all: use math/bits.RotateLeft
Updates golang/go#31456
Change-Id: Idf043a25632526baa190bf42ed360cb79f85e493
GitHub-Last-Rev: 59461578926a85a87cc68dac96c0b7559766b7cf
GitHub-Pull-Request: golang/crypto#195
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/356518
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
Reviewed-by: David Chase <drchase@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
diff --git a/cast5/cast5.go b/cast5/cast5.go
index ddcbeb6..425e8ee 100644
--- a/cast5/cast5.go
+++ b/cast5/cast5.go
@@ -13,7 +13,10 @@
// golang.org/x/crypto/chacha20poly1305).
package cast5 // import "golang.org/x/crypto/cast5"
-import "errors"
+import (
+ "errors"
+ "math/bits"
+)
const BlockSize = 8
const KeySize = 16
@@ -241,19 +244,19 @@
// These are the three 'f' functions. See RFC 2144, section 2.2.
func f1(d, m uint32, r uint8) uint32 {
t := m + d
- I := (t << r) | (t >> (32 - r))
+ I := bits.RotateLeft32(t, int(r))
return ((sBox[0][I>>24] ^ sBox[1][(I>>16)&0xff]) - sBox[2][(I>>8)&0xff]) + sBox[3][I&0xff]
}
func f2(d, m uint32, r uint8) uint32 {
t := m ^ d
- I := (t << r) | (t >> (32 - r))
+ I := bits.RotateLeft32(t, int(r))
return ((sBox[0][I>>24] - sBox[1][(I>>16)&0xff]) + sBox[2][(I>>8)&0xff]) ^ sBox[3][I&0xff]
}
func f3(d, m uint32, r uint8) uint32 {
t := m - d
- I := (t << r) | (t >> (32 - r))
+ I := bits.RotateLeft32(t, int(r))
return ((sBox[0][I>>24] + sBox[1][(I>>16)&0xff]) ^ sBox[2][(I>>8)&0xff]) - sBox[3][I&0xff]
}
diff --git a/md4/md4block.go b/md4/md4block.go
index 3fed475..5ea1ba9 100644
--- a/md4/md4block.go
+++ b/md4/md4block.go
@@ -8,9 +8,11 @@
package md4
-var shift1 = []uint{3, 7, 11, 19}
-var shift2 = []uint{3, 5, 9, 13}
-var shift3 = []uint{3, 9, 11, 15}
+import "math/bits"
+
+var shift1 = []int{3, 7, 11, 19}
+var shift2 = []int{3, 5, 9, 13}
+var shift3 = []int{3, 9, 11, 15}
var xIndex2 = []uint{0, 4, 8, 12, 1, 5, 9, 13, 2, 6, 10, 14, 3, 7, 11, 15}
var xIndex3 = []uint{0, 8, 4, 12, 2, 10, 6, 14, 1, 9, 5, 13, 3, 11, 7, 15}
@@ -48,7 +50,7 @@
s := shift1[i%4]
f := ((c ^ d) & b) ^ d
a += f + X[x]
- a = a<<s | a>>(32-s)
+ a = bits.RotateLeft32(a, s)
a, b, c, d = d, a, b, c
}
@@ -58,7 +60,7 @@
s := shift2[i%4]
g := (b & c) | (b & d) | (c & d)
a += g + X[x] + 0x5a827999
- a = a<<s | a>>(32-s)
+ a = bits.RotateLeft32(a, s)
a, b, c, d = d, a, b, c
}
@@ -68,7 +70,7 @@
s := shift3[i%4]
h := b ^ c ^ d
a += h + X[x] + 0x6ed9eba1
- a = a<<s | a>>(32-s)
+ a = bits.RotateLeft32(a, s)
a, b, c, d = d, a, b, c
}
diff --git a/pkcs12/internal/rc2/rc2.go b/pkcs12/internal/rc2/rc2.go
index 7499e3f..05de9cc 100644
--- a/pkcs12/internal/rc2/rc2.go
+++ b/pkcs12/internal/rc2/rc2.go
@@ -14,6 +14,7 @@
import (
"crypto/cipher"
"encoding/binary"
+ "math/bits"
)
// The rc2 block size in bytes
@@ -80,10 +81,6 @@
return k
}
-func rotl16(x uint16, b uint) uint16 {
- return (x >> (16 - b)) | (x << b)
-}
-
func (c *rc2Cipher) Encrypt(dst, src []byte) {
r0 := binary.LittleEndian.Uint16(src[0:])
@@ -96,22 +93,22 @@
for j <= 16 {
// mix r0
r0 = r0 + c.k[j] + (r3 & r2) + ((^r3) & r1)
- r0 = rotl16(r0, 1)
+ r0 = bits.RotateLeft16(r0, 1)
j++
// mix r1
r1 = r1 + c.k[j] + (r0 & r3) + ((^r0) & r2)
- r1 = rotl16(r1, 2)
