mirror of
https://github.com/LBRYFoundation/pool.git
synced 2025-08-23 17:37:25 +00:00
408 lines
11 KiB
C
408 lines
11 KiB
C
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <stdint.h>
|
|
#include <string.h>
|
|
|
|
#include "drop.h"
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
#include "../sha3/sph_blake.h"
|
|
#include "../sha3/sph_groestl.h"
|
|
#include "../sha3/sph_skein.h"
|
|
#include "../sha3/sph_jh.h"
|
|
#include "../sha3/sph_keccak.h"
|
|
#include "../sha3/sph_luffa.h"
|
|
#include "../sha3/sph_cubehash.h"
|
|
#include "../sha3/sph_shavite.h"
|
|
#include "../sha3/sph_simd.h"
|
|
#include "../sha3/sph_echo.h"
|
|
#include "../sha3/sph_fugue.h"
|
|
|
|
//#define TEST_VERBOSELY
|
|
|
|
static inline void shiftr_lp(const uint32_t *input, uint32_t *output, unsigned int shift)
|
|
{
|
|
if (!shift) {
|
|
memcpy(output, input, 64);
|
|
return;
|
|
}
|
|
memset(output, 0, 64);
|
|
int i;
|
|
for (i = 0; i < 15; ++i) {
|
|
output[i + 1] |= (input[i] >> (32 - shift));
|
|
output[i] |= (input[i] << shift);
|
|
}
|
|
output[15] |= (input[15] << shift);
|
|
return;
|
|
}
|
|
|
|
|
|
void drop_hash_512( uint8_t* input, uint8_t* output, uint32_t len )
|
|
{
|
|
uint8_t hash[2][64];
|
|
|
|
sph_jh512_context ctx_jh;
|
|
sph_keccak512_context ctx_keccak;
|
|
sph_blake512_context ctx_blake;
|
|
sph_groestl512_context ctx_groestl;
|
|
sph_skein512_context ctx_skein;
|
|
sph_luffa512_context ctx_luffa;
|
|
sph_echo512_context ctx_echo;
|
|
sph_shavite512_context ctx_shavite;
|
|
sph_fugue512_context ctx_fugue;
|
|
sph_simd512_context ctx_simd;
|
|
sph_cubehash512_context ctx_cubehash;
|
|
|
|
unsigned int startPosition; // order in which to apply the hashing algos
|
|
unsigned int i = 0;
|
|
unsigned int j = 0;
|
|
|
|
uint8_t *phashA = (uint8_t *)(&hash[0]);
|
|
uint8_t *phashB = (uint8_t *)(&hash[1]);
|
|
|
|
// initialize the buffers for hash results
|
|
for(i=0; i<2; i++) { for(j=0; j<64; j++) { hash[i][j] = 0; } }
|
|
|
|
|
|
sph_jh512_init(&ctx_jh);
|
|
sph_jh512 (&ctx_jh, input, len);
|
|
sph_jh512_close(&ctx_jh, phashA);
|
|
|
|
uint32_t gls32 = getleastsig32(phashA, 0);
|
|
startPosition = gls32 % 31;
|
|
|
|
for (i = startPosition; i < 31; i--) {
|
|
int start = i % 10;
|
|
for ( j = start; j < 10; j++) {
|
|
shiftr_lp((uint32_t *)phashA, (uint32_t *)phashB, (i & 3));
|
|
switch (j) {
|
|
case 0:
|
|
sph_keccak512_init(&ctx_keccak);
|
|
sph_keccak512(&ctx_keccak, phashB, 64);
|
|
sph_keccak512_close(&ctx_keccak, phashA);
|
|
break;
|
|
case 1:
|
|
sph_blake512_init(&ctx_blake);
|
|
sph_blake512(&ctx_blake, phashB, 64);
|
|
sph_blake512_close(&ctx_blake, phashA);
|
|
break;
|
|
case 2:
|
|
sph_groestl512_init(&ctx_groestl);
|
|
sph_groestl512(&ctx_groestl, phashB, 64);
|
|
sph_groestl512_close(&ctx_groestl, phashA);
|
|
break;
|
|
case 3:
|
|
sph_skein512_init(&ctx_skein);
|
|
sph_skein512(&ctx_skein, phashB, 64);
|
|
sph_skein512_close(&ctx_skein, phashA);
|
|
break;
|
|
case 4:
|
|
sph_luffa512_init(&ctx_luffa);
|
|
