From dba23617280ea75b434bbca4699abfd1524fdbe2 Mon Sep 17 00:00:00 2001
From: Pavol Rusnak <stick@gk2.sk>
Date: Tue, 12 Jun 2018 19:04:28 +0200
Subject: [PATCH] add overwinter hashers

---
 hasher.c | 39 +++++++++++++++++++++++++++++----------
 hasher.h |  7 +++++++
 2 files changed, 36 insertions(+), 10 deletions(-)

diff --git a/hasher.c b/hasher.c
index b8d0b919b..3d7eac309 100644
--- a/hasher.c
+++ b/hasher.c
@@ -37,6 +37,18 @@ void hasher_Init(Hasher *hasher, HasherType type) {
 	case HASHER_GROESTLD_TRUNC:
 		groestl512_Init(&hasher->ctx.groestl);
 		break;
+	case HASHER_OVERWINTER_PREVOUTS:
+		blake2b_InitKey(&hasher->ctx.blake2b, 32, "ZcashPrevoutHash", 16);
+		break;
+	case HASHER_OVERWINTER_SEQUENCE:
+		blake2b_InitKey(&hasher->ctx.blake2b, 32, "ZcashSequencHash", 16);
+		break;
+	case HASHER_OVERWINTER_OUTPUTS:
+		blake2b_InitKey(&hasher->ctx.blake2b, 32, "ZcashOutputsHash", 16);
+		break;
+	case HASHER_OVERWINTER_PREIMAGE:
+		blake2b_InitKey(&hasher->ctx.blake2b, 32, "ZcashSigHash\x19\x1b\xa8\x5b", 16);  // BRANCH_ID = 0x5ba81b19
+		break;
 	}
 }
 
@@ -57,32 +69,39 @@ void hasher_Update(Hasher *hasher, const uint8_t *data, size_t length) {
 	case HASHER_GROESTLD_TRUNC:
 		groestl512_Update(&hasher->ctx.groestl, data, length);
 		break;
+	case HASHER_OVERWINTER_PREVOUTS:
+	case HASHER_OVERWINTER_SEQUENCE:
+	case HASHER_OVERWINTER_OUTPUTS:
+	case HASHER_OVERWINTER_PREIMAGE:
+		blake2b_Update(&hasher->ctx.blake2b, data, length);
+		break;
 	}
 }
 
 void hasher_Final(Hasher *hasher, uint8_t hash[HASHER_DIGEST_LENGTH]) {
 	switch (hasher->type) {
 	case HASHER_SHA2:
+		sha256_Final(&hasher->ctx.sha2, hash);
+		break;
 	case HASHER_SHA2D:
 		sha256_Final(&hasher->ctx.sha2, hash);
+		hasher_Raw(HASHER_SHA2, hash, HASHER_DIGEST_LENGTH, hash);
 		break;
 	case HASHER_BLAKE:
+		blake256_Final(&hasher->ctx.blake, hash);
+		break;
 	case HASHER_BLAKED:
 		blake256_Final(&hasher->ctx.blake, hash);
+		hasher_Raw(HASHER_BLAKE, hash, HASHER_DIGEST_LENGTH, hash);
 		break;
 	case HASHER_GROESTLD_TRUNC:
 		groestl512_DoubleTrunc(&hasher->ctx.groestl, hash);
-		return;
-	}
-
-	switch (hasher->type) {
-	case HASHER_SHA2D:
-		hasher_Raw(HASHER_SHA2, hash, HASHER_DIGEST_LENGTH, hash);
-		break;
-	case HASHER_BLAKED:
-		hasher_Raw(HASHER_BLAKE, hash, HASHER_DIGEST_LENGTH, hash);
 		break;
-	default:
+	case HASHER_OVERWINTER_PREVOUTS:
+	case HASHER_OVERWINTER_SEQUENCE:
+	case HASHER_OVERWINTER_OUTPUTS:
+	case HASHER_OVERWINTER_PREIMAGE:
+		blake2b_Final(&hasher->ctx.blake2b, hash, 32);
 		break;
 	}
 }
diff --git a/hasher.h b/hasher.h
index 673cf9fa7..3a561673c 100644
--- a/hasher.h
+++ b/hasher.h
@@ -29,6 +29,7 @@
 #include "sha2.h"
 #include "blake256.h"
 #include "groestl.h"
+#include "blake2b.h"
 
 #define HASHER_DIGEST_LENGTH 32
 
@@ -40,6 +41,11 @@ typedef enum {
     HASHER_BLAKED,
 
     HASHER_GROESTLD_TRUNC, /* Double Groestl512 hasher truncated to 256 bits */
+
+    HASHER_OVERWINTER_PREVOUTS,
+    HASHER_OVERWINTER_SEQUENCE,
+    HASHER_OVERWINTER_OUTPUTS,
+    HASHER_OVERWINTER_PREIMAGE,
 } HasherType;
 
 typedef struct {
@@ -49,6 +55,7 @@ typedef struct {
         SHA256_CTX sha2;
         BLAKE256_CTX blake;
         GROESTL512_CTX groestl;
+        BLAKE2B_CTX blake2b;
     } ctx;
 } Hasher;