wolfSSL - wolfSSL SSL/TLS library, support up to TLS1.3

Users » wolfSSL » Code » wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

wolfcrypt/src/blake2s.c@17:a5f916481144, 2020-06-05 (annotated)

Committer:: wolfSSL
Date:: Fri Jun 05 00:11:07 2020 +0000
Revision:: 17:a5f916481144
Parent:: 16:8e0d178b1d1e

wolfSSL 4.4.0

Who changed what in which revision?

User	Revision	Line number	New contents of line
wolfSSL	16:8e0d178b1d1e	1	/*
wolfSSL	16:8e0d178b1d1e	2	BLAKE2 reference source code package - reference C implementations
wolfSSL	16:8e0d178b1d1e	3
wolfSSL	16:8e0d178b1d1e	4	Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
wolfSSL	16:8e0d178b1d1e	5
wolfSSL	16:8e0d178b1d1e	6	To the extent possible under law, the author(s) have dedicated all copyright
wolfSSL	16:8e0d178b1d1e	7	and related and neighboring rights to this software to the public domain
wolfSSL	16:8e0d178b1d1e	8	worldwide. This software is distributed without any warranty.
wolfSSL	16:8e0d178b1d1e	9
wolfSSL	16:8e0d178b1d1e	10	You should have received a copy of the CC0 Public Domain Dedication along with
wolfSSL	16:8e0d178b1d1e	11	this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
wolfSSL	16:8e0d178b1d1e	12	*/
wolfSSL	16:8e0d178b1d1e	13	/* blake2s.c
wolfSSL	16:8e0d178b1d1e	14	*
wolfSSL	16:8e0d178b1d1e	15	* Copyright (C) 2006-2020 wolfSSL Inc.
wolfSSL	16:8e0d178b1d1e	16	*
wolfSSL	16:8e0d178b1d1e	17	* This file is part of wolfSSL.
wolfSSL	16:8e0d178b1d1e	18	*
wolfSSL	16:8e0d178b1d1e	19	* wolfSSL is free software; you can redistribute it and/or modify
wolfSSL	16:8e0d178b1d1e	20	* it under the terms of the GNU General Public License as published by
wolfSSL	16:8e0d178b1d1e	21	* the Free Software Foundation; either version 2 of the License, or
wolfSSL	16:8e0d178b1d1e	22	* (at your option) any later version.
wolfSSL	16:8e0d178b1d1e	23	*
wolfSSL	16:8e0d178b1d1e	24	* wolfSSL is distributed in the hope that it will be useful,
wolfSSL	16:8e0d178b1d1e	25	* but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL	16:8e0d178b1d1e	26	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL	16:8e0d178b1d1e	27	* GNU General Public License for more details.
wolfSSL	16:8e0d178b1d1e	28	*
wolfSSL	16:8e0d178b1d1e	29	* You should have received a copy of the GNU General Public License
wolfSSL	16:8e0d178b1d1e	30	* along with this program; if not, write to the Free Software
wolfSSL	16:8e0d178b1d1e	31	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL	16:8e0d178b1d1e	32	*/
wolfSSL	16:8e0d178b1d1e	33
wolfSSL	16:8e0d178b1d1e	34
wolfSSL	16:8e0d178b1d1e	35
wolfSSL	16:8e0d178b1d1e	36	#ifdef HAVE_CONFIG_H
wolfSSL	16:8e0d178b1d1e	37	#include <config.h>
wolfSSL	16:8e0d178b1d1e	38	#endif
wolfSSL	16:8e0d178b1d1e	39
wolfSSL	16:8e0d178b1d1e	40	#include <wolfssl/wolfcrypt/settings.h>
wolfSSL	16:8e0d178b1d1e	41
wolfSSL	16:8e0d178b1d1e	42	#ifdef HAVE_BLAKE2S
wolfSSL	16:8e0d178b1d1e	43
