aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMattias Andrée <maandree@operamail.com>2013-02-04 04:19:22 +0100
committerMattias Andrée <maandree@operamail.com>2013-02-04 04:19:22 +0100
commitff90defe010e01862bea0251ce6eff688f7aee7d (patch)
tree9e84409f922ab4ac20b1678947e1cdb75a6e20a6
parentadd gitignore (diff)
downloadsha3sum-ff90defe010e01862bea0251ce6eff688f7aee7d.tar.gz
sha3sum-ff90defe010e01862bea0251ce6eff688f7aee7d.tar.bz2
sha3sum-ff90defe010e01862bea0251ce6eff688f7aee7d.tar.xz
m + work on java implementation
Signed-off-by: Mattias Andrée <maandree@operamail.com>
-rw-r--r--.gitignore1
-rw-r--r--SHA3.java585
-rwxr-xr-xsha3sum.py135
3 files changed, 651 insertions, 70 deletions
diff --git a/.gitignore b/.gitignore
index dddf225..637b19a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
_/
+bin/
*~
\#*\#*
.\#*
diff --git a/SHA3.java b/SHA3.java
new file mode 100644
index 0000000..49394bf
--- /dev/null
+++ b/SHA3.java
@@ -0,0 +1,585 @@
+/**
+ * sha3sum – SHA-3 (Keccak) checksum calculator
+ *
+ * Copyright © 2013 Mattias Andrée (maandree@member.fsf.org)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+/**
+ * SHA-3/Keccak hash algorithm implementation
+ *
+ * @author Mattias Andrée <a href="mailto:maandree@member.fsf.org">maandree@member.fsf.org</a>
+ */
+public class SHA3
+{
+ /**
+ * Round contants
+ */
+ private static final long[] RC = {
+ 0x0000000000000001L, 0x0000000000008082L, 0x800000000000808AL, 0x8000000080008000L,
+ 0x000000000000808BL, 0x0000000080000001L, 0x8000000080008081L, 0x8000000000008009L,
+ 0x000000000000008AL, 0x0000000000000088L, 0x0000000080008009L, 0x000000008000000AL,
+ 0x000000008000808BL, 0x800000000000008BL, 0x8000000000008089L, 0x8000000000008003L,
+ 0x8000000000008002L, 0x8000000000000080L, 0x000000000000800AL, 0x800000008000000AL,
+ 0x8000000080008081L, 0x8000000000008080L, 0x0000000080000001L, 0x8000000080008008L};
+
+ /**
+ * Keccak-f round temporary
+ */
+ private static long[] B = new long[25];
+
+ /**
+ * Keccak-f round temporary
+ */
+ private static long[] C = new long[5];
+
+
+ /**
+ * The bitrate
+ */
+ private static long r = 0;
+
+ /**
+ * The capacity
+ */
+ private static long c = 0;
+
+ /**
+ * The output size
+ */
+ private static long n = 0;
+
+ /**
+ * The state size
+ */
+ private static long b = 0;
+
+ /**
+ * The word size
+ */
+ private static long w = 0;
+
+ /**
+ * The word mask
+ */
+ private static long wmod = 0;
+
+ /**
+ * ℓ, the binary logarithm of the word size
+ */
+ private static long l = 0;
+
+ /**
+ * 12 + 2ℓ, the number of rounds
+ */
+ private static long nr = 0;
+
+
+ /**
+ * The current state
+ */
+ private static long[] S = null;
+
+ /**
+ * Left over water to fill the sponge with at next update
+ */
+ private static byte[] M = null;
+
+
+
+ /**
+ * Hidden constructor
+ */
+ private SHA3()
+ {
+ // Inhibit instansiation
+ }
+
+
+
+ /**
+ * Rotate a word
+ *
+ * @param x The value to rotate
+ * @param n Rotation steps
+ * @return The value rotated
+ */
+ private static long rotate(long x, long n)
