459 lines
20 KiB
JavaScript
459 lines
20 KiB
JavaScript
"use strict";
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.blake512 = exports.blake384 = exports.blake256 = exports.blake224 = exports.BLAKE512 = exports.BLAKE384 = exports.BLAKE256 = exports.BLAKE224 = void 0;
|
|
/**
|
|
* Blake1 legacy hash function, one of SHA3 proposals.
|
|
* Rarely used. Check out blake2 or blake3 instead.
|
|
* https://www.aumasson.jp/blake/blake.pdf
|
|
*
|
|
* In the best case, there are 0 allocations.
|
|
*
|
|
* Differences from blake2:
|
|
*
|
|
* - BE instead of LE
|
|
* - Paddings, similar to MD5, RIPEMD, SHA1, SHA2, but:
|
|
* - length flag is located before actual length
|
|
* - padding block is compressed differently (no lengths)
|
|
* Instead of msg[sigma[k]], we have `msg[sigma[k]] ^ constants[sigma[k-1]]`
|
|
* (-1 for g1, g2 without -1)
|
|
* - Salt is XOR-ed into constants instead of state
|
|
* - Salt is XOR-ed with output in `compress`
|
|
* - Additional rows (+64 bytes) in SIGMA for new rounds
|
|
* - Different round count:
|
|
* - 14 / 10 rounds in blake256 / blake2s
|
|
* - 16 / 12 rounds in blake512 / blake2b
|
|
* - blake512: G1b: rotr 24 -> 25, G2b: rotr 63 -> 11
|
|
* @module
|
|
*/
|
|
const _blake_ts_1 = require("./_blake.js");
|
|
const _md_ts_1 = require("./_md.js");
|
|
const u64 = require("./_u64.js");
|
|
// prettier-ignore
|
|
const utils_ts_1 = require("./utils.js");
|
|
// Empty zero-filled salt
|
|
const EMPTY_SALT = /* @__PURE__ */ new Uint32Array(8);
|
|
class BLAKE1 extends utils_ts_1.Hash {
|
|
constructor(blockLen, outputLen, lengthFlag, counterLen, saltLen, constants, opts = {}) {
|
|
super();
|
|
this.finished = false;
|
|
this.length = 0;
|
|
this.pos = 0;
|
|
this.destroyed = false;
|
|
const { salt } = opts;
|
|
this.blockLen = blockLen;
|
|
this.outputLen = outputLen;
|
|
this.lengthFlag = lengthFlag;
|
|
this.counterLen = counterLen;
|
|
this.buffer = new Uint8Array(blockLen);
|
|
this.view = (0, utils_ts_1.createView)(this.buffer);
|
|
if (salt) {
|
|
let slt = salt;
|
|
slt = (0, utils_ts_1.toBytes)(slt);
|
|
(0, utils_ts_1.abytes)(slt);
|
|
if (slt.length !== 4 * saltLen)
|
|
throw new Error('wrong salt length');
|
|
const salt32 = (this.salt = new Uint32Array(saltLen));
|
|
const sv = (0, utils_ts_1.createView)(slt);
|
|
this.constants = constants.slice();
|
|
for (let i = 0, offset = 0; i < salt32.length; i++, offset += 4) {
|
|
salt32[i] = sv.getUint32(offset, false);
|
|
this.constants[i] ^= salt32[i];
|
|
}
|
|
}
|
|
else {
|
|
this.salt = EMPTY_SALT;
|
|
this.constants = constants;
|
|
}
|
|
}
|
|
update(data) {
|
|
(0, utils_ts_1.aexists)(this);
