crypto: blake2b-generic - Use API partial block handling

+18 -13

crypto/blake2b_generic.c

··· 15 15 * More information about BLAKE2 can be found at https://blake2.net. 16 16 */ 17 17 18 - #include <linux/unaligned.h> 19 - #include <linux/module.h> 20 - #include <linux/kernel.h> 21 - #include <linux/bitops.h> 22 18 #include <crypto/internal/blake2b.h> 23 19 #include <crypto/internal/hash.h> 20 + #include <linux/kernel.h> 21 + #include <linux/module.h> 22 + #include <linux/string.h> 23 + #include <linux/unaligned.h> 24 24 25 25 static const u8 blake2b_sigma[12][16] = { 26 26 { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }, ··· 111 111 #undef G 112 112 #undef ROUND 113 113 114 - void blake2b_compress_generic(struct blake2b_state *state, 115 - const u8 *block, size_t nblocks, u32 inc) 114 + static void blake2b_compress_generic(struct blake2b_state *state, 115 + const u8 *block, size_t nblocks, u32 inc) 116 116 { 117 117 do { 118 118 blake2b_increment_counter(state, inc); ··· 120 120 block += BLAKE2B_BLOCK_SIZE; 121 121 } while (--nblocks); 122 122 } 123 - EXPORT_SYMBOL(blake2b_compress_generic); 124 123 125 124 static int crypto_blake2b_update_generic(struct shash_desc *desc, 126 125 const u8 *in, unsigned int inlen) 127 126 { 128 - return crypto_blake2b_update(desc, in, inlen, blake2b_compress_generic); 127 + return crypto_blake2b_update_bo(desc, in, inlen, 128 + blake2b_compress_generic); 129 129 } 130 130 131 - static int crypto_blake2b_final_generic(struct shash_desc *desc, u8 *out) 131 + static int crypto_blake2b_finup_generic(struct shash_desc *desc, const u8 *in, 132 + unsigned int inlen, u8 *out) 132 133 { 133 - return crypto_blake2b_final(desc, out, blake2b_compress_generic); 134 + return crypto_blake2b_finup(desc, in, inlen, out, 135 + blake2b_compress_generic); 134 136 } 135 137 136 138 #define BLAKE2B_ALG(name, driver_name, digest_size) \ ··· 140 138 .base.cra_name = name, \ 141 139 .base.cra_driver_name = driver_name, \ 142 140 .base.cra_priority = 100, \ 143 - .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY, \ 141 + .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY | \ 142 + CRYPTO_AHASH_ALG_BLOCK_ONLY | \ 143 + CRYPTO_AHASH_ALG_FINAL_NONZERO, \ 144 144 .base.cra_blocksize = BLAKE2B_BLOCK_SIZE, \ 145 145 .base.cra_ctxsize = sizeof(struct blake2b_tfm_ctx), \ 146 146 .base.cra_module = THIS_MODULE, \ ··· 150 146 .setkey = crypto_blake2b_setkey, \ 151 147 .init = crypto_blake2b_init, \ 152 148 .update = crypto_blake2b_update_generic, \ 153 - .final = crypto_blake2b_final_generic, \ 154 - .descsize = sizeof(struct blake2b_state), \ 149 + .finup = crypto_blake2b_finup_generic, \ 150 + .descsize = BLAKE2B_DESC_SIZE, \ 151 + .statesize = BLAKE2B_STATE_SIZE, \ 155 152 } 156 153 157 154 static struct shash_alg blake2b_algs[] = {

+3 -11

include/crypto/blake2b.h

··· 11 11 BLAKE2B_BLOCK_SIZE = 128, 12 12 BLAKE2B_HASH_SIZE = 64, 13 13 BLAKE2B_KEY_SIZE = 64, 14 + BLAKE2B_STATE_SIZE = 80, 15 + BLAKE2B_DESC_SIZE = 96, 14 16 15 17 BLAKE2B_160_HASH_SIZE = 20, 16 18 BLAKE2B_256_HASH_SIZE = 32, ··· 27 25 u64 f[2]; 28 26 u8 buf[BLAKE2B_BLOCK_SIZE]; 29 27 unsigned int buflen; 30 - unsigned int outlen; 31 28 }; 32 29 33 30 enum blake2b_iv { ··· 41 40 }; 42 41 43 42 static inline void __blake2b_init(struct blake2b_state *state, size_t outlen, 44 - const void *key, size_t keylen) 43 + size_t keylen) 45 44 { 46 45 state->h[0] = BLAKE2B_IV0 ^ (0x01010000 | keylen << 8 | outlen); 47 46 state->h[1] = BLAKE2B_IV1; ··· 53 52 state->h[7] = BLAKE2B_IV7; 54 53 state->t[0] = 0; 55 54 state->t[1] = 0; 56 - state->f[0] = 0; 57 - state->f[1] = 0; 58 - state->buflen = 0; 59 - state->outlen = outlen; 60 - if (keylen) { 61 - memcpy(state->buf, key, keylen); 62 - memset(&state->buf[keylen], 0, BLAKE2B_BLOCK_SIZE - keylen); 63 - state->buflen = BLAKE2B_BLOCK_SIZE; 64 - } 65 55 } 66 56 67 57 #endif /* _CRYPTO_BLAKE2B_H */

