From 6989496981ef818257b519144bf0ce8dff9358d1 Mon Sep 17 00:00:00 2001 From: Mattias Andrée Date: Tue, 5 Feb 2013 01:10:43 +0100 Subject: move inte directories based on language MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mattias Andrée --- SHA3.java | 678 ------------------------------------------------- java/SHA3.java | 678 +++++++++++++++++++++++++++++++++++++++++++++++++ java/sha3sum.java | 257 +++++++++++++++++++ python3/sha3sum.py | 726 +++++++++++++++++++++++++++++++++++++++++++++++++++++ sha3sum.java | 257 ------------------- sha3sum.py | 726 ----------------------------------------------------- 6 files changed, 1661 insertions(+), 1661 deletions(-) delete mode 100644 SHA3.java create mode 100644 java/SHA3.java create mode 100644 java/sha3sum.java create mode 100755 python3/sha3sum.py delete mode 100644 sha3sum.java delete mode 100755 sha3sum.py diff --git a/SHA3.java b/SHA3.java deleted file mode 100644 index bb1daf9..0000000 --- a/SHA3.java +++ /dev/null @@ -1,678 +0,0 @@ -/** - * sha3sum – SHA-3 (Keccak) checksum calculator - * - * Copyright © 2013 Mattias Andrée (maandree@member.fsf.org) - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - - -/** - * SHA-3/Keccak hash algorithm implementation - * - * @author Mattias Andrée maandree@member.fsf.org - */ -public class SHA3 -{ - private static String hex(long x) - { - String a = "00000000" + Long.toString((x >>> 32) & ((1L << 32) - 1), 16); - String b = "00000000" + Long.toString(x & ((1L << 32) - 1), 16); - a = a.substring(a.length() - 8); - b = b.substring(b.length() - 8); - return a + b; - } - /** - * Round contants - */ - private static final long[] RC = { - 0x0000000000000001L, 0x0000000000008082L, 0x800000000000808AL, 0x8000000080008000L, - 0x000000000000808BL, 0x0000000080000001L, 0x8000000080008081L, 0x8000000000008009L, - 0x000000000000008AL, 0x0000000000000088L, 0x0000000080008009L, 0x000000008000000AL, - 0x000000008000808BL, 0x800000000000008BL, 0x8000000000008089L, 0x8000000000008003L, - 0x8000000000008002L, 0x8000000000000080L, 0x000000000000800AL, 0x800000008000000AL, - 0x8000000080008081L, 0x8000000000008080L, 0x0000000080000001L, 0x8000000080008008L}; - - /** - * Keccak-f round temporary - */ - private static long[] B = new long[25]; - - /** - * Keccak-f round temporary - */ - private static long[] C = new long[5]; - - - /** - * The bitrate - */ - private static int r = 0; - - /** - * The capacity - */ - private static int c = 0; - - /** - * The output size - */ - private static int n = 0; - - /** - * The state size - */ - private static int b = 0; - - /** - * The word size - */ - private static int w = 0; - - /** - * The word mask - */ - private static long wmod = 0; - - /** - * ℓ, the binary logarithm of the word size - */ - private static int l = 0; - - /** - * 12 + 2ℓ, the number of rounds - */ - private static int nr = 0; - - - /** - * The current state - */ - private static long[] S = null; - - /** - * Left over water to fill the sponge with at next update - */ - private static byte[] M = null; - - /** - * Pointer for {@link #M} - */ - private static int mptr = 0; - - - - /** - * Hidden constructor - */ - private SHA3() - { - // Inhibit instansiation - } - - - - /** - * Rotate a word - * - * @param x The value to rotate - * @param n Rotation steps, may not be 0 - * @return The value rotated - */ - private static long rotate(long x, int n) - { - long m = n % SHA3.w; - return ((x >>> (SHA3.w - m)) + (x << m)) & SHA3.wmod; - } - - - /** - * Rotate a 64-bit word - * - * @param x The value to rotate - * @param n Rotation steps, may not be 0 - * @return The value rotated - */ - private static long rotate64(long x, int n) - { - return (x >>> (SHA3.w - n)) + (x << n); - } - - - /** - * Binary logarithm - * - * @param x The value of which to calculate the binary logarithm - * @return The binary logarithm - */ - private static int lb(int x) - { - return (((x & 0xFF00) == 0 ? 0 : 8) + - ((x & 0xF0F0) == 0 ? 0 : 4)) + - (((x & 0xCCCC) == 0 ? 0 : 2) + - ((x & 0xAAAA) == 0 ? 0 : 1)); - } - - /** - * Perform one round of computation - * - * @param A The current state - * @param rc Round constant - */ - private static void keccakFRound(long[] A, long rc) - { - if (SHA3.w == 64) - { - /* θ step (step 1 and 2 of 3) */ - SHA3.C[0] = (A[0] ^ A[1]) ^ (A[2] ^ A[3]) ^ A[4]; - SHA3.C[2] = (A[10] ^ A[11]) ^ (A[12] ^ A[13]) ^ A[14]; - long db = SHA3.C[0] ^ SHA3.rotate64(SHA3.C[2], 1); - SHA3.C[4] = (A[20] ^ A[21]) ^ (A[22] ^ A[23]) ^ A[24]; - long dd = SHA3.C[2] ^ SHA3.rotate64(SHA3.C[4], 1); - SHA3.C[1] = (A[5] ^ A[6]) ^ (A[7] ^ A[8]) ^ A[9]; - long da = SHA3.C[4] ^ SHA3.rotate64(SHA3.C[1], 1); - SHA3.C[3] = (A[15] ^ A[16]) ^ (A[17] ^ A[18]) ^ A[19]; - long dc = SHA3.C[1] ^ SHA3.rotate64(SHA3.C[3], 1); - long de = SHA3.C[3] ^ SHA3.rotate64(SHA3.C[0], 1); - - /* ρ and π steps, with last part of θ */ - SHA3.B[0] = A[0] ^ da; - SHA3.B[1] = SHA3.rotate64(A[15] ^ dd, 28); - SHA3.B[2] = SHA3.rotate64(A[5] ^ db, 1); - SHA3.B[3] = SHA3.rotate64(A[20] ^ de, 27); - SHA3.B[4] = SHA3.rotate64(A[10] ^ dc, 62); - - SHA3.B[5] = SHA3.rotate64(A[6] ^ db, 44); - SHA3.B[6] = SHA3.rotate64(A[21] ^ de, 20); - SHA3.B[7] = SHA3.rotate64(A[11] ^ dc, 6); - SHA3.B[8] = SHA3.rotate64(A[1] ^ da, 36); - SHA3.B[9] = SHA3.rotate64(A[16] ^ dd, 55); - - SHA3.B[10] = SHA3.rotate64(A[12] ^ dc, 43); - SHA3.B[11] = SHA3.rotate64(A[2] ^ da, 3); - SHA3.B[12] = SHA3.rotate64(A[17] ^ dd, 25); - SHA3.B[13] = SHA3.rotate64(A[7] ^ db, 10); - SHA3.B[14] = SHA3.rotate64(A[22] ^ de, 39); - - SHA3.B[15] = SHA3.rotate64(A[18] ^ dd, 21); - SHA3.B[16] = SHA3.rotate64(A[8] ^ db, 45); - SHA3.B[17] = SHA3.rotate64(A[23] ^ de, 8); - SHA3.B[18] = SHA3.rotate64(A[13] ^ dc, 15); - SHA3.B[19] = SHA3.rotate64(A[3] ^ da, 41); - - SHA3.B[20] = SHA3.rotate64(A[24] ^ de, 14); - SHA3.B[21] = SHA3.rotate64(A[14] ^ dc, 61); - SHA3.B[22] = SHA3.rotate64(A[4] ^ da, 18); - SHA3.B[23] = SHA3.rotate64(A[19] ^ dd, 56); - SHA3.B[24] = SHA3.rotate64(A[9] ^ db, 2); - } - else - { - /* θ step (step 1 and 2 of 3) */ - SHA3.C[0] = (A[0] ^ A[1]) ^ (A[2] ^ A[3]) ^ A[4]; - SHA3.C[2] = (A[10] ^ A[11]) ^ (A[12] ^ A[13]) ^ A[14]; - long db = SHA3.C[0] ^ SHA3.rotate(SHA3.C[2], 1); - SHA3.C[4] = (A[20] ^ A[21]) ^ (A[22] ^ A[23]) ^ A[24]; - long dd = SHA3.C[2] ^ SHA3.rotate(SHA3.C[4], 1); - SHA3.C[1] = (A[5] ^ A[6]) ^ (A[7] ^ A[8]) ^ A[9]; - long da = SHA3.C[4] ^ SHA3.rotate(SHA3.C[1], 1); - SHA3.C[3] = (A[15] ^ A[16]) ^ (A[17] ^ A[18]) ^ A[19]; - long dc = SHA3.C[1] ^ SHA3.rotate(SHA3.C[3], 1); - long de = SHA3.C[3] ^ SHA3.rotate(SHA3.C[0], 1); - - /*ρ and π steps, with last part of θ */ - SHA3.B[0] = A[0] ^ da; - SHA3.B[1] = SHA3.rotate(A[15] ^ dd, 28); - SHA3.B[2] = SHA3.rotate(A[5] ^ db, 1); - SHA3.B[3] = SHA3.rotate(A[20] ^ de, 27); - SHA3.B[4] = SHA3.rotate(A[10] ^ dc, 62); - - SHA3.B[5] = SHA3.rotate(A[6] ^ db, 44); - SHA3.B[6] = SHA3.rotate(A[21] ^ de, 20); - SHA3.B[7] = SHA3.rotate(A[11] ^ dc, 6); - SHA3.B[8] = SHA3.rotate(A[1] ^ da, 36); - SHA3.B[9] = SHA3.rotate(A[16] ^ dd, 55); - - SHA3.B[10] = SHA3.rotate(A[12] ^ dc, 43); - SHA3.B[11] = SHA3.rotate(A[2] ^ da, 3); - SHA3.B[12] = SHA3.rotate(A[17] ^ dd, 25); - SHA3.B[13] = SHA3.rotate(A[7] ^ db, 10); - SHA3.B[14] = SHA3.rotate(A[22] ^ de, 39); - - SHA3.B[15] = SHA3.rotate(A[18] ^ dd, 21); - SHA3.B[16] = SHA3.rotate(A[8] ^ db, 45); - SHA3.B[17] = SHA3.rotate(A[23] ^ de, 8); - SHA3.B[18] = SHA3.rotate(A[13] ^ dc, 15); - SHA3.B[19] = SHA3.rotate(A[3] ^ da, 41); - - SHA3.B[20] = SHA3.rotate(A[24] ^ de, 14); - SHA3.B[21] = SHA3.rotate(A[14] ^ dc, 61); - SHA3.B[22] = SHA3.rotate(A[4] ^ da, 18); - SHA3.B[23] = SHA3.rotate(A[19] ^ dd, 56); - SHA3.B[24] = SHA3.rotate(A[9] ^ db, 2); - } - - /* ξ step */ - A[0] = SHA3.B[0] ^ ((~(SHA3.B[5])) & SHA3.B[10]); - A[1] = SHA3.B[1] ^ ((~(SHA3.B[6])) & SHA3.B[11]); - A[2] = SHA3.B[2] ^ ((~(SHA3.B[7])) & SHA3.B[12]); - A[3] = SHA3.B[3] ^ ((~(SHA3.B[8])) & SHA3.B[13]); - A[4] = SHA3.B[4] ^ ((~(SHA3.B[9])) & SHA3.B[14]); - - A[5] = SHA3.B[5] ^ ((~(SHA3.B[10])) & SHA3.B[15]); - A[6] = SHA3.B[6] ^ ((~(SHA3.B[11])) & SHA3.B[16]); - A[7] = SHA3.B[7] ^ ((~(SHA3.B[12])) & SHA3.B[17]); - A[8] = SHA3.B[8] ^ ((~(SHA3.B[13])) & SHA3.B[18]); - A[9] = SHA3.B[9] ^ ((~(SHA3.B[14])) & SHA3.B[19]); - - A[10] = SHA3.B[10] ^ ((~(SHA3.B[15])) & SHA3.B[20]); - A[11] = SHA3.B[11] ^ ((~(SHA3.B[16])) & SHA3.B[21]); - A[12] = SHA3.B[12] ^ ((~(SHA3.B[17])) & SHA3.B[22]); - A[13] = SHA3.B[13] ^ ((~(SHA3.B[18])) & SHA3.B[23]); - A[14] = SHA3.B[14] ^ ((~(SHA3.B[19])) & SHA3.B[24]); - - A[15] = SHA3.B[15] ^ ((~(SHA3.B[20])) & SHA3.B[0]); - A[16] = SHA3.B[16] ^ ((~(SHA3.B[21])) & SHA3.B[1]); - A[17] = SHA3.B[17] ^ ((~(SHA3.B[22])) & SHA3.B[2]); - A[18] = SHA3.B[18] ^ ((~(SHA3.B[23])) & SHA3.B[3]); - A[19] = SHA3.B[19] ^ ((~(SHA3.B[24])) & SHA3.B[4]); - - A[20] = SHA3.B[20] ^ ((~(SHA3.B[0])) & SHA3.B[5]); - A[21] = SHA3.B[21] ^ ((~(SHA3.B[1])) & SHA3.B[6]); - A[22] = SHA3.B[22] ^ ((~(SHA3.B[2])) & SHA3.B[7]); - A[23] = SHA3.B[23] ^ ((~(SHA3.B[3])) & SHA3.B[8]); - A[24] = SHA3.B[24] ^ ((~(SHA3.B[4])) & SHA3.B[9]); - - /* ι step */ - A[0] ^= rc; - } - - - /** - * Perform Keccak-f function - * - * @param A The current state - */ - private static void keccakF(long[] A) - { - if (SHA3.nr == 24) - { - SHA3.keccakFRound(A, 0x0000000000000001L); - SHA3.keccakFRound(A, 0x0000000000008082L); - SHA3.keccakFRound(A, 0x800000000000808AL); - SHA3.keccakFRound(A, 0x8000000080008000L); - SHA3.keccakFRound(A, 0x000000000000808BL); - SHA3.keccakFRound(A, 0x0000000080000001L); - SHA3.keccakFRound(A, 0x8000000080008081L); - SHA3.keccakFRound(A, 0x8000000000008009L); - SHA3.keccakFRound(A, 0x000000000000008AL); - SHA3.keccakFRound(A, 0x0000000000000088L); - SHA3.keccakFRound(A, 0x0000000080008009L); - SHA3.keccakFRound(A, 0x000000008000000AL); - SHA3.keccakFRound(A, 0x000000008000808BL); - SHA3.keccakFRound(A, 0x800000000000008BL); - SHA3.keccakFRound(A, 0x8000000000008089L); - SHA3.keccakFRound(A, 0x8000000000008003L); - SHA3.keccakFRound(A, 0x8000000000008002L); - SHA3.keccakFRound(A, 0x8000000000000080L); - SHA3.keccakFRound(A, 0x000000000000800AL); - SHA3.keccakFRound(A, 0x800000008000000AL); - SHA3.keccakFRound(A, 0x8000000080008081L); - SHA3.keccakFRound(A, 0x8000000000008080L); - SHA3.keccakFRound(A, 0x0000000080000001L); - SHA3.keccakFRound(A, 0x8000000080008008L); - } - else - for (int i = 0; i < SHA3.nr; i++) - SHA3.keccakFRound(A, SHA3.RC[i] & SHA3.wmod); - } - - - /** - * Convert a chunk of byte:s to a word - * - * @param message The message - * @param rr Bitrate in bytes - * @param ww Word size in bytes - * @param off The offset in the message - * @return Lane - */ - private static long toLane(byte[] message, int rr, int ww, int off) - { - long rc = 0; - int n = Math.min(message.length, rr); - for (int i = off + ww - 1; i >= off; i--) - rc = (rc << 8) | ((i < n) ? (long)(message[i] & 255) : 0L); - return rc; - } - - - /** - * Convert a chunk of byte:s to a 64-bit word - * - * @param message The message - * @param rr Bitrate in bytes - * @param off The offset in the message - * @return Lane - */ - private static long toLane64(byte[] message, int rr, int off) - { - int n = Math.min(message.length, rr); - return ((off + 7 < n) ? ((long)(message[off + 7] & 255) << 56) : 0L) | - ((off + 6 < n) ? ((long)(message[off + 6] & 255) << 48) : 0L) | - ((off + 5 < n) ? ((long)(message[off + 5] & 255) << 40) : 0L) | - ((off + 4 < n) ? ((long)(message[off + 4] & 255) << 32) : 0L) | - ((off + 3 < n) ? ((long)(message[off + 3] & 255) << 24) : 0L) | - ((off + 2 < n) ? ((long)(message[off + 2] & 255) << 16) : 0L) | - ((off + 1 < n) ? ((long)(message[off + 1] & 255) << 8) : 0L) | - ((off < n) ? ((long)(message[off] & 255)) : 0L); - } - - - /** - * pad 10*1 - * - * @param msg The message to pad - * @parm len The length of the message - * @param r The bitrate - * @return The message padded - */ - private static byte[] pad10star1(byte[] msg, int len, int r) - { - int nrf = len >> 3; - int nbrf = len & 7; - int ll = len % r; - - byte b = (byte)(nbrf == 0 ? 