|
|
data = (0, utils_ts_1.toBytes)(data);
|
|
(0, utils_ts_1.abytes)(data);
|
|
// From _md, but update length before each compress
|
|
const { view, buffer, blockLen } = this;
|
|
const len = data.length;
|
|
let dataView;
|
|
for (let pos = 0; pos < len;) {
|
|
const take = Math.min(blockLen - this.pos, len - pos);
|
|
// Fast path: we have at least one block in input, cast it to view and process
|
|
if (take === blockLen) {
|
|
if (!dataView)
|
|
dataView = (0, utils_ts_1.createView)(data);
|
|
for (; blockLen <= len - pos; pos += blockLen) {
|
|
this.length += blockLen;
|
|
this.compress(dataView, pos);
|
|
}
|
|
continue;
|
|
}
|
|
buffer.set(data.subarray(pos, pos + take), this.pos);
|
|
this.pos += take;
|
|
pos += take;
|
|
if (this.pos === blockLen) {
|
|
this.length += blockLen;
|
|
this.compress(view, 0, true);
|
|
this.pos = 0;
|
|
}
|
|
}
|
|
return this;
|
|
}
|
|
destroy() {
|
|
this.destroyed = true;
|
|
if (this.salt !== EMPTY_SALT) {
|
|
(0, utils_ts_1.clean)(this.salt, this.constants);
|
|
}
|
|
}
|
|
_cloneInto(to) {
|
|
to || (to = new this.constructor());
|
|
to.set(...this.get());
|
|
const { buffer, length, finished, destroyed, constants, salt, pos } = this;
|
|
to.buffer.set(buffer);
|
|
to.constants = constants.slice();
|
|
to.destroyed = destroyed;
|
|
to.finished = finished;
|
|
to.length = length;
|
|
to.pos = pos;
|
|
to.salt = salt.slice();
|
|
return to;
|
|
}
|
|
clone() {
|
|
return this._cloneInto();
|
|
}
|
|
digestInto(out) {
|
|
(0, utils_ts_1.aexists)(this);
|
|
(0, utils_ts_1.aoutput)(out, this);
|
|
this.finished = true;
|
|
// Padding
|
|
const { buffer, blockLen, counterLen, lengthFlag, view } = this;
|
|
(0, utils_ts_1.clean)(buffer.subarray(this.pos)); // clean buf
|
|
const counter = BigInt((this.length + this.pos) * 8);
|
|
const counterPos = blockLen - counterLen - 1;
|
|
buffer[this.pos] |= 128; // End block flag
|
|
this.length += this.pos; // add unwritten length
|
|
// Not enough in buffer for length: write what we have.
|
|
if (this.pos > counterPos) {
|
|
this.compress(view, 0);
|
|
(0, utils_ts_1.clean)(buffer);
|
|
this.pos = 0;
|
|
}
|
|
// Difference with md: here we have lengthFlag!
|
|
buffer[counterPos] |= lengthFlag; // Length flag
|
|
// We always set 8 byte length flag. Because length will overflow significantly sooner.
|
|
(0, _md_ts_1.setBigUint64)(view, blockLen - 8, counter, false);
|
|
this.compress(view, 0, this.pos !== 0); // don't add length if length is not empty block?
|
|
// Write output
|
|
(0, utils_ts_1.clean)(buffer);
|
|
const v = (0, utils_ts_1.createView)(out);
|
|
const state = this.get();
|
|
