Rev 1417 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 597 | daniel-mar | 1 | /** |
| 2 | * [js-sha3]{@link https://github.com/emn178/js-sha3} |
||
| 3 | * |
||
| 1419 | daniel-mar | 4 | * @version 0.9.2 |
| 597 | daniel-mar | 5 | * @author Chen, Yi-Cyuan [emn178@gmail.com] |
| 1395 | daniel-mar | 6 | * @copyright Chen, Yi-Cyuan 2015-2023 |
| 597 | daniel-mar | 7 | * @license MIT |
| 8 | */ |
||
| 9 | /*jslint bitwise: true */ |
||
| 10 | (function () { |
||
| 11 | 'use strict'; |
||
| 12 | |||
| 13 | var INPUT_ERROR = 'input is invalid type'; |
||
| 14 | var FINALIZE_ERROR = 'finalize already called'; |
||
| 15 | var WINDOW = typeof window === 'object'; |
||
| 16 | var root = WINDOW ? window : {}; |
||
| 17 | if (root.JS_SHA3_NO_WINDOW) { |
||
| 18 | WINDOW = false; |
||
| 19 | } |
||
| 20 | var WEB_WORKER = !WINDOW && typeof self === 'object'; |
||
| 21 | var NODE_JS = !root.JS_SHA3_NO_NODE_JS && typeof process === 'object' && process.versions && process.versions.node; |
||
| 22 | if (NODE_JS) { |
||
| 23 | root = global; |
||
| 24 | } else if (WEB_WORKER) { |
||
| 25 | root = self; |
||
| 26 | } |
||
| 27 | var COMMON_JS = !root.JS_SHA3_NO_COMMON_JS && typeof module === 'object' && module.exports; |
||
| 28 | var AMD = typeof define === 'function' && define.amd; |
||
| 29 | var ARRAY_BUFFER = !root.JS_SHA3_NO_ARRAY_BUFFER && typeof ArrayBuffer !== 'undefined'; |
||
| 30 | var HEX_CHARS = '0123456789abcdef'.split(''); |
||
| 31 | var SHAKE_PADDING = [31, 7936, 2031616, 520093696]; |
||
| 32 | var CSHAKE_PADDING = [4, 1024, 262144, 67108864]; |
||
| 33 | var KECCAK_PADDING = [1, 256, 65536, 16777216]; |
||
| 34 | var PADDING = [6, 1536, 393216, 100663296]; |
||
| 35 | var SHIFT = [0, 8, 16, 24]; |
||
| 36 | var RC = [1, 0, 32898, 0, 32906, 2147483648, 2147516416, 2147483648, 32907, 0, 2147483649, |
||
| 37 | 0, 2147516545, 2147483648, 32777, 2147483648, 138, 0, 136, 0, 2147516425, 0, |
||
| 38 | 2147483658, 0, 2147516555, 0, 139, 2147483648, 32905, 2147483648, 32771, |
||
| 39 | 2147483648, 32770, 2147483648, 128, 2147483648, 32778, 0, 2147483658, 2147483648, |
||
| 40 | 2147516545, 2147483648, 32896, 2147483648, 2147483649, 0, 2147516424, 2147483648]; |
||
| 41 | var BITS = [224, 256, 384, 512]; |
||
| 42 | var SHAKE_BITS = [128, 256]; |
||
| 43 | var OUTPUT_TYPES = ['hex', 'buffer', 'arrayBuffer', 'array', 'digest']; |
||
| 44 | var CSHAKE_BYTEPAD = { |
||
| 45 | '128': 168, |
||
| 46 | '256': 136 |
||
| 47 | }; |
||
| 48 | |||
| 49 | |||
| 1419 | daniel-mar | 50 | var isArray = root.JS_SHA3_NO_NODE_JS || !Array.isArray |
| 51 | ? function (obj) { |
||
| 52 | return Object.prototype.toString.call(obj) === '[object Array]'; |
||
| 53 | } |
||
| 54 | : Array.isArray; |
||
| 55 | |||
| 56 | var isView = (ARRAY_BUFFER && (root.JS_SHA3_NO_ARRAY_BUFFER_IS_VIEW || !ArrayBuffer.isView)) |
||
| 57 | ? function (obj) { |
||
| 58 | return typeof obj === 'object' && obj.buffer && obj.buffer.constructor === ArrayBuffer; |
||
| 59 | } |
||
| 60 | : ArrayBuffer.isView; |
||
| 61 | |||
| 62 | // [message: string, isString: bool] |
||
| 63 | var formatMessage = function (message) { |
||
| 64 | var type = typeof message; |
||
| 65 | if (type === 'string') { |
||
| 66 | return [message, true]; |
||
| 67 | } |
||
| 68 | if (type !== 'object' || message === null) { |
||
