Commit | Line | Data |
---|---|---|
66d7fb94 JD |
1 | /* SPDX-License-Identifier: GPL-2.0 OR MIT */ |
2 | /* | |
3 | * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. | |
4 | */ | |
5 | ||
8786841b EB |
6 | #ifndef _CRYPTO_BLAKE2S_H |
7 | #define _CRYPTO_BLAKE2S_H | |
66d7fb94 | 8 | |
bbda6e0f | 9 | #include <linux/bug.h> |
66d7fb94 JD |
10 | #include <linux/types.h> |
11 | #include <linux/kernel.h> | |
12 | #include <linux/string.h> | |
13 | ||
66d7fb94 JD |
14 | enum blake2s_lengths { |
15 | BLAKE2S_BLOCK_SIZE = 64, | |
16 | BLAKE2S_HASH_SIZE = 32, | |
17 | BLAKE2S_KEY_SIZE = 32, | |
18 | ||
19 | BLAKE2S_128_HASH_SIZE = 16, | |
20 | BLAKE2S_160_HASH_SIZE = 20, | |
21 | BLAKE2S_224_HASH_SIZE = 28, | |
22 | BLAKE2S_256_HASH_SIZE = 32, | |
23 | }; | |
24 | ||
25 | struct blake2s_state { | |
7d87131f | 26 | /* 'h', 't', and 'f' are used in assembly code, so keep them as-is. */ |
66d7fb94 JD |
27 | u32 h[8]; |
28 | u32 t[2]; | |
29 | u32 f[2]; | |
30 | u8 buf[BLAKE2S_BLOCK_SIZE]; | |
31 | unsigned int buflen; | |
32 | unsigned int outlen; | |
33 | }; | |
34 | ||
35 | enum blake2s_iv { | |
36 | BLAKE2S_IV0 = 0x6A09E667UL, | |
37 | BLAKE2S_IV1 = 0xBB67AE85UL, | |
38 | BLAKE2S_IV2 = 0x3C6EF372UL, | |
39 | BLAKE2S_IV3 = 0xA54FF53AUL, | |
40 | BLAKE2S_IV4 = 0x510E527FUL, | |
41 | BLAKE2S_IV5 = 0x9B05688CUL, | |
42 | BLAKE2S_IV6 = 0x1F83D9ABUL, | |
43 | BLAKE2S_IV7 = 0x5BE0CD19UL, | |
44 | }; | |
45 | ||
42ad8cf8 EB |
46 | static inline void __blake2s_init(struct blake2s_state *state, size_t outlen, |
47 | const void *key, size_t keylen) | |
66d7fb94 | 48 | { |
42ad8cf8 EB |
49 | state->h[0] = BLAKE2S_IV0 ^ (0x01010000 | keylen << 8 | outlen); |
50 | state->h[1] = BLAKE2S_IV1; | |
51 | state->h[2] = BLAKE2S_IV2; | |
52 | state->h[3] = BLAKE2S_IV3; | |
53 | state->h[4] = BLAKE2S_IV4; | |
54 | state->h[5] = BLAKE2S_IV5; | |
55 | state->h[6] = BLAKE2S_IV6; | |
56 | state->h[7] = BLAKE2S_IV7; | |
57 | state->t[0] = 0; | |
58 | state->t[1] = 0; | |
59 | state->f[0] = 0; | |
60 | state->f[1] = 0; | |
61 | state->buflen = 0; | |
62 | state->outlen = outlen; | |
63 | if (keylen) { | |
64 | memcpy(state->buf, key, keylen); | |
65 | memset(&state->buf[keylen], 0, BLAKE2S_BLOCK_SIZE - keylen); | |
66 | state->buflen = BLAKE2S_BLOCK_SIZE; | |
67 | } | |
66d7fb94 JD |
68 | } |
69 | ||
70 | static inline void blake2s_init(struct blake2s_state *state, | |
71 | const size_t outlen) | |
72 | { | |
42ad8cf8 | 73 | __blake2s_init(state, outlen, NULL, 0); |
66d7fb94 JD |
74 | } |
75 | ||
76 | static inline void blake2s_init_key(struct blake2s_state *state, | |
77 | const size_t outlen, const void *key, | |
78 | const size_t keylen) | |
79 | { | |
80 | WARN_ON(IS_ENABLED(DEBUG) && (!outlen || outlen > BLAKE2S_HASH_SIZE || | |
81 | !key || !keylen || keylen > BLAKE2S_KEY_SIZE)); | |
82 | ||
42ad8cf8 | 83 | __blake2s_init(state, outlen, key, keylen); |
66d7fb94 JD |
84 | } |
85 | ||
42ad8cf8 EB |
86 | void blake2s_update(struct blake2s_state *state, const u8 *in, size_t inlen); |
87 | void blake2s_final(struct blake2s_state *state, u8 *out); | |
88 | ||
66d7fb94 JD |
89 | static inline void blake2s(u8 *out, const u8 *in, const u8 *key, |
90 | const size_t outlen, const size_t inlen, | |
91 | const size_t keylen) | |
92 | { | |
93 | struct blake2s_state state; | |
94 | ||
95 | WARN_ON(IS_ENABLED(DEBUG) && ((!in && inlen > 0) || !out || !outlen || | |
96 | outlen > BLAKE2S_HASH_SIZE || keylen > BLAKE2S_KEY_SIZE || | |
97 | (!key && keylen))); | |
98 | ||
42ad8cf8 | 99 | __blake2s_init(&state, outlen, key, keylen); |
66d7fb94 JD |
100 | blake2s_update(&state, in, inlen); |
101 | blake2s_final(&state, out); | |
102 | } | |
103 | ||
104 | void blake2s256_hmac(u8 *out, const u8 *in, const u8 *key, const size_t inlen, | |
105 | const size_t keylen); | |
106 | ||
8786841b | 107 | #endif /* _CRYPTO_BLAKE2S_H */ |