0001
0002
0003
0004
0005
0006
0007
0008
0009
0010
0011
0012
0013
0014
0015
0016
0017
0018 #include <asm/unaligned.h>
0019 #include <linux/module.h>
0020 #include <linux/kernel.h>
0021 #include <linux/bitops.h>
0022 #include <crypto/internal/blake2b.h>
0023 #include <crypto/internal/hash.h>
0024
0025 static const u8 blake2b_sigma[12][16] = {
0026 { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 },
0027 { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 },
0028 { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 },
0029 { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 },
0030 { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 },
0031 { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 },
0032 { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 },
0033 { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 },
0034 { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 },
0035 { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0 },
0036 { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 },
0037 { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 }
0038 };
0039
0040 static void blake2b_increment_counter(struct blake2b_state *S, const u64 inc)
0041 {
0042 S->t[0] += inc;
0043 S->t[1] += (S->t[0] < inc);
0044 }
0045
0046 #define G(r,i,a,b,c,d) \
0047 do { \
0048 a = a + b + m[blake2b_sigma[r][2*i+0]]; \
0049 d = ror64(d ^ a, 32); \
0050 c = c + d; \
0051 b = ror64(b ^ c, 24); \
0052 a = a + b + m[blake2b_sigma[r][2*i+1]]; \
0053 d = ror64(d ^ a, 16); \
0054 c = c + d; \
0055 b = ror64(b ^ c, 63); \
0056 } while (0)
0057
0058 #define ROUND(r) \
0059 do { \
0060 G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \
0061 G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \
0062 G(r,2,v[ 2],v[ 6],v[10],v[14]); \
0063 G(r,3,v[ 3],v[ 7],v[11],v[15]); \
0064 G(r,4,v[ 0],v[ 5],v[10],v[15]); \
0065 G(r,5,v[ 1],v[ 6],v[11],v[12]); \
0066 G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
0067 G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \
0068 } while (0)
0069
0070 static void blake2b_compress_one_generic(struct blake2b_state *S,
0071 const u8 block[BLAKE2B_BLOCK_SIZE])
0072 {
0073 u64 m[16];
0074 u64 v[16];
0075 size_t i;
0076
0077 for (i = 0; i < 16; ++i)
0078 m[i] = get_unaligned_le64(block + i * sizeof(m[i]));
0079
0080 for (i = 0; i < 8; ++i)
0081 v[i] = S->h[i];
0082
0083 v[ 8] = BLAKE2B_IV0;
0084 v[ 9] = BLAKE2B_IV1;
0085 v[10] = BLAKE2B_IV2;
0086 v[11] = BLAKE2B_IV3;
0087 v[12] = BLAKE2B_IV4 ^ S->t[0];
0088 v[13] = BLAKE2B_IV5 ^ S->t[1];
0089 v[14] = BLAKE2B_IV6 ^ S->f[0];
0090 v[15] = BLAKE2B_IV7 ^ S->f[1];
0091
0092 ROUND(0);
0093 ROUND(1);
0094 ROUND(2);
0095 ROUND(3);
0096 ROUND(4);
0097 ROUND(5);
0098 ROUND(6);
0099 ROUND(7);
0100 ROUND(8);
0101 ROUND(9);
0102 ROUND(10);
0103 ROUND(11);
0104 #ifdef CONFIG_CC_IS_CLANG
0105 #pragma nounroll
0106 #endif
0107 for (i = 0; i < 8; ++i)
0108 S->h[i] = S->h[i] ^ v[i] ^ v[i + 8];
0109 }
0110
0111 #undef G
0112 #undef ROUND
0113
0114 void blake2b_compress_generic(struct blake2b_state *state,
0115 const u8 *block, size_t nblocks, u32 inc)
0116 {
0117 do {
0118 blake2b_increment_counter(state, inc);
0119 blake2b_compress_one_generic(state, block);
0120 block += BLAKE2B_BLOCK_SIZE;
0121 } while (--nblocks);
0122 }
0123 EXPORT_SYMBOL(blake2b_compress_generic);
0124
0125 static int crypto_blake2b_update_generic(struct shash_desc *desc,
0126 const u8 *in, unsigned int inlen)
0127 {
0128 return crypto_blake2b_update(desc, in, inlen, blake2b_compress_generic);
0129 }
0130
0131 static int crypto_blake2b_final_generic(struct shash_desc *desc, u8 *out)
0132 {
0133 return crypto_blake2b_final(desc, out, blake2b_compress_generic);
0134 }
0135
0136 #define BLAKE2B_ALG(name, driver_name, digest_size) \
0137 { \
0138 .base.cra_name = name, \
0139 .base.cra_driver_name = driver_name, \
0140 .base.cra_priority = 100, \
0141 .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY, \
0142 .base.cra_blocksize = BLAKE2B_BLOCK_SIZE, \
0143 .base.cra_ctxsize = sizeof(struct blake2b_tfm_ctx), \
0144 .base.cra_module = THIS_MODULE, \
0145 .digestsize = digest_size, \
0146 .setkey = crypto_blake2b_setkey, \
0147 .init = crypto_blake2b_init, \
0148 .update = crypto_blake2b_update_generic, \
0149 .final = crypto_blake2b_final_generic, \
0150 .descsize = sizeof(struct blake2b_state), \
0151 }
0152
0153 static struct shash_alg blake2b_algs[] = {
0154 BLAKE2B_ALG("blake2b-160", "blake2b-160-generic",
0155 BLAKE2B_160_HASH_SIZE),
0156 BLAKE2B_ALG("blake2b-256", "blake2b-256-generic",
0157 BLAKE2B_256_HASH_SIZE),
0158 BLAKE2B_ALG("blake2b-384", "blake2b-384-generic",
0159 BLAKE2B_384_HASH_SIZE),
0160 BLAKE2B_ALG("blake2b-512", "blake2b-512-generic",
0161 BLAKE2B_512_HASH_SIZE),
0162 };
0163
0164 static int __init blake2b_mod_init(void)
0165 {
0166 return crypto_register_shashes(blake2b_algs, ARRAY_SIZE(blake2b_algs));
0167 }
0168
0169 static void __exit blake2b_mod_fini(void)
0170 {
0171 crypto_unregister_shashes(blake2b_algs, ARRAY_SIZE(blake2b_algs));
0172 }
0173
0174 subsys_initcall(blake2b_mod_init);
0175 module_exit(blake2b_mod_fini);
0176
0177 MODULE_AUTHOR("David Sterba <kdave@kernel.org>");
0178 MODULE_DESCRIPTION("BLAKE2b generic implementation");
0179 MODULE_LICENSE("GPL");
0180 MODULE_ALIAS_CRYPTO("blake2b-160");
0181 MODULE_ALIAS_CRYPTO("blake2b-160-generic");
0182 MODULE_ALIAS_CRYPTO("blake2b-256");
0183 MODULE_ALIAS_CRYPTO("blake2b-256-generic");
0184 MODULE_ALIAS_CRYPTO("blake2b-384");
0185 MODULE_ALIAS_CRYPTO("blake2b-384-generic");
0186 MODULE_ALIAS_CRYPTO("blake2b-512");
0187 MODULE_ALIAS_CRYPTO("blake2b-512-generic");
