401 lines
11 KiB
Go
401 lines
11 KiB
Go
// Use of this source code is governed by an ISC
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package bmw
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"gitlab.com/nitya-sattva/go-x11/hash"
|
|
)
|
|
|
|
// HashSize holds the size of a hash in bytes.
|
|
const HashSize = uintptr(64)
|
|
|
|
// BlockSize holds the size of a block in bytes.
|
|
const BlockSize = uintptr(128)
|
|
|
|
////////////////
|
|
|
|
type digest struct {
|
|
ptr uintptr
|
|
cnt uint64
|
|
|
|
h [16]uint64
|
|
|
|
b [BlockSize]byte
|
|
}
|
|
|
|
// New returns a new digest compute a BMW512 hash.
|
|
func New() hash.Digest {
|
|
ref := &digest{}
|
|
ref.Reset()
|
|
return ref
|
|
}
|
|
|
|
////////////////
|
|
|
|
// Reset resets the digest to its initial state.
|
|
func (ref *digest) Reset() {
|
|
ref.ptr = 0
|
|
ref.cnt = 0
|
|
copy(ref.h[:], kInit[:])
|
|
}
|
|
|
|
// Sum appends the current hash to dst and returns the result
|
|
// as a slice. It does not change the underlying hash state.
|
|
func (ref *digest) Sum(dst []byte) []byte {
|
|
dgt := *ref
|
|
hsh := [64]byte{}
|
|
dgt.Close(hsh[:], 0, 0)
|
|
return append(dst, hsh[:]...)
|
|
}
|
|
|
|
// Write more data to the running hash, never returns an error.
|
|
func (ref *digest) Write(src []byte) (int, error) {
|
|
sln := uintptr(len(src))
|
|
fln := len(src)
|
|
ptr := ref.ptr
|
|
|
|
ht := [16]uint64{}
|
|
h1 := ref.h[:]
|
|
h2 := ht[:]
|
|
|
|
ref.cnt += uint64(sln << 3)
|
|
|
|
for sln > 0 {
|
|
cln := BlockSize - ptr
|
|
|
|
if cln > sln {
|
|
cln = sln
|
|
}
|
|
sln -= cln
|
|
|
|
copy(ref.b[ptr:], src[:cln])
|
|
src = src[cln:]
|
|
ptr += cln
|
|
|
|
if ptr == BlockSize {
|
|
compress(ref.b[:], h1, h2)
|
|
h1, h2 = h2[:], h1[:]
|
|
ptr = 0
|
|
}
|
|
}
|
|
|
|
copy(ref.h[:], h1[:])
|
|
|
|
ref.ptr = ptr
|
|
return fln, nil
|
|
}
|
|
|
|
// Close the digest by writing the last bits and storing the hash
|
|
// in dst. This prepares the digest for reuse by calling reset. A call
|
|
// to Close with a dst that is smaller then HashSize will return an error.
|
|
func (ref *digest) Close(dst []byte, bits uint8, bcnt uint8) error {
|
|
if ln := len(dst); HashSize > uintptr(ln) {
|
|
return fmt.Errorf("Bmw Close: dst min length: %d, got %d", HashSize, ln)
|
|
}
|
|
|
|
buf := ref.b[:]
|
|
ptr := ref.ptr + 1
|
|
|
|
{
|
|
off := uint8(0x80) >> bcnt
|
|
buf[ref.ptr] = uint8((bits & -off) | off)
|
|
}
|
|
|
|
var h1, h2 [16]uint64
|
|
if ptr > (BlockSize - 8) {
|
|
memset(buf[ptr:], 0)
|
|
compress(buf, ref.h[:], h1[:])
|
|
ref.h = h1
|
|
ptr = 0
|
|
}
|
|
|
|
memset(buf[ptr:(BlockSize-8)], 0)
|
|
encUInt64le(buf[BlockSize-8:], ref.cnt+uint64(bcnt))
|
|
|
|
compress(buf, ref.h[:], h2[:])
|
|
for u := uint8(0); u < 16; u++ {
|
|
encUInt64le(buf[(u*8):], h2[u])
|
|
}
|
|
|
|
compress(buf, kFinal[:], h1[:])
|
|
for u := uint8(0); u < 8; u++ {
|
|
encUInt64le(dst[(u*8):], h1[8+u])
|
|
}
|
|
|
|
ref.Reset()
|
|
return nil
|
|
}
|
|
|
|
// Size returns the number of bytes required to store the hash.
|
|
func (*digest) Size() int {
|
|
return int(HashSize)
|
|
}
|
|
|
|
// BlockSize returns the block size of the hash.