+ r1 = bits.RotateLeft16(r1, 2)
j++
// mix r2
r2 = r2 + c.k[j] + (r1 & r0) + ((^r1) & r3)
- r2 = rotl16(r2, 3)
+ r2 = bits.RotateLeft16(r2, 3)
j++
// mix r3
r3 = r3 + c.k[j] + (r2 & r1) + ((^r2) & r0)
- r3 = rotl16(r3, 5)
+ r3 = bits.RotateLeft16(r3, 5)
j++
}
@@ -124,22 +121,22 @@
for j <= 40 {
// mix r0
r0 = r0 + c.k[j] + (r3 & r2) + ((^r3) & r1)
- r0 = rotl16(r0, 1)
+ r0 = bits.RotateLeft16(r0, 1)
j++
// mix r1
r1 = r1 + c.k[j] + (r0 & r3) + ((^r0) & r2)
- r1 = rotl16(r1, 2)
+ r1 = bits.RotateLeft16(r1, 2)
j++
// mix r2
r2 = r2 + c.k[j] + (r1 & r0) + ((^r1) & r3)
- r2 = rotl16(r2, 3)
+ r2 = bits.RotateLeft16(r2, 3)
j++
// mix r3
r3 = r3 + c.k[j] + (r2 & r1) + ((^r2) & r0)
- r3 = rotl16(r3, 5)
+ r3 = bits.RotateLeft16(r3, 5)
j++
}
@@ -152,22 +149,22 @@
for j <= 60 {
// mix r0
r0 = r0 + c.k[j] + (r3 & r2) + ((^r3) & r1)
- r0 = rotl16(r0, 1)
+ r0 = bits.RotateLeft16(r0, 1)
j++
// mix r1
r1 = r1 + c.k[j] + (r0 & r3) + ((^r0) & r2)
- r1 = rotl16(r1, 2)
+ r1 = bits.RotateLeft16(r1, 2)
j++
// mix r2
r2 = r2 + c.k[j] + (r1 & r0) + ((^r1) & r3)
- r2 = rotl16(r2, 3)
+ r2 = bits.RotateLeft16(r2, 3)
j++
// mix r3
r3 = r3 + c.k[j] + (r2 & r1) + ((^r2) & r0)
- r3 = rotl16(r3, 5)
+ r3 = bits.RotateLeft16(r3, 5)
j++
}
@@ -188,22 +185,22 @@
for j >= 44 {
// unmix r3
- r3 = rotl16(r3, 16-5)
+ r3 = bits.RotateLeft16(r3, 16-5)
r3 = r3 - c.k[j] - (r2 & r1) - ((^r2) & r0)
j--
// unmix r2
- r2 = rotl16(r2, 16-3)
+ r2 = bits.RotateLeft16(r2, 16-3)
r2 = r2 - c.k[j] - (r1 & r0) - ((^r1) & r3)
j--
// unmix r1
- r1 = rotl16(r1, 16-2)
+ r1 = bits.RotateLeft16(r1, 16-2)
r1 = r1 - c.k[j] - (r0 & r3) - ((^r0) & r2)
j--
// unmix r0
- r0 = rotl16(r0, 16-1)
+ r0 = bits.RotateLeft16(r0, 16-1)
r0 = r0 - c.k[j] - (r3 & r2) - ((^r3) & r1)
j--
}
@@ -215,22 +212,22 @@
for j >= 20 {
// unmix r3
- r3 = rotl16(r3, 16-5)
+ r3 = bits.RotateLeft16(r3, 16-5)
r3 = r3 - c.k[j] - (r2 & r1) - ((^r2) & r0)
j--
// unmix r2
- r2 = rotl16(r2, 16-3)
+ r2 = bits.RotateLeft16(r2, 16-3)
r2 = r2 - c.k[j] - (r1 & r0) - ((^r1) & r3)
j--
// unmix r1
- r1 = rotl16(r1, 16-2)
+ r1 = bits.RotateLeft16(r1, 16-2)
r1 = r1 - c.k[j] - (r0 & r3) - ((^r0) & r2)
j--
// unmix r0
- r0 = rotl16(r0, 16-1)
+ r0 = bits.RotateLeft16(r0, 16-1)
r0 = r0 - c.k[j] - (r3 & r2) - ((^r3) & r1)
j--
@@ -243,22 +240,22 @@
for j >= 0 {
// unmix r3
- r3 = rotl16(r3, 16-5)
+ r3 = bits.RotateLeft16(r3, 16-5)
r3 = r3 - c.k[j] - (r2 & r1) - ((^r2) & r0)
j--
// unmix r2
- r2 = rotl16(r2, 16-3)
+ r2 = bits.RotateLeft16(r2, 16-3)
r2 = r2 - c.k[j] - (r1 & r0) - ((^r1) & r3)
j--
// unmix r1
- r1 = rotl16(r1, 16-2)
+ r1 = bits.RotateLeft16(r1, 16-2)
r1 = r1 - c.k[j] - (r0 & r3) - ((^r0) & r2)
j--
// unmix r0
- r0 = rotl16(r0, 16-1)
+ r0 = bits.RotateLeft16(r0, 16-1)
r0 = r0 - c.k[j] - (r3 & r2) - ((^r3) & r1)
j--
diff --git a/salsa20/salsa/hsalsa20.go b/salsa20/salsa/hsalsa20.go
index 4c96147..3fd05b2 100644
--- a/salsa20/salsa/hsalsa20.go
+++ b/salsa20/salsa/hsalsa20.go
@@ -5,6 +5,8 @@
// Package salsa provides low-level access to functions in the Salsa family.
package salsa // import "golang.org/x/crypto/salsa20/salsa"
+import "math/bits"
+
// Sigma is the Salsa20 constant for 256-bit keys.
