blake2s_generic.go raw
1 // Copyright 2016 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
4
5 package blake2s
6
7 import (
8 "math/bits"
9 )
10
11 // the precomputed values for BLAKE2s
12 // there are 10 16-byte arrays - one for each round
13 // the entries are calculated from the sigma constants.
14 var precomputed = [10][16]byte{
15 {0, 2, 4, 6, 1, 3, 5, 7, 8, 10, 12, 14, 9, 11, 13, 15},
16 {14, 4, 9, 13, 10, 8, 15, 6, 1, 0, 11, 5, 12, 2, 7, 3},
17 {11, 12, 5, 15, 8, 0, 2, 13, 10, 3, 7, 9, 14, 6, 1, 4},
18 {7, 3, 13, 11, 9, 1, 12, 14, 2, 5, 4, 15, 6, 10, 0, 8},
19 {9, 5, 2, 10, 0, 7, 4, 15, 14, 11, 6, 3, 1, 12, 8, 13},
20 {2, 6, 0, 8, 12, 10, 11, 3, 4, 7, 15, 1, 13, 5, 14, 9},
21 {12, 1, 14, 4, 5, 15, 13, 10, 0, 6, 9, 8, 7, 3, 2, 11},
22 {13, 7, 12, 3, 11, 14, 1, 9, 5, 15, 8, 2, 0, 4, 6, 10},
23 {6, 14, 11, 0, 15, 9, 3, 8, 12, 13, 1, 10, 2, 7, 4, 5},
24 {10, 8, 7, 1, 2, 4, 6, 5, 15, 9, 3, 13, 11, 14, 12, 0},
25 }
26
27 func hashBlocksGeneric(h *[8]uint32, c *[2]uint32, flag uint32, blocks []byte) {
28 var m [16]uint32
29 c0, c1 := c[0], c[1]
30
31 for i := 0; i < len(blocks); {
32 c0 += BlockSize
33 if c0 < BlockSize {
34 c1++
35 }
36
37 v0, v1, v2, v3, v4, v5, v6, v7 := h[0], h[1], h[2], h[3], h[4], h[5], h[6], h[7]
38 v8, v9, v10, v11, v12, v13, v14, v15 := iv[0], iv[1], iv[2], iv[3], iv[4], iv[5], iv[6], iv[7]
39 v12 ^= c0
40 v13 ^= c1
41 v14 ^= flag
42
43 for j := range m {
44 m[j] = uint32(blocks[i]) | uint32(blocks[i+1])<<8 | uint32(blocks[i+2])<<16 | uint32(blocks[i+3])<<24
45 i += 4
46 }
47
48 for k := range precomputed {
49 s := &(precomputed[k])
50
51 v0 += m[s[0]]
52 v0 += v4
53 v12 ^= v0
54 v12 = bits.RotateLeft32(v12, -16)
55 v8 += v12
56 v4 ^= v8
57 v4 = bits.RotateLeft32(v4, -12)
58 v1 += m[s[1]]
59 v1 += v5
60 v13 ^= v1
61 v13 = bits.RotateLeft32(v13, -16)
62 v9 += v13
63 v5 ^= v9
64 v5 = bits.RotateLeft32(v5, -12)
65 v2 += m[s[2]]
66 v2 += v6
67 v14 ^= v2
68 v14 = bits.RotateLeft32(v14, -16)
69 v10 += v14
70 v6 ^= v10
71 v6 = bits.RotateLeft32(v6, -12)
72 v3 += m[s[3]]
73 v3 += v7
74 v15 ^= v3
75 v15 = bits.RotateLeft32(v15, -16)
76 v11 += v15
77 v7 ^= v11
78 v7 = bits.RotateLeft32(v7, -12)
79
80 v0 += m[s[4]]
81 v0 += v4
82 v12 ^= v0
83 v12 = bits.RotateLeft32(v12, -8)
84 v8 += v12
85 v4 ^= v8
86 v4 = bits.RotateLeft32(v4, -7)
87 v1 += m[s[5]]
88 v1 += v5
89 v13 ^= v1
90 v13 = bits.RotateLeft32(v13, -8)
91 v9 += v13
92 v5 ^= v9
93 v5 = bits.RotateLeft32(v5, -7)
94 v2 += m[s[6]]
95 v2 += v6
96 v14 ^= v2
97 v14 = bits.RotateLeft32(v14, -8)
98 v10 += v14
99 v6 ^= v10
100 v6 = bits.RotateLeft32(v6, -7)
101 v3 += m[s[7]]
102 v3 += v7
103 v15 ^= v3
104 v15 = bits.RotateLeft32(v15, -8)
105 v11 += v15
106 v7 ^= v11
107 v7 = bits.RotateLeft32(v7, -7)
108
109 v0 += m[s[8]]
110 v0 += v5
111 v15 ^= v0
112 v15 = bits.RotateLeft32(v15, -16)
113 v10 += v15
114 v5 ^= v10
115 v5 = bits.RotateLeft32(v5, -12)
116 v1 += m[s[9]]
117 v1 += v6
118 v12 ^= v1
119 v12 = bits.RotateLeft32(v12, -16)
120 v11 += v12
121 v6 ^= v11
122 v6 = bits.RotateLeft32(v6, -12)
123 v2 += m[s[10]]
124 v2 += v7
125 v13 ^= v2
126 v13 = bits.RotateLeft32(v13, -16)
127 v8 += v13
128 v7 ^= v8
129 v7 = bits.RotateLeft32(v7, -12)
130 v3 += m[s[11]]
131 v3 += v4
132 v14 ^= v3
133 v14 = bits.RotateLeft32(v14, -16)
134 v9 += v14
135 v4 ^= v9
136 v4 = bits.RotateLeft32(v4, -12)
137
138 v0 += m[s[12]]
139 v0 += v5
140 v15 ^= v0
141 v15 = bits.RotateLeft32(v15, -8)
142 v10 += v15
143 v5 ^= v10
144 v5 = bits.RotateLeft32(v5, -7)
145 v1 += m[s[13]]
146 v1 += v6
147 v12 ^= v1
148 v12 = bits.RotateLeft32(v12, -8)
149 v11 += v12
150 v6 ^= v11
151 v6 = bits.RotateLeft32(v6, -7)
152 v2 += m[s[14]]
153 v2 += v7
154 v13 ^= v2
155 v13 = bits.RotateLeft32(v13, -8)
156 v8 += v13
157 v7 ^= v8
158 v7 = bits.RotateLeft32(v7, -7)
159 v3 += m[s[15]]
160 v3 += v4
161 v14 ^= v3
162 v14 = bits.RotateLeft32(v14, -8)
163 v9 += v14
164 v4 ^= v9
165 v4 = bits.RotateLeft32(v4, -7)
166 }
167
168 h[0] ^= v0 ^ v8
169 h[1] ^= v1 ^ v9
170 h[2] ^= v2 ^ v10
171 h[3] ^= v3 ^ v11
172 h[4] ^= v4 ^ v12
173 h[5] ^= v5 ^ v13
174 h[6] ^= v6 ^ v14
175 h[7] ^= v7 ^ v15
176 }
177 c[0], c[1] = c0, c1
178 }
179