github.com/AlohaMobile/go-ethereum@v1.9.7/crypto/blake2b/blake2b.go (about)

     1  // Copyright 2016 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  // Package blake2b implements the BLAKE2b hash algorithm defined by RFC 7693
     6  // and the extendable output function (XOF) BLAKE2Xb.
     7  //
     8  // For a detailed specification of BLAKE2b see https://blake2.net/blake2.pdf
     9  // and for BLAKE2Xb see https://blake2.net/blake2x.pdf
    10  //
    11  // If you aren't sure which function you need, use BLAKE2b (Sum512 or New512).
    12  // If you need a secret-key MAC (message authentication code), use the New512
    13  // function with a non-nil key.
    14  //
    15  // BLAKE2X is a construction to compute hash values larger than 64 bytes. It
    16  // can produce hash values between 0 and 4 GiB.
    17  package blake2b
    18  
    19  import (
    20  	"encoding/binary"
    21  	"errors"
    22  	"hash"
    23  )
    24  
    25  const (
    26  	// The blocksize of BLAKE2b in bytes.
    27  	BlockSize = 128
    28  	// The hash size of BLAKE2b-512 in bytes.
    29  	Size = 64
    30  	// The hash size of BLAKE2b-384 in bytes.
    31  	Size384 = 48
    32  	// The hash size of BLAKE2b-256 in bytes.
    33  	Size256 = 32
    34  )
    35  
    36  var (
    37  	useAVX2 bool
    38  	useAVX  bool
    39  	useSSE4 bool
    40  )
    41  
    42  var (
    43  	errKeySize  = errors.New("blake2b: invalid key size")
    44  	errHashSize = errors.New("blake2b: invalid hash size")
    45  )
    46  
    47  var iv = [8]uint64{
    48  	0x6a09e667f3bcc908, 0xbb67ae8584caa73b, 0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1,
    49  	0x510e527fade682d1, 0x9b05688c2b3e6c1f, 0x1f83d9abfb41bd6b, 0x5be0cd19137e2179,
    50  }
    51  
    52  // Sum512 returns the BLAKE2b-512 checksum of the data.
    53  func Sum512(data []byte) [Size]byte {
    54  	var sum [Size]byte
    55  	checkSum(&sum, Size, data)
    56  	return sum
    57  }
    58  
    59  // Sum384 returns the BLAKE2b-384 checksum of the data.
    60  func Sum384(data []byte) [Size384]byte {
    61  	var sum [Size]byte
    62  	var sum384 [Size384]byte
    63  	checkSum(&sum, Size384, data)
    64  	copy(sum384[:], sum[:Size384])
    65  	return sum384
    66  }
    67  
    68  // Sum256 returns the BLAKE2b-256 checksum of the data.
    69  func Sum256(data []byte) [Size256]byte {
    70  	var sum [Size]byte
    71  	var sum256 [Size256]byte
    72  	checkSum(&sum, Size256, data)
    73  	copy(sum256[:], sum[:Size256])
    74  	return sum256
    75  }
    76  
    77  // New512 returns a new hash.Hash computing the BLAKE2b-512 checksum. A non-nil
    78  // key turns the hash into a MAC. The key must be between zero and 64 bytes long.
    79  func New512(key []byte) (hash.Hash, error) { return newDigest(Size, key) }
    80  
    81  // New384 returns a new hash.Hash computing the BLAKE2b-384 checksum. A non-nil
    82  // key turns the hash into a MAC. The key must be between zero and 64 bytes long.
    83  func New384(key []byte) (hash.Hash, error) { return newDigest(Size384, key) }
    84  
    85  // New256 returns a new hash.Hash computing the BLAKE2b-256 checksum. A non-nil
    86  // key turns the hash into a MAC. The key must be between zero and 64 bytes long.
    87  func New256(key []byte) (hash.Hash, error) { return newDigest(Size256, key) }
    88  
    89  // New returns a new hash.Hash computing the BLAKE2b checksum with a custom length.
    90  // A non-nil key turns the hash into a MAC. The key must be between zero and 64 bytes long.
    91  // The hash size can be a value between 1 and 64 but it is highly recommended to use
    92  // values equal or greater than:
    93  // - 32 if BLAKE2b is used as a hash function (The key is zero bytes long).
