From a5263c7caa61eb9eedfd6c15e3c1f989d5490ef9 Mon Sep 17 00:00:00 2001
From: Luit van Drongelen <luitvd@gmail.com>
Date: Wed, 18 Jan 2012 10:36:28 -0500
Subject: [PATCH] crypto/hmac: Add HMAC-SHA224 and HMAC-SHA384/512

First was, apart from adding tests, a single line of code (to add the
constructor function). Adding SHA512-based hashing to crypto/hmac
required minor rework of the package because of a previously hardcoded
block-size in it's implementation. Instead of using a hash.Hash
generator function the constructor function now uses a crypto.Hash
type, which was extended to expose information about block size.

The only standard library package impacted by the change is
crypto/tls, for which the fix is included in this patch. It might be
useful to extend gofix to include this API change too.

R=agl, r, rsc, r
CC=golang-dev
https://golang.org/cl/5550043
---
 src/pkg/crypto/hmac/hmac.go                   |  32 +-
 src/pkg/crypto/hmac/hmac_test.go              | 312 +++++++++++++++++-
 src/pkg/crypto/md4/md4.go                     |   5 +
 src/pkg/crypto/md5/md5.go                     |   5 +
 src/pkg/crypto/openpgp/canonical_text.go      |   4 +
 src/pkg/crypto/openpgp/canonical_text_test.go |   4 +
 src/pkg/crypto/ripemd160/ripemd160.go         |   2 +
 src/pkg/crypto/sha1/sha1.go                   |   5 +
 src/pkg/crypto/sha256/sha256.go               |   5 +
 src/pkg/crypto/sha512/sha512.go               |   5 +
 src/pkg/exp/ssh/transport.go                  |   2 +
 src/pkg/hash/adler32/adler32.go               |   2 +
 src/pkg/hash/crc32/crc32.go                   |   2 +
 src/pkg/hash/crc64/crc64.go                   |   2 +
 src/pkg/hash/fnv/fnv.go                       |   5 +
 src/pkg/hash/hash.go                          |   6 +
 16 files changed, 367 insertions(+), 31 deletions(-)

diff --git a/src/pkg/crypto/hmac/hmac.go b/src/pkg/crypto/hmac/hmac.go
index 6e7dd8762c..6bdbbb4030 100644
--- a/src/pkg/crypto/hmac/hmac.go
+++ b/src/pkg/crypto/hmac/hmac.go
@@ -18,23 +18,14 @@ import (
 // FIPS 198:
 // http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf
 
-// key is zero padded to 64 bytes
-// ipad = 0x36 byte repeated to 64 bytes
-// opad = 0x5c byte repeated to 64 bytes
+// key is zero padded to the block size of the hash function
+// ipad = 0x36 byte repeated for key length
+// opad = 0x5c byte repeated for key length
 // hmac = H([key ^ opad] H([key ^ ipad] text))
 
-const (
-	// NOTE(rsc): This constant is actually the
-	// underlying hash function's block size.
-	// HMAC is only conventionally used with
-	// MD5 and SHA1, and both use 64-byte blocks.
-	// The hash.Hash interface doesn't provide a
-	// way to find out the block size.
-	padSize = 64
-)
-
 type hmac struct {
 	size         int
+	blocksize    int
 	key, tmp     []byte
 	outer, inner hash.Hash
 }
@@ -43,7 +34,7 @@ func (h *hmac) tmpPad(xor byte) {
 	for i, k := range h.key {
 		h.tmp[i] = xor ^ k
 	}
-	for i := len(h.key); i < padSize; i++ {
+	for i := len(h.key); i < h.blocksize; i++ {
 		h.tmp[i] = xor
 	}
 }
@@ -52,7 +43,7 @@ func (h *hmac) Sum(in []byte) []byte {
 	origLen := len(in)
 	in = h.inner.Sum(in)
 	h.tmpPad(0x5c)
-	copy(h.tmp[padSize:], in[origLen:])
+	copy(h.tmp[h.blocksize:], in[origLen:])
 	h.outer.Reset()
 	h.outer.Write(h.tmp)
 	return h.outer.Sum(in[:origLen])
@@ -64,20 +55,23 @@ func (h *hmac) Write(p []byte) (n int, err error) {
 
 func (h *hmac) Size() int { return h.size }
 
+func (h *hmac) BlockSize() int { return h.blocksize }
+
 func (h *hmac) Reset() {
 	h.inner.Reset()
 	h.tmpPad(0x36)
-	h.inner.Write(h.tmp[0:padSize])
+	h.inner.Write(h.tmp[0:h.blocksize])
 }
 
