mirror of https://github.com/xiaoqidun/ihash.git
307 changed files with 214137 additions and 0 deletions
-
1.gitignore
-
8README.md
-
5go.mod
-
8go.sum
-
237ihash.go
-
3vendor/golang.org/x/crypto/AUTHORS
-
3vendor/golang.org/x/crypto/CONTRIBUTORS
-
27vendor/golang.org/x/crypto/LICENSE
-
22vendor/golang.org/x/crypto/PATENTS
-
66vendor/golang.org/x/crypto/sha3/doc.go
-
97vendor/golang.org/x/crypto/sha3/hashes.go
-
27vendor/golang.org/x/crypto/sha3/hashes_generic.go
-
412vendor/golang.org/x/crypto/sha3/keccakf.go
-
13vendor/golang.org/x/crypto/sha3/keccakf_amd64.go
-
390vendor/golang.org/x/crypto/sha3/keccakf_amd64.s
-
18vendor/golang.org/x/crypto/sha3/register.go
-
193vendor/golang.org/x/crypto/sha3/sha3.go
-
284vendor/golang.org/x/crypto/sha3/sha3_s390x.go
-
33vendor/golang.org/x/crypto/sha3/sha3_s390x.s
-
173vendor/golang.org/x/crypto/sha3/shake.go
-
19vendor/golang.org/x/crypto/sha3/shake_generic.go
-
23vendor/golang.org/x/crypto/sha3/xor.go
-
28vendor/golang.org/x/crypto/sha3/xor_generic.go
-
76vendor/golang.org/x/crypto/sha3/xor_unaligned.go
-
3vendor/golang.org/x/sys/AUTHORS
-
3vendor/golang.org/x/sys/CONTRIBUTORS
-
27vendor/golang.org/x/sys/LICENSE
-
22vendor/golang.org/x/sys/PATENTS
-
30vendor/golang.org/x/sys/cpu/byteorder.go
-
126vendor/golang.org/x/sys/cpu/cpu.go
-
30vendor/golang.org/x/sys/cpu/cpu_aix_ppc64.go
-
9vendor/golang.org/x/sys/cpu/cpu_arm.go
-
21vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
-
16vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
-
43vendor/golang.org/x/sys/cpu/cpu_gccgo.c
-
26vendor/golang.org/x/sys/cpu/cpu_gccgo.go
-
22vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go
-
59vendor/golang.org/x/sys/cpu/cpu_linux.go
-
67vendor/golang.org/x/sys/cpu/cpu_linux_arm64.go
-
33vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go
-
161vendor/golang.org/x/sys/cpu/cpu_linux_s390x.go
-
11vendor/golang.org/x/sys/cpu/cpu_mips64x.go
-
11vendor/golang.org/x/sys/cpu/cpu_mipsx.go
-
11vendor/golang.org/x/sys/cpu/cpu_other_arm64.go
-
57vendor/golang.org/x/sys/cpu/cpu_s390x.s
-
15vendor/golang.org/x/sys/cpu/cpu_wasm.go
-
59vendor/golang.org/x/sys/cpu/cpu_x86.go
-
27vendor/golang.org/x/sys/cpu/cpu_x86.s
-
2vendor/golang.org/x/sys/unix/.gitignore
-
173vendor/golang.org/x/sys/unix/README.md
-
124vendor/golang.org/x/sys/unix/affinity_linux.go
-
14vendor/golang.org/x/sys/unix/aliases.go
-
17vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
-
29vendor/golang.org/x/sys/unix/asm_darwin_386.s
-
29vendor/golang.org/x/sys/unix/asm_darwin_amd64.s
-
30vendor/golang.org/x/sys/unix/asm_darwin_arm.s
-
30vendor/golang.org/x/sys/unix/asm_darwin_arm64.s
-
29vendor/golang.org/x/sys/unix/asm_dragonfly_amd64.s
-
29vendor/golang.org/x/sys/unix/asm_freebsd_386.s
-
29vendor/golang.org/x/sys/unix/asm_freebsd_amd64.s
-
29vendor/golang.org/x/sys/unix/asm_freebsd_arm.s
-
29vendor/golang.org/x/sys/unix/asm_freebsd_arm64.s
-
65vendor/golang.org/x/sys/unix/asm_linux_386.s
-
57vendor/golang.org/x/sys/unix/asm_linux_amd64.s
-
56vendor/golang.org/x/sys/unix/asm_linux_arm.s
-
52vendor/golang.org/x/sys/unix/asm_linux_arm64.s
-
56vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
-
54vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
-
44vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
-
56vendor/golang.org/x/sys/unix/asm_linux_s390x.s
-
29vendor/golang.org/x/sys/unix/asm_netbsd_386.s
-
29vendor/golang.org/x/sys/unix/asm_netbsd_amd64.s
-
29vendor/golang.org/x/sys/unix/asm_netbsd_arm.s
-
29vendor/golang.org/x/sys/unix/asm_netbsd_arm64.s
-
29vendor/golang.org/x/sys/unix/asm_openbsd_386.s
-
29vendor/golang.org/x/sys/unix/asm_openbsd_amd64.s
-
29vendor/golang.org/x/sys/unix/asm_openbsd_arm.s
-
17vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
-
35vendor/golang.org/x/sys/unix/bluetooth_linux.go
-
195vendor/golang.org/x/sys/unix/cap_freebsd.go
-
13vendor/golang.org/x/sys/unix/constants.go
-
27vendor/golang.org/x/sys/unix/dev_aix_ppc.go
-
29vendor/golang.org/x/sys/unix/dev_aix_ppc64.go
-
24vendor/golang.org/x/sys/unix/dev_darwin.go
-
30vendor/golang.org/x/sys/unix/dev_dragonfly.go
-
30vendor/golang.org/x/sys/unix/dev_freebsd.go
-
42vendor/golang.org/x/sys/unix/dev_linux.go
-
29vendor/golang.org/x/sys/unix/dev_netbsd.go
-
29vendor/golang.org/x/sys/unix/dev_openbsd.go
-
17vendor/golang.org/x/sys/unix/dirent.go
-
9vendor/golang.org/x/sys/unix/endian_big.go
-
9vendor/golang.org/x/sys/unix/endian_little.go
-
31vendor/golang.org/x/sys/unix/env_unix.go
-
227vendor/golang.org/x/sys/unix/errors_freebsd_386.go
-
227vendor/golang.org/x/sys/unix/errors_freebsd_amd64.go
-
226vendor/golang.org/x/sys/unix/errors_freebsd_arm.go
-
32vendor/golang.org/x/sys/unix/fcntl.go
-
18vendor/golang.org/x/sys/unix/fcntl_darwin.go
-
13vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
-
62vendor/golang.org/x/sys/unix/gccgo.go
@ -0,0 +1 @@ |
|||
.idea/ |
@ -1,2 +1,10 @@ |
|||
# ihash |
|||
命令行,带进度,支持通配符的hash校验工具 |
|||
# 快速安装 |
|||
go get -u github.com/xiaoqidun/ihash |
|||
# 编译安装 |
|||
``` |
|||
git clone https://github.com/xiaoqidun/ihash.git |
|||
cd ihash |
|||
go build ihash.go |
|||
``` |
@ -0,0 +1,5 @@ |
|||
module ihash |
|||
|
|||
go 1.14 |
|||
|
|||
require golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de |
@ -0,0 +1,8 @@ |
|||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= |
|||
golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig= |
|||
golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= |
|||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= |
|||
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= |
|||
golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI= |
|||
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= |
|||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= |
@ -0,0 +1,237 @@ |
|||
package main |
|||
|
|||
import ( |
|||
"bytes" |
|||
"crypto/md5" |
|||
"crypto/sha1" |
|||
"crypto/sha256" |
|||
"crypto/sha512" |
|||
"flag" |
|||
"fmt" |
|||
"golang.org/x/crypto/sha3" |
|||
"hash" |
|||
"io/ioutil" |
|||
"os" |
|||
"path/filepath" |
|||
"runtime" |
|||
"sort" |
|||
"strings" |
|||
) |
|||
|
|||
var ( |
|||
args []string |
|||
author bool |
|||
install string |
|||
) |
|||
|
|||
var typeList = []string{ |
|||
"md5sum", |
|||
"sha1sum", |
|||
"sha256sum", |
|||
"sha512sum", |
|||
"sha3sum224", |
|||
"sha3sum256", |
|||
"sha3sum384", |
|||
"sha3sum512", |
|||
} |
|||
|
|||
func init() { |
|||
flag.BoolVar(&author, "author", false, "") |
|||
flag.StringVar(&install, "install", "", "") |
|||
flag.Parse() |
|||
args = flag.Args() |
|||
} |
|||
|
|||
func main() { |
|||
if author { |
|||
AuthorInformation() |
|||
return |
|||
} |
|||
if "" != install { |
|||
InstallShortcut(install) |
|||
return |
|||
} |
|||
fileName := GetFileName() |
|||
hashIndex := InArray(fileName, typeList) |
|||
if -1 == hashIndex { |
|||
if 0 == len(args) { |
|||
return |
|||
} |
|||
hashType := args[0] |
|||
hashIndex = InArray(hashType, typeList) |
|||
if -1 == hashIndex { |
|||
return |
|||
} |
|||
args = args[1:] |
|||
} |
|||
if 0 == len(args) { |
|||
stdinBytes, _ := ioutil.ReadAll(os.Stdin) |
|||
fmt.Println(StrHash(typeList[hashIndex], bytes.TrimSpace(stdinBytes))) |
|||
return |
|||
} |
|||
hashFileList := GetFileList(args) |
|||
for _, hashFile := range hashFileList { |
|||
FileHash(typeList[hashIndex], hashFile) |
|||
} |
|||
} |
|||
|
|||
func InArray(value interface{}, array interface{}) int { |
|||
switch array.(type) { |
|||
case []string: |
|||
for k, v := range array.([]string) { |
|||
if v == value.(string) { |
|||
return k |
|||
} |
|||
} |
|||
} |
|||
return -1 |
|||
} |
|||
|
|||
func StrHash(hashType string, hashData []byte) string { |
|||
