def update(self, M, bitlen=None, padding=False):
for W in self.iterblocks(M, bitlen=bitlen, padding=padding):
a, b, c, d = self.H
assert len(W) == 16
W.extend([
W[i]
for i in (1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12)
])
W.extend([
W[i]
for i in (5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2)
])
W.extend([
W[i]
for i in (0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9)
])
for i in range(4 * 16):
r = i // 16
T = b + rol(a + self.ft[r](b, c, d) + W[i] + self.K[i],
self.st[r][i % 4])
a = d
d = c
c = b
b = T
self.H[0] += a
self.H[1] += b
self.H[2] += c
self.H[3] += d
return b''.join([pack(h) for h in self.H])
def update(self,M,bitlen=None,padding=False):
for W in self.iterblocks(M,bitlen=bitlen,padding=padding):
a,b,c,d,e = self.H
assert len(W)==16
for t in range(16,80):
w = rol(W[t-3]^W[t-8]^W[t-14]^W[t-16],self.version)
W.append(w)
for r in range(80):
T = rol(a,5)+self.ft[r](b,c,d)+e+self.K[r]+W[r]
e = d
d = c
c = rol(b,30)
b = a
a = T
self.H[0] += a
self.H[1] += b
self.H[2] += c
self.H[3] += d
self.H[4] += e
return ''.join([pack(h,'>L') for h in self.H])
def update(self, M, bitlen=None, padding=False):
for W in self.iterblocks(M, bitlen=bitlen, padding=padding):
a, b, c, d, e = self.H
assert len(W) == 16
for t in range(16, 80):
w = rol(W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16],
self.version)
W.append(w)
for r in range(80):
T = rol(a, 5) + self.ft[r](b, c, d) + e + self.K[r] + W[r]
e = d
d = c
c = rol(b, 30)
b = a
a = T
self.H[0] += a
self.H[1] += b
self.H[2] += c
self.H[3] += d
self.H[4] += e
return b''.join([pack(h, '>L') for h in self.H])
def __init__(self,K):
self.K = Bits(K,bitorder=1)
if len(self.K)<256:
self.K = self.K//Bits(1,1)
self.K.size = 256
# key schelule:
prekey = []
phi = Bits(0x9e3779b9,32)
for p in range(0,256,32):
prekey.append(self.K[p:p+32])
for i in range(132):
wi = rol((prekey[-8]^prekey[-5]^prekey[-3]^prekey[-1]^phi^i),11)
prekey.append(wi)
self.keys = _keysched(prekey)
def f(self, N):
n = N.dim
t = 16 * self.rounds
t0, t1, t2, t3, t4 = 17, 18, 21, 31, 67
A = N // Poly(0, 64, dim=t)
S = Bits(0x0123456789abcdef, 64)
j = 0
for i in range(n, n + t):
x = S ^ A.e(i - n) ^ A.e(i - t0)
x = x ^ (A.e(i - t1) & A.e(i - t2)) ^ (A.e(i - t3) & A.e(i - t4))
x = x ^ (x >> rin[j])
A[i] = x ^ (x << lin[j])
j += 1
if j == 16:
S = rol(S, 1) ^ (S & 0x7311c2812425cfa0)
j = 0
return A[-16:]
def update(self,M,bitlen=None,padding=False):
for W in self.iterblocks(M,bitlen=bitlen,padding=padding):
a,b,c,d = self.H
assert len(W)==16
W.extend([W[i] for i in (0,4,8,12,1,5,9,13,2,6,10,14,3,7,11,15)])
W.extend([W[i] for i in (0,8,4,12,2,10,6,14,1,9,5,13,3,11,7,15)])
for i in range(3*16):
r = i//16
T = rol(a+self.ft[r](b,c,d)+W[i]+self.K[r],self.st[r][i%4])
a = d
d = c
c = b
b = T
self.H[0] += a
self.H[1] += b
self.H[2] += c
self.H[3] += d
return b''.join([pack(h) for h in self.H])
def f(self,N):
C = Poly(0,64,dim=16)
n = N.dim
t = 16*self.rounds
t0,t1,t2,t3,t4 = 17,18,21,31,67
A = N//Poly(0,64,dim=t)
S = Bits(0x0123456789abcdef,64)
j = 0
for i in range(n,n+t):
x = S^A.e(i-n)^A.e(i-t0)
x = x^(A.e(i-t1) & A.e(i-t2))^(A.e(i-t3) & A.e(i-t4))
x = x^(x>>rin[j])
A[i] = x^(x<<lin[j])
j += 1
if j==16:
S = rol(S,1)^(S&0x7311c2812425cfa0)
j=0
return A[-16:]
def update(self,M,bitlen=None,padding=False):
for W in self.iterblocks(M,bitlen=bitlen,padding=padding):
a,b,c,d = self.H
assert len(W)==16
W.extend([W[i] for i in (1,6,11,0,5,10,15,4,9,14,3,8,13,2,7,12)])
W.extend([W[i] for i in (5,8,11,14,1,4,7,10,13,0,3,6,9,12,15,2)])
W.extend([W[i] for i in (0,7,14,5,12,3,10,1,8,15,6,13,4,11,2,9)])
for i in range(4*16):
r = i/16
T = b+rol(a+self.ft[r](b,c,d)+W[i]+self.K[i],self.st[r][i%4])
a = d
d = c
c = b
b = T
self.H[0] += a
self.H[1] += b
self.H[2] += c
self.H[3] += d
return ''.join([pack(h) for h in self.H])
def _L(X):
assert X.size==128
X = X.split(32)
X[0] = rol(X[0],13)
X[2] = rol(X[2],3)
X[1] = X[1]^X[0]^X[2]
X[3] = X[3]^X[2]^(X[0]<<3)
X[1] = rol(X[1],1)
X[3] = rol(X[3],7)
X[0] = X[0]^X[1]^X[3]
X[2] = X[2]^X[3]^(X[1]<<7)
X[0] = rol(X[0],5)
X[2] = rol(X[2],22)
return concat(X)
def __MIX(self,x0,x1,d,j):
y0 = x0+x1
y1 = rol(x1,self.__R[d%8][j])^y0
return [y0,y1]