podman

1
// Copyright 2014 The Go Authors. All rights reserved.
2
// Use of this source code is governed by a BSD-style
3
// license that can be found in the LICENSE file.
4

5
//go:build !amd64 || purego || !gc
6

7
package sha3
8

9
import "math/bits"
10

11
// rc stores the round constants for use in the ι step.
12
var rc = [24]uint64{
13
	0x0000000000000001,
14
	0x0000000000008082,
15
	0x800000000000808A,
16
	0x8000000080008000,
17
	0x000000000000808B,
18
	0x0000000080000001,
19
	0x8000000080008081,
20
	0x8000000000008009,
21
	0x000000000000008A,
22
	0x0000000000000088,
23
	0x0000000080008009,
24
	0x000000008000000A,
25
	0x000000008000808B,
26
	0x800000000000008B,
27
	0x8000000000008089,
28
	0x8000000000008003,
29
	0x8000000000008002,
30
	0x8000000000000080,
31
	0x000000000000800A,
32
	0x800000008000000A,
33
	0x8000000080008081,
34
	0x8000000000008080,
35
	0x0000000080000001,
36
	0x8000000080008008,
37
}
38

39
// keccakF1600 applies the Keccak permutation to a 1600b-wide
40
// state represented as a slice of 25 uint64s.
41
func keccakF1600(a *[25]uint64) {
42
	// Implementation translated from Keccak-inplace.c
43
	// in the keccak reference code.
44
	var t, bc0, bc1, bc2, bc3, bc4, d0, d1, d2, d3, d4 uint64
45

46
	for i := 0; i < 24; i += 4 {
47
		// Combines the 5 steps in each round into 2 steps.
48
		// Unrolls 4 rounds per loop and spreads some steps across rounds.
49

50
		// Round 1
51
		bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20]
52
		bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21]
53
		bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22]
54
		bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23]
55
		bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24]
56
		d0 = bc4 ^ (bc1<<1 | bc1>>63)
57
		d1 = bc0 ^ (bc2<<1 | bc2>>63)
58
		d2 = bc1 ^ (bc3<<1 | bc3>>63)
59
		d3 = bc2 ^ (bc4<<1 | bc4>>63)
60
		d4 = bc3 ^ (bc0<<1 | bc0>>63)
61

62
		bc0 = a[0] ^ d0
63
		t = a[6] ^ d1
64
		bc1 = bits.RotateLeft64(t, 44)
65
		t = a[12] ^ d2
66
		bc2 = bits.RotateLeft64(t, 43)
67
		t = a[18] ^ d3
68
		bc3 = bits.RotateLeft64(t, 21)
69
		t = a[24] ^ d4
70
		bc4 = bits.RotateLeft64(t, 14)
71
		a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i]
72
		a[6] = bc1 ^ (bc3 &^ bc2)
73
		a[12] = bc2 ^ (bc4 &^ bc3)
74
		a[18] = bc3 ^ (bc0 &^ bc4)
75
		a[24] = bc4 ^ (bc1 &^ bc0)
76

77
		t = a[10] ^ d0
78
		bc2 = bits.RotateLeft64(t, 3)
79
		t = a[16] ^ d1
80
		bc3 = bits.RotateLeft64(t, 45)
81
		t = a[22] ^ d2
82
		bc4 = bits.RotateLeft64(t, 61)
83
		t = a[3] ^ d3
84
		bc0 = bits.RotateLeft64(t, 28)
85
		t = a[9] ^ d4
86
		bc1 = bits.RotateLeft64(t, 20)
87
		a[10] = bc0 ^ (bc2 &^ bc1)
88
		a[16] = bc1 ^ (bc3 &^ bc2)
89
		a[22] = bc2 ^ (bc4 &^ bc3)
90
		a[3] = bc3 ^ (bc0 &^ bc4)
91
		a[9] = bc4 ^ (bc1 &^ bc0)
92

