| // This file has been migrated. |
| |
| library impl.digest.blake2b; |
| |
| import 'dart:typed_data'; |
| |
| import 'package:pointycastle/api.dart'; |
| import 'package:pointycastle/src/impl/base_digest.dart'; |
| import 'package:pointycastle/src/registry/registry.dart'; |
| import 'package:pointycastle/src/ufixnum.dart'; |
| |
| class Blake2bDigest extends BaseDigest implements Digest { |
| static final FactoryConfig factoryConfig = |
| StaticFactoryConfig(Digest, 'Blake2b', () => Blake2bDigest()); |
| |
| static const _rounds = 12; |
| static const _blockSize = 128; |
| |
| int _digestLength = 64; |
| int _keyLength = 0; |
| Uint8List? _salt; |
| Uint8List? _personalization; |
| |
| Uint8List? _key; |
| |
| Uint8List? _buffer; |
| // Position of last inserted byte: |
| int _bufferPos = 0; // a value from 0 up to 128 |
| final _internalState = |
| Register64List(16); // In the Blake2b paper it is called: v |
| Register64List? |
| _chainValue; // state vector, in the Blake2b paper it is called: h |
| |
| final _t0 = |
| Register64(); // holds last significant bits, counter (counts bytes) |
| final _t1 = Register64(); // counter: Length up to 2^128 are supported |
| final _f0 = Register64(); // finalization flag, for last block: ~0L |
| |
| Blake2bDigest( |
| {int digestSize = 64, |
| Uint8List? key, |
| Uint8List? salt, |
| Uint8List? personalization}) { |
| _buffer = Uint8List(_blockSize); |
| |
| if (digestSize < 1 || digestSize > 64) { |
| throw ArgumentError('Invalid digest length (required: 1 - 64)'); |
| } |
| _digestLength = digestSize; |
| if (salt != null) { |
| if (salt.length != 16) { |
| throw ArgumentError('salt length must be exactly 16 bytes'); |
| } |
| _salt = Uint8List.fromList(salt); |
| } |
| if (personalization != null) { |
| if (personalization.length != 16) { |
| throw ArgumentError('personalization length must be exactly 16 bytes'); |
| } |
| _personalization = Uint8List.fromList(personalization); |
| } |
| if (key != null) { |
| if (key.length > 64) throw ArgumentError('Keys > 64 are not supported'); |
| _key = Uint8List.fromList(key); |
| |
| _keyLength = key.length; |
| _buffer!.setAll(0, key); |
| _bufferPos = _blockSize; |
| } |
| init(); |
| } |
| |
| @override |
| String get algorithmName => 'Blake2b'; |
| @override |
| int get digestSize => _digestLength; |
| |
| void init() { |
| if (_chainValue == null) { |
| _chainValue = Register64List(8); |
| _chainValue![0] |
| ..set(_blake2bIV[0]) |
| ..xor(Register64(digestSize | (_keyLength << 8) | 0x1010000)); |
| _chainValue![1].set(_blake2bIV[1]); |
| _chainValue![2].set(_blake2bIV[2]); |
| |
| _chainValue![3].set(_blake2bIV[3]); |
| |
| _chainValue![4].set(_blake2bIV[4]); |
| _chainValue![5].set(_blake2bIV[5]); |
| if (_salt != null) { |
| _chainValue![4].xor(Register64()..unpack(_salt, 0, Endian.little)); |
| _chainValue![5].xor(Register64()..unpack(_salt, 8, Endian.little)); |
| } |
| |
| _chainValue![6].set(_blake2bIV[6]); |
| _chainValue![7].set(_blake2bIV[7]); |
| if (_personalization != null) { |
| _chainValue![6] |
| .xor(Register64()..unpack(_personalization, 0, Endian.little)); |
| _chainValue![7] |
| .xor(Register64()..unpack(_personalization, 8, Endian.little)); |
| } |
| } |
| } |
| |