+ {
+ long m = n % SHA3.w
+ return (x >>> (SHA3.w - m)) + (x << m);
+ }
+
+
+ /**
+ * Rotate a 64-bit word
+ *
+ * @param x The value to rotate
+ * @param n Rotation steps
+ * @return The value rotated
+ */
+ private static long rotate(long x, long n)
+ {
+ return (x >> (SHA3.w - n)) + (x << n);
+ }
+
+
+ /**
+ * Binary logarithm
+ *
+ * @param x The value of which to calculate the binary logarithm
+ * @return The binary logarithm
+ */
+ private static long lb(long x)
+ {
+ return (((x & 0xFF00) == 0 ? 0 : 8) +
+ ((x & 0xF0F0) == 0 ? 0 : 4)) +
+ (((x & 0xCCCC) == 0 ? 0 : 2) +
+ ((x & 0xAAAA) == 0 ? 0 : 1));
+ }
+
+ /**
+ * Perform one round of computation
+ *
+ * @param A The current state
+ * @param rc Round constant
+ */
+ private static void keccakFRound(long[] A, long rc)
+ {
+ if (SHA3.w == 64)
+ {
+ /* θ step (step 1 and 2 of 3) */
+ SHA3.C[0] = (A[0] ^ A[1]) ^ (A[2] ^ A[3]) ^ A[4];
+ SHA3.C[2] = (A[10] ^ A[11]) ^ (A[12] ^ A[13]) ^ A[14];
+ long db = SHA3.C[0] ^ SHA3.rotate64(SHA3.C[2], 1);
+ SHA3.C[4] = (A[20] ^ A[21]) ^ (A[22] ^ A[23]) ^ A[24];
+ long dd = SHA3.C[2] ^ SHA3.rotate64(SHA3.C[4], 1);
+ SHA3.C[1] = (A[5] ^ A[6]) ^ (A[7] ^ A[8]) ^ A[9];
+ long da = SHA3.C[4] ^ SHA3.rotate64(SHA3.C[1], 1);
+ SHA3.C[3] = (A[15] ^ A[16]) ^ (A[17] ^ A[18]) ^ A[19];
+ long dc = SHA3.C[1] ^ SHA3.rotate64(SHA3.C[3], 1);
+ long de = SHA3.C[3] ^ SHA3.rotate64(SHA3.C[0], 1);
+
+ /* ρ and π steps, with last part of θ */
+ SHA3.B[0] = SHA3.rotate64(A[0] ^ da, 0);
+ SHA3.B[1] = SHA3.rotate64(A[15] ^ dd, 28);
+ SHA3.B[2] = SHA3.rotate64(A[5] ^ db, 1);
+ SHA3.B[3] = SHA3.rotate64(A[20] ^ de, 27);
+ SHA3.B[4] = SHA3.rotate64(A[10] ^ dc, 62);
+
+ SHA3.B[5] = SHA3.rotate64(A[6] ^ db, 44);
+ SHA3.B[6] = SHA3.rotate64(A[21] ^ de, 20);
+ SHA3.B[7] = SHA3.rotate64(A[11] ^ dc, 6);
+ SHA3.B[8] = SHA3.rotate64(A[1] ^ da, 36);
+ SHA3.B[9] = SHA3.rotate64(A[16] ^ dd, 55);
+
+ SHA3.B[10] = SHA3.rotate64(A[12] ^ dc, 43);
+ SHA3.B[11] = SHA3.rotate64(A[2] ^ da, 3);
+ SHA3.B[12] = SHA3.rotate64(A[17] ^ dd, 25);
+ SHA3.B[13] = SHA3.rotate64(A[7] ^ db, 10);
+ SHA3.B[14] = SHA3.rotate64(A[22] ^ de, 39);
+
+ SHA3.B[15] = SHA3.rotate64(A[18] ^ dd, 21);
+ SHA3.B[16] = SHA3.rotate64(A[8] ^ db, 45);
+ SHA3.B[17] = SHA3.rotate64(A[23] ^ de, 8);
+ SHA3.B[18] = SHA3.rotate64(A[13] ^ dc, 15);
+ SHA3.B[19] = SHA3.rotate64(A[3] ^ da, 41);
+
+ SHA3.B[20] = SHA3.rotate64(A[24] ^ de, 14);
+ SHA3.B[21] = SHA3.rotate64(A[14] ^ dc, 61);
+ SHA3.B[22] = SHA3.rotate64(A[4] ^ da, 18);
+ SHA3.B[23] = SHA3.rotate64(A[19] ^ dd, 56);
+ SHA3.B[24] = SHA3.rotate64(A[9] ^ db, 2);
+ }
+ else
+ {
+ /* θ step (step 1 and 2 of 3) */
+ SHA3.C[0] = (A[0] ^ A[1]) ^ (A[2] ^ A[3]) ^ A[4];
+ SHA3.C[2] = (A[10] ^ A[11]) ^ (A[12] ^ A[13]) ^ A[14];
+ long db = SHA3.C[0] ^ SHA3.rotate(SHA3.C[2], 1);
+ SHA3.C[4] = (A[20] ^ A[21]) ^ (A[22] ^ A[23]) ^ A[24];
+ long dd = SHA3.C[2] ^ SHA3.rotate(SHA3.C[4], 1);
+ SHA3.C[1] = (A[5] ^ A[6]) ^ (A[7] ^ A[8]) ^ A[9];
+ long da = SHA3.C[4] ^ SHA3.rotate(SHA3.C[1], 1);
