wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
wolfcrypt/src/blake2s.c@17:a5f916481144, 2020-06-05 (annotated)
- Committer:
- wolfSSL
- Date:
- Fri Jun 05 00:11:07 2020 +0000
- Revision:
- 17:a5f916481144
- Parent:
- 16:8e0d178b1d1e
wolfSSL 4.4.0
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
wolfSSL | 16:8e0d178b1d1e | 1 | /* |
wolfSSL | 16:8e0d178b1d1e | 2 | BLAKE2 reference source code package - reference C implementations |
wolfSSL | 16:8e0d178b1d1e | 3 | |
wolfSSL | 16:8e0d178b1d1e | 4 | Written in 2012 by Samuel Neves <sneves@dei.uc.pt> |
wolfSSL | 16:8e0d178b1d1e | 5 | |
wolfSSL | 16:8e0d178b1d1e | 6 | To the extent possible under law, the author(s) have dedicated all copyright |
wolfSSL | 16:8e0d178b1d1e | 7 | and related and neighboring rights to this software to the public domain |
wolfSSL | 16:8e0d178b1d1e | 8 | worldwide. This software is distributed without any warranty. |
wolfSSL | 16:8e0d178b1d1e | 9 | |
wolfSSL | 16:8e0d178b1d1e | 10 | You should have received a copy of the CC0 Public Domain Dedication along with |
wolfSSL | 16:8e0d178b1d1e | 11 | this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>. |
wolfSSL | 16:8e0d178b1d1e | 12 | */ |
wolfSSL | 16:8e0d178b1d1e | 13 | /* blake2s.c |
wolfSSL | 16:8e0d178b1d1e | 14 | * |
wolfSSL | 16:8e0d178b1d1e | 15 | * Copyright (C) 2006-2020 wolfSSL Inc. |
wolfSSL | 16:8e0d178b1d1e | 16 | * |
wolfSSL | 16:8e0d178b1d1e | 17 | * This file is part of wolfSSL. |
wolfSSL | 16:8e0d178b1d1e | 18 | * |
wolfSSL | 16:8e0d178b1d1e | 19 | * wolfSSL is free software; you can redistribute it and/or modify |
wolfSSL | 16:8e0d178b1d1e | 20 | * it under the terms of the GNU General Public License as published by |
wolfSSL | 16:8e0d178b1d1e | 21 | * the Free Software Foundation; either version 2 of the License, or |
wolfSSL | 16:8e0d178b1d1e | 22 | * (at your option) any later version. |
wolfSSL | 16:8e0d178b1d1e | 23 | * |
wolfSSL | 16:8e0d178b1d1e | 24 | * wolfSSL is distributed in the hope that it will be useful, |
wolfSSL | 16:8e0d178b1d1e | 25 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
wolfSSL | 16:8e0d178b1d1e | 26 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
wolfSSL | 16:8e0d178b1d1e | 27 | * GNU General Public License for more details. |
wolfSSL | 16:8e0d178b1d1e | 28 | * |
wolfSSL | 16:8e0d178b1d1e | 29 | * You should have received a copy of the GNU General Public License |
wolfSSL | 16:8e0d178b1d1e | 30 | * along with this program; if not, write to the Free Software |
wolfSSL | 16:8e0d178b1d1e | 31 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
wolfSSL | 16:8e0d178b1d1e | 32 | */ |
wolfSSL | 16:8e0d178b1d1e | 33 | |
wolfSSL | 16:8e0d178b1d1e | 34 | |
wolfSSL | 16:8e0d178b1d1e | 35 | |
wolfSSL | 16:8e0d178b1d1e | 36 | #ifdef HAVE_CONFIG_H |
wolfSSL | 16:8e0d178b1d1e | 37 | #include <config.h> |
wolfSSL | 16:8e0d178b1d1e | 38 | #endif |
wolfSSL | 16:8e0d178b1d1e | 39 | |
wolfSSL | 16:8e0d178b1d1e | 40 | #include <wolfssl/wolfcrypt/settings.h> |
wolfSSL | 16:8e0d178b1d1e | 41 | |
wolfSSL | 16:8e0d178b1d1e | 42 | #ifdef HAVE_BLAKE2S |
wolfSSL | 16:8e0d178b1d1e | 43 | |
wolfSSL | 16:8e0d178b1d1e | 44 | #include <wolfssl/wolfcrypt/blake2.h> |
wolfSSL | 16:8e0d178b1d1e | 45 | #include <wolfssl/wolfcrypt/blake2-impl.h> |
wolfSSL | 16:8e0d178b1d1e | 46 | |
