arnaucube
/
derosuite
mirror of https://github.com/arnaucube/derosuite.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
68 MiB
Tree: a390b5e235
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a390b5e235'
${ noResults }
derosuite/cryptonight/keccak.go

334 lines
6.6 KiB
Raw Normal View History

Status update release 1
6 years ago
  1. // Package keccak implements the Keccak (SHA-3) hash algorithm.
  2. // http://keccak.noekeon.org / FIPS 202 draft.
  3. package cryptonight
  5. // import "fmt"
  6. import "hash"
  10. const (
  11. domainNone = 1
  12. domainSHA3 = 0x06
  13. domainSHAKE = 0x1f
  14. )
  16. const rounds = 24
  18. var roundConstants = []uint64{
  19. 0x0000000000000001, 0x0000000000008082,
  20. 0x800000000000808A, 0x8000000080008000,
  21. 0x000000000000808B, 0x0000000080000001,
  22. 0x8000000080008081, 0x8000000000008009,
  23. 0x000000000000008A, 0x0000000000000088,
  24. 0x0000000080008009, 0x000000008000000A,
  25. 0x000000008000808B, 0x800000000000008B,
  26. 0x8000000000008089, 0x8000000000008003,
  27. 0x8000000000008002, 0x8000000000000080,
  28. 0x000000000000800A, 0x800000008000000A,
  29. 0x8000000080008081, 0x8000000000008080,
  30. 0x0000000080000001, 0x8000000080008008,
  31. }
  33. type keccak struct {
  34. S [25]uint64
  35. size int
  36. blockSize int
  37. buf []byte
  38. domain byte
  39. }
  41. func newKeccak(capacity, output int, domain byte) hash.Hash {
  42. var h keccak
  43. h.size = output / 8
  44. h.blockSize = (200 - capacity/8)
  45. h.domain = domain
  46. return &h
  47. }
  49. func New224() hash.Hash {
  50. return newKeccak(224*2, 224, domainNone)
  51. }
  53. func New256() hash.Hash {
  54. return newKeccak(256*2, 256, domainNone)
  55. }
  57. func New384() hash.Hash {
  58. return newKeccak(384*2, 384, domainNone)
  59. }
  61. func New512() hash.Hash {
  62. return newKeccak(512*2, 512, domainNone)
  63. }
  65. func (k *keccak) Write(b []byte) (int, error) {
  66. n := len(b)
  68. if len(k.buf) > 0 {
  69. x := k.blockSize - len(k.buf)
  70. if x > len(b) {
  71. x = len(b)
  72. }
  73. k.buf = append(k.buf, b[:x]...)
  74. b = b[x:]
  76. if len(k.buf) < k.blockSize {
  77. return n, nil
  78. }
  80. k.absorb(k.buf)
  81. k.buf = nil
  82. }
  84. for len(b) >= k.blockSize {
  85. k.absorb(b[:k.blockSize])
  86. b = b[k.blockSize:]
  87. }
  89. k.buf = b
  91. return n, nil
  92. }
  94. func (k0 *keccak) Sum(b []byte) []byte {
  95. k := *k0
  96. k.final()
  97. return k.squeeze(b)
  98. }
  100. func (k *keccak) Reset() {
  101. for i := range k.S {
  102. k.S[i] = 0
  103. }
  104. k.buf = nil
  105. }
  107. func (k *keccak) Size() int {
  108. return k.size
  109. }
  111. func (k *keccak) BlockSize() int {
  112. return k.blockSize
  113. }
  115. func (k *keccak) absorb(block []byte) {
  116. if len(block) != k.blockSize {
  117. panic("absorb() called with invalid block size")
  118. }
  120. for i := 0; i < k.blockSize/8; i++ {
  121. k.S[i] ^= uint64le(block[i*8:])
  122. }
  123. keccakf(&k.S)
  124. }
  126. func (k *keccak) pad(block []byte) []byte {
  128. padded := make([]byte, k.blockSize)
  130. copy(padded, k.buf)
  131. padded[len(k.buf)] = k.domain
  132. padded[len(padded)-1] |= 0x80
  134. return padded
  135. }
  137. func (k *keccak) final() {
  138. last := k.pad(k.buf)
  139. k.absorb(last)
  140. }
  142. func (k *keccak) squeeze(b []byte) []byte {
  143. buf := make([]byte, 8*len(k.S))
  144. n := k.size
  145. for {
  146. for i := range k.S {
  147. putUint64le(buf[i*8:], k.S[i])
  148. }
  149. if n <= k.blockSize {
  150. b = append(b, buf[:n]...)