    94  // - 16 if BLAKE2b is used as a MAC function (The key is at least 16 bytes long).
    95  // When the key is nil, the returned hash.Hash implements BinaryMarshaler
    96  // and BinaryUnmarshaler for state (de)serialization as documented by hash.Hash.
    97  func New(size int, key []byte) (hash.Hash, error) { return newDigest(size, key) }
    98  
    99  // F is a compression function for BLAKE2b. It takes as an argument the state
   100  // vector `h`, message block vector `m`, offset counter `t`, final block indicator
   101  // flag `f`, and number of rounds `rounds`. The state vector provided as the first
   102  // parameter is modified by the function.
   103  func F(h *[8]uint64, m [16]uint64, c [2]uint64, final bool, rounds uint32) {
   104  	var flag uint64
   105  	if final {
   106  		flag = 0xFFFFFFFFFFFFFFFF
   107  	}
   108  	f(h, &m, c[0], c[1], flag, uint64(rounds))
   109  }
   110  
   111  func newDigest(hashSize int, key []byte) (*digest, error) {
   112  	if hashSize < 1 || hashSize > Size {
   113  		return nil, errHashSize
   114  	}
   115  	if len(key) > Size {
   116  		return nil, errKeySize
   117  	}
   118  	d := &digest{
   119  		size:   hashSize,
   120  		keyLen: len(key),
   121  	}
   122  	copy(d.key[:], key)
   123  	d.Reset()
   124  	return d, nil
   125  }
   126  
   127  func checkSum(sum *[Size]byte, hashSize int, data []byte) {
   128  	h := iv
   129  	h[0] ^= uint64(hashSize) | (1 << 16) | (1 << 24)
   130  	var c [2]uint64
   131  
   132  	if length := len(data); length > BlockSize {
   133  		n := length &^ (BlockSize - 1)
   134  		if length == n {
   135  			n -= BlockSize
   136  		}
   137  		hashBlocks(&h, &c, 0, data[:n])
   138  		data = data[n:]
   139  	}
   140  
   141  	var block [BlockSize]byte
   142  	offset := copy(block[:], data)
   143  	remaining := uint64(BlockSize - offset)
   144  	if c[0] < remaining {
   145  		c[1]--
   146  	}
   147  	c[0] -= remaining
   148  
   149  	hashBlocks(&h, &c, 0xFFFFFFFFFFFFFFFF, block[:])
   150  
   151  	for i, v := range h[:(hashSize+7)/8] {
   152  		binary.LittleEndian.PutUint64(sum[8*i:], v)
   153  	}
   154  }
   155  
   156  func hashBlocks(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) {
   157  	var m [16]uint64
   158  	c0, c1 := c[0], c[1]
   159  
   160  	for i := 0; i < len(blocks); {
   161  		c0 += BlockSize
   162  		if c0 < BlockSize {
   163  			c1++
   164  		}
   165  		for j := range m {
   166  			m[j] = binary.LittleEndian.Uint64(blocks[i:])
   167  			i += 8
   168  		}
   169  		f(h, &m, c0, c1, flag, 12)
   170  	}
   171  	c[0], c[1] = c0, c1
   172  }
   173  
   174  type digest struct {
   175  	h      [8]uint64
   176  	c      [2]uint64
   177  	size   int
   178  	block  [BlockSize]byte
   179  	offset int
   180  
   181  	key    [BlockSize]byte
   182  	keyLen int
   183  }
   184  
   185  const (
   186  	magic         = "b2b"
   187  	marshaledSize = len(magic) + 8*8 + 2*8 + 1 + BlockSize + 1
   188  )
   189  
   190  func (d *digest) MarshalBinary() ([]byte, error) {
   191  	if d.keyLen != 0 {
   192  		return nil, errors.New("crypto/blake2b: cannot marshal MACs")
   193  	}
   194  	b := make([]byte, 0, marshaledSize)
   195  	b = append(b, magic...)
   196  	for i := 0; i < 8; i++ {
   197  		b = appendUint64(b, d.h[i])
   198  	}
   199  	b = appendUint64(b, d.c[0])
   200  	b = appendUint64(b, d.c[1])
   201  	// Maximum value for size is 64
   202  	b = append(b, byte(d.size))
   203  	b = append(b, d.block[:]...)
