keccak/sponge.go

package keccak

import "hash"

const Size = 256 / 8

const BlockSize = 1600/8 - Size*2

func round(a *[25]uint64) { roundGo(a) }

// digest implements hash.Hash
type digest struct {
	a      [25]uint64 // a[y][x][z]
	buf    [8]byte    // buf[0:ulen] holds a partial uint64
	ulen   int8
	dsbyte byte
	len    int
	size   int
}

func New256() hash.Hash { return &digest{size: 256 / 8, dsbyte: 0x06} }
func New512() hash.Hash { return &digest{size: 512 / 8, dsbyte: 0x06} }

func newKeccak256() hash.Hash { return &digest{size: 256 / 8, dsbyte: 0x01} }
func newKeccak512() hash.Hash { return &digest{size: 512 / 8, dsbyte: 0x01} }

func (d *digest) Size() int      { return d.size }
func (d *digest) BlockSize() int { return 200 - d.size*2 }

func (d *digest) Reset() {
	//fmt.Println("resetting")
	d.a = [25]uint64{}
	d.buf = [8]byte{}
	d.len = 0
}

func (d *digest) Write(b []byte) (int, error) {
	written := len(b)
	bs := d.BlockSize() / 8
	// fill buf first, if non-empty
	if d.ulen > 0 {
		n := copy(d.buf[d.ulen:], b)
		b = b[n:]
		d.ulen += int8(n)
		// flush?
		if int(d.ulen) == len(d.buf) {
			d.a[d.len] ^= le64dec(d.buf[:])
			d.len += 1
			d.ulen = 0
			if d.len == bs {
				d.flush()
			}
		}
	}
	// xor 8-byte chunks into the state
	for len(b) >= 8 {
		d.a[d.len] ^= le64dec(b)
		b = b[8:]
		d.len += 1
		if d.len == bs {
			d.flush()
		}
	} // len(b) < 8
	// store any remaining bytes
	if len(b) > 0 {
		d.ulen = int8(copy(d.buf[:], b))
	}
	return written, nil
}

func (d *digest) flush() {
	//fmt.Printf("Flushing with %d bytes\n", d.len*8 + int(d.ulen))
	keccakf(&d.a)
	d.len = 0
}

func keccakf(a *[25]uint64) {
	for i := 0; i < 24; i++ {
		round(a)
		a[0] ^= roundc[i]
	}
}

func (d *digest) clone() *digest {
	d0 := *d
	return &d0
}

func (d *digest) Sum(b []byte) []byte {
	d = d.clone()
	if d.ulen == 0 {
		d.a[d.len] ^= uint64(d.dsbyte)
	} else {
		d.buf[d.ulen] = d.dsbyte
		for i := int(d.ulen) + 1; i < len(d.buf); i++ {
			d.buf[i] = 0
		}
		d.a[d.len] ^= le64dec(d.buf[:])
	}

	bs := d.BlockSize() / 8
	d.a[bs-1] |= 0x80 << 56
	//d.len = bs
	d.flush()

	for i := 0; i < d.size/8; i++ {
		b = le64enc(b, d.a[i])
	}
	return b
}

func le64dec(b []byte) uint64 {
	_ = b[7]
	return uint64(b[0])<<0 | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56
}

func le64enc(b []byte, x uint64) []byte {
	return append(b, byte(x), byte(x>>8), byte(x>>16), byte(x>>24), byte(x>>32), byte(x>>40), byte(x>>48), byte(x>>56))
}
Initial commit. 2014-12-31 22:59:00 +00:00			`package keccak`