  151. break
  152. }
  153. b = append(b, buf[:k.blockSize]...)
  154. n -= k.blockSize
  155. keccakf(&k.S)
  156. }
  157. return b
  158. }
  160. func keccakf(S *[25]uint64) {
  161. var bc0, bc1, bc2, bc3, bc4 uint64
  162. var S0, S1, S2, S3, S4 uint64
  163. var S5, S6, S7, S8, S9 uint64
  164. var S10, S11, S12, S13, S14 uint64
  165. var S15, S16, S17, S18, S19 uint64
  166. var S20, S21, S22, S23, S24 uint64
  167. var tmp uint64
  169. //S[0]=0x2073692073696854;
  170. //S[1]=0x1747365742061
  171. // S[16]=0x8000000000000000;
  173. /* for i :=0; i< 25;i++{
  174. fmt.Printf("%2d %X\n", i, S[i])
  175. }
  176. */
  178. S0, S1, S2, S3, S4 = S[0], S[1], S[2], S[3], S[4]
  179. S5, S6, S7, S8, S9 = S[5], S[6], S[7], S[8], S[9]
  180. S10, S11, S12, S13, S14 = S[10], S[11], S[12], S[13], S[14]
  181. S15, S16, S17, S18, S19 = S[15], S[16], S[17], S[18], S[19]
  182. S20, S21, S22, S23, S24 = S[20], S[21], S[22], S[23], S[24]
  184. for r := 0; r < rounds; r++ {
  185. // theta
  186. bc0 = S0 ^ S5 ^ S10 ^ S15 ^ S20
  187. bc1 = S1 ^ S6 ^ S11 ^ S16 ^ S21
  188. bc2 = S2 ^ S7 ^ S12 ^ S17 ^ S22
  189. bc3 = S3 ^ S8 ^ S13 ^ S18 ^ S23
  190. bc4 = S4 ^ S9 ^ S14 ^ S19 ^ S24
  191. tmp = bc4 ^ (bc1<<1 | bc1>>(64-1))
  192. S0 ^= tmp
  193. S5 ^= tmp
  194. S10 ^= tmp
  195. S15 ^= tmp
  196. S20 ^= tmp
  197. tmp = bc0 ^ (bc2<<1 | bc2>>(64-1))
  198. S1 ^= tmp
  199. S6 ^= tmp
  200. S11 ^= tmp
  201. S16 ^= tmp
  202. S21 ^= tmp
  203. tmp = bc1 ^ (bc3<<1 | bc3>>(64-1))
  204. S2 ^= tmp
  205. S7 ^= tmp
  206. S12 ^= tmp
  207. S17 ^= tmp
  208. S22 ^= tmp
  209. tmp = bc2 ^ (bc4<<1 | bc4>>(64-1))
  210. S3 ^= tmp
  211. S8 ^= tmp
  212. S13 ^= tmp
  213. S18 ^= tmp
  214. S23 ^= tmp
  215. tmp = bc3 ^ (bc0<<1 | bc0>>(64-1))
  216. S4 ^= tmp
  217. S9 ^= tmp
  218. S14 ^= tmp
  219. S19 ^= tmp
  220. S24 ^= tmp
  222. // rho phi
  223. tmp = S1
  224. tmp, S10 = S10, tmp<<1|tmp>>(64-1)
  225. tmp, S7 = S7, tmp<<3|tmp>>(64-3)
  226. tmp, S11 = S11, tmp<<6|tmp>>(64-6)
  227. tmp, S17 = S17, tmp<<10|tmp>>(64-10)
  228. tmp, S18 = S18, tmp<<15|tmp>>(64-15)
  229. tmp, S3 = S3, tmp<<21|tmp>>(64-21)
  230. tmp, S5 = S5, tmp<<28|tmp>>(64-28)
  231. tmp, S16 = S16, tmp<<36|tmp>>(64-36)
  232. tmp, S8 = S8, tmp<<45|tmp>>(64-45)
  233. tmp, S21 = S21, tmp<<55|tmp>>(64-55)
  234. tmp, S24 = S24, tmp<<2|tmp>>(64-2)
  235. tmp, S4 = S4, tmp<<14|tmp>>(64-14)
  236. tmp, S15 = S15, tmp<<27|tmp>>(64-27)
