haskell/cryptonite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: haskell:uni2work
Branches Tags
haskell:uni2work
haskell:master
haskell:dropold
haskell:hash-use-block
haskell:haskell-ci
haskell:scrypt-reintf
haskell:hash-update
haskell:blake2-update
haskell:hash-shake
haskell:more-blake2
haskell:data
haskell:typeable
haskell:ecc2
haskell:v0.15-lts
haskell:bcrypt
haskell:cryptonite-v0.29
haskell:cryptonite-v0.28
haskell:cryptonite-v0.27
haskell:cryptonite-v0.26
haskell:cryptonite-v0.25
haskell:cryptonite-v0.24
haskell:cryptonite-v0.23
haskell:cryptonite-v0.22
haskell:cryptonite-v0.21
haskell:cryptonite-v0.20
haskell:cryptonite-v0.15.1
haskell:cryptonite-v0.18
haskell:cryptonite-v0.19
haskell:cryptonite-v0.17
haskell:cryptonite-v0.16
haskell:cryptonite-v0.15
haskell:cryptonite-v0.14
haskell:cryptonite-v0.13
haskell:cryptonite-v0.12
haskell:cryptonite-v0.11
haskell:cryptonite-v0.10
haskell:cryptonite-v0.9
haskell:cryptonite-v0.8
haskell:cryptonite-v0.7
haskell:cryptonite-v0.6
haskell:cryptonite-v0.5
haskell:cryptonite-v0.4
haskell:cryptonite-v0.3
haskell:cryptonite-v0.2
haskell:cryptonite-v0.1
..
compare: haskell:cryptonite-v0.27
Branches Tags
haskell:uni2work
haskell:master
haskell:dropold
haskell:hash-use-block
haskell:haskell-ci
haskell:scrypt-reintf
haskell:hash-update
haskell:blake2-update
haskell:hash-shake
haskell:more-blake2
haskell:data
haskell:typeable
haskell:ecc2
haskell:v0.15-lts
haskell:bcrypt
haskell:cryptonite-v0.29
haskell:cryptonite-v0.28
haskell:cryptonite-v0.27
haskell:cryptonite-v0.26
haskell:cryptonite-v0.25
haskell:cryptonite-v0.24
haskell:cryptonite-v0.23
haskell:cryptonite-v0.22
haskell:cryptonite-v0.21
haskell:cryptonite-v0.20
haskell:cryptonite-v0.15.1
haskell:cryptonite-v0.18
haskell:cryptonite-v0.19
haskell:cryptonite-v0.17
haskell:cryptonite-v0.16
haskell:cryptonite-v0.15
haskell:cryptonite-v0.14
haskell:cryptonite-v0.13
haskell:cryptonite-v0.12
haskell:cryptonite-v0.11
haskell:cryptonite-v0.10
haskell:cryptonite-v0.9
haskell:cryptonite-v0.8
haskell:cryptonite-v0.7
haskell:cryptonite-v0.6
haskell:cryptonite-v0.5
haskell:cryptonite-v0.4
haskell:cryptonite-v0.3
haskell:cryptonite-v0.2
haskell:cryptonite-v0.1

No commits in common. "uni2work" and "cryptonite-v0.27" have entirely different histories.
uni2work ... cryptonite

74 changed files with 480 additions and 1852 deletions
Show Stats Expand all files Collapse all files

1
.envrc
View File

@ -1 +0,0 @@
use flake

17
CHANGELOG.md
View File

@ -1,20 +1,3 @@
## 0.30
* Fix some C symbol blake2b prefix to be cryptonite_ prefix (fix mixing with other C library)
* add hmac-lazy
* Fix compilation with GHC 9.2
* Drop support for GHC8.0, GHC8.2, GHC8.4, GHC8.6
## 0.29
* advance compilation with gmp breakage due to change upstream
* Add native EdDSA support
## 0.28
* Add hash constant time capability
* Prevent possible overflow during hashing by hashing in 4GB chunks
## 0.27
* Optimise AES GCM and CCM