wolfSSL | 16:8e0d178b1d1e | 47 | |
wolfSSL | 16:8e0d178b1d1e | 48 | static const word32 blake2s_IV[8] = |
wolfSSL | 16:8e0d178b1d1e | 49 | { |
wolfSSL | 16:8e0d178b1d1e | 50 | 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, |
wolfSSL | 16:8e0d178b1d1e | 51 | 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 |
wolfSSL | 16:8e0d178b1d1e | 52 | }; |
wolfSSL | 16:8e0d178b1d1e | 53 | |
wolfSSL | 16:8e0d178b1d1e | 54 | static const byte blake2s_sigma[10][16] = |
wolfSSL | 16:8e0d178b1d1e | 55 | { |
wolfSSL | 16:8e0d178b1d1e | 56 | { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } , |
wolfSSL | 16:8e0d178b1d1e | 57 | { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } , |
wolfSSL | 16:8e0d178b1d1e | 58 | { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } , |
wolfSSL | 16:8e0d178b1d1e | 59 | { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } , |
wolfSSL | 16:8e0d178b1d1e | 60 | { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } , |
wolfSSL | 16:8e0d178b1d1e | 61 | { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } , |
wolfSSL | 16:8e0d178b1d1e | 62 | { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } , |
wolfSSL | 16:8e0d178b1d1e | 63 | { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } , |
wolfSSL | 16:8e0d178b1d1e | 64 | { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } , |
wolfSSL | 16:8e0d178b1d1e | 65 | { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } |
wolfSSL | 16:8e0d178b1d1e | 66 | }; |
wolfSSL | 16:8e0d178b1d1e | 67 | |
wolfSSL | 16:8e0d178b1d1e | 68 | |
wolfSSL | 16:8e0d178b1d1e | 69 | static WC_INLINE int blake2s_set_lastnode( blake2s_state *S ) |
wolfSSL | 16:8e0d178b1d1e | 70 | { |
wolfSSL | 16:8e0d178b1d1e | 71 | S->f[1] = ~0; |
wolfSSL | 16:8e0d178b1d1e | 72 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 73 | } |
wolfSSL | 16:8e0d178b1d1e | 74 | |
wolfSSL | 16:8e0d178b1d1e | 75 | /* Some helper functions, not necessarily useful */ |
wolfSSL | 16:8e0d178b1d1e | 76 | static WC_INLINE int blake2s_set_lastblock( blake2s_state *S ) |
wolfSSL | 16:8e0d178b1d1e | 77 | { |
wolfSSL | 16:8e0d178b1d1e | 78 | if( S->last_node ) blake2s_set_lastnode( S ); |
wolfSSL | 16:8e0d178b1d1e | 79 | |
wolfSSL | 16:8e0d178b1d1e | 80 | S->f[0] = ~0; |
wolfSSL | 16:8e0d178b1d1e | 81 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 82 | } |
wolfSSL | 16:8e0d178b1d1e | 83 | |
wolfSSL | 16:8e0d178b1d1e | 84 | static WC_INLINE int blake2s_increment_counter( blake2s_state *S, const word32 |
wolfSSL | 16:8e0d178b1d1e | 85 | inc ) |
wolfSSL | 16:8e0d178b1d1e | 86 | { |
wolfSSL | 16:8e0d178b1d1e | 87 | S->t[0] += inc; |
wolfSSL | 16:8e0d178b1d1e | 88 | S->t[1] += ( S->t[0] < inc ); |
wolfSSL | 16:8e0d178b1d1e | 89 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 90 | } |
wolfSSL | 16:8e0d178b1d1e | 91 | |
wolfSSL | 16:8e0d178b1d1e | 92 | static WC_INLINE int blake2s_init0( blake2s_state *S ) |
wolfSSL | 16:8e0d178b1d1e | 93 | { |
wolfSSL | 16:8e0d178b1d1e | 94 | int i; |
wolfSSL | 16:8e0d178b1d1e | 95 | XMEMSET( S, 0, sizeof( blake2s_state ) ); |
wolfSSL | 16:8e0d178b1d1e | 96 | |
wolfSSL | 16:8e0d178b1d1e | 97 | for( i = 0; i < 8; ++i ) S->h[i] = blake2s_IV[i]; |
wolfSSL | 16:8e0d178b1d1e | 98 | |
wolfSSL | 16:8e0d178b1d1e | 99 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 100 | } |