var Sigma = [16]byte{'e', 'x', 'p', 'a', 'n', 'd', ' ', '3', '2', '-', 'b', 'y', 't', 'e', ' ', 'k'}
@@ -31,76 +33,76 @@
for i := 0; i < 20; i += 2 {
u := x0 + x12
- x4 ^= u<<7 | u>>(32-7)
+ x4 ^= bits.RotateLeft32(u, 7)
u = x4 + x0
- x8 ^= u<<9 | u>>(32-9)
+ x8 ^= bits.RotateLeft32(u, 9)
u = x8 + x4
- x12 ^= u<<13 | u>>(32-13)
+ x12 ^= bits.RotateLeft32(u, 13)
u = x12 + x8
- x0 ^= u<<18 | u>>(32-18)
+ x0 ^= bits.RotateLeft32(u, 18)
u = x5 + x1
- x9 ^= u<<7 | u>>(32-7)
+ x9 ^= bits.RotateLeft32(u, 7)
u = x9 + x5
- x13 ^= u<<9 | u>>(32-9)
+ x13 ^= bits.RotateLeft32(u, 9)
u = x13 + x9
- x1 ^= u<<13 | u>>(32-13)
+ x1 ^= bits.RotateLeft32(u, 13)
u = x1 + x13
- x5 ^= u<<18 | u>>(32-18)
+ x5 ^= bits.RotateLeft32(u, 18)
u = x10 + x6
- x14 ^= u<<7 | u>>(32-7)
+ x14 ^= bits.RotateLeft32(u, 7)
u = x14 + x10
- x2 ^= u<<9 | u>>(32-9)
+ x2 ^= bits.RotateLeft32(u, 9)
u = x2 + x14
- x6 ^= u<<13 | u>>(32-13)
+ x6 ^= bits.RotateLeft32(u, 13)
u = x6 + x2
- x10 ^= u<<18 | u>>(32-18)
+ x10 ^= bits.RotateLeft32(u, 18)
u = x15 + x11
- x3 ^= u<<7 | u>>(32-7)
+ x3 ^= bits.RotateLeft32(u, 7)
u = x3 + x15
- x7 ^= u<<9 | u>>(32-9)
+ x7 ^= bits.RotateLeft32(u, 9)
u = x7 + x3
- x11 ^= u<<13 | u>>(32-13)
+ x11 ^= bits.RotateLeft32(u, 13)
u = x11 + x7
- x15 ^= u<<18 | u>>(32-18)
+ x15 ^= bits.RotateLeft32(u, 18)
u = x0 + x3
- x1 ^= u<<7 | u>>(32-7)
+ x1 ^= bits.RotateLeft32(u, 7)
u = x1 + x0
- x2 ^= u<<9 | u>>(32-9)
+ x2 ^= bits.RotateLeft32(u, 9)
u = x2 + x1
- x3 ^= u<<13 | u>>(32-13)
+ x3 ^= bits.RotateLeft32(u, 13)
u = x3 + x2
- x0 ^= u<<18 | u>>(32-18)
+ x0 ^= bits.RotateLeft32(u, 18)
u = x5 + x4
- x6 ^= u<<7 | u>>(32-7)
+ x6 ^= bits.RotateLeft32(u, 7)
u = x6 + x5
- x7 ^= u<<9 | u>>(32-9)
+ x7 ^= bits.RotateLeft32(u, 9)
u = x7 + x6
- x4 ^= u<<13 | u>>(32-13)
+ x4 ^= bits.RotateLeft32(u, 13)
u = x4 + x7
- x5 ^= u<<18 | u>>(32-18)
+ x5 ^= bits.RotateLeft32(u, 18)
u = x10 + x9
- x11 ^= u<<7 | u>>(32-7)
+ x11 ^= bits.RotateLeft32(u, 7)
u = x11 + x10
- x8 ^= u<<9 | u>>(32-9)
+ x8 ^= bits.RotateLeft32(u, 9)
u = x8 + x11
- x9 ^= u<<13 | u>>(32-13)
+ x9 ^= bits.RotateLeft32(u, 13)
u = x9 + x8
- x10 ^= u<<18 | u>>(32-18)
+ x10 ^= bits.RotateLeft32(u, 18)
u = x15 + x14
- x12 ^= u<<7 | u>>(32-7)
+ x12 ^= bits.RotateLeft32(u, 7)
u = x12 + x15
- x13 ^= u<<9 | u>>(32-9)
+ x13 ^= bits.RotateLeft32(u, 9)
u = x13 + x12
- x14 ^= u<<13 | u>>(32-13)
+ x14 ^= bits.RotateLeft32(u, 13)
u = x14 + x13
- x15 ^= u<<18 | u>>(32-18)
+ x15 ^= bits.RotateLeft32(u, 18)
}
out[0] = byte(x0)
out[1] = byte(x0 >> 8)
diff --git a/salsa20/salsa/salsa208.go b/salsa20/salsa/salsa208.go
index 9bfc092..7ec7bb3 100644
--- a/salsa20/salsa/salsa208.go
+++ b/salsa20/salsa/salsa208.go
@@ -4,6 +4,8 @@
package salsa
+import "math/bits"
+
// Core208 applies the Salsa20/8 core function to the 64-byte array in and puts
// the result into the 64-byte array out. The input and output may be the same array.
func Core208(out *[64]byte, in *[64]byte) {
@@ -29,76 +31,76 @@
for i := 0; i < 8; i += 2 {
u := x0 + x12
- x4 ^= u<<7 | u>>(32-7)
+ x4 ^= bits.RotateLeft32(u, 7)
u = x4 + x0
- x8 ^= u<<9 | u>>(32-9)
+ x8 ^= bits.RotateLeft32(u, 9)
u = x8 + x4
- x12 ^= u<<13 | u>>(32-13)
+ x12 ^= bits.RotateLeft32(u, 13)
u = x12 + x8
- x0 ^= u<<18 | u>>(32-18)
+ x0 ^= bits.RotateLeft32(u, 18)
u = x5 + x1
- x9 ^= u<<7 | u>>(32-7)
+ x9 ^= bits.RotateLeft32(u, 7)
u = x9 + x5
- x13 ^= u<<9 | u>>(32-9)
+ x13 ^= bits.RotateLeft32(u, 9)
u = x13 + x9
- x1 ^= u<<13 | u>>(32-13)
+ x1 ^= bits.RotateLeft32(u, 13)
u = x1 + x13
- x5 ^= u<<18 | u>>(32-18)
+ x5 ^= bits.RotateLeft32(u, 18)
u = x10 + x6
- x14 ^= u<<7 | u>>(32-7)
+ x14 ^= bits.RotateLeft32(u, 7)
u = x14 + x10
- x2 ^= u<<9 | u>>(32-9)
+ x2 ^= bits.RotateLeft32(u, 9)
u = x2 + x14
- x6 ^= u<<13 | u>>(32-13)
+ x6 ^= bits.RotateLeft32(u, 13)
u = x6 + x2
- x10 ^= u<<18 | u>>(32-18)
+ x10 ^= bits.RotateLeft32(u, 18)
u = x15 + x11
- x3 ^= u<<7 | u>>(32-7)
+ x3 ^= bits.RotateLeft32(u, 7)
u = x3 + x15
- x7 ^= u<<9 | u>>(32-9)
+ x7 ^= bits.RotateLeft32(u, 9)
u = x7 + x3
- x11 ^= u<<13 | u>>(32-13)
+ x11 ^= bits.RotateLeft32(u, 13)
u = x11 + x7
- x15 ^= u<<18 | u>>(32-18)
+ x15 ^= bits.RotateLeft32(u, 18)