sph_luffa512(&ctx_luffa, phashB, 64);
|
|
sph_luffa512_close(&ctx_luffa, phashA);
|
|
break;
|
|
case 5:
|
|
sph_echo512_init(&ctx_echo);
|
|
sph_echo512(&ctx_echo, phashB, 64);
|
|
sph_echo512_close(&ctx_echo, phashA);
|
|
break;
|
|
case 6:
|
|
sph_shavite512_init(&ctx_shavite);
|
|
sph_shavite512(&ctx_shavite, phashB, 64);
|
|
sph_shavite512_close(&ctx_shavite, phashA);
|
|
break;
|
|
case 7:
|
|
sph_fugue512_init(&ctx_fugue);
|
|
sph_fugue512(&ctx_fugue, phashB, 64);
|
|
sph_fugue512_close(&ctx_fugue, phashA);
|
|
break;
|
|
case 8:
|
|
sph_simd512_init(&ctx_simd);
|
|
sph_simd512(&ctx_simd, phashB, 64);
|
|
sph_simd512_close(&ctx_simd, phashA);
|
|
break;
|
|
case 9:
|
|
sph_cubehash512_init(&ctx_cubehash);
|
|
sph_cubehash512(&ctx_cubehash, phashB, 64);
|
|
sph_cubehash512_close(&ctx_cubehash, phashA);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
for ( j = 0; j < start; j++) {
|
|
shiftr_lp((uint32_t *)phashA, (uint32_t *)phashB, (i & 3));
|
|
switch (j) {
|
|
case 0:
|
|
sph_keccak512_init(&ctx_keccak);
|
|
sph_keccak512(&ctx_keccak, phashB, 64);
|
|
sph_keccak512_close(&ctx_keccak, phashA);
|
|
break;
|
|
case 1:
|
|
sph_blake512_init(&ctx_blake);
|
|
sph_blake512(&ctx_blake, phashB, 64);
|
|
sph_blake512_close(&ctx_blake, phashA);
|
|
break;
|
|
case 2:
|
|
sph_groestl512_init(&ctx_groestl);
|
|
sph_groestl512(&ctx_groestl, phashB, 64);
|
|
sph_groestl512_close(&ctx_groestl, phashA);
|
|
break;
|
|
case 3:
|
|
sph_skein512_init(&ctx_skein);
|
|
sph_skein512(&ctx_skein, phashB, 64);
|
|
sph_skein512_close(&ctx_skein, phashA);
|
|
break;
|
|
case 4:
|
|
sph_luffa512_init(&ctx_luffa);
|
|
sph_luffa512(&ctx_luffa, phashB, 64);
|
|
sph_luffa512_close(&ctx_luffa, phashA);
|
|
break;
|
|
case 5:
|
|
sph_echo512_init(&ctx_echo);
|
|
sph_echo512(&ctx_echo, phashB, 64);
|
|
sph_echo512_close(&ctx_echo, phashA);
|
|
break;
|
|
case 6:
|
|
sph_shavite512_init(&ctx_shavite);
|
|
sph_shavite512(&ctx_shavite, phashB, 64);
|
|
sph_shavite512_close(&ctx_shavite, phashA);
|
|
break;
|
|
case 7:
|
|
sph_fugue512_init(&ctx_fugue);
|
|
sph_fugue512(&ctx_fugue, phashB, 64);
|
|
sph_fugue512_close(&ctx_fugue, phashA);
|
|
break;
|
|
case 8:
|
|
sph_simd512_init(&ctx_simd);
|
|
sph_simd512(&ctx_simd, phashB, 64);
|
|
sph_simd512_close(&ctx_simd, phashA);
|
|
break;
|
|
case 9:
|
|
sph_cubehash512_init(&ctx_cubehash);
|
|
sph_cubehash512(&ctx_cubehash, phashB, 64);
|
|
sph_cubehash512_close(&ctx_cubehash, phashA);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
i += 10;
|
|
}
|
|
for ( i = 0; i < startPosition; i--) {
|
|
int start = i % 10;
|
|
for ( j = start; j < 10; j++) {
|
|
shiftr_lp((uint32_t *)phashA, (uint32_t *)phashB, (i & 3));
|
|
switch (j) {
|
|
case 0:
|
|
sph_keccak512_init(&ctx_keccak);
|
|
sph_keccak512(&ctx_keccak, phashB, 64);
|
|
sph_keccak512_close(&ctx_keccak, phashA);
|
|
break;
|
|
case 1:
|
|
sph_blake512_init(&ctx_blake);
|
|
sph_blake512(&ctx_blake, phashB, 64);
|
|
sph_blake512_close(&ctx_blake, phashA);
|
|
break;
|
|
