def initstate(self, salt=0): c64 = Poly(PI, size=64) if self.size > 256: self.c = c64 self.rounds = 16 else: c64.dim = 8 self.c = c64.split(32) for i in range(0, 16, 2): self.c.ival[i:i + 2] = self.c.ival[i + 1], self.c.ival[i] self.rounds = 14 self.IV = Poly([x.int() for x in SHA2(self.size).H], self.wsize) self.padmethod = Blakepadding(self.size) self.salt = Poly(salt, self.wsize * 4).split(self.wsize) self.salt.ival.reverse() self.H = Poly(self.IV)
def initstate(self,salt=0): c64 = Poly(PI,size=64) if self.size>256: self.c = c64 self.rounds = 16 else: c64.dim = 8 self.c = c64.split(32) for i in range(0,16,2): self.c.ival[i:i+2] = self.c.ival[i+1],self.c.ival[i] self.rounds = 14 self.IV = Poly([x.int() for x in SHA2(self.size).H],self.wsize) self.padmethod = Blakepadding(self.size) self.salt = Poly(salt,self.wsize*4).split(self.wsize) self.salt.ival.reverse() self.H = Poly(self.IV)
class Blake(object): def __init__(self, size): self.size = size assert size in (224, 256, 384, 512) self.blocksize = 1024 if size > 256 else 512 self.wsize = 64 if size > 256 else 32 self.outlen = self.size // 8 def initstate(self, salt=0): c64 = Poly(PI, size=64) if self.size > 256: self.c = c64 self.rounds = 16 else: c64.dim = 8 self.c = c64.split(32) for i in range(0, 16, 2): self.c.ival[i:i + 2] = self.c.ival[i + 1], self.c.ival[i] self.rounds = 14 self.IV = Poly([x.int() for x in SHA2(self.size).H], self.wsize) self.padmethod = Blakepadding(self.size) self.salt = Poly(salt, self.wsize * 4).split(self.wsize) self.salt.ival.reverse() self.H = Poly(self.IV) def iterblocks(self, M, bitlen=None, padding=False): fmt = '>16L' if self.wsize == 32 else '>16Q' for B in self.padmethod.iterblocks(M, bitlen=bitlen, padding=padding): W = struct.unpack(fmt, B) yield [Bits(w, self.wsize) for w in W] def __call__(self, M, s=0, bitlen=None): self.initstate(salt=s) return self.update(M, bitlen=bitlen, padding=True) def update(self, M, bitlen=None, padding=False): def G(W, r, i, v, ja, jb, jc, jd): ii = i + i p, q = sigma[r % 10][ii:ii + 2] xx = (32, 25, 16, 11) if self.size > 256 else (16, 12, 8, 7) a, b, c, d = (x for x in v[ja, jb, jc, jd]) a = a + b + (W[p] ^ self.c.e(q)) d = ror(d ^ a, xx[0]) c = c + d b = ror(b ^ c, xx[1]) a = a + b + (W[q] ^ self.c.e(p)) d = ror(d ^ a, xx[2]) c = c + d b = ror(b ^ c, xx[3]) v[ja, jb, jc, jd] = a, b, c, d for W in self.iterblocks(M, bitlen=bitlen, padding=padding): # initialize v[0...15]: v = Poly(0, self.wsize, dim=16) v[0:8] = self.H s = self.salt # counter convention is dumb: t[0] is the *low* wsize part t0, t1 = Bits(self.padmethod.bitcnt, 2 * self.wsize).split(self.wsize) polyt = Poly([t0, t0, t1, t1], self.wsize) v[8:12] = s ^ self.c[0:4] v[12:16] = polyt ^ self.c[4:8] for r in range(self.rounds): G(W, r, 0, v, 0, 4, 8, 12) G(W, r, 1, v, 1, 5, 9, 13) G(W, r, 2, v, 2, 6, 10, 14) G(W, r, 3, v, 3, 7, 11, 15) G(W, r, 4, v, 0, 5, 10, 15) G(W, r, 5, v, 1, 6, 11, 12) G(W, r, 6, v, 2, 7, 8, 13) G(W, r, 7, v, 3, 4, 9, 14) self.H[0:4] ^= (s ^ v[0:4] ^ v[8:12]) self.H[4:8] ^= (s ^ v[4:8] ^ v[12:16]) return b''.join([pack(h, '>L') for h in self.H])[:self.outlen]
class Blake(object): def __init__(self,size): self.size = size assert size in (224,256,384,512) self.blocksize = 1024 if size>256 else 512 self.wsize = 64 if size>256 else 32 self.outlen = self.size//8 def initstate(self,salt=0): c64 = Poly(PI,size=64) if self.size>256: self.c = c64 self.rounds = 16 else: c64.dim = 8 self.c = c64.split(32) for i in range(0,16,2): self.c.ival[i:i+2] = self.c.ival[i+1],self.c.ival[i] self.rounds = 14 self.IV = Poly([x.int() for x in SHA2(self.size).H],self.wsize) self.padmethod = Blakepadding(self.size) self.salt = Poly(salt,self.wsize*4).split(self.wsize) self.salt.ival.reverse() self.H = Poly(self.IV) def iterblocks(self,M,bitlen=None,padding=False): fmt = '>16L' if self.wsize==32 else '>16Q' for B in self.padmethod.iterblocks(M,bitlen=bitlen,padding=padding): W = struct.unpack(fmt,B) yield [Bits(w,self.wsize) for w in W] def __call__(self,M,s=0,bitlen=None): self.initstate(salt=s) return self.update(M,bitlen=bitlen,padding=True) def update(self,M,bitlen=None,padding=False): def G(W,r,i,v,ja,jb,jc,jd): ii = i+i p,q = sigma[r%10][ii:ii+2] xx = (32,25,16,11) if self.size>256 else (16,12,8,7) a,b,c,d = (x for x in v[ja,jb,jc,jd]) a = a+b+(W[p]^self.c.e(q)) d = ror(d^a,xx[0]) c = c+d b = ror(b^c,xx[1]) a = a+b+(W[q]^self.c.e(p)) d = ror(d^a,xx[2]) c = c+d b = ror(b^c,xx[3]) v[ja,jb,jc,jd] = a,b,c,d for W in self.iterblocks(M,bitlen=bitlen,padding=padding): # initialize v[0...15]: v = Poly(0,self.wsize,dim=16) v[0:8] = self.H s = self.salt # counter convention is dumb: t[0] is the *low* wsize part t0,t1 = Bits(self.padmethod.bitcnt,2*self.wsize).split(self.wsize) polyt = Poly([t0,t0,t1,t1],self.wsize) v[8:12] = s^self.c[0:4] v[12:16] = polyt^self.c[4:8] for r in range(self.rounds): G(W,r,0,v,0,4,8,12) G(W,r,1,v,1,5,9,13) G(W,r,2,v,2,6,10,14) G(W,r,3,v,3,7,11,15) G(W,r,4,v,0,5,10,15) G(W,r,5,v,1,6,11,12) G(W,r,6,v,2,7,8,13) G(W,r,7,v,3,4,9,14) self.H[0:4] ^= (s^v[0:4]^v[8:12]) self.H[4:8] ^= (s^v[4:8]^v[12:16]) return b''.join([pack(h,'>L') for h in self.H])[:self.outlen]