| 69 | throw new Error(INPUT_ERROR); |
||
| 70 | } |
||
| 71 | if (ARRAY_BUFFER && message.constructor === ArrayBuffer) { |
||
| 72 | return [new Uint8Array(message), false]; |
||
| 73 | } |
||
| 74 | if (!isArray(message) && !isView(message)) { |
||
| 75 | throw new Error(INPUT_ERROR); |
||
| 76 | } |
||
| 77 | return [message, false]; |
||
| 597 | daniel-mar | 78 | } |
| 79 | |||
| 1419 | daniel-mar | 80 | var empty = function (message) { |
| 81 | return formatMessage(message)[0].length === 0; |
||
| 82 | }; |
||
| 83 | |||
| 597 | daniel-mar | 84 | var createOutputMethod = function (bits, padding, outputType) { |
| 85 | return function (message) { |
||
| 86 | return new Keccak(bits, padding, bits).update(message)[outputType](); |
||
| 87 | }; |
||
| 88 | }; |
||
| 89 | |||
| 90 | var createShakeOutputMethod = function (bits, padding, outputType) { |
||
| 91 | return function (message, outputBits) { |
||
| 92 | return new Keccak(bits, padding, outputBits).update(message)[outputType](); |
||
| 93 | }; |
||
| 94 | }; |
||
| 95 | |||
| 96 | var createCshakeOutputMethod = function (bits, padding, outputType) { |
||
| 97 | return function (message, outputBits, n, s) { |
||
| 98 | return methods['cshake' + bits].update(message, outputBits, n, s)[outputType](); |
||
| 99 | }; |
||
| 100 | }; |
||
| 101 | |||
| 102 | var createKmacOutputMethod = function (bits, padding, outputType) { |
||
| 103 | return function (key, message, outputBits, s) { |
||
| 104 | return methods['kmac' + bits].update(key, message, outputBits, s)[outputType](); |
||
| 105 | }; |
||
| 106 | }; |
||
| 107 | |||
| 108 | var createOutputMethods = function (method, createMethod, bits, padding) { |
||
| 109 | for (var i = 0; i < OUTPUT_TYPES.length; ++i) { |
||
| 110 | var type = OUTPUT_TYPES[i]; |
||
| 111 | method[type] = createMethod(bits, padding, type); |
||
| 112 | } |
||
| 113 | return method; |
||
| 114 | }; |
||
| 115 | |||
| 116 | var createMethod = function (bits, padding) { |
||
| 117 | var method = createOutputMethod(bits, padding, 'hex'); |
||
| 118 | method.create = function () { |
||
| 119 | return new Keccak(bits, padding, bits); |
||
| 120 | }; |
||
| 121 | method.update = function (message) { |
||
| 122 | return method.create().update(message); |
||
| 123 | }; |
||
| 124 | return createOutputMethods(method, createOutputMethod, bits, padding); |
||
| 125 | }; |
||
| 126 | |||
| 127 | var createShakeMethod = function (bits, padding) { |
||
| 128 | var method = createShakeOutputMethod(bits, padding, 'hex'); |
||
| 129 | method.create = function (outputBits) { |
||
| 130 | return new Keccak(bits, padding, outputBits); |
||
| 131 | }; |
||
| 132 | method.update = function (message, outputBits) { |
||
| 133 | return method.create(outputBits).update(message); |
||
| 134 | }; |
||
| 135 | return createOutputMethods(method, createShakeOutputMethod, bits, padding); |
||
| 136 | }; |
||
| 137 | |||
| 138 | var createCshakeMethod = function (bits, padding) { |
||
| 139 | var w = CSHAKE_BYTEPAD[bits]; |
||
| 140 | var method = createCshakeOutputMethod(bits, padding, 'hex'); |
||
| 141 | method.create = function (outputBits, n, s) { |
||
| 1419 | daniel-mar | 142 | if (empty(n) && empty(s)) { |
| 597 | daniel-mar | 143 | return methods['shake' + bits].create(outputBits); |
| 144 | } else { |
||
