|
| 1 | +#pragma once |
| 2 | +#include <array> |
| 3 | +#include <cstddef> |
| 4 | +#include <cstdint> |
| 5 | +#include <cstring> |
| 6 | +#include <iomanip> |
| 7 | +#include <sstream> |
| 8 | +#include <string> |
| 9 | +#include <vector> |
| 10 | + |
| 11 | +#include "uint512_t.hxx" |
| 12 | + |
| 13 | +class SHA3_512 { |
| 14 | + private: |
| 15 | + static constexpr size_t KECCAKF_ROUNDS = 24; |
| 16 | + static constexpr uint64_t keccakf_rndc[24] = { |
| 17 | + 0x0000000000000001ULL, 0x0000000000008082ULL, 0x800000000000808aULL, 0x8000000080008000ULL, 0x000000000000808bULL, 0x0000000080000001ULL, |
| 18 | + 0x8000000080008081ULL, 0x8000000000008009ULL, 0x000000000000008aULL, 0x0000000000000088ULL, 0x0000000080008009ULL, 0x000000008000000aULL, |
| 19 | + 0x000000008000808bULL, 0x800000000000008bULL, 0x8000000000008089ULL, 0x8000000000008003ULL, 0x8000000000008002ULL, 0x8000000000000080ULL, |
| 20 | + 0x000000000000800aULL, 0x800000008000000aULL, 0x8000000080008081ULL, 0x8000000000008080ULL, 0x0000000000008001ULL, 0x8000000080008008ULL}; |
| 21 | + |
| 22 | + static constexpr uint8_t keccakf_rotc[24] = {1, 3, 6, 10, 15, 21, 28, 36, 45, 55, 2, 14, 27, 41, 56, 8, 25, 43, 62, 18, 39, 61, 20, 44}; |
| 23 | + |
| 24 | + static constexpr uint8_t keccakf_piln[24] = {10, 7, 11, 17, 18, 3, 5, 16, 8, 21, 24, 4, 15, 23, 19, 13, 12, 2, 20, 14, 22, 9, 6, 1}; |
| 25 | + |
| 26 | + static inline uint64_t rol64(uint64_t x, unsigned s) { return (x << s) | (x >> (64 - s)); } |
| 27 | + |
| 28 | + static void keccakf(uint64_t* st) { |
| 29 | + uint64_t t, bc[5]; |
| 30 | + for (size_t round = 0; round < KECCAKF_ROUNDS; ++round) { |
| 31 | + for (int i = 0; i < 5; ++i) bc[i] = st[i] ^ st[i + 5] ^ st[i + 10] ^ st[i + 15] ^ st[i + 20]; |
| 32 | + for (int i = 0; i < 5; ++i) { |
| 33 | + t = bc[(i + 4) % 5] ^ rol64(bc[(i + 1) % 5], 1); |
| 34 | + for (int j = 0; j < 25; j += 5) st[j + i] ^= t; |
| 35 | + } |
| 36 | + t = st[1]; |
| 37 | + for (int i = 0; i < 24; ++i) { |
| 38 | + int j = keccakf_piln[i]; |
| 39 | + bc[0] = st[j]; |
| 40 | + st[j] = rol64(t, keccakf_rotc[i]); |
| 41 | + t = bc[0]; |
| 42 | + } |
| 43 | + for (int j = 0; j < 25; j += 5) { |
| 44 | + for (int i = 0; i < 5; ++i) bc[i] = st[j + i]; |
| 45 | + st[j + 0] = bc[0] ^ ((~bc[1]) & bc[2]); |
| 46 | + st[j + 1] = bc[1] ^ ((~bc[2]) & bc[3]); |
| 47 | + st[j + 2] = bc[2] ^ ((~bc[3]) & bc[4]); |
| 48 | + st[j + 3] = bc[3] ^ ((~bc[4]) & bc[0]); |
| 49 | + st[j + 4] = bc[4] ^ ((~bc[0]) & bc[1]); |
| 50 | + } |
| 51 | + st[0] ^= keccakf_rndc[round]; |
| 52 | + } |
| 53 | + } |
| 54 | + |
| 55 | + static inline bool is_little_endian() { |
| 56 | + uint16_t x = 1; |
| 57 | + return *reinterpret_cast<uint8_t*>(&x) == 1; |
| 58 | + } |
| 59 | + |
| 60 | + static inline uint64_t swap64(uint64_t x) { |