			`import "hash"`

Gofmt 2014-12-31 23:19:23 +00:00			`const Size = 256 / 8`
Initial commit. 2014-12-31 22:59:00 +00:00
			`const BlockSize = 1600/8 - Size*2`

avoid an indirect call 2024-10-06 02:22:41 +00:00			`func round(a *[25]uint64) { roundGo(a) }`
Generate a faster round function. 2015-01-01 00:40:56 +00:00
Initial commit. 2014-12-31 22:59:00 +00:00			`// digest implements hash.Hash`
			`type digest struct {`
Refactor: use [25]uint64 instead of [5][5]uint64. 2015-01-01 10:59:03 +00:00			`a [25]uint64 // a[y][x][z]`
reduce buffer size to 8 bytes instead of buffering an entire block, buffer only when the input is not aligned to 8 bytes, and otherwise xor uint64-sized chunks directly into the state. the code is a little more complicated but i think it's worth it. we could eliminate the buffer entirely but that requires either shenanigans with unsafe, or fiddly code to xor partial uint64s a caveat is that the implementation now only supports sponge capacities that are a multiple of 8. that's fine for the standard instantiations but may restrict unusual applications. not only does this let us reduce the buffer from 200 bytes to 8, it also provides a nice speedup name old time/op new time/op delta 256_8-2 1.45µs ± 0% 1.28µs ± 1% -11.58% (p=0.000 n=10+10) 256_1k-2 10.1µs ± 0% 9.3µs ± 0% -7.67% (p=0.000 n=10+10) 256_8k-2 75.6µs ± 0% 70.2µs ± 1% -7.09% (p=0.000 n=10+10) 512_8-2 1.39µs ± 1% 1.29µs ± 1% -6.85% (p=0.000 n=10+10) 512_1k-2 18.7µs ± 0% 17.0µs ± 0% -8.70% (p=0.000 n=9+10) 512_8k-2 146µs ± 1% 129µs ± 0% -11.70% (p=0.000 n=10+9) name old speed new speed delta 256_8-2 5.53MB/s ± 0% 6.25MB/s ± 0% +13.06% (p=0.000 n=10+10) 256_1k-2 102MB/s ± 0% 110MB/s ± 0% +8.30% (p=0.000 n=10+10) 256_8k-2 108MB/s ± 0% 117MB/s ± 1% +7.64% (p=0.000 n=10+10) 512_8-2 5.78MB/s ± 1% 6.20MB/s ± 1% +7.32% (p=0.000 n=10+10) 512_1k-2 54.9MB/s ± 0% 60.1MB/s ± 0% +9.53% (p=0.000 n=9+10) 512_8k-2 56.1MB/s ± 1% 63.5MB/s ± 0% +13.26% (p=0.000 n=10+9) 2024-10-06 07:42:36 +00:00			`buf [8]byte // buf[0:ulen] holds a partial uint64`
			`ulen int8`
Add 512-bit hash. Use SHA-3 padding. 2015-01-01 07:19:05 +00:00			`dsbyte byte`
Gofmt. 2015-01-01 07:59:40 +00:00			`len int`
			`size int`
Initial commit. 2014-12-31 22:59:00 +00:00			`}`