| 145 | return new Keccak(bits, padding, outputBits).bytepad([n, s], w); |
||
| 146 | } |
||
| 147 | }; |
||
| 148 | method.update = function (message, outputBits, n, s) { |
||
| 149 | return method.create(outputBits, n, s).update(message); |
||
| 150 | }; |
||
| 151 | return createOutputMethods(method, createCshakeOutputMethod, bits, padding); |
||
| 152 | }; |
||
| 153 | |||
| 154 | var createKmacMethod = function (bits, padding) { |
||
| 155 | var w = CSHAKE_BYTEPAD[bits]; |
||
| 156 | var method = createKmacOutputMethod(bits, padding, 'hex'); |
||
| 157 | method.create = function (key, outputBits, s) { |
||
| 158 | return new Kmac(bits, padding, outputBits).bytepad(['KMAC', s], w).bytepad([key], w); |
||
| 159 | }; |
||
| 160 | method.update = function (key, message, outputBits, s) { |
||
| 161 | return method.create(key, outputBits, s).update(message); |
||
| 162 | }; |
||
| 163 | return createOutputMethods(method, createKmacOutputMethod, bits, padding); |
||
| 164 | }; |
||
| 165 | |||
| 166 | var algorithms = [ |
||
| 167 | { name: 'keccak', padding: KECCAK_PADDING, bits: BITS, createMethod: createMethod }, |
||
| 168 | { name: 'sha3', padding: PADDING, bits: BITS, createMethod: createMethod }, |
||
| 169 | { name: 'shake', padding: SHAKE_PADDING, bits: SHAKE_BITS, createMethod: createShakeMethod }, |
||
| 170 | { name: 'cshake', padding: CSHAKE_PADDING, bits: SHAKE_BITS, createMethod: createCshakeMethod }, |
||
| 171 | { name: 'kmac', padding: CSHAKE_PADDING, bits: SHAKE_BITS, createMethod: createKmacMethod } |
||
| 172 | ]; |
||
| 173 | |||
| 174 | var methods = {}, methodNames = []; |
||
| 175 | |||
| 176 | for (var i = 0; i < algorithms.length; ++i) { |
||
| 177 | var algorithm = algorithms[i]; |
||
| 178 | var bits = algorithm.bits; |
||
| 179 | for (var j = 0; j < bits.length; ++j) { |
||
| 180 | var methodName = algorithm.name + '_' + bits[j]; |
||
| 181 | methodNames.push(methodName); |
||
| 182 | methods[methodName] = algorithm.createMethod(bits[j], algorithm.padding); |
||
| 183 | if (algorithm.name !== 'sha3') { |
||
| 184 | var newMethodName = algorithm.name + bits[j]; |
||
| 185 | methodNames.push(newMethodName); |
||
| 186 | methods[newMethodName] = methods[methodName]; |
||
| 187 | } |
||
| 188 | } |
||
| 189 | } |
||
| 190 | |||
| 191 | function Keccak(bits, padding, outputBits) { |
||
| 192 | this.blocks = []; |
||
| 193 | this.s = []; |
||
| 194 | this.padding = padding; |
||
| 195 | this.outputBits = outputBits; |
||
| 196 | this.reset = true; |
||
| 197 | this.finalized = false; |
||
| 198 | this.block = 0; |
||
| 199 | this.start = 0; |
||
| 200 | this.blockCount = (1600 - (bits << 1)) >> 5; |
||
| 201 | this.byteCount = this.blockCount << 2; |
||
| 202 | this.outputBlocks = outputBits >> 5; |
||
| 203 | this.extraBytes = (outputBits & 31) >> 3; |
||
| 204 | |||
| 205 | for (var i = 0; i < 50; ++i) { |
||
| 206 | this.s[i] = 0; |
||
| 207 | } |
||
| 208 | } |
||
| 209 | |||
| 210 | Keccak.prototype.update = function (message) { |
||
| 211 | if (this.finalized) { |
||
| 212 | throw new Error(FINALIZE_ERROR); |
||
| 213 | } |
||
| 1419 | daniel-mar | 214 | var result = formatMessage(message); |
| 215 | message = result[0]; |
||
| 216 | var isString = result[1]; |
||
| 597 | daniel-mar | 217 | var blocks = this.blocks, byteCount = this.byteCount, length = message.length, |