| 61 | + return ((x & 0x00000000000000FFULL) << 56) | ((x & 0x000000000000FF00ULL) << 40) | ((x & 0x0000000000FF0000ULL) << 24) | |
| 62 | + ((x & 0x00000000FF000000ULL) << 8) | ((x & 0x000000FF00000000ULL) >> 8) | ((x & 0x0000FF0000000000ULL) >> 24) | ((x & 0x00FF000000000000ULL) >> 40) | |
| 63 | + ((x & 0xFF00000000000000ULL) >> 56); |
| 64 | + } |
| 65 | + |
| 66 | + static void update(const uint8_t* data, size_t len, uint64_t (&st)[25], std::vector<uint8_t>& buf) { |
| 67 | + while (len--) { |
| 68 | + buf.push_back(*data++); |
| 69 | + if (buf.size() == 72) { |
| 70 | + for (size_t i = 0; i < 9; ++i) { |
| 71 | + uint64_t t = 0; |
| 72 | + for (size_t j = 0; j < 8; ++j) t |= ((uint64_t)buf[i * 8 + j]) << (8 * j); |
| 73 | + st[i] ^= t; |
| 74 | + } |
| 75 | + keccakf(st); |
| 76 | + buf.clear(); |
| 77 | + } |
| 78 | + } |
| 79 | + } |
| 80 | + |
| 81 | + static void finalize(uint64_t (&st)[25], std::vector<uint8_t>& buf) { |
| 82 | + buf.push_back(0x06); |
| 83 | + while (buf.size() < 72) buf.push_back(0x00); |
| 84 | + buf[71] |= 0x80; |
| 85 | + for (size_t i = 0; i < 9; ++i) { |
| 86 | + uint64_t t = 0; |
| 87 | + for (size_t j = 0; j < 8; ++j) t |= ((uint64_t)buf[i * 8 + j]) << (8 * j); |
| 88 | + st[i] ^= t; |
| 89 | + } |
| 90 | + keccakf(st); |
| 91 | + } |
| 92 | + |
| 93 | + public: |
| 94 | + static uint512_t hash(const std::string& s) { |
| 95 | + using namespace std; |
| 96 | + uint64_t st[25]{}; |
| 97 | + vector<uint8_t> buf; |
| 98 | + update(reinterpret_cast<const uint8_t*>(s.data()), s.size(), st, buf); |
| 99 | + finalize(st, buf); |
| 100 | + |
| 101 | + array<uint8_t, 64> out{}; |
| 102 | + bool little = is_little_endian(); |
| 103 | + for (size_t i = 0; i < 8; ++i) { |
| 104 | + uint64_t lane = st[i]; |
| 105 | + if (little) lane = swap64(lane); |
| 106 | + for (int j = 0; j < 8; ++j) out[i * 8 + j] = (lane >> (8 * (7 - j))) & 0xFF; |
| 107 | + } |
| 108 | + uint512_t val; |
| 109 | + for (int i = 0; i < 64; ++i) val.dataBE[i] = out[i]; |
| 110 | + return val; |
| 111 | + } |
| 112 | + |
| 113 | + static std::string hash_hex(const std::string& s) { |
| 114 | + using namespace std; |
| 115 | + uint64_t st[25]{}; |
| 116 | + vector<uint8_t> buf; |
| 117 | + update(reinterpret_cast<const uint8_t*>(s.data()), s.size(), st, buf); |
| 118 | + finalize(st, buf); |
| 119 | + |
| 120 | + ostringstream oss; |
| 121 | + bool little = is_little_endian(); |
| 122 | + for (size_t i = 0; i < 8; ++i) { |
| 123 | + uint64_t lane = st[i]; |
| 124 | + if (little) lane = swap64(lane); |
| 125 | + for (int j = 0; j < 8; ++j) { |
| 126 | + uint8_t b = (lane >> (8 * (7 - j))) & 0xFF; |
| 127 | + oss << hex << setw(2) << setfill('0') << (int)b; |
| 128 | + } |
| 129 | + } |
| 130 | + return oss.str(); |
| 131 | + } |
| 132 | +}; |
0 commit comments