1 /* SPDX-License-Identifier: GPL-2.0 OR MIT */ 2 3 #ifndef _CRYPTO_BLAKE2B_H 4 #define _CRYPTO_BLAKE2B_H 5 6 #include <linux/bug.h> 7 #include <linux/types.h> 8 #include <linux/string.h> 9 10 struct blake2b_state { 11 /* 'h', 't', and 'f' are used in assembly code, so keep them as-is. */ 12 u64 h[8]; 13 u64 t[2]; 14 /* The true state ends here. The rest is temporary storage. */ 15 u64 f[2]; 16 }; 17 18 enum blake2b_lengths { 19 BLAKE2B_BLOCK_SIZE = 128, 20 BLAKE2B_HASH_SIZE = 64, 21 BLAKE2B_KEY_SIZE = 64, 22 BLAKE2B_STATE_SIZE = offsetof(struct blake2b_state, f), 23 BLAKE2B_DESC_SIZE = sizeof(struct blake2b_state), 24 25 BLAKE2B_160_HASH_SIZE = 20, 26 BLAKE2B_256_HASH_SIZE = 32, 27 BLAKE2B_384_HASH_SIZE = 48, 28 BLAKE2B_512_HASH_SIZE = 64, 29 }; 30 31 /** 32 * struct blake2b_ctx - Context for hashing a message with BLAKE2b 33 * @h: compression function state 34 * @t: block counter 35 * @f: finalization indicator 36 * @buf: partial block buffer; 'buflen' bytes are valid 37 * @buflen: number of bytes buffered in @buf 38 * @outlen: length of output hash value in bytes, at most BLAKE2B_HASH_SIZE 39 */ 40 struct blake2b_ctx { 41 /* 'h', 't', and 'f' are used in assembly code, so keep them as-is. */ 42 u64 h[8]; 43 u64 t[2]; 44 u64 f[2]; 45 u8 buf[BLAKE2B_BLOCK_SIZE]; 46 unsigned int buflen; 47 unsigned int outlen; 48 }; 49 50 enum blake2b_iv { 51 BLAKE2B_IV0 = 0x6A09E667F3BCC908ULL, 52 BLAKE2B_IV1 = 0xBB67AE8584CAA73BULL, 53 BLAKE2B_IV2 = 0x3C6EF372FE94F82BULL, 54 BLAKE2B_IV3 = 0xA54FF53A5F1D36F1ULL, 55 BLAKE2B_IV4 = 0x510E527FADE682D1ULL, 56 BLAKE2B_IV5 = 0x9B05688C2B3E6C1FULL, 57 BLAKE2B_IV6 = 0x1F83D9ABFB41BD6BULL, 58 BLAKE2B_IV7 = 0x5BE0CD19137E2179ULL, 59 }; 60 61 static inline void __blake2b_init(struct blake2b_ctx *ctx, size_t outlen, 62 const void *key, size_t keylen) 63 { 64 ctx->h[0] = BLAKE2B_IV0 ^ (0x01010000 | keylen << 8 | outlen); 65 ctx->h[1] = BLAKE2B_IV1; 66 ctx->h[2] = BLAKE2B_IV2; 67 ctx->h[3] = BLAKE2B_IV3; 68 ctx->h[4] = BLAKE2B_IV4; 69 ctx->h[5] = BLAKE2B_IV5; 70 ctx->h[6] = BLAKE2B_IV6; 71 ctx->h[7] = BLAKE2B_IV7; 72 ctx->t[0] = 0; 73 ctx->t[1] = 0; 74 ctx->f[0] = 0; 75 ctx->f[1] = 0; 76 ctx->buflen = 0; 77 ctx->outlen = outlen; 78 if (keylen) { 79 memcpy(ctx->buf, key, keylen); 80 memset(&ctx->buf[keylen], 0, BLAKE2B_BLOCK_SIZE - keylen); 81 ctx->buflen = BLAKE2B_BLOCK_SIZE; 82 } 83 } 84 85 /** 86 * blake2b_init() - Initialize a BLAKE2b context for a new message (unkeyed) 87 * @ctx: the context to initialize 88 * @outlen: length of output hash value in bytes, at most BLAKE2B_HASH_SIZE 89 * 90 * Context: Any context. 91 */ 92 static inline void blake2b_init(struct blake2b_ctx *ctx, size_t outlen) 93 { 94 __blake2b_init(ctx, outlen, NULL, 0); 95 } 96 97 /** 98 * blake2b_init_key() - Initialize a BLAKE2b context for a new message (keyed) 99 * @ctx: the context to initialize 100 * @outlen: length of output hash value in bytes, at most BLAKE2B_HASH_SIZE 101 * @key: the key 102 * @keylen: the key length in bytes, at most BLAKE2B_KEY_SIZE 103 * 104 * Context: Any context. 105 */ 106 static inline void blake2b_init_key(struct blake2b_ctx *ctx, size_t outlen, 107 const void *key, size_t keylen) 108 { 109 WARN_ON(IS_ENABLED(DEBUG) && (!outlen || outlen > BLAKE2B_HASH_SIZE || 110 !key || !keylen || keylen > BLAKE2B_KEY_SIZE)); 111 112 __blake2b_init(ctx, outlen, key, keylen); 113 } 114 115 /** 116 * blake2b_update() - Update a BLAKE2b context with message data 117 * @ctx: the context to update; must have been initialized 118 * @in: the message data 119 * @inlen: the data length in bytes 120 * 121 * This can be called any number of times. 122 * 123 * Context: Any context. 124 */ 125 void blake2b_update(struct blake2b_ctx *ctx, const u8 *in, size_t inlen); 126 127 /** 128 * blake2b_final() - Finish computing a BLAKE2b hash 129 * @ctx: the context to finalize; must have been initialized 130 * @out: (output) the resulting BLAKE2b hash. Its length will be equal to the 131 * @outlen that was passed to blake2b_init() or blake2b_init_key(). 132 * 133 * After finishing, this zeroizes @ctx. So the caller does not need to do it. 134 * 135 * Context: Any context. 136 */ 137 void blake2b_final(struct blake2b_ctx *ctx, u8 *out); 138 139 /** 140 * blake2b() - Compute BLAKE2b hash in one shot 141 * @key: the key, or NULL for an unkeyed hash 142 * @keylen: the key length in bytes (at most BLAKE2B_KEY_SIZE), or 0 for an 143 * unkeyed hash 144 * @in: the message data 145 * @inlen: the data length in bytes 146 * @out: (output) the resulting BLAKE2b hash, with length @outlen 147 * @outlen: length of output hash value in bytes, at most BLAKE2B_HASH_SIZE 148 * 149 * Context: Any context. 150 */ 151 static inline void blake2b(const u8 *key, size_t keylen, 152 const u8 *in, size_t inlen, 153 u8 *out, size_t outlen) 154 { 155 struct blake2b_ctx ctx; 156 157 WARN_ON(IS_ENABLED(DEBUG) && ((!in && inlen > 0) || !out || !outlen || 158 outlen > BLAKE2B_HASH_SIZE || keylen > BLAKE2B_KEY_SIZE || 159 (!key && keylen))); 160 161 __blake2b_init(&ctx, outlen, key, keylen); 162 blake2b_update(&ctx, in, inlen); 163 blake2b_final(&ctx, out); 164 } 165 166 #endif /* _CRYPTO_BLAKE2B_H */ 167