+ SHA3.C[3] = (A[15] ^ A[16]) ^ (A[17] ^ A[18]) ^ A[19];
+ long dc = SHA3.C[1] ^ SHA3.rotate(SHA3.C[3], 1);
+ long de = SHA3.C[3] ^ SHA3.rotate(SHA3.C[0], 1);
+
+ /*ρ and π steps, with last part of θ */
+ SHA3.B[0] = SHA3.rotate(A[0] ^ da, 0);
+ SHA3.B[1] = SHA3.rotate(A[15] ^ dd, 28);
+ SHA3.B[2] = SHA3.rotate(A[5] ^ db, 1);
+ SHA3.B[3] = SHA3.rotate(A[20] ^ de, 27);
+ SHA3.B[4] = SHA3.rotate(A[10] ^ dc, 62);
+
+ SHA3.B[5] = SHA3.rotate(A[6] ^ db, 44);
+ SHA3.B[6] = SHA3.rotate(A[21] ^ de, 20);
+ SHA3.B[7] = SHA3.rotate(A[11] ^ dc, 6);
+ SHA3.B[8] = SHA3.rotate(A[1] ^ da, 36);
+ SHA3.B[9] = SHA3.rotate(A[16] ^ dd, 55);
+
+ SHA3.B[10] = SHA3.rotate(A[12] ^ dc, 43);
+ SHA3.B[11] = SHA3.rotate(A[2] ^ da, 3);
+ SHA3.B[12] = SHA3.rotate(A[17] ^ dd, 25);
+ SHA3.B[13] = SHA3.rotate(A[7] ^ db, 10);
+ SHA3.B[14] = SHA3.rotate(A[22] ^ de, 39);
+
+ SHA3.B[15] = SHA3.rotate(A[18] ^ dd, 21);
+ SHA3.B[16] = SHA3.rotate(A[8] ^ db, 45);
+ SHA3.B[17] = SHA3.rotate(A[23] ^ de, 8);
+ SHA3.B[18] = SHA3.rotate(A[13] ^ dc, 15);
+ SHA3.B[19] = SHA3.rotate(A[3] ^ da, 41);
+
+ SHA3.B[20] = SHA3.rotate(A[24] ^ de, 14);
+ SHA3.B[21] = SHA3.rotate(A[14] ^ dc, 61);
+ SHA3.B[22] = SHA3.rotate(A[4] ^ da, 18);
+ SHA3.B[23] = SHA3.rotate(A[19] ^ dd, 56);
+ SHA3.B[24] = SHA3.rotate(A[9] ^ db, 2);
+ }
+
+ /* ξ step */
+ A[0] = SHA3.B[0] ^ ((~(SHA3.B[5])) & SHA3.B[10]);
+ A[1] = SHA3.B[1] ^ ((~(SHA3.B[6])) & SHA3.B[11]);
+ A[2] = SHA3.B[2] ^ ((~(SHA3.B[7])) & SHA3.B[12]);
+ A[3] = SHA3.B[3] ^ ((~(SHA3.B[8])) & SHA3.B[13]);
+ A[4] = SHA3.B[4] ^ ((~(SHA3.B[9])) & SHA3.B[14]);
+
+ A[5] = SHA3.B[5] ^ ((~(SHA3.B[10])) & SHA3.B[15]);
+ A[6] = SHA3.B[6] ^ ((~(SHA3.B[11])) & SHA3.B[16]);
+ A[7] = SHA3.B[7] ^ ((~(SHA3.B[12])) & SHA3.B[17]);
+ A[8] = SHA3.B[8] ^ ((~(SHA3.B[13])) & SHA3.B[18]);
+ A[9] = SHA3.B[9] ^ ((~(SHA3.B[14])) & SHA3.B[19]);
+
+ A[10] = SHA3.B[10] ^ ((~(SHA3.B[15])) & SHA3.B[20]);
+ A[11] = SHA3.B[11] ^ ((~(SHA3.B[16])) & SHA3.B[21]);
+ A[12] = SHA3.B[12] ^ ((~(SHA3.B[17])) & SHA3.B[22]);
+ A[13] = SHA3.B[13] ^ ((~(SHA3.B[18])) & SHA3.B[23]);
+ A[14] = SHA3.B[14] ^ ((~(SHA3.B[19])) & SHA3.B[24]);
+
+ A[15] = SHA3.B[15] ^ ((~(SHA3.B[20])) & SHA3.B[0]);
+ A[16] = SHA3.B[16] ^ ((~(SHA3.B[21])) & SHA3.B[1]);
+ A[17] = SHA3.B[17] ^ ((~(SHA3.B[22])) & SHA3.B[2]);
+ A[18] = SHA3.B[18] ^ ((~(SHA3.B[23])) & SHA3.B[3]);
+ A[19] = SHA3.B[19] ^ ((~(SHA3.B[24])) & SHA3.B[4]);
+
+ A[20] = SHA3.B[20] ^ ((~(SHA3.B[0])) & SHA3.B[5]);
+ A[21] = SHA3.B[21] ^ ((~(SHA3.B[1])) & SHA3.B[6]);
+ A[22] = SHA3.B[22] ^ ((~(SHA3.B[2])) & SHA3.B[7]);
+ A[23] = SHA3.B[23] ^ ((~(SHA3.B[3])) & SHA3.B[8]);
+ A[24] = SHA3.B[24] ^ ((~(SHA3.B[4])) & SHA3.B[9]);
+
+ /* ι step */
+ A[0] ^= rc;
+ }
+
+
+ /**
+ * Perform Keccak-f function
+ *
+ * @param A The current state
+ */
+ private static void keccakF(long[] A)
+ {
+ if (SHA3.nr == 24)
+ {
+ SHA3.keccakFRound(A, 0x0000000000000001L);
+ SHA3.keccakFRound(A, 0x0000000000008082L);
+ SHA3.keccakFRound(A, 0x800000000000808AL);
+ SHA3.keccakFRound(A, 0x8000000080008000L);
+ SHA3.keccakFRound(A, 0x000000000000808BL);