u = x0 + x3
- x1 ^= u<<7 | u>>(32-7)
+ x1 ^= bits.RotateLeft32(u, 7)
u = x1 + x0
- x2 ^= u<<9 | u>>(32-9)
+ x2 ^= bits.RotateLeft32(u, 9)
u = x2 + x1
- x3 ^= u<<13 | u>>(32-13)
+ x3 ^= bits.RotateLeft32(u, 13)
u = x3 + x2
- x0 ^= u<<18 | u>>(32-18)
+ x0 ^= bits.RotateLeft32(u, 18)
u = x5 + x4
- x6 ^= u<<7 | u>>(32-7)
+ x6 ^= bits.RotateLeft32(u, 7)
u = x6 + x5
- x7 ^= u<<9 | u>>(32-9)
+ x7 ^= bits.RotateLeft32(u, 9)
u = x7 + x6
- x4 ^= u<<13 | u>>(32-13)
+ x4 ^= bits.RotateLeft32(u, 13)
u = x4 + x7
- x5 ^= u<<18 | u>>(32-18)
+ x5 ^= bits.RotateLeft32(u, 18)
u = x10 + x9
- x11 ^= u<<7 | u>>(32-7)
+ x11 ^= bits.RotateLeft32(u, 7)
u = x11 + x10
- x8 ^= u<<9 | u>>(32-9)
+ x8 ^= bits.RotateLeft32(u, 9)
u = x8 + x11
- x9 ^= u<<13 | u>>(32-13)
+ x9 ^= bits.RotateLeft32(u, 13)
u = x9 + x8
- x10 ^= u<<18 | u>>(32-18)
+ x10 ^= bits.RotateLeft32(u, 18)
u = x15 + x14
- x12 ^= u<<7 | u>>(32-7)
+ x12 ^= bits.RotateLeft32(u, 7)
u = x12 + x15
- x13 ^= u<<9 | u>>(32-9)
+ x13 ^= bits.RotateLeft32(u, 9)
u = x13 + x12
- x14 ^= u<<13 | u>>(32-13)
+ x14 ^= bits.RotateLeft32(u, 13)
u = x14 + x13
- x15 ^= u<<18 | u>>(32-18)
+ x15 ^= bits.RotateLeft32(u, 18)
}
x0 += j0
x1 += j1
diff --git a/salsa20/salsa/salsa20_ref.go b/salsa20/salsa/salsa20_ref.go
index 68169c6..e5cdb9a 100644
--- a/salsa20/salsa/salsa20_ref.go
+++ b/salsa20/salsa/salsa20_ref.go
@@ -4,6 +4,8 @@
package salsa
+import "math/bits"
+
const rounds = 20
// core applies the Salsa20 core function to 16-byte input in, 32-byte key k,
@@ -31,76 +33,76 @@
for i := 0; i < rounds; i += 2 {
u := x0 + x12
- x4 ^= u<<7 | u>>(32-7)
+ x4 ^= bits.RotateLeft32(u, 7)
u = x4 + x0
- x8 ^= u<<9 | u>>(32-9)
+ x8 ^= bits.RotateLeft32(u, 9)
u = x8 + x4
- x12 ^= u<<13 | u>>(32-13)
+ x12 ^= bits.RotateLeft32(u, 13)
u = x12 + x8
- x0 ^= u<<18 | u>>(32-18)
+ x0 ^= bits.RotateLeft32(u, 18)
u = x5 + x1
- x9 ^= u<<7 | u>>(32-7)
+ x9 ^= bits.RotateLeft32(u, 7)
u = x9 + x5
- x13 ^= u<<9 | u>>(32-9)
+ x13 ^= bits.RotateLeft32(u, 9)
u = x13 + x9
- x1 ^= u<<13 | u>>(32-13)
+ x1 ^= bits.RotateLeft32(u, 13)
u = x1 + x13
- x5 ^= u<<18 | u>>(32-18)
+ x5 ^= bits.RotateLeft32(u, 18)
u = x10 + x6
- x14 ^= u<<7 | u>>(32-7)
+ x14 ^= bits.RotateLeft32(u, 7)
u = x14 + x10
- x2 ^= u<<9 | u>>(32-9)
+ x2 ^= bits.RotateLeft32(u, 9)
u = x2 + x14
- x6 ^= u<<13 | u>>(32-13)
+ x6 ^= bits.RotateLeft32(u, 13)
u = x6 + x2
- x10 ^= u<<18 | u>>(32-18)
+ x10 ^= bits.RotateLeft32(u, 18)
u = x15 + x11
- x3 ^= u<<7 | u>>(32-7)
+ x3 ^= bits.RotateLeft32(u, 7)
u = x3 + x15
- x7 ^= u<<9 | u>>(32-9)
+ x7 ^= bits.RotateLeft32(u, 9)
u = x7 + x3
- x11 ^= u<<13 | u>>(32-13)
+ x11 ^= bits.RotateLeft32(u, 13)
u = x11 + x7
- x15 ^= u<<18 | u>>(32-18)
+ x15 ^= bits.RotateLeft32(u, 18)
u = x0 + x3
- x1 ^= u<<7 | u>>(32-7)
+ x1 ^= bits.RotateLeft32(u, 7)
u = x1 + x0
- x2 ^= u<<9 | u>>(32-9)
+ x2 ^= bits.RotateLeft32(u, 9)
u = x2 + x1
- x3 ^= u<<13 | u>>(32-13)
+ x3 ^= bits.RotateLeft32(u, 13)
u = x3 + x2
- x0 ^= u<<18 | u>>(32-18)
+ x0 ^= bits.RotateLeft32(u, 18)
u = x5 + x4
- x6 ^= u<<7 | u>>(32-7)
+ x6 ^= bits.RotateLeft32(u, 7)
u = x6 + x5
- x7 ^= u<<9 | u>>(32-9)
+ x7 ^= bits.RotateLeft32(u, 9)
u = x7 + x6
- x4 ^= u<<13 | u>>(32-13)
+ x4 ^= bits.RotateLeft32(u, 13)
u = x4 + x7
- x5 ^= u<<18 | u>>(32-18)
+ x5 ^= bits.RotateLeft32(u, 18)
u = x10 + x9
- x11 ^= u<<7 | u>>(32-7)
+ x11 ^= bits.RotateLeft32(u, 7)
u = x11 + x10
- x8 ^= u<<9 | u>>(32-9)
+ x8 ^= bits.RotateLeft32(u, 9)
u = x8 + x11
- x9 ^= u<<13 | u>>(32-13)
+ x9 ^= bits.RotateLeft32(u, 13)
u = x9 + x8
- x10 ^= u<<18 | u>>(32-18)
+ x10 ^= bits.RotateLeft32(u, 18)
u = x15 + x14
- x12 ^= u<<7 | u>>(32-7)
+ x12 ^= bits.RotateLeft32(u, 7)
u = x12 + x15
- x13 ^= u<<9 | u>>(32-9)
+ x13 ^= bits.RotateLeft32(u, 9)
u = x13 + x12
- x14 ^= u<<13 | u>>(32-13)
+ x14 ^= bits.RotateLeft32(u, 13)
u = x14 + x13
- x15 ^= u<<18 | u>>(32-18)
+ x15 ^= bits.RotateLeft32(u, 18)
}
x0 += j0
x1 += j1
diff --git a/sha3/keccakf.go b/sha3/keccakf.go
index 0f4ae8b..e5faa37 100644
--- a/sha3/keccakf.go
+++ b/sha3/keccakf.go
@@ -7,6 +7,8 @@
package sha3
+import "math/bits"
+
// rc stores the round constants for use in the ι step.
