mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-01-30 18:42:16 +01:00
6a56d3e131
defect/gripe statistics:
configured --enable-all --enable-sp-math-all --enable-intelasm
with LLVM 13 clang-tidy -checks=readability-*,bugprone-*,misc-no-recursion,misc-misplaced-const,misc-redundant-expression,misc-unused-parameters,misc-unused-using-decls,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-analyzer-optin.performance.Padding,-readability-braces-around-statements,-readability-function-size,-readability-function-cognitive-complexity,-bugprone-suspicious-include,-bugprone-easily-swappable-parameters,-readability-isolate-declaration,-readability-magic-numbers,-readability-else-after-return,-bugprone-reserved-identifier,-readability-suspicious-call-argument,-bugprone-suspicious-string-compare,-bugprone-branch-clone,-misc-redundant-expression,-readability-non-const-parameter,-readability-redundant-control-flow,-readability-misleading-indentation,-bugprone-narrowing-conversions,-bugprone-implicit-widening-of-multiplication-result
[note these figures don't reflect additional defects fixed in this commit for --enable-smallstack, --enable-fips, --enable-async, --enable-asn=template, and --enable-fastmath, and --disable-fastmath]
pre-patch warning count per file, with suppressions:
clang-analyzer-security.insecureAPI.strcpy 6 wolfssl/tests/suites.c
clang-analyzer-security.insecureAPI.strcpy 2 wolfssl/testsuite/testsuite.c
bugprone-suspicious-missing-comma 3 wolfssl/examples/server/server.c
bugprone-suspicious-missing-comma 3 wolfssl/examples/client/client.c
readability-redundant-preprocessor 2 wolfssl/wolfcrypt/src/asn.c
readability-redundant-preprocessor 1 wolfssl/wolfcrypt/src/rsa.c
readability-redundant-preprocessor 9 wolfssl/src/ssl.c
readability-redundant-preprocessor 2 wolfssl/src/tls13.c
readability-redundant-preprocessor 18 wolfssl/tests/api.c
readability-redundant-preprocessor 3 wolfssl/src/internal.c
readability-redundant-preprocessor 10 wolfssl/wolfcrypt/test/test.c
readability-named-parameter 1 wolfssl/wolfcrypt/benchmark/benchmark.c
readability-named-parameter 7 wolfssl/src/internal.c
readability-named-parameter 1 wolfssl/wolfcrypt/src/ecc.c
readability-named-parameter 1 wolfssl/testsuite/testsuite.c
readability-named-parameter 11 wolfssl/wolfcrypt/src/ge_operations.c
misc-no-recursion 3 wolfssl/src/ssl.c
readability-uppercase-literal-suffix 4 wolfssl/wolfcrypt/src/asn.c
readability-uppercase-literal-suffix 1 wolfssl/src/ssl.c
readability-uppercase-literal-suffix 13 wolfssl/wolfcrypt/benchmark/benchmark.c
bugprone-too-small-loop-variable 1 wolfssl/wolfcrypt/src/rsa.c
bugprone-too-small-loop-variable 2 wolfssl/wolfcrypt/src/sha3.c
bugprone-too-small-loop-variable 4 wolfssl/wolfcrypt/src/idea.c
bugprone-signed-char-misuse 2 wolfssl/src/ssl.c
bugprone-signed-char-misuse 3 wolfssl/wolfcrypt/src/sp_int.c
bugprone-signed-char-misuse 3 wolfssl/examples/client/client.c
bugprone-macro-parentheses 19 wolfssl/wolfcrypt/src/aes.c
bugprone-macro-parentheses 109 wolfssl/wolfcrypt/src/camellia.c
bugprone-macro-parentheses 1 wolfssl/src/tls.c
bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/md4.c
bugprone-macro-parentheses 2 wolfssl/wolfcrypt/src/asn.c
bugprone-macro-parentheses 26 wolfssl/wolfcrypt/src/blake2b.c
bugprone-macro-parentheses 257 wolfssl/wolfcrypt/src/sha3.c