Gofmt. 2015-01-01 07:59:40 +00:00			`func New256() hash.Hash { return &digest{size: 256 / 8, dsbyte: 0x06} }`
			`func New512() hash.Hash { return &digest{size: 512 / 8, dsbyte: 0x06} }`
Add 512-bit hash. Use SHA-3 padding. 2015-01-01 07:19:05 +00:00
Gofmt. 2015-01-01 07:59:40 +00:00			`func newKeccak256() hash.Hash { return &digest{size: 256 / 8, dsbyte: 0x01} }`
			`func newKeccak512() hash.Hash { return &digest{size: 512 / 8, dsbyte: 0x01} }`
Initial commit. 2014-12-31 22:59:00 +00:00
Add 512-bit hash. Use SHA-3 padding. 2015-01-01 07:19:05 +00:00			`func (d *digest) Size() int { return d.size }`
			`func (d digest) BlockSize() int { return 200 - d.size2 }`
Initial commit. 2014-12-31 22:59:00 +00:00
			`func (d *digest) Reset() {`
Add 512-bit hash. Use SHA-3 padding. 2015-01-01 07:19:05 +00:00			`//fmt.Println("resetting")`
Refactor: use [25]uint64 instead of [5][5]uint64. 2015-01-01 10:59:03 +00:00			`d.a = [25]uint64{}`
reduce buffer size to 8 bytes instead of buffering an entire block, buffer only when the input is not aligned to 8 bytes, and otherwise xor uint64-sized chunks directly into the state. the code is a little more complicated but i think it's worth it. we could eliminate the buffer entirely but that requires either shenanigans with unsafe, or fiddly code to xor partial uint64s a caveat is that the implementation now only supports sponge capacities that are a multiple of 8. that's fine for the standard instantiations but may restrict unusual applications. not only does this let us reduce the buffer from 200 bytes to 8, it also provides a nice speedup name old time/op new time/op delta 256_8-2 1.45µs ± 0% 1.28µs ± 1% -11.58% (p=0.000 n=10+10) 256_1k-2 10.1µs ± 0% 9.3µs ± 0% -7.67% (p=0.000 n=10+10) 256_8k-2 75.6µs ± 0% 70.2µs ± 1% -7.09% (p=0.000 n=10+10) 512_8-2 1.39µs ± 1% 1.29µs ± 1% -6.85% (p=0.000 n=10+10) 512_1k-2 18.7µs ± 0% 17.0µs ± 0% -8.70% (p=0.000 n=9+10) 512_8k-2 146µs ± 1% 129µs ± 0% -11.70% (p=0.000 n=10+9) name old speed new speed delta 256_8-2 5.53MB/s ± 0% 6.25MB/s ± 0% +13.06% (p=0.000 n=10+10) 256_1k-2 102MB/s ± 0% 110MB/s ± 0% +8.30% (p=0.000 n=10+10) 256_8k-2 108MB/s ± 0% 117MB/s ± 1% +7.64% (p=0.000 n=10+10) 512_8-2 5.78MB/s ± 1% 6.20MB/s ± 1% +7.32% (p=0.000 n=10+10) 512_1k-2 54.9MB/s ± 0% 60.1MB/s ± 0% +9.53% (p=0.000 n=9+10) 512_8k-2 56.1MB/s ± 1% 63.5MB/s ± 0% +13.26% (p=0.000 n=10+9) 2024-10-06 07:42:36 +00:00			`d.buf = [8]byte{}`
Add 512-bit hash. Use SHA-3 padding. 2015-01-01 07:19:05 +00:00			`d.len = 0`
Initial commit. 2014-12-31 22:59:00 +00:00			`}`