-// New returns a new HMAC hash using the given hash generator and key.
+// New returns a new HMAC hash using the given crypto.Hash type and key.
 func New(h func() hash.Hash, key []byte) hash.Hash {
 	hm := new(hmac)
 	hm.outer = h()
 	hm.inner = h()
 	hm.size = hm.inner.Size()
-	hm.tmp = make([]byte, padSize+hm.size)
-	if len(key) > padSize {
+	hm.blocksize = hm.inner.BlockSize()
+	hm.tmp = make([]byte, hm.blocksize+hm.size)
+	if len(key) > hm.blocksize {
 		// If key is too big, hash it.
 		hm.outer.Write(key)
 		key = hm.outer.Sum(nil)
diff --git a/src/pkg/crypto/hmac/hmac_test.go b/src/pkg/crypto/hmac/hmac_test.go
index eac254b9d1..07957414c8 100644
--- a/src/pkg/crypto/hmac/hmac_test.go
+++ b/src/pkg/crypto/hmac/hmac_test.go
@@ -5,13 +5,17 @@
 package hmac
 
 import (
+	"crypto/md5"
+	"crypto/sha1"
+	"crypto/sha256"
+	"crypto/sha512"
 	"fmt"
 	"hash"
 	"testing"
 )
 
 type hmacTest struct {
-	hash func([]byte) hash.Hash
+	hash func() hash.Hash
 	key  []byte
 	in   []byte
 	out  string
@@ -21,7 +25,7 @@ var hmacTests = []hmacTest{
 	// Tests from US FIPS 198
 	// http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf
 	{
-		NewSHA1,
+		sha1.New,
 		[]byte{
 			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
@@ -36,7 +40,7 @@ var hmacTests = []hmacTest{
 		"4f4ca3d5d68ba7cc0a1208c9c61e9c5da0403c0a",
 	},
 	{
-		NewSHA1,
+		sha1.New,
 		[]byte{
 			0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
 			0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
@@ -46,7 +50,7 @@ var hmacTests = []hmacTest{
 		"0922d3405faa3d194f82a45830737d5cc6c75d24",
 	},
 	{
-		NewSHA1,
+		sha1.New,
 		[]byte{
 			0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
 			0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
@@ -68,7 +72,7 @@ var hmacTests = []hmacTest{
 
 	// Test from Plan 9.
 	{
-		NewMD5,
+		md5.New,
 		[]byte("Jefe"),
 		[]byte("what do ya want for nothing?"),
 		"750c783e6ab0b503eaa86e310a5db738",
@@ -76,7 +80,7 @@ var hmacTests = []hmacTest{
 
