# ===================================================================
#
# Copyright (c) 2021, Legrandin <helderijs@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
# ===================================================================
from Crypto.Util._raw_api import (VoidPointer, SmartPointer,
create_string_buffer,
get_raw_buffer, c_size_t,
c_uint8_ptr, c_ubyte)
from Crypto.Util.number import long_to_bytes
from Crypto.Util.py3compat import bchr
from .keccak import _raw_keccak_lib
def _length_encode(x):
if x == 0:
return b'\x00'
S = long_to_bytes(x)
return S + bchr(len(S))
# Possible states for a KangarooTwelve instance, which depend on the amount of data processed so far.
SHORT_MSG = 1 # Still within the first 8192 bytes, but it is not certain we will exceed them.
LONG_MSG_S0 = 2 # Still within the first 8192 bytes, and it is certain we will exceed them.
LONG_MSG_SX = 3 # Beyond the first 8192 bytes.
SQUEEZING = 4 # No more data to process.
class K12_XOF(object):
"""A KangarooTwelve hash object.
Do not instantiate directly.
Use the :func:`new` function.
"""
def __init__(self, data, custom):
if custom == None:
custom = b''
self._custom = custom + _length_encode(len(custom))
self._state = SHORT_MSG
self._padding = None # Final padding is only decided in read()
# Internal hash that consumes FinalNode
self._hash1 = self._create_keccak()
self._length1 = 0
# Internal hash that produces CV_i (reset each time)
self._hash2 = None
self._length2 = 0
# Incremented by one for each 8192-byte block
self._ctr = 0
if data:
self.update(data)
def _create_keccak(self):
state = VoidPointer()
result = _raw_keccak_lib.keccak_init(state.address_of(),
c_size_t(32), # 32 bytes of capacity (256 bits)
c_ubyte(12)) # Reduced number of rounds
if result:
raise ValueError("Error %d while instantiating KangarooTwelve"
% result)
return SmartPointer(state.get(), _raw_keccak_lib.keccak_destroy)
def _update(self, data, hash_obj):
result = _raw_keccak_lib.keccak_absorb(hash_obj.get(),
c_uint8_ptr(data),
c_size_t(len(data)))
if result:
raise ValueError("Error %d while updating KangarooTwelve state"
% result)
def _squeeze(self, hash_obj, length, padding):
bfr = create_string_buffer(length)
result = _raw_keccak_lib.keccak_squeeze(hash_obj.get(),
bfr,
c_size_t(length),
c_ubyte(padding))
if result:
raise ValueError("Error %d while extracting from KangarooTwelve"
% result)
return get_raw_buffer(bfr)
def _reset(self, hash_obj):
result = _raw_keccak_lib.keccak_reset(hash_obj.get())
if result:
raise ValueError("Error %d while resetting KangarooTwelve state"
% result)
def update(self, data):
"""Hash the next piece of data.
.. note::
For better performance, submit chunks with a length multiple of 8192 bytes.
Args:
data (byte string/byte array/memoryview): The next chunk of the
message to hash.
"""
if self._state == SQUEEZING:
raise TypeError("You cannot call 'update' after the first 'read'")
if self._state == SHORT_MSG:
next_length = self._length1 + len(data)
if next_length + len(self._custom) <= 8192:
self._length1 = next_length
self._update(data, self._hash1)
return self
# Switch to tree hashing
self._state = LONG_MSG_S0
if self._state == LONG_MSG_S0:
data_mem = memoryview(data)
assert(self._length1 < 8192)
dtc = min(len(data), 8192 - self._length1)
self._update(data_mem[:dtc], self._hash1)
self._length1 += dtc
if self._length1 < 8192:
return self
# Finish hashing S_0 and start S_1
assert(self._length1 == 8192)
divider = b'\x03' + b'\x00' * 7
self._update(divider, self._hash1)
self._length1 += 8
self._hash2 = self._create_keccak()
self._length2 = 0
self._ctr = 1
self._state = LONG_MSG_SX
return self.update(data_mem[dtc:])
# LONG_MSG_SX
assert(self._state == LONG_MSG_SX)
index = 0
len_data = len(data)
# All iteractions could actually run in parallel
data_mem = memoryview(data)
while index < len_data:
new_index = min(index + 8192 - self._length2, len_data)
self._update(data_mem[index:new_index], self._hash2)
self._length2 += new_index - index
index = new_index
if self._length2 == 8192:
cv_i = self._squeeze(self._hash2, 32, 0x0B)
self._update(cv_i, self._hash1)
self._length1 += 32
self._reset(self._hash2)
self._length2 = 0
self._ctr += 1
return self
def read(self, length):
"""
Produce more bytes of the digest.