bugprone-macro-parentheses 15 wolfssl/src/ssl.c
bugprone-macro-parentheses 1 wolfssl/wolfcrypt/src/sha.c
bugprone-macro-parentheses 8 wolfssl/tests/api.c
bugprone-macro-parentheses 4 wolfssl/wolfcrypt/src/sp_int.c
bugprone-macro-parentheses 6 wolfssl/wolfcrypt/benchmark/benchmark.c
bugprone-macro-parentheses 38 wolfssl/wolfcrypt/src/hc128.c
bugprone-macro-parentheses 12 wolfssl/wolfcrypt/src/md5.c
bugprone-macro-parentheses 10 wolfssl/wolfcrypt/src/sha256.c
bugprone-macro-parentheses 4 wolfssl/wolfcrypt/test/test.c
bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/ecc.c
bugprone-macro-parentheses 2 wolfssl/tests/suites.c
bugprone-macro-parentheses 4 wolfssl/wolfcrypt/src/cpuid.c
bugprone-macro-parentheses 26 wolfssl/wolfcrypt/src/blake2s.c
bugprone-macro-parentheses 24 wolfssl/wolfcrypt/src/sha512.c
bugprone-macro-parentheses 3 wolfssl/wolfcrypt/src/poly1305.c
bugprone-macro-parentheses 24 wolfssl/wolfcrypt/src/ripemd.c
readability-inconsistent-declaration-parameter-name 1 wolfssl/src/internal.c
readability-inconsistent-declaration-parameter-name 1 wolfssl/testsuite/testsuite.c
pre-patch warning count summaries, with suppressions:
clang-analyzer-security.insecureAPI.strcpy 8
bugprone-suspicious-missing-comma 6
readability-redundant-preprocessor 45
readability-named-parameter 21
misc-no-recursion 3
readability-uppercase-literal-suffix 18
bugprone-too-small-loop-variable 7
bugprone-signed-char-misuse 8
bugprone-macro-parentheses 601
readability-inconsistent-declaration-parameter-name 2
pre-patch warning count summaries, without suppressions:
clang-analyzer-security.insecureAPI.strcpy 8
bugprone-branch-clone 152
readability-non-const-parameter 118
bugprone-suspicious-missing-comma 6
bugprone-suspicious-include 52
readability-magic-numbers 22423
readability-redundant-preprocessor 45
readability-named-parameter 21
readability-function-cognitive-complexity 845
readability-else-after-return 398
bugprone-implicit-widening-of-multiplication-result 595
readability-function-size 21
readability-isolate-declaration 1090
misc-redundant-expression 2
bugprone-narrowing-conversions 994
misc-no-recursion 3
readability-uppercase-literal-suffix 18
bugprone-reserved-identifier 56
readability-suspicious-call-argument 74
bugprone-too-small-loop-variable 7
bugprone-easily-swappable-parameters 437
bugprone-signed-char-misuse 8
readability-misleading-indentation 94
bugprone-macro-parentheses 601
readability-inconsistent-declaration-parameter-name 2
bugprone-suspicious-string-compare 495
readability-redundant-control-flow 20
readability-braces-around-statements 11483
clang-analyzer-valist.Uninitialized 1
clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling 3502
504 lines
12 KiB
C
504 lines
12 KiB
C
/*
|
|
BLAKE2 reference source code package - reference C implementations
|
|
|
|
Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
|
|
|
|
To the extent possible under law, the author(s) have dedicated all copyright
|
|
and related and neighboring rights to this software to the public domain
|
|
worldwide. This software is distributed without any warranty.
|
|
|
|
You should have received a copy of the CC0 Public Domain Dedication along with
|
|
this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
|
|
*/
|
|
/* blake2b.c
|
|
*
|
|
* Copyright (C) 2006-2021 wolfSSL Inc.
|
|
*
|
|
* This file is part of wolfSSL.