| void _initializeInternalState() { |
| _internalState.setRange(0, _chainValue!.length, _chainValue!); |
| _internalState.setRange( |
| _chainValue!.length, _chainValue!.length + 4, _blake2bIV); |
| _internalState[12] |
| ..set(_t0) |
| ..xor(_blake2bIV[4]); |
| _internalState[13] |
| ..set(_t1) |
| ..xor(_blake2bIV[5]); |
| _internalState[14] |
| ..set(_f0) |
| ..xor(_blake2bIV[6]); |
| _internalState[15].set(_blake2bIV[7]); // ^ f1 with f1 = 0 |
| } |
| |
| @override |
| void updateByte(int inp) { |
| if (_bufferPos == _blockSize) { |
| // full buffer |
| _t0.sum(_blockSize); |
| // This requires hashing > 2^64 bytes which is impossible for the forseeable future. |
| // So _t1 is untested dead code, but I've left it in because it is in the source library. |
| if (_t0.lo32 == 0 && _t0.hi32 == 0) _t1.sum(1); |
| _compress(_buffer, 0); |
| _buffer!.fillRange(0, _buffer!.length, 0); // clear buffer |
| _buffer![0] = inp; |
| _bufferPos = 1; |
| } else { |
| _buffer![_bufferPos] = inp; |
| ++_bufferPos; |
| } |
| } |
| |
| @override |
| void update(Uint8List inp, int inpOff, int len) { |
| if (len == 0) return; |
| var remainingLength = 0; |
| if (_bufferPos != 0) { |
| remainingLength = _blockSize - _bufferPos; |
| if (remainingLength < len) { |
| _buffer! |
| .setRange(_bufferPos, _bufferPos + remainingLength, inp, inpOff); |
| _t0.sum(_blockSize); |
| if (_t0.lo32 == 0 && _t0.hi32 == 0) _t1.sum(1); |
| _compress(_buffer, 0); |
| _bufferPos = 0; |
| _buffer!.fillRange(0, _buffer!.length, 0); // clear buffer |
| } else { |
| _buffer!.setRange(_bufferPos, _bufferPos + len, inp, inpOff); |
| _bufferPos += len; |
| return; |
| } |
| } |
| |
| int msgPos; |
| var blockWiseLastPos = inpOff + len - _blockSize; |
| for (msgPos = inpOff + remainingLength; |
| msgPos < blockWiseLastPos; |
| msgPos += _blockSize) { |
| _t0.sum(_blockSize); |
| if (_t0.lo32 == 0 && _t0.hi32 == 0) _t1.sum(1); |
| _compress(inp, msgPos); |
| } |
| |
| _buffer!.setRange(0, inpOff + len - msgPos, inp, msgPos); |
| _bufferPos += inpOff + len - msgPos; |
| } |
| |
| @override |
| int doFinal(Uint8List out, int outOff) { |
| _f0.set(0xFFFFFFFF, 0xFFFFFFFF); |
| _t0.sum(_bufferPos); |
| if (_bufferPos > 0 && _t0.lo32 == 0 && _t0.hi32 == 0) _t1.sum(1); |
| _compress(_buffer, 0); |
| _buffer!.fillRange(0, _buffer!.length, 0); // clear buffer |
| _internalState.fillRange(0, _internalState.length, 0); |
| |
| final packedValue = Uint8List(8); |
| final packedValueData = packedValue.buffer.asByteData(); |
| for (var i = 0; i < _chainValue!.length && (i * 8 < _digestLength); ++i) { |
| _chainValue![i].pack(packedValueData, 0, Endian.little); |
| |
| final start = outOff + i * 8; |
| if (i * 8 < _digestLength - 8) { |
| out.setRange(start, start + 8, packedValue); |
| } else { |
| out.setRange(start, start + _digestLength - (i * 8), packedValue); |
| } |
| } |
| |
| _chainValue!.fillRange(0, _chainValue!.length, 0); |
| |
| reset(); |
| |
| return _digestLength; |
| } |
| |
| @override |
| void reset() { |
| _bufferPos = 0; |
| _f0.set(0); |
| _t0.set(0); |
| _t1.set(0); |
| _chainValue = null; |
| _buffer!.fillRange(0, _buffer!.length, 0); |
| if (_key != null) { |
| _buffer!.setAll(0, _key!); |
| _bufferPos = _blockSize; |
