github.com/waltonchain/waltonchain_gwtc_src@v1.1.4-0.20201225072101-8a298c95a819/crypto/x11/keccak/keccak.go (about) 1 // Use of this source code is governed by an ISC 2 // license that can be found in the LICENSE file. 3 4 package keccak 5 6 import ( 7 "fmt" 8 9 "github.com/wtc/go-wtc/crypto/hash" 10 ) 11 12 // HashSize holds the size of a hash in bytes. 13 const HashSize = int(64) 14 15 // BlockSize holds the size of a block in bytes. 16 const BlockSize = uintptr(72) 17 18 //////////////// 19 20 type digest struct { 21 ptr uintptr 22 cnt uintptr 23 24 h [25]uint64 25 26 b [144]byte 27 } 28 29 // New returns a new digest compute a KECCAK512 hash. 30 func New() hash.Digest { 31 ref := &digest{} 32 ref.Reset() 33 return ref 34 } 35 36 //////////////// 37 38 // Reset resets the digest to its initial state. 39 func (ref *digest) Reset() { 40 ref.ptr = 0 41 ref.cnt = 200 - (512 >> 2) 42 43 h := ref.h[:] 44 h[0] = uint64(0x0) 45 h[1] = uint64(0xFFFFFFFFFFFFFFFF) 46 h[2] = uint64(0xFFFFFFFFFFFFFFFF) 47 h[3] = uint64(0x0) 48 h[4] = uint64(0x0) 49 h[5] = uint64(0x0) 50 h[6] = uint64(0x0) 51 h[7] = uint64(0x0) 52 h[8] = uint64(0xFFFFFFFFFFFFFFFF) 53 h[9] = uint64(0x0) 54 h[10] = uint64(0x0) 55 h[11] = uint64(0x0) 56 h[12] = uint64(0xFFFFFFFFFFFFFFFF) 57 h[13] = uint64(0x0) 58 h[14] = uint64(0x0) 59 h[15] = uint64(0x0) 60 h[16] = uint64(0x0) 61 h[17] = uint64(0xFFFFFFFFFFFFFFFF) 62 h[18] = uint64(0x0) 63 h[19] = uint64(0x0) 64 h[20] = uint64(0xFFFFFFFFFFFFFFFF) 65 h[21] = uint64(0x0) 66 h[22] = uint64(0x0) 67 h[23] = uint64(0x0) 68 h[24] = uint64(0x0) 69 } 70 71 // Sum appends the current hash to dst and returns the result 72 // as a slice. It does not change the underlying hash state. 73 func (ref *digest) Sum(dst []byte) []byte { 74 dgt := *ref 75 hsh := [64]byte{} 76 dgt.Close(hsh[:], 0, 0) 77 return append(dst, hsh[:]...) 78 } 79 80 // Write more data to the running hash, never returns an error. 81 func (ref *digest) Write(src []byte) (int, error) { 82 sln := uintptr(len(src)) 83 fln := len(src) 84 ptr := ref.ptr 85 86 buf := ref.b[:] 87 sta := ref.h[:] 88 89 if sln < (BlockSize - ptr) { 90 copy(ref.b[ptr:], src) 91 ref.ptr += sln 92 return int(sln), nil 93 } 94 95 for sln > 0 { 96 cln := BlockSize - ptr 97 98 if cln > sln { 99 cln = sln 100 } 101 sln -= cln 102 103 copy(ref.b[ptr:], src[:cln]) 104 src = src[cln:] 105 ptr += cln 106 107 if ptr == BlockSize { 108 sta[0] ^= decUInt64le(buf[0:]) 109 sta[1] ^= decUInt64le(buf[8:]) 110 sta[2] ^= decUInt64le(buf[16:]) 111 sta[3] ^= decUInt64le(buf[24:]) 112 sta[4] ^= decUInt64le(buf[32:]) 113 sta[5] ^= decUInt64le(buf[40:]) 114 sta[6] ^= decUInt64le(buf[48:]) 115 sta[7] ^= decUInt64le(buf[56:]) 116 sta[8] ^= decUInt64le(buf[64:]) 117 118 for j := uintptr(0); j < 24; j++ { 119 var t0, t1, t2, t3, t4, tp