rand/rand-x86ish.S: Hoist argument register allocation outside.

[catacomb] / utils / strobe

#! /usr/bin/python

import catacomb as CAT

I = 1
A = 2
C = 4
T = 8
M = 16
INIT = 256

def dump_keccak_state(what, state):
  buf = CAT.ReadBuffer(state + CAT.ByteString.zero(200 - len(state)))
  print ";; %s [round 0]" % what
  print ";; uncomplemented state..."
  for i in xrange(5):
    print ";;\t%s" % " ".join(["%016x" % buf.getu64l() for j in xrange(5)])
  print

class Strobe (object):
  def __init__(me, sec = 128, _copy = None):
    if _copy is None:
      me.k = CAT.Keccak1600()
      me.r = (1600 - 2*sec)/8
      me.f = 0
      me.p0 = 0
      buf = CAT.WriteBuffer()
      buf.putu8(1).putu8(me.r)
      buf.putu8(1).putu8(0)
      buf.putu8(1).putu8(12*8).put('STROBEv1.0.2')
      ##dump_keccak_state("init", buf.contents)
      me.k.mix(buf.contents).step()
      me.buf = CAT.WriteBuffer()
      me.mask = me.k.extract(me.r - 2)
      ##dump_keccak_state("final", me.mask)
    else:
      me.k = _copy.k.dup()
      me.r = _copy.r
      me.f = _copy.f
      me.p0 = _copy.p0
      me.buf = CAT.WriteBuffer().put(_copy.buf.contents)
      me.mask = me._copy.mask

  def _crank(me):
    me.buf.putu8(me.p0); me.p0 = 0
    if me.buf.size == me.r - 1: me.buf.putu8(0x84)
    else: me.buf.putu8(0x04).zero(me.r - me.buf.size - 1).putu8(0x80)
    ##dump_keccak_state("buffer", me.buf.contents)
    ##dump_keccak_state("init", me.buf.contents ^ me.k.extract(me.r))
    me.k.mix(me.buf.contents).step()
    me.mask = me.k.extract(me.r - 2)
    ##dump_keccak_state("final", me.mask)
    me.buf = CAT.WriteBuffer()

  def process(me, op, input):
    if not op&T:
      opf = op
    else:
      if not me.f&INIT: me.f |= INIT | (op&I)
      opf = op ^ (me.f&255)
    me.buf.putu8(me.p0); me.p0 = me.buf.size
    if me.buf.size >= me.r - 2: me._crank()
    me.buf.putu8(opf)
    if op&C or me.buf.size >= me.r - 2: me._crank()

    if op&(I | T) == I or op&(I | A) == 0: buf = CAT.ByteString.zero(input)
    else: buf = CAT.ByteString(input)
    out = CAT.WriteBuffer()
    i, j, sz = 0, me.buf.size, len(buf)

    while i < sz:
      spare = me.r - j - 2
      n = min(spare, sz - i); x = buf[i:i + n]; i += n
      if not op&C: out.put(x); me.buf.put(x)
      else:
        y = x ^ me.mask[j:j + n]; out.put(y)
        if op&I or not op&T: me.buf.put(y)
        else: me.buf.put(x)
      if n == spare: me._crank(); j = 0

    if op&(I | A | C | T) != (I | C | T): return out.contents
    elif out.contents == CAT.ByteString.zero(out.size): return me
    else: raise ValueError, 'verify failed'

st0 = Strobe()
st1 = Strobe()

st0.process(A | M, 'testing')
st1.process(A | M, 'testing')

print 'prf(10) -> %s' % hex(st0.process(I | A | C, 10))
st1.process(I | A | C, 10)

print 'ad("Hello")'
st0.process(A, 'Hello')
st1.process(A, 'Hello')

c0 = st0.process(A | C | T, 'World');
st1.process(I | A | C | T, c0)
print 'encout("World") -> %s' %  hex(c0)

print 'clrout("foo")'
st0.process(A | T, 'foo');
st1.process(I | A | T, 'foo')

print 'clrin("bar")'
st1.process(A | T, 'bar')
st0.process(I | A | T, 'bar')

m1 = st0.process(I | A | C | T, 'baz')
st1.process(A | C | T, m1) #  backwards in time
print 'encin("baz") -> %s' % hex(m1)

for i in xrange(200):
  c = st0.process(A | C | T, i*'X')
  m = st1.process(I | A | C | T, c)
  print "  0 encout\n\t=%s\n\t!%s;" % (i*'X', hex(c))
  print "  1 encin\n\t!%s\n\t=%s;" % (hex(c), i*'X')

r0 = st0.process(I | A | C, 123)
r1 = st1.process(I | A | C, 123)
print 'prf(123) -> %s' % hex(r0)
assert r0 == r1

t = st0.process(C | T, 16)
print 'macout(16) -> %s' % hex(t)
st1.process(I | C | T, t)

k = 'this is my super-secret key'
print 'key("%s")' % k
st0.process(A | C, k)
st1.process(A | C, k)

r0 = st0.process(I | A | C, 32)
r1 = st1.process(I | A | C, 32)
print 'prf(32) -> %s' % hex(r0)
assert r0 == r1

print 'ratchet(32)'
st0.process(C, 32)
st1.process(C, 32)

t0 = CAT.bytes('b2084ebdfabd50768c91eebc190132cc')
st0.process(I | C | T, t0)
t1 = st1.process(C | T, 16)
assert t1 == t0
print 'macin(%s)' % hex(t0)