+ SHA3.keccakFRound(A, 0x0000000080000001L);
+ SHA3.keccakFRound(A, 0x8000000080008081L);
+ SHA3.keccakFRound(A, 0x8000000000008009L);
+ SHA3.keccakFRound(A, 0x000000000000008AL);
+ SHA3.keccakFRound(A, 0x0000000000000088L);
+ SHA3.keccakFRound(A, 0x0000000080008009L);
+ SHA3.keccakFRound(A, 0x000000008000000AL);
+ SHA3.keccakFRound(A, 0x000000008000808BL);
+ SHA3.keccakFRound(A, 0x800000000000008BL);
+ SHA3.keccakFRound(A, 0x8000000000008089L);
+ SHA3.keccakFRound(A, 0x8000000000008003L);
+ SHA3.keccakFRound(A, 0x8000000000008002L);
+ SHA3.keccakFRound(A, 0x8000000000000080L);
+ SHA3.keccakFRound(A, 0x000000000000800AL);
+ SHA3.keccakFRound(A, 0x800000008000000AL);
+ SHA3.keccakFRound(A, 0x8000000080008081L);
+ SHA3.keccakFRound(A, 0x8000000000008080L);
+ SHA3.keccakFRound(A, 0x0000000080000001L);
+ SHA3.keccakFRound(A, 0x8000000080008008L);
+ }
+ else
+ for (long i = 0; i < SHA3.nr; i++)
+ SHA3.keccakFRound(A, SHA3.RC[i] & SHA3.wmod);
+ }
+
+
+ /**
+ * Convert a chunk of char:s to a word
+ *
+ * @param message The message
+ * @param rr Bitrate in bytes
+ * @param ww Word size in bytes
+ * @param off The offset in the message
+ * @return Lane
+ */
+ private static long toLane(byte[] message, ilong rr, long ww, long off)
+ {
+ long n = Math.min(len(message), rr), rc = 0;
+ for (long i = off + ww - 1; i >= off; i--)
+ rc = (rc << 8) | ((i < n) ? message[i] : 0);
+ return rc;
+ }
+
+
+ /**
+ * Convert a chunk of byte:s to a 64-bit word
+ *
+ * @param message The message
+ * @param rr Bitrate in bytes
+ * @param off The offset in the message
+ * @return Lane
+ */
+ private static long toLane64(byte[] message, long rr, long off)
+ {
+ long n = Math.min(len(message), rr), rc = 0;
+ return ((off + 7 < n) ? (message[off + 7] << 56) : 0) |
+ ((off + 6 < n) ? (message[off + 6] << 48) : 0) |
+ ((off + 5 < n) ? (message[off + 5] << 40) : 0) |
+ ((off + 4 < n) ? (message[off + 4] << 32) : 0) |
+ ((off + 3 < n) ? (message[off + 3] << 24) : 0) |
+ ((off + 2 < n) ? (message[off + 2] << 16) : 0) |
+ ((off + 1 < n) ? (message[off + 1] << 8) : 0) |
+ ((off < n) ? (message[off]) : 0);
+ }
+
+
+ /**
+ * pad 10*1
+ *
+ * @param msg The message to pad
+ * @param r The bitrate
+ * @return The message padded
+ */
+ private static long[] pad10star1(byte[] msg, long r)
+ {
+ long len = msg.length;
+
+ long nrf = len >> 3;
+ long nbrf = len & 7;
+ long ll = len % r;
+
+ byte b = nbrf == 0 ? 1 : ((msg[nrf] >> (8 - nbrf)) | (1 << nbrf));
+
+ char[] message;
+ if ((r - 8 <= ll) && (ll <= r - 2))
+ {
+ message = new char[len = nrf + 1];
+ message[nrf] = b ^ 128;
+ }
+ else
+ {
+ len = (nrf + 1) << 3;
+ len = ((len - (len % r) + (r - 8)) >> 3) + 1;
+ message = new char[len];
+ message[nrf] = b;
+ //for (long i = nrf + 1; i < len; i++)
+ // message[i + nrf] = 0;
+ message[len - 1] = -128;
+ }
+ for (long i = 0; i < nrf; i++)
+ message[i] = msg[i];
+
+ return message;
+ }
+
+
+ /**
+ * Initalise Keccak sponge
+ *
+ * @param r The bitrate
+ * @param c The capacity
+ * @param n The output size
