blake2b.h (3138B)
1/* SPDX-License-Identifier: GPL-2.0 OR MIT */ 2/* 3 * Helper functions for BLAKE2b implementations. 4 * Keep this in sync with the corresponding BLAKE2s header. 5 */ 6 7#ifndef _CRYPTO_INTERNAL_BLAKE2B_H 8#define _CRYPTO_INTERNAL_BLAKE2B_H 9 10#include <crypto/blake2b.h> 11#include <crypto/internal/hash.h> 12#include <linux/string.h> 13 14void blake2b_compress_generic(struct blake2b_state *state, 15 const u8 *block, size_t nblocks, u32 inc); 16 17static inline void blake2b_set_lastblock(struct blake2b_state *state) 18{ 19 state->f[0] = -1; 20} 21 22typedef void (*blake2b_compress_t)(struct blake2b_state *state, 23 const u8 *block, size_t nblocks, u32 inc); 24 25static inline void __blake2b_update(struct blake2b_state *state, 26 const u8 *in, size_t inlen, 27 blake2b_compress_t compress) 28{ 29 const size_t fill = BLAKE2B_BLOCK_SIZE - state->buflen; 30 31 if (unlikely(!inlen)) 32 return; 33 if (inlen > fill) { 34 memcpy(state->buf + state->buflen, in, fill); 35 (*compress)(state, state->buf, 1, BLAKE2B_BLOCK_SIZE); 36 state->buflen = 0; 37 in += fill; 38 inlen -= fill; 39 } 40 if (inlen > BLAKE2B_BLOCK_SIZE) { 41 const size_t nblocks = DIV_ROUND_UP(inlen, BLAKE2B_BLOCK_SIZE); 42 /* Hash one less (full) block than strictly possible */ 43 (*compress)(state, in, nblocks - 1, BLAKE2B_BLOCK_SIZE); 44 in += BLAKE2B_BLOCK_SIZE * (nblocks - 1); 45 inlen -= BLAKE2B_BLOCK_SIZE * (nblocks - 1); 46 } 47 memcpy(state->buf + state->buflen, in, inlen); 48 state->buflen += inlen; 49} 50 51static inline void __blake2b_final(struct blake2b_state *state, u8 *out, 52 blake2b_compress_t compress) 53{ 54 int i; 55 56 blake2b_set_lastblock(state); 57 memset(state->buf + state->buflen, 0, 58 BLAKE2B_BLOCK_SIZE - state->buflen); /* Padding */ 59 (*compress)(state, state->buf, 1, state->buflen); 60 for (i = 0; i < ARRAY_SIZE(state->h); i++) 61 __cpu_to_le64s(&state->h[i]); 62 memcpy(out, state->h, state->outlen); 63} 64 65/* Helper functions for shash implementations of BLAKE2b */ 66 67struct blake2b_tfm_ctx { 68 u8 key[BLAKE2B_KEY_SIZE]; 69 unsigned int keylen; 70}; 71 72static inline int crypto_blake2b_setkey(struct crypto_shash *tfm, 73 const u8 *key, unsigned int keylen) 74{ 75 struct blake2b_tfm_ctx *tctx = crypto_shash_ctx(tfm); 76 77 if (keylen == 0 || keylen > BLAKE2B_KEY_SIZE) 78 return -EINVAL; 79 80 memcpy(tctx->key, key, keylen); 81 tctx->keylen = keylen; 82 83 return 0; 84} 85 86static inline int crypto_blake2b_init(struct shash_desc *desc) 87{ 88 const struct blake2b_tfm_ctx *tctx = crypto_shash_ctx(desc->tfm); 89 struct blake2b_state *state = shash_desc_ctx(desc); 90 unsigned int outlen = crypto_shash_digestsize(desc->tfm); 91 92 __blake2b_init(state, outlen, tctx->key, tctx->keylen); 93 return 0; 94} 95 96static inline int crypto_blake2b_update(struct shash_desc *desc, 97 const u8 *in, unsigned int inlen, 98 blake2b_compress_t compress) 99{ 100 struct blake2b_state *state = shash_desc_ctx(desc); 101 102 __blake2b_update(state, in, inlen, compress); 103 return 0; 104} 105 106static inline int crypto_blake2b_final(struct shash_desc *desc, u8 *out, 107 blake2b_compress_t compress) 108{ 109 struct blake2b_state *state = shash_desc_ctx(desc); 110 111 __blake2b_final(state, out, compress); 112 return 0; 113} 114 115#endif /* _CRYPTO_INTERNAL_BLAKE2B_H */