var rc = [24]uint64{
0x0000000000000001,
@@ -60,13 +62,13 @@
bc0 = a[0] ^ d0
t = a[6] ^ d1
- bc1 = t<<44 | t>>(64-44)
+ bc1 = bits.RotateLeft64(t, 44)
t = a[12] ^ d2
- bc2 = t<<43 | t>>(64-43)
+ bc2 = bits.RotateLeft64(t, 43)
t = a[18] ^ d3
- bc3 = t<<21 | t>>(64-21)
+ bc3 = bits.RotateLeft64(t, 21)
t = a[24] ^ d4
- bc4 = t<<14 | t>>(64-14)
+ bc4 = bits.RotateLeft64(t, 14)
a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i]
a[6] = bc1 ^ (bc3 &^ bc2)
a[12] = bc2 ^ (bc4 &^ bc3)
@@ -74,15 +76,15 @@
a[24] = bc4 ^ (bc1 &^ bc0)
t = a[10] ^ d0
- bc2 = t<<3 | t>>(64-3)
+ bc2 = bits.RotateLeft64(t, 3)
t = a[16] ^ d1
- bc3 = t<<45 | t>>(64-45)
+ bc3 = bits.RotateLeft64(t, 45)
t = a[22] ^ d2
- bc4 = t<<61 | t>>(64-61)
+ bc4 = bits.RotateLeft64(t, 61)
t = a[3] ^ d3
- bc0 = t<<28 | t>>(64-28)
+ bc0 = bits.RotateLeft64(t, 28)
t = a[9] ^ d4
- bc1 = t<<20 | t>>(64-20)
+ bc1 = bits.RotateLeft64(t, 20)
a[10] = bc0 ^ (bc2 &^ bc1)
a[16] = bc1 ^ (bc3 &^ bc2)
a[22] = bc2 ^ (bc4 &^ bc3)
@@ -90,15 +92,15 @@
a[9] = bc4 ^ (bc1 &^ bc0)
t = a[20] ^ d0
- bc4 = t<<18 | t>>(64-18)
+ bc4 = bits.RotateLeft64(t, 18)
t = a[1] ^ d1
- bc0 = t<<1 | t>>(64-1)
+ bc0 = bits.RotateLeft64(t, 1)
t = a[7] ^ d2
- bc1 = t<<6 | t>>(64-6)
+ bc1 = bits.RotateLeft64(t, 6)
t = a[13] ^ d3
- bc2 = t<<25 | t>>(64-25)
+ bc2 = bits.RotateLeft64(t, 25)
t = a[19] ^ d4
- bc3 = t<<8 | t>>(64-8)
+ bc3 = bits.RotateLeft64(t, 8)
a[20] = bc0 ^ (bc2 &^ bc1)
a[1] = bc1 ^ (bc3 &^ bc2)
a[7] = bc2 ^ (bc4 &^ bc3)
@@ -106,15 +108,15 @@
a[19] = bc4 ^ (bc1 &^ bc0)
t = a[5] ^ d0
- bc1 = t<<36 | t>>(64-36)
+ bc1 = bits.RotateLeft64(t, 36)
t = a[11] ^ d1
- bc2 = t<<10 | t>>(64-10)
+ bc2 = bits.RotateLeft64(t, 10)
t = a[17] ^ d2
- bc3 = t<<15 | t>>(64-15)
+ bc3 = bits.RotateLeft64(t, 15)
t = a[23] ^ d3
- bc4 = t<<56 | t>>(64-56)
+ bc4 = bits.RotateLeft64(t, 56)
t = a[4] ^ d4
- bc0 = t<<27 | t>>(64-27)
+ bc0 = bits.RotateLeft64(t, 27)
a[5] = bc0 ^ (bc2 &^ bc1)
a[11] = bc1 ^ (bc3 &^ bc2)
a[17] = bc2 ^ (bc4 &^ bc3)
@@ -122,15 +124,15 @@
a[4] = bc4 ^ (bc1 &^ bc0)
t = a[15] ^ d0
- bc3 = t<<41 | t>>(64-41)
+ bc3 = bits.RotateLeft64(t, 41)
t = a[21] ^ d1
- bc4 = t<<2 | t>>(64-2)
+ bc4 = bits.RotateLeft64(t, 2)
t = a[2] ^ d2
- bc0 = t<<62 | t>>(64-62)
+ bc0 = bits.RotateLeft64(t, 62)
t = a[8] ^ d3
- bc1 = t<<55 | t>>(64-55)
+ bc1 = bits.RotateLeft64(t, 55)
t = a[14] ^ d4
- bc2 = t<<39 | t>>(64-39)
+ bc2 = bits.RotateLeft64(t, 39)
a[15] = bc0 ^ (bc2 &^ bc1)
a[21] = bc1 ^ (bc3 &^ bc2)
a[2] = bc2 ^ (bc4 &^ bc3)
@@ -151,13 +153,13 @@
bc0 = a[0] ^ d0
t = a[16] ^ d1
- bc1 = t<<44 | t>>(64-44)
+ bc1 = bits.RotateLeft64(t, 44)
t = a[7] ^ d2
- bc2 = t<<43 | t>>(64-43)
+ bc2 = bits.RotateLeft64(t, 43)
t = a[23] ^ d3
- bc3 = t<<21 | t>>(64-21)
+ bc3 = bits.RotateLeft64(t, 21)
t = a[14] ^ d4
- bc4 = t<<14 | t>>(64-14)
+ bc4 = bits.RotateLeft64(t, 14)
a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+1]
a[16] = bc1 ^ (bc3 &^ bc2)
a[7] = bc2 ^ (bc4 &^ bc3)
@@ -165,15 +167,15 @@
a[14] = bc4 ^ (bc1 &^ bc0)
t = a[20] ^ d0
- bc2 = t<<3 | t>>(64-3)
+ bc2 = bits.RotateLeft64(t, 3)
t = a[11] ^ d1
- bc3 = t<<45 | t>>(64-45)