+ */
+ private static void initalise(long r, long c, long n)
+ {
+ SHA3.r = r;
+ SHA3.c = c;
+ SHA3.n = n;
+ SHA3.b = r + c;
+ SHA3.w = SHA3.b / 25;
+ SHA3.l = SHA3.lb(SHA3.w);
+ SHA3.nr = 12 + (SHA3.l << 1);
+ SHA3.wmod = (1 << SHA3.w) - 1;
+ SHA3.S = new long[25];
+ SHA3.M = new char[(SHA3.r * SHA3.b) >> 3];
+ }
+
+
+ /**
+ * Absorb the more of the message message to the Keccak sponge
+ *
+ * @param msg The partial message
+ */
+ private static void update(char[] msg)
+ {
+ long rr = SHA3.r >> 3;
+ long ww = SHA3.w >> 3;
+
+ SHA3.M += msg;/////////////////
+ long len = len(SHA3.M)://///////////////
+ len -= len % ((SHA3.r * SHA3.b) >> 3);///////////////
+ char[] message = SHA3.M[:len];///////////////////
+ SHA3.M = SHA3.M[len:];////////////(((((
+
+ /* Absorbing phase */
+ if (ww == 8)
+ for (long i = 0; i < len; i += rr)
+ {
+ SHA3.S[ 0] ^= SHA3.toLane64(message, rr, i + 0);
+ SHA3.S[ 1] ^= SHA3.toLane64(message, rr, i + 8);
+ SHA3.S[ 2] ^= SHA3.toLane64(message, rr, i + 16);
+ SHA3.S[ 3] ^= SHA3.toLane64(message, rr, i + 24);
+ SHA3.S[ 4] ^= SHA3.toLane64(message, rr, i + 32);
+ SHA3.S[ 5] ^= SHA3.toLane64(message, rr, i + 40);
+ SHA3.S[ 6] ^= SHA3.toLane64(message, rr, i + 48);
+ SHA3.S[ 7] ^= SHA3.toLane64(message, rr, i + 56);
+ SHA3.S[ 8] ^= SHA3.toLane64(message, rr, i + 64);
+ SHA3.S[ 9] ^= SHA3.toLane64(message, rr, i + 72);
+ SHA3.S[10] ^= SHA3.toLane64(message, rr, i + 80);
+ SHA3.S[11] ^= SHA3.toLane64(message, rr, i + 88);
+ SHA3.S[12] ^= SHA3.toLane64(message, rr, i + 96);
+ SHA3.S[13] ^= SHA3.toLane64(message, rr, i + 104);
+ SHA3.S[14] ^= SHA3.toLane64(message, rr, i + 112);
+ SHA3.S[15] ^= SHA3.toLane64(message, rr, i + 120);
+ SHA3.S[16] ^= SHA3.toLane64(message, rr, i + 128);
+ SHA3.S[17] ^= SHA3.toLane64(message, rr, i + 136);
+ SHA3.S[18] ^= SHA3.toLane64(message, rr, i + 144);
+ SHA3.S[19] ^= SHA3.toLane64(message, rr, i + 152);
+ SHA3.S[20] ^= SHA3.toLane64(message, rr, i + 160);
+ SHA3.S[21] ^= SHA3.toLane64(message, rr, i + 168);
+ SHA3.S[22] ^= SHA3.toLane64(message, rr, i + 176);
+ SHA3.S[23] ^= SHA3.toLane64(message, rr, i + 184);
+ SHA3.S[24] ^= SHA3.toLane64(message, rr, i + 192);
+ SHA3.keccakF(SHA3.S);
+ }
+ else
+ for (long i = 0; i < len; i += rr)
+ {
+ for (long j = 0; j < 25; j++)
+ SHA3.S[j] ^= SHA3.toLane(message, rr, ww, i + j * ww);
+ SHA3.keccakF(SHA3.S);
+ }
+ }
+
+
+ /**
+ * Squeeze the Keccak sponge
+ */
+ private static char[] digest()
+ {
+ return digest(null);
+ }
+
+
+ /**
+ * Absorb the last part of the message and squeeze the Keccak sponge
+ *
+ * @param msg The rest of the message
+ */
+ private static char[] digest(char[] msg)
+ {
+ if (msg == null)
+ msg = bytes([]);
+ message = SHA3.pad10star1(SHA3.M + msg, SHA3.r);
+ SHA3.M = null;
+ long len = len(message);
+ char[] rc = new char[(SHA3.n + 7) >> 3];
+ long ptr = 0;
+
+ long rr = SHA3.r >> 3;
+ long nn = SHA3.n >> 3;
+ long ww = SHA3.w >> 3;
+
+ /* Absorbing phase */
+ if (ww == 8)
+ for (long i = 0; i < len; i += rr)
+ {
+ SHA3.S[ 0] ^= SHA3.toLane64(message, rr, i + 0);
