-
Notifications
You must be signed in to change notification settings - Fork 0
/
blake256.go
218 lines (193 loc) · 4.68 KB
/
blake256.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
// Originally written in 2011-2012 by Dmitry Chestnykh.
// Use of this source code is governed by an ISC
// license that can be found in the LICENSE file.
// Package blake256 implements BLAKE-256 and BLAKE-224 hash functions (SHA-3
// candidate).
package blake256
import "hash"
// BlockSize is the block size of the hash algorithm in bytes.
const BlockSize = 64
// Size is the size of BLAKE-256 hash in bytes.
const Size = 32
// Size224 is the size of BLAKE-224 hash in bytes.
const Size224 = 28
type digest struct {
hashSize int // hash output size in bits (224 or 256)
h [8]uint32 // current chain value
s [4]uint32 // salt (zero by default)
t uint64 // message bits counter
nullt bool // special case for finalization: skip counter
x [BlockSize]byte // buffer for data not yet compressed
nx int // number of bytes in buffer
}
var (
// Initialization values.
iv256 = [8]uint32{
0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A,
0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19}
iv224 = [8]uint32{
0xC1059ED8, 0x367CD507, 0x3070DD17, 0xF70E5939,
0xFFC00B31, 0x68581511, 0x64F98FA7, 0xBEFA4FA4}
pad = [64]byte{0x80}
)
// Reset resets the state of digest. It leaves salt intact.
func (d *digest) Reset() {
if d.hashSize == 224 {
d.h = iv224
} else {
d.h = iv256
}
d.t = 0
d.nx = 0
d.nullt = false
}
func (d *digest) Size() int { return d.hashSize >> 3 }
func (d *digest) BlockSize() int { return BlockSize }
func (d *digest) Write(p []byte) (nn int, err error) {
nn = len(p)
if d.nx > 0 {
n := len(p)
if n > BlockSize-d.nx {
n = BlockSize - d.nx
}
d.nx += copy(d.x[d.nx:], p)
if d.nx == BlockSize {
block(d, d.x[:])
d.nx = 0
}
p = p[n:]
}
if len(p) >= BlockSize {
n := len(p) &^ (BlockSize - 1)
block(d, p[:n])
p = p[n:]
}
if len(p) > 0 {
d.nx = copy(d.x[:], p)
}
return
}
// Sum returns the calculated checksum.
func (d digest) Sum(in []byte) []byte {
// Note d is a copy so that the caller can keep writing and summing.
sum := d.checkSum()
if d.Size() == Size224 {
return append(in, sum[:Size224]...)
}
return append(in, sum[:]...)
}
func (d *digest) checkSum() [Size]byte {
nx := uint64(d.nx)
l := d.t + nx<<3
var len [8]byte
len[0] = byte(l >> 56)
len[1] = byte(l >> 48)
len[2] = byte(l >> 40)
len[3] = byte(l >> 32)
len[4] = byte(l >> 24)
len[5] = byte(l >> 16)
len[6] = byte(l >> 8)
len[7] = byte(l)
if nx == 55 {
// One padding byte.
d.t -= 8
if d.hashSize == 224 {
d.Write([]byte{0x80})
} else {
d.Write([]byte{0x81})
}
} else {
if nx < 55 {
// Enough space to fill the block.
if nx == 0 {
d.nullt = true
}
d.t -= 440 - nx<<3
d.Write(pad[0 : 55-nx])
} else {
// Need 2 compressions.
d.t -= 512 - nx<<3
d.Write(pad[0 : 64-nx])
d.t -= 440
d.Write(pad[1:56])
d.nullt = true
}
if d.hashSize == 224 {
d.Write([]byte{0x00})
} else {
d.Write([]byte{0x01})
}
d.t -= 8
}
d.t -= 64
d.Write(len[:])
var out [Size]byte
j := 0
for _, s := range d.h[:d.hashSize>>5] {
out[j+0] = byte(s >> 24)
out[j+1] = byte(s >> 16)
out[j+2] = byte(s >> 8)
out[j+3] = byte(s >> 0)
j += 4
}
return out
}
func (d *digest) setSalt(s []byte) {
if len(s) != 16 {
panic("salt length must be 16 bytes")
}
d.s[0] = uint32(s[0])<<24 | uint32(s[1])<<16 | uint32(s[2])<<8 | uint32(s[3])
d.s[1] = uint32(s[4])<<24 | uint32(s[5])<<16 | uint32(s[6])<<8 | uint32(s[7])
d.s[2] = uint32(s[8])<<24 | uint32(s[9])<<16 | uint32(s[10])<<8 | uint32(s[11])
d.s[3] = uint32(s[12])<<24 | uint32(s[13])<<16 | uint32(s[14])<<8 | uint32(s[15])
}
// New returns a new hash.Hash computing the BLAKE-256 checksum.
func New() hash.Hash {
return &digest{
hashSize: 256,
h: iv256,
}
}
// NewSalt is like New but initializes salt with the given 16-byte slice.
func NewSalt(salt []byte) hash.Hash {
d := &digest{
hashSize: 256,
h: iv256,
}
d.setSalt(salt)
return d
}
// New224 returns a new hash.Hash computing the BLAKE-224 checksum.
func New224() hash.Hash {
return &digest{
hashSize: 224,
h: iv224,
}
}
// New224Salt is like New224 but initializes salt with the given 16-byte slice.
func New224Salt(salt []byte) hash.Hash {
d := &digest{
hashSize: 224,
h: iv224,
}
d.setSalt(salt)
return d
}
// Sum256 returns the BLAKE-256 checksum of the data.
func Sum256(data []byte) [Size]byte {
var d digest
d.hashSize = 256
d.Reset()
d.Write(data)
return d.checkSum()
}
// Sum224 returns the BLAKE-224 checksum of the data.
func Sum224(data []byte) (sum224 [Size224]byte) {
var d digest
d.hashSize = 224
d.Reset()
d.Write(data)
sum := d.checkSum()
copy(sum224[:], sum[:Size224])
return
}