diff options
Diffstat (limited to 'python3/sha3.py')
| -rw-r--r-- | python3/sha3.py | 679 |
1 files changed, 337 insertions, 342 deletions
diff --git a/python3/sha3.py b/python3/sha3.py index 340cf5f..a3483b2 100644 --- a/python3/sha3.py +++ b/python3/sha3.py @@ -27,53 +27,53 @@ class SHA3: ''' - RC = [0x0000000000000001, 0x0000000000008082, 0x800000000000808A, 0x8000000080008000, - 0x000000000000808B, 0x0000000080000001, 0x8000000080008081, 0x8000000000008009, - 0x000000000000008A, 0x0000000000000088, 0x0000000080008009, 0x000000008000000A, - 0x000000008000808B, 0x800000000000008B, 0x8000000000008089, 0x8000000000008003, - 0x8000000000008002, 0x8000000000000080, 0x000000000000800A, 0x800000008000000A, - 0x8000000080008081, 0x8000000000008080, 0x0000000080000001, 0x8000000080008008] - ''' - :list<int> Round contants - ''' - - B = [0] * 25 - ''' - :list<int> Keccak-f round temporary - ''' - - C = [0] * 5 - ''' - :list<int> Keccak-f round temporary - ''' - - - (r, c, n, b, w, wmod, l, nr) = (0, 0, 0, 0, 0, 0, 0, 0) - ''' - r:int The bitrate - c:int The capacity - n:int The output size - b:int The state size - w:int The word size - wmod:int The word mask - l:int ℓ, the binary logarithm of the word size - nr:int 12 + 2ℓ, the number of rounds - ''' - - S = None - ''' - :list<int> The current state - ''' - - M = None - ''' - :bytes Left over water to fill the sponge with at next update - ''' + def __init__(self): + self.RC = [0x0000000000000001, 0x0000000000008082, 0x800000000000808A, 0x8000000080008000, + 0x000000000000808B, 0x0000000080000001, 0x8000000080008081, 0x8000000000008009, + 0x000000000000008A, 0x0000000000000088, 0x0000000080008009, 0x000000008000000A, + 0x000000008000808B, 0x800000000000008B, 0x8000000000008089, 0x8000000000008003, + 0x8000000000008002, 0x8000000000000080, 0x000000000000800A, 0x800000008000000A, + 0x8000000080008081, 0x8000000000008080, 0x0000000080000001, 0x8000000080008008] + ''' + :list<int> Round contants + ''' + + self.B = [0] * 25 + ''' + :list<int> Keccak-f round temporary + ''' + + self.C = [0] * 5 + ''' + :list<int> Keccak-f round temporary + ''' + + + (self.r, self.c, self.n, self.b, self.w, self.wmod, self.l, self.nr) = (0, 0, 0, 0, 0, 0, 0, 0) + ''' + r:int The bitrate + c:int The capacity + n:int The output size + b:int The state size + w:int The word size + wmod:int The word mask + l:int ℓ, the binary logarithm of the word size + nr:int 12 + 2ℓ, the number of rounds + ''' + + self.S = None + ''' + :list<int> The current state + ''' + + self.M = None + ''' + :bytes Left over water to fill the sponge with at next update + ''' - @staticmethod - def rotate(x, n): + def rotate(self, x, n): ''' Rotate a word @@ -81,12 +81,12 @@ class SHA3: @param n:int Rotation steps @return :int The value rotated ''' - m = n % SHA3.w - return ((x >> (SHA3.w - m)) + (x << m)) & SHA3.wmod + m = n % self.w + return ((x >> (self.w - m)) + (x << m)) & self.wmod @staticmethod - def rotate64(x, n): + def rotate64(self, x, n): ''' Rotate a 64-bit word @@ -113,171 +113,169 @@ class SHA3: return rc - @staticmethod - def keccakFRound(A, rc): + def keccakFRound(self, A, rc): ''' Perform one round of computation @param A:list<int> The current state @param rc:int Round constant ''' - if SHA3.w == 64: + if self.w == 64: # θ step (step 1 and 2 of 3) - SHA3.C[0] = (A[0] ^ A[1]) ^ (A[2] ^ A[3]) ^ A[4] - SHA3.C[2] = (A[10] ^ A[11]) ^ (A[12] ^ A[13]) ^ A[14] - db = SHA3.C[0] ^ SHA3.rotate64(SHA3.C[2], 1) - SHA3.C[4] = (A[20] ^ A[21]) ^ (A[22] ^ A[23]) ^ A[24] - dd = SHA3.C[2] ^ SHA3.rotate64(SHA3.C[4], 1) - SHA3.C[1] = (A[5] ^ A[6]) ^ (A[7] ^ A[8]) ^ A[9] - da = SHA3.C[4] ^ SHA3.rotate64(SHA3.C[1], 1) - SHA3.C[3] = (A[15] ^ A[16]) ^ (A[17] ^ A[18]) ^ A[19] - dc = SHA3.C[1] ^ SHA3.rotate64(SHA3.C[3], 1) - de = SHA3.C[3] ^ SHA3.rotate64(SHA3.C[0], 1) + self.C[0] = (A[0] ^ A[1]) ^ (A[2] ^ A[3]) ^ A[4] + self.C[2] = (A[10] ^ A[11]) ^ (A[12] ^ A[13]) ^ A[14] + db = self.C[0] ^ SHA3.rotate64(self.C[2], 1) + self.C[4] = (A[20] ^ A[21]) ^ (A[22] ^ A[23]) ^ A[24] + dd = self.C[2] ^ SHA3.rotate64(self.C[4], 1) + self.C[1] = (A[5] ^ A[6]) ^ (A[7] ^ A[8]) ^ A[9] + da = self.C[4] ^ SHA3.rotate64(self.C[1], 1) + self.C[3] = (A[15] ^ A[16]) ^ (A[17] ^ A[18]) ^ A[19] + dc = self.C[1] ^ SHA3.rotate64(self.C[3], 1) + de = self.C[3] ^ SHA3.rotate64(self.C[0], 1) # ρ and π steps, with last part of θ - SHA3.B[0] = SHA3.rotate64(A[0] ^ da, 0) - SHA3.B[1] = SHA3.rotate64(A[15] ^ dd, 28) - SHA3.B[2] = SHA3.rotate64(A[5] ^ db, 1) - SHA3.B[3] = SHA3.rotate64(A[20] ^ de, 27) - SHA3.B[4] = SHA3.rotate64(A[10] ^ dc, 62) + self.B[0] = SHA3.rotate64(A[0] ^ da, 0) + self.B[1] = SHA3.rotate64(A[15] ^ dd, 28) + self.B[2] = SHA3.rotate64(A[5] ^ db, 1) + self.B[3] = SHA3.rotate64(A[20] ^ de, 27) + self.B[4] = SHA3.rotate64(A[10] ^ dc, 62) - SHA3.B[5] = SHA3.rotate64(A[6] ^ db, 44) - SHA3.B[6] = SHA3.rotate64(A[21] ^ de, 20) - SHA3.B[7] = SHA3.rotate64(A[11] ^ dc, 6) - SHA3.B[8] = SHA3.rotate64(A[1] ^ da, 36) - SHA3.B[9] = SHA3.rotate64(A[16] ^ dd, 55) + self.B[5] = SHA3.rotate64(A[6] ^ db, 44) + self.B[6] = SHA3.rotate64(A[21] ^ de, 20) + self.B[7] = SHA3.rotate64(A[11] ^ dc, 6) + self.B[8] = SHA3.rotate64(A[1] ^ da, 36) + self.B[9] = SHA3.rotate64(A[16] ^ dd, 55) - SHA3.B[10] = SHA3.rotate64(A[12] ^ dc, 43) - SHA3.B[11] = SHA3.rotate64(A[2] ^ da, 3) - SHA3.B[12] = SHA3.rotate64(A[17] ^ dd, 25) - SHA3.B[13] = SHA3.rotate64(A[7] ^ db, 10) - SHA3.B[14] = SHA3.rotate64(A[22] ^ de, 39) + self.B[10] = SHA3.rotate64(A[12] ^ dc, 43) + self.B[11] = SHA3.rotate64(A[2] ^ da, 3) + self.B[12] = SHA3.rotate64(A[17] ^ dd, 25) + self.B[13] = SHA3.rotate64(A[7] ^ db, 10) + self.B[14] = SHA3.rotate64(A[22] ^ de, 39) - SHA3.B[15] = SHA3.rotate64(A[18] ^ dd, 21) - SHA3.B[16] = SHA3.rotate64(A[8] ^ db, 45) - SHA3.B[17] = SHA3.rotate64(A[23] ^ de, 8) - SHA3.B[18] = SHA3.rotate64(A[13] ^ dc, 15) - SHA3.B[19] = SHA3.rotate64(A[3] ^ da, 41) + self.B[15] = SHA3.rotate64(A[18] ^ dd, 21) + self.B[16] = SHA3.rotate64(A[8] ^ db, 45) + self.B[17] = SHA3.rotate64(A[23] ^ de, 8) + self.B[18] = SHA3.rotate64(A[13] ^ dc, 15) + self.B[19] = SHA3.rotate64(A[3] ^ da, 41) - SHA3.B[20] = SHA3.rotate64(A[24] ^ de, 14) - SHA3.B[21] = SHA3.rotate64(A[14] ^ dc, 61) - SHA3.B[22] = SHA3.rotate64(A[4] ^ da, 18) - SHA3.B[23] = SHA3.rotate64(A[19] ^ dd, 56) - SHA3.B[24] = SHA3.rotate64(A[9] ^ db, 2) + self.B[20] = SHA3.rotate64(A[24] ^ de, 14) + self.B[21] = SHA3.rotate64(A[14] ^ dc, 61) + self.B[22] = SHA3.rotate64(A[4] ^ da, 18) + self.B[23] = SHA3.rotate64(A[19] ^ dd, 56) + self.B[24] = SHA3.rotate64(A[9] ^ db, 2) else: # θ step (step 1 and 2 of 3) - SHA3.C[0] = (A[0] ^ A[1]) ^ (A[2] ^ A[3]) ^ A[4] - SHA3.C[2] = (A[10] ^ A[11]) ^ (A[12] ^ A[13]) ^ A[14] - db = SHA3.C[0] ^ SHA3.rotate(SHA3.C[2], 1) - SHA3.C[4] = (A[20] ^ A[21]) ^ (A[22] ^ A[23]) ^ A[24] - dd = SHA3.C[2] ^ SHA3.rotate(SHA3.C[4], 1) - SHA3.C[1] = (A[5] ^ A[6]) ^ (A[7] ^ A[8]) ^ A[9] - da = SHA3.C[4] ^ SHA3.rotate(SHA3.C[1], 1) - SHA3.C[3] = (A[15] ^ A[16]) ^ (A[17] ^ A[18]) ^ A[19] - dc = SHA3.C[1] ^ SHA3.rotate(SHA3.C[3], 1) - de = SHA3.C[3] ^ SHA3.rotate(SHA3.C[0], 1) + self.C[0] = (A[0] ^ A[1]) ^ (A[2] ^ A[3]) ^ A[4] + self.C[2] = (A[10] ^ A[11]) ^ (A[12] ^ A[13]) ^ A[14] + db = self.C[0] ^ self.rotate(self.C[2], 1) + self.C[4] = (A[20] ^ A[21]) ^ (A[22] ^ A[23]) ^ A[24] + dd = self.C[2] ^ self.rotate(self.C[4], 1) + self.C[1] = (A[5] ^ A[6]) ^ (A[7] ^ A[8]) ^ A[9] + da = self.C[4] ^ self.rotate(self.C[1], 1) + self.C[3] = (A[15] ^ A[16]) ^ (A[17] ^ A[18]) ^ A[19] + dc = self.C[1] ^ self.rotate(self.C[3], 1) + de = self.C[3] ^ self.rotate(self.C[0], 1) # ρ and π steps, with last part of θ - SHA3.B[0] = SHA3.rotate(A[0] ^ da, 0) - SHA3.B[1] = SHA3.rotate(A[15] ^ dd, 28) - SHA3.B[2] = SHA3.rotate(A[5] ^ db, 1) - SHA3.B[3] = SHA3.rotate(A[20] ^ de, 27) - SHA3.B[4] = SHA3.rotate(A[10] ^ dc, 62) + self.B[0] = self.rotate(A[0] ^ da, 0) + self.B[1] = self.rotate(A[15] ^ dd, 28) + self.B[2] = self.rotate(A[5] ^ db, 1) + self.B[3] = self.rotate(A[20] ^ de, 27) + self.B[4] = self.rotate(A[10] ^ dc, 62) - SHA3.B[5] = SHA3.rotate(A[6] ^ db, 44) - SHA3.B[6] = SHA3.rotate(A[21] ^ de, 20) - SHA3.B[7] = SHA3.rotate(A[11] ^ dc, 6) - SHA3.B[8] = SHA3.rotate(A[1] ^ da, 36) - SHA3.B[9] = SHA3.rotate(A[16] ^ dd, 55) + self.B[5] = self.rotate(A[6] ^ db, 44) + self.B[6] = self.rotate(A[21] ^ de, 20) + self.B[7] = self.rotate(A[11] ^ dc, 6) + self.B[8] = self.rotate(A[1] ^ da, 36) + self.B[9] = self.rotate(A[16] ^ dd, 55) - SHA3.B[10] = SHA3.rotate(A[12] ^ dc, 43) - SHA3.B[11] = SHA3.rotate(A[2] ^ da, 3) - SHA3.B[12] = SHA3.rotate(A[17] ^ dd, 25) - SHA3.B[13] = SHA3.rotate(A[7] ^ db, 10) - SHA3.B[14] = SHA3.rotate(A[22] ^ de, 39) + self.B[10] = self.rotate(A[12] ^ dc, 43) + self.B[11] = self.rotate(A[2] ^ da, 3) + self.B[12] = self.rotate(A[17] ^ dd, 25) + self.B[13] = self.rotate(A[7] ^ db, 10) + self.B[14] = self.rotate(A[22] ^ de, 39) - SHA3.B[15] = SHA3.rotate(A[18] ^ dd, 21) - SHA3.B[16] = SHA3.rotate(A[8] ^ db, 45) - SHA3.B[17] = SHA3.rotate(A[23] ^ de, 8) - SHA3.B[18] = SHA3.rotate(A[13] ^ dc, 15) - SHA3.B[19] = SHA3.rotate(A[3] ^ da, 41) + self.B[15] = self.rotate(A[18] ^ dd, 21) + self.B[16] = self.rotate(A[8] ^ db, 45) + self.B[17] = self.rotate(A[23] ^ de, 8) + self.B[18] = self.rotate(A[13] ^ dc, 15) + self.B[19] = self.rotate(A[3] ^ da, 41) - SHA3.B[20] = SHA3.rotate(A[24] ^ de, 14) - SHA3.B[21] = SHA3.rotate(A[14] ^ dc, 61) - SHA3.B[22] = SHA3.rotate(A[4] ^ da, 18) - SHA3.B[23] = SHA3.rotate(A[19] ^ dd, 56) - SHA3.B[24] = SHA3.rotate(A[9] ^ db, 2) + self.B[20] = self.rotate(A[24] ^ de, 14) + self.B[21] = self.rotate(A[14] ^ dc, 61) + self.B[22] = self.rotate(A[4] ^ da, 18) + self.B[23] = self.rotate(A[19] ^ dd, 56) + self.B[24] = self.rotate(A[9] ^ db, 2) # ξ step - A[0] = SHA3.B[0] ^ ((~(SHA3.B[5])) & SHA3.B[10]) - A[1] = SHA3.B[1] ^ ((~(SHA3.B[6])) & SHA3.B[11]) - A[2] = SHA3.B[2] ^ ((~(SHA3.B[7])) & SHA3.B[12]) - A[3] = SHA3.B[3] ^ ((~(SHA3.B[8])) & SHA3.B[13]) - A[4] = SHA3.B[4] ^ ((~(SHA3.B[9])) & SHA3.B[14]) - - A[5] = SHA3.B[5] ^ ((~(SHA3.B[10])) & SHA3.B[15]) - A[6] = SHA3.B[6] ^ ((~(SHA3.B[11])) & SHA3.B[16]) - A[7] = SHA3.B[7] ^ ((~(SHA3.B[12])) & SHA3.B[17]) - A[8] = SHA3.B[8] ^ ((~(SHA3.B[13])) & SHA3.B[18]) - A[9] = SHA3.B[9] ^ ((~(SHA3.B[14])) & SHA3.B[19]) - - A[10] = SHA3.B[10] ^ ((~(SHA3.B[15])) & SHA3.B[20]) - A[11] = SHA3.B[11] ^ ((~(SHA3.B[16])) & SHA3.B[21]) - A[12] = SHA3.B[12] ^ ((~(SHA3.B[17])) & SHA3.B[22]) - A[13] = SHA3.B[13] ^ ((~(SHA3.B[18])) & SHA3.B[23]) - A[14] = SHA3.B[14] ^ ((~(SHA3.B[19])) & SHA3.B[24]) - - A[15] = SHA3.B[15] ^ ((~(SHA3.B[20])) & SHA3.B[0]) - A[16] = SHA3.B[16] ^ ((~(SHA3.B[21])) & SHA3.B[1]) - A[17] = SHA3.B[17] ^ ((~(SHA3.B[22])) & SHA3.B[2]) - A[18] = SHA3.B[18] ^ ((~(SHA3.B[23])) & SHA3.B[3]) - A[19] = SHA3.B[19] ^ ((~(SHA3.B[24])) & SHA3.B[4]) - - A[20] = SHA3.B[20] ^ ((~(SHA3.B[0])) & SHA3.B[5]) - A[21] = SHA3.B[21] ^ ((~(SHA3.B[1])) & SHA3.B[6]) - A[22] = SHA3.B[22] ^ ((~(SHA3.B[2])) & SHA3.B[7]) - A[23] = SHA3.B[23] ^ ((~(SHA3.B[3])) & SHA3.B[8]) - A[24] = SHA3.B[24] ^ ((~(SHA3.B[4])) & SHA3.B[9]) + A[0] = self.B[0] ^ ((~(self.B[5])) & self.B[10]) + A[1] = self.B[1] ^ ((~(self.B[6])) & self.B[11]) + A[2] = self.B[2] ^ ((~(self.B[7])) & self.B[12]) + A[3] = self.B[3] ^ ((~(self.B[8])) & self.B[13]) + A[4] = self.B[4] ^ ((~(self.B[9])) & self.B[14]) + + A[5] = self.B[5] ^ ((~(self.B[10])) & self.B[15]) + A[6] = self.B[6] ^ ((~(self.B[11])) & self.B[16]) + A[7] = self.B[7] ^ ((~(self.B[12])) & self.B[17]) + A[8] = self.B[8] ^ ((~(self.B[13])) & self.B[18]) + A[9] = self.B[9] ^ ((~(self.B[14])) & self.B[19]) + + A[10] = self.B[10] ^ ((~(self.B[15])) & self.B[20]) + A[11] = self.B[11] ^ ((~(self.B[16])) & self.B[21]) + A[12] = self.B[12] ^ ((~(self.B[17])) & self.B[22]) + A[13] = self.B[13] ^ ((~(self.B[18])) & self.B[23]) + A[14] = self.B[14] ^ ((~(self.B[19])) & self.B[24]) + + A[15] = self.B[15] ^ ((~(self.B[20])) & self.B[0]) + A[16] = self.B[16] ^ ((~(self.B[21])) & self.B[1]) + A[17] = self.B[17] ^ ((~(self.B[22])) & self.B[2]) + A[18] = self.B[18] ^ ((~(self.B[23])) & self.B[3]) + A[19] = self.B[19] ^ ((~(self.B[24])) & self.B[4]) + + A[20] = self.B[20] ^ ((~(self.B[0])) & self.B[5]) + A[21] = self.B[21] ^ ((~(self.B[1])) & self.B[6]) + A[22] = self.B[22] ^ ((~(self.B[2])) & self.B[7]) + A[23] = self.B[23] ^ ((~(self.B[3])) & self.B[8]) + A[24] = self.B[24] ^ ((~(self.B[4])) & self.B[9]) # ι step A[0] ^= rc - @staticmethod - def keccakF(A): + def keccakF(self, A): ''' Perform Keccak-f function @param A:list<int> The current state ''' - if (SHA3.nr == 24): - SHA3.keccakFRound(A, 0x0000000000000001) - SHA3.keccakFRound(A, 0x0000000000008082) - SHA3.keccakFRound(A, 0x800000000000808A) - SHA3.keccakFRound(A, 0x8000000080008000) - SHA3.keccakFRound(A, 0x000000000000808B) - SHA3.keccakFRound(A, 0x0000000080000001) - SHA3.keccakFRound(A, 0x8000000080008081) - SHA3.keccakFRound(A, 0x8000000000008009) - SHA3.keccakFRound(A, 0x000000000000008A) - SHA3.keccakFRound(A, 0x0000000000000088) - SHA3.keccakFRound(A, 0x0000000080008009) - SHA3.keccakFRound(A, 0x000000008000000A) - SHA3.keccakFRound(A, 0x000000008000808B) - SHA3.keccakFRound(A, 0x800000000000008B) - SHA3.keccakFRound(A, 0x8000000000008089) - SHA3.keccakFRound(A, 0x8000000000008003) - SHA3.keccakFRound(A, 0x8000000000008002) - SHA3.keccakFRound(A, 0x8000000000000080) - SHA3.keccakFRound(A, 0x000000000000800A) - SHA3.keccakFRound(A, 0x800000008000000A) - SHA3.keccakFRound(A, 0x8000000080008081) - SHA3.keccakFRound(A, 0x8000000000008080) - SHA3.keccakFRound(A, 0x0000000080000001) - SHA3.keccakFRound(A, 0x8000000080008008) + if (self.nr == 24): + self.keccakFRound(A, 0x0000000000000001) + self.keccakFRound(A, 0x0000000000008082) + self.keccakFRound(A, 0x800000000000808A) + self.keccakFRound(A, 0x8000000080008000) + self.keccakFRound(A, 0x000000000000808B) + self.keccakFRound(A, 0x0000000080000001) + self.keccakFRound(A, 0x8000000080008081) + self.keccakFRound(A, 0x8000000000008009) + self.keccakFRound(A, 0x000000000000008A) + self.keccakFRound(A, 0x0000000000000088) + self.keccakFRound(A, 0x0000000080008009) + self.keccakFRound(A, 0x000000008000000A) + self.keccakFRound(A, 0x000000008000808B) + self.keccakFRound(A, 0x800000000000008B) + self.keccakFRound(A, 0x8000000000008089) + self.keccakFRound(A, 0x8000000000008003) + self.keccakFRound(A, 0x8000000000008002) + self.keccakFRound(A, 0x8000000000000080) + self.keccakFRound(A, 0x000000000000800A) + self.keccakFRound(A, 0x800000008000000A) + self.keccakFRound(A, 0x8000000080008081) + self.keccakFRound(A, 0x8000000000008080) + self.keccakFRound(A, 0x0000000080000001) + self.keccakFRound(A, 0x8000000080008008) else: - for i in range(SHA3.nr): - SHA3.keccakFRound(A, SHA3.RC[i] & SHA3.wmod) + for i in range(self.nr): + self.keccakFRound(A, self.RC[i] & self.wmod) @staticmethod @@ -346,8 +344,7 @@ class SHA3: return msg[:nrf] + bytes(message) - @staticmethod - def initialise(r, c, n): + def initialise(self, r, c, n): ''' Initialise Keccak sponge @@ -355,20 +352,19 @@ class SHA3: @param c:int The capacity @param n:int The output size ''' - SHA3.r = r - SHA3.c = c - SHA3.n = n - SHA3.b = r + c - SHA3.w = SHA3.b // 25 - SHA3.l = SHA3.lb(SHA3.w) - SHA3.nr = 12 + (SHA3.l << 1) - SHA3.wmod = (1 << SHA3.w) - 1 - SHA3.S = [0] * 25 - SHA3.M = bytes([]) - - - @staticmethod - def update(msg, msglen = None): + self.r = r + self.c = c + self.n = n + self.b = r + c + self.w = self.b // 25 + self.l = self.lb(self.w) + self.nr = 12 + (self.l << 1) + self.wmod = (1 << self.w) - 1 + self.S = [0] * 25 + self.M = bytes([]) + + + def update(self, msg, msglen = None): ''' Absorb the more of the message message to the Keccak sponge @@ -378,78 +374,77 @@ class SHA3: if msglen is not None: msg = msg[:msglen] - rr = SHA3.r >> 3 - ww = SHA3.w >> 3 + rr = self.r >> 3 + ww = self.w >> 3 - SHA3.M += msg - nnn = len(SHA3.M) - nnn -= nnn % ((SHA3.r * SHA3.b) >> 3) - message = SHA3.M[:nnn] - SHA3.M = SHA3.M[nnn:] + self.M += msg + nnn = len(self.M) + nnn -= nnn % ((self.r * self.b) >> 3) + message = self.M[:nnn] + self.M = self.M[nnn:] # Absorbing phase if ww == 8: for i in range(0, nnn, rr): - SHA3.S[ 0] ^= SHA3.toLane64(message, rr, 0) - SHA3.S[ 5] ^= SHA3.toLane64(message, rr, 8) - SHA3.S[10] ^= SHA3.toLane64(message, rr, 16) - SHA3.S[15] ^= SHA3.toLane64(message, rr, 24) - SHA3.S[20] ^= SHA3.toLane64(message, rr, 32) - SHA3.S[ 1] ^= SHA3.toLane64(message, rr, 40) - SHA3.S[ 6] ^= SHA3.toLane64(message, rr, 48) - SHA3.S[11] ^= SHA3.toLane64(message, rr, 56) - SHA3.S[16] ^= SHA3.toLane64(message, rr, 64) - SHA3.S[21] ^= SHA3.toLane64(message, rr, 72) - SHA3.S[ 2] ^= SHA3.toLane64(message, rr, 80) - SHA3.S[ 7] ^= SHA3.toLane64(message, rr, 88) - SHA3.S[12] ^= SHA3.toLane64(message, rr, 96) - SHA3.S[17] ^= SHA3.toLane64(message, rr, 104) - SHA3.S[22] ^= SHA3.toLane64(message, rr, 112) - SHA3.S[ 3] ^= SHA3.toLane64(message, rr, 120) - SHA3.S[ 8] ^= SHA3.toLane64(message, rr, 128) - SHA3.S[13] ^= SHA3.toLane64(message, rr, 136) - SHA3.S[18] ^= SHA3.toLane64(message, rr, 144) - SHA3.S[23] ^= SHA3.toLane64(message, rr, 152) - SHA3.S[ 4] ^= SHA3.toLane64(message, rr, 160) - SHA3.S[ 9] ^= SHA3.toLane64(message, rr, 168) - SHA3.S[14] ^= SHA3.toLane64(message, rr, 176) - SHA3.S[19] ^= SHA3.toLane64(message, rr, 184) - SHA3.S[24] ^= SHA3.toLane64(message, rr, 192) - SHA3.keccakF(SHA3.S) + self.S[ 0] ^= SHA3.toLane64(message, rr, 0) + self.S[ 5] ^= SHA3.toLane64(message, rr, 8) + self.S[10] ^= SHA3.toLane64(message, rr, 16) + self.S[15] ^= SHA3.toLane64(message, rr, 24) + self.S[20] ^= SHA3.toLane64(message, rr, 32) + self.S[ 1] ^= SHA3.toLane64(message, rr, 40) + self.S[ 6] ^= SHA3.toLane64(message, rr, 48) + self.S[11] ^= SHA3.toLane64(message, rr, 56) + self.S[16] ^= SHA3.toLane64(message, rr, 64) + self.S[21] ^= SHA3.toLane64(message, rr, 72) + self.S[ 2] ^= SHA3.toLane64(message, rr, 80) + self.S[ 7] ^= SHA3.toLane64(message, rr, 88) + self.S[12] ^= SHA3.toLane64(message, rr, 96) + self.S[17] ^= SHA3.toLane64(message, rr, 104) + self.S[22] ^= SHA3.toLane64(message, rr, 112) + self.S[ 3] ^= SHA3.toLane64(message, rr, 120) + self.S[ 8] ^= SHA3.toLane64(message, rr, 128) + self.S[13] ^= SHA3.toLane64(message, rr, 136) + self.S[18] ^= SHA3.toLane64(message, rr, 144) + self.S[23] ^= SHA3.toLane64(message, rr, 152) + self.S[ 4] ^= SHA3.toLane64(message, rr, 160) + self.S[ 9] ^= SHA3.toLane64(message, rr, 168) + self.S[14] ^= SHA3.toLane64(message, rr, 176) + self.S[19] ^= SHA3.toLane64(message, rr, 184) + self.S[24] ^= SHA3.toLane64(message, rr, 