1 : ((msg[nrf] >> (8 - nbrf)) | (1 << nbrf))); - - byte[] message; - if ((r - 8 <= ll) && (ll <= r - 2)) - { - message = new byte[len = nrf + 1]; - message[nrf] = (byte)(b ^ 128); - } - else - { - len = (nrf + 1) << 3; - len = ((len - (len % r) + (r - 8)) >> 3) + 1; - message = new byte[len]; - message[nrf] = b; - //for (long i = nrf + 1; i < len; i++) - // message[i + nrf] = 0; - message[len - 1] = -128; - } - for (int i = 0; i < nrf; i++) - message[i] = msg[i]; - - return message; - } - - - /** - * Initialise Keccak sponge - * - * @param r The bitrate - * @param c The capacity - * @param n The output size - */ - public static void initialise(int r, int c, int n) - { - SHA3.r = r; - SHA3.c = c; - SHA3.n = n; - SHA3.b = r + c; - SHA3.w = SHA3.b / 25; - SHA3.l = SHA3.lb(SHA3.w); - SHA3.nr = 12 + (SHA3.l << 1); - SHA3.wmod = (1L << SHA3.w) - 1L; - SHA3.S = new long[25]; - SHA3.M = new byte[(SHA3.r * SHA3.b) >> 2]; - SHA3.mptr = 0; - } - - - /** - * Absorb the more of the message message to the Keccak sponge - * - * @param msg The partial message - */ - public static void update(byte[] msg) - { - update(msg, msg.length); - } - - - /** - * Absorb the more of the message message to the Keccak sponge - * - * @param msg The partial message - * @param msglen The length of the partial message - */ - public static void update(byte[] msg, int msglen) - { - int rr = SHA3.r >> 3; - int ww = SHA3.w >> 3; - - if (SHA3.mptr + msglen > SHA3.M.length) - System.arraycopy(SHA3.M, 0, SHA3.M = new byte[(SHA3.M.length + msglen) << 1], 0, SHA3.mptr); - System.arraycopy(msg, 0, SHA3.M, SHA3.mptr, msglen); - int len = SHA3.mptr += msglen; - len -= len % ((SHA3.r * SHA3.b) >> 3); - byte[] message; - System.arraycopy(SHA3.M, 0, message = new byte[len], 0, len); - System.arraycopy(SHA3.M, len, SHA3.M, 0, SHA3.mptr -= len); - - /* Absorbing phase */ - if (ww == 8) - for (int i = 0; i < len; i += rr) - { - SHA3.S[ 0] ^= SHA3.toLane64(message, rr, i + 0); - SHA3.S[ 5] ^= SHA3.toLane64(message, rr, i + 8); - SHA3.S[10] ^= SHA3.toLane64(message, rr, i + 16); - SHA3.S[15] ^= SHA3.toLane64(message, rr, i + 24); - SHA3.S[20] ^= SHA3.toLane64(message, rr, i + 32); - SHA3.S[ 1] ^= SHA3.toLane64(message, rr, i + 40); - SHA3.S[ 6] ^= SHA3.toLane64(message, rr, i + 48); - SHA3.S[11] ^= SHA3.toLane64(message, rr, i + 56); - SHA3.S[16] ^= SHA3.toLane64(message, rr, i + 64); - SHA3.S[21] ^= SHA3.toLane64(message, rr, i + 72); - SHA3.S[ 2] ^= SHA3.toLane64(message, rr, i + 80); - SHA3.S[ 7] ^= SHA3.toLane64(message, rr, i + 88); - SHA3.S[12] ^= SHA3.toLane64(message, rr, i + 96); - SHA3.S[17] ^= SHA3.toLane64(message, rr, i + 104); - SHA3.S[22] ^= SHA3.toLane64(message, rr, i + 112); - SHA3.S[ 3] ^= SHA3.toLane64(message, rr, i + 120); - SHA3.S[ 8] ^= SHA3.toLane64(message, rr, i + 128); - SHA3.S[13] ^= SHA3.toLane64(message, rr, i + 136); - SHA3.S[18] ^= SHA3.toLane64(message, rr, i + 144); - SHA3.S[23] ^= SHA3.toLane64(message, rr, i + 152); - SHA3.S[ 4] ^= SHA3.toLane64(message, rr, i + 160); - SHA3.S[ 9] ^= SHA3.toLane64(message, rr, i + 168); - SHA3.S[14] ^= SHA3.toLane64(message, rr, i + 176); - SHA3.S[19] ^= SHA3.toLane64(message, rr, i + 184); - SHA3.S[24] ^= SHA3.toLane64(message, rr, i + 192); - SHA3.keccakF(SHA3.S); - } - else - for (int i = 0; i < len; i += rr) - { - SHA3.S[ 0] ^= SHA3.toLane(message, rr, ww, i + 0 ); - SHA3.S[ 5] ^= SHA3.toLane(message, rr, ww, i + w); - SHA3.S[10] ^= SHA3.toLane(message, rr, ww, i + 2 * w); - SHA3.S[15] ^= SHA3.toLane(message, rr, ww, i + 3 * w); - SHA3.S[20] ^= SHA3.toLane(message, rr, ww, i + 4 * w); - SHA3.S[ 1] ^= SHA3.toLane(message, rr, ww, i + 5 * w); - SHA3.S[ 6] ^= SHA3.toLane(message, rr, ww, i + 6 * w); - SHA3.S[11] ^= SHA3.toLane(message, rr, ww, i + 7 * w); - SHA3.S[16] ^= SHA3.toLane(message, rr, ww, i + 8 * w); - SHA3.S[21] ^= SHA3.toLane(message, rr, ww, i + 9 * w); - SHA3.S[ 2] ^= SHA3.toLane(message, rr, ww, i + 10 * w); - SHA3.S[ 7] ^= SHA3.toLane(message, rr, ww, i + 11 * w); - SHA3.S[12] ^= SHA3.toLane(message, rr, ww, i + 12 * w); - SHA3.S[17] ^= SHA3.toLane(message, rr, ww, i + 13 * w); - SHA3.S[22] ^= SHA3.toLane(message, rr, ww, i + 14 * w); - SHA3.S[ 3] ^= SHA3.toLane(message, rr, ww, i + 15 * w); - SHA3.S[ 8] ^= SHA3.toLane(message, rr, ww, i + 16 * w); - SHA3.S[13] ^= SHA3.toLane(message, rr, ww, i + 17 * w); - SHA3.S[18] ^= SHA3.toLane(message, rr, ww, i + 18 * w); - SHA3.S[23] ^= SHA3.toLane(message, rr, ww, i + 19 * w); - SHA3.S[ 4] ^= SHA3.toLane(message, rr, ww, i + 20 * w); - SHA3.S[ 9] ^= SHA3.toLane(message, rr, ww, i + 21 * w); - SHA3.S[14] ^= SHA3.toLane(message, rr, ww, i + 22 * w); - SHA3.S[19] ^= SHA3.toLane(message, rr, ww, i + 23 * w); - SHA3.S[24] ^= SHA3.toLane(message, rr, ww, i + 24 * w); - SHA3.keccakF(SHA3.S); - } - } - - - /** - * Squeeze the Keccak sponge - */ - public static byte[] digest() - { - return digest(null); - } - - - /** - * Absorb the last part of the message and squeeze the Keccak sponge - * - * @param msg The rest of the message - */ - public static byte[] digest(byte[] msg) - { - return digest(msg, msg == null ? 0 : msg.length); - } - - - /** - * Absorb the last part of the message and squeeze the Keccak sponge - * - * @param msg The rest of the message - * @param msglen The length of the partial message - */ - public static byte[] digest(byte[] msg, int msglen) - { - byte[] message; - if ((msg == null) || (msglen == 0)) - message = SHA3.pad10star1(SHA3.M, SHA3.mptr, SHA3.r); - else - { - if (SHA3.mptr + msglen > SHA3.M.length) - System.arraycopy(SHA3.M, 0, SHA3.M = new byte[SHA3.M.length + msglen], 0, SHA3.mptr); - System.arraycopy(msg, 0, SHA3.M, SHA3.mptr, msglen); - message = SHA3.pad10star1(SHA3.M, SHA3.mptr + msglen, SHA3.r); - } - SHA3.M = null; - int len = message.length; - byte[] rc = new byte[(SHA3.n + 7) >> 3]; - int ptr = 0; - - int rr = SHA3.r >> 3; - int nn = SHA3.n >> 3; - int ww = SHA3.w >> 3; - - /* Absorbing phase */ - if (ww == 8) - for (int i = 0; i < len; i += rr) - { - SHA3.S[ 0] ^= SHA3.toLane64(message, rr, i + 0); - SHA3.S[ 5] ^= SHA3.toLane64(message, rr, i + 8); - SHA3.S[10] ^= SHA3.toLane64(message, rr, i + 16); - SHA3.S[15] ^= SHA3.toLane64(message, rr, i + 24); - SHA3.S[20] ^= SHA3.toLane64(message, rr, i + 32); - SHA3.S[ 1] ^= SHA3.toLane64(message, rr, i + 40); - SHA3.S[ 6] ^= SHA3.toLane64(message, rr, i + 48); - SHA3.S[11] ^= SHA3.toLane64(message, rr, i + 56); - SHA3.S[16] ^= SHA3.toLane64(message, rr, i + 64); - SHA3.S[21] ^= SHA3.toLane64(message, rr, i + 72); - SHA3.S[ 2] ^= SHA3.toLane64(message, rr, i + 80); - SHA3.S[ 7] ^= SHA3.toLane64(message, rr, i + 88); - SHA3.S[12] ^= SHA3.toLane64(message, rr, i + 96); - SHA3.S[17] ^= SHA3.toLane64(message, rr, i + 104); - SHA3.S[22] ^= SHA3.toLane64(message, rr, i + 112); - SHA3.S[ 3] ^= SHA3.toLane64(message, rr, i + 120); - SHA3.S[ 8] ^= SHA3.toLane64(message, rr, i + 128); - SHA3.S[13] ^= SHA3.toLane64(message, rr, i + 136); - SHA3.S[18] ^= SHA3.toLane64(message, rr, i + 144); - SHA3.S[23] ^= SHA3.toLane64(message, rr, i + 152); - SHA3.S[ 4] ^= SHA3.toLane64(message, rr, i + 160); - SHA3.S[ 9] ^= SHA3.toLane64(message, rr, i + 168); - SHA3.S[14] ^= SHA3.toLane64(message, rr, i + 176); - SHA3.S[19] ^= SHA3.toLane64(message, rr, i + 184); - SHA3.S[24] ^= SHA3.toLane64(message, rr, i + 192); - SHA3.keccakF(SHA3.S); - } - else - for (int i = 0; i < len; i += rr) - { - SHA3.S[ 0] ^= SHA3.toLane(message, rr, ww, i + 0 ); - SHA3.S[ 5] ^= SHA3.toLane(message, rr, ww, i + w); - SHA3.S[10] ^= SHA3.toLane(message, rr, ww, i + 2 * w); - SHA3.S[15] ^= SHA3.toLane(message, rr, ww, i + 3 * w); - SHA3.S[20] ^= SHA3.toLane(message, rr, ww, i + 4 * w); - SHA3.S[ 1] ^= SHA3.toLane(message, rr, ww, i + 5 * w); - SHA3.S[ 6] ^= SHA3.toLane(message, rr, ww, i + 6 * w); - SHA3.S[11] ^= SHA3.toLane(message, rr, ww, i + 7 * w); - SHA3.S[16] ^= SHA3.toLane(message, rr, ww, i + 8 * w); - SHA3.S[21] ^= SHA3.toLane(message, rr, ww, i + 9 * w); - SHA3.S[ 2] ^= SHA3.toLane(message, rr, ww, i + 10 * w); - SHA3.S[ 7] ^= SHA3.toLane(message, rr, ww, i + 11 * w); - SHA3.S[12] ^= SHA3.toLane(message, rr, ww, i + 12 * w); - SHA3.S[17] ^= SHA3.toLane(message, rr, ww, i + 13 * w); - SHA3.S[22] ^= SHA3.toLane(message, rr, ww, i + 14 * w); - SHA3.S[ 3] ^= SHA3.toLane(message, rr, ww, i + 15 * w); - SHA3.S[ 8] ^= SHA3.toLane(message, rr, ww, i + 16 * w); - SHA3.S[13] ^= SHA3.toLane(message, rr, ww, i + 17 * w); - SHA3.S[18] ^= SHA3.toLane(message, rr, ww, i + 18 * w); - SHA3.S[23] ^= SHA3.toLane(message, rr, ww, i + 19 * w); - SHA3.S[ 4] ^= SHA3.toLane(message, rr, ww, i + 20 * w); - SHA3.S[ 9] ^= SHA3.toLane(message, rr, ww, i + 21 * w); - SHA3.S[14] ^= SHA3.toLane(message, rr, ww, i + 22 * w); - SHA3.S[19] ^= SHA3.toLane(message, rr, ww, i + 23 * w); - SHA3.S[24] ^= SHA3.toLane(message, rr, ww, i + 24 * w); - SHA3.keccakF(SHA3.S); - } - - /* Squeezing phase */ - int olen = SHA3.n; - int j = 0; - int ni = Math.min(25, rr); - while (olen > 0) - { - int i = 0; - while ((i < ni) && (j < nn)) - { - long v = SHA3.S[(i % 5) * 5 + i / 5]; - for (int _ = 0; _ < ww; _++) - { - if (j < nn) - { - rc[ptr] = (byte)v; - ptr += 1; - } - v >>= 8; - j += 1; - } - i += 1; - } - olen -= SHA3.r; - if (olen > 0) - SHA3.keccakF(S); - } - return rc; - } - -} diff --git a/java/SHA3.java b/java/SHA3.java new file mode 100644 index 0000000..bb1daf9 --- /dev/null +++ b/java/SHA3.java @@ -0,0 +1,678 @@ +/** + * sha3sum – SHA-3 (Keccak) checksum calculator + * + * Copyright © 2013 Mattias Andrée (maandree@member.fsf.org) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + + +/** + * SHA-3/Keccak hash algorithm implementation + * + * @author Mattias Andrée maandree@member.fsf.org + */ +public class SHA3 +{ + private static String hex(long x) + { + String a = "00000000" + Long.toString((x >>> 32) & ((1L << 32) - 1), 16); + String b = "00000000" + Long.toString(x & ((1L << 32) - 1), 16); + a = a.substring(a.length() - 8); + b = b.substring(b.length() - 8); + return a + b; + } + /** + * Round contants + */ + private static final long[] RC = { + 0x0000000000000001L, 0x0000000000008082L, 0x800000000000808AL, 0x8000000080008000L, + 0x000000000000808BL, 0x0000000080000001L, 0x8000000080008081L, 0x8000000000008009L, + 0x000000000000008AL, 0x0000000000000088L, 0x0000000080008009L, 0x000000008000000AL, + 0x000000008000808BL, 0x800000000000008BL, 0x8000000000008089L, 0x8000000000008003L, + 0x8000000000008002L, 0x8000000000000080L, 0x000000000000800AL, 0x800000008000000AL, + 0x8000000080008081L, 0x8000000000008080L, 0x0000000080000001L, 0x8000000080008008L}; + + /** + * Keccak-f round temporary + */ + private static long[] B = new long[25]; + + /** + * Keccak-f round temporary + */ + private static long[] C = new long[5]; + + + /** + * The bitrate + */ + private static int r = 0; + + /** + * The capacity + */ + private static int c = 0; + + /** + * The output size + */ + private static int n = 0; + + /** + * The state size + */ + private static int b = 0; + + /** + * The word size + */ + private static int w = 0; + + /** + * The word mask + */ + private static long wmod = 0; + + /** + * ℓ, the binary logarithm of the word size + */ + private static int l = 0; + + /** + * 12 + 2ℓ, the number of rounds + */ + private static int nr = 0; + + + /** + * The current state + */ + private static long[] S = null; + + /** + * Left over water to fill the sponge with at next update + */ + private static byte[] M = null; + + /** + * Pointer for {@link #M} + */ + private static int mptr = 0; + + + + /** + * Hidden constructor + */ + private SHA3() + { + // Inhibit instansiation + } + + + + /** + * Rotate a word + * + * @param x The value to rotate + * @param n Rotation steps, may not be 0 + * @return The value rotated + */ + private static long rotate(long x, int n) + { + long m = n % SHA3.w; + return ((x >>> (SHA3.w - m)) + (x << m)) & SHA3.wmod; + } + + + /** + * Rotate a 64-bit word + * + * @param x The value to rotate + * @param n Rotation steps, may not be 0 + * @return The value rotated + */ + private static long rotate64(long x, int n) + { + return (x >>> (SHA3.w - n)) + (x << n); + } + + + /** + * Binary logarithm + * + * @param x The value of which to calculate the binary logarithm + * @return The binary logarithm + */ + private static int lb(int x) + { + return (((x & 0xFF00) == 0 ? 0 : 8) + + ((x & 0xF0F0) == 0 ? 0 : 4)) + + (((x & 0xCCCC) == 0 ? 0 : 2) + + ((x & 0xAAAA) == 0 ? 