keccak/sponge.go

package keccak

import "hash"

const Size = 256 / 8

const BlockSize = 1600/8 - Size*2

func round(a *[25]uint64) { roundGo(a) }

// digest implements hash.Hash
type digest struct {
	a      [25]uint64 // a[y][x][z]
	buf    [200]byte
	dsbyte byte
	len    int
	size   int
}

func New256() hash.Hash { return &digest{size: 256 / 8, dsbyte: 0x06} }
func New512() hash.Hash { return &digest{size: 512 / 8, dsbyte: 0x06} }

func newKeccak256() hash.Hash { return &digest{size: 256 / 8, dsbyte: 0x01} }
func newKeccak512() hash.Hash { return &digest{size: 512 / 8, dsbyte: 0x01} }

func (d *digest) Size() int      { return d.size }
func (d *digest) BlockSize() int { return 200 - d.size*2 }

func (d *digest) Reset() {
	//fmt.Println("resetting")
	d.a = [25]uint64{}
	d.buf = [200]byte{}
	d.len = 0
}

func (d *digest) Write(b []byte) (int, error) {
	written := len(b)
	bs := d.BlockSize()
	for len(b) > 0 {
		n := copy(d.buf[d.len:bs], b)
		d.len += n
		b = b[n:]
		if d.len == bs {
			d.flush()
		}
	}
	return written, nil
}

func (d *digest) flush() {
	//fmt.Printf("Flushing with %d bytes\n", d.len)
	b := d.buf[:d.len]
	for i := range d.a {
		if len(b) == 0 {
			break
		}
		d.a[i] ^= le64dec(b)
		b = b[8:]
	}
	keccakf(&d.a)
	d.len = 0
}

func keccakf(a *[25]uint64) {
	for i := 0; i < 24; i++ {
		round(a)
		a[0] ^= roundc[i]
	}
}

func (d *digest) clone() *digest {
	d0 := *d
	return &d0
}

func (d *digest) Sum(b []byte) []byte {
	d = d.clone()
	d.buf[d.len] = d.dsbyte
	bs := d.BlockSize()
	for i := d.len + 1; i < bs; i++ {
		d.buf[i] = 0
	}
	d.buf[bs-1] |= 0x80
	d.len = bs
	d.flush()

	for i := 0; i < d.size/8; i++ {
		b = le64enc(b, d.a[i])
	}
	return b
}

func le64dec(b []byte) uint64 {
	_ = b[7]
	return uint64(b[0])<<0 | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56
}

func le64enc(b []byte, x uint64) []byte {
	return append(b, byte(x), byte(x>>8), byte(x>>16), byte(x>>24), byte(x>>32), byte(x>>40), byte(x>>48), byte(x>>56))
}
Initial commit. 2014-12-31 22:59:00 +00:00			`package keccak`

			`import "hash"`

Gofmt 2014-12-31 23:19:23 +00:00			`const Size = 256 / 8`
Initial commit. 2014-12-31 22:59:00 +00:00
			`const BlockSize = 1600/8 - Size*2`

avoid an indirect call 2024-10-06 02:22:41 +00:00			`func round(a *[25]uint64) { roundGo(a) }`
Generate a faster round function. 2015-01-01 00:40:56 +00:00
Initial commit. 2014-12-31 22:59:00 +00:00			`// digest implements hash.Hash`
			`type digest struct {`
Refactor: use [25]uint64 instead of [5][5]uint64. 2015-01-01 10:59:03 +00:00			`a [25]uint64 // a[y][x][z]`
Gofmt. 2015-01-01 07:59:40 +00:00			`buf [200]byte`
Add 512-bit hash. Use SHA-3 padding. 2015-01-01 07:19:05 +00:00			`dsbyte byte`
Gofmt. 2015-01-01 07:59:40 +00:00			`len int`
			`size int`
Initial commit. 2014-12-31 22:59:00 +00:00			`}`

Gofmt. 2015-01-01 07:59:40 +00:00			`func New256() hash.Hash { return &digest{size: 256 / 8, dsbyte: 0x06} }`
			`func New512() hash.Hash { return &digest{size: 512 / 8, dsbyte: 0x06} }`
Add 512-bit hash. Use SHA-3 padding. 2015-01-01 07:19:05 +00:00
Gofmt. 2015-01-01 07:59:40 +00:00			`func newKeccak256() hash.Hash { return &digest{size: 256 / 8, dsbyte: 0x01} }`
			`func newKeccak512() hash.Hash { return &digest{size: 512 / 8, dsbyte: 0x01} }`
Initial commit. 2014-12-31 22:59:00 +00:00
Add 512-bit hash. Use SHA-3 padding. 2015-01-01 07:19:05 +00:00			`func (d *digest) Size() int { return d.size }`
			`func (d digest) BlockSize() int { return 200 - d.size2 }`
Initial commit. 2014-12-31 22:59:00 +00:00
			`func (d *digest) Reset() {`
Add 512-bit hash. Use SHA-3 padding. 2015-01-01 07:19:05 +00:00			`//fmt.Println("resetting")`
Refactor: use [25]uint64 instead of [5][5]uint64. 2015-01-01 10:59:03 +00:00			`d.a = [25]uint64{}`
Add 512-bit hash. Use SHA-3 padding. 2015-01-01 07:19:05 +00:00			`d.buf = [200]byte{}`
			`d.len = 0`
Initial commit. 2014-12-31 22:59:00 +00:00			`}`