wolfSSL | 16:8e0d178b1d1e | 101 | |
wolfSSL | 16:8e0d178b1d1e | 102 | /* init xors IV with input parameter block */ |
wolfSSL | 16:8e0d178b1d1e | 103 | int blake2s_init_param( blake2s_state *S, const blake2s_param *P ) |
wolfSSL | 16:8e0d178b1d1e | 104 | { |
wolfSSL | 16:8e0d178b1d1e | 105 | word32 i; |
wolfSSL | 16:8e0d178b1d1e | 106 | byte *p ; |
wolfSSL | 16:8e0d178b1d1e | 107 | blake2s_init0( S ); |
wolfSSL | 16:8e0d178b1d1e | 108 | p = ( byte * )( P ); |
wolfSSL | 16:8e0d178b1d1e | 109 | |
wolfSSL | 16:8e0d178b1d1e | 110 | /* IV XOR ParamBlock */ |
wolfSSL | 16:8e0d178b1d1e | 111 | for( i = 0; i < 8; ++i ) |
wolfSSL | 16:8e0d178b1d1e | 112 | S->h[i] ^= load32( p + sizeof( S->h[i] ) * i ); |
wolfSSL | 16:8e0d178b1d1e | 113 | |
wolfSSL | 16:8e0d178b1d1e | 114 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 115 | } |
wolfSSL | 16:8e0d178b1d1e | 116 | |
wolfSSL | 16:8e0d178b1d1e | 117 | |
wolfSSL | 16:8e0d178b1d1e | 118 | |
wolfSSL | 16:8e0d178b1d1e | 119 | int blake2s_init( blake2s_state *S, const byte outlen ) |
wolfSSL | 16:8e0d178b1d1e | 120 | { |
wolfSSL | 16:8e0d178b1d1e | 121 | blake2s_param P[1]; |
wolfSSL | 16:8e0d178b1d1e | 122 | |
wolfSSL | 16:8e0d178b1d1e | 123 | if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return -1; |
wolfSSL | 16:8e0d178b1d1e | 124 | |
wolfSSL | 16:8e0d178b1d1e | 125 | #ifdef WOLFSSL_BLAKE2S_INIT_EACH_FIELD |
wolfSSL | 16:8e0d178b1d1e | 126 | P->digest_length = outlen; |
wolfSSL | 16:8e0d178b1d1e | 127 | P->key_length = 0; |
wolfSSL | 16:8e0d178b1d1e | 128 | P->fanout = 1; |
wolfSSL | 16:8e0d178b1d1e | 129 | P->depth = 1; |
wolfSSL | 16:8e0d178b1d1e | 130 | store32( &P->leaf_length, 0 ); |
wolfSSL | 16:8e0d178b1d1e | 131 | store32( &P->node_offset, 0 ); |
wolfSSL | 16:8e0d178b1d1e | 132 | P->node_depth = 0; |
wolfSSL | 16:8e0d178b1d1e | 133 | P->inner_length = 0; |
wolfSSL | 16:8e0d178b1d1e | 134 | XMEMSET( P->reserved, 0, sizeof( P->reserved ) ); |
wolfSSL | 16:8e0d178b1d1e | 135 | XMEMSET( P->salt, 0, sizeof( P->salt ) ); |
wolfSSL | 16:8e0d178b1d1e | 136 | XMEMSET( P->personal, 0, sizeof( P->personal ) ); |
wolfSSL | 16:8e0d178b1d1e | 137 | #else |
wolfSSL | 16:8e0d178b1d1e | 138 | XMEMSET( P, 0, sizeof( *P ) ); |
wolfSSL | 16:8e0d178b1d1e | 139 | P->digest_length = outlen; |
wolfSSL | 16:8e0d178b1d1e | 140 | P->fanout = 1; |
wolfSSL | 16:8e0d178b1d1e | 141 | P->depth = 1; |
wolfSSL | 16:8e0d178b1d1e | 142 | #endif |
wolfSSL | 16:8e0d178b1d1e | 143 | return blake2s_init_param( S, P ); |
wolfSSL | 16:8e0d178b1d1e | 144 | } |
wolfSSL | 16:8e0d178b1d1e | 145 | |
wolfSSL | 16:8e0d178b1d1e | 146 | |
wolfSSL | 16:8e0d178b1d1e | 147 | int blake2s_init_key( blake2s_state *S, const byte outlen, const void *key, |
wolfSSL | 16:8e0d178b1d1e | 148 | const byte keylen ) |
wolfSSL | 16:8e0d178b1d1e | 149 | { |
wolfSSL | 16:8e0d178b1d1e | 150 | blake2s_param P[1]; |
wolfSSL | 16:8e0d178b1d1e | 151 | |
wolfSSL | 16:8e0d178b1d1e | 152 | if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return -1; |
wolfSSL | 16:8e0d178b1d1e | 153 | |
wolfSSL | 16:8e0d178b1d1e | 154 | if ( !key || !keylen || keylen > BLAKE2S_KEYBYTES ) return -1; |
wolfSSL | 16:8e0d178b1d1e | 155 | |
wolfSSL | 16:8e0d178b1d1e | 156 | #ifdef WOLFSSL_BLAKE2S_INIT_EACH_FIELD |
wolfSSL | 16:8e0d178b1d1e | 157 | P->digest_length = outlen; |
