Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
Kitware
GitHub Repository: Kitware/CMake
 Path: blob/master/Utilities/cmlibarchive/libarchive/archive_blake2s_ref.c
3153 views
1
/*

2
   BLAKE2 reference source code package - reference C implementations

3


4
   Copyright 2012, Samuel Neves <[email protected]>.  You may use this under the

5
   terms of the CC0, the OpenSSL Licence, or the Apache Public License 2.0, at

6
   your option.  The terms of these licenses can be found at:

7


8
   - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0

9
   - OpenSSL license   : https://www.openssl.org/source/license.html

10
   - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0

11


12
   More information about the BLAKE2 hash function can be found at

13
   https://blake2.net.

14
*/

15


16
#include "archive_platform.h"

17


18
#include <stdint.h>

19
#include <string.h>

20
#include <stdio.h>

21


22
#include "archive_blake2.h"

23
#include "archive_blake2_impl.h"

24


25
static const uint32_t blake2s_IV[8] =

26
{

27
  0x6A09E667UL, 0xBB67AE85UL, 0x3C6EF372UL, 0xA54FF53AUL,

28
  0x510E527FUL, 0x9B05688CUL, 0x1F83D9ABUL, 0x5BE0CD19UL

29
};

30


31
static const uint8_t blake2s_sigma[10][16] =

32
{

33
  {  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15 } ,

34
  { 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 } ,

35
  { 11,  8, 12,  0,  5,  2, 15, 13, 10, 14,  3,  6,  7,  1,  9,  4 } ,

36
  {  7,  9,  3,  1, 13, 12, 11, 14,  2,  6,  5, 10,  4,  0, 15,  8 } ,

37
  {  9,  0,  5,  7,  2,  4, 10, 15, 14,  1, 11, 12,  6,  8,  3, 13 } ,

38
  {  2, 12,  6, 10,  0, 11,  8,  3,  4, 13,  7,  5, 15, 14,  1,  9 } ,

39
  { 12,  5,  1, 15, 14, 13,  4, 10,  0,  7,  6,  3,  9,  2,  8, 11 } ,

40
  { 13, 11,  7, 14, 12,  1,  3,  9,  5,  0, 15,  4,  8,  6,  2, 10 } ,

41
  {  6, 15, 14,  9, 11,  3,  0,  8, 12,  2, 13,  7,  1,  4, 10,  5 } ,

42
  { 10,  2,  8,  4,  7,  6,  1,  5, 15, 11,  9, 14,  3, 12, 13 , 0 } ,

43
};

44


45
static void blake2s_set_lastnode( blake2s_state *S )

46
{

47
  S->f[1] = (uint32_t)-1;

48
}

49


50
/* Some helper functions, not necessarily useful */

51
static int blake2s_is_lastblock( const blake2s_state *S )

52
{

53
  return S->f[0] != 0;

54
}

55


56
static void blake2s_set_lastblock( blake2s_state *S )

57
{

58
  if( S->last_node ) blake2s_set_lastnode( S );

59


60
  S->f[0] = (uint32_t)-1;

61
}

62


63
static void blake2s_increment_counter( blake2s_state *S, const uint32_t inc )

64
{

65
  S->t[0] += inc;

66
  S->t[1] += ( S->t[0] < inc );

67
}

68


69
static void blake2s_init0( blake2s_state *S )

70
{

71
  size_t i;

72
  memset( S, 0, sizeof( blake2s_state ) );

73


74
  for( i = 0; i < 8; ++i ) S->h[i] = blake2s_IV[i];

75
}

76


77
/* init2 xors IV with input parameter block */

78
int blake2s_init_param( blake2s_state *S, const blake2s_param *P )

79
{

80
  const unsigned char *p = ( const unsigned char * )( P );

81
  size_t i;

82


83
  blake2s_init0( S );

84


85
  /* IV XOR ParamBlock */

86
  for( i = 0; i < 8; ++i )

87
    S->h[i] ^= load32( &p[i * 4] );

88


89
  S->outlen = P->digest_length;

90
  return 0;

91
}

92


93


94
/* Sequential blake2s initialization */

95
int blake2s_init( blake2s_state *S, size_t outlen )

96
{

97
  blake2s_param P[1];

98


99
  /* Move interval verification here? */

100
  if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return -1;

101


102
  P->digest_length = (uint8_t)outlen;

103
  P->key_length    = 0;

104
  P->fanout        = 1;

105
  P->depth         = 1;

106
  store32( &P->leaf_length, 0 );

107
  store32( &P->node_offset, 0 );

108
  store16( &P->xof_length, 0 );

109
  P->node_depth    = 0;

110
  P->inner_length  = 0;

111
  /* memset(P->reserved, 0, sizeof(P->reserved) ); */

112
  memset( P->salt,     0, sizeof( P->salt ) );

113
  memset( P->personal, 0, sizeof( P->personal ) );

114
  return blake2s_init_param( S, P );