for (let i = 0; i < this.outputLen / 4; ++i)
|
|
v.setUint32(i * 4, state[i]);
|
|
}
|
|
digest() {
|
|
const { buffer, outputLen } = this;
|
|
this.digestInto(buffer);
|
|
const res = buffer.slice(0, outputLen);
|
|
this.destroy();
|
|
return res;
|
|
}
|
|
}
|
|
// Constants
|
|
const B64C = /* @__PURE__ */ Uint32Array.from([
|
|
0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89,
|
|
0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917,
|
|
0x9216d5d9, 0x8979fb1b, 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96,
|
|
0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, 0x636920d8, 0x71574e69,
|
|
]);
|
|
// first half of C512
|
|
const B32C = B64C.slice(0, 16);
|
|
const B256_IV = _md_ts_1.SHA256_IV.slice();
|
|
const B224_IV = _md_ts_1.SHA224_IV.slice();
|
|
const B384_IV = _md_ts_1.SHA384_IV.slice();
|
|
const B512_IV = _md_ts_1.SHA512_IV.slice();
|
|
function generateTBL256() {
|
|
const TBL = [];
|
|
for (let i = 0, j = 0; i < 14; i++, j += 16) {
|
|
for (let offset = 1; offset < 16; offset += 2) {
|
|
TBL.push(B32C[_blake_ts_1.BSIGMA[j + offset]]);
|
|
TBL.push(B32C[_blake_ts_1.BSIGMA[j + offset - 1]]);
|
|
}
|
|
}
|
|
return new Uint32Array(TBL);
|
|
}
|
|
const TBL256 = /* @__PURE__ */ generateTBL256(); // C256[SIGMA[X]] precompute
|
|
// Reusable temporary buffer
|
|
const BLAKE256_W = /* @__PURE__ */ new Uint32Array(16);
|
|
class Blake1_32 extends BLAKE1 {
|
|
constructor(outputLen, IV, lengthFlag, opts = {}) {
|
|
super(64, outputLen, lengthFlag, 8, 4, B32C, opts);
|
|
this.v0 = IV[0] | 0;
|
|
this.v1 = IV[1] | 0;
|
|
this.v2 = IV[2] | 0;
|
|
this.v3 = IV[3] | 0;
|
|
this.v4 = IV[4] | 0;
|
|
this.v5 = IV[5] | 0;
|
|
this.v6 = IV[6] | 0;
|
|
this.v7 = IV[7] | 0;
|
|
}
|
|
get() {
|
|
const { v0, v1, v2, v3, v4, v5, v6, v7 } = this;
|
|
return [v0, v1, v2, v3, v4, v5, v6, v7];
|
|
}
|
|
// prettier-ignore
|
|
set(v0, v1, v2, v3, v4, v5, v6, v7) {
|
|
this.v0 = v0 | 0;
|
|
this.v1 = v1 | 0;
|
|
this.v2 = v2 | 0;
|
|
this.v3 = v3 | 0;
|
|
this.v4 = v4 | 0;
|
|
this.v5 = v5 | 0;
|
|
this.v6 = v6 | 0;
|
|
this.v7 = v7 | 0;
|
|
}
|
|
destroy() {
|
|
super.destroy();
|
|
this.set(0, 0, 0, 0, 0, 0, 0, 0);
|
|
}
|
|
compress(view, offset, withLength = true) {
|
|
for (let i = 0; i < 16; i++, offset += 4)
|
|
BLAKE256_W[i] = view.getUint32(offset, false);
|
|
// NOTE: we cannot re-use compress from blake2s, since there is additional xor over u256[SIGMA[e]]
|
|
let v00 = this.v0 | 0;
|
|
let v01 = this.v1 | 0;
|
|
let v02 = this.v2 | 0;
|
|
let v03 = this.v3 | 0;
|
|
let v04 = this.v4 | 0;
|
|
let v05 = this.v5 | 0;
|
|
let v06 = this.v6 | 0;
|
|
let v07 = this.v7 | 0;