var sum interface{} |
|||
switch hashType { |
|||
case "md5sum": |
|||
sum = md5.Sum(hashData) |
|||
case "sha1sum": |
|||
sum = sha1.Sum(hashData) |
|||
case "sha256sum": |
|||
sum = sha256.Sum256(hashData) |
|||
case "sha512sum": |
|||
sum = sha512.Sum512(hashData) |
|||
case "sha3sum224": |
|||
sum = sha3.Sum224(hashData) |
|||
case "sha3sum256": |
|||
sum = sha3.Sum256(hashData) |
|||
case "sha3sum384": |
|||
sum = sha3.Sum384(hashData) |
|||
case "sha3sum512": |
|||
sum = sha3.Sum512(hashData) |
|||
} |
|||
return fmt.Sprintf("%x", sum) |
|||
} |
|||
|
|||
func FileHash(hashType string, hashFile string) { |
|||
msg := "progress:%.2f%% filename:%s\r" |
|||
success := "%x %s\n" |
|||
fileOpen, err := os.Open(hashFile) |
|||
if err != nil { |
|||
return |
|||
} |
|||
defer func() { |
|||
_ = fileOpen.Close() |
|||
}() |
|||
fileStat, err := fileOpen.Stat() |
|||
if err != nil || fileStat.IsDir() { |
|||
return |
|||
} |
|||
fileSize := fileStat.Size() |
|||
readSize := 0 |
|||
readBytes := make([]byte, 8192) |
|||
var hashHandle interface{} |
|||
switch hashType { |
|||
case "md5sum": |
|||
hashHandle = md5.New() |
|||
case "sha1sum": |
|||
hashHandle = sha1.New() |
|||
case "sha256sum": |
|||
hashHandle = sha256.New() |
|||
case "sha512sum": |
|||
hashHandle = sha512.New() |
|||
case "sha3sum224": |
|||
hashHandle = sha3.New224() |
|||
case "sha3sum256": |
|||
hashHandle = sha3.New256() |
|||
case "sha3sum384": |
|||
hashHandle = sha3.New384() |
|||
case "sha3sum512": |
|||
hashHandle = sha3.New512() |
|||
} |
|||
printLength := 0 |
|||
for { |
|||
n, err := fileOpen.Read(readBytes) |
|||
if err != nil { |
|||
break |
|||
} |
|||
readSize += n |
|||
hashHandle.(hash.Hash).Write(readBytes[:n]) |
|||
if 0 == readSize%67108864 { |
|||
printMsg := fmt.Sprintf(msg, float64(readSize)/float64(fileSize)*100, fileStat.Name()) |
|||
printMsgLength := len(printMsg) |
|||
if printLength > printMsgLength { |
|||
printMsg += strings.Repeat(" ", printLength-printMsgLength) |
|||
} |
|||
fmt.Print(printMsg) |
|||
_ = os.Stdout.Sync() |
|||
printLength = len(printMsg) |
|||
} |
|||
} |
|||
printMsg := fmt.Sprintf(success, hashHandle.(hash.Hash).Sum(nil), hashFile) |
|||
printMsgLength := len(printMsg) |
|||
if printLength > printMsgLength { |
|||
printMsg += strings.Repeat(" ", printLength-printMsgLength) |
|||
} |
|||
fmt.Print(printMsg) |
|||
_ = os.Stdout.Sync() |
|||
} |
|||
|
|||
func GetFileName() string { |
|||
filePath, _ := os.Executable() |
|||
fileName := filepath.Base(filePath) |
|||
fileName = strings.TrimSuffix(fileName, filepath.Ext(fileName)) |
|||
return fileName |
|||
} |
|||
|
|||
func GetFileList(args []string) (fileList []string) { |
|||
var tempList []string |
|||
for _, v := range args { |
|||
globList, _ := filepath.Glob(v) |
|||
tempList = append(tempList, globList...) |
|||
} |
|||
sort.Strings(tempList) |
|||
for i := 0; i < len(tempList); i++ { |
|||
if i > 0 && tempList[i] == tempList[i-1] { |
|||
continue |
|||
} |
|||
fileList = append(fileList, tempList[i]) |
|||
} |
|||
return |
|||
} |
|||
|
|||
func InstallShortcut(dst string) { |
|||
execPath, err := os.Executable() |
|||
if err != nil { |
|||
return |
|||
} |
|||
filePath, err := filepath.Abs(dst) |
|||
if err != nil { |
|||
return |
|||
} |
|||
fileStat, err := os.Stat(filePath) |
|||
if err != nil || !fileStat.IsDir() { |
|||
return |
|||
} |
|||
osPathSeparator := string(os.PathSeparator) |
|||
if !strings.HasSuffix(filePath, osPathSeparator) { |
|||
filePath += osPathSeparator |
|||
} |
|||
for i := 0; i < len(typeList); i++ { |
|||
symlinkPath := filePath + typeList[i] |
|||
if "windows" == runtime.GOOS { |
|||
symlinkPath += ".exe" |
|||
} |
|||
err := os.Link(execPath, symlinkPath) |
|||
if err != nil { |
|||
fmt.Printf("为 %s\t<<===>>\t%s 创建链接错误\n", symlinkPath, execPath) |
|||
} else { |
|||
fmt.Printf("为 %s\t<<===>>\t%s 创建了硬链接\n", symlinkPath, execPath) |
|||
} |
|||
} |
|||
} |
|||
|
|||
func AuthorInformation() { |
|||
fmt.Println("welcome to our website https://aite.xyz/") |
|||
fmt.Println("----------------------------------------") |
|||
fmt.Println("腾讯扣扣:88966001") |
|||
fmt.Println("电子邮箱:xiaoqidun@gmail.com") |
|||
fmt.Println("----------------------------------------") |
|||
} |
@ -0,0 +1,3 @@ |
|||
# This source code refers to The Go Authors for copyright purposes. |
|||
# The master list of authors is in the main Go distribution, |
|||
# visible at https://tip.golang.org/AUTHORS. |
@ -0,0 +1,3 @@ |
|||
# This source code was written by the Go contributors. |
|||
# The master list of contributors is in the main Go distribution, |
|||
# visible at https://tip.golang.org/CONTRIBUTORS. |
@ -0,0 +1,27 @@ |
|||
Copyright (c) 2009 The Go Authors. All rights reserved. |
|||
|
|||
Redistribution and use in source and binary forms, with or without |
|||
modification, are permitted provided that the following conditions are |
|||
met: |
|||
|
|||
* Redistributions of source code must retain the above copyright |
|||
notice, this list of conditions and the following disclaimer. |
|||
* Redistributions in binary form must reproduce the above |
|||
copyright notice, this list of conditions and the following disclaimer |
|||
in the documentation and/or other materials provided with the |
|||
distribution. |
|||
* Neither the name of Google Inc. nor the names of its |
|||
contributors may be used to endorse or promote products derived from |
|||
this software without specific prior written permission. |
|||
|
|||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
|||
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
|||
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
|||
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
|||
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|||
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
|||
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
|||
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
|||
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
|||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
|||
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
@ -0,0 +1,22 @@ |
|||
Additional IP Rights Grant (Patents) |
|||
|
|||
"This implementation" means the copyrightable works distributed by |
|||
Google as part of the Go project. |
|||
|
|||
Google hereby grants to You a perpetual, worldwide, non-exclusive, |
|||
no-charge, royalty-free, irrevocable (except as stated in this section) |
|||
patent license to make, have made, use, offer to sell, sell, import, |
|||
transfer and otherwise run, modify and propagate the contents of this |
|||
implementation of Go, where such license applies only to those patent |
|||
claims, both currently owned or controlled by Google and acquired in |
|||
the future, licensable by Google that are necessarily infringed by this |
|||
implementation of Go. This grant does not include claims that would be |
|||
infringed only as a consequence of further modification of this |
|||
implementation. If you or your agent or exclusive licensee institute or |
|||
order or agree to the institution of patent litigation against any |
|||
entity (including a cross-claim or counterclaim in a lawsuit) alleging |
|||
that this implementation of Go or any code incorporated within this |
|||
implementation of Go constitutes direct or contributory patent |
|||
infringement, or inducement of patent infringement, then any patent |
|||
rights granted to you under this License for this implementation of Go |
|||
shall terminate as of the date such litigation is filed. |
@ -0,0 +1,66 @@ |
|||
// Copyright 2014 The Go Authors. All rights reserved.
