main
1// Copyright 2016 The Go Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style
3// license that can be found in the LICENSE file.
4
5package blake2b
6
7import (
8 "encoding/binary"
9 "math/bits"
10)
11
12// the precomputed values for BLAKE2b
13// there are 12 16-byte arrays - one for each round
14// the entries are calculated from the sigma constants.
15var precomputed = [12][16]byte{
16 {0, 2, 4, 6, 1, 3, 5, 7, 8, 10, 12, 14, 9, 11, 13, 15},
17 {14, 4, 9, 13, 10, 8, 15, 6, 1, 0, 11, 5, 12, 2, 7, 3},
18 {11, 12, 5, 15, 8, 0, 2, 13, 10, 3, 7, 9, 14, 6, 1, 4},
19 {7, 3, 13, 11, 9, 1, 12, 14, 2, 5, 4, 15, 6, 10, 0, 8},
20 {9, 5, 2, 10, 0, 7, 4, 15, 14, 11, 6, 3, 1, 12, 8, 13},
21 {2, 6, 0, 8, 12, 10, 11, 3, 4, 7, 15, 1, 13, 5, 14, 9},
22 {12, 1, 14, 4, 5, 15, 13, 10, 0, 6, 9, 8, 7, 3, 2, 11},
23 {13, 7, 12, 3, 11, 14, 1, 9, 5, 15, 8, 2, 0, 4, 6, 10},
24 {6, 14, 11, 0, 15, 9, 3, 8, 12, 13, 1, 10, 2, 7, 4, 5},
25 {10, 8, 7, 1, 2, 4, 6, 5, 15, 9, 3, 13, 11, 14, 12, 0},
26 {0, 2, 4, 6, 1, 3, 5, 7, 8, 10, 12, 14, 9, 11, 13, 15}, // equal to the first
27 {14, 4, 9, 13, 10, 8, 15, 6, 1, 0, 11, 5, 12, 2, 7, 3}, // equal to the second
28}
29
30func hashBlocksGeneric(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) {
31 var m [16]uint64
32 c0, c1 := c[0], c[1]
33
34 for i := 0; i < len(blocks); {
35 c0 += BlockSize
36 if c0 < BlockSize {
37 c1++
38 }
39
40 v0, v1, v2, v3, v4, v5, v6, v7 := h[0], h[1], h[2], h[3], h[4], h[5], h[6], h[7]
41 v8, v9, v10, v11, v12, v13, v14, v15 := iv[0], iv[1], iv[2], iv[3], iv[4], iv[5], iv[6], iv[7]
42 v12 ^= c0
43 v13 ^= c1
44 v14 ^= flag
45
46 for j := range m {
47 m[j] = binary.LittleEndian.Uint64(blocks[i:])
48 i += 8
49 }
50
51 for j := range precomputed {
52 s := &(precomputed[j])
53
54 v0 += m[s[0]]
55 v0 += v4
56 v12 ^= v0
57 v12 = bits.RotateLeft64(v12, -32)
58 v8 += v12
59 v4 ^= v8
60 v4 = bits.RotateLeft64(v4, -24)
61 v1 += m[s[1]]
62 v1 += v5
63 v13 ^= v1
64 v13 = bits.RotateLeft64(v13, -32)
65 v9 += v13
66 v5 ^= v9
67 v5 = bits.RotateLeft64(v5, -24)
68 v2 += m[s[2]]
69 v2 += v6
70 v14 ^= v2
71 v14 = bits.RotateLeft64(v14, -32)
72 v10 += v14
73 v6 ^= v10
74 v6 = bits.RotateLeft64(v6, -24)
75 v3 += m[s[3]]
76 v3 += v7
77 v15 ^= v3
78 v15 = bits.RotateLeft64(v15, -32)
79 v11 += v15
80 v7 ^= v11
81 v7 = bits.RotateLeft64(v7, -24)
82
83 v0 += m[s[4]]
84 v0 += v4
85 v12 ^= v0
86 v12 = bits.RotateLeft64(v12, -16)
87 v8 += v12
88 v4 ^= v8
89 v4 = bits.RotateLeft64(v4, -63)
90 v1 += m[s[5]]
91 v1 += v5
92 v13 ^= v1
93 v13 = bits.RotateLeft64(v13, -16)
94 v9 += v13
95 v5 ^= v9
96 v5 = bits.RotateLeft64(v5, -63)
97 v2 += m[s[6]]
98 v2 += v6
99 v14 ^= v2
100 v14 = bits.RotateLeft64(v14, -16)
101 v10 += v14
102 v6 ^= v10
103 v6 = bits.RotateLeft64(v6, -63)
104 v3 += m[s[7]]
105 v3 += v7
106 v15 ^= v3
107 v15 = bits.RotateLeft64(v15, -16)
108 v11 += v15
109 v7 ^= v11
110 v7 = bits.RotateLeft64(v7, -63)
111
112 v0 += m[s[8]]
113 v0 += v5
114 v15 ^= v0
115 v15 = bits.RotateLeft64(v15, -32)
116 v10 += v15
117 v5 ^= v10
118 v5 = bits.RotateLeft64(v5, -24)
119 v1 += m[s[9]]
120 v1 += v6
121 v12 ^= v1
122 v12 = bits.RotateLeft64(v12, -32)
123 v11 += v12
124 v6 ^= v11
125 v6 = bits.RotateLeft64(v6, -24)
126 v2 += m[s[10]]
127 v2 += v7
128 v13 ^= v2
129 v13 = bits.RotateLeft64(v13, -32)
130 v8 += v13
131 v7 ^= v8
132 v7 = bits.RotateLeft64(v7, -24)
133 v3 += m[s[11]]
134 v3 += v4
135 v14 ^= v3
136 v14 = bits.RotateLeft64(v14, -32)
137 v9 += v14
138 v4 ^= v9
139 v4 = bits.RotateLeft64(v4, -24)
140
141 v0 += m[s[12]]
142 v0 += v5
143 v15 ^= v0
144 v15 = bits.RotateLeft64(v15, -16)
145 v10 += v15
146 v5 ^= v10
147 v5 = bits.RotateLeft64(v5, -63)
148 v1 += m[s[13]]
149 v1 += v6
150 v12 ^= v1
151 v12 = bits.RotateLeft64(v12, -16)
152 v11 += v12
153 v6 ^= v11
154 v6 = bits.RotateLeft64(v6, -63)
155 v2 += m[s[14]]
156 v2 += v7
157 v13 ^= v2
158 v13 = bits.RotateLeft64(v13, -16)
159 v8 += v13
160 v7 ^= v8
161 v7 = bits.RotateLeft64(v7, -63)
162 v3 += m[s[15]]
163 v3 += v4
164 v14 ^= v3
165 v14 = bits.RotateLeft64(v14, -16)
166 v9 += v14
167 v4 ^= v9
168 v4 = bits.RotateLeft64(v4, -63)
169
170 }
171
172 h[0] ^= v0 ^ v8
173 h[1] ^= v1 ^ v9
174 h[2] ^= v2 ^ v10
175 h[3] ^= v3 ^ v11
176 h[4] ^= v4 ^ v12
177 h[5] ^= v5 ^ v13
178 h[6] ^= v6 ^ v14
179 h[7] ^= v7 ^ v15
180 }
181 c[0], c[1] = c0, c1
182}