			`func (d *digest) Write(b []byte) (int, error) {`
			`written := len(b)`
reduce buffer size to 8 bytes instead of buffering an entire block, buffer only when the input is not aligned to 8 bytes, and otherwise xor uint64-sized chunks directly into the state. the code is a little more complicated but i think it's worth it. we could eliminate the buffer entirely but that requires either shenanigans with unsafe, or fiddly code to xor partial uint64s a caveat is that the implementation now only supports sponge capacities that are a multiple of 8. that's fine for the standard instantiations but may restrict unusual applications. not only does this let us reduce the buffer from 200 bytes to 8, it also provides a nice speedup name old time/op new time/op delta 256_8-2 1.45µs ± 0% 1.28µs ± 1% -11.58% (p=0.000 n=10+10) 256_1k-2 10.1µs ± 0% 9.3µs ± 0% -7.67% (p=0.000 n=10+10) 256_8k-2 75.6µs ± 0% 70.2µs ± 1% -7.09% (p=0.000 n=10+10) 512_8-2 1.39µs ± 1% 1.29µs ± 1% -6.85% (p=0.000 n=10+10) 512_1k-2 18.7µs ± 0% 17.0µs ± 0% -8.70% (p=0.000 n=9+10) 512_8k-2 146µs ± 1% 129µs ± 0% -11.70% (p=0.000 n=10+9) name old speed new speed delta 256_8-2 5.53MB/s ± 0% 6.25MB/s ± 0% +13.06% (p=0.000 n=10+10) 256_1k-2 102MB/s ± 0% 110MB/s ± 0% +8.30% (p=0.000 n=10+10) 256_8k-2 108MB/s ± 0% 117MB/s ± 1% +7.64% (p=0.000 n=10+10) 512_8-2 5.78MB/s ± 1% 6.20MB/s ± 1% +7.32% (p=0.000 n=10+10) 512_1k-2 54.9MB/s ± 0% 60.1MB/s ± 0% +9.53% (p=0.000 n=9+10) 512_8k-2 56.1MB/s ± 1% 63.5MB/s ± 0% +13.26% (p=0.000 n=10+9) 2024-10-06 07:42:36 +00:00			`bs := d.BlockSize() / 8`
			`// fill buf first, if non-empty`
			`if d.ulen > 0 {`
			`n := copy(d.buf[d.ulen:], b)`
Initial commit. 2014-12-31 22:59:00 +00:00			`b = b[n:]`
reduce buffer size to 8 bytes instead of buffering an entire block, buffer only when the input is not aligned to 8 bytes, and otherwise xor uint64-sized chunks directly into the state. the code is a little more complicated but i think it's worth it. we could eliminate the buffer entirely but that requires either shenanigans with unsafe, or fiddly code to xor partial uint64s a caveat is that the implementation now only supports sponge capacities that are a multiple of 8. that's fine for the standard instantiations but may restrict unusual applications. not only does this let us reduce the buffer from 200 bytes to 8, it also provides a nice speedup name old time/op new time/op delta 256_8-2 1.45µs ± 0% 1.28µs ± 1% -11.58% (p=0.000 n=10+10) 256_1k-2 10.1µs ± 0% 9.3µs ± 0% -7.67% (p=0.000 n=10+10) 256_8k-2 75.6µs ± 0% 70.2µs ± 1% -7.09% (p=0.000 n=10+10) 512_8-2 1.39µs ± 1% 1.29µs ± 1% -6.85% (p=0.000 n=10+10) 