wolfSSL	16:8e0d178b1d1e	44	#include <wolfssl/wolfcrypt/blake2.h>
wolfSSL	16:8e0d178b1d1e	45	#include <wolfssl/wolfcrypt/blake2-impl.h>
wolfSSL	16:8e0d178b1d1e	46
wolfSSL	16:8e0d178b1d1e	47
wolfSSL	16:8e0d178b1d1e	48	static const word32 blake2s_IV[8] =
wolfSSL	16:8e0d178b1d1e	49	{
wolfSSL	16:8e0d178b1d1e	50	0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
wolfSSL	16:8e0d178b1d1e	51	0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
wolfSSL	16:8e0d178b1d1e	52	};
wolfSSL	16:8e0d178b1d1e	53
wolfSSL	16:8e0d178b1d1e	54	static const byte blake2s_sigma[10][16] =
wolfSSL	16:8e0d178b1d1e	55	{
wolfSSL	16:8e0d178b1d1e	56	{ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } ,
wolfSSL	16:8e0d178b1d1e	57	{ 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } ,
wolfSSL	16:8e0d178b1d1e	58	{ 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } ,
wolfSSL	16:8e0d178b1d1e	59	{ 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } ,
wolfSSL	16:8e0d178b1d1e	60	{ 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } ,
wolfSSL	16:8e0d178b1d1e	61	{ 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } ,
wolfSSL	16:8e0d178b1d1e	62	{ 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } ,
wolfSSL	16:8e0d178b1d1e	63	{ 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } ,
wolfSSL	16:8e0d178b1d1e	64	{ 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } ,
wolfSSL	16:8e0d178b1d1e	65	{ 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 }
wolfSSL	16:8e0d178b1d1e	66	};
wolfSSL	16:8e0d178b1d1e	67
wolfSSL	16:8e0d178b1d1e	68
wolfSSL	16:8e0d178b1d1e	69	static WC_INLINE int blake2s_set_lastnode( blake2s_state *S )
wolfSSL	16:8e0d178b1d1e	70	{
wolfSSL	16:8e0d178b1d1e	71	S->f[1] = ~0;
wolfSSL	16:8e0d178b1d1e	72	return 0;
wolfSSL	16:8e0d178b1d1e	73	}
wolfSSL	16:8e0d178b1d1e	74
wolfSSL	16:8e0d178b1d1e	75	/* Some helper functions, not necessarily useful */
wolfSSL	16:8e0d178b1d1e	76	static WC_INLINE int blake2s_set_lastblock( blake2s_state *S )
wolfSSL	16:8e0d178b1d1e	77	{
wolfSSL	16:8e0d178b1d1e	78	if( S->last_node ) blake2s_set_lastnode( S );
wolfSSL	16:8e0d178b1d1e	79
wolfSSL	16:8e0d178b1d1e	80	S->f[0] = ~0;
wolfSSL	16:8e0d178b1d1e	81	return 0;
wolfSSL	16:8e0d178b1d1e	82	}
wolfSSL	16:8e0d178b1d1e	83
wolfSSL	16:8e0d178b1d1e	84	static WC_INLINE int blake2s_increment_counter( blake2s_state *S, const word32
wolfSSL	16:8e0d178b1d1e	85	inc )
wolfSSL	16:8e0d178b1d1e	86	{
wolfSSL	16:8e0d178b1d1e	87	S->t[0] += inc;
wolfSSL	16:8e0d178b1d1e	88	S->t[1] += ( S->t[0] < inc );
wolfSSL	16:8e0d178b1d1e	89	return 0;
wolfSSL	16:8e0d178b1d1e	90	}
wolfSSL	16:8e0d178b1d1e	91
wolfSSL	16:8e0d178b1d1e	92	static WC_INLINE int blake2s_init0( blake2s_state *S )
wolfSSL	16:8e0d178b1d1e	93	{
wolfSSL	16:8e0d178b1d1e	94	int i;
wolfSSL	16:8e0d178b1d1e	95	XMEMSET( S, 0, sizeof( blake2s_state ) );
wolfSSL	16:8e0d178b1d1e	96
wolfSSL	16:8e0d178b1d1e	97	for( i = 0; i < 8; ++i ) S->h[i] = blake2s_IV[i];
wolfSSL	16:8e0d178b1d1e	98