93
		t = a[20] ^ d0
94
		bc4 = bits.RotateLeft64(t, 18)
95
		t = a[1] ^ d1
96
		bc0 = bits.RotateLeft64(t, 1)
97
		t = a[7] ^ d2
98
		bc1 = bits.RotateLeft64(t, 6)
99
		t = a[13] ^ d3
100
		bc2 = bits.RotateLeft64(t, 25)
101
		t = a[19] ^ d4
102
		bc3 = bits.RotateLeft64(t, 8)
103
		a[20] = bc0 ^ (bc2 &^ bc1)
104
		a[1] = bc1 ^ (bc3 &^ bc2)
105
		a[7] = bc2 ^ (bc4 &^ bc3)
106
		a[13] = bc3 ^ (bc0 &^ bc4)
107
		a[19] = bc4 ^ (bc1 &^ bc0)
108

109
		t = a[5] ^ d0
110
		bc1 = bits.RotateLeft64(t, 36)
111
		t = a[11] ^ d1
112
		bc2 = bits.RotateLeft64(t, 10)
113
		t = a[17] ^ d2
114
		bc3 = bits.RotateLeft64(t, 15)
115
		t = a[23] ^ d3
116
		bc4 = bits.RotateLeft64(t, 56)
117
		t = a[4] ^ d4
118
		bc0 = bits.RotateLeft64(t, 27)
119
		a[5] = bc0 ^ (bc2 &^ bc1)
120
		a[11] = bc1 ^ (bc3 &^ bc2)
121
		a[17] = bc2 ^ (bc4 &^ bc3)
122
		a[23] = bc3 ^ (bc0 &^ bc4)
123
		a[4] = bc4 ^ (bc1 &^ bc0)
124

125
		t = a[15] ^ d0
126
		bc3 = bits.RotateLeft64(t, 41)
127
		t = a[21] ^ d1
128
		bc4 = bits.RotateLeft64(t, 2)
129
		t = a[2] ^ d2
130
		bc0 = bits.RotateLeft64(t, 62)
131
		t = a[8] ^ d3
132
		bc1 = bits.RotateLeft64(t, 55)
133
		t = a[14] ^ d4
134
		bc2 = bits.RotateLeft64(t, 39)
135
		a[15] = bc0 ^ (bc2 &^ bc1)
136
		a[21] = bc1 ^ (bc3 &^ bc2)
137
		a[2] = bc2 ^ (bc4 &^ bc3)
138
		a[8] = bc3 ^ (bc0 &^ bc4)
139
		a[14] = bc4 ^ (bc1 &^ bc0)
140

141
		// Round 2
142
		bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20]
143
		bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21]
144
		bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22]
145
		bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23]
146
		bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24]
147
		d0 = bc4 ^ (bc1<<1 | bc1>>63)
148
		d1 = bc0 ^ (bc2<<1 | bc2>>63)
149
		d2 = bc1 ^ (bc3<<1 | bc3>>63)
150
		d3 = bc2 ^ (bc4<<1 | bc4>>63)
151
		d4 = bc3 ^ (bc0<<1 | bc0>>63)
152

153
		bc0 = a[0] ^ d0
154
		t = a[16] ^ d1
155
		bc1 = bits.RotateLeft64(t, 44)
156
		t = a[7] ^ d2
157
		bc2 = bits.RotateLeft64(t, 43)
158
		t = a[23] ^ d3
159
		bc3 = bits.RotateLeft64(t, 21)
160
		t = a[14] ^ d4
161
		bc4 = bits.RotateLeft64(t, 14)
162
		a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+1]
163
		a[16] = bc1 ^ (bc3 &^ bc2)
164
		a[7] = bc2 ^ (bc4 &^ bc3)
165
		a[23] = bc3 ^ (bc0 &^ bc4)
166
		a[14] = bc4 ^ (bc1 &^ bc0)
167

168
		t = a[20] ^ d0
169
		bc2 = bits.RotateLeft64(t, 3)
170
		t = a[11] ^ d1
171
		bc3 = bits.RotateLeft64(t, 45)
172
		t = a[2] ^ d2
173
		bc4 = bits.RotateLeft64(t, 61)
174
		t = a[18] ^ d3
175
		bc0 = bits.RotateLeft64(t, 28)
176
		t = a[9] ^ d4
177
		bc1 = bits.RotateLeft64(t, 20)
178
		a[20] = bc0 ^ (bc2 &^ bc1)
179
		a[11] = bc1 ^ (bc3 &^ bc2)
180
		a[2] = bc2 ^ (bc4 &^ bc3)
181
		a[18] = bc3 ^ (bc0 &^ bc4)
182
		a[9] = bc4 ^ (bc1 &^ bc0)
183