5
Crypto/Cipher/RC4.hs
View File

@ -30,11 +30,6 @@ import Crypto.Internal.Compat
import Crypto.Internal.Imports
-- | The encryption state for RC4
--
-- This type is an instance of 'ByteArrayAccess' for debugging purpose. Internal
-- layout is architecture dependent, may contain uninitialized data fragments,
-- and change in future versions. The bytearray should not be used as input to
-- cryptographic algorithms.
newtype State = State ScrubbedBytes
deriving (ByteArrayAccess,NFData)

10
Crypto/Cipher/Types/AEAD.hs
View File

@ -27,24 +27,24 @@ data AEADModeImpl st = AEADModeImpl
-- | Authenticated Encryption with Associated Data algorithms
data AEAD cipher = forall st . AEAD
{ aeadModeImpl :: AEADModeImpl st
, aeadState :: !st
, aeadState :: st
}
-- | Append some header information to an AEAD context
aeadAppendHeader :: ByteArrayAccess aad => AEAD cipher -> aad -> AEAD cipher
aeadAppendHeader (AEAD impl st) aad = AEAD impl $ aeadImplAppendHeader impl st aad
aeadAppendHeader (AEAD impl st) aad = AEAD impl $ (aeadImplAppendHeader impl) st aad
-- | Encrypt some data and update the AEAD context
aeadEncrypt :: ByteArray ba => AEAD cipher -> ba -> (ba, AEAD cipher)
aeadEncrypt (AEAD impl st) ba = second (AEAD impl) $ aeadImplEncrypt impl st ba
aeadEncrypt (AEAD impl st) ba = second (AEAD impl) $ (aeadImplEncrypt impl) st ba
-- | Decrypt some data and update the AEAD context
aeadDecrypt :: ByteArray ba => AEAD cipher -> ba -> (ba, AEAD cipher)
aeadDecrypt (AEAD impl st) ba = second (AEAD impl) $ aeadImplDecrypt impl st ba
aeadDecrypt (AEAD impl st) ba = second (AEAD impl) $ (aeadImplDecrypt impl) st ba
-- | Finalize the AEAD context and return the authentication tag
aeadFinalize :: AEAD cipher -> Int -> AuthTag
aeadFinalize (AEAD impl st) = aeadImplFinalize impl st
aeadFinalize (AEAD impl st) n = (aeadImplFinalize impl) st n
-- | Simple AEAD encryption
aeadSimpleEncrypt :: (ByteArrayAccess aad, ByteArray ba)