|
|
let v08 = this.constants[0] | 0;
|
|
let v09 = this.constants[1] | 0;
|
|
let v10 = this.constants[2] | 0;
|
|
let v11 = this.constants[3] | 0;
|
|
const { h, l } = u64.fromBig(BigInt(withLength ? this.length * 8 : 0));
|
|
let v12 = (this.constants[4] ^ l) >>> 0;
|
|
let v13 = (this.constants[5] ^ l) >>> 0;
|
|
let v14 = (this.constants[6] ^ h) >>> 0;
|
|
let v15 = (this.constants[7] ^ h) >>> 0;
|
|
// prettier-ignore
|
|
for (let i = 0, k = 0, j = 0; i < 14; i++) {
|
|
({ a: v00, b: v04, c: v08, d: v12 } = (0, _blake_ts_1.G1s)(v00, v04, v08, v12, BLAKE256_W[_blake_ts_1.BSIGMA[k++]] ^ TBL256[j++]));
|
|
({ a: v00, b: v04, c: v08, d: v12 } = (0, _blake_ts_1.G2s)(v00, v04, v08, v12, BLAKE256_W[_blake_ts_1.BSIGMA[k++]] ^ TBL256[j++]));
|
|
({ a: v01, b: v05, c: v09, d: v13 } = (0, _blake_ts_1.G1s)(v01, v05, v09, v13, BLAKE256_W[_blake_ts_1.BSIGMA[k++]] ^ TBL256[j++]));
|
|
({ a: v01, b: v05, c: v09, d: v13 } = (0, _blake_ts_1.G2s)(v01, v05, v09, v13, BLAKE256_W[_blake_ts_1.BSIGMA[k++]] ^ TBL256[j++]));
|
|
({ a: v02, b: v06, c: v10, d: v14 } = (0, _blake_ts_1.G1s)(v02, v06, v10, v14, BLAKE256_W[_blake_ts_1.BSIGMA[k++]] ^ TBL256[j++]));
|
|
({ a: v02, b: v06, c: v10, d: v14 } = (0, _blake_ts_1.G2s)(v02, v06, v10, v14, BLAKE256_W[_blake_ts_1.BSIGMA[k++]] ^ TBL256[j++]));
|
|
({ a: v03, b: v07, c: v11, d: v15 } = (0, _blake_ts_1.G1s)(v03, v07, v11, v15, BLAKE256_W[_blake_ts_1.BSIGMA[k++]] ^ TBL256[j++]));
|
|
({ a: v03, b: v07, c: v11, d: v15 } = (0, _blake_ts_1.G2s)(v03, v07, v11, v15, BLAKE256_W[_blake_ts_1.BSIGMA[k++]] ^ TBL256[j++]));
|
|
({ a: v00, b: v05, c: v10, d: v15 } = (0, _blake_ts_1.G1s)(v00, v05, v10, v15, BLAKE256_W[_blake_ts_1.BSIGMA[k++]] ^ TBL256[j++]));
|
|
({ a: v00, b: v05, c: v10, d: v15 } = (0, _blake_ts_1.G2s)(v00, v05, v10, v15, BLAKE256_W[_blake_ts_1.BSIGMA[k++]] ^ TBL256[j++]));
|
|
({ a: v01, b: v06, c: v11, d: v12 } = (0, _blake_ts_1.G1s)(v01, v06, v11, v12, BLAKE256_W[_blake_ts_1.BSIGMA[k++]] ^ TBL256[j++]));
|
|
({ a: v01, b: v06, c: v11, d: v12 } = (0, _blake_ts_1.G2s)(v01, v06, v11, v12, BLAKE256_W[_blake_ts_1.BSIGMA[k++]] ^ TBL256[j++]));
|
|
({ a: v02, b: v07, c: v08, d: v13 } = (0, _blake_ts_1.G1s)(v02, v07, v08, v13, BLAKE256_W[_blake_ts_1.BSIGMA[k++]] ^ TBL256[j++]));
|
|
({ a: v02, b: v07, c: v08, d: v13 } = (0, _blake_ts_1.G2s)(v02, v07, v08, v13, BLAKE256_W[_blake_ts_1.BSIGMA[k++]] ^ TBL256[j++]));
|
|
({ a: v03, b: v04, c: v09, d: v14 } = (0, _blake_ts_1.G1s)(v03, v04, v09, v14, BLAKE256_W[_blake_ts_1.BSIGMA[k++]] ^ TBL256[j++]));
|
|
({ a: v03, b: v04, c: v09, d: v14 } = (0, _blake_ts_1.G2s)(v03, v04, v09, v14, BLAKE256_W[_blake_ts_1.BSIGMA[k++]] ^ TBL256[j++]));