wolfSSL	16:8e0d178b1d1e	99	return 0;
wolfSSL	16:8e0d178b1d1e	100	}
wolfSSL	16:8e0d178b1d1e	101
wolfSSL	16:8e0d178b1d1e	102	/* init xors IV with input parameter block */
wolfSSL	16:8e0d178b1d1e	103	int blake2s_init_param( blake2s_state S, const blake2s_param P )
wolfSSL	16:8e0d178b1d1e	104	{
wolfSSL	16:8e0d178b1d1e	105	word32 i;
wolfSSL	16:8e0d178b1d1e	106	byte *p ;
wolfSSL	16:8e0d178b1d1e	107	blake2s_init0( S );
wolfSSL	16:8e0d178b1d1e	108	p = ( byte * )( P );
wolfSSL	16:8e0d178b1d1e	109
wolfSSL	16:8e0d178b1d1e	110	/* IV XOR ParamBlock */
wolfSSL	16:8e0d178b1d1e	111	for( i = 0; i < 8; ++i )
wolfSSL	16:8e0d178b1d1e	112	S->h[i] ^= load32( p + sizeof( S->h[i] ) * i );
wolfSSL	16:8e0d178b1d1e	113
wolfSSL	16:8e0d178b1d1e	114	return 0;
wolfSSL	16:8e0d178b1d1e	115	}
wolfSSL	16:8e0d178b1d1e	116
wolfSSL	16:8e0d178b1d1e	117
wolfSSL	16:8e0d178b1d1e	118
wolfSSL	16:8e0d178b1d1e	119	int blake2s_init( blake2s_state *S, const byte outlen )
wolfSSL	16:8e0d178b1d1e	120	{
wolfSSL	16:8e0d178b1d1e	121	blake2s_param P[1];
wolfSSL	16:8e0d178b1d1e	122
wolfSSL	16:8e0d178b1d1e	123	if ( ( !outlen ) \|\| ( outlen > BLAKE2S_OUTBYTES ) ) return -1;
wolfSSL	16:8e0d178b1d1e	124
wolfSSL	16:8e0d178b1d1e	125	#ifdef WOLFSSL_BLAKE2S_INIT_EACH_FIELD
wolfSSL	16:8e0d178b1d1e	126	P->digest_length = outlen;
wolfSSL	16:8e0d178b1d1e	127	P->key_length = 0;
wolfSSL	16:8e0d178b1d1e	128	P->fanout = 1;
wolfSSL	16:8e0d178b1d1e	129	P->depth = 1;
wolfSSL	16:8e0d178b1d1e	130	store32( &P->leaf_length, 0 );
wolfSSL	16:8e0d178b1d1e	131	store32( &P->node_offset, 0 );
wolfSSL	16:8e0d178b1d1e	132	P->node_depth = 0;
wolfSSL	16:8e0d178b1d1e	133	P->inner_length = 0;
wolfSSL	16:8e0d178b1d1e	134	XMEMSET( P->reserved, 0, sizeof( P->reserved ) );
wolfSSL	16:8e0d178b1d1e	135	XMEMSET( P->salt, 0, sizeof( P->salt ) );
wolfSSL	16:8e0d178b1d1e	136	XMEMSET( P->personal, 0, sizeof( P->personal ) );
wolfSSL	16:8e0d178b1d1e	137	#else
wolfSSL	16:8e0d178b1d1e	138	XMEMSET( P, 0, sizeof( *P ) );
wolfSSL	16:8e0d178b1d1e	139	P->digest_length = outlen;
wolfSSL	16:8e0d178b1d1e	140	P->fanout = 1;
wolfSSL	16:8e0d178b1d1e	141	P->depth = 1;
wolfSSL	16:8e0d178b1d1e	142	#endif
wolfSSL	16:8e0d178b1d1e	143	return blake2s_init_param( S, P );
wolfSSL	16:8e0d178b1d1e	144	}
wolfSSL	16:8e0d178b1d1e	145
wolfSSL	16:8e0d178b1d1e	146
wolfSSL	16:8e0d178b1d1e	147	int blake2s_init_key( blake2s_state S, const byte outlen, const void key,
wolfSSL	16:8e0d178b1d1e	148	const byte keylen )
wolfSSL	16:8e0d178b1d1e	149	{
wolfSSL	16:8e0d178b1d1e	150	blake2s_param P[1];
wolfSSL	16:8e0d178b1d1e	151
wolfSSL	16:8e0d178b1d1e	152	if ( ( !outlen ) \|\| ( outlen > BLAKE2S_OUTBYTES ) ) return -1;
wolfSSL	16:8e0d178b1d1e	153
wolfSSL	16:8e0d178b1d1e	154	if ( !key \|\| !keylen \|\| keylen > BLAKE2S_KEYBYTES ) return -1;
wolfSSL	16:8e0d178b1d1e	155
wolfSSL	16:8e0d178b1d1e	156	#ifdef WOLFSSL_BLAKE2S_INIT_EACH_FIELD
wolfSSL	16:8e0d178b1d1e	157	P->digest_length = outlen;