|
|
*
|
|
* wolfSSL is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* wolfSSL is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
|
*/
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
#include <config.h>
|
|
#endif
|
|
|
|
#include <wolfssl/wolfcrypt/settings.h>
|
|
|
|
#ifdef HAVE_BLAKE2
|
|
|
|
#include <wolfssl/wolfcrypt/blake2.h>
|
|
#include <wolfssl/wolfcrypt/blake2-impl.h>
|
|
#include <wolfssl/wolfcrypt/error-crypt.h>
|
|
|
|
|
|
static const word64 blake2b_IV[8] =
|
|
{
|
|
0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL,
|
|
0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL,
|
|
0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL,
|
|
0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL
|
|
};
|
|
|
|
static const byte blake2b_sigma[12][16] =
|
|
{
|
|
{ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } ,
|
|
{ 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } ,
|
|
{ 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } ,
|
|
{ 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } ,
|
|
{ 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } ,
|
|
{ 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } ,
|
|
{ 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } ,
|
|
{ 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } ,
|
|
{ 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } ,
|
|
{ 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } ,
|
|
{ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } ,
|
|
{ 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 }
|
|
};
|
|
|
|
|
|
static WC_INLINE int blake2b_set_lastnode( blake2b_state *S )
|
|
{
|
|
S->f[1] = ~0ULL;
|
|
return 0;
|
|
}
|
|
|
|
/* Some helper functions, not necessarily useful */
|
|
static WC_INLINE int blake2b_set_lastblock( blake2b_state *S )
|
|
{
|
|
if( S->last_node ) blake2b_set_lastnode( S );
|
|
|
|
S->f[0] = ~0ULL;
|
|
return 0;
|
|
}
|
|
|
|
static WC_INLINE int blake2b_increment_counter( blake2b_state *S, const word64
|
|
inc )
|
|
{
|
|
S->t[0] += inc;
|
|
S->t[1] += ( S->t[0] < inc );
|
|
return 0;
|
|
}
|
|
|
|
static WC_INLINE int blake2b_init0( blake2b_state *S )
|
|
{
|
|
int i;
|
|
XMEMSET( S, 0, sizeof( blake2b_state ) );
|
|
|
|
for( i = 0; i < 8; ++i ) S->h[i] = blake2b_IV[i];
|
|
|
|
return 0;
|
|
}
|
|
|
|
/* init xors IV with input parameter block */
|
|
int blake2b_init_param( blake2b_state *S, const blake2b_param *P )
|
|
{
|
|
word32 i;
|
|
byte *p ;
|
|
blake2b_init0( S );
|
|
p = ( byte * )( P );
|
|
|
|
/* IV XOR ParamBlock */
|
|
for( i = 0; i < 8; ++i )
|
|
S->h[i] ^= load64( p + sizeof( S->h[i] ) * i );
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
|
|
int blake2b_init( blake2b_state *S, const byte outlen )
|
|
{
|
|
blake2b_param P[1];
|
|
|
|
if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return BAD_FUNC_ARG;
|
|
|
|
#ifdef WOLFSSL_BLAKE2B_INIT_EACH_FIELD
|
|
P->digest_length = outlen;
|
|
P->key_length = 0;
|
|
P->fanout = 1;
|
|
P->depth = 1;
|
|
store32( &P->leaf_length, 0 );
|
|
