1 // Copyright 2016 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
5 // Package blake2b implements the BLAKE2b hash algorithm defined by RFC 7693
6 // and the extendable output function (XOF) BLAKE2Xb.
8 // For a detailed specification of BLAKE2b see https://blake2.net/blake2.pdf
9 // and for BLAKE2Xb see https://blake2.net/blake2x.pdf
11 // If you aren't sure which function you need, use BLAKE2b (Sum512 or New512).
12 // If you need a secret-key MAC (message authentication code), use the New512
13 // function with a non-nil key.
15 // BLAKE2X is a construction to compute hash values larger than 64 bytes. It
16 // can produce hash values between 0 and 4 GiB.
26 // The blocksize of BLAKE2b in bytes.
28 // The hash size of BLAKE2b-512 in bytes.
30 // The hash size of BLAKE2b-384 in bytes.
32 // The hash size of BLAKE2b-256 in bytes.
42 var errKeySize = errors.New("blake2b: invalid key size")
45 0x6a09e667f3bcc908, 0xbb67ae8584caa73b, 0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1,
46 0x510e527fade682d1, 0x9b05688c2b3e6c1f, 0x1f83d9abfb41bd6b, 0x5be0cd19137e2179,
49 // Sum512 returns the BLAKE2b-512 checksum of the data.
50 func Sum512(data []byte) [Size]byte {
52 checkSum(&sum, Size, data)
56 // Sum384 returns the BLAKE2b-384 checksum of the data.
57 func Sum384(data []byte) [Size384]byte {
59 var sum384 [Size384]byte
60 checkSum(&sum, Size384, data)
61 copy(sum384[:], sum[:Size384])
65 // Sum256 returns the BLAKE2b-256 checksum of the data.
66 func Sum256(data []byte) [Size256]byte {
68 var sum256 [Size256]byte
69 checkSum(&sum, Size256, data)
70 copy(sum256[:], sum[:Size256])
74 // New512 returns a new hash.Hash computing the BLAKE2b-512 checksum. A non-nil
75 // key turns the hash into a MAC. The key must between zero and 64 bytes long.
76 func New512(key []byte) (hash.Hash, error) { return newDigest(Size, key) }
78 // New384 returns a new hash.Hash computing the BLAKE2b-384 checksum. A non-nil
79 // key turns the hash into a MAC. The key must between zero and 64 bytes long.
80 func New384(key []byte) (hash.Hash, error) { return newDigest(Size384, key) }
82 // New256 returns a new hash.Hash computing the BLAKE2b-256 checksum. A non-nil
83 // key turns the hash into a MAC. The key must between zero and 64 bytes long.
84 func New256(key []byte) (hash.Hash, error) { return newDigest(Size256, key) }
86 func newDigest(hashSize int, key []byte) (*digest, error) {
88 return nil, errKeySize
99 func checkSum(sum *[Size]byte, hashSize int, data []byte) {
101 h[0] ^= uint64(hashSize) | (1 << 16) | (1 << 24)
104 if length := len(data); length > BlockSize {
105 n := length &^ (BlockSize - 1)
109 hashBlocks(&h, &c, 0, data[:n])
113 var block [BlockSize]byte
114 offset := copy(block[:], data)
115 remaining := uint64(BlockSize - offset)
116 if c[0] < remaining {
121 hashBlocks(&h, &c, 0xFFFFFFFFFFFFFFFF, block[:])
123 for i, v := range h[:(hashSize+7)/8] {
124 binary.LittleEndian.PutUint64(sum[8*i:], v)
132 block [BlockSize]byte
139 func (d *digest) BlockSize() int { return BlockSize }
141 func (d *digest) Size() int { return d.size }
143 func (d *digest) Reset() {
145 d.h[0] ^= uint64(d.size) | (uint64(d.keyLen) << 8) | (1 << 16) | (1 << 24)
146 d.offset, d.c[0], d.c[1] = 0, 0, 0
153 func (d *digest) Write(p []byte) (n int, err error) {
157 remaining := BlockSize - d.offset
159 d.offset += copy(d.block[d.offset:], p)
162 copy(d.block[d.offset:], p[:remaining])
163 hashBlocks(&d.h, &d.c, 0, d.block[:])
168 if length := len(p); length > BlockSize {
169 nn := length &^ (BlockSize - 1)
173 hashBlocks(&d.h, &d.c, 0, p[:nn])
178 d.offset += copy(d.block[:], p)
184 func (d *digest) Sum(sum []byte) []byte {
187 return append(sum, hash[:d.size]...)
190 func (d *digest) finalize(hash *[Size]byte) {
191 var block [BlockSize]byte
192 copy(block[:], d.block[:d.offset])
193 remaining := uint64(BlockSize - d.offset)
196 if c[0] < remaining {
202 hashBlocks(&h, &c, 0xFFFFFFFFFFFFFFFF, block[:])
204 for i, v := range h {
205 binary.LittleEndian.PutUint64(hash[8*i:], v)