0 : 1)); + } + + /** + * Perform one round of computation + * + * @param A The current state + * @param rc Round constant + */ + private static void keccakFRound(long[] A, long rc) + { + if (SHA3.w == 64) + { + /* θ step (step 1 and 2 of 3) */ + SHA3.C[0] = (A[0] ^ A[1]) ^ (A[2] ^ A[3]) ^ A[4]; + SHA3.C[2] = (A[10] ^ A[11]) ^ (A[12] ^ A[13]) ^ A[14]; + long db = SHA3.C[0] ^ SHA3.rotate64(SHA3.C[2], 1); + SHA3.C[4] = (A[20] ^ A[21]) ^ (A[22] ^ A[23]) ^ A[24]; + long dd = SHA3.C[2] ^ SHA3.rotate64(SHA3.C[4], 1); + SHA3.C[1] = (A[5] ^ A[6]) ^ (A[7] ^ A[8]) ^ A[9]; + long da = SHA3.C[4] ^ SHA3.rotate64(SHA3.C[1], 1); + SHA3.C[3] = (A[15] ^ A[16]) ^ (A[17] ^ A[18]) ^ A[19]; + long dc = SHA3.C[1] ^ SHA3.rotate64(SHA3.C[3], 1); + long de = SHA3.C[3] ^ SHA3.rotate64(SHA3.C[0], 1); + + /* ρ and π steps, with last part of θ */ + SHA3.B[0] = A[0] ^ da; + SHA3.B[1] = SHA3.rotate64(A[15] ^ dd, 28); + SHA3.B[2] = SHA3.rotate64(A[5] ^ db, 1); + SHA3.B[3] = SHA3.rotate64(A[20] ^ de, 27); + SHA3.B[4] = SHA3.rotate64(A[10] ^ dc, 62); + + SHA3.B[5] = SHA3.rotate64(A[6] ^ db, 44); + SHA3.B[6] = SHA3.rotate64(A[21] ^ de, 20); + SHA3.B[7] = SHA3.rotate64(A[11] ^ dc, 6); + SHA3.B[8] = SHA3.rotate64(A[1] ^ da, 36); + SHA3.B[9] = SHA3.rotate64(A[16] ^ dd, 55); + + SHA3.B[10] = SHA3.rotate64(A[12] ^ dc, 43); + SHA3.B[11] = SHA3.rotate64(A[2] ^ da, 3); + SHA3.B[12] = SHA3.rotate64(A[17] ^ dd, 25); + SHA3.B[13] = SHA3.rotate64(A[7] ^ db, 10); + SHA3.B[14] = SHA3.rotate64(A[22] ^ de, 39); + + SHA3.B[15] = SHA3.rotate64(A[18] ^ dd, 21); + SHA3.B[16] = SHA3.rotate64(A[8] ^ db, 45); + SHA3.B[17] = SHA3.rotate64(A[23] ^ de, 8); + SHA3.B[18] = SHA3.rotate64(A[13] ^ dc, 15); + SHA3.B[19] = SHA3.rotate64(A[3] ^ da, 41); + + SHA3.B[20] = SHA3.rotate64(A[24] ^ de, 14); + SHA3.B[21] = SHA3.rotate64(A[14] ^ dc, 61); + SHA3.B[22] = SHA3.rotate64(A[4] ^ da, 18); + SHA3.B[23] = SHA3.rotate64(A[19] ^ dd, 56); + SHA3.B[24] = SHA3.rotate64(A[9] ^ db, 2); + } + else + { + /* θ step (step 1 and 2 of 3) */ + SHA3.C[0] = (A[0] ^ A[1]) ^ (A[2] ^ A[3]) ^ A[4]; + SHA3.C[2] = (A[10] ^ A[11]) ^ (A[12] ^ A[13]) ^ A[14]; + long db = SHA3.C[0] ^ SHA3.rotate(SHA3.C[2], 1); + SHA3.C[4] = (A[20] ^ A[21]) ^ (A[22] ^ A[23]) ^ A[24]; + long dd = SHA3.C[2] ^ SHA3.rotate(SHA3.C[4], 1); + SHA3.C[1] = (A[5] ^ A[6]) ^ (A[7] ^ A[8]) ^ A[9]; + long da = SHA3.C[4] ^ SHA3.rotate(SHA3.C[1], 1); + SHA3.C[3] = (A[15] ^ A[16]) ^ (A[17] ^ A[18]) ^ A[19]; + long dc = SHA3.C[1] ^ SHA3.rotate(SHA3.C[3], 1); + long de = SHA3.C[3] ^ SHA3.rotate(SHA3.C[0], 1); + + /*ρ and π steps, with last part of θ */ + SHA3.B[0] = A[0] ^ da; + SHA3.B[1] = SHA3.rotate(A[15] ^ dd, 28); + SHA3.B[2] = SHA3.rotate(A[5] ^ db, 1); + SHA3.B[3] = SHA3.rotate(A[20] ^ de, 27); + SHA3.B[4] = SHA3.rotate(A[10] ^ dc, 62); + + SHA3.B[5] = SHA3.rotate(A[6] ^ db, 44); + SHA3.B[6] = SHA3.rotate(A[21] ^ de, 20); + SHA3.B[7] = SHA3.rotate(A[11] ^ dc, 6); + SHA3.B[8] = SHA3.rotate(A[1] ^ da, 36); + SHA3.B[9] = SHA3.rotate(A[16] ^ dd, 55); + + SHA3.B[10] = SHA3.rotate(A[12] ^ dc, 43); + SHA3.B[11] = SHA3.rotate(A[2] ^ da, 3); + SHA3.B[12] = SHA3.rotate(A[17] ^ dd, 25); + SHA3.B[13] = SHA3.rotate(A[7] ^ db, 10); + SHA3.B[14] = SHA3.rotate(A[22] ^ de, 39); + + SHA3.B[15] = SHA3.rotate(A[18] ^ dd, 21); + SHA3.B[16] = SHA3.rotate(A[8] ^ db, 45); + SHA3.B[17] = SHA3.rotate(A[23] ^ de, 8); + SHA3.B[18] = SHA3.rotate(A[13] ^ dc, 15); + SHA3.B[19] = SHA3.rotate(A[3] ^ da, 41); + + SHA3.B[20] = SHA3.rotate(A[24] ^ de, 14); + SHA3.B[21] = SHA3.rotate(A[14] ^ dc, 61); + SHA3.B[22] = SHA3.rotate(A[4] ^ da, 18); + SHA3.B[23] = SHA3.rotate(A[19] ^ dd, 56); + SHA3.B[24] = SHA3.rotate(A[9] ^ db, 2); + } + + /* ξ step */ + A[0] = SHA3.B[0] ^ ((~(SHA3.B[5])) & SHA3.B[10]); + A[1] = SHA3.B[1] ^ ((~(SHA3.B[6])) & SHA3.B[11]); + A[2] = SHA3.B[2] ^ ((~(SHA3.B[7])) & SHA3.B[12]); + A[3] = SHA3.B[3] ^ ((~(SHA3.B[8])) & SHA3.B[13]); + A[4] = SHA3.B[4] ^ ((~(SHA3.B[9])) & SHA3.B[14]); + + A[5] = SHA3.B[5] ^ ((~(SHA3.B[10])) & SHA3.B[15]); + A[6] = SHA3.B[6] ^ ((~(SHA3.B[11])) & SHA3.B[16]); + A[7] = SHA3.B[7] ^ ((~(SHA3.B[12])) & SHA3.B[17]); + A[8] = SHA3.B[8] ^ ((~(SHA3.B[13])) & SHA3.B[18]); + A[9] = SHA3.B[9] ^ ((~(SHA3.B[14])) & SHA3.B[19]); + + A[10] = SHA3.B[10] ^ ((~(SHA3.B[15])) & SHA3.B[20]); + A[11] = SHA3.B[11] ^ ((~(SHA3.B[16])) & SHA3.B[21]); + A[12] = SHA3.B[12] ^ ((~(SHA3.B[17])) & SHA3.B[22]); + A[13] = SHA3.B[13] ^ ((~(SHA3.B[18])) & SHA3.B[23]); + A[14] = SHA3.B[14] ^ ((~(SHA3.B[19])) & SHA3.B[24]); + + A[15] = SHA3.B[15] ^ ((~(SHA3.B[20])) & SHA3.B[0]); + A[16] = SHA3.B[16] ^ ((~(SHA3.B[21])) & SHA3.B[1]); + A[17] = SHA3.B[17] ^ ((~(SHA3.B[22])) & SHA3.B[2]); + A[18] = SHA3.B[18] ^ ((~(SHA3.B[23])) & SHA3.B[3]); + A[19] = SHA3.B[19] ^ ((~(SHA3.B[24])) & SHA3.B[4]); + + A[20] = SHA3.B[20] ^ ((~(SHA3.B[0])) & SHA3.B[5]); + A[21] = SHA3.B[21] ^ ((~(SHA3.B[1])) & SHA3.B[6]); + A[22] = SHA3.B[22] ^ ((~(SHA3.B[2])) & SHA3.B[7]); + A[23] = SHA3.B[23] ^ ((~(SHA3.B[3])) & SHA3.B[8]); + A[24] = SHA3.B[24] ^ ((~(SHA3.B[4])) & SHA3.B[9]); + + /* ι step */ + A[0] ^= rc; + } + + + /** + * Perform Keccak-f function + * + * @param A The current state + */ + private static void keccakF(long[] A) + { + if (SHA3.nr == 24) + { + SHA3.keccakFRound(A, 0x0000000000000001L); + SHA3.keccakFRound(A, 0x0000000000008082L); + SHA3.keccakFRound(A, 0x800000000000808AL); + SHA3.keccakFRound(A, 0x8000000080008000L); + SHA3.keccakFRound(A, 0x000000000000808BL); + SHA3.keccakFRound(A, 0x0000000080000001L); + SHA3.keccakFRound(A, 0x8000000080008081L); + SHA3.keccakFRound(A, 0x8000000000008009L); + SHA3.keccakFRound(A, 0x000000000000008AL); + SHA3.keccakFRound(A, 0x0000000000000088L); + SHA3.keccakFRound(A, 0x0000000080008009L); + SHA3.keccakFRound(A, 0x000000008000000AL); + SHA3.keccakFRound(A, 0x000000008000808BL); + SHA3.keccakFRound(A, 0x800000000000008BL); + SHA3.keccakFRound(A, 0x8000000000008089L); + SHA3.keccakFRound(A, 0x8000000000008003L); + SHA3.keccakFRound(A, 0x8000000000008002L); + SHA3.keccakFRound(A, 0x8000000000000080L); + SHA3.keccakFRound(A, 0x000000000000800AL); + SHA3.keccakFRound(A, 0x800000008000000AL); + SHA3.keccakFRound(A, 0x8000000080008081L); + SHA3.keccakFRound(A, 0x8000000000008080L); + SHA3.keccakFRound(A, 0x0000000080000001L); + SHA3.keccakFRound(A, 0x8000000080008008L); + } + else + for (int i = 0; i < SHA3.nr; i++) + SHA3.keccakFRound(A, SHA3.RC[i] & SHA3.wmod); + } + + + /** + * Convert a chunk of byte:s to a word + * + * @param message The message + * @param rr Bitrate in bytes + * @param ww Word size in bytes + * @param off The offset in the message + * @return Lane + */ + private static long toLane(byte[] message, int rr, int ww, int off) + { + long rc = 0; + int n = Math.min(message.length, rr); + for (int i = off + ww - 1; i >= off; i--) + rc = (rc << 8) | ((i < n) ? (long)(message[i] & 255) : 0L); + return rc; + } + + + /** + * Convert a chunk of byte:s to a 64-bit word + * + * @param message The message + * @param rr Bitrate in bytes + * @param off The offset in the message + * @return Lane + */ + private static long toLane64(byte[] message, int rr, int off) + { + int n = Math.min(message.length, rr); + return ((off + 7 < n) ? ((long)(message[off + 7] & 255) << 56) : 0L) | + ((off + 6 < n) ? ((long)(message[off + 6] & 255) << 48) : 0L) | + ((off + 5 < n) ? ((long)(message[off + 5] & 255) << 40) : 0L) | + ((off + 4 < n) ? ((long)(message[off + 4] & 255) << 32) : 0L) | + ((off + 3 < n) ? ((long)(message[off + 3] & 255) << 24) : 0L) | + ((off + 2 < n) ? ((long)(message[off + 2] & 255) << 16) : 0L) | + ((off + 1 < n) ? ((long)(message[off + 1] & 255) << 8) : 0L) | + ((off < n) ? ((long)(message[off] & 255)) : 0L); + } + + + /** + * pad 10*1 + * + * @param msg The message to pad + * @parm len The length of the message + * @param r The bitrate + * @return The message padded + */ + private static byte[] pad10star1(byte[] msg, int len, int r) + { + int nrf = len >> 3; + int nbrf = len & 7; + int ll = len % r; + + byte b = (byte)(nbrf == 0 ? 1 : ((msg[nrf] >> (8 - nbrf)) | (1 << nbrf))); + + byte[] message; + if ((r - 8 <= ll) && (ll <= r - 2)) + { + message = new byte[len = nrf + 1]; + message[nrf] = (byte)(b ^ 128); + } + else + { + len = (nrf + 1) << 3; + len = ((len - (len % r) + (r - 8)) >> 3) + 1; + message = new byte[len]; + message[nrf] = b; + //for (long i = nrf + 1; i < len; i++) + // message[i + nrf] = 0; + message[len - 1] = -128; + } + for (int i = 0; i < nrf; i++) + message[i] = msg[i]; + + return message; + } + + + /** + * Initialise Keccak sponge + * + * @param r The bitrate + * @param c The capacity + * @param n The output size + */ + public static void initialise(int r, int c, int n) + { + SHA3.r = r; + SHA3.c = c; + SHA3.n = n; + SHA3.b = r + c; + SHA3.w = SHA3.b / 25; + SHA3.l = SHA3.lb(SHA3.w); + SHA3.nr = 12 + (SHA3.l << 1); + SHA3.wmod = (1L << SHA3.w) - 1L; + SHA3.S = new long[25]; + SHA3.M = new byte[(SHA3.r * SHA3.b) >> 2]; + SHA3.mptr = 0; + } + + + /** + * Absorb the more of the message message to the Keccak sponge + * + * @param msg The partial message + */ + public static void update(byte[] msg) + { + update(msg, msg.length); + } + + + /** + * Absorb the more of the message message to the Keccak sponge + * + * @param msg The partial message + * @param msglen The length of the partial message + */ + public static void update(byte[] msg, int msglen) + { + int rr = SHA3.r >> 3; + int ww = SHA3.w >> 3; + + if (SHA3.mptr + msglen > SHA3.M.length) + System.arraycopy(SHA3.M, 0, SHA3.M = new byte[(SHA3.M.length + msglen) << 1], 0, SHA3.mptr); + System.arraycopy(msg, 0, SHA3.M, SHA3.mptr, msglen); + int len = SHA3.mptr += msglen; + len -= len % ((SHA3.r * SHA3.b) >> 3); + byte[] message; + System.arraycopy(SHA3.M, 0, message = new byte[len], 0, len); + System.arraycopy(SHA3.M, len, SHA3.M, 0, SHA3.mptr -= len); + + /* Absorbing phase */ + if (ww == 8) + for (int i = 0; i < len; i += rr) + { + SHA3.S[ 0] ^= SHA3.toLane64(message, rr, i + 0); + SHA3.S[ 5] ^= SHA3.toLane64(message, rr, i + 8); + SHA3.S[10] ^= SHA3.toLane64(message, rr, i + 16); + SHA3.S[15] ^= SHA3.toLane64(message, rr, i + 24); + SHA3.S[20] ^= SHA3.toLane64(message, rr, i + 32); + SHA3.S[ 1] ^= SHA3.toLane64(message, rr, i + 40); + SHA3.S[ 6] ^= SHA3.toLane64(message, rr, i + 48); + SHA3.S[11] ^= SHA3.toLane64(message, rr, i + 56); + SHA3.S[16] ^= SHA3.toLane64(message, rr, i + 64); + SHA3.S[21] ^= SHA3.toLane64(message, rr, i + 72); + SHA3.S[ 2] ^= SHA3.toLane64(message, rr, i + 80); + SHA3.S[ 7] ^= SHA3.toLane64(message, rr, i + 88); + SHA3.S[12] ^= SHA3.toLane64(message, rr, i + 96); + SHA3.S[17] ^= SHA3.toLane64(message, rr, i + 104); + SHA3.S[22] ^= SHA3.toLane64(message, rr, i + 112); + SHA3.S[ 3] ^= SHA3.toLane64(message, rr, i + 120); + SHA3.S[ 8] ^= SHA3.toLane64(message, rr, i + 128); + SHA3.S[13] ^= SHA3.toLane64(message, rr, i + 136); + SHA3.S[18] ^= SHA3.toLane64(message, rr, i + 144); + SHA3.S[23] ^= SHA3.toLane64(message, rr, i + 152); + SHA3.S[ 4] ^= SHA3.toLane64(message, rr, i + 160); + SHA3.S[ 9] ^= SHA3.toLane64(message, rr, i + 168); + SHA3.S[14] ^= SHA3.toLane64(message, rr, i + 176); + SHA3.S[19] ^= SHA3.toLane64(message, rr, i + 184); + SHA3.S[24] ^= SHA3.toLane64(message, rr, i + 192); + SHA3.keccakF(SHA3.S); + } + else + for (int i = 0; i < len; i += rr) + { + SHA3.S[ 0] ^= SHA3.toLane(message, rr, ww, i + 0 ); + SHA3.S[ 5] ^= SHA3.toLane(message, rr, ww, i + w); + SHA3.S[10] ^= SHA3.toLane(message, rr, ww, i + 2 * w); + SHA3.S[15] ^= SHA3.toLane(message, rr, ww, i + 3 * w); + SHA3.S[20] ^= SHA3.toLane(message, rr, ww, i + 4 * w); + SHA3.S[ 1] ^= SHA3.toLane(message, rr, ww, i + 5 * w); + SHA3.S[ 6] ^= SHA3.toLane(message, rr, ww, i + 6 * w); + SHA3.S[11] ^= SHA3.toLane(message, rr, ww, i + 7 * w); + SHA3.S[16] ^= SHA3.toLane(message, rr, ww, i + 8 * w); + SHA3.S[21] ^= SHA3.toLane(message, rr, ww, i + 9 * w); + SHA3.S[ 2] ^= SHA3.toLane(message, rr, ww, i + 10 * w); + SHA3.S[ 7] ^= SHA3.toLane(message, rr, ww, i + 11 * w); + SHA3.S[12] ^= SHA3.toLane(message, rr, ww, i + 12 * w); + SHA3.S[17] ^= SHA3.toLane(message, rr, ww, i + 13 * w); + SHA3.S[22] ^= SHA3.toLane(message, rr, ww, i + 14 * w); + SHA3.S[ 3] ^= SHA3.toLane(message, rr, ww, i + 15 * w); + SHA3.S[ 8] ^= SHA3.toLane(message, rr, ww, i + 16 * w); + SHA3.S[13] ^= SHA3.toLane(message, rr, ww, i + 17 * w); + SHA3.S[18] ^= SHA3.toLane(message, rr, ww, i + 18 * w); + SHA3.S[23] ^= SHA3.toLane(message, rr, ww, i + 19 * w); + SHA3.S[ 4] ^= SHA3.toLane(message, rr, ww, i + 20 * w); + SHA3.S[ 9] ^= SHA3.toLane(message, rr, ww, i + 21 * w); + SHA3.S[14] ^= SHA3.toLane(message, rr, ww, i + 22 * w); + SHA3.S[19] ^= SHA3.toLane(message, rr, ww, i + 23 * w); + SHA3.S[24] ^= SHA3.toLane(message, rr, ww, i + 24 * w); + SHA3.keccakF(SHA3.S); + } + } + + + /** + * Squeeze the Keccak sponge + */ + public static byte[] digest() + { + return digest(null); + } + + + /** + * Absorb the last part of the message and squeeze the Keccak sponge + * + * @param msg The rest of the message + */ + public static byte[] digest(byte[] msg) + { + return digest(msg, msg == null ? 