store64( &P->node_offset, 0 );
|
|
P->node_depth = 0;
|
|
P->inner_length = 0;
|
|
XMEMSET( P->reserved, 0, sizeof( P->reserved ) );
|
|
XMEMSET( P->salt, 0, sizeof( P->salt ) );
|
|
XMEMSET( P->personal, 0, sizeof( P->personal ) );
|
|
#else
|
|
XMEMSET( P, 0, sizeof( *P ) );
|
|
P->digest_length = outlen;
|
|
P->fanout = 1;
|
|
P->depth = 1;
|
|
#endif
|
|
return blake2b_init_param( S, P );
|
|
}
|
|
|
|
|
|
int blake2b_init_key( blake2b_state *S, const byte outlen, const void *key,
|
|
const byte keylen )
|
|
{
|
|
int ret = 0;
|
|
blake2b_param P[1];
|
|
|
|
if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return BAD_FUNC_ARG;
|
|
|
|
if ( !key || !keylen || keylen > BLAKE2B_KEYBYTES ) return BAD_FUNC_ARG;
|
|
|
|
#ifdef WOLFSSL_BLAKE2B_INIT_EACH_FIELD
|
|
P->digest_length = outlen;
|
|
P->key_length = keylen;
|
|
P->fanout = 1;
|
|
P->depth = 1;
|
|
store32( &P->leaf_length, 0 );
|
|
store64( &P->node_offset, 0 );
|
|
P->node_depth = 0;
|
|
P->inner_length = 0;
|
|
XMEMSET( P->reserved, 0, sizeof( P->reserved ) );
|
|
XMEMSET( P->salt, 0, sizeof( P->salt ) );
|
|
XMEMSET( P->personal, 0, sizeof( P->personal ) );
|
|
#else
|
|
XMEMSET( P, 0, sizeof( *P ) );
|
|
P->digest_length = outlen;
|
|
P->key_length = keylen;
|
|
P->fanout = 1;
|
|
P->depth = 1;
|
|
#endif
|
|
|
|
ret = blake2b_init_param( S, P );
|
|
if ( ret < 0 ) return ret;
|
|
|
|
{
|
|
#ifdef WOLFSSL_SMALL_STACK
|
|
byte* block;
|
|
|
|
block = (byte*)XMALLOC(BLAKE2B_BLOCKBYTES, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
|
|
|
if ( block == NULL ) return MEMORY_E;
|
|
#else
|
|
byte block[BLAKE2B_BLOCKBYTES];
|
|
#endif
|
|
|
|
XMEMSET( block, 0, BLAKE2B_BLOCKBYTES );
|
|
XMEMCPY( block, key, keylen );
|
|
ret = blake2b_update( S, block, BLAKE2B_BLOCKBYTES );
|
|
secure_zero_memory( block, BLAKE2B_BLOCKBYTES ); /* Burn the key from */
|
|
/* memory */
|
|
|
|
#ifdef WOLFSSL_SMALL_STACK
|
|
XFREE(block, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
|
#endif
|
|
}
|
|
return ret;
|
|
}
|
|
|
|
static WC_INLINE int blake2b_compress(
|
|
blake2b_state *S,
|
|
const byte block[BLAKE2B_BLOCKBYTES],
|
|
word64* m,
|
|
word64* v)
|
|
{
|
|
int i;
|
|
|
|
for( i = 0; i < 16; ++i )
|
|
m[i] = load64( block + i * sizeof( m[i] ) );
|
|
|
|
for( i = 0; i < 8; ++i )
|
|
v[i] = S->h[i];
|
|
|
|
v[ 8] = blake2b_IV[0];
|
|
v[ 9] = blake2b_IV[1];
|
|
v[10] = blake2b_IV[2];
|
|
v[11] = blake2b_IV[3];
|
|
v[12] = S->t[0] ^ blake2b_IV[4];
|
|
v[13] = S->t[1] ^ blake2b_IV[5];
|
|
v[14] = S->f[0] ^ blake2b_IV[6];
|
|
v[15] = S->f[1] ^ blake2b_IV[7];
|
|
#define G(r,i,a,b,c,d) \
|
|
do { \
|
|
(a) = (a) + (b) + m[blake2b_sigma[r][2*(i)+0]]; \
|
|
(d) = rotr64((d) ^ (a), 32); \
|
|
(c) = (c) + (d); \
|
|
(b) = rotr64((b) ^ (c), 24); \
|
|
(a) = (a) + (b) + m[blake2b_sigma[r][2*(i)+1]]; \
|
|
(d) = rotr64((d) ^ (a), 16); \
|
|
(c) = (c) + (d); \
|
|
(b) = rotr64((b) ^ (c), 63); \
|
|
} while(0)
|
|
#define ROUND(r) \
|
|
do { \
|
|
G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \
|
|
G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \
|
|
G(r,2,v[ 2],v[ 6],v[10],v[14]); \
|
|
G(r,3,v[ 3],v[ 7],v[11],v[15]); \
|
|
G(r,4,v[ 0],v[ 5],v[10],v[15]); \
|
|
G(r,5,v[ 1],v[ 6],v[11],v[12]); \
|
|
G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
|
|
G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \
|
|
} while(0)
|
|
ROUND( 0 );
|
|
ROUND( 1 );
|
|
ROUND( 2 );
|
|
ROUND( 3 );
|
|
ROUND( 4 );
|
|
ROUND( 5 );
|
|
ROUND( 6 );
|
|
ROUND( 7 );
|
|
ROUND( 8 );
|
|
ROUND( 9 );
|
|
ROUND( 10 );
|
|
ROUND( 11 );
|
|
|
|
for( i = 0; i < 8; ++i )
|
|
S->h[i] = S->h[i] ^ v[i] ^ v[i + 8];
|
|
|
|
#undef G
|
|
#undef ROUND
|
|
|
|
return 0;
|
|
}
|
|
|
|
/* inlen now in bytes */
|
|
int blake2b_update( blake2b_state *S, const byte *in, word64 inlen )
|
|
{
|
|
int ret = 0;
|
|
#ifdef WOLFSSL_SMALL_STACK
|
|
word64* m;
|
|
word64* v;
|
|
|
|
m = (word64*)XMALLOC(sizeof(word64) * 32, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
|
|
|
if ( m == NULL ) return MEMORY_E;
|
|
|
|
v = &m[16];
|
|
#else
|
|
word64 m[16];
|
|
word64 v[16];
|
|
#endif
|
|
|
|
while( inlen > 0 )
|
|
{
|
|
word64 left = S->buflen;
|
|
word64 fill = 2 * BLAKE2B_BLOCKBYTES - left;
|
|
|
|
if( inlen > fill )
|
|
{
|
|
XMEMCPY( S->buf + left, in, (wolfssl_word)fill ); /* Fill buffer */
|
|
S->buflen += fill;
|
|
blake2b_increment_counter( S, BLAKE2B_BLOCKBYTES );
|
|
|
|
{
|
|
ret = blake2b_compress( S, S->buf, m, v );
|
|
if (ret < 0) break;
|
|
}
|
|
|
|
XMEMCPY( S->buf, S->buf + BLAKE2B_BLOCKBYTES, BLAKE2B_BLOCKBYTES );
|
|
/* Shift buffer left */
|
|
S->buflen -= BLAKE2B_BLOCKBYTES;
|
|
in += fill;
|
|
inlen -= fill;
|
|
}
|
|
else /* inlen <= fill */
|
|
{
|
|
XMEMCPY( S->buf + left, in, (wolfssl_word)inlen );
|
|
S->buflen += inlen; /* Be lazy, do not compress */
|
|
inlen = 0;
|
|
}
|
|
}
|
|
|
|
#ifdef WOLFSSL_SMALL_STACK
|
|
XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
|
#endif
|
|
|
|
return ret;
|
|
}
|
|
|
|
/* Is this correct? */
|
|
int blake2b_final( blake2b_state *S, byte *out, byte outlen )
|
|
{
|
|
int ret = 0;
|
|
byte buffer[BLAKE2B_OUTBYTES];
|
|
int i;
|
|
#ifdef WOLFSSL_SMALL_STACK
|
|
word64* m;
|
|
word64* v;
|
|
|
|
m = (word64*)XMALLOC(sizeof(word64) * 32, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
|
|
|
if ( m == NULL ) return MEMORY_E;
|
|
|
|
v = &m[16];
|
|
#else
|
|
word64 m[16];
|
|
word64 v[16];
|
|
#endif
|
|
|
|
if( S->buflen > BLAKE2B_BLOCKBYTES )
|
|
{
|
|
blake2b_increment_counter( S, BLAKE2B_BLOCKBYTES );
|
|
|
|
{
|
|
ret = blake2b_compress( S, S->buf, m, v );
|
|
if (ret < 0) goto out;
|
|
}
|
|
|
|
S->buflen -= BLAKE2B_BLOCKBYTES;
|
|
XMEMCPY( S->buf, S->buf + BLAKE2B_BLOCKBYTES, (wolfssl_word)S->buflen );
|
|
}
|
|
|
|
blake2b_increment_counter( S, S->buflen );
|
|
blake2b_set_lastblock( S );
|
|
XMEMSET( S->buf + S->buflen, 0, (wolfssl_word)(2 * BLAKE2B_BLOCKBYTES - S->buflen) );
|
|
/* Padding */
|
|
{
|
|
ret = blake2b_compress( S, S->buf, m, v );
|
|
if (ret < 0) goto out;
|
|
}
|
|
|
|
for( i = 0; i < 8; ++i ) /* Output full hash to temp buffer */
|
|