192) + self.keccakF(self.S) message = message[rr:] else: for i in range(0, nnn, rr): - SHA3.S[ 0] ^= SHA3.toLane(message, rr, ww, 0) - SHA3.S[ 5] ^= SHA3.toLane(message, rr, ww, ww) - SHA3.S[10] ^= SHA3.toLane(message, rr, ww, 2 * ww) - SHA3.S[15] ^= SHA3.toLane(message, rr, ww, 3 * ww) - SHA3.S[20] ^= SHA3.toLane(message, rr, ww, 4 * ww) - SHA3.S[ 1] ^= SHA3.toLane(message, rr, ww, 5 * ww) - SHA3.S[ 6] ^= SHA3.toLane(message, rr, ww, 6 * ww) - SHA3.S[11] ^= SHA3.toLane(message, rr, ww, 7 * ww) - SHA3.S[16] ^= SHA3.toLane(message, rr, ww, 8 * ww) - SHA3.S[21] ^= SHA3.toLane(message, rr, ww, 9 * ww) - SHA3.S[ 2] ^= SHA3.toLane(message, rr, ww, 10 * ww) - SHA3.S[ 7] ^= SHA3.toLane(message, rr, ww, 11 * ww) - SHA3.S[12] ^= SHA3.toLane(message, rr, ww, 12 * ww) - SHA3.S[17] ^= SHA3.toLane(message, rr, ww, 13 * ww) - SHA3.S[22] ^= SHA3.toLane(message, rr, ww, 14 * ww) - SHA3.S[ 3] ^= SHA3.toLane(message, rr, ww, 15 * ww) - SHA3.S[ 8] ^= SHA3.toLane(message, rr, ww, 16 * ww) - SHA3.S[13] ^= SHA3.toLane(message, rr, ww, 17 * ww) - SHA3.S[18] ^= SHA3.toLane(message, rr, ww, 18 * ww) - SHA3.S[23] ^= SHA3.toLane(message, rr, ww, 19 * ww) - SHA3.S[ 4] ^= SHA3.toLane(message, rr, ww, 20 * ww) - SHA3.S[ 9] ^= SHA3.toLane(message, rr, ww, 21 * ww) - SHA3.S[14] ^= SHA3.toLane(message, rr, ww, 22 * ww) - SHA3.S[19] ^= SHA3.toLane(message, rr, ww, 23 * ww) - SHA3.S[24] ^= SHA3.toLane(message, rr, ww, 24 * ww) + self.S[ 0] ^= SHA3.toLane(message, rr, ww, 0) + self.S[ 5] ^= SHA3.toLane(message, rr, ww, ww) + self.S[10] ^= SHA3.toLane(message, rr, ww, 2 * ww) + self.S[15] ^= SHA3.toLane(message, rr, ww, 3 * ww) + self.S[20] ^= SHA3.toLane(message, rr, ww, 4 * ww) + self.S[ 1] ^= SHA3.toLane(message, rr, ww, 5 * ww) + self.S[ 6] ^= SHA3.toLane(message, rr, ww, 6 * ww) + self.S[11] ^= SHA3.toLane(message, rr, ww, 7 * ww) + self.S[16] ^= SHA3.toLane(message, rr, ww, 8 * ww) + self.S[21] ^= SHA3.toLane(message, rr, ww, 9 * ww) + self.S[ 2] ^= SHA3.toLane(message, rr, ww, 10 * ww) + self.S[ 7] ^= SHA3.toLane(message, rr, ww, 11 * ww) + self.S[12] ^= SHA3.toLane(message, rr, ww, 12 * ww) + self.S[17] ^= SHA3.toLane(message, rr, ww, 13 * ww) + self.S[22] ^= SHA3.toLane(message, rr, ww, 14 * ww) + self.S[ 3] ^= SHA3.toLane(message, rr, ww, 15 * ww) + self.S[ 8] ^= SHA3.toLane(message, rr, ww, 16 * ww) + self.S[13] ^= SHA3.toLane(message, rr, ww, 17 * ww) + self.S[18] ^= SHA3.toLane(message, rr, ww, 18 * ww) + self.S[23] ^= SHA3.toLane(message, rr, ww, 19 * ww) + self.S[ 4] ^= SHA3.toLane(message, rr, ww, 20 * ww) + self.S[ 9] ^= SHA3.toLane(message, rr, ww, 21 * ww) + self.S[14] ^= SHA3.toLane(message, rr, ww, 22 * ww) + self.S[19] ^= SHA3.toLane(message, rr, ww, 23 * ww) + self.S[24] ^= SHA3.toLane(message, rr, ww, 24 * ww) message = message[rr:] - SHA3.keccakF(SHA3.S) + self.keccakF(self.S) - @staticmethod - def digest(msg = None, msglen = None, withReturn = None): + def digest(self, msg = None, msglen = None, withReturn = None): ''' Absorb the last part of the message and squeeze the Keccak sponge @@ -466,86 +461,86 @@ class SHA3: msg = bytes([]) elif msglen is not None: msg = msg[:msglen] - message = SHA3.pad10star1(SHA3.M + msg, SHA3.r) - SHA3.M = None + message = self.pad10star1(self.M + msg, self.r) + self.M = None nnn = len(message) - rr = SHA3.r >> 3 - nn = (SHA3.n + 7) >> 3 - ww = SHA3.w >> 3 + rr = self.r >> 3 + nn = (self.n + 7) >> 3 + ww = self.w >> 3 # Absorbing phase if ww == 8: for i in range(0, nnn, rr): - SHA3.S[ 0] ^= SHA3.toLane64(message, rr, 0) - SHA3.S[ 5] ^= SHA3.toLane64(message, rr, 8) - SHA3.S[10] ^= SHA3.toLane64(message, rr, 16) - SHA3.S[15] ^= SHA3.toLane64(message, rr, 24) - SHA3.S[20] ^= SHA3.toLane64(message, rr, 