wolfSSL | 16:8e0d178b1d1e | 158 | P->key_length = keylen; |
wolfSSL | 16:8e0d178b1d1e | 159 | P->fanout = 1; |
wolfSSL | 16:8e0d178b1d1e | 160 | P->depth = 1; |
wolfSSL | 16:8e0d178b1d1e | 161 | store32( &P->leaf_length, 0 ); |
wolfSSL | 16:8e0d178b1d1e | 162 | store64( &P->node_offset, 0 ); |
wolfSSL | 16:8e0d178b1d1e | 163 | P->node_depth = 0; |
wolfSSL | 16:8e0d178b1d1e | 164 | P->inner_length = 0; |
wolfSSL | 16:8e0d178b1d1e | 165 | XMEMSET( P->reserved, 0, sizeof( P->reserved ) ); |
wolfSSL | 16:8e0d178b1d1e | 166 | XMEMSET( P->salt, 0, sizeof( P->salt ) ); |
wolfSSL | 16:8e0d178b1d1e | 167 | XMEMSET( P->personal, 0, sizeof( P->personal ) ); |
wolfSSL | 16:8e0d178b1d1e | 168 | #else |
wolfSSL | 16:8e0d178b1d1e | 169 | XMEMSET( P, 0, sizeof( *P ) ); |
wolfSSL | 16:8e0d178b1d1e | 170 | P->digest_length = outlen; |
wolfSSL | 16:8e0d178b1d1e | 171 | P->key_length = keylen; |
wolfSSL | 16:8e0d178b1d1e | 172 | P->fanout = 1; |
wolfSSL | 16:8e0d178b1d1e | 173 | P->depth = 1; |
wolfSSL | 16:8e0d178b1d1e | 174 | #endif |
wolfSSL | 16:8e0d178b1d1e | 175 | |
wolfSSL | 16:8e0d178b1d1e | 176 | if( blake2s_init_param( S, P ) < 0 ) return -1; |
wolfSSL | 16:8e0d178b1d1e | 177 | |
wolfSSL | 16:8e0d178b1d1e | 178 | { |
wolfSSL | 16:8e0d178b1d1e | 179 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 180 | byte* block; |
wolfSSL | 16:8e0d178b1d1e | 181 | |
wolfSSL | 16:8e0d178b1d1e | 182 | block = (byte*)XMALLOC(BLAKE2S_BLOCKBYTES, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 16:8e0d178b1d1e | 183 | |
wolfSSL | 16:8e0d178b1d1e | 184 | if ( block == NULL ) return -1; |
wolfSSL | 16:8e0d178b1d1e | 185 | #else |
wolfSSL | 16:8e0d178b1d1e | 186 | byte block[BLAKE2S_BLOCKBYTES]; |
wolfSSL | 16:8e0d178b1d1e | 187 | #endif |
wolfSSL | 16:8e0d178b1d1e | 188 | |
wolfSSL | 16:8e0d178b1d1e | 189 | XMEMSET( block, 0, BLAKE2S_BLOCKBYTES ); |
wolfSSL | 16:8e0d178b1d1e | 190 | XMEMCPY( block, key, keylen ); |
wolfSSL | 16:8e0d178b1d1e | 191 | blake2s_update( S, block, BLAKE2S_BLOCKBYTES ); |
wolfSSL | 16:8e0d178b1d1e | 192 | secure_zero_memory( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from */ |
wolfSSL | 16:8e0d178b1d1e | 193 | /* memory */ |
wolfSSL | 16:8e0d178b1d1e | 194 | |
wolfSSL | 16:8e0d178b1d1e | 195 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 196 | XFREE(block, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 16:8e0d178b1d1e | 197 | #endif |
wolfSSL | 16:8e0d178b1d1e | 198 | } |
wolfSSL | 16:8e0d178b1d1e | 199 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 200 | } |
wolfSSL | 16:8e0d178b1d1e | 201 | |
wolfSSL | 16:8e0d178b1d1e | 202 | static int blake2s_compress( blake2s_state *S, |
wolfSSL | 16:8e0d178b1d1e | 203 | const byte block[BLAKE2S_BLOCKBYTES] ) |
wolfSSL | 16:8e0d178b1d1e | 204 | { |
wolfSSL | 16:8e0d178b1d1e | 205 | int i; |
wolfSSL | 16:8e0d178b1d1e | 206 | |
wolfSSL | 16:8e0d178b1d1e | 207 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 208 | word32* m; |
wolfSSL | 16:8e0d178b1d1e | 209 | word32* v; |
wolfSSL | 16:8e0d178b1d1e | 210 | |
wolfSSL | 16:8e0d178b1d1e | 211 | m = (word32*)XMALLOC(sizeof(word32) * 16, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 16:8e0d178b1d1e | 212 | |
wolfSSL | 16:8e0d178b1d1e | 213 | if ( m == NULL ) return -1; |
wolfSSL | 16:8e0d178b1d1e | 214 | |