115
}

116


117
int blake2s_init_key( blake2s_state *S, size_t outlen, const void *key, size_t keylen )

118
{

119
  blake2s_param P[1];

120


121
  if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return -1;

122


123
  if ( !key || !keylen || keylen > BLAKE2S_KEYBYTES ) return -1;

124


125
  P->digest_length = (uint8_t)outlen;

126
  P->key_length    = (uint8_t)keylen;

127
  P->fanout        = 1;

128
  P->depth         = 1;

129
  store32( &P->leaf_length, 0 );

130
  store32( &P->node_offset, 0 );

131
  store16( &P->xof_length, 0 );

132
  P->node_depth    = 0;

133
  P->inner_length  = 0;

134
  /* memset(P->reserved, 0, sizeof(P->reserved) ); */

135
  memset( P->salt,     0, sizeof( P->salt ) );

136
  memset( P->personal, 0, sizeof( P->personal ) );

137


138
  if( blake2s_init_param( S, P ) < 0 ) return -1;

139


140
  {

141
    uint8_t block[BLAKE2S_BLOCKBYTES];

142
    memset( block, 0, BLAKE2S_BLOCKBYTES );

143
    memcpy( block, key, keylen );

144
    blake2s_update( S, block, BLAKE2S_BLOCKBYTES );

145
    secure_zero_memory( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from stack */

146
  }

147
  return 0;

148
}

149


150
#define G(r,i,a,b,c,d)                      \

151
  do {                                      \

152
    a = a + b + m[blake2s_sigma[r][2*i+0]]; \

153
    d = rotr32(d ^ a, 16);                  \

154
    c = c + d;                              \

155
    b = rotr32(b ^ c, 12);                  \

156
    a = a + b + m[blake2s_sigma[r][2*i+1]]; \

157
    d = rotr32(d ^ a, 8);                   \

158
    c = c + d;                              \

159
    b = rotr32(b ^ c, 7);                   \

160
  } while(0)

161


162
#define ROUND(r)                    \

163
  do {                              \

164
    G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \

165
    G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \

166
    G(r,2,v[ 2],v[ 6],v[10],v[14]); \

167
    G(r,3,v[ 3],v[ 7],v[11],v[15]); \

168
    G(r,4,v[ 0],v[ 5],v[10],v[15]); \

169
    G(r,5,v[ 1],v[ 6],v[11],v[12]); \

170
    G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \

171
    G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \

172
  } while(0)

173


174
static void blake2s_compress( blake2s_state *S, const uint8_t in[BLAKE2S_BLOCKBYTES] )

175
{

176
  uint32_t m[16];

177
  uint32_t v[16];

178
  size_t i;

179


180
  for( i = 0; i < 16; ++i ) {

181
    m[i] = load32( in + i * sizeof( m[i] ) );

182
  }

183


184
  for( i = 0; i < 8; ++i ) {

185
    v[i] = S->h[i];

186
  }

187


188
  v[ 8] = blake2s_IV[0];

189
  v[ 9] = blake2s_IV[1];

190
  v[10] = blake2s_IV[2];

191
  v[11] = blake2s_IV[3];

192
  v[12] = S->t[0] ^ blake2s_IV[4];

193
  v[13] = S->t[1] ^ blake2s_IV[5];

194
  v[14] = S->f[0] ^ blake2s_IV[6];

195
  v[15] = S->f[1] ^ blake2s_IV[7];

196


197
  ROUND( 0 );

198
  ROUND( 1 );

199
  ROUND( 2 );

200
  ROUND( 3 );

201
  ROUND( 4 );

202
  ROUND( 5 );

203
  ROUND( 6 );

204
  ROUND( 7 );

205
  ROUND( 8 );

206
  ROUND( 9 );

207


208
  for( i = 0; i < 8; ++i ) {

209
    S->h[i] = S->h[i] ^ v[i] ^ v[i + 8];

210
  }

211
}

212


213
#undef G

214
#undef ROUND

215


216
int blake2s_update( blake2s_state *S, const void *pin, size_t inlen )

217
{

218
  const unsigned char * in = (const unsigned char *)pin;

219
  if( inlen > 0 )

220
  {

221
    size_t left = S->buflen;

222
    size_t fill = BLAKE2S_BLOCKBYTES - left;

223
    if( inlen > fill )

224
    {

225
      S->buflen = 0;

226
      memcpy( S->buf + left, in, fill ); /* Fill buffer */

227
      blake2s_increment_counter( S, BLAKE2S_BLOCKBYTES );

228
      blake2s_compress( S, S->buf ); /* Compress */

229
      in += fill; inlen -= fill;

230
      while(inlen > BLAKE2S_BLOCKBYTES) {

231
        blake2s_increment_counter(S, BLAKE2S_BLOCKBYTES);

232
        blake2s_compress( S, in );

233
        in += BLAKE2S_BLOCKBYTES;

234
        inlen -= BLAKE2S_BLOCKBYTES;