| 218 | blockCount = this.blockCount, index = 0, s = this.s, i, code; |
||
| 219 | |||
| 220 | while (index < length) { |
||
| 221 | if (this.reset) { |
||
| 222 | this.reset = false; |
||
| 223 | blocks[0] = this.block; |
||
| 224 | for (i = 1; i < blockCount + 1; ++i) { |
||
| 225 | blocks[i] = 0; |
||
| 226 | } |
||
| 227 | } |
||
| 1419 | daniel-mar | 228 | if (isString) { |
| 597 | daniel-mar | 229 | for (i = this.start; index < length && i < byteCount; ++index) { |
| 230 | code = message.charCodeAt(index); |
||
| 231 | if (code < 0x80) { |
||
| 232 | blocks[i >> 2] |= code << SHIFT[i++ & 3]; |
||
| 233 | } else if (code < 0x800) { |
||
| 234 | blocks[i >> 2] |= (0xc0 | (code >> 6)) << SHIFT[i++ & 3]; |
||
| 235 | blocks[i >> 2] |= (0x80 | (code & 0x3f)) << SHIFT[i++ & 3]; |
||
| 236 | } else if (code < 0xd800 || code >= 0xe000) { |
||
| 237 | blocks[i >> 2] |= (0xe0 | (code >> 12)) << SHIFT[i++ & 3]; |
||
| 238 | blocks[i >> 2] |= (0x80 | ((code >> 6) & 0x3f)) << SHIFT[i++ & 3]; |
||
| 239 | blocks[i >> 2] |= (0x80 | (code & 0x3f)) << SHIFT[i++ & 3]; |
||
| 240 | } else { |
||
| 241 | code = 0x10000 + (((code & 0x3ff) << 10) | (message.charCodeAt(++index) & 0x3ff)); |
||
| 242 | blocks[i >> 2] |= (0xf0 | (code >> 18)) << SHIFT[i++ & 3]; |
||
| 243 | blocks[i >> 2] |= (0x80 | ((code >> 12) & 0x3f)) << SHIFT[i++ & 3]; |
||
| 244 | blocks[i >> 2] |= (0x80 | ((code >> 6) & 0x3f)) << SHIFT[i++ & 3]; |
||
| 245 | blocks[i >> 2] |= (0x80 | (code & 0x3f)) << SHIFT[i++ & 3]; |
||
| 246 | } |
||
| 247 | } |
||
| 1419 | daniel-mar | 248 | } else { |
| 249 | for (i = this.start; index < length && i < byteCount; ++index) { |
||
| 250 | blocks[i >> 2] |= message[index] << SHIFT[i++ & 3]; |
||
| 251 | } |
||
| 597 | daniel-mar | 252 | } |
| 253 | this.lastByteIndex = i; |
||
| 254 | if (i >= byteCount) { |
||
| 255 | this.start = i - byteCount; |
||
| 256 | this.block = blocks[blockCount]; |
||
| 257 | for (i = 0; i < blockCount; ++i) { |
||
| 258 | s[i] ^= blocks[i]; |
||
| 259 | } |
||
| 260 | f(s); |
||
| 261 | this.reset = true; |
||
| 262 | } else { |
||
| 263 | this.start = i; |
||
| 264 | } |
||
| 265 | } |
||
| 266 | return this; |
||
| 267 | }; |
||
| 268 | |||
| 269 | Keccak.prototype.encode = function (x, right) { |
||
| 270 | var o = x & 255, n = 1; |
||
| 271 | var bytes = [o]; |
||
| 272 | x = x >> 8; |
||
| 273 | o = x & 255; |
||
| 274 | while (o > 0) { |
||
| 275 | bytes.unshift(o); |
||
| 276 | x = x >> 8; |
||
| 277 | o = x & 255; |
||
| 278 | ++n; |
||
| 279 | } |
||
| 280 | if (right) { |
||
| 281 | bytes.push(n); |
||
| 282 | } else { |
||
| 283 | bytes.unshift(n); |
||
| 284 | } |
||
| 285 | this.update(bytes); |
||
| 286 | return bytes.length; |
||
| 287 | }; |
||
| 288 | |||
| 289 | Keccak.prototype.encodeString = function (str) { |
||
| 1419 | daniel-mar | 290 | var result = formatMessage(str); |
| 291 | str = result[0]; |
||
| 292 | var isString = result[1]; |
||
| 597 | daniel-mar | 293 | var bytes = 0, length = str.length; |
| 1419 | daniel-mar | 294 | if (isString) { |
| 597 | daniel-mar | 295 | for (var i = 0; i < str.length; ++i) { |
| 296 | var code = str.charCodeAt(i); |
||
| 297 | if (code < 0x80) { |
||
| 298 | bytes += 1; |
||
| 299 | } else if (code < 0x800) { |
||
| 300 | bytes += 2; |
||
| 301 | } else if (code < 0xd800 || code >= 0xe000) { |