|
|||
// Use of this source code is governed by a BSD-style
|
|||
// license that can be found in the LICENSE file.
|
|||
|
|||
// Package sha3 implements the SHA-3 fixed-output-length hash functions and
|
|||
// the SHAKE variable-output-length hash functions defined by FIPS-202.
|
|||
//
|
|||
// Both types of hash function use the "sponge" construction and the Keccak
|
|||
// permutation. For a detailed specification see http://keccak.noekeon.org/
|
|||
//
|
|||
//
|
|||
// Guidance
|
|||
//
|
|||
// If you aren't sure what function you need, use SHAKE256 with at least 64
|
|||
// bytes of output. The SHAKE instances are faster than the SHA3 instances;
|
|||
// the latter have to allocate memory to conform to the hash.Hash interface.
|
|||
//
|
|||
// If you need a secret-key MAC (message authentication code), prepend the
|
|||
// secret key to the input, hash with SHAKE256 and read at least 32 bytes of
|
|||
// output.
|
|||
//
|
|||
//
|
|||
// Security strengths
|
|||
//
|
|||
// The SHA3-x (x equals 224, 256, 384, or 512) functions have a security
|
|||
// strength against preimage attacks of x bits. Since they only produce "x"
|
|||
// bits of output, their collision-resistance is only "x/2" bits.
|
|||
//
|
|||
// The SHAKE-256 and -128 functions have a generic security strength of 256 and
|
|||
// 128 bits against all attacks, provided that at least 2x bits of their output
|
|||
// is used. Requesting more than 64 or 32 bytes of output, respectively, does
|
|||
// not increase the collision-resistance of the SHAKE functions.
|
|||
//
|
|||
//
|
|||
// The sponge construction
|
|||
//
|
|||
// A sponge builds a pseudo-random function from a public pseudo-random
|
|||
// permutation, by applying the permutation to a state of "rate + capacity"
|
|||
// bytes, but hiding "capacity" of the bytes.
|
|||
//
|
|||
// A sponge starts out with a zero state. To hash an input using a sponge, up
|
|||
// to "rate" bytes of the input are XORed into the sponge's state. The sponge
|
|||
// is then "full" and the permutation is applied to "empty" it. This process is
|
|||
// repeated until all the input has been "absorbed". The input is then padded.
|
|||
// The digest is "squeezed" from the sponge in the same way, except that output
|
|||
// is copied out instead of input being XORed in.
|
|||
//
|
|||
// A sponge is parameterized by its generic security strength, which is equal
|
|||
// to half its capacity; capacity + rate is equal to the permutation's width.
|
|||
// Since the KeccakF-1600 permutation is 1600 bits (200 bytes) wide, this means
|
|||
// that the security strength of a sponge instance is equal to (1600 - bitrate) / 2.
|
|||
//
|
|||
//
|
|||
// Recommendations
|
|||
//
|
|||
// The SHAKE functions are recommended for most new uses. They can produce
|
|||
// output of arbitrary length. SHAKE256, with an output length of at least
|
|||
// 64 bytes, provides 256-bit security against all attacks. The Keccak team
|
|||
// recommends it for most applications upgrading from SHA2-512. (NIST chose a
|
|||
// much stronger, but much slower, sponge instance for SHA3-512.)
|
|||
//
|
|||
// The SHA-3 functions are "drop-in" replacements for the SHA-2 functions.
|
|||
// They produce output of the same length, with the same security strengths
|
|||
// against all attacks. This means, in particular, that SHA3-256 only has
|
|||
// 128-bit collision resistance, because its output length is 32 bytes.
|
|||
package sha3 // import "golang.org/x/crypto/sha3"
|
@ -0,0 +1,97 @@ |
|||
// Copyright 2014 The Go Authors. All rights reserved.
|
|||
// Use of this source code is governed by a BSD-style
|
|||
// license that can be found in the LICENSE file.
|
|||
|
|||
package sha3 |
|||
|
|||
// This file provides functions for creating instances of the SHA-3
|
|||
// and SHAKE hash functions, as well as utility functions for hashing
|
|||
// bytes.
|
|||
|
|||
import ( |
|||
"hash" |
|||
) |
|||
|
|||
// New224 creates a new SHA3-224 hash.
|
|||
// Its generic security strength is 224 bits against preimage attacks,
|
|||
// and 112 bits against collision attacks.
|
|||
func New224() hash.Hash { |
|||
if h := new224Asm(); h != nil { |
|||
return h |
|||
} |
|||
return &state{rate: 144, outputLen: 28, dsbyte: 0x06} |
|||
} |
|||
|
|||
// New256 creates a new SHA3-256 hash.
|
|||
// Its generic security strength is 256 bits against preimage attacks,
|
|||
// and 128 bits against collision attacks.
|
|||
func New256() hash.Hash { |
|||
if h := new256Asm(); h != nil { |
|||
return h |
|||
} |
|||
return &state{rate: 136, outputLen: 32, dsbyte: 0x06} |
|||
} |
|||
|
|||
// New384 creates a new SHA3-384 hash.
|
|||
// Its generic security strength is 384 bits against preimage attacks,
|
|||
// and 192 bits against collision attacks.
|
|||
func New384() hash.Hash { |
|||
if h := new384Asm(); h != nil { |
|||
return h |
|||
} |
|||
return &state{rate: 104, outputLen: 48, dsbyte: 0x06} |
|||
} |
|||
|
|||
// New512 creates a new SHA3-512 hash.
|
|||
// Its generic security strength is 512 bits against preimage attacks,
|
|||
// and 256 bits against collision attacks.
|
|||
func New512() hash.Hash { |
|||
if h := new512Asm(); h != nil { |
|||
return h |
|||
} |
|||
return &state{rate: 72, outputLen: 64, dsbyte: 0x06} |
|||
} |
|||
|
|||
// NewLegacyKeccak256 creates a new Keccak-256 hash.
|
|||
//
|
|||
// Only use this function if you require compatibility with an existing cryptosystem
|
|||
// that uses non-standard padding. All other users should use New256 instead.
|
|||
func NewLegacyKeccak256() hash.Hash { return &state{rate: 136, outputLen: 32, dsbyte: 0x01} } |
|||
|
|||
// NewLegacyKeccak512 creates a new Keccak-512 hash.
|
|||
//
|
|||
// Only use this function if you require compatibility with an existing cryptosystem
|
|||
// that uses non-standard padding. All other users should use New512 instead.
|
|||
func NewLegacyKeccak512() hash.Hash { return &state{rate: 72, outputLen: 64, dsbyte: 0x01} } |
|||
|
|||
// Sum224 returns the SHA3-224 digest of the data.
|
|||
func Sum224(data []byte) (digest [28]byte) { |
|||
h := New224() |
|||
h.Write(data) |
|||
h.Sum(digest[:0]) |
|||
return |
|||
} |
|||
|
|||
// Sum256 returns the SHA3-256 digest of the data.
|
|||
func Sum256(data []byte) (digest [32]byte) { |
|||
h := New256() |
|||
h.Write(data) |
|||
h.Sum(digest[:0]) |
|||
return |
|||
} |
|||
|
|||
// Sum384 returns the SHA3-384 digest of the data.
|
|||
func Sum384(data []byte) (digest [48]byte) { |
|||
h := New384() |
|||
h.Write(data) |
|||
h.Sum(digest[:0]) |
|||
return |
|||
} |
|||
|
|||
// Sum512 returns the SHA3-512 digest of the data.
|
|||
func Sum512(data []byte) (digest [64]byte) { |
|||
h := New512() |
|||
h.Write(data) |
|||
h.Sum(digest[:0]) |
|||
return |
|||
} |
@ -0,0 +1,27 @@ |
|||
// Copyright 2017 The Go Authors. All rights reserved.
|
|||
// Use of this source code is governed by a BSD-style
|
|||
// license that can be found in the LICENSE file.
|
|||
|
|||
// +build gccgo appengine !s390x
|
|||
|
|||
package sha3 |
|||
|
|||
import ( |
|||
"hash" |
|||
) |
|||
|
|||
// new224Asm returns an assembly implementation of SHA3-224 if available,
|
|||
// otherwise it returns nil.
|
|||
func new224Asm() hash.Hash { return nil } |
|||
|
|||
// new256Asm returns an assembly implementation of SHA3-256 if available,
|
|||
// otherwise it returns nil.
|
|||
func new256Asm() hash.Hash { return nil } |
|||
|
|||
// new384Asm returns an assembly implementation of SHA3-384 if available,
|
|||
// otherwise it returns nil.
