1 | /* SPDX-License-Identifier: GPL-2.0 OR MIT */ |
2 | /* |
3 | * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. |
4 | */ |
5 | |
6 | #ifndef _CRYPTO_BLAKE2S_H |
7 | #define _CRYPTO_BLAKE2S_H |
8 | |
9 | #include <linux/bug.h> |
10 | #include <linux/kconfig.h> |
11 | #include <linux/types.h> |
12 | #include <linux/string.h> |
13 | |
14 | enum blake2s_lengths { |
15 | BLAKE2S_BLOCK_SIZE = 64, |
16 | BLAKE2S_HASH_SIZE = 32, |
17 | BLAKE2S_KEY_SIZE = 32, |
18 | |
19 | BLAKE2S_128_HASH_SIZE = 16, |
20 | BLAKE2S_160_HASH_SIZE = 20, |
21 | BLAKE2S_224_HASH_SIZE = 28, |
22 | BLAKE2S_256_HASH_SIZE = 32, |
23 | }; |
24 | |
25 | struct blake2s_state { |
26 | /* 'h', 't', and 'f' are used in assembly code, so keep them as-is. */ |
27 | u32 h[8]; |
28 | u32 t[2]; |
29 | u32 f[2]; |
30 | u8 buf[BLAKE2S_BLOCK_SIZE]; |
31 | unsigned int buflen; |
32 | unsigned int outlen; |
33 | }; |
34 | |
35 | enum blake2s_iv { |
36 | BLAKE2S_IV0 = 0x6A09E667UL, |
37 | BLAKE2S_IV1 = 0xBB67AE85UL, |
38 | BLAKE2S_IV2 = 0x3C6EF372UL, |
39 | BLAKE2S_IV3 = 0xA54FF53AUL, |
40 | BLAKE2S_IV4 = 0x510E527FUL, |
41 | BLAKE2S_IV5 = 0x9B05688CUL, |
42 | BLAKE2S_IV6 = 0x1F83D9ABUL, |
43 | BLAKE2S_IV7 = 0x5BE0CD19UL, |
44 | }; |
45 | |
46 | static inline void __blake2s_init(struct blake2s_state *state, size_t outlen, |
47 | const void *key, size_t keylen) |
48 | { |
49 | state->h[0] = BLAKE2S_IV0 ^ (0x01010000 | keylen << 8 | outlen); |
50 | state->h[1] = BLAKE2S_IV1; |
51 | state->h[2] = BLAKE2S_IV2; |
52 | state->h[3] = BLAKE2S_IV3; |
53 | state->h[4] = BLAKE2S_IV4; |
54 | state->h[5] = BLAKE2S_IV5; |
55 | state->h[6] = BLAKE2S_IV6; |
56 | state->h[7] = BLAKE2S_IV7; |
57 | state->t[0] = 0; |
58 | state->t[1] = 0; |
59 | state->f[0] = 0; |
60 | state->f[1] = 0; |
61 | state->buflen = 0; |
62 | state->outlen = outlen; |
63 | if (keylen) { |
64 | memcpy(state->buf, key, keylen); |
65 | memset(&state->buf[keylen], 0, BLAKE2S_BLOCK_SIZE - keylen); |
66 | state->buflen = BLAKE2S_BLOCK_SIZE; |
67 | } |
68 | } |
69 | |
70 | static inline void blake2s_init(struct blake2s_state *state, |
71 | const size_t outlen) |
72 | { |
73 | __blake2s_init(state, outlen, NULL, keylen: 0); |
74 | } |
75 | |
76 | static inline void blake2s_init_key(struct blake2s_state *state, |
77 | const size_t outlen, const void *key, |
78 | const size_t keylen) |
79 | { |
80 | WARN_ON(IS_ENABLED(DEBUG) && (!outlen || outlen > BLAKE2S_HASH_SIZE || |
81 | !key || !keylen || keylen > BLAKE2S_KEY_SIZE)); |
82 | |
83 | __blake2s_init(state, outlen, key, keylen); |
84 | } |
85 | |
86 | void blake2s_update(struct blake2s_state *state, const u8 *in, size_t inlen); |
87 | void blake2s_final(struct blake2s_state *state, u8 *out); |
88 | |
89 | static inline void blake2s(u8 *out, const u8 *in, const u8 *key, |
90 | const size_t outlen, const size_t inlen, |
91 | const size_t keylen) |
92 | { |
93 | struct blake2s_state state; |
94 | |
95 | WARN_ON(IS_ENABLED(DEBUG) && ((!in && inlen > 0) || !out || !outlen || |
96 | outlen > BLAKE2S_HASH_SIZE || keylen > BLAKE2S_KEY_SIZE || |
97 | (!key && keylen))); |
98 | |
99 | __blake2s_init(state: &state, outlen, key, keylen); |
100 | blake2s_update(state: &state, in, inlen); |
101 | blake2s_final(state: &state, out); |
102 | } |
103 | |
104 | #endif /* _CRYPTO_BLAKE2S_H */ |
105 | |