||
| 302 | bytes += 3; |
||
| 303 | } else { |
||
| 304 | code = 0x10000 + (((code & 0x3ff) << 10) | (str.charCodeAt(++i) & 0x3ff)); |
||
| 305 | bytes += 4; |
||
| 306 | } |
||
| 307 | } |
||
| 1419 | daniel-mar | 308 | } else { |
| 309 | bytes = length; |
||
| 597 | daniel-mar | 310 | } |
| 311 | bytes += this.encode(bytes * 8); |
||
| 312 | this.update(str); |
||
| 313 | return bytes; |
||
| 314 | }; |
||
| 315 | |||
| 316 | Keccak.prototype.bytepad = function (strs, w) { |
||
| 317 | var bytes = this.encode(w); |
||
| 318 | for (var i = 0; i < strs.length; ++i) { |
||
| 319 | bytes += this.encodeString(strs[i]); |
||
| 320 | } |
||
| 1395 | daniel-mar | 321 | var paddingBytes = (w - bytes % w) % w; |
| 597 | daniel-mar | 322 | var zeros = []; |
| 323 | zeros.length = paddingBytes; |
||
| 324 | this.update(zeros); |
||
| 325 | return this; |
||
| 326 | }; |
||
| 327 | |||
| 328 | Keccak.prototype.finalize = function () { |
||
| 329 | if (this.finalized) { |
||
| 330 | return; |
||
| 331 | } |
||
| 332 | this.finalized = true; |
||
| 333 | var blocks = this.blocks, i = this.lastByteIndex, blockCount = this.blockCount, s = this.s; |
||
| 334 | blocks[i >> 2] |= this.padding[i & 3]; |
||
| 335 | if (this.lastByteIndex === this.byteCount) { |
||
| 336 | blocks[0] = blocks[blockCount]; |
||
| 337 | for (i = 1; i < blockCount + 1; ++i) { |
||
| 338 | blocks[i] = 0; |
||
| 339 | } |
||
| 340 | } |
||
| 341 | blocks[blockCount - 1] |= 0x80000000; |
||
| 342 | for (i = 0; i < blockCount; ++i) { |
||
| 343 | s[i] ^= blocks[i]; |
||
| 344 | } |
||
| 345 | f(s); |
||
| 346 | }; |
||
| 347 | |||
| 348 | Keccak.prototype.toString = Keccak.prototype.hex = function () { |
||
| 349 | this.finalize(); |
||
| 350 | |||
| 351 | var blockCount = this.blockCount, s = this.s, outputBlocks = this.outputBlocks, |
||
| 352 | extraBytes = this.extraBytes, i = 0, j = 0; |
||
| 353 | var hex = '', block; |
||
| 354 | while (j < outputBlocks) { |
||
| 355 | for (i = 0; i < blockCount && j < outputBlocks; ++i, ++j) { |
||
| 356 | block = s[i]; |
||
| 357 | hex += HEX_CHARS[(block >> 4) & 0x0F] + HEX_CHARS[block & 0x0F] + |
||
| 358 | HEX_CHARS[(block >> 12) & 0x0F] + HEX_CHARS[(block >> 8) & 0x0F] + |
||
| 359 | HEX_CHARS[(block >> 20) & 0x0F] + HEX_CHARS[(block >> 16) & 0x0F] + |
||
| 360 | HEX_CHARS[(block >> 28) & 0x0F] + HEX_CHARS[(block >> 24) & 0x0F]; |
||
| 361 | } |
||
| 362 | if (j % blockCount === 0) { |
||
| 363 | f(s); |
||
| 364 | i = 0; |
||
| 365 | } |
||
| 366 | } |
||
| 367 | if (extraBytes) { |
||
| 368 | block = s[i]; |
||
| 369 | hex += HEX_CHARS[(block >> 4) & 0x0F] + HEX_CHARS[block & 0x0F]; |
||
| 370 | if (extraBytes > 1) { |
||
| 371 | hex += HEX_CHARS[(block >> 12) & 0x0F] + HEX_CHARS[(block >> 8) & 0x0F]; |
||
| 372 | } |
||
| 373 | if (extraBytes > 2) { |
||
| 374 | hex += HEX_CHARS[(block >> 20) & 0x0F] + HEX_CHARS[(block >> 16) & 0x0F]; |
||
| 375 | } |
||
| 376 | } |
||
| 377 | return hex; |
||
| 378 | }; |
||
| 379 | |||
| 380 | Keccak.prototype.arrayBuffer = function () { |
||
| 381 | this.finalize(); |
||
| 382 | |||
| 383 | var blockCount = this.blockCount, s = this.s, outputBlocks = this.outputBlocks, |
||
| 384 | extraBytes = this.extraBytes, i = 0, j = 0; |
||
| 385 | var bytes = this.outputBits >> 3; |
||
| 386 | var buffer; |
||
| 387 | if (extraBytes) { |