case 2:
|
|
sph_groestl512_init(&ctx_groestl);
|
|
sph_groestl512(&ctx_groestl, phashB, 64);
|
|
sph_groestl512_close(&ctx_groestl, phashA);
|
|
break;
|
|
case 3:
|
|
sph_skein512_init(&ctx_skein);
|
|
sph_skein512(&ctx_skein, phashB, 64);
|
|
sph_skein512_close(&ctx_skein, phashA);
|
|
break;
|
|
case 4:
|
|
sph_luffa512_init(&ctx_luffa);
|
|
sph_luffa512(&ctx_luffa, phashB, 64);
|
|
sph_luffa512_close(&ctx_luffa, phashA);
|
|
break;
|
|
case 5:
|
|
sph_echo512_init(&ctx_echo);
|
|
sph_echo512(&ctx_echo, phashB, 64);
|
|
sph_echo512_close(&ctx_echo, phashA);
|
|
break;
|
|
case 6:
|
|
sph_shavite512_init(&ctx_shavite);
|
|
sph_shavite512(&ctx_shavite, phashB, 64);
|
|
sph_shavite512_close(&ctx_shavite, phashA);
|
|
break;
|
|
case 7:
|
|
sph_fugue512_init(&ctx_fugue);
|
|
sph_fugue512(&ctx_fugue, phashB, 64);
|
|
sph_fugue512_close(&ctx_fugue, phashA);
|
|
break;
|
|
case 8:
|
|
sph_simd512_init(&ctx_simd);
|
|
sph_simd512(&ctx_simd, phashB, 64);
|
|
sph_simd512_close(&ctx_simd, phashA);
|
|
break;
|
|
case 9:
|
|
sph_cubehash512_init(&ctx_cubehash);
|
|
sph_cubehash512(&ctx_cubehash, phashB, 64);
|
|
sph_cubehash512_close(&ctx_cubehash, phashA);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
for ( j = 0; j < start; j++) {
|
|
shiftr_lp((uint32_t *)phashA, (uint32_t *)phashB, (i & 3));
|
|
switch (j) {
|
|
case 0:
|
|
sph_keccak512_init(&ctx_keccak);
|
|
sph_keccak512(&ctx_keccak, phashB, 64);
|
|
sph_keccak512_close(&ctx_keccak, phashA);
|
|
break;
|
|
case 1:
|
|
sph_blake512_init(&ctx_blake);
|
|
sph_blake512(&ctx_blake, phashB, 64);
|
|
sph_blake512_close(&ctx_blake, phashA);
|
|
break;
|
|
case 2:
|
|
sph_groestl512_init(&ctx_groestl);
|
|
sph_groestl512(&ctx_groestl, phashB, 64);
|
|
sph_groestl512_close(&ctx_groestl, phashA);
|
|
break;
|
|
case 3:
|
|
sph_skein512_init(&ctx_skein);
|
|
sph_skein512(&ctx_skein, phashB, 64);
|
|
sph_skein512_close(&ctx_skein, phashA);
|
|
break;
|
|
case 4:
|
|
sph_luffa512_init(&ctx_luffa);
|
|
sph_luffa512(&ctx_luffa, phashB, 64);
|
|
sph_luffa512_close(&ctx_luffa, phashA);
|
|
break;
|
|
case 5:
|
|
sph_echo512_init(&ctx_echo);
|
|
sph_echo512(&ctx_echo, phashB, 64);
|
|
sph_echo512_close(&ctx_echo, phashA);
|
|
break;
|
|
case 6:
|
|
sph_shavite512_init(&ctx_shavite);
|
|
sph_shavite512(&ctx_shavite, phashB, 64);
|
|
sph_shavite512_close(&ctx_shavite, phashA);
|
|
break;
|
|
case 7:
|
|
sph_fugue512_init(&ctx_fugue);
|
|
sph_fugue512(&ctx_fugue, phashB, 64);
|
|
sph_fugue512_close(&ctx_fugue, phashA);
|
|
break;
|
|
case 8:
|
|
sph_simd512_init(&ctx_simd);
|
|
sph_simd512(&ctx_simd, phashB, 64);
|
|
sph_simd512_close(&ctx_simd, phashA);
|
|
break;
|
|
case 9:
|
|
sph_cubehash512_init(&ctx_cubehash);
|
|
sph_cubehash512(&ctx_cubehash, phashB, 64);
|
|
sph_cubehash512_close(&ctx_cubehash, phashA);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
i += 10;
|
|
}
|
|
|
|
phashB = (uint8_t *)output;
|
|
for (i = 0; i < 64; i++) {
|
|
phashB[i] = phashA[i];
|
|
}
|
|
return;
|
|
}
|
|
|
|
|
|