|
|||
func new384Asm() hash.Hash { return nil } |
|||
|
|||
// new512Asm returns an assembly implementation of SHA3-512 if available,
|
|||
// otherwise it returns nil.
|
|||
func new512Asm() hash.Hash { return nil } |
@ -0,0 +1,412 @@ |
|||
// Copyright 2014 The Go Authors. All rights reserved.
|
|||
// Use of this source code is governed by a BSD-style
|
|||
// license that can be found in the LICENSE file.
|
|||
|
|||
// +build !amd64 appengine gccgo
|
|||
|
|||
package sha3 |
|||
|
|||
// rc stores the round constants for use in the ι step.
|
|||
var rc = [24]uint64{ |
|||
0x0000000000000001, |
|||
0x0000000000008082, |
|||
0x800000000000808A, |
|||
0x8000000080008000, |
|||
0x000000000000808B, |
|||
0x0000000080000001, |
|||
0x8000000080008081, |
|||
0x8000000000008009, |
|||
0x000000000000008A, |
|||
0x0000000000000088, |
|||
0x0000000080008009, |
|||
0x000000008000000A, |
|||
0x000000008000808B, |
|||
0x800000000000008B, |
|||
0x8000000000008089, |
|||
0x8000000000008003, |
|||
0x8000000000008002, |
|||
0x8000000000000080, |
|||
0x000000000000800A, |
|||
0x800000008000000A, |
|||
0x8000000080008081, |
|||
0x8000000000008080, |
|||
0x0000000080000001, |
|||
0x8000000080008008, |
|||
} |
|||
|
|||
// keccakF1600 applies the Keccak permutation to a 1600b-wide
|
|||
// state represented as a slice of 25 uint64s.
|
|||
func keccakF1600(a *[25]uint64) { |
|||
// Implementation translated from Keccak-inplace.c
|
|||
// in the keccak reference code.
|
|||
var t, bc0, bc1, bc2, bc3, bc4, d0, d1, d2, d3, d4 uint64 |
|||
|
|||
for i := 0; i < 24; i += 4 { |
|||
// Combines the 5 steps in each round into 2 steps.
|
|||
// Unrolls 4 rounds per loop and spreads some steps across rounds.
|
|||
|
|||
// Round 1
|
|||
bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] |
|||
bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] |
|||
bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] |
|||
bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] |
|||
bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] |
|||
d0 = bc4 ^ (bc1<<1 | bc1>>63) |
|||
d1 = bc0 ^ (bc2<<1 | bc2>>63) |
|||
d2 = bc1 ^ (bc3<<1 | bc3>>63) |
|||
d3 = bc2 ^ (bc4<<1 | bc4>>63) |
|||
d4 = bc3 ^ (bc0<<1 | bc0>>63) |
|||
|
|||
bc0 = a[0] ^ d0 |
|||
t = a[6] ^ d1 |
|||
bc1 = t<<44 | t>>(64-44) |
|||
t = a[12] ^ d2 |
|||
bc2 = t<<43 | t>>(64-43) |
|||
t = a[18] ^ d3 |
|||
bc3 = t<<21 | t>>(64-21) |
|||
t = a[24] ^ d4 |
|||
bc4 = t<<14 | t>>(64-14) |
|||
a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i] |
|||
a[6] = bc1 ^ (bc3 &^ bc2) |
|||
a[12] = bc2 ^ (bc4 &^ bc3) |
|||
a[18] = bc3 ^ (bc0 &^ bc4) |
|||
a[24] = bc4 ^ (bc1 &^ bc0) |
|||
|
|||
t = a[10] ^ d0 |
|||
bc2 = t<<3 | t>>(64-3) |
|||
t = a[16] ^ d1 |
|||
bc3 = t<<45 | t>>(64-45) |
|||
t = a[22] ^ d2 |
|||
bc4 = t<<61 | t>>(64-61) |
|||
t = a[3] ^ d3 |
|||
bc0 = t<<28 | t>>(64-28) |
|||
t = a[9] ^ d4 |
|||
bc1 = t<<20 | t>>(64-20) |
|||
a[10] = bc0 ^ (bc2 &^ bc1) |
|||
a[16] = bc1 ^ (bc3 &^ bc2) |
|||
a[22] = bc2 ^ (bc4 &^ bc3) |
|||
a[3] = bc3 ^ (bc0 &^ bc4) |
|||
a[9] = bc4 ^ (bc1 &^ bc0) |
|||
|
|||
t = a[20] ^ d0 |
|||
bc4 = t<<18 | t>>(64-18) |
|||
t = a[1] ^ d1 |
|||
bc0 = t<<1 | t>>(64-1) |
|||
t = a[7] ^ d2 |
|||
bc1 = t<<6 | t>>(64-6) |
|||
t = a[13] ^ d3 |
|||
bc2 = t<<25 | t>>(64-25) |
|||
t = a[19] ^ d4 |
|||
bc3 = t<<8 | t>>(64-8) |
|||
a[20] = bc0 ^ (bc2 &^ bc1) |
|||
a[1] = bc1 ^ (bc3 &^ bc2) |
|||
a[7] = bc2 ^ (bc4 &^ bc3) |
|||
a[13] = bc3 ^ (bc0 &^ bc4) |
|||
a[19] = bc4 ^ (bc1 &^ bc0) |
|||
|
|||
t = a[5] ^ d0 |
|||
bc1 = t<<36 | t>>(64-36) |
|||
t = a[11] ^ d1 |
|||
bc2 = t<<10 | t>>(64-10) |
|||
t = a[17] ^ d2 |
|||
bc3 = t<<15 | t>>(64-15) |
|||
t = a[23] ^ d3 |
|||
bc4 = t<<56 | t>>(64-56) |
|||
t = a[4] ^ d4 |
|||
bc0 = t<<27 | t>>(64-27) |
|||
a[5] = bc0 ^ (bc2 &^ bc1) |
|||
a[11] = bc1 ^ (bc3 &^ bc2) |
|||
a[17] = bc2 ^ (bc4 &^ bc3) |
|||
a[23] = bc3 ^ (bc0 &^ bc4) |
|||
a[4] = bc4 ^ (bc1 &^ bc0) |
|||
|
|||
t = a[15] ^ d0 |
|||
bc3 = t<<41 | t>>(64-41) |
|||
t = a[21] ^ d1 |
|||
bc4 = t<<2 | t>>(64-2) |
|||
t = a[2] ^ d2 |
|||
bc0 = t<<62 | t>>(64-62) |
|||
t = a[8] ^ d3 |
|||
bc1 = t<<55 | t>>(64-55) |
|||
t = a[14] ^ d4 |
|||
bc2 = t<<39 | t>>(64-39) |
|||
a[15] = bc0 ^ (bc2 &^ bc1) |
|||
a[21] = bc1 ^ (bc3 &^ bc2) |
|||
a[2] = bc2 ^ (bc4 &^ bc3) |
|||
a[8] = bc3 ^ (bc0 &^ bc4) |
|||
a[14] = bc4 ^ (bc1 &^ bc0) |
|||
|
|||
// Round 2
|
|||
bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] |
|||
bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] |
|||
bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] |
|||
bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] |
|||
bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] |
|||
d0 = bc4 ^ (bc1<<1 | bc1>>63) |
|||
d1 = bc0 ^ (bc2<<1 | bc2>>63) |
|||
d2 = bc1 ^ (bc3<<1 | bc3>>63) |
|||
d3 = bc2 ^ (bc4<<1 | bc4>>63) |
|||
d4 = bc3 ^ (bc0<<1 | bc0>>63) |
|||
|
|||
bc0 = a[0] ^ d0 |
|||
t = a[16] ^ d1 |
|||
bc1 = t<<44 | t>>(64-44) |
|||
t = a[7] ^ d2 |
|||
bc2 = t<<43 | t>>(64-43) |
|||
t = a[23] ^ d3 |
|||
bc3 = t<<21 | t>>(64-21) |
|||
t = a[14] ^ d4 |
|||
bc4 = t<<14 | t>>(64-14) |
|||
a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+1] |
|||
a[16] = bc1 ^ (bc3 &^ bc2) |
|||
a[7] = bc2 ^ (bc4 &^ bc3) |
|||
a[23] = bc3 ^ (bc0 &^ bc4) |
|||
a[14] = bc4 ^ (bc1 &^ bc0) |
|||
|
|||
t = a[20] ^ d0 |
|||
bc2 = t<<3 | t>>(64-3) |
|||
t = a[11] ^ d1 |
|||
bc3 = t<<45 | t>>(64-45) |
|||
t = a[2] ^ d2 |
|||
bc4 = t<<61 | t>>(64-61) |
|||
t = a[18] ^ d3 |
|||
bc0 = t<<28 | t>>(64-28) |
|||
t = a[9] ^ d4 |
|||
bc1 = t<<20 | t>>(64-20) |
|||
a[20] = bc0 ^ (bc2 &^ bc1) |