||
| 388 | buffer = new ArrayBuffer((outputBlocks + 1) << 2); |
||
| 389 | } else { |
||
| 390 | buffer = new ArrayBuffer(bytes); |
||
| 391 | } |
||
| 392 | var array = new Uint32Array(buffer); |
||
| 393 | while (j < outputBlocks) { |
||
| 394 | for (i = 0; i < blockCount && j < outputBlocks; ++i, ++j) { |
||
| 395 | array[j] = s[i]; |
||
| 396 | } |
||
| 397 | if (j % blockCount === 0) { |
||
| 398 | f(s); |
||
| 399 | } |
||
| 400 | } |
||
| 401 | if (extraBytes) { |
||
| 402 | array[i] = s[i]; |
||
| 403 | buffer = buffer.slice(0, bytes); |
||
| 404 | } |
||
| 405 | return buffer; |
||
| 406 | }; |
||
| 407 | |||
| 408 | Keccak.prototype.buffer = Keccak.prototype.arrayBuffer; |
||
| 409 | |||
| 410 | Keccak.prototype.digest = Keccak.prototype.array = function () { |
||
| 411 | this.finalize(); |
||
| 412 | |||
| 413 | var blockCount = this.blockCount, s = this.s, outputBlocks = this.outputBlocks, |
||
| 414 | extraBytes = this.extraBytes, i = 0, j = 0; |
||
| 415 | var array = [], offset, block; |
||
| 416 | while (j < outputBlocks) { |
||
| 417 | for (i = 0; i < blockCount && j < outputBlocks; ++i, ++j) { |
||
| 418 | offset = j << 2; |
||
| 419 | block = s[i]; |
||
| 420 | array[offset] = block & 0xFF; |
||
| 421 | array[offset + 1] = (block >> 8) & 0xFF; |
||
| 422 | array[offset + 2] = (block >> 16) & 0xFF; |
||
| 423 | array[offset + 3] = (block >> 24) & 0xFF; |
||
| 424 | } |
||
| 425 | if (j % blockCount === 0) { |
||
| 426 | f(s); |
||
| 427 | } |
||
| 428 | } |
||
| 429 | if (extraBytes) { |
||
| 430 | offset = j << 2; |
||
| 431 | block = s[i]; |
||
| 432 | array[offset] = block & 0xFF; |
||
| 433 | if (extraBytes > 1) { |
||
| 434 | array[offset + 1] = (block >> 8) & 0xFF; |
||
| 435 | } |
||
| 436 | if (extraBytes > 2) { |
||
| 437 | array[offset + 2] = (block >> 16) & 0xFF; |
||
| 438 | } |
||
| 439 | } |
||
| 440 | return array; |
||
| 441 | }; |
||
| 442 | |||
| 443 | function Kmac(bits, padding, outputBits) { |
||
| 444 | Keccak.call(this, bits, padding, outputBits); |
||
| 445 | } |
||
| 446 | |||
| 447 | Kmac.prototype = new Keccak(); |
||
| 448 | |||
| 449 | Kmac.prototype.finalize = function () { |
||
| 450 | this.encode(this.outputBits, true); |
||
| 451 | return Keccak.prototype.finalize.call(this); |
||
| 452 | }; |
||
| 453 | |||
| 454 | var f = function (s) { |
||
| 455 | var h, l, n, c0, c1, c2, c3, c4, c5, c6, c7, c8, c9, |
||
| 456 | b0, b1, b2, b3, b4, b5, b6, b7, b8, b9, b10, b11, b12, b13, b14, b15, b16, b17, |
||
| 457 | b18, b19, b20, b21, b22, b23, b24, b25, b26, b27, b28, b29, b30, b31, b32, b33, |
||
| 458 | b34, b35, b36, b37, b38, b39, b40, b41, b42, b43, b44, b45, b46, b47, b48, b49; |
||
| 459 | for (n = 0; n < 48; n += 2) { |
||
| 460 | c0 = s[0] ^ s[10] ^ s[20] ^ s[30] ^ s[40]; |
||
| 461 | c1 = s[1] ^ s[11] ^ s[21] ^ s[31] ^ s[41]; |
||
| 462 | c2 = s[2] ^ s[12] ^ s[22] ^ s[32] ^ s[42]; |
||
| 463 | c3 = s[3] ^ s[13] ^ s[23] ^ s[33] ^ s[43]; |
||
| 464 | c4 = s[4] ^ s[14] ^ s[24] ^ s[34] ^ s[44]; |
||
| 465 | c5 = s[5] ^ s[15] ^ s[25] ^ s[35] ^ s[45]; |
||
| 466 | c6 = s[6] ^ s[16] ^ s[26] ^ s[36] ^ s[46]; |
||
| 467 | c7 = s[7] ^ s[17] ^ s[27] ^ s[37] ^ s[47]; |
||
| 468 | c8 = s[8] ^ s[18] ^ s[28] ^ s[38] ^ s[48]; |
||
| 469 | c9 = s[9] ^ s[19] ^ s[29] ^ s[39] ^ s[49]; |
||
| 470 | |||
| 471 | h = c8 ^ ((c2 << 1) | (c3 >>> 31)); |
