github.com/devops-filetransfer/sshego@v7.0.4+incompatible/_vendor/golang.org/x/crypto/blake2s/blake2s_generic.go (about) 1 // Copyright 2016 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package blake2s 6 7 // the precomputed values for BLAKE2s 8 // there are 10 16-byte arrays - one for each round 9 // the entries are calculated from the sigma constants. 10 var precomputed = [10][16]byte{ 11 {0, 2, 4, 6, 1, 3, 5, 7, 8, 10, 12, 14, 9, 11, 13, 15}, 12 {14, 4, 9, 13, 10, 8, 15, 6, 1, 0, 11, 5, 12, 2, 7, 3}, 13 {11, 12, 5, 15, 8, 0, 2, 13, 10, 3, 7, 9, 14, 6, 1, 4}, 14 {7, 3, 13, 11, 9, 1, 12, 14, 2, 5, 4, 15, 6, 10, 0, 8}, 15 {9, 5, 2, 10, 0, 7, 4, 15, 14, 11, 6, 3, 1, 12, 8, 13}, 16 {2, 6, 0, 8, 12, 10, 11, 3, 4, 7, 15, 1, 13, 5, 14, 9}, 17 {12, 1, 14, 4, 5, 15, 13, 10, 0, 6, 9, 8, 7, 3, 2, 11}, 18 {13, 7, 12, 3, 11, 14, 1, 9, 5, 15, 8, 2, 0, 4, 6, 10}, 19 {6, 14, 11, 0, 15, 9, 3, 8, 12, 13, 1, 10, 2, 7, 4, 5}, 20 {10, 8, 7, 1, 2, 4, 6, 5, 15, 9, 3, 13, 11, 14, 12, 0}, 21 } 22 23 func hashBlocksGeneric(h *[8]uint32, c *[2]uint32, flag uint32, blocks []byte) { 24 var m [16]uint32 25 c0, c1 := c[0], c[1] 26 27 for i := 0; i < len(blocks); { 28 c0 += BlockSize 29 if c0 < BlockSize { 30 c1++ 31 } 32 33 v0, v1, v2, v3, v4, v5, v6, v7 := h[0], h[1], h[2], h[3], h[4], h[5], h[6], h[7] 34 v8, v9, v10, v11, v12, v13, v14, v15 := iv[0], iv[1], iv[2], iv[3], iv[4], iv[5], iv[6], iv[7] 35 v12 ^= c0 36 v13 ^= c1 37 v14 ^= flag 38 39 for j := range m { 40 m[j] = uint32(blocks[i]) | uint32(blocks[i+1])<<8 | uint32(blocks[i+2])<<16 | uint32(blocks[i+3])<<24 41 i += 4 42 } 43 44 for k := range precomputed { 45 s := &(precomputed[k]) 46 47 v0 += m[s[0]] 48 v0 += v4 49 v12 ^= v0 50 v12 = v12<<(32-16) | v12>>16 51 v8 += v12 52 v4 ^= v8 53 v4 = v4<<(32-12) | v4>>12 54 v1 += m[s[1]] 55 v1 += v5 56 v13 ^= v1 57 v13 = v13<<(32-16) | v13>>16 58 v9 += v13 59 v5 ^= v9 60 v5 = v5<<(32-12) | v5>>12 61 v2 += m[s[2]] 62 v2 += v6 63 v14 ^= v2 64 v14 = v14<<(32-16) | v14>>16 65 v10 += v14 66 v6 ^= v10 67 v6 = v6<<(32-12) | v6>>12 68 v3 += m[s[3]] 69 v3 += v7 70 v15 ^= v3 71 v15 = v15<<(32-16) | v15>>16 72 v11 += v15 73 v7 ^= v11 74 v7 = v7<<(32-12) | v7>>12 75 76 v0 += m[s[4]] 77 v0 += v4 78 v12 ^= v0 79 v12 = v12<<(32-8) | v12>>8 80 v8 += v12 81 v4 ^= v8 82 v4 = v4<<(32-7) | v4>>7 83 v1 += m[s[5]] 84 v1 += v5 85 v13 ^= v1 86 v13 = v13<<(32-8) | v13>>8 87 v9 += v13 88 v5 ^= v9 89 v5 = v5<<(32-7) | v5>>7 90 v2 += m[s[6]] 91 v2 += v6 92 v14 ^= v2 93 v14 = v14<<(32-8) | v14>>8 94 v10 += v14 95 v6 ^= v10 96 v6 = v6<<(32-7) | v6>>7 97 v3 += m[s[7]] 98 v3 += v7 99 v15 ^= v3 100 v15 = v15<<(32-8) | v15>>8 101 v11 += v15 102 v7 ^= v11 103 v7 = v7<<(32-7) | v7>>7 104 105 v0 += m[s[8]] 106 v0 += v5 107 v15 ^= v0 108 v15 = v15<<(32-16) | v15>>16 109 v10 += v15 110 v5 ^= v10 111 v5 = v5<<(32-12) | v5>>12 112 v1 += m[s[9]] 113 v1 += v6 114 v12 ^= v1 115 v12 = v12<<(32-16) | v12>>16 116 v11 += v12 117 v6 ^= v11 118 v6 = v6<<(32-12) | v6>>12 119 v2 += m[s[10]] 120 v2 += v7 121 v13 ^= v2 122 v13 = v13<<(32-16) | v13>>16 123 v8 += v13 124 v7 ^= v8 125 v7 = v7<<(32-12) | v7>>12 126 v3 += m[s[11]] 127 v3 += v4 128 v14 ^= v3 129 v14 = v14<<(32-16) | v14>>16 130 v9 += v14 131 v4 ^= v9 132 v4 = v4<<(32-12) | v4>>12 133 134 v0 += m[s[12]] 135 v0 += v5 136 v15 ^= v0 137 v15 = v15<<(32-8) | v15>>8 138 v10 += v15 139 v5 ^= v10 140 v5 = v5<<(32-7) | v5>>7 141 v1 += m[s[13]] 142 v1 += v6 143 v12 ^= v1 144 v12 = v12<<(32-8) | v12>>8 145 v11 += v12 146 v6 ^= v11 147 v6 = v6<<(32-7) | v6>>7 148 v2 += m[s[14]] 149 v2 += v7 150 v13 ^= v2 151 v13 = v13<<(32-8) | v13>>8 152 v8 += v13 153 v7 ^= v8 154 v7 = v7<<(32-7) | v7>>7 155 v3 += m[s[15]] 156 v3 += v4 157 v14 ^= v3 158 v14 = v14<<(32-8) | v14>>8 159 v9 += v14 160 v4 ^= v9 161 v4 = v4<<(32-7) | v4>>7 162 } 163 164 h[0] ^= v0 ^ v8 165 h[1] ^= v1 ^ v9 166 h[2] ^= v2 ^ v10 167 h[3] ^= v3 ^ v11 168 h[4] ^= v4 ^ v12 169 h[5] ^= v5 ^ v13 170 h[6] ^= v6 ^ v14 171 h[7] ^= v7 ^ v15 172 } 173 c[0], c[1] = c0, c1 174 }