235
      }

236
    }

237
    memcpy( S->buf + S->buflen, in, inlen );

238
    S->buflen += inlen;

239
  }

240
  return 0;

241
}

242


243
int blake2s_final( blake2s_state *S, void *out, size_t outlen )

244
{

245
  uint8_t buffer[BLAKE2S_OUTBYTES] = {0};

246
  size_t i;

247


248
  if( out == NULL || outlen < S->outlen )

249
    return -1;

250


251
  if( blake2s_is_lastblock( S ) )

252
    return -1;

253


254
  blake2s_increment_counter( S, ( uint32_t )S->buflen );

255
  blake2s_set_lastblock( S );

256
  memset( S->buf + S->buflen, 0, BLAKE2S_BLOCKBYTES - S->buflen ); /* Padding */

257
  blake2s_compress( S, S->buf );

258


259
  for( i = 0; i < 8; ++i ) /* Output full hash to temp buffer */

260
    store32( buffer + sizeof( S->h[i] ) * i, S->h[i] );

261


262
  memcpy( out, buffer, outlen );

263
  secure_zero_memory(buffer, sizeof(buffer));

264
  return 0;

265
}

266


267
int blake2s( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen )

268
{

269
  blake2s_state S[1];

270


271
  /* Verify parameters */

272
  if ( NULL == in && inlen > 0 ) return -1;

273


274
  if ( NULL == out ) return -1;

275


276
  if ( NULL == key && keylen > 0) return -1;

277


278
  if( !outlen || outlen > BLAKE2S_OUTBYTES ) return -1;

279


280
  if( keylen > BLAKE2S_KEYBYTES ) return -1;

281


282
  if( keylen > 0 )

283
  {

284
    if( blake2s_init_key( S, outlen, key, keylen ) < 0 ) return -1;

285
  }

286
  else

287
  {

288
    if( blake2s_init( S, outlen ) < 0 ) return -1;

289
  }

290


291
  blake2s_update( S, ( const uint8_t * )in, inlen );

292
  blake2s_final( S, out, outlen );

293
  return 0;

294
}

295


296
#if defined(SUPERCOP)

297
int crypto_hash( unsigned char *out, unsigned char *in, unsigned long long inlen )

298
{

299
  return blake2s( out, BLAKE2S_OUTBYTES, in, inlen, NULL, 0 );

300
}

301
#endif

302


303
#if defined(BLAKE2S_SELFTEST)

304
#include <string.h>

305
#include "blake2-kat.h"

306
int main( void )

307
{

308
  uint8_t key[BLAKE2S_KEYBYTES];

309
  uint8_t buf[BLAKE2_KAT_LENGTH];

310
  size_t i, step;

311


312
  for( i = 0; i < BLAKE2S_KEYBYTES; ++i )

313
    key[i] = ( uint8_t )i;

314


315
  for( i = 0; i < BLAKE2_KAT_LENGTH; ++i )

316
    buf[i] = ( uint8_t )i;

317


318
  /* Test simple API */

319
  for( i = 0; i < BLAKE2_KAT_LENGTH; ++i )

320
  {

321
    uint8_t hash[BLAKE2S_OUTBYTES];

322
    blake2s( hash, BLAKE2S_OUTBYTES, buf, i, key, BLAKE2S_KEYBYTES );

323


324
    if( 0 != memcmp( hash, blake2s_keyed_kat[i], BLAKE2S_OUTBYTES ) )

325
    {

326
      goto fail;

327
    }

328
  }

329


330
  /* Test streaming API */

331
  for(step = 1; step < BLAKE2S_BLOCKBYTES; ++step) {

332
    for (i = 0; i < BLAKE2_KAT_LENGTH; ++i) {

333
      uint8_t hash[BLAKE2S_OUTBYTES];

334
      blake2s_state S;

335
      uint8_t * p = buf;

336
      size_t mlen = i;

337
      int err = 0;

338


339
      if( (err = blake2s_init_key(&S, BLAKE2S_OUTBYTES, key, BLAKE2S_KEYBYTES)) < 0 ) {

340
        goto fail;

341
      }

342


343
      while (mlen >= step) {

344
        if ( (err = blake2s_update(&S, p, step)) < 0 ) {

345
          goto fail;

346
        }

347
        mlen -= step;

348
        p += step;

349
      }

350
      if ( (err = blake2s_update(&S, p, mlen)) < 0) {

351
        goto fail;

352
      }

353
      if ( (err = blake2s_final(&S, hash, BLAKE2S_OUTBYTES)) < 0) {

354
        goto fail;

355
      }

356


357
      if (0 != memcmp(hash, blake2s_keyed_kat[i], BLAKE2S_OUTBYTES)) {

358
        goto fail;

359
      }

360
    }

361
  }

362


363
  puts( "ok" );

364
  return 0;

365
fail:

366
  puts("error");

367
  return -1;

368
}

369
#endif

370


371