uint64 120 121 { 122 var tt0, tt1, tt2, tt3 uint64 123 124 tt0 = sta[1] ^ sta[6] 125 tt1 = sta[11] ^ sta[16] 126 tt0 = tt0 ^ sta[21] 127 tt0 = tt0 ^ tt1 128 tt0 = (tt0 << 1) | (tt0 >> (64 - 1)) 129 tt2 = sta[4] ^ sta[9] 130 tt3 = sta[14] ^ sta[19] 131 tt0 = tt0 ^ sta[24] 132 tt2 = tt2 ^ tt3 133 t0 = tt0 ^ tt2 134 135 tt0 = sta[2] ^ sta[7] 136 tt1 = sta[12] ^ sta[17] 137 tt0 = tt0 ^ sta[22] 138 tt0 = tt0 ^ tt1 139 tt0 = (tt0 << 1) | (tt0 >> (64 - 1)) 140 tt2 = sta[0] ^ sta[5] 141 tt3 = sta[10] ^ sta[15] 142 tt0 = tt0 ^ sta[20] 143 tt2 = tt2 ^ tt3 144 t1 = tt0 ^ tt2 145 146 tt0 = sta[3] ^ sta[8] 147 tt1 = sta[13] ^ sta[18] 148 tt0 = tt0 ^ sta[23] 149 tt0 = tt0 ^ tt1 150 tt0 = (tt0 << 1) | (tt0 >> (64 - 1)) 151 tt2 = sta[1] ^ sta[6] 152 tt3 = sta[11] ^ sta[16] 153 tt0 = tt0 ^ sta[21] 154 tt2 = tt2 ^ tt3 155 t2 = tt0 ^ tt2 156 157 tt0 = sta[4] ^ sta[9] 158 tt1 = sta[14] ^ sta[19] 159 tt0 = tt0 ^ sta[24] 160 tt0 = tt0 ^ tt1 161 tt0 = (tt0 << 1) | (tt0 >> (64 - 1)) 162 tt2 = sta[2] ^ sta[7] 163 tt3 = sta[12] ^ sta[17] 164 tt0 = tt0 ^ sta[22] 165 tt2 = tt2 ^ tt3 166 t3 = tt0 ^ tt2 167 168 tt0 = sta[0] ^ sta[5] 169 tt1 = sta[10] ^ sta[15] 170 tt0 = tt0 ^ sta[20] 171 tt0 = tt0 ^ tt1 172 tt0 = (tt0 << 1) | (tt0 >> (64 - 1)) 173 tt2 = sta[3] ^ sta[8] 174 tt3 = sta[13] ^ sta[18] 175 tt0 = tt0 ^ sta[23] 176 tt2 = tt2 ^ tt3 177 t4 = tt0 ^ tt2 178 } 179 180 sta[0] = sta[0] ^ t0 181 sta[1] = sta[1] ^ t1 182 sta[2] = sta[2] ^ t2 183 sta[3] = sta[3] ^ t3 184 sta[4] = sta[4] ^ t4 185 sta[5] = sta[5] ^ t0 186 sta[6] = sta[6] ^ t1 187 sta[7] = sta[7] ^ t2 188 sta[8] = sta[8] ^ t3 189 sta[9] = sta[9] ^ t4 190 sta[10] = sta[10] ^ t0 191 sta[11] = sta[11] ^ t1 192 sta[12] = sta[12] ^ t2 193 sta[13] = sta[13] ^ t3 194 sta[14] = sta[14] ^ t4 195 sta[15] = sta[15] ^ t0 196 sta[16] = sta[16] ^ t1 197 sta[17] = sta[17] ^ t2 198 sta[18] = sta[18] ^ t3 199 sta[23] = sta[23] ^ t3 200 sta[19] = sta[19] ^ t4 201 sta[20] = sta[20] ^ t0 202 sta[22] = sta[22] ^ t2 203 sta[21] = sta[21] ^ t1 204 sta[24] = sta[24] ^ t4 205 206 sta[1] = (sta[1] << 1) | (sta[1] >> (64 - 1)) 207 sta[2] = (sta[2] << 62) | (sta[2] >> (64 - 62)) 208 sta[3] = (sta[3] << 28) | (sta[3] >> (64 - 28)) 209 sta[4] = (sta[4] << 27) | (sta[4] >> (64 - 27)) 210 sta[5] = (sta[5] << 36) | (sta[5] >> (64 - 36)) 211 sta[6] = (sta[6] << 44) | (sta[6] >> (64 - 44)) 212 sta[7] = (sta[7] << 6) | (sta[7] >> (64 - 6)) 213 sta[8] = (sta[8] << 55) | (sta[8] >> (64 - 55)) 214 sta[9] = (sta[9] << 20) | (sta[9] >> (64 - 20)) 215 sta[10] = (sta[10] << 3) | (sta[10] >> (64 - 3)) 216 sta[11] = (sta[11] << 10) | (sta[11] >> (64 - 10)) 217 sta[12] = (sta[12] << 43) | (sta[12] >> (64 - 43)) 218 sta[13] = (sta[13] << 25) | (sta[13] >> (64 - 25)) 219 sta[14] = (sta[14] << 39) | (sta[14] >> (64 - 39)) 220 sta[15] = (sta[15] << 