   204  	b = append(b, byte(d.offset))
   205  	return b, nil
   206  }
   207  
   208  func (d *digest) UnmarshalBinary(b []byte) error {
   209  	if len(b) < len(magic) || string(b[:len(magic)]) != magic {
   210  		return errors.New("crypto/blake2b: invalid hash state identifier")
   211  	}
   212  	if len(b) != marshaledSize {
   213  		return errors.New("crypto/blake2b: invalid hash state size")
   214  	}
   215  	b = b[len(magic):]
   216  	for i := 0; i < 8; i++ {
   217  		b, d.h[i] = consumeUint64(b)
   218  	}
   219  	b, d.c[0] = consumeUint64(b)
   220  	b, d.c[1] = consumeUint64(b)
   221  	d.size = int(b[0])
   222  	b = b[1:]
   223  	copy(d.block[:], b[:BlockSize])
   224  	b = b[BlockSize:]
   225  	d.offset = int(b[0])
   226  	return nil
   227  }
   228  
   229  func (d *digest) BlockSize() int { return BlockSize }
   230  
   231  func (d *digest) Size() int { return d.size }
   232  
   233  func (d *digest) Reset() {
   234  	d.h = iv
   235  	d.h[0] ^= uint64(d.size) | (uint64(d.keyLen) << 8) | (1 << 16) | (1 << 24)
   236  	d.offset, d.c[0], d.c[1] = 0, 0, 0
   237  	if d.keyLen > 0 {
   238  		d.block = d.key
   239  		d.offset = BlockSize
   240  	}
   241  }
   242  
   243  func (d *digest) Write(p []byte) (n int, err error) {
   244  	n = len(p)
   245  
   246  	if d.offset > 0 {
   247  		remaining := BlockSize - d.offset
   248  		if n <= remaining {
   249  			d.offset += copy(d.block[d.offset:], p)
   250  			return
   251  		}
   252  		copy(d.block[d.offset:], p[:remaining])
   253  		hashBlocks(&d.h, &d.c, 0, d.block[:])
   254  		d.offset = 0
   255  		p = p[remaining:]
   256  	}
   257  
   258  	if length := len(p); length > BlockSize {
   259  		nn := length &^ (BlockSize - 1)
   260  		if length == nn {
   261  			nn -= BlockSize
   262  		}
   263  		hashBlocks(&d.h, &d.c, 0, p[:nn])
   264  		p = p[nn:]
   265  	}
   266  
   267  	if len(p) > 0 {
   268  		d.offset += copy(d.block[:], p)
   269  	}
   270  
   271  	return
   272  }
   273  
   274  func (d *digest) Sum(sum []byte) []byte {
   275  	var hash [Size]byte
   276  	d.finalize(&hash)
   277  	return append(sum, hash[:d.size]...)
   278  }
   279  
   280  func (d *digest) finalize(hash *[Size]byte) {
   281  	var block [BlockSize]byte
   282  	copy(block[:], d.block[:d.offset])
   283  	remaining := uint64(BlockSize - d.offset)
   284  
   285  	c := d.c
   286  	if c[0] < remaining {
   287  		c[1]--
   288  	}
   289  	c[0] -= remaining
   290  
   291  	h := d.h
   292  	hashBlocks(&h, &c, 0xFFFFFFFFFFFFFFFF, block[:])
   293  
   294  	for i, v := range h {
   295  		binary.LittleEndian.PutUint64(hash[8*i:], v)
   296  	}
   297  }
   298  
   299  func appendUint64(b []byte, x uint64) []byte {
   300  	var a [8]byte
   301  	binary.BigEndian.PutUint64(a[:], x)
   302  	return append(b, a[:]...)
   303  }
   304  
   305  func appendUint32(b []byte, x uint32) []byte {
   306  	var a [4]byte
   307  	binary.BigEndian.PutUint32(a[:], x)
   308  	return append(b, a[:]...)
   309  }
   310  
   311  func consumeUint64(b []byte) ([]byte, uint64) {
   312  	x := binary.BigEndian.Uint64(b)
   313  	return b[8:], x
   314  }
   315  
   316  func consumeUint32(b []byte) ([]byte, uint32) {
   317  	x := binary.BigEndian.Uint32(b)
   318  	return b[4:], x
   319  }