store64( buffer + sizeof( S->h[i] ) * i, S->h[i] );
|
|
|
|
XMEMCPY( out, buffer, outlen );
|
|
|
|
out:
|
|
|
|
#ifdef WOLFSSL_SMALL_STACK
|
|
XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
|
#endif
|
|
|
|
return ret;
|
|
}
|
|
|
|
/* inlen, at least, should be word64. Others can be size_t. */
|
|
int blake2b( byte *out, const void *in, const void *key, const byte outlen,
|
|
const word64 inlen, byte keylen )
|
|
{
|
|
blake2b_state S[1];
|
|
|
|
/* Verify parameters */
|
|
if ( NULL == in ) return BAD_FUNC_ARG;
|
|
|
|
if ( NULL == out ) return BAD_FUNC_ARG;
|
|
|
|
if( NULL == key ) keylen = 0;
|
|
|
|
if( keylen > 0 )
|
|
{
|
|
int ret = blake2b_init_key( S, outlen, key, keylen );
|
|
if (ret < 0) return ret;
|
|
}
|
|
else
|
|
{
|
|
int ret = blake2b_init( S, outlen );
|
|
if (ret < 0) return ret;
|
|
}
|
|
|
|
{
|
|
int ret = blake2b_update( S, ( byte * )in, inlen );
|
|
if (ret < 0) return ret;
|
|
}
|
|
|
|
return blake2b_final( S, out, outlen );
|
|
}
|
|
|
|
#if defined(BLAKE2B_SELFTEST)
|
|
#include <string.h>
|
|
#include "blake2-kat.h"
|
|
int main( int argc, char **argv )
|
|
{
|
|
byte key[BLAKE2B_KEYBYTES];
|
|
byte buf[KAT_LENGTH];
|
|
|
|
for( word32 i = 0; i < BLAKE2B_KEYBYTES; ++i )
|
|
key[i] = ( byte )i;
|
|
|
|
for( word32 i = 0; i < KAT_LENGTH; ++i )
|
|
buf[i] = ( byte )i;
|
|
|
|
for( word32 i = 0; i < KAT_LENGTH; ++i )
|
|
{
|
|
byte hash[BLAKE2B_OUTBYTES];
|
|
if ( blake2b( hash, buf, key, BLAKE2B_OUTBYTES, i, BLAKE2B_KEYBYTES ) < 0 )
|
|
{
|
|
puts( "error" );
|
|
return -1;
|
|
}
|
|
|
|
if( 0 != XMEMCMP( hash, blake2b_keyed_kat[i], BLAKE2B_OUTBYTES ) )
|
|
{
|
|
puts( "error" );
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
puts( "ok" );
|
|
return 0;
|
|
}
|
|
#endif
|
|
|
|
|
|
/* wolfCrypt API */
|
|
|
|
/* Init Blake2b digest, track size in case final doesn't want to "remember" */
|
|
int wc_InitBlake2b(Blake2b* b2b, word32 digestSz)
|
|
{
|
|
if (b2b == NULL){
|
|
return BAD_FUNC_ARG;
|
|
}
|
|
b2b->digestSz = digestSz;
|
|
|
|
return blake2b_init(b2b->S, (byte)digestSz);
|
|
}
|
|
|
|
/* Init Blake2b digest with key, track size in case final doesn't want to "remember" */
|
|
int wc_InitBlake2b_WithKey(Blake2b* b2b, word32 digestSz, const byte *key, word32 keylen)
|
|
{
|
|
if (b2b == NULL){
|
|
return BAD_FUNC_ARG;
|
|
}
|
|
b2b->digestSz = digestSz;
|
|
|
|
if (keylen >= 256)
|
|
return BAD_FUNC_ARG;
|
|
|
|
if (key)
|
|
return blake2b_init_key(b2b->S, (byte)digestSz, key, (byte)keylen);
|
|
else
|
|
return blake2b_init(b2b->S, (byte)digestSz);
|
|
}
|
|
|
|
/* Blake2b Update */
|
|
int wc_Blake2bUpdate(Blake2b* b2b, const byte* data, word32 sz)
|
|
{
|
|
return blake2b_update(b2b->S, data, sz);
|
|
}
|
|
|
|
|
|
/* Blake2b Final, if pass in zero size we use init digestSz */
|
|
int wc_Blake2bFinal(Blake2b* b2b, byte* final, word32 requestSz)
|
|
{
|
|
word32 sz = requestSz ? requestSz : b2b->digestSz;
|
|
|
|
return blake2b_final(b2b->S, final, (byte)sz);
|
|
}
|
|
|
|
|
|
/* end CTaoCrypt API */
|
|
|
|
#endif /* HAVE_BLAKE2 */
|
|
|