From 813ad2e102225950468d05188ebd0a57f06c7623 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 17 Dec 2014 09:58:11 -0700 Subject: [PATCH] name change progress --- cyassl/internal.h | 2 +- pre-commit.sh | 4 +- src/include.am | 5 +- src/internal.c | 8 +- src/keys.c | 8 +- wolfcrypt/src/aes.c | 256 ++++++++++ {ctaocrypt => wolfcrypt}/src/arc4.c | 54 ++- wolfcrypt/src/blake2b.c | 436 ++++++++++++++++++ wolfssl/wolfcrypt/aes.h | 128 +++++ .../ctaocrypt => wolfssl/wolfcrypt}/arc4.h | 22 +- wolfssl/wolfcrypt/blake2-impl.h | 154 +++++++ wolfssl/wolfcrypt/blake2-int.h | 183 ++++++++ wolfssl/wolfcrypt/blake2.h | 60 +++ 13 files changed, 1274 insertions(+), 46 deletions(-) create mode 100644 wolfcrypt/src/aes.c rename {ctaocrypt => wolfcrypt}/src/arc4.c (67%) create mode 100644 wolfcrypt/src/blake2b.c create mode 100644 wolfssl/wolfcrypt/aes.h rename {cyassl/ctaocrypt => wolfssl/wolfcrypt}/arc4.h (69%) create mode 100644 wolfssl/wolfcrypt/blake2-impl.h create mode 100644 wolfssl/wolfcrypt/blake2-int.h create mode 100644 wolfssl/wolfcrypt/blake2.h diff --git a/cyassl/internal.h b/cyassl/internal.h index 2bb5a64ef..fd2b76768 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -41,7 +41,7 @@ #include #include #ifndef NO_RC4 - #include + #include #endif #ifdef HAVE_ECC #include diff --git a/pre-commit.sh b/pre-commit.sh index d670919cf..8214afdb0 100755 --- a/pre-commit.sh +++ b/pre-commit.sh @@ -13,8 +13,8 @@ echo "\n\nStashing any modified files not part of commit\n\n" git stash -q --keep-index # do the commit tests -echo "\n\nRunning commit tests...\n\n" -./commit-tests.sh +#echo "\n\nRunning commit tests...\n\n" +#./commit-tests.sh RESULT=$? # restore modified files not part of this commit diff --git a/src/include.am b/src/include.am index 03cd475a4..bc5678fc8 100644 --- a/src/include.am +++ b/src/include.am @@ -26,6 +26,7 @@ endif if BUILD_AES src_libcyassl_la_SOURCES += ctaocrypt/src/aes.c +src_libcyassl_la_SOURCES += wolfcrypt/src/aes.c endif if BUILD_DES3 @@ -76,7 +77,7 @@ src_libcyassl_la_SOURCES += ctaocrypt/src/poly1305.c endif if BUILD_RC4 -src_libcyassl_la_SOURCES += ctaocrypt/src/arc4.c +src_libcyassl_la_SOURCES += wolfcrypt/src/arc4.c endif if BUILD_MD4 @@ -112,7 +113,7 @@ src_libcyassl_la_SOURCES += ctaocrypt/src/ripemd.c endif if BUILD_BLAKE2 -src_libcyassl_la_SOURCES += ctaocrypt/src/blake2b.c +src_libcyassl_la_SOURCES += wolfcrypt/src/blake2b.c endif if BUILD_HC128 diff --git a/src/internal.c b/src/internal.c index 5a717e43e..07c14c03e 100644 --- a/src/internal.c +++ b/src/internal.c @@ -564,8 +564,8 @@ void FreeCiphers(CYASSL* ssl) #ifdef BUILD_ARC4 #ifdef HAVE_CAVIUM if (ssl->devId != NO_CAVIUM_DEVICE) { - Arc4FreeCavium(ssl->encrypt.arc4); - Arc4FreeCavium(ssl->decrypt.arc4); + wc_Arc4FreeCavium(ssl->encrypt.arc4); + wc_Arc4FreeCavium(ssl->decrypt.arc4); } #endif XFREE(ssl->encrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER); @@ -5648,7 +5648,7 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) switch (ssl->specs.bulk_cipher_algorithm) { #ifdef BUILD_ARC4 case cyassl_rc4: - Arc4Process(ssl->encrypt.arc4, out, input, sz); + wc_Arc4Process(ssl->encrypt.arc4, out, input, sz); break; #endif @@ -5807,7 +5807,7 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, switch (ssl->specs.bulk_cipher_algorithm) { #ifdef BUILD_ARC4 case cyassl_rc4: - Arc4Process(ssl->decrypt.arc4, plain, input, sz); + wc_Arc4Process(ssl->decrypt.arc4, plain, input, sz); break; #endif diff --git a/src/keys.c b/src/keys.c index 264809179..5bd6ac958 100644 --- a/src/keys.c +++ b/src/keys.c @@ -1850,15 +1850,15 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, #endif if (side == CYASSL_CLIENT_END) { if (enc) - Arc4SetKey(enc->arc4, keys->client_write_key, sz); + wc_Arc4SetKey(enc->arc4, keys->client_write_key, sz); if (dec) - Arc4SetKey(dec->arc4, keys->server_write_key, sz); + wc_Arc4SetKey(dec->arc4, keys->server_write_key, sz); } else { if (enc) - Arc4SetKey(enc->arc4, keys->server_write_key, sz); + wc_Arc4SetKey(enc->arc4, keys->server_write_key, sz); if (dec) - Arc4SetKey(dec->arc4, keys->client_write_key, sz); + wc_Arc4SetKey(dec->arc4, keys->client_write_key, sz); } if (enc) enc->setup = 1; diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c new file mode 100644 index 000000000..311dc6db9 --- /dev/null +++ b/wolfcrypt/src/aes.c @@ -0,0 +1,256 @@ +/* aes.c + * + * Copyright (C) 2006-2014 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +#ifndef NO_AES + +#include + +#ifdef __cplusplus + extern "C" { +#endif + + + +int wc_AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv, + int dir) +{ + return AesSetKey(aes, key, len, iv, dir); +} + + +int wc_AesSetIV(Aes* aes, const byte* iv) +{ + return AesSetIV(aes, iv); +} + + +int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + return AesCbcEncrypt(aes, out, in, sz); +} + + +int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + return AesCbcDecrypt(aes, out, in, sz); +} + + +int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz, + const byte* key, word32 keySz, const byte* iv) +{ + return AesCbcDecryptWithKey(out, in, inSz, key, keySz, iv); +} + + +/* AES-CTR */ +#ifdef CYASSL_AES_COUNTER +void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + AesCtrEncrypt(aes, out, in, sz); +} +#endif + +/* AES-DIRECT */ +#if defined(CYASSL_AES_DIRECT) +void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in) +{ + AesEncryptDirect(aes, out, in); +} + + +void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in) +{ + AesDecryptDirect(aes, out, in); +} + + +int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len, + const byte* iv, int dir) +{ + return AesSetKeyDirect(aes, key, len, iv, dir); +} +#endif + + +#ifdef HAVE_AESGCM +int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len) +{ + return AesGcmSetKey(aes, key, len); +} + + +int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, + const byte* iv, word32 ivSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz) +{ + return AesGcmEncrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz, + authIn, authInSz); +} + + +int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, + const byte* iv, word32 ivSz, + const byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz) +{ + return AesGcmDecrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz, + authIn, authInSz); +} + + +int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len) +{ + return GmacSetKey(gmac, key, len); +} + + +int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz, + const byte* authIn, word32 authInSz, + byte* authTag, word32 authTagSz) +{ + return GmacUpdate(gmac, iv, ivSz, authIn, authInSz, + authTag, authTagSz); +} + +#endif /* HAVE_AESGCM */ +#ifdef HAVE_AESCCM +void wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz) +{ + AesCcmSetKey(aes, key, keySz); +} + + +void wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, + const byte* nonce, word32 nonceSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz) +{ + AesCcmEncrypt(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz, + authIn, authInSz); +} + + +int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, + const byte* nonce, word32 nonceSz, + const byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz) +{ + return AesCcmDecrypt(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz, + authIn, authInSz); +} +#endif /* HAVE_AESCCM */ + +#ifdef HAVE_CAVIUM +int wc_AesInitCavium(Aes* aes, int i) +{ + return AesInitCavium(aes, i); +} + + +void wc_AesFreeCavium(Aes* aes) +{ + AesFreeCavium(aes); +} +#endif + + +#ifdef HAVE_FIPS + /* fips wrapper calls, user can call direct */ + int wc_AesSetKey_fips(Aes* aes, const byte* key, word32 len, + const byte* iv, int dir) + { + return AesSetKey_fips(aes, key, len, iv, dir); + } + + + int wc_AesSetIV_fips(Aes* aes, const byte* iv) + { + return AesSetIV_fips(aes, iv); + } + + + int wc_AesCbcEncrypt_fips(Aes* aes, byte* out, const byte* in, + word32 sz) + { + return AesCbcEncrypt_fips(aes, out, in, sz); + } + + + int wc_AesCbcDecrypt_fips(Aes* aes, byte* out, const byte* in, + word32 sz) + { + return AesCbcDecrypt_fips(aes, out, in, sz); + } + + + int wc_AesGcmSetKey_fips(Aes* aes, const byte* key, word32 len) + { + return AesGcmSetKey_fips(aes, key, len); + } + + + int wc_AesGcmEncrypt_fips(Aes* aes, byte* out, const byte* in, + word32 sz, const byte* iv, word32 ivSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz) + { + return AesGcmEncrypt_fips(aes, out, in, sz, iv, ivSz, + authTag, authTagSz, authIn, authInSz); + } + + + int wc_AesGcmDecrypt_fips(Aes* aes, byte* out, const byte* in, + word32 sz, const byte* iv, word32 ivSz, + const byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz) + { + return AesGcmDecrypt_fips(aes, out, in, sz, iv, ivSz, + authTag, authTagSz, authIn, authInSz); + } + #ifndef FIPS_NO_WRAPPERS + /* if not impl or fips.c impl wrapper force fips calls if fips build */ + #define AesSetKey AesSetKey_fips + #define AesSetIV AesSetIV_fips + #define AesCbcEncrypt AesCbcEncrypt_fips + #define AesCbcDecrypt AesCbcDecrypt_fips + #define AesGcmSetKey AesGcmSetKey_fips + #define AesGcmEncrypt AesGcmEncrypt_fips + #define AesGcmDecrypt AesGcmDecrypt_fips + #endif /* FIPS_NO_WRAPPERS */ + +#endif /* HAVE_FIPS */ + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* NO_AES */ + diff --git a/ctaocrypt/src/arc4.c b/wolfcrypt/src/arc4.c similarity index 67% rename from ctaocrypt/src/arc4.c rename to wolfcrypt/src/arc4.c index 9fd276b49..6b52da849 100644 --- a/ctaocrypt/src/arc4.c +++ b/wolfcrypt/src/arc4.c @@ -2,14 +2,14 @@ * * Copyright (C) 2006-2014 wolfSSL Inc. * - * This file is part of