|
|
}
|
|
this.v0 = (this.v0 ^ v00 ^ v08 ^ this.salt[0]) >>> 0;
|
|
this.v1 = (this.v1 ^ v01 ^ v09 ^ this.salt[1]) >>> 0;
|
|
this.v2 = (this.v2 ^ v02 ^ v10 ^ this.salt[2]) >>> 0;
|
|
this.v3 = (this.v3 ^ v03 ^ v11 ^ this.salt[3]) >>> 0;
|
|
this.v4 = (this.v4 ^ v04 ^ v12 ^ this.salt[0]) >>> 0;
|
|
this.v5 = (this.v5 ^ v05 ^ v13 ^ this.salt[1]) >>> 0;
|
|
this.v6 = (this.v6 ^ v06 ^ v14 ^ this.salt[2]) >>> 0;
|
|
this.v7 = (this.v7 ^ v07 ^ v15 ^ this.salt[3]) >>> 0;
|
|
(0, utils_ts_1.clean)(BLAKE256_W);
|
|
}
|
|
}
|
|
const BBUF = /* @__PURE__ */ new Uint32Array(32);
|
|
const BLAKE512_W = /* @__PURE__ */ new Uint32Array(32);
|
|
function generateTBL512() {
|
|
const TBL = [];
|
|
for (let r = 0, k = 0; r < 16; r++, k += 16) {
|
|
for (let offset = 1; offset < 16; offset += 2) {
|
|
TBL.push(B64C[_blake_ts_1.BSIGMA[k + offset] * 2 + 0]);
|
|
TBL.push(B64C[_blake_ts_1.BSIGMA[k + offset] * 2 + 1]);
|
|
TBL.push(B64C[_blake_ts_1.BSIGMA[k + offset - 1] * 2 + 0]);
|
|
TBL.push(B64C[_blake_ts_1.BSIGMA[k + offset - 1] * 2 + 1]);
|
|
}
|
|
}
|
|
return new Uint32Array(TBL);
|
|
}
|
|
const TBL512 = /* @__PURE__ */ generateTBL512(); // C512[SIGMA[X]] precompute
|
|
// Mixing function G splitted in two halfs
|
|
function G1b(a, b, c, d, msg, k) {
|
|
const Xpos = 2 * _blake_ts_1.BSIGMA[k];
|
|
const Xl = msg[Xpos + 1] ^ TBL512[k * 2 + 1], Xh = msg[Xpos] ^ TBL512[k * 2]; // prettier-ignore
|
|
let Al = BBUF[2 * a + 1], Ah = BBUF[2 * a]; // prettier-ignore
|
|
let Bl = BBUF[2 * b + 1], Bh = BBUF[2 * b]; // prettier-ignore
|
|
let Cl = BBUF[2 * c + 1], Ch = BBUF[2 * c]; // prettier-ignore
|
|
let Dl = BBUF[2 * d + 1], Dh = BBUF[2 * d]; // prettier-ignore
|
|
// v[a] = (v[a] + v[b] + x) | 0;
|
|
let ll = u64.add3L(Al, Bl, Xl);
|
|
Ah = u64.add3H(ll, Ah, Bh, Xh) >>> 0;
|
|
Al = (ll | 0) >>> 0;
|
|
// v[d] = rotr(v[d] ^ v[a], 32)
|
|
({ Dh, Dl } = { Dh: Dh ^ Ah, Dl: Dl ^ Al });
|
|
({ Dh, Dl } = { Dh: u64.rotr32H(Dh, Dl), Dl: u64.rotr32L(Dh, Dl) });
|
|
// v[c] = (v[c] + v[d]) | 0;
|
|
({ h: Ch, l: Cl } = u64.add(Ch, Cl, Dh, Dl));
|
|
// v[b] = rotr(v[b] ^ v[c], 25)
|
|
({ Bh, Bl } = { Bh: Bh ^ Ch, Bl: Bl ^ Cl });
|
|
({ Bh, Bl } = { Bh: u64.rotrSH(Bh, Bl, 25), Bl: u64.rotrSL(Bh, Bl, 25) });
|
|
(BBUF[2 * a + 1] = Al), (BBUF[2 * a] = Ah);
|
|
(BBUF[2 * b + 1] = Bl), (BBUF[2 * b] = Bh);
|
|
(BBUF[2 * c + 1] = Cl), (BBUF[2 * c] = Ch);
|
|
(BBUF[2 * d + 1] = Dl), (BBUF[2 * d] = Dh);
|
|
}
|
|
function G2b(a, b, c, d, msg, k) {
|
|
const Xpos = 2 * _blake_ts_1.BSIGMA[k];
|
|
const Xl = msg[Xpos + 1] ^ TBL512[k * 2 + 1], Xh = msg[Xpos] ^ TBL512[k * 2]; // prettier-ignore
|
|