0 : msg.length); + } + + + /** + * Absorb the last part of the message and squeeze the Keccak sponge + * + * @param msg The rest of the message + * @param msglen The length of the partial message + */ + public static byte[] digest(byte[] msg, int msglen) + { + byte[] message; + if ((msg == null) || (msglen == 0)) + message = SHA3.pad10star1(SHA3.M, SHA3.mptr, SHA3.r); + else + { + if (SHA3.mptr + msglen > SHA3.M.length) + System.arraycopy(SHA3.M, 0, SHA3.M = new byte[SHA3.M.length + msglen], 0, SHA3.mptr); + System.arraycopy(msg, 0, SHA3.M, SHA3.mptr, msglen); + message = SHA3.pad10star1(SHA3.M, SHA3.mptr + msglen, SHA3.r); + } + SHA3.M = null; + int len = message.length; + byte[] rc = new byte[(SHA3.n + 7) >> 3]; + int ptr = 0; + + int rr = SHA3.r >> 3; + int nn = SHA3.n >> 3; + int ww = SHA3.w >> 3; + + /* Absorbing phase */ + if (ww == 8) + for (int i = 0; i < len; i += rr) + { + SHA3.S[ 0] ^= SHA3.toLane64(message, rr, i + 0); + SHA3.S[ 5] ^= SHA3.toLane64(message, rr, i + 8); + SHA3.S[10] ^= SHA3.toLane64(message, rr, i + 16); + SHA3.S[15] ^= SHA3.toLane64(message, rr, i + 24); + SHA3.S[20] ^= SHA3.toLane64(message, rr, i + 32); + SHA3.S[ 1] ^= SHA3.toLane64(message, rr, i + 40); + SHA3.S[ 6] ^= SHA3.toLane64(message, rr, i + 48); + SHA3.S[11] ^= SHA3.toLane64(message, rr, i + 56); + SHA3.S[16] ^= SHA3.toLane64(message, rr, i + 64); + SHA3.S[21] ^= SHA3.toLane64(message, rr, i + 72); + SHA3.S[ 2] ^= SHA3.toLane64(message, rr, i + 80); + SHA3.S[ 7] ^= SHA3.toLane64(message, rr, i + 88); + SHA3.S[12] ^= SHA3.toLane64(message, rr, i + 96); + SHA3.S[17] ^= SHA3.toLane64(message, rr, i + 104); + SHA3.S[22] ^= SHA3.toLane64(message, rr, i + 112); + SHA3.S[ 3] ^= SHA3.toLane64(message, rr, i + 120); + SHA3.S[ 8] ^= SHA3.toLane64(message, rr, i + 128); + SHA3.S[13] ^= SHA3.toLane64(message, rr, i + 136); + SHA3.S[18] ^= SHA3.toLane64(message, rr, i + 144); + SHA3.S[23] ^= SHA3.toLane64(message, rr, i + 152); + SHA3.S[ 4] ^= SHA3.toLane64(message, rr, i + 160); + SHA3.S[ 9] ^= SHA3.toLane64(message, rr, i + 168); + SHA3.S[14] ^= SHA3.toLane64(message, rr, i + 176); + SHA3.S[19] ^= SHA3.toLane64(message, rr, i + 184); + SHA3.S[24] ^= SHA3.toLane64(message, rr, i + 192); + SHA3.keccakF(SHA3.S); + } + else + for (int i = 0; i < len; i += rr) + { + SHA3.S[ 0] ^= SHA3.toLane(message, rr, ww, i + 0 ); + SHA3.S[ 5] ^= SHA3.toLane(message, rr, ww, i + w); + SHA3.S[10] ^= SHA3.toLane(message, rr, ww, i + 2 * w); + SHA3.S[15] ^= SHA3.toLane(message, rr, ww, i + 3 * w); + SHA3.S[20] ^= SHA3.toLane(message, rr, ww, i + 4 * w); + SHA3.S[ 1] ^= SHA3.toLane(message, rr, ww, i + 5 * w); + SHA3.S[ 6] ^= SHA3.toLane(message, rr, ww, i + 6 * w); + SHA3.S[11] ^= SHA3.toLane(message, rr, ww, i + 7 * w); + SHA3.S[16] ^= SHA3.toLane(message, rr, ww, i + 8 * w); + SHA3.S[21] ^= SHA3.toLane(message, rr, ww, i + 9 * w); + SHA3.S[ 2] ^= SHA3.toLane(message, rr, ww, i + 10 * w); + SHA3.S[ 7] ^= SHA3.toLane(message, rr, ww, i + 11 * w); + SHA3.S[12] ^= SHA3.toLane(message, rr, ww, i + 12 * w); + SHA3.S[17] ^= SHA3.toLane(message, rr, ww, i + 13 * w); + SHA3.S[22] ^= SHA3.toLane(message, rr, ww, i + 14 * w); + SHA3.S[ 3] ^= SHA3.toLane(message, rr, ww, i + 15 * w); + SHA3.S[ 8] ^= SHA3.toLane(message, rr, ww, i + 16 * w); + SHA3.S[13] ^= SHA3.toLane(message, rr, ww, i + 17 * w); + SHA3.S[18] ^= SHA3.toLane(message, rr, ww, i + 18 * w); + SHA3.S[23] ^= SHA3.toLane(message, rr, ww, i + 19 * w); + SHA3.S[ 4] ^= SHA3.toLane(message, rr, ww, i + 20 * w); + SHA3.S[ 9] ^= SHA3.toLane(message, rr, ww, i + 21 * w); + SHA3.S[14] ^= SHA3.toLane(message, rr, ww, i + 22 * w); + SHA3.S[19] ^= SHA3.toLane(message, rr, ww, i + 23 * w); + SHA3.S[24] ^= SHA3.toLane(message, rr, ww, i + 24 * w); + SHA3.keccakF(SHA3.S); + } + + /* Squeezing phase */ + int olen = SHA3.n; + int j = 0; + int ni = Math.min(25, rr); + while (olen > 0) + { + int i = 0; + while ((i < ni) && (j < nn)) + { + long v = SHA3.S[(i % 5) * 5 + i / 5]; + for (int _ = 0; _ < ww; _++) + { + if (j < nn) + { + rc[ptr] = (byte)v; + ptr += 1; + } + v >>= 8; + j += 1; + } + i += 1; + } + olen -= SHA3.r; + if (olen > 0) + SHA3.keccakF(S); + } + return rc; + } + +} diff --git a/java/sha3sum.java b/java/sha3sum.java new file mode 100644 index 0000000..6a122ff --- /dev/null +++ b/java/sha3sum.java @@ -0,0 +1,257 @@ +/** + * sha3sum – SHA-3 (Keccak) checksum calculator + * + * Copyright © 2013 Mattias Andrée (maandree@member.fsf.org) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +import java.io.*; +import java.util.*; + + +/** + * SHA-3/Keccak chechsum calculator + * + * @author Mattias Andrée maandree@member.fsf.org + */ +public class sha3sum +{ + /** + * This is the main entry point of the program + * + * @param argv Command line arguments + * @throws IOException On I/O error (such as broken pipes) + */ + public static void main(String[] argv) throws IOException + { + String cmd, _cmd = cmd = ""; //FIXME /proc/self/cmdline split ^@ [0] + if (cmd.indexOf('/') >= 0) + cmd = cmd.substring(cmd.lastIndexOf('/') + 1); + if (cmd.endsWith(".jar")) + cmd = cmd.substring(0, cmd.length() - 3); + cmd = cmd.intern(); + + int _o, o = _o = 512; /* --outputsize */ + if (cmd == "sha3-224sum") o = _o = 224; + else if (cmd == "sha3-256sum") o = _o = 256; + else if (cmd == "sha3-384sum") o = _o = 384; + else if (cmd == "sha3-512sum") o = _o = 512; + int _s, s = _s = 1600; /* --statesiz e */ + int _r, r = _r = s - (o << 1); /* --bitrate */ + int _c, c = _c = s - r; /* --capacity */ + int _w, w = _w = s / 25; /* --wordsize */ + int _i, i = _i = 1; /* --iterations */ + boolean binary = false; + + String[] files = new String[argv.length + 1]; + int fptr = 0; + boolean dashed = false; + String[] linger = null; + + String[] args = new String[argv.length + 1]; + System.arraycopy(argv, 0, args, 0, argv.length); + for (int a = 0, an = args.length; a < an; a++) + { String arg = args[a]; + arg = arg == null ? null : arg.intern(); + if (linger != null) + { + linger[0] = linger[0].intern(); + if ((linger[0] == "-h") || (linger[0] == "--help")) + { + System.out.println("SHA-3/Keccak checksum calculator"); + System.out.println(""); + System.out.println("USAGE: sha3sum [option...] < file"); + System.out.println(" sha3sum [option...] file..."); + System.out.println(""); + System.out.println(""); + System.out.println("OPTIONS:"); + System.out.println(" -r BITRATE"); + System.out.println(" --bitrate The bitrate to use for SHA-3. (default: " + _r + ")"); + System.out.println(" "); + System.out.println(" -c CAPACITY"); + System.out.println(" --capacity The capacity to use for SHA-3. (default: " + _c + ")"); + System.out.println(" "); + System.out.println(" -w WORDSIZE"); + System.out.println(" --wordsize The word size to use for SHA-3. (default: " + _w + ")"); + System.out.println(" "); + System.out.println(" -o OUTPUTSIZE"); + System.out.println(" --outputsize The output size to use for SHA-3. (default: " + _o + ")"); + System.out.println(" "); + System.out.println(" -s STATESIZE"); + System.out.println(" --statesize The state size to use for SHA-3. (default: " + _s + ")"); + System.out.println(" "); + System.out.println(" -i ITERATIONS"); + System.out.println(" --iterations The number of hash iterations to run. (default: " + _i + ")"); + System.out.println(" "); + System.out.println(" -b"); + System.out.println(" --binary Print the checksum in binary, rather than hexadecimal."); + System.out.println(""); + System.out.println(""); + System.out.println("COPYRIGHT:"); + System.out.println(""); + System.out.println("Copyright © 2013 Mattias Andrée (maandree@member.fsf.org)"); + System.out.println(""); + System.out.println("This program is free software: you can redistribute it and/or modify"); + System.out.println("it under the terms of the GNU General Public License as published by"); + System.out.println("the Free Software Foundation, either version 3 of the License, or"); + System.out.println("(at your option) any later version."); + System.out.println(""); + System.out.println("This program is distributed in the hope that it will be useful,"); + System.out.println("but WITHOUT ANY WARRANTY; without even the implied warranty of"); + System.out.println("MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the"); + System.out.println("GNU General Public License for more details."); + System.out.println(""); + System.out.println("You should have received a copy of the GNU General Public License"); + System.out.println("along with this program. If not, see ."); + System.exit(2); + } + else + { + if (linger[1] == null) + { + linger[1] = arg; + arg = null; + } + if ((linger[0] == "-r") || (linger[0] == "--bitrate")) + o = (s - (r = Integer.parseInt(linger[1]))) >> 1; + else if ((linger[0] == "-c") || (linger[0] == "--capacity")) + r = s - (c = Integer.parseInt(linger[1])); + else if ((linger[0] == "-w") || (linger[0] == "--wordsize")) + s = (w = Integer.parseInt(linger[1])) * 25; + else if ((linger[0] == "-o") || (linger[0] == "--outputsize")) + r = s - ((o = Integer.parseInt(linger[1])) << 1); + else if ((linger[0] == "-s") || (linger[0] == "--statesize")) + r = (s = Integer.parseInt(linger[1])) - (o << 1); + else if ((linger[0] == "-i") || (linger[0] == "--iterations")) + i = Integer.parseInt(linger[1]); + else + { + System.err.println(_cmd + ": unrecognised option: " + linger[0]); + System.exit(1); + } + } + linger = null; + if (arg == null) + continue; + } + if (arg == null) + continue; + if (dashed) + files[fptr++] = arg == "-" ? null : arg; + else if (arg == "--") + dashed = true; + else if (arg == "-") + files[fptr++] = null; + else if (arg.startsWith("--")) + if (arg.indexOf('=') >= 0) + linger = new String[] { arg.substring(0, arg.indexOf('=')), arg.substring(arg.indexOf('=') + 1) }; + else + if (arg == "--binary") + binary = true; + else + linger = new String[] { arg, null }; + else if (arg.startsWith("-")) + { + arg = arg.substring(1); + if (arg.charAt(0) == 'b') + { + binary = true; + arg = arg.substring(1); + } + else if (arg.length() == 1) + linger = new String[] { "-" + arg, null }; + else + linger = new String[] { "-" + arg.charAt(0), arg.substring(1) }; + } + else + files[fptr++] = arg; + } + + if (fptr == 0) + files[fptr++] = null; + if (i < 1) + { + System.err.println(_cmd + ": sorry, I will only do at least one iteration!\n"); + System.exit(3); + } + + byte[] stdin = null; + boolean fail = false; + String filename; + + for (int f = 0; f < fptr; f++) + { if (((filename = files[f]) == null) && (stdin != null)) + { System.out.write(stdin); + continue; + } + String rc = ""; + String fn = filename == null ? "/dev/stdin" : filename; + InputStream file = null; + try + { + file = new FileInputStream(fn); + SHA3.initialise(r, c, o); + int blksize = 4096; /** XXX os.stat(os.path.realpath(fn)).st_size; **/ + byte[] chunk = new byte[blksize]; + for (;;) + { + int read = file.read(chunk, 0, blksize); + if (read <= 0) + break; + SHA3.update(chunk, read); + } + byte[] bs = SHA3.digest(); + for (int _ = 1; _ < i; _++) + { + SHA3.initialise(r, c, o); + bs = SHA3.digest(bs); + } + if (binary) + { if (filename == null) + stdin = bs; + System.out.write(bs); + System.out.flush(); + } + else + { for (int b = 0, bn = bs.length; b < bn; b++) + { rc += "0123456789ABCDEF".charAt((bs[b] >> 4) & 15); + rc += "0123456789ABCDEF".charAt(bs[b] & 15); + } + rc += " " + (filename == null ? "-" : filename) + "\n"; + if (filename == null) + stdin = rc.getBytes("UTF-8"); + System.out.print(rc); + System.out.flush(); + } + } + catch (final IOException err) + { System.err.println(_cmd + ": Cannot read file: " + filename + ": " + err); + fail = true; + } + finally + { if (file != null) + try + { file.close(); + } + catch (final Throwable ignore) + { //ignore + } } } + + System.out.flush(); + if (fail) + System.exit(5); + } +} + diff --git a/python3/sha3sum.py b/python3/sha3sum.py new file mode 100755 index 0000000..f7e297a --- /dev/null +++ b/python3/sha3sum.py @@ -0,0 +1,726 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- +''' +sha3sum – SHA-3 (Keccak) checksum calculator + +Copyright © 2013 Mattias Andrée (maandree@member.fsf.org) + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see . +''' + +import sys +import os + + +class SHA3: + ''' + SHA-3/Keccak hash algorithm implementation + + @author