|
|
func (*digest) BlockSize() int {
|
|
return int(BlockSize)
|
|
}
|
|
|
|
////////////////
|
|
|
|
func memset(dst []byte, src byte) {
|
|
for i := range dst {
|
|
dst[i] = src
|
|
}
|
|
}
|
|
|
|
func compress(src []uint8, hv, dh []uint64) {
|
|
var xl, xh uint64
|
|
|
|
mv := [16]uint64{}
|
|
qt := [32]uint64{}
|
|
mv[0x0] = decUInt64le(src[0:])
|
|
mv[0x1] = decUInt64le(src[8:])
|
|
mv[0x2] = decUInt64le(src[16:])
|
|
mv[0x3] = decUInt64le(src[24:])
|
|
mv[0x4] = decUInt64le(src[32:])
|
|
mv[0x5] = decUInt64le(src[40:])
|
|
mv[0x6] = decUInt64le(src[48:])
|
|
mv[0x7] = decUInt64le(src[56:])
|
|
mv[0x8] = decUInt64le(src[64:])
|
|
mv[0x9] = decUInt64le(src[72:])
|
|
mv[0xA] = decUInt64le(src[80:])
|
|
mv[0xB] = decUInt64le(src[88:])
|
|
mv[0xC] = decUInt64le(src[96:])
|
|
mv[0xD] = decUInt64le(src[104:])
|
|
mv[0xE] = decUInt64le(src[112:])
|
|
mv[0xF] = decUInt64le(src[120:])
|
|
|
|
{
|
|
xv := [16]uint64{}
|
|
xv[0x0] = mv[0x0] ^ hv[0x0]
|
|
xv[0x1] = mv[0x1] ^ hv[0x1]
|
|
xv[0x2] = mv[0x2] ^ hv[0x2]
|
|
xv[0x3] = mv[0x3] ^ hv[0x3]
|
|
xv[0x4] = mv[0x4] ^ hv[0x4]
|
|
xv[0x5] = mv[0x5] ^ hv[0x5]
|
|
xv[0x6] = mv[0x6] ^ hv[0x6]
|
|
xv[0x7] = mv[0x7] ^ hv[0x7]
|
|
xv[0x8] = mv[0x8] ^ hv[0x8]
|
|
xv[0x9] = mv[0x9] ^ hv[0x9]
|
|
xv[0xA] = mv[0xA] ^ hv[0xA]
|
|
xv[0xB] = mv[0xB] ^ hv[0xB]
|
|
xv[0xC] = mv[0xC] ^ hv[0xC]
|
|
xv[0xD] = mv[0xD] ^ hv[0xD]
|
|
xv[0xE] = mv[0xE] ^ hv[0xE]
|
|
xv[0xF] = mv[0xF] ^ hv[0xF]
|
|
|
|
qt[0] = hv[0x1] + shiftBits0(
|
|
xv[0x5]-xv[0x7]+xv[0xA]+xv[0xD]+xv[0xE],
|
|
)
|
|
qt[1] = hv[0x2] + shiftBits1(
|
|
xv[0x6]-xv[0x8]+xv[0xB]+xv[0xE]-xv[0xF],
|
|
)
|
|
qt[2] = hv[0x3] + shiftBits2(
|
|
xv[0x0]+xv[0x7]+xv[0x9]-xv[0xC]+xv[0xF],
|
|
)
|
|
qt[3] = hv[0x4] + shiftBits3(
|
|
xv[0x0]-xv[0x1]+xv[0x8]-xv[0xA]+xv[0xD],
|
|
)
|
|
qt[4] = hv[0x5] + shiftBits4(
|
|
xv[0x1]+xv[0x2]+xv[0x9]-xv[0xB]-xv[0xE],
|
|
)
|
|
qt[5] = hv[0x6] + shiftBits0(
|
|
xv[0x3]-xv[0x2]+xv[0xA]-xv[0xC]+xv[0xF],
|
|
)
|
|
qt[6] = hv[0x7] + shiftBits1(
|
|
xv[0x4]-xv[0x0]-xv[0x3]-xv[0xB]+xv[0xD],
|
|
)
|
|
qt[7] = hv[0x8] + shiftBits2(
|
|
xv[0x1]-xv[0x4]-xv[0x5]-xv[0xC]-xv[0xE],
|
|
)
|
|
qt[8] = hv[0x9] + shiftBits3(
|
|
xv[0x2]-xv[0x5]-xv[0x6]+xv[0xD]-xv[0xF],
|
|
)
|
|
qt[9] = hv[0xA] + shiftBits4(
|
|
xv[0x0]-xv[0x3]+xv[0x6]-xv[0x7]+xv[0xE],
|
|
)
|
|
qt[10] = hv[0xB] + shiftBits0(
|
|
xv[0x8]-xv[0x1]-xv[0x4]-xv[0x7]+xv[0xF],
