Swap x and y.

2014-12-31 15:15:49 -08:00 · 2014-12-31 15:15:49 -08:00 · 5ee886a4b3
commit 5ee886a4b3
parent 0ed98686b8
4 changed files with 25 additions and 25 deletions
--- a/const.go
+++ b/const.go
@ -1,3 +1,3 @@
 package keccak
 var RC = [24]uint64{0x0000000000000001, 0x0000000000008082, 0x800000000000808a, 0x8000000080008000, 0x000000000000808b, 0x0000000080000001, 0x8000000080008081, 0x8000000000008009, 0x000000000000008a, 0x0000000000000088, 0x0000000080008009, 0x000000008000000a, 0x000000008000808b, 0x800000000000008b, 0x8000000000008089, 0x8000000000008003, 0x8000000000008002, 0x8000000000000080, 0x000000000000800a, 0x800000008000000a, 0x8000000080008081, 0x8000000000008080, 0x0000000080000001, 0x8000000080008008}
-var rotc = [5][5]uint{[5]uint{0x0, 0x24, 0x3, 0x29, 0x12}, [5]uint{0x1, 0x2c, 0xa, 0x2d, 0x2}, [5]uint{0x3e, 0x6, 0x2b, 0xf, 0x3d}, [5]uint{0x1c, 0x37, 0x19, 0x15, 0x38}, [5]uint{0x1b, 0x14, 0x27, 0x8, 0xe}}
+var rotc = [5][5]uint{[5]uint{0x0, 0x1, 0x3e, 0x1c, 0x1b}, [5]uint{0x24, 0x2c, 0x6, 0x37, 0x14}, [5]uint{0x3, 0xa, 0x2b, 0x19, 0x27}, [5]uint{0x29, 0x2d, 0xf, 0x15, 0x8}, [5]uint{0x12, 0x2, 0x3d, 0x38, 0xe}}
--- a/genconst.go
+++ b/genconst.go
@ -20,7 +20,7 @@ func main() {
 	var rot [5][5]uint
 	x, y := 1, 0
 	for i := 0; i < 24; i++ {
-		rot[x][y] = uint((i+1)*(i+2)/2)%64
+		rot[y][x] = uint((i+1)*(i+2)/2)%64
 		x, y = y, (2*x+3*y)%5
 	}
 	fmt.Printf("var rotc = %#v\n", rot)
--- a/keccak.go
+++ b/keccak.go
@ -5,35 +5,35 @@ func roundGeneric(a [5][5]uint64) [5][5]uint64 {
 	// Theta
 	var c [5]uint64
 	for x := range a {
-		c[x] = a[x][0] ^ a[x][1] ^ a[x][2] ^ a[x][3] ^ a[x][4]
+		c[x] = a[0][x] ^ a[1][x] ^ a[2][x] ^ a[3][x] ^ a[4][x]
 	}
-	for x := range a {
+	for x := range a[0] {
 		x0, x1 := (x+4)%5, (x+1)%5
-		a[x][0] ^= c[x0] ^ rotl(c[x1], 1)
-		a[x][1] ^= c[x0] ^ rotl(c[x1], 1)
-		a[x][2] ^= c[x0] ^ rotl(c[x1], 1)
-		a[x][3] ^= c[x0] ^ rotl(c[x1], 1)
-		a[x][4] ^= c[x0] ^ rotl(c[x1], 1)
+		a[0][x] ^= c[x0] ^ rotl(c[x1], 1)
+		a[1][x] ^= c[x0] ^ rotl(c[x1], 1)
+		a[2][x] ^= c[x0] ^ rotl(c[x1], 1)
+		a[3][x] ^= c[x0] ^ rotl(c[x1], 1)
+		a[4][x] ^= c[x0] ^ rotl(c[x1], 1)
 	}

 	// Rho and pi
 	var b [5][5]uint64
-	for x := range a {
-		for y := range a[0] {
+	for y := range a {
+		for x := range a[0] {
 			x0 := y
 			y0 := (x*2 + y*3) % 5
-			b[x0][y0] = rotl(a[x][y], rotc[x][y])
+			b[y0][x0] = rotl(a[y][x], rotc[y][x])
 		}
 	}

 	// Chi
 	for y := range a[0] {
-		c := [5]uint64{b[0][y], b[1][y], b[2][y], b[3][y], b[4][y]}
-		a[0][y] = b[0][y] ^ ^c[1] & c[2]
-		a[1][y] = b[1][y] ^ ^c[2] & c[3]
-		a[2][y] = b[2][y] ^ ^c[3] & c[4]
-		a[3][y] = b[3][y] ^ ^c[4] & c[0]
-		a[4][y] = b[4][y] ^ ^c[0] & c[1]
+		c := [5]uint64{b[y][0], b[y][1], b[y][2], b[y][3], b[y][4]}
+		a[y][0] = b[y][0] ^ ^c[1] & c[2]
+		a[y][1] = b[y][1] ^ ^c[2] & c[3]
+		a[y][2] = b[y][2] ^ ^c[3] & c[4]
+		a[y][3] = b[y][3] ^ ^c[4] & c[0]
+		a[y][4] = b[y][4] ^ ^c[0] & c[1]
 	}

 	return a
--- a/sponge.go
+++ b/sponge.go
@ -8,7 +8,7 @@ const BlockSize = 1600/8 - Size*2

 // digest implements hash.Hash
 type digest struct {
-	a [5][5]uint64
+	a [5][5]uint64 // a[y][x][z]
 	buf [BlockSize]byte
 	len int
 }
@ -40,12 +40,12 @@ func (d *digest) Write(b []byte) (int, error) {
 func (d *digest) flush() {
 	b := d.buf[:]
 loop:
-	for y := range d.a[0] {
-		for  x := range d.a {
+	for y := range d.a {
+		for  x := range d.a[0] {
 			if len(b) == 0 {
 				break loop
 			}
-			d.a[x][y] ^= le64dec(b)
+			d.a[y][x] ^= le64dec(b)
 			b = b[8:]
 		}
 	}
@ -71,9 +71,9 @@ func (d0 *digest) Sum(b []byte) []byte {
 	d.flush()

 	b = le64enc(b, d.a[0][0])
-	b = le64enc(b, d.a[1][0])
-	b = le64enc(b, d.a[2][0])
-	b = le64enc(b, d.a[3][0])
+	b = le64enc(b, d.a[0][1])
+	b = le64enc(b, d.a[0][2])
+	b = le64enc(b, d.a[0][3])
 	return b
 }