def initstate(self, salt=0):
c64 = Poly(PI, size=64)
if self.size > 256:
self.c = c64
self.rounds = 16
else:
c64.dim = 8
self.c = c64.split(32)
for i in range(0, 16, 2):
self.c.ival[i:i + 2] = self.c.ival[i + 1], self.c.ival[i]
self.rounds = 14
self.IV = Poly([x.int() for x in SHA2(self.size).H], self.wsize)
self.padmethod = Blakepadding(self.size)
self.salt = Poly(salt, self.wsize * 4).split(self.wsize)
self.salt.ival.reverse()
self.H = Poly(self.IV)
def initstate(self,salt=0):
c64 = Poly(PI,size=64)
if self.size>256:
self.c = c64
self.rounds = 16
else:
c64.dim = 8
self.c = c64.split(32)
for i in range(0,16,2):
self.c.ival[i:i+2] = self.c.ival[i+1],self.c.ival[i]
self.rounds = 14
self.IV = Poly([x.int() for x in SHA2(self.size).H],self.wsize)
self.padmethod = Blakepadding(self.size)
self.salt = Poly(salt,self.wsize*4).split(self.wsize)
self.salt.ival.reverse()
self.H = Poly(self.IV)
class Blake(object):
def __init__(self, size):
self.size = size
assert size in (224, 256, 384, 512)
self.blocksize = 1024 if size > 256 else 512
self.wsize = 64 if size > 256 else 32
self.outlen = self.size // 8
def initstate(self, salt=0):
c64 = Poly(PI, size=64)
if self.size > 256:
self.c = c64
self.rounds = 16
else:
c64.dim = 8
self.c = c64.split(32)
for i in range(0, 16, 2):
self.c.ival[i:i + 2] = self.c.ival[i + 1], self.c.ival[i]
self.rounds = 14
self.IV = Poly([x.int() for x in SHA2(self.size).H], self.wsize)
self.padmethod = Blakepadding(self.size)
self.salt = Poly(salt, self.wsize * 4).split(self.wsize)
self.salt.ival.reverse()
self.H = Poly(self.IV)
def iterblocks(self, M, bitlen=None, padding=False):
fmt = '>16L' if self.wsize == 32 else '>16Q'
for B in self.padmethod.iterblocks(M, bitlen=bitlen, padding=padding):
W = struct.unpack(fmt, B)
yield [Bits(w, self.wsize) for w in W]
def __call__(self, M, s=0, bitlen=None):
self.initstate(salt=s)
return self.update(M, bitlen=bitlen, padding=True)
def update(self, M, bitlen=None, padding=False):
def G(W, r, i, v, ja, jb, jc, jd):
ii = i + i
p, q = sigma[r % 10][ii:ii + 2]
xx = (32, 25, 16, 11) if self.size > 256 else (16, 12, 8, 7)
a, b, c, d = (x for x in v[ja, jb, jc, jd])
a = a + b + (W[p] ^ self.c.e(q))
d = ror(d ^ a, xx[0])
c = c + d
b = ror(b ^ c, xx[1])
a = a + b + (W[q] ^ self.c.e(p))
d = ror(d ^ a, xx[2])
c = c + d
b = ror(b ^ c, xx[3])
v[ja, jb, jc, jd] = a, b, c, d
for W in self.iterblocks(M, bitlen=bitlen, padding=padding):
# initialize v[0...15]:
v = Poly(0, self.wsize, dim=16)
v[0:8] = self.H
s = self.salt
# counter convention is dumb: t[0] is the *low* wsize part
t0, t1 = Bits(self.padmethod.bitcnt,
2 * self.wsize).split(self.wsize)
polyt = Poly([t0, t0, t1, t1], self.wsize)
v[8:12] = s ^ self.c[0:4]
v[12:16] = polyt ^ self.c[4:8]
for r in range(self.rounds):
G(W, r, 0, v, 0, 4, 8, 12)
G(W, r, 1, v, 1, 5, 9, 13)
G(W, r, 2, v, 2, 6, 10, 14)
G(W, r, 3, v, 3, 7, 11, 15)
G(W, r, 4, v, 0, 5, 10, 15)
G(W, r, 5, v, 1, 6, 11, 12)
G(W, r, 6, v, 2, 7, 8, 13)
G(W, r, 7, v, 3, 4, 9, 14)
self.H[0:4] ^= (s ^ v[0:4] ^ v[8:12])
self.H[4:8] ^= (s ^ v[4:8] ^ v[12:16])
return b''.join([pack(h, '>L') for h in self.H])[:self.outlen]
class Blake(object):
def __init__(self,size):
self.size = size
assert size in (224,256,384,512)
self.blocksize = 1024 if size>256 else 512
self.wsize = 64 if size>256 else 32
self.outlen = self.size//8
def initstate(self,salt=0):
c64 = Poly(PI,size=64)
if self.size>256:
self.c = c64
self.rounds = 16
else:
c64.dim = 8
self.c = c64.split(32)
for i in range(0,16,2):
self.c.ival[i:i+2] = self.c.ival[i+1],self.c.ival[i]
self.rounds = 14
self.IV = Poly([x.int() for x in SHA2(self.size).H],self.wsize)
self.padmethod = Blakepadding(self.size)
self.salt = Poly(salt,self.wsize*4).split(self.wsize)
self.salt.ival.reverse()
self.H = Poly(self.IV)
def iterblocks(self,M,bitlen=None,padding=False):
fmt = '>16L' if self.wsize==32 else '>16Q'
for B in self.padmethod.iterblocks(M,bitlen=bitlen,padding=padding):
W = struct.unpack(fmt,B)
yield [Bits(w,self.wsize) for w in W]
def __call__(self,M,s=0,bitlen=None):
self.initstate(salt=s)
return self.update(M,bitlen=bitlen,padding=True)
def update(self,M,bitlen=None,padding=False):
def G(W,r,i,v,ja,jb,jc,jd):
ii = i+i
p,q = sigma[r%10][ii:ii+2]
xx = (32,25,16,11) if self.size>256 else (16,12,8,7)
a,b,c,d = (x for x in v[ja,jb,jc,jd])
a = a+b+(W[p]^self.c.e(q))
d = ror(d^a,xx[0])
c = c+d
b = ror(b^c,xx[1])
a = a+b+(W[q]^self.c.e(p))
d = ror(d^a,xx[2])
c = c+d
b = ror(b^c,xx[3])
v[ja,jb,jc,jd] = a,b,c,d
for W in self.iterblocks(M,bitlen=bitlen,padding=padding):
# initialize v[0...15]:
v = Poly(0,self.wsize,dim=16)
v[0:8] = self.H
s = self.salt
# counter convention is dumb: t[0] is the *low* wsize part
t0,t1 = Bits(self.padmethod.bitcnt,2*self.wsize).split(self.wsize)
polyt = Poly([t0,t0,t1,t1],self.wsize)
v[8:12] = s^self.c[0:4]
v[12:16] = polyt^self.c[4:8]
for r in range(self.rounds):
G(W,r,0,v,0,4,8,12)
G(W,r,1,v,1,5,9,13)
G(W,r,2,v,2,6,10,14)
G(W,r,3,v,3,7,11,15)
G(W,r,4,v,0,5,10,15)
G(W,r,5,v,1,6,11,12)
G(W,r,6,v,2,7,8,13)
G(W,r,7,v,3,4,9,14)
self.H[0:4] ^= (s^v[0:4]^v[8:12])
self.H[4:8] ^= (s^v[4:8]^v[12:16])
return b''.join([pack(h,'>L') for h in self.H])[:self.outlen]