|||
a[11] = bc1 ^ (bc3 &^ bc2) |
|||
a[2] = bc2 ^ (bc4 &^ bc3) |
|||
a[18] = bc3 ^ (bc0 &^ bc4) |
|||
a[9] = bc4 ^ (bc1 &^ bc0) |
|||
|
|||
t = a[15] ^ d0 |
|||
bc4 = t<<18 | t>>(64-18) |
|||
t = a[6] ^ d1 |
|||
bc0 = t<<1 | t>>(64-1) |
|||
t = a[22] ^ d2 |
|||
bc1 = t<<6 | t>>(64-6) |
|||
t = a[13] ^ d3 |
|||
bc2 = t<<25 | t>>(64-25) |
|||
t = a[4] ^ d4 |
|||
bc3 = t<<8 | t>>(64-8) |
|||
a[15] = bc0 ^ (bc2 &^ bc1) |
|||
a[6] = bc1 ^ (bc3 &^ bc2) |
|||
a[22] = bc2 ^ (bc4 &^ bc3) |
|||
a[13] = bc3 ^ (bc0 &^ bc4) |
|||
a[4] = bc4 ^ (bc1 &^ bc0) |
|||
|
|||
t = a[10] ^ d0 |
|||
bc1 = t<<36 | t>>(64-36) |
|||
t = a[1] ^ d1 |
|||
bc2 = t<<10 | t>>(64-10) |
|||
t = a[17] ^ d2 |
|||
bc3 = t<<15 | t>>(64-15) |
|||
t = a[8] ^ d3 |
|||
bc4 = t<<56 | t>>(64-56) |
|||
t = a[24] ^ d4 |
|||
bc0 = t<<27 | t>>(64-27) |
|||
a[10] = bc0 ^ (bc2 &^ bc1) |
|||
a[1] = bc1 ^ (bc3 &^ bc2) |
|||
a[17] = bc2 ^ (bc4 &^ bc3) |
|||
a[8] = bc3 ^ (bc0 &^ bc4) |
|||
a[24] = bc4 ^ (bc1 &^ bc0) |
|||
|
|||
t = a[5] ^ d0 |
|||
bc3 = t<<41 | t>>(64-41) |
|||
t = a[21] ^ d1 |
|||
bc4 = t<<2 | t>>(64-2) |
|||
t = a[12] ^ d2 |
|||
bc0 = t<<62 | t>>(64-62) |
|||
t = a[3] ^ d3 |
|||
bc1 = t<<55 | t>>(64-55) |
|||
t = a[19] ^ d4 |
|||
bc2 = t<<39 | t>>(64-39) |
|||
a[5] = bc0 ^ (bc2 &^ bc1) |
|||
a[21] = bc1 ^ (bc3 &^ bc2) |
|||
a[12] = bc2 ^ (bc4 &^ bc3) |
|||
a[3] = bc3 ^ (bc0 &^ bc4) |
|||
a[19] = bc4 ^ (bc1 &^ bc0) |
|||
|
|||
// Round 3
|
|||
bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] |
|||
bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] |
|||
bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] |
|||
bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] |
|||
bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] |
|||
d0 = bc4 ^ (bc1<<1 | bc1>>63) |
|||
d1 = bc0 ^ (bc2<<1 | bc2>>63) |
|||
d2 = bc1 ^ (bc3<<1 | bc3>>63) |
|||
d3 = bc2 ^ (bc4<<1 | bc4>>63) |
|||
d4 = bc3 ^ (bc0<<1 | bc0>>63) |
|||
|
|||
bc0 = a[0] ^ d0 |
|||
t = a[11] ^ d1 |
|||
bc1 = t<<44 | t>>(64-44) |
|||
t = a[22] ^ d2 |
|||
bc2 = t<<43 | t>>(64-43) |
|||
t = a[8] ^ d3 |
|||
bc3 = t<<21 | t>>(64-21) |
|||
t = a[19] ^ d4 |
|||
bc4 = t<<14 | t>>(64-14) |
|||
a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+2] |
|||
a[11] = bc1 ^ (bc3 &^ bc2) |
|||
a[22] = bc2 ^ (bc4 &^ bc3) |
|||
a[8] = bc3 ^ (bc0 &^ bc4) |
|||
a[19] = bc4 ^ (bc1 &^ bc0) |
|||
|
|||
t = a[15] ^ d0 |
|||
bc2 = t<<3 | t>>(64-3) |
|||
t = a[1] ^ d1 |
|||
bc3 = t<<45 | t>>(64-45) |
|||
t = a[12] ^ d2 |
|||
bc4 = t<<61 | t>>(64-61) |
|||
t = a[23] ^ d3 |
|||
bc0 = t<<28 | t>>(64-28) |
|||
t = a[9] ^ d4 |
|||
bc1 = t<<20 | t>>(64-20) |
|||
a[15] = bc0 ^ (bc2 &^ bc1) |
|||
a[1] = bc1 ^ (bc3 &^ bc2) |
|||
a[12] = bc2 ^ (bc4 &^ bc3) |
|||
a[23] = bc3 ^ (bc0 &^ bc4) |
|||
a[9] = bc4 ^ (bc1 &^ bc0) |
|||
|
|||
t = a[5] ^ d0 |
|||
bc4 = t<<18 | t>>(64-18) |
|||
t = a[16] ^ d1 |
|||
bc0 = t<<1 | t>>(64-1) |
|||
t = a[2] ^ d2 |
|||
bc1 = t<<6 | t>>(64-6) |
|||
t = a[13] ^ d3 |
|||
bc2 = t<<25 | t>>(64-25) |
|||
t = a[24] ^ d4 |
|||
bc3 = t<<8 | t>>(64-8) |
|||
a[5] = bc0 ^ (bc2 &^ bc1) |
|||
a[16] = bc1 ^ (bc3 &^ bc2) |
|||
a[2] = bc2 ^ (bc4 &^ bc3) |
|||
a[13] = bc3 ^ (bc0 &^ bc4) |
|||
a[24] = bc4 ^ (bc1 &^ bc0) |
|||
|
|||
t = a[20] ^ d0 |
|||
bc1 = t<<36 | t>>(64-36) |
|||
t = a[6] ^ d1 |
|||
bc2 = t<<10 | t>>(64-10) |
|||
t = a[17] ^ d2 |
|||
bc3 = t<<15 | t>>(64-15) |
|||
t = a[3] ^ d3 |
|||
bc4 = t<<56 | t>>(64-56) |
|||
t = a[14] ^ d4 |
|||
bc0 = t<<27 | t>>(64-27) |
|||
a[20] = bc0 ^ (bc2 &^ bc1) |
|||
a[6] = bc1 ^ (bc3 &^ bc2) |
|||
a[17] = bc2 ^ (bc4 &^ bc3) |
|||
a[3] = bc3 ^ (bc0 &^ bc4) |
|||
a[14] = bc4 ^ (bc1 &^ bc0) |
|||
|
|||
t = a[10] ^ d0 |
|||
bc3 = t<<41 | t>>(64-41) |
|||
t = a[21] ^ d1 |
|||
bc4 = t<<2 | t>>(64-2) |
|||
t = a[7] ^ d2 |
|||
bc0 = t<<62 | t>>(64-62) |
|||
t = a[18] ^ d3 |
|||
bc1 = t<<55 | t>>(64-55) |
|||
t = a[4] ^ d4 |
|||
bc2 = t<<39 | t>>(64-39) |
|||
a[10] = bc0 ^ (bc2 &^ bc1) |
|||
a[21] = bc1 ^ (bc3 &^ bc2) |
|||
a[7] = bc2 ^ (bc4 &^ bc3) |
|||
a[18] = bc3 ^ (bc0 &^ bc4) |
|||
a[4] = bc4 ^ (bc1 &^ bc0) |
|||
|
|||
// Round 4
|
|||
bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] |
|||
bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] |
|||
bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] |
|||
bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] |
|||
bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] |
|||
d0 = bc4 ^ (bc1<<1 | bc1>>63) |
|||
d1 = bc0 ^ (bc2<<1 | bc2>>63) |
|||
d2 = bc1 ^ (bc3<<1 | bc3>>63) |
|||
d3 = bc2 ^ (bc4<<1 | bc4>>63) |
|||
d4 = bc3 ^ (bc0<<1 | bc0>>63) |
|||
|
|||
bc0 = a[0] ^ d0 |
|||
t = a[1] ^ d1 |
|||
bc1 = t<<44 | t>>(64-44) |
|||
t = a[2] ^ d2 |
|||
bc2 = t<<43 | t>>(64-43) |
|||
t = a[3] ^ d3 |
|||
bc3 = t<<21 | t>>(64-21) |
|||
t = a[4] ^ d4 |
|||
bc4 = t<<14 | t>>(64-14) |
|||
a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+3] |
|||
a[1] = bc1 ^ (bc3 &^ bc2) |
|||
a[2] = bc2 ^ (bc4 &^ bc3) |
|||
a[3] = bc3 ^ (bc0 &^ bc4) |
|||
a[4] = bc4 ^ (bc1 &^ bc0) |
|||
|
|||
t = a[5] ^ d0 |
|||
bc2 = t<<3 | t>>(64-3) |
|||
t = a[6] ^ d1 |
|||
bc3 = t<<45 | t>>(64-45) |
|||
t = a[7] ^ d2 |
|||
bc4 = t<<61 | t>>(64-61) |
|||
t = a[8] ^ d3 |
|||
bc0 = t<<28 | t>>(64-28) |
|||
t = a[9] ^ d4 |
|||
bc1 = t<<20 | t>>(64-20) |
|||
a[5] = bc0 ^ (bc2 &^ bc1) |
|||
a[6] = bc1 ^ (bc3 &^ bc2) |
|||
a[7] = bc2 ^ (bc4 &^ bc3) |
|||
a[8] = bc3 ^ (bc0 &^ bc4) |
|||
a[9] = bc4 ^ (bc1 &^ bc0) |
|||
|
|||
t = a[10] ^ d0 |
|||
bc4 = t<<18 | t>>(64-18) |
|||
t = a[11] ^ d1 |
|||
bc0 = t<<1 | t>>(64-1) |
|||
t = a[12] ^ d2 |
|||
bc1 = t<<6 | t>>(64-6) |
|||
t = a[13] ^ d3 |