512_1k-2 18.7µs ± 0% 17.0µs ± 0% -8.70% (p=0.000 n=9+10) 512_8k-2 146µs ± 1% 129µs ± 0% -11.70% (p=0.000 n=10+9) name old speed new speed delta 256_8-2 5.53MB/s ± 0% 6.25MB/s ± 0% +13.06% (p=0.000 n=10+10) 256_1k-2 102MB/s ± 0% 110MB/s ± 0% +8.30% (p=0.000 n=10+10) 256_8k-2 108MB/s ± 0% 117MB/s ± 1% +7.64% (p=0.000 n=10+10) 512_8-2 5.78MB/s ± 1% 6.20MB/s ± 1% +7.32% (p=0.000 n=10+10) 512_1k-2 54.9MB/s ± 0% 60.1MB/s ± 0% +9.53% (p=0.000 n=9+10) 512_8k-2 56.1MB/s ± 1% 63.5MB/s ± 0% +13.26% (p=0.000 n=10+9) 2024-10-06 07:42:36 +00:00			`d.ulen += int8(n)`
			`// flush?`
			`if int(d.ulen) == len(d.buf) {`
			`d.a[d.len] ^= le64dec(d.buf[:])`
			`d.len += 1`
			`d.ulen = 0`
			`if d.len == bs {`
			`d.flush()`
			`}`
			`}`
			`}`
			`// xor 8-byte chunks into the state`
			`for len(b) >= 8 {`
			`d.a[d.len] ^= le64dec(b)`
			`b = b[8:]`
			`d.len += 1`
Gofmt. 2015-01-01 07:59:40 +00:00			`if d.len == bs {`
Initial commit. 2014-12-31 22:59:00 +00:00			`d.flush()`
			`}`
reduce buffer size to 8 bytes instead of buffering an entire block, buffer only when the input is not aligned to 8 bytes, and otherwise xor uint64-sized chunks directly into the state. the code is a little more complicated but i think it's worth it. we could eliminate the buffer entirely but that requires either shenanigans with unsafe, or fiddly code to xor partial uint64s a caveat is that the implementation now only supports sponge capacities that are a multiple of 8. that's fine for the standard instantiations but may restrict unusual applications. not only does this let us reduce the buffer from 200 bytes to 8, it also provides a nice speedup name old time/op new time/op delta 256_8-2 1.45µs ± 0% 1.28µs ± 1% -11.58% (p=0.000 n=10+10) 256_1k-2 10.1µs ± 0% 9.3µs ± 0% -7.67% (p=0.000 n=10+10) 256_8k-2 75.6µs ± 0% 70.2µs ± 1% -7.09% (p=0.000 n=10+10) 512_8-2 1.39µs ± 1% 1.29µs ± 1% -6.85% (p=0.000 n=10+10) 512_1k-2 18.7µs ± 0% 17.0µs ± 0% -8.70% (p=0.000 n=9+10) 512_8k-2 146µs ± 1% 129µs ± 0% -11.70% (p=0.000 n=10+9) name old speed new speed delta 256_8-2 5.53MB/s ± 0% 6.25MB/s ± 0% +13.06% (p=0.000 n=10+10) 256_1k-2 102MB/s ± 0% 110MB/s ± 0% +8.30% (p=0.000 n=10+10) 256_8k-2 108MB/s ± 0% 117MB/s ± 1% +7.64% (p=0.000 n=10+10) 512_8-2 5.78MB/s ± 1% 6.20MB/s ± 1% +7.32% (p=0.000 n=10+10) 512_1k-2 54.9MB/s ± 0% 60.1MB/s ± 0% +9.53% (p=0.000 n=9+10) 512_8k-2 56.1MB/s ± 1% 63.5MB/s ± 0% +13.26% (p=0.000 n=10+9) 2024-10-06 07:42:36 +00:00			`} // len(b) < 8`
			`// store any remaining bytes`
			`if len(b) > 0 {`
			`d.ulen = int8(copy(d.buf[:], b))`
Initial commit. 2014-12-31 22:59:00 +00:00			`}`
			`return written, nil`
			`}`