+ bc3 = bits.RotateLeft64(t, 45)
t = a[2] ^ d2
- bc4 = t<<61 | t>>(64-61)
+ bc4 = bits.RotateLeft64(t, 61)
t = a[18] ^ d3
- bc0 = t<<28 | t>>(64-28)
+ bc0 = bits.RotateLeft64(t, 28)
t = a[9] ^ d4
- bc1 = t<<20 | t>>(64-20)
+ bc1 = bits.RotateLeft64(t, 20)
a[20] = bc0 ^ (bc2 &^ bc1)
a[11] = bc1 ^ (bc3 &^ bc2)
a[2] = bc2 ^ (bc4 &^ bc3)
@@ -181,15 +183,15 @@
a[9] = bc4 ^ (bc1 &^ bc0)
t = a[15] ^ d0
- bc4 = t<<18 | t>>(64-18)
+ bc4 = bits.RotateLeft64(t, 18)
t = a[6] ^ d1
- bc0 = t<<1 | t>>(64-1)
+ bc0 = bits.RotateLeft64(t, 1)
t = a[22] ^ d2
- bc1 = t<<6 | t>>(64-6)
+ bc1 = bits.RotateLeft64(t, 6)
t = a[13] ^ d3
- bc2 = t<<25 | t>>(64-25)
+ bc2 = bits.RotateLeft64(t, 25)
t = a[4] ^ d4
- bc3 = t<<8 | t>>(64-8)
+ bc3 = bits.RotateLeft64(t, 8)
a[15] = bc0 ^ (bc2 &^ bc1)
a[6] = bc1 ^ (bc3 &^ bc2)
a[22] = bc2 ^ (bc4 &^ bc3)
@@ -197,15 +199,15 @@
a[4] = bc4 ^ (bc1 &^ bc0)
t = a[10] ^ d0
- bc1 = t<<36 | t>>(64-36)
+ bc1 = bits.RotateLeft64(t, 36)
t = a[1] ^ d1
- bc2 = t<<10 | t>>(64-10)
+ bc2 = bits.RotateLeft64(t, 10)
t = a[17] ^ d2
- bc3 = t<<15 | t>>(64-15)
+ bc3 = bits.RotateLeft64(t, 15)
t = a[8] ^ d3
- bc4 = t<<56 | t>>(64-56)
+ bc4 = bits.RotateLeft64(t, 56)
t = a[24] ^ d4
- bc0 = t<<27 | t>>(64-27)
+ bc0 = bits.RotateLeft64(t, 27)
a[10] = bc0 ^ (bc2 &^ bc1)
a[1] = bc1 ^ (bc3 &^ bc2)
a[17] = bc2 ^ (bc4 &^ bc3)
@@ -213,15 +215,15 @@
a[24] = bc4 ^ (bc1 &^ bc0)
t = a[5] ^ d0
- bc3 = t<<41 | t>>(64-41)
+ bc3 = bits.RotateLeft64(t, 41)
t = a[21] ^ d1
- bc4 = t<<2 | t>>(64-2)
+ bc4 = bits.RotateLeft64(t, 2)
t = a[12] ^ d2
- bc0 = t<<62 | t>>(64-62)
+ bc0 = bits.RotateLeft64(t, 62)
t = a[3] ^ d3
- bc1 = t<<55 | t>>(64-55)
+ bc1 = bits.RotateLeft64(t, 55)
t = a[19] ^ d4
- bc2 = t<<39 | t>>(64-39)
+ bc2 = bits.RotateLeft64(t, 39)
a[5] = bc0 ^ (bc2 &^ bc1)
a[21] = bc1 ^ (bc3 &^ bc2)
a[12] = bc2 ^ (bc4 &^ bc3)
@@ -242,13 +244,13 @@
bc0 = a[0] ^ d0
t = a[11] ^ d1
- bc1 = t<<44 | t>>(64-44)
+ bc1 = bits.RotateLeft64(t, 44)
t = a[22] ^ d2
- bc2 = t<<43 | t>>(64-43)
+ bc2 = bits.RotateLeft64(t, 43)
t = a[8] ^ d3
- bc3 = t<<21 | t>>(64-21)
+ bc3 = bits.RotateLeft64(t, 21)
t = a[19] ^ d4
- bc4 = t<<14 | t>>(64-14)
+ bc4 = bits.RotateLeft64(t, 14)
a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+2]
a[11] = bc1 ^ (bc3 &^ bc2)
a[22] = bc2 ^ (bc4 &^ bc3)
@@ -256,15 +258,15 @@
a[19] = bc4 ^ (bc1 &^ bc0)
t = a[15] ^ d0
- bc2 = t<<3 | t>>(64-3)
+ bc2 = bits.RotateLeft64(t, 3)
t = a[1] ^ d1
- bc3 = t<<45 | t>>(64-45)
+ bc3 = bits.RotateLeft64(t, 45)
t = a[12] ^ d2
- bc4 = t<<61 | t>>(64-61)
+ bc4 = bits.RotateLeft64(t, 61)
t = a[23] ^ d3
- bc0 = t<<28 | t>>(64-28)
+ bc0 = bits.RotateLeft64(t, 28)
t = a[9] ^ d4
- bc1 = t<<20 | t>>(64-20)
+ bc1 = bits.RotateLeft64(t, 20)
a[15] = bc0 ^ (bc2 &^ bc1)
a[1] = bc1 ^ (bc3 &^ bc2)
a[12] = bc2 ^ (bc4 &^ bc3)
@@ -272,15 +274,15 @@
a[9] = bc4 ^ (bc1 &^ bc0)
t = a[5] ^ d0
- bc4 = t<<18 | t>>(64-18)
+ bc4 = bits.RotateLeft64(t, 18)
t = a[16] ^ d1
- bc0 = t<<1 | t>>(64-1)
+ bc0 = bits.RotateLeft64(t, 1)
t = a[2] ^ d2
- bc1 = t<<6 | t>>(64-6)
+ bc1 = bits.RotateLeft64(t, 6)
t = a[13] ^ d3
- bc2 = t<<25 | t>>(64-25)