||
| 472 | l = c9 ^ ((c3 << 1) | (c2 >>> 31)); |
||
| 473 | s[0] ^= h; |
||
| 474 | s[1] ^= l; |
||
| 475 | s[10] ^= h; |
||
| 476 | s[11] ^= l; |
||
| 477 | s[20] ^= h; |
||
| 478 | s[21] ^= l; |
||
| 479 | s[30] ^= h; |
||
| 480 | s[31] ^= l; |
||
| 481 | s[40] ^= h; |
||
| 482 | s[41] ^= l; |
||
| 483 | h = c0 ^ ((c4 << 1) | (c5 >>> 31)); |
||
| 484 | l = c1 ^ ((c5 << 1) | (c4 >>> 31)); |
||
| 485 | s[2] ^= h; |
||
| 486 | s[3] ^= l; |
||
| 487 | s[12] ^= h; |
||
| 488 | s[13] ^= l; |
||
| 489 | s[22] ^= h; |
||
| 490 | s[23] ^= l; |
||
| 491 | s[32] ^= h; |
||
| 492 | s[33] ^= l; |
||
| 493 | s[42] ^= h; |
||
| 494 | s[43] ^= l; |
||
| 495 | h = c2 ^ ((c6 << 1) | (c7 >>> 31)); |
||
| 496 | l = c3 ^ ((c7 << 1) | (c6 >>> 31)); |
||
| 497 | s[4] ^= h; |
||
| 498 | s[5] ^= l; |
||
| 499 | s[14] ^= h; |
||
| 500 | s[15] ^= l; |
||
| 501 | s[24] ^= h; |
||
| 502 | s[25] ^= l; |
||
| 503 | s[34] ^= h; |
||
| 504 | s[35] ^= l; |
||
| 505 | s[44] ^= h; |
||
| 506 | s[45] ^= l; |
||
| 507 | h = c4 ^ ((c8 << 1) | (c9 >>> 31)); |
||
| 508 | l = c5 ^ ((c9 << 1) | (c8 >>> 31)); |
||
| 509 | s[6] ^= h; |
||
| 510 | s[7] ^= l; |
||
| 511 | s[16] ^= h; |
||
| 512 | s[17] ^= l; |
||
| 513 | s[26] ^= h; |
||
| 514 | s[27] ^= l; |
||
| 515 | s[36] ^= h; |
||
| 516 | s[37] ^= l; |
||
| 517 | s[46] ^= h; |
||
| 518 | s[47] ^= l; |
||
| 519 | h = c6 ^ ((c0 << 1) | (c1 >>> 31)); |
||
| 520 | l = c7 ^ ((c1 << 1) | (c0 >>> 31)); |
||
| 521 | s[8] ^= h; |
||
| 522 | s[9] ^= l; |
||
| 523 | s[18] ^= h; |
||
| 524 | s[19] ^= l; |
||
| 525 | s[28] ^= h; |
||
| 526 | s[29] ^= l; |
||
| 527 | s[38] ^= h; |
||
| 528 | s[39] ^= l; |
||
| 529 | s[48] ^= h; |
||
| 530 | s[49] ^= l; |
||
| 531 | |||
| 532 | b0 = s[0]; |
||
| 533 | b1 = s[1]; |
||
| 534 | b32 = (s[11] << 4) | (s[10] >>> 28); |
||
| 535 | b33 = (s[10] << 4) | (s[11] >>> 28); |
||
| 536 | b14 = (s[20] << 3) | (s[21] >>> 29); |
||
| 537 | b15 = (s[21] << 3) | (s[20] >>> 29); |
||
| 538 | b46 = (s[31] << 9) | (s[30] >>> 23); |
||
| 539 | b47 = (s[30] << 9) | (s[31] >>> 23); |
||
| 540 | b28 = (s[40] << 18) | (s[41] >>> 14); |
||
| 541 | b29 = (s[41] << 18) | (s[40] >>> 14); |
||
| 542 | b20 = (s[2] << 1) | (s[3] >>> 31); |
||
| 543 | b21 = (s[3] << 1) | (s[2] >>> 31); |
||
| 544 | b2 = (s[13] << 12) | (s[12] >>> 20); |
||
| 545 | b3 = (s[12] << 12) | (s[13] >>> 20); |
||
| 546 | b34 = (s[22] << 10) | (s[23] >>> 22); |
||
| 547 | b35 = (s[23] << 10) | (s[22] >>> 22); |
||
| 548 | b16 = (s[33] << 13) | (s[32] >>> 19); |
||
| 549 | b17 = (s[32] << 13) | (s[33] >>> 19); |
||
| 550 | b48 = (s[42] << 2) | (s[43] >>> 30); |
||
| 551 | b49 = (s[43] << 2) | (s[42] >>> 30); |
||
| 552 | b40 = (s[5] << 30) | (s[4] >>> 2); |
||
| 553 | b41 = (s[4] << 30) | (s[5] >>> 2); |
||
| 554 | b22 = (s[14] << 6) | (s[15] >>> 26); |
||
| 555 | b23 = (s[15] << 6) | (s[14] >>> 26); |
||
| 556 | b4 = (s[25] << 11) | (s[24] >>> 21); |
||
| 557 | b5 = (s[24] << 11) | (s[25] >>> 21); |
||
| 558 | b36 = (s[34] << 15) | (s[35] >>> 17); |
||
| 559 | b37 = (s[35] << 15) | (s[34] >>> 17); |
||
| 560 | b18 = (s[45] << 29) | (s[44] >>> 3); |
||
| 561 | b19 = (s[44] << 29) | (s[45] >>> 3); |
||
| 562 | b10 = (s[6] << 28) | (s[7] >>> 4); |
||
| 563 | b11 = (s[7] << 28) | (s[6] >>> 4); |
||
| 564 | b42 = (s[17] << 23) | (s[16] >>> 9); |
||
| 565 | b43 = (s[16] << 23) | (s[17] >>> 9); |
