You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

174 lines
3.7 KiB

  1. // Copyright 2016 The Go Authors. All rights reserved.
  2. // Use of this source code is governed by a BSD-style
  3. // license that can be found in the LICENSE file.
  4. package blake2s
  5. // the precomputed values for BLAKE2s
  6. // there are 10 16-byte arrays - one for each round
  7. // the entries are calculated from the sigma constants.
  8. var precomputed = [10][16]byte{
  9. {0, 2, 4, 6, 1, 3, 5, 7, 8, 10, 12, 14, 9, 11, 13, 15},
  10. {14, 4, 9, 13, 10, 8, 15, 6, 1, 0, 11, 5, 12, 2, 7, 3},
  11. {11, 12, 5, 15, 8, 0, 2, 13, 10, 3, 7, 9, 14, 6, 1, 4},
  12. {7, 3, 13, 11, 9, 1, 12, 14, 2, 5, 4, 15, 6, 10, 0, 8},
  13. {9, 5, 2, 10, 0, 7, 4, 15, 14, 11, 6, 3, 1, 12, 8, 13},
  14. {2, 6, 0, 8, 12, 10, 11, 3, 4, 7, 15, 1, 13, 5, 14, 9},
  15. {12, 1, 14, 4, 5, 15, 13, 10, 0, 6, 9, 8, 7, 3, 2, 11},
  16. {13, 7, 12, 3, 11, 14, 1, 9, 5, 15, 8, 2, 0, 4, 6, 10},
  17. {6, 14, 11, 0, 15, 9, 3, 8, 12, 13, 1, 10, 2, 7, 4, 5},
  18. {10, 8, 7, 1, 2, 4, 6, 5, 15, 9, 3, 13, 11, 14, 12, 0},
  19. }
  20. func hashBlocksGeneric(h *[8]uint32, c *[2]uint32, flag uint32, blocks []byte) {
  21. var m [16]uint32
  22. c0, c1 := c[0], c[1]
  23. for i := 0; i < len(blocks); {
  24. c0 += BlockSize
  25. if c0 < BlockSize {
  26. c1++
  27. }
  28. v0, v1, v2, v3, v4, v5, v6, v7 := h[0], h[1], h[2], h[3], h[4], h[5], h[6], h[7]
  29. v8, v9, v10, v11, v12, v13, v14, v15 := iv[0], iv[1], iv[2], iv[3], iv[4], iv[5], iv[6], iv[7]
  30. v12 ^= c0
  31. v13 ^= c1
  32. v14 ^= flag
  33. for j := range m {
  34. m[j] = uint32(blocks[i]) | uint32(blocks[i+1])<<8 | uint32(blocks[i+2])<<16 | uint32(blocks[i+3])<<24
  35. i += 4
  36. }
  37. for k := range precomputed {
  38. s := &(precomputed[k])
  39. v0 += m[s[0]]
  40. v0 += v4
  41. v12 ^= v0
  42. v12 = v12<<(32-16) | v12>>16
  43. v8 += v12
  44. v4 ^= v8
  45. v4 = v4<<(32-12) | v4>>12
  46. v1 += m[s[1]]
  47. v1 += v5
  48. v13 ^= v1
  49. v13 = v13<<(32-16) | v13>>16
  50. v9 += v13
  51. v5 ^= v9
  52. v5 = v5<<(32-12) | v5>>12
  53. v2 += m[s[2]]
  54. v2 += v6
  55. v14 ^= v2
  56. v14 = v14<<(32-16) | v14>>16
  57. v10 += v14
  58. v6 ^= v10
  59. v6 = v6<<(32-12) | v6>>12
  60. v3 += m[s[3]]
  61. v3 += v7
  62. v15 ^= v3
  63. v15 = v15<<(32-16) | v15>>16
  64. v11 += v15
  65. v7 ^= v11
  66. v7 = v7<<(32-12) | v7>>12
  67. v0 += m[s[4]]
  68. v0 += v4
  69. v12 ^= v0
  70. v12 = v12<<(32-8) | v12>>8
  71. v8 += v12
  72. v4 ^= v8
  73. v4 = v4<<(32-7) | v4>>7
  74. v1 += m[s[5]]
  75. v1 += v5
  76. v13 ^= v1
  77. v13 = v13<<(32-8) | v13>>8
  78. v9 += v13
  79. v5 ^= v9
  80. v5 = v5<<(32-7) | v5>>7
  81. v2 += m[s[6]]
  82. v2 += v6
  83. v14 ^= v2
  84. v14 = v14<<(32-8) | v14>>8
  85. v10 += v14
  86. v6 ^= v10
  87. v6 = v6<<(32-7) | v6>>7
  88. v3 += m[s[7]]
  89. v3 += v7
  90. v15 ^= v3
  91. v15 = v15<<(32-8) | v15>>8
  92. v11 += v15
  93. v7 ^= v11
  94. v7 = v7<<(32-7) | v7>>7
  95. v0 += m[s[8]]
  96. v0 += v5
  97. v15 ^= v0
  98. v15 = v15<<(32-16) | v15>>16
  99. v10 += v15
  100. v5 ^= v10
  101. v5 = v5<<(32-12) | v5>>12
  102. v1 += m[s[9]]
  103. v1 += v6
  104. v12 ^= v1
  105. v12 = v12<<(32-16) | v12>>16
  106. v11 += v12
  107. v6 ^= v11
  108. v6 = v6<<(32-12) | v6>>12
  109. v2 += m[s[10]]
  110. v2 += v7
  111. v13 ^= v2
  112. v13 = v13<<(32-16) | v13>>16
  113. v8 += v13
  114. v7 ^= v8
  115. v7 = v7<<(32-12) | v7>>12
  116. v3 += m[s[11]]
  117. v3 += v4
  118. v14 ^= v3
  119. v14 = v14<<(32-16) | v14>>16
  120. v9 += v14
  121. v4 ^= v9
  122. v4 = v4<<(32-12) | v4>>12
  123. v0 += m[s[12]]
  124. v0 += v5
  125. v15 ^= v0
  126. v15 = v15<<(32-8) | v15>>8
  127. v10 += v15
  128. v5 ^= v10
  129. v5 = v5<<(32-7) | v5>>7
  130. v1 += m[s[13]]
  131. v1 += v6
  132. v12 ^= v1
  133. v12 = v12<<(32-8) | v12>>8
  134. v11 += v12
  135. v6 ^= v11
  136. v6 = v6<<(32-7) | v6>>7
  137. v2 += m[s[14]]
  138. v2 += v7
  139. v13 ^= v2
  140. v13 = v13<<(32-8) | v13>>8
  141. v8 += v13
  142. v7 ^= v8
  143. v7 = v7<<(32-7) | v7>>7
  144. v3 += m[s[15]]
  145. v3 += v4
  146. v14 ^= v3
  147. v14 = v14<<(32-8) | v14>>8
  148. v9 += v14
  149. v4 ^= v9
  150. v4 = v4<<(32-7) | v4>>7
  151. }
  152. h[0] ^= v0 ^ v8
  153. h[1] ^= v1 ^ v9
  154. h[2] ^= v2 ^ v10
  155. h[3] ^= v3 ^ v11
  156. h[4] ^= v4 ^ v12
  157. h[5] ^= v5 ^ v13
  158. h[6] ^= v6 ^ v14
  159. h[7] ^= v7 ^ v15
  160. }
  161. c[0], c[1] = c0, c1
  162. }