blake2b_generic.go 3.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179
  1. // Copyright 2016 The Go Authors. All rights reserved.
  2. // Use of this source code is governed by a BSD-style
  3. // license that can be found in the LICENSE file.
  4. package blake2b
  5. import "encoding/binary"
  6. // the precomputed values for BLAKE2b
  7. // there are 12 16-byte arrays - one for each round
  8. // the entries are calculated from the sigma constants.
  9. var precomputed = [12][16]byte{
  10. {0, 2, 4, 6, 1, 3, 5, 7, 8, 10, 12, 14, 9, 11, 13, 15},
  11. {14, 4, 9, 13, 10, 8, 15, 6, 1, 0, 11, 5, 12, 2, 7, 3},
  12. {11, 12, 5, 15, 8, 0, 2, 13, 10, 3, 7, 9, 14, 6, 1, 4},
  13. {7, 3, 13, 11, 9, 1, 12, 14, 2, 5, 4, 15, 6, 10, 0, 8},
  14. {9, 5, 2, 10, 0, 7, 4, 15, 14, 11, 6, 3, 1, 12, 8, 13},
  15. {2, 6, 0, 8, 12, 10, 11, 3, 4, 7, 15, 1, 13, 5, 14, 9},
  16. {12, 1, 14, 4, 5, 15, 13, 10, 0, 6, 9, 8, 7, 3, 2, 11},
  17. {13, 7, 12, 3, 11, 14, 1, 9, 5, 15, 8, 2, 0, 4, 6, 10},
  18. {6, 14, 11, 0, 15, 9, 3, 8, 12, 13, 1, 10, 2, 7, 4, 5},
  19. {10, 8, 7, 1, 2, 4, 6, 5, 15, 9, 3, 13, 11, 14, 12, 0},
  20. {0, 2, 4, 6, 1, 3, 5, 7, 8, 10, 12, 14, 9, 11, 13, 15}, // equal to the first
  21. {14, 4, 9, 13, 10, 8, 15, 6, 1, 0, 11, 5, 12, 2, 7, 3}, // equal to the second
  22. }
  23. func hashBlocksGeneric(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) {
  24. var m [16]uint64
  25. c0, c1 := c[0], c[1]
  26. for i := 0; i < len(blocks); {
  27. c0 += BlockSize
  28. if c0 < BlockSize {
  29. c1++
  30. }
  31. v0, v1, v2, v3, v4, v5, v6, v7 := h[0], h[1], h[2], h[3], h[4], h[5], h[6], h[7]
  32. v8, v9, v10, v11, v12, v13, v14, v15 := iv[0], iv[1], iv[2], iv[3], iv[4], iv[5], iv[6], iv[7]
  33. v12 ^= c0
  34. v13 ^= c1
  35. v14 ^= flag
  36. for j := range m {
  37. m[j] = binary.LittleEndian.Uint64(blocks[i:])
  38. i += 8
  39. }
  40. for j := range precomputed {
  41. s := &(precomputed[j])
  42. v0 += m[s[0]]
  43. v0 += v4
  44. v12 ^= v0
  45. v12 = v12<<(64-32) | v12>>32
  46. v8 += v12
  47. v4 ^= v8
  48. v4 = v4<<(64-24) | v4>>24
  49. v1 += m[s[1]]
  50. v1 += v5
  51. v13 ^= v1
  52. v13 = v13<<(64-32) | v13>>32
  53. v9 += v13
  54. v5 ^= v9
  55. v5 = v5<<(64-24) | v5>>24
  56. v2 += m[s[2]]
  57. v2 += v6
  58. v14 ^= v2
  59. v14 = v14<<(64-32) | v14>>32
  60. v10 += v14
  61. v6 ^= v10
  62. v6 = v6<<(64-24) | v6>>24
  63. v3 += m[s[3]]
  64. v3 += v7
  65. v15 ^= v3
  66. v15 = v15<<(64-32) | v15>>32
  67. v11 += v15
  68. v7 ^= v11
  69. v7 = v7<<(64-24) | v7>>24
  70. v0 += m[s[4]]
  71. v0 += v4
  72. v12 ^= v0
  73. v12 = v12<<(64-16) | v12>>16
  74. v8 += v12
  75. v4 ^= v8
  76. v4 = v4<<(64-63) | v4>>63
  77. v1 += m[s[5]]
  78. v1 += v5
  79. v13 ^= v1
  80. v13 = v13<<(64-16) | v13>>16
  81. v9 += v13
  82. v5 ^= v9
  83. v5 = v5<<(64-63) | v5>>63
  84. v2 += m[s[6]]
  85. v2 += v6
  86. v14 ^= v2
  87. v14 = v14<<(64-16) | v14>>16
  88. v10 += v14
  89. v6 ^= v10
  90. v6 = v6<<(64-63) | v6>>63
  91. v3 += m[s[7]]
  92. v3 += v7
  93. v15 ^= v3
  94. v15 = v15<<(64-16) | v15>>16
  95. v11 += v15
  96. v7 ^= v11
  97. v7 = v7<<(64-63) | v7>>63
  98. v0 += m[s[8]]
  99. v0 += v5
  100. v15 ^= v0
  101. v15 = v15<<(64-32) | v15>>32
  102. v10 += v15
  103. v5 ^= v10
  104. v5 = v5<<(64-24) | v5>>24
  105. v1 += m[s[9]]
  106. v1 += v6
  107. v12 ^= v1
  108. v12 = v12<<(64-32) | v12>>32
  109. v11 += v12
  110. v6 ^= v11
  111. v6 = v6<<(64-24) | v6>>24
  112. v2 += m[s[10]]
  113. v2 += v7
  114. v13 ^= v2
  115. v13 = v13<<(64-32) | v13>>32
  116. v8 += v13
  117. v7 ^= v8
  118. v7 = v7<<(64-24) | v7>>24
  119. v3 += m[s[11]]
  120. v3 += v4
  121. v14 ^= v3
  122. v14 = v14<<(64-32) | v14>>32
  123. v9 += v14
  124. v4 ^= v9
  125. v4 = v4<<(64-24) | v4>>24
  126. v0 += m[s[12]]
  127. v0 += v5
  128. v15 ^= v0
  129. v15 = v15<<(64-16) | v15>>16
  130. v10 += v15
  131. v5 ^= v10
  132. v5 = v5<<(64-63) | v5>>63
  133. v1 += m[s[13]]
  134. v1 += v6
  135. v12 ^= v1
  136. v12 = v12<<(64-16) | v12>>16
  137. v11 += v12
  138. v6 ^= v11
  139. v6 = v6<<(64-63) | v6>>63
  140. v2 += m[s[14]]
  141. v2 += v7
  142. v13 ^= v2
  143. v13 = v13<<(64-16) | v13>>16
  144. v8 += v13
  145. v7 ^= v8
  146. v7 = v7<<(64-63) | v7>>63
  147. v3 += m[s[15]]
  148. v3 += v4
  149. v14 ^= v3
  150. v14 = v14<<(64-16) | v14>>16
  151. v9 += v14
  152. v4 ^= v9
  153. v4 = v4<<(64-63) | v4>>63
  154. }
  155. h[0] ^= v0 ^ v8
  156. h[1] ^= v1 ^ v9
  157. h[2] ^= v2 ^ v10
  158. h[3] ^= v3 ^ v11
  159. h[4] ^= v4 ^ v12
  160. h[5] ^= v5 ^ v13
  161. h[6] ^= v6 ^ v14
  162. h[7] ^= v7 ^ v15
  163. }
  164. c[0], c[1] = c0, c1
  165. }