Mattias Andrée (maandree@member.fsf.org) + ''' + + + RC=[0x0000000000000001, 0x0000000000008082, 0x800000000000808A, 0x8000000080008000, + 0x000000000000808B, 0x0000000080000001, 0x8000000080008081, 0x8000000000008009, + 0x000000000000008A, 0x0000000000000088, 0x0000000080008009, 0x000000008000000A, + 0x000000008000808B, 0x800000000000008B, 0x8000000000008089, 0x8000000000008003, + 0x8000000000008002, 0x8000000000000080, 0x000000000000800A, 0x800000008000000A, + 0x8000000080008081, 0x8000000000008080, 0x0000000080000001, 0x8000000080008008] + ''' + :list Round contants + ''' + + B = [0] * 25 + ''' + :list Keccak-f round temporary + ''' + + C = [0] * 5 + ''' + :list Keccak-f round temporary + ''' + + + (r, c, n, b, w, wmod, l, nr) = (0, 0, 0, 0, 0, 0, 0, 0) + ''' + r:int The bitrate + c:int The capacity + n:int The output size + b:int The state size + w:int The word size + wmod:int The word mask + l:int ℓ, the binary logarithm of the word size + nr:int 12 + 2ℓ, the number of rounds + ''' + + S = None + ''' + :list The current state + ''' + + M = None + ''' + :bytes Left over water to fill the sponge with at next update + ''' + + + + @staticmethod + def rotate(x, n): + ''' + Rotate a word + + @param x:int The value to rotate + @param n:int Rotation steps + @return :int The value rotated + ''' + m = n % SHA3.w + return ((x >> (SHA3.w - m)) + (x << m)) & SHA3.wmod + + + @staticmethod + def rotate64(x, n): + ''' + Rotate a 64-bit word + + @param x:int The value to rotate + @param n:int Rotation steps + @return :int The value rotated + ''' + return ((x >> (SHA3.w - n)) + (x << n)) & 0xFFFFFFFFFFFFFFFF + + + @staticmethod + def lb(x): + ''' + Binary logarithm + + @param x:int The value of which to calculate the binary logarithm + @return :int The binary logarithm + ''' + return ((0 if (x & 0xFF00) == 0 else 8) + (0 if (x & 0xF0F0) == 0 else 4)) + ((0 if (x & 0xCCCC) == 0 else 2) + (0 if (x & 0xAAAA) == 0 else 1)) + + + @staticmethod + def keccakFRound(A, rc): + ''' + Perform one round of computation + + @param A:list The current state + @param rc:int Round constant + ''' + if SHA3.w == 64: + # θ step (step 1 and 2 of 3) + SHA3.C[0] = (A[0] ^ A[1]) ^ (A[2] ^ A[3]) ^ A[4] + SHA3.C[2] = (A[10] ^ A[11]) ^ (A[12] ^ A[13]) ^ A[14] + db = SHA3.C[0] ^ SHA3.rotate64(SHA3.C[2], 1) + SHA3.C[4] = (A[20] ^ A[21]) ^ (A[22] ^ A[23]) ^ A[24] + dd = SHA3.C[2] ^ SHA3.rotate64(SHA3.C[4], 1) + SHA3.C[1] = (A[5] ^ A[6]) ^ (A[7] ^ A[8]) ^ A[9] + da = SHA3.C[4] ^ SHA3.rotate64(SHA3.C[1], 1) + SHA3.C[3] = (A[15] ^ A[16]) ^ (A[17] ^ A[18]) ^ A[19] + dc = SHA3.C[1] ^ SHA3.rotate64(SHA3.C[3], 1) + de = SHA3.C[3] ^ SHA3.rotate64(SHA3.C[0], 1) + + # ρ and π steps, with last part of θ + SHA3.B[0] = SHA3.rotate64(A[0] ^ da, 0) + SHA3.B[1] = SHA3.rotate64(A[15] ^ dd, 28) + SHA3.B[2] = SHA3.rotate64(A[5] ^ db, 1) + SHA3.B[3] = SHA3.rotate64(A[20] ^ de, 27) + SHA3.B[4] = SHA3.rotate64(A[10] ^ dc, 62) + + SHA3.B[5] = SHA3.rotate64(A[6] ^ db, 44) + SHA3.B[6] = SHA3.rotate64(A[21] ^ de, 20) + SHA3.B[7] = SHA3.rotate64(A[11] ^ dc, 6) + SHA3.B[8] = SHA3.rotate64(A[1] ^ da, 36) + SHA3.B[9] = SHA3.rotate64(A[16] ^ dd, 55) + + SHA3.B[10] = SHA3.rotate64(A[12] ^ dc, 43) + SHA3.B[11] = SHA3.rotate64(A[2] ^ da, 3) + SHA3.B[12] = SHA3.rotate64(A[17] ^ dd, 25) + SHA3.B[13] = SHA3.rotate64(A[7] ^ db, 10) + SHA3.B[14] = SHA3.rotate64(A[22] ^ de, 39) + + SHA3.B[15] = SHA3.rotate64(A[18] ^ dd, 21) + SHA3.B[16] = SHA3.rotate64(A[8] ^ db, 45) + SHA3.B[17] = SHA3.rotate64(A[23] ^ de, 8) + SHA3.B[18] = SHA3.rotate64(A[13] ^ dc, 15) + SHA3.B[19] = SHA3.rotate64(A[3] ^ da, 41) + + SHA3.B[20] = SHA3.rotate64(A[24] ^ de, 14) + SHA3.B[21] = SHA3.rotate64(A[14] ^ dc, 61) + SHA3.B[22] = SHA3.rotate64(A[4] ^ da, 18) + SHA3.B[23] = SHA3.rotate64(A[19] ^ dd, 56) + SHA3.B[24] = SHA3.rotate64(A[9] ^ db, 2) + else: + # θ step (step 1 and 2 of 3) + SHA3.C[0] = (A[0] ^ A[1]) ^ (A[2] ^ A[3]) ^ A[4] + SHA3.C[2] = (A[10] ^ A[11]) ^ (A[12] ^ A[13]) ^ A[14] + db = SHA3.C[0] ^ SHA3.rotate(SHA3.C[2], 1) + SHA3.C[4] = (A[20] ^ A[21]) ^ (A[22] ^ A[23]) ^ A[24] + dd = SHA3.C[2] ^ SHA3.rotate(SHA3.C[4], 1) + SHA3.C[1] = (A[5] ^ A[6]) ^ (A[7] ^ A[8]) ^ A[9] + da = SHA3.C[4] ^ SHA3.rotate(SHA3.C[1], 1) + SHA3.C[3] = (A[15] ^ A[16]) ^ (A[17] ^ A[18]) ^ A[19] + dc = SHA3.C[1] ^ SHA3.rotate(SHA3.C[3], 1) + de = SHA3.C[3] ^ SHA3.rotate(SHA3.C[0], 1) + + # ρ and π steps, with last part of θ + SHA3.B[0] = SHA3.rotate(A[0] ^ da, 0) + SHA3.B[1] = SHA3.rotate(A[15] ^ dd, 28) + SHA3.B[2] = SHA3.rotate(A[5] ^ db, 1) + SHA3.B[3] = SHA3.rotate(A[20] ^ de, 27) + SHA3.B[4] = SHA3.rotate(A[10] ^ dc, 62) + + SHA3.B[5] = SHA3.rotate(A[6] ^ db, 44) + SHA3.B[6] = SHA3.rotate(A[21] ^ de, 20) + SHA3.B[7] = SHA3.rotate(A[11] ^ dc, 6) + SHA3.B[8] = SHA3.rotate(A[1] ^ da, 36) + SHA3.B[9] = SHA3.rotate(A[16] ^ dd, 55) + + SHA3.B[10] = SHA3.rotate(A[12] ^ dc, 43) + SHA3.B[11] = SHA3.rotate(A[2] ^ da, 3) + SHA3.B[12] = SHA3.rotate(A[17] ^ dd, 25) + SHA3.B[13] = SHA3.rotate(A[7] ^ db, 10) + SHA3.B[14] = SHA3.rotate(A[22] ^ de, 39) + + SHA3.B[15] = SHA3.rotate(A[18] ^ dd, 21) + SHA3.B[16] = SHA3.rotate(A[8] ^ db, 45) + SHA3.B[17] = SHA3.rotate(A[23] ^ de, 8) + SHA3.B[18] = SHA3.rotate(A[13] ^ dc, 15) + SHA3.B[19] = SHA3.rotate(A[3] ^ da, 41) + + SHA3.B[20] = SHA3.rotate(A[24] ^ de, 14) + SHA3.B[21] = SHA3.rotate(A[14] ^ dc, 61) + SHA3.B[22] = SHA3.rotate(A[4] ^ da, 18) + SHA3.B[23] = SHA3.rotate(A[19] ^ dd, 56) + SHA3.B[24] = SHA3.rotate(A[9] ^ db, 2) + + # ξ step + A[0] = SHA3.B[0] ^ ((~(SHA3.B[5])) & SHA3.B[10]) + A[1] = SHA3.B[1] ^ ((~(SHA3.B[6])) & SHA3.B[11]) + A[2] = SHA3.B[2] ^ ((~(SHA3.B[7])) & SHA3.B[12]) + A[3] = SHA3.B[3] ^ ((~(SHA3.B[8])) & SHA3.B[13]) + A[4] = SHA3.B[4] ^ ((~(SHA3.B[9])) & SHA3.B[14]) + + A[5] = SHA3.B[5] ^ ((~(SHA3.B[10])) & SHA3.B[15]) + A[6] = SHA3.B[6] ^ ((~(SHA3.B[11])) & SHA3.B[16]) + A[7] = SHA3.B[7] ^ ((~(SHA3.B[12])) & SHA3.B[17]) + A[8] = SHA3.B[8] ^ ((~(SHA3.B[13])) & SHA3.B[18]) + A[9] = SHA3.B[9] ^ ((~(SHA3.B[14])) & SHA3.B[19]) + + A[10] = SHA3.B[10] ^ ((~(SHA3.B[15])) & SHA3.B[20]) + A[11] = SHA3.B[11] ^ ((~(SHA3.B[16])) & SHA3.B[21]) + A[12] = SHA3.B[12] ^ ((~(SHA3.B[17])) & SHA3.B[22]) + A[13] = SHA3.B[13] ^ ((~(SHA3.B[18])) & SHA3.B[23]) + A[14] = SHA3.B[14] ^ ((~(SHA3.B[19])) & SHA3.B[24]) + + A[15] = SHA3.B[15] ^ ((~(SHA3.B[20])) & SHA3.B[0]) + A[16] = SHA3.B[16] ^ ((~(SHA3.B[21])) & SHA3.B[1]) + A[17] = SHA3.B[17] ^ ((~(SHA3.B[22])) & SHA3.B[2]) + A[18] = SHA3.B[18] ^ ((~(SHA3.B[23])) & SHA3.B[3]) + A[19] = SHA3.B[19] ^ ((~(SHA3.B[24])) & SHA3.B[4]) + + A[20] = SHA3.B[20] ^ ((~(SHA3.B[0])) & SHA3.B[5]) + A[21] = SHA3.B[21] ^ ((~(SHA3.B[1])) & SHA3.B[6]) + A[22] = SHA3.B[22] ^ ((~(SHA3.B[2])) & SHA3.B[7]) + A[23] = SHA3.B[23] ^ ((~(SHA3.B[3])) & SHA3.B[8]) + A[24] = SHA3.B[24] ^ ((~(SHA3.B[4])) & SHA3.B[9]) + + # ι step + A[0] ^= rc + + + @staticmethod + def keccakF(A): + ''' + Perform Keccak-f function + + @param A:list The current state + ''' + if (SHA3.nr == 24): + SHA3.keccakFRound(A, 0x0000000000000001) + SHA3.keccakFRound(A, 0x0000000000008082) + SHA3.keccakFRound(A, 0x800000000000808A) + SHA3.keccakFRound(A, 0x8000000080008000) + SHA3.keccakFRound(A, 0x000000000000808B) + SHA3.keccakFRound(A, 0x0000000080000001) + SHA3.keccakFRound(A, 0x8000000080008081) + SHA3.keccakFRound(A, 0x8000000000008009) + SHA3.keccakFRound(A, 0x000000000000008A) + SHA3.keccakFRound(A, 0x0000000000000088) + SHA3.keccakFRound(A, 0x0000000080008009) + SHA3.keccakFRound(A, 0x000000008000000A) + SHA3.keccakFRound(A, 0x000000008000808B) + SHA3.keccakFRound(A, 0x800000000000008B) + SHA3.keccakFRound(A, 0x8000000000008089) + SHA3.keccakFRound(A, 0x8000000000008003) + SHA3.keccakFRound(A, 0x8000000000008002) + SHA3.keccakFRound(A, 0x8000000000000080) + SHA3.keccakFRound(A, 0x000000000000800A) + SHA3.keccakFRound(A, 0x800000008000000A) + SHA3.keccakFRound(A, 0x8000000080008081) + SHA3.keccakFRound(A, 0x8000000000008080) + SHA3.keccakFRound(A, 0x0000000080000001) + SHA3.keccakFRound(A, 0x8000000080008008) + else: + for i in range(SHA3.nr): + SHA3.keccakFRound(A, SHA3.RC[i] & SHA3.wmod) + + + @staticmethod + def toLane(message, rr, ww, off): + ''' + Convert a chunk of char:s to a word + + @param message:bytes The message + @param rr:int Bitrate in bytes + @param ww:int Word size in bytes + @param off:int The offset in the message + @return :int Lane + ''' + rc = 0 + i = off + ww - 1 + n = min(len(message), rr) + while i >= off: + rc = (rc << 8) | (message[i] if (i < n) else 0) + i -= 1 + return rc + + + @staticmethod + def toLane64(message, rr, off): + ''' + Convert a chunk of char:s to a 64-bit word + + @param message:bytes The message + @param rr:int Bitrate in bytes + @param off:int The offset in the message + @return :int Lane + ''' + rc = 0 + n = min(len(message), rr) + + return ((message[off + 7] << 56) if (off + 7 < n) else 0) | ((message[off + 6] << 48) if (off + 6 < n) else 0) | ((message[off + 5] << 40) if (off + 5 < n) else 0) | ((message[off + 4] << 32) if (off + 4 < n) else 0) | ((message[off + 3] << 24) if (off + 3 < n) else 0) | ((message[off + 2] << 16) if (off + 2 < n) else 0) | ((message[off + 1] << 8) if (off + 1 < n) else 0) | ((message[off]) if (off < n) else 0) + + + @staticmethod + def pad10star1(msg, r): + ''' + pad 10*1 + + @param msg:bytes The message to pad + @param r:int The bitrate + @return :str The message padded + ''' + nnn = len(msg) + + nrf = nnn >> 3 + nbrf = nnn & 7 + ll = nnn % r + + bbbb = 1 if nbrf == 0 else ((msg[nrf] >> (8 - nbrf)) | (1 << nbrf)) + + message = None + if ((r - 8 <= ll) and (ll <= r - 2)): + message = [bbbb ^ 128] + else: + nnn = (nrf + 1) << 3 + nnn = ((nnn - (nnn % r) + (r - 8)) >> 3) + 1 + message = [0] * (nnn - nrf) + message[0] = bbbb + nnn -= nrf + #for i in range(1, nnn): + # message[i] = 0 + message[nnn - 1] = 0x80 + + return msg[:nrf] + bytes(message) + + + @staticmethod + def initialise(r, c, n): + ''' + Initialise Keccak sponge + + @param r:int The bitrate + @param c:int The capacity + @param n:int The output size + ''' + SHA3.r = r + SHA3.c = c + SHA3.n = n + SHA3.b = r + c + SHA3.w = SHA3.b // 25 + SHA3.l = SHA3.lb(SHA3.w) + SHA3.nr = 12 + (SHA3.l << 1) + SHA3.wmod = (1 << SHA3.w) - 1 + SHA3.S = [0] * 25 + SHA3.M = bytes([]) + + + @staticmethod + def update(msg): + ''' + Absorb the more of the message message to the Keccak sponge + + @param msg:bytes The partial message + ''' + rr = SHA3.r >> 3 + ww = SHA3.w >> 3 + + SHA3.M += msg + nnn = len(SHA3.M) + nnn -= nnn % ((SHA3.r * SHA3.b) >> 3) + message = SHA3.M[:nnn] + SHA3.M = SHA3.M[nnn:] + + # Absorbing phase + if ww == 8: + for i in range(0, nnn, rr): + SHA3.S[ 0] ^= SHA3.toLane64(message, rr, 0) + SHA3.S[ 5] ^= SHA3.toLane64(message, rr, 8) + SHA3.S[10] ^= SHA3.toLane64(message, rr, 16) + SHA3.S[15] ^= SHA3.toLane64(message, rr, 24) + SHA3.S[20] ^= SHA3.toLane64(message, rr, 32) + SHA3.S[ 1] ^= SHA3.toLane64(message, rr, 40) + SHA3.S[ 6] ^= SHA3.toLane64(message, rr, 48) + SHA3.S[11] ^= SHA3.toLane64(message, rr, 56) + SHA3.S[16] ^= SHA3.toLane64(message, rr, 64) + SHA3.S[21] ^= SHA3.toLane64(message, rr, 72) + SHA3.S[ 2] ^= SHA3.toLane64(message, rr, 80) + SHA3.S[ 7] ^= SHA3.toLane64(message, rr, 88) + SHA3.S[12] ^= SHA3.toLane64(message, rr, 96) + SHA3.S[17] ^= SHA3.toLane64(message, rr, 104) + SHA3.S[22] ^= SHA3.toLane64(message, rr, 112) + SHA3.S[ 3] ^= SHA3.toLane64(message, rr, 120) + SHA3.S[ 8] ^= SHA3.toLane64(message, rr, 128) + SHA3.S[13] ^= SHA3.toLane64(message, rr, 136) + SHA3.S[18] ^= SHA3.toLane64(message, rr, 144) + SHA3.S[23] ^= SHA3.toLane64(message, rr, 152) + SHA3.S[ 4] ^= SHA3.toLane64(message, rr, 160) + SHA3.S[ 9] ^= SHA3.toLane64(message, rr, 168) + SHA3.S[14] ^= SHA3.toLane64(message, rr, 176) + SHA3.S[19] ^= SHA3.toLane64(message, rr, 184) + SHA3.S[24] ^= SHA3.toLane64(message, rr, 192) + SHA3.keccakF(SHA3.S) + message = message[rr:] + else: + for i in range(0, nnn, rr): + SHA3.S[ 0] ^= SHA3.toLane(message, rr, ww, 0) + SHA3.S[ 5] ^= SHA3.toLane(message, rr, ww, ww) + SHA3.S[10] ^= SHA3.toLane(message, rr, ww, 2 * ww) + SHA3.S[15] ^= SHA3.toLane(message, rr, ww, 3 * ww) + SHA3.S[20] ^= SHA3.toLane(message, rr, ww, 4 * ww) + SHA3.S[ 1] ^= SHA3.toLane(message, rr, ww, 5 * ww) + SHA3.S[ 6] ^= SHA3.toLane(message, rr, ww, 6 * ww) + SHA3.S[11] ^= SHA3.toLane(message, rr, ww, 7 * ww) + SHA3.S[16] ^= SHA3.toLane(message, rr, ww, 8 * ww) + SHA3.S[21] ^= SHA3.toLane(message, rr, ww, 9 * ww) + SHA3.S[ 2] ^= SHA3.toLane(message, rr, ww, 10 * ww) + SHA3.S[ 