sir-wabbit · November 14, 2019 02:07
diff --git a/blake2s.py b/blake2s.py
 from collections import namedtuple
 Add = namedtuple('Add', 'args')
 Xor = namedtuple('Xor', 'left right')
 Rot = namedtuple('Rot', 'left right')
 Input = namedtuple('Input', 'name')
 Const = namedtuple('Const', 'value')

 Set = namedtuple('Set', 'var expr')

 IV0p = 0x6b08e647
 IV = [
    0x6A09E667, 
    0xBB67AE85,
    0x3C6EF372,
    0xA54FF53A,
    0x510E527F,
    0x9B05688C,
    0x1F83D9AB,
    0x5BE0CD19
 ]

 # uint64_t nonce = nonce0 + i;
 # uint32_t B00 = (uint32_t) (nonce & 0xFFFFFFFF);
 # uint32_t B01 = (uint32_t) (nonce >> 32);

 # uint32_t H0, H1, H2, H3, H4, H5, H6, H7;
 # uint32_t V0, V1, V2, V3, V4, V5, V6, V7;
 # uint32_t V8, V9, VA, VB, VC, VD, VE, VF;

 sigma = [
  [  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15 ] ,
  [ 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 ] ,
  [ 11,  8, 12,  0,  5,  2, 15, 13, 10, 14,  3,  6,  7,  1,  9,  4 ] ,
  [  7,  9,  3,  1, 13, 12, 11, 14,  2,  6,  5, 10,  4,  0, 15,  8 ] ,
  [  9,  0,  5,  7,  2,  4, 10, 15, 14,  1, 11, 12,  6,  8,  3, 13 ] ,
  [  2, 12,  6, 10,  0, 11,  8,  3,  4, 13,  7,  5, 15, 14,  1,  9 ] ,
  [ 12,  5,  1, 15, 14, 13,  4, 10,  0,  7,  6,  3,  9,  2,  8, 11 ] ,
  [ 13, 11,  7, 14, 12,  1,  3,  9,  5,  0, 15,  4,  8,  6,  2, 10 ] ,
  [  6, 15, 14,  9, 11,  3,  0,  8, 12,  2, 13,  7,  1,  4, 10,  5 ] ,
  [ 10,  2,  8,  4,  7,  6,  1,  5, 15, 11,  9, 14,  3, 12, 13 , 0 ] ,
 ]

 def Mx(r0, r, i):
    return Input('B%d%X' % (r0, sigma[r][i]))

 def G(m0, m1, a, b, c, d):
    yield Set(a, Add([a, b, m0]))
    yield Set(d, Rot(Xor(d, a), 16))
    yield Set(c, Add([c, d]))
    yield Set(b, Rot(Xor(b, c), 20))
    yield Set(a, Add([a, b, m1]))
    yield Set(d, Rot(Xor(d, a), 24))
    yield Set(c, Add([c, d]))
    yield Set(b, Rot(Xor(b, c), 25))
    
 def roundb(r0, r):
    yield from G(Mx(r0, r,  0), Mx(r0, r,  1), 'V0', 'V4', 'V8', 'VC')
    yield from G(Mx(r0, r,  2), Mx(r0, r,  3), 'V1', 'V5', 'V9', 'VD')
    yield from G(Mx(r0, r,  4), Mx(r0, r,  5), 'V2', 'V6', 'VA', 'VE')
    yield from G(Mx(r0, r,  6), Mx(r0, r,  7), 'V3', 'V7', 'VB', 'VF')
    yield from G(Mx(r0, r,  8), Mx(r0, r,  9), 'V0', 'V5', 'VA', 'VF')
    yield from G(Mx(r0, r, 10), Mx(r0, r, 11), 'V1', 'V6', 'VB', 'VC')
    yield from G(Mx(r0, r, 12), Mx(r0, r, 13), 'V2', 'V7', 'V8', 'VD')
    yield from G(Mx(r0, r, 14), Mx(r0, r, 15), 'V3', 'V4', 'V9', 'VE')

 def do_compress(r, f0, t0):
    return (
        [Set('V%d' % i, 'H%d' % i) for i in range(8)] +
        [Set('V8', Const(IV[0])),
         Set('V9', Const(IV[1])),
         Set('VA', Const(IV[2])),
         Set('VB', Const(IV[3])),
         Set('VC', Const(t0 ^ IV[4])),
         Set('VD', Const(IV[5])),
         Set('VE', Const(f0 ^ IV[6])),
         Set('VF', Const(IV[7]))] +
        [x for r1 in range(10) for x in roundb(r, r1)] +
        [Set('H%d' % i, Xor('H%d' % i, Xor('V%d' % i, 'V%X' % (8 + i)))) for i in range(8)]
    )

 commands = (
    [Set('H0', Const(IV0p))] + 
    [Set('H%d' % i, Const(IV[i])) for i in range(1, 8)] +
    do_compress(0, 0x00000000, 0x00000040) +
    do_compress(1, 0x00000000, 0x00000080) +
    do_compress(2, 0x00000000, 0x000000C0) +
    do_compress(3, 0x00000000, 0x00000100) +
    do_compress(4, 0xFFFFFFFF, 0x0000011E)
 )
 commands

 def is_const(expr, state):
    if isinstance(expr, str):
        return state[expr]
    elif isinstance(expr, Const):
        return expr
    elif isinstance(expr, Add):
        b = all(is_const(e, state) is not None for e in expr.args)
        if b: return expr
        else: return None
    elif isinstance(expr, Xor):
        b = all(is_const(e, state) for e in [expr.left, expr.right])
        if b: return expr
        else: return None
    elif isinstance(expr, Rot):
        b = all(is_const(e, state) for e in [expr.left])
        if b: return expr
        else: return None
    elif isinstance(expr, Input):
        if expr.name != 'B00' and expr.name != 'B01':
            return expr
        else:
            return None
    else: 
        print(expr)
        assert False

 const_assignments = 0
 state = {}
 for c in commands:
    isc = is_const(c.expr, state)
    
    if isc is not None:
        print(isc)
        const_assignments += 1
    
    state[c.var] = isc
 print(const_assignments, len(commands), const_assignments / len(commands))
	from collections import namedtuple
	Add = namedtuple('Add', 'args')
	Xor = namedtuple('Xor', 'left right')
	Rot = namedtuple('Rot', 'left right')
	Input = namedtuple('Input', 'name')
	Const = namedtuple('Const', 'value')