|
|
)
|
|
qt[11] = hv[0xC] + shiftBits1(
|
|
xv[0x8]-xv[0x0]-xv[0x2]-xv[0x5]+xv[0x9],
|
|
)
|
|
qt[12] = hv[0xD] + shiftBits2(
|
|
xv[0x1]+xv[0x3]-xv[0x6]-xv[0x9]+xv[0xA],
|
|
)
|
|
qt[13] = hv[0xE] + shiftBits3(
|
|
xv[0x2]+xv[0x4]+xv[0x7]+xv[0xA]+xv[0xB],
|
|
)
|
|
qt[14] = hv[0xF] + shiftBits4(
|
|
xv[0x3]-xv[0x5]+xv[0x8]-xv[0xB]-xv[0xC],
|
|
)
|
|
qt[15] = hv[0x0] + shiftBits0(
|
|
xv[0xC]-xv[0x4]-xv[0x6]-xv[0x9]+xv[0xD],
|
|
)
|
|
}
|
|
|
|
qt[16] = expandOne(16, qt[:], mv[:], hv[:])
|
|
qt[17] = expandOne(17, qt[:], mv[:], hv[:])
|
|
qt[18] = expandTwo(18, qt[:], mv[:], hv[:])
|
|
qt[19] = expandTwo(19, qt[:], mv[:], hv[:])
|
|
qt[20] = expandTwo(20, qt[:], mv[:], hv[:])
|
|
qt[21] = expandTwo(21, qt[:], mv[:], hv[:])
|
|
qt[22] = expandTwo(22, qt[:], mv[:], hv[:])
|
|
qt[23] = expandTwo(23, qt[:], mv[:], hv[:])
|
|
qt[24] = expandTwo(24, qt[:], mv[:], hv[:])
|
|
qt[25] = expandTwo(25, qt[:], mv[:], hv[:])
|
|
qt[26] = expandTwo(26, qt[:], mv[:], hv[:])
|
|
qt[27] = expandTwo(27, qt[:], mv[:], hv[:])
|
|
qt[28] = expandTwo(28, qt[:], mv[:], hv[:])
|
|
qt[29] = expandTwo(29, qt[:], mv[:], hv[:])
|
|
qt[30] = expandTwo(30, qt[:], mv[:], hv[:])
|
|
qt[31] = expandTwo(31, qt[:], mv[:], hv[:])
|
|
|
|
xl = qt[16] ^ qt[17] ^ qt[18] ^ qt[19] ^ qt[20] ^ qt[21] ^ qt[22] ^ qt[23]
|
|
xh = xl ^ qt[24] ^ qt[25] ^ qt[26] ^ qt[27] ^ qt[28] ^ qt[29] ^ qt[30] ^ qt[31]
|
|
|
|
dh[0x0] = ((xh << 5) ^ (qt[16] >> 5) ^ mv[0x0]) + (xl ^ qt[24] ^ qt[0])
|
|
dh[0x1] = ((xh >> 7) ^ (qt[17] << 8) ^ mv[0x1]) + (xl ^ qt[25] ^ qt[1])
|
|
dh[0x2] = ((xh >> 5) ^ (qt[18] << 5) ^ mv[0x2]) + (xl ^ qt[26] ^ qt[2])
|
|
dh[0x3] = ((xh >> 1) ^ (qt[19] << 5) ^ mv[0x3]) + (xl ^ qt[27] ^ qt[3])
|
|
dh[0x4] = ((xh >> 3) ^ (qt[20] << 0) ^ mv[0x4]) + (xl ^ qt[28] ^ qt[4])
|
|
dh[0x5] = ((xh << 6) ^ (qt[21] >> 6) ^ mv[0x5]) + (xl ^ qt[29] ^ qt[5])
|
|
dh[0x6] = ((xh >> 4) ^ (qt[22] << 6) ^ mv[0x6]) + (xl ^ qt[30] ^ qt[6])
|
|
dh[0x7] = ((xh >> 11) ^ (qt[23] << 2) ^ mv[0x7]) + (xl ^ qt[31] ^ qt[7])
|
|
|
|
dh[0x8] = ((dh[0x4] << 9) | (dh[0x4] >> (64 - 9)))
|
|
dh[0x8] += (xh ^ qt[24] ^ mv[0x8]) + ((xl << 8) ^ qt[23] ^ qt[8])
|
|
dh[0x9] = ((dh[0x5] << 10) | (dh[0x5] >> (64 - 10)))
|
|
dh[0x9] += (xh ^ qt[25] ^ mv[0x9]) + ((xl >> 6) ^ qt[16] ^ qt[9])
|
|
dh[0xA] = ((dh[0x6] << 11) | (dh[0x6] >> (64 - 11)))
|
|
dh[0xA] += (xh ^ qt[26] ^ mv[0xA]) + ((xl << 6) ^ qt[17] ^ qt[10])
