Blame view
crypto/blake2b_generic.c
9.3 KB
91d689337 crypto: blake2b -... |
1 2 3 4 5 6 7 8 9 10 |
// SPDX-License-Identifier: (GPL-2.0-only OR Apache-2.0) /* * BLAKE2b reference source code package - reference C implementations * * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>. You may use this under the * terms of the CC0, the OpenSSL Licence, or the Apache Public License 2.0, at * your option. The terms of these licenses can be found at: * * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 * - OpenSSL license : https://www.openssl.org/source/license.html |
9332a9e73 crypto: Replace H... |
11 |
* - Apache 2.0 : https://www.apache.org/licenses/LICENSE-2.0 |
91d689337 crypto: blake2b -... |
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
* * More information about the BLAKE2 hash function can be found at * https://blake2.net. * * Note: the original sources have been modified for inclusion in linux kernel * in terms of coding style, using generic helpers and simplifications of error * handling. */ #include <asm/unaligned.h> #include <linux/module.h> #include <linux/string.h> #include <linux/kernel.h> #include <linux/bitops.h> #include <crypto/internal/hash.h> #define BLAKE2B_160_DIGEST_SIZE (160 / 8) #define BLAKE2B_256_DIGEST_SIZE (256 / 8) #define BLAKE2B_384_DIGEST_SIZE (384 / 8) #define BLAKE2B_512_DIGEST_SIZE (512 / 8) enum blake2b_constant { BLAKE2B_BLOCKBYTES = 128, |
91d689337 crypto: blake2b -... |
35 |
BLAKE2B_KEYBYTES = 64, |
91d689337 crypto: blake2b -... |
36 37 38 39 40 41 42 43 |
}; struct blake2b_state { u64 h[8]; u64 t[2]; u64 f[2]; u8 buf[BLAKE2B_BLOCKBYTES]; size_t buflen; |
91d689337 crypto: blake2b -... |
44 |
}; |
91d689337 crypto: blake2b -... |
45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
static const u64 blake2b_IV[8] = { 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, 0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL, 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL }; static const u8 blake2b_sigma[12][16] = { { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }, { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 }, { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 }, { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 }, { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 }, { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 }, { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 }, { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 }, { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 }, { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0 }, { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }, { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } }; |
91d689337 crypto: blake2b -... |
66 67 68 69 70 |
static void blake2b_increment_counter(struct blake2b_state *S, const u64 inc) { S->t[0] += inc; S->t[1] += (S->t[0] < inc); } |
91d689337 crypto: blake2b -... |
71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 |
#define G(r,i,a,b,c,d) \ do { \ a = a + b + m[blake2b_sigma[r][2*i+0]]; \ d = ror64(d ^ a, 32); \ c = c + d; \ b = ror64(b ^ c, 24); \ a = a + b + m[blake2b_sigma[r][2*i+1]]; \ d = ror64(d ^ a, 16); \ c = c + d; \ b = ror64(b ^ c, 63); \ } while (0) #define ROUND(r) \ do { \ G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \ G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \ G(r,2,v[ 2],v[ 6],v[10],v[14]); \ G(r,3,v[ 3],v[ 7],v[11],v[15]); \ G(r,4,v[ 0],v[ 5],v[10],v[15]); \ G(r,5,v[ 1],v[ 6],v[11],v[12]); \ G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \ G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \ } while (0) static void blake2b_compress(struct blake2b_state *S, const u8 block[BLAKE2B_BLOCKBYTES]) { u64 m[16]; u64 v[16]; size_t i; for (i = 0; i < 16; ++i) m[i] = get_unaligned_le64(block + i * sizeof(m[i])); for (i = 0; i < 8; ++i) v[i] = S->h[i]; v[ 8] = blake2b_IV[0]; v[ 9] = blake2b_IV[1]; v[10] = blake2b_IV[2]; v[11] = blake2b_IV[3]; v[12] = blake2b_IV[4] ^ S->t[0]; v[13] = blake2b_IV[5] ^ S->t[1]; v[14] = blake2b_IV[6] ^ S->f[0]; v[15] = blake2b_IV[7] ^ S->f[1]; ROUND(0); ROUND(1); ROUND(2); ROUND(3); ROUND(4); ROUND(5); ROUND(6); ROUND(7); ROUND(8); ROUND(9); ROUND(10); ROUND(11); |