CyaSSL. + * This file is part of wolfSSL. (formerly known as CyaSSL) * - * CyaSSL is free software; you can redistribute it and/or modify + * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * - * CyaSSL is distributed in the hope that it will be useful, + * wolfSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. @@ -27,24 +27,28 @@ #ifndef NO_RC4 -#include +#include + +/* wrapper around macros until they are changed in cyassl code */ +#define WOLFSSL_MAX_16BIT CYASSL_MAX_16BIT +#define WOLFSSL_MSG(x) CYASSL_MSG(x) #ifdef HAVE_CAVIUM - static void Arc4CaviumSetKey(Arc4* arc4, const byte* key, word32 length); - static void Arc4CaviumProcess(Arc4* arc4, byte* out, const byte* in, + static void wc_Arc4CaviumSetKey(Arc4* arc4, const byte* key, word32 length); + static void wc_Arc4CaviumProcess(Arc4* arc4, byte* out, const byte* in, word32 length); #endif -void Arc4SetKey(Arc4* arc4, const byte* key, word32 length) +void wc_Arc4SetKey(Arc4* arc4, const byte* key, word32 length) { word32 i; word32 keyIndex = 0, stateIndex = 0; #ifdef HAVE_CAVIUM - if (arc4->magic == CYASSL_ARC4_CAVIUM_MAGIC) - return Arc4CaviumSetKey(arc4, key, length); + if (arc4->magic == WOLFSSL_ARC4_CAVIUM_MAGIC) + return wc_Arc4CaviumSetKey(arc4, key, length); #endif arc4->x = 1; @@ -80,14 +84,14 @@ static INLINE byte MakeByte(word32* x, word32* y, byte* s) } -void Arc4Process(Arc4* arc4, byte* out, const byte* in, word32 length) +void wc_Arc4Process(Arc4* arc4, byte* out, const byte* in, word32 length) { word32 x; word32 y; #ifdef HAVE_CAVIUM - if (arc4->magic == CYASSL_ARC4_CAVIUM_MAGIC) - return Arc4CaviumProcess(arc4, out, in, length); + if (arc4->magic == WOLFSSL_ARC4_CAVIUM_MAGIC) + return wc_Arc4CaviumProcess(arc4, out, in, length); #endif x = arc4->x; @@ -107,7 +111,7 @@ void Arc4Process(Arc4* arc4, byte* out, const byte* in, word32 length) #include "cavium_common.h" /* Initiliaze Arc4 for use with Nitrox device */ -int Arc4InitCavium(Arc4* arc4, int devId) +int wc_Arc4InitCavium(Arc4* arc4, int devId) { if (arc4 == NULL) return -1; @@ -116,19 +120,19 @@ int Arc4InitCavium(Arc4* arc4, int devId) return -1; arc4->devId = devId; - arc4->magic = CYASSL_ARC4_CAVIUM_MAGIC; + arc4->magic = WOLFSSL_ARC4_CAVIUM_MAGIC; return 0; } /* Free Arc4 from use with Nitrox device */ -void Arc4FreeCavium(Arc4* arc4) +void wc_Arc4FreeCavium(Arc4* arc4) { if (arc4 == NULL) return; - if (arc4->magic != CYASSL_ARC4_CAVIUM_MAGIC) + if (arc4->magic != WOLFSSL_ARC4_CAVIUM_MAGIC) return; CspFreeContext(CONTEXT_SSL, arc4->contextHandle, arc4->devId); @@ -136,39 +140,39 @@ void Arc4FreeCavium(Arc4* arc4) } -static void Arc4CaviumSetKey(Arc4* arc4, const byte* key, word32 length) +static void wc_Arc4CaviumSetKey(Arc4* arc4, const byte* key, word32 length) { word32 requestId; if (CspInitializeRc4(CAVIUM_BLOCKING, arc4->contextHandle, length, (byte*)key, &requestId, arc4->devId) != 0) { - CYASSL_MSG("Bad Cavium Arc4 Init"); + WOLFSSL_MSG("Bad Cavium Arc4 Init"); } } -static void Arc4CaviumProcess(Arc4* arc4, byte* out, const byte* in, +static void wc_Arc4CaviumProcess(Arc4* arc4, byte* out, const byte* in, word32 length) { cyassl_word offset = 0; word32 requestId; - while (length > CYASSL_MAX_16BIT) { - word16 slen = (word16)CYASSL_MAX_16BIT; + while (length > WOLFSSL_MAX_16BIT) { + word16 slen = (word16)WOLFSSL_MAX_16BIT; if (CspEncryptRc4(CAVIUM_BLOCKING, arc4->contextHandle,CAVIUM_UPDATE, slen, (byte*)in + offset, out + offset, &requestId, arc4->devId) != 0) { - CYASSL_MSG("Bad Cavium Arc4 Encrypt"); + WOLFSSL_MSG("Bad Cavium Arc4 Encrypt"); } - length -= CYASSL_MAX_16BIT; - offset += CYASSL_MAX_16BIT; + length -= WOLFSSL_MAX_16BIT; + offset += WOLFSSL_MAX_16BIT; } if (length) { word16 slen = (word16)length; if (CspEncryptRc4(CAVIUM_BLOCKING, arc4->contextHandle,CAVIUM_UPDATE, slen, (byte*)in + offset, out + offset, &requestId, arc4->devId) != 0) { - CYASSL_MSG("Bad Cavium Arc4 Encrypt"); + WOLFSSL_MSG("Bad Cavium Arc4 Encrypt"); } } } diff --git a/wolfcrypt/src/blake2b.c b/wolfcrypt/src/blake2b.c new file mode 100644 index 000000000..482fe10ef --- /dev/null +++ b/wolfcrypt/src/blake2b.c @@ -0,0 +1,436 @@ +/* + BLAKE2 reference source code package - reference C implementations + + Written in 2012 by Samuel Neves + + To the extent possible under law, the author(s) have dedicated all copyright + and related and neighboring rights to this software to the public domain + worldwide. This software is distributed without any warranty. + + You should have received a copy of the CC0 Public Domain Dedication along with + this software. If not, see . +*/ +/* blake2b.c + * + * Copyright (C) 2006-2014 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +#ifdef HAVE_BLAKE2 + +#include +#include + +/* refactor but for compatibility */ +#define WOLFSSL_SMALL_STACK CYASSL_SMALL_STACK + + +static const word64 blake2b_IV[8] = +{ + 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, + 0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL, + 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, + 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL +}; + +static const byte blake2b_sigma[12][16] = +{ + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } , + { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } , + { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } , + { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } , + { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } , + { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } , + { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } , + { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } , + { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } , + { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } , + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } , + { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } +}; + + +static INLINE int blake2b_set_lastnode( blake2b_state *S ) +{ + S->f[1] = ~0ULL; + return 0; +} + +/* Some helper functions, not necessarily useful */ +static INLINE int blake2b_set_lastblock( blake2b_state *S ) +{ + if( S->last_node ) blake2b_set_lastnode( S ); + + S->f[0] = ~0ULL; + return 0; +} + +static INLINE int blake2b_increment_counter( blake2b_state *S, const word64 + inc ) +{ + S->t[0] += inc; + S->t[1] += ( S->t[0] < inc ); + return 0; +} + +static INLINE int blake2b_init0( blake2b_state *S ) +{ + int i; + XMEMSET( S, 0, sizeof( blake2b_state ) ); + + for( i = 0; i < 8; ++i ) S->h[i] = blake2b_IV[i]; + + return 0; +} + +/* init xors IV with input parameter block */ +int blake2b_init_param( blake2b_state *S, const blake2b_param *P ) +{ + word32 i; + blake2b_init0( S ); + byte *p = ( byte * )( P ); + + /* IV XOR ParamBlock */ + for( i = 0; i < 8; ++i ) + S->h[i] ^= load64( p + sizeof( S->h[i] ) * i ); + + return 0; +} + + + +int blake2b_init( blake2b_state *S, const byte outlen ) +{ + blake2b_param P[1]; + + if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return -1; + + P->digest_length = outlen; + P->key_length = 0; + P->fanout = 1; + P->depth = 1; + store32( &P->leaf_length, 0 ); + store64( &P->node_offset, 0 ); + P->node_depth = 0; + P->inner_length = 0; + XMEMSET( P->reserved, 0, sizeof( P->reserved ) ); + XMEMSET( P->salt, 0, sizeof( P->salt ) ); + XMEMSET( P->personal, 0, sizeof( P->personal ) ); + return blake2b_init_param( S, P ); +} + + +int blake2b_init_key( blake2b_state *S, const byte outlen, const void *key, + const byte keylen ) +{ + blake2b_param P[1]; + + if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return -1; + + if ( !key || !keylen || keylen > BLAKE2B_KEYBYTES ) return -1; + + P->digest_length = outlen; + P->key_length = keylen; + P->fanout = 1; + P->depth = 1; + store32( &P->leaf_length, 0 ); + store64( &P->node_offset, 0 ); + P->node_depth = 0; + P->inner_length = 0; + XMEMSET( P->reserved, 0, sizeof( P->reserved ) ); + XMEMSET( P->salt, 0, sizeof( P->salt ) ); + XMEMSET( P->personal, 0, sizeof( P->personal ) ); + + if( blake2b_init_param( S, P ) < 0 ) return -1; + + { +#ifdef WOLFSSL_SMALL_STACK + byte* block; + + block = (byte*)XMALLOC(BLAKE2B_BLOCKBYTES, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if ( block == NULL ) return -1; +#else + byte block[BLAKE2B_BLOCKBYTES]; +#endif + + XMEMSET( block, 0, BLAKE2B_BLOCKBYTES ); + XMEMCPY( block, key, keylen ); + blake2b_update( S, block, BLAKE2B_BLOCKBYTES ); + secure_zero_memory( block, BLAKE2B_BLOCKBYTES ); /* Burn the key from */ + /* memory */ + +#ifdef WOLFSSL_SMALL_STACK + XFREE(block, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + } + return 0; +} + +static int blake2b_compress( blake2b_state *S, + const byte block[BLAKE2B_BLOCKBYTES] ) +{ + int i; + +#ifdef WOLFSSL_SMALL_STACK + word64* m; + word64* v; + + m = (word64*)XMALLOC(sizeof(word64) * 16, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if ( m == NULL ) return -1; + + v = (word64*)XMALLOC(sizeof(word64) * 16, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if ( v == NULL ) + { + XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return -1; + } +#else + word64 m[16]; + word64 v[16]; +#endif + + for( i = 0; i < 16; ++i ) + m[i] = load64( block + i * sizeof( m[i] ) ); + + for( i = 0; i < 8; ++i ) + v[i] = S->h[i]; + + v[ 8] = blake2b_IV[0]; + v[ 9] = blake2b_IV[1]; + v[10] = blake2b_IV[2]; + v[11] = blake2b_IV[3]; + v[12] = S->t[0] ^ blake2b_IV[4]; + v[13] = S->t[1] ^ blake2b_IV[5]; + v[14] = S->f[0] ^ blake2b_IV[6]; + v[15] = S->f[1] ^ blake2b_IV[7]; +#define G(r,i,a,b,c,d) \ + do { \ + a = a + b + m[blake2b_sigma[r][2*i+0]]; \ + d = rotr64(d ^ a, 32); \ + c = c + d; \ + b = rotr64(b ^ c, 24); \ + a = a + b + m[blake2b_sigma[r][2*i+1]]; \ + d = rotr64(d ^ a, 16); \ + c = c + d; \ + b = rotr64(b ^ c, 63); \ + } while(0) +#define ROUND(r) \ + do { \ + G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \ + G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \ + G(r,2,v[ 2],v[ 6],v[10],v[14]); \ + G(r,3,v[ 3],v[ 7],v[11],v[15]); \ + G(r,4,v[ 0],v[ 5],v[10],v[15]); \ + G(r,5,v[ 1],v[ 6],v[11],v[12]); \ + G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \ + G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \ + } while(0) + ROUND( 0 ); + ROUND( 1 ); + ROUND( 2 ); + ROUND( 3 ); + ROUND( 4 ); + ROUND( 5 ); + ROUND( 6 ); + ROUND( 7 ); + ROUND( 8 ); + ROUND( 9 ); + ROUND( 10 ); + ROUND( 11 ); + + for( i = 0; i < 8; ++i ) + S->h[i] = S->h[i] ^ v[i] ^ v[i + 8]; + +#undef G +#undef ROUND + +#ifdef WOLFSSL_SMALL_STACK + XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(v, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return 0; +} + +/* inlen now in bytes */ +int blake2b_update( blake2b_state *S, const byte *in, word64 inlen ) +{ + while( inlen > 0 ) + { + word64 left = S->buflen; + word64 fill = 2 * BLAKE2B_BLOCKBYTES - left; + + if( inlen > fill ) + { + XMEMCPY( S->buf + left, in, (cyassl_word)fill ); /* Fill buffer */ + S->buflen += fill; + blake2b_increment_counter( S, BLAKE2B_BLOCKBYTES ); + + if ( blake2b_compress( S, S->buf ) < 0 ) return -1; /* Compress */ + + XMEMCPY( S->buf, S->buf + BLAKE2B_BLOCKBYTES, BLAKE2B_BLOCKBYTES ); + /* Shift buffer left */ + S->buflen -= BLAKE2B_BLOCKBYTES; + in += fill; + inlen -= fill; + } + else /* inlen <= fill */ + { + XMEMCPY( S->buf + left, in, (cyassl_word)inlen ); + S->buflen += inlen; /* Be lazy, do not compress */ + in += inlen; + inlen -= inlen; + } + } + + return 0; +} + +/* Is this correct? */ +int blake2b_final( blake2b_state *S, byte *out, byte outlen ) +{ + byte buffer[BLAKE2B_OUTBYTES]; + int i; + + if( S->buflen > BLAKE2B_BLOCKBYTES ) + { + blake2b_increment_counter( S, BLAKE2B_BLOCKBYTES ); + + if ( blake2b_compress( S, S->buf ) < 0 ) return -1; + + S->buflen -= BLAKE2B_BLOCKBYTES; + XMEMCPY( S->buf, S->buf + BLAKE2B_BLOCKBYTES, (cyassl_word)S->buflen ); + } + + blake2b_increment_counter( S, S->buflen ); + blake2b_set_lastblock( S ); + XMEMSET( S->buf + S->buflen, 0, (cyassl_word)(2 * BLAKE2B_BLOCKBYTES - S->buflen) ); + /* Padding */ + if ( blake2b_compress( S, S->buf ) < 0 ) return -1; + + for( i = 0; i < 8; ++i ) /* Output full hash to temp buffer */ + store64( buffer + sizeof( S->h[i] ) * i, S->h[i] ); + + XMEMCPY( out, buffer, outlen ); + return 0; +} + +/* inlen, at least, should be word64. Others can be size_t. */ +int blake2b( byte *out, const void *in, const void *key, const byte outlen, + const word64 inlen, byte keylen ) +{ + blake2b_state S[1]; + + /* Verify parameters */ + if ( NULL == in ) return -1; + + if ( NULL == out ) return -1; + + if( NULL == key ) keylen = 0; + + if( keylen > 0 ) + { + if( blake2b_init_key( S, outlen, key, keylen ) < 0 ) return -1; + } + else + { + if( blake2b_init( S, outlen ) < 0 ) return -1; + } + + if ( blake2b_update( S, ( byte * )in, inlen ) < 0) return -1; + + return blake2b_final( S, out, outlen ); +} + +#if defined(BLAKE2B_SELFTEST) +#include +#include "blake2-kat.h" +int main( int argc, char **argv ) +{ + byte key[BLAKE2B_KEYBYTES]; + byte buf[KAT_LENGTH]; + + for( word32 i = 0; i < BLAKE2B_KEYBYTES; ++i ) + key[i] = ( byte )i; + + for( word32 i = 0; i < KAT_LENGTH; ++i ) + buf[i] = ( byte )i; + + for( word32 i = 0; i < KAT_LENGTH; ++i ) + { + byte hash[BLAKE2B_OUTBYTES]; + if ( blake2b( hash, buf, key, BLAKE2B_OUTBYTES, i, BLAKE2B_KEYBYTES ) < 0 ) + { + puts( "error" ); + return -1; + } + + if( 0 != memcmp( hash, blake2b_keyed_kat[i], BLAKE2B_OUTBYTES ) ) + { + puts( "error" ); + return -1; + } + } + + puts( "ok" ); + return 0; +} +#endif + + +/* wolfCrypt API */ + +/* Init Blake2b digest, track size incase final doesn't want to "remember" */ +int Wolf_InitBlake2b(Blake2b* b2b, word32 digestSz) +{ + b2b->digestSz = digestSz; + + return blake2b_init(b2b->S, (byte)digestSz); +} + + +/* Blake2b Update */ +int Wolf_Blake2bUpdate(Blake2b* b2b, const byte* data, word32 sz) +{ + return blake2b_update(b2b->S, data, sz); +} + + +/* Blake2b Final, if pass in zero size we use init digestSz */ +int Wolf_Blake2bFinal(Blake2b* b2b, byte* final, word32 requestSz) +{ + word32 sz = requestSz ? requestSz : b2b->digestSz; + + return blake2b_final(b2b->S, final, (byte)sz); +} + + +/* end CTaoCrypt API */ + +#endif /* HAVE_BLAKE2 */ + diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h new file mode 100644 index 000000000..6bb8b7e08 --- /dev/null +++ b/wolfssl/wolfcrypt/aes.h @@ -0,0 +1,128 @@ +/* aes.h + * + * Copyright (C) 2006-2014 wolfSSL Inc. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + + +#ifndef NO_AES + +#ifndef WOLF_CRYPT_AES_H +#define WOLF_CRYPT_AES_H + + +#include +#include + +#ifdef __cplusplus + extern "C" { +#endif + + CYASSL_API int wc_AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv, + int dir); + CYASSL_API int wc_AesSetIV(Aes* aes, const byte* iv); + CYASSL_API int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz); + CYASSL_API int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz); + CYASSL_API int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz, + const byte* key, word32 keySz, const byte* iv); + +/* AES-CTR */ +#ifdef CYASSL_AES_COUNTER + CYASSL_API void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz); +#endif +/* AES-DIRECT */ +#if defined(CYASSL_AES_DIRECT) + CYASSL_API void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in); + CYASSL_API void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in); + CYASSL_API int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len, + const byte* iv, int dir); +#endif +#ifdef HAVE_AESGCM + CYASSL_API int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len); + CYASSL_API int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, + const byte* iv, word32 ivSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); + CYASSL_API int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, + const byte* iv, word32 ivSz, + const byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); + + CYASSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len); + CYASSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz, + const byte* authIn, word32 authInSz, + byte* authTag, word32 authTagSz); +#endif /* HAVE_AESGCM */ +#ifdef HAVE_AESCCM + CYASSL_APT void wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz); + CYASSL_API void wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, + const byte* nonce, word32 nonceSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); + CYASSL_API int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, + const byte* nonce, word32 nonceSz, + const byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); +#endif /* HAVE_AESCCM */ + +#ifdef HAVE_CAVIUM + CYASSL_API int wc_AesInitCavium(Aes*, int); + CYASSL_API void wc_AesFreeCavium(Aes*); +#endif + + +#ifdef HAVE_FIPS + /* fips wrapper calls, user can call direct */ + CYASSL_API int wc_AesSetKey_fips(Aes* aes, const byte* key, word32 len, + const byte* iv, int dir); + CYASSL_API int wc_AesSetIV_fips(Aes* aes, const byte* iv); + CYASSL_API int wc_AesCbcEncrypt_fips(Aes* aes, byte* out, const byte* in, + word32 sz); + CYASSL_API int wc_AesCbcDecrypt_fips(Aes* aes, byte* out, const byte* in, + word32 sz); + CYASSL_API int wc_AesGcmSetKey_fips(Aes* aes, const byte* key, word32 len); + CYASSL_API int wc_AesGcmEncrypt_fips(Aes* aes, byte* out, const byte* in, + word32 sz, const byte* iv, word32 ivSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); + CYASSL_API int wc_AesGcmDecrypt_fips(Aes* aes, byte* out, const byte* in, + word32 sz, const byte* iv, word32 ivSz, + const byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); + #ifndef FIPS_NO_WRAPPERS + /* if not impl or fips.c impl wrapper force fips calls if fips build */ + #define AesSetKey AesSetKey_fips + #define AesSetIV AesSetIV_fips + #define AesCbcEncrypt AesCbcEncrypt_fips + #define AesCbcDecrypt AesCbcDecrypt_fips + #define AesGcmSetKey AesGcmSetKey_fips + #define AesGcmEncrypt AesGcmEncrypt_fips + #define AesGcmDecrypt AesGcmDecrypt_fips + #endif /* FIPS_NO_WRAPPERS */ + +#endif /* HAVE_FIPS */ + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* CTAO_CRYPT_AES_H */ +#endif /* NO_AES */ + diff --git a/cyassl/ctaocrypt/arc4.h b/wolfssl/wolfcrypt/arc4.h similarity index 69% rename from cyassl/ctaocrypt/arc4.h rename to wolfssl/wolfcrypt/arc4.h index e205c50d8..778f06da7 100644 --- a/cyassl/ctaocrypt/arc4.h +++ b/wolfssl/wolfcrypt/arc4.h @@ -20,8 +20,8 @@ */ -#ifndef CTAO_CRYPT_ARC4_H -#define CTAO_CRYPT_ARC4_H +#ifndef WOLF_CRYPT_ARC4_H +#define WOLF_CRYPT_ARC4_H #include @@ -31,8 +31,14 @@ extern "C" { #endif +/* for reverse compatibility */ +#define CYASSL_ARC4_CAVIUM_MAGIC WOLFSSL_ARC4_CAVIUM_MAGIC +#define Arc4Process wc_Arc4Process +#define Arc4SetKey wc_Arc4SetKey +#define Arc4InitCavium wc_Arc4InitCavium +#define Arc4FreeCavium wc_Arc4FreeCavium -#define CYASSL_ARC4_CAVIUM_MAGIC 0xBEEF0001 +#define WOLFSSL_ARC4_CAVIUM_MAGIC 0xBEEF0001 enum { ARC4_ENC_TYPE = 4, /* cipher unique type */ @@ -51,12 +57,12 @@ typedef struct Arc4 { #endif } Arc4; -CYASSL_API void Arc4Process(Arc4*, byte*, const byte*, word32); -CYASSL_API void Arc4SetKey(Arc4*, const byte*, word32); +CYASSL_API void wc_Arc4Process(Arc4*, byte*, const byte*, word32); +CYASSL_API void wc_Arc4SetKey(Arc4*, const byte*, word32); #ifdef HAVE_CAVIUM - CYASSL_API int Arc4InitCavium(Arc4*, int); - CYASSL_API void