void drop_hash(const char* input, char* output, uint32_t len)
|
|
{
|
|
uint8_t *input512; // writeable copy of input
|
|
uint8_t output512[64]; // output of both zr5 hashes
|
|
uint32_t version; // writeable copy of version
|
|
uint32_t nPoK = 0; // integer copy of PoK state
|
|
static const unsigned int POK_BOOL_MASK = 0x00008000;
|
|
static const unsigned int POK_DATA_MASK = 0xFFFF0000;
|
|
#ifdef TEST_VERBOSELY
|
|
char buffer[512] = { 0 };
|
|
char *buf = buffer;
|
|
uint32_t i = 0;
|
|
#endif
|
|
|
|
// copy the input buffer at input to a modifiable location at input512,
|
|
input512 = (uint8_t*)malloc(len); // allocate space for the copy
|
|
memcpy((uint8_t*)input512, (uint8_t*)input, len);
|
|
|
|
#ifdef TEST_VERBOSELY
|
|
fprintf(stderr, "drop_hash input: ");
|
|
for (i=0; i<len; i++) sprintf(stderr, "%02x", input512[i]);
|
|
fprintf(stderr, "\n");
|
|
#endif
|
|
|
|
// store the version bytes
|
|
memcpy((uint8_t *)&version, (uint8_t *)input, 4);
|
|
|
|
// apply the first hash, yielding 512bits = 64 bytes
|
|
drop_hash_512(input512, output512, len);
|
|
|
|
// Now begins Proof of Knowledge
|
|
//
|
|
// Pull the data from the result for the Proof of Knowledge
|
|
// (this is the 3rd and 4th of the first four bytes of the result)
|
|
memcpy(&nPoK, (uint8_t *)output512, 4); // yields big or little endian uint
|
|
// keep only the two least significant bytes
|
|
#if BYTE_ORDER == LITTLE_ENDIAN
|
|
nPoK &= 0xFFFF0000; // bytes 3&4 of big endian are 1&2 of little endian
|
|
#else
|
|
nPoK &= 0x0000FFFF; // bytes 1&2 of big endian are 3&4 of little endian
|
|
#endif
|
|
//
|
|
// PoK part 2:
|
|
// update the version variable with the masks and PoK value
|
|
// according to the Proof of Knowledge setting
|
|
version &= (~POK_BOOL_MASK);
|
|
version |= (POK_DATA_MASK & nPoK);
|
|
#ifdef TEST_VERBOSELY
|
|
fprintf(stderr, "new version field: %x\n", version);
|
|
#endif
|
|
|
|
// and now write it back out to our copy of the input buffer
|
|
memcpy((uint8_t *)input512, (uint8_t *)&version, 4);
|
|
|
|
// apply a second ZR5 hash of the modified input, 512 bits in and out,
|
|
// to the input modified with PoK. Length is still the original length
|
|
drop_hash_512(input512, output512, len);
|
|
|
|
// copy the left-most 256 bits (32 bytes) of the last hash into the output buffer
|
|
memcpy((uint8_t *)output, (uint8_t *)output512, sizeof(output512)/2);
|
|
|
|
#ifdef TEST_VERBOSELY
|
|
buf += sprintf(buf, "drop hash: ");
|
|
for (i=0; i<32; i++) { buf += sprintf(buf, "%02x", output512[i]); }
|
|
fprintf(stderr, "%s\n", buffer); buf = buffer;
|
|
#endif
|
|
|
|
free(input512);
|
|
return;
|
|
}
|
|
|
|
|
|
// WARNING: This routine might work for little endian numbers!
|
|
uint32_t getleastsig32( uint8_t* buffer, unsigned int nIndex)
|
|
{
|
|
uint32_t * ptr = NULL;
|
|
uint32_t result;
|
|
|
|
ptr = (uint32_t *)buffer;
|
|
result = ptr[nIndex % sizeof(uint32_t)];
|
|
|
|
return(result);
|
|
}
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|