let Al = BBUF[2 * a + 1], Ah = BBUF[2 * a]; // prettier-ignore
|
|
let Bl = BBUF[2 * b + 1], Bh = BBUF[2 * b]; // prettier-ignore
|
|
let Cl = BBUF[2 * c + 1], Ch = BBUF[2 * c]; // prettier-ignore
|
|
let Dl = BBUF[2 * d + 1], Dh = BBUF[2 * d]; // prettier-ignore
|
|
// v[a] = (v[a] + v[b] + x) | 0;
|
|
let ll = u64.add3L(Al, Bl, Xl);
|
|
Ah = u64.add3H(ll, Ah, Bh, Xh);
|
|
Al = ll | 0;
|
|
// v[d] = rotr(v[d] ^ v[a], 16)
|
|
({ Dh, Dl } = { Dh: Dh ^ Ah, Dl: Dl ^ Al });
|
|
({ Dh, Dl } = { Dh: u64.rotrSH(Dh, Dl, 16), Dl: u64.rotrSL(Dh, Dl, 16) });
|
|
// v[c] = (v[c] + v[d]) | 0;
|
|
({ h: Ch, l: Cl } = u64.add(Ch, Cl, Dh, Dl));
|
|
// v[b] = rotr(v[b] ^ v[c], 11)
|
|
({ Bh, Bl } = { Bh: Bh ^ Ch, Bl: Bl ^ Cl });
|
|
({ Bh, Bl } = { Bh: u64.rotrSH(Bh, Bl, 11), Bl: u64.rotrSL(Bh, Bl, 11) });
|
|
(BBUF[2 * a + 1] = Al), (BBUF[2 * a] = Ah);
|
|
(BBUF[2 * b + 1] = Bl), (BBUF[2 * b] = Bh);
|
|
(BBUF[2 * c + 1] = Cl), (BBUF[2 * c] = Ch);
|
|
(BBUF[2 * d + 1] = Dl), (BBUF[2 * d] = Dh);
|
|
}
|
|
class Blake1_64 extends BLAKE1 {
|
|
constructor(outputLen, IV, lengthFlag, opts = {}) {
|
|
super(128, outputLen, lengthFlag, 16, 8, B64C, opts);
|
|
this.v0l = IV[0] | 0;
|
|
this.v0h = IV[1] | 0;
|
|
this.v1l = IV[2] | 0;
|
|
this.v1h = IV[3] | 0;
|
|
this.v2l = IV[4] | 0;
|
|
this.v2h = IV[5] | 0;
|
|
this.v3l = IV[6] | 0;
|
|
this.v3h = IV[7] | 0;
|
|
this.v4l = IV[8] | 0;
|
|
this.v4h = IV[9] | 0;
|
|
this.v5l = IV[10] | 0;
|
|
this.v5h = IV[11] | 0;
|
|
this.v6l = IV[12] | 0;
|
|
this.v6h = IV[13] | 0;
|
|
this.v7l = IV[14] | 0;
|
|
this.v7h = IV[15] | 0;
|
|
}
|
|
// prettier-ignore
|
|
get() {
|
|
let { v0l, v0h, v1l, v1h, v2l, v2h, v3l, v3h, v4l, v4h, v5l, v5h, v6l, v6h, v7l, v7h } = this;
|
|
return [v0l, v0h, v1l, v1h, v2l, v2h, v3l, v3h, v4l, v4h, v5l, v5h, v6l, v6h, v7l, v7h];
|
|
}
|
|
// prettier-ignore
|
|
set(v0l, v0h, v1l, v1h, v2l, v2h, v3l, v3h, v4l, v4h, v5l, v5h, v6l, v6h, v7l, v7h) {
|
|
this.v0l = v0l | 0;
|
|
this.v0h = v0h | 0;
|
|
this.v1l = v1l | 0;
|
|
this.v1h = v1h | 0;
|
|
this.v2l = v2l | 0;
|
|
this.v2h = v2h | 0;
|
|
this.v3l = v3l | 0;
|
|
this.v3h = v3h | 0;
|
|
this.v4l = v4l | 0;
|
|
this.v4h = v4h | 0;
|
|
this.v5l = v5l | 0;
|
|
this.v5h = v5h | 0;
|
|
this.v6l = v6l | 0;
|
|
this.v6h = v6h | 0;
|
|
this.v7l = v7l | 0;
|
|
this.v7h = v7h | 0;
|
|
}
|
|
destroy() {
|
|
super.destroy();
|
|
this.set(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
|
|
}
|
|
compress(view, offset, withLength = true) {
|
|
for (let i = 0; i < 32; i++, offset += 4)
|
|
BLAKE512_W[i] = view.getUint32(offset, false);
|
|
this.get().forEach((v, i) => (BBUF[i] = v)); // First half from state.