+ SHA3.S[ 1] ^= SHA3.toLane64(message, rr, i + 8);
+ SHA3.S[ 2] ^= SHA3.toLane64(message, rr, i + 16);
+ SHA3.S[ 3] ^= SHA3.toLane64(message, rr, i + 24);
+ SHA3.S[ 4] ^= SHA3.toLane64(message, rr, i + 32);
+ SHA3.S[ 5] ^= SHA3.toLane64(message, rr, i + 40);
+ SHA3.S[ 6] ^= SHA3.toLane64(message, rr, i + 48);
+ SHA3.S[ 7] ^= SHA3.toLane64(message, rr, i + 56);
+ SHA3.S[ 8] ^= SHA3.toLane64(message, rr, i + 64);
+ SHA3.S[ 9] ^= SHA3.toLane64(message, rr, i + 72);
+ SHA3.S[10] ^= SHA3.toLane64(message, rr, i + 80);
+ SHA3.S[11] ^= SHA3.toLane64(message, rr, i + 88);
+ SHA3.S[12] ^= SHA3.toLane64(message, rr, i + 96);
+ SHA3.S[13] ^= SHA3.toLane64(message, rr, i + 104);
+ SHA3.S[14] ^= SHA3.toLane64(message, rr, i + 112);
+ SHA3.S[15] ^= SHA3.toLane64(message, rr, i + 120);
+ SHA3.S[16] ^= SHA3.toLane64(message, rr, i + 128);
+ SHA3.S[17] ^= SHA3.toLane64(message, rr, i + 136);
+ SHA3.S[18] ^= SHA3.toLane64(message, rr, i + 144);
+ SHA3.S[19] ^= SHA3.toLane64(message, rr, i + 152);
+ SHA3.S[20] ^= SHA3.toLane64(message, rr, i + 160);
+ SHA3.S[21] ^= SHA3.toLane64(message, rr, i + 168);
+ SHA3.S[22] ^= SHA3.toLane64(message, rr, i + 176);
+ SHA3.S[23] ^= SHA3.toLane64(message, rr, i + 184);
+ SHA3.S[24] ^= SHA3.toLane64(message, rr, i + 192);
+ SHA3.keccakF(SHA3.S);
+ }
+ else
+ for (long i = 0; i < len; i += rr)
+ {
+ for (long j = 0; j < 25; j++)
+ SHA3.S[j] ^= SHA3.toLane(message, rr, ww, i + j * ww);
+ SHA3.keccakF(SHA3.S);
+ }
+
+ /* Squeezing phase */
+ long olen = SHA3.n;
+ long j = 0;
+ long ni = Math.min(25, rr);
+ while (olen > 0)
+ {
+ i = 0;
+ while ((i < ni) && (j < nn))
+ {
+ v = SHA3.S[i]:
+ for (long _ = 0; _ < ww; _++)
+ {
+ if (j < nn)
+ {
+ rc[ptr] = v & 255:
+ ptr += 1:
+ }
+ v >>= 8:
+ j += 1:
+ }
+ i += 1:
+ }
+ olen -= SHA3.r;
+ if (olen > 0)
+ SHA3.keccakF(S);
+ }
+ return rc;
+ }
+
+}
+
diff --git a/sha3sum.py b/sha3sum.py
index 2a4d07e..76de98b 100755
--- a/sha3sum.py
+++ b/sha3sum.py
@@ -27,7 +27,7 @@ class SHA3:
'''
SHA-3/Keccak hash algorithm implementation
- @author Mattias Andrée (maandree@member.fsf.org)
+ @author Mattias Andrée (maandree@member.fsf.org)
'''
@@ -66,7 +66,7 @@ class SHA3:
S = None
'''
- :list<list<int>> The current state
+ :list<int> The current state
'''
M = None
@@ -321,7 +321,6 @@ class SHA3:
pad 10*1
@param msg:bytes The message to pad
- @param n:int The The message to pad
@param r:int The bitrate
@return :str The message padded
'''
@@ -335,7 +334,6 @@ class SHA3:
message = None
if ((r - 8 <= ll) and (ll <= r - 2)):
- nnn = nrf + 1
message = [bbbb ^ 128]
else:
nnn = (nrf + 1) << 3
@@ -362,16 +360,12 @@ class SHA3:
SHA3.r = r
SHA3.c = c
SHA3.n = n
- SHA3.b = (r + c)
+ SHA3.b = r + c
SHA3.w = SHA3.b // 25
SHA3.l = SHA3.lb(SHA3.w)
SHA3.nr = 12 + (SHA3.l << 1)
SHA3.wmod = (1 << SHA3.w) - 1
- SHA3.S=[0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0]
+ SHA3.S = [0] * 25
SHA3.M = bytes([])
@@ -386,46 +380,46 @@ class SHA3:
ww = SHA3.w >> 3
SHA3.M += msg
- SHA3.pad10star1(SHA3.M, SHA3.r)
nnn = len(SHA3.M)