|
|
dh[0xB] = ((dh[0x7] << 12) | (dh[0x7] >> (64 - 12)))
|
|
dh[0xB] += (xh ^ qt[27] ^ mv[0xB]) + ((xl << 4) ^ qt[18] ^ qt[11])
|
|
dh[0xC] = ((dh[0x0] << 13) | (dh[0x0] >> (64 - 13)))
|
|
dh[0xC] += (xh ^ qt[28] ^ mv[0xC]) + ((xl >> 3) ^ qt[19] ^ qt[12])
|
|
dh[0xD] = ((dh[0x1] << 14) | (dh[0x1] >> (64 - 14)))
|
|
dh[0xD] += (xh ^ qt[29] ^ mv[0xD]) + ((xl >> 4) ^ qt[20] ^ qt[13])
|
|
dh[0xE] = ((dh[0x2] << 15) | (dh[0x2] >> (64 - 15)))
|
|
dh[0xE] += (xh ^ qt[30] ^ mv[0xE]) + ((xl >> 7) ^ qt[21] ^ qt[14])
|
|
dh[0xF] = ((dh[0x3] << 16) | (dh[0x3] >> (64 - 16)))
|
|
dh[0xF] += (xh ^ qt[31] ^ mv[0xF]) + ((xl >> 2) ^ qt[22] ^ qt[15])
|
|
}
|
|
|
|
func decUInt64le(src []byte) uint64 {
|
|
return (uint64(src[0]) |
|
|
uint64(src[1])<<8 |
|
|
uint64(src[2])<<16 |
|
|
uint64(src[3])<<24 |
|
|
uint64(src[4])<<32 |
|
|
uint64(src[5])<<40 |
|
|
uint64(src[6])<<48 |
|
|
uint64(src[7])<<56)
|
|
}
|
|
|
|
func encUInt64le(dst []byte, src uint64) {
|
|
dst[0] = uint8(src)
|
|
dst[1] = uint8(src >> 8)
|
|
dst[2] = uint8(src >> 16)
|
|
dst[3] = uint8(src >> 24)
|
|
dst[4] = uint8(src >> 32)
|
|
dst[5] = uint8(src >> 40)
|
|
dst[6] = uint8(src >> 48)
|
|
dst[7] = uint8(src >> 56)
|
|
}
|
|
|
|
func shiftBits0(x uint64) uint64 {
|
|
return ((x >> 1) ^ (x << 3) ^
|
|
((x << 4) | (x >> (64 - 4))) ^
|
|
((x << 37) | (x >> (64 - 37))))
|
|
}
|
|
|
|
func shiftBits1(x uint64) uint64 {
|
|
return ((x >> 1) ^ (x << 2) ^
|
|
((x << 13) | (x >> (64 - 13))) ^
|
|
((x << 43) | (x >> (64 - 43))))
|
|
}
|
|
|
|
func shiftBits2(x uint64) uint64 {
|
|
return ((x >> 2) ^ (x << 1) ^
|
|
((x << 19) | (x >> (64 - 19))) ^
|
|
((x << 53) | (x >> (64 - 53))))
|
|
}
|
|
|
|
func shiftBits3(x uint64) uint64 {
|
|
return ((x >> 2) ^ (x << 2) ^
|
|
((x << 28) | (x >> (64 - 28))) ^
|
|
((x << 59) | (x >> (64 - 59))))
|
|
}
|
|
|
|
func shiftBits4(x uint64) uint64 {
|
|
return ((x >> 1) ^ x)
|
|
}
|
|
|
|
func shiftBits5(x uint64) uint64 {
|
|
return ((x >> 2) ^ x)
|
|
}
|
|
|
|
func rolBits(idx, off uint8, mv []uint64) uint64 {
|
|
x := mv[(idx+off)&15]
|
|
n := uint64((idx+off)&15) + 1
|
|
return (x << n) | (x >> (64 - n))
|
|
}
|
|
|
|
func addEltBits(idx uint8, mv, hv []uint64) uint64 {
|
|
kbt := uint64(idx+16) * uint64(0x0555555555555555)
|
|
return ((rolBits(idx, 0, mv) + rolBits(idx, 3, mv) -
|
|
rolBits(idx, 10, mv) + kbt) ^ (hv[(idx+7)&15]))
