1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
|
# ===================================================================
#
# Copyright (c) 2021, Legrandin <[email protected]>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
# ===================================================================
from Cryptodome.Util.py3compat import bchr
from Cryptodome.Util._raw_api import (VoidPointer, SmartPointer,
create_string_buffer,
get_raw_buffer, c_size_t,
c_uint8_ptr, c_ubyte)
from Cryptodome.Util.number import long_to_bytes
from Cryptodome.Hash.keccak import _raw_keccak_lib
def _left_encode(x):
"""Left encode function as defined in NIST SP 800-185"""
assert (x < (1 << 2040) and x >= 0)
# Get number of bytes needed to represent this integer.
num = 1 if x == 0 else (x.bit_length() + 7) // 8
return bchr(num) + long_to_bytes(x)
def _right_encode(x):
"""Right encode function as defined in NIST SP 800-185"""
assert (x < (1 << 2040) and x >= 0)
# Get number of bytes needed to represent this integer.
num = 1 if x == 0 else (x.bit_length() + 7) // 8
return long_to_bytes(x) + bchr(num)
def _encode_str(x):
"""Encode string function as defined in NIST SP 800-185"""
bitlen = len(x) * 8
if bitlen >= (1 << 2040):
raise ValueError("String too large to encode in cSHAKE")
return _left_encode(bitlen) + x
def _bytepad(x, length):
"""Zero pad byte string as defined in NIST SP 800-185"""
to_pad = _left_encode(length) + x
# Note: this implementation works with byte aligned strings,
# hence no additional bit padding is needed at this point.
npad = (length - len(to_pad) % length) % length
return to_pad + b'\x00' * npad
class cSHAKE_XOF(object):
"""A cSHAKE hash object.
Do not instantiate directly.
Use the :func:`new` function.
"""
def __init__(self, data, custom, capacity, function):
state = VoidPointer()
if custom or function:
prefix_unpad = _encode_str(function) + _encode_str(custom)
prefix = _bytepad(prefix_unpad, (1600 - capacity)//8)
self._padding = 0x04
else:
prefix = None
self._padding = 0x1F # for SHAKE
result = _raw_keccak_lib.keccak_init(state.address_of(),
c_size_t(capacity//8),
c_ubyte(24))
if result:
raise ValueError("Error %d while instantiating cSHAKE"
% result)
self._state = SmartPointer(state.get(),
_raw_keccak_lib.keccak_destroy)
self._is_squeezing = False
if prefix:
self.update(prefix)
if data:
self.update(data)
def update(self, data):
"""Continue hashing of a message by consuming the next chunk of data.
Args:
data (byte string/byte array/memoryview): The next chunk of the message being hashed.
"""
if self._is_squeezing:
raise TypeError("You cannot call 'update' after the first 'read'")
result = _raw_keccak_lib.keccak_absorb(self._state.get(),
c_uint8_ptr(data),
c_size_t(len(data)))
if result:
raise ValueError("Error %d while updating %s state"
% (result, self.name))
return self
def read(self, length):
"""
Compute the next piece of XOF output.
.. note::
You cannot use :meth:`update` anymore after the first call to
:meth:`read`.
Args:
length (integer): the amount of bytes this method must return
:return: the next piece of XOF output (of the given length)
:rtype: byte string
"""
self._is_squeezing = True
bfr = create_string_buffer(length)
result = _raw_keccak_lib.keccak_squeeze(self._state.get(),
bfr,
c_size_t(length),
c_ubyte(self._padding))
if result:
raise ValueError("Error %d while extracting from %s"
% (result, self.name))
return get_raw_buffer(bfr)
def _new(data, custom, function):
# Use Keccak[256]
return cSHAKE_XOF(data, custom, 256, function)
def new(data=None, custom=None):
"""Return a fresh instance of a cSHAKE128 object.
Args:
data (bytes/bytearray/memoryview):
Optional.
The very first chunk of the message to hash.
It is equivalent to an early call to :meth:`update`.
custom (bytes):
Optional.
A customization bytestring (``S`` in SP 800-185).
:Return: A :class:`cSHAKE_XOF` object
"""
# Use Keccak[256]
return cSHAKE_XOF(data, custom, 256, b'')
|