24
Crypto/ECC/Edwards25519.hs
View File

@ -283,45 +283,45 @@ pointsMulVarTime (Scalar s1) (Scalar s2) (Point p) =
withByteArray p $ \pp ->
ed25519_base_double_scalarmul_vartime out ps1 pp ps2
foreign import ccall unsafe "cryptonite_ed25519_scalar_eq"
foreign import ccall "cryptonite_ed25519_scalar_eq"
ed25519_scalar_eq :: Ptr Scalar
-> Ptr Scalar
-> IO CInt
foreign import ccall unsafe "cryptonite_ed25519_scalar_encode"
foreign import ccall "cryptonite_ed25519_scalar_encode"
ed25519_scalar_encode :: Ptr Word8
-> Ptr Scalar
-> IO ()
foreign import ccall unsafe "cryptonite_ed25519_scalar_decode_long"
foreign import ccall "cryptonite_ed25519_scalar_decode_long"
ed25519_scalar_decode_long :: Ptr Scalar
-> Ptr Word8
-> CSize
-> IO ()
foreign import ccall unsafe "cryptonite_ed25519_scalar_add"
foreign import ccall "cryptonite_ed25519_scalar_add"
ed25519_scalar_add :: Ptr Scalar -- sum
-> Ptr Scalar -- a
-> Ptr Scalar -- b
-> IO ()
foreign import ccall unsafe "cryptonite_ed25519_scalar_mul"
foreign import ccall "cryptonite_ed25519_scalar_mul"
ed25519_scalar_mul :: Ptr Scalar -- out
-> Ptr Scalar -- a
-> Ptr Scalar -- b
-> IO ()
foreign import ccall unsafe "cryptonite_ed25519_point_encode"
foreign import ccall "cryptonite_ed25519_point_encode"
ed25519_point_encode :: Ptr Word8
-> Ptr Point
-> IO ()
foreign import ccall unsafe "cryptonite_ed25519_point_decode_vartime"
foreign import ccall "cryptonite_ed25519_point_decode_vartime"
ed25519_point_decode_vartime :: Ptr Point
-> Ptr Word8
-> IO CInt
foreign import ccall unsafe "cryptonite_ed25519_point_eq"
foreign import ccall "cryptonite_ed25519_point_eq"
ed25519_point_eq :: Ptr Point
-> Ptr Point
-> IO CInt
@ -330,23 +330,23 @@ foreign import ccall "cryptonite_ed25519_point_has_prime_order"
ed25519_point_has_prime_order :: Ptr Point
-> IO CInt
foreign import ccall unsafe "cryptonite_ed25519_point_negate"
foreign import ccall "cryptonite_ed25519_point_negate"
ed25519_point_negate :: Ptr Point -- minus_a
-> Ptr Point -- a
-> IO ()
foreign import ccall unsafe "cryptonite_ed25519_point_add"
foreign import ccall "cryptonite_ed25519_point_add"
ed25519_point_add :: Ptr Point -- sum
-> Ptr Point -- a
-> Ptr Point -- b
-> IO ()
foreign import ccall unsafe "cryptonite_ed25519_point_double"
foreign import ccall "cryptonite_ed25519_point_double"
ed25519_point_double :: Ptr Point -- two_a
-> Ptr Point -- a
-> IO ()
foreign import ccall unsafe "cryptonite_ed25519_point_mul_by_cofactor"
foreign import ccall "cryptonite_ed25519_point_mul_by_cofactor"
ed25519_point_mul_by_cofactor :: Ptr Point -- eight_a
-> Ptr Point -- a
-> IO ()