wolfSSL	16:8e0d178b1d1e	158	P->key_length = keylen;
wolfSSL	16:8e0d178b1d1e	159	P->fanout = 1;
wolfSSL	16:8e0d178b1d1e	160	P->depth = 1;
wolfSSL	16:8e0d178b1d1e	161	store32( &P->leaf_length, 0 );
wolfSSL	16:8e0d178b1d1e	162	store64( &P->node_offset, 0 );
wolfSSL	16:8e0d178b1d1e	163	P->node_depth = 0;
wolfSSL	16:8e0d178b1d1e	164	P->inner_length = 0;
wolfSSL	16:8e0d178b1d1e	165	XMEMSET( P->reserved, 0, sizeof( P->reserved ) );
wolfSSL	16:8e0d178b1d1e	166	XMEMSET( P->salt, 0, sizeof( P->salt ) );
wolfSSL	16:8e0d178b1d1e	167	XMEMSET( P->personal, 0, sizeof( P->personal ) );
wolfSSL	16:8e0d178b1d1e	168	#else
wolfSSL	16:8e0d178b1d1e	169	XMEMSET( P, 0, sizeof( *P ) );
wolfSSL	16:8e0d178b1d1e	170	P->digest_length = outlen;
wolfSSL	16:8e0d178b1d1e	171	P->key_length = keylen;
wolfSSL	16:8e0d178b1d1e	172	P->fanout = 1;
wolfSSL	16:8e0d178b1d1e	173	P->depth = 1;
wolfSSL	16:8e0d178b1d1e	174	#endif
wolfSSL	16:8e0d178b1d1e	175
wolfSSL	16:8e0d178b1d1e	176	if( blake2s_init_param( S, P ) < 0 ) return -1;
wolfSSL	16:8e0d178b1d1e	177
wolfSSL	16:8e0d178b1d1e	178	{
wolfSSL	16:8e0d178b1d1e	179	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	16:8e0d178b1d1e	180	byte* block;
wolfSSL	16:8e0d178b1d1e	181
wolfSSL	16:8e0d178b1d1e	182	block = (byte*)XMALLOC(BLAKE2S_BLOCKBYTES, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	16:8e0d178b1d1e	183
wolfSSL	16:8e0d178b1d1e	184	if ( block == NULL ) return -1;
wolfSSL	16:8e0d178b1d1e	185	#else
wolfSSL	16:8e0d178b1d1e	186	byte block[BLAKE2S_BLOCKBYTES];
wolfSSL	16:8e0d178b1d1e	187	#endif
wolfSSL	16:8e0d178b1d1e	188
wolfSSL	16:8e0d178b1d1e	189	XMEMSET( block, 0, BLAKE2S_BLOCKBYTES );
wolfSSL	16:8e0d178b1d1e	190	XMEMCPY( block, key, keylen );
wolfSSL	16:8e0d178b1d1e	191	blake2s_update( S, block, BLAKE2S_BLOCKBYTES );
wolfSSL	16:8e0d178b1d1e	192	secure_zero_memory( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from */
wolfSSL	16:8e0d178b1d1e	193	/* memory */
wolfSSL	16:8e0d178b1d1e	194
wolfSSL	16:8e0d178b1d1e	195	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	16:8e0d178b1d1e	196	XFREE(block, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	16:8e0d178b1d1e	197	#endif
wolfSSL	16:8e0d178b1d1e	198	}
wolfSSL	16:8e0d178b1d1e	199	return 0;
wolfSSL	16:8e0d178b1d1e	200	}
wolfSSL	16:8e0d178b1d1e	201
wolfSSL	16:8e0d178b1d1e	202	static int blake2s_compress( blake2s_state *S,
wolfSSL	16:8e0d178b1d1e	203	const byte block[BLAKE2S_BLOCKBYTES] )
wolfSSL	16:8e0d178b1d1e	204	{
wolfSSL	16:8e0d178b1d1e	205	int i;
wolfSSL	16:8e0d178b1d1e	206
wolfSSL	16:8e0d178b1d1e	207	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	16:8e0d178b1d1e	208	word32* m;
wolfSSL	16:8e0d178b1d1e	209	word32* v;
wolfSSL	16:8e0d178b1d1e	210
wolfSSL	16:8e0d178b1d1e	211	m = (word32)XMALLOC(sizeof(word32) 16, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	16:8e0d178b1d1e	212
wolfSSL	16:8e0d178b1d1e	213	if ( m == NULL ) return -1;
wolfSSL	16:8e0d178b1d1e	214
