feat(checksum): supports BLAKE2 and SHA-3 (#4850)

If applied, these commits will allow users to use BLAKE2 (BLAKE2b-512
and BLAKE2s-256) and SHA-3 (SHA3-{224,256,384,512}) as checksum
algorithms.

This is because I think it would be useful if these algorithms could be
used as an alternative to SHA-1 and SHA-2. These algorithms are
standardized as [RFC
7693](https://datatracker.ietf.org/doc/html/rfc7693) (BLAKE2) and [FIPS
PUB
202](https://www.nist.gov/publications/sha-3-standard-permutation-based-hash-and-extendable-output-functions)
(SHA-3).

- <https://en.wikipedia.org/wiki/BLAKE_(hash_function)#BLAKE2>
- <https://en.wikipedia.org/wiki/SHA-3>

internal/artifact/artifact.go

@@ -20,6 +20,9 @@ import (
 	"sync"
 
 	"github.com/caarlos0/log"
+	"golang.org/x/crypto/blake2b"
+	"golang.org/x/crypto/blake2s"
+	"golang.org/x/crypto/sha3"
 )
 
 // Type defines the type of an artifact.
@@ -243,6 +246,16 @@ func (a Artifact) Checksum(algorithm string) (string, error) {
 	defer file.Close()
 	var h hash.Hash
 	switch algorithm {
+	case "blake2b":
+		h, err = blake2b.New512(nil)
+		if err != nil {
+			return "", fmt.Errorf("failed to checksum: %w", err)
+		}
+	case "blake2s":
+		h, err = blake2s.New256(nil)
+		if err != nil {
+			return "", fmt.Errorf("failed to checksum: %w", err)
+		}
 	case "crc32":
 		h = crc32.NewIEEE()
 	case "md5":
@@ -257,6 +270,14 @@ func (a Artifact) Checksum(algorithm string) (string, error) {
 		h = sha1.New()
 	case "sha512":
 		h = sha512.New()
+	case "sha3-224":
+		h = sha3.New224()
+	case "sha3-384":
+		h = sha3.New384()
+	case "sha3-256":
+		h = sha3.New256()
+	case "sha3-512":
+		h = sha3.New512()
 	default:
 		return "", fmt.Errorf("invalid algorithm: %s", algorithm)
 	}

internal/artifact/artifact_test.go

@@ -341,6 +341,12 @@ func TestChecksum(t *testing.T) {
 		"md5":      "80a751fde577028640c419000e33eba6",
 		"sha224":   "e191edf06005712583518ced92cc2ac2fac8d6e4623b021a50736a91",
 		"sha384":   "597493a6cf1289757524e54dfd6f68b332c7214a716a3358911ef5c09907adc8a654a18c1d721e183b0025f996f6e246",
+		"sha3-256": "784335e2ae23886cb5fa1261fc3dfbaee12623241791c5e4d78b0da619a78051",
+		"sha3-512": "bce76c1eacfaf74912144f26e0fdadba5f7b6893fb046e21d280ffeb3f1f1bf14213862e292e3be64be8c6e5c8216b839c658f3893eae700e4a92f5625ec25c9",
+		"sha3-224": "6ef5918377a5309c4b8b41a4a1d9c680cc3259e7a7619f47ca345714",
+		"sha3-384": "ba6ea7b48af10d7025c4b0c6a105f410278705020d921377c729fe41e88cd9fc2b851002b4cc5a42ba5c34ca8a07b36d",
+		"blake2s":  "7cd93f6d174040f3618982922701c54ec5b02dd28902b5160628b1d5516a62c9",
+		"blake2b":  "ca0dbbe27fca7e5d97b612a76b66d9d42fd67ece4265a50c09ccaefcdc03d9d5a87fa1fddc926ae10c6667342c69df5c33117cf636fca82ac1377c2b4e23e2bc",
 	} {
 		t.Run(algo, func(t *testing.T) {
 			sum, err := artifact.Checksum(algo)

www/docs/customization/checksum.md

@@ -16,7 +16,21 @@ checksum:
   name_template: "{{ .ProjectName }}_checksums.txt"
 
   # Algorithm to be used.
-  # Accepted options are sha256, sha512, sha1, crc32, md5, sha224 and sha384.
+  #
+  # Accepted options are:
+  # - sha256
+  # - sha512
+  # - sha1
+  # - crc32
+  # - md5
+  # - sha224
+  # - sha384
+  # - sha3-256
+  # - sha3-512
+  # - sha3-224
+  # - sha3-384
+  # - blake2s
+  # - blake2b
   #
   # Default: sha256.
   algorithm: sha256