 	// Tests from RFC 4231
 	{
-		NewSHA256,
+		sha256.New,
 		[]byte{
 			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
 			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
@@ -86,13 +90,13 @@ var hmacTests = []hmacTest{
 		"b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7",
 	},
 	{
-		NewSHA256,
+		sha256.New,
 		[]byte("Jefe"),
 		[]byte("what do ya want for nothing?"),
 		"5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843",
 	},
 	{
-		NewSHA256,
+		sha256.New,
 		[]byte{
 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
@@ -110,7 +114,7 @@ var hmacTests = []hmacTest{
 		"773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe",
 	},
 	{
-		NewSHA256,
+		sha256.New,
 		[]byte{
 			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
 			0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
@@ -129,7 +133,7 @@ var hmacTests = []hmacTest{
 		"82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b",
 	},
 	{
-		NewSHA256,
+		sha256.New,
 		[]byte{
 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
@@ -153,7 +157,7 @@ var hmacTests = []hmacTest{
 		"60e431591ee0b67f0d8a26aacbf5b77f8e0bc6213728c5140546040f0ee37f54",
 	},
 	{
-		NewSHA256,
+		sha256.New,
 		[]byte{
 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
 			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
@@ -178,11 +182,295 @@ var hmacTests = []hmacTest{
 			"be hashed before being used by the HMAC algorithm."),
 		"9b09ffa71b942fcb27635fbcd5b0e944bfdc63644f0713938a7f51535c3a35e2",
 	},
+
+	// Tests from http://csrc.nist.gov/groups/ST/toolkit/examples.html
+	// (truncated tag tests are left out)
+	{
+		sha1.New,
+		[]byte{
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+			0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+			0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+			0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+			0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+			0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+		},
+		[]byte("Sample message for keylen=blocklen"),
+		"5fd596ee78d5553c8ff4e72d266dfd192366da29",
+	},
+	{
+		sha1.New,
+		[]byte{
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+			0x10, 0x11, 0x12, 0x13,
+		},
+		[]byte("Sample message for keylen<blocklen"),
+		"4c99ff0cb1b31bd33f8431dbaf4d17fcd356a807",
+	},
+	{
+		sha1.New,
+		[]byte{
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+			0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+			0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+			0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+			0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+			0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+			0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+			0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+			0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+			0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
+			0x60, 0x61, 0x62, 0x63,
+		},
+		[]byte("Sample message for keylen=blocklen"),
+		"2d51b2f7750e410584662e38f133435f4c4fd42a",
+	},
+	{
+		sha256.New224,
+		[]byte{
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+			0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+			0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+			0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+			0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+			0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+		},
+		[]byte("Sample message for keylen=blocklen"),
+		"c7405e3ae058e8cd30b08b4140248581ed174cb34e1224bcc1efc81b",
+	},
+	{
+		sha256.New224,
+		[]byte{
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+			0x18, 0x19, 0x1a, 0x1b,
+		},
+		[]byte("Sample message for keylen<blocklen"),
+		"e3d249a8cfb67ef8b7a169e9a0a599714a2cecba65999a51beb8fbbe",
+	},
+	{
+		sha256.New224,
+		[]byte{
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+			0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+			0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+			0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+			0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+			0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+			0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+			0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+			0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+			0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
+			0x60, 0x61, 0x62, 0x63,
+		},
+		[]byte("Sample message for keylen=blocklen"),
+		"91c52509e5af8531601ae6230099d90bef88aaefb961f4080abc014d",
+	},
+	{
+		sha256.New,
+		[]byte{
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+			0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+			0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+			0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+			0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+			0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+		},
+		[]byte("Sample message for keylen=blocklen"),
+		"8bb9a1db9806f20df7f77b82138c7914d174d59e13dc4d0169c9057b133e1d62",
+	},
+	{
+		sha256.New,
+		[]byte{
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+			0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+		},
+		[]byte("Sample message for keylen<blocklen"),
+		"a28cf43130ee696a98f14a37678b56bcfcbdd9e5cf69717fecf5480f0ebdf790",
+	},
+	{
+		sha256.New,
+		[]byte{
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+			0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+			0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+			0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+			0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+			0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+			0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+			0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+			0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+			0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
+			0x60, 0x61, 0x62, 0x63,
+		},
+		[]byte("Sample message for keylen=blocklen"),
+		"bdccb6c72ddeadb500ae768386cb38cc41c63dbb0878ddb9c7a38a431b78378d",
+	},
+	{
+		sha512.New384,
+		[]byte{
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+			0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+			0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+			0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+			0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+			0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+			0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+			0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+			0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+			0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
+			0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+			0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
+			0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
+		},
+		[]byte("Sample message for keylen=blocklen"),
+		"63c5daa5e651847ca897c95814ab830bededc7d25e83eef9195cd45857a37f448947858f5af50cc2b1b730ddf29671a9",
+	},
+	{
+		sha512.New384,
+		[]byte{
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+			0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+			0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+			0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+		},
+		[]byte("Sample message for keylen<blocklen"),
+		"6eb242bdbb582ca17bebfa481b1e23211464d2b7f8c20b9ff2201637b93646af5ae9ac316e98db45d9cae773675eeed0",
+	},
+	{
+		sha512.New384,
+		[]byte{
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+			0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+			0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+			0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+			0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+			0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+			0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+			0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+			0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+			0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
+			0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+			0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
+			0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
+			0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+			0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+			0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+			0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
+			0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
+			0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
+			0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+			0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
+			0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+		},
+		[]byte("Sample message for keylen=blocklen"),
+		"5b664436df69b0ca22551231a3f0a3d5b4f97991713cfa84bff4d0792eff96c27dccbbb6f79b65d548b40e8564cef594",
+	},
+	{
+		sha512.New,
+		[]byte{
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+			0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+			0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+			0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+			0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+			0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+			0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+			0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+			0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+			0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
+			0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+			0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
+			0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
+		},
+		[]byte("Sample message for keylen=blocklen"),
+		"fc25e240658ca785b7a811a8d3f7b4ca" +
+			"48cfa26a8a366bf2cd1f836b05fcb024bd36853081811d6c" +
+			"ea4216ebad79da1cfcb95ea4586b8a0ce356596a55fb1347",
+	},
+	{
+		sha512.New,
+		[]byte{
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+			0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+			0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+			0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+			0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+			0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+		},
+		[]byte("Sample message for keylen<blocklen"),
+		"fd44c18bda0bb0a6ce0e82b031bf2818" +
+			"f6539bd56ec00bdc10a8a2d730b3634de2545d639b0f2cf7" +
+			"10d0692c72a1896f1f211c2b922d1a96c392e07e7ea9fedc",
+	},
+	{
+		sha512.New,
+		[]byte{
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+			0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+			0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+			0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+			0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+			0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+			0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+			0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+			0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+			0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
+			0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+			0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+			0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
+			0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
+			0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+			0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+			0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+			0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
+			0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
+			0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
+			0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+			0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
+			0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+		},
+		[]byte("Sample message for keylen=blocklen"),
+		"d93ec8d2de1ad2a9957cb9b83f14e76a" +
+			"d6b5e0cce285079a127d3b14bccb7aa7286d4ac0d4ce6421" +
+			"5f2bc9e6870b33d97438be4aaa20cda5c5a912b48b8e27f3",
+	},
 }
 