.. note::
You cannot use :meth:`update` anymore after the first call to
:meth:`read`.
Args:
length (integer): the amount of bytes this method must return
:return: the next piece of XOF output (of the given length)
:rtype: byte string
"""
custom_was_consumed = False
if self._state == SHORT_MSG:
self._update(self._custom, self._hash1)
self._padding = 0x07
self._state = SQUEEZING
if self._state == LONG_MSG_S0:
self.update(self._custom)
custom_was_consumed = True
assert(self._state == LONG_MSG_SX)
if self._state == LONG_MSG_SX:
if not custom_was_consumed:
self.update(self._custom)
# Is there still some leftover data in hash2?
if self._length2 > 0:
cv_i = self._squeeze(self._hash2, 32, 0x0B)
self._update(cv_i, self._hash1)
self._length1 += 32
self._reset(self._hash2)
self._length2 = 0
self._ctr += 1
trailer = _length_encode(self._ctr - 1) + b'\xFF\xFF'
self._update(trailer, self._hash1)
self._padding = 0x06
self._state = SQUEEZING
return self._squeeze(self._hash1, length, self._padding)
def new(self, data=None, custom=b''):
return type(self)(data, custom)
def new(data=None, custom=None):
"""Return a fresh instance of a KangarooTwelve object.
Args:
data (bytes/bytearray/memoryview):
Optional.
The very first chunk of the message to hash.
It is equivalent to an early call to :meth:`update`.
custom (bytes):
Optional.
A customization byte string.
:Return: A :class:`K12_XOF` object
"""
return K12_XOF(data, custom)
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| __pycache__ | Folder | 0755 |
|
|
| BLAKE2b.py | File | 9.2 KB | 0644 |
|
| BLAKE2b.pyi | File | 906 B | 0644 |
|
| BLAKE2s.py | File | 9.21 KB | 0644 |
|
| BLAKE2s.pyi | File | 739 B | 0644 |
|
| CMAC.py | File | 10.11 KB | 0644 |
|
| CMAC.pyi | File | 822 B | 0644 |
|
| HMAC.py | File | 6.86 KB | 0644 |
|
| HMAC.pyi | File | 624 B | 0644 |
|
| KMAC128.py | File | 5.81 KB | 0644 |
|
| KMAC128.pyi | File | 903 B | 0644 |
|
| KMAC256.py | File | 2.84 KB | 0644 |
|
| KMAC256.pyi | File | 226 B | 0644 |
|
| KangarooTwelve.py | File | 8.82 KB | 0644 |
|
| KangarooTwelve.pyi | File | 572 B | 0644 |
|
| MD2.py | File | 5.97 KB | 0644 |
|
| MD2.pyi | File | 492 B | 0644 |
|
| MD4.py | File | 6.43 KB | 0644 |
|
| MD4.pyi | File | 532 B | 0644 |
|
| MD5.py | File | 6.46 KB | 0644 |
|
| MD5.pyi | File | 492 B | 0644 |
|
| Poly1305.py | File | 7.88 KB | 0644 |
|
| Poly1305.pyi | File | 665 B | 0644 |
