fix: correct URLs, add sha512, updated ed25519 and identity_iot

This commit is contained in:
2026-06-03 21:09:45 +02:00
parent f69b3d7542
commit fd21660116
5 changed files with 286 additions and 216 deletions

Binary file not shown.

15
config.json Normal file
View File

@@ -0,0 +1,15 @@
{
"wifi_ssid": "YOUR_SSD",
"wifi_pass": "YOUR_PASSWORD",
"wifi_static": false,
"wifi_ip": "192.168.1.2",
"wifi_mask": "255.255.255.0",
"wifi_gw": "192.168.1.1",
"wifi_dns": "8.8.8.8",
"comm_key": "pm4u5YahhYSZJwGNzpA7QeD0F0O8R8Eo",
"comm_iv": "DPUBMeD0Jc42ZbMM",
"base_url": "https://api.parta.app/API/V1/identity_layer/identity_iot/",
"tenant_id": 1,
"node_type": "sensor",
"node_label": "pico-01"
}

View File

@@ -12,9 +12,9 @@
#
# Usage:
# from identity_iot import IdentityIoT
# identity = IdentityIoT(base_url="https://ap.parta.app/API/V1/identity_layer/identity_iot/index.php")
# await identity.ensure_registered(tenant_id=1)
# token = await identity.authenticate()
# identity = IdentityIoT(base_url="https://api.parta.app/API/V1/identity_layer/identity_iot/")
# identity.ensure_registered()
# token = identity.authenticate()
# ============================================================+
import ujson
@@ -23,51 +23,48 @@ import uhashlib
import urandom
import machine
import network
import uasyncio as asyncio
import utime
try:
import uurequests as requests
_ASYNC = False
except ImportError:
import urequests as requests
_ASYNC = False
# Pure-Python Ed25519 — replaced by natmod in production
from identity_iot_ed25519 import ed25519_sign, ed25519_keypair_from_seed
class IdentityIoT:
"""
Identity IoT authentication service for MicroPython.
Device-bound Ed25519 keypair — private key never leaves the device.
Communicates with identity_layer/identity_iot PHP backend.
"""
# Storage keys (on flash filesystem)
_F_SEED = '/identity_seed.bin' # 32 bytes raw seed
_F_PK = '/identity_pk.b64' # public key b64
_F_JWT = '/identity_jwt.txt' # current JWT
_F_NODEID = '/identity_node_uid.txt' # hashed node UID
_F_SEED = '/identity_seed.bin'
_F_PK = '/identity_pk.b64'
_F_JWT = '/identity_jwt.txt'
_F_NODEID = '/identity_node_uid.txt'
def __init__(
self,
base_url: str,
app_id: str = 'identity_iot',
node_type: str = 'sensor',
node_label: str = None,
tenant_id: int = 0,
comm_key: bytes = None,
comm_iv: bytes = None,
base_url: str,
app_id: str = 'identity_iot',
node_type: str = 'sensor',
node_label: str = None,
tenant_id: int = 0,
comm_key: bytes = None,
comm_iv: bytes = None,
wifi_ssid: str = None,
wifi_pass: str = None,
):
self.base_url = base_url
self.app_id = app_id
self.node_type = node_type
self.node_label = node_label
self.tenant_id = tenant_id
# Bootstrap AES-CBC keys — replaced after init_key if used
self._comm_key = comm_key
self._comm_iv = comm_iv
self._wifi_ssid = wifi_ssid
self._wifi_pass = wifi_pass
# =========================================================================
# Public API
@@ -80,7 +77,7 @@ class IdentityIoT:
pk = self._generate_keypair()
node_uid = self._get_node_uid()
resp = self._post({
'request': 'register_node',
'request': 'register_node',
'public_key_b64': pk,
'node_uid': node_uid,
'node_type': self.node_type,
@@ -92,35 +89,25 @@ class IdentityIoT:
return resp
def authenticate(self):
"""
Full challenge/response flow. Returns JWT string.
Stores JWT on flash for next session.
