관리-도구
편집 파일: KangarooTwelve.py
# =================================================================== # # Copyright (c) 2021, Legrandin <helderijs@gmail.com> # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS # FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE # COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN # ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # =================================================================== from Crypto.Util._raw_api import (VoidPointer, SmartPointer, create_string_buffer, get_raw_buffer, c_size_t, c_uint8_ptr, c_ubyte) from Crypto.Util.number import long_to_bytes from Crypto.Util.py3compat import bchr from .keccak import _raw_keccak_lib def _length_encode(x): if x == 0: return b'\x00' S = long_to_bytes(x) return S + bchr(len(S)) # Possible states for a KangarooTwelve instance, which depend on the amount of data processed so far. SHORT_MSG = 1 # Still within the first 8192 bytes, but it is not certain we will exceed them. LONG_MSG_S0 = 2 # Still within the first 8192 bytes, and it is certain we will exceed them. LONG_MSG_SX = 3 # Beyond the first 8192 bytes. SQUEEZING = 4 # No more data to process. class K12_XOF(object): """A KangarooTwelve hash object. Do not instantiate directly. Use the :func:`new` function. """ def __init__(self, data, custom): if custom == None: custom = b'' self._custom = custom + _length_encode(len(custom)) self._state = SHORT_MSG self._padding = None # Final padding is only decided in read() # Internal hash that consumes FinalNode self._hash1 = self._create_keccak() self._length1 = 0 # Internal hash that produces CV_i (reset each time) self._hash2 = None self._length2 = 0 # Incremented by one for each 8192-byte block self._ctr = 0 if data: self.update(data) def _create_keccak(self): state = VoidPointer() result = _raw_keccak_lib.keccak_init(state.address_of(), c_size_t(32), # 32 bytes of capacity (256 bits) c_ubyte(12)) # Reduced number of rounds if result: raise ValueError("Error %d while instantiating KangarooTwelve" % result) return SmartPointer(state.get(), _raw_keccak_lib.keccak_destroy) def _update(self, data, hash_obj): result = _raw_keccak_lib.keccak_absorb(hash_obj.get(), c_uint8_ptr(data), c_size_t(len(data))) if result: raise ValueError("Error %d while updating KangarooTwelve state" % result) def _squeeze(self, hash_obj, length, padding): bfr = create_string_buffer(length) result = _raw_keccak_lib.keccak_squeeze(hash_obj.get(), bfr, c_size_t(length), c_ubyte(padding)) if result: raise ValueError("Error %d while extracting from KangarooTwelve" % result) return get_raw_buffer(bfr) def _reset(self, hash_obj): result = _raw_keccak_lib.keccak_reset(hash_obj.get()) if result: raise ValueError("Error %d while resetting KangarooTwelve state" % result) def update(self, data): """Hash the next piece of data. .. note:: For better performance, submit chunks with a length multiple of 8192 bytes. Args: data (byte string/byte array/memoryview): The next chunk of the message to hash. """ if self._state == SQUEEZING: raise TypeError("You cannot call 'update' after the first 'read'") if self._state == SHORT_MSG: next_length = self._length1 + len(data) if next_length + len(self._custom) <= 8192: self._length1 = next_length self._update(data, self._hash1) return self # Switch to tree hashing self._state = LONG_MSG_S0 if self._state == LONG_MSG_S0: data_mem = memoryview(data) assert(self._length1 < 8192) dtc = min(len(data), 8192 - self._length1) self._update(data_mem[:dtc], self._hash1) self._length1 += dtc if self._length1 < 8192: return self # Finish hashing S_0 and start S_1 assert(self._length1 == 8192) divider = b'\x03' + b'\x00' * 7 self._update(divider, self._hash1) self._length1 += 8 self._hash2 = self._create_keccak() self._length2 = 0 self._ctr = 1 self._state = LONG_MSG_SX return self.update(data_mem[dtc:]) # LONG_MSG_SX assert(self._state == LONG_MSG_SX) index = 0 len_data = len(data) # All iteractions could actually run in parallel data_mem = memoryview(data) while index < len_data: new_index = min(index + 8192 - self._length2, len_data) self._update(data_mem[index:new_index], self._hash2) self._length2 += new_index - index index = new_index if self._length2 == 8192: cv_i = self._squeeze(self._hash2, 32, 0x0B) self._update(cv_i, self._hash1) self._length1 += 32 self._reset(self._hash2) self._length2 = 0 self._ctr += 1 return self def read(self, length): """ Produce more bytes of the digest. .. note:: You cannot use :meth:`update` anymore after the first call to :meth:`read`. Args: length (integer): the amount of bytes this method must return :return: the next piece of XOF output (of the given length) :rtype: byte string """ custom_was_consumed = False if self._state == SHORT_MSG: self._update(self._custom, self._hash1) self._padding = 0x07 self._state = SQUEEZING if self._state == LONG_MSG_S0: self.update(self._custom) custom_was_consumed = True assert(self._state == LONG_MSG_SX) if self._state == LONG_MSG_SX: if not custom_was_consumed: self.update(self._custom) # Is there still some leftover data in hash2? if self._length2 > 0: cv_i = self._squeeze(self._hash2, 32, 0x0B) self._update(cv_i, self._hash1) self._length1 += 32 self._reset(self._hash2) self._length2 = 0 self._ctr += 1 trailer = _length_encode(self._ctr - 1) + b'\xFF\xFF' self._update(trailer, self._hash1) self._padding = 0x06 self._state = SQUEEZING return self._squeeze(self._hash1, length, self._padding) def new(self, data=None, custom=b''): return type(self)(data, custom) def new(data=None, custom=None): """Return a fresh instance of a KangarooTwelve object. Args: data (bytes/bytearray/memoryview): Optional. The very first chunk of the message to hash. It is equivalent to an early call to :meth:`update`. custom (bytes): Optional. A customization byte string. :Return: A :class:`K12_XOF` object """ return K12_XOF(data, custom)