15) | (A9 >> 17)) * 5) ^ CA) * 3) ^ BB ^ (B7 & ^B4) ^ ME + BE = ^((BE << 1) | (BE >> 31)) ^ AA + AB = ((AB ^ (((AA << 15) | (AA >> 17)) * 5) ^ C9) * 3) ^ BC ^ (B8 & ^B5) ^ MF + BF = ^((BF << 1) | (BF >> 31)) ^ AB + + AB += C6 + CA + CE + AA += C5 + C9 + CD + A9 += C4 + C8 + CC + A8 += C3 + C7 + CB + A7 += C2 + C6 + CA + A6 += C1 + C5 + C9 + A5 += C0 + C4 + C8 + A4 += CF + C3 + C7 + A3 += CE + C2 + C6 + A2 += CD + C1 + C5 + A1 += CC + C0 + C4 + A0 += CB + CF + C3 var tmp uint32 - tmp = B0; B0 = C0 - M0; C0 = tmp; - tmp = B1; B1 = C1 - M1; C1 = tmp; - tmp = B2; B2 = C2 - M2; C2 = tmp; - tmp = B3; B3 = C3 - M3; C3 = tmp; - tmp = B4; B4 = C4 - M4; C4 = tmp; - tmp = B5; B5 = C5 - M5; C5 = tmp; - tmp = B6; B6 = C6 - M6; C6 = tmp; - tmp = B7; B7 = C7 - M7; C7 = tmp; - tmp = B8; B8 = C8 - M8; C8 = tmp; - tmp = B9; B9 = C9 - M9; C9 = tmp; - tmp = BA; BA = CA - MA; CA = tmp; - tmp = BB; BB = CB - MB; CB = tmp; - tmp = BC; BC = CC - MC; CC = tmp; - tmp = BD; BD = CD - MD; CD = tmp; - tmp = BE; BE = CE - ME; CE = tmp; - tmp = BF; BF = CF - MF; CF = tmp; + tmp = B0; B0 = C0 - M0; C0 = tmp + tmp = B1; B1 = C1 - M1; C1 = tmp + tmp = B2; B2 = C2 - M2; C2 = tmp + tmp = B3; B3 = C3 - M3; C3 = tmp + tmp = B4; B4 = C4 - M4; C4 = tmp + tmp = B5; B5 = C5 - M5; C5 = tmp + tmp = B6; B6 = C6 - M6; C6 = tmp + tmp = B7; B7 = C7 - M7; C7 = tmp + tmp = B8; B8 = C8 - M8; C8 = tmp + tmp = B9; B9 = C9 - M9; C9 = tmp + tmp = BA; BA = CA - MA; CA = tmp + tmp = BB; BB = CB - MB; CB = tmp + tmp = BC; BC = CC - MC; CC = tmp + tmp = BD; BD = CD - MD; CD = tmp + tmp = BE; BE = CE - ME; CE = tmp + tmp = BF; BF = CF - MF; CF = tmp num-- } - state[ 0] = A0; - state[ 1] = A1; - state[ 2] = A2; - state[ 3] = A3; - state[ 4] = A4; - state[ 5] = A5; - state[ 6] = A6; - state[ 7] = A7; - state[ 8] = A8; - state[ 9] = A9; - state[10] = AA; - state[11] = AB; - - state[12] = B0; - state[13] = B1; - state[14] = B2; - state[15] = B3; - state[16] = B4; - state[17] = B5; - state[18] = B6; - state[19] = B7; - state[20] = B8; - state[21] = B9; - state[22] = BA; - state[23] = BB; - state[24] = BC; - state[25] = BD; - state[26] = BE; - state[27] = BF; - - state[28] = C0; - state[29] = C1; - state[30] = C2; - state[31] = C3; - state[32] = C4; - state[33] = C5; - state[34] = C6; - state[35] = C7; - state[36] = C8; - state[37] = C9; - state[38] = CA; - state[39] = CB; - state[40] = CC; - state[41] = CD; - state[42] = CE; - state[43] = CF; + state[ 0] = A0 + state[ 1] = A1 + state[ 2] = A2 + state[ 3] = A3 + state[ 4] = A4 + state[ 5] = A5 + state[ 6] = A6 + state[ 7] = A7 + state[ 8] = A8 + state[ 9] = A9 + state[10] = AA + state[11] = AB + + state[12] = B0 + state[13] = B1 + state[14] = B2 + state[15] = B3 + state[16] = B4 + state[17] = B5 + state[18] = B6 + state[19] = B7 + state[20] = B8 + state[21] = B9 + state[22] = BA + state[23] = BB + state[24] = BC + state[25] = BD + state[26] = BE + state[27] = BF + + state[28] = C0 + state[29] = C1 + state[30] = C2 + state[31] = C3 + state[32] = C4 + state[33] = C5 + state[34] = C6 + state[35] = C7 + state[36] = C8 + state[37] = C9 + state[38] = CA + state[39] = CB + state[40] = CC + state[41] = CD + state[42] = CE + state[43] = CF } diff --git a/shavite/digest256.go b/shavite/digest256.go index 028f1c7..e6c81ab 100644 --- a/shavite/digest256.go +++ b/shavite/digest256.go @@ -98,7 +98,7 @@ func (d *digest256) checkSum() (out []byte) { if ptr == 0 { buf[0] = 0x80 for i := 1; i < 54; i++ { - buf[i] = 0; + buf[i] = 0 } cnt0 = 0 cnt1 = 0 @@ -169,150 +169,150 @@ func (d *digest256) process(data []byte, cnt0, cnt1 uint32) { var x0, x1, x2, x3 uint32 var t0, t1, t2, t3 uint32 - x0 = rk[u - 15]; - x1 = rk[u - 14]; - x2 = rk[u - 13]; - x3 = rk[u - 16]; + x0 = rk[u - 15] + x1 = rk[u - 14] + x2 = rk[u - 13] + x3 = rk[u - 16] t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ - AES3[x3 >> 24]; + AES3[x3 >> 24] t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ - AES3[x0 >> 24]; + AES3[x0 >> 24] t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ - AES3[x1 >> 24]; + AES3[x1 >> 24] t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ - AES3[x2 >> 24]; - rk[u + 0] = t0 ^ rk[u - 4]; - rk[u + 1] = t1 ^ rk[u - 3]; - rk[u + 2] = t2 ^ rk[u - 2]; - rk[u + 3] = t3 ^ rk[u - 1]; + AES3[x2 >> 24] + rk[u + 0] = t0 ^ rk[u - 4] + rk[u + 1] = t1 ^ rk[u - 3] + rk[u + 2] = t2 ^ rk[u - 2] + rk[u + 3] = t3 ^ rk[u - 1] if u == 16 { - rk[ 16] ^= cnt0; - rk[ 17] ^= ^cnt1; + rk[ 16] ^= cnt0 + rk[ 17] ^= ^cnt1 } else if (u == 56) { - rk[ 57] ^= cnt1; - rk[ 58] ^= ^cnt0; + rk[ 57] ^= cnt1 + rk[ 58] ^= ^cnt0 } - u += 4; - - x0 = rk[u - 15]; - x1 = rk[u - 14]; - x2 = rk[u - 13]; - x3 = rk[u - 16]; - t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24]; - t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24]; - t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24]; - t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24]; - rk[u + 0] = t0 ^ rk[u - 4]; - rk[u + 1] = t1 ^ rk[u - 3]; - rk[u + 2] = t2 ^ rk[u - 2]; - rk[u + 3] = t3 ^ rk[u - 1]; + u += 4 + + x0 = rk[u - 15] + x1 = rk[u - 14] + x2 = rk[u - 13] + x3 = rk[u - 16] + t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24] + t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24] + t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24] + t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24] + rk[u + 0] = t0 ^ rk[u - 4] + rk[u + 1] = t1 ^ rk[u - 3] + rk[u + 2] = t2 ^ rk[u - 2] + rk[u + 3] = t3 ^ rk[u - 1] if u == 84 { - rk[ 86] ^= cnt1; - rk[ 87] ^= ^cnt0; + rk[ 86] ^= cnt1 + rk[ 87] ^= ^cnt0 } else if (u == 124) { - rk[124] ^= cnt0; - rk[127] ^= ^cnt1; + rk[124] ^= cnt0 + rk[127] ^= ^cnt1 } - u += 4; + u += 4 } for s := 0; s < 4; s++ { - rk[u + 0] = rk[u - 16] ^ rk[u - 3]; - rk[u + 1] = rk[u - 15] ^ rk[u - 2]; - rk[u + 2] = rk[u - 14] ^ rk[u - 1]; - rk[u + 3] = rk[u - 13] ^ rk[u - 0]; - u += 4; + rk[u + 0] = rk[u - 16] ^ rk[u - 3] + rk[u + 1] = rk[u - 15] ^ rk[u - 2] + rk[u + 2] = rk[u - 14] ^ rk[u - 1] + rk[u + 3] = rk[u - 13] ^ rk[u - 0] + u += 4 } } - p0 = h[0x0]; - p1 = h[0x1]; - p2 = h[0x2]; - p3 = h[0x3]; - p4 = h[0x4]; - p5 = h[0x5]; - p6 = h[0x6]; - p7 = h[0x7]; - u = 0; + p0 = h[0x0] + p1 = h[0x1] + p2 = h[0x2] + p3 = h[0x3] + p4 = h[0x4] + p5 = h[0x5] + p6 = h[0x6] + p7 = h[0x7] + u = 0 for r := 0; r < 6; r++ { var x0, x1, x2, x3 uint32 var t0, t1, t2, t3 uint32 - x0 = p4 ^ rk[u]; u++; - x1 = p5 ^ rk[u]; u++; - x2 = p6 ^ rk[u]; u++; - x3 = p7 ^ rk[u]; u++; - t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24]; - t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24]; - t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24]; - t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24]; - x0 = t0 ^ rk[u]; u++; - x1 = t1 ^ rk[u]; u++; - x2 = t2 ^ rk[u]; u++; - x3 = t3 ^ rk[u]; u++; - t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24]; - t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24]; - t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24]; - t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24]; - x0 = t0 ^ rk[u]; u++; - x1 = t1 ^ rk[u]; u++; - x2 = t2 ^ rk[u]; u++; - x3 = t3 ^ rk[u]; u++; - t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24]; - t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24]; - t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24]; - t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24]; - p0 ^= t0; - p1 ^= t1; - p2 ^= t2; - p3 ^= t3; - - x0 = p0 ^ rk[u]; u++; - x1 = p1 ^ rk[u]; u++; - x2 = p2 ^ rk[u]; u++; - x3 = p3 ^ rk[u]; u++; - t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24]; - t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24]; - t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24]; - t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24]; - x0 = t0 ^ rk[u]; u++; - x1 = t1 ^ rk[u]; u++; - x2 = t2 ^ rk[u]; u++; - x3 = t3 ^ rk[u]; u++; - t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24]; - t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24]; - t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24]; - t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24]; - x0 = t0 ^ rk[u]; u++; - x1 = t1 ^ rk[u]; u++; - x2 = t2 ^ rk[u]; u++; - x3 = t3 ^ rk[u]; u++; - t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24]; - t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24]; - t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24]; - t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24]; - p4 ^= t0; - p5 ^= t1; - p6 ^= t2; - p7 ^= t3; + x0 = p4 ^ rk[u]; u++ + x1 = p5 ^ rk[u]; u++ + x2 = p6 ^ rk[u]; u++ + x3 = p7 ^ rk[u]; u++ + t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24] + t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24] + t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24] + t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24] + x0 = t0 ^ rk[u]; u++ + x1 = t1 ^ rk[u]; u++ + x2 = t2 ^ rk[u]; u++ + x3 = t3 ^ rk[u]; u++ + t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24] + t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24] + t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24] + t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24] + x0 = t0 ^ rk[u]; u++ + x1 = t1 ^ rk[u]; u++ + x2 = t2 ^ rk[u]; u++ + x3 = t3 ^ rk[u]; u++ + t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24] + t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24] + t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24] + t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24] + p0 ^= t0 + p1 ^= t1 + p2 ^= t2 + p3 ^= t3 + + x0 = p0 ^ rk[u]; u++ + x1 = p1 ^ rk[u]; u++ + x2 = p2 ^ rk[u]; u++ + x3 = p3 ^ rk[u]; u++ + t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24] + t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24] + t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24] + t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24] + x0 = t0 ^ rk[u]; u++ + x1 = t1 ^ rk[u]; u++ + x2 = t2 ^ rk[u]; u++ + x3 = t3 ^ rk[u]; u++ + t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24] + t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24] + t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24] + t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24] + x0 = t0 ^ rk[u]; u++ + x1 = t1 ^ rk[u]; u++ + x2 = t2 ^ rk[u]; u++ + x3 = t3 ^ rk[u]; u++ + t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24] + t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24] + t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24] + t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24] + p4 ^= t0 + p5 ^= t1 + p6 ^= t2 + p7 ^= t3 } - h[0x0] ^= p0; - h[0x1] ^= p1; - h[0x2] ^= p2; - h[0x3] ^= p3; - h[0x4] ^= p4; - h[0x5] ^= p5; - h[0x6] ^= p6; - h[0x7] ^= p7; + h[0x0] ^= p0 + h[0x1] ^= p1 + h[0x2] ^= p2 + h[0x3] ^= p3 + h[0x4] ^= p4 + h[0x5] ^= p5 + h[0x6] ^= p6 + h[0x7] ^= p7 } diff --git a/shavite/digest512.go b/shavite/digest512.go index 711f982..b3dee55 100644 --- a/shavite/digest512.go +++ b/shavite/digest512.go @@ -170,10 +170,10 @@ func (d *digest512) process(data []byte, cnt0, cnt1, cnt2 uint32) { rk := &d.rk for u = 0; u < 32; u += 4 { - rk[u + 0] = getu32(data[(u << 2) + 0:]); - rk[u + 1] = getu32(data[(u << 2) + 4:]); - rk[u + 2] = getu32(data[(u << 2) + 8:]); - rk[u + 3] = getu32(data[(u << 2) + 12:]); + rk[u + 0] = getu32(data[(u << 2) + 0:]) + rk[u + 1] = getu32(data[(u << 2) + 4:]) + rk[u + 2] = getu32(data[(u << 2) + 8:]) + rk[u + 3] = getu32(data[(u << 2) + 12:]) } for { @@ -181,203 +181,203 @@ func (d *digest512) process(data []byte, cnt0, cnt1, cnt2 uint32) { var x0, x1, x2, x3 uint32 var t0, t1, t2, t3 uint32 - x0 = rk[u - 31]; - x1 = rk[u - 30]; - x2 = rk[u - 29]; - x3 = rk[u - 32]; - t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24]; - t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24]; - t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24]; - t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24]; - rk[u + 0] = t0 ^ rk[u - 4]; - rk[u + 1] = t1 ^ rk[u - 3]; - rk[u + 2] = t2 ^ rk[u - 2]; - rk[u + 3] = t3 ^ rk[u - 1]; + x0 = rk[u - 31] + x1 = rk[u - 30] + x2 = rk[u - 29] + x3 = rk[u - 32] + t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24] + t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24] + t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24] + t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24] + rk[u + 0] = t0 ^ rk[u - 4] + rk[u + 1] = t1 ^ rk[u - 3] + rk[u + 2] = t2 ^ rk[u - 2] + rk[u + 3] = t3 ^ rk[u - 1] if u == 32 { - rk[ 32] ^= cnt0; - rk[ 33] ^= cnt1; - rk[ 34] ^= cnt2; - // rk[ 35] ^= ^0; + rk[ 32] ^= cnt0 + rk[ 33] ^= cnt1 + rk[ 34] ^= cnt2 + // rk[ 35] ^= ^0 tmp35 := ^0 - rk[ 35] ^= uint32(tmp35); + rk[ 35] ^= uint32(tmp35) } else if u == 440 { - rk[440] ^= cnt1; - rk[441] ^= cnt0; - // rk[442] ^= 0; - rk[443] ^= ^cnt2; + rk[440] ^= cnt1 + rk[441] ^= cnt0 + // rk[442] ^= 0 + rk[443] ^= ^cnt2 } - u += 4; - - x0 = rk[u - 31]; - x1 = rk[u - 30]; - x2 = rk[u - 29]; - x3 = rk[u - 32]; - t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24]; - t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24]; - t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24]; - t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24]; - rk[u + 0] = t0 ^ rk[u - 4]; - rk[u + 1] = t1 ^ rk[u - 3]; - rk[u + 2] = t2 ^ rk[u - 2]; - rk[u + 3] = t3 ^ rk[u - 1]; + u += 4 + + x0 = rk[u - 31] + x1 = rk[u - 30] + x2 = rk[u - 29] + x3 = rk[u - 32] + t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24] + t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24] + t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24] + t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24] + rk[u + 0] = t0 ^ rk[u - 4] + rk[u + 1] = t1 ^ rk[u - 3] + rk[u + 2] = t2 ^ rk[u - 2] + rk[u + 3] = t3 ^ rk[u - 1] if u == 164 { - // rk[164] ^= 0; - rk[165] ^= cnt2; - rk[166] ^= cnt1; - rk[167] ^= ^cnt0; + // rk[164] ^= 0 + rk[165] ^= cnt2 + rk[166] ^= cnt1 + rk[167] ^= ^cnt0 } else if u == 316 { - rk[316] ^= cnt2; - //rk[317] ^= 0; - rk[318] ^= cnt0; - rk[319] ^= ^cnt1; + rk[316] ^= cnt2 + //rk[317] ^= 0 + rk[318] ^= cnt0 + rk[319] ^= ^cnt1 } - u += 4; + u += 4 } if u == 448 { - break; + break } for s := 0; s < 8; s++ { - rk[u + 0] = rk[u - 32] ^ rk[u - 7]; - rk[u + 1] = rk[u - 31] ^ rk[u - 6]; - rk[u + 2] = rk[u - 30] ^ rk[u - 5]; - rk[u + 3] = rk[u - 29] ^ rk[u - 4]; - u += 4; + rk[u + 0] = rk[u - 32] ^ rk[u - 7] + rk[u + 1] = rk[u - 31] ^ rk[u - 6] + rk[u + 2] = rk[u - 30] ^ rk[u - 5] + rk[u + 3] = rk[u - 29] ^ rk[u - 4] + u += 4 } } - p0 = h[0x0]; - p1 = h[0x1]; - p2 = h[0x2]; - p3 = h[0x3]; - p4 = h[0x4]; - p5 = h[0x5]; - p6 = h[0x6]; - p7 = h[0x7]; - p8 = h[0x8]; - p9 = h[0x9]; - pA = h[0xA]; - pB = h[0xB]; - pC = h[0xC]; - pD = h[0xD]; - pE = h[0xE]; - pF = h[0xF]; - u = 0; + p0 = h[0x0] + p1 = h[0x1] + p2 = h[0x2] + p3 = h[0x3] + p4 = h[0x4] + p5 = h[0x5] + p6 = h[0x6] + p7 = h[0x7] + p8 = h[0x8] + p9 = h[0x9] + pA = h[0xA] + pB = h[0xB] + pC = h[0xC] + pD = h[0xD] + pE = h[0xE] + pF = h[0xF] + u = 0 for r := 0; r < 14; r++ { var x0, x1, x2, x3 uint32 var t0, t1, t2, t3 uint32 - x0 = p4 ^ rk[u]; u++; - x1 = p5 ^ rk[u]; u++; - x2 = p6 ^ rk[u]; u++; - x3 = p7 ^ rk[u]; u++; - t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24]; - t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24]; - t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24]; - t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24]; - x0 = t0 ^ rk[u]; u++; - x1 = t1 ^ rk[u]; u++; - x2 = t2 ^ rk[u]; u++; - x3 = t3 ^ rk[u]; u++; - t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24]; - t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24]; - t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24]; - t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24]; - x0 = t0 ^ rk[u]; u++; - x1 = t1 ^ rk[u]; u++; - x2 = t2 ^ rk[u]; u++; - x3 = t3 ^ rk[u]; u++; - t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24]; - t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24]; - t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24]; - t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24]; - x0 = t0 ^ rk[u]; u++; - x1 = t1 ^ rk[u]; u++; - x2 = t2 ^ rk[u]; u++; - x3 = t3 ^ rk[u]; u++; - t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24]; - t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24]; - t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24]; - t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24]; - p0 ^= t0; - p1 ^= t1; - p2 ^= t2; - p3 ^= t3; - - x0 = pC ^ rk[u]; u++; - x1 = pD ^ rk[u]; u++; - x2 = pE ^ rk[u]; u++; - x3 = pF ^ rk[u]; u++; - t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24]; - t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24]; - t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24]; - t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24]; - x0 = t0 ^ rk[u]; u++; - x1 = t1 ^ rk[u]; u++; - x2 = t2 ^ rk[u]; u++; - x3 = t3 ^ rk[u]; u++; - t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24]; - t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24]; - t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24]; - t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24]; - x0 = t0 ^ rk[u]; u++; - x1 = t1 ^ rk[u]; u++; - x2 = t2 ^ rk[u]; u++; - x3 = t3 ^ rk[u]; u++; - t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24]; - t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24]; - t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24]; - t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24]; - x0 = t0 ^ rk[u]; u++; - x1 = t1 ^ rk[u]; u++; - x2 = t2 ^ rk[u]; u++; - x3 = t3 ^ rk[u]; u++; - t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24]; - t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24]; - t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24]; - t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24]; - p8 ^= t0; - p9 ^= t1; - pA ^= t2; - pB ^= t3; - - var tmp = pC; - pC = p8; - p8 = p4; - p4 = p0; - p0 = tmp; - tmp = pD; - pD = p9; - p9 = p5; - p5 = p1; - p1 = tmp; - tmp = pE; - pE = pA; - pA = p6; - p6 = p2; - p2 = tmp; - tmp = pF; - pF = pB; - pB = p7; - p7 = p3; - p3 = tmp; + x0 = p4 ^ rk[u]; u++ + x1 = p5 ^ rk[u]; u++ + x2 = p6 ^ rk[u]; u++ + x3 = p7 ^ rk[u]; u++ + t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24] + t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24] + t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24] + t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24] + x0 = t0 ^ rk[u]; u++ + x1 = t1 ^ rk[u]; u++ + x2 = t2 ^ rk[u]; u++ + x3 = t3 ^ rk[u]; u++ + t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24] + t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24] + t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24] + t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24] + x0 = t0 ^ rk[u]; u++ + x1 = t1 ^ rk[u]; u++ + x2 = t2 ^ rk[u]; u++ + x3 = t3 ^ rk[u]; u++ + t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24] + t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24] + t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24] + t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24] + x0 = t0 ^ rk[u]; u++ + x1 = t1 ^ rk[u]; u++ + x2 = t2 ^ rk[u]; u++ + x3 = t3 ^ rk[u]; u++ + t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24] + t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24] + t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24] + t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24] + p0 ^= t0 + p1 ^= t1 + p2 ^= t2 + p3 ^= t3 + + x0 = pC ^ rk[u]; u++ + x1 = pD ^ rk[u]; u++ + x2 = pE ^ rk[u]; u++ + x3 = pF ^ rk[u]; u++ + t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24] + t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24] + t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24] + t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24] + x0 = t0 ^ rk[u]; u++ + x1 = t1 ^ rk[u]; u++ + x2 = t2 ^ rk[u]; u++ + x3 = t3 ^ rk[u]; u++ + t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24] + t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24] + t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24] + t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24] + x0 = t0 ^ rk[u]; u++ + x1 = t1 ^ rk[u]; u++ + x2 = t2 ^ rk[u]; u++ + x3 = t3 ^ rk[u]; u++ + t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24] + t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24] + t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24] + t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24] + x0 = t0 ^ rk[u]; u++ + x1 = t1 ^ rk[u]; u++ + x2 = t2 ^ rk[u]; u++ + x3 = t3 ^ rk[u]; u++ + t0 = AES0[x0 & 0xFF] ^ AES1[(x1 >> 8) & 0xFF] ^ AES2[(x2 >> 16) & 0xFF] ^ AES3[x3 >> 24] + t1 = AES0[x1 & 0xFF] ^ AES1[(x2 >> 8) & 0xFF] ^ AES2[(x3 >> 16) & 0xFF] ^ AES3[x0 >> 24] + t2 = AES0[x2 & 0xFF] ^ AES1[(x3 >> 8) & 0xFF] ^ AES2[(x0 >> 16) & 0xFF] ^ AES3[x1 >> 24] + t3 = AES0[x3 & 0xFF] ^ AES1[(x0 >> 8) & 0xFF] ^ AES2[(x1 >> 16) & 0xFF] ^ AES3[x2 >> 24] + p8 ^= t0 + p9 ^= t1 + pA ^= t2 + pB ^= t3 + + var tmp = pC + pC = p8 + p8 = p4 + p4 = p0 + p0 = tmp + tmp = pD + pD = p9 + p9 = p5 + p5 = p1 + p1 = tmp + tmp = pE + pE = pA + pA = p6 + p6 = p2 + p2 = tmp + tmp = pF + pF = pB + pB = p7 + p7 = p3 + p3 = tmp } - h[0x0] ^= p0; - h[0x1] ^= p1; - h[0x2] ^= p2; - h[0x3] ^= p3; - h[0x4] ^= p4; - h[0x5] ^= p5; - h[0x6] ^= p6; - h[0x7] ^= p7; - h[0x8] ^= p8; - h[0x9] ^= p9; - h[0xA] ^= pA; - h[0xB] ^= pB; - h[0xC] ^= pC; - h[0xD] ^= pD; - h[0xE] ^= pE; - h[0xF] ^= pF; + h[0x0] ^= p0 + h[0x1] ^= p1 + h[0x2] ^= p2 + h[0x3] ^= p3 + h[0x4] ^= p4 + h[0x5] ^= p5 + h[0x6] ^= p6 + h[0x7] ^= p7 + h[0x8] ^= p8 + h[0x9] ^= p9 + h[0xA] ^= pA + h[0xB] ^= pB + h[0xC] ^= pC + h[0xD] ^= pD + h[0xE] ^= pE + h[0xF] ^= pF } diff --git a/simd/digest256.go b/simd/digest256.go index 68298e4..03de6c4 100644 --- a/simd/digest256.go +++ b/simd/digest256.go @@ -129,122 +129,122 @@ func (d *digest256) compress(x []byte, last bool) { state := &d.state tmpState := &d.tmpState - d.fft32(x, 0 + (1 * 0), 1 << 2, 0 + 0); - d.fft32(x, 0 + (1 * 2), 1 << 2, 0 + 32); + d.fft32(x, 0 + (1 * 0), 1 << 2, 0 + 0) + d.fft32(x, 0 + (1 * 2), 1 << 2, 0 + 32) - var m = q[0]; - var n = q[0 + 32]; + var m = q[0] + var n = q[0 + 32] - q[0] = m + n; - q[0 + 32] = m - n; + q[0] = m + n + q[0 + 32] = m - n for u, v := 0, 0; u < 32; u, v = u + 4, v + 4 * 4 { var t int32 if u != 0 { - m = q[0 + u + 0]; - n = q[0 + u + 0 + 32]; - t = (((n * alphaTab256[v + 0 * 4]) & 0xFFFF) + ((n * alphaTab256[v + 0 * 4]) >> 16)); - q[0 + u + 0] = m + t; - q[0 + u + 0 + 32] = m - t; + m = q[0 + u + 0] + n = q[0 + u + 0 + 32] + t = (((n * alphaTab256[v + 0 * 4]) & 0xFFFF) + ((n * alphaTab256[v + 0 * 4]) >> 16)) + q[0 + u + 0] = m + t + q[0 + u + 0 + 32] = m - t } - m = q[0 + u + 1]; - n = q[0 + u + 1 + 32]; - t = (((n * alphaTab256[v + 1 * 4]) & 0xFFFF) + ((n * alphaTab256[v + 1 * 4]) >> 16)); - q[0 + u + 1] = m + t; - q[0 + u + 1 + 32] = m - t; - - m = q[0 + u + 2]; - n = q[0 + u + 2 + 32]; - t = (((n * alphaTab256[v + 2 * 4]) & 0xFFFF) + ((n * alphaTab256[v + 2 * 4]) >> 16)); - q[0 + u + 2] = m + t; - q[0 + u + 2 + 32] = m - t; - - m = q[0 + u + 3]; - n = q[0 + u + 3 + 32]; - t = (((n * alphaTab256[v + 3 * 4]) & 0xFFFF) + ((n * alphaTab256[v + 3 * 4]) >> 16)); - q[0 + u + 3] = m + t; - q[0 + u + 3 + 32] = m - t; + m = q[0 + u + 1] + n = q[0 + u + 1 + 32] + t = (((n * alphaTab256[v + 1 * 4]) & 0xFFFF) + ((n * alphaTab256[v + 1 * 4]) >> 16)) + q[0 + u + 1] = m + t + q[0 + u + 1 + 32] = m - t + + m = q[0 + u + 2] + n = q[0 + u + 2 + 32] + t = (((n * alphaTab256[v + 2 * 4]) & 0xFFFF) + ((n * alphaTab256[v + 2 * 4]) >> 16)) + q[0 + u + 2] = m + t + q[0 + u + 2 + 32] = m - t + + m = q[0 + u + 3] + n = q[0 + u + 3 + 32] + t = (((n * alphaTab256[v + 3 * 4]) & 0xFFFF) + ((n * alphaTab256[v + 3 * 4]) >> 16)) + q[0 + u + 3] = m + t + q[0 + u + 3 + 32] = m - t } - d.fft32(x, 0 + (1 * 1), 1 << 2, 0 + 64); - d.fft32(x, 0 + (1 * 3), 1 << 2, 0 + 96); + d.fft32(x, 0 + (1 * 1), 1 << 2, 0 + 64) + d.fft32(x, 0 + (1 * 3), 1 << 2, 0 + 96) - m = q[(0 + 64)]; - n = q[(0 + 64) + 32]; + m = q[(0 + 64)] + n = q[(0 + 64) + 32] - q[(0 + 64)] = m + n; - q[(0 + 64) + 32] = m - n; + q[(0 + 64)] = m + n + q[(0 + 64) + 32] = m - n for u, v := 0, 0; u < 32; u, v = u + 4, v + 4 * 4 { var t int32 if u != 0 { - m = q[(0 + 64) + u + 0]; - n = q[(0 + 64) + u + 0 + 32]; - t = (((n * alphaTab256[v + 0 * 4]) & 0xFFFF) + ((n * alphaTab256[v + 0 * 4]) >> 16)); - q[(0 + 64) + u + 0] = m + t; - q[(0 + 64) + u + 0 + 32] = m - t; + m = q[(0 + 64) + u + 0] + n = q[(0 + 64) + u + 0 + 32] + t = (((n * alphaTab256[v + 0 * 4]) & 0xFFFF) + ((n * alphaTab256[v + 0 * 4]) >> 16)) + q[(0 + 64) + u + 0] = m + t + q[(0 + 64) + u + 0 + 32] = m - t } - m = q[(0 + 64) + u + 1]; - n = q[(0 + 64) + u + 1 + 32]; - t = (((n * alphaTab256[v + 1 * 4]) & 0xFFFF) + ((n * alphaTab256[v + 1 * 4]) >> 16)); - q[(0 + 64) + u + 1] = m + t; - q[(0 + 64) + u + 1 + 32] = m - t; - - m = q[(0 + 64) + u + 2]; - n = q[(0 + 64) + u + 2 + 32]; - t = (((n * alphaTab256[v + 2 * 4]) & 0xFFFF) + ((n * alphaTab256[v + 2 * 4]) >> 16)); - q[(0 + 64) + u + 2] = m + t; - q[(0 + 64) + u + 2 + 32] = m - t; - - m = q[(0 + 64) + u + 3]; - n = q[(0 + 64) + u + 3 + 32]; - t = (((n * alphaTab256[v + 3 * 4]) & 0xFFFF) + ((n * alphaTab256[v + 3 * 4]) >> 16)); - q[(0 + 64) + u + 3] = m + t; - q[(0 + 64) + u + 3 + 32] = m - t; + m = q[(0 + 64) + u + 1] + n = q[(0 + 64) + u + 1 + 32] + t = (((n * alphaTab256[v + 1 * 4]) & 0xFFFF) + ((n * alphaTab256[v + 1 * 4]) >> 16)) + q[(0 + 64) + u + 1] = m + t + q[(0 + 64) + u + 1 + 32] = m - t + + m = q[(0 + 64) + u + 2] + n = q[(0 + 64) + u + 2 + 32] + t = (((n * alphaTab256[v + 2 * 4]) & 0xFFFF) + ((n * alphaTab256[v + 2 * 4]) >> 16)) + q[(0 + 64) + u + 2] = m + t + q[(0 + 64) + u + 2 + 32] = m - t + + m = q[(0 + 64) + u + 3] + n = q[(0 + 64) + u + 3 + 32] + t = (((n * alphaTab256[v + 3 * 4]) & 0xFFFF) + ((n * alphaTab256[v + 3 * 4]) >> 16)) + q[(0 + 64) + u + 3] = m + t + q[(0 + 64) + u + 3 + 32] = m - t } - m = q[0]; - n = q[0 + 64]; - q[0] = m + n; - q[0 + 64] = m - n; + m = q[0] + n = q[0 + 64] + q[0] = m + n + q[0 + 64] = m - n for u, v := 0, 0; u < 64; u, v = u + 4, v + 4 * 2 { var t int32 if u != 0 { - m = q[0 + u + 0]; - n = q[0 + u + 0 + 64]; - t = (((n * alphaTab256[v + 0 * 2]) & 0xFFFF) + ((n * alphaTab256[v + 0 * 2]) >> 16)); - q[0 + u + 0] = m + t; - q[0 + u + 0 + 64] = m - t; + m = q[0 + u + 0] + n = q[0 + u + 0 + 64] + t = (((n * alphaTab256[v + 0 * 2]) & 0xFFFF) + ((n * alphaTab256[v + 0 * 2]) >> 16)) + q[0 + u + 0] = m + t + q[0 + u + 0 + 64] = m - t } - m = q[0 + u + 1]; - n = q[0 + u + 1 + 64]; - t = (((n * alphaTab256[v + 1 * 2]) & 0xFFFF) + ((n * alphaTab256[v + 1 * 2]) >> 16)); - q[0 + u + 1] = m + t; - q[0 + u + 1 + 64] = m - t; - - m = q[0 + u + 2]; - n = q[0 + u + 2 + 64]; - t = (((n * alphaTab256[v + 2 * 2]) & 0xFFFF) + ((n * alphaTab256[v + 2 * 2]) >> 16)); - q[0 + u + 2] = m + t; - q[0 + u + 2 + 64] = m - t; - - m = q[0 + u + 3]; - n = q[0 + u + 3 + 64]; - t = (((n * alphaTab256[v + 3 * 2]) & 0xFFFF) + ((n * alphaTab256[v + 3 * 2]) >> 16)); - q[0 + u + 3] = m + t; - q[0 + u + 3 + 64] = m - t; + m = q[0 + u + 1] + n = q[0 + u + 1 + 64] + t = (((n * alphaTab256[v + 1 * 2]) & 0xFFFF) + ((n * alphaTab256[v + 1 * 2]) >> 16)) + q[0 + u + 1] = m + t + q[0 + u + 1 + 64] = m - t + + m = q[0 + u + 2] + n = q[0 + u + 2 + 64] + t = (((n * alphaTab256[v + 2 * 2]) & 0xFFFF) + ((n * alphaTab256[v + 2 * 2]) >> 16)) + q[0 + u + 2] = m + t + q[0 + u + 2 + 64] = m - t + + m = q[0 + u + 3] + n = q[0 + u + 3 + 64] + t = (((n * alphaTab256[v + 3 * 2]) & 0xFFFF) + ((n * alphaTab256[v + 3 * 2]) >> 16)) + q[0 + u + 3] = m + t + q[0 + u + 3 + 64] = m - t } if last { for i := 0; i < 128; i++ { - var tq = q[i] + yoffF256[i]; - tq = ((tq & 0xFFFF) + (tq >> 16)); - tq = ((tq & 0xFF) - (tq >> 8)); - tq = ((tq & 0xFF) - (tq >> 8)); + var tq = q[i] + yoffF256[i] + tq = ((tq & 0xFFFF) + (tq >> 16)) + tq = ((tq & 0xFF) - (tq >> 8)) + tq = ((tq & 0xFF) - (tq >> 8)) if tq <= 128 { q[i] = tq @@ -254,10 +254,10 @@ func (d *digest256) compress(x []byte, last bool) { } } else { for i := 0; i < 128; i++ { - var tq = q[i] + yoffN256[i]; - tq = ((tq & 0xFFFF) + (tq >> 16)); - tq = ((tq & 0xFF) - (tq >> 8)); - tq = ((tq & 0xFF) - (tq >> 8)); + var tq = q[i] + yoffN256[i] + tq = ((tq & 0xFFFF) + (tq >> 16)) + tq = ((tq & 0xFF) - (tq >> 8)) + tq = ((tq & 0xFF) - (tq >> 8)) if tq <= 128 { q[i] = tq @@ -270,171 +270,171 @@ func (d *digest256) compress(x []byte, last bool) { copy(tmpState[:], state[:]) for i := 0; i < 16; i += 4 { - state[i + 0] ^= getu32(x[4 * (i + 0):]); - state[i + 1] ^= getu32(x[4 * (i + 1):]); - state[i + 2] ^= getu32(x[4 * (i + 2):]); - state[i + 3] ^= getu32(x[4 * (i + 3):]); + state[i + 0] ^= getu32(x[4 * (i + 0):]) + state[i + 1] ^= getu32(x[4 * (i + 1):]) + state[i + 2] ^= getu32(x[4 * (i + 2):]) + state[i + 3] ^= getu32(x[4 * (i + 3):]) } for u := 0; u < 32; u += 4 { - var v = wsp256[(u >> 2) + 0]; - w[u + 0] = ((uint32((q[v + 2 * 0 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 0 + 1]) * 185) << 16)); - w[u + 1] = ((uint32((q[v + 2 * 1 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 1 + 1]) * 185) << 16)); - w[u + 2] = ((uint32((q[v + 2 * 2 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 2 + 1]) * 185) << 16)); - w[u + 3] = ((uint32((q[v + 2 * 3 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 3 + 1]) * 185) << 16)); - }; + var v = wsp256[(u >> 2) + 0] + w[u + 0] = ((uint32((q[v + 2 * 0 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 0 + 1]) * 185) << 16)) + w[u + 1] = ((uint32((q[v + 2 * 1 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 1 + 1]) * 185) << 16)) + w[u + 2] = ((uint32((q[v + 2 * 2 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 2 + 1]) * 185) << 16)) + w[u + 3] = ((uint32((q[v + 2 * 3 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 3 + 1]) * 185) << 16)) + } d.oneRound(0, 3, 23, 17, 27) for u := 0; u < 32; u += 4 { - var v = wsp256[(u >> 2) + 8]; - w[u + 0] = ((uint32((q[v + 2 * 0 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 0 + 1]) * 185) << 16)); - w[u + 1] = ((uint32((q[v + 2 * 1 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 1 + 1]) * 185) << 16)); - w[u + 2] = ((uint32((q[v + 2 * 2 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 2 + 1]) * 185) << 16)); - w[u + 3] = ((uint32((q[v + 2 * 3 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 3 + 1]) * 185) << 16)); - }; - d.oneRound(2, 28, 19, 22, 7); + var v = wsp256[(u >> 2) + 8] + w[u + 0] = ((uint32((q[v + 2 * 0 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 0 + 1]) * 185) << 16)) + w[u + 1] = ((uint32((q[v + 2 * 1 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 1 + 1]) * 185) << 16)) + w[u + 2] = ((uint32((q[v + 2 * 2 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 2 + 1]) * 185) << 16)) + w[u + 3] = ((uint32((q[v + 2 * 3 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 3 + 1]) * 185) << 16)) + } + d.oneRound(2, 28, 19, 22, 7) for u := 0; u < 32; u += 4 { - var v = wsp256[(u >> 2) + 16]; - w[u + 0] = ((uint32((q[v + 2 * 0 + -128]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 0 + -64]) * 233) << 16)); - w[u + 1] = ((uint32((q[v + 2 * 1 + -128]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 1 + -64]) * 233) << 16)); - w[u + 2] = ((uint32((q[v + 2 * 2 + -128]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 2 + -64]) * 233) << 16)); - w[u + 3] = ((uint32((q[v + 2 * 3 + -128]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 3 + -64]) * 233) << 16)); - }; - d.oneRound(1, 29, 9, 15, 5); + var v = wsp256[(u >> 2) + 16] + w[u + 0] = ((uint32((q[v + 2 * 0 + -128]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 0 + -64]) * 233) << 16)) + w[u + 1] = ((uint32((q[v + 2 * 1 + -128]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 1 + -64]) * 233) << 16)) + w[u + 2] = ((uint32((q[v + 2 * 2 + -128]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 2 + -64]) * 233) << 16)) + w[u + 3] = ((uint32((q[v + 2 * 3 + -128]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 3 + -64]) * 233) << 16)) + } + d.oneRound(1, 29, 9, 15, 5) for u := 0; u < 32; u += 4 { - var v = wsp256[(u >> 2) + 24]; - w[u + 0] = ((uint32((q[v + 2 * 0 + -191]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 0 + -127]) * 233) << 16)); - w[u + 1] = ((uint32((q[v + 2 * 1 + -191]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 1 + -127]) * 233) << 16)); - w[u + 2] = ((uint32((q[v + 2 * 2 + -191]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 2 + -127]) * 233) << 16)); - w[u + 3] = ((uint32((q[v + 2 * 3 + -191]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 3 + -127]) * 233) << 16)); - }; - d.oneRound(0, 4, 13, 10, 25); + var v = wsp256[(u >> 2) + 24] + w[u + 0] = ((uint32((q[v + 2 * 0 + -191]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 0 + -127]) * 233) << 16)) + w[u + 1] = ((uint32((q[v + 2 * 1 + -191]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 1 + -127]) * 233) << 16)) + w[u + 2] = ((uint32((q[v + 2 * 2 + -191]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 2 + -127]) * 233) << 16)) + w[u + 3] = ((uint32((q[v + 2 * 3 + -191]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 3 + -127]) * 233) << 16)) + } + d.oneRound(0, 4, 13, 10, 25) { - var tA0 = circularLeft(state[0], 4); - var tA1 = circularLeft(state[1], 4); - var tA2 = circularLeft(state[2], 4); - var tA3 = circularLeft(state[3], 4); + var tA0 = circularLeft(state[0], 4) + var tA1 = circularLeft(state[1], 4) + var tA2 = circularLeft(state[2], 4) + var tA3 = circularLeft(state[3], 4) var tmp uint32 - tmp = state[12] + (tmpState[0]) + (((state[4] ^ state[8]) & state[0]) ^ state[8]); - state[0] = circularLeft(tmp, 13) + tA3; - state[12] = state[8]; - state[8] = state[4]; - state[4] = tA0; - - tmp = state[13] + (tmpState[1]) + (((state[5] ^ state[9]) & state[1]) ^ state[9]); - state[1] = circularLeft(tmp, 13) + tA2; - state[13] = state[9]; - state[9] = state[5]; - state[5] = tA1; - - tmp = state[14] + (tmpState[2]) + (((state[6] ^ state[10]) & state[2]) ^ state[10]); - state[2] = circularLeft(tmp, 13) + tA1; - state[14] = state[10]; - state[10] = state[6]; - state[6] = tA2; - - tmp = state[15] + (tmpState[3]) + (((state[7] ^ state[11]) & state[3]) ^ state[11]); - state[3] = circularLeft(tmp, 13) + tA0; - state[15] = state[11]; - state[11] = state[7]; - state[7] = tA3; + tmp = state[12] + (tmpState[0]) + (((state[4] ^ state[8]) & state[0]) ^ state[8]) + state[0] = circularLeft(tmp, 13) + tA3 + state[12] = state[8] + state[8] = state[4] + state[4] = tA0 + + tmp = state[13] + (tmpState[1]) + (((state[5] ^ state[9]) & state[1]) ^ state[9]) + state[1] = circularLeft(tmp, 13) + tA2 + state[13] = state[9] + state[9] = state[5] + state[5] = tA1 + + tmp = state[14] + (tmpState[2]) + (((state[6] ^ state[10]) & state[2]) ^ state[10]) + state[2] = circularLeft(tmp, 13) + tA1 + state[14] = state[10] + state[10] = state[6] + state[6] = tA2 + + tmp = state[15] + (tmpState[3]) + (((state[7] ^ state[11]) & state[3]) ^ state[11]) + state[3] = circularLeft(tmp, 13) + tA0 + state[15] = state[11] + state[11] = state[7] + state[7] = tA3 } { - var tA0 = circularLeft(state[0], 13); - var tA1 = circularLeft(state[1], 13); - var tA2 = circularLeft(state[2], 13); - var tA3 = circularLeft(state[3], 13); + var tA0 = circularLeft(state[0], 13) + var tA1 = circularLeft(state[1], 13) + var tA2 = circularLeft(state[2], 13) + var tA3 = circularLeft(state[3], 13) var tmp uint32 - tmp = state[12] + (tmpState[4]) + (((state[4] ^ state[8]) & state[0]) ^ state[8]); - state[0] = circularLeft(tmp, 10) + tA1; - state[12] = state[8]; - state[8] = state[4]; - state[4] = tA0; - - tmp = state[13] + (tmpState[5]) + (((state[5] ^ state[9]) & state[1]) ^ state[9]); - state[1] = circularLeft(tmp, 10) + tA0; - state[13] = state[9]; - state[9] = state[5]; - state[5] = tA1; - - tmp = state[14] + (tmpState[6]) + (((state[6] ^ state[10]) & state[2]) ^ state[10]); - state[2] = circularLeft(tmp, 10) + tA3; - state[14] = state[10]; - state[10] = state[6]; - state[6] = tA2; - - tmp = state[15] + (tmpState[7]) + (((state[7] ^ state[11]) & state[3]) ^ state[11]); - state[3] = circularLeft(tmp, 10) + tA2; - state[15] = state[11]; - state[11] = state[7]; - state[7] = tA3; + tmp = state[12] + (tmpState[4]) + (((state[4] ^ state[8]) & state[0]) ^ state[8]) + state[0] = circularLeft(tmp, 10) + tA1 + state[12] = state[8] + state[8] = state[4] + state[4] = tA0 + + tmp = state[13] + (tmpState[5]) + (((state[5] ^ state[9]) & state[1]) ^ state[9]) + state[1] = circularLeft(tmp, 10) + tA0 + state[13] = state[9] + state[9] = state[5] + state[5] = tA1 + + tmp = state[14] + (tmpState[6]) + (((state[6] ^ state[10]) & state[2]) ^ state[10]) + state[2] = circularLeft(tmp, 10) + tA3 + state[14] = state[10] + state[10] = state[6] + state[6] = tA2 + + tmp = state[15] + (tmpState[7]) + (((state[7] ^ state[11]) & state[3]) ^ state[11]) + state[3] = circularLeft(tmp, 10) + tA2 + state[15] = state[11] + state[11] = state[7] + state[7] = tA3 } { - var tA0 = circularLeft(state[0], 10); - var tA1 = circularLeft(state[1], 10); - var tA2 = circularLeft(state[2], 10); - var tA3 = circularLeft(state[3], 10); + var tA0 = circularLeft(state[0], 10) + var tA1 = circularLeft(state[1], 10) + var tA2 = circularLeft(state[2], 10) + var tA3 = circularLeft(state[3], 10) var tmp uint32 - tmp = state[12] + (tmpState[8]) + (((state[4] ^ state[8]) & state[0]) ^ state[8]); - state[0] = circularLeft(tmp, 25) + tA2; - state[12] = state[8]; - state[8] = state[4]; - state[4] = tA0; - - tmp = state[13] + (tmpState[9]) + (((state[5] ^ state[9]) & state[1]) ^ state[9]); - state[1] = circularLeft(tmp, 25) + tA3; - state[13] = state[9]; - state[9] = state[5]; - state[5] = tA1; - - tmp = state[14] + (tmpState[10]) + (((state[6] ^ state[10]) & state[2]) ^ state[10]); - state[2] = circularLeft(tmp, 25) + tA0; - state[14] = state[10]; - state[10] = state[6]; - state[6] = tA2; - - tmp = state[15] + (tmpState[11]) + (((state[7] ^ state[11]) & state[3]) ^ state[11]); - state[3] = circularLeft(tmp, 25) + tA1; - state[15] = state[11]; - state[11] = state[7]; - state[7] = tA3; + tmp = state[12] + (tmpState[8]) + (((state[4] ^ state[8]) & state[0]) ^ state[8]) + state[0] = circularLeft(tmp, 25) + tA2 + state[12] = state[8] + state[8] = state[4] + state[4] = tA0 + + tmp = state[13] + (tmpState[9]) + (((state[5] ^ state[9]) & state[1]) ^ state[9]) + state[1] = circularLeft(tmp, 25) + tA3 + state[13] = state[9] + state[9] = state[5] + state[5] = tA1 + + tmp = state[14] + (tmpState[10]) + (((state[6] ^ state[10]) & state[2]) ^ state[10]) + state[2] = circularLeft(tmp, 25) + tA0 + state[14] = state[10] + state[10] = state[6] + state[6] = tA2 + + tmp = state[15] + (tmpState[11]) + (((state[7] ^ state[11]) & state[3]) ^ state[11]) + state[3] = circularLeft(tmp, 25) + tA1 + state[15] = state[11] + state[11] = state[7] + state[7] = tA3 } { - var tA0 = circularLeft(state[0], 25); - var tA1 = circularLeft(state[1], 25); - var tA2 = circularLeft(state[2], 25); - var tA3 = circularLeft(state[3], 25); + var tA0 = circularLeft(state[0], 25) + var tA1 = circularLeft(state[1], 25) + var tA2 = circularLeft(state[2], 25) + var tA3 = circularLeft(state[3], 25) var tmp uint32 - tmp = state[12] + (tmpState[12]) + (((state[4] ^ state[8]) & state[0]) ^ state[8]); - state[0] = circularLeft(tmp, 4) + tA3; - state[12] = state[8]; - state[8] = state[4]; - state[4] = tA0; - - tmp = state[13] + (tmpState[13]) + (((state[5] ^ state[9]) & state[1]) ^ state[9]); - state[1] = circularLeft(tmp, 4) + tA2; - state[13] = state[9]; - state[9] = state[5]; - state[5] = tA1; - - tmp = state[14] + (tmpState[14]) + (((state[6] ^ state[10]) & state[2]) ^ state[10]); - state[2] = circularLeft(tmp, 4) + tA1; - state[14] = state[10]; - state[10] = state[6]; - state[6] = tA2; - - tmp = state[15] + (tmpState[15]) + (((state[7] ^ state[11]) & state[3]) ^ state[11]); - state[3] = circularLeft(tmp, 4) + tA0; - state[15] = state[11]; - state[11] = state[7]; - state[7] = tA3; + tmp = state[12] + (tmpState[12]) + (((state[4] ^ state[8]) & state[0]) ^ state[8]) + state[0] = circularLeft(tmp, 4) + tA3 + state[12] = state[8] + state[8] = state[4] + state[4] = tA0 + + tmp = state[13] + (tmpState[13]) + (((state[5] ^ state[9]) & state[1]) ^ state[9]) + state[1] = circularLeft(tmp, 4) + tA2 + state[13] = state[9] + state[9] = state[5] + state[5] = tA1 + + tmp = state[14] + (tmpState[14]) + (((state[6] ^ state[10]) & state[2]) ^ state[10]) + state[2] = circularLeft(tmp, 4) + tA1 + state[14] = state[10] + state[10] = state[6] + state[6] = tA2 + + tmp = state[15] + (tmpState[15]) + (((state[7] ^ state[11]) & state[3]) ^ state[11]) + state[3] = circularLeft(tmp, 4) + tA0 + state[15] = state[11] + state[11] = state[7] + state[7] = tA3 } } @@ -445,405 +445,405 @@ func (d *digest256) oneRound(isp, p0, p1, p2, p3 int) { var tmp uint32 - tA[0] = circularLeft(state[0], p0); - tA[1] = circularLeft(state[1], p0); - tA[2] = circularLeft(state[2], p0); - tA[3] = circularLeft(state[3], p0); - - tmp = state[12] + w[0] + (((state[4] ^ state[8]) & state[0]) ^ state[8]); - state[0] = circularLeft(tmp, p1) + tA[pp4k256[isp + 0] ^ 0]; - state[12] = state[8]; - state[8] = state[4]; - state[4] = tA[0]; - - tmp = state[13] + w[1] + (((state[5] ^ state[9]) & state[1]) ^ state[9]); - state[1] = circularLeft(tmp, p1) + tA[pp4k256[isp + 0] ^ 1]; - state[13] = state[9]; - state[9] = state[5]; - state[5] = tA[1]; - - tmp = state[14] + w[2] + (((state[6] ^ state[10]) & state[2]) ^ state[10]); - state[2] = circularLeft(tmp, p1) + tA[pp4k256[isp + 0] ^ 2]; - state[14] = state[10]; - state[10] = state[6]; - state[6] = tA[2]; - - tmp = state[15] + w[3] + (((state[7] ^ state[11]) & state[3]) ^ state[11]); - state[3] = circularLeft(tmp, p1) + tA[pp4k256[isp + 0] ^ 3]; - state[15] = state[11]; - state[11] = state[7]; - state[7] = tA[3]; - - tA[0] = circularLeft(state[0], p1); - tA[1] = circularLeft(state[1], p1); - tA[2] = circularLeft(state[2], p1); - tA[3] = circularLeft(state[3], p1); - - tmp = state[12] + w[4] + (((state[4] ^ state[8]) & state[0]) ^ state[8]); - state[0] = circularLeft(tmp, p2) + tA[pp4k256[isp + 1] ^ 0]; - state[12] = state[8]; - state[8] = state[4]; - state[4] = tA[0]; - - tmp = state[13] + w[5] + (((state[5] ^ state[9]) & state[1]) ^ state[9]); - state[1] = circularLeft(tmp, p2) + tA[pp4k256[isp + 1] ^ 1]; - state[13] = state[9]; - state[9] = state[5]; - state[5] = tA[1]; - - tmp = state[14] + w[6] + (((state[6] ^ state[10]) & state[2]) ^ state[10]); - state[2] = circularLeft(tmp, p2) + tA[pp4k256[isp + 1] ^ 2]; - state[14] = state[10]; - state[10] = state[6]; - state[6] = tA[2]; - - tmp = state[15] + w[7] + (((state[7] ^ state[11]) & state[3]) ^ state[11]); - state[3] = circularLeft(tmp, p2) + tA[pp4k256[isp + 1] ^ 3]; - state[15] = state[11]; - state[11] = state[7]; - state[7] = tA[3]; - - tA[0] = circularLeft(state[0], p2); - tA[1] = circularLeft(state[1], p2); - tA[2] = circularLeft(state[2], p2); - tA[3] = circularLeft(state[3], p2); - - tmp = state[12] + w[8] + (((state[4] ^ state[8]) & state[0]) ^ state[8]); - state[0] = circularLeft(tmp, p3) + tA[pp4k256[isp + 2] ^ 0]; - state[12] = state[8]; - state[8] = state[4]; - state[4] = tA[0]; - - tmp = state[13] + w[9] + (((state[5] ^ state[9]) & state[1]) ^ state[9]); - state[1] = circularLeft(tmp, p3) + tA[pp4k256[isp + 2] ^ 1]; - state[13] = state[9]; - state[9] = state[5]; - state[5] = tA[1]; - - tmp = state[14] + w[10] + (((state[6] ^ state[10]) & state[2]) ^ state[10]); - state[2] = circularLeft(tmp, p3) + tA[pp4k256[isp + 2] ^ 2]; - state[14] = state[10]; - state[10] = state[6]; - state[6] = tA[2]; - - tmp = state[15] + w[11] + (((state[7] ^ state[11]) & state[3]) ^ state[11]); - state[3] = circularLeft(tmp, p3) + tA[pp4k256[isp + 2] ^ 3]; - state[15] = state[11]; - state[11] = state[7]; - state[7] = tA[3]; - - tA[0] = circularLeft(state[0], p3); - tA[1] = circularLeft(state[1], p3); - tA[2] = circularLeft(state[2], p3); - tA[3] = circularLeft(state[3], p3); - - tmp = state[12] + w[12] + (((state[4] ^ state[8]) & state[0]) ^ state[8]); - state[0] = circularLeft(tmp, p0) + tA[pp4k256[isp + 3] ^ 0]; - state[12] = state[8]; - state[8] = state[4]; - state[4] = tA[0]; - - tmp = state[13] + w[13] + (((state[5] ^ state[9]) & state[1]) ^ state[9]); - state[1] = circularLeft(tmp, p0) + tA[pp4k256[isp + 3] ^ 1]; - state[13] = state[9]; - state[9] = state[5]; - state[5] = tA[1]; - - tmp = state[14] + w[14] + (((state[6] ^ state[10]) & state[2]) ^ state[10]); - state[2] = circularLeft(tmp, p0) + tA[pp4k256[isp + 3] ^ 2]; - state[14] = state[10]; - state[10] = state[6]; - state[6] = tA[2]; - - tmp = state[15] + w[15] + (((state[7] ^ state[11]) & state[3]) ^ state[11]); - state[3] = circularLeft(tmp, p0) + tA[pp4k256[isp + 3] ^ 3]; - state[15] = state[11]; - state[11] = state[7]; - state[7] = tA[3]; - - tA[0] = circularLeft(state[0], p0); - tA[1] = circularLeft(state[1], p0); - tA[2] = circularLeft(state[2], p0); - tA[3] = circularLeft(state[3], p0); - - tmp = state[12] + w[16] + ((state[0] & state[4]) | ((state[0] | state[4]) & state[8])); - state[0] = circularLeft(tmp, p1) + tA[pp4k256[isp + 4] ^ 0]; - state[12] = state[8]; - state[8] = state[4]; - state[4] = tA[0]; - - tmp = state[13] + w[17] + ((state[1] & state[5]) | ((state[1] | state[5]) & state[9])); - state[1] = circularLeft(tmp, p1) + tA[pp4k256[isp + 4] ^ 1]; - state[13] = state[9]; - state[9] = state[5]; - state[5] = tA[1]; - - tmp = state[14] + w[18] + ((state[2] & state[6]) | ((state[2] | state[6]) & state[10])); - state[2] = circularLeft(tmp, p1) + tA[pp4k256[isp + 4] ^ 2]; - state[14] = state[10]; - state[10] = state[6]; - state[6] = tA[2]; - - tmp = state[15] + w[19] + ((state[3] & state[7]) | ((state[3] | state[7]) & state[11])); - state[3] = circularLeft(tmp, p1) + tA[pp4k256[isp + 4] ^ 3]; - state[15] = state[11]; - state[11] = state[7]; - state[7] = tA[3]; - - tA[0] = circularLeft(state[0], p1); - tA[1] = circularLeft(state[1], p1); - tA[2] = circularLeft(state[2], p1); - tA[3] = circularLeft(state[3], p1); - - tmp = state[12] + w[20] + ((state[0] & state[4]) | ((state[0] | state[4]) & state[8])); - state[0] = circularLeft(tmp, p2) + tA[pp4k256[isp + 5] ^ 0]; - state[12] = state[8]; - state[8] = state[4]; - state[4] = tA[0]; - - tmp = state[13] + w[21] + ((state[1] & state[5]) | ((state[1] | state[5]) & state[9])); - state[1] = circularLeft(tmp, p2) + tA[pp4k256[isp + 5] ^ 1]; - state[13] = state[9]; - state[9] = state[5]; - state[5] = tA[1]; - - tmp = state[14] + w[22] + ((state[2] & state[6]) | ((state[2] | state[6]) & state[10])); - state[2] = circularLeft(tmp, p2) + tA[pp4k256[isp + 5] ^ 2]; - state[14] = state[10]; - state[10] = state[6]; - state[6] = tA[2]; - - tmp = state[15] + w[23] + ((state[3] & state[7]) | ((state[3] | state[7]) & state[11])); - state[3] = circularLeft(tmp, p2) + tA[pp4k256[isp + 5] ^ 3]; - state[15] = state[11]; - state[11] = state[7]; - state[7] = tA[3]; - - tA[0] = circularLeft(state[0], p2); - tA[1] = circularLeft(state[1], p2); - tA[2] = circularLeft(state[2], p2); - tA[3] = circularLeft(state[3], p2); - - tmp = state[12] + w[24] + ((state[0] & state[4]) | ((state[0] | state[4]) & state[8])); - state[0] = circularLeft(tmp, p3) + tA[pp4k256[isp + 6] ^ 0]; - state[12] = state[8]; - state[8] = state[4]; - state[4] = tA[0]; - - tmp = state[13] + w[25] + ((state[1] & state[5]) | ((state[1] | state[5]) & state[9])); - state[1] = circularLeft(tmp, p3) + tA[pp4k256[isp + 6] ^ 1]; - state[13] = state[9]; - state[9] = state[5]; - state[5] = tA[1]; - - tmp = state[14] + w[26] + ((state[2] & state[6]) | ((state[2] | state[6]) & state[10])); - state[2] = circularLeft(tmp, p3) + tA[pp4k256[isp + 6] ^ 2]; - state[14] = state[10]; - state[10] = state[6]; - state[6] = tA[2]; - - tmp = state[15] + w[27] + ((state[3] & state[7]) | ((state[3] | state[7]) & state[11])); - state[3] = circularLeft(tmp, p3) + tA[pp4k256[isp + 6] ^ 3]; - state[15] = state[11]; - state[11] = state[7]; - state[7] = tA[3]; - - tA[0] = circularLeft(state[0], p3); - tA[1] = circularLeft(state[1], p3); - tA[2] = circularLeft(state[2], p3); - tA[3] = circularLeft(state[3], p3); - - tmp = state[12] + w[28] + ((state[0] & state[4]) | ((state[0] | state[4]) & state[8])); - state[0] = circularLeft(tmp, p0) + tA[pp4k256[isp + 7] ^ 0]; - state[12] = state[8]; - state[8] = state[4]; - state[4] = tA[0]; - - tmp = state[13] + w[29] + ((state[1] & state[5]) | ((state[1] | state[5]) & state[9])); - state[1] = circularLeft(tmp, p0) + tA[pp4k256[isp + 7] ^ 1]; - state[13] = state[9]; - state[9] = state[5]; - state[5] = tA[1]; - - tmp = state[14] + w[30] + ((state[2] & state[6]) | ((state[2] | state[6]) & state[10])); - state[2] = circularLeft(tmp, p0) + tA[pp4k256[isp + 7] ^ 2]; - state[14] = state[10]; - state[10] = state[6]; - state[6] = tA[2]; - - tmp = state[15] + w[31] + ((state[3] & state[7]) | ((state[3] | state[7]) & state[11])); - state[3] = circularLeft(tmp, p0) + tA[pp4k256[isp + 7] ^ 3]; - state[15] = state[11]; - state[11] = state[7]; - state[7] = tA[3]; + tA[0] = circularLeft(state[0], p0) + tA[1] = circularLeft(state[1], p0) + tA[2] = circularLeft(state[2], p0) + tA[3] = circularLeft(state[3], p0) + + tmp = state[12] + w[0] + (((state[4] ^ state[8]) & state[0]) ^ state[8]) + state[0] = circularLeft(tmp, p1) + tA[pp4k256[isp + 0] ^ 0] + state[12] = state[8] + state[8] = state[4] + state[4] = tA[0] + + tmp = state[13] + w[1] + (((state[5] ^ state[9]) & state[1]) ^ state[9]) + state[1] = circularLeft(tmp, p1) + tA[pp4k256[isp + 0] ^ 1] + state[13] = state[9] + state[9] = state[5] + state[5] = tA[1] + + tmp = state[14] + w[2] + (((state[6] ^ state[10]) & state[2]) ^ state[10]) + state[2] = circularLeft(tmp, p1) + tA[pp4k256[isp + 0] ^ 2] + state[14] = state[10] + state[10] = state[6] + state[6] = tA[2] + + tmp = state[15] + w[3] + (((state[7] ^ state[11]) & state[3]) ^ state[11]) + state[3] = circularLeft(tmp, p1) + tA[pp4k256[isp + 0] ^ 3] + state[15] = state[11] + state[11] = state[7] + state[7] = tA[3] + + tA[0] = circularLeft(state[0], p1) + tA[1] = circularLeft(state[1], p1) + tA[2] = circularLeft(state[2], p1) + tA[3] = circularLeft(state[3], p1) + + tmp = state[12] + w[4] + (((state[4] ^ state[8]) & state[0]) ^ state[8]) + state[0] = circularLeft(tmp, p2) + tA[pp4k256[isp + 1] ^ 0] + state[12] = state[8] + state[8] = state[4] + state[4] = tA[0] + + tmp = state[13] + w[5] + (((state[5] ^ state[9]) & state[1]) ^ state[9]) + state[1] = circularLeft(tmp, p2) + tA[pp4k256[isp + 1] ^ 1] + state[13] = state[9] + state[9] = state[5] + state[5] = tA[1] + + tmp = state[14] + w[6] + (((state[6] ^ state[10]) & state[2]) ^ state[10]) + state[2] = circularLeft(tmp, p2) + tA[pp4k256[isp + 1] ^ 2] + state[14] = state[10] + state[10] = state[6] + state[6] = tA[2] + + tmp = state[15] + w[7] + (((state[7] ^ state[11]) & state[3]) ^ state[11]) + state[3] = circularLeft(tmp, p2) + tA[pp4k256[isp + 1] ^ 3] + state[15] = state[11] + state[11] = state[7] + state[7] = tA[3] + + tA[0] = circularLeft(state[0], p2) + tA[1] = circularLeft(state[1], p2) + tA[2] = circularLeft(state[2], p2) + tA[3] = circularLeft(state[3], p2) + + tmp = state[12] + w[8] + (((state[4] ^ state[8]) & state[0]) ^ state[8]) + state[0] = circularLeft(tmp, p3) + tA[pp4k256[isp + 2] ^ 0] + state[12] = state[8] + state[8] = state[4] + state[4] = tA[0] + + tmp = state[13] + w[9] + (((state[5] ^ state[9]) & state[1]) ^ state[9]) + state[1] = circularLeft(tmp, p3) + tA[pp4k256[isp + 2] ^ 1] + state[13] = state[9] + state[9] = state[5] + state[5] = tA[1] + + tmp = state[14] + w[10] + (((state[6] ^ state[10]) & state[2]) ^ state[10]) + state[2] = circularLeft(tmp, p3) + tA[pp4k256[isp + 2] ^ 2] + state[14] = state[10] + state[10] = state[6] + state[6] = tA[2] + + tmp = state[15] + w[11] + (((state[7] ^ state[11]) & state[3]) ^ state[11]) + state[3] = circularLeft(tmp, p3) + tA[pp4k256[isp + 2] ^ 3] + state[15] = state[11] + state[11] = state[7] + state[7] = tA[3] + + tA[0] = circularLeft(state[0], p3) + tA[1] = circularLeft(state[1], p3) + tA[2] = circularLeft(state[2], p3) + tA[3] = circularLeft(state[3], p3) + + tmp = state[12] + w[12] + (((state[4] ^ state[8]) & state[0]) ^ state[8]) + state[0] = circularLeft(tmp, p0) + tA[pp4k256[isp + 3] ^ 0] + state[12] = state[8] + state[8] = state[4] + state[4] = tA[0] + + tmp = state[13] + w[13] + (((state[5] ^ state[9]) & state[1]) ^ state[9]) + state[1] = circularLeft(tmp, p0) + tA[pp4k256[isp + 3] ^ 1] + state[13] = state[9] + state[9] = state[5] + state[5] = tA[1] + + tmp = state[14] + w[14] + (((state[6] ^ state[10]) & state[2]) ^ state[10]) + state[2] = circularLeft(tmp, p0) + tA[pp4k256[isp + 3] ^ 2] + state[14] = state[10] + state[10] = state[6] + state[6] = tA[2] + + tmp = state[15] + w[15] + (((state[7] ^ state[11]) & state[3]) ^ state[11]) + state[3] = circularLeft(tmp, p0) + tA[pp4k256[isp + 3] ^ 3] + state[15] = state[11] + state[11] = state[7] + state[7] = tA[3] + + tA[0] = circularLeft(state[0], p0) + tA[1] = circularLeft(state[1], p0) + tA[2] = circularLeft(state[2], p0) + tA[3] = circularLeft(state[3], p0) + + tmp = state[12] + w[16] + ((state[0] & state[4]) | ((state[0] | state[4]) & state[8])) + state[0] = circularLeft(tmp, p1) + tA[pp4k256[isp + 4] ^ 0] + state[12] = state[8] + state[8] = state[4] + state[4] = tA[0] + + tmp = state[13] + w[17] + ((state[1] & state[5]) | ((state[1] | state[5]) & state[9])) + state[1] = circularLeft(tmp, p1) + tA[pp4k256[isp + 4] ^ 1] + state[13] = state[9] + state[9] = state[5] + state[5] = tA[1] + + tmp = state[14] + w[18] + ((state[2] & state[6]) | ((state[2] | state[6]) & state[10])) + state[2] = circularLeft(tmp, p1) + tA[pp4k256[isp + 4] ^ 2] + state[14] = state[10] + state[10] = state[6] + state[6] = tA[2] + + tmp = state[15] + w[19] + ((state[3] & state[7]) | ((state[3] | state[7]) & state[11])) + state[3] = circularLeft(tmp, p1) + tA[pp4k256[isp + 4] ^ 3] + state[15] = state[11] + state[11] = state[7] + state[7] = tA[3] + + tA[0] = circularLeft(state[0], p1) + tA[1] = circularLeft(state[1], p1) + tA[2] = circularLeft(state[2], p1) + tA[3] = circularLeft(state[3], p1) + + tmp = state[12] + w[20] + ((state[0] & state[4]) | ((state[0] | state[4]) & state[8])) + state[0] = circularLeft(tmp, p2) + tA[pp4k256[isp + 5] ^ 0] + state[12] = state[8] + state[8] = state[4] + state[4] = tA[0] + + tmp = state[13] + w[21] + ((state[1] & state[5]) | ((state[1] | state[5]) & state[9])) + state[1] = circularLeft(tmp, p2) + tA[pp4k256[isp + 5] ^ 1] + state[13] = state[9] + state[9] = state[5] + state[5] = tA[1] + + tmp = state[14] + w[22] + ((state[2] & state[6]) | ((state[2] | state[6]) & state[10])) + state[2] = circularLeft(tmp, p2) + tA[pp4k256[isp + 5] ^ 2] + state[14] = state[10] + state[10] = state[6] + state[6] = tA[2] + + tmp = state[15] + w[23] + ((state[3] & state[7]) | ((state[3] | state[7]) & state[11])) + state[3] = circularLeft(tmp, p2) + tA[pp4k256[isp + 5] ^ 3] + state[15] = state[11] + state[11] = state[7] + state[7] = tA[3] + + tA[0] = circularLeft(state[0], p2) + tA[1] = circularLeft(state[1], p2) + tA[2] = circularLeft(state[2], p2) + tA[3] = circularLeft(state[3], p2) + + tmp = state[12] + w[24] + ((state[0] & state[4]) | ((state[0] | state[4]) & state[8])) + state[0] = circularLeft(tmp, p3) + tA[pp4k256[isp + 6] ^ 0] + state[12] = state[8] + state[8] = state[4] + state[4] = tA[0] + + tmp = state[13] + w[25] + ((state[1] & state[5]) | ((state[1] | state[5]) & state[9])) + state[1] = circularLeft(tmp, p3) + tA[pp4k256[isp + 6] ^ 1] + state[13] = state[9] + state[9] = state[5] + state[5] = tA[1] + + tmp = state[14] + w[26] + ((state[2] & state[6]) | ((state[2] | state[6]) & state[10])) + state[2] = circularLeft(tmp, p3) + tA[pp4k256[isp + 6] ^ 2] + state[14] = state[10] + state[10] = state[6] + state[6] = tA[2] + + tmp = state[15] + w[27] + ((state[3] & state[7]) | ((state[3] | state[7]) & state[11])) + state[3] = circularLeft(tmp, p3) + tA[pp4k256[isp + 6] ^ 3] + state[15] = state[11] + state[11] = state[7] + state[7] = tA[3] + + tA[0] = circularLeft(state[0], p3) + tA[1] = circularLeft(state[1], p3) + tA[2] = circularLeft(state[2], p3) + tA[3] = circularLeft(state[3], p3) + + tmp = state[12] + w[28] + ((state[0] & state[4]) | ((state[0] | state[4]) & state[8])) + state[0] = circularLeft(tmp, p0) + tA[pp4k256[isp + 7] ^ 0] + state[12] = state[8] + state[8] = state[4] + state[4] = tA[0] + + tmp = state[13] + w[29] + ((state[1] & state[5]) | ((state[1] | state[5]) & state[9])) + state[1] = circularLeft(tmp, p0) + tA[pp4k256[isp + 7] ^ 1] + state[13] = state[9] + state[9] = state[5] + state[5] = tA[1] + + tmp = state[14] + w[30] + ((state[2] & state[6]) | ((state[2] | state[6]) & state[10])) + state[2] = circularLeft(tmp, p0) + tA[pp4k256[isp + 7] ^ 2] + state[14] = state[10] + state[10] = state[6] + state[6] = tA[2] + + tmp = state[15] + w[31] + ((state[3] & state[7]) | ((state[3] | state[7]) & state[11])) + state[3] = circularLeft(tmp, p0) + tA[pp4k256[isp + 7] ^ 3] + state[15] = state[11] + state[11] = state[7] + state[7] = tA[3] } func (d *digest256) fft32(x []byte, xb, xs, qoff int) { q := &d.q - var xd = xs << 1; + var xd = xs << 1 { var d1_0, d1_1, d1_2, d1_3, d1_4, d1_5, d1_6, d1_7 int32 var d2_0, d2_1, d2_2, d2_3, d2_4, d2_5, d2_6, d2_7 int32 { - var x0 = int32(x[xb] & 0xFF); - var x1 = int32(x[xb + 2 * xd] & 0xFF); - var x2 = int32(x[xb + 4 * xd] & 0xFF); - var x3 = int32(x[xb + 6 * xd] & 0xFF); - - var a0 = x0 + x2; - var a1 = x0 + (x2 << 4); - var a2 = x0 - x2; - var a3 = x0 - (x2 << 4); - var b0 = x1 + x3; + var x0 = int32(x[xb] & 0xFF) + var x1 = int32(x[xb + 2 * xd] & 0xFF) + var x2 = int32(x[xb + 4 * xd] & 0xFF) + var x3 = int32(x[xb + 6 * xd] & 0xFF) + + var a0 = x0 + x2 + var a1 = x0 + (x2 << 4) + var a2 = x0 - x2 + var a3 = x0 - (x2 << 4) + var b0 = x1 + x3 var b1 = REDS1((x1 << 2) + (x3 << 6)) - var b2 = (x1 << 4) - (x3 << 4); + var b2 = (x1 << 4) - (x3 << 4) var b3 = REDS1((x1 << 6) + (x3 << 2)) - d1_0 = a0 + b0; - d1_1 = a1 + b1; - d1_2 = a2 + b2; - d1_3 = a3 + b3; - d1_4 = a0 - b0; - d1_5 = a1 - b1; - d1_6 = a2 - b2; - d1_7 = a3 - b3; + d1_0 = a0 + b0 + d1_1 = a1 + b1 + d1_2 = a2 + b2 + d1_3 = a3 + b3 + d1_4 = a0 - b0 + d1_5 = a1 - b1 + d1_6 = a2 - b2 + d1_7 = a3 - b3 } { - var x0 = int32(x[xb + xd] & 0xFF); - var x1 = int32(x[xb + 3 * xd] & 0xFF); - var x2 = int32(x[xb + 5 * xd] & 0xFF); - var x3 = int32(x[xb + 7 * xd] & 0xFF); - - var a0 = x0 + x2; - var a1 = x0 + (x2 << 4); - var a2 = x0 - x2; - var a3 = x0 - (x2 << 4); - var b0 = x1 + x3; + var x0 = int32(x[xb + xd] & 0xFF) + var x1 = int32(x[xb + 3 * xd] & 0xFF) + var x2 = int32(x[xb + 5 * xd] & 0xFF) + var x3 = int32(x[xb + 7 * xd] & 0xFF) + + var a0 = x0 + x2 + var a1 = x0 + (x2 << 4) + var a2 = x0 - x2 + var a3 = x0 - (x2 << 4) + var b0 = x1 + x3 var b1 = REDS1((x1 << 2) + (x3 << 6)) - var b2 = (x1 << 4) - (x3 << 4); + var b2 = (x1 << 4) - (x3 << 4) var b3 = REDS1((x1 << 6) + (x3 << 2)) - d2_0 = a0 + b0; - d2_1 = a1 + b1; - d2_2 = a2 + b2; - d2_3 = a3 + b3; - d2_4 = a0 - b0; - d2_5 = a1 - b1; - d2_6 = a2 - b2; - d2_7 = a3 - b3; + d2_0 = a0 + b0 + d2_1 = a1 + b1 + d2_2 = a2 + b2 + d2_3 = a3 + b3 + d2_4 = a0 - b0 + d2_5 = a1 - b1 + d2_6 = a2 - b2 + d2_7 = a3 - b3 } - q[qoff + 0] = d1_0 + d2_0; - q[qoff + 1] = d1_1 + (d2_1 << 1); - q[qoff + 2] = d1_2 + (d2_2 << 2); - q[qoff + 3] = d1_3 + (d2_3 << 3); - q[qoff + 4] = d1_4 + (d2_4 << 4); - q[qoff + 5] = d1_5 + (d2_5 << 5); - q[qoff + 6] = d1_6 + (d2_6 << 6); - q[qoff + 7] = d1_7 + (d2_7 << 7); - q[qoff + 8] = d1_0 - d2_0; - q[qoff + 9] = d1_1 - (d2_1 << 1); - q[qoff + 10] = d1_2 - (d2_2 << 2); - q[qoff + 11] = d1_3 - (d2_3 << 3); - q[qoff + 12] = d1_4 - (d2_4 << 4); - q[qoff + 13] = d1_5 - (d2_5 << 5); - q[qoff + 14] = d1_6 - (d2_6 << 6); - q[qoff + 15] = d1_7 - (d2_7 << 7); + q[qoff + 0] = d1_0 + d2_0 + q[qoff + 1] = d1_1 + (d2_1 << 1) + q[qoff + 2] = d1_2 + (d2_2 << 2) + q[qoff + 3] = d1_3 + (d2_3 << 3) + q[qoff + 4] = d1_4 + (d2_4 << 4) + q[qoff + 5] = d1_5 + (d2_5 << 5) + q[qoff + 6] = d1_6 + (d2_6 << 6) + q[qoff + 7] = d1_7 + (d2_7 << 7) + q[qoff + 8] = d1_0 - d2_0 + q[qoff + 9] = d1_1 - (d2_1 << 1) + q[qoff + 10] = d1_2 - (d2_2 << 2) + q[qoff + 11] = d1_3 - (d2_3 << 3) + q[qoff + 12] = d1_4 - (d2_4 << 4) + q[qoff + 13] = d1_5 - (d2_5 << 5) + q[qoff + 14] = d1_6 - (d2_6 << 6) + q[qoff + 15] = d1_7 - (d2_7 << 7) } { var d1_0, d1_1, d1_2, d1_3, d1_4, d1_5, d1_6, d1_7 int32 var d2_0, d2_1, d2_2, d2_3, d2_4, d2_5, d2_6, d2_7 int32 { - var x0 = int32(x[xb + xs] & 0xFF); - var x1 = int32(x[xb + xs + 2 * xd] & 0xFF); - var x2 = int32(x[xb + xs + 4 * xd] & 0xFF); - var x3 = int32(x[xb + xs + 6 * xd] & 0xFF); - - var a0 = x0 + x2; - var a1 = x0 + (x2 << 4); - var a2 = x0 - x2; - var a3 = x0 - (x2 << 4); - var b0 = x1 + x3; + var x0 = int32(x[xb + xs] & 0xFF) + var x1 = int32(x[xb + xs + 2 * xd] & 0xFF) + var x2 = int32(x[xb + xs + 4 * xd] & 0xFF) + var x3 = int32(x[xb + xs + 6 * xd] & 0xFF) + + var a0 = x0 + x2 + var a1 = x0 + (x2 << 4) + var a2 = x0 - x2 + var a3 = x0 - (x2 << 4) + var b0 = x1 + x3 var b1 = REDS1((x1 << 2) + (x3 << 6)) - var b2 = (x1 << 4) - (x3 << 4); + var b2 = (x1 << 4) - (x3 << 4) var b3 = REDS1((x1 << 6) + (x3 << 2)) - d1_0 = a0 + b0; - d1_1 = a1 + b1; - d1_2 = a2 + b2; - d1_3 = a3 + b3; - d1_4 = a0 - b0; - d1_5 = a1 - b1; - d1_6 = a2 - b2; - d1_7 = a3 - b3; + d1_0 = a0 + b0 + d1_1 = a1 + b1 + d1_2 = a2 + b2 + d1_3 = a3 + b3 + d1_4 = a0 - b0 + d1_5 = a1 - b1 + d1_6 = a2 - b2 + d1_7 = a3 - b3 } { - var x0 = int32(x[xb + xs + xd] & 0xFF); - var x1 = int32(x[xb + xs + 3 * xd] & 0xFF); - var x2 = int32(x[xb + xs + 5 * xd] & 0xFF); - var x3 = int32(x[xb + xs + 7 * xd] & 0xFF); - - var a0 = x0 + x2; - var a1 = x0 + (x2 << 4); - var a2 = x0 - x2; - var a3 = x0 - (x2 << 4); - var b0 = x1 + x3; + var x0 = int32(x[xb + xs + xd] & 0xFF) + var x1 = int32(x[xb + xs + 3 * xd] & 0xFF) + var x2 = int32(x[xb + xs + 5 * xd] & 0xFF) + var x3 = int32(x[xb + xs + 7 * xd] & 0xFF) + + var a0 = x0 + x2 + var a1 = x0 + (x2 << 4) + var a2 = x0 - x2 + var a3 = x0 - (x2 << 4) + var b0 = x1 + x3 var b1 = REDS1((x1 << 2) + (x3 << 6)) - var b2 = (x1 << 4) - (x3 << 4); + var b2 = (x1 << 4) - (x3 << 4) var b3 = REDS1((x1 << 6) + (x3 << 2)) - d2_0 = a0 + b0; - d2_1 = a1 + b1; - d2_2 = a2 + b2; - d2_3 = a3 + b3; - d2_4 = a0 - b0; - d2_5 = a1 - b1; - d2_6 = a2 - b2; - d2_7 = a3 - b3; - }; - - q[qoff + 16 + 0] = d1_0 + d2_0; - q[qoff + 16 + 1] = d1_1 + (d2_1 << 1); - q[qoff + 16 + 2] = d1_2 + (d2_2 << 2); - q[qoff + 16 + 3] = d1_3 + (d2_3 << 3); - q[qoff + 16 + 4] = d1_4 + (d2_4 << 4); - q[qoff + 16 + 5] = d1_5 + (d2_5 << 5); - q[qoff + 16 + 6] = d1_6 + (d2_6 << 6); - q[qoff + 16 + 7] = d1_7 + (d2_7 << 7); - q[qoff + 16 + 8] = d1_0 - d2_0; - q[qoff + 16 + 9] = d1_1 - (d2_1 << 1); - q[qoff + 16 + 10] = d1_2 - (d2_2 << 2); - q[qoff + 16 + 11] = d1_3 - (d2_3 << 3); - q[qoff + 16 + 12] = d1_4 - (d2_4 << 4); - q[qoff + 16 + 13] = d1_5 - (d2_5 << 5); - q[qoff + 16 + 14] = d1_6 - (d2_6 << 6); - q[qoff + 16 + 15] = d1_7 - (d2_7 << 7); + d2_0 = a0 + b0 + d2_1 = a1 + b1 + d2_2 = a2 + b2 + d2_3 = a3 + b3 + d2_4 = a0 - b0 + d2_5 = a1 - b1 + d2_6 = a2 - b2 + d2_7 = a3 - b3 + } + + q[qoff + 16 + 0] = d1_0 + d2_0 + q[qoff + 16 + 1] = d1_1 + (d2_1 << 1) + q[qoff + 16 + 2] = d1_2 + (d2_2 << 2) + q[qoff + 16 + 3] = d1_3 + (d2_3 << 3) + q[qoff + 16 + 4] = d1_4 + (d2_4 << 4) + q[qoff + 16 + 5] = d1_5 + (d2_5 << 5) + q[qoff + 16 + 6] = d1_6 + (d2_6 << 6) + q[qoff + 16 + 7] = d1_7 + (d2_7 << 7) + q[qoff + 16 + 8] = d1_0 - d2_0 + q[qoff + 16 + 9] = d1_1 - (d2_1 << 1) + q[qoff + 16 + 10] = d1_2 - (d2_2 << 2) + q[qoff + 16 + 11] = d1_3 - (d2_3 << 3) + q[qoff + 16 + 12] = d1_4 - (d2_4 << 4) + q[qoff + 16 + 13] = d1_5 - (d2_5 << 5) + q[qoff + 16 + 14] = d1_6 - (d2_6 << 6) + q[qoff + 16 + 15] = d1_7 - (d2_7 << 7) } - var m = q[qoff]; - var n = q[qoff + 16]; + var m = q[qoff] + var n = q[qoff + 16] - q[qoff] = m + n; - q[qoff + 16] = m - n; + q[qoff] = m + n + q[qoff + 16] = m - n for u, v := 0, 0; u < 16; u, v = u + 4, v + 4 * 8 { var t int32 if u != 0 { - m = q[qoff + u + 0]; - n = q[qoff + u + 0 + 16]; - t = ((n * alphaTab256[v + 0 * 8]) & 0xFFFF) + ((n * alphaTab256[v + 0 * 8]) >> 16); - q[qoff + u + 0] = m + t; - q[qoff + u + 0 + 16] = m - t; + m = q[qoff + u + 0] + n = q[qoff + u + 0 + 16] + t = ((n * alphaTab256[v + 0 * 8]) & 0xFFFF) + ((n * alphaTab256[v + 0 * 8]) >> 16) + q[qoff + u + 0] = m + t + q[qoff + u + 0 + 16] = m - t } for j := 1; j < 4; j++ { - m = q[qoff + u + j]; - n = q[qoff + u + j + 16]; + m = q[qoff + u + j] + n = q[qoff + u + j + 16] t = (((n * alphaTab256[v + j * (8)]) & 0xFFFF) + - ((n * alphaTab256[v + j * (8)]) >> 16)); - q[qoff + u + j] = m + t; - q[qoff + u + j + 16] = m - t; + ((n * alphaTab256[v + j * (8)]) >> 16)) + q[qoff + u + j] = m + t + q[qoff + u + j + 16] = m - t } } } diff --git a/simd/digest512.go b/simd/digest512.go index bddd71a..89a6968 100644 --- a/simd/digest512.go +++ b/simd/digest512.go @@ -132,123 +132,123 @@ func (d *digest512) compress(x []byte, last bool) { tmpState := &d.tmpState var tmp uint32 - d.fft64(x, 0 + (1 * 0), 1 << 2, 0 + 0); - d.fft64(x, 0 + (1 * 2), 1 << 2, 0 + 64); + d.fft64(x, 0 + (1 * 0), 1 << 2, 0 + 0) + d.fft64(x, 0 + (1 * 2), 1 << 2, 0 + 64) - var m = q[0]; - var n = q[0 + 64]; + var m = q[0] + var n = q[0 + 64] - q[0] = m + n; - q[0 + 64] = m - n; + q[0] = m + n + q[0 + 64] = m - n for u, v := 0, 0; u < 64; u, v = u + 4, v + 4 * 2 { var t int32 if u != 0 { - m = q[0 + u + 0]; - n = q[0 + u + 0 + 64]; - t = ((n * alphaTab512[v + 0 * 2]) & 0xFFFF) + ((n * alphaTab512[v + 0 * 2]) >> 16); - q[0 + u + 0] = m + t; - q[0 + u + 0 + 64] = m - t; + m = q[0 + u + 0] + n = q[0 + u + 0 + 64] + t = ((n * alphaTab512[v + 0 * 2]) & 0xFFFF) + ((n * alphaTab512[v + 0 * 2]) >> 16) + q[0 + u + 0] = m + t + q[0 + u + 0 + 64] = m - t } - m = q[0 + u + 1]; - n = q[0 + u + 1 + 64]; - t = ((n * alphaTab512[v + 1 * 2]) & 0xFFFF) + ((n * alphaTab512[v + 1 * 2]) >> 16); - q[0 + u + 1] = m + t; - q[0 + u + 1 + 64] = m - t; - - m = q[0 + u + 2]; - n = q[0 + u + 2 + 64]; - t = ((n * alphaTab512[v + 2 * 2]) & 0xFFFF) + ((n * alphaTab512[v + 2 * 2]) >> 16); - q[0 + u + 2] = m + t; - q[0 + u + 2 + 64] = m - t; - - m = q[0 + u + 3]; - n = q[0 + u + 3 + 64]; - t = ((n * alphaTab512[v + 3 * 2]) & 0xFFFF) + ((n * alphaTab512[v + 3 * 2]) >> 16); - q[0 + u + 3] = m + t; - q[0 + u + 3 + 64] = m - t; + m = q[0 + u + 1] + n = q[0 + u + 1 + 64] + t = ((n * alphaTab512[v + 1 * 2]) & 0xFFFF) + ((n * alphaTab512[v + 1 * 2]) >> 16) + q[0 + u + 1] = m + t + q[0 + u + 1 + 64] = m - t + + m = q[0 + u + 2] + n = q[0 + u + 2 + 64] + t = ((n * alphaTab512[v + 2 * 2]) & 0xFFFF) + ((n * alphaTab512[v + 2 * 2]) >> 16) + q[0 + u + 2] = m + t + q[0 + u + 2 + 64] = m - t + + m = q[0 + u + 3] + n = q[0 + u + 3 + 64] + t = ((n * alphaTab512[v + 3 * 2]) & 0xFFFF) + ((n * alphaTab512[v + 3 * 2]) >> 16) + q[0 + u + 3] = m + t + q[0 + u + 3 + 64] = m - t } - d.fft64(x, 0 + (1 * 1), 1 << 2, 0 + 128); - d.fft64(x, 0 + (1 * 3), 1 << 2, 0 + 192); + d.fft64(x, 0 + (1 * 1), 1 << 2, 0 + 128) + d.fft64(x, 0 + (1 * 3), 1 << 2, 0 + 192) - m = q[0 + 128]; - n = q[0 + 128 + 64]; + m = q[0 + 128] + n = q[0 + 128 + 64] - q[0 + 128] = m + n; - q[0 + 128 + 64] = m - n; + q[0 + 128] = m + n + q[0 + 128 + 64] = m - n for u, v := 0, 0; u < 64; u, v = u + 4, v + 4 * 2 { var t int32 if u != 0 { - m = q[(0 + 128) + u + 0]; - n = q[(0 + 128) + u + 0 + 64]; - t = ((n * alphaTab512[v + 0 * 2]) & 0xFFFF) + ((n * alphaTab512[v + 0 * 2]) >> 16); - q[(0 + 128) + u + 0] = m + t; - q[(0 + 128) + u + 0 + 64] = m - t; + m = q[(0 + 128) + u + 0] + n = q[(0 + 128) + u + 0 + 64] + t = ((n * alphaTab512[v + 0 * 2]) & 0xFFFF) + ((n * alphaTab512[v + 0 * 2]) >> 16) + q[(0 + 128) + u + 0] = m + t + q[(0 + 128) + u + 0 + 64] = m - t } - m = q[(0 + 128) + u + 1]; - n = q[(0 + 128) + u + 1 + 64]; - t = ((n * alphaTab512[v + 1 * 2]) & 0xFFFF) + ((n * alphaTab512[v + 1 * 2]) >> 16); - q[(0 + 128) + u + 1] = m + t; - q[(0 + 128) + u + 1 + 64] = m - t; - - m = q[(0 + 128) + u + 2]; - n = q[(0 + 128) + u + 2 + 64]; - t = ((n * alphaTab512[v + 2 * 2]) & 0xFFFF) + ((n * alphaTab512[v + 2 * 2]) >> 16); - q[(0 + 128) + u + 2] = m + t; - q[(0 + 128) + u + 2 + 64] = m - t; - - m = q[(0 + 128) + u + 3]; - n = q[(0 + 128) + u + 3 + 64]; - t = ((n * alphaTab512[v + 3 * 2]) & 0xFFFF) + ((n * alphaTab512[v + 3 * 2]) >> 16); - q[(0 + 128) + u + 3] = m + t; - q[(0 + 128) + u + 3 + 64] = m - t; + m = q[(0 + 128) + u + 1] + n = q[(0 + 128) + u + 1 + 64] + t = ((n * alphaTab512[v + 1 * 2]) & 0xFFFF) + ((n * alphaTab512[v + 1 * 2]) >> 16) + q[(0 + 128) + u + 1] = m + t + q[(0 + 128) + u + 1 + 64] = m - t + + m = q[(0 + 128) + u + 2] + n = q[(0 + 128) + u + 2 + 64] + t = ((n * alphaTab512[v + 2 * 2]) & 0xFFFF) + ((n * alphaTab512[v + 2 * 2]) >> 16) + q[(0 + 128) + u + 2] = m + t + q[(0 + 128) + u + 2 + 64] = m - t + + m = q[(0 + 128) + u + 3] + n = q[(0 + 128) + u + 3 + 64] + t = ((n * alphaTab512[v + 3 * 2]) & 0xFFFF) + ((n * alphaTab512[v + 3 * 2]) >> 16) + q[(0 + 128) + u + 3] = m + t + q[(0 + 128) + u + 3 + 64] = m - t } - m = q[0]; - n = q[0 + 128]; + m = q[0] + n = q[0 + 128] - q[0] = m + n; - q[0 + 128] = m - n; + q[0] = m + n + q[0 + 128] = m - n for u, v := 0, 0; u < 128; u, v = u + 4, v + 4 * 1 { var t int32 if u != 0 { - m = q[0 + u + 0]; - n = q[0 + u + 0 + 128]; - t = ((n * alphaTab512[v + 0 * 1]) & 0xFFFF) + ((n * alphaTab512[v + 0 * 1]) >> 16); - q[0 + u + 0] = m + t; - q[0 + u + 0 + 128] = m - t; + m = q[0 + u + 0] + n = q[0 + u + 0 + 128] + t = ((n * alphaTab512[v + 0 * 1]) & 0xFFFF) + ((n * alphaTab512[v + 0 * 1]) >> 16) + q[0 + u + 0] = m + t + q[0 + u + 0 + 128] = m - t } - m = q[0 + u + 1]; - n = q[0 + u + 1 + 128]; - t = ((n * alphaTab512[v + 1 * 1]) & 0xFFFF) + ((n * alphaTab512[v + 1 * 1]) >> 16); - q[0 + u + 1] = m + t; - q[0 + u + 1 + 128] = m - t; - - m = q[0 + u + 2]; - n = q[0 + u + 2 + 128]; - t = ((n * alphaTab512[v + 2 * 1]) & 0xFFFF) + ((n * alphaTab512[v + 2 * 1]) >> 16); - q[0 + u + 2] = m + t; - q[0 + u + 2 + 128] = m - t; - - m = q[0 + u + 3]; - n = q[0 + u + 3 + 128]; - t = ((n * alphaTab512[v + 3 * 1]) & 0xFFFF) + ((n * alphaTab512[v + 3 * 1]) >> 16); - q[0 + u + 3] = m + t; - q[0 + u + 3 + 128] = m - t; + m = q[0 + u + 1] + n = q[0 + u + 1 + 128] + t = ((n * alphaTab512[v + 1 * 1]) & 0xFFFF) + ((n * alphaTab512[v + 1 * 1]) >> 16) + q[0 + u + 1] = m + t + q[0 + u + 1 + 128] = m - t + + m = q[0 + u + 2] + n = q[0 + u + 2 + 128] + t = ((n * alphaTab512[v + 2 * 1]) & 0xFFFF) + ((n * alphaTab512[v + 2 * 1]) >> 16) + q[0 + u + 2] = m + t + q[0 + u + 2 + 128] = m - t + + m = q[0 + u + 3] + n = q[0 + u + 3 + 128] + t = ((n * alphaTab512[v + 3 * 1]) & 0xFFFF) + ((n * alphaTab512[v + 3 * 1]) >> 16) + q[0 + u + 3] = m + t + q[0 + u + 3 + 128] = m - t } if last { for i := 0; i < 256; i++ { - var tq = q[i] + yoffF512[i]; - tq = ((tq & 0xFFFF) + (tq >> 16)); - tq = ((tq & 0xFF) - (tq >> 8)); - tq = ((tq & 0xFF) - (tq >> 8)); + var tq = q[i] + yoffF512[i] + tq = ((tq & 0xFFFF) + (tq >> 16)) + tq = ((tq & 0xFF) - (tq >> 8)) + tq = ((tq & 0xFF) - (tq >> 8)) if tq <= 128 { q[i] = tq @@ -258,10 +258,10 @@ func (d *digest512) compress(x []byte, last bool) { } } else { for i := 0; i < 256; i++ { - var tq = q[i] + yoffN512[i]; - tq = ((tq & 0xFFFF) + (tq >> 16)); - tq = ((tq & 0xFF) - (tq >> 8)); - tq = ((tq & 0xFF) - (tq >> 8)); + var tq = q[i] + yoffN512[i] + tq = ((tq & 0xFFFF) + (tq >> 16)) + tq = ((tq & 0xFF) - (tq >> 8)) + tq = ((tq & 0xFF) - (tq >> 8)) if tq <= 128 { q[i] = tq @@ -274,299 +274,299 @@ func (d *digest512) compress(x []byte, last bool) { copy(tmpState[:], state[:]) for i := 0; i < 32; i += 8 { - state[i + 0] ^= getu32(x[4 * (i + 0):]); - state[i + 1] ^= getu32(x[4 * (i + 1):]); - state[i + 2] ^= getu32(x[4 * (i + 2):]); - state[i + 3] ^= getu32(x[4 * (i + 3):]); - state[i + 4] ^= getu32(x[4 * (i + 4):]); - state[i + 5] ^= getu32(x[4 * (i + 5):]); - state[i + 6] ^= getu32(x[4 * (i + 6):]); - state[i + 7] ^= getu32(x[4 * (i + 7):]); + state[i + 0] ^= getu32(x[4 * (i + 0):]) + state[i + 1] ^= getu32(x[4 * (i + 1):]) + state[i + 2] ^= getu32(x[4 * (i + 2):]) + state[i + 3] ^= getu32(x[4 * (i + 3):]) + state[i + 4] ^= getu32(x[4 * (i + 4):]) + state[i + 5] ^= getu32(x[4 * (i + 5):]) + state[i + 6] ^= getu32(x[4 * (i + 6):]) + state[i + 7] ^= getu32(x[4 * (i + 7):]) } for u := 0; u < 64; u += 8 { - var v = wbp512[(u >> 3) + 0]; - w[u + 0] = (uint32((q[v + 2 * 0 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 0 + 1]) * 185) << 16); - w[u + 1] = (uint32((q[v + 2 * 1 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 1 + 1]) * 185) << 16); - w[u + 2] = (uint32((q[v + 2 * 2 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 2 + 1]) * 185) << 16); - w[u + 3] = (uint32((q[v + 2 * 3 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 3 + 1]) * 185) << 16); - w[u + 4] = (uint32((q[v + 2 * 4 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 4 + 1]) * 185) << 16); - w[u + 5] = (uint32((q[v + 2 * 5 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 5 + 1]) * 185) << 16); - w[u + 6] = (uint32((q[v + 2 * 6 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 6 + 1]) * 185) << 16); - w[u + 7] = (uint32((q[v + 2 * 7 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 7 + 1]) * 185) << 16); + var v = wbp512[(u >> 3) + 0] + w[u + 0] = (uint32((q[v + 2 * 0 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 0 + 1]) * 185) << 16) + w[u + 1] = (uint32((q[v + 2 * 1 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 1 + 1]) * 185) << 16) + w[u + 2] = (uint32((q[v + 2 * 2 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 2 + 1]) * 185) << 16) + w[u + 3] = (uint32((q[v + 2 * 3 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 3 + 1]) * 185) << 16) + w[u + 4] = (uint32((q[v + 2 * 4 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 4 + 1]) * 185) << 16) + w[u + 5] = (uint32((q[v + 2 * 5 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 5 + 1]) * 185) << 16) + w[u + 6] = (uint32((q[v + 2 * 6 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 6 + 1]) * 185) << 16) + w[u + 7] = (uint32((q[v + 2 * 7 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 7 + 1]) * 185) << 16) } - d.oneRound(0, 3, 23, 17, 27); + d.oneRound(0, 3, 23, 17, 27) for u := 0; u < 64; u += 8 { - var v = wbp512[(u >> 3) + 8]; - w[u + 0] = (uint32((q[v + 2 * 0 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 0 + 1]) * 185) << 16); - w[u + 1] = (uint32((q[v + 2 * 1 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 1 + 1]) * 185) << 16); - w[u + 2] = (uint32((q[v + 2 * 2 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 2 + 1]) * 185) << 16); - w[u + 3] = (uint32((q[v + 2 * 3 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 3 + 1]) * 185) << 16); - w[u + 4] = (uint32((q[v + 2 * 4 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 4 + 1]) * 185) << 16); - w[u + 5] = (uint32((q[v + 2 * 5 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 5 + 1]) * 185) << 16); - w[u + 6] = (uint32((q[v + 2 * 6 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 6 + 1]) * 185) << 16); - w[u + 7] = (uint32((q[v + 2 * 7 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 7 + 1]) * 185) << 16); + var v = wbp512[(u >> 3) + 8] + w[u + 0] = (uint32((q[v + 2 * 0 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 0 + 1]) * 185) << 16) + w[u + 1] = (uint32((q[v + 2 * 1 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 1 + 1]) * 185) << 16) + w[u + 2] = (uint32((q[v + 2 * 2 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 2 + 1]) * 185) << 16) + w[u + 3] = (uint32((q[v + 2 * 3 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 3 + 1]) * 185) << 16) + w[u + 4] = (uint32((q[v + 2 * 4 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 4 + 1]) * 185) << 16) + w[u + 5] = (uint32((q[v + 2 * 5 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 5 + 1]) * 185) << 16) + w[u + 6] = (uint32((q[v + 2 * 6 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 6 + 1]) * 185) << 16) + w[u + 7] = (uint32((q[v + 2 * 7 + 0]) * 185) & 0xFFFF) + (uint32((q[v + 2 * 7 + 1]) * 185) << 16) } - d.oneRound(1, 28, 19, 22, 7); + d.oneRound(1, 28, 19, 22, 7) for u := 0; u < 64; u += 8 { - var v = wbp512[(u >> 3) + 16]; - w[u + 0] = (uint32((q[v + 2 * 0 + (-256)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 0 + (-128)]) * 233) << 16); - w[u + 1] = (uint32((q[v + 2 * 1 + (-256)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 1 + (-128)]) * 233) << 16); - w[u + 2] = (uint32((q[v + 2 * 2 + (-256)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 2 + (-128)]) * 233) << 16); - w[u + 3] = (uint32((q[v + 2 * 3 + (-256)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 3 + (-128)]) * 233) << 16); - w[u + 4] = (uint32((q[v + 2 * 4 + (-256)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 4 + (-128)]) * 233) << 16); - w[u + 5] = (uint32((q[v + 2 * 5 + (-256)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 5 + (-128)]) * 233) << 16); - w[u + 6] = (uint32((q[v + 2 * 6 + (-256)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 6 + (-128)]) * 233) << 16); - w[u + 7] = (uint32((q[v + 2 * 7 + (-256)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 7 + (-128)]) * 233) << 16); + var v = wbp512[(u >> 3) + 16] + w[u + 0] = (uint32((q[v + 2 * 0 + (-256)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 0 + (-128)]) * 233) << 16) + w[u + 1] = (uint32((q[v + 2 * 1 + (-256)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 1 + (-128)]) * 233) << 16) + w[u + 2] = (uint32((q[v + 2 * 2 + (-256)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 2 + (-128)]) * 233) << 16) + w[u + 3] = (uint32((q[v + 2 * 3 + (-256)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 3 + (-128)]) * 233) << 16) + w[u + 4] = (uint32((q[v + 2 * 4 + (-256)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 4 + (-128)]) * 233) << 16) + w[u + 5] = (uint32((q[v + 2 * 5 + (-256)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 5 + (-128)]) * 233) << 16) + w[u + 6] = (uint32((q[v + 2 * 6 + (-256)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 6 + (-128)]) * 233) << 16) + w[u + 7] = (uint32((q[v + 2 * 7 + (-256)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 7 + (-128)]) * 233) << 16) } - d.oneRound(2, 29, 9, 15, 5); + d.oneRound(2, 29, 9, 15, 5) for u := 0; u < 64; u += 8 { - var v = wbp512[(u >> 3) + 24]; - w[u + 0] = (uint32((q[v + 2 * 0 + (-383)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 0 + (-255)]) * 233) << 16); - w[u + 1] = (uint32((q[v + 2 * 1 + (-383)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 1 + (-255)]) * 233) << 16); - w[u + 2] = (uint32((q[v + 2 * 2 + (-383)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 2 + (-255)]) * 233) << 16); - w[u + 3] = (uint32((q[v + 2 * 3 + (-383)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 3 + (-255)]) * 233) << 16); - w[u + 4] = (uint32((q[v + 2 * 4 + (-383)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 4 + (-255)]) * 233) << 16); - w[u + 5] = (uint32((q[v + 2 * 5 + (-383)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 5 + (-255)]) * 233) << 16); - w[u + 6] = (uint32((q[v + 2 * 6 + (-383)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 6 + (-255)]) * 233) << 16); - w[u + 7] = (uint32((q[v + 2 * 7 + (-383)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 7 + (-255)]) * 233) << 16); + var v = wbp512[(u >> 3) + 24] + w[u + 0] = (uint32((q[v + 2 * 0 + (-383)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 0 + (-255)]) * 233) << 16) + w[u + 1] = (uint32((q[v + 2 * 1 + (-383)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 1 + (-255)]) * 233) << 16) + w[u + 2] = (uint32((q[v + 2 * 2 + (-383)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 2 + (-255)]) * 233) << 16) + w[u + 3] = (uint32((q[v + 2 * 3 + (-383)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 3 + (-255)]) * 233) << 16) + w[u + 4] = (uint32((q[v + 2 * 4 + (-383)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 4 + (-255)]) * 233) << 16) + w[u + 5] = (uint32((q[v + 2 * 5 + (-383)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 5 + (-255)]) * 233) << 16) + w[u + 6] = (uint32((q[v + 2 * 6 + (-383)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 6 + (-255)]) * 233) << 16) + w[u + 7] = (uint32((q[v + 2 * 7 + (-383)]) * 233) & 0xFFFF) + (uint32((q[v + 2 * 7 + (-255)]) * 233) << 16) } - d.oneRound(3, 4, 13, 10, 25); + d.oneRound(3, 4, 13, 10, 25) { - var tA0 = circularLeft(state[0], 4); - var tA1 = circularLeft(state[1], 4); - var tA2 = circularLeft(state[2], 4); - var tA3 = circularLeft(state[3], 4); - var tA4 = circularLeft(state[4], 4); - var tA5 = circularLeft(state[5], 4); - var tA6 = circularLeft(state[6], 4); - var tA7 = circularLeft(state[7], 4); - - tmp = state[24] + (tmpState[0]) + (((state[8] ^ state[16]) & state[0]) ^ state[16]); - state[0] = circularLeft(tmp, 13) + tA5; - state[24] = state[16]; - state[16] = state[8]; - state[8] = tA0; - - tmp = state[25] + (tmpState[1]) + (((state[9] ^ state[17]) & state[1]) ^ state[17]); - state[1] = circularLeft(tmp, 13) + tA4; - state[25] = state[17]; - state[17] = state[9]; - state[9] = tA1; - - tmp = state[26] + (tmpState[2]) + (((state[10] ^ state[18]) & state[2]) ^ state[18]); - state[2] = circularLeft(tmp, 13) + tA7; - state[26] = state[18]; - state[18] = state[10]; - state[10] = tA2; - - tmp = state[27] + (tmpState[3]) + (((state[11] ^ state[19]) & state[3]) ^ state[19]); - state[3] = circularLeft(tmp, 13) + tA6; - state[27] = state[19]; - state[19] = state[11]; - state[11] = tA3; - - tmp = state[28] + (tmpState[4]) + (((state[12] ^ state[20]) & state[4]) ^ state[20]); - state[4] = circularLeft(tmp, 13) + tA1; - state[28] = state[20]; - state[20] = state[12]; - state[12] = tA4; - - tmp = state[29] + (tmpState[5]) + (((state[13] ^ state[21]) & state[5]) ^ state[21]); - state[5] = circularLeft(tmp, 13) + tA0; - state[29] = state[21]; - state[21] = state[13]; - state[13] = tA5; - - tmp = state[30] + (tmpState[6]) + (((state[14] ^ state[22]) & state[6]) ^ state[22]); - state[6] = circularLeft(tmp, 13) + tA3; - state[30] = state[22]; - state[22] = state[14]; - state[14] = tA6; - - tmp = state[31] + (tmpState[7]) + (((state[15] ^ state[23]) & state[7]) ^ state[23]); - state[7] = circularLeft(tmp, 13) + tA2; - state[31] = state[23]; - state[23] = state[15]; - state[15] = tA7; + var tA0 = circularLeft(state[0], 4) + var tA1 = circularLeft(state[1], 4) + var tA2 = circularLeft(state[2], 4) + var tA3 = circularLeft(state[3], 4) + var tA4 = circularLeft(state[4], 4) + var tA5 = circularLeft(state[5], 4) + var tA6 = circularLeft(state[6], 4) + var tA7 = circularLeft(state[7], 4) + + tmp = state[24] + (tmpState[0]) + (((state[8] ^ state[16]) & state[0]) ^ state[16]) + state[0] = circularLeft(tmp, 13) + tA5 + state[24] = state[16] + state[16] = state[8] + state[8] = tA0 + + tmp = state[25] + (tmpState[1]) + (((state[9] ^ state[17]) & state[1]) ^ state[17]) + state[1] = circularLeft(tmp, 13) + tA4 + state[25] = state[17] + state[17] = state[9] + state[9] = tA1 + + tmp = state[26] + (tmpState[2]) + (((state[10] ^ state[18]) & state[2]) ^ state[18]) + state[2] = circularLeft(tmp, 13) + tA7 + state[26] = state[18] + state[18] = state[10] + state[10] = tA2 + + tmp = state[27] + (tmpState[3]) + (((state[11] ^ state[19]) & state[3]) ^ state[19]) + state[3] = circularLeft(tmp, 13) + tA6 + state[27] = state[19] + state[19] = state[11] + state[11] = tA3 + + tmp = state[28] + (tmpState[4]) + (((state[12] ^ state[20]) & state[4]) ^ state[20]) + state[4] = circularLeft(tmp, 13) + tA1 + state[28] = state[20] + state[20] = state[12] + state[12] = tA4 + + tmp = state[29] + (tmpState[5]) + (((state[13] ^ state[21]) & state[5]) ^ state[21]) + state[5] = circularLeft(tmp, 13) + tA0 + state[29] = state[21] + state[21] = state[13] + state[13] = tA5 + + tmp = state[30] + (tmpState[6]) + (((state[14] ^ state[22]) & state[6]) ^ state[22]) + state[6] = circularLeft(tmp, 13) + tA3 + state[30] = state[22] + state[22] = state[14] + state[14] = tA6 + + tmp = state[31] + (tmpState[7]) + (((state[15] ^ state[23]) & state[7]) ^ state[23]) + state[7] = circularLeft(tmp, 13) + tA2 + state[31] = state[23] + state[23] = state[15] + state[15] = tA7 } { - var tA0 = circularLeft(state[0], 13); - var tA1 = circularLeft(state[1], 13); - var tA2 = circularLeft(state[2], 13); - var tA3 = circularLeft(state[3], 13); - var tA4 = circularLeft(state[4], 13); - var tA5 = circularLeft(state[5], 13); - var tA6 = circularLeft(state[6], 13); - var tA7 = circularLeft(state[7], 13); - - tmp = state[24] + (tmpState[8]) + (((state[8] ^ state[16]) & state[0]) ^ state[16]); - state[0] = circularLeft(tmp, 10) + tA7; - state[24] = state[16]; - state[16] = state[8]; - state[8] = tA0; - - tmp = state[25] + (tmpState[9]) + (((state[9] ^ state[17]) & state[1]) ^ state[17]); - state[1] = circularLeft(tmp, 10) + tA6; - state[25] = state[17]; - state[17] = state[9]; - state[9] = tA1; - - tmp = state[26] + (tmpState[10]) + (((state[10] ^ state[18]) & state[2]) ^ state[18]); - state[2] = circularLeft(tmp, 10) + tA5; - state[26] = state[18]; - state[18] = state[10]; - state[10] = tA2; - - tmp = state[27] + (tmpState[11]) + (((state[11] ^ state[19]) & state[3]) ^ state[19]); - state[3] = circularLeft(tmp, 10) + tA4; - state[27] = state[19]; - state[19] = state[11]; - state[11] = tA3; - - tmp = state[28] + (tmpState[12]) + (((state[12] ^ state[20]) & state[4]) ^ state[20]); - state[4] = circularLeft(tmp, 10) + tA3; - state[28] = state[20]; - state[20] = state[12]; - state[12] = tA4; - - tmp = state[29] + (tmpState[13]) + (((state[13] ^ state[21]) & state[5]) ^ state[21]); - state[5] = circularLeft(tmp, 10) + tA2; - state[29] = state[21]; - state[21] = state[13]; - state[13] = tA5; - - tmp = state[30] + (tmpState[14]) + (((state[14] ^ state[22]) & state[6]) ^ state[22]); - state[6] = circularLeft(tmp, 10) + tA1; - state[30] = state[22]; - state[22] = state[14]; - state[14] = tA6; - - tmp = state[31] + (tmpState[15]) + (((state[15] ^ state[23]) & state[7]) ^ state[23]); - state[7] = circularLeft(tmp, 10) + tA0; - state[31] = state[23]; - state[23] = state[15]; - state[15] = tA7; + var tA0 = circularLeft(state[0], 13) + var tA1 = circularLeft(state[1], 13) + var tA2 = circularLeft(state[2], 13) + var tA3 = circularLeft(state[3], 13) + var tA4 = circularLeft(state[4], 13) + var tA5 = circularLeft(state[5], 13) + var tA6 = circularLeft(state[6], 13) + var tA7 = circularLeft(state[7], 13) + + tmp = state[24] + (tmpState[8]) + (((state[8] ^ state[16]) & state[0]) ^ state[16]) + state[0] = circularLeft(tmp, 10) + tA7 + state[24] = state[16] + state[16] = state[8] + state[8] = tA0 + + tmp = state[25] + (tmpState[9]) + (((state[9] ^ state[17]) & state[1]) ^ state[17]) + state[1] = circularLeft(tmp, 10) + tA6 + state[25] = state[17] + state[17] = state[9] + state[9] = tA1 + + tmp = state[26] + (tmpState[10]) + (((state[10] ^ state[18]) & state[2]) ^ state[18]) + state[2] = circularLeft(tmp, 10) + tA5 + state[26] = state[18] + state[18] = state[10] + state[10] = tA2 + + tmp = state[27] + (tmpState[11]) + (((state[11] ^ state[19]) & state[3]) ^ state[19]) + state[3] = circularLeft(tmp, 10) + tA4 + state[27] = state[19] + state[19] = state[11] + state[11] = tA3 + + tmp = state[28] + (tmpState[12]) + (((state[12] ^ state[20]) & state[4]) ^ state[20]) + state[4] = circularLeft(tmp, 10) + tA3 + state[28] = state[20] + state[20] = state[12] + state[12] = tA4 + + tmp = state[29] + (tmpState[13]) + (((state[13] ^ state[21]) & state[5]) ^ state[21]) + state[5] = circularLeft(tmp, 10) + tA2 + state[29] = state[21] + state[21] = state[13] + state[13] = tA5 + + tmp = state[30] + (tmpState[14]) + (((state[14] ^ state[22]) & state[6]) ^ state[22]) + state[6] = circularLeft(tmp, 