"""
# Try existing JWT first
"""Full challenge/response flow. Returns JWT string."""
jwt = self._load_jwt()
if jwt and not self._is_jwt_expired(jwt):
return jwt
node_uid = self._get_node_uid()
# Challenge
resp = self._post({
'request': 'challenge',
'node_uid': node_uid,
})
resp = self._post({'request': 'challenge', 'node_uid': node_uid})
if resp.get('status') != 'ok':
raise Exception('challenge failed: ' + str(resp))
challenge_id = resp['challenge_id']
nonce_b64 = resp['nonce_b64']
# Sign nonce
nonce_bytes = ubinascii.a2b_base64(_normalize_b64(nonce_b64))
seed = self._load_seed()
signature = ed25519_sign(seed, nonce_bytes)
sig_b64 = ubinascii.b2a_base64(signature).decode().strip()
nonce_bytes = ubinascii.a2b_base64(_normalize_b64(nonce_b64))
seed = self._load_seed()
signature = ed25519_sign(seed, nonce_bytes)
sig_b64 = ubinascii.b2a_base64(signature).decode().strip()
# Verify
resp = self._post({
'request': 'verify_signature',
'challenge_id': challenge_id,
@@ -136,7 +123,6 @@ class IdentityIoT:
return token
def get_node_uid(self):
"""Return the hashed node UID (safe to share)."""
return self._get_node_uid()
# =========================================================================
@@ -144,11 +130,9 @@ class IdentityIoT:
# =========================================================================
def _generate_keypair(self):
"""Generate Ed25519 keypair from secure random seed, persist to flash."""
seed = bytes(urandom.getrandbits(8) for _ in range(32))
pk, _ = ed25519_keypair_from_seed(seed)
seed = bytes(urandom.getrandbits(8) for _ in range(32))
pk, _ = ed25519_keypair_from_seed(seed)
pk_b64 = ubinascii.b2a_base64(pk).decode().strip()
# Persist
with open(self._F_SEED, 'wb') as f:
f.write(seed)
with open(self._F_PK, 'w') as f:
@@ -170,25 +154,18 @@ class IdentityIoT:
return None
# =========================================================================
# Node UID — device fingerprint, hashed before sending
# Node UID
# =========================================================================
def _get_node_uid(self):
"""
Returns SHA-256 hex of device UID.
Cached on flash after first call.
"""
try:
with open(self._F_NODEID, 'r') as f:
return f.read().strip()
except OSError:
pass
# Pico W: machine.unique_id() returns 8 bytes
raw_uid = machine.unique_id()
h = uhashlib.sha256(raw_uid)
h = uhashlib.sha256(raw_uid)
uid_hex = ubinascii.hexlify(h.digest()).decode()
with open(self._F_NODEID, 'w') as f:
f.write(uid_hex)
return uid_hex
@@ -213,65 +190,94 @@ class IdentityIoT:
parts = jwt.split('.')
if len(parts) != 3:
return True
payload_b64 = _normalize_b64(parts[1])
payload_b64 = _normalize_b64(parts[1])
payload_json = ubinascii.a2b_base64(payload_b64).decode()
payload = ujson.loads(payload_json)
exp = payload.get('exp', 0)
# MicroPython: use time.time() — requires NTP sync
import utime
payload = ujson.loads(payload_json)
exp = payload.get('exp', 0)
return utime.time() >= exp
except Exception:
return True # assume expired on any error
return True
# =========================================================================
# HTTP transport — ITEMS envelope (AES-CBC) or plain JSON
# WiFi reconnect
# =========================================================================
def _ensure_wifi(self):
wlan = network.WLAN(network.STA_IF)
if wlan.isconnected():
return True
if not self._wifi_ssid:
return False
print('WiFi lost, reconnecting...')
wlan.active(True)
wlan.connect(self._wifi_ssid, self._wifi_pass)
timeout = 15
while not wlan.isconnected() and timeout > 0:
utime.sleep(1)
timeout -= 1
return wlan.isconnected()
# =========================================================================
# HTTP transport
# =========================================================================
def _post(self, inner: dict) -> dict:
"""
POST to backend.
If comm_key/iv provided: ITEMS AES-CBC envelope.
Otherwise: plain JSON (for PoC / testing).
"""
if self._comm_key and self._comm_iv:
return self._post_encrypted(inner)
return self._post_plain(inner)
def _post_plain(self, inner: dict) -> dict:
"""Plain JSON POST — for PoC and testing."""
body = ujson.dumps({'data': ujson.dumps(inner)})
resp = requests.post(
self.base_url,
headers={'Content-Type': 'application/json'},
data=body,
)
outer = ujson.loads(resp.text)
resp.close()
# Backend returns encrypted data — decode if possible, else return raw
if 'data' in outer:
for attempt in range(3):
try:
return ujson.loads(outer['data'])
except Exception:
if not self._ensure_wifi():
raise Exception('WiFi not connected')
body = ujson.dumps({'data': ujson.dumps(inner)})
resp = requests.post(
self.base_url,
headers={'Content-Type': 'application/json'},
data=body,
timeout=20
)
outer = ujson.loads(resp.text)
resp.close()
if 'data' in outer:
try:
return ujson.loads(outer['data'])
except Exception:
return outer
return outer
return outer
except Exception as e:
print('plain retry', attempt + 1, ':', e)
utime.sleep(3)
raise Exception('POST failed after 3 attempts')
def _post_encrypted(self, inner: dict) -> dict:
"""ITEMS AES-CBC envelope POST."""
from identity_iot_aes import aes_cbc_encrypt, aes_cbc_decrypt
inner_json = ujson.dumps(inner)
cipher_b64 = aes_cbc_encrypt(inner_json, self._comm_key, self._comm_iv)
body = ujson.dumps({'data': cipher_b64})
resp = requests.post(
self.base_url,
headers={'Content-Type': 'application/json'},
data=body,
)
outer = ujson.loads(resp.text)
resp.close()
if 'data' not in outer:
raise Exception('Missing outer.data in response')
clear = aes_cbc_decrypt(outer['data'], self._comm_key, self._comm_iv)
return ujson.loads(clear)
for attempt in range(3):
try:
if not self._ensure_wifi():
raise Exception('WiFi not connected')
inner_json = ujson.dumps(inner)
cipher_b64 = aes_cbc_encrypt(inner_json, self._comm_key, self._comm_iv)
body = ujson.dumps({'data': cipher_b64})
resp = requests.post(
self.base_url,
headers={'Content-Type': 'application/json'},
data=body,
timeout=20
)
print('status:', resp.status_code)
print('raw:', resp.text[:100])
outer = ujson.loads(resp.text)
resp.close()
if 'data' not in outer:
raise Exception('Missing outer.data')
clear = aes_cbc_decrypt(outer['data'], self._comm_key, self._comm_iv)
return ujson.loads(clear)
except Exception as e:
print('enc retry', attempt + 1, ':', e)
utime.sleep(3)
raise Exception('POST failed after 3 attempts')
# =============================================================================
@@ -279,7 +285,6 @@ class IdentityIoT:
# =============================================================================
def _normalize_b64(s: str) -> str:
"""Normalize base64 string for ubinascii."""
s = s.strip().replace('\n', '').replace('\r', '').replace(' ', '')
s = s.replace('-', '+').replace('_', '/')
pad = len(s) % 4

View File

@@ -1,163 +1,126 @@
# ============================================================+
# Identity IoT — Ed25519 Pure Python
# Identity IoT — Ed25519 for MicroPython
# (c) Copyright : ae Aeonian Engineering Limited - Hong Kong
# (c) Copyright : WIDE di D. Papa - Naples - Italy
# ============================================================+
# Pure-Python Ed25519 for MicroPython PoC.
# Production: replace with natmod C implementation.
#
# Based on public domain Ed25519 reference implementation.
# Optimized for MicroPython memory constraints.
# Based on Bernstein et al. reference implementation (public domain)
# Iterative scalarmult — no recursion, safe for MicroPython stack
# ============================================================+
import uhashlib
import ubinascii
from sha512 import sha512
# ---- Field arithmetic mod p ----
_p = 2**255 - 19
_q = 2**252 + 27742317777372353535851937790883648493
_d = -121665 * pow(121666, _p - 2, _p) % _p
_I = pow(2, (_p - 1) // 4, _p)
_Gx = 15112221349535807912866137220509078750507884956996801637620
_Gy = 46316835694926478169428394003475163141307993866256225615783
_G = (_Gx % _p, _Gy % _p, 1, _Gx * _Gy % _p)
_q = 2**255 - 19
_l = 2**252 + 27742317777372353535851937790883648493
_d = -121665 * pow(121666, _q - 2, _q) % _q
_I = pow(2, (_q - 1) // 4, _q)
def _sha512(data: bytes) -> bytes:
# MicroPython uhashlib has sha256 but not sha512
# Use double-sha256 as fallback — NOT cryptographically equivalent
# TODO: replace with proper sha512 natmod for production
h1 = uhashlib.sha256(data).digest()
h2 = uhashlib.sha256(h1 + data).digest()
return h1 + h2
def _xrecover(y):
x2 = (y * y - 1) * pow(_d * y * y + 1, _q - 2, _q)
x = pow(x2, (_q + 3) // 8, _q)
if (x * x - x2) % _q != 0:
x = x * _I % _q
if x % 2 != 0:
x = _q - x
return x
def _clamp(h: bytes) -> int:
a = bytearray(h[:32])
a[0] &= 248
a[31] &= 127
a[31] |= 64
return int.from_bytes(a, 'little')
_By = 4 * pow(5, _q - 2, _q) % _q
_Bx = _xrecover(_By)
_B = [_Bx % _q, _By % _q, 1, _Bx * _By % _q]
def _point_add(P, Q):
def _edwards_add(P, Q):
x1, y1, z1, t1 = P
x2, y2, z2, t2 = Q
A = (y1 - x1) * (y2 - x2) % _p
B = (y1 + x1) * (y2 + x2) % _p
C = 2 * t1 * t2 * _d % _p
D = 2 * z1 * z2 % _p
E = B - A
F = D - C
G_ = D + C
H = B + A
x3 = E * F % _p
y3 = G_ * H % _p
t3 = E * H % _p
z3 = F * G_ % _p
return (x3, y3, z3, t3)
A = (y1 - x1) * (y2 - x2) % _q
B = (y1 + x1) * (y2 + x2) % _q
C = t1 * 2 * _d * t2 % _q
D = z1 * 2 * z2 % _q
E = B - A; F = D - C; G = D + C; H = B + A
return [E * F % _q, G * H % _q, F * G % _q, E * H % _q]
def _point_mul(s, P):
Q = (0, 1, 1, 0)
while s > 0:
if s & 1:
Q = _point_add(Q, P)
P = _point_add(P, P)
s >>= 1
def _scalarmult(P, e):
# Iterative double-and-add — no recursion
Q = [0, 1, 1, 0] # neutral element
while e > 0:
if e & 1:
Q = _edwards_add(Q, P)
P = _edwards_add(P, P)
e >>= 1
return Q
def _point_encode(P) -> bytes:
def _encodeint(y):
bits = [(y >> i) & 1 for i in range(256)]
return bytes([sum([bits[i * 8 + j] << j for j in range(8)]) for i in range(32)])
def _encodepoint(P):
x, y, z, _ = P
zi = pow(z, _p - 2, _p)
x = x * zi % _p
y = y * zi % _p
out = bytearray(y.to_bytes(32, 'little'))
out[31] ^= (x & 1) << 7
return bytes(out)
zi = pow(z, _q - 2, _q)
x = x * zi % _q
y = y * zi % _q
bits = [(y >> i) & 1 for i in range(255)] + [x & 1]
return bytes([sum([bits[i * 8 + j] << j for j in range(8)]) for i in range(32)])
def _point_decode(s: bytes):
y = int.from_bytes(s, 'little') & ~(1 << 255)
x_neg = s[31] >> 7
y2 = y * y % _p
u = (y2 - 1) % _p
v = (_d * y2 + 1) % _p
x = pow(u * pow(v, _p - 2, _p), (_p + 3) // 8, _p)
vx2 = v * x * x % _p
if (vx2 - u) % _p != 0:
if (vx2 + u) % _p != 0:
raise ValueError('Invalid point')
x = x * _I % _p
if x % 2 != x_neg:
x = _p - x
return (x, y, 1, x * y % _p)
def _bit(h, i):
return (h[i // 8] >> (i % 8)) & 1
def _hint(m):
return int.from_bytes(sha512(m), 'little')
def _decodepoint(s):
y = sum(_bit(s, i) * 2 ** i for i in range(255))
x = _xrecover(y)
if x & 1 != _bit(s, 255):
x = _q - x
return [x, y, 1, x * y % _q]
# ============================================================
# Public API
# ============================================================
def ed25519_keypair_from_seed(seed: bytes):
"""
Derive Ed25519 keypair from 32-byte seed.
Returns (public_key_bytes, private_key_bytes).
"""
if len(seed) != 32:
raise ValueError('Seed must be 32 bytes')
h = _sha512(seed)
a = _clamp(h)
A = _point_mul(a, _G)
pk = _point_encode(A)
sk = seed + pk # 64 bytes: seed || pubkey
return pk, sk
h = sha512(seed)
a = 2 ** 254 + sum(2 ** i * _bit(h, i) for i in range(3, 254))
A = _scalarmult(_B, a)
pk = _encodepoint(A)
return pk, seed + pk
def ed25519_sign(seed: bytes, message: bytes) -> bytes:
"""
Sign message with Ed25519 private key derived from seed.
Returns 64-byte signature.
Compatible with PHP ITEMSSignature::verifyDetached().
"""
if len(seed) != 32:
raise ValueError('Seed must be 32 bytes')
h = _sha512(seed)
a = _clamp(h)
pk_bytes, _ = ed25519_keypair_from_seed(seed)
# Nonce: SHA512(h[32:64] || message)
r_hash = _sha512(h[32:] + message)
r = int.from_bytes(r_hash, 'little') % _q
R = _point_mul(r, _G)
R_enc = _point_encode(R)
# k = SHA512(R || pk || message)
k_hash = _sha512(R_enc + pk_bytes + message)
k = int.from_bytes(k_hash, 'little') % _q
# s = (r + k * a) mod q
s = (r + k * a) % _q
S = s.to_bytes(32, 'little')
return R_enc + S
h = sha512(seed)
a = 2 ** 254 + sum(2 ** i * _bit(h, i) for i in range(3, 254))
pk = ed25519_keypair_from_seed(seed)[0]
r = _hint(h[32:64] + message)
R = _scalarmult(_B, r)
S = (r + _hint(_encodepoint(R) + pk + message) * a) % _l
return _encodepoint(R) + _encodeint(S)
def ed25519_verify(pk_bytes: bytes, message: bytes, signature: bytes) -> bool:
"""
Verify Ed25519 signature.
Returns True if valid.
"""
if len(signature) != 64 or len(pk_bytes) != 32:
def ed25519_verify(pk: bytes, message: bytes, signature: bytes) -> bool:
if len(signature) != 64 or len(pk) != 32:
return False
try:
R_enc = signature[:32]
S = int.from_bytes(signature[32:], 'little')
if S >= _q:
if S >= _l:
return False
A = _point_decode(pk_bytes)
R = _point_decode(R_enc)
k_hash = _sha512(R_enc + pk_bytes + message)
k = int.from_bytes(k_hash, 'little') % _q
# Check: [8][S]B == [8]R + [8][k]A
SB = _point_mul(8 * S, _G)
RkA = _point_add(_point_mul(8, R), _point_mul(8 * k, A))
return _point_encode(SB) == _point_encode(RkA)
A = _decodepoint(pk)
R = _decodepoint(R_enc)
h = _hint(R_enc + pk + message)
lhs = _scalarmult(_B, 8 * S)
rhs = _edwards_add(_scalarmult(R, 8), _scalarmult(A, 8 * h))
return _encodepoint(lhs) == _encodepoint(rhs)
except Exception:
return False

87
sha512.py Normal file
View File

@@ -0,0 +1,87 @@
# SHA-512 pure Python for MicroPython
# Based on public domain implementation
# Compact version optimized for MicroPython memory constraints
_K = [
0x428a2f98d728ae22, 0x7137449123ef65cd, 0xb5c0fbcfec4d3b2f, 0xe9b5dba58189dbbc,
0x3956c25bf348b538, 0x59f111f1b605d019, 0x923f82a4af194f9b, 0xab1c5ed5da6d8118,
0xd807aa98a3030242, 0x12835b0145706fbe, 0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2,
0x72be5d74f27b896f, 0x80deb1fe3b1696b1, 0x9bdc06a725c71235, 0xc19bf174cf692694,
0xe49b69c19ef14ad2, 0xefbe4786384f25e3, 0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65,
0x2de92c6f592b0275, 0x4a7484aa6ea6e483, 0x5cb0a9dcbd41fbd4, 0x76f988da831153b5,
0x983e5152ee66dfab, 0xa831c66d2db43210, 0xb00327c898fb213f, 0xbf597fc7beef0ee4,
0xc6e00bf33da88fc2, 0xd5a79147930aa725, 0x06ca6351e003826f, 0x142929670a0e6e70,
0x27b70a8546d22ffc, 0x2e1b21385c26c926, 0x4d2c6dfc5ac42aed, 0x53380d139d95b3df,
0x650a73548baf63de, 0x766a0abb3c77b2a8, 0x81c2c92e47edaee6, 0x92722c851482353b,
0xa2bfe8a14cf10364, 0xa81a664bbc423001, 0xc24b8b70d0f89791, 0xc76c51a30654be30,
0xd192e819d6ef5218, 0xd69906245565a910, 0xf40e35855771202a, 0x106aa07032bbd1b8,
0x19a4c116b8d2d0c8, 0x1e376c085141ab53, 0x2748774cdf8eeb99, 0x34b0bcb5e19b48a8,
0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb, 0x5b9cca4f7763e373, 0x682e6ff3d6b2b8a3,
0x748f82ee5defb2fc, 0x78a5636f43172f60, 0x84c87814a1f0ab72, 0x8cc702081a6439ec,
0x90befffa23631e28, 0xa4506cebde82bde9, 0xbef9a3f7b2c67915, 0xc67178f2e372532b,
0xca273eceea26619c, 0xd186b8c721c0c207, 0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178,
0x06f067aa72176fba, 0x0a637dc5a2c898a6, 0x113f9804bef90dae, 0x1b710b35131c471b,
0x28db77f523047d84, 0x32caab7b40c72493, 0x3c9ebe0a15c9bebc, 0x431d67c49c100d4c,
0x4cc5d4becb3e42b6, 0x597f299cfc657e2a, 0x5fcb6fab3ad6faec, 0x6c44198c4a475817,
]
_M64 = 0xffffffffffffffff
def _rotr64(x, n):
return ((x >> n) | (x << (64 - n))) & _M64
def _sha512_compress(state, block):
w = list(block)
for i in range(16, 80):
s0 = _rotr64(w[i-15], 1) ^ _rotr64(w[i-15], 8) ^ (w[i-15] >> 7)
s1 = _rotr64(w[i-2], 19) ^ _rotr64(w[i-2], 61) ^ (w[i-2] >> 6)
w.append((w[i-16] + s0 + w[i-7] + s1) & _M64)
a, b, c, d, e, f, g, h = state
for i in range(80):
S1 = _rotr64(e, 14) ^ _rotr64(e, 18) ^ _rotr64(e, 41)
ch = (e & f) ^ ((~e & _M64) & g)
temp1 = (h + S1 + ch + _K[i] + w[i]) & _M64
S0 = _rotr64(a, 28) ^ _rotr64(a, 34) ^ _rotr64(a, 39)
maj = (a & b) ^ (a & c) ^ (b & c)
temp2 = (S0 + maj) & _M64
h = g; g = f; f = e
e = (d + temp1) & _M64
d = c; c = b; b = a
a = (temp1 + temp2) & _M64
return [
(state[0] + a) & _M64, (state[1] + b) & _M64,
(state[2] + c) & _M64, (state[3] + d) & _M64,
(state[4] + e) & _M64, (state[5] + f) & _M64,
(state[6] + g) & _M64, (state[7] + h) & _M64,
]
def sha512(data: bytes) -> bytes:
# Initial hash values
state = [
0x6a09e667f3bcc908, 0xbb67ae8584caa73b,
0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1,
0x510e527fade682d1, 0x9b05688c2b3e6c1f,
0x1f83d9abfb41bd6b, 0x5be0cd19137e2179,
]
msg = bytearray(data)
length = len(data) * 8
msg.append(0x80)
while len(msg) % 128 != 112:
msg.append(0x00)
# Append length as 128-bit big-endian (high 64 bits are 0)
msg += (0).to_bytes(8, 'big')
msg += length.to_bytes(8, 'big')
for i in range(0, len(msg), 128):
block = []
for j in range(0, 128, 8):
block.append(int.from_bytes(msg[i+j:i+j+8], 'big'))
state = _sha512_compress(state, block)
return b''.join(s.to_bytes(8, 'big') for s in state)