wolfSSL	16:8e0d178b1d1e	215	v = (word32)XMALLOC(sizeof(word32) 16, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	16:8e0d178b1d1e	216
wolfSSL	16:8e0d178b1d1e	217	if ( v == NULL )
wolfSSL	16:8e0d178b1d1e	218	{
wolfSSL	16:8e0d178b1d1e	219	XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	16:8e0d178b1d1e	220	return -1;
wolfSSL	16:8e0d178b1d1e	221	}
wolfSSL	16:8e0d178b1d1e	222	#else
wolfSSL	16:8e0d178b1d1e	223	word32 m[16];
wolfSSL	16:8e0d178b1d1e	224	word32 v[16];
wolfSSL	16:8e0d178b1d1e	225	#endif
wolfSSL	16:8e0d178b1d1e	226
wolfSSL	16:8e0d178b1d1e	227	for( i = 0; i < 16; ++i )
wolfSSL	16:8e0d178b1d1e	228	m[i] = load32( block + i * sizeof( m[i] ) );
wolfSSL	16:8e0d178b1d1e	229
wolfSSL	16:8e0d178b1d1e	230	for( i = 0; i < 8; ++i )
wolfSSL	16:8e0d178b1d1e	231	v[i] = S->h[i];
wolfSSL	16:8e0d178b1d1e	232
wolfSSL	16:8e0d178b1d1e	233	v[ 8] = blake2s_IV[0];
wolfSSL	16:8e0d178b1d1e	234	v[ 9] = blake2s_IV[1];
wolfSSL	16:8e0d178b1d1e	235	v[10] = blake2s_IV[2];
wolfSSL	16:8e0d178b1d1e	236	v[11] = blake2s_IV[3];
wolfSSL	16:8e0d178b1d1e	237	v[12] = S->t[0] ^ blake2s_IV[4];
wolfSSL	16:8e0d178b1d1e	238	v[13] = S->t[1] ^ blake2s_IV[5];
wolfSSL	16:8e0d178b1d1e	239	v[14] = S->f[0] ^ blake2s_IV[6];
wolfSSL	16:8e0d178b1d1e	240	v[15] = S->f[1] ^ blake2s_IV[7];
wolfSSL	16:8e0d178b1d1e	241	#define G(r,i,a,b,c,d) \
wolfSSL	16:8e0d178b1d1e	242	do { \
wolfSSL	16:8e0d178b1d1e	243	a = a + b + m[blake2s_sigma[r][2*i+0]]; \
wolfSSL	16:8e0d178b1d1e	244	d = rotr32(d ^ a, 16); \
wolfSSL	16:8e0d178b1d1e	245	c = c + d; \
wolfSSL	16:8e0d178b1d1e	246	b = rotr32(b ^ c, 12); \
wolfSSL	16:8e0d178b1d1e	247	a = a + b + m[blake2s_sigma[r][2*i+1]]; \
wolfSSL	16:8e0d178b1d1e	248	d = rotr32(d ^ a, 8); \
wolfSSL	16:8e0d178b1d1e	249	c = c + d; \
wolfSSL	16:8e0d178b1d1e	250	b = rotr32(b ^ c, 7); \
wolfSSL	16:8e0d178b1d1e	251	} while(0)
wolfSSL	16:8e0d178b1d1e	252	#define ROUND(r) \
wolfSSL	16:8e0d178b1d1e	253	do { \
wolfSSL	16:8e0d178b1d1e	254	G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \
wolfSSL	16:8e0d178b1d1e	255	G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \
wolfSSL	16:8e0d178b1d1e	256	G(r,2,v[ 2],v[ 6],v[10],v[14]); \
wolfSSL	16:8e0d178b1d1e	257	G(r,3,v[ 3],v[ 7],v[11],v[15]); \
wolfSSL	16:8e0d178b1d1e	258	G(r,4,v[ 0],v[ 5],v[10],v[15]); \
wolfSSL	16:8e0d178b1d1e	259	G(r,5,v[ 1],v[ 6],v[11],v[12]); \
wolfSSL	16:8e0d178b1d1e	260	G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
wolfSSL	16:8e0d178b1d1e	261	G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \
wolfSSL	16:8e0d178b1d1e	262	} while(0)
wolfSSL	16:8e0d178b1d1e	263	ROUND( 0 );
wolfSSL	16:8e0d178b1d1e	264	ROUND( 1 );
wolfSSL	16:8e0d178b1d1e	265	ROUND( 2 );
wolfSSL	16:8e0d178b1d1e	266	ROUND( 3 );
wolfSSL	16:8e0d178b1d1e	267	ROUND( 4 );
wolfSSL	16:8e0d178b1d1e	268	ROUND( 5 );
wolfSSL	16:8e0d178b1d1e	269	ROUND( 6 );
wolfSSL	16:8e0d178b1d1e	270	ROUND( 7 );
wolfSSL	16:8e0d178b1d1e	271	ROUND( 8 );
wolfSSL	16:8e0d178b1d1e	272	ROUND( 9 );
