1 /* SPDX-License-Identifier: GPL-2.0 OR MIT */
2
3 #ifndef _CRYPTO_BLAKE2B_H
4 #define _CRYPTO_BLAKE2B_H
5
6 #include <linux/bug.h>
7 #include <linux/types.h>
8 #include <linux/string.h>
9
10 enum blake2b_lengths {
11 BLAKE2B_BLOCK_SIZE = 128,
12 BLAKE2B_HASH_SIZE = 64,
13 BLAKE2B_KEY_SIZE = 64,
14
15 BLAKE2B_160_HASH_SIZE = 20,
16 BLAKE2B_256_HASH_SIZE = 32,
17 BLAKE2B_384_HASH_SIZE = 48,
18 BLAKE2B_512_HASH_SIZE = 64,
19 };
20
21 /**
22 * struct blake2b_ctx - Context for hashing a message with BLAKE2b
23 * @h: compression function state
24 * @t: block counter
25 * @f: finalization indicator
26 * @buf: partial block buffer; 'buflen' bytes are valid
27 * @buflen: number of bytes buffered in @buf
28 * @outlen: length of output hash value in bytes, at most BLAKE2B_HASH_SIZE
29 */
30 struct blake2b_ctx {
31 /* 'h', 't', and 'f' are used in assembly code, so keep them as-is. */
32 u64 h[8];
33 u64 t[2];
34 u64 f[2];
35 u8 buf[BLAKE2B_BLOCK_SIZE];
36 unsigned int buflen;
37 unsigned int outlen;
38 };
39
40 enum blake2b_iv {
41 BLAKE2B_IV0 = 0x6A09E667F3BCC908ULL,
42 BLAKE2B_IV1 = 0xBB67AE8584CAA73BULL,
43 BLAKE2B_IV2 = 0x3C6EF372FE94F82BULL,
44 BLAKE2B_IV3 = 0xA54FF53A5F1D36F1ULL,
45 BLAKE2B_IV4 = 0x510E527FADE682D1ULL,
46 BLAKE2B_IV5 = 0x9B05688C2B3E6C1FULL,
47 BLAKE2B_IV6 = 0x1F83D9ABFB41BD6BULL,
48 BLAKE2B_IV7 = 0x5BE0CD19137E2179ULL,
49 };
50
__blake2b_init(struct blake2b_ctx * ctx,size_t outlen,const void * key,size_t keylen)51 static inline void __blake2b_init(struct blake2b_ctx *ctx, size_t outlen,
52 const void *key, size_t keylen)
53 {
54 ctx->h[0] = BLAKE2B_IV0 ^ (0x01010000 | keylen << 8 | outlen);
55 ctx->h[1] = BLAKE2B_IV1;
56 ctx->h[2] = BLAKE2B_IV2;
57 ctx->h[3] = BLAKE2B_IV3;
58 ctx->h[4] = BLAKE2B_IV4;
59 ctx->h[5] = BLAKE2B_IV5;
60 ctx->h[6] = BLAKE2B_IV6;
61 ctx->h[7] = BLAKE2B_IV7;
62 ctx->t[0] = 0;
63 ctx->t[1] = 0;
64 ctx->f[0] = 0;
65 ctx->f[1] = 0;
66 ctx->buflen = 0;
67 ctx->outlen = outlen;
68 if (keylen) {
69 memcpy(ctx->buf, key, keylen);
70 memset(&ctx->buf[keylen], 0, BLAKE2B_BLOCK_SIZE - keylen);
71 ctx->buflen = BLAKE2B_BLOCK_SIZE;
72 }
73 }
74
75 /**
76 * blake2b_init() - Initialize a BLAKE2b context for a new message (unkeyed)
77 * @ctx: the context to initialize
78 * @outlen: length of output hash value in bytes, at most BLAKE2B_HASH_SIZE
79 *
80 * Context: Any context.
81 */
blake2b_init(struct blake2b_ctx * ctx,size_t outlen)82 static inline void blake2b_init(struct blake2b_ctx *ctx, size_t outlen)
83 {
84 __blake2b_init(ctx, outlen, NULL, 0);
85 }
86
87 /**
88 * blake2b_init_key() - Initialize a BLAKE2b context for a new message (keyed)
89 * @ctx: the context to initialize
90 * @outlen: length of output hash value in bytes, at most BLAKE2B_HASH_SIZE
91 * @key: the key
92 * @keylen: the key length in bytes, at most BLAKE2B_KEY_SIZE
93 *
94 * Context: Any context.
95 */
blake2b_init_key(struct blake2b_ctx * ctx,size_t outlen,const void * key,size_t keylen)96 static inline void blake2b_init_key(struct blake2b_ctx *ctx, size_t outlen,
97 const void *key, size_t keylen)
98 {
99 WARN_ON(IS_ENABLED(DEBUG) && (!outlen || outlen > BLAKE2B_HASH_SIZE ||
100 !key || !keylen || keylen > BLAKE2B_KEY_SIZE));
101
102 __blake2b_init(ctx, outlen, key, keylen);
103 }
104
105 /**
106 * blake2b_update() - Update a BLAKE2b context with message data
107 * @ctx: the context to update; must have been initialized
108 * @in: the message data
109 * @inlen: the data length in bytes
110 *
111 * This can be called any number of times.
112 *
113 * Context: Any context.
114 */
115 void blake2b_update(struct blake2b_ctx *ctx, const u8 *in, size_t inlen);
116
117 /**
118 * blake2b_final() - Finish computing a BLAKE2b hash
119 * @ctx: the context to finalize; must have been initialized
120 * @out: (output) the resulting BLAKE2b hash. Its length will be equal to the
121 * @outlen that was passed to blake2b_init() or blake2b_init_key().
122 *
123 * After finishing, this zeroizes @ctx. So the caller does not need to do it.
124 *
125 * Context: Any context.
126 */
127 void blake2b_final(struct blake2b_ctx *ctx, u8 *out);
128
129 /**
130 * blake2b() - Compute BLAKE2b hash in one shot
131 * @key: the key, or NULL for an unkeyed hash
132 * @keylen: the key length in bytes (at most BLAKE2B_KEY_SIZE), or 0 for an
133 * unkeyed hash
134 * @in: the message data
135 * @inlen: the data length in bytes
136 * @out: (output) the resulting BLAKE2b hash, with length @outlen
137 * @outlen: length of output hash value in bytes, at most BLAKE2B_HASH_SIZE
138 *
139 * Context: Any context.
140 */
blake2b(const u8 * key,size_t keylen,const u8 * in,size_t inlen,u8 * out,size_t outlen)141 static inline void blake2b(const u8 *key, size_t keylen,
142 const u8 *in, size_t inlen,
143 u8 *out, size_t outlen)
144 {
145 struct blake2b_ctx ctx;
146
147 WARN_ON(IS_ENABLED(DEBUG) && ((!in && inlen > 0) || !out || !outlen ||
148 outlen > BLAKE2B_HASH_SIZE || keylen > BLAKE2B_KEY_SIZE ||
149 (!key && keylen)));
150
151 __blake2b_init(&ctx, outlen, key, keylen);
152 blake2b_update(&ctx, in, inlen);
153 blake2b_final(&ctx, out);
154 }
155
156 #endif /* _CRYPTO_BLAKE2B_H */
157