wolfSSL | 16:8e0d178b1d1e | 215 | v = (word32*)XMALLOC(sizeof(word32) * 16, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 16:8e0d178b1d1e | 216 | |
wolfSSL | 16:8e0d178b1d1e | 217 | if ( v == NULL ) |
wolfSSL | 16:8e0d178b1d1e | 218 | { |
wolfSSL | 16:8e0d178b1d1e | 219 | XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 16:8e0d178b1d1e | 220 | return -1; |
wolfSSL | 16:8e0d178b1d1e | 221 | } |
wolfSSL | 16:8e0d178b1d1e | 222 | #else |
wolfSSL | 16:8e0d178b1d1e | 223 | word32 m[16]; |
wolfSSL | 16:8e0d178b1d1e | 224 | word32 v[16]; |
wolfSSL | 16:8e0d178b1d1e | 225 | #endif |
wolfSSL | 16:8e0d178b1d1e | 226 | |
wolfSSL | 16:8e0d178b1d1e | 227 | for( i = 0; i < 16; ++i ) |
wolfSSL | 16:8e0d178b1d1e | 228 | m[i] = load32( block + i * sizeof( m[i] ) ); |
wolfSSL | 16:8e0d178b1d1e | 229 | |
wolfSSL | 16:8e0d178b1d1e | 230 | for( i = 0; i < 8; ++i ) |
wolfSSL | 16:8e0d178b1d1e | 231 | v[i] = S->h[i]; |
wolfSSL | 16:8e0d178b1d1e | 232 | |
wolfSSL | 16:8e0d178b1d1e | 233 | v[ 8] = blake2s_IV[0]; |
wolfSSL | 16:8e0d178b1d1e | 234 | v[ 9] = blake2s_IV[1]; |
wolfSSL | 16:8e0d178b1d1e | 235 | v[10] = blake2s_IV[2]; |
wolfSSL | 16:8e0d178b1d1e | 236 | v[11] = blake2s_IV[3]; |
wolfSSL | 16:8e0d178b1d1e | 237 | v[12] = S->t[0] ^ blake2s_IV[4]; |
wolfSSL | 16:8e0d178b1d1e | 238 | v[13] = S->t[1] ^ blake2s_IV[5]; |
wolfSSL | 16:8e0d178b1d1e | 239 | v[14] = S->f[0] ^ blake2s_IV[6]; |
wolfSSL | 16:8e0d178b1d1e | 240 | v[15] = S->f[1] ^ blake2s_IV[7]; |
wolfSSL | 16:8e0d178b1d1e | 241 | #define G(r,i,a,b,c,d) \ |
wolfSSL | 16:8e0d178b1d1e | 242 | do { \ |
wolfSSL | 16:8e0d178b1d1e | 243 | a = a + b + m[blake2s_sigma[r][2*i+0]]; \ |
wolfSSL | 16:8e0d178b1d1e | 244 | d = rotr32(d ^ a, 16); \ |
wolfSSL | 16:8e0d178b1d1e | 245 | c = c + d; \ |
wolfSSL | 16:8e0d178b1d1e | 246 | b = rotr32(b ^ c, 12); \ |
wolfSSL | 16:8e0d178b1d1e | 247 | a = a + b + m[blake2s_sigma[r][2*i+1]]; \ |
wolfSSL | 16:8e0d178b1d1e | 248 | d = rotr32(d ^ a, 8); \ |
wolfSSL | 16:8e0d178b1d1e | 249 | c = c + d; \ |
wolfSSL | 16:8e0d178b1d1e | 250 | b = rotr32(b ^ c, 7); \ |
wolfSSL | 16:8e0d178b1d1e | 251 | } while(0) |
wolfSSL | 16:8e0d178b1d1e | 252 | #define ROUND(r) \ |
wolfSSL | 16:8e0d178b1d1e | 253 | do { \ |
wolfSSL | 16:8e0d178b1d1e | 254 | G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \ |
wolfSSL | 16:8e0d178b1d1e | 255 | G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \ |
wolfSSL | 16:8e0d178b1d1e | 256 | G(r,2,v[ 2],v[ 6],v[10],v[14]); \ |
wolfSSL | 16:8e0d178b1d1e | 257 | G(r,3,v[ 3],v[ 7],v[11],v[15]); \ |
wolfSSL | 16:8e0d178b1d1e | 258 | G(r,4,v[ 0],v[ 5],v[10],v[15]); \ |
wolfSSL | 16:8e0d178b1d1e | 259 | G(r,5,v[ 1],v[ 6],v[11],v[12]); \ |
wolfSSL | 16:8e0d178b1d1e | 260 | G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \ |
wolfSSL | 16:8e0d178b1d1e | 261 | G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \ |
wolfSSL | 16:8e0d178b1d1e | 262 | } while(0) |
wolfSSL | 16:8e0d178b1d1e | 263 | ROUND( 0 ); |
wolfSSL | 16:8e0d178b1d1e | 264 | ROUND( 1 ); |
wolfSSL | 16:8e0d178b1d1e | 265 | ROUND( 2 ); |
wolfSSL | 16:8e0d178b1d1e | 266 | ROUND( 3 ); |
wolfSSL | 16:8e0d178b1d1e | 267 | ROUND( 4 ); |
wolfSSL | 16:8e0d178b1d1e | 268 | ROUND( 5 ); |
wolfSSL | 16:8e0d178b1d1e | 269 | ROUND( 6 ); |
wolfSSL | 16:8e0d178b1d1e | 270 | ROUND( 7 ); |
wolfSSL | 16:8e0d178b1d1e | 271 | ROUND( 8 ); |