32) - SHA3.S[ 1] ^= SHA3.toLane64(message, rr, 40) - SHA3.S[ 6] ^= SHA3.toLane64(message, rr, 48) - SHA3.S[11] ^= SHA3.toLane64(message, rr, 56) - SHA3.S[16] ^= SHA3.toLane64(message, rr, 64) - SHA3.S[21] ^= SHA3.toLane64(message, rr, 72) - SHA3.S[ 2] ^= SHA3.toLane64(message, rr, 80) - SHA3.S[ 7] ^= SHA3.toLane64(message, rr, 88) - SHA3.S[12] ^= SHA3.toLane64(message, rr, 96) - SHA3.S[17] ^= SHA3.toLane64(message, rr, 104) - SHA3.S[22] ^= SHA3.toLane64(message, rr, 112) - SHA3.S[ 3] ^= SHA3.toLane64(message, rr, 120) - SHA3.S[ 8] ^= SHA3.toLane64(message, rr, 128) - SHA3.S[13] ^= SHA3.toLane64(message, rr, 136) - SHA3.S[18] ^= SHA3.toLane64(message, rr, 144) - SHA3.S[23] ^= SHA3.toLane64(message, rr, 152) - SHA3.S[ 4] ^= SHA3.toLane64(message, rr, 160) - SHA3.S[ 9] ^= SHA3.toLane64(message, rr, 168) - SHA3.S[14] ^= SHA3.toLane64(message, rr, 176) - SHA3.S[19] ^= SHA3.toLane64(message, rr, 184) - SHA3.S[24] ^= SHA3.toLane64(message, rr, 192) - SHA3.keccakF(SHA3.S) + self.S[ 0] ^= SHA3.toLane64(message, rr, 0) + self.S[ 5] ^= SHA3.toLane64(message, rr, 8) + self.S[10] ^= SHA3.toLane64(message, rr, 16) + self.S[15] ^= SHA3.toLane64(message, rr, 24) + self.S[20] ^= SHA3.toLane64(message, rr, 32) + self.S[ 1] ^= SHA3.toLane64(message, rr, 40) + self.S[ 6] ^= SHA3.toLane64(message, rr, 48) + self.S[11] ^= SHA3.toLane64(message, rr, 56) + self.S[16] ^= SHA3.toLane64(message, rr, 64) + self.S[21] ^= SHA3.toLane64(message, rr, 72) + self.S[ 2] ^= SHA3.toLane64(message, rr, 80) + self.S[ 7] ^= SHA3.toLane64(message, rr, 88) + self.S[12] ^= SHA3.toLane64(message, rr, 96) + self.S[17] ^= SHA3.toLane64(message, rr, 104) + self.S[22] ^= SHA3.toLane64(message, rr, 112) + self.S[ 3] ^= SHA3.toLane64(message, rr, 120) + self.S[ 8] ^= SHA3.toLane64(message, rr, 128) + self.S[13] ^= SHA3.toLane64(message, rr, 136) + self.S[18] ^= SHA3.toLane64(message, rr, 144) + self.S[23] ^= SHA3.toLane64(message, rr, 152) + self.S[ 4] ^= SHA3.toLane64(message, rr, 160) + self.S[ 9] ^= SHA3.toLane64(message, rr, 168) + self.S[14] ^= SHA3.toLane64(message, rr, 176) + self.S[19] ^= SHA3.toLane64(message, rr, 184) + self.S[24] ^= SHA3.toLane64(message, rr, 192) + self.keccakF(self.S) message = message[rr:] else: for i in range(0, nnn, rr): - SHA3.S[ 0] ^= SHA3.toLane(message, rr, ww, 0) - SHA3.S[ 5] ^= SHA3.toLane(message, rr, ww, ww) - SHA3.S[10] ^= SHA3.toLane(message, rr, ww, 2 * ww) - SHA3.S[15] ^= SHA3.toLane(message, rr, ww, 3 * ww) - SHA3.S[20] ^= SHA3.toLane(message, rr, ww, 4 * ww) - SHA3.S[ 1] ^= SHA3.toLane(message, rr, ww, 5 * ww) - SHA3.S[ 6] ^= SHA3.toLane(message, rr, ww, 6 * ww) - SHA3.S[11] ^= SHA3.toLane(message, rr, ww, 7 * ww) - SHA3.S[16] ^= SHA3.toLane(message, rr, ww, 8 * ww) - SHA3.S[21] ^= SHA3.toLane(message, rr, ww, 9 * ww) - SHA3.S[ 2] ^= SHA3.toLane(message, rr, ww, 10 * ww) - SHA3.S[ 7] ^= SHA3.toLane(message, rr, ww, 11 * ww) - SHA3.S[12] ^= SHA3.toLane(message, rr, ww, 12 * ww) - SHA3.S[17] ^= SHA3.toLane(message, rr, ww, 13 * ww) - SHA3.S[22] ^= SHA3.toLane(message, rr, ww, 14 * ww) - SHA3.S[ 3] ^= SHA3.toLane(message, rr, ww, 15 * ww) - SHA3.S[ 8] ^= SHA3.toLane(message, rr, ww, 16 * ww) - SHA3.S[13] ^= SHA3.toLane(message, rr, ww, 17 * ww) - SHA3.S[18] ^= SHA3.toLane(message, rr, ww, 18 * ww) - SHA3.S[23] ^= SHA3.toLane(message, rr, ww, 19 * ww) - SHA3.S[ 4] ^= SHA3.toLane(message, rr, ww, 20 * ww) - SHA3.S[ 9] ^= SHA3.toLane(message, rr, ww, 21 * ww) - SHA3.S[14] ^= SHA3.toLane(message, rr, ww, 22 * ww) - SHA3.S[19] ^= SHA3.toLane(message, rr, ww, 23 * ww) - SHA3.S[24] ^= SHA3.toLane(message, rr, ww, 24 * ww) + self.S[ 0] ^= SHA3.toLane(message, rr, ww, 0) + self.S[ 5] ^= SHA3.toLane(message, rr, ww, ww) + self.S[10] ^= SHA3.toLane(message, rr, ww, 