||
| 566 | b24 = (s[26] << 25) | (s[27] >>> 7); |
||
| 567 | b25 = (s[27] << 25) | (s[26] >>> 7); |
||
| 568 | b6 = (s[36] << 21) | (s[37] >>> 11); |
||
| 569 | b7 = (s[37] << 21) | (s[36] >>> 11); |
||
| 570 | b38 = (s[47] << 24) | (s[46] >>> 8); |
||
| 571 | b39 = (s[46] << 24) | (s[47] >>> 8); |
||
| 572 | b30 = (s[8] << 27) | (s[9] >>> 5); |
||
| 573 | b31 = (s[9] << 27) | (s[8] >>> 5); |
||
| 574 | b12 = (s[18] << 20) | (s[19] >>> 12); |
||
| 575 | b13 = (s[19] << 20) | (s[18] >>> 12); |
||
| 576 | b44 = (s[29] << 7) | (s[28] >>> 25); |
||
| 577 | b45 = (s[28] << 7) | (s[29] >>> 25); |
||
| 578 | b26 = (s[38] << 8) | (s[39] >>> 24); |
||
| 579 | b27 = (s[39] << 8) | (s[38] >>> 24); |
||
| 580 | b8 = (s[48] << 14) | (s[49] >>> 18); |
||
| 581 | b9 = (s[49] << 14) | (s[48] >>> 18); |
||
| 582 | |||
| 583 | s[0] = b0 ^ (~b2 & b4); |
||
| 584 | s[1] = b1 ^ (~b3 & b5); |
||
| 585 | s[10] = b10 ^ (~b12 & b14); |
||
| 586 | s[11] = b11 ^ (~b13 & b15); |
||
| 587 | s[20] = b20 ^ (~b22 & b24); |
||
| 588 | s[21] = b21 ^ (~b23 & b25); |
||
| 589 | s[30] = b30 ^ (~b32 & b34); |
||
| 590 | s[31] = b31 ^ (~b33 & b35); |
||
| 591 | s[40] = b40 ^ (~b42 & b44); |
||
| 592 | s[41] = b41 ^ (~b43 & b45); |
||
| 593 | s[2] = b2 ^ (~b4 & b6); |
||
| 594 | s[3] = b3 ^ (~b5 & b7); |
||
| 595 | s[12] = b12 ^ (~b14 & b16); |
||
| 596 | s[13] = b13 ^ (~b15 & b17); |
||
| 597 | s[22] = b22 ^ (~b24 & b26); |
||
| 598 | s[23] = b23 ^ (~b25 & b27); |
||
| 599 | s[32] = b32 ^ (~b34 & b36); |
||
| 600 | s[33] = b33 ^ (~b35 & b37); |
||
| 601 | s[42] = b42 ^ (~b44 & b46); |
||
| 602 | s[43] = b43 ^ (~b45 & b47); |
||
| 603 | s[4] = b4 ^ (~b6 & b8); |
||
| 604 | s[5] = b5 ^ (~b7 & b9); |
||
| 605 | s[14] = b14 ^ (~b16 & b18); |
||
| 606 | s[15] = b15 ^ (~b17 & b19); |
||
| 607 | s[24] = b24 ^ (~b26 & b28); |
||
| 608 | s[25] = b25 ^ (~b27 & b29); |
||
| 609 | s[34] = b34 ^ (~b36 & b38); |
||
| 610 | s[35] = b35 ^ (~b37 & b39); |
||
| 611 | s[44] = b44 ^ (~b46 & b48); |
||
| 612 | s[45] = b45 ^ (~b47 & b49); |
||
| 613 | s[6] = b6 ^ (~b8 & b0); |
||
| 614 | s[7] = b7 ^ (~b9 & b1); |
||
| 615 | s[16] = b16 ^ (~b18 & b10); |
||
| 616 | s[17] = b17 ^ (~b19 & b11); |
||
| 617 | s[26] = b26 ^ (~b28 & b20); |
||
| 618 | s[27] = b27 ^ (~b29 & b21); |
||
| 619 | s[36] = b36 ^ (~b38 & b30); |
||
| 620 | s[37] = b37 ^ (~b39 & b31); |
||
| 621 | s[46] = b46 ^ (~b48 & b40); |
||
| 622 | s[47] = b47 ^ (~b49 & b41); |
||
| 623 | s[8] = b8 ^ (~b0 & b2); |
||
| 624 | s[9] = b9 ^ (~b1 & b3); |
||
| 625 | s[18] = b18 ^ (~b10 & b12); |
||
| 626 | s[19] = b19 ^ (~b11 & b13); |
||
| 627 | s[28] = b28 ^ (~b20 & b22); |
||
| 628 | s[29] = b29 ^ (~b21 & b23); |
||
| 629 | s[38] = b38 ^ (~b30 & b32); |
||
| 630 | s[39] = b39 ^ (~b31 & b33); |
||
| 631 | s[48] = b48 ^ (~b40 & b42); |
||
| 632 | s[49] = b49 ^ (~b41 & b43); |
||
| 633 | |||
| 634 | s[0] ^= RC[n]; |
||
| 635 | s[1] ^= RC[n + 1]; |
||
| 636 | } |
||
| 637 | }; |
||
| 638 | |||
| 639 | if (COMMON_JS) { |
||
| 640 | module.exports = methods; |
||
| 641 | } else { |
||
| 642 | for (i = 0; i < methodNames.length; ++i) { |
||
| 643 | root[methodNames[i]] = methods[methodNames[i]]; |
||
| 644 | } |
||
| 645 | if (AMD) { |
||
| 646 | define(function () { |
||
| 647 | return methods; |
||
| 648 | }); |
||
| 649 | } |
||
| 650 | } |
||
| 651 | })(); |