crypto: blake2b-generic - Use API partial block handling (aa54e170) · Commits · git / linux-net

crypto/blake2b_generic.c

+18 −13

Original line number	Diff line number	Diff line
		@@ -15,12 +15,12 @@
		* More information about BLAKE2 can be found at https://blake2.net.
		*/

		#include <linux/unaligned.h>
		#include <linux/module.h>
		#include <linux/kernel.h>
		#include <linux/bitops.h>
		#include <crypto/internal/blake2b.h>
		#include <crypto/internal/hash.h>
		#include <linux/kernel.h>
		#include <linux/module.h>
		#include <linux/string.h>
		#include <linux/unaligned.h>

		static const u8 blake2b_sigma[12][16] = {
		{ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 },
		@@ -111,7 +111,7 @@ static void blake2b_compress_one_generic(struct blake2b_state *S,
		#undef G
		#undef ROUND

		void blake2b_compress_generic(struct blake2b_state *state,
		static void blake2b_compress_generic(struct blake2b_state *state,
		const u8 *block, size_t nblocks, u32 inc)
		{
		do {
		@@ -120,17 +120,19 @@ void blake2b_compress_generic(struct blake2b_state *state,
		block += BLAKE2B_BLOCK_SIZE;
		} while (--nblocks);
		}
		EXPORT_SYMBOL(blake2b_compress_generic);

		static int crypto_blake2b_update_generic(struct shash_desc *desc,
		const u8 *in, unsigned int inlen)
		{
		return crypto_blake2b_update(desc, in, inlen, blake2b_compress_generic);
		return crypto_blake2b_update_bo(desc, in, inlen,
		blake2b_compress_generic);
		}

		static int crypto_blake2b_final_generic(struct shash_desc desc, u8 out)
		static int crypto_blake2b_finup_generic(struct shash_desc desc, const u8 in,
		unsigned int inlen, u8 *out)
		{
		return crypto_blake2b_final(desc, out, blake2b_compress_generic);
		return crypto_blake2b_finup(desc, in, inlen, out,
		blake2b_compress_generic);
		}

		#define BLAKE2B_ALG(name, driver_name, digest_size) \
		@@ -138,7 +140,9 @@ static int crypto_blake2b_final_generic(struct shash_desc desc, u8 out)
		.base.cra_name = name, \
		.base.cra_driver_name = driver_name, \
		.base.cra_priority = 100, \
		.base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY, \
		.base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY \| \
		CRYPTO_AHASH_ALG_BLOCK_ONLY \| \
		CRYPTO_AHASH_ALG_FINAL_NONZERO, \
		.base.cra_blocksize = BLAKE2B_BLOCK_SIZE, \
		.base.cra_ctxsize = sizeof(struct blake2b_tfm_ctx), \
		.base.cra_module = THIS_MODULE, \
		@@ -146,8 +150,9 @@ static int crypto_blake2b_final_generic(struct shash_desc desc, u8 out)
		.setkey = crypto_blake2b_setkey, \
		.init = crypto_blake2b_init, \
		.update = crypto_blake2b_update_generic, \
		.final = crypto_blake2b_final_generic, \
		.descsize = sizeof(struct blake2b_state), \
		.finup = crypto_blake2b_finup_generic, \
		.descsize = BLAKE2B_DESC_SIZE, \
		.statesize = BLAKE2B_STATE_SIZE, \
		}

		static struct shash_alg blake2b_algs[] = {

include/crypto/blake2b.h

+3 −11

Original line number	Diff line number	Diff line
		@@ -11,6 +11,8 @@ enum blake2b_lengths {
		BLAKE2B_BLOCK_SIZE = 128,
		BLAKE2B_HASH_SIZE = 64,
		BLAKE2B_KEY_SIZE = 64,
		BLAKE2B_STATE_SIZE = 80,
		BLAKE2B_DESC_SIZE = 96,

		BLAKE2B_160_HASH_SIZE = 20,
		BLAKE2B_256_HASH_SIZE = 32,
		@@ -25,7 +27,6 @@ struct blake2b_state {
		u64 f[2];
		u8 buf[BLAKE2B_BLOCK_SIZE];
		unsigned int buflen;
		unsigned int outlen;
		};

		enum blake2b_iv {
		@@ -40,7 +41,7 @@ enum blake2b_iv {
		};

		static inline void __blake2b_init(struct blake2b_state *state, size_t outlen,
		const void *key, size_t keylen)
		size_t keylen)
		{
		state->h[0] = BLAKE2B_IV0 ^ (0x01010000 \| keylen << 8 \| outlen);
		state->h[1] = BLAKE2B_IV1;
		@@ -52,15 +53,6 @@ static inline void __blake2b_init(struct blake2b_state *state, size_t outlen,
		state->h[7] = BLAKE2B_IV7;
		state->t[0] = 0;
		state->t[1] = 0;
		state->f[0] = 0;
		state->f[1] = 0;
		state->buflen = 0;
		state->outlen = outlen;
		if (keylen) {
		memcpy(state->buf, key, keylen);
		memset(&state->buf[keylen], 0, BLAKE2B_BLOCK_SIZE - keylen);
		state->buflen = BLAKE2B_BLOCK_SIZE;
		}
		}

		#endif /* _CRYPTO_BLAKE2B_H */

include/crypto/internal/blake2b.h

+57 −9

Original line number	Diff line number	Diff line
		@@ -7,16 +7,27 @@
		#ifndef _CRYPTO_INTERNAL_BLAKE2B_H
		#define _CRYPTO_INTERNAL_BLAKE2B_H