184
		t = a[15] ^ d0
185
		bc4 = bits.RotateLeft64(t, 18)
186
		t = a[6] ^ d1
187
		bc0 = bits.RotateLeft64(t, 1)
188
		t = a[22] ^ d2
189
		bc1 = bits.RotateLeft64(t, 6)
190
		t = a[13] ^ d3
191
		bc2 = bits.RotateLeft64(t, 25)
192
		t = a[4] ^ d4
193
		bc3 = bits.RotateLeft64(t, 8)
194
		a[15] = bc0 ^ (bc2 &^ bc1)
195
		a[6] = bc1 ^ (bc3 &^ bc2)
196
		a[22] = bc2 ^ (bc4 &^ bc3)
197
		a[13] = bc3 ^ (bc0 &^ bc4)
198
		a[4] = bc4 ^ (bc1 &^ bc0)
199

200
		t = a[10] ^ d0
201
		bc1 = bits.RotateLeft64(t, 36)
202
		t = a[1] ^ d1
203
		bc2 = bits.RotateLeft64(t, 10)
204
		t = a[17] ^ d2
205
		bc3 = bits.RotateLeft64(t, 15)
206
		t = a[8] ^ d3
207
		bc4 = bits.RotateLeft64(t, 56)
208
		t = a[24] ^ d4
209
		bc0 = bits.RotateLeft64(t, 27)
210
		a[10] = bc0 ^ (bc2 &^ bc1)
211
		a[1] = bc1 ^ (bc3 &^ bc2)
212
		a[17] = bc2 ^ (bc4 &^ bc3)
213
		a[8] = bc3 ^ (bc0 &^ bc4)
214
		a[24] = bc4 ^ (bc1 &^ bc0)
215

216
		t = a[5] ^ d0
217
		bc3 = bits.RotateLeft64(t, 41)
218
		t = a[21] ^ d1
219
		bc4 = bits.RotateLeft64(t, 2)
220
		t = a[12] ^ d2
221
		bc0 = bits.RotateLeft64(t, 62)
222
		t = a[3] ^ d3
223
		bc1 = bits.RotateLeft64(t, 55)
224
		t = a[19] ^ d4
225
		bc2 = bits.RotateLeft64(t, 39)
226
		a[5] = bc0 ^ (bc2 &^ bc1)
227
		a[21] = bc1 ^ (bc3 &^ bc2)
228
		a[12] = bc2 ^ (bc4 &^ bc3)
229
		a[3] = bc3 ^ (bc0 &^ bc4)
230
		a[19] = bc4 ^ (bc1 &^ bc0)
231

232
		// Round 3
233
		bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20]
234
		bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21]
235
		bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22]
236
		bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23]
237
		bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24]
238
		d0 = bc4 ^ (bc1<<1 | bc1>>63)
239
		d1 = bc0 ^ (bc2<<1 | bc2>>63)
240
		d2 = bc1 ^ (bc3<<1 | bc3>>63)
241
		d3 = bc2 ^ (bc4<<1 | bc4>>63)
242
		d4 = bc3 ^ (bc0<<1 | bc0>>63)
243

244
		bc0 = a[0] ^ d0
245
		t = a[11] ^ d1
246
		bc1 = bits.RotateLeft64(t, 44)
247
		t = a[22] ^ d2
248
		bc2 = bits.RotateLeft64(t, 43)
249
		t = a[8] ^ d3
250
		bc3 = bits.RotateLeft64(t, 21)
251
		t = a[19] ^ d4
252
		bc4 = bits.RotateLeft64(t, 14)
253
		a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+2]
254
		a[11] = bc1 ^ (bc3 &^ bc2)
255
		a[22] = bc2 ^ (bc4 &^ bc3)
256
		a[8] = bc3 ^ (bc0 &^ bc4)
257
		a[19] = bc4 ^ (bc1 &^ bc0)
258