+ bc2 = bits.RotateLeft64(t, 25)
t = a[24] ^ d4
- bc3 = t<<8 | t>>(64-8)
+ bc3 = bits.RotateLeft64(t, 8)
a[5] = bc0 ^ (bc2 &^ bc1)
a[16] = bc1 ^ (bc3 &^ bc2)
a[2] = bc2 ^ (bc4 &^ bc3)
@@ -288,15 +290,15 @@
a[24] = bc4 ^ (bc1 &^ bc0)
t = a[20] ^ d0
- bc1 = t<<36 | t>>(64-36)
+ bc1 = bits.RotateLeft64(t, 36)
t = a[6] ^ d1
- bc2 = t<<10 | t>>(64-10)
+ bc2 = bits.RotateLeft64(t, 10)
t = a[17] ^ d2
- bc3 = t<<15 | t>>(64-15)
+ bc3 = bits.RotateLeft64(t, 15)
t = a[3] ^ d3
- bc4 = t<<56 | t>>(64-56)
+ bc4 = bits.RotateLeft64(t, 56)
t = a[14] ^ d4
- bc0 = t<<27 | t>>(64-27)
+ bc0 = bits.RotateLeft64(t, 27)
a[20] = bc0 ^ (bc2 &^ bc1)
a[6] = bc1 ^ (bc3 &^ bc2)
a[17] = bc2 ^ (bc4 &^ bc3)
@@ -304,15 +306,15 @@
a[14] = bc4 ^ (bc1 &^ bc0)
t = a[10] ^ d0
- bc3 = t<<41 | t>>(64-41)
+ bc3 = bits.RotateLeft64(t, 41)
t = a[21] ^ d1
- bc4 = t<<2 | t>>(64-2)
+ bc4 = bits.RotateLeft64(t, 2)
t = a[7] ^ d2
- bc0 = t<<62 | t>>(64-62)
+ bc0 = bits.RotateLeft64(t, 62)
t = a[18] ^ d3
- bc1 = t<<55 | t>>(64-55)
+ bc1 = bits.RotateLeft64(t, 55)
t = a[4] ^ d4
- bc2 = t<<39 | t>>(64-39)
+ bc2 = bits.RotateLeft64(t, 39)
a[10] = bc0 ^ (bc2 &^ bc1)
a[21] = bc1 ^ (bc3 &^ bc2)
a[7] = bc2 ^ (bc4 &^ bc3)
@@ -333,13 +335,13 @@
bc0 = a[0] ^ d0
t = a[1] ^ d1
- bc1 = t<<44 | t>>(64-44)
+ bc1 = bits.RotateLeft64(t, 44)
t = a[2] ^ d2
- bc2 = t<<43 | t>>(64-43)
+ bc2 = bits.RotateLeft64(t, 43)
t = a[3] ^ d3
- bc3 = t<<21 | t>>(64-21)
+ bc3 = bits.RotateLeft64(t, 21)
t = a[4] ^ d4
- bc4 = t<<14 | t>>(64-14)
+ bc4 = bits.RotateLeft64(t, 14)
a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+3]
a[1] = bc1 ^ (bc3 &^ bc2)
a[2] = bc2 ^ (bc4 &^ bc3)
@@ -347,15 +349,15 @@
a[4] = bc4 ^ (bc1 &^ bc0)
t = a[5] ^ d0
- bc2 = t<<3 | t>>(64-3)
+ bc2 = bits.RotateLeft64(t, 3)
t = a[6] ^ d1
- bc3 = t<<45 | t>>(64-45)
+ bc3 = bits.RotateLeft64(t, 45)
t = a[7] ^ d2
- bc4 = t<<61 | t>>(64-61)
+ bc4 = bits.RotateLeft64(t, 61)
t = a[8] ^ d3
- bc0 = t<<28 | t>>(64-28)
+ bc0 = bits.RotateLeft64(t, 28)
t = a[9] ^ d4
- bc1 = t<<20 | t>>(64-20)
+ bc1 = bits.RotateLeft64(t, 20)
a[5] = bc0 ^ (bc2 &^ bc1)
a[6] = bc1 ^ (bc3 &^ bc2)
a[7] = bc2 ^ (bc4 &^ bc3)
@@ -363,15 +365,15 @@
a[9] = bc4 ^ (bc1 &^ bc0)
t = a[10] ^ d0
- bc4 = t<<18 | t>>(64-18)
+ bc4 = bits.RotateLeft64(t, 18)
t = a[11] ^ d1
- bc0 = t<<1 | t>>(64-1)
+ bc0 = bits.RotateLeft64(t, 1)
t = a[12] ^ d2
- bc1 = t<<6 | t>>(64-6)
+ bc1 = bits.RotateLeft64(t, 6)
t = a[13] ^ d3
- bc2 = t<<25 | t>>(64-25)
+ bc2 = bits.RotateLeft64(t, 25)
t = a[14] ^ d4
- bc3 = t<<8 | t>>(64-8)
+ bc3 = bits.RotateLeft64(t, 8)
a[10] = bc0 ^ (bc2 &^ bc1)
a[11] = bc1 ^ (bc3 &^ bc2)
a[12] = bc2 ^ (bc4 &^ bc3)
@@ -379,15 +381,15 @@
a[14] = bc4 ^ (bc1 &^ bc0)
t = a[15] ^ d0
- bc1 = t<<36 | t>>(64-36)
+ bc1 = bits.RotateLeft64(t, 36)
t = a[16] ^ d1
- bc2 = t<<10 | t>>(64-10)
+ bc2 = bits.RotateLeft64(t, 10)
t = a[17] ^ d2
- bc3 = t<<15 | t>>(64-15)
+ bc3 = bits.RotateLeft64(t, 15)
t = a[18] ^ d3
- bc4 = t<<56 | t>>(64-56)
+ bc4 = bits.RotateLeft64(t, 56)
t = a[19] ^ d4
- bc0 = t<<27 | t>>(64-27)
+ bc0 = bits.RotateLeft64(t, 27)
a[15] = bc0 ^ (bc2 &^ bc1)
a[16] = bc1 ^ (bc3 &^ bc2)