+59 -11

include/crypto/internal/blake2b.h

··· 7 7 #ifndef _CRYPTO_INTERNAL_BLAKE2B_H 8 8 #define _CRYPTO_INTERNAL_BLAKE2B_H 9 9 10 + #include <asm/byteorder.h> 10 11 #include <crypto/blake2b.h> 11 12 #include <crypto/internal/hash.h> 13 + #include <linux/array_size.h> 14 + #include <linux/compiler.h> 15 + #include <linux/build_bug.h> 16 + #include <linux/errno.h> 17 + #include <linux/math.h> 12 18 #include <linux/string.h> 13 - 14 - void blake2b_compress_generic(struct blake2b_state *state, 15 - const u8 *block, size_t nblocks, u32 inc); 19 + #include <linux/types.h> 16 20 17 21 static inline void blake2b_set_lastblock(struct blake2b_state *state) 18 22 { 19 23 state->f[0] = -1; 24 + state->f[1] = 0; 25 + } 26 + 27 + static inline void blake2b_set_nonlast(struct blake2b_state *state) 28 + { 29 + state->f[0] = 0; 30 + state->f[1] = 0; 20 31 } 21 32 22 33 typedef void (*blake2b_compress_t)(struct blake2b_state *state, ··· 41 30 42 31 if (unlikely(!inlen)) 43 32 return; 33 + blake2b_set_nonlast(state); 44 34 if (inlen > fill) { 45 35 memcpy(state->buf + state->buflen, in, fill); 46 36 (*compress)(state, state->buf, 1, BLAKE2B_BLOCK_SIZE); ··· 61 49 } 62 50 63 51 static inline void __blake2b_final(struct blake2b_state *state, u8 *out, 52 + unsigned int outlen, 64 53 blake2b_compress_t compress) 65 54 { 66 55 int i; ··· 72 59 (*compress)(state, state->buf, 1, state->buflen); 73 60 for (i = 0; i < ARRAY_SIZE(state->h); i++) 74 61 __cpu_to_le64s(&state->h[i]); 75 - memcpy(out, state->h, state->outlen); 62 + memcpy(out, state->h, outlen); 76 63 } 77 64 78 65 /* Helper functions for shash implementations of BLAKE2b */ 79 66 80 67 struct blake2b_tfm_ctx { 81 - u8 key[BLAKE2B_KEY_SIZE]; 68 + u8 key[BLAKE2B_BLOCK_SIZE]; 82 69 unsigned int keylen; 83 70 }; 84 71 ··· 87 74 { 88 75 struct blake2b_tfm_ctx *tctx = crypto_shash_ctx(tfm); 89 76 90 - if (keylen == 0 || keylen > BLAKE2B_KEY_SIZE) 77 + if (keylen > BLAKE2B_KEY_SIZE) 91 78 return -EINVAL; 92 79 80 + BUILD_BUG_ON(BLAKE2B_KEY_SIZE > BLAKE2B_BLOCK_SIZE); 81 + 93 82 memcpy(tctx->key, key, keylen); 83 + memset(tctx->key + keylen, 0, BLAKE2B_BLOCK_SIZE - keylen); 94 84 tctx->keylen = keylen; 95 85 96 86 return 0; ··· 105 89 struct blake2b_state *state = shash_desc_ctx(desc); 106 90 unsigned int outlen = crypto_shash_digestsize(desc->tfm); 107 91 108 - __blake2b_init(state, outlen, tctx->key, tctx->keylen); 109 - return 0; 92 + __blake2b_init(state, outlen, tctx->keylen); 93 + return tctx->keylen ? 94 + crypto_shash_update(desc, tctx->key, BLAKE2B_BLOCK_SIZE) : 0; 110 95 } 111 96 112 97 static inline int crypto_blake2b_update(struct shash_desc *desc, ··· 120 103 return 0; 121 104 } 122 105 123 - static inline int crypto_blake2b_final(struct shash_desc *desc, u8 *out, 124 - blake2b_compress_t compress) 106 + static inline int crypto_blake2b_update_bo(struct shash_desc *desc, 107 + const u8 *in, unsigned int inlen, 108 + blake2b_compress_t compress) 125 109 { 126 110 struct blake2b_state *state = shash_desc_ctx(desc); 127 111 128 - __blake2b_final(state, out, compress); 112 + blake2b_set_nonlast(state); 113 + compress(state, in, inlen / BLAKE2B_BLOCK_SIZE, BLAKE2B_BLOCK_SIZE); 114 + return inlen - round_down(inlen, BLAKE2B_BLOCK_SIZE); 115 + } 116 + 117 + static inline int crypto_blake2b_final(struct shash_desc *desc, u8 *out, 118 + blake2b_compress_t compress) 119 + { 120 + unsigned int outlen = crypto_shash_digestsize(desc->tfm); 121 + struct blake2b_state *state = shash_desc_ctx(desc); 122 + 123 + __blake2b_final(state, out, outlen, compress); 124 + return 0; 125 + } 126 + 127 + static inline int crypto_blake2b_finup(struct shash_desc *desc, const u8 *in, 128 + unsigned int inlen, u8 *out, 129 + blake2b_compress_t compress) 130 + { 131 + struct blake2b_state *state = shash_desc_ctx(desc); 132 + u8 buf[BLAKE2B_BLOCK_SIZE]; 133 + int i; 134 + 135 + memcpy(buf, in, inlen); 136 + memset(buf + inlen, 0, BLAKE2B_BLOCK_SIZE - inlen); 137 + blake2b_set_lastblock(state); 138 + compress(state, buf, 1, inlen); 139 + for (i = 0; i < ARRAY_SIZE(state->h); i++) 140 + __cpu_to_le64s(&state->h[i]); 141 + memcpy(out, state->h, crypto_shash_digestsize(desc->tfm)); 142 + memzero_explicit(buf, sizeof(buf)); 129 143 return 0; 130 144 } 131 145

Configure Feed

Configure Feed