|||
bc2 = t<<25 | t>>(64-25) |
|||
t = a[14] ^ d4 |
|||
bc3 = t<<8 | t>>(64-8) |
|||
a[10] = bc0 ^ (bc2 &^ bc1) |
|||
a[11] = bc1 ^ (bc3 &^ bc2) |
|||
a[12] = bc2 ^ (bc4 &^ bc3) |
|||
a[13] = bc3 ^ (bc0 &^ bc4) |
|||
a[14] = bc4 ^ (bc1 &^ bc0) |
|||
|
|||
t = a[15] ^ d0 |
|||
bc1 = t<<36 | t>>(64-36) |
|||
t = a[16] ^ d1 |
|||
bc2 = t<<10 | t>>(64-10) |
|||
t = a[17] ^ d2 |
|||
bc3 = t<<15 | t>>(64-15) |
|||
t = a[18] ^ d3 |
|||
bc4 = t<<56 | t>>(64-56) |
|||
t = a[19] ^ d4 |
|||
bc0 = t<<27 | t>>(64-27) |
|||
a[15] = bc0 ^ (bc2 &^ bc1) |
|||
a[16] = bc1 ^ (bc3 &^ bc2) |
|||
a[17] = bc2 ^ (bc4 &^ bc3) |
|||
a[18] = bc3 ^ (bc0 &^ bc4) |
|||
a[19] = bc4 ^ (bc1 &^ bc0) |
|||
|
|||
t = a[20] ^ d0 |
|||
bc3 = t<<41 | t>>(64-41) |
|||
t = a[21] ^ d1 |
|||
bc4 = t<<2 | t>>(64-2) |
|||
t = a[22] ^ d2 |
|||
bc0 = t<<62 | t>>(64-62) |
|||
t = a[23] ^ d3 |
|||
bc1 = t<<55 | t>>(64-55) |
|||
t = a[24] ^ d4 |
|||
bc2 = t<<39 | t>>(64-39) |
|||
a[20] = bc0 ^ (bc2 &^ bc1) |
|||
a[21] = bc1 ^ (bc3 &^ bc2) |
|||
a[22] = bc2 ^ (bc4 &^ bc3) |
|||
a[23] = bc3 ^ (bc0 &^ bc4) |
|||
a[24] = bc4 ^ (bc1 &^ bc0) |
|||
} |
|||
} |
@ -0,0 +1,13 @@ |
|||
// Copyright 2015 The Go Authors. All rights reserved.
|
|||
// Use of this source code is governed by a BSD-style
|
|||
// license that can be found in the LICENSE file.
|
|||
|
|||
// +build amd64,!appengine,!gccgo
|
|||
|
|||
package sha3 |
|||
|
|||
// This function is implemented in keccakf_amd64.s.
|
|||
|
|||
//go:noescape
|
|||
|
|||
func keccakF1600(a *[25]uint64) |
@ -0,0 +1,390 @@ |
|||
// Copyright 2015 The Go Authors. All rights reserved. |
|||
// Use of this source code is governed by a BSD-style |
|||
// license that can be found in the LICENSE file. |
|||
|
|||
// +build amd64,!appengine,!gccgo |
|||
|
|||
// This code was translated into a form compatible with 6a from the public |
|||
// domain sources at https://github.com/gvanas/KeccakCodePackage |
|||
|
|||
// Offsets in state |
|||
#define _ba (0*8) |
|||
#define _be (1*8) |
|||
#define _bi (2*8) |
|||
#define _bo (3*8) |
|||
#define _bu (4*8) |
|||
#define _ga (5*8) |
|||
#define _ge (6*8) |
|||
#define _gi (7*8) |
|||
#define _go (8*8) |
|||
#define _gu (9*8) |
|||
#define _ka (10*8) |
|||
#define _ke (11*8) |
|||
#define _ki (12*8) |
|||
#define _ko (13*8) |
|||
#define _ku (14*8) |
|||
#define _ma (15*8) |
|||
#define _me (16*8) |
|||
#define _mi (17*8) |
|||
#define _mo (18*8) |
|||
#define _mu (19*8) |
|||
#define _sa (20*8) |
|||
#define _se (21*8) |
|||
#define _si (22*8) |
|||
#define _so (23*8) |
|||
#define _su (24*8) |
|||
|
|||
// Temporary registers |
|||
#define rT1 AX |
|||
|
|||
// Round vars |
|||
#define rpState DI |
|||
#define rpStack SP |
|||
|
|||
#define rDa BX |
|||
#define rDe CX |
|||
#define rDi DX |
|||
#define rDo R8 |
|||
#define rDu R9 |
|||
|
|||
#define rBa R10 |
|||
#define rBe R11 |
|||
#define rBi R12 |
|||
#define rBo R13 |
|||
#define rBu R14 |
|||
|
|||
#define rCa SI |
|||
#define rCe BP |
|||
#define rCi rBi |
|||
#define rCo rBo |
|||
#define rCu R15 |
|||
|
|||
#define MOVQ_RBI_RCE MOVQ rBi, rCe |
|||
#define XORQ_RT1_RCA XORQ rT1, rCa |
|||
#define XORQ_RT1_RCE XORQ rT1, rCe |
|||
#define XORQ_RBA_RCU XORQ rBa, rCu |
|||
#define XORQ_RBE_RCU XORQ rBe, rCu |
|||
#define XORQ_RDU_RCU XORQ rDu, rCu |
|||
#define XORQ_RDA_RCA XORQ rDa, rCa |
|||
#define XORQ_RDE_RCE XORQ rDe, rCe |
|||
|
|||
#define mKeccakRound(iState, oState, rc, B_RBI_RCE, G_RT1_RCA, G_RT1_RCE, G_RBA_RCU, K_RT1_RCA, K_RT1_RCE, K_RBA_RCU, M_RT1_RCA, M_RT1_RCE, M_RBE_RCU, S_RDU_RCU, S_RDA_RCA, S_RDE_RCE) \ |
|||
/* Prepare round */ \ |
|||
MOVQ rCe, rDa; \ |
|||
ROLQ $1, rDa; \ |
|||
\ |
|||
MOVQ _bi(iState), rCi; \ |
|||
XORQ _gi(iState), rDi; \ |
|||
XORQ rCu, rDa; \ |
|||
XORQ _ki(iState), rCi; \ |
|||
XORQ _mi(iState), rDi; \ |
|||
XORQ rDi, rCi; \ |
|||
\ |
|||
MOVQ rCi, rDe; \ |
|||
ROLQ $1, rDe; \ |
|||
\ |
|||
MOVQ _bo(iState), rCo; \ |
|||
XORQ _go(iState), rDo; \ |
|||
XORQ rCa, rDe; \ |
|||
XORQ _ko(iState), rCo; \ |
|||
XORQ _mo(iState), rDo; \ |
|||
XORQ rDo, rCo; \ |
|||
\ |
|||
MOVQ rCo, rDi; \ |
|||
ROLQ $1, rDi; \ |
|||
\ |
|||
MOVQ rCu, rDo; \ |
|||
XORQ rCe, rDi; \ |
|||
ROLQ $1, rDo; \ |
|||
\ |
|||
MOVQ rCa, rDu; \ |
|||
XORQ rCi, rDo; \ |
|||
ROLQ $1, rDu; \ |
|||
\ |
|||
/* Result b */ \ |
|||
MOVQ _ba(iState), rBa; \ |
|||
MOVQ _ge(iState), rBe; \ |
|||
XORQ rCo, rDu; \ |
|||
MOVQ _ki(iState), rBi; \ |
|||
MOVQ _mo(iState), rBo; \ |
|||
MOVQ _su(iState), rBu; \ |
|||
XORQ rDe, rBe; \ |
|||
ROLQ $44, rBe; \ |
|||
XORQ rDi, rBi; \ |
|||
XORQ rDa, rBa; \ |
|||
ROLQ $43, rBi; \ |
|||
\ |
|||
MOVQ rBe, rCa; \ |
|||
MOVQ rc, rT1; \ |
|||
ORQ rBi, rCa; \ |
|||
XORQ rBa, rT1; \ |
|||
XORQ rT1, rCa; \ |
|||
MOVQ rCa, _ba(oState); \ |
|||
\ |
|||
XORQ rDu, rBu; \ |
|||
ROLQ $14, rBu; \ |
|||
MOVQ rBa, rCu; \ |
|||
ANDQ rBe, rCu; \ |
|||
XORQ rBu, rCu; \ |
|||
MOVQ rCu, _bu(oState); \ |
|||
\ |
|||
XORQ rDo, rBo; \ |
|||
ROLQ $21, rBo; \ |
|||
MOVQ rBo, rT1; \ |
|||
ANDQ rBu, rT1; \ |
|||
XORQ rBi, rT1; \ |
|||
MOVQ rT1, _bi(oState); \ |
|||
\ |
|||
NOTQ rBi; \ |
|||
ORQ rBa, rBu; \ |
|||
ORQ rBo, rBi; \ |
|||
XORQ rBo, rBu; \ |
|||
XORQ rBe, rBi; \ |
|||
MOVQ rBu, _bo(oState); \ |
|||
MOVQ rBi, _be(oState); \ |
|||
B_RBI_RCE; \ |
|||
\ |
|||
/* Result g */ \ |
|||
MOVQ _gu(iState), rBe; \ |
|||
XORQ rDu, rBe; \ |
|||
MOVQ _ka(iState), rBi; \ |
|||
ROLQ $20, rBe; \ |
|||
XORQ rDa, rBi; \ |
|||
ROLQ $3, rBi; \ |
|||
MOVQ _bo(iState), rBa; \ |
|||
MOVQ rBe, rT1; \ |
|||
ORQ rBi, rT1; \ |
|||
XORQ rDo, rBa; \ |
|||
MOVQ _me(iState), rBo; \ |
|||
MOVQ _si(iState), rBu; \ |