2 * ww) + self.S[15] ^= SHA3.toLane(message, rr, ww, 3 * ww) + self.S[20] ^= SHA3.toLane(message, rr, ww, 4 * ww) + self.S[ 1] ^= SHA3.toLane(message, rr, ww, 5 * ww) + self.S[ 6] ^= SHA3.toLane(message, rr, ww, 6 * ww) + self.S[11] ^= SHA3.toLane(message, rr, ww, 7 * ww) + self.S[16] ^= SHA3.toLane(message, rr, ww, 8 * ww) + self.S[21] ^= SHA3.toLane(message, rr, ww, 9 * ww) + self.S[ 2] ^= SHA3.toLane(message, rr, ww, 10 * ww) + self.S[ 7] ^= SHA3.toLane(message, rr, ww, 11 * ww) + self.S[12] ^= SHA3.toLane(message, rr, ww, 12 * ww) + self.S[17] ^= SHA3.toLane(message, rr, ww, 13 * ww) + self.S[22] ^= SHA3.toLane(message, rr, ww, 14 * ww) + self.S[ 3] ^= SHA3.toLane(message, rr, ww, 15 * ww) + self.S[ 8] ^= SHA3.toLane(message, rr, ww, 16 * ww) + self.S[13] ^= SHA3.toLane(message, rr, ww, 17 * ww) + self.S[18] ^= SHA3.toLane(message, rr, ww, 18 * ww) + self.S[23] ^= SHA3.toLane(message, rr, ww, 19 * ww) + self.S[ 4] ^= SHA3.toLane(message, rr, ww, 20 * ww) + self.S[ 9] ^= SHA3.toLane(message, rr, ww, 21 * ww) + self.S[14] ^= SHA3.toLane(message, rr, ww, 22 * ww) + self.S[19] ^= SHA3.toLane(message, rr, ww, 23 * ww) + self.S[24] ^= SHA3.toLane(message, rr, ww, 24 * ww) message = message[rr:] - SHA3.keccakF(SHA3.S) + self.keccakF(self.S) # Squeezing phase if withReturn: - rc = [0] * ((SHA3.n + 7) >> 3) + rc = [0] * ((self.n + 7) >> 3) ptr = 0 - olen = SHA3.n + olen = self.n j = 0 ni = min(25, rr) while olen > 0: i = 0 while (i < ni) and (j < nn): - v = SHA3.S[(i % 5) * 5 + i // 5] + v = self.S[(i % 5) * 5 + i // 5] for _ in range(ww): if j < nn: rc[ptr] = v & 255 @@ -553,65 +548,65 @@ class SHA3: v >>= 8 j += 1 i += 1 - olen -= SHA3.r + olen -= self.r if olen > 0: - SHA3.keccakF(SHA3.S) - if (SHA3.n & 7) != 0: - rc[len(rc) - 1] &= (1 << (SHA3.n & 7)) - 1 + self.keccakF(self.S) + if (self.n & 7) != 0: + rc[len(rc) - 1] &= (1 << (self.n & 7)) - 1 return bytes(rc) - olen = SHA3.n - while olen > SHA3.r: - olen -= SHA3.r - SHA3.keccakF(SHA3.S) + olen = self.n + while olen > self.r: + olen -= self.r + self.keccakF(self.S) return None - def simpleSqueeze(times = 1): + def simpleSqueeze(self, times = 1): ''' Force some rounds of Keccak-f @param times:int The number of rounds ''' for i in range(times): - SHA3.keccakF(SHA3.S) + self.keccakF(self.S) - def fastSqueeze(times = 1): + def fastSqueeze(self, times = 1): ''' Squeeze as much as is needed to get a digest a number of times @param times:int The number of digests ''' for i in range(times): - SHA3.keccakF(SHA3.S) # Last squeeze did not do a ending squeeze - olen = SHA3.n - while olen > SHA3.r: - olen -= SHA3.r - SHA3.keccakF(SHA3.S) + self.keccakF(self.S) # Last squeeze did not do a ending squeeze + olen = self.n + while olen > self.r: + olen -= self.r + self.keccakF(self.S) - def squeeze(): + def squeeze(self): ''' Squeeze out another digest @return :bytes The hash sum ''' - SHA3.keccakF(SHA3.S) # Last squeeze did not do a ending squeeze + self.keccakF(self.S) # Last squeeze did not do a ending squeeze - nn = (SHA3.n + 7) >> 3 - ww = SHA3.w >> 3 + nn = (self.n + 7) >> 3 + ww = self.w >> 3 rc = [0] * nn - olen = SHA3.n + olen = self.n j = 0 ptr = 0 - ni = min(25, SHA3.r >> 3) + ni = min(25, self.r >> 3) while olen > 0: i = 0 while (i < ni) and (j < nn): - v = SHA3.S[(i % 5) * 5 + i // 5] + v = self.S[(i % 5) * 5 + i // 5] for _ in range(ww): if j < nn: rc[ptr] = v @@ -619,12 +614,12 @@ class SHA3: v >>= 8 j += 1 i += 1 - olen -= SHA3.r + olen -= self.r if olen > 0: - SHA3.keccakF(SHA3.S) + self.keccakF(self.S) - if (SHA3.n & 7) != 0: - rc[len(rc) - 1] &= (1 << (SHA3.n & 7)) - 1 + if (self.n & 7) != 0: + rc[len(rc) - 1] &= (1 << (self.n & 7)) - 1 return bytes(rc) |