			`func (d *digest) Write(b []byte) (int, error) {`
			`written := len(b)`
Add 512-bit hash. Use SHA-3 padding. 2015-01-01 07:19:05 +00:00			`bs := d.BlockSize()`
Initial commit. 2014-12-31 22:59:00 +00:00			`for len(b) > 0 {`
Add 512-bit hash. Use SHA-3 padding. 2015-01-01 07:19:05 +00:00			`n := copy(d.buf[d.len:bs], b)`
Initial commit. 2014-12-31 22:59:00 +00:00			`d.len += n`
			`b = b[n:]`
Gofmt. 2015-01-01 07:59:40 +00:00			`if d.len == bs {`
Initial commit. 2014-12-31 22:59:00 +00:00			`d.flush()`
			`}`
			`}`
			`return written, nil`
			`}`

			`func (d *digest) flush() {`
Add 512-bit hash. Use SHA-3 padding. 2015-01-01 07:19:05 +00:00			`//fmt.Printf("Flushing with %d bytes\n", d.len)`
			`b := d.buf[:d.len]`
Refactor: use [25]uint64 instead of [5][5]uint64. 2015-01-01 10:59:03 +00:00			`for i := range d.a {`
Gofmt. 2015-01-01 11:10:11 +00:00			`if len(b) == 0 {`
Remove unnecessary label 2024-10-05 06:46:16 +00:00			`break`
Gofmt. 2015-01-01 11:10:11 +00:00			`}`
			`d.a[i] ^= le64dec(b)`
			`b = b[8:]`
Initial commit. 2014-12-31 22:59:00 +00:00			`}`
Perform keccak-f in-place. 2014-12-31 23:17:55 +00:00			`keccakf(&d.a)`
Initial commit. 2014-12-31 22:59:00 +00:00			`d.len = 0`
			`}`

Refactor: use [25]uint64 instead of [5][5]uint64. 2015-01-01 10:59:03 +00:00			`func keccakf(a *[25]uint64) {`
Initial commit. 2014-12-31 22:59:00 +00:00			`for i := 0; i < 24; i++ {`
Generate a faster round function. 2015-01-01 00:40:56 +00:00			`round(a)`
Refactor: use [25]uint64 instead of [5][5]uint64. 2015-01-01 10:59:03 +00:00			`a[0] ^= roundc[i]`
Initial commit. 2014-12-31 22:59:00 +00:00			`}`
			`}`

add digest.clone method and use it in Sum 2024-10-06 03:16:35 +00:00			`func (d digest) clone() digest {`
			`d0 := *d`
			`return &d0`
			`}`

			`func (d *digest) Sum(b []byte) []byte {`
			`d = d.clone()`
Add 512-bit hash. Use SHA-3 padding. 2015-01-01 07:19:05 +00:00			`d.buf[d.len] = d.dsbyte`
			`bs := d.BlockSize()`
			`for i := d.len + 1; i < bs; i++ {`
Initial commit. 2014-12-31 22:59:00 +00:00			`d.buf[i] = 0`
			`}`
Add 512-bit hash. Use SHA-3 padding. 2015-01-01 07:19:05 +00:00			`d.buf[bs-1] \|= 0x80`
			`d.len = bs`
Initial commit. 2014-12-31 22:59:00 +00:00			`d.flush()`

Add 512-bit hash. Use SHA-3 padding. 2015-01-01 07:19:05 +00:00			`for i := 0; i < d.size/8; i++ {`
Refactor: use [25]uint64 instead of [5][5]uint64. 2015-01-01 10:59:03 +00:00			`b = le64enc(b, d.a[i])`
Add 512-bit hash. Use SHA-3 padding. 2015-01-01 07:19:05 +00:00			`}`
Initial commit. 2014-12-31 22:59:00 +00:00			`return b`
			`}`

Combine keccakf steps. 2014-12-31 23:11:40 +00:00			`func le64dec(b []byte) uint64 {`
help the bounds checker in le64dec 2024-10-06 07:46:11 +00:00			`_ = b[7]`
Gofmt 2014-12-31 23:19:23 +00:00			`return uint64(b[0])<<0 \| uint64(b[1])<<8 \| uint64(b[2])<<16 \| uint64(b[3])<<24 \| uint64(b[4])<<32 \| uint64(b[5])<<40 \| uint64(b[6])<<48 \| uint64(b[7])<<56`
Combine keccakf steps. 2014-12-31 23:11:40 +00:00			`}`

Initial commit. 2014-12-31 22:59:00 +00:00			`func le64enc(b []byte, x uint64) []byte {`
			`return append(b, byte(x), byte(x>>8), byte(x>>16), byte(x>>24), byte(x>>32), byte(x>>40), byte(x>>48), byte(x>>56))`
			`}`