|||
ROLQ $28, rBa; \ |
|||
XORQ rBa, rT1; \ |
|||
MOVQ rT1, _ga(oState); \ |
|||
G_RT1_RCA; \ |
|||
\ |
|||
XORQ rDe, rBo; \ |
|||
ROLQ $45, rBo; \ |
|||
MOVQ rBi, rT1; \ |
|||
ANDQ rBo, rT1; \ |
|||
XORQ rBe, rT1; \ |
|||
MOVQ rT1, _ge(oState); \ |
|||
G_RT1_RCE; \ |
|||
\ |
|||
XORQ rDi, rBu; \ |
|||
ROLQ $61, rBu; \ |
|||
MOVQ rBu, rT1; \ |
|||
ORQ rBa, rT1; \ |
|||
XORQ rBo, rT1; \ |
|||
MOVQ rT1, _go(oState); \ |
|||
\ |
|||
ANDQ rBe, rBa; \ |
|||
XORQ rBu, rBa; \ |
|||
MOVQ rBa, _gu(oState); \ |
|||
NOTQ rBu; \ |
|||
G_RBA_RCU; \ |
|||
\ |
|||
ORQ rBu, rBo; \ |
|||
XORQ rBi, rBo; \ |
|||
MOVQ rBo, _gi(oState); \ |
|||
\ |
|||
/* Result k */ \ |
|||
MOVQ _be(iState), rBa; \ |
|||
MOVQ _gi(iState), rBe; \ |
|||
MOVQ _ko(iState), rBi; \ |
|||
MOVQ _mu(iState), rBo; \ |
|||
MOVQ _sa(iState), rBu; \ |
|||
XORQ rDi, rBe; \ |
|||
ROLQ $6, rBe; \ |
|||
XORQ rDo, rBi; \ |
|||
ROLQ $25, rBi; \ |
|||
MOVQ rBe, rT1; \ |
|||
ORQ rBi, rT1; \ |
|||
XORQ rDe, rBa; \ |
|||
ROLQ $1, rBa; \ |
|||
XORQ rBa, rT1; \ |
|||
MOVQ rT1, _ka(oState); \ |
|||
K_RT1_RCA; \ |
|||
\ |
|||
XORQ rDu, rBo; \ |
|||
ROLQ $8, rBo; \ |
|||
MOVQ rBi, rT1; \ |
|||
ANDQ rBo, rT1; \ |
|||
XORQ rBe, rT1; \ |
|||
MOVQ rT1, _ke(oState); \ |
|||
K_RT1_RCE; \ |
|||
\ |
|||
XORQ rDa, rBu; \ |
|||
ROLQ $18, rBu; \ |
|||
NOTQ rBo; \ |
|||
MOVQ rBo, rT1; \ |
|||
ANDQ rBu, rT1; \ |
|||
XORQ rBi, rT1; \ |
|||
MOVQ rT1, _ki(oState); \ |
|||
\ |
|||
MOVQ rBu, rT1; \ |
|||
ORQ rBa, rT1; \ |
|||
XORQ rBo, rT1; \ |
|||
MOVQ rT1, _ko(oState); \ |
|||
\ |
|||
ANDQ rBe, rBa; \ |
|||
XORQ rBu, rBa; \ |
|||
MOVQ rBa, _ku(oState); \ |
|||
K_RBA_RCU; \ |
|||
\ |
|||
/* Result m */ \ |
|||
MOVQ _ga(iState), rBe; \ |
|||
XORQ rDa, rBe; \ |
|||
MOVQ _ke(iState), rBi; \ |
|||
ROLQ $36, rBe; \ |
|||
XORQ rDe, rBi; \ |
|||
MOVQ _bu(iState), rBa; \ |
|||
ROLQ $10, rBi; \ |
|||
MOVQ rBe, rT1; \ |
|||
MOVQ _mi(iState), rBo; \ |
|||
ANDQ rBi, rT1; \ |
|||
XORQ rDu, rBa; \ |
|||
MOVQ _so(iState), rBu; \ |
|||
ROLQ $27, rBa; \ |
|||
XORQ rBa, rT1; \ |
|||
MOVQ rT1, _ma(oState); \ |
|||
M_RT1_RCA; \ |
|||
\ |
|||
XORQ rDi, rBo; \ |
|||
ROLQ $15, rBo; \ |
|||
MOVQ rBi, rT1; \ |
|||
ORQ rBo, rT1; \ |
|||
XORQ rBe, rT1; \ |
|||
MOVQ rT1, _me(oState); \ |
|||
M_RT1_RCE; \ |
|||
\ |
|||
XORQ rDo, rBu; \ |
|||
ROLQ $56, rBu; \ |
|||
NOTQ rBo; \ |
|||
MOVQ rBo, rT1; \ |
|||
ORQ rBu, rT1; \ |
|||
XORQ rBi, rT1; \ |
|||
MOVQ rT1, _mi(oState); \ |
|||
\ |
|||
ORQ rBa, rBe; \ |
|||
XORQ rBu, rBe; \ |
|||
MOVQ rBe, _mu(oState); \ |
|||
\ |
|||
ANDQ rBa, rBu; \ |
|||
XORQ rBo, rBu; \ |
|||
MOVQ rBu, _mo(oState); \ |
|||
M_RBE_RCU; \ |
|||
\ |
|||
/* Result s */ \ |
|||
MOVQ _bi(iState), rBa; \ |
|||
MOVQ _go(iState), rBe; \ |
|||
MOVQ _ku(iState), rBi; \ |
|||
XORQ rDi, rBa; \ |
|||
MOVQ _ma(iState), rBo; \ |
|||
ROLQ $62, rBa; \ |
|||
XORQ rDo, rBe; \ |
|||
MOVQ _se(iState), rBu; \ |
|||
ROLQ $55, rBe; \ |
|||
\ |
|||
XORQ rDu, rBi; \ |
|||
MOVQ rBa, rDu; \ |
|||
XORQ rDe, rBu; \ |
|||
ROLQ $2, rBu; \ |
|||
ANDQ rBe, rDu; \ |
|||
XORQ rBu, rDu; \ |
|||
MOVQ rDu, _su(oState); \ |
|||
\ |
|||
ROLQ $39, rBi; \ |
|||
S_RDU_RCU; \ |
|||
NOTQ rBe; \ |
|||
XORQ rDa, rBo; \ |
|||
MOVQ rBe, rDa; \ |
|||
ANDQ rBi, rDa; \ |
|||
XORQ rBa, rDa; \ |
|||
MOVQ rDa, _sa(oState); \ |
|||
S_RDA_RCA; \ |
|||
\ |
|||
ROLQ $41, rBo; \ |
|||
MOVQ rBi, rDe; \ |
|||
ORQ rBo, rDe; \ |
|||
XORQ rBe, rDe; \ |
|||
MOVQ rDe, _se(oState); \ |
|||
S_RDE_RCE; \ |
|||
\ |
|||
MOVQ rBo, rDi; \ |
|||
MOVQ rBu, rDo; \ |
|||
ANDQ rBu, rDi; \ |
|||
ORQ rBa, rDo; \ |
|||
XORQ rBi, rDi; \ |
|||
XORQ rBo, rDo; \ |
|||
MOVQ rDi, _si(oState); \ |
|||
MOVQ rDo, _so(oState) \ |
|||
|
|||
// func keccakF1600(state *[25]uint64) |
|||
TEXT ·keccakF1600(SB), 0, $200-8 |
|||
MOVQ state+0(FP), rpState |
|||
|
|||
// Convert the user state into an internal state |
|||
NOTQ _be(rpState) |
|||
NOTQ _bi(rpState) |
|||
NOTQ _go(rpState) |
|||
NOTQ _ki(rpState) |
|||
NOTQ _mi(rpState) |
|||
NOTQ _sa(rpState) |
|||
|
|||
// Execute the KeccakF permutation |
|||
MOVQ _ba(rpState), rCa |
|||
MOVQ _be(rpState), rCe |
|||
MOVQ _bu(rpState), rCu |
|||
|
|||
XORQ _ga(rpState), rCa |
|||
XORQ _ge(rpState), rCe |
|||
XORQ _gu(rpState), rCu |
|||
|
|||
XORQ _ka(rpState), rCa |
|||
XORQ _ke(rpState), rCe |
|||
XORQ _ku(rpState), rCu |
|||
|
|||
XORQ _ma(rpState), rCa |
|||
XORQ _me(rpState), rCe |
|||
XORQ _mu(rpState), rCu |
|||
|
|||
XORQ _sa(rpState), rCa |
|||
XORQ _se(rpState), rCe |
|||
MOVQ _si(rpState), rDi |
|||
MOVQ _so(rpState), rDo |
|||
XORQ _su(rpState), rCu |
|||
|
|||
mKeccakRound(rpState, rpStack, $0x0000000000000001, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE) |
|||
mKeccakRound(rpStack, rpState, $0x0000000000008082, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE) |
|||
mKeccakRound(rpState, rpStack, $0x800000000000808a, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE) |
|||
mKeccakRound(rpStack, rpState, $0x8000000080008000, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE) |
|||
mKeccakRound(rpState, rpStack, $0x000000000000808b, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE) |
|||
mKeccakRound(rpStack, rpState, $0x0000000080000001, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE) |
|||
mKeccakRound(rpState, rpStack, $0x8000000080008081, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE) |
|||
mKeccakRound(rpStack, rpState, $0x8000000000008009, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE) |
|||
mKeccakRound(rpState, rpStack, $0x000000000000008a, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE) |
|||
