sha3: simplify XOR functions

name old time/op new time/op delta PermutationFunction-4 398ns ± 0% 399ns ± 1% ~ (p=0.508 n=9+10) Sha3_512_MTU-4 8.34µs ± 1% 8.36µs ± 1% ~ (p=0.101 n=10+10) Sha3_384_MTU-4 6.00µs ± 0% 6.02µs ± 1% +0.47% (p=0.000 n=8+10) Sha3_256_MTU-4 4.78µs ± 0% 4.79µs ± 1% ~ (p=0.324 n=10+10) Sha3_224_MTU-4 4.57µs ± 1% 4.57µs ± 1% ~ (p=0.288 n=10+10) Shake128_MTU-4 3.87µs ± 0% 3.86µs ± 1% -0.22% (p=0.008 n=9+9) Shake256_MTU-4 4.17µs ± 0% 4.17µs ± 0% ~ (p=0.474 n=10+8) Shake256_16x-4 59.4µs ± 0% 59.7µs ± 0% +0.48% (p=0.000 n=9+8) Shake256_1MiB-4 3.19ms ± 1% 3.20ms ± 0% ~ (p=0.105 n=10+10) Sha3_512_1MiB-4 5.97ms ± 0% 6.01ms ± 0% +0.75% (p=0.000 n=10+10) name old speed new speed delta PermutationFunction-4 502MB/s ± 0% 502MB/s ± 0% ~ (p=0.497 n=9+10) Sha3_512_MTU-4 162MB/s ± 1% 161MB/s ± 1% ~ (p=0.101 n=10+10) Sha3_384_MTU-4 225MB/s ± 0% 224MB/s ± 1% -0.47% (p=0.000 n=8+10) Sha3_256_MTU-4 282MB/s ± 0% 282MB/s ± 1% ~ (p=0.325 n=10+10) Sha3_224_MTU-4 296MB/s ± 1% 295MB/s ± 1% ~ (p=0.280 n=10+10) Shake128_MTU-4 349MB/s ± 0% 350MB/s ± 1% +0.22% (p=0.008 n=9+9) Shake256_MTU-4 324MB/s ± 0% 324MB/s ± 0% ~ (p=0.459 n=10+8) Shake256_16x-4 276MB/s ± 0% 274MB/s ± 0% -0.48% (p=0.000 n=9+8) Shake256_1MiB-4 328MB/s ± 1% 327MB/s ± 0% ~ (p=0.105 n=10+10) Sha3_512_1MiB-4 176MB/s ± 0% 174MB/s ± 0% -0.74% (p=0.000 n=10+10) Change-Id: Ib8e571f3c9a0f84096df2f38ca96da197ad5be30 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/544815 Auto-Submit: Filippo Valsorda <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Reviewed-by: Cherry Mui <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Mauri de Souza Meneguzzo <[email protected]>
golang · May 6, 2024 · 10f366e · 10f366e
1 parent 905d78a
commit 10f366e
Show file tree

Hide file tree

Showing 5 changed files with 178 additions and 276 deletions.
diff --git a/sha3/sha3.go b/sha3/sha3.go
@@ -40,7 +40,7 @@ type state struct {
 	//      Extendable-Output Functions (May 2014)"
 	dsbyte byte
 
-	storage storageBuf
+	storage [maxRate]byte
 
 	// Specific to SHA-3 and SHAKE.
 	outputLen int             // the default output size in bytes
@@ -61,15 +61,15 @@ func (d *state) Reset() {
 		d.a[i] = 0
 	}
 	d.state = spongeAbsorbing
-	d.buf = d.storage.asBytes()[:0]
+	d.buf = d.storage[:0]
 }
 
 func (d *state) clone() *state {
 	ret := *d
 	if ret.state == spongeAbsorbing {
-		ret.buf = ret.storage.asBytes()[:len(ret.buf)]
+		ret.buf = ret.storage[:len(ret.buf)]
 	} else {
-		ret.buf = ret.storage.asBytes()[d.rate-cap(d.buf) : d.rate]
+		ret.buf = ret.storage[d.rate-cap(d.buf) : d.rate]
 	}
 
 	return &ret
@@ -83,13 +83,13 @@ func (d *state) permute() {
 		// If we're absorbing, we need to xor the input into the state
 		// before applying the permutation.
 		xorIn(d, d.buf)
-		d.buf = d.storage.asBytes()[:0]
+		d.buf = d.storage[:0]
 		keccakF1600(&d.a)
 	case spongeSqueezing:
 		// If we're squeezing, we need to apply the permutation before
 		// copying more output.
 		keccakF1600(&d.a)
-		d.buf = d.storage.asBytes()[:d.rate]
+		d.buf = d.storage[:d.rate]
 		copyOut(d, d.buf)
 	}
 }
@@ -98,15 +98,15 @@ func (d *state) permute() {
 // the multi-bitrate 10..1 padding rule, and permutes the state.
 func (d *state) padAndPermute(dsbyte byte) {
 	if d.buf == nil {
-		d.buf = d.storage.asBytes()[:0]
+		d.buf = d.storage[:0]
 	}
 	// Pad with this instance's domain-separator bits. We know that there's
 	// at least one byte of space in d.buf because, if it were full,
 	// permute would have been called to empty it. dsbyte also contains the
 	// first one bit for the padding. See the comment in the state struct.
 	d.buf = append(d.buf, dsbyte)
 	zerosStart := len(d.buf)
-	d.buf = d.storage.asBytes()[:d.rate]
+	d.buf = d.storage[:d.rate]
 	for i := zerosStart; i < d.rate; i++ {
 		d.buf[i] = 0
 	}
@@ -117,7 +117,7 @@ func (d *state) padAndPermute(dsbyte byte) {
 	// Apply the permutation
 	d.permute()
 	d.state = spongeSqueezing
-	d.buf = d.storage.asBytes()[:d.rate]
+	d.buf = d.storage[:d.rate]
 	copyOut(d, d.buf)
 }
 
@@ -128,7 +128,7 @@ func (d *state) Write(p []byte) (written int, err error) {
 		panic("sha3: Write after Read")
 	}
 	if d.buf == nil {
-		d.buf = d.storage.asBytes()[:0]
+		d.buf = d.storage[:0]
 	}
 	written = len(p)