			`func (d *digest) flush() {`
reduce buffer size to 8 bytes instead of buffering an entire block, buffer only when the input is not aligned to 8 bytes, and otherwise xor uint64-sized chunks directly into the state. the code is a little more complicated but i think it's worth it. we could eliminate the buffer entirely but that requires either shenanigans with unsafe, or fiddly code to xor partial uint64s a caveat is that the implementation now only supports sponge capacities that are a multiple of 8. that's fine for the standard instantiations but may restrict unusual applications. not only does this let us reduce the buffer from 200 bytes to 8, it also provides a nice speedup name old time/op new time/op delta 256_8-2 1.45µs ± 0% 1.28µs ± 1% -11.58% (p=0.000 n=10+10) 256_1k-2 10.1µs ± 0% 9.3µs ± 0% -7.67% (p=0.000 n=10+10) 256_8k-2 75.6µs ± 0% 70.2µs ± 1% -7.09% (p=0.000 n=10+10) 512_8-2 1.39µs ± 1% 1.29µs ± 1% -6.85% (p=0.000 n=10+10) 512_1k-2 18.7µs ± 0% 17.0µs ± 0% -8.70% (p=0.000 n=9+10) 512_8k-2 146µs ± 1% 129µs ± 0% -11.70% (p=0.000 n=10+9) name old speed new speed delta 256_8-2 5.53MB/s ± 0% 6.25MB/s ± 0% +13.06% (p=0.000 n=10+10) 256_1k-2 102MB/s ± 0% 110MB/s ± 0% +8.30% (p=0.000 n=10+10) 256_8k-2 108MB/s ± 0% 117MB/s ± 1% +7.64% (p=0.000 n=10+10) 512_8-2 5.78MB/s ± 1% 6.20MB/s ± 1% +7.32% (p=0.000 n=10+10) 512_1k-2 54.9MB/s ± 0% 60.1MB/s ± 0% +9.53% (p=0.000 n=9+10) 512_8k-2 56.1MB/s ± 1% 63.5MB/s ± 0% +13.26% (p=0.000 n=10+9) 2024-10-06 07:42:36 +00:00			`//fmt.Printf("Flushing with %d bytes\n", d.len*8 + int(d.ulen))`
Perform keccak-f in-place. 2014-12-31 23:17:55 +00:00			`keccakf(&d.a)`
Initial commit. 2014-12-31 22:59:00 +00:00			`d.len = 0`
			`}`