  237. tmp, S23 = S23, tmp<<41|tmp>>(64-41)
  238. tmp, S19 = S19, tmp<<56|tmp>>(64-56)
  239. tmp, S13 = S13, tmp<<8|tmp>>(64-8)
  240. tmp, S12 = S12, tmp<<25|tmp>>(64-25)
  241. tmp, S2 = S2, tmp<<43|tmp>>(64-43)
  242. tmp, S20 = S20, tmp<<62|tmp>>(64-62)
  243. tmp, S14 = S14, tmp<<18|tmp>>(64-18)
  244. tmp, S22 = S22, tmp<<39|tmp>>(64-39)
  245. tmp, S9 = S9, tmp<<61|tmp>>(64-61)
  246. tmp, S6 = S6, tmp<<20|tmp>>(64-20)
  247. S1 = tmp<<44 | tmp>>(64-44)
  249. // chi
  250. bc0 = S0
  251. bc1 = S1
  252. bc2 = S2
  253. bc3 = S3
  254. bc4 = S4
  255. S0 ^= (^bc1) & bc2
  256. S1 ^= (^bc2) & bc3
  257. S2 ^= (^bc3) & bc4
  258. S3 ^= (^bc4) & bc0
  259. S4 ^= (^bc0) & bc1
  260. bc0 = S5
  261. bc1 = S6
  262. bc2 = S7
  263. bc3 = S8
  264. bc4 = S9
  265. S5 ^= (^bc1) & bc2
  266. S6 ^= (^bc2) & bc3
  267. S7 ^= (^bc3) & bc4
  268. S8 ^= (^bc4) & bc0
  269. S9 ^= (^bc0) & bc1
  270. bc0 = S10
  271. bc1 = S11
  272. bc2 = S12
  273. bc3 = S13
  274. bc4 = S14
  275. S10 ^= (^bc1) & bc2
  276. S11 ^= (^bc2) & bc3
  277. S12 ^= (^bc3) & bc4
  278. S13 ^= (^bc4) & bc0
  279. S14 ^= (^bc0) & bc1
  280. bc0 = S15
  281. bc1 = S16
  282. bc2 = S17
  283. bc3 = S18
  284. bc4 = S19
  285. S15 ^= (^bc1) & bc2
  286. S16 ^= (^bc2) & bc3
  287. S17 ^= (^bc3) & bc4
  288. S18 ^= (^bc4) & bc0
  289. S19 ^= (^bc0) & bc1
  290. bc0 = S20
  291. bc1 = S21
  292. bc2 = S22
  293. bc3 = S23
  294. bc4 = S24
  295. S20 ^= (^bc1) & bc2
  296. S21 ^= (^bc2) & bc3
  297. S22 ^= (^bc3) & bc4
  298. S23 ^= (^bc4) & bc0
  299. S24 ^= (^bc0) & bc1
  301. // iota
  302. S0 ^= roundConstants[r]
  303. }
  305. S[0], S[1], S[2], S[3], S[4] = S0, S1, S2, S3, S4
  306. S[5], S[6], S[7], S[8], S[9] = S5, S6, S7, S8, S9
  307. S[10], S[11], S[12], S[13], S[14] = S10, S11, S12, S13, S14
  308. S[15], S[16], S[17], S[18], S[19] = S15, S16, S17, S18, S19
  309. S[20], S[21], S[22], S[23], S[24] = S20, S21, S22, S23, S24
  311. }
  313. func uint64le(v []byte) uint64 {
  314. return uint64(v[0]) |
  315. uint64(v[1])<<8 |
  316. uint64(v[2])<<16 |
  317. uint64(v[3])<<24 |
  318. uint64(v[4])<<32 |
  319. uint64(v[5])<<40 |
  320. uint64(v[6])<<48 |
  321. uint64(v[7])<<56
  323. }
  325. func putUint64le(v []byte, x uint64) {
  326. v[0] = byte(x)
  327. v[1] = byte(x >> 8)
  328. v[2] = byte(x >> 16)
  329. v[3] = byte(x >> 24)
  330. v[4] = byte(x >> 32)
  331. v[5] = byte(x >> 40)
  332. v[6] = byte(x >> 48)
  333. v[7] = byte(x >> 56)
  334. }