a[17] = bc2 ^ (bc4 &^ bc3)
@@ -395,15 +397,15 @@
a[19] = bc4 ^ (bc1 &^ bc0)
t = a[20] ^ d0
- bc3 = t<<41 | t>>(64-41)
+ bc3 = bits.RotateLeft64(t, 41)
t = a[21] ^ d1
- bc4 = t<<2 | t>>(64-2)
+ bc4 = bits.RotateLeft64(t, 2)
t = a[22] ^ d2
- bc0 = t<<62 | t>>(64-62)
+ bc0 = bits.RotateLeft64(t, 62)
t = a[23] ^ d3
- bc1 = t<<55 | t>>(64-55)
+ bc1 = bits.RotateLeft64(t, 55)
t = a[24] ^ d4
- bc2 = t<<39 | t>>(64-39)
+ bc2 = bits.RotateLeft64(t, 39)
a[20] = bc0 ^ (bc2 &^ bc1)
a[21] = bc1 ^ (bc3 &^ bc2)
a[22] = bc2 ^ (bc4 &^ bc3)
diff --git a/twofish/twofish.go b/twofish/twofish.go
index 1197d75..e4eeae1 100644
--- a/twofish/twofish.go
+++ b/twofish/twofish.go
@@ -18,7 +18,10 @@
// LibTomCrypt is free for all purposes under the public domain.
// It was heavily inspired by the go blowfish package.
-import "strconv"
+import (
+ "math/bits"
+ "strconv"
+)
// BlockSize is the constant block size of Twofish.
const BlockSize = 16
@@ -76,12 +79,12 @@
tmp[j] = 2*i + 1
}
B := h(tmp[:], key, 1)
- B = rol(B, 8)
+ B = bits.RotateLeft32(B, 8)
c.k[2*i] = A + B
// K[2i+1] = (A + 2B) <<< 9
- c.k[2*i+1] = rol(2*B+A, 9)
+ c.k[2*i+1] = bits.RotateLeft32(2*B+A, 9)
}
// Calculate sboxes
@@ -129,16 +132,6 @@
return uint32(src[0]) | uint32(src[1])<<8 | uint32(src[2])<<16 | uint32(src[3])<<24
}
-// rol returns x after a left circular rotation of y bits.
-func rol(x, y uint32) uint32 {
- return (x << (y & 31)) | (x >> (32 - (y & 31)))
-}
-
-// ror returns x after a right circular rotation of y bits.
-func ror(x, y uint32) uint32 {
- return (x >> (y & 31)) | (x << (32 - (y & 31)))
-}
-
// The RS matrix. See [TWOFISH] 4.3
var rs = [4][8]byte{
{0x01, 0xA4, 0x55, 0x87, 0x5A, 0x58, 0xDB, 0x9E},
@@ -282,13 +275,13 @@
k := c.k[8+i*4 : 12+i*4]
t2 := S2[byte(ib)] ^ S3[byte(ib>>8)] ^ S4[byte(ib>>16)] ^ S1[byte(ib>>24)]
t1 := S1[byte(ia)] ^ S2[byte(ia>>8)] ^ S3[byte(ia>>16)] ^ S4[byte(ia>>24)] + t2
- ic = ror(ic^(t1+k[0]), 1)
- id = rol(id, 1) ^ (t2 + t1 + k[1])
+ ic = bits.RotateLeft32(ic^(t1+k[0]), -1)
+ id = bits.RotateLeft32(id, 1) ^ (t2 + t1 + k[1])
t2 = S2[byte(id)] ^ S3[byte(id>>8)] ^ S4[byte(id>>16)] ^ S1[byte(id>>24)]
t1 = S1[byte(ic)] ^ S2[byte(ic>>8)] ^ S3[byte(ic>>16)] ^ S4[byte(ic>>24)] + t2
- ia = ror(ia^(t1+k[2]), 1)
- ib = rol(ib, 1) ^ (t2 + t1 + k[3])
+ ia = bits.RotateLeft32(ia^(t1+k[2]), -1)
+ ib = bits.RotateLeft32(ib, 1) ^ (t2 + t1 + k[3])
}
// Output with "undo last swap"
@@ -326,13 +319,13 @@
k := c.k[4+i*4 : 8+i*4]
t2 := S2[byte(id)] ^ S3[byte(id>>8)] ^ S4[byte(id>>16)] ^ S1[byte(id>>24)]
t1 := S1[byte(ic)] ^ S2[byte(ic>>8)] ^ S3[byte(ic>>16)] ^ S4[byte(ic>>24)] + t2
- ia = rol(ia, 1) ^ (t1 + k[2])
- ib = ror(ib^(t2+t1+k[3]), 1)
+ ia = bits.RotateLeft32(ia, 1) ^ (t1 + k[2])
+ ib = bits.RotateLeft32(ib^(t2+t1+k[3]), -1)
t2 = S2[byte(ib)] ^ S3[byte(ib>>8)] ^ S4[byte(ib>>16)] ^ S1[byte(ib>>24)]
t1 = S1[byte(ia)] ^ S2[byte(ia>>8)] ^ S3[byte(ia>>16)] ^ S4[byte(ia>>24)] + t2
- ic = rol(ic, 1) ^ (t1 + k[0])
- id = ror(id^(t2+t1+k[1]), 1)
+ ic = bits.RotateLeft32(ic, 1) ^ (t1 + k[0])
+ id = bits.RotateLeft32(id^(t2+t1+k[1]), -1)
}
// Undo pre-whitening