	Set = namedtuple('Set', 'var expr')

	IV0p = 0x6b08e647
	IV = [
	0x6A09E667,
	0xBB67AE85,
	0x3C6EF372,
	0xA54FF53A,
	0x510E527F,
	0x9B05688C,
	0x1F83D9AB,
	0x5BE0CD19
	]

	# uint64_t nonce = nonce0 + i;
	# uint32_t B00 = (uint32_t) (nonce & 0xFFFFFFFF);
	# uint32_t B01 = (uint32_t) (nonce >> 32);

	# uint32_t H0, H1, H2, H3, H4, H5, H6, H7;
	# uint32_t V0, V1, V2, V3, V4, V5, V6, V7;
	# uint32_t V8, V9, VA, VB, VC, VD, VE, VF;

	sigma = [
	[ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 ] ,
	[ 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 ] ,
	[ 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 ] ,
	[ 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 ] ,
	[ 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 ] ,
	[ 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 ] ,
	[ 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 ] ,
	[ 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 ] ,
	[ 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 ] ,
	[ 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 ] ,
	]

	def Mx(r0, r, i):
	return Input('B%d%X' % (r0, sigma[r][i]))

	def G(m0, m1, a, b, c, d):
	yield Set(a, Add([a, b, m0]))
	yield Set(d, Rot(Xor(d, a), 16))
	yield Set(c, Add([c, d]))
	yield Set(b, Rot(Xor(b, c), 20))
	yield Set(a, Add([a, b, m1]))
	yield Set(d, Rot(Xor(d, a), 24))
	yield Set(c, Add([c, d]))
	yield Set(b, Rot(Xor(b, c), 25))

	def roundb(r0, r):
	yield from G(Mx(r0, r, 0), Mx(r0, r, 1), 'V0', 'V4', 'V8', 'VC')
	yield from G(Mx(r0, r, 2), Mx(r0, r, 3), 'V1', 'V5', 'V9', 'VD')
	yield from G(Mx(r0, r, 4), Mx(r0, r, 5), 'V2', 'V6', 'VA', 'VE')
	yield from G(Mx(r0, r, 6), Mx(r0, r, 7), 'V3', 'V7', 'VB', 'VF')
	yield from G(Mx(r0, r, 8), Mx(r0, r, 9), 'V0', 'V5', 'VA', 'VF')
	yield from G(Mx(r0, r, 10), Mx(r0, r, 11), 'V1', 'V6', 'VB', 'VC')
	yield from G(Mx(r0, r, 12), Mx(r0, r, 13), 'V2', 'V7', 'V8', 'VD')
	yield from G(Mx(r0, r, 14), Mx(r0, r, 15), 'V3', 'V4', 'V9', 'VE')

	def do_compress(r, f0, t0):
	return (
	[Set('V%d' % i, 'H%d' % i) for i in range(8)] +
	[Set('V8', Const(IV[0])),
	Set('V9', Const(IV[1])),
	Set('VA', Const(IV[2])),
	Set('VB', Const(IV[3])),
	Set('VC', Const(t0 ^ IV[4])),
	Set('VD', Const(IV[5])),
	Set('VE', Const(f0 ^ IV[6])),
	Set('VF', Const(IV[7]))] +
	[x for r1 in range(10) for x in roundb(r, r1)] +
	[Set('H%d' % i, Xor('H%d' % i, Xor('V%d' % i, 'V%X' % (8 + i)))) for i in range(8)]
	)

	commands = (
	[Set('H0', Const(IV0p))] +
	[Set('H%d' % i, Const(IV[i])) for i in range(1, 8)] +
	do_compress(0, 0x00000000, 0x00000040) +
	do_compress(1, 0x00000000, 0x00000080) +
	do_compress(2, 0x00000000, 0x000000C0) +
	do_compress(3, 0x00000000, 0x00000100) +
	do_compress(4, 0xFFFFFFFF, 0x0000011E)
	)
	commands

	def is_const(expr, state):
	if isinstance(expr, str):
	return state[expr]
	elif isinstance(expr, Const):
	return expr
	elif isinstance(expr, Add):
	b = all(is_const(e, state) is not None for e in expr.args)
	if b: return expr
	else: return None
	elif isinstance(expr, Xor):
	b = all(is_const(e, state) for e in [expr.left, expr.right])
	if b: return expr
	else: return None
	elif isinstance(expr, Rot):
	b = all(is_const(e, state) for e in [expr.left])
	if b: return expr
	else: return None
	elif isinstance(expr, Input):
	if expr.name != 'B00' and expr.name != 'B01':
	return expr
	else:
	return None
	else:
	print(expr)
	assert False

	const_assignments = 0
	state = {}
	for c in commands:
	isc = is_const(c.expr, state)

	if isc is not None:
	print(isc)
	const_assignments += 1

	state[c.var] = isc
	print(const_assignments, len(commands), const_assignments / len(commands))