blob: f9ffd39194eb81ba195f7153134ea54f7f938e83 [file] [log] [blame]
Jason A. Donenfeld66d7fb92019-11-08 13:22:28 +01001/* SPDX-License-Identifier: GPL-2.0 OR MIT */
2/*
3 * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
4 */
5
Eric Biggers87868412020-12-23 00:09:57 -08006#ifndef _CRYPTO_BLAKE2S_H
7#define _CRYPTO_BLAKE2S_H
Jason A. Donenfeld66d7fb92019-11-08 13:22:28 +01008
Eric Biggersbbda6e02020-12-23 00:09:58 -08009#include <linux/bug.h>
Andy Shevchenko244d22f2021-12-10 16:30:09 +020010#include <linux/kconfig.h>
Jason A. Donenfeld66d7fb92019-11-08 13:22:28 +010011#include <linux/types.h>
Jason A. Donenfeld66d7fb92019-11-08 13:22:28 +010012#include <linux/string.h>
13
Jason A. Donenfeld66d7fb92019-11-08 13:22:28 +010014enum blake2s_lengths {
15 BLAKE2S_BLOCK_SIZE = 64,
16 BLAKE2S_HASH_SIZE = 32,
17 BLAKE2S_KEY_SIZE = 32,
18
19 BLAKE2S_128_HASH_SIZE = 16,
20 BLAKE2S_160_HASH_SIZE = 20,
21 BLAKE2S_224_HASH_SIZE = 28,
22 BLAKE2S_256_HASH_SIZE = 32,
23};
24
25struct blake2s_state {
Eric Biggers7d871312020-12-23 00:09:56 -080026 /* 'h', 't', and 'f' are used in assembly code, so keep them as-is. */
Jason A. Donenfeld66d7fb92019-11-08 13:22:28 +010027 u32 h[8];
28 u32 t[2];
29 u32 f[2];
30 u8 buf[BLAKE2S_BLOCK_SIZE];
31 unsigned int buflen;
32 unsigned int outlen;
33};
34
35enum blake2s_iv {
36 BLAKE2S_IV0 = 0x6A09E667UL,
37 BLAKE2S_IV1 = 0xBB67AE85UL,
38 BLAKE2S_IV2 = 0x3C6EF372UL,
39 BLAKE2S_IV3 = 0xA54FF53AUL,
40 BLAKE2S_IV4 = 0x510E527FUL,
41 BLAKE2S_IV5 = 0x9B05688CUL,
42 BLAKE2S_IV6 = 0x1F83D9ABUL,
43 BLAKE2S_IV7 = 0x5BE0CD19UL,
44};
45
Eric Biggers42ad8cf2020-12-23 00:09:55 -080046static inline void __blake2s_init(struct blake2s_state *state, size_t outlen,
47 const void *key, size_t keylen)
Jason A. Donenfeld66d7fb92019-11-08 13:22:28 +010048{
Eric Biggers42ad8cf2020-12-23 00:09:55 -080049 state->h[0] = BLAKE2S_IV0 ^ (0x01010000 | keylen << 8 | outlen);
50 state->h[1] = BLAKE2S_IV1;
51 state->h[2] = BLAKE2S_IV2;
52 state->h[3] = BLAKE2S_IV3;
53 state->h[4] = BLAKE2S_IV4;
54 state->h[5] = BLAKE2S_IV5;
55 state->h[6] = BLAKE2S_IV6;
56 state->h[7] = BLAKE2S_IV7;
57 state->t[0] = 0;
58 state->t[1] = 0;
59 state->f[0] = 0;
60 state->f[1] = 0;
61 state->buflen = 0;
62 state->outlen = outlen;
63 if (keylen) {
64 memcpy(state->buf, key, keylen);
65 memset(&state->buf[keylen], 0, BLAKE2S_BLOCK_SIZE - keylen);
66 state->buflen = BLAKE2S_BLOCK_SIZE;
67 }
Jason A. Donenfeld66d7fb92019-11-08 13:22:28 +010068}
69
70static inline void blake2s_init(struct blake2s_state *state,
71 const size_t outlen)
72{
Eric Biggers42ad8cf2020-12-23 00:09:55 -080073 __blake2s_init(state, outlen, NULL, 0);
Jason A. Donenfeld66d7fb92019-11-08 13:22:28 +010074}
75
76static inline void blake2s_init_key(struct blake2s_state *state,
77 const size_t outlen, const void *key,
78 const size_t keylen)
79{
80 WARN_ON(IS_ENABLED(DEBUG) && (!outlen || outlen > BLAKE2S_HASH_SIZE ||
81 !key || !keylen || keylen > BLAKE2S_KEY_SIZE));
82
Eric Biggers42ad8cf2020-12-23 00:09:55 -080083 __blake2s_init(state, outlen, key, keylen);
Jason A. Donenfeld66d7fb92019-11-08 13:22:28 +010084}
85
Eric Biggers42ad8cf2020-12-23 00:09:55 -080086void blake2s_update(struct blake2s_state *state, const u8 *in, size_t inlen);
87void blake2s_final(struct blake2s_state *state, u8 *out);
88
Jason A. Donenfeld66d7fb92019-11-08 13:22:28 +010089static inline void blake2s(u8 *out, const u8 *in, const u8 *key,
90 const size_t outlen, const size_t inlen,
91 const size_t keylen)
92{
93 struct blake2s_state state;
94
95 WARN_ON(IS_ENABLED(DEBUG) && ((!in && inlen > 0) || !out || !outlen ||
96 outlen > BLAKE2S_HASH_SIZE || keylen > BLAKE2S_KEY_SIZE ||
97 (!key && keylen)));
98
Eric Biggers42ad8cf2020-12-23 00:09:55 -080099 __blake2s_init(&state, outlen, key, keylen);
Jason A. Donenfeld66d7fb92019-11-08 13:22:28 +0100100 blake2s_update(&state, in, inlen);
101 blake2s_final(&state, out);
102}
103
Eric Biggers87868412020-12-23 00:09:57 -0800104#endif /* _CRYPTO_BLAKE2S_H */