|
|
BBUF.set(this.constants.subarray(0, 16), 16);
|
|
if (withLength) {
|
|
const { h, l } = u64.fromBig(BigInt(this.length * 8));
|
|
BBUF[24] = (BBUF[24] ^ h) >>> 0;
|
|
BBUF[25] = (BBUF[25] ^ l) >>> 0;
|
|
BBUF[26] = (BBUF[26] ^ h) >>> 0;
|
|
BBUF[27] = (BBUF[27] ^ l) >>> 0;
|
|
}
|
|
for (let i = 0, k = 0; i < 16; i++) {
|
|
G1b(0, 4, 8, 12, BLAKE512_W, k++);
|
|
G2b(0, 4, 8, 12, BLAKE512_W, k++);
|
|
G1b(1, 5, 9, 13, BLAKE512_W, k++);
|
|
G2b(1, 5, 9, 13, BLAKE512_W, k++);
|
|
G1b(2, 6, 10, 14, BLAKE512_W, k++);
|
|
G2b(2, 6, 10, 14, BLAKE512_W, k++);
|
|
G1b(3, 7, 11, 15, BLAKE512_W, k++);
|
|
G2b(3, 7, 11, 15, BLAKE512_W, k++);
|
|
G1b(0, 5, 10, 15, BLAKE512_W, k++);
|
|
G2b(0, 5, 10, 15, BLAKE512_W, k++);
|
|
G1b(1, 6, 11, 12, BLAKE512_W, k++);
|
|
G2b(1, 6, 11, 12, BLAKE512_W, k++);
|
|
G1b(2, 7, 8, 13, BLAKE512_W, k++);
|
|
G2b(2, 7, 8, 13, BLAKE512_W, k++);
|
|
G1b(3, 4, 9, 14, BLAKE512_W, k++);
|
|
G2b(3, 4, 9, 14, BLAKE512_W, k++);
|
|
}
|
|
this.v0l ^= BBUF[0] ^ BBUF[16] ^ this.salt[0];
|
|
this.v0h ^= BBUF[1] ^ BBUF[17] ^ this.salt[1];
|
|
this.v1l ^= BBUF[2] ^ BBUF[18] ^ this.salt[2];
|
|
this.v1h ^= BBUF[3] ^ BBUF[19] ^ this.salt[3];
|
|
this.v2l ^= BBUF[4] ^ BBUF[20] ^ this.salt[4];
|
|
this.v2h ^= BBUF[5] ^ BBUF[21] ^ this.salt[5];
|
|
this.v3l ^= BBUF[6] ^ BBUF[22] ^ this.salt[6];
|
|
this.v3h ^= BBUF[7] ^ BBUF[23] ^ this.salt[7];
|
|
this.v4l ^= BBUF[8] ^ BBUF[24] ^ this.salt[0];
|
|
this.v4h ^= BBUF[9] ^ BBUF[25] ^ this.salt[1];
|
|
this.v5l ^= BBUF[10] ^ BBUF[26] ^ this.salt[2];
|
|
this.v5h ^= BBUF[11] ^ BBUF[27] ^ this.salt[3];
|
|
this.v6l ^= BBUF[12] ^ BBUF[28] ^ this.salt[4];
|
|
this.v6h ^= BBUF[13] ^ BBUF[29] ^ this.salt[5];
|
|
this.v7l ^= BBUF[14] ^ BBUF[30] ^ this.salt[6];
|
|
this.v7h ^= BBUF[15] ^ BBUF[31] ^ this.salt[7];
|
|
(0, utils_ts_1.clean)(BBUF, BLAKE512_W);
|
|
}
|
|
}
|
|
class BLAKE224 extends Blake1_32 {
|
|
constructor(opts = {}) {
|
|
super(28, B224_IV, 0, opts);
|
|
}
|
|
}
|
|
exports.BLAKE224 = BLAKE224;
|
|
class BLAKE256 extends Blake1_32 {
|
|
constructor(opts = {}) {
|
|
super(32, B256_IV, 1, opts);
|
|
}
|
|
}
|
|
exports.BLAKE256 = BLAKE256;
|
|
class BLAKE384 extends Blake1_64 {
|
|
constructor(opts = {}) {
|
|
super(48, B384_IV, 0, opts);
|
|
}
|
|
}
|
|
exports.BLAKE384 = BLAKE384;
|
|
class BLAKE512 extends Blake1_64 {
|
|
constructor(opts = {}) {
|
|
super(64, B512_IV, 1, opts);
|
|
}
|
|
}
|
|
exports.BLAKE512 = BLAKE512;
|
|
/** blake1-224 hash function */
|
|
exports.blake224 = (0, utils_ts_1.createOptHasher)((opts) => new BLAKE224(opts));
|
|
/** blake1-256 hash function */
|
|
exports.blake256 = (0, utils_ts_1.createOptHasher)((opts) => new BLAKE256(opts));
|
|
/** blake1-384 hash function */
|
|
exports.blake384 = (0, utils_ts_1.createOptHasher)((opts) => new BLAKE384(opts));
|
|
/** blake1-512 hash function */
|
|
exports.blake512 = (0, utils_ts_1.createOptHasher)((opts) => new BLAKE512(opts));
|
|
//# sourceMappingURL=blake1.js.map
|