 func TestHMAC(t *testing.T) {
 	for i, tt := range hmacTests {
-		h := tt.hash(tt.key)
+		h := New(tt.hash, tt.key)
 		for j := 0; j < 2; j++ {
 			n, err := h.Write(tt.in)
 			if n != len(tt.in) || err != nil {
diff --git a/src/pkg/crypto/md4/md4.go b/src/pkg/crypto/md4/md4.go
index e51e8bee50..c5f7c57d16 100644
--- a/src/pkg/crypto/md4/md4.go
+++ b/src/pkg/crypto/md4/md4.go
@@ -17,6 +17,9 @@ func init() {
 // The size of an MD4 checksum in bytes.
 const Size = 16
 
+// The blocksize of MD4 in bytes.
+const BlockSize = 64
+
 const (
 	_Chunk = 64
 	_Init0 = 0x67452301
@@ -51,6 +54,8 @@ func New() hash.Hash {
 
 func (d *digest) Size() int { return Size }
 
+func (d *digest) BlockSize() int { return BlockSize }
+
 func (d *digest) Write(p []byte) (nn int, err error) {
 	nn = len(p)
 	d.len += uint64(nn)
diff --git a/src/pkg/crypto/md5/md5.go b/src/pkg/crypto/md5/md5.go
index f4e7b09ebf..cfb728c944 100644
--- a/src/pkg/crypto/md5/md5.go
+++ b/src/pkg/crypto/md5/md5.go
@@ -17,6 +17,9 @@ func init() {
 // The size of an MD5 checksum in bytes.
 const Size = 16
 
+// The blocksize of MD5 in bytes.
+const BlockSize = 64
+
 const (
 	_Chunk = 64
 	_Init0 = 0x67452301
@@ -51,6 +54,8 @@ func New() hash.Hash {
 