wolfSSL | 16:8e0d178b1d1e | 272 | ROUND( 9 ); |
wolfSSL | 16:8e0d178b1d1e | 273 | |
wolfSSL | 16:8e0d178b1d1e | 274 | for( i = 0; i < 8; ++i ) |
wolfSSL | 16:8e0d178b1d1e | 275 | S->h[i] = S->h[i] ^ v[i] ^ v[i + 8]; |
wolfSSL | 16:8e0d178b1d1e | 276 | |
wolfSSL | 16:8e0d178b1d1e | 277 | #undef G |
wolfSSL | 16:8e0d178b1d1e | 278 | #undef ROUND |
wolfSSL | 16:8e0d178b1d1e | 279 | |
wolfSSL | 16:8e0d178b1d1e | 280 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 281 | XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 16:8e0d178b1d1e | 282 | XFREE(v, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 16:8e0d178b1d1e | 283 | #endif |
wolfSSL | 16:8e0d178b1d1e | 284 | |
wolfSSL | 16:8e0d178b1d1e | 285 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 286 | } |
wolfSSL | 16:8e0d178b1d1e | 287 | |
wolfSSL | 16:8e0d178b1d1e | 288 | /* inlen now in bytes */ |
wolfSSL | 16:8e0d178b1d1e | 289 | int blake2s_update( blake2s_state *S, const byte *in, word32 inlen ) |
wolfSSL | 16:8e0d178b1d1e | 290 | { |
wolfSSL | 16:8e0d178b1d1e | 291 | while( inlen > 0 ) |
wolfSSL | 16:8e0d178b1d1e | 292 | { |
wolfSSL | 16:8e0d178b1d1e | 293 | word32 left = S->buflen; |
wolfSSL | 16:8e0d178b1d1e | 294 | word32 fill = 2 * BLAKE2S_BLOCKBYTES - left; |
wolfSSL | 16:8e0d178b1d1e | 295 | |
wolfSSL | 16:8e0d178b1d1e | 296 | if( inlen > fill ) |
wolfSSL | 16:8e0d178b1d1e | 297 | { |
wolfSSL | 16:8e0d178b1d1e | 298 | XMEMCPY( S->buf + left, in, (wolfssl_word)fill ); /* Fill buffer */ |
wolfSSL | 16:8e0d178b1d1e | 299 | S->buflen += fill; |
wolfSSL | 16:8e0d178b1d1e | 300 | blake2s_increment_counter( S, BLAKE2S_BLOCKBYTES ); |
wolfSSL | 16:8e0d178b1d1e | 301 | |
wolfSSL | 16:8e0d178b1d1e | 302 | if ( blake2s_compress( S, S->buf ) < 0 ) return -1; /* Compress */ |
wolfSSL | 16:8e0d178b1d1e | 303 | |
wolfSSL | 16:8e0d178b1d1e | 304 | XMEMCPY( S->buf, S->buf + BLAKE2S_BLOCKBYTES, BLAKE2S_BLOCKBYTES ); |
wolfSSL | 16:8e0d178b1d1e | 305 | /* Shift buffer left */ |
wolfSSL | 16:8e0d178b1d1e | 306 | S->buflen -= BLAKE2S_BLOCKBYTES; |
wolfSSL | 16:8e0d178b1d1e | 307 | in += fill; |
wolfSSL | 16:8e0d178b1d1e | 308 | inlen -= fill; |
wolfSSL | 16:8e0d178b1d1e | 309 | } |
wolfSSL | 16:8e0d178b1d1e | 310 | else /* inlen <= fill */ |
wolfSSL | 16:8e0d178b1d1e | 311 | { |
wolfSSL | 16:8e0d178b1d1e | 312 | XMEMCPY( S->buf + left, in, (wolfssl_word)inlen ); |
wolfSSL | 16:8e0d178b1d1e | 313 | S->buflen += inlen; /* Be lazy, do not compress */ |
wolfSSL | 16:8e0d178b1d1e | 314 | inlen = 0; |
wolfSSL | 16:8e0d178b1d1e | 315 | } |
wolfSSL | 16:8e0d178b1d1e | 316 | } |
wolfSSL | 16:8e0d178b1d1e | 317 | |
wolfSSL | 16:8e0d178b1d1e | 318 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 319 | } |
wolfSSL | 16:8e0d178b1d1e | 320 | |
wolfSSL | 16:8e0d178b1d1e | 321 | /* Is this correct? */ |
wolfSSL | 16:8e0d178b1d1e | 322 | int blake2s_final( blake2s_state *S, byte *out, byte outlen ) |
wolfSSL | 16:8e0d178b1d1e | 323 | { |
wolfSSL | 16:8e0d178b1d1e | 324 | int i; |
wolfSSL | 16:8e0d178b1d1e | 325 | byte buffer[BLAKE2S_BLOCKBYTES]; |
wolfSSL | 16:8e0d178b1d1e | 326 | |
wolfSSL | 16:8e0d178b1d1e | 327 | if( S->buflen > BLAKE2S_BLOCKBYTES ) |
wolfSSL | 16:8e0d178b1d1e | 328 | { |
wolfSSL | 16:8e0d178b1d1e | 329 | blake2s_increment_counter( S, BLAKE2S_BLOCKBYTES ); |