41) | (sta[15] >> (64 - 41)) 221 sta[16] = (sta[16] << 45) | (sta[16] >> (64 - 45)) 222 sta[17] = (sta[17] << 15) | (sta[17] >> (64 - 15)) 223 sta[18] = (sta[18] << 21) | (sta[18] >> (64 - 21)) 224 sta[19] = (sta[19] << 8) | (sta[19] >> (64 - 8)) 225 sta[20] = (sta[20] << 18) | (sta[20] >> (64 - 18)) 226 sta[21] = (sta[21] << 2) | (sta[21] >> (64 - 2)) 227 sta[22] = (sta[22] << 61) | (sta[22] >> (64 - 61)) 228 sta[23] = (sta[23] << 56) | (sta[23] >> (64 - 56)) 229 sta[24] = (sta[24] << 14) | (sta[24] >> (64 - 14)) 230 231 tp = ^sta[12] 232 t0 = sta[6] | sta[12] 233 t0 = sta[0] ^ t0 234 t1 = tp | sta[18] 235 t1 = sta[6] ^ t1 236 t2 = sta[18] & sta[24] 237 t2 = sta[12] ^ t2 238 t3 = sta[24] | sta[0] 239 t3 = sta[18] ^ t3 240 t4 = sta[0] & sta[6] 241 t4 = sta[24] ^ t4 242 243 sta[0] = t0 244 sta[6] = t1 245 sta[12] = t2 246 sta[18] = t3 247 sta[24] = t4 248 249 tp = ^sta[22] 250 t0 = sta[9] | sta[10] 251 t0 = sta[3] ^ t0 252 t1 = sta[10] & sta[16] 253 t1 = sta[9] ^ t1 254 t2 = sta[16] | tp 255 t2 = sta[10] ^ t2 256 t3 = sta[22] | sta[3] 257 t3 = sta[16] ^ t3 258 t4 = sta[3] & sta[9] 259 t4 = sta[22] ^ t4 260 261 sta[3] = t0 262 sta[9] = t1 263 sta[10] = t2 264 sta[16] = t3 265 sta[22] = t4 266 267 tp = ^sta[19] 268 t0 = sta[7] | sta[13] 269 t0 = sta[1] ^ t0 270 t1 = sta[13] & sta[19] 271 t1 = sta[7] ^ t1 272 t2 = tp & sta[20] 273 t2 = sta[13] ^ t2 274 t3 = sta[20] | sta[1] 275 t3 = tp ^ t3 276 t4 = sta[1] & sta[7] 277 t4 = sta[20] ^ t4 278 279 sta[1] = t0 280 sta[7] = t1 281 sta[13] = t2 282 sta[19] = t3 283 sta[20] = t4 284 285 tp = ^sta[17] 286 t0 = sta[5] & sta[11] 287 t0 = sta[4] ^ t0 288 t1 = sta[11] | sta[17] 289 t1 = sta[5] ^ t1 290 t2 = tp | sta[23] 291 t2 = sta[11] ^ t2 292 t3 = sta[23] & sta[4] 293 t3 = tp ^ t3 294 t4 = sta[4] | sta[5] 295 t4 = sta[23] ^ t4 296 297 sta[4] = t0 298 sta[5] = t1 299 sta[11] = t2 300 sta[17] = t3 301 sta[23] = t4 302 303 tp = ^sta[8] 304 t0 = tp & sta[14] 305 t0 = sta[2] ^ t0 306 t1 = sta[14] | sta[15] 307 t1 = tp ^ t1 308 t2 = sta[15] & sta[21] 309 t2 = sta[14] ^ t2 310 t3 = sta[21] | sta[2] 311 t3 = sta[15] ^ t3 312 t4 = sta[2] & sta[8] 313 t4 = sta[21] ^ t4 314 315 sta[2] = t0 316 sta[8] = t1 317 sta[14] = t2 318 sta[15] = t3 319 sta[21] = t4 320 321 sta[0] = sta[0] ^ kSpec[j+0] 322 323 t0 = sta[5] 324 sta[5] = sta[3] 325 sta[3] = sta[18] 326 sta[18] = sta[17] 327 sta[17] = sta[11] 328 sta[11] = sta[7] 329 sta[7] = sta[10] 330 sta[10] = sta[1] 331 sta[1] = sta[6] 332 sta[6] = sta[9] 333 sta[9] = sta[22] 334 sta[22] = sta[14] 335 sta[14] = sta[20] 336 sta[20] = sta[2] 337 sta[2] = sta[12] 338 sta[12] = sta[13] 339 sta[13] = sta[19] 340 sta[19] = sta[23] 341 sta[23] = sta[15] 342 sta[15] = sta[4] 343 sta[4] = sta[24] 344 sta[24] = sta[21] 345 sta[21] = sta[8] 346 sta[8] = sta[16] 347 sta[16] = t0 348 } 349 350 ptr = 0 351 } 352 } 353 354 ref.ptr = ptr 355 return fln, nil 356 } 357 358 // Close the digest by writing the last bits and storing the hash 359 // in dst. This prepares the digest for reuse by calling reset. A call 360 // to Close with a dst that is smaller then HashSize will return an error. 