Rework internals of transform!(::SHA3_CTX) to use tuples

Author: martinholters

src/constants.jl

@@ -138,13 +138,13 @@ const SHA3_ROUND_CONSTS = UInt64[
 ]
 
 # Rotation constants for SHA3 rounds
-const SHA3_ROTC = UInt64[
-    1,  3,  6,  10, 15, 21, 28, 36, 45, 55, 2,  14,
-    27, 41, 56, 8,  25, 43, 62, 18, 39, 61, 20, 44
-]
+const SHA3_ROTC = (
+     0,  1, 62, 28, 27, 36, 44,  6, 55, 20,  3, 10, 43,
+    25, 39, 41, 45, 15, 21,  8, 18,  2, 61, 56, 14,
+)
 
 # Permutation indices for SHA3 rounds (+1'ed so as to work with julia's 1-based indexing)
-const SHA3_PILN = Int[
-    11, 8,  12, 18, 19, 4, 6,  17, 9,  22, 25, 5,
-    16, 24, 20, 14, 13, 3, 21, 15, 23, 10,  7,  2
-]
+const SHA3_PILN = (
+     1,  7, 13, 19, 25,  4, 10, 11, 17, 23,  2,  8, 14,
+    20, 21,  5,  6, 12, 18, 24,  3,  9, 15, 16, 22,
+)

src/sha3.jl

@@ -1,51 +1,47 @@
+@inline function keccak_theta(state::NTuple{25,UInt64})
+    C = ntuple(i -> state[i] ⊻ state[i + 5] ⊻ state[i + 10] ⊻ state[i + 15] ⊻ state[i + 20], Val(5))
+    D = ntuple(i -> C[rem(i + 3, 5) + 1] ⊻ L64(1, C[rem(i, 5) + 1]), Val(5))
+    return ntuple(k -> state[k] ⊻ D[rem(k - 1, 5) + 1], Val(25))
+end
+
+@inline keccak_rho(state::NTuple{25,UInt64}) =
+    ntuple(k -> bitrotate(state[k], SHA3_ROTC[k]), Val(25))
+
+@inline keccak_pi(state::NTuple{25,UInt64}) =
+    ntuple(k -> state[SHA3_PILN[k]], Val(25))
+
+@inline function keccak_chi(state::NTuple{25,UInt64})
+    return ntuple(
+        k -> let j = k - rem(k - 1, 5)
+            state[k] ⊻ (~state[rem(k, 5) + j] & state[rem(k + 1, 5) + j])
+        end,
+        Val(25)
+    )
+end
+
+@inline keccak_iota(round, state::NTuple{25,UInt64}) =
+    (state[1] ⊻ SHA3_ROUND_CONSTS[round+1], state[2:end]...)
+
 function transform!(context::T) where {T<:SHA3_CTX}
     # First, update state with buffer
     pbuf = Ptr{eltype(context.state)}(pointer(context.buffer))
     for idx in 1:div(blocklen(T),8)
         context.state[idx] = context.state[idx] ⊻ unsafe_load(pbuf, idx)
     end
-    bc = context.bc
-    state = context.state
-
-    # We always assume 24 rounds
-    @inbounds for round in 0:23
-        # Theta function
-        for i in 1:5
-            bc[i] = state[i] ⊻ state[i + 5] ⊻ state[i + 10] ⊻ state[i + 15] ⊻ state[i + 20]
-        end
-
-        for i in 0:4
-            temp = bc[rem(i + 4, 5) + 1] ⊻ L64(1, bc[rem(i + 1, 5) + 1])
-            j = 0
-            while j <= 20
-                state[Int(i + j + 1)] = state[i + j + 1] ⊻ temp
-                j += 5
-            end
-        end
 
-        # Rho Pi
-        temp = state[2]
-        for i in 1:24
-            j = SHA3_PILN[i]
-            bc[1] = state[j]
-            state[j] = L64(SHA3_ROTC[i], temp)
-            temp = bc[1]
-        end
+    state = let s = context.state; ntuple(i -> s[i], Val(25)); end
 