wolfSSL | 16:8e0d178b1d1e | 330 | |
wolfSSL | 16:8e0d178b1d1e | 331 | if ( blake2s_compress( S, S->buf ) < 0 ) return -1; |
wolfSSL | 16:8e0d178b1d1e | 332 | |
wolfSSL | 16:8e0d178b1d1e | 333 | S->buflen -= BLAKE2S_BLOCKBYTES; |
wolfSSL | 16:8e0d178b1d1e | 334 | XMEMCPY( S->buf, S->buf + BLAKE2S_BLOCKBYTES, (wolfssl_word)S->buflen ); |
wolfSSL | 16:8e0d178b1d1e | 335 | } |
wolfSSL | 16:8e0d178b1d1e | 336 | |
wolfSSL | 16:8e0d178b1d1e | 337 | blake2s_increment_counter( S, S->buflen ); |
wolfSSL | 16:8e0d178b1d1e | 338 | blake2s_set_lastblock( S ); |
wolfSSL | 16:8e0d178b1d1e | 339 | XMEMSET( S->buf + S->buflen, 0, (wolfssl_word)(2 * BLAKE2S_BLOCKBYTES - S->buflen) ); |
wolfSSL | 16:8e0d178b1d1e | 340 | /* Padding */ |
wolfSSL | 16:8e0d178b1d1e | 341 | if ( blake2s_compress( S, S->buf ) < 0 ) return -1; |
wolfSSL | 16:8e0d178b1d1e | 342 | |
wolfSSL | 16:8e0d178b1d1e | 343 | for( i = 0; i < 8; ++i ) /* Output full hash to temp buffer */ |
wolfSSL | 16:8e0d178b1d1e | 344 | store64( buffer + sizeof( S->h[i] ) * i, S->h[i] ); |
wolfSSL | 16:8e0d178b1d1e | 345 | |
wolfSSL | 16:8e0d178b1d1e | 346 | XMEMCPY( out, buffer, outlen ); |
wolfSSL | 16:8e0d178b1d1e | 347 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 348 | } |
wolfSSL | 16:8e0d178b1d1e | 349 | |
wolfSSL | 16:8e0d178b1d1e | 350 | /* inlen, at least, should be word32. Others can be size_t. */ |
wolfSSL | 16:8e0d178b1d1e | 351 | int blake2s( byte *out, const void *in, const void *key, const byte outlen, |
wolfSSL | 16:8e0d178b1d1e | 352 | const word32 inlen, byte keylen ) |
wolfSSL | 16:8e0d178b1d1e | 353 | { |
wolfSSL | 16:8e0d178b1d1e | 354 | blake2s_state S[1]; |
wolfSSL | 16:8e0d178b1d1e | 355 | |
wolfSSL | 16:8e0d178b1d1e | 356 | /* Verify parameters */ |
wolfSSL | 16:8e0d178b1d1e | 357 | if ( NULL == in ) return -1; |
wolfSSL | 16:8e0d178b1d1e | 358 | |
wolfSSL | 16:8e0d178b1d1e | 359 | if ( NULL == out ) return -1; |
wolfSSL | 16:8e0d178b1d1e | 360 | |
wolfSSL | 16:8e0d178b1d1e | 361 | if( NULL == key ) keylen = 0; |
wolfSSL | 16:8e0d178b1d1e | 362 | |
wolfSSL | 16:8e0d178b1d1e | 363 | if( keylen > 0 ) |
wolfSSL | 16:8e0d178b1d1e | 364 | { |
wolfSSL | 16:8e0d178b1d1e | 365 | if( blake2s_init_key( S, outlen, key, keylen ) < 0 ) return -1; |
wolfSSL | 16:8e0d178b1d1e | 366 | } |
wolfSSL | 16:8e0d178b1d1e | 367 | else |
wolfSSL | 16:8e0d178b1d1e | 368 | { |
wolfSSL | 16:8e0d178b1d1e | 369 | if( blake2s_init( S, outlen ) < 0 ) return -1; |
wolfSSL | 16:8e0d178b1d1e | 370 | } |
wolfSSL | 16:8e0d178b1d1e | 371 | |
wolfSSL | 16:8e0d178b1d1e | 372 | if ( blake2s_update( S, ( byte * )in, inlen ) < 0) return -1; |
wolfSSL | 16:8e0d178b1d1e | 373 | |
wolfSSL | 16:8e0d178b1d1e | 374 | return blake2s_final( S, out, outlen ); |
wolfSSL | 16:8e0d178b1d1e | 375 | } |
wolfSSL | 16:8e0d178b1d1e | 376 | |
wolfSSL | 16:8e0d178b1d1e | 377 | #if defined(BLAKE2S_SELFTEST) |
wolfSSL | 16:8e0d178b1d1e | 378 | #include <string.h> |
wolfSSL | 16:8e0d178b1d1e | 379 | #include "blake2-kat.h" |
wolfSSL | 16:8e0d178b1d1e | 380 | int main( int argc, char **argv ) |
wolfSSL | 16:8e0d178b1d1e | 381 | { |
wolfSSL | 16:8e0d178b1d1e | 382 | byte key[BLAKE2S_KEYBYTES]; |
wolfSSL | 16:8e0d178b1d1e | 383 | byte buf[KAT_LENGTH]; |
wolfSSL | 16:8e0d178b1d1e | 384 | |
wolfSSL | 16:8e0d178b1d1e | 385 | for( word32 i = 0; i < BLAKE2S_KEYBYTES; ++i ) |