 func (d *digest) Size() int { return Size }
 
+func (d *digest) BlockSize() int { return BlockSize }
+
 func (d *digest) Write(p []byte) (nn int, err error) {
 	nn = len(p)
 	d.len += uint64(nn)
diff --git a/src/pkg/crypto/openpgp/canonical_text.go b/src/pkg/crypto/openpgp/canonical_text.go
index 98cee5e75a..e601e389f1 100644
--- a/src/pkg/crypto/openpgp/canonical_text.go
+++ b/src/pkg/crypto/openpgp/canonical_text.go
@@ -53,3 +53,7 @@ func (cth *canonicalTextHash) Reset() {
 func (cth *canonicalTextHash) Size() int {
 	return cth.h.Size()
 }
+
+func (cth *canonicalTextHash) BlockSize() int {
+	return cth.h.BlockSize()
+}
diff --git a/src/pkg/crypto/openpgp/canonical_text_test.go b/src/pkg/crypto/openpgp/canonical_text_test.go
index 841475f80c..8f3ba2a881 100644
--- a/src/pkg/crypto/openpgp/canonical_text_test.go
+++ b/src/pkg/crypto/openpgp/canonical_text_test.go
@@ -29,6 +29,10 @@ func (r recordingHash) Size() int {
 	panic("shouldn't be called")
 }
 
+func (r recordingHash) BlockSize() int {
+	panic("shouldn't be called")
+}
+
 func testCanonicalText(t *testing.T, input, expected string) {
 	r := recordingHash{bytes.NewBuffer(nil)}
 	c := NewCanonicalTextHash(r)
diff --git a/src/pkg/crypto/ripemd160/ripemd160.go b/src/pkg/crypto/ripemd160/ripemd160.go
index cd2cc39dbd..da690f0b92 100644
--- a/src/pkg/crypto/ripemd160/ripemd160.go
+++ b/src/pkg/crypto/ripemd160/ripemd160.go
@@ -55,6 +55,8 @@ func New() hash.Hash {
 
 func (d *digest) Size() int { return Size }
 
+func (d *digest) BlockSize() int { return BlockSize }
+
 func (d *digest) Write(p []byte) (nn int, err error) {
 	nn = len(p)
 	d.tc += uint64(nn)
diff --git a/src/pkg/crypto/sha1/sha1.go b/src/pkg/crypto/sha1/sha1.go
index 7bb68bbdbc..876e7992a3 100644
--- a/src/pkg/crypto/sha1/sha1.go
+++ b/src/pkg/crypto/sha1/sha1.go
@@ -17,6 +17,9 @@ func init() {
 // The size of a SHA1 checksum in bytes.
 const Size = 20
 
+// The blocksize of SHA1 in bytes.
+const BlockSize = 64
+
 const (
 	_Chunk = 64
 	_Init0 = 0x67452301
@@ -53,6 +56,8 @@ func New() hash.Hash {
 
 func (d *digest) Size() int { return Size }
 
+func (d *digest) BlockSize() int { return BlockSize }
+
 func (d *digest) Write(p []byte) (nn int, err error) {
 	nn = len(p)
 	d.len += uint64(nn)
diff --git a/src/pkg/crypto/sha256/sha256.go b/src/pkg/crypto/sha256/sha256.go
index 4525541a79..a61e30b425 100644
--- a/src/pkg/crypto/sha256/sha256.go
+++ b/src/pkg/crypto/sha256/sha256.go
@@ -22,6 +22,9 @@ const Size = 32
 // The size of a SHA224 checksum in bytes.
 const Size224 = 28
 
+// The blocksize of SHA256 and SHA224 in bytes.
+const BlockSize = 64
+
 const (
 	_Chunk     = 64
 	_Init0     = 0x6A09E667
@@ -97,6 +100,8 @@ func (d *digest) Size() int {
 	return Size224
 }
 
+func (d *digest) BlockSize() int { return BlockSize }
+
 func (d *digest) Write(p []byte) (nn int, err error) {
 	nn = len(p)
 	d.len += uint64(nn)
diff --git a/src/pkg/crypto/sha512/sha512.go b/src/pkg/crypto/sha512/sha512.go
index 927f28a28d..a245fd68e5 100644
--- a/src/pkg/crypto/sha512/sha512.go
+++ b/src/pkg/crypto/sha512/sha512.go
@@ -22,6 +22,9 @@ const Size = 64
 // The size of a SHA384 checksum in bytes.
 const Size384 = 48
 
+// The blocksize of SHA512 and SHA384 in bytes.
+const BlockSize = 128
+
 const (
 	_Chunk     = 128
 	_Init0     = 0x6a09e667f3bcc908
@@ -97,6 +100,8 @@ func (d *digest) Size() int {
 	return Size384
 }
 
+func (d *digest) BlockSize() int { return BlockSize }
+
 func (d *digest) Write(p []byte) (nn int, err error) {
 	nn = len(p)
 	d.len += uint64(nn)
diff --git a/src/pkg/exp/ssh/transport.go b/src/pkg/exp/ssh/transport.go
index 2e7c955a12..5c15fe8505 100644
--- a/src/pkg/exp/ssh/transport.go
+++ b/src/pkg/exp/ssh/transport.go
@@ -328,6 +328,8 @@ func (t truncatingMAC) Size() int {
 	return t.length
 }
 
+func (t truncatingMAC) BlockSize() int { return t.hmac.BlockSize() }
+
 // maxVersionStringBytes is the maximum number of bytes that we'll accept as a
 // version string. In the event that the client is talking a different protocol
 // we need to set a limit otherwise we will keep using more and more memory
diff --git a/src/pkg/hash/adler32/adler32.go b/src/pkg/hash/adler32/adler32.go
index 8103a89d43..64fe68c443 100644
--- a/src/pkg/hash/adler32/adler32.go
+++ b/src/pkg/hash/adler32/adler32.go
@@ -38,6 +38,8 @@ func New() hash.Hash32 {
 
 func (d *digest) Size() int { return Size }
 
+func (d *digest) BlockSize() int { return 1 }
+
 // Add p to the running checksum a, b.
 func update(a, b uint32, p []byte) (aa, bb uint32) {
 	for _, pi := range p {
diff --git a/src/pkg/hash/crc32/crc32.go b/src/pkg/hash/crc32/crc32.go
index 557fab8a52..236d778728 100644
--- a/src/pkg/hash/crc32/crc32.go
+++ b/src/pkg/hash/crc32/crc32.go
@@ -94,6 +94,8 @@ func NewIEEE() hash.Hash32 { return New(IEEETable) }
 
 func (d *digest) Size() int { return Size }
 
+func (d *digest) BlockSize() int { return 1 }
+
 func (d *digest) Reset() { d.crc = 0 }
 
 func update(crc uint32, tab *Table, p []byte) uint32 {
diff --git a/src/pkg/hash/crc64/crc64.go b/src/pkg/hash/crc64/crc64.go
index e5c1db4b3d..5b64390f3d 100644
--- a/src/pkg/hash/crc64/crc64.go
+++ b/src/pkg/hash/crc64/crc64.go
@@ -53,6 +53,8 @@ func New(tab *Table) hash.Hash64 { return &digest{0, tab} }
 
 func (d *digest) Size() int { return Size }
 
+func (d *digest) BlockSize() int { return 1 }
+
 func (d *digest) Reset() { d.crc = 0 }
 
 func update(crc uint64, tab *Table, p []byte) uint64 {
diff --git a/src/pkg/hash/fnv/fnv.go b/src/pkg/hash/fnv/fnv.go
index 2c8a25118e..ea50198180 100644
--- a/src/pkg/hash/fnv/fnv.go
+++ b/src/pkg/hash/fnv/fnv.go
@@ -104,6 +104,11 @@ func (s *sum32a) Size() int { return 4 }
 func (s *sum64) Size() int  { return 8 }
 func (s *sum64a) Size() int { return 8 }
 
+func (s *sum32) BlockSize() int  { return 1 }
+func (s *sum32a) BlockSize() int { return 1 }
+func (s *sum64) BlockSize() int  { return 1 }
+func (s *sum64a) BlockSize() int { return 1 }
+
 func (s *sum32) Sum(in []byte) []byte {
 	v := uint32(*s)
 	in = append(in, byte(v>>24))
diff --git a/src/pkg/hash/hash.go b/src/pkg/hash/hash.go
index 8598f4e1b8..aa895cf984 100644
--- a/src/pkg/hash/hash.go
+++ b/src/pkg/hash/hash.go
@@ -22,6 +22,12 @@ type Hash interface {
 
 	// Size returns the number of bytes Sum will return.
 	Size() int
+
+	// BlockSize returns the hash's underlying block size.
+	// The Write method must be able to accept any amount
+	// of data, but it may operate more efficiently if all writes
+	// are a multiple of the block size.
+	BlockSize() int
 }
 
 // Hash32 is the common interface implemented by all 32-bit hash functions.
-- 
2.50.0