feat(checksum): supports BLAKE2 and SHA-3 (#4850)

If applied, these commits will allow users to use BLAKE2 (BLAKE2b-512 and BLAKE2s-256) and SHA-3 (SHA3-{224,256,384,512}) as checksum algorithms. This is because I think it would be useful if these algorithms could be used as an alternative to SHA-1 and SHA-2. These algorithms are standardized as [RFC 7693](https://datatracker.ietf.org/doc/html/rfc7693) (BLAKE2) and [FIPS PUB 202](https://www.nist.gov/publications/sha-3-standard-permutation-based-hash-and-extendable-output-functions) (SHA-3). - <https://en.wikipedia.org/wiki/BLAKE_(hash_function)#BLAKE2> - <https://en.wikipedia.org/wiki/SHA-3>
goreleaser · May 10, 2024 · 5d98c69 · 5d98c69
1 parent 52dc2cb
commit 5d98c69
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 8 deletions.
diff --git a/internal/artifact/artifact.go b/internal/artifact/artifact.go
@@ -20,6 +20,9 @@ import (
 	"sync"
 
 	"github.com/caarlos0/log"
+	"golang.org/x/crypto/blake2b"
+	"golang.org/x/crypto/blake2s"
+	"golang.org/x/crypto/sha3"
 )
 
 // Type defines the type of an artifact.
@@ -243,6 +246,16 @@ func (a Artifact) Checksum(algorithm string) (string, error) {
 	defer file.Close()
 	var h hash.Hash
 	switch algorithm {
+	case "blake2b":
+		h, err = blake2b.New512(nil)
+		if err != nil {
+			return "", fmt.Errorf("failed to checksum: %w", err)
+		}
+	case "blake2s":
+		h, err = blake2s.New256(nil)
+		if err != nil {
+			return "", fmt.Errorf("failed to checksum: %w", err)
+		}
 	case "crc32":
 		h = crc32.NewIEEE()
 	case "md5":
@@ -257,6 +270,14 @@ func (a Artifact) Checksum(algorithm string) (string, error) {
 		h = sha1.New()
 	case "sha512":
 		h = sha512.New()
+	case "sha3-224":
+		h = sha3.New224()
+	case "sha3-384":
+		h = sha3.New384()
+	case "sha3-256":
+		h = sha3.New256()
+	case "sha3-512":
+		h = sha3.New512()
 	default:
 		return "", fmt.Errorf("invalid algorithm: %s", algorithm)
 	}

diff --git a/internal/artifact/artifact_test.go b/internal/artifact/artifact_test.go
@@ -334,13 +334,19 @@ func TestChecksum(t *testing.T) {
 	}
 
 	for algo, result := range map[string]string{
-		"sha256": "5e2bf57d3f40c4b6df69daf1936cb766f832374b4fc0259a7cbff06e2f70f269",
-		"sha512": "f80eebd9aabb1a15fb869ed568d858a5c0dca3d5da07a410e1bd988763918d973e344814625f7c844695b2de36ffd27af290d0e34362c51dee5947d58d40527a",
-		"sha1":   "bfb7759a67daeb65410490b4d98bb9da7d1ea2ce",
-		"crc32":  "72d7748e",
-		"md5":    "80a751fde577028640c419000e33eba6",
-		"sha224": "e191edf06005712583518ced92cc2ac2fac8d6e4623b021a50736a91",
-		"sha384": "597493a6cf1289757524e54dfd6f68b332c7214a716a3358911ef5c09907adc8a654a18c1d721e183b0025f996f6e246",
+		"sha256":   "5e2bf57d3f40c4b6df69daf1936cb766f832374b4fc0259a7cbff06e2f70f269",
+		"sha512":   "f80eebd9aabb1a15fb869ed568d858a5c0dca3d5da07a410e1bd988763918d973e344814625f7c844695b2de36ffd27af290d0e34362c51dee5947d58d40527a",
+		"sha1":     "bfb7759a67daeb65410490b4d98bb9da7d1ea2ce",
+		"crc32":    "72d7748e",
+		"md5":      "80a751fde577028640c419000e33eba6",
+		"sha224":   "e191edf06005712583518ced92cc2ac2fac8d6e4623b021a50736a91",
+		"sha384":   "597493a6cf1289757524e54dfd6f68b332c7214a716a3358911ef5c09907adc8a654a18c1d721e183b0025f996f6e246",
+		"sha3-256": "784335e2ae23886cb5fa1261fc3dfbaee12623241791c5e4d78b0da619a78051",
+		"sha3-512": "bce76c1eacfaf74912144f26e0fdadba5f7b6893fb046e21d280ffeb3f1f1bf14213862e292e3be64be8c6e5c8216b839c658f3893eae700e4a92f5625ec25c9",
+		"sha3-224": "6ef5918377a5309c4b8b41a4a1d9c680cc3259e7a7619f47ca345714",
+		"sha3-384": "ba6ea7b48af10d7025c4b0c6a105f410278705020d921377c729fe41e88cd9fc2b851002b4cc5a42ba5c34ca8a07b36d",
+		"blake2s":  "7cd93f6d174040f3618982922701c54ec5b02dd28902b5160628b1d5516a62c9",
+		"blake2b":  "ca0dbbe27fca7e5d97b612a76b66d9d42fd67ece4265a50c09ccaefcdc03d9d5a87fa1fddc926ae10c6667342c69df5c33117cf636fca82ac1377c2b4e23e2bc",
 	} {
 		t.Run(algo, func(t *testing.T) {
 			sum, err := artifact.Checksum(algo)

diff --git a/www/docs/customization/checksum.md b/www/docs/customization/checksum.md
@@ -16,7 +16,21 @@ checksum:
   name_template: "{{ .ProjectName }}_checksums.txt"
 
   # Algorithm to be used.
-  # Accepted options are sha256, sha512, sha1, crc32, md5, sha224 and sha384.
+  #
+  # Accepted options are:
+  # - sha256
+  # - sha512
+  # - sha1
+  # - crc32
+  # - md5
+  # - sha224
+  # - sha384
+  # - sha3-256
+  # - sha3-512
+  # - sha3-224
+  # - sha3-384
+  # - blake2s
+  # - blake2b
   #
   # Default: sha256.
   algorithm: sha256