wolfSSL	16:8e0d178b1d1e	273
wolfSSL	16:8e0d178b1d1e	274	for( i = 0; i < 8; ++i )
wolfSSL	16:8e0d178b1d1e	275	S->h[i] = S->h[i] ^ v[i] ^ v[i + 8];
wolfSSL	16:8e0d178b1d1e	276
wolfSSL	16:8e0d178b1d1e	277	#undef G
wolfSSL	16:8e0d178b1d1e	278	#undef ROUND
wolfSSL	16:8e0d178b1d1e	279
wolfSSL	16:8e0d178b1d1e	280	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	16:8e0d178b1d1e	281	XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	16:8e0d178b1d1e	282	XFREE(v, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	16:8e0d178b1d1e	283	#endif
wolfSSL	16:8e0d178b1d1e	284
wolfSSL	16:8e0d178b1d1e	285	return 0;
wolfSSL	16:8e0d178b1d1e	286	}
wolfSSL	16:8e0d178b1d1e	287
wolfSSL	16:8e0d178b1d1e	288	/* inlen now in bytes */
wolfSSL	16:8e0d178b1d1e	289	int blake2s_update( blake2s_state S, const byte in, word32 inlen )
wolfSSL	16:8e0d178b1d1e	290	{
wolfSSL	16:8e0d178b1d1e	291	while( inlen > 0 )
wolfSSL	16:8e0d178b1d1e	292	{
wolfSSL	16:8e0d178b1d1e	293	word32 left = S->buflen;
wolfSSL	16:8e0d178b1d1e	294	word32 fill = 2 * BLAKE2S_BLOCKBYTES - left;
wolfSSL	16:8e0d178b1d1e	295
wolfSSL	16:8e0d178b1d1e	296	if( inlen > fill )
wolfSSL	16:8e0d178b1d1e	297	{
wolfSSL	16:8e0d178b1d1e	298	XMEMCPY( S->buf + left, in, (wolfssl_word)fill ); /* Fill buffer */
wolfSSL	16:8e0d178b1d1e	299	S->buflen += fill;
wolfSSL	16:8e0d178b1d1e	300	blake2s_increment_counter( S, BLAKE2S_BLOCKBYTES );
wolfSSL	16:8e0d178b1d1e	301
wolfSSL	16:8e0d178b1d1e	302	if ( blake2s_compress( S, S->buf ) < 0 ) return -1; /* Compress */
wolfSSL	16:8e0d178b1d1e	303
wolfSSL	16:8e0d178b1d1e	304	XMEMCPY( S->buf, S->buf + BLAKE2S_BLOCKBYTES, BLAKE2S_BLOCKBYTES );
wolfSSL	16:8e0d178b1d1e	305	/* Shift buffer left */
wolfSSL	16:8e0d178b1d1e	306	S->buflen -= BLAKE2S_BLOCKBYTES;
wolfSSL	16:8e0d178b1d1e	307	in += fill;
wolfSSL	16:8e0d178b1d1e	308	inlen -= fill;
wolfSSL	16:8e0d178b1d1e	309	}
wolfSSL	16:8e0d178b1d1e	310	else /* inlen <= fill */
wolfSSL	16:8e0d178b1d1e	311	{
wolfSSL	16:8e0d178b1d1e	312	XMEMCPY( S->buf + left, in, (wolfssl_word)inlen );
wolfSSL	16:8e0d178b1d1e	313	S->buflen += inlen; /* Be lazy, do not compress */
wolfSSL	16:8e0d178b1d1e	314	inlen = 0;
wolfSSL	16:8e0d178b1d1e	315	}
wolfSSL	16:8e0d178b1d1e	316	}
wolfSSL	16:8e0d178b1d1e	317
wolfSSL	16:8e0d178b1d1e	318	return 0;
wolfSSL	16:8e0d178b1d1e	319	}
wolfSSL	16:8e0d178b1d1e	320
wolfSSL	16:8e0d178b1d1e	321	/* Is this correct? */
wolfSSL	16:8e0d178b1d1e	322	int blake2s_final( blake2s_state S, byte out, byte outlen )
wolfSSL	16:8e0d178b1d1e	323	{
wolfSSL	16:8e0d178b1d1e	324	int i;
wolfSSL	16:8e0d178b1d1e	325	byte buffer[BLAKE2S_BLOCKBYTES];
wolfSSL	16:8e0d178b1d1e	326
wolfSSL	16:8e0d178b1d1e	327	if( S->buflen > BLAKE2S_BLOCKBYTES )
wolfSSL	16:8e0d178b1d1e	328	{
wolfSSL	16:8e0d178b1d1e	329	blake2s_increment_counter( S, BLAKE2S_BLOCKBYTES );
wolfSSL	16:8e0d178b1d1e	330
wolfSSL	16:8e0d178b1d1e	331	if ( blake2s_compress( S, S->buf ) < 0 ) return -1;