0c0408e86 crypto: blake2b -... |
129 130 131 |
#ifdef CONFIG_CC_IS_CLANG #pragma nounroll /* https://bugs.llvm.org/show_bug.cgi?id=45803 */ #endif |
91d689337 crypto: blake2b -... |
132 133 134 135 136 137 |
for (i = 0; i < 8; ++i) S->h[i] = S->h[i] ^ v[i] ^ v[i + 8]; } #undef G #undef ROUND |
c433a1a85 crypto: blake2b -... |
138 |
struct blake2b_tfm_ctx { |
91d689337 crypto: blake2b -... |
139 140 141 |
u8 key[BLAKE2B_KEYBYTES]; unsigned int keylen; }; |
c433a1a85 crypto: blake2b -... |
142 143 |
static int blake2b_setkey(struct crypto_shash *tfm, const u8 *key, unsigned int keylen) |
91d689337 crypto: blake2b -... |
144 |
{ |
c433a1a85 crypto: blake2b -... |
145 |
struct blake2b_tfm_ctx *tctx = crypto_shash_ctx(tfm); |
91d689337 crypto: blake2b -... |
146 |
|
674f368a9 crypto: remove CR... |
147 |
if (keylen == 0 || keylen > BLAKE2B_KEYBYTES) |
91d689337 crypto: blake2b -... |
148 |
return -EINVAL; |
91d689337 crypto: blake2b -... |
149 |
|
c433a1a85 crypto: blake2b -... |
150 151 |
memcpy(tctx->key, key, keylen); tctx->keylen = keylen; |
91d689337 crypto: blake2b -... |
152 153 154 |
return 0; } |
e37496956 crypto: blake2b -... |
155 |
static int blake2b_init(struct shash_desc *desc) |
91d689337 crypto: blake2b -... |
156 |
{ |
c433a1a85 crypto: blake2b -... |
157 |
struct blake2b_tfm_ctx *tctx = crypto_shash_ctx(desc->tfm); |
91d689337 crypto: blake2b -... |
158 159 |
struct blake2b_state *state = shash_desc_ctx(desc); const int digestsize = crypto_shash_digestsize(desc->tfm); |
e37496956 crypto: blake2b -... |
160 161 162 163 |
memset(state, 0, sizeof(*state)); memcpy(state->h, blake2b_IV, sizeof(state->h)); /* Parameter block is all zeros except index 0, no xor for 1..7 */ |
c433a1a85 crypto: blake2b -... |
164 |
state->h[0] ^= 0x01010000 | tctx->keylen << 8 | digestsize; |
e37496956 crypto: blake2b -... |
165 |
|
c433a1a85 crypto: blake2b -... |
166 |
if (tctx->keylen) { |
e87e484d6 crypto: blake2b -... |
167 168 169 170 |
/* * Prefill the buffer with the key, next call to _update or * _final will process it */ |
c433a1a85 crypto: blake2b -... |
171 |
memcpy(state->buf, tctx->key, tctx->keylen); |
e87e484d6 crypto: blake2b -... |
172 |
state->buflen = BLAKE2B_BLOCKBYTES; |
e37496956 crypto: blake2b -... |
173 |
} |
91d689337 crypto: blake2b -... |
174 175 |
return 0; } |
0b4b5f10a crypto: blake2b -... |
176 177 |
static int blake2b_update(struct shash_desc *desc, const u8 *in, unsigned int inlen) |
91d689337 crypto: blake2b -... |
178 179 |
{ struct blake2b_state *state = shash_desc_ctx(desc); |
0b4b5f10a crypto: blake2b -... |
180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 |
const size_t left = state->buflen; const size_t fill = BLAKE2B_BLOCKBYTES - left; if (!inlen) return 0; if (inlen > fill) { state->buflen = 0; /* Fill buffer */ memcpy(state->buf + left, in, fill); blake2b_increment_counter(state, BLAKE2B_BLOCKBYTES); /* Compress */ blake2b_compress(state, state->buf); in += fill; inlen -= fill; while (inlen > BLAKE2B_BLOCKBYTES) { blake2b_increment_counter(state, BLAKE2B_BLOCKBYTES); blake2b_compress(state, in); in += BLAKE2B_BLOCKBYTES; inlen -= BLAKE2B_BLOCKBYTES; } } memcpy(state->buf + state->buflen, in, inlen); state->buflen += inlen; |
91d689337 crypto: blake2b -... |
204 |
|
91d689337 crypto: blake2b -... |
205 206 |
return 0; } |
086db43b5 crypto: blake2b -... |
207 |
static int blake2b_final(struct shash_desc *desc, u8 *out) |
91d689337 crypto: blake2b -... |
208 209 210 |
{ struct blake2b_state *state = shash_desc_ctx(desc); const int digestsize = crypto_shash_digestsize(desc->tfm); |
086db43b5 crypto: blake2b -... |
211 212 213 |
size_t i; blake2b_increment_counter(state, state->buflen); |
a2e4bdce0 crypto: blake2b -... |
214 215 |
/* Set last block */ state->f[0] = (u64)-1; |
086db43b5 crypto: blake2b -... |
216 217 218 219 220 221 222 |
/* Padding */ memset(state->buf + state->buflen, 0, BLAKE2B_BLOCKBYTES - state->buflen); blake2b_compress(state, state->buf); /* Avoid temporary buffer and switch the internal output to LE order */ for (i = 0; i < ARRAY_SIZE(state->h); i++) __cpu_to_le64s(&state->h[i]); |
91d689337 crypto: blake2b -... |
223 |
|
