UNPKG

@noble/hashes

Version:

Audited & minimal 0-dependency JS implementation of SHA, RIPEMD, BLAKE, HMAC, HKDF, PBKDF & Scrypt

paulmillr.com/noble/

paulmillr/noble-hashes

137 lines 5.83 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.BLAKE = exports.SIGMA = void 0; /** * Internal helpers for blake hash. * @module */ const _assert_js_1 = require("./_assert.js"); const utils_js_1 = require("./utils.js"); /** * Internal blake variable. * For BLAKE2b, the two extra permutations for rounds 10 and 11 are SIGMA[10..11] = SIGMA[0..1]. */ // prettier-ignore exports.SIGMA = new Uint8Array([ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3, 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4, 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8, 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13, 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9, 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11, 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10, 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5, 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3, // Blake1, unused in others 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4, 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8, 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13, 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9, ]); /** Class, from which others are subclassed. */ class BLAKE extends utils_js_1.Hash { constructor(blockLen, outputLen, opts = {}, keyLen, saltLen, persLen) { super(); this.blockLen = blockLen; this.outputLen = outputLen; this.length = 0; this.pos = 0; this.finished = false; this.destroyed = false; (0, _assert_js_1.anumber)(blockLen); (0, _assert_js_1.anumber)(outputLen); (0, _assert_js_1.anumber)(keyLen); if (outputLen < 0 || outputLen > keyLen) throw new Error('outputLen bigger than keyLen'); if (opts.key !== undefined && (opts.key.length < 1 || opts.key.length > keyLen)) throw new Error('key length must be undefined or 1..' + keyLen); if (opts.salt !== undefined && opts.salt.length !== saltLen) throw new Error('salt must be undefined or ' + saltLen); if (opts.personalization !== undefined && opts.personalization.length !== persLen) throw new Error('personalization must be undefined or ' + persLen); this.buffer = new Uint8Array(blockLen); this.buffer32 = (0, utils_js_1.u32)(this.buffer); } update(data) { (0, _assert_js_1.aexists)(this); // Main difference with other hashes: there is flag for last block, // so we cannot process current block before we know that there // is the next one. This significantly complicates logic and reduces ability // to do zero-copy processing const { blockLen, buffer, buffer32 } = this; data = (0, utils_js_1.toBytes)(data); const len = data.length; const offset = data.byteOffset; const buf = data.buffer; for (let pos = 0; pos < len;) { // If buffer is full and we still have input (don't process last block, same as blake2s) if (this.pos === blockLen) { if (!utils_js_1.isLE) (0, utils_js_1.byteSwap32)(buffer32); this.compress(buffer32, 0, false); if (!utils_js_1.isLE) (0, utils_js_1.byteSwap32)(buffer32); this.pos = 0; } const take = Math.min(blockLen - this.pos, len - pos); const dataOffset = offset + pos; // full block && aligned to 4 bytes && not last in input if (take === blockLen && !(dataOffset % 4) && pos + take < len) { const data32 = new Uint32Array(buf, dataOffset, Math.floor((len - pos) / 4)); if (!utils_js_1.isLE) (0, utils_js_1.byteSwap32)(data32); for (let pos32 = 0; pos + blockLen < len; pos32 += buffer32.length, pos += blockLen) { this.length += blockLen; this.compress(data32, pos32, false); } if (!utils_js_1.isLE) (0, utils_js_1.byteSwap32)(data32); continue; } buffer.set(data.subarray(pos, pos + take), this.pos); this.pos += take; this.length += take; pos += take; } return this; } digestInto(out) { (0, _assert_js_1.aexists)(this); (0, _assert_js_1.aoutput)(out, this); const { pos, buffer32 } = this; this.finished = true; // Padding this.buffer.subarray(pos).fill(0); if (!utils_js_1.isLE) (0, utils_js_1.byteSwap32)(buffer32); this.compress(buffer32, 0, true); if (!utils_js_1.isLE) (0, utils_js_1.byteSwap32)(buffer32); const out32 = (0, utils_js_1.u32)(out); this.get().forEach((v, i) => (out32[i] = (0, utils_js_1.byteSwapIfBE)(v))); } digest() { const { buffer, outputLen } = this; this.digestInto(buffer); const res = buffer.slice(0, outputLen); this.destroy(); return res; } _cloneInto(to) { const { buffer, length, finished, destroyed, outputLen, pos } = this; to || (to = new this.constructor({ dkLen: outputLen })); to.set(...this.get()); to.length = length; to.finished = finished; to.destroyed = destroyed; to.outputLen = outputLen; to.buffer.set(buffer); to.pos = pos; return to; } } exports.BLAKE = BLAKE; //# sourceMappingURL=_blake.js.map