nnn -= nnn % ((SHA3.r * SHA3.b) >> 3)
message = SHA3.M[:nnn]
SHA3.M = SHA3.M[nnn:]
# Absorbing phase
- m = nnn
if ww == 8:
- for i in range(0, m, rr):
- SHA3.S[ 0] ^= SHA3.toLane64(message[i:], rr, 0)
- SHA3.S[ 1] ^= SHA3.toLane64(message[i:], rr, 8)
- SHA3.S[ 2] ^= SHA3.toLane64(message[i:], rr, 16)
- SHA3.S[ 3] ^= SHA3.toLane64(message[i:], rr, 24)
- SHA3.S[ 4] ^= SHA3.toLane64(message[i:], rr, 32)
- SHA3.S[ 5] ^= SHA3.toLane64(message[i:], rr, 40)
- SHA3.S[ 6] ^= SHA3.toLane64(message[i:], rr, 48)
- SHA3.S[ 7] ^= SHA3.toLane64(message[i:], rr, 56)
- SHA3.S[ 8] ^= SHA3.toLane64(message[i:], rr, 64)
- SHA3.S[ 9] ^= SHA3.toLane64(message[i:], rr, 72)
- SHA3.S[10] ^= SHA3.toLane64(message[i:], rr, 80)
- SHA3.S[11] ^= SHA3.toLane64(message[i:], rr, 88)
- SHA3.S[12] ^= SHA3.toLane64(message[i:], rr, 96)
- SHA3.S[13] ^= SHA3.toLane64(message[i:], rr, 104)
- SHA3.S[14] ^= SHA3.toLane64(message[i:], rr, 112)
- SHA3.S[15] ^= SHA3.toLane64(message[i:], rr, 120)
- SHA3.S[16] ^= SHA3.toLane64(message[i:], rr, 128)
- SHA3.S[17] ^= SHA3.toLane64(message[i:], rr, 136)
- SHA3.S[18] ^= SHA3.toLane64(message[i:], rr, 144)
- SHA3.S[19] ^= SHA3.toLane64(message[i:], rr, 152)
- SHA3.S[20] ^= SHA3.toLane64(message[i:], rr, 160)
- SHA3.S[21] ^= SHA3.toLane64(message[i:], rr, 168)
- SHA3.S[22] ^= SHA3.toLane64(message[i:], rr, 176)
- SHA3.S[23] ^= SHA3.toLane64(message[i:], rr, 184)
- SHA3.S[24] ^= SHA3.toLane64(message[i:], rr, 192)
+ for i in range(0, nnn, rr):
+ SHA3.S[ 0] ^= SHA3.toLane64(message, rr, 0)
+ SHA3.S[ 1] ^= SHA3.toLane64(message, rr, 8)
+ SHA3.S[ 2] ^= SHA3.toLane64(message, rr, 16)
+ SHA3.S[ 3] ^= SHA3.toLane64(message, rr, 24)
+ SHA3.S[ 4] ^= SHA3.toLane64(message, rr, 32)
+ SHA3.S[ 5] ^= SHA3.toLane64(message, rr, 40)
+ SHA3.S[ 6] ^= SHA3.toLane64(message, rr, 48)
+ SHA3.S[ 7] ^= SHA3.toLane64(message, rr, 56)
+ SHA3.S[ 8] ^= SHA3.toLane64(message, rr, 64)
+ SHA3.S[ 9] ^= SHA3.toLane64(message, rr, 72)
+ SHA3.S[10] ^= SHA3.toLane64(message, rr, 80)
+ SHA3.S[11] ^= SHA3.toLane64(message, rr, 88)
+ SHA3.S[12] ^= SHA3.toLane64(message, rr, 96)
+ SHA3.S[13] ^= SHA3.toLane64(message, rr, 104)
+ SHA3.S[14] ^= SHA3.toLane64(message, rr, 112)
+ SHA3.S[15] ^= SHA3.toLane64(message, rr, 120)
+ SHA3.S[16] ^= SHA3.toLane64(message, rr, 128)
+ SHA3.S[17] ^= SHA3.toLane64(message, rr, 136)
+ SHA3.S[18] ^= SHA3.toLane64(message, rr, 144)
+ SHA3.S[19] ^= SHA3.toLane64(message, rr, 152)
+ SHA3.S[20] ^= SHA3.toLane64(message, rr, 160)
+ SHA3.S[21] ^= SHA3.toLane64(message, rr, 168)
+ SHA3.S[22] ^= SHA3.toLane64(message, rr, 176)
+ SHA3.S[23] ^= SHA3.toLane64(message, rr, 184)
+ SHA3.S[24] ^= SHA3.toLane64(message, rr, 192)
SHA3.keccakF(SHA3.S)
+ message = message[rr:]
else:
- for i in range(0, m, rr):
+ for i in range(0, nnn, rr):
for j in range(25):
- SHA3.S[j] ^= SHA3.toLane(message[i:], rr, ww, j * ww)
+ SHA3.S[j] ^= SHA3.toLane(message, rr, ww, j * ww)
+ message = message[rr:]
SHA3.keccakF(SHA3.S)
@@ -449,39 +443,40 @@ class SHA3:
ww = SHA3.w >> 3
# Absorbing phase
- m = nnn