361 func (ref *digest) Close(dst []byte, bits uint8, bcnt uint8) error { 362 if ln := len(dst); HashSize > ln { 363 return fmt.Errorf("Keccak Close: dst min length: %d, got %d", HashSize, ln) 364 } 365 366 var tln uintptr 367 var tmp [73]uint8 368 369 off := uint8((uint16(0x100) | uint16(bits&0xFF)) >> (8 - bcnt)) 370 371 if ref.ptr == (72 - 1) { 372 if bcnt == 7 { 373 tmp[0] = off 374 tmp[72] = 0x80 375 tln = 1 + 72 376 } else { 377 tmp[0] = uint8(off | 0x80) 378 tln = 1 379 } 380 } else { 381 tln = 72 - ref.ptr 382 tmp[0] = off 383 tmp[tln-1] = 0x80 384 } 385 ref.Write(tmp[:tln]) 386 387 ref.h[1] = ^ref.h[1] 388 ref.h[2] = ^ref.h[2] 389 ref.h[8] = ^ref.h[8] 390 ref.h[12] = ^ref.h[12] 391 ref.h[17] = ^ref.h[17] 392 ref.h[20] = ^ref.h[20] 393 394 for u := uintptr(0); u < 64; u += 8 { 395 encUInt64le(dst[u:], ref.h[(u>>3)]) 396 } 397 398 ref.Reset() 399 return nil 400 } 401 402 // Size returns the number of bytes required to store the hash. 403 func (*digest) Size() int { 404 return HashSize 405 } 406 407 // BlockSize returns the block size of the hash. 408 func (*digest) BlockSize() int { 409 return int(BlockSize) 410 } 411 412 //////////////// 413 414 func decUInt64le(src []byte) uint64 { 415 return (uint64(src[0]) | 416 uint64(src[1])<<8 | 417 uint64(src[2])<<16 | 418 uint64(src[3])<<24 | 419 uint64(src[4])<<32 | 420 uint64(src[5])<<40 | 421 uint64(src[6])<<48 | 422 uint64(src[7])<<56) 423 } 424 425 func encUInt64le(dst []byte, src uint64) { 426 dst[0] = uint8(src) 427 dst[1] = uint8(src >> 8) 428 dst[2] = uint8(src >> 16) 429 dst[3] = uint8(src >> 24) 430 dst[4] = uint8(src >> 32) 431 dst[5] = uint8(src >> 40) 432 dst[6] = uint8(src >> 48) 433 dst[7] = uint8(src >> 56) 434 } 435 436 //////////////// 437 438 var kSpec = []uint64{ 439 uint64(0x0000000000000001), uint64(0x0000000000008082), 440 uint64(0x800000000000808A), uint64(0x8000000080008000), 441 uint64(0x000000000000808B), uint64(0x0000000080000001), 442 uint64(0x8000000080008081), uint64(0x8000000000008009), 443 uint64(0x000000000000008A), uint64(0x0000000000000088), 444 uint64(0x0000000080008009), uint64(0x000000008000000A), 445 uint64(0x000000008000808B), uint64(0x800000000000008B), 446 uint64(0x8000000000008089), uint64(0x8000000000008003), 447 uint64(0x8000000000008002), uint64(0x8000000000000080), 448 uint64(0x000000000000800A), uint64(0x800000008000000A), 449 uint64(0x8000000080008081), uint64(0x8000000000008080), 450 uint64(0x0000000080000001), uint64(0x8000000080008008), 451 }