7] ^= SHA3.toLane(message, rr, ww, 11 * ww) + SHA3.S[12] ^= SHA3.toLane(message, rr, ww, 12 * ww) + SHA3.S[17] ^= SHA3.toLane(message, rr, ww, 13 * ww) + SHA3.S[22] ^= SHA3.toLane(message, rr, ww, 14 * ww) + SHA3.S[ 3] ^= SHA3.toLane(message, rr, ww, 15 * ww) + SHA3.S[ 8] ^= SHA3.toLane(message, rr, ww, 16 * ww) + SHA3.S[13] ^= SHA3.toLane(message, rr, ww, 17 * ww) + SHA3.S[18] ^= SHA3.toLane(message, rr, ww, 18 * ww) + SHA3.S[23] ^= SHA3.toLane(message, rr, ww, 19 * ww) + SHA3.S[ 4] ^= SHA3.toLane(message, rr, ww, 20 * ww) + SHA3.S[ 9] ^= SHA3.toLane(message, rr, ww, 21 * ww) + SHA3.S[14] ^= SHA3.toLane(message, rr, ww, 22 * ww) + SHA3.S[19] ^= SHA3.toLane(message, rr, ww, 23 * ww) + SHA3.S[24] ^= SHA3.toLane(message, rr, ww, 24 * ww) + message = message[rr:] + SHA3.keccakF(SHA3.S) + + + @staticmethod + def digest(msg = None): + ''' + Absorb the last part of the message and squeeze the Keccak sponge + + @param msg:bytes The rest of the message + ''' + if msg is None: + msg = bytes([]) + message = SHA3.pad10star1(SHA3.M + msg, SHA3.r) + SHA3.M = None + nnn = len(message) + rc = [0] * ((SHA3.n + 7) >> 3) + ptr = 0 + + rr = SHA3.r >> 3 + nn = SHA3.n >> 3 + ww = SHA3.w >> 3 + + # Absorbing phase + if ww == 8: + for i in range(0, nnn, rr): + SHA3.S[ 0] ^= SHA3.toLane64(message, rr, 0) + SHA3.S[ 5] ^= SHA3.toLane64(message, rr, 8) + SHA3.S[10] ^= SHA3.toLane64(message, rr, 16) + SHA3.S[15] ^= SHA3.toLane64(message, rr, 24) + SHA3.S[20] ^= SHA3.toLane64(message, rr, 32) + SHA3.S[ 1] ^= SHA3.toLane64(message, rr, 40) + SHA3.S[ 6] ^= SHA3.toLane64(message, rr, 48) + SHA3.S[11] ^= SHA3.toLane64(message, rr, 56) + SHA3.S[16] ^= SHA3.toLane64(message, rr, 64) + SHA3.S[21] ^= SHA3.toLane64(message, rr, 72) + SHA3.S[ 2] ^= SHA3.toLane64(message, rr, 80) + SHA3.S[ 7] ^= SHA3.toLane64(message, rr, 88) + SHA3.S[12] ^= SHA3.toLane64(message, rr, 96) + SHA3.S[17] ^= SHA3.toLane64(message, rr, 104) + SHA3.S[22] ^= SHA3.toLane64(message, rr, 112) + SHA3.S[ 3] ^= SHA3.toLane64(message, rr, 120) + SHA3.S[ 8] ^= SHA3.toLane64(message, rr, 128) + SHA3.S[13] ^= SHA3.toLane64(message, rr, 136) + SHA3.S[18] ^= SHA3.toLane64(message, rr, 144) + SHA3.S[23] ^= SHA3.toLane64(message, rr, 152) + SHA3.S[ 4] ^= SHA3.toLane64(message, rr, 160) + SHA3.S[ 9] ^= SHA3.toLane64(message, rr, 168) + SHA3.S[14] ^= SHA3.toLane64(message, rr, 176) + SHA3.S[19] ^= SHA3.toLane64(message, rr, 184) + SHA3.S[24] ^= SHA3.toLane64(message, rr, 192) + SHA3.keccakF(SHA3.S) + message = message[rr:] + else: + for i in range(0, nnn, rr): + SHA3.S[ 0] ^= SHA3.toLane(message, rr, ww, 0) + SHA3.S[ 5] ^= SHA3.toLane(message, rr, ww, ww) + SHA3.S[10] ^= SHA3.toLane(message, rr, ww, 2 * ww) + SHA3.S[15] ^= SHA3.toLane(message, rr, ww, 3 * ww) + SHA3.S[20] ^= SHA3.toLane(message, rr, ww, 4 * ww) + SHA3.S[ 1] ^= SHA3.toLane(message, rr, ww, 5 * ww) + SHA3.S[ 6] ^= SHA3.toLane(message, rr, ww, 6 * ww) + SHA3.S[11] ^= SHA3.toLane(message, rr, ww, 7 * ww) + SHA3.S[16] ^= SHA3.toLane(message, rr, ww, 8 * ww) + SHA3.S[21] ^= SHA3.toLane(message, rr, ww, 9 * ww) + SHA3.S[ 2] ^= SHA3.toLane(message, rr, ww, 10 * ww) + SHA3.S[ 7] ^= SHA3.toLane(message, rr, ww, 11 * ww) + SHA3.S[12] ^= SHA3.toLane(message, rr, ww, 12 * ww) + SHA3.S[17] ^= SHA3.toLane(message, rr, ww, 13 * ww) + SHA3.S[22] ^= SHA3.toLane(message, rr, ww, 14 * ww) + SHA3.S[ 3] ^= SHA3.toLane(message, rr, ww, 15 * ww) + SHA3.S[ 8] ^= SHA3.toLane(message, rr, ww, 16 * ww) + SHA3.S[13] ^= SHA3.toLane(message, rr, ww, 17 * ww) + SHA3.S[18] ^= SHA3.toLane(message, rr, ww, 18 * ww) + SHA3.S[23] ^= SHA3.toLane(message, rr, ww, 19 * ww) + SHA3.S[ 4] ^= SHA3.toLane(message, rr, ww, 20 * ww) + SHA3.S[ 9] ^= SHA3.toLane(message, rr, ww, 21 * ww) + SHA3.S[14] ^= SHA3.toLane(message, rr, ww, 22 * ww) + SHA3.S[19] ^= SHA3.toLane(message, rr, ww, 23 * ww) + SHA3.S[24] ^= SHA3.toLane(message, rr, ww, 24 * ww) + message = message[rr:] + SHA3.keccakF(SHA3.S) + + # Squeezing phase + olen = SHA3.n + j = 0 + ni = min(25, rr) + while (olen > 0): + i = 0 + while (i < ni) and (j < nn): + v = SHA3.S[(i % 5) * 5 + i // 5] + for _ in range(ww): + if (j < nn): + rc[ptr] = v & 255 + ptr += 1 + v >>= 8 + j += 1 + i += 1 + olen -= SHA3.r + if olen > 0: + SHA3.keccakF(S) + + return bytes(rc) + + + +if __name__ == '__main__': + cmd = sys.argv[0] + args = sys.argv[1:] + if '/' in cmd: + cmd = cmd[cmd.rfind('/') + 1:] + if cmd.endswith('.py'): + cmd = cmd[:-3] + + o = 512 # --outputsize + if cmd == 'sha3-224sum': o = 224 + elif cmd == 'sha3-256sum': o = 256 + elif cmd == 'sha3-384sum': o = 384 + elif cmd == 'sha3-512sum': o = 512 + s = 1600 # --statesize + r = s - (o << 1) # --bitrate + c = s - r # --capacity + w = s // 25 # --wordsize + i = 1 # --iterations + binary = False + + (_r, _c, _w, _o, _s, _i) = (r, c, w, o, s, i) + + files = [] + dashed = False + linger = None + + for arg in args + [None]: + if linger is not None: + if linger[0] in ('-h', '--help'): + sys.stderr.buffer.write((''' +SHA-3/Keccak checksum calculator + +USAGE: sha3sum [option...] < file + sha3sum [option...] file... + + +OPTIONS: + -r BITRATE + --bitrate The bitrate to use for SHA-3. (default: %d) + + -c CAPACITY + --capacity The capacity to use for SHA-3. (default: %d) + + -w WORDSIZE + --wordsize The word size to use for SHA-3. (default: %d) + + -o OUTPUTSIZE + --outputsize The output size to use for SHA-3. (default: %d) + + -s STATESIZE + --statesize The state size to use for SHA-3. (default: %d) + + -i ITERATIONS + --iterations The number of hash iterations to run. (default: %d) + + -b + --binary Print the checksum in binary, rather than hexadecimal. + + +COPYRIGHT: + +Copyright © 2013 Mattias Andrée (maandree@member.fsf.org) + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see . + +''' % (_r, _c, _w, _o, _s, _i)).encode('utf-8')) + sys.stderr.buffer.flush() + exit(2) + else: + if linger[1] is None: + linger[1] = arg + arg = None + if linger[0] in ('-r', '--bitrate'): + r = int(linger[1]) + o = (s - r) >> 1 + elif linger[0] in ('-c', '--capacity'): + c = int(linger[1]) + r = s - c + elif linger[0] in ('-w', '--wordsize'): + w = int(linger[1]) + s = w * 25 + elif linger[0] in ('-o', '--outputsize'): + o = int(linger[1]) + r = s - (o << 1) + elif linger[0] in ('-s', '--statesize'): + s = int(linger[1]) + r = s - (o << 1) + elif linger[0] in ('-i', '--iterations'): + i = int(linger[1]) + else: + sys.stderr.buffer.write((sys.argv[0] + ': unrecognised option: ' + linger[0] + '\n').encode('utf-8')) + sys.stdout.buffer.flush() + exit(1) + linger = None + if arg is None: + continue + if arg is None: + continue + if dashed: + files.append(None if arg == '-' else arg) + elif arg == '--': + dashed = True + elif arg == '-': + files.append(None) + elif arg.startswith('--'): + if '=' in arg: + linger = (arg[:arg.find('=')], arg[arg.find('=') + 1:]) + else: + if arg == '--binary': + binary = True + else: + linger = [arg, None] + elif arg.startswith('-'): + arg = arg[1:] + if arg[0] == 'b': + binary = True + arg = arg[1:] + elif len(arg) == 1: + linger = ['-' + arg, None] + else: + linger = ['-' + arg[0], arg[1:]] + else: + files.append(arg) + + if len(files) == 0: + files.append(None) + if i < 1: + sys.stdout.buffer.write((sys.argv[0] + ': sorry, I will only do at least one iteration!\n').encode('utf-8')) + sys.stdout.buffer.flush() + exit(3) + stdin = None + for filename in files: + if (filename is None) and (stdin is not None): + print(stdin) + continue + rc = '' + fn = '/dev/stdin' if filename is None else filename + with open(fn, 'rb') as file: + SHA3.initialise(r, c, o) + blksize = os.stat(os.path.realpath(fn)).st_size + while True: + chunk = file.read(blksize) + if len(chunk) == 0: + break + SHA3.update(chunk) + bs = SHA3.digest(file.read()) + for _ in range(1, i): + SHA3.initialise(r, c, o) + bs = SHA3.digest(bs) + if binary: + if filename is None: + stdin = bs + sys.stdout.buffer.write(bs) + sys.stdout.buffer.flush() + else: + for b in bs: + rc += "0123456789ABCDEF"[b >> 4] + rc += "0123456789ABCDEF"[b & 15] + rc += ' ' + ('-' if filename is None else filename) + '\n' + if filename is None: + stdin = rc + sys.stdout.buffer.write(rc.encode('UTF-8')) + sys.stdout.buffer.flush() + + diff --git a/sha3sum.java b/sha3sum.java deleted file mode 100644 index 6a122ff..0000000 --- a/sha3sum.java +++ /dev/null @@ -1,257 +0,0 @@ -/** - * sha3sum – SHA-3 (Keccak) checksum calculator - * - * Copyright © 2013 Mattias Andrée (maandree@member.fsf.org) - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -import java.io.*; -import java.util.*; - - -/** - * SHA-3/Keccak chechsum calculator - * - * @author Mattias Andrée maandree@member.fsf.org - */ -public class sha3sum -{ - /** - * This is the main entry point of the program - * - * @param argv Command line arguments - * @throws IOException On I/O error (such as broken pipes) - */ - public static void main(String[] argv) throws IOException - { - String cmd, _cmd = cmd = ""; //FIXME /proc/self/cmdline split ^@ [0] - if (cmd.indexOf('/') >= 0) - cmd = cmd.substring(cmd.lastIndexOf('/') + 1); - if (cmd.endsWith(".jar")) - cmd = cmd.substring(0, cmd.length() - 3); - cmd = cmd.intern(); - - int _o, o = _o = 512; /* --outputsize */ - if (cmd == "sha3-224sum") o = _o = 224; - else if (cmd == "sha3-256sum") o = _o = 256; - else if (cmd == "sha3-384sum") o = _o = 384; - else if (cmd == "sha3-512sum") o = _o = 512; - int _s, s = _s = 1600; /* --statesiz e */ - int _r, r = _r = s - (o << 1); /* --bitrate */ - int _c, c = _c = s - r; /* --capacity */ - int _w, w = _w = s / 25; /* --wordsize */ - int _i, i = _i = 1; /* --iterations */ - boolean binary = false; - - String[] files = new String[argv.length + 1]; - int fptr = 0; - boolean dashed = false; - String[] linger = null; - - String[] args = new String[argv.length + 1]; - System.arraycopy(argv, 0, args, 0, argv.length); - for (int a = 0, an = args.length; a < an; a++) - { String arg = args[a]; - arg = arg == null ? null : arg.intern(); - if (linger != null) - { - linger[0] = linger[0].intern(); - if ((linger[0] == "-h") || (linger[0] == "--help")) - { - System.out.println("SHA-3/Keccak checksum calculator"); - System.out.println(""); - System.out.println("USAGE: sha3sum [option...] < file"); - System.out.println(" sha3sum [option...] file..."); - System.out.println(""); - System.out.println(""); - System.out.println("OPTIONS:"); - System.out.println(" -r BITRATE"); - System.out.println(" --bitrate The bitrate to use for SHA-3. (default: " + _r + ")"); - System.out.println(" "); - System.out.println(" -c CAPACITY"); - System.out.println(" --capacity The capacity to use for SHA-3. (default: " + _c + ")"); - System.out.println(" "); - System.out.println(" -w WORDSIZE"); - System.out.println(" --wordsize The word size to use for SHA-3. (default: " + _w + ")"); - System.out.println(" "); - System.out.println(" -o OUTPUTSIZE"); - System.out.println(" --outputsize The output size to use for SHA-3. (default: " + _o + ")"); - System.out.println(" "); - System.out.println(" -s STATESIZE"); - System.out.println(" --statesize The state size to use for SHA-3. (default: " + _s + ")"); - System.out.println(" "); - System.out.println(" -i ITERATIONS"); - System.out.println(" --iterations The number of hash iterations to run. (default: " + _i + ")"); - System.out.println(" "); - System.out.println(" -b"); - System.out.println(" --binary Print the checksum in binary, rather than hexadecimal."); - System.out.println(""); - System.out.println(""); - System.out.println("COPYRIGHT:"); - System.out.println(""); - System.out.println("Copyright © 2013 Mattias Andrée (maandree@member.fsf.org)"); - System.out.println(""); - System.out.println("This program is free software: you can redistribute it and/or modify"); - System.out.println("it under the terms of the GNU General Public License as published by"); - System.out.println("the Free Software Foundation, either version 3 of the License, or"); - System.out.println("(at your option) any later version."); - System.out.println(""); - System.out.println("This program is distributed in the hope that it will be useful,"); - System.out.println("but WITHOUT ANY WARRANTY; without even the implied warranty of"); - System.out.println("MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the"); - System.out.println("GNU General Public License for more details."); - System.out.println(""); - System.out.println("You should have received a copy of the GNU General