Refactor: use [25]uint64 instead of [5][5]uint64. 2015-01-01 10:59:03 +00:00			`func keccakf(a *[25]uint64) {`
Initial commit. 2014-12-31 22:59:00 +00:00			`for i := 0; i < 24; i++ {`
Generate a faster round function. 2015-01-01 00:40:56 +00:00			`round(a)`
Refactor: use [25]uint64 instead of [5][5]uint64. 2015-01-01 10:59:03 +00:00			`a[0] ^= roundc[i]`
Initial commit. 2014-12-31 22:59:00 +00:00			`}`
			`}`

add digest.clone method and use it in Sum 2024-10-06 03:16:35 +00:00			`func (d digest) clone() digest {`
			`d0 := *d`
			`return &d0`
			`}`

			`func (d *digest) Sum(b []byte) []byte {`
			`d = d.clone()`
reduce buffer size to 8 bytes instead of buffering an entire block, buffer only when the input is not aligned to 8 bytes, and otherwise xor uint64-sized chunks directly into the state. the code is a little more complicated but i think it's worth it. we could eliminate the buffer entirely but that requires either shenanigans with unsafe, or fiddly code to xor partial uint64s a caveat is that the implementation now only supports sponge capacities that are a multiple of 8. that's fine for the standard instantiations but may restrict unusual applications. not only does this let us reduce the buffer from 200 bytes to 8, it also provides a nice speedup name old time/op new time/op delta 256_8-2 1.45µs ± 0% 1.28µs ± 1% -11.58% (p=0.000 n=10+10) 256_1k-2 10.1µs ± 0% 9.3µs ± 0% -7.67% (p=0.000 n=10+10) 256_8k-2 75.6µs ± 0% 70.2µs ± 1% -7.09% (p=0.000 n=10+10) 512_8-2 1.39µs ± 1% 1.29µs ± 1% -6.85% (p=0.000 n=10+10) 512_1k-2 18.7µs ± 0% 17.0µs ± 0% -8.70% (p=0.000 n=9+10) 512_8k-2 146µs ± 1% 129µs ± 0% -11.70% (p=0.000 n=10+9) name old speed new speed delta 256_8-2 5.53MB/s ± 0% 6.25MB/s ± 0% +13.06% (p=0.000 n=10+10) 256_1k-2 102MB/s ± 0% 110MB/s ± 0% +8.30% (p=0.000 n=10+10) 256_8k-2 108MB/s ± 0% 117MB/s ± 1% +7.64% (p=0.000 n=10+10) 512_8-2 5.78MB/s ± 1% 6.20MB/s ± 1% +7.32% (p=0.000 n=10+10) 512_1k-2 54.9MB/s ± 0% 60.1MB/s ± 0% +9.53% (p=0.000 n=9+10) 512_8k-2 56.1MB/s ± 1% 63.5MB/s ± 0% +13.26% (p=0.000 n=10+9) 2024-10-06 07:42:36 +00:00			`if d.ulen == 0 {`
			`d.a[d.len] ^= uint64(d.dsbyte)`
			`} else {`
			`d.buf[d.ulen] = d.dsbyte`
			`for i := int(d.ulen) + 1; i < len(d.buf); i++ {`
			`d.buf[i] = 0`
			`}`
			`d.a[d.len] ^= le64dec(d.buf[:])`
Initial commit. 2014-12-31 22:59:00 +00:00			`}`
reduce buffer size to 8 bytes instead of buffering an entire block, buffer only when the input is not aligned to 8 bytes, and otherwise xor uint64-sized chunks directly into the state. the code is a little more complicated but i think it's worth it. we could eliminate the buffer entirely but that requires either shenanigans with unsafe, or fiddly code to xor partial uint64s a caveat is that the implementation now only supports sponge capacities that are a multiple of 8. that's fine for the standard instantiations but may restrict unusual applications. not only does this let us reduce the buffer from 200 bytes to 8, it also provides a nice speedup name old time/op new time/op delta 256_8-2 1.45µs ± 0% 1.28µs ± 1% -11.58% (p=0.000 n=10+10) 256_1k-2 10.1µs ± 0% 9.3µs ± 0% -7.67% (p=0.000 n=10+10) 256_8k-2 75.6µs ± 0% 70.2µs ± 1% -7.09% (p=0.000 n=10+10) 512_8-2 1.39µs ± 1% 1.29µs ± 1% -6.85% (p=0.000 n=10+10) 512_1k-2 18.7µs ± 0% 17.0µs ± 0% -8.70% (p=0.000 n=9+10) 512_8k-2 146µs ± 1% 129µs ± 0% -11.70% (p=0.000 n=10+9) name old speed new speed delta 256_8-2 5.53MB/s ± 0% 6.25MB/s ± 0% +13.06% (p=0.000 n=10+10) 256_1k-2 102MB/s ± 0% 110MB/s ± 0% +8.30% (p=0.000 n=10+10) 256_8k-2 108MB/s ± 0% 117MB/s ± 1% +7.64% (p=0.000 n=10+10) 512_8-2 5.78MB/s ± 1% 6.20MB/s ± 1% +7.32% (p=0.000 n=10+10) 512_1k-2 54.9MB/s ± 0% 60.1MB/s ± 0% +9.53% (p=0.000 n=9+10) 512_8k-2 56.1MB/s ± 1% 63.5MB/s ± 0% +13.26% (p=0.000 n=10+9) 2024-10-06 07:42:36 +00:00
			`bs := d.BlockSize() / 8`
			`d.a[bs-1] \|= 0x80 << 56`
			`//d.len = bs`
Initial commit. 2014-12-31 22:59:00 +00:00			`d.flush()`

Add 512-bit hash. Use SHA-3 padding. 2015-01-01 07:19:05 +00:00			`for i := 0; i < d.size/8; i++ {`
Refactor: use [25]uint64 instead of [5][5]uint64. 2015-01-01 10:59:03 +00:00			`b = le64enc(b, d.a[i])`
Add 512-bit hash. Use SHA-3 padding. 2015-01-01 07:19:05 +00:00			`}`
Initial commit. 2014-12-31 22:59:00 +00:00			`return b`
			`}`

Combine keccakf steps. 2014-12-31 23:11:40 +00:00			`func le64dec(b []byte) uint64 {`
help the bounds checker in le64dec 2024-10-06 07:46:11 +00:00			`_ = b[7]`
Gofmt 2014-12-31 23:19:23 +00:00			`return uint64(b[0])<<0 \| uint64(b[1])<<8 \| uint64(b[2])<<16 \| uint64(b[3])<<24 \| uint64(b[4])<<32 \| uint64(b[5])<<40 \| uint64(b[6])<<48 \| uint64(b[7])<<56`
Combine keccakf steps. 2014-12-31 23:11:40 +00:00			`}`

Initial commit. 2014-12-31 22:59:00 +00:00			`func le64enc(b []byte, x uint64) []byte {`
			`return append(b, byte(x), byte(x>>8), byte(x>>16), byte(x>>24), byte(x>>32), byte(x>>40), byte(x>>48), byte(x>>56))`
			`}`