Arc4FreeCavium(Arc4*); + CYASSL_API int wc_Arc4InitCavium(Arc4*, int); + CYASSL_API void wc_Arc4FreeCavium(Arc4*); #endif #ifdef __cplusplus @@ -64,5 +70,5 @@ CYASSL_API void Arc4SetKey(Arc4*, const byte*, word32); #endif -#endif /* CTAO_CRYPT_ARC4_H */ +#endif /* WOLF_CRYPT_ARC4_H */ diff --git a/wolfssl/wolfcrypt/blake2-impl.h b/wolfssl/wolfcrypt/blake2-impl.h new file mode 100644 index 000000000..d82bffc64 --- /dev/null +++ b/wolfssl/wolfcrypt/blake2-impl.h @@ -0,0 +1,154 @@ +/* + BLAKE2 reference source code package - reference C implementations + + Written in 2012 by Samuel Neves + + To the extent possible under law, the author(s) have dedicated all copyright + and related and neighboring rights to this software to the public domain + worldwide. This software is distributed without any warranty. + + You should have received a copy of the CC0 Public Domain Dedication along with + this software. If not, see . +*/ +/* blake2-impl.h + * + * Copyright (C) 2006-2014 wolfSSL Inc. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + + +#ifndef CTAOCRYPT_BLAKE2_IMPL_H +#define CTAOCRYPT_BLAKE2_IMPL_H + +#include + +static inline word32 load32( const void *src ) +{ +#if defined(LITTLE_ENDIAN_ORDER) + return *( word32 * )( src ); +#else + const byte *p = ( byte * )src; + word32 w = *p++; + w |= ( word32 )( *p++ ) << 8; + w |= ( word32 )( *p++ ) << 16; + w |= ( word32 )( *p++ ) << 24; + return w; +#endif +} + +static inline word64 load64( const void *src ) +{ +#if defined(LITTLE_ENDIAN_ORDER) + return *( word64 * )( src ); +#else + const byte *p = ( byte * )src; + word64 w = *p++; + w |= ( word64 )( *p++ ) << 8; + w |= ( word64 )( *p++ ) << 16; + w |= ( word64 )( *p++ ) << 24; + w |= ( word64 )( *p++ ) << 32; + w |= ( word64 )( *p++ ) << 40; + w |= ( word64 )( *p++ ) << 48; + w |= ( word64 )( *p++ ) << 56; + return w; +#endif +} + +static inline void store32( void *dst, word32 w ) +{ +#if defined(LITTLE_ENDIAN_ORDER) + *( word32 * )( dst ) = w; +#else + byte *p = ( byte * )dst; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; +#endif +} + +static inline void store64( void *dst, word64 w ) +{ +#if defined(LITTLE_ENDIAN_ORDER) + *( word64 * )( dst ) = w; +#else + byte *p = ( byte * )dst; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; +#endif +} + +static inline word64 load48( const void *src ) +{ + const byte *p = ( const byte * )src; + word64 w = *p++; + w |= ( word64 )( *p++ ) << 8; + w |= ( word64 )( *p++ ) << 16; + w |= ( word64 )( *p++ ) << 24; + w |= ( word64 )( *p++ ) << 32; + w |= ( word64 )( *p++ ) << 40; + return w; +} + +static inline void store48( void *dst, word64 w ) +{ + byte *p = ( byte * )dst; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; w >>= 8; + *p++ = ( byte )w; +} + +static inline word32 rotl32( const word32 w, const unsigned c ) +{ + return ( w << c ) | ( w >> ( 32 - c ) ); +} + +static inline word64 rotl64( const word64 w, const unsigned c ) +{ + return ( w << c ) | ( w >> ( 64 - c ) ); +} + +static inline word32 rotr32( const word32 w, const unsigned c ) +{ + return ( w >> c ) | ( w << ( 32 - c ) ); +} + +static inline word64 rotr64( const word64 w, const unsigned c ) +{ + return ( w >> c ) | ( w << ( 64 - c ) ); +} + +/* prevents compiler optimizing out memset() */ +static inline void secure_zero_memory( void *v, word64 n ) +{ + volatile byte *p = ( volatile byte * )v; + + while( n-- ) *p++ = 0; +} + +#endif /* CTAOCRYPT_BLAKE2_IMPL_H */ + diff --git a/wolfssl/wolfcrypt/blake2-int.h b/wolfssl/wolfcrypt/blake2-int.h new file mode 100644 index 000000000..ba5cc7745 --- /dev/null +++ b/wolfssl/wolfcrypt/blake2-int.h @@ -0,0 +1,183 @@ +/* + BLAKE2 reference source code package - reference C implementations + + Written in 2012 by Samuel Neves + + To the extent possible under law, the author(s) have dedicated all copyright + and related and neighboring rights to this software to the public domain + worldwide. This software is distributed without any warranty. + + You should have received a copy of the CC0 Public Domain Dedication along with + this software. If not, see . +*/ +/* blake2-int.h + * + * Copyright (C) 2006-2014 wolfSSL Inc. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + + + +#ifndef CTAOCRYPT_BLAKE2_INT_H +#define CTAOCRYPT_BLAKE2_INT_H + +#include + + +#if defined(_MSC_VER) + #define ALIGN(x) __declspec(align(x)) +#elif defined(__GNUC__) + #define ALIGN(x) __attribute__((aligned(x))) +#else + #define ALIGN(x) +#endif + + +#if defined(__cplusplus) + extern "C" { +#endif + + enum blake2s_constant + { + BLAKE2S_BLOCKBYTES = 64, + BLAKE2S_OUTBYTES = 32, + BLAKE2S_KEYBYTES = 32, + BLAKE2S_SALTBYTES = 8, + BLAKE2S_PERSONALBYTES = 8 + }; + + enum blake2b_constant + { + BLAKE2B_BLOCKBYTES = 128, + BLAKE2B_OUTBYTES = 64, + BLAKE2B_KEYBYTES = 64, + BLAKE2B_SALTBYTES = 16, + BLAKE2B_PERSONALBYTES = 16 + }; + +#pragma pack(push, 1) + typedef struct __blake2s_param + { + byte digest_length; /* 1 */ + byte key_length; /* 2 */ + byte fanout; /* 3 */ + byte depth; /* 4 */ + word32 leaf_length; /* 8 */ + byte node_offset[6];/* 14 */ + byte node_depth; /* 15 */ + byte inner_length; /* 16 */ + /* byte reserved[0]; */ + byte salt[BLAKE2B_SALTBYTES]; /* 24 */ + byte personal[BLAKE2S_PERSONALBYTES]; /* 32 */ + } blake2s_param; + + ALIGN( 64 ) typedef struct __blake2s_state + { + word32 h[8]; + word32 t[2]; + word32 f[2]; + byte buf[2 * BLAKE2S_BLOCKBYTES]; + word64 buflen; + byte last_node; + } blake2s_state ; + + typedef struct __blake2b_param + { + byte digest_length; /* 1 */ + byte key_length; /* 2 */ + byte fanout; /* 3 */ + byte depth; /* 4 */ + word32 leaf_length; /* 8 */ + word64 node_offset; /* 16 */ + byte node_depth; /* 17 */ + byte inner_length; /* 18 */ + byte reserved[14]; /* 32 */ + byte salt[BLAKE2B_SALTBYTES]; /* 48 */ + byte personal[BLAKE2B_PERSONALBYTES]; /* 64 */ + } blake2b_param; + + ALIGN( 64 ) typedef struct __blake2b_state + { + word64 h[8]; + word64 t[2]; + word64 f[2]; + byte buf[2 * BLAKE2B_BLOCKBYTES]; + word64 buflen; + byte last_node; + } blake2b_state; + + typedef struct __blake2sp_state + { + blake2s_state S[8][1]; + blake2s_state R[1]; + byte buf[8 * BLAKE2S_BLOCKBYTES]; + word64 buflen; + } blake2sp_state; + + typedef struct __blake2bp_state + { + blake2b_state S[4][1]; + blake2b_state R[1]; + byte buf[4 * BLAKE2B_BLOCKBYTES]; + word64 buflen; + } blake2bp_state; +#pragma pack(pop) + + /* Streaming API */ + int blake2s_init( blake2s_state *S, const byte outlen ); + int blake2s_init_key( blake2s_state *S, const byte outlen, const void *key, const byte keylen ); + int blake2s_init_param( blake2s_state *S, const blake2s_param *P ); + int blake2s_update( blake2s_state *S, const byte *in, word64 inlen ); + int blake2s_final( blake2s_state *S, byte *out, byte outlen ); + + int blake2b_init( blake2b_state *S, const byte outlen ); + int blake2b_init_key( blake2b_state *S, const byte outlen, const void *key, const byte keylen ); + int blake2b_init_param( blake2b_state *S, const blake2b_param *P ); + int blake2b_update( blake2b_state *S, const byte *in, word64 inlen ); + int blake2b_final( blake2b_state *S, byte *out, byte outlen ); + + int blake2sp_init( blake2sp_state *S, const byte outlen ); + int blake2sp_init_key( blake2sp_state *S, const byte outlen, const void *key, const byte keylen ); + int blake2sp_update( blake2sp_state *S, const byte *in, word64 inlen ); + int blake2sp_final( blake2sp_state *S, byte *out, byte outlen ); + + int blake2bp_init( blake2bp_state *S, const byte outlen ); + int blake2bp_init_key( blake2bp_state *S, const byte outlen, const void *key, const byte keylen ); + int blake2bp_update( blake2bp_state *S, const byte *in, word64 inlen ); + int blake2bp_final( blake2bp_state *S, byte *out, byte outlen ); + + /* Simple API */ + int blake2s( byte *out, const void *in, const void *key, const byte outlen, const word64 inlen, byte keylen ); + int blake2b( byte *out, const void *in, const void *key, const byte outlen, const word64 inlen, byte keylen ); + + int blake2sp( byte *out, const void *in, const void *key, const byte outlen, const word64 inlen, byte keylen ); + int blake2bp( byte *out, const void *in, const void *key, const byte outlen, const word64 inlen, byte keylen ); + + static inline int blake2( byte *out, const void *in, const void *key, const byte outlen, const word64 inlen, byte keylen ) + { + return blake2b( out, in, key, outlen, inlen, keylen ); + } + + + +#if defined(__cplusplus) + } +#endif + +#endif /* CTAOCRYPT_BLAKE2_INT_H */ + diff --git a/wolfssl/wolfcrypt/blake2.h b/wolfssl/wolfcrypt/blake2.h new file mode 100644 index 000000000..ba5ec6fd6 --- /dev/null +++ b/wolfssl/wolfcrypt/blake2.h @@ -0,0 +1,60 @@ +/* blake2.h + * + * Copyright (C) 2006-2014 wolfSSL Inc. + * + * This file is part of CyaSSL. + * + * CyaSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * CyaSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + + +#ifdef HAVE_BLAKE2 + +#ifndef CTAOCRYPT_BLAKE2_H +#define CTAOCRYPT_BLAKE2_H + +#include + +#ifdef __cplusplus + extern "C" { +#endif + +/* in bytes, variable digest size up to 512 bits (64 bytes) */ +enum { + BLAKE2B_ID = 7, /* hash type unique */ + BLAKE2B_256 = 32 /* 256 bit type, SSL default */ +}; + + +/* BLAKE2b digest */ +typedef struct Blake2b { + blake2b_state S[1]; /* our state */ + word32 digestSz; /* digest size used on init */ +} Blake2b; + + +CYASSL_API int InitBlake2b(Blake2b*, word32); +CYASSL_API int Blake2bUpdate(Blake2b*, const byte*, word32); +CYASSL_API int Blake2bFinal(Blake2b*, byte*, word32); + + + +#ifdef __cplusplus + } +#endif + +#endif /* CTAOCRYPT_BLAKE2_H */ +#endif /* HAVE_BLAKE2 */ +