Public License"); - System.out.println("along with this program. If not, see ."); - System.exit(2); - } - else - { - if (linger[1] == null) - { - linger[1] = arg; - arg = null; - } - if ((linger[0] == "-r") || (linger[0] == "--bitrate")) - o = (s - (r = Integer.parseInt(linger[1]))) >> 1; - else if ((linger[0] == "-c") || (linger[0] == "--capacity")) - r = s - (c = Integer.parseInt(linger[1])); - else if ((linger[0] == "-w") || (linger[0] == "--wordsize")) - s = (w = Integer.parseInt(linger[1])) * 25; - else if ((linger[0] == "-o") || (linger[0] == "--outputsize")) - r = s - ((o = Integer.parseInt(linger[1])) << 1); - else if ((linger[0] == "-s") || (linger[0] == "--statesize")) - r = (s = Integer.parseInt(linger[1])) - (o << 1); - else if ((linger[0] == "-i") || (linger[0] == "--iterations")) - i = Integer.parseInt(linger[1]); - else - { - System.err.println(_cmd + ": unrecognised option: " + linger[0]); - System.exit(1); - } - } - linger = null; - if (arg == null) - continue; - } - if (arg == null) - continue; - if (dashed) - files[fptr++] = arg == "-" ? null : arg; - else if (arg == "--") - dashed = true; - else if (arg == "-") - files[fptr++] = null; - else if (arg.startsWith("--")) - if (arg.indexOf('=') >= 0) - linger = new String[] { arg.substring(0, arg.indexOf('=')), arg.substring(arg.indexOf('=') + 1) }; - else - if (arg == "--binary") - binary = true; - else - linger = new String[] { arg, null }; - else if (arg.startsWith("-")) - { - arg = arg.substring(1); - if (arg.charAt(0) == 'b') - { - binary = true; - arg = arg.substring(1); - } - else if (arg.length() == 1) - linger = new String[] { "-" + arg, null }; - else - linger = new String[] { "-" + arg.charAt(0), arg.substring(1) }; - } - else - files[fptr++] = arg; - } - - if (fptr == 0) - files[fptr++] = null; - if (i < 1) - { - System.err.println(_cmd + ": sorry, I will only do at least one iteration!\n"); - System.exit(3); - } - - byte[] stdin = null; - boolean fail = false; - String filename; - - for (int f = 0; f < fptr; f++) - { if (((filename = files[f]) == null) && (stdin != null)) - { System.out.write(stdin); - continue; - } - String rc = ""; - String fn = filename == null ? "/dev/stdin" : filename; - InputStream file = null; - try - { - file = new FileInputStream(fn); - SHA3.initialise(r, c, o); - int blksize = 4096; /** XXX os.stat(os.path.realpath(fn)).st_size; **/ - byte[] chunk = new byte[blksize]; - for (;;) - { - int read = file.read(chunk, 0, blksize); - if (read <= 0) - break; - SHA3.update(chunk, read); - } - byte[] bs = SHA3.digest(); - for (int _ = 1; _ < i; _++) - { - SHA3.initialise(r, c, o); - bs = SHA3.digest(bs); - } - if (binary) - { if (filename == null) - stdin = bs; - System.out.write(bs); - System.out.flush(); - } - else - { for (int b = 0, bn = bs.length; b < bn; b++) - { rc += "0123456789ABCDEF".charAt((bs[b] >> 4) & 15); - rc += "0123456789ABCDEF".charAt(bs[b] & 15); - } - rc += " " + (filename == null ? "-" : filename) + "\n"; - if (filename == null) - stdin = rc.getBytes("UTF-8"); - System.out.print(rc); - System.out.flush(); - } - } - catch (final IOException err) - { System.err.println(_cmd + ": Cannot read file: " + filename + ": " + err); - fail = true; - } - finally - { if (file != null) - try - { file.close(); - } - catch (final Throwable ignore) - { //ignore - } } } - - System.out.flush(); - if (fail) - System.exit(5); - } -} - diff --git a/sha3sum.py b/sha3sum.py deleted file mode 100755 index f7e297a..0000000 --- a/sha3sum.py +++ /dev/null @@ -1,726 +0,0 @@ -#!/usr/bin/env python -# -*- coding: utf-8 -*- -''' -sha3sum – SHA-3 (Keccak) checksum calculator - -Copyright © 2013 Mattias Andrée (maandree@member.fsf.org) - -This program is free software: you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation, either version 3 of the License, or -(at your option) any later version. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program. If not, see . -''' - -import sys -import os - - -class SHA3: - ''' - SHA-3/Keccak hash algorithm implementation - - @author Mattias Andrée (maandree@member.fsf.org) - ''' - - - RC=[0x0000000000000001, 0x0000000000008082, 0x800000000000808A, 0x8000000080008000, - 0x000000000000808B, 0x0000000080000001, 0x8000000080008081, 0x8000000000008009, - 0x000000000000008A, 0x0000000000000088, 0x0000000080008009, 0x000000008000000A, - 0x000000008000808B, 0x800000000000008B, 0x8000000000008089, 0x8000000000008003, - 0x8000000000008002, 0x8000000000000080, 0x000000000000800A, 0x800000008000000A, - 0x8000000080008081, 0x8000000000008080, 0x0000000080000001, 0x8000000080008008] - ''' - :list Round contants - ''' - - B = [0] * 25 - ''' - :list Keccak-f round temporary - ''' - - C = [0] * 5 - ''' - :list Keccak-f round temporary - ''' - - - (r, c, n, b, w, wmod, l, nr) = (0, 0, 0, 0, 0, 0, 0, 0) - ''' - r:int The bitrate - c:int The capacity - n:int The output size - b:int The state size - w:int The word size - wmod:int The word mask - l:int ℓ, the binary logarithm of the word size - nr:int 12 + 2ℓ, the number of rounds - ''' - - S = None - ''' - :list The current state - ''' - - M = None - ''' - :bytes Left over water to fill the sponge with at next update - ''' - - - - @staticmethod - def rotate(x, n): - ''' - Rotate a word - - @param x:int The value to rotate - @param n:int Rotation steps - @return :int The value rotated - ''' - m = n % SHA3.w - return ((x >> (SHA3.w - m)) + (x << m)) & SHA3.wmod - - - @staticmethod - def rotate64(x, n): - ''' - Rotate a 64-bit word - - @param x:int The value to rotate - @param n:int Rotation steps - @return :int The value rotated - ''' - return ((x >> (SHA3.w - n)) + (x << n)) & 0xFFFFFFFFFFFFFFFF - - - @staticmethod - def lb(x): - ''' - Binary logarithm - - @param x:int The value of which to calculate the binary logarithm - @return :int The binary logarithm - ''' - return ((0 if (x & 0xFF00) == 0 else 8) + (0 if (x & 0xF0F0) == 0 else 4)) + ((0 if (x & 0xCCCC) == 0 else 2) + (0 if (x & 0xAAAA) == 0 else 1)) - - - @staticmethod - def keccakFRound(A, rc): - ''' - Perform one round of computation - - @param A:list The current state - @param rc:int Round constant - ''' - if SHA3.w == 64: - # θ step (step 1 and 2 of 3) - SHA3.C[0] = (A[0] ^ A[1]) ^ (A[2] ^ A[3]) ^ A[4] - SHA3.C[2] = (A[10] ^ A[11]) ^ (A[12] ^ A[13]) ^ A[14] - db = SHA3.C[0] ^ SHA3.rotate64(SHA3.C[2], 1) - SHA3.C[4] = (A[20] ^ A[21]) ^ (A[22] ^ A[23]) ^ A[24] - dd = SHA3.C[2] ^ SHA3.rotate64(SHA3.C[4], 1) - SHA3.C[1] = (A[5] ^ A[6]) ^ (A[7] ^ A[8]) ^ A[9] - da = SHA3.C[4] ^ SHA3.rotate64(SHA3.C[1], 1) - SHA3.C[3] = (A[15] ^ A[16]) ^ (A[17] ^ A[18]) ^ A[19] - dc = SHA3.C[1] ^ SHA3.rotate64(SHA3.C[3], 1) - de = SHA3.C[3] ^ SHA3.rotate64(SHA3.C[0], 1) - - # ρ and π steps, with last part of θ - SHA3.B[0] = SHA3.rotate64(A[0] ^ da, 0) - SHA3.B[1] = SHA3.rotate64(A[15] ^ dd, 28) - SHA3.B[2] = SHA3.rotate64(A[5] ^ db, 1) - SHA3.B[3] = SHA3.rotate64(A[20] ^ de, 27) - SHA3.B[4] = SHA3.rotate64(A[10] ^ dc, 62) - - SHA3.B[5] = SHA3.rotate64(A[6] ^ db, 44) - SHA3.B[6] = SHA3.rotate64(A[21] ^ de, 20) - SHA3.B[7] = SHA3.rotate64(A[11] ^ dc, 6) - SHA3.B[8] = SHA3.rotate64(A[1] ^ da, 36) - SHA3.B[9] = SHA3.rotate64(A[16] ^ dd, 55) - - SHA3.B[10] = SHA3.rotate64(A[12] ^ dc, 43) - SHA3.B[11] = SHA3.rotate64(A[2] ^ da, 3) - SHA3.B[12] = SHA3.rotate64(A[17] ^ dd, 25) - SHA3.B[13] = SHA3.rotate64(A[7] ^ db, 10) - SHA3.B[14] = SHA3.rotate64(A[22] ^ de, 39) - - SHA3.B[15] = SHA3.rotate64(A[18] ^ dd, 21) - SHA3.B[16] = SHA3.rotate64(A[8] ^ db, 45) - SHA3.B[17] = SHA3.rotate64(A[23] ^ de, 8) - SHA3.B[18] = SHA3.rotate64(A[13] ^ dc, 15) - SHA3.B[19] = SHA3.rotate64(A[3] ^ da, 41) - - SHA3.B[20] = SHA3.rotate64(A[24] ^ de, 14) - SHA3.B[21] = SHA3.rotate64(A[14] ^ dc, 61) - SHA3.B[22] = SHA3.rotate64(A[4] ^ da, 18) - SHA3.B[23] = SHA3.rotate64(A[19] ^ dd, 56) - SHA3.B[24] = SHA3.rotate64(A[9] ^ db, 2) - else: - # θ step (step 1 and 2 of 3) - SHA3.C[0] = (A[0] ^ A[1]) ^ (A[2] ^ A[3]) ^ A[4] - SHA3.C[2] = (A[10] ^ A[11]) ^ (A[12] ^ A[13]) ^ A[14] - db = SHA3.C[0] ^ SHA3.rotate(SHA3.C[2], 1) - SHA3.C[4] = (A[20] ^ A[21]) ^ (A[22] ^ A[23]) ^ A[24] - dd = SHA3.C[2] ^ SHA3.rotate(SHA3.C[4], 1) - SHA3.C[1] = (A[5] ^ A[6]) ^ (A[7] ^ A[8]) ^ A[9] - da = SHA3.C[4] ^ SHA3.rotate(SHA3.C[1], 1) - SHA3.C[3] = (A[15] ^ A[16]) ^ (A[17] ^ A[18]) ^ A[19] - dc = SHA3.C[1] ^ SHA3.rotate(SHA3.C[3], 1) - de = SHA3.C[3] ^ SHA3.rotate(SHA3.C[0], 1) - - # ρ and π steps, with last part of θ - SHA3.B[0] = SHA3.rotate(A[0] ^ da, 0) - SHA3.B[1] = SHA3.rotate(A[15] ^ dd, 28) - SHA3.B[2] = SHA3.rotate(A[5] ^ db, 1) - SHA3.B[3] = SHA3.rotate(A[20] ^ de, 27) - SHA3.B[4] = SHA3.rotate(A[10] ^ dc, 62) - - SHA3.B[5] = SHA3.rotate(A[6] ^ db, 44) - SHA3.B[6] = SHA3.rotate(A[21] ^ de, 20) - SHA3.B[7] = SHA3.rotate(A[11] ^ dc, 6) - SHA3.B[8] = SHA3.rotate(A[1] ^ da, 36) - SHA3.B[9] = SHA3.rotate(A[16] ^ dd, 55) - - SHA3.B[10] = SHA3.rotate(A[12] ^ dc, 43) - SHA3.B[11] = SHA3.rotate(A[2] ^ da, 3) - SHA3.B[12] = SHA3.rotate(A[17] ^ dd, 25) - SHA3.B[13] = SHA3.rotate(A[7] ^ db, 10) - SHA3.B[14] = SHA3.rotate(A[22] ^ de, 39) - - SHA3.B[15] = SHA3.rotate(A[18] ^ dd, 21) - SHA3.B[16] = SHA3.rotate(A[8] ^ db, 45) - SHA3.B[17] = SHA3.rotate(A[23] ^ de, 8) - SHA3.B[18] = SHA3.rotate(A[13] ^ dc, 15) - SHA3.B[19] = SHA3.rotate(A[3] ^ da, 41) - - SHA3.B[20] = SHA3.rotate(A[24] ^ de, 14) - SHA3.B[21] = SHA3.rotate(A[14] ^ dc, 61) - SHA3.B[22] = SHA3.rotate(A[4] ^ da, 18) - SHA3.B[23] = SHA3.rotate(A[19] ^ dd, 56) - SHA3.B[24] = SHA3.rotate(A[9] ^ db, 2) - - # ξ step - A[0] = SHA3.B[0] ^ ((~(SHA3.B[5])) & SHA3.B[10]) - A[1] = SHA3.B[1] ^ ((~(SHA3.B[6])) & SHA3.B[11]) - A[2] = SHA3.B[2] ^ ((~(SHA3.B[7])) & SHA3.B[12]) - A[3] = SHA3.B[3] ^ ((~(SHA3.B[8])) & SHA3.B[13]) - A[4] = SHA3.B[4] ^ ((~(SHA3.B[9])) & SHA3.B[14]) - - A[5] = SHA3.B[5] ^ ((~(SHA3.B[10])) & SHA3.B[15]) - A[6] = SHA3.B[6] ^ ((~(SHA3.B[11])) & SHA3.B[16]) - A[7] = SHA3.B[7] ^ ((~(SHA3.B[12])) & SHA3.B[17]) - A[8] = SHA3.B[8] ^ ((~(SHA3.B[13])) & SHA3.B[18]) - A[9] = SHA3.B[9] ^ ((~(SHA3.B[14])) & SHA3.B[19]) - - A[10] = SHA3.B[10] ^ ((~(SHA3.B[15])) & SHA3.B[20]) - A[11] = SHA3.B[11] ^ ((~(SHA3.B[16])) & SHA3.B[21]) - A[12] = SHA3.B[12] ^ ((~(SHA3.B[17])) & SHA3.B[22]) - A[13] = SHA3.B[13] ^ ((~(SHA3.B[18])) & SHA3.B[23]) - A[14] = SHA3.B[14] ^ ((~(SHA3.B[19])) & SHA3.B[24]) - - A[15] = SHA3.B[15] ^ ((~(SHA3.B[20])) & SHA3.B[0]) - A[16] = SHA3.B[16] ^ ((~(SHA3.B[21])) & SHA3.B[1]) - A[17] = SHA3.B[17] ^ ((~(SHA3.B[22])) & SHA3.B[2]) - A[18] = SHA3.B[18] ^ ((~(SHA3.B[23])) & SHA3.B[3]) - A[19] = SHA3.B[19] ^ ((~(SHA3.B[24])) & SHA3.B[4]) - - A[20] = SHA3.B[20] ^ ((~(SHA3.B[0])) & SHA3.B[5]) - A[21] = SHA3.B[21] ^ ((~(SHA3.B[1])) & SHA3.B[6]) - A[22] = SHA3.B[22] ^ ((~(SHA3.B[2])) & SHA3.B[7]) - A[23] = SHA3.B[23] ^ ((~(SHA3.B[3])) & SHA3.B[8]) - A[24] = SHA3.B[24] ^ ((~(SHA3.B[4])) & SHA3.B[9]) - - # ι step - A[0] ^= rc - - - @staticmethod - def keccakF(A): - ''' - Perform Keccak-f function - - @param A:list The current state - ''' - if (SHA3.nr == 24): - SHA3.keccakFRound(A, 0x0000000000000001) - SHA3.keccakFRound(A, 0x0000000000008082) - SHA3.keccakFRound(A, 0x800000000000808A) - SHA3.keccakFRound(A, 0x8000000080008000) - SHA3.keccakFRound(A, 0x000000000000808B) - SHA3.keccakFRound(A, 0x0000000080000001) - SHA3.keccakFRound(A, 0x8000000080008081) - SHA3.keccakFRound(A, 0x8000000000008009) - SHA3.keccakFRound(A, 0x000000000000008A) - SHA3.keccakFRound(A, 0x0000000000000088) - SHA3.keccakFRound(A, 0x0000000080008009) - SHA3.keccakFRound(A, 0x000000008000000A) - SHA3.keccakFRound(A, 0x000000008000808B) - SHA3.keccakFRound(A, 0x800000000000008B) - SHA3.keccakFRound(A, 0x8000000000008089) - SHA3.keccakFRound(A, 0x8000000000008003) - SHA3.keccakFRound(A, 0x8000000000008002) - SHA3.keccakFRound(A, 0x8000000000000080) - SHA3.keccakFRound(A, 0x000000000000800A) - SHA3.keccakFRound(A, 0x800000008000000A) - SHA3.keccakFRound(A, 0x8000000080008081) - SHA3.keccakFRound(A, 0x8000000000008080) - SHA3.keccakFRound(A, 0x0000000080000001) - SHA3.keccakFRound(A, 0x8000000080008008) - else: - for i in range(SHA3.nr): - SHA3.keccakFRound(A, SHA3.RC[i] & SHA3.wmod) - - - @staticmethod - def toLane(message, rr, ww, off): - ''' - Convert a chunk of char:s to a word - - @param message:bytes The message - @param rr:int Bitrate in bytes - @param ww:int Word size in bytes - @param off:int The offset in the message - @return :int Lane - ''' - rc = 0 - i = off + ww - 1 - n = min(len(message), rr) - while i >= off: - rc = (rc << 8) | (message[i] if (i < n) else 0) - i -= 1 - return rc - - - @staticmethod - def toLane64(message, rr, off): - ''' - Convert a chunk of char:s to a 64-bit word - - @param message:bytes The message - @param rr:int Bitrate in bytes - @param off:int The offset in the message - @return :int Lane - ''' - rc = 0 - n = min(len(message), rr) - - return ((message[off + 7] << 56) if (off + 7 < n) else 0) | ((message[off + 6] << 48) if (off + 6 < n) else 0) | ((message[off + 5] << 40) if (off + 5 < n) else 0) | ((message[off + 4] << 32) if (off + 4 < n) else 0) | ((message[off + 3] << 24) if (off + 3 < n) else 0) | ((message[off + 2] << 16) if (off + 2 < n) else 0) | ((message[off + 1] << 8) if (off + 1 < n) else 0) | ((message[off]) if (off < n) else 0) - - - @staticmethod - def pad10star1(msg, r): - ''' - pad 10*1 - - @param msg:bytes The message to pad - @param r:int The bitrate - @return :str The message padded - ''' - nnn = len(msg) - - nrf = nnn >> 3 - nbrf = nnn & 7 - ll = nnn % r - - bbbb = 1 if nbrf == 0 else ((msg[nrf] >> (8 - nbrf)) | (1 << nbrf)) - - message = None - if ((r - 8 <= ll) and (ll <= r - 2)): - message = [bbbb ^ 128] - else: - nnn = (nrf + 1) << 3 - nnn = ((nnn - (nnn % r) + (r - 8)) >> 3) + 1 - message = [0] * (nnn - nrf) - message[0] = bbbb - nnn -= nrf - #for i in range(1, nnn): - # message[i] = 0 - message[nnn - 1] = 0x80 - - return msg[:nrf] + bytes(message) - - - @staticmethod - def initialise(r, c, n): - ''' - Initialise Keccak sponge - - @param r:int The bitrate - @param c:int The capacity - @param n:int The output size - ''' - SHA3.r = r - SHA3.c = c - SHA3.n = n - SHA3.b = r + c - SHA3.w = SHA3.b // 25 - SHA3.l = SHA3.lb(SHA3.w) - SHA3.nr = 12 + (SHA3.l << 1) - SHA3.wmod = (1 << SHA3.w) - 1 - SHA3.S = [0] * 25 - SHA3.M = bytes([]) - - - @staticmethod - def update(msg): - ''' - Absorb the more of the message message to the Keccak sponge - - @param msg:bytes The partial message - ''' - rr = SHA3.r >> 3 - ww = SHA3.w >> 3 - - SHA3.M += msg - nnn = len(SHA3.M) - nnn -= nnn % ((SHA3.r * SHA3.b) >> 3) - message = SHA3.M[:nnn] - SHA3.M = SHA3.M[nnn:] - - # Absorbing phase - if ww == 8: - for i in range(0, nnn, rr): - SHA3.S[ 0] ^= SHA3.toLane64(message, rr, 0) - SHA3.S[ 5] ^= SHA3.toLane64(message, rr, 8) - SHA3.S[10] ^= SHA3.toLane64(message, rr, 16) - SHA3.S[15] ^= SHA3.toLane64(message, rr, 24) - SHA3.S[20] ^= SHA3.toLane64(message, rr, 32) - SHA3.S[ 1] ^= SHA3.toLane64(message, rr, 40) - SHA3.S[ 6] ^= SHA3.toLane64(message, rr, 48) - SHA3.S[11] ^= SHA3.toLane64(message, rr, 56) - SHA3.S[16] ^= SHA3.toLane64(message, rr, 64) - SHA3.S[21] ^= SHA3.toLane64(message, rr, 72) - SHA3.S[ 2] ^= SHA3.toLane64(message, rr, 80) - SHA3.S[ 7] ^= SHA3.toLane64(message, rr, 88) - SHA3.S[12] ^= SHA3.toLane64(message, rr, 96) - SHA3.S[17] ^= SHA3.toLane64(message, rr, 104) - SHA3.S[22] ^= SHA3.toLane64(message, rr, 112) - SHA3.S[ 3] ^= SHA3.toLane64(message, rr, 120) - SHA3.S[ 8] ^= SHA3.toLane64(message, rr, 128) - SHA3.S[13] ^= SHA3.toLane64(message, rr, 136) - SHA3.S[18] ^= SHA3.toLane64(message, rr, 144) - SHA3.S[23] ^= SHA3.toLane64(message, rr, 152) - SHA3.S[ 4] ^= SHA3.toLane64(message, rr, 160) - SHA3.S[ 9] ^= SHA3.toLane64(message, rr, 168) - SHA3.S[14] ^= SHA3.toLane64(message, rr, 176) - SHA3.S[19] ^= SHA3.toLane64(message, rr, 184) - SHA3.S[24] ^= SHA3.toLane64(message, rr, 192) - SHA3.keccakF(SHA3.S) - message = message[rr:] - else: - for i in range(0, nnn, rr): - SHA3.S[ 0] ^= SHA3.toLane(message, rr, ww, 0) - SHA3.S[ 5] ^= SHA3.toLane(message, rr, ww, ww) - SHA3.S[10] ^= SHA3.toLane(message, rr, ww, 2 * ww) - SHA3.S[15] ^= SHA3.toLane(message, rr, ww, 3 * ww) - SHA3.S[20] ^= SHA3.toLane(message, rr, ww, 4 * ww) - SHA3.S[ 1] ^= SHA3.toLane(message, rr, ww, 5 * ww) - SHA3.S[ 6] ^= SHA3.toLane(message, rr, ww, 6 * ww) - SHA3.S[11] ^= SHA3.toLane(message, rr, ww, 7 * ww) - SHA3.S[16] ^= SHA3.toLane(message, rr, ww, 8 * ww) - SHA3.S[21] ^= SHA3.toLane(message, rr, ww, 9 * ww) - SHA3.S[ 2] ^= SHA3.toLane(message, rr, ww, 10 * ww) - SHA3.S[ 7] ^= SHA3.toLane(message, rr, ww, 11 * ww) - SHA3.S[12] ^= SHA3.toLane(message, rr, ww, 12 * ww) - SHA3.S[17] ^= SHA3.toLane(message, rr, ww, 13 * ww) - SHA3.S[22] ^= SHA3.toLane(message, rr, ww, 14 * ww) - SHA3.S[ 3] ^= SHA3.toLane(message, rr, ww, 15 * ww) - SHA3.S[ 8] ^= SHA3.toLane(message, rr, ww, 16 * ww) - SHA3.S[13] ^= SHA3.toLane(message, rr, ww, 17 * ww) - SHA3.S[18] ^= SHA3.toLane(message, rr, ww, 18 * ww) - SHA3.S[23] ^= SHA3.toLane(message, rr, ww, 19 * ww) - SHA3.S[ 4] ^= SHA3.toLane(message, rr, ww, 20 * ww) - SHA3.S[ 9] ^= SHA3.toLane(message, rr, ww, 21 * ww) - SHA3.S[14] ^= SHA3.toLane(message, rr, ww, 22 * ww) - SHA3.S[19] ^= SHA3.toLane(message, rr, ww, 23 * ww) - SHA3.S[24] ^= SHA3.toLane(message, rr, ww, 24 * ww) - message = message[rr:] - SHA3.keccakF(SHA3.S) - - - @staticmethod - def digest(msg = None): - ''' - Absorb the last part of the message and squeeze the Keccak sponge - - @param msg:bytes The rest of the message - ''' - if msg is None: - msg = bytes([]) - message = SHA3.pad10star1(SHA3.M + msg, SHA3.r) - SHA3.M = None - nnn = len(message) - rc = [0] * ((SHA3.n + 7) >> 3) - ptr = 0 - - rr = SHA3.r >> 3 - nn = SHA3.n >> 3 - ww = SHA3.w >> 3 - - # Absorbing phase - if ww == 8: - for i in range(0, nnn, rr): - SHA3.S[ 0] ^= SHA3.toLane64(message, rr, 0) - SHA3.S[ 5] ^= SHA3.toLane64(message, rr, 8) - SHA3.S[10] ^= SHA3.toLane64(message, rr, 16) - SHA3.S[15] ^= SHA3.toLane64(message, rr, 24) - SHA3.S[20] ^= SHA3.toLane64(message, rr, 32) - SHA3.S[ 1] ^= SHA3.toLane64(message, rr, 40) - SHA3.S[ 6] ^= SHA3.toLane64(message, rr, 48) - SHA3.S[11] ^= SHA3.toLane64(message, rr, 56) - SHA3.S[16] ^= SHA3.toLane64(message, rr, 64) - SHA3.S[21] ^= SHA3.toLane64(message, rr, 72) - SHA3.S[ 2] ^= SHA3.toLane64(message, rr, 80) - SHA3.S[ 7] ^= SHA3.toLane64(message, rr, 88) - SHA3.S[12] ^= SHA3.toLane64(message, rr, 96) - SHA3.S[17] ^= SHA3.toLane64(message, rr, 104) - SHA3.S[22] ^= SHA3.toLane64(message, rr, 112) - SHA3.S[ 3] ^= SHA3.toLane64(message, rr, 120) - SHA3.S[ 8] ^= SHA3.toLane64(message, rr, 128) - SHA3.S[13] ^= SHA3.toLane64(message, rr, 136) - SHA3.S[18] ^= SHA3.toLane64(message, rr, 144) - SHA3.S[23] ^= SHA3.toLane64(message, rr, 152) - SHA3.S[ 4] ^= SHA3.toLane64(message, rr, 160) - SHA3.S[ 9] ^= SHA3.toLane64(message, rr, 168) - SHA3.S[14] ^= SHA3.toLane64(message, rr, 176) - SHA3.S[19] ^= SHA3.toLane64(message, rr, 184) - SHA3.S[24] ^= SHA3.toLane64(message, rr, 192) - SHA3.keccakF(SHA3.S) - message = message[rr:] - else: - for i in range(0, nnn, rr): - SHA3.S[ 0] ^= SHA3.toLane(message, rr, ww, 0) - SHA3.S[ 5] ^= SHA3.toLane(message, rr, ww, ww) - SHA3.S[10] ^= SHA3.toLane(message, rr, ww, 2 * ww) - SHA3.S[15] ^= SHA3.toLane(message, rr, ww, 3 * ww) - SHA3.S[20] ^= SHA3.toLane(message, rr, ww, 4 * ww) - SHA3.S[ 1] ^= SHA3.toLane(message, rr, ww, 5 * ww) - SHA3.S[ 6] ^= SHA3.toLane(message, rr, ww, 6 * ww) - SHA3.S[11] ^= SHA3.toLane(message, rr, ww, 7 * ww) - SHA3.S[16] ^= SHA3.toLane(message, rr, ww, 8 * ww) - SHA3.S[21] ^= SHA3.toLane(message, rr, ww, 9 * ww) - SHA3.S[ 2] ^= SHA3.toLane(message, rr, ww, 10 * ww) - SHA3.S[ 7] ^= SHA3.toLane(message, rr, ww, 11 * ww) - SHA3.S[12] ^= SHA3.toLane(message, rr, ww, 12 * ww) - SHA3.S[17] ^= SHA3.toLane(message, rr, ww, 13 * ww) - SHA3.S[22] ^= SHA3.toLane(message, rr, ww, 14 * ww) - SHA3.S[ 3] ^= SHA3.toLane(message, rr, ww, 15 * ww) - SHA3.S[ 8] ^= SHA3.toLane(message, rr, ww, 16 * ww) - SHA3.S[13] ^= SHA3.toLane(message, rr, ww, 17 * ww) - SHA3.S[18] ^= SHA3.toLane(message, rr, ww, 18 * ww) - SHA3.S[23] ^= SHA3.toLane(message, rr, ww, 19 * ww) - SHA3.S[ 4] ^= SHA3.toLane(message, rr, ww, 20 * ww) - SHA3.S[ 9] ^= SHA3.toLane(message, rr, ww, 21 * ww) - SHA3.S[14] ^= SHA3.toLane(message, rr, ww, 22 * ww) - SHA3.S[19] ^= SHA3.toLane(message, rr, ww, 23 * ww) - SHA3.S[24] ^= SHA3.toLane(message, rr, ww, 24 * ww) - message = message[rr:] - SHA3.keccakF(SHA3.S) - - # Squeezing phase - olen = SHA3.n - j = 0 - ni = min(25, rr) - while (olen > 0): - i = 0 - while (i < ni) and (j < nn): - v = SHA3.S[(i % 5) * 5 + i // 5] - for _ in range(ww): - if (j < nn): - rc[ptr] = v & 255 - ptr += 1 - v >>= 8 - j += 1 - i += 1 - olen -= SHA3.r - if olen > 0: - SHA3.keccakF(S) - - return bytes(rc) - - - -if __name__ == '__main__': - cmd = sys.argv[0] - args = sys.argv[1:] - if '/' in cmd: - cmd = cmd[cmd.rfind('/') + 1:] - if cmd.endswith('.py'): - cmd = cmd[:-3] - - o = 512 # --outputsize - if cmd == 'sha3-224sum': o = 224 - elif cmd == 'sha3-256sum': o = 256 - elif cmd == 'sha3-384sum': o = 384 - elif cmd == 'sha3-512sum': o = 512 - s = 1600 # --statesize - r = s - (o << 1) # --bitrate - c = s - r # --capacity - w = s // 25 # --wordsize - i = 1 # --iterations - binary = False - - (_r, _c, _w, _o, _s, _i) = (r, c, w, o, s, i) - - files = [] - dashed = False - linger = None - - for arg in args + [None]: - if linger is not None: - if linger[0] in ('-h', '--help'): - sys.stderr.buffer.write((''' -SHA-3/Keccak checksum calculator - -USAGE: sha3sum [option...] < file - sha3sum [option...] file... - - -OPTIONS: - -r BITRATE - --bitrate The bitrate to use for SHA-3. (default: %d) - - -c CAPACITY - --capacity The capacity to use for SHA-3. (default: %d) - - -w WORDSIZE - --wordsize The word size to use for SHA-3. (default: %d) - - -o OUTPUTSIZE - --outputsize The output size to use for SHA-3. (default: %d) - - -s STATESIZE - --statesize The state size to use for SHA-3. (default: %d) - - -i ITERATIONS - --iterations The number of hash iterations to run. (default: %d) - - -b - --binary Print the checksum in binary, rather than hexadecimal. - - -COPYRIGHT: - -Copyright © 2013 Mattias Andrée (maandree@member.fsf.org) - -This program is free software: you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation, either version 3 of the License, or -(at your option) any later version. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program. If not, see . - -''' % (_r, _c, _w, _o, _s, _i)).encode('utf-8')) - sys.stderr.buffer.flush() - exit(2) - else: - if linger[1] is None: - linger[1] = arg - arg = None - if linger[0] in ('-r', '--bitrate'): - r = int(linger[1]) - o = (s - r) >> 1 - elif linger[0] in ('-c', '--capacity'): - c = int(linger[1]) - r = s - c - elif linger[0] in ('-w', '--wordsize'): - w = int(linger[1]) - s = w * 25 - elif linger[0] in ('-o', '--outputsize'): - o = int(linger[1]) - r = s - (o << 1) - elif linger[0] in ('-s', '--statesize'): - s = int(linger[1]) - r = s - (o << 1) - elif linger[0] in ('-i', '--iterations'): - i = int(linger[1]) - else: - sys.stderr.buffer.write((sys.argv[0] + ': unrecognised option: ' + linger[0] + '\n').encode('utf-8')) - sys.stdout.buffer.flush() - exit(1) - linger = None - if arg is None: - continue - if arg is None: - continue - if dashed: - files.append(None if arg == '-' else arg) - elif arg == '--': - dashed = True - elif arg == '-': - files.append(None) - elif arg.startswith('--'): - if '=' in arg: - linger = (arg[:arg.find('=')], arg[arg.find('=') + 1:]) - else: - if arg == '--binary': - binary = True - else: - linger = [arg, None] - elif arg.startswith('-'): - arg = arg[1:] - if arg[0] == 'b': - binary = True - arg = arg[1:] - elif len(arg) == 1: - linger = ['-' + arg, None] - else: - linger = ['-' + arg[0], arg[1:]] - else: - files.append(arg) - - if len(files) == 0: - files.append(None) - if i < 1: - sys.stdout.buffer.write((sys.argv[0] + ': sorry, I will only do at least one iteration!\n').encode('utf-8')) - sys.stdout.buffer.flush() - exit(3) - stdin = None - for filename in files: - if (filename is None) and (stdin is not None): - print(stdin) - continue - rc = '' - fn = '/dev/stdin' if filename is None else filename - with open(fn, 'rb') as file: - SHA3.initialise(r, c, o) - blksize = os.stat(os.path.realpath(fn)).st_size - while True: - chunk = file.read(blksize) - if len(chunk) == 0: - break - SHA3.update(chunk) - bs = SHA3.digest(file.read()) - for _ in range(1, i): - SHA3.initialise(r, c, o) - bs = SHA3.digest(bs) - if binary: - if filename is None: - stdin = bs - sys.stdout.buffer.write(bs) - sys.stdout.buffer.flush() - else: - for b in bs: - rc += "0123456789ABCDEF"[b >> 4] - rc += "0123456789ABCDEF"[b & 15] - rc += ' ' + ('-' if filename is None else filename) + '\n' - if filename is None: - stdin = rc - sys.stdout.buffer.write(rc.encode('UTF-8')) - sys.stdout.buffer.flush() - - -- cgit v1.2.3-70-g09d2