259
		t = a[15] ^ d0
260
		bc2 = bits.RotateLeft64(t, 3)
261
		t = a[1] ^ d1
262
		bc3 = bits.RotateLeft64(t, 45)
263
		t = a[12] ^ d2
264
		bc4 = bits.RotateLeft64(t, 61)
265
		t = a[23] ^ d3
266
		bc0 = bits.RotateLeft64(t, 28)
267
		t = a[9] ^ d4
268
		bc1 = bits.RotateLeft64(t, 20)
269
		a[15] = bc0 ^ (bc2 &^ bc1)
270
		a[1] = bc1 ^ (bc3 &^ bc2)
271
		a[12] = bc2 ^ (bc4 &^ bc3)
272
		a[23] = bc3 ^ (bc0 &^ bc4)
273
		a[9] = bc4 ^ (bc1 &^ bc0)
274

275
		t = a[5] ^ d0
276
		bc4 = bits.RotateLeft64(t, 18)
277
		t = a[16] ^ d1
278
		bc0 = bits.RotateLeft64(t, 1)
279
		t = a[2] ^ d2
280
		bc1 = bits.RotateLeft64(t, 6)
281
		t = a[13] ^ d3
282
		bc2 = bits.RotateLeft64(t, 25)
283
		t = a[24] ^ d4
284
		bc3 = bits.RotateLeft64(t, 8)
285
		a[5] = bc0 ^ (bc2 &^ bc1)
286
		a[16] = bc1 ^ (bc3 &^ bc2)
287
		a[2] = bc2 ^ (bc4 &^ bc3)
288
		a[13] = bc3 ^ (bc0 &^ bc4)
289
		a[24] = bc4 ^ (bc1 &^ bc0)
290

291
		t = a[20] ^ d0
292
		bc1 = bits.RotateLeft64(t, 36)
293
		t = a[6] ^ d1
294
		bc2 = bits.RotateLeft64(t, 10)
295
		t = a[17] ^ d2
296
		bc3 = bits.RotateLeft64(t, 15)
297
		t = a[3] ^ d3
298
		bc4 = bits.RotateLeft64(t, 56)
299
		t = a[14] ^ d4
300
		bc0 = bits.RotateLeft64(t, 27)
301
		a[20] = bc0 ^ (bc2 &^ bc1)
302
		a[6] = bc1 ^ (bc3 &^ bc2)
303
		a[17] = bc2 ^ (bc4 &^ bc3)
304
		a[3] = bc3 ^ (bc0 &^ bc4)
305
		a[14] = bc4 ^ (bc1 &^ bc0)
306

307
		t = a[10] ^ d0
308
		bc3 = bits.RotateLeft64(t, 41)
309
		t = a[21] ^ d1
310
		bc4 = bits.RotateLeft64(t, 2)
311
		t = a[7] ^ d2
312
		bc0 = bits.RotateLeft64(t, 62)
313
		t = a[18] ^ d3
314
		bc1 = bits.RotateLeft64(t, 55)
315
		t = a[4] ^ d4
316
		bc2 = bits.RotateLeft64(t, 39)
317
		a[10] = bc0 ^ (bc2 &^ bc1)
318
		a[21] = bc1 ^ (bc3 &^ bc2)
319
		a[7] = bc2 ^ (bc4 &^ bc3)
320
		a[18] = bc3 ^ (bc0 &^ bc4)
321
		a[4] = bc4 ^ (bc1 &^ bc0)
322

323
		// Round 4
324
		bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20]
325
		bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21]
326
		bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22]
327
		bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23]
328
		bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24]
329
		d0 = bc4 ^ (bc1<<1 | bc1>>63)
330
		d1 = bc0 ^ (bc2<<1 | bc2>>63)
331
		d2 = bc1 ^ (bc3<<1 | bc3>>63)
332
		d3 = bc2 ^ (bc4<<1 | bc4>>63)
333
		d4 = bc3 ^ (bc0<<1 | bc0>>63)
334

