1 | /* SPDX-License-Identifier: GPL-2.0 OR MIT */ |
2 | /* |
3 | * Helper functions for BLAKE2b implementations. |
4 | * Keep this in sync with the corresponding BLAKE2s header. |
5 | */ |
6 | |
7 | #ifndef _CRYPTO_INTERNAL_BLAKE2B_H |
8 | #define _CRYPTO_INTERNAL_BLAKE2B_H |
9 | |
10 | #include <crypto/blake2b.h> |
11 | #include <crypto/internal/hash.h> |
12 | #include <linux/string.h> |
13 | |
14 | void blake2b_compress_generic(struct blake2b_state *state, |
15 | const u8 *block, size_t nblocks, u32 inc); |
16 | |
17 | static inline void blake2b_set_lastblock(struct blake2b_state *state) |
18 | { |
19 | state->f[0] = -1; |
20 | } |
21 | |
22 | typedef void (*blake2b_compress_t)(struct blake2b_state *state, |
23 | const u8 *block, size_t nblocks, u32 inc); |
24 | |
25 | static inline void __blake2b_update(struct blake2b_state *state, |
26 | const u8 *in, size_t inlen, |
27 | blake2b_compress_t compress) |
28 | { |
29 | const size_t fill = BLAKE2B_BLOCK_SIZE - state->buflen; |
30 | |
31 | if (unlikely(!inlen)) |
32 | return; |
33 | if (inlen > fill) { |
34 | memcpy(state->buf + state->buflen, in, fill); |
35 | (*compress)(state, state->buf, 1, BLAKE2B_BLOCK_SIZE); |
36 | state->buflen = 0; |
37 | in += fill; |
38 | inlen -= fill; |
39 | } |
40 | if (inlen > BLAKE2B_BLOCK_SIZE) { |
41 | const size_t nblocks = DIV_ROUND_UP(inlen, BLAKE2B_BLOCK_SIZE); |
42 | /* Hash one less (full) block than strictly possible */ |
43 | (*compress)(state, in, nblocks - 1, BLAKE2B_BLOCK_SIZE); |
44 | in += BLAKE2B_BLOCK_SIZE * (nblocks - 1); |
45 | inlen -= BLAKE2B_BLOCK_SIZE * (nblocks - 1); |
46 | } |
47 | memcpy(state->buf + state->buflen, in, inlen); |
48 | state->buflen += inlen; |
49 | } |
50 | |
51 | static inline void __blake2b_final(struct blake2b_state *state, u8 *out, |
52 | blake2b_compress_t compress) |
53 | { |
54 | int i; |
55 | |
56 | blake2b_set_lastblock(state); |
57 | memset(state->buf + state->buflen, 0, |
58 | BLAKE2B_BLOCK_SIZE - state->buflen); /* Padding */ |
59 | (*compress)(state, state->buf, 1, state->buflen); |
60 | for (i = 0; i < ARRAY_SIZE(state->h); i++) |
61 | __cpu_to_le64s(&state->h[i]); |
62 | memcpy(out, state->h, state->outlen); |
63 | } |
64 | |
65 | /* Helper functions for shash implementations of BLAKE2b */ |
66 | |
67 | struct blake2b_tfm_ctx { |
68 | u8 key[BLAKE2B_KEY_SIZE]; |
69 | unsigned int keylen; |
70 | }; |
71 | |
72 | static inline int crypto_blake2b_setkey(struct crypto_shash *tfm, |
73 | const u8 *key, unsigned int keylen) |
74 | { |
75 | struct blake2b_tfm_ctx *tctx = crypto_shash_ctx(tfm); |
76 | |
77 | if (keylen == 0 || keylen > BLAKE2B_KEY_SIZE) |
78 | return -EINVAL; |
79 | |
80 | memcpy(tctx->key, key, keylen); |
81 | tctx->keylen = keylen; |
82 | |
83 | return 0; |
84 | } |
85 | |
86 | static inline int crypto_blake2b_init(struct shash_desc *desc) |
87 | { |
88 | const struct blake2b_tfm_ctx *tctx = crypto_shash_ctx(tfm: desc->tfm); |
89 | struct blake2b_state *state = shash_desc_ctx(desc); |
90 | unsigned int outlen = crypto_shash_digestsize(tfm: desc->tfm); |
91 | |
92 | __blake2b_init(state, outlen, key: tctx->key, keylen: tctx->keylen); |
93 | return 0; |
94 | } |
95 | |
96 | static inline int crypto_blake2b_update(struct shash_desc *desc, |
97 | const u8 *in, unsigned int inlen, |
98 | blake2b_compress_t compress) |
99 | { |
100 | struct blake2b_state *state = shash_desc_ctx(desc); |
101 | |
102 | __blake2b_update(state, in, inlen, compress); |
103 | return 0; |
104 | } |
105 | |
106 | static inline int crypto_blake2b_final(struct shash_desc *desc, u8 *out, |
107 | blake2b_compress_t compress) |
108 | { |
109 | struct blake2b_state *state = shash_desc_ctx(desc); |
110 | |
111 | __blake2b_final(state, out, compress); |
112 | return 0; |
113 | } |
114 | |
115 | #endif /* _CRYPTO_INTERNAL_BLAKE2B_H */ |
116 | |