wolfSSL	16:8e0d178b1d1e	332
wolfSSL	16:8e0d178b1d1e	333	S->buflen -= BLAKE2S_BLOCKBYTES;
wolfSSL	16:8e0d178b1d1e	334	XMEMCPY( S->buf, S->buf + BLAKE2S_BLOCKBYTES, (wolfssl_word)S->buflen );
wolfSSL	16:8e0d178b1d1e	335	}
wolfSSL	16:8e0d178b1d1e	336
wolfSSL	16:8e0d178b1d1e	337	blake2s_increment_counter( S, S->buflen );
wolfSSL	16:8e0d178b1d1e	338	blake2s_set_lastblock( S );
wolfSSL	16:8e0d178b1d1e	339	XMEMSET( S->buf + S->buflen, 0, (wolfssl_word)(2 * BLAKE2S_BLOCKBYTES - S->buflen) );
wolfSSL	16:8e0d178b1d1e	340	/* Padding */
wolfSSL	16:8e0d178b1d1e	341	if ( blake2s_compress( S, S->buf ) < 0 ) return -1;
wolfSSL	16:8e0d178b1d1e	342
wolfSSL	16:8e0d178b1d1e	343	for( i = 0; i < 8; ++i ) /* Output full hash to temp buffer */
wolfSSL	16:8e0d178b1d1e	344	store64( buffer + sizeof( S->h[i] ) * i, S->h[i] );
wolfSSL	16:8e0d178b1d1e	345
wolfSSL	16:8e0d178b1d1e	346	XMEMCPY( out, buffer, outlen );
wolfSSL	16:8e0d178b1d1e	347	return 0;
wolfSSL	16:8e0d178b1d1e	348	}
wolfSSL	16:8e0d178b1d1e	349
wolfSSL	16:8e0d178b1d1e	350	/* inlen, at least, should be word32. Others can be size_t. */
wolfSSL	16:8e0d178b1d1e	351	int blake2s( byte out, const void in, const void *key, const byte outlen,
wolfSSL	16:8e0d178b1d1e	352	const word32 inlen, byte keylen )
wolfSSL	16:8e0d178b1d1e	353	{
wolfSSL	16:8e0d178b1d1e	354	blake2s_state S[1];
wolfSSL	16:8e0d178b1d1e	355
wolfSSL	16:8e0d178b1d1e	356	/* Verify parameters */
wolfSSL	16:8e0d178b1d1e	357	if ( NULL == in ) return -1;
wolfSSL	16:8e0d178b1d1e	358
wolfSSL	16:8e0d178b1d1e	359	if ( NULL == out ) return -1;
wolfSSL	16:8e0d178b1d1e	360
wolfSSL	16:8e0d178b1d1e	361	if( NULL == key ) keylen = 0;
wolfSSL	16:8e0d178b1d1e	362
wolfSSL	16:8e0d178b1d1e	363	if( keylen > 0 )
wolfSSL	16:8e0d178b1d1e	364	{
wolfSSL	16:8e0d178b1d1e	365	if( blake2s_init_key( S, outlen, key, keylen ) < 0 ) return -1;
wolfSSL	16:8e0d178b1d1e	366	}
wolfSSL	16:8e0d178b1d1e	367	else
wolfSSL	16:8e0d178b1d1e	368	{
wolfSSL	16:8e0d178b1d1e	369	if( blake2s_init( S, outlen ) < 0 ) return -1;
wolfSSL	16:8e0d178b1d1e	370	}
wolfSSL	16:8e0d178b1d1e	371
wolfSSL	16:8e0d178b1d1e	372	if ( blake2s_update( S, ( byte * )in, inlen ) < 0) return -1;
wolfSSL	16:8e0d178b1d1e	373
wolfSSL	16:8e0d178b1d1e	374	return blake2s_final( S, out, outlen );
wolfSSL	16:8e0d178b1d1e	375	}
wolfSSL	16:8e0d178b1d1e	376
wolfSSL	16:8e0d178b1d1e	377	#if defined(BLAKE2S_SELFTEST)
wolfSSL	16:8e0d178b1d1e	378	#include <string.h>
wolfSSL	16:8e0d178b1d1e	379	#include "blake2-kat.h"
wolfSSL	16:8e0d178b1d1e	380	int main( int argc, char **argv )
wolfSSL	16:8e0d178b1d1e	381	{
wolfSSL	16:8e0d178b1d1e	382	byte key[BLAKE2S_KEYBYTES];
wolfSSL	16:8e0d178b1d1e	383	byte buf[KAT_LENGTH];
wolfSSL	16:8e0d178b1d1e	384
wolfSSL	16:8e0d178b1d1e	385	for( word32 i = 0; i < BLAKE2S_KEYBYTES; ++i )
wolfSSL	16:8e0d178b1d1e	386	key[i] = ( byte )i;
wolfSSL	16:8e0d178b1d1e	387
wolfSSL	16:8e0d178b1d1e	388	for( word32 i = 0; i < KAT_LENGTH; ++i )