|
|
}
|
|
|
|
func expandOne(idx uint8, qt, mv, hv []uint64) uint64 {
|
|
return (shiftBits1(qt[idx-0x10]) + shiftBits2(qt[idx-0x0F]) +
|
|
shiftBits3(qt[idx-0x0E]) + shiftBits0(qt[idx-0x0D]) +
|
|
shiftBits1(qt[idx-0x0C]) + shiftBits2(qt[idx-0x0B]) +
|
|
shiftBits3(qt[idx-0x0A]) + shiftBits0(qt[idx-0x09]) +
|
|
shiftBits1(qt[idx-0x08]) + shiftBits2(qt[idx-0x07]) +
|
|
shiftBits3(qt[idx-0x06]) + shiftBits0(qt[idx-0x05]) +
|
|
shiftBits1(qt[idx-0x04]) + shiftBits2(qt[idx-0x03]) +
|
|
shiftBits3(qt[idx-0x02]) + shiftBits0(qt[idx-0x01]) +
|
|
addEltBits(uint8(idx-16), mv, hv))
|
|
}
|
|
|
|
func expandTwo(idx uint8, qt, mv, hv []uint64) uint64 {
|
|
return (qt[idx-0x10] + ((qt[idx-0x0F] << 5) | (qt[idx-0x0F] >> (64 - 5))) +
|
|
qt[idx-0x0E] + ((qt[idx-0x0D] << 11) | (qt[idx-0x0D] >> (64 - 11))) +
|
|
qt[idx-0x0C] + ((qt[idx-0x0B] << 27) | (qt[idx-0x0B] >> (64 - 27))) +
|
|
qt[idx-0x0A] + ((qt[idx-0x09] << 32) | (qt[idx-0x09] >> (64 - 32))) +
|
|
qt[idx-0x08] + ((qt[idx-0x07] << 37) | (qt[idx-0x07] >> (64 - 37))) +
|
|
qt[idx-0x06] + ((qt[idx-0x05] << 43) | (qt[idx-0x05] >> (64 - 43))) +
|
|
qt[idx-0x04] + ((qt[idx-0x03] << 53) | (qt[idx-0x03] >> (64 - 53))) +
|
|
shiftBits4(qt[idx-0x02]) + shiftBits5(qt[idx-0x01]) +
|
|
addEltBits(uint8(idx-16), mv, hv))
|
|
}
|
|
|
|
////////////////
|
|
|
|
var kInit = [16]uint64{
|
|
uint64(0x8081828384858687), uint64(0x88898A8B8C8D8E8F),
|
|
uint64(0x9091929394959697), uint64(0x98999A9B9C9D9E9F),
|
|
uint64(0xA0A1A2A3A4A5A6A7), uint64(0xA8A9AAABACADAEAF),
|
|
uint64(0xB0B1B2B3B4B5B6B7), uint64(0xB8B9BABBBCBDBEBF),
|
|
uint64(0xC0C1C2C3C4C5C6C7), uint64(0xC8C9CACBCCCDCECF),
|
|
uint64(0xD0D1D2D3D4D5D6D7), uint64(0xD8D9DADBDCDDDEDF),
|
|
uint64(0xE0E1E2E3E4E5E6E7), uint64(0xE8E9EAEBECEDEEEF),
|
|
uint64(0xF0F1F2F3F4F5F6F7), uint64(0xF8F9FAFBFCFDFEFF),
|
|
}
|
|
|
|
var kFinal = [16]uint64{
|
|
uint64(0xaaaaaaaaaaaaaaa0), uint64(0xaaaaaaaaaaaaaaa1),
|
|
uint64(0xaaaaaaaaaaaaaaa2), uint64(0xaaaaaaaaaaaaaaa3),
|
|
uint64(0xaaaaaaaaaaaaaaa4), uint64(0xaaaaaaaaaaaaaaa5),
|
|
uint64(0xaaaaaaaaaaaaaaa6), uint64(0xaaaaaaaaaaaaaaa7),
|
|
uint64(0xaaaaaaaaaaaaaaa8), uint64(0xaaaaaaaaaaaaaaa9),
|
|
uint64(0xaaaaaaaaaaaaaaaa), uint64(0xaaaaaaaaaaaaaaab),
|
|
uint64(0xaaaaaaaaaaaaaaac), uint64(0xaaaaaaaaaaaaaaad),
|
|
uint64(0xaaaaaaaaaaaaaaae), uint64(0xaaaaaaaaaaaaaaaf),
|
|
}
|