# SHA2 family Python 2 implementation
# Copyright (C) 2013 Filippo Valsorda
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import struct
import binascii
import math
rrot = lambda x, n: (x >> n) | (x << (32 - n))
from itertools import count, islice
primes = lambda n: islice((k for k in count(2) if all(k % d for d in range(2, k))), 0, n)
class _SHA2_32():
# (first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311)
_k = [int(math.modf(x ** (1.0/3))[0] * (1 << 32)) for x in primes(64)]
def __init__(self, message):
length = struct.pack('>Q', len(message) * 8)
while len(message) > 64:
self._handle(message[:64])
message = message[64:]
message += '\x80'
message += '\x00' * ((56 - len(message) % 64) % 64)
message += length
while len(message):
self._handle(message[:64])
message = message[64:]
def _handle(self, chunk):
w = list(struct.unpack('>' + 'I' * 16, chunk))
for i in range(16, 64):
s0 = rrot(w[i - 15], 7) ^ rrot(w[i - 15], 18) ^ (w[i - 15] >> 3)
s1 = rrot(w[i - 2], 17) ^ rrot(w[i - 2], 19) ^ (w[i - 2] >> 10)
w.append((w[i - 16] + s0 + w[i - 7] + s1) & 0xffffffff)
a = self._h0
b = self._h1
c = self._h2
d = self._h3
e = self._h4
f = self._h5
g = self._h6
h = self._h7
for i in range(64):
S1 = rrot(e, 6) ^ rrot(e, 11) ^ rrot(e, 25)
ch = (e & f) ^ ((~e) & g)
temp = h + S1 + ch + self._k[i] + w[i]
d = (d + temp) & 0xffffffff
S0 = rrot(a, 2) ^ rrot(a, 13) ^ rrot(a, 22)
maj = (a & (b ^ c)) ^ (b & c)
temp = (temp + S0 + maj) & 0xffffffff
h, g, f, e, d, c, b, a = g, f, e, d, c, b, a, temp
self._h0 = (self._h0 + a) & 0xffffffff
self._h1 = (self._h1 + b) & 0xffffffff
self._h2 = (self._h2 + c) & 0xffffffff
self._h3 = (self._h3 + d) & 0xffffffff
self._h4 = (self._h4 + e) & 0xffffffff
self._h5 = (self._h5 + f) & 0xffffffff
self._h6 = (self._h6 + g) & 0xffffffff
self._h7 = (self._h7 + h) & 0xffffffff
def hexdigest(self):
return binascii.hexlify(self.digest()).decode()
class SHA2_256(_SHA2_32):
# (first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19)
_h0, _h1, _h2, _h3, _h4, _h5, _h6, _h7 = (
0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19)
def digest(self):
return struct.pack('>IIIIIIII', self._h0, self._h1, self._h2,
self._h3, self._h4, self._h5, self._h6, self._h7)
class SHA2_224(_SHA2_32):
# (second 32 bits of the fractional parts of the square roots of the 9..16 primes 23..53)
_h0, _h1, _h2, _h3, _h4, _h5, _h6, _h7 = (
0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,
0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4)
def digest(self):
return struct.pack('>IIIIIII', self._h0, self._h1, self._h2,
self._h3, self._h4, self._h5, self._h6)
class _SHA2_64():
# (first 64 bits of the fractional parts of the cube roots of the first 80 primes)
_k = [int(math.modf(x ** (1.0/3))[0] * (1 << 80)) for x in primes(80)]
def __init__(self, message):
length = struct.pack('>QQ', (len(message) * 8) >> 32, (len(message) * 8) & 0xffffffff)
while len(message) > 128:
self._handle(message[:128])
message = message[128:]
message += '\x80'
message += '\x00' * ((112 - len(message) % 128) % 128)
message += length
while len(message):
self._handle(message[:128])
message = message[128:]
def _handle(self, chunk):
w = list(struct.unpack('>' + 'Q' * 16, chunk))
for i in range(16, 80):
s0 = rrot(w[i - 15], 7) ^ rrot(w[i - 15], 18) ^ (w[i - 15] >> 3)
s1 = rrot(w[i - 2], 17) ^ rrot(w[i - 2], 19) ^ (w[i - 2] >> 10)
w.append((w[i - 16] + s0 + w[i - 7] + s1) & 0xffffffffffffffff)
a = self._h0
b = self._h1
c = self._h2
d = self._h3
e = self._h4
f = self._h5
g = self._h6
h = self._h7
for i in range(80):
S1 = rrot(e, 6) ^ rrot(e, 11) ^ rrot(e, 25)
ch = (e & f) ^ ((~e) & g)
temp = h + S1 + ch + self._k[i] + w[i]
d = (d + temp) & 0xffffffffffffffff
S0 = rrot(a, 2) ^ rrot(a, 13) ^ rrot(a, 22)
maj = (a & (b ^ c)) ^ (b & c)
temp = (temp + S0 + maj) & 0xffffffffffffffff
h, g, f, e, d, c, b, a = g, f, e, d, c, b, a, temp
self._h0 = (self._h0 + a) & 0xffffffffffffffff
self._h1 = (self._h1 + b) & 0xffffffffffffffff
self._h2 = (self._h2 + c) & 0xffffffffffffffff
self._h3 = (self._h3 + d) & 0xffffffffffffffff
self._h4 = (self._h4 + e) & 0xffffffffffffffff
self._h5 = (self._h5 + f) & 0xffffffffffffffff
self._h6 = (self._h6 + g) & 0xffffffffffffffff
self._h7 = (self._h7 + h) & 0xffffffffffffffff
def hexdigest(self):
return binascii.hexlify(self.digest()).decode()
class SHA2_512(_SHA2_64):
# (first 64 bits of the fractional parts of the square roots of the first 8 primes 2..19)
_h0, _h1, _h2, _h3, _h4, _h5, _h6, _h7 = (
0x6a09e667f3bcc908, 0xbb67ae8584caa73b, 0x3c6ef372fe94f82b,
0xa54ff53a5f1d36f1, 0x510e527fade682d1, 0x9b05688c2b3e6c1f,
0x1f83d9abfb41bd6b, 0x5be0cd19137e2179)
def digest(self):
return struct.pack('>QQQQQQQQ', self._h0, self._h1, self._h2,
self._h3, self._h4, self._h5, self._h6, self._h7)
class SHA2_384(_SHA2_64):
# (second 64 bits of the fractional parts of the square roots of the 9..16 primes 23..53)
_h0, _h1, _h2, _h3, _h4, _h5, _h6, _h7 = (
0xcbbb9d5dc1059ed8, 0x629a292a367cd507, 0x9159015a3070dd17,
0x152fecd8f70e5939, 0x67332667ffc00b31, 0x8eb44a8768581511,
0xdb0c2e0d64f98fa7, 0x47b5481dbefa4fa4)
def digest(self):
return struct.pack('>QQQQQQQ', self._h0, self._h1, self._h2,
self._h3, self._h4, self._h5, self._h6)