|
| RIPEMD.py | File | 1.17 KB | 0644 |
|
| RIPEMD.pyi | File | 94 B | 0644 |
|
| RIPEMD160.py | File | 6.25 KB | 0644 |
|
| RIPEMD160.pyi | File | 516 B | 0644 |
|
| SHA.py | File | 1.12 KB | 0644 |
|
| SHA.pyi | File | 161 B | 0644 |
|
| SHA1.py | File | 6.53 KB | 0644 |
|
| SHA1.pyi | File | 536 B | 0644 |
|
| SHA224.py | File | 6.74 KB | 0644 |
|
| SHA224.pyi | File | 544 B | 0644 |
|
| SHA256.py | File | 6.74 KB | 0644 |
|
| SHA256.pyi | File | 612 B | 0644 |
|
| SHA384.py | File | 6.74 KB | 0644 |
|
| SHA384.pyi | File | 544 B | 0644 |
|
| SHA3_224.py | File | 6.03 KB | 0644 |
|
| SHA3_224.pyi | File | 605 B | 0644 |
|
| SHA3_256.py | File | 6.03 KB | 0644 |
|
| SHA3_256.pyi | File | 605 B | 0644 |
|
| SHA3_384.py | File | 6.13 KB | 0644 |
|
| SHA3_384.pyi | File | 605 B | 0644 |
|
| SHA3_512.py | File | 5.99 KB | 0644 |
|
| SHA3_512.pyi | File | 605 B | 0644 |
|
| SHA512.py | File | 7.54 KB | 0644 |
|
| SHA512.pyi | File | 622 B | 0644 |
|
| SHAKE128.py | File | 4.65 KB | 0644 |
|
| SHAKE128.pyi | File | 437 B | 0644 |
|
| SHAKE256.py | File | 4.65 KB | 0644 |
|
| SHAKE256.pyi | File | 437 B | 0644 |
|
| TupleHash128.py | File | 4.61 KB | 0644 |
|
| TupleHash128.pyi | File | 652 B | 0644 |
|
| TupleHash256.py | File | 2.84 KB | 0644 |
|
| TupleHash256.pyi | File | 144 B | 0644 |
|
| _BLAKE2b.abi3.so | File | 26.78 KB | 0755 |
|
| _BLAKE2s.abi3.so | File | 26.32 KB | 0755 |
|
| _MD2.abi3.so | File | 22.59 KB | 0755 |
|
| _MD4.abi3.so | File | 26.55 KB | 0755 |
|
| _MD5.abi3.so | File | 31.26 KB | 0755 |
|
| _RIPEMD160.abi3.so | File | 59.3 KB | 0755 |
|
| _SHA1.abi3.so | File | 70.38 KB | 0755 |
|
| _SHA224.abi3.so | File | 44.7 KB | 0755 |
|
| _SHA256.abi3.so | File | 44.76 KB | 0755 |
|
| _SHA384.abi3.so | File | 52.89 KB | 0755 |
|
| _SHA512.abi3.so | File | 52.93 KB | 0755 |
|
| __init__.py | File | 1.21 KB | 0644 |
|
| __init__.pyi | File | 0 B | 0644 |
|
| _ghash_clmul.abi3.so | File | 57.01 KB | 0755 |
|
| _ghash_portable.abi3.so | File | 24.44 KB | 0755 |
|
| _keccak.abi3.so | File | 40.66 KB | 0755 |
|
| _poly1305.abi3.so | File | 32.64 KB | 0755 |
|
| cSHAKE128.py | File | 6.17 KB | 0644 |
|
| cSHAKE128.pyi | File | 499 B | 0644 |
|
| cSHAKE256.py | File | 2.15 KB | 0644 |
|
| cSHAKE256.pyi | File | 231 B | 0644 |
|
| keccak.py | File | 7.37 KB | 0644 |
|
| keccak.pyi | File | 741 B | 0644 |
|