Google Git
Sign in
go / crypto.git / 1b32d8b50a20d8fb3f40d1d50cb9d75cd0135bc8^! / . / sha3 / keccakf.go
commit1b32d8b50a20d8fb3f40d1d50cb9d75cd0135bc8[log] [tgz]
authorDavid Leon Gil <coruus@gmail.com>Wed Sep 03 12:04:00 2014 -0700
committerAdam Langley <agl@golang.org>Wed Sep 03 12:04:00 2014 -0700
treef42784d6d11d399b7580799eac62eab0916987a8
parent18c283559e20c6fa8b7639afd6c8ba22645655cd [diff] [blame]
go.crypto/sha3: update to sync with draft FIPS-202

1. API:

This exposes a minimal API: the SHA-3 functions implement hash.Hash. The
SHAKE functions implement a new "ShakeHash" interface that implements
io.Reader, io.Writer, and Reset().

(The previous Barrier() function has been removed.)

(Alternative proposal: Don't implement io.Reader, but instead provide a
"Digest(d []byte) error" function that performs a hash.Hash style copy.
Somewhat more minimal, but very easy to use incorrectly.)

2. Tests

Added the complete set of ShortMsgKATs from
   https://github.com/gvanas/KeccakCodePackage

3. Correctness

In sync with draft FIPS-202.

4. Documentation

A summary of the security properties of the SHA-3 and SHAKE functions is
provided in doc.go; some concrete recommendations as well.

Fixes 8563.

R=golang-codereviews, agl
CC=golang-codereviews
https://golang.org/cl/130950043

diff --git a/sha3/keccakf.go b/sha3/keccakf.go
index 76c0312..c267ee0 100644
--- a/sha3/keccakf.go
+++ b/sha3/keccakf.go

@@ -1,16 +1,11 @@
-// Copyright 2013 The Go Authors. All rights reserved.
+// Copyright 2014 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
 package sha3
 
-// This file implements the core Keccak permutation function necessary for computing SHA3.
-// This is implemented in a separate file to allow for replacement by an optimized implementation.
-// Nothing in this package is exported.
-// For the detailed specification, refer to the Keccak web site (http://keccak.noekeon.org/).
-
 // rc stores the round constants for use in the ι step.
-var rc = [...]uint64{
+var rc = [24]uint64{
 	0x0000000000000001,
 	0x0000000000008082,
 	0x800000000000808A,
@@ -37,10 +32,9 @@
 	0x8000000080008008,
 }
 
-// keccakF computes the complete Keccak-f function consisting of 24 rounds with a different
-// constant (rc) in each round. This implementation fully unrolls the round function to avoid
-// inner loops, as well as pre-calculating shift offsets.
-func keccakF(a *[numLanes]uint64) {
+// keccakF1600 applies the Keccak permutation to a 1600b-wide
+// state represented as a slice of 25 uint64s.
+func keccakF1600(a *[25]uint64) {
 	var t, bc0, bc1, bc2, bc3, bc4 uint64
 	for _, roundConstant := range rc {
 		// θ step