wolfSSL | 16:8e0d178b1d1e | 386 | key[i] = ( byte )i; |
wolfSSL | 16:8e0d178b1d1e | 387 | |
wolfSSL | 16:8e0d178b1d1e | 388 | for( word32 i = 0; i < KAT_LENGTH; ++i ) |
wolfSSL | 16:8e0d178b1d1e | 389 | buf[i] = ( byte )i; |
wolfSSL | 16:8e0d178b1d1e | 390 | |
wolfSSL | 16:8e0d178b1d1e | 391 | for( word32 i = 0; i < KAT_LENGTH; ++i ) |
wolfSSL | 16:8e0d178b1d1e | 392 | { |
wolfSSL | 16:8e0d178b1d1e | 393 | byte hash[BLAKE2S_OUTBYTES]; |
wolfSSL | 16:8e0d178b1d1e | 394 | if ( blake2s( hash, buf, key, BLAKE2S_OUTBYTES, i, BLAKE2S_KEYBYTES ) < 0 ) |
wolfSSL | 16:8e0d178b1d1e | 395 | { |
wolfSSL | 16:8e0d178b1d1e | 396 | puts( "error" ); |
wolfSSL | 16:8e0d178b1d1e | 397 | return -1; |
wolfSSL | 16:8e0d178b1d1e | 398 | } |
wolfSSL | 16:8e0d178b1d1e | 399 | |
wolfSSL | 16:8e0d178b1d1e | 400 | if( 0 != XMEMCMP( hash, blake2s_keyed_kat[i], BLAKE2S_OUTBYTES ) ) |
wolfSSL | 16:8e0d178b1d1e | 401 | { |
wolfSSL | 16:8e0d178b1d1e | 402 | puts( "error" ); |
wolfSSL | 16:8e0d178b1d1e | 403 | return -1; |
wolfSSL | 16:8e0d178b1d1e | 404 | } |
wolfSSL | 16:8e0d178b1d1e | 405 | } |
wolfSSL | 16:8e0d178b1d1e | 406 | |
wolfSSL | 16:8e0d178b1d1e | 407 | puts( "ok" ); |
wolfSSL | 16:8e0d178b1d1e | 408 | return 0; |
wolfSSL | 16:8e0d178b1d1e | 409 | } |
wolfSSL | 16:8e0d178b1d1e | 410 | #endif |
wolfSSL | 16:8e0d178b1d1e | 411 | |
wolfSSL | 16:8e0d178b1d1e | 412 | |
wolfSSL | 16:8e0d178b1d1e | 413 | /* wolfCrypt API */ |
wolfSSL | 16:8e0d178b1d1e | 414 | |
wolfSSL | 16:8e0d178b1d1e | 415 | /* Init Blake2s digest, track size in case final doesn't want to "remember" */ |
wolfSSL | 16:8e0d178b1d1e | 416 | int wc_InitBlake2s(Blake2s* b2s, word32 digestSz) |
wolfSSL | 16:8e0d178b1d1e | 417 | { |
wolfSSL | 16:8e0d178b1d1e | 418 | if (b2s == NULL){ |
wolfSSL | 16:8e0d178b1d1e | 419 | return -1; |
wolfSSL | 16:8e0d178b1d1e | 420 | } |
wolfSSL | 16:8e0d178b1d1e | 421 | b2s->digestSz = digestSz; |
wolfSSL | 16:8e0d178b1d1e | 422 | |
wolfSSL | 16:8e0d178b1d1e | 423 | return blake2s_init(b2s->S, (byte)digestSz); |
wolfSSL | 16:8e0d178b1d1e | 424 | } |
wolfSSL | 16:8e0d178b1d1e | 425 | |
wolfSSL | 16:8e0d178b1d1e | 426 | |
wolfSSL | 16:8e0d178b1d1e | 427 | /* Blake2s Update */ |
wolfSSL | 16:8e0d178b1d1e | 428 | int wc_Blake2sUpdate(Blake2s* b2s, const byte* data, word32 sz) |
wolfSSL | 16:8e0d178b1d1e | 429 | { |
wolfSSL | 16:8e0d178b1d1e | 430 | return blake2s_update(b2s->S, data, sz); |
wolfSSL | 16:8e0d178b1d1e | 431 | } |
wolfSSL | 16:8e0d178b1d1e | 432 | |
wolfSSL | 16:8e0d178b1d1e | 433 | |
wolfSSL | 16:8e0d178b1d1e | 434 | /* Blake2s Final, if pass in zero size we use init digestSz */ |
wolfSSL | 16:8e0d178b1d1e | 435 | int wc_Blake2sFinal(Blake2s* b2s, byte* final, word32 requestSz) |
wolfSSL | 16:8e0d178b1d1e | 436 | { |
wolfSSL | 16:8e0d178b1d1e | 437 | word32 sz = requestSz ? requestSz : b2s->digestSz; |
wolfSSL | 16:8e0d178b1d1e | 438 | |
wolfSSL | 16:8e0d178b1d1e | 439 | return blake2s_final(b2s->S, final, (byte)sz); |
wolfSSL | 16:8e0d178b1d1e | 440 | } |
wolfSSL | 16:8e0d178b1d1e | 441 | |
wolfSSL | 16:8e0d178b1d1e | 442 | |
wolfSSL | 16:8e0d178b1d1e | 443 | /* end CTaoCrypt API */ |
wolfSSL | 16:8e0d178b1d1e | 444 | |
wolfSSL | 16:8e0d178b1d1e | 445 | #endif /* HAVE_BLAKE2S */ |
wolfSSL | 16:8e0d178b1d1e | 446 | |
wolfSSL | 16:8e0d178b1d1e | 447 |