sha3: simplify XOR functions

name                   old time/op   new time/op   delta
PermutationFunction-4    398ns ± 0%    399ns ± 1%    ~     (p=0.508 n=9+10)
Sha3_512_MTU-4          8.34µs ± 1%   8.36µs ± 1%    ~     (p=0.101 n=10+10)
Sha3_384_MTU-4          6.00µs ± 0%   6.02µs ± 1%  +0.47%  (p=0.000 n=8+10)
Sha3_256_MTU-4          4.78µs ± 0%   4.79µs ± 1%    ~     (p=0.324 n=10+10)
Sha3_224_MTU-4          4.57µs ± 1%   4.57µs ± 1%    ~     (p=0.288 n=10+10)
Shake128_MTU-4          3.87µs ± 0%   3.86µs ± 1%  -0.22%  (p=0.008 n=9+9)
Shake256_MTU-4          4.17µs ± 0%   4.17µs ± 0%    ~     (p=0.474 n=10+8)
Shake256_16x-4          59.4µs ± 0%   59.7µs ± 0%  +0.48%  (p=0.000 n=9+8)
Shake256_1MiB-4         3.19ms ± 1%   3.20ms ± 0%    ~     (p=0.105 n=10+10)
Sha3_512_1MiB-4         5.97ms ± 0%   6.01ms ± 0%  +0.75%  (p=0.000 n=10+10)

name                   old speed     new speed     delta
PermutationFunction-4  502MB/s ± 0%  502MB/s ± 0%    ~     (p=0.497 n=9+10)
Sha3_512_MTU-4         162MB/s ± 1%  161MB/s ± 1%    ~     (p=0.101 n=10+10)
Sha3_384_MTU-4         225MB/s ± 0%  224MB/s ± 1%  -0.47%  (p=0.000 n=8+10)
Sha3_256_MTU-4         282MB/s ± 0%  282MB/s ± 1%    ~     (p=0.325 n=10+10)
Sha3_224_MTU-4         296MB/s ± 1%  295MB/s ± 1%    ~     (p=0.280 n=10+10)
Shake128_MTU-4         349MB/s ± 0%  350MB/s ± 1%  +0.22%  (p=0.008 n=9+9)
Shake256_MTU-4         324MB/s ± 0%  324MB/s ± 0%    ~     (p=0.459 n=10+8)
Shake256_16x-4         276MB/s ± 0%  274MB/s ± 0%  -0.48%  (p=0.000 n=9+8)
Shake256_1MiB-4        328MB/s ± 1%  327MB/s ± 0%    ~     (p=0.105 n=10+10)
Sha3_512_1MiB-4        176MB/s ± 0%  174MB/s ± 0%  -0.74%  (p=0.000 n=10+10)

Change-Id: Ib8e571f3c9a0f84096df2f38ca96da197ad5be30
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/544815
Auto-Submit: Filippo Valsorda <[email protected]>
Reviewed-by: Roland Shoemaker <[email protected]>
Reviewed-by: Cherry Mui <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Mauri de Souza Meneguzzo <[email protected]>

Author: FiloSottile

sha3/sha3.go

@@ -40,7 +40,7 @@ type state struct {
 	//      Extendable-Output Functions (May 2014)"
 	dsbyte byte
 
-	storage storageBuf
+	storage [maxRate]byte
 
 	// Specific to SHA-3 and SHAKE.
 	outputLen int             // the default output size in bytes
@@ -61,15 +61,15 @@ func (d *state) Reset() {
 		d.a[i] = 0
 	}
 	d.state = spongeAbsorbing
-	d.buf = d.storage.asBytes()[:0]
+	d.buf = d.storage[:0]
 }
 
 func (d *state) clone() *state {
 	ret := *d
 	if ret.state == spongeAbsorbing {
-		ret.buf = ret.storage.asBytes()[:len(ret.buf)]
+		ret.buf = ret.storage[:len(ret.buf)]
 	} else {
-		ret.buf = ret.storage.asBytes()[d.rate-cap(d.buf) : d.rate]
+		ret.buf = ret.storage[d.rate-cap(d.buf) : d.rate]
 	}
 
 	return &ret
@@ -83,13 +83,13 @@ func (d *state) permute() {
 		// If we're absorbing, we need to xor the input into the state
 		// before applying the permutation.
 		xorIn(d, d.buf)
-		d.buf = d.storage.asBytes()[:0]
+		d.buf = d.storage[:0]
 		keccakF1600(&d.a)
 	case spongeSqueezing:
 		// If we're squeezing, we need to apply the permutation before
 		// copying more output.
 		keccakF1600(&d.a)
-		d.buf = d.storage.asBytes()[:d.rate]
+		d.buf = d.storage[:d.rate]
 		copyOut(d, d.buf)
 	}
 }
@@ -98,15 +98,15 @@ func (d *state) permute() {
 // the multi-bitrate 10..1 padding rule, and permutes the state.
 func (d *state) padAndPermute(dsbyte byte) {
 	if d.buf == nil {
-		d.buf = d.storage.asBytes()[:0]
+		d.buf = d.storage[:0]
 	}
 	// Pad with this instance's domain-separator bits. We know that there's
 	// at least one byte of space in d.buf because, if it were full,
 	// permute would have been called to empty it. dsbyte also contains the
 	// first one bit for the padding. See the comment in the state struct.
 	d.buf = append(d.buf, dsbyte)
 	zerosStart := len(d.buf)
-	d.buf = d.storage.asBytes()[:d.rate]
+	d.buf = d.storage[:d.rate]
 	for i := zerosStart; i < d.rate; i++ {
 		d.buf[i] = 0
 	}
@@ -117,7 +117,7 @@ func (d *state) padAndPermute(dsbyte byte) {
 	// Apply the permutation
 	d.permute()
 	d.state = spongeSqueezing
-	d.buf = d.storage.asBytes()[:d.rate]
+	d.buf = d.storage[:d.rate]
 	copyOut(d, d.buf)
 }
 
@@ -128,7 +128,7 @@ func (d *state) Write(p []byte) (written int, err error) {
 		panic("sha3: Write after Read")
 	}
 	if d.buf == nil {
-		d.buf = d.storage.asBytes()[:0]
+		d.buf = d.storage[:0]
 	}
 	written = len(p)