59
Crypto/Hash.hs
View File

@ -28,20 +28,15 @@ module Crypto.Hash
-- * Hash methods parametrized by algorithm
, hashInitWith
, hashWith
, hashPrefixWith
-- * Hash methods
, hashInit
, hashUpdates
, hashUpdate
, hashFinalize
, hashFinalizePrefix
, hashBlockSize
, hashDigestSize
, hash
, hashPrefix
, hashlazy
, hashPutContext
, hashGetContext
-- * Hash algorithms
, module Crypto.Hash.Algorithms
) where
@ -52,21 +47,16 @@ import Basement.Block.Mutable (copyFromPtr, new)
import Crypto.Internal.Compat (unsafeDoIO)
import Crypto.Hash.Types
import Crypto.Hash.Algorithms
import Foreign.Ptr (Ptr, plusPtr)
import Crypto.Internal.ByteArray (ByteArrayAccess, ByteArray)
import Foreign.Ptr (Ptr)
import Crypto.Internal.ByteArray (ByteArrayAccess)
import qualified Crypto.Internal.ByteArray as B
import qualified Data.ByteString.Lazy as L
import Data.Word (Word8)
import Data.Int (Int32)
-- | Hash a strict bytestring into a digest.
hash :: (ByteArrayAccess ba, HashAlgorithm a) => ba -> Digest a
hash bs = hashFinalize $ hashUpdate hashInit bs
-- | Hash the first N bytes of a bytestring, with code path independent from N.
hashPrefix :: (ByteArrayAccess ba, HashAlgorithmPrefix a) => ba -> Int -> Digest a
hashPrefix = hashFinalizePrefix hashInit
-- | Hash a lazy bytestring into a digest.
hashlazy :: HashAlgorithm a => L.ByteString -> Digest a
hashlazy lbs = hashFinalize $ hashUpdates hashInit (L.toChunks lbs)
@ -91,17 +81,9 @@ hashUpdates :: forall a ba . (HashAlgorithm a, ByteArrayAccess ba)
hashUpdates c l
| null ls = c
| otherwise = Context $ B.copyAndFreeze c $ \(ctx :: Ptr (Context a)) ->
mapM_ (\b -> B.withByteArray b (processBlocks ctx (B.length b))) ls
mapM_ (\b -> B.withByteArray b $ \d -> hashInternalUpdate ctx d (fromIntegral $ B.length b)) ls
where
ls = filter (not . B.null) l
-- process the data in 2GB chunks to fit in uint32_t and Int on 32 bit systems
processBlocks ctx bytesLeft dataPtr
| bytesLeft == 0 = return ()
| otherwise = do
hashInternalUpdate ctx dataPtr (fromIntegral actuallyProcessed)
processBlocks ctx (bytesLeft - actuallyProcessed) (dataPtr `plusPtr` actuallyProcessed)
where
actuallyProcessed = min bytesLeft (fromIntegral (maxBound :: Int32))
-- | Finalize a context and return a digest.
hashFinalize :: forall a . HashAlgorithm a
@ -112,24 +94,6 @@ hashFinalize !c =
((!_) :: B.Bytes) <- B.copy c $ \(ctx :: Ptr (Context a)) -> hashInternalFinalize ctx dig
return ()
-- | Update the context with the first N bytes of a bytestring and return the
-- digest. The code path is independent from N but much slower than a normal
-- 'hashUpdate'. The function can be called for the last bytes of a message, in
-- order to exclude a variable padding, without leaking the padding length. The
-- begining of the message, never impacted by the padding, should preferably go
-- through 'hashUpdate' for better performance.
hashFinalizePrefix :: forall a ba . (HashAlgorithmPrefix a, ByteArrayAccess ba)
=> Context a
-> ba
-> Int
-> Digest a
hashFinalizePrefix !c b len =
Digest $ B.allocAndFreeze (hashDigestSize (undefined :: a)) $ \(dig :: Ptr (Digest a)) -> do
((!_) :: B.Bytes) <- B.copy c $ \(ctx :: Ptr (Context a)) ->
B.withByteArray b $ \d ->
hashInternalFinalizePrefix ctx d (fromIntegral $ B.length b) (fromIntegral len) dig
return ()
-- | Initialize a new context for a specified hash algorithm
hashInitWith :: HashAlgorithm alg => alg -> Context alg
hashInitWith _ = hashInit
@ -138,10 +102,6 @@ hashInitWith _ = hashInit
hashWith :: (ByteArrayAccess ba, HashAlgorithm alg) => alg -> ba -> Digest alg
hashWith _ = hash
-- | Run the 'hashPrefix' function but takes an explicit hash algorithm parameter
hashPrefixWith :: (ByteArrayAccess ba, HashAlgorithmPrefix alg) => alg -> ba -> Int -> Digest alg
hashPrefixWith _ = hashPrefix
-- | Try to transform a bytearray into a Digest of specific algorithm.
--
-- If the digest is not the right size for the algorithm specified, then
@ -161,16 +121,3 @@ digestFromByteString = from undefined
unsafeFreeze muArray
where
count = CountOf (B.length ba)
hashPutContext :: forall a ba. (HashAlgorithmResumable a, ByteArray ba) => Context a -> ba
hashPutContext !c = B.allocAndFreeze (hashInternalContextSize (undefined :: a)) $ \(ptr :: Ptr Word8) ->
B.withByteArray c $ \(ctx :: Ptr (Context a)) -> hashInternalPutContextBE ctx ptr
hashGetContext :: forall a ba. (HashAlgorithmResumable a, ByteArrayAccess ba) => ba -> Maybe (Context a)
hashGetContext = from undefined
where
from :: a -> ba -> Maybe (Context a)
from alg bs
| B.length bs == (hashInternalContextSize alg) = Just $ Context $ B.allocAndFreeze (B.length bs) $ \(ctx :: Ptr (Context a)) ->
B.withByteArray bs $ \ptr -> hashInternalGetContextBE ptr ctx
| otherwise = Nothing