-        # Chi
-        j = 0
-        while j <= 20
-            for i in 1:5
-                bc[i] = state[i + j]
-            end
-            for i in 0:4
-                state[j + i + 1] = state[j + i + 1] ⊻ (~bc[rem(i + 1, 5) + 1] & bc[rem(i + 2, 5) + 1])
-            end
-            j += 5
-        end
+    # We always assume 24 rounds
+    for round in 0:23
+        state = keccak_theta(state)
+        state = keccak_rho(state)
+        state = keccak_pi(state)
+        state = keccak_chi(state)
+        state = keccak_iota(round, state)
+    end
 
-        # Iota
-        state[1] = state[1] ⊻ SHA3_ROUND_CONSTS[round+1]
+    for k in 1:25
+        context.state[k] = state[k]
     end
 
     return context.state

src/shake.jl

@@ -4,14 +4,12 @@ mutable struct SHAKE_128_CTX <: SHAKE
     state::Vector{UInt64}
     bytecount::UInt128
     buffer::Vector{UInt8}
-    bc::Vector{UInt64}
     used::Bool
 end
 mutable struct SHAKE_256_CTX <: SHAKE
     state::Vector{UInt64}
     bytecount::UInt128
     buffer::Vector{UInt8}
-    bc::Vector{UInt64}
     used::Bool
 end
 
@@ -22,8 +20,8 @@ blocklen(::Type{SHAKE_256_CTX}) = UInt64(25*8 - 2*digestlen(SHAKE_256_CTX))
 buffer_pointer(ctx::T) where {T<:SHAKE} = Ptr{state_type(T)}(pointer(ctx.buffer))
 
 # construct an empty SHA context
-SHAKE_128_CTX() = SHAKE_128_CTX(zeros(UInt64, 25), 0, zeros(UInt8, blocklen(SHAKE_128_CTX)), Vector{UInt64}(undef, 5), false)
-SHAKE_256_CTX() = SHAKE_256_CTX(zeros(UInt64, 25), 0, zeros(UInt8, blocklen(SHAKE_256_CTX)), Vector{UInt64}(undef, 5), false)
+SHAKE_128_CTX() = SHAKE_128_CTX(zeros(UInt64, 25), 0, zeros(UInt8, blocklen(SHAKE_128_CTX)), false)
+SHAKE_256_CTX() = SHAKE_256_CTX(zeros(UInt64, 25), 0, zeros(UInt8, blocklen(SHAKE_256_CTX)), false)
 
 function transform!(context::T) where {T<:SHAKE}
     # First, update state with buffer
@@ -34,40 +32,22 @@ function transform!(context::T) where {T<:SHAKE}
             context.state[idx] = context.state[idx] ⊻ unsafe_load(pbuf, idx)
         end
     end 
-    bc = context.bc
-    state = context.state
+
+    state = let s = context.state; ntuple(i -> s[i], Val(25)); end
+
     # We always assume 24 rounds
-    @inbounds for round in 0:23
-        # Theta function
-        for i in 1:5
-            bc[i] = state[i] ⊻ state[i + 5] ⊻ state[i + 10] ⊻ state[i + 15] ⊻ state[i + 20]
-        end
-        for i in 0:4
-            temp = bc[rem(i + 4, 5) + 1] ⊻ L64(1, bc[rem(i + 1, 5) + 1])
-            for j in 0:5:20
-                state[Int(i + j + 1)] = state[i + j + 1] ⊻ temp
-            end
-        end
-        # Rho Pi
-        temp = state[2]
-        for i in 1:24
-            j = SHA3_PILN[i]
-            bc[1] = state[j]
-            state[j] = L64(SHA3_ROTC[i], temp)
-            temp = bc[1]
-        end
-        # Chi
-        for j in 0:5:20
-            for i in 1:5
-                bc[i] = state[i + j]
-            end
-            for i in 0:4
-                state[j + i + 1] = state[j + i + 1] ⊻ (~bc[rem(i + 1, 5) + 1] & bc[rem(i + 2, 5) + 1])
-            end
-        end
-        # Iota
-        state[1] = state[1] ⊻ SHA3_ROUND_CONSTS[round+1]
+    for round in 0:23
+        state = keccak_theta(state)
+        state = keccak_rho(state)
+        state = keccak_pi(state)
+        state = keccak_chi(state)
+        state = keccak_iota(round, state)
+    end
+
+    for k in 1:25
+        context.state[k] = state[k]
     end
+
     return context.state
 end
 function digest!(context::T,d::UInt,p::Ptr{UInt8}) where {T<:SHAKE}