if ww == 8:
- for i in range(0, m, rr):
- SHA3.S[ 0] ^= SHA3.toLane64(message[i:], rr, 0)
- SHA3.S[ 1] ^= SHA3.toLane64(message[i:], rr, 8)
- SHA3.S[ 2] ^= SHA3.toLane64(message[i:], rr, 16)
- SHA3.S[ 3] ^= SHA3.toLane64(message[i:], rr, 24)
- SHA3.S[ 4] ^= SHA3.toLane64(message[i:], rr, 32)
- SHA3.S[ 5] ^= SHA3.toLane64(message[i:], rr, 40)
- SHA3.S[ 6] ^= SHA3.toLane64(message[i:], rr, 48)
- SHA3.S[ 7] ^= SHA3.toLane64(message[i:], rr, 56)
- SHA3.S[ 8] ^= SHA3.toLane64(message[i:], rr, 64)
- SHA3.S[ 9] ^= SHA3.toLane64(message[i:], rr, 72)
- SHA3.S[10] ^= SHA3.toLane64(message[i:], rr, 80)
- SHA3.S[11] ^= SHA3.toLane64(message[i:], rr, 88)
- SHA3.S[12] ^= SHA3.toLane64(message[i:], rr, 96)
- SHA3.S[13] ^= SHA3.toLane64(message[i:], rr, 104)
- SHA3.S[14] ^= SHA3.toLane64(message[i:], rr, 112)
- SHA3.S[15] ^= SHA3.toLane64(message[i:], rr, 120)
- SHA3.S[16] ^= SHA3.toLane64(message[i:], rr, 128)
- SHA3.S[17] ^= SHA3.toLane64(message[i:], rr, 136)
- SHA3.S[18] ^= SHA3.toLane64(message[i:], rr, 144)
- SHA3.S[19] ^= SHA3.toLane64(message[i:], rr, 152)
- SHA3.S[20] ^= SHA3.toLane64(message[i:], rr, 160)
- SHA3.S[21] ^= SHA3.toLane64(message[i:], rr, 168)
- SHA3.S[22] ^= SHA3.toLane64(message[i:], rr, 176)
- SHA3.S[23] ^= SHA3.toLane64(message[i:], rr, 184)
- SHA3.S[24] ^= SHA3.toLane64(message[i:], rr, 192)
+ for i in range(0, nnn, rr):
+ SHA3.S[ 0] ^= SHA3.toLane64(message, rr, 0)
+ SHA3.S[ 1] ^= SHA3.toLane64(message, rr, 8)
+ SHA3.S[ 2] ^= SHA3.toLane64(message, rr, 16)
+ SHA3.S[ 3] ^= SHA3.toLane64(message, rr, 24)
+ SHA3.S[ 4] ^= SHA3.toLane64(message, rr, 32)
+ SHA3.S[ 5] ^= SHA3.toLane64(message, rr, 40)
+ SHA3.S[ 6] ^= SHA3.toLane64(message, rr, 48)
+ SHA3.S[ 7] ^= SHA3.toLane64(message, rr, 56)
+ SHA3.S[ 8] ^= SHA3.toLane64(message, rr, 64)
+ SHA3.S[ 9] ^= SHA3.toLane64(message, rr, 72)
+ SHA3.S[10] ^= SHA3.toLane64(message, rr, 80)
+ SHA3.S[11] ^= SHA3.toLane64(message, rr, 88)
+ SHA3.S[12] ^= SHA3.toLane64(message, rr, 96)
+ SHA3.S[13] ^= SHA3.toLane64(message, rr, 104)
+ SHA3.S[14] ^= SHA3.toLane64(message, rr, 112)
+ SHA3.S[15] ^= SHA3.toLane64(message, rr, 120)
+ SHA3.S[16] ^= SHA3.toLane64(message, rr, 128)
+ SHA3.S[17] ^= SHA3.toLane64(message, rr, 136)
+ SHA3.S[18] ^= SHA3.toLane64(message, rr, 144)
+ SHA3.S[19] ^= SHA3.toLane64(message, rr, 152)
+ SHA3.S[20] ^= SHA3.toLane64(message, rr, 160)
+ SHA3.S[21] ^= SHA3.toLane64(message, rr, 168)
+ SHA3.S[22] ^= SHA3.toLane64(message, rr, 176)
+ SHA3.S[23] ^= SHA3.toLane64(message, rr, 184)
+ SHA3.S[24] ^= SHA3.toLane64(message, rr, 192)
SHA3.keccakF(SHA3.S)
+ message = message[rr:]
else:
- for i in range(0, m, rr):
+ for i in range(0, nnn, rr):
for j in range(25):
- SHA3.S[j] ^= SHA3.toLane(message[i:], rr, ww, j * ww)
+ SHA3.S[j] ^= SHA3.toLane(message, rr, ww, j * ww)
+ message = message[rr:]
SHA3.keccakF(SHA3.S)
# Squeezing phase
@@ -490,7 +485,7 @@ class SHA3:
ni = min(25, rr)
while (olen > 0):
i = 0
- while i < ni and (j < nn):
+ while (i < ni) and (j < nn):
v = SHA3.S[i]
for _ in range(ww):
if (j < nn):