086db43b5 crypto: blake2b -... |
224 |
memcpy(out, state->h, digestsize); |
91d689337 crypto: blake2b -... |
225 226 227 228 229 230 231 232 233 234 |
return 0; } static struct shash_alg blake2b_algs[] = { { .base.cra_name = "blake2b-160", .base.cra_driver_name = "blake2b-160-generic", .base.cra_priority = 100, .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY, .base.cra_blocksize = BLAKE2B_BLOCKBYTES, |
c433a1a85 crypto: blake2b -... |
235 |
.base.cra_ctxsize = sizeof(struct blake2b_tfm_ctx), |
91d689337 crypto: blake2b -... |
236 237 |
.base.cra_module = THIS_MODULE, .digestsize = BLAKE2B_160_DIGEST_SIZE, |
c433a1a85 crypto: blake2b -... |
238 |
.setkey = blake2b_setkey, |
e37496956 crypto: blake2b -... |
239 |
.init = blake2b_init, |
0b4b5f10a crypto: blake2b -... |
240 |
.update = blake2b_update, |
086db43b5 crypto: blake2b -... |
241 |
.final = blake2b_final, |
91d689337 crypto: blake2b -... |
242 243 244 245 246 247 248 |
.descsize = sizeof(struct blake2b_state), }, { .base.cra_name = "blake2b-256", .base.cra_driver_name = "blake2b-256-generic", .base.cra_priority = 100, .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY, .base.cra_blocksize = BLAKE2B_BLOCKBYTES, |
c433a1a85 crypto: blake2b -... |
249 |
.base.cra_ctxsize = sizeof(struct blake2b_tfm_ctx), |
91d689337 crypto: blake2b -... |
250 251 |
.base.cra_module = THIS_MODULE, .digestsize = BLAKE2B_256_DIGEST_SIZE, |
c433a1a85 crypto: blake2b -... |
252 |
.setkey = blake2b_setkey, |
e37496956 crypto: blake2b -... |
253 |
.init = blake2b_init, |
0b4b5f10a crypto: blake2b -... |
254 |
.update = blake2b_update, |
086db43b5 crypto: blake2b -... |
255 |
.final = blake2b_final, |
91d689337 crypto: blake2b -... |
256 257 258 259 260 261 262 |
.descsize = sizeof(struct blake2b_state), }, { .base.cra_name = "blake2b-384", .base.cra_driver_name = "blake2b-384-generic", .base.cra_priority = 100, .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY, .base.cra_blocksize = BLAKE2B_BLOCKBYTES, |
c433a1a85 crypto: blake2b -... |
263 |
.base.cra_ctxsize = sizeof(struct blake2b_tfm_ctx), |
91d689337 crypto: blake2b -... |
264 265 |
.base.cra_module = THIS_MODULE, .digestsize = BLAKE2B_384_DIGEST_SIZE, |
c433a1a85 crypto: blake2b -... |
266 |
.setkey = blake2b_setkey, |
e37496956 crypto: blake2b -... |
267 |
.init = blake2b_init, |
0b4b5f10a crypto: blake2b -... |
268 |
.update = blake2b_update, |
086db43b5 crypto: blake2b -... |
269 |
.final = blake2b_final, |
91d689337 crypto: blake2b -... |
270 271 272 273 274 275 276 |
.descsize = sizeof(struct blake2b_state), }, { .base.cra_name = "blake2b-512", .base.cra_driver_name = "blake2b-512-generic", .base.cra_priority = 100, .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY, .base.cra_blocksize = BLAKE2B_BLOCKBYTES, |
c433a1a85 crypto: blake2b -... |
277 |
.base.cra_ctxsize = sizeof(struct blake2b_tfm_ctx), |
91d689337 crypto: blake2b -... |
278 279 |
.base.cra_module = THIS_MODULE, .digestsize = BLAKE2B_512_DIGEST_SIZE, |
c433a1a85 crypto: blake2b -... |
280 |
.setkey = blake2b_setkey, |
e37496956 crypto: blake2b -... |
281 |
.init = blake2b_init, |
0b4b5f10a crypto: blake2b -... |
282 |
.update = blake2b_update, |
086db43b5 crypto: blake2b -... |
283 |
.final = blake2b_final, |
91d689337 crypto: blake2b -... |
284 285 286 287 288 289 |
.descsize = sizeof(struct blake2b_state), } }; static int __init blake2b_mod_init(void) { |
91d689337 crypto: blake2b -... |
290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 |
return crypto_register_shashes(blake2b_algs, ARRAY_SIZE(blake2b_algs)); } static void __exit blake2b_mod_fini(void) { crypto_unregister_shashes(blake2b_algs, ARRAY_SIZE(blake2b_algs)); } subsys_initcall(blake2b_mod_init); module_exit(blake2b_mod_fini); MODULE_AUTHOR("David Sterba <kdave@kernel.org>"); MODULE_DESCRIPTION("BLAKE2b generic implementation"); MODULE_LICENSE("GPL"); MODULE_ALIAS_CRYPTO("blake2b-160"); MODULE_ALIAS_CRYPTO("blake2b-160-generic"); MODULE_ALIAS_CRYPTO("blake2b-256"); MODULE_ALIAS_CRYPTO("blake2b-256-generic"); MODULE_ALIAS_CRYPTO("blake2b-384"); MODULE_ALIAS_CRYPTO("blake2b-384-generic"); MODULE_ALIAS_CRYPTO("blake2b-512"); MODULE_ALIAS_CRYPTO("blake2b-512-generic"); |