4
Crypto/Hash/Algorithms.hs
View File

@ -9,8 +9,6 @@
--
module Crypto.Hash.Algorithms
( HashAlgorithm
, HashAlgorithmPrefix
, HashAlgorithmResumable
-- * Hash algorithms
, Blake2s_160(..)
, Blake2s_224(..)
@ -56,7 +54,7 @@ module Crypto.Hash.Algorithms
, Whirlpool(..)
) where
import Crypto.Hash.Types (HashAlgorithm, HashAlgorithmPrefix, HashAlgorithmResumable)
import Crypto.Hash.Types (HashAlgorithm)
import Crypto.Hash.Blake2s
import Crypto.Hash.Blake2sp
import Crypto.Hash.Blake2b

5
Crypto/Hash/IO.hs
View File

@ -24,11 +24,6 @@ import qualified Crypto.Internal.ByteArray as B
import Foreign.Ptr
-- | A Mutable hash context
--
-- This type is an instance of 'B.ByteArrayAccess' for debugging purpose.
-- Internal layout is architecture dependent, may contain uninitialized data
-- fragments, and change in future versions. The bytearray should not be used
-- as input to cryptographic algorithms.
newtype MutableContext a = MutableContext B.Bytes
deriving (B.ByteArrayAccess)

22
Crypto/Hash/Keccak.hs
View File

@ -37,10 +37,6 @@ instance HashAlgorithm Keccak_224 where
hashInternalUpdate = c_keccak_update
hashInternalFinalize p = c_keccak_finalize p 224
instance HashAlgorithmResumable Keccak_224 where
hashInternalPutContextBE = c_sha3_ctx_to_be
hashInternalGetContextBE = c_sha3_be_to_ctx
-- | Keccak (256 bits) cryptographic hash algorithm
data Keccak_256 = Keccak_256
deriving (Show,Data)
@ -56,10 +52,6 @@ instance HashAlgorithm Keccak_256 where
hashInternalUpdate = c_keccak_update
hashInternalFinalize p = c_keccak_finalize p 256
instance HashAlgorithmResumable Keccak_256 where
hashInternalPutContextBE = c_sha3_ctx_to_be
hashInternalGetContextBE = c_sha3_be_to_ctx
-- | Keccak (384 bits) cryptographic hash algorithm
data Keccak_384 = Keccak_384
deriving (Show,Data)
@ -75,10 +67,6 @@ instance HashAlgorithm Keccak_384 where
hashInternalUpdate = c_keccak_update
hashInternalFinalize p = c_keccak_finalize p 384
instance HashAlgorithmResumable Keccak_384 where
hashInternalPutContextBE = c_sha3_ctx_to_be
hashInternalGetContextBE = c_sha3_be_to_ctx
-- | Keccak (512 bits) cryptographic hash algorithm
data Keccak_512 = Keccak_512
deriving (Show,Data)
@ -94,10 +82,6 @@ instance HashAlgorithm Keccak_512 where
hashInternalUpdate = c_keccak_update
hashInternalFinalize p = c_keccak_finalize p 512
instance HashAlgorithmResumable Keccak_512 where
hashInternalPutContextBE = c_sha3_ctx_to_be
hashInternalGetContextBE = c_sha3_be_to_ctx
foreign import ccall unsafe "cryptonite_keccak_init"
c_keccak_init :: Ptr (Context a) -> Word32 -> IO ()
@ -107,9 +91,3 @@ foreign import ccall "cryptonite_keccak_update"
foreign import ccall unsafe "cryptonite_keccak_finalize"
c_keccak_finalize :: Ptr (Context a) -> Word32 -> Ptr