10) + tA1 + state[30] = state[22] + state[22] = state[14] + state[14] = tA6 + + tmp = state[31] + (tmpState[15]) + (((state[15] ^ state[23]) & state[7]) ^ state[23]) + state[7] = circularLeft(tmp, 10) + tA0 + state[31] = state[23] + state[23] = state[15] + state[15] = tA7 } { - var tA0 = circularLeft(state[0], 10); - var tA1 = circularLeft(state[1], 10); - var tA2 = circularLeft(state[2], 10); - var tA3 = circularLeft(state[3], 10); - var tA4 = circularLeft(state[4], 10); - var tA5 = circularLeft(state[5], 10); - var tA6 = circularLeft(state[6], 10); - var tA7 = circularLeft(state[7], 10); - - tmp = state[24] + (tmpState[16]) + (((state[8] ^ state[16]) & state[0]) ^ state[16]); - state[0] = circularLeft(tmp, 25) + tA4; - state[24] = state[16]; - state[16] = state[8]; - state[8] = tA0; - - tmp = state[25] + (tmpState[17]) + (((state[9] ^ state[17]) & state[1]) ^ state[17]); - state[1] = circularLeft(tmp, 25) + tA5; - state[25] = state[17]; - state[17] = state[9]; - state[9] = tA1; - - tmp = state[26] + (tmpState[18]) + (((state[10] ^ state[18]) & state[2]) ^ state[18]); - state[2] = circularLeft(tmp, 25) + tA6; - state[26] = state[18]; - state[18] = state[10]; - state[10] = tA2; - - tmp = state[27] + (tmpState[19]) + (((state[11] ^ state[19]) & state[3]) ^ state[19]); - state[3] = circularLeft(tmp, 25) + tA7; - state[27] = state[19]; - state[19] = state[11]; - state[11] = tA3; - - tmp = state[28] + (tmpState[20]) + (((state[12] ^ state[20]) & state[4]) ^ state[20]); - state[4] = circularLeft(tmp, 25) + tA0; - state[28] = state[20]; - state[20] = state[12]; - state[12] = tA4; - - tmp = state[29] + (tmpState[21]) + (((state[13] ^ state[21]) & state[5]) ^ state[21]); - state[5] = circularLeft(tmp, 25) + tA1; - state[29] = state[21]; - state[21] = state[13]; - state[13] = tA5; - - tmp = state[30] + (tmpState[22]) + (((state[14] ^ state[22]) & state[6]) ^ state[22]); - state[6] = circularLeft(tmp, 25) + tA2; - state[30] = state[22]; - state[22] = state[14]; - state[14] = tA6; - - tmp = state[31] + (tmpState[23]) + (((state[15] ^ state[23]) & state[7]) ^ state[23]); - state[7] = circularLeft(tmp, 25) + tA3; - state[31] = state[23]; - state[23] = state[15]; - state[15] = tA7; + var tA0 = circularLeft(state[0], 10) + var tA1 = circularLeft(state[1], 10) + var tA2 = circularLeft(state[2], 10) + var tA3 = circularLeft(state[3], 10) + var tA4 = circularLeft(state[4], 10) + var tA5 = circularLeft(state[5], 10) + var tA6 = circularLeft(state[6], 10) + var tA7 = circularLeft(state[7], 10) + + tmp = state[24] + (tmpState[16]) + (((state[8] ^ state[16]) & state[0]) ^ state[16]) + state[0] = circularLeft(tmp, 25) + tA4 + state[24] = state[16] + state[16] = state[8] + state[8] = tA0 + + tmp = state[25] + (tmpState[17]) + (((state[9] ^ state[17]) & state[1]) ^ state[17]) + state[1] = circularLeft(tmp, 25) + tA5 + state[25] = state[17] + state[17] = state[9] + state[9] = tA1 + + tmp = state[26] + (tmpState[18]) + (((state[10] ^ state[18]) & state[2]) ^ state[18]) + state[2] = circularLeft(tmp, 25) + tA6 + state[26] = state[18] + state[18] = state[10] + state[10] = tA2 + + tmp = state[27] + (tmpState[19]) + (((state[11] ^ state[19]) & state[3]) ^ state[19]) + state[3] = circularLeft(tmp, 25) + tA7 + state[27] = state[19] + state[19] = state[11] + state[11] = tA3 + + tmp = state[28] + (tmpState[20]) + (((state[12] ^ state[20]) & state[4]) ^ state[20]) + state[4] = circularLeft(tmp, 25) + tA0 + state[28] = state[20] + state[20] = state[12] + state[12] = tA4 + + tmp = state[29] + (tmpState[21]) + (((state[13] ^ state[21]) & state[5]) ^ state[21]) + state[5] = circularLeft(tmp, 25) + tA1 + state[29] = state[21] + state[21] = state[13] + state[13] = tA5 + + tmp = state[30] + (tmpState[22]) + (((state[14] ^ state[22]) & state[6]) ^ state[22]) + state[6] = circularLeft(tmp, 25) + tA2 + state[30] = state[22] + state[22] = state[14] + state[14] = tA6 + + tmp = state[31] + (tmpState[23]) + (((state[15] ^ state[23]) & state[7]) ^ state[23]) + state[7] = circularLeft(tmp, 25) + tA3 + state[31] = state[23] + state[23] = state[15] + state[15] = tA7 } { - var tA0 = circularLeft(state[0], 25); - var tA1 = circularLeft(state[1], 25); - var tA2 = circularLeft(state[2], 25); - var tA3 = circularLeft(state[3], 25); - var tA4 = circularLeft(state[4], 25); - var tA5 = circularLeft(state[5], 25); - var tA6 = circularLeft(state[6], 25); - var tA7 = circularLeft(state[7], 25); - - tmp = state[24] + (tmpState[24]) + (((state[8] ^ state[16]) & state[0]) ^ state[16]); - state[0] = circularLeft(tmp, 4) + tA1; - state[24] = state[16]; - state[16] = state[8]; - state[8] = tA0; - - tmp = state[25] + (tmpState[25]) + (((state[9] ^ state[17]) & state[1]) ^ state[17]); - state[1] = circularLeft(tmp, 4) + tA0; - state[25] = state[17]; - state[17] = state[9]; - state[9] = tA1; - - tmp = state[26] + (tmpState[26]) + (((state[10] ^ state[18]) & state[2]) ^ state[18]); - state[2] = circularLeft(tmp, 4) + tA3; - state[26] = state[18]; - state[18] = state[10]; - state[10] = tA2; - - tmp = state[27] + (tmpState[27]) + (((state[11] ^ state[19]) & state[3]) ^ state[19]); - state[3] = circularLeft(tmp, 4) + tA2; - state[27] = state[19]; - state[19] = state[11]; - state[11] = tA3; - - tmp = state[28] + (tmpState[28]) + (((state[12] ^ state[20]) & state[4]) ^ state[20]); - state[4] = circularLeft(tmp, 4) + tA5; - state[28] = state[20]; - state[20] = state[12]; - state[12] = tA4; - - tmp = state[29] + (tmpState[29]) + (((state[13] ^ state[21]) & state[5]) ^ state[21]); - state[5] = circularLeft(tmp, 4) + tA4; - state[29] = state[21]; - state[21] = state[13]; - state[13] = tA5; - - tmp = state[30] + (tmpState[30]) + (((state[14] ^ state[22]) & state[6]) ^ state[22]); - state[6] = circularLeft(tmp, 4) + tA7; - state[30] = state[22]; - state[22] = state[14]; - state[14] = tA6; - - tmp = state[31] + (tmpState[31]) + (((state[15] ^ state[23]) & state[7]) ^ state[23]); - state[7] = circularLeft(tmp, 4) + tA6; - state[31] = state[23]; - state[23] = state[15]; - state[15] = tA7; + var tA0 = circularLeft(state[0], 25) + var tA1 = circularLeft(state[1], 25) + var tA2 = circularLeft(state[2], 25) + var tA3 = circularLeft(state[3], 25) + var tA4 = circularLeft(state[4], 25) + var tA5 = circularLeft(state[5], 25) + var tA6 = circularLeft(state[6], 25) + var tA7 = circularLeft(state[7], 25) + + tmp = state[24] + (tmpState[24]) + (((state[8] ^ state[16]) & state[0]) ^ state[16]) + state[0] = circularLeft(tmp, 4) + tA1 + state[24] = state[16] + state[16] = state[8] + state[8] = tA0 + + tmp = state[25] + (tmpState[25]) + (((state[9] ^ state[17]) & state[1]) ^ state[17]) + state[1] = circularLeft(tmp, 4) + tA0 + state[25] = state[17] + state[17] = state[9] + state[9] = tA1 + + tmp = state[26] + (tmpState[26]) + (((state[10] ^ state[18]) & state[2]) ^ state[18]) + state[2] = circularLeft(tmp, 4) + tA3 + state[26] = state[18] + state[18] = state[10] + state[10] = tA2 + + tmp = state[27] + (tmpState[27]) + (((state[11] ^ state[19]) & state[3]) ^ state[19]) + state[3] = circularLeft(tmp, 4) + tA2 + state[27] = state[19] + state[19] = state[11] + state[11] = tA3 + + tmp = state[28] + (tmpState[28]) + (((state[12] ^ state[20]) & state[4]) ^ state[20]) + state[4] = circularLeft(tmp, 4) + tA5 + state[28] = state[20] + state[20] = state[12] + state[12] = tA4 + + tmp = state[29] + (tmpState[29]) + (((state[13] ^ state[21]) & state[5]) ^ state[21]) + state[5] = circularLeft(tmp, 4) + tA4 + state[29] = state[21] + state[21] = state[13] + state[13] = tA5 + + tmp = state[30] + (tmpState[30]) + (((state[14] ^ state[22]) & state[6]) ^ state[22]) + state[6] = circularLeft(tmp, 4) + tA7 + state[30] = state[22] + state[22] = state[14] + state[14] = tA6 + + tmp = state[31] + (tmpState[31]) + (((state[15] ^ state[23]) & state[7]) ^ state[23]) + state[7] = circularLeft(tmp, 4) + tA6 + state[31] = state[23] + state[23] = state[15] + state[15] = tA7 } } @@ -578,480 +578,480 @@ func (d *digest512) oneRound(isp, p0, p1, p2, p3 int) { var tmp uint32 for i := 0; i < 8; i++ { - tA[i] = circularLeft(state[i], p0); + tA[i] = circularLeft(state[i], p0) } for i := 0; i < 8; i++ { tmp = state[24+i] + (w[i]) + (((state[8+i] ^ state[16+i]) & - state[i]) ^ state[16+i]); + state[i]) ^ state[16+i]) state[i] = circularLeft(tmp, p1) + - tA[(pp8k512[isp + 0]) ^ i]; - state[24+i] = state[16+i]; - state[16+i] = state[8+i]; - state[8+i] = tA[i]; + tA[(pp8k512[isp + 0]) ^ i] + state[24+i] = state[16+i] + state[16+i] = state[8+i] + state[8+i] = tA[i] } for i := 0; i < 8; i++ { - tA[i] = circularLeft(state[i], p1); + tA[i] = circularLeft(state[i], p1) } for i := 0; i < 8; i++ { tmp = state[24+i] + (w[8+i]) + (((state[8+i] ^ state[16+i]) & - state[i]) ^ state[16+i]); + state[i]) ^ state[16+i]) state[i] = circularLeft(tmp, p2) + - tA[(pp8k512[isp + 1]) ^ i]; - state[24+i] = state[16+i]; - state[16+i] = state[8+i]; - state[8+i] = tA[i]; + tA[(pp8k512[isp + 1]) ^ i] + state[24+i] = state[16+i] + state[16+i] = state[8+i] + state[8+i] = tA[i] } for i := 0; i < 8; i++ { - tA[i] = circularLeft(state[i], p2); + tA[i] = circularLeft(state[i], p2) } for i := 0; i < 8; i++ { tmp = state[24+i] + (w[16+i]) + (((state[8+i] ^ state[16+i]) & - state[i]) ^ state[16+i]); + state[i]) ^ state[16+i]) state[i] = circularLeft(tmp, p3) + - tA[(pp8k512[isp + 2]) ^ i]; - state[24+i] = state[16+i]; - state[16+i] = state[8+i]; - state[8+i] = tA[i]; + tA[(pp8k512[isp + 2]) ^ i] + state[24+i] = state[16+i] + state[16+i] = state[8+i] + state[8+i] = tA[i] } for i := 0; i < 8; i++ { - tA[i] = circularLeft(state[i], p3); + tA[i] = circularLeft(state[i], p3) } for i := 0; i < 8; i++ { tmp = state[24+i] + (w[24+i]) + (((state[8+i] ^ state[16+i]) & - state[i]) ^ state[16+i]); + state[i]) ^ state[16+i]) state[i] = circularLeft(tmp, p0) + - tA[(pp8k512[isp + 3]) ^ i]; - state[24+i] = state[16+i]; - state[16+i] = state[8+i]; - state[8+i] = tA[i]; + tA[(pp8k512[isp + 3]) ^ i] + state[24+i] = state[16+i] + state[16+i] = state[8+i] + state[8+i] = tA[i] } for i := 0; i < 8; i++ { - tA[i] = circularLeft(state[i], p0); + tA[i] = circularLeft(state[i], p0) } for i := 0; i < 8; i++ { tmp = state[24+i] + (w[32+i]) + ((state[0+i] & state[8+i]) | ((state[0+i] | - state[8+i]) & state[16+i])); + state[8+i]) & state[16+i])) state[0+i] = circularLeft(tmp, p1) + - tA[(pp8k512[isp + 4]) ^ i]; - state[24+i] = state[16+i]; - state[16+i] = state[8+i]; - state[8+i] = tA[0+i]; + tA[(pp8k512[isp + 4]) ^ i] + state[24+i] = state[16+i] + state[16+i] = state[8+i] + state[8+i] = tA[0+i] } for i := 0; i < 8; i++ { - tA[i] = circularLeft(state[i], p1); + tA[i] = circularLeft(state[i], p1) } for i := 0; i < 8; i++ { tmp = state[24+i] + (w[40+i]) + ((state[0+i] & state[8+i]) | ((state[0+i] | - state[8+i]) & state[16+i])); + state[8+i]) & state[16+i])) state[0+i] = circularLeft(tmp, p2) + - tA[(pp8k512[isp + 5]) ^ i]; - state[24+i] = state[16+i]; - state[16+i] = state[8+i]; - state[8+i] = tA[0+i]; + tA[(pp8k512[isp + 5]) ^ i] + state[24+i] = state[16+i] + state[16+i] = state[8+i] + state[8+i] = tA[0+i] } for i := 0; i < 8; i++ { - tA[i] = circularLeft(state[i], p2); + tA[i] = circularLeft(state[i], p2) } for i := 0; i < 8; i++ { tmp = state[24+i] + (w[48+i]) + ((state[0+i] & state[8+i]) | ((state[0+i] | - state[8+i]) & state[16+i])); + state[8+i]) & state[16+i])) state[0+i] = circularLeft(tmp, p3) + - tA[(pp8k512[isp + 6]) ^ i]; - state[24+i] = state[16+i]; - state[16+i] = state[8+i]; - state[8+i] = tA[0+i]; + tA[(pp8k512[isp + 6]) ^ i] + state[24+i] = state[16+i] + state[16+i] = state[8+i] + state[8+i] = tA[0+i] } for i := 0; i < 8; i++ { - tA[i] = circularLeft(state[i], p3); + tA[i] = circularLeft(state[i], p3) } for i := 0; i < 8; i++ { tmp = state[24+i] + (w[56+i]) + ((state[0+i] & state[8+i]) | ((state[0+i] | - state[8+i]) & state[16+i])); + state[8+i]) & state[16+i])) state[0+i] = circularLeft(tmp, p0) + - tA[(pp8k512[isp + 7]) ^ i]; - state[24+i] = state[16+i]; - state[16+i] = state[8+i]; - state[8+i] = tA[0+i]; + tA[(pp8k512[isp + 7]) ^ i] + state[24+i] = state[16+i] + state[16+i] = state[8+i] + state[8+i] = tA[0+i] } } func (d *digest512) fft64(x []byte, xb, xs, qoff int) { q := &d.q - var xd = xs << 1; + var xd = xs << 1 { var d1_0, d1_1, d1_2, d1_3, d1_4, d1_5, d1_6, d1_7 int32 var d2_0, d2_1, d2_2, d2_3, d2_4, d2_5, d2_6, d2_7 int32 { - var x0 = int32(x[xb + 0 * xd] & 0xFF); - var x1 = int32(x[xb + 4 * xd] & 0xFF); - var x2 = int32(x[xb + 8 * xd] & 0xFF); - var x3 = int32(x[xb + 12 * xd] & 0xFF); - - var a0 = x0 + x2; - var a1 = x0 + (x2 << 4); - var a2 = x0 - x2; - var a3 = x0 - (x2 << 4); - var b0 = x1 + x3; + var x0 = int32(x[xb + 0 * xd] & 0xFF) + var x1 = int32(x[xb + 4 * xd] & 0xFF) + var x2 = int32(x[xb + 8 * xd] & 0xFF) + var x3 = int32(x[xb + 12 * xd] & 0xFF) + + var a0 = x0 + x2 + var a1 = x0 + (x2 << 4) + var a2 = x0 - x2 + var a3 = x0 - (x2 << 4) + var b0 = x1 + x3 var b1 = REDS1((x1 << 2) + (x3 << 6)) - var b2 = (x1 << 4) - (x3 << 4); + var b2 = (x1 << 4) - (x3 << 4) var b3 = REDS1((x1 << 6) + (x3 << 2)) - d1_0 = a0 + b0; - d1_1 = a1 + b1; - d1_2 = a2 + b2; - d1_3 = a3 + b3; - d1_4 = a0 - b0; - d1_5 = a1 - b1; - d1_6 = a2 - b2; - d1_7 = a3 - b3; + d1_0 = a0 + b0 + d1_1 = a1 + b1 + d1_2 = a2 + b2 + d1_3 = a3 + b3 + d1_4 = a0 - b0 + d1_5 = a1 - b1 + d1_6 = a2 - b2 + d1_7 = a3 - b3 } { - var x0 = int32(x[xb + 2 * xd] & 0xFF); - var x1 = int32(x[xb + 6 * xd] & 0xFF); - var x2 = int32(x[xb + 10 * xd] & 0xFF); - var x3 = int32(x[xb + 14 * xd] & 0xFF); - - var a0 = x0 + x2; - var a1 = x0 + (x2 << 4); - var a2 = x0 - x2; - var a3 = x0 - (x2 << 4); - var b0 = x1 + x3; + var x0 = int32(x[xb + 2 * xd] & 0xFF) + var x1 = int32(x[xb + 6 * xd] & 0xFF) + var x2 = int32(x[xb + 10 * xd] & 0xFF) + var x3 = int32(x[xb + 14 * xd] & 0xFF) + + var a0 = x0 + x2 + var a1 = x0 + (x2 << 4) + var a2 = x0 - x2 + var a3 = x0 - (x2 << 4) + var b0 = x1 + x3 var b1 = REDS1((x1 << 2) + (x3 << 6)) - var b2 = (x1 << 4) - (x3 << 4); + var b2 = (x1 << 4) - (x3 << 4) var b3 = REDS1((x1 << 6) + (x3 << 2)) - d2_0 = a0 + b0; - d2_1 = a1 + b1; - d2_2 = a2 + b2; - d2_3 = a3 + b3; - d2_4 = a0 - b0; - d2_5 = a1 - b1; - d2_6 = a2 - b2; - d2_7 = a3 - b3; + d2_0 = a0 + b0 + d2_1 = a1 + b1 + d2_2 = a2 + b2 + d2_3 = a3 + b3 + d2_4 = a0 - b0 + d2_5 = a1 - b1 + d2_6 = a2 - b2 + d2_7 = a3 - b3 } - q[qoff + 0] = d1_0 + d2_0; - q[qoff + 1] = d1_1 + (d2_1 << 1); - q[qoff + 2] = d1_2 + (d2_2 << 2); - q[qoff + 3] = d1_3 + (d2_3 << 3); - q[qoff + 4] = d1_4 + (d2_4 << 4); - q[qoff + 5] = d1_5 + (d2_5 << 5); - q[qoff + 6] = d1_6 + (d2_6 << 6); - q[qoff + 7] = d1_7 + (d2_7 << 7); - q[qoff + 8] = d1_0 - d2_0; - q[qoff + 9] = d1_1 - (d2_1 << 1); - q[qoff + 10] = d1_2 - (d2_2 << 2); - q[qoff + 11] = d1_3 - (d2_3 << 3); - q[qoff + 12] = d1_4 - (d2_4 << 4); - q[qoff + 13] = d1_5 - (d2_5 << 5); - q[qoff + 14] = d1_6 - (d2_6 << 6); - q[qoff + 15] = d1_7 - (d2_7 << 7); + q[qoff + 0] = d1_0 + d2_0 + q[qoff + 1] = d1_1 + (d2_1 << 1) + q[qoff + 2] = d1_2 + (d2_2 << 2) + q[qoff + 3] = d1_3 + (d2_3 << 3) + q[qoff + 4] = d1_4 + (d2_4 << 4) + q[qoff + 5] = d1_5 + (d2_5 << 5) + q[qoff + 6] = d1_6 + (d2_6 << 6) + q[qoff + 7] = d1_7 + (d2_7 << 7) + q[qoff + 8] = d1_0 - d2_0 + q[qoff + 9] = d1_1 - (d2_1 << 1) + q[qoff + 10] = d1_2 - (d2_2 << 2) + q[qoff + 11] = d1_3 - (d2_3 << 3) + q[qoff + 12] = d1_4 - (d2_4 << 4) + q[qoff + 13] = d1_5 - (d2_5 << 5) + q[qoff + 14] = d1_6 - (d2_6 << 6) + q[qoff + 15] = d1_7 - (d2_7 << 7) } { var d1_0, d1_1, d1_2, d1_3, d1_4, d1_5, d1_6, d1_7 int32 var d2_0, d2_1, d2_2, d2_3, d2_4, d2_5, d2_6, d2_7 int32 { - var x0 = int32(x[xb + 1 * xd] & 0xFF); - var x1 = int32(x[xb + 5 * xd] & 0xFF); - var x2 = int32(x[xb + 9 * xd] & 0xFF); - var x3 = int32(x[xb + 13 * xd] & 0xFF); - - var a0 = x0 + x2; - var a1 = x0 + (x2 << 4); - var a2 = x0 - x2; - var a3 = x0 - (x2 << 4); - var b0 = x1 + x3; + var x0 = int32(x[xb + 1 * xd] & 0xFF) + var x1 = int32(x[xb + 5 * xd] & 0xFF) + var x2 = int32(x[xb + 9 * xd] & 0xFF) + var x3 = int32(x[xb + 13 * xd] & 0xFF) + + var a0 = x0 + x2 + var a1 = x0 + (x2 << 4) + var a2 = x0 - x2 + var a3 = x0 - (x2 << 4) + var b0 = x1 + x3 var b1 = REDS1((x1 << 2) + (x3 << 6)) - var b2 = (x1 << 4) - (x3 << 4); + var b2 = (x1 << 4) - (x3 << 4) var b3 = REDS1((x1 << 6) + (x3 << 2)) - d1_0 = a0 + b0; - d1_1 = a1 + b1; - d1_2 = a2 + b2; - d1_3 = a3 + b3; - d1_4 = a0 - b0; - d1_5 = a1 - b1; - d1_6 = a2 - b2; - d1_7 = a3 - b3; + d1_0 = a0 + b0 + d1_1 = a1 + b1 + d1_2 = a2 + b2 + d1_3 = a3 + b3 + d1_4 = a0 - b0 + d1_5 = a1 - b1 + d1_6 = a2 - b2 + d1_7 = a3 - b3 } { - var x0 = int32(x[xb + 3 * xd] & 0xFF); - var x1 = int32(x[xb + 7 * xd] & 0xFF); - var x2 = int32(x[xb + 11 * xd] & 0xFF); - var x3 = int32(x[xb + 15 * xd] & 0xFF); - - var a0 = x0 + x2; - var a1 = x0 + (x2 << 4); - var a2 = x0 - x2; - var a3 = x0 - (x2 << 4); - var b0 = x1 + x3; + var x0 = int32(x[xb + 3 * xd] & 0xFF) + var x1 = int32(x[xb + 7 * xd] & 0xFF) + var x2 = int32(x[xb + 11 * xd] & 0xFF) + var x3 = int32(x[xb + 15 * xd] & 0xFF) + + var a0 = x0 + x2 + var a1 = x0 + (x2 << 4) + var a2 = x0 - x2 + var a3 = x0 - (x2 << 4) + var b0 = x1 + x3 var b1 = REDS1((x1 << 2) + (x3 << 6)) - var b2 = (x1 << 4) - (x3 << 4); + var b2 = (x1 << 4) - (x3 << 4) var b3 = REDS1((x1 << 6) + (x3 << 2)) - d2_0 = a0 + b0; - d2_1 = a1 + b1; - d2_2 = a2 + b2; - d2_3 = a3 + b3; - d2_4 = a0 - b0; - d2_5 = a1 - b1; - d2_6 = a2 - b2; - d2_7 = a3 - b3; + d2_0 = a0 + b0 + d2_1 = a1 + b1 + d2_2 = a2 + b2 + d2_3 = a3 + b3 + d2_4 = a0 - b0 + d2_5 = a1 - b1 + d2_6 = a2 - b2 + d2_7 = a3 - b3 } - q[qoff + 16 + 0] = d1_0 + d2_0; - q[qoff + 16 + 1] = d1_1 + (d2_1 << 1); - q[qoff + 16 + 2] = d1_2 + (d2_2 << 2); - q[qoff + 16 + 3] = d1_3 + (d2_3 << 3); - q[qoff + 16 + 4] = d1_4 + (d2_4 << 4); - q[qoff + 16 + 5] = d1_5 + (d2_5 << 5); - q[qoff + 16 + 6] = d1_6 + (d2_6 << 6); - q[qoff + 16 + 7] = d1_7 + (d2_7 << 7); - q[qoff + 16 + 8] = d1_0 - d2_0; - q[qoff + 16 + 9] = d1_1 - (d2_1 << 1); - q[qoff + 16 + 10] = d1_2 - (d2_2 << 2); - q[qoff + 16 + 11] = d1_3 - (d2_3 << 3); - q[qoff + 16 + 12] = d1_4 - (d2_4 << 4); - q[qoff + 16 + 13] = d1_5 - (d2_5 << 5); - q[qoff + 16 + 14] = d1_6 - (d2_6 << 6); - q[qoff + 16 + 15] = d1_7 - (d2_7 << 7); + q[qoff + 16 + 0] = d1_0 + d2_0 + q[qoff + 16 + 1] = d1_1 + (d2_1 << 1) + q[qoff + 16 + 2] = d1_2 + (d2_2 << 2) + q[qoff + 16 + 3] = d1_3 + (d2_3 << 3) + q[qoff + 16 + 4] = d1_4 + (d2_4 << 4) + q[qoff + 16 + 5] = d1_5 + (d2_5 << 5) + q[qoff + 16 + 6] = d1_6 + (d2_6 << 6) + q[qoff + 16 + 7] = d1_7 + (d2_7 << 7) + q[qoff + 16 + 8] = d1_0 - d2_0 + q[qoff + 16 + 9] = d1_1 - (d2_1 << 1) + q[qoff + 16 + 10] = d1_2 - (d2_2 << 2) + q[qoff + 16 + 11] = d1_3 - (d2_3 << 3) + q[qoff + 16 + 12] = d1_4 - (d2_4 << 4) + q[qoff + 16 + 13] = d1_5 - (d2_5 << 5) + q[qoff + 16 + 14] = d1_6 - (d2_6 << 6) + q[qoff + 16 + 15] = d1_7 - (d2_7 << 7) } - var m = q[qoff]; - var n = q[qoff + 16]; + var m = q[qoff] + var n = q[qoff + 16] - q[qoff] = m + n; - q[qoff + 16] = m - n; + q[qoff] = m + n + q[qoff + 16] = m - n for u, v := 0, 0; u < 16; u, v = u + 4, v + 4 * 8 { var t int32 if u != 0 { - m = q[qoff + u + 0]; - n = q[qoff + u + 0 + 16]; - t = ((n * alphaTab512[v + 0 * 8]) & 0xFFFF) + ((n * alphaTab512[v + 0 * 8]) >> 16); - q[qoff + u + 0] = m + t; - q[qoff + u + 0 + 16] = m - t; + m = q[qoff + u + 0] + n = q[qoff + u + 0 + 16] + t = ((n * alphaTab512[v + 0 * 8]) & 0xFFFF) + ((n * alphaTab512[v + 0 * 8]) >> 16) + q[qoff + u + 0] = m + t + q[qoff + u + 0 + 16] = m - t } for j := 1; j < 4; j++ { - m = q[qoff + u + j]; - n = q[qoff + u + j + 16]; + m = q[qoff + u + j] + n = q[qoff + u + j + 16] t = ((n * alphaTab512[v + j * 8]) & 0xFFFF) + - ((n * alphaTab512[v + j * 8]) >> 16); - q[qoff + u + j] = m + t; - q[qoff + u + j + 16] = m - t; + ((n * alphaTab512[v + j * 8]) >> 16) + q[qoff + u + j] = m + t + q[qoff + u + j + 16] = m - t } } { var d1_0, d1_1, d1_2, d1_3, d1_4, d1_5, d1_6, d1_7 int32 var d2_0, d2_1, d2_2, d2_3, d2_4, d2_5, d2_6, d2_7 int32 { - var x0 = int32(x[xb + xs + 0 * xd] & 0xFF); - var x1 = int32(x[xb + xs + 4 * xd] & 0xFF); - var x2 = int32(x[xb + xs + 8 * xd] & 0xFF); - var x3 = int32(x[xb + xs + 12 * xd] & 0xFF); - - var a0 = x0 + x2; - var a1 = x0 + (x2 << 4); - var a2 = x0 - x2; - var a3 = x0 - (x2 << 4); - var b0 = x1 + x3; + var x0 = int32(x[xb + xs + 0 * xd] & 0xFF) + var x1 = int32(x[xb + xs + 4 * xd] & 0xFF) + var x2 = int32(x[xb + xs + 8 * xd] & 0xFF) + var x3 = int32(x[xb + xs + 12 * xd] & 0xFF) + + var a0 = x0 + x2 + var a1 = x0 + (x2 << 4) + var a2 = x0 - x2 + var a3 = x0 - (x2 << 4) + var b0 = x1 + x3 var b1 = REDS1((x1 << 2) + (x3 << 6)) - var b2 = (x1 << 4) - (x3 << 4); + var b2 = (x1 << 4) - (x3 << 4) var b3 = REDS1((x1 << 6) + (x3 << 2)) - d1_0 = a0 + b0; - d1_1 = a1 + b1; - d1_2 = a2 + b2; - d1_3 = a3 + b3; - d1_4 = a0 - b0; - d1_5 = a1 - b1; - d1_6 = a2 - b2; - d1_7 = a3 - b3; + d1_0 = a0 + b0 + d1_1 = a1 + b1 + d1_2 = a2 + b2 + d1_3 = a3 + b3 + d1_4 = a0 - b0 + d1_5 = a1 - b1 + d1_6 = a2 - b2 + d1_7 = a3 - b3 } { - var x0 = int32(x[xb + xs + 2 * xd] & 0xFF); - var x1 = int32(x[xb + xs + 6 * xd] & 0xFF); - var x2 = int32(x[xb + xs + 10 * xd] & 0xFF); - var x3 = int32(x[xb + xs + 14 * xd] & 0xFF); - - var a0 = x0 + x2; - var a1 = x0 + (x2 << 4); - var a2 = x0 - x2; - var a3 = x0 - (x2 << 4); - var b0 = x1 + x3; + var x0 = int32(x[xb + xs + 2 * xd] & 0xFF) + var x1 = int32(x[xb + xs + 6 * xd] & 0xFF) + var x2 = int32(x[xb + xs + 10 * xd] & 0xFF) + var x3 = int32(x[xb + xs + 14 * xd] & 0xFF) + + var a0 = x0 + x2 + var a1 = x0 + (x2 << 4) + var a2 = x0 - x2 + var a3 = x0 - (x2 << 4) + var b0 = x1 + x3 var b1 = REDS1((x1 << 2) + (x3 << 6)) - var b2 = (x1 << 4) - (x3 << 4); + var b2 = (x1 << 4) - (x3 << 4) var b3 = REDS1((x1 << 6) + (x3 << 2)) - d2_0 = a0 + b0; - d2_1 = a1 + b1; - d2_2 = a2 + b2; - d2_3 = a3 + b3; - d2_4 = a0 - b0; - d2_5 = a1 - b1; - d2_6 = a2 - b2; - d2_7 = a3 - b3; + d2_0 = a0 + b0 + d2_1 = a1 + b1 + d2_2 = a2 + b2 + d2_3 = a3 + b3 + d2_4 = a0 - b0 + d2_5 = a1 - b1 + d2_6 = a2 - b2 + d2_7 = a3 - b3 } - q[qoff + 32 + 0] = d1_0 + d2_0; - q[qoff + 32 + 1] = d1_1 + (d2_1 << 1); - q[qoff + 32 + 2] = d1_2 + (d2_2 << 2); - q[qoff + 32 + 3] = d1_3 + (d2_3 << 3); - q[qoff + 32 + 4] = d1_4 + (d2_4 << 4); - q[qoff + 32 + 5] = d1_5 + (d2_5 << 5); - q[qoff + 32 + 6] = d1_6 + (d2_6 << 6); - q[qoff + 32 + 7] = d1_7 + (d2_7 << 7); - q[qoff + 32 + 8] = d1_0 - d2_0; - q[qoff + 32 + 9] = d1_1 - (d2_1 << 1); - q[qoff + 32 + 10] = d1_2 - (d2_2 << 2); - q[qoff + 32 + 11] = d1_3 - (d2_3 << 3); - q[qoff + 32 + 12] = d1_4 - (d2_4 << 4); - q[qoff + 32 + 13] = d1_5 - (d2_5 << 5); - q[qoff + 32 + 14] = d1_6 - (d2_6 << 6); - q[qoff + 32 + 15] = d1_7 - (d2_7 << 7); + q[qoff + 32 + 0] = d1_0 + d2_0 + q[qoff + 32 + 1] = d1_1 + (d2_1 << 1) + q[qoff + 32 + 2] = d1_2 + (d2_2 << 2) + q[qoff + 32 + 3] = d1_3 + (d2_3 << 3) + q[qoff + 32 + 4] = d1_4 + (d2_4 << 4) + q[qoff + 32 + 5] = d1_5 + (d2_5 << 5) + q[qoff + 32 + 6] = d1_6 + (d2_6 << 6) + q[qoff + 32 + 7] = d1_7 + (d2_7 << 7) + q[qoff + 32 + 8] = d1_0 - d2_0 + q[qoff + 32 + 9] = d1_1 - (d2_1 << 1) + q[qoff + 32 + 10] = d1_2 - (d2_2 << 2) + q[qoff + 32 + 11] = d1_3 - (d2_3 << 3) + q[qoff + 32 + 12] = d1_4 - (d2_4 << 4) + q[qoff + 32 + 13] = d1_5 - (d2_5 << 5) + q[qoff + 32 + 14] = d1_6 - (d2_6 << 6) + q[qoff + 32 + 15] = d1_7 - (d2_7 << 7) } { var d1_0, d1_1, d1_2, d1_3, d1_4, d1_5, d1_6, d1_7 int32 var d2_0, d2_1, d2_2, d2_3, d2_4, d2_5, d2_6, d2_7 int32 { - var x0 = int32(x[xb + xs + 1 * xd] & 0xFF); - var x1 = int32(x[xb + xs + 5 * xd] & 0xFF); - var x2 = int32(x[xb + xs + 9 * xd] & 0xFF); - var x3 = int32(x[xb + xs + 13 * xd] & 0xFF); - - var a0 = x0 + x2; - var a1 = x0 + (x2 << 4); - var a2 = x0 - x2; - var a3 = x0 - (x2 << 4); - var b0 = x1 + x3; + var x0 = int32(x[xb + xs + 1 * xd] & 0xFF) + var x1 = int32(x[xb + xs + 5 * xd] & 0xFF) + var x2 = int32(x[xb + xs + 9 * xd] & 0xFF) + var x3 = int32(x[xb + xs + 13 * xd] & 0xFF) + + var a0 = x0 + x2 + var a1 = x0 + (x2 << 4) + var a2 = x0 - x2 + var a3 = x0 - (x2 << 4) + var b0 = x1 + x3 var b1 = REDS1((x1 << 2) + (x3 << 6)) - var b2 = (x1 << 4) - (x3 << 4); + var b2 = (x1 << 4) - (x3 << 4) var b3 = REDS1((x1 << 6) + (x3 << 2)) - d1_0 = a0 + b0; - d1_1 = a1 + b1; - d1_2 = a2 + b2; - d1_3 = a3 + b3; - d1_4 = a0 - b0; - d1_5 = a1 - b1; - d1_6 = a2 - b2; - d1_7 = a3 - b3; + d1_0 = a0 + b0 + d1_1 = a1 + b1 + d1_2 = a2 + b2 + d1_3 = a3 + b3 + d1_4 = a0 - b0 + d1_5 = a1 - b1 + d1_6 = a2 - b2 + d1_7 = a3 - b3 } { - var x0 = int32(x[xb + xs + 3 * xd] & 0xFF); - var x1 = int32(x[xb + xs + 7 * xd] & 0xFF); - var x2 = int32(x[xb + xs + 11 * xd] & 0xFF); - var x3 = int32(x[xb + xs + 15 * xd] & 0xFF); - - var a0 = x0 + x2; - var a1 = x0 + (x2 << 4); - var a2 = x0 - x2; - var a3 = x0 - (x2 << 4); - var b0 = x1 + x3; + var x0 = int32(x[xb + xs + 3 * xd] & 0xFF) + var x1 = int32(x[xb + xs + 7 * xd] & 0xFF) + var x2 = int32(x[xb + xs + 11 * xd] & 0xFF) + var x3 = int32(x[xb + xs + 15 * xd] & 0xFF) + + var a0 = x0 + x2 + var a1 = x0 + (x2 << 4) + var a2 = x0 - x2 + var a3 = x0 - (x2 << 4) + var b0 = x1 + x3 var b1 = REDS1((x1 << 2) + (x3 << 6)) - var b2 = (x1 << 4) - (x3 << 4); + var b2 = (x1 << 4) - (x3 << 4) var b3 = REDS1((x1 << 6) + (x3 << 2)) - d2_0 = a0 + b0; - d2_1 = a1 + b1; - d2_2 = a2 + b2; - d2_3 = a3 + b3; - d2_4 = a0 - b0; - d2_5 = a1 - b1; - d2_6 = a2 - b2; - d2_7 = a3 - b3; + d2_0 = a0 + b0 + d2_1 = a1 + b1 + d2_2 = a2 + b2 + d2_3 = a3 + b3 + d2_4 = a0 - b0 + d2_5 = a1 - b1 + d2_6 = a2 - b2 + d2_7 = a3 - b3 } - q[qoff + 32 + 16 + 0] = d1_0 + d2_0; - q[qoff + 32 + 16 + 1] = d1_1 + (d2_1 << 1); - q[qoff + 32 + 16 + 2] = d1_2 + (d2_2 << 2); - q[qoff + 32 + 16 + 3] = d1_3 + (d2_3 << 3); - q[qoff + 32 + 16 + 4] = d1_4 + (d2_4 << 4); - q[qoff + 32 + 16 + 5] = d1_5 + (d2_5 << 5); - q[qoff + 32 + 16 + 6] = d1_6 + (d2_6 << 6); - q[qoff + 32 + 16 + 7] = d1_7 + (d2_7 << 7); - q[qoff + 32 + 16 + 8] = d1_0 - d2_0; - q[qoff + 32 + 16 + 9] = d1_1 - (d2_1 << 1); - q[qoff + 32 + 16 + 10] = d1_2 - (d2_2 << 2); - q[qoff + 32 + 16 + 11] = d1_3 - (d2_3 << 3); - q[qoff + 32 + 16 + 12] = d1_4 - (d2_4 << 4); - q[qoff + 32 + 16 + 13] = d1_5 - (d2_5 << 5); - q[qoff + 32 + 16 + 14] = d1_6 - (d2_6 << 6); - q[qoff + 32 + 16 + 15] = d1_7 - (d2_7 << 7); + q[qoff + 32 + 16 + 0] = d1_0 + d2_0 + q[qoff + 32 + 16 + 1] = d1_1 + (d2_1 << 1) + q[qoff + 32 + 16 + 2] = d1_2 + (d2_2 << 2) + q[qoff + 32 + 16 + 3] = d1_3 + (d2_3 << 3) + q[qoff + 32 + 16 + 4] = d1_4 + (d2_4 << 4) + q[qoff + 32 + 16 + 5] = d1_5 + (d2_5 << 5) + q[qoff + 32 + 16 + 6] = d1_6 + (d2_6 << 6) + q[qoff + 32 + 16 + 7] = d1_7 + (d2_7 << 7) + q[qoff + 32 + 16 + 8] = d1_0 - d2_0 + q[qoff + 32 + 16 + 9] = d1_1 - (d2_1 << 1) + q[qoff + 32 + 16 + 10] = d1_2 - (d2_2 << 2) + q[qoff + 32 + 16 + 11] = d1_3 - (d2_3 << 3) + q[qoff + 32 + 16 + 12] = d1_4 - (d2_4 << 4) + q[qoff + 32 + 16 + 13] = d1_5 - (d2_5 << 5) + q[qoff + 32 + 16 + 14] = d1_6 - (d2_6 << 6) + q[qoff + 32 + 16 + 15] = d1_7 - (d2_7 << 7) } - m = q[qoff + 32]; - n = q[qoff + 32 + 16]; - q[qoff + 32] = m + n; - q[qoff + 32 + 16] = m - n; + m = q[qoff + 32] + n = q[qoff + 32 + 16] + q[qoff + 32] = m + n + q[qoff + 32 + 16] = m - n for u, v := 0, 0; u < 16; u, v = u + 4, v + 4 * 8 { var t int32 if u != 0 { - m = q[(qoff + 32) + u + 0]; - n = q[(qoff + 32) + u + 0 + 16]; - t = ((n * alphaTab512[v + 0 * 8]) & 0xFFFF) + ((n * alphaTab512[v + 0 * 8]) >> 16); - q[(qoff + 32) + u + 0] = m + t; - q[(qoff + 32) + u + 0 + 16] = m - t; + m = q[(qoff + 32) + u + 0] + n = q[(qoff + 32) + u + 0 + 16] + t = ((n * alphaTab512[v + 0 * 8]) & 0xFFFF) + ((n * alphaTab512[v + 0 * 8]) >> 16) + q[(qoff + 32) + u + 0] = m + t + q[(qoff + 32) + u + 0 + 16] = m - t } for j := 1; j < 4; j++ { - m = q[(qoff + 32) + u + j]; - n = q[(qoff + 32) + u + j + 16]; + m = q[(qoff + 32) + u + j] + n = q[(qoff + 32) + u + j + 16] t = ((n * alphaTab512[v + j * 8]) & 0xFFFF) + - ((n * alphaTab512[v + j * 8]) >> 16); - q[(qoff + 32) + u + j] = m + t; - q[(qoff + 32) + u + j + 16] = m - t; + ((n * alphaTab512[v + j * 8]) >> 16) + q[(qoff + 32) + u + j] = m + t + q[(qoff + 32) + u + j + 16] = m - t } } - m = q[qoff]; - n = q[qoff + 32]; - q[qoff] = m + n; - q[qoff + 32] = m - n; + m = q[qoff] + n = q[qoff + 32] + q[qoff] = m + n + q[qoff + 32] = m - n for u, v := 0, 0; u < 32; u, v = u + 4, v + 4 * 4 { var t int32 if u != 0 { - m = q[qoff + u + 0]; - n = q[qoff + u + 0 + 32]; - t = ((n * alphaTab512[v + 0 * 4]) & 0xFFFF) + ((n * alphaTab512[v + 0 * 4]) >> 16); - q[qoff + u + 0] = m + t; - q[qoff + u + 0 + 32] = m - t; + m = q[qoff + u + 0] + n = q[qoff + u + 0 + 32] + t = ((n * alphaTab512[v + 0 * 4]) & 0xFFFF) + ((n * alphaTab512[v + 0 * 4]) >> 16) + q[qoff + u + 0] = m + t + q[qoff + u + 0 + 32] = m - t } for j := 1; j < 4; j++ { - m = q[qoff + u + j]; - n = q[qoff + u + j + 32]; + m = q[qoff + u + j] + n = q[qoff + u + j + 32] t = ((n * alphaTab512[v + j * 4]) & 0xFFFF) + - ((n * alphaTab512[v + j * 4]) >> 16); - q[qoff + u + j] = m + t; - q[qoff + u + j + 32] = m - t; + ((n * alphaTab512[v + j * 4]) >> 16) + q[qoff + u + j] = m + t + q[qoff + u + j + 32] = m - t } } } diff --git a/skeins/digest256.go b/skeins/digest256.go index 011bbf8..c429480 100644 --- a/skeins/digest256.go +++ b/skeins/digest256.go @@ -141,383 +141,383 @@ func (d *digest256) ubi(etype int, extra int) { var t1 = (d.bcount >> 59) + (uint64(etype) << 55) var t2 = t0 ^ t1 - p0 += h0; - p1 += h1 + t0; - p2 += h2 + t1; + p0 += h0 + p1 += h1 + t0 + p2 += h2 + t1 p3 += h3 + 0 - p0 += p1; - p1 = (p1 << 14) ^ (p1 >> (64 - 14)) ^ p0; - p2 += p3; - p3 = (p3 << 16) ^ (p3 >> (64 - 16)) ^ p2; - p0 += p3; - p3 = (p3 << 52) ^ (p3 >> (64 - 52)) ^ p0; - p2 += p1; - p1 = (p1 << 57) ^ (p1 >> (64 - 57)) ^ p2; - p0 += p1; - p1 = (p1 << 23) ^ (p1 >> (64 - 23)) ^ p0; - p2 += p3; - p3 = (p3 << 40) ^ (p3 >> (64 - 40)) ^ p2; - p0 += p3; - p3 = (p3 << 5) ^ (p3 >> (64 - 5)) ^ p0; - p2 += p1; - p1 = (p1 << 37) ^ (p1 >> (64 - 37)) ^ p2; - - p0 += h1; - p1 += h2 + t1; - p2 += h3 + t2; + p0 += p1 + p1 = (p1 << 14) ^ (p1 >> (64 - 14)) ^ p0 + p2 += p3 + p3 = (p3 << 16) ^ (p3 >> (64 - 16)) ^ p2 + p0 += p3 + p3 = (p3 << 52) ^ (p3 >> (64 - 52)) ^ p0 + p2 += p1 + p1 = (p1 << 57) ^ (p1 >> (64 - 57)) ^ p2 + p0 += p1 + p1 = (p1 << 23) ^ (p1 >> (64 - 23)) ^ p0 + p2 += p3 + p3 = (p3 << 40) ^ (p3 >> (64 - 40)) ^ p2 + p0 += p3 + p3 = (p3 << 5) ^ (p3 >> (64 - 5)) ^ p0 + p2 += p1 + p1 = (p1 << 37) ^ (p1 >> (64 - 37)) ^ p2 + + p0 += h1 + p1 += h2 + t1 + p2 += h3 + t2 p3 += h4 + 1 - p0 += p1; - p1 = (p1 << 25) ^ (p1 >> (64 - 25)) ^ p0; - p2 += p3; - p3 = (p3 << 33) ^ (p3 >> (64 - 33)) ^ p2; - p0 += p3; - p3 = (p3 << 46) ^ (p3 >> (64 - 46)) ^ p0; - p2 += p1; - p1 = (p1 << 12) ^ (p1 >> (64 - 12)) ^ p2; - p0 += p1; - p1 = (p1 << 58) ^ (p1 >> (64 - 58)) ^ p0; - p2 += p3; - p3 = (p3 << 22) ^ (p3 >> (64 - 22)) ^ p2; - p0 += p3; - p3 = (p3 << 32) ^ (p3 >> (64 - 32)) ^ p0; - p2 += p1; - p1 = (p1 << 32) ^ (p1 >> (64 - 32)) ^ p2; - - p0 += h2; - p1 += h3 + t2; - p2 += h4 + t0; + p0 += p1 + p1 = (p1 << 25) ^ (p1 >> (64 - 25)) ^ p0 + p2 += p3 + p3 = (p3 << 33) ^ (p3 >> (64 - 33)) ^ p2 + p0 += p3 + p3 = (p3 << 46) ^ (p3 >> (64 - 46)) ^ p0 + p2 += p1 + p1 = (p1 << 12) ^ (p1 >> (64 - 12)) ^ p2 + p0 += p1 + p1 = (p1 << 58) ^ (p1 >> (64 - 58)) ^ p0 + p2 += p3 + p3 = (p3 << 22) ^ (p3 >> (64 - 22)) ^ p2 + p0 += p3 + p3 = (p3 << 32) ^ (p3 >> (64 - 32)) ^ p0 + p2 += p1 + p1 = (p1 << 32) ^ (p1 >> (64 - 32)) ^ p2 + + p0 += h2 + p1 += h3 + t2 + p2 += h4 + t0 p3 += h0 + 2 - p0 += p1; - p1 = (p1 << 14) ^ (p1 >> (64 - 14)) ^ p0; - p2 += p3; - p3 = (p3 << 16) ^ (p3 >> (64 - 16)) ^ p2; - p0 += p3; - p3 = (p3 << 52) ^ (p3 >> (64 - 52)) ^ p0; - p2 += p1; - p1 = (p1 << 57) ^ (p1 >> (64 - 57)) ^ p2; - p0 += p1; - p1 = (p1 << 23) ^ (p1 >> (64 - 23)) ^ p0; - p2 += p3; - p3 = (p3 << 40) ^ (p3 >> (64 - 40)) ^ p2; - p0 += p3; - p3 = (p3 << 5) ^ (p3 >> (64 - 5)) ^ p0; - p2 += p1; - p1 = (p1 << 37) ^ (p1 >> (64 - 37)) ^ p2; - - p0 += h3; - p1 += h4 + t0; - p2 += h0 + t1; + p0 += p1 + p1 = (p1 << 14) ^ (p1 >> (64 - 14)) ^ p0 + p2 += p3 + p3 = (p3 << 16) ^ (p3 >> (64 - 16)) ^ p2 + p0 += p3 + p3 = (p3 << 52) ^ (p3 >> (64 - 52)) ^ p0 + p2 += p1 + p1 = (p1 << 57) ^ (p1 >> (64 - 57)) ^ p2 + p0 += p1 + p1 = (p1 << 23) ^ (p1 >> (64 - 23)) ^ p0 + p2 += p3 + p3 = (p3 << 40) ^ (p3 >> (64 - 40)) ^ p2 + p0 += p3 + p3 = (p3 << 5) ^ (p3 >> (64 - 5)) ^ p0 + p2 += p1 + p1 = (p1 << 37) ^ (p1 >> (64 - 37)) ^ p2 + + p0 += h3 + p1 += h4 + t0 + p2 += h0 + t1 p3 += h1 + 3 - p0 += p1; - p1 = (p1 << 25) ^ (p1 >> (64 - 25)) ^ p0; - p2 += p3; - p3 = (p3 << 33) ^ (p3 >> (64 - 33)) ^ p2; - p0 += p3; - p3 = (p3 << 46) ^ (p3 >> (64 - 46)) ^ p0; - p2 += p1; - p1 = (p1 << 12) ^ (p1 >> (64 - 12)) ^ p2; - p0 += p1; - p1 = (p1 << 58) ^ (p1 >> (64 - 58)) ^ p0; - p2 += p3; - p3 = (p3 << 22) ^ (p3 >> (64 - 22)) ^ p2; - p0 += p3; - p3 = (p3 << 32) ^ (p3 >> (64 - 32)) ^ p0; - p2 += p1; - p1 = (p1 << 32) ^ (p1 >> (64 - 32)) ^ p2; - - p0 += h4; - p1 += h0 + t1; - p2 += h1 + t2; + p0 += p1 + p1 = (p1 << 25) ^ (p1 >> (64 - 25)) ^ p0 + p2 += p3 + p3 = (p3 << 33) ^ (p3 >> (64 - 33)) ^ p2 + p0 += p3 + p3 = (p3 << 46) ^ (p3 >> (64 - 46)) ^ p0 + p2 += p1 + p1 = (p1 << 12) ^ (p1 >> (64 - 12)) ^ p2 + p0 += p1 + p1 = (p1 << 58) ^ (p1 >> (64 - 58)) ^ p0 + p2 += p3 + p3 = (p3 << 22) ^ (p3 >> (64 - 22)) ^ p2 + p0 += p3 + p3 = (p3 << 32) ^ (p3 >> (64 - 32)) ^ p0 + p2 += p1 + p1 = (p1 << 32) ^ (p1 >> (64 - 32)) ^ p2 + + p0 += h4 + p1 += h0 + t1 + p2 += h1 + t2 p3 += h2 + 4 - p0 += p1; - p1 = (p1 << 14) ^ (p1 >> (64 - 14)) ^ p0; - p2 += p3; - p3 = (p3 << 16) ^ (p3 >> (64 - 16)) ^ p2; - p0 += p3; - p3 = (p3 << 52) ^ (p3 >> (64 - 52)) ^ p0; - p2 += p1; - p1 = (p1 << 57) ^ (p1 >> (64 - 57)) ^ p2; - p0 += p1; - p1 = (p1 << 23) ^ (p1 >> (64 - 23)) ^ p0; - p2 += p3; - p3 = (p3 << 40) ^ (p3 >> (64 - 40)) ^ p2; - p0 += p3; - p3 = (p3 << 5) ^ (p3 >> (64 - 5)) ^ p0; - p2 += p1; - p1 = (p1 << 37) ^ (p1 >> (64 - 37)) ^ p2; - - p0 += h0; - p1 += h1 + t2; - p2 += h2 + t0; + p0 += p1 + p1 = (p1 << 14) ^ (p1 >> (64 - 14)) ^ p0 + p2 += p3 + p3 = (p3 << 16) ^ (p3 >> (64 - 16)) ^ p2 + p0 += p3 + p3 = (p3 << 52) ^ (p3 >> (64 - 52)) ^ p0 + p2 += p1 + p1 = (p1 << 57) ^ (p1 >> (64 - 57)) ^ p2 + p0 += p1 + p1 = (p1 << 23) ^ (p1 >> (64 - 23)) ^ p0 + p2 += p3 + p3 = (p3 << 40) ^ (p3 >> (64 - 40)) ^ p2 + p0 += p3 + p3 = (p3 << 5) ^ (p3 >> (64 - 5)) ^ p0 + p2 += p1 + p1 = (p1 << 37) ^ (p1 >> (64 - 37)) ^ p2 + + p0 += h0 + p1 += h1 + t2 + p2 += h2 + t0 p3 += h3 + 5 - p0 += p1; - p1 = (p1 << 25) ^ (p1 >> (64 - 25)) ^ p0; - p2 += p3; - p3 = (p3 << 33) ^ (p3 >> (64 - 33)) ^ p2; - p0 += p3; - p3 = (p3 << 46) ^ (p3 >> (64 - 46)) ^ p0; - p2 += p1; - p1 = (p1 << 12) ^ (p1 >> (64 - 12)) ^ p2; - p0 += p1; - p1 = (p1 << 58) ^ (p1 >> (64 - 58)) ^ p0; - p2 += p3; - p3 = (p3 << 22) ^ (p3 >> (64 - 22)) ^ p2; - p0 += p3; - p3 = (p3 << 32) ^ (p3 >> (64 - 32)) ^ p0; - p2 += p1; - p1 = (p1 << 32) ^ (p1 >> (64 - 32)) ^ p2; - - p0 += h1; - p1 += h2 + t0; - p2 += h3 + t1; + p0 += p1 + p1 = (p1 << 25) ^ (p1 >> (64 - 25)) ^ p0 + p2 += p3 + p3 = (p3 << 33) ^ (p3 >> (64 - 33)) ^ p2 + p0 += p3 + p3 = (p3 << 46) ^ (p3 >> (64 - 46)) ^ p0 + p2 += p1 + p1 = (p1 << 12) ^ (p1 >> (64 - 12)) ^ p2 + p0 += p1 + p1 = (p1 << 58) ^ (p1 >> (64 - 58)) ^ p0 + p2 += p3 + p3 = (p3 << 22) ^ (p3 >> (64 - 22)) ^ p2 + p0 += p3 + p3 = (p3 << 32) ^ (p3 >> (64 - 32)) ^ p0 + p2 += p1 + p1 = (p1 << 32) ^ (p1 >> (64 - 32)) ^ p2 + + p0 += h1 + p1 += h2 + t0 + p2 += h3 + t1 p3 += h4 + 6 - p0 += p1; - p1 = (p1 << 14) ^ (p1 >> (64 - 14)) ^ p0; - p2 += p3; - p3 = (p3 << 16) ^ (p3 >> (64 - 16)) ^ p2; - p0 += p3; - p3 = (p3 << 52) ^ (p3 >> (64 - 52)) ^ p0; - p2 += p1; - p1 = (p1 << 57) ^ (p1 >> (64 - 57)) ^ p2; - p0 += p1; - p1 = (p1 << 23) ^ (p1 >> (64 - 23)) ^ p0; - p2 += p3; - p3 = (p3 << 40) ^ (p3 >> (64 - 40)) ^ p2; - p0 += p3; - p3 = (p3 << 5) ^ (p3 >> (64 - 5)) ^ p0; - p2 += p1; - p1 = (p1 << 37) ^ (p1 >> (64 - 37)) ^ p2; - - p0 += h2; - p1 += h3 + t1; - p2 += h4 + t2; + p0 += p1 + p1 = (p1 << 14) ^ (p1 >> (64 - 14)) ^ p0 + p2 += p3 + p3 = (p3 << 16) ^ (p3 >> (64 - 16)) ^ p2 + p0 += p3 + p3 = (p3 << 52) ^ (p3 >> (64 - 52)) ^ p0 + p2 += p1 + p1 = (p1 << 57) ^ (p1 >> (64 - 57)) ^ p2 + p0 += p1 + p1 = (p1 << 23) ^ (p1 >> (64 - 23)) ^ p0 + p2 += p3 + p3 = (p3 << 40) ^ (p3 >> (64 - 40)) ^ p2 + p0 += p3 + p3 = (p3 << 5) ^ (p3 >> (64 - 5)) ^ p0 + p2 += p1 + p1 = (p1 << 37) ^ (p1 >> (64 - 37)) ^ p2 + + p0 += h2 + p1 += h3 + t1 + p2 += h4 + t2 p3 += h0 + 7 - p0 += p1; - p1 = (p1 << 25) ^ (p1 >> (64 - 25)) ^ p0; - p2 += p3; - p3 = (p3 << 33) ^ (p3 >> (64 - 33)) ^ p2; - p0 += p3; - p3 = (p3 << 46) ^ (p3 >> (64 - 46)) ^ p0; - p2 += p1; - p1 = (p1 << 12) ^ (p1 >> (64 - 12)) ^ p2; - p0 += p1; - p1 = (p1 << 58) ^ (p1 >> (64 - 58)) ^ p0; - p2 += p3; - p3 = (p3 << 22) ^ (p3 >> (64 - 22)) ^ p2; - p0 += p3; - p3 = (p3 << 32) ^ (p3 >> (64 - 32)) ^ p0; - p2 += p1; - p1 = (p1 << 32) ^ (p1 >> (64 - 32)) ^ p2; - - p0 += h3; - p1 += h4 + t2; - p2 += h0 + t0; + p0 += p1 + p1 = (p1 << 25) ^ (p1 >> (64 - 25)) ^ p0 + p2 += p3 + p3 = (p3 << 33) ^ (p3 >> (64 - 33)) ^ p2 + p0 += p3 + p3 = (p3 << 46) ^ (p3 >> (64 - 46)) ^ p0 + p2 += p1 + p1 = (p1 << 12) ^ (p1 >> (64 - 12)) ^ p2 + p0 += p1 + p1 = (p1 << 58) ^ (p1 >> (64 - 58)) ^ p0 + p2 += p3 + p3 = (p3 << 22) ^ (p3 >> (64 - 22)) ^ p2 + p0 += p3 + p3 = (p3 << 32) ^ (p3 >> (64 - 32)) ^ p0 + p2 += p1 + p1 = (p1 << 32) ^ (p1 >> (64 - 32)) ^ p2 + + p0 += h3 + p1 += h4 + t2 + p2 += h0 + t0 p3 += h1 + 8 - p0 += p1; - p1 = (p1 << 14) ^ (p1 >> (64 - 14)) ^ p0; - p2 += p3; - p3 = (p3 << 16) ^ (p3 >> (64 - 16)) ^ p2; - p0 += p3; - p3 = (p3 << 52) ^ (p3 >> (64 - 52)) ^ p0; - p2 += p1; - p1 = (p1 << 57) ^ (p1 >> (64 - 57)) ^ p2; - p0 += p1; - p1 = (p1 << 23) ^ (p1 >> (64 - 23)) ^ p0; - p2 += p3; - p3 = (p3 << 40) ^ (p3 >> (64 - 40)) ^ p2; - p0 += p3; - p3 = (p3 << 5) ^ (p3 >> (64 - 5)) ^ p0; - p2 += p1; - p1 = (p1 << 37) ^ (p1 >> (64 - 37)) ^ p2; - - p0 += h4; - p1 += h0 + t0; - p2 += h1 + t1; + p0 += p1 + p1 = (p1 << 14) ^ (p1 >> (64 - 14)) ^ p0 + p2 += p3 + p3 = (p3 << 16) ^ (p3 >> (64 - 16)) ^ p2 + p0 += p3 + p3 = (p3 << 52) ^ (p3 >> (64 - 52)) ^ p0 + p2 += p1 + p1 = (p1 << 57) ^ (p1 >> (64 - 57)) ^ p2 + p0 += p1 + p1 = (p1 << 23) ^ (p1 >> (64 - 23)) ^ p0 + p2 += p3 + p3 = (p3 << 40) ^ (p3 >> (64 - 40)) ^ p2 + p0 += p3 + p3 = (p3 << 5) ^ (p3 >> (64 - 5)) ^ p0 + p2 += p1 + p1 = (p1 << 37) ^ (p1 >> (64 - 37)) ^ p2 + + p0 += h4 + p1 += h0 + t0 + p2 += h1 + t1 p3 += h2 + 9 - p0 += p1; - p1 = (p1 << 25) ^ (p1 >> (64 - 25)) ^ p0; - p2 += p3; - p3 = (p3 << 33) ^ (p3 >> (64 - 33)) ^ p2; - p0 += p3; - p3 = (p3 << 46) ^ (p3 >> (64 - 46)) ^ p0; - p2 += p1; - p1 = (p1 << 12) ^ (p1 >> (64 - 12)) ^ p2; - p0 += p1; - p1 = (p1 << 58) ^ (p1 >> (64 - 58)) ^ p0; - p2 += p3; - p3 = (p3 << 22) ^ (p3 >> (64 - 22)) ^ p2; - p0 += p3; - p3 = (p3 << 32) ^ (p3 >> (64 - 32)) ^ p0; - p2 += p1; - p1 = (p1 << 32) ^ (p1 >> (64 - 32)) ^ p2; - - p0 += h0; - p1 += h1 + t1; - p2 += h2 + t2; + p0 += p1 + p1 = (p1 << 25) ^ (p1 >> (64 - 25)) ^ p0 + p2 += p3 + p3 = (p3 << 33) ^ (p3 >> (64 - 33)) ^ p2 + p0 += p3 + p3 = (p3 << 46) ^ (p3 >> (64 - 46)) ^ p0 + p2 += p1 + p1 = (p1 << 12) ^ (p1 >> (64 - 12)) ^ p2 + p0 += p1 + p1 = (p1 << 58) ^ (p1 >> (64 - 58)) ^ p0 + p2 += p3 + p3 = (p3 << 22) ^ (p3 >> (64 - 22)) ^ p2 + p0 += p3 + p3 = (p3 << 32) ^ (p3 >> (64 - 32)) ^ p0 + p2 += p1 + p1 = (p1 << 32) ^ (p1 >> (64 - 32)) ^ p2 + + p0 += h0 + p1 += h1 + t1 + p2 += h2 + t2 p3 += h3 + 10 - p0 += p1; - p1 = (p1 << 14) ^ (p1 >> (64 - 14)) ^ p0; - p2 += p3; - p3 = (p3 << 16) ^ (p3 >> (64 - 16)) ^ p2; - p0 += p3; - p3 = (p3 << 52) ^ (p3 >> (64 - 52)) ^ p0; - p2 += p1; - p1 = (p1 << 57) ^ (p1 >> (64 - 57)) ^ p2; - p0 += p1; - p1 = (p1 << 23) ^ (p1 >> (64 - 23)) ^ p0; - p2 += p3; - p3 = (p3 << 40) ^ (p3 >> (64 - 40)) ^ p2; - p0 += p3; - p3 = (p3 << 5) ^ (p3 >> (64 - 5)) ^ p0; - p2 += p1; - p1 = (p1 << 37) ^ (p1 >> (64 - 37)) ^ p2; - - p0 += h1; - p1 += h2 + t2; - p2 += h3 + t0; + p0 += p1 + p1 = (p1 << 14) ^ (p1 >> (64 - 14)) ^ p0 + p2 += p3 + p3 = (p3 << 16) ^ (p3 >> (64 - 16)) ^ p2 + p0 += p3 + p3 = (p3 << 52) ^ (p3 >> (64 - 52)) ^ p0 + p2 += p1 + p1 = (p1 << 57) ^ (p1 >> (64 - 57)) ^ p2 + p0 += p1 + p1 = (p1 << 23) ^ (p1 >> (64 - 23)) ^ p0 + p2 += p3 + p3 = (p3 << 40) ^ (p3 >> (64 - 40)) ^ p2 + p0 += p3 + p3 = (p3 << 5) ^ (p3 >> (64 - 5)) ^ p0 + p2 += p1 + p1 = (p1 << 37) ^ (p1 >> (64 - 37)) ^ p2 + + p0 += h1 + p1 += h2 + t2 + p2 += h3 + t0 p3 += h4 + 11 - p0 += p1; - p1 = (p1 << 25) ^ (p1 >> (64 - 25)) ^ p0; - p2 += p3; - p3 = (p3 << 33) ^ (p3 >> (64 - 33)) ^ p2; - p0 += p3; - p3 = (p3 << 46) ^ (p3 >> (64 - 46)) ^ p0; - p2 += p1; - p1 = (p1 << 12) ^ (p1 >> (64 - 12)) ^ p2; - p0 += p1; - p1 = (p1 << 58) ^ (p1 >> (64 - 58)) ^ p0; - p2 += p3; - p3 = (p3 << 22) ^ (p3 >> (64 - 22)) ^ p2; - p0 += p3; - p3 = (p3 << 32) ^ (p3 >> (64 - 32)) ^ p0; - p2 += p1; - p1 = (p1 << 32) ^ (p1 >> (64 - 32)) ^ p2; - - p0 += h2; - p1 += h3 + t0; - p2 += h4 + t1; + p0 += p1 + p1 = (p1 << 25) ^ (p1 >> (64 - 25)) ^ p0 + p2 += p3 + p3 = (p3 << 33) ^ (p3 >> (64 - 33)) ^ p2 + p0 += p3 + p3 = (p3 << 46) ^ (p3 >> (64 - 46)) ^ p0 + p2 += p1 + p1 = (p1 << 12) ^ (p1 >> (64 - 12)) ^ p2 + p0 += p1 + p1 = (p1 << 58) ^ (p1 >> (64 - 58)) ^ p0 + p2 += p3 + p3 = (p3 << 22) ^ (p3 >> (64 - 22)) ^ p2 + p0 += p3 + p3 = (p3 << 32) ^ (p3 >> (64 - 32)) ^ p0 + p2 += p1 + p1 = (p1 << 32) ^ (p1 >> (64 - 32)) ^ p2 + + p0 += h2 + p1 += h3 + t0 + p2 += h4 + t1 p3 += h0 + 12 - p0 += p1; - p1 = (p1 << 14) ^ (p1 >> (64 - 14)) ^ p0; - p2 += p3; - p3 = (p3 << 16) ^ (p3 >> (64 - 16)) ^ p2; - p0 += p3; - p3 = (p3 << 52) ^ (p3 >> (64 - 52)) ^ p0; - p2 += p1; - p1 = (p1 << 57) ^ (p1 >> (64 - 57)) ^ p2; - p0 += p1; - p1 = (p1 << 23) ^ (p1 >> (64 - 23)) ^ p0; - p2 += p3; - p3 = (p3 << 40) ^ (p3 >> (64 - 40)) ^ p2; - p0 += p3; - p3 = (p3 << 5) ^ (p3 >> (64 - 5)) ^ p0; - p2 += p1; - p1 = (p1 << 37) ^ (p1 >> (64 - 37)) ^ p2; - - p0 += h3; - p1 += h4 + t1; - p2 += h0 + t2; + p0 += p1 + p1 = (p1 << 14) ^ (p1 >> (64 - 14)) ^ p0 + p2 += p3 + p3 = (p3 << 16) ^ (p3 >> (64 - 16)) ^ p2 + p0 += p3 + p3 = (p3 << 52) ^ (p3 >> (64 - 52)) ^ p0 + p2 += p1 + p1 = (p1 << 57) ^ (p1 >> (64 - 57)) ^ p2 + p0 += p1 + p1 = (p1 << 23) ^ (p1 >> (64 - 23)) ^ p0 + p2 += p3 + p3 = (p3 << 40) ^ (p3 >> (64 - 40)) ^ p2 + p0 += p3 + p3 = (p3 << 5) ^ (p3 >> (64 - 5)) ^ p0 + p2 += p1 + p1 = (p1 << 37) ^ (p1 >> (64 - 37)) ^ p2 + + p0 += h3 + p1 += h4 + t1 + p2 += h0 + t2 p3 += h1 + 13 - p0 += p1; - p1 = (p1 << 25) ^ (p1 >> (64 - 25)) ^ p0; - p2 += p3; - p3 = (p3 << 33) ^ (p3 >> (64 - 33)) ^ p2; - p0 += p3; - p3 = (p3 << 46) ^ (p3 >> (64 - 46)) ^ p0; - p2 += p1; - p1 = (p1 << 12) ^ (p1 >> (64 - 12)) ^ p2; - p0 += p1; - p1 = (p1 << 58) ^ (p1 >> (64 - 58)) ^ p0; - p2 += p3; - p3 = (p3 << 22) ^ (p3 >> (64 - 22)) ^ p2; - p0 += p3; - p3 = (p3 << 32) ^ (p3 >> (64 - 32)) ^ p0; - p2 += p1; - p1 = (p1 << 32) ^ (p1 >> (64 - 32)) ^ p2; - - p0 += h4; - p1 += h0 + t2; - p2 += h1 + t0; + p0 += p1 + p1 = (p1 << 25) ^ (p1 >> (64 - 25)) ^ p0 + p2 += p3 + p3 = (p3 << 33) ^ (p3 >> (64 - 33)) ^ p2 + p0 += p3 + p3 = (p3 << 46) ^ (p3 >> (64 - 46)) ^ p0 + p2 += p1 + p1 = (p1 << 12) ^ (p1 >> (64 - 12)) ^ p2 + p0 += p1 + p1 = (p1 << 58) ^ (p1 >> (64 - 58)) ^ p0 + p2 += p3 + p3 = (p3 << 22) ^ (p3 >> (64 - 22)) ^ p2 + p0 += p3 + p3 = (p3 << 32) ^ (p3 >> (64 - 32)) ^ p0 + p2 += p1 + p1 = (p1 << 32) ^ (p1 >> (64 - 32)) ^ p2 + + p0 += h4 + p1 += h0 + t2 + p2 += h1 + t0 p3 += h2 + 14 - p0 += p1; - p1 = (p1 << 14) ^ (p1 >> (64 - 14)) ^ p0; - p2 += p3; - p3 = (p3 << 16) ^ (p3 >> (64 - 16)) ^ p2; - p0 += p3; - p3 = (p3 << 52) ^ (p3 >> (64 - 52)) ^ p0; - p2 += p1; - p1 = (p1 << 57) ^ (p1 >> (64 - 57)) ^ p2; - p0 += p1; - p1 = (p1 << 23) ^ (p1 >> (64 - 23)) ^ p0; - p2 += p3; - p3 = (p3 << 40) ^ (p3 >> (64 - 40)) ^ p2; - p0 += p3; - p3 = (p3 << 5) ^ (p3 >> (64 - 5)) ^ p0; - p2 += p1; - p1 = (p1 << 37) ^ (p1 >> (64 - 37)) ^ p2; - - p0 += h0; - p1 += h1 + t0; - p2 += h2 + t1; + p0 += p1 + p1 = (p1 << 14) ^ (p1 >> (64 - 14)) ^ p0 + p2 += p3 + p3 = (p3 << 16) ^ (p3 >> (64 - 16)) ^ p2 + p0 += p3 + p3 = (p3 << 52) ^ (p3 >> (64 - 52)) ^ p0 + p2 += p1 + p1 = (p1 << 57) ^ (p1 >> (64 - 57)) ^ p2 + p0 += p1 + p1 = (p1 << 23) ^ (p1 >> (64 - 23)) ^ p0 + p2 += p3 + p3 = (p3 << 40) ^ (p3 >> (64 - 40)) ^ p2 + p0 += p3 + p3 = (p3 << 5) ^ (p3 >> (64 - 5)) ^ p0 + p2 += p1 + p1 = (p1 << 37) ^ (p1 >> (64 - 37)) ^ p2 + + p0 += h0 + p1 += h1 + t0 + p2 += h2 + t1 p3 += h3 + 15 - p0 += p1; - p1 = (p1 << 25) ^ (p1 >> (64 - 25)) ^ p0; - p2 += p3; - p3 = (p3 << 33) ^ (p3 >> (64 - 33)) ^ p2; - p0 += p3; - p3 = (p3 << 46) ^ (p3 >> (64 - 46)) ^ p0; - p2 += p1; - p1 = (p1 << 12) ^ (p1 >> (64 - 12)) ^ p2; - p0 += p1; - p1 = (p1 << 58) ^ (p1 >> (64 - 58)) ^ p0; - p2 += p3; - p3 = (p3 << 22) ^ (p3 >> (64 - 22)) ^ p2; - p0 += p3; - p3 = (p3 << 32) ^ (p3 >> (64 - 32)) ^ p0; - p2 += p1; - p1 = (p1 << 32) ^ (p1 >> (64 - 32)) ^ p2; - - p0 += h1; - p1 += h2 + t1; - p2 += h3 + t2; + p0 += p1 + p1 = (p1 << 25) ^ (p1 >> (64 - 25)) ^ p0 + p2 += p3 + p3 = (p3 << 33) ^ (p3 >> (64 - 33)) ^ p2 + p0 += p3 + p3 = (p3 << 46) ^ (p3 >> (64 - 46)) ^ p0 + p2 += p1 + p1 = (p1 << 12) ^ (p1 >> (64 - 12)) ^ p2 + p0 += p1 + p1 = (p1 << 58) ^ (p1 >> (64 - 58)) ^ p0 + p2 += p3 + p3 = (p3 << 22) ^ (p3 >> (64 - 22)) ^ p2 + p0 += p3 + p3 = (p3 << 32) ^ (p3 >> (64 - 32)) ^ p0 + p2 += p1 + p1 = (p1 << 32) ^ (p1 >> (64 - 32)) ^ p2 + + p0 += h1 + p1 += h2 + t1 + p2 += h3 + t2 p3 += h4 + 16 - p0 += p1; - p1 = (p1 << 14) ^ (p1 >> (64 - 14)) ^ p0; - p2 += p3; - p3 = (p3 << 16) ^ (p3 >> (64 - 16)) ^ p2; - p0 += p3; - p3 = (p3 << 52) ^ (p3 >> (64 - 52)) ^ p0; - p2 += p1; - p1 = (p1 << 57) ^ (p1 >> (64 - 57)) ^ p2; - p0 += p1; - p1 = (p1 << 23) ^ (p1 >> (64 - 23)) ^ p0; - p2 += p3; - p3 = (p3 << 40) ^ (p3 >> (64 - 40)) ^ p2; - p0 += p3; - p3 = (p3 << 5) ^ (p3 >> (64 - 5)) ^ p0; - p2 += p1; - p1 = (p1 << 37) ^ (p1 >> (64 - 37)) ^ p2; - - p0 += h2; - p1 += h3 + t2; - p2 += h4 + t0; + p0 += p1 + p1 = (p1 << 14) ^ (p1 >> (64 - 14)) ^ p0 + p2 += p3 + p3 = (p3 << 16) ^ (p3 >> (64 - 16)) ^ p2 + p0 += p3 + p3 = (p3 << 52) ^ (p3 >> (64 - 52)) ^ p0 + p2 += p1 + p1 = (p1 << 57) ^ (p1 >> (64 - 57)) ^ p2 + p0 += p1 + p1 = (p1 << 23) ^ (p1 >> (64 - 23)) ^ p0 + p2 += p3 + p3 = (p3 << 40) ^ (p3 >> (64 - 40)) ^ p2 + p0 += p3 + p3 = (p3 << 5) ^ (p3 >> (64 - 5)) ^ p0 + p2 += p1 + p1 = (p1 << 37) ^ (p1 >> (64 - 37)) ^ p2 + + p0 += h2 + p1 += h3 + t2 + p2 += h4 + t0 p3 += h0 + 17 - p0 += p1; - p1 = (p1 << 25) ^ (p1 >> (64 - 25)) ^ p0; - p2 += p3; - p3 = (p3 << 33) ^ (p3 >> (64 - 33)) ^ p2; - p0 += p3; - p3 = (p3 << 46) ^ (p3 >> (64 - 46)) ^ p0; - p2 += p1; - p1 = (p1 << 12) ^ (p1 >> (64 - 12)) ^ p2; - p0 += p1; - p1 = (p1 << 58) ^ (p1 >> (64 - 58)) ^ p0; - p2 += p3; - p3 = (p3 << 22) ^ (p3 >> (64 - 22)) ^ p2; - p0 += p3; - p3 = (p3 << 32) ^ (p3 >> (64 - 32)) ^ p0; - p2 += p1; - p1 = (p1 << 32) ^ (p1 >> (64 - 32)) ^ p2; + p0 += p1 + p1 = (p1 << 25) ^ (p1 >> (64 - 25)) ^ p0 + p2 += p3 + p3 = (p3 << 33) ^ (p3 >> (64 - 33)) ^ p2 + p0 += p3 + p3 = (p3 << 46) ^ (p3 >> (64 - 46)) ^ p0 + p2 += p1 + p1 = (p1 << 12) ^ (p1 >> (64 - 12)) ^ p2 + p0 += p1 + p1 = (p1 << 58) ^ (p1 >> (64 - 58)) ^ p0 + p2 += p3 + p3 = (p3 << 22) ^ (p3 >> (64 - 22)) ^ p2 + p0 += p3 + p3 = (p3 << 32) ^ (p3 >> (64 - 32)) ^ p0 + p2 += p1 + p1 = (p1 << 32) ^ (p1 >> (64 - 32)) ^ p2 p0 += h3 p1 += h4 + t0 diff --git a/skeins/digest512.go b/skeins/digest512.go index 4d301e0..f3154e8 100644 --- a/skeins/digest512.go +++ b/skeins/digest512.go @@ -142,122 +142,122 @@ func (d *digest512) ubi(etype int, extra int) { var p7 = m7 h[8] = ((h[0] ^ h[1]) ^ (h[2] ^ h[3])) ^ - ((h[4] ^ h[5]) ^ (h[6] ^ h[7])) ^ 0x1BD11BDAA9FC1A22 + ((h[4] ^ h[5]) ^ (h[6] ^ h[7])) ^ 0x1BD11BDAA9FC1A22 var t0 = (d.bcount << 6) + uint64(extra) var t1 = (d.bcount >> 58) + (uint64(etype) << 55) var t2 = t0 ^ t1 for u := 0; u <= 15; u += 3 { - h[u + 9] = h[u + 0]; - h[u + 10] = h[u + 1]; - h[u + 11] = h[u + 2]; + h[u + 9] = h[u + 0] + h[u + 10] = h[u + 1] + h[u + 11] = h[u + 2] } for u := 0; u < 9; u++ { - s := u << 1; - p0 += h[s + 0]; - p1 += h[s + 1]; - p2 += h[s + 2]; - p3 += h[s + 3]; - p4 += h[s + 4]; - p5 += h[s + 5] + t0; - p6 += h[s + 6] + t1; + s := u << 1 + p0 += h[s + 0] + p1 += h[s + 1] + p2 += h[s + 2] + p3 += h[s + 3] + p4 += h[s + 4] + p5 += h[s + 5] + t0 + p6 += h[s + 6] + t1 p7 += h[s + 7] + uint64(s) - p0 += p1; - p1 = (p1 << 46) ^ (p1 >> (64 - 46)) ^ p0; - p2 += p3; - p3 = (p3 << 36) ^ (p3 >> (64 - 36)) ^ p2; - p4 += p5; - p5 = (p5 << 19) ^ (p5 >> (64 - 19)) ^ p4; - p6 += p7; - p7 = (p7 << 37) ^ (p7 >> (64 - 37)) ^ p6; - p2 += p1; - p1 = (p1 << 33) ^ (p1 >> (64 - 33)) ^ p2; - p4 += p7; - p7 = (p7 << 27) ^ (p7 >> (64 - 27)) ^ p4; - p6 += p5; - p5 = (p5 << 14) ^ (p5 >> (64 - 14)) ^ p6; - p0 += p3; - p3 = (p3 << 42) ^ (p3 >> (64 - 42)) ^ p0; - p4 += p1; - p1 = (p1 << 17) ^ (p1 >> (64 - 17)) ^ p4; - p6 += p3; - p3 = (p3 << 49) ^ (p3 >> (64 - 49)) ^ p6; - p0 += p5; - p5 = (p5 << 36) ^ (p5 >> (64 - 36)) ^ p0; - p2 += p7; - p7 = (p7 << 39) ^ (p7 >> (64 - 39)) ^ p2; - p6 += p1; - p1 = (p1 << 44) ^ (p1 >> (64 - 44)) ^ p6; - p0 += p7; - p7 = (p7 << 9) ^ (p7 >> (64 - 9)) ^ p0; - p2 += p5; - p5 = (p5 << 54) ^ (p5 >> (64 - 54)) ^ p2; - p4 += p3; - p3 = (p3 << 56) ^ (p3 >> (64 - 56)) ^ p4; - p0 += h[s + 1 + 0]; - p1 += h[s + 1 + 1]; - p2 += h[s + 1 + 2]; - p3 += h[s + 1 + 3]; - p4 += h[s + 1 + 4]; - p5 += h[s + 1 + 5] + t1; - p6 += h[s + 1 + 6] + t2; - p7 += h[s + 1 + 7] + uint64(s) + 1; - p0 += p1; - p1 = (p1 << 39) ^ (p1 >> (64 - 39)) ^ p0; - p2 += p3; - p3 = (p3 << 30) ^ (p3 >> (64 - 30)) ^ p2; - p4 += p5; - p5 = (p5 << 34) ^ (p5 >> (64 - 34)) ^ p4; - p6 += p7; - p7 = (p7 << 24) ^ (p7 >> (64 - 24)) ^ p6; - p2 += p1; - p1 = (p1 << 13) ^ (p1 >> (64 - 13)) ^ p2; - p4 += p7; - p7 = (p7 << 50) ^ (p7 >> (64 - 50)) ^ p4; - p6 += p5; - p5 = (p5 << 10) ^ (p5 >> (64 - 10)) ^ p6; - p0 += p3; - p3 = (p3 << 17) ^ (p3 >> (64 - 17)) ^ p0; - p4 += p1; - p1 = (p1 << 25) ^ (p1 >> (64 - 25)) ^ p4; - p6 += p3; - p3 = (p3 << 29) ^ (p3 >> (64 - 29)) ^ p6; - p0 += p5; - p5 = (p5 << 39) ^ (p5 >> (64 - 39)) ^ p0; - p2 += p7; - p7 = (p7 << 43) ^ (p7 >> (64 - 43)) ^ p2; - p6 += p1; - p1 = (p1 << 8) ^ (p1 >> (64 - 8)) ^ p6; - p0 += p7; - p7 = (p7 << 35) ^ (p7 >> (64 - 35)) ^ p0; - p2 += p5; - p5 = (p5 << 56) ^ (p5 >> (64 - 56)) ^ p2; - p4 += p3; - p3 = (p3 << 22) ^ (p3 >> (64 - 22)) ^ p4; - - var tmp = t2; - t2 = t1; - t1 = t0; - t0 = tmp; + p0 += p1 + p1 = (p1 << 46) ^ (p1 >> (64 - 46)) ^ p0 + p2 += p3 + p3 = (p3 << 36) ^ (p3 >> (64 - 36)) ^ p2 + p4 += p5 + p5 = (p5 << 19) ^ (p5 >> (64 - 19)) ^ p4 + p6 += p7 + p7 = (p7 << 37) ^ (p7 >> (64 - 37)) ^ p6 + p2 += p1 + p1 = (p1 << 33) ^ (p1 >> (64 - 33)) ^ p2 + p4 += p7 + p7 = (p7 << 27) ^ (p7 >> (64 - 27)) ^ p4 + p6 += p5 + p5 = (p5 << 14) ^ (p5 >> (64 - 14)) ^ p6 + p0 += p3 + p3 = (p3 << 42) ^ (p3 >> (64 - 42)) ^ p0 + p4 += p1 + p1 = (p1 << 17) ^ (p1 >> (64 - 17)) ^ p4 + p6 += p3 + p3 = (p3 << 49) ^ (p3 >> (64 - 49)) ^ p6 + p0 += p5 + p5 = (p5 << 36) ^ (p5 >> (64 - 36)) ^ p0 + p2 += p7 + p7 = (p7 << 39) ^ (p7 >> (64 - 39)) ^ p2 + p6 += p1 + p1 = (p1 << 44) ^ (p1 >> (64 - 44)) ^ p6 + p0 += p7 + p7 = (p7 << 9) ^ (p7 >> (64 - 9)) ^ p0 + p2 += p5 + p5 = (p5 << 54) ^ (p5 >> (64 - 54)) ^ p2 + p4 += p3 + p3 = (p3 << 56) ^ (p3 >> (64 - 56)) ^ p4 + p0 += h[s + 1 + 0] + p1 += h[s + 1 + 1] + p2 += h[s + 1 + 2] + p3 += h[s + 1 + 3] + p4 += h[s + 1 + 4] + p5 += h[s + 1 + 5] + t1 + p6 += h[s + 1 + 6] + t2 + p7 += h[s + 1 + 7] + uint64(s) + 1 + p0 += p1 + p1 = (p1 << 39) ^ (p1 >> (64 - 39)) ^ p0 + p2 += p3 + p3 = (p3 << 30) ^ (p3 >> (64 - 30)) ^ p2 + p4 += p5 + p5 = (p5 << 34) ^ (p5 >> (64 - 34)) ^ p4 + p6 += p7 + p7 = (p7 << 24) ^ (p7 >> (64 - 24)) ^ p6 + p2 += p1 + p1 = (p1 << 13) ^ (p1 >> (64 - 13)) ^ p2 + p4 += p7 + p7 = (p7 << 50) ^ (p7 >> (64 - 50)) ^ p4 + p6 += p5 + p5 = (p5 << 10) ^ (p5 >> (64 - 10)) ^ p6 + p0 += p3 + p3 = (p3 << 17) ^ (p3 >> (64 - 17)) ^ p0 + p4 += p1 + p1 = (p1 << 25) ^ (p1 >> (64 - 25)) ^ p4 + p6 += p3 + p3 = (p3 << 29) ^ (p3 >> (64 - 29)) ^ p6 + p0 += p5 + p5 = (p5 << 39) ^ (p5 >> (64 - 39)) ^ p0 + p2 += p7 + p7 = (p7 << 43) ^ (p7 >> (64 - 43)) ^ p2 + p6 += p1 + p1 = (p1 << 8) ^ (p1 >> (64 - 8)) ^ p6 + p0 += p7 + p7 = (p7 << 35) ^ (p7 >> (64 - 35)) ^ p0 + p2 += p5 + p5 = (p5 << 56) ^ (p5 >> (64 - 56)) ^ p2 + p4 += p3 + p3 = (p3 << 22) ^ (p3 >> (64 - 22)) ^ p4 + + var tmp = t2 + t2 = t1 + t1 = t0 + t0 = tmp } - p0 += h[18 + 0]; - p1 += h[18 + 1]; - p2 += h[18 + 2]; - p3 += h[18 + 3]; - p4 += h[18 + 4]; - p5 += h[18 + 5] + t0; - p6 += h[18 + 6] + t1; - p7 += h[18 + 7] + 18; - - h[0] = m0 ^ p0; - h[1] = m1 ^ p1; - h[2] = m2 ^ p2; - h[3] = m3 ^ p3; - h[4] = m4 ^ p4; - h[5] = m5 ^ p5; - h[6] = m6 ^ p6; - h[7] = m7 ^ p7; + p0 += h[18 + 0] + p1 += h[18 + 1] + p2 += h[18 + 2] + p3 += h[18 + 3] + p4 += h[18 + 4] + p5 += h[18 + 5] + t0 + p6 += h[18 + 6] + t1 + p7 += h[18 + 7] + 18 + + h[0] = m0 ^ p0 + h[1] = m1 ^ p1 + h[2] = m2 ^ p2 + h[3] = m3 ^ p3 + h[4] = m4 ^ p4 + h[5] = m5 ^ p5 + h[6] = m6 ^ p6 + h[7] = m7 ^ p7 }