src/types.jl

@@ -72,28 +72,24 @@ mutable struct SHA3_224_CTX <: SHA3_CTX
     state::Vector{UInt64}
     bytecount::UInt128
     buffer::Vector{UInt8}
-    bc::Vector{UInt64}
     used::Bool
 end
 mutable struct SHA3_256_CTX <: SHA3_CTX
     state::Vector{UInt64}
     bytecount::UInt128
     buffer::Vector{UInt8}
-    bc::Vector{UInt64}
     used::Bool
 end
 mutable struct SHA3_384_CTX <: SHA3_CTX
     state::Vector{UInt64}
     bytecount::UInt128
     buffer::Vector{UInt8}
-    bc::Vector{UInt64}
     used::Bool
 end
 mutable struct SHA3_512_CTX <: SHA3_CTX
     state::Vector{UInt64}
     bytecount::UInt128
     buffer::Vector{UInt8}
-    bc::Vector{UInt64}
     used::Bool
 end
 
@@ -189,25 +185,25 @@ SHA2_512_256_CTX() = SHA2_512_256_CTX(copy(SHA2_512_256_initial_hash_value), 0,
 
 Construct an empty SHA3_224 context.
 """
-SHA3_224_CTX() = SHA3_224_CTX(zeros(UInt64, 25), 0, zeros(UInt8, blocklen(SHA3_224_CTX)), Vector{UInt64}(undef, 5), false)
+SHA3_224_CTX() = SHA3_224_CTX(zeros(UInt64, 25), 0, zeros(UInt8, blocklen(SHA3_224_CTX)), false)
 """
     SHA3_256_CTX()
 
 Construct an empty SHA3_256 context.
 """
-SHA3_256_CTX() = SHA3_256_CTX(zeros(UInt64, 25), 0, zeros(UInt8, blocklen(SHA3_256_CTX)), Vector{UInt64}(undef, 5), false)
+SHA3_256_CTX() = SHA3_256_CTX(zeros(UInt64, 25), 0, zeros(UInt8, blocklen(SHA3_256_CTX)), false)
 """
     SHA3_384_CTX()
 
 Construct an empty SHA3_384 context.
 """
-SHA3_384_CTX() = SHA3_384_CTX(zeros(UInt64, 25), 0, zeros(UInt8, blocklen(SHA3_384_CTX)), Vector{UInt64}(undef, 5), false)
+SHA3_384_CTX() = SHA3_384_CTX(zeros(UInt64, 25), 0, zeros(UInt8, blocklen(SHA3_384_CTX)), false)
 """
     SHA3_512_CTX()
 
 Construct an empty SHA3_512 context.
 """
-SHA3_512_CTX() = SHA3_512_CTX(zeros(UInt64, 25), 0, zeros(UInt8, blocklen(SHA3_512_CTX)), Vector{UInt64}(undef, 5), false)
+SHA3_512_CTX() = SHA3_512_CTX(zeros(UInt64, 25), 0, zeros(UInt8, blocklen(SHA3_512_CTX)), false)
 
 # SHA1 is special; he needs extra workspace
 """
@@ -221,7 +217,7 @@ SHA1_CTX() = SHA1_CTX(copy(SHA1_initial_hash_value), 0, zeros(UInt8, blocklen(SH
 # Copy functions
 copy(ctx::T) where {T<:SHA1_CTX} = T(copy(ctx.state), ctx.bytecount, copy(ctx.buffer), copy(ctx.W), ctx.used)
 copy(ctx::T) where {T<:SHA2_CTX} = T(copy(ctx.state), ctx.bytecount, copy(ctx.buffer), ctx.used)
-copy(ctx::T) where {T<:SHA3_CTX} = T(copy(ctx.state), ctx.bytecount, copy(ctx.buffer), Vector{UInt64}(undef, 5), ctx.used)
+copy(ctx::T) where {T<:SHA3_CTX} = T(copy(ctx.state), ctx.bytecount, copy(ctx.buffer), ctx.used)
 
 
 # Make printing these types a little friendlier