		#include <asm/byteorder.h>
		#include <crypto/blake2b.h>
		#include <crypto/internal/hash.h>
		#include <linux/array_size.h>
		#include <linux/compiler.h>
		#include <linux/build_bug.h>
		#include <linux/errno.h>
		#include <linux/math.h>
		#include <linux/string.h>

		void blake2b_compress_generic(struct blake2b_state *state,
		const u8 *block, size_t nblocks, u32 inc);
		#include <linux/types.h>

		static inline void blake2b_set_lastblock(struct blake2b_state *state)
		{
		state->f[0] = -1;
		state->f[1] = 0;
		}

		static inline void blake2b_set_nonlast(struct blake2b_state *state)
		{
		state->f[0] = 0;
		state->f[1] = 0;
		}

		typedef void (blake2b_compress_t)(struct blake2b_state state,
		@@ -30,6 +41,7 @@ static inline void __blake2b_update(struct blake2b_state *state,

		if (unlikely(!inlen))
		return;
		blake2b_set_nonlast(state);
		if (inlen > fill) {
		memcpy(state->buf + state->buflen, in, fill);
		(*compress)(state, state->buf, 1, BLAKE2B_BLOCK_SIZE);
		@@ -49,6 +61,7 @@ static inline void __blake2b_update(struct blake2b_state *state,
		}

		static inline void __blake2b_final(struct blake2b_state state, u8 out,
		unsigned int outlen,
		blake2b_compress_t compress)
		{
		int i;
		@@ -59,13 +72,13 @@ static inline void __blake2b_final(struct blake2b_state state, u8 out,
		(*compress)(state, state->buf, 1, state->buflen);
		for (i = 0; i < ARRAY_SIZE(state->h); i++)
		__cpu_to_le64s(&state->h[i]);
		memcpy(out, state->h, state->outlen);
		memcpy(out, state->h, outlen);
		}

		/* Helper functions for shash implementations of BLAKE2b */

		struct blake2b_tfm_ctx {
		u8 key[BLAKE2B_KEY_SIZE];
		u8 key[BLAKE2B_BLOCK_SIZE];
		unsigned int keylen;
		};

		@@ -74,10 +87,13 @@ static inline int crypto_blake2b_setkey(struct crypto_shash *tfm,
		{
		struct blake2b_tfm_ctx *tctx = crypto_shash_ctx(tfm);

		if (keylen == 0 \|\| keylen > BLAKE2B_KEY_SIZE)
		if (keylen > BLAKE2B_KEY_SIZE)
		return -EINVAL;

		BUILD_BUG_ON(BLAKE2B_KEY_SIZE > BLAKE2B_BLOCK_SIZE);

		memcpy(tctx->key, key, keylen);
		memset(tctx->key + keylen, 0, BLAKE2B_BLOCK_SIZE - keylen);
		tctx->keylen = keylen;

		return 0;
		@@ -89,8 +105,9 @@ static inline int crypto_blake2b_init(struct shash_desc *desc)
		struct blake2b_state *state = shash_desc_ctx(desc);
		unsigned int outlen = crypto_shash_digestsize(desc->tfm);

		__blake2b_init(state, outlen, tctx->key, tctx->keylen);
		return 0;
		__blake2b_init(state, outlen, tctx->keylen);
		return tctx->keylen ?
		crypto_shash_update(desc, tctx->key, BLAKE2B_BLOCK_SIZE) : 0;
		}

		static inline int crypto_blake2b_update(struct shash_desc *desc,
		@@ -103,12 +120,43 @@ static inline int crypto_blake2b_update(struct shash_desc *desc,
		return 0;
		}

		static inline int crypto_blake2b_update_bo(struct shash_desc *desc,
		const u8 *in, unsigned int inlen,
		blake2b_compress_t compress)
		{
		struct blake2b_state *state = shash_desc_ctx(desc);

		blake2b_set_nonlast(state);
		compress(state, in, inlen / BLAKE2B_BLOCK_SIZE, BLAKE2B_BLOCK_SIZE);
		return inlen - round_down(inlen, BLAKE2B_BLOCK_SIZE);
		}

		static inline int crypto_blake2b_final(struct shash_desc desc, u8 out,
		blake2b_compress_t compress)
		{
		unsigned int outlen = crypto_shash_digestsize(desc->tfm);
		struct blake2b_state *state = shash_desc_ctx(desc);

		__blake2b_final(state, out, compress);
		__blake2b_final(state, out, outlen, compress);
		return 0;
		}

		static inline int crypto_blake2b_finup(struct shash_desc desc, const u8 in,
		unsigned int inlen, u8 *out,
		blake2b_compress_t compress)
		{
		struct blake2b_state *state = shash_desc_ctx(desc);
		u8 buf[BLAKE2B_BLOCK_SIZE];
		int i;

		memcpy(buf, in, inlen);
		memset(buf + inlen, 0, BLAKE2B_BLOCK_SIZE - inlen);
		blake2b_set_lastblock(state);
		compress(state, buf, 1, inlen);
		for (i = 0; i < ARRAY_SIZE(state->h); i++)
		__cpu_to_le64s(&state->h[i]);
		memcpy(out, state->h, crypto_shash_digestsize(desc->tfm));
		memzero_explicit(buf, sizeof(buf));
		return 0;
		}