mKeccakRound(rpStack, rpState, $0x0000000000000088, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE) |
|||
mKeccakRound(rpState, rpStack, $0x0000000080008009, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE) |
|||
mKeccakRound(rpStack, rpState, $0x000000008000000a, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE) |
|||
mKeccakRound(rpState, rpStack, $0x000000008000808b, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE) |
|||
mKeccakRound(rpStack, rpState, $0x800000000000008b, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE) |
|||
mKeccakRound(rpState, rpStack, $0x8000000000008089, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE) |
|||
mKeccakRound(rpStack, rpState, $0x8000000000008003, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE) |
|||
mKeccakRound(rpState, rpStack, $0x8000000000008002, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE) |
|||
mKeccakRound(rpStack, rpState, $0x8000000000000080, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE) |
|||
mKeccakRound(rpState, rpStack, $0x000000000000800a, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE) |
|||
mKeccakRound(rpStack, rpState, $0x800000008000000a, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE) |
|||
mKeccakRound(rpState, rpStack, $0x8000000080008081, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE) |
|||
mKeccakRound(rpStack, rpState, $0x8000000000008080, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE) |
|||
mKeccakRound(rpState, rpStack, $0x0000000080000001, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE) |
|||
mKeccakRound(rpStack, rpState, $0x8000000080008008, NOP, NOP, NOP, NOP, NOP, NOP, NOP, NOP, NOP, NOP, NOP, NOP, NOP) |
|||
|
|||
// Revert the internal state to the user state |
|||
NOTQ _be(rpState) |
|||
NOTQ _bi(rpState) |
|||
NOTQ _go(rpState) |
|||
NOTQ _ki(rpState) |
|||
NOTQ _mi(rpState) |
|||
NOTQ _sa(rpState) |
|||
|
|||
RET |
@ -0,0 +1,18 @@ |
|||
// Copyright 2014 The Go Authors. All rights reserved.
|
|||
// Use of this source code is governed by a BSD-style
|
|||
// license that can be found in the LICENSE file.
|
|||
|
|||
// +build go1.4
|
|||
|
|||
package sha3 |
|||
|
|||
import ( |
|||
"crypto" |
|||
) |
|||
|
|||
func init() { |
|||
crypto.RegisterHash(crypto.SHA3_224, New224) |
|||
crypto.RegisterHash(crypto.SHA3_256, New256) |
|||
crypto.RegisterHash(crypto.SHA3_384, New384) |
|||
crypto.RegisterHash(crypto.SHA3_512, New512) |
|||
} |
@ -0,0 +1,193 @@ |
|||
// Copyright 2014 The Go Authors. All rights reserved.
|
|||
// Use of this source code is governed by a BSD-style
|
|||
// license that can be found in the LICENSE file.
|
|||
|
|||
package sha3 |
|||
|
|||
// spongeDirection indicates the direction bytes are flowing through the sponge.
|
|||
type spongeDirection int |
|||
|
|||
const ( |
|||
// spongeAbsorbing indicates that the sponge is absorbing input.
|
|||
spongeAbsorbing spongeDirection = iota |
|||
// spongeSqueezing indicates that the sponge is being squeezed.
|
|||
spongeSqueezing |
|||
) |
|||
|
|||
const ( |
|||
// maxRate is the maximum size of the internal buffer. SHAKE-256
|
|||
// currently needs the largest buffer.
|
|||
maxRate = 168 |
|||
) |
|||
|
|||
type state struct { |
|||
// Generic sponge components.
|
|||
a [25]uint64 // main state of the hash
|
|||
buf []byte // points into storage
|
|||
rate int // the number of bytes of state to use
|
|||
|
|||
// dsbyte contains the "domain separation" bits and the first bit of
|
|||
// the padding. Sections 6.1 and 6.2 of [1] separate the outputs of the
|
|||
// SHA-3 and SHAKE functions by appending bitstrings to the message.
|
|||
// Using a little-endian bit-ordering convention, these are "01" for SHA-3
|
|||
// and "1111" for SHAKE, or 00000010b and 00001111b, respectively. Then the
|
|||
// padding rule from section 5.1 is applied to pad the message to a multiple
|
|||
// of the rate, which involves adding a "1" bit, zero or more "0" bits, and
|
|||
// a final "1" bit. We merge the first "1" bit from the padding into dsbyte,
|
|||
// giving 00000110b (0x06) and 00011111b (0x1f).
|
|||
// [1] http://csrc.nist.gov/publications/drafts/fips-202/fips_202_draft.pdf
|
|||
// "Draft FIPS 202: SHA-3 Standard: Permutation-Based Hash and
|
|||
// Extendable-Output Functions (May 2014)"
|
|||
dsbyte byte |
|||
|
|||
storage storageBuf |
|||
|
|||
// Specific to SHA-3 and SHAKE.
|
|||
outputLen int // the default output size in bytes
|
|||
state spongeDirection // whether the sponge is absorbing or squeezing
|
|||
} |
|||
|
|||
// BlockSize returns the rate of sponge underlying this hash function.
|
|||
func (d *state) BlockSize() int { return d.rate } |
|||
|
|||
// Size returns the output size of the hash function in bytes.
|
|||
func (d *state) Size() int { return d.outputLen } |
|||
|
|||
// Reset clears the internal state by zeroing the sponge state and
|
|||
// the byte buffer, and setting Sponge.state to absorbing.
|
|||
func (d *state) Reset() { |
|||
// Zero the permutation's state.
|
|||
for i := range d.a { |
|||
d.a[i] = 0 |
|||
} |
|||
d.state = spongeAbsorbing |
|||
d.buf = d.storage.asBytes()[:0] |
|||
} |
|||
|
|||
func (d *state) clone() *state { |
|||
ret := *d |
|||
if ret.state == spongeAbsorbing { |
|||
ret.buf = ret.storage.asBytes()[:len(ret.buf)] |
|||
} else { |
|||
ret.buf = ret.storage.asBytes()[d.rate-cap(d.buf) : d.rate] |
|||
} |
|||
|
|||
return &ret |
|||
} |
|||
|
|||
// permute applies the KeccakF-1600 permutation. It handles
|
|||
// any input-output buffering.
|
|||
func (d *state) permute() { |
|||
switch d.state { |
|||
case spongeAbsorbing: |
|||