blake2b.go 4.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194
  1. // Copyright 2016 The Go Authors. All rights reserved.
  2. // Use of this source code is governed by a BSD-style
  3. // license that can be found in the LICENSE file.
  4. // Package blake2b implements the BLAKE2b hash algorithm as
  5. // defined in RFC 7693.
  6. package blake2b // import "golang.org/x/crypto/blake2b"
  7. import (
  8. "encoding/binary"
  9. "errors"
  10. "hash"
  11. )
  12. const (
  13. // The blocksize of BLAKE2b in bytes.
  14. BlockSize = 128
  15. // The hash size of BLAKE2b-512 in bytes.
  16. Size = 64
  17. // The hash size of BLAKE2b-384 in bytes.
  18. Size384 = 48
  19. // The hash size of BLAKE2b-256 in bytes.
  20. Size256 = 32
  21. )
  22. var (
  23. useAVX2 bool
  24. useAVX bool
  25. useSSE4 bool
  26. )
  27. var errKeySize = errors.New("blake2b: invalid key size")
  28. var iv = [8]uint64{
  29. 0x6a09e667f3bcc908, 0xbb67ae8584caa73b, 0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1,
  30. 0x510e527fade682d1, 0x9b05688c2b3e6c1f, 0x1f83d9abfb41bd6b, 0x5be0cd19137e2179,
  31. }
  32. // Sum512 returns the BLAKE2b-512 checksum of the data.
  33. func Sum512(data []byte) [Size]byte {
  34. var sum [Size]byte
  35. checkSum(&sum, Size, data)
  36. return sum
  37. }
  38. // Sum384 returns the BLAKE2b-384 checksum of the data.
  39. func Sum384(data []byte) [Size384]byte {
  40. var sum [Size]byte
  41. var sum384 [Size384]byte
  42. checkSum(&sum, Size384, data)
  43. copy(sum384[:], sum[:Size384])
  44. return sum384
  45. }
  46. // Sum256 returns the BLAKE2b-256 checksum of the data.
  47. func Sum256(data []byte) [Size256]byte {
  48. var sum [Size]byte
  49. var sum256 [Size256]byte
  50. checkSum(&sum, Size256, data)
  51. copy(sum256[:], sum[:Size256])
  52. return sum256
  53. }
  54. // New512 returns a new hash.Hash computing the BLAKE2b-512 checksum. A non-nil
  55. // key turns the hash into a MAC. The key must between zero and 64 bytes long.
  56. func New512(key []byte) (hash.Hash, error) { return newDigest(Size, key) }
  57. // New384 returns a new hash.Hash computing the BLAKE2b-384 checksum. A non-nil
  58. // key turns the hash into a MAC. The key must between zero and 64 bytes long.
  59. func New384(key []byte) (hash.Hash, error) { return newDigest(Size384, key) }
  60. // New256 returns a new hash.Hash computing the BLAKE2b-256 checksum. A non-nil
  61. // key turns the hash into a MAC. The key must between zero and 64 bytes long.
  62. func New256(key []byte) (hash.Hash, error) { return newDigest(Size256, key) }
  63. func newDigest(hashSize int, key []byte) (*digest, error) {
  64. if len(key) > Size {
  65. return nil, errKeySize
  66. }
  67. d := &digest{
  68. size: hashSize,
  69. keyLen: len(key),
  70. }
  71. copy(d.key[:], key)
  72. d.Reset()
  73. return d, nil
  74. }
  75. func checkSum(sum *[Size]byte, hashSize int, data []byte) {
  76. h := iv
  77. h[0] ^= uint64(hashSize) | (1 << 16) | (1 << 24)
  78. var c [2]uint64
  79. if length := len(data); length > BlockSize {
  80. n := length &^ (BlockSize - 1)
  81. if length == n {
  82. n -= BlockSize
  83. }
  84. hashBlocks(&h, &c, 0, data[:n])
  85. data = data[n:]
  86. }
  87. var block [BlockSize]byte
  88. offset := copy(block[:], data)
  89. remaining := uint64(BlockSize - offset)
  90. if c[0] < remaining {
  91. c[1]--
  92. }
  93. c[0] -= remaining
  94. hashBlocks(&h, &c, 0xFFFFFFFFFFFFFFFF, block[:])
  95. for i, v := range h[:(hashSize+7)/8] {
  96. binary.LittleEndian.PutUint64(sum[8*i:], v)
  97. }
  98. }
  99. type digest struct {
  100. h [8]uint64
  101. c [2]uint64
  102. size int
  103. block [BlockSize]byte
  104. offset int
  105. key [BlockSize]byte
  106. keyLen int
  107. }
  108. func (d *digest) BlockSize() int { return BlockSize }
  109. func (d *digest) Size() int { return d.size }
  110. func (d *digest) Reset() {
  111. d.h = iv
  112. d.h[0] ^= uint64(d.size) | (uint64(d.keyLen) << 8) | (1 << 16) | (1 << 24)
  113. d.offset, d.c[0], d.c[1] = 0, 0, 0
  114. if d.keyLen > 0 {
  115. d.block = d.key
  116. d.offset = BlockSize
  117. }
  118. }
  119. func (d *digest) Write(p []byte) (n int, err error) {
  120. n = len(p)
  121. if d.offset > 0 {
  122. remaining := BlockSize - d.offset
  123. if n <= remaining {
  124. d.offset += copy(d.block[d.offset:], p)
  125. return
  126. }
  127. copy(d.block[d.offset:], p[:remaining])
  128. hashBlocks(&d.h, &d.c, 0, d.block[:])
  129. d.offset = 0
  130. p = p[remaining:]
  131. }
  132. if length := len(p); length > BlockSize {
  133. nn := length &^ (BlockSize - 1)
  134. if length == nn {
  135. nn -= BlockSize
  136. }
  137. hashBlocks(&d.h, &d.c, 0, p[:nn])
  138. p = p[nn:]
  139. }
  140. if len(p) > 0 {
  141. d.offset += copy(d.block[:], p)
  142. }
  143. return
  144. }
  145. func (d *digest) Sum(b []byte) []byte {
  146. var block [BlockSize]byte
  147. copy(block[:], d.block[:d.offset])
  148. remaining := uint64(BlockSize - d.offset)
  149. c := d.c
  150. if c[0] < remaining {
  151. c[1]--
  152. }
  153. c[0] -= remaining
  154. h := d.h
  155. hashBlocks(&h, &c, 0xFFFFFFFFFFFFFFFF, block[:])
  156. var sum [Size]byte
  157. for i, v := range h[:(d.size+7)/8] {
  158. binary.LittleEndian.PutUint64(sum[8*i:], v)
  159. }
  160. return append(b, sum[:d.size]...)
  161. }