335
		bc0 = a[0] ^ d0
336
		t = a[1] ^ d1
337
		bc1 = bits.RotateLeft64(t, 44)
338
		t = a[2] ^ d2
339
		bc2 = bits.RotateLeft64(t, 43)
340
		t = a[3] ^ d3
341
		bc3 = bits.RotateLeft64(t, 21)
342
		t = a[4] ^ d4
343
		bc4 = bits.RotateLeft64(t, 14)
344
		a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+3]
345
		a[1] = bc1 ^ (bc3 &^ bc2)
346
		a[2] = bc2 ^ (bc4 &^ bc3)
347
		a[3] = bc3 ^ (bc0 &^ bc4)
348
		a[4] = bc4 ^ (bc1 &^ bc0)
349

350
		t = a[5] ^ d0
351
		bc2 = bits.RotateLeft64(t, 3)
352
		t = a[6] ^ d1
353
		bc3 = bits.RotateLeft64(t, 45)
354
		t = a[7] ^ d2
355
		bc4 = bits.RotateLeft64(t, 61)
356
		t = a[8] ^ d3
357
		bc0 = bits.RotateLeft64(t, 28)
358
		t = a[9] ^ d4
359
		bc1 = bits.RotateLeft64(t, 20)
360
		a[5] = bc0 ^ (bc2 &^ bc1)
361
		a[6] = bc1 ^ (bc3 &^ bc2)
362
		a[7] = bc2 ^ (bc4 &^ bc3)
363
		a[8] = bc3 ^ (bc0 &^ bc4)
364
		a[9] = bc4 ^ (bc1 &^ bc0)
365

366
		t = a[10] ^ d0
367
		bc4 = bits.RotateLeft64(t, 18)
368
		t = a[11] ^ d1
369
		bc0 = bits.RotateLeft64(t, 1)
370
		t = a[12] ^ d2
371
		bc1 = bits.RotateLeft64(t, 6)
372
		t = a[13] ^ d3
373
		bc2 = bits.RotateLeft64(t, 25)
374
		t = a[14] ^ d4
375
		bc3 = bits.RotateLeft64(t, 8)
376
		a[10] = bc0 ^ (bc2 &^ bc1)
377
		a[11] = bc1 ^ (bc3 &^ bc2)
378
		a[12] = bc2 ^ (bc4 &^ bc3)
379
		a[13] = bc3 ^ (bc0 &^ bc4)
380
		a[14] = bc4 ^ (bc1 &^ bc0)
381

382
		t = a[15] ^ d0
383
		bc1 = bits.RotateLeft64(t, 36)
384
		t = a[16] ^ d1
385
		bc2 = bits.RotateLeft64(t, 10)
386
		t = a[17] ^ d2
387
		bc3 = bits.RotateLeft64(t, 15)
388
		t = a[18] ^ d3
389
		bc4 = bits.RotateLeft64(t, 56)
390
		t = a[19] ^ d4
391
		bc0 = bits.RotateLeft64(t, 27)
392
		a[15] = bc0 ^ (bc2 &^ bc1)
393
		a[16] = bc1 ^ (bc3 &^ bc2)
394
		a[17] = bc2 ^ (bc4 &^ bc3)
395
		a[18] = bc3 ^ (bc0 &^ bc4)
396
		a[19] = bc4 ^ (bc1 &^ bc0)
397

398
		t = a[20] ^ d0
399
		bc3 = bits.RotateLeft64(t, 41)
400
		t = a[21] ^ d1
401
		bc4 = bits.RotateLeft64(t, 2)
402
		t = a[22] ^ d2
403
		bc0 = bits.RotateLeft64(t, 62)
404
		t = a[23] ^ d3
405
		bc1 = bits.RotateLeft64(t, 55)
406
		t = a[24] ^ d4
407
		bc2 = bits.RotateLeft64(t, 39)
408
		a[20] = bc0 ^ (bc2 &^ bc1)
409
		a[21] = bc1 ^ (bc3 &^ bc2)
410
		a[22] = bc2 ^ (bc4 &^ bc3)
411
		a[23] = bc3 ^ (bc0 &^ bc4)
412
		a[24] = bc4 ^ (bc1 &^ bc0)
413
	}
414
}
415