[linux-block.git] / lib / crypto / blake2s.c

// SPDX-License-Identifier: GPL-2.0 OR MIT
/*
 * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
 *
 * This is an implementation of the BLAKE2s hash and PRF functions.
 *
 * Information: https://blake2.net/
 *
 */

#include <crypto/internal/blake2s.h>
#include <linux/types.h>
#include <linux/string.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/init.h>
#include <linux/bug.h>

#if IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_BLAKE2S)
#  define blake2s_compress blake2s_compress_arch
#else
#  define blake2s_compress blake2s_compress_generic
#endif

void blake2s_update(struct blake2s_state *state, const u8 *in, size_t inlen)
{
	__blake2s_update(state, in, inlen, blake2s_compress);
}
EXPORT_SYMBOL(blake2s_update);

void blake2s_final(struct blake2s_state *state, u8 *out)
{
	WARN_ON(IS_ENABLED(DEBUG) && !out);
	__blake2s_final(state, out, blake2s_compress);
	memzero_explicit(state, sizeof(*state));
}
EXPORT_SYMBOL(blake2s_final);

void blake2s256_hmac(u8 *out, const u8 *in, const u8 *key, const size_t inlen,
		     const size_t keylen)
{
	struct blake2s_state state;
	u8 x_key[BLAKE2S_BLOCK_SIZE] __aligned(__alignof__(u32)) = { 0 };
	u8 i_hash[BLAKE2S_HASH_SIZE] __aligned(__alignof__(u32));
	int i;

	if (keylen > BLAKE2S_BLOCK_SIZE) {
		blake2s_init(&state, BLAKE2S_HASH_SIZE);
		blake2s_update(&state, key, keylen);
		blake2s_final(&state, x_key);
	} else
		memcpy(x_key, key, keylen);

	for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i)
		x_key[i] ^= 0x36;

	blake2s_init(&state, BLAKE2S_HASH_SIZE);
	blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE);
	blake2s_update(&state, in, inlen);
	blake2s_final(&state, i_hash);

	for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i)
		x_key[i] ^= 0x5c ^ 0x36;

	blake2s_init(&state, BLAKE2S_HASH_SIZE);
	blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE);
	blake2s_update(&state, i_hash, BLAKE2S_HASH_SIZE);
	blake2s_final(&state, i_hash);

	memcpy(out, i_hash, BLAKE2S_HASH_SIZE);
	memzero_explicit(x_key, BLAKE2S_BLOCK_SIZE);
	memzero_explicit(i_hash, BLAKE2S_HASH_SIZE);
}
EXPORT_SYMBOL(blake2s256_hmac);

static int __init mod_init(void)
{
	if (!IS_ENABLED(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) &&
	    WARN_ON(!blake2s_selftest()))
		return -ENODEV;
	return 0;
}

static void __exit mod_exit(void)
{
}

module_init(mod_init);
module_exit(mod_exit);
MODULE_LICENSE("GPL v2");
MODULE_DESCRIPTION("BLAKE2s hash function");
MODULE_AUTHOR("Jason A. Donenfeld <Jason@zx2c4.com>");
Commit	Line	Data
66d7fb94 JD	1	// SPDX-License-Identifier: GPL-2.0 OR MIT
	2	/*
	3	* Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
	4	*
	5	* This is an implementation of the BLAKE2s hash and PRF functions.
	6	*
	7	* Information: https://blake2.net/
	8	*
	9	*/
	10
	11	#include <crypto/internal/blake2s.h>
	12	#include <linux/types.h>
	13	#include <linux/string.h>
	14	#include <linux/kernel.h>
	15	#include <linux/module.h>
	16	#include <linux/init.h>
	17	#include <linux/bug.h>
057edc9c EB	18
	19	#if IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_BLAKE2S)
	20	# define blake2s_compress blake2s_compress_arch
	21	#else
	22	# define blake2s_compress blake2s_compress_generic
	23	#endif
66d7fb94	24
66d7fb94 JD	25	void blake2s_update(struct blake2s_state state, const u8 in, size_t inlen)
66d7fb94 JD	26	{
057edc9c	27	__blake2s_update(state, in, inlen, blake2s_compress);
66d7fb94 JD	28	}
	29	EXPORT_SYMBOL(blake2s_update);
	30
	31	void blake2s_final(struct blake2s_state state, u8 out)
	32	{
	33	WARN_ON(IS_ENABLED(DEBUG) && !out);
057edc9c	34	__blake2s_final(state, out, blake2s_compress);
66d7fb94 JD	35	memzero_explicit(state, sizeof(*state));
	36	}
	37	EXPORT_SYMBOL(blake2s_final);
	38
	39	void blake2s256_hmac(u8 out, const u8 in, const u8 *key, const size_t inlen,
	40	const size_t keylen)
	41	{
	42	struct blake2s_state state;
	43	u8 x_key[BLAKE2S_BLOCK_SIZE] __aligned(__alignof__(u32)) = { 0 };
	44	u8 i_hash[BLAKE2S_HASH_SIZE] __aligned(__alignof__(u32));
	45	int i;
	46
	47	if (keylen > BLAKE2S_BLOCK_SIZE) {
	48	blake2s_init(&state, BLAKE2S_HASH_SIZE);
	49	blake2s_update(&state, key, keylen);
	50	blake2s_final(&state, x_key);
	51	} else
	52	memcpy(x_key, key, keylen);
	53
	54	for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i)
	55	x_key[i] ^= 0x36;
	56
	57	blake2s_init(&state, BLAKE2S_HASH_SIZE);
	58	blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE);
	59	blake2s_update(&state, in, inlen);
	60	blake2s_final(&state, i_hash);
	61
	62	for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i)
	63	x_key[i] ^= 0x5c ^ 0x36;
	64
	65	blake2s_init(&state, BLAKE2S_HASH_SIZE);
	66	blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE);
	67	blake2s_update(&state, i_hash, BLAKE2S_HASH_SIZE);
	68	blake2s_final(&state, i_hash);
	69
	70	memcpy(out, i_hash, BLAKE2S_HASH_SIZE);
	71	memzero_explicit(x_key, BLAKE2S_BLOCK_SIZE);
	72	memzero_explicit(i_hash, BLAKE2S_HASH_SIZE);
	73	}
	74	EXPORT_SYMBOL(blake2s256_hmac);
	75
	76	static int __init mod_init(void)
	77	{
	78	if (!IS_ENABLED(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) &&
	79	WARN_ON(!blake2s_selftest()))
	80	return -ENODEV;
	81	return 0;
	82	}
	83
	84	static void __exit mod_exit(void)
	85	{
	86	}
	87
	88	module_init(mod_init);
	89	module_exit(mod_exit);
	90	MODULE_LICENSE("GPL v2");
	91	MODULE_DESCRIPTION("BLAKE2s hash function");
	92	MODULE_AUTHOR("Jason A. Donenfeld <Jason@zx2c4.com>");