wolfSSL	16:8e0d178b1d1e	389	buf[i] = ( byte )i;
wolfSSL	16:8e0d178b1d1e	390
wolfSSL	16:8e0d178b1d1e	391	for( word32 i = 0; i < KAT_LENGTH; ++i )
wolfSSL	16:8e0d178b1d1e	392	{
wolfSSL	16:8e0d178b1d1e	393	byte hash[BLAKE2S_OUTBYTES];
wolfSSL	16:8e0d178b1d1e	394	if ( blake2s( hash, buf, key, BLAKE2S_OUTBYTES, i, BLAKE2S_KEYBYTES ) < 0 )
wolfSSL	16:8e0d178b1d1e	395	{
wolfSSL	16:8e0d178b1d1e	396	puts( "error" );
wolfSSL	16:8e0d178b1d1e	397	return -1;
wolfSSL	16:8e0d178b1d1e	398	}
wolfSSL	16:8e0d178b1d1e	399
wolfSSL	16:8e0d178b1d1e	400	if( 0 != XMEMCMP( hash, blake2s_keyed_kat[i], BLAKE2S_OUTBYTES ) )
wolfSSL	16:8e0d178b1d1e	401	{
wolfSSL	16:8e0d178b1d1e	402	puts( "error" );
wolfSSL	16:8e0d178b1d1e	403	return -1;
wolfSSL	16:8e0d178b1d1e	404	}
wolfSSL	16:8e0d178b1d1e	405	}
wolfSSL	16:8e0d178b1d1e	406
wolfSSL	16:8e0d178b1d1e	407	puts( "ok" );
wolfSSL	16:8e0d178b1d1e	408	return 0;
wolfSSL	16:8e0d178b1d1e	409	}
wolfSSL	16:8e0d178b1d1e	410	#endif
wolfSSL	16:8e0d178b1d1e	411
wolfSSL	16:8e0d178b1d1e	412
wolfSSL	16:8e0d178b1d1e	413	/* wolfCrypt API */
wolfSSL	16:8e0d178b1d1e	414
wolfSSL	16:8e0d178b1d1e	415	/* Init Blake2s digest, track size in case final doesn't want to "remember" */
wolfSSL	16:8e0d178b1d1e	416	int wc_InitBlake2s(Blake2s* b2s, word32 digestSz)
wolfSSL	16:8e0d178b1d1e	417	{
wolfSSL	16:8e0d178b1d1e	418	if (b2s == NULL){
wolfSSL	16:8e0d178b1d1e	419	return -1;
wolfSSL	16:8e0d178b1d1e	420	}
wolfSSL	16:8e0d178b1d1e	421	b2s->digestSz = digestSz;
wolfSSL	16:8e0d178b1d1e	422
wolfSSL	16:8e0d178b1d1e	423	return blake2s_init(b2s->S, (byte)digestSz);
wolfSSL	16:8e0d178b1d1e	424	}
wolfSSL	16:8e0d178b1d1e	425
wolfSSL	16:8e0d178b1d1e	426
wolfSSL	16:8e0d178b1d1e	427	/* Blake2s Update */
wolfSSL	16:8e0d178b1d1e	428	int wc_Blake2sUpdate(Blake2s* b2s, const byte* data, word32 sz)
wolfSSL	16:8e0d178b1d1e	429	{
wolfSSL	16:8e0d178b1d1e	430	return blake2s_update(b2s->S, data, sz);
wolfSSL	16:8e0d178b1d1e	431	}
wolfSSL	16:8e0d178b1d1e	432
wolfSSL	16:8e0d178b1d1e	433
wolfSSL	16:8e0d178b1d1e	434	/* Blake2s Final, if pass in zero size we use init digestSz */
wolfSSL	16:8e0d178b1d1e	435	int wc_Blake2sFinal(Blake2s* b2s, byte* final, word32 requestSz)
wolfSSL	16:8e0d178b1d1e	436	{
wolfSSL	16:8e0d178b1d1e	437	word32 sz = requestSz ? requestSz : b2s->digestSz;
wolfSSL	16:8e0d178b1d1e	438
wolfSSL	16:8e0d178b1d1e	439	return blake2s_final(b2s->S, final, (byte)sz);
wolfSSL	16:8e0d178b1d1e	440	}
wolfSSL	16:8e0d178b1d1e	441
wolfSSL	16:8e0d178b1d1e	442
wolfSSL	16:8e0d178b1d1e	443	/* end CTaoCrypt API */
wolfSSL	16:8e0d178b1d1e	444
wolfSSL	16:8e0d178b1d1e	445	#endif /* HAVE_BLAKE2S */
wolfSSL	16:8e0d178b1d1e	446
wolfSSL	16:8e0d178b1d1e	447

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	26 Jun 2015
Imports:	673
Forks:	0
Commits:	18
Dependents:	29
Dependencies:	0
Followers:	21

wolfcrypt/src/blake2s.c@17:a5f916481144, 2020-06-05 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning