195 lines
4.3 KiB
Go
195 lines
4.3 KiB
Go
// Written in 2011-2012 by Dmitry Chestnykh.
|
|
//
|
|
// To the extent possible under law, the author have dedicated all copyright
|
|
// and related and neighboring rights to this software to the public domain
|
|
// worldwide. This software is distributed without any warranty.
|
|
// http://creativecommons.org/publicdomain/zero/1.0/
|
|
|
|
// Package blake256 implements BLAKE-256 and BLAKE-224 hash functions (SHA-3
|
|
// candidate).
|
|
package blake256
|
|
|
|
import "hash"
|
|
|
|
// The block size of the hash algorithm in bytes.
|
|
const BlockSize = 64
|
|
|
|
// The size of BLAKE-256 hash in bytes.
|
|
const Size = 32
|
|
|
|
// The size of BLAKE-224 hash in bytes.
|
|
const Size224 = 28
|
|
|
|
type digest struct {
|
|
hashSize int // hash output size in bits (224 or 256)
|
|
h [8]uint32 // current chain value
|
|
s [4]uint32 // salt (zero by default)
|
|
t uint64 // message bits counter
|
|
nullt bool // special case for finalization: skip counter
|
|
x [BlockSize]byte // buffer for data not yet compressed
|
|
nx int // number of bytes in buffer
|
|
}
|
|
|
|
var (
|
|
// Initialization values.
|
|
iv256 = [8]uint32{
|
|
0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A,
|
|
0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19}
|
|
|
|
iv224 = [8]uint32{
|
|
0xC1059ED8, 0x367CD507, 0x3070DD17, 0xF70E5939,
|
|
0xFFC00B31, 0x68581511, 0x64F98FA7, 0xBEFA4FA4}
|
|
|
|
pad = [64]byte{0x80}
|
|
)
|
|
|
|
// Reset resets the state of digest. It leaves salt intact.
|
|
func (d *digest) Reset() {
|
|
if d.hashSize == 224 {
|
|
d.h = iv224
|
|
} else {
|
|
d.h = iv256
|
|
}
|
|
d.t = 0
|
|
d.nx = 0
|
|
d.nullt = false
|
|
}
|
|
|
|
func (d *digest) Size() int { return d.hashSize >> 3 }
|
|
|
|
func (d *digest) BlockSize() int { return BlockSize }
|
|
|
|
func (d *digest) Write(p []byte) (nn int, err error) {
|
|
nn = len(p)
|
|
if d.nx > 0 {
|
|
n := len(p)
|
|
if n > BlockSize-d.nx {
|
|
n = BlockSize - d.nx
|
|
}
|
|
d.nx += copy(d.x[d.nx:], p)
|
|
if d.nx == BlockSize {
|
|
block(d, d.x[:])
|
|
d.nx = 0
|
|
}
|
|
p = p[n:]
|
|
}
|
|
if len(p) >= BlockSize {
|
|
n := len(p) &^ (BlockSize - 1)
|
|
block(d, p[:n])
|
|
p = p[n:]
|
|
}
|
|
if len(p) > 0 {
|
|
d.nx = copy(d.x[:], p)
|
|
}
|
|
return
|
|
}
|
|
|
|
// Sum returns the calculated checksum.
|
|
func (d0 *digest) Sum(in []byte) []byte {
|
|
// Make a copy of d0 so that caller can keep writing and summing.
|
|
d := *d0
|
|
|
|
nx := uint64(d.nx)
|
|
l := d.t + nx<<3
|
|
len := make([]byte, 8)
|
|
len[0] = byte(l >> 56)
|
|
len[1] = byte(l >> 48)
|
|
len[2] = byte(l >> 40)
|
|
len[3] = byte(l >> 32)
|
|
len[4] = byte(l >> 24)
|
|
len[5] = byte(l >> 16)
|
|
len[6] = byte(l >> 8)
|
|
len[7] = byte(l)
|
|
|
|
if nx == 55 {
|
|
// One padding byte.
|
|
d.t -= 8
|
|
if d.hashSize == 224 {
|
|
d.Write([]byte{0x80})
|
|
} else {
|
|
d.Write([]byte{0x81})
|
|
}
|
|
} else {
|
|
if nx < 55 {
|
|
// Enough space to fill the block.
|
|
if nx == 0 {
|
|
d.nullt = true
|
|
}
|
|
d.t -= 440 - nx<<3
|
|
d.Write(pad[0 : 55-nx])
|
|
} else {
|
|
// Need 2 compressions.
|
|
d.t -= 512 - nx<<3
|
|
d.Write(pad[0 : 64-nx])
|
|
d.t -= 440
|
|
d.Write(pad[1:56])
|
|
d.nullt = true
|
|
}
|
|
if d.hashSize == 224 {
|
|
d.Write([]byte{0x00})
|
|
} else {
|
|
d.Write([]byte{0x01})
|
|
}
|
|
d.t -= 8
|
|
}
|
|
d.t -= 64
|
|
d.Write(len)
|
|
|
|
out := make([]byte, d.Size())
|
|
j := 0
|
|
for _, s := range d.h[:d.hashSize>>5] {
|
|
out[j+0] = byte(s >> 24)
|
|
out[j+1] = byte(s >> 16)
|
|
out[j+2] = byte(s >> 8)
|
|
out[j+3] = byte(s >> 0)
|
|
j += 4
|
|
}
|
|
return append(in, out...)
|
|
}
|
|
|
|
func (d *digest) setSalt(s []byte) {
|
|
if len(s) != 16 {
|
|
panic("salt length must be 16 bytes")
|
|
}
|
|
d.s[0] = uint32(s[0])<<24 | uint32(s[1])<<16 | uint32(s[2])<<8 | uint32(s[3])
|
|
d.s[1] = uint32(s[4])<<24 | uint32(s[5])<<16 | uint32(s[6])<<8 | uint32(s[7])
|
|
d.s[2] = uint32(s[8])<<24 | uint32(s[9])<<16 | uint32(s[10])<<8 | uint32(s[11])
|
|
d.s[3] = uint32(s[12])<<24 | uint32(s[13])<<16 | uint32(s[14])<<8 | uint32(s[15])
|
|
}
|
|
|
|
// New returns a new hash.Hash computing the BLAKE-256 checksum.
|
|
func New() hash.Hash {
|
|
return &digest{
|
|
hashSize: 256,
|
|
h: iv256,
|
|
}
|
|
}
|
|
|
|
// NewSalt is like New but initializes salt with the given 16-byte slice.
|
|
func NewSalt(salt []byte) hash.Hash {
|
|
d := &digest{
|
|
hashSize: 256,
|
|
h: iv256,
|
|
}
|
|
d.setSalt(salt)
|
|
return d
|
|
}
|
|
|
|
// New224 returns a new hash.Hash computing the BLAKE-224 checksum.
|
|
func New224() hash.Hash {
|
|
return &digest{
|
|
hashSize: 224,
|
|
h: iv224,
|
|
}
|
|
}
|
|
|
|
// New224Salt is like New224 but initializes salt with the given 16-byte slice.
|
|
func New224Salt(salt []byte) hash.Hash {
|
|
d := &digest{
|
|
hashSize: 224,
|
|
h: iv224,
|
|
}
|
|
d.setSalt(salt)
|
|
return d
|
|
}
|