| } |
| init(); |
| } |
| |
| // This variable is faster as a class member. |
| final _m = Register64List(16); |
| void _compress(Uint8List? message, int messagePos) { |
| _initializeInternalState(); |
| |
| for (var j = 0; j < 16; ++j) { |
| _m[j].unpack(message, messagePos + j * 8, Endian.little); |
| } |
| |
| for (var round = 0; round < _rounds; ++round) { |
| G(_m[_blake2bSigma[round][0]], _m[_blake2bSigma[round][1]], 0, 4, 8, 12); |
| G(_m[_blake2bSigma[round][2]], _m[_blake2bSigma[round][3]], 1, 5, 9, 13); |
| G(_m[_blake2bSigma[round][4]], _m[_blake2bSigma[round][5]], 2, 6, 10, 14); |
| G(_m[_blake2bSigma[round][6]], _m[_blake2bSigma[round][7]], 3, 7, 11, 15); |
| G(_m[_blake2bSigma[round][8]], _m[_blake2bSigma[round][9]], 0, 5, 10, 15); |
| G(_m[_blake2bSigma[round][10]], _m[_blake2bSigma[round][11]], 1, 6, 11, |
| 12); |
| G(_m[_blake2bSigma[round][12]], _m[_blake2bSigma[round][13]], 2, 7, 8, |
| 13); |
| G(_m[_blake2bSigma[round][14]], _m[_blake2bSigma[round][15]], 3, 4, 9, |
| 14); |
| } |
| |
| for (var offset = 0; offset < _chainValue!.length; ++offset) { |
| _chainValue![offset] |
| ..xor(_internalState[offset]) |
| ..xor(_internalState[offset + 8]); |
| } |
| } |
| |
| void G(Register64 m1, Register64 m2, int posA, int posB, int posC, int posD) { |
| // This variable is faster as a local. The allocation is probably sunk. |
| final r = Register64(); |
| |
| _internalState[posA].sumReg(r |
| ..set(_internalState[posB]) |
| ..sumReg(m1)); |
| _internalState[posD] |
| ..xor(_internalState[posA]) |
| ..rotr(32); |
| _internalState[posC].sumReg(_internalState[posD]); |
| _internalState[posB] |
| ..xor(_internalState[posC]) |
| ..rotr(24); |
| _internalState[posA].sumReg(r |
| ..set(_internalState[posB]) |
| ..sumReg(m2)); |
| _internalState[posD] |
| ..xor(_internalState[posA]) |
| ..rotr(16); |
| _internalState[posC].sumReg(_internalState[posD]); |
| _internalState[posB] |
| ..xor(_internalState[posC]) |
| ..rotr(63); |
| } |
| |
| @override |
| int get byteLength => 128; |
| } |
| |
| // Produced from the square root of primes 2, 3, 5, 7, 11, 13, 17, 19. |
| // The same as SHA-512 IV. |
| final _blake2bIV = Register64List.from([ |
| [0x6a09e667, 0xf3bcc908], |
| [0xbb67ae85, 0x84caa73b], |
| [0x3c6ef372, 0xfe94f82b], |
| [0xa54ff53a, 0x5f1d36f1], |
| [0x510e527f, 0xade682d1], |
| [0x9b05688c, 0x2b3e6c1f], |
| [0x1f83d9ab, 0xfb41bd6b], |
| [0x5be0cd19, 0x137e2179], |
| ]); |
| |
| final _blake2bSigma = [ |
| [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15], |
| [14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3], |
| [11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4], |
| [7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8], |
| [9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13], |
| [2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9], |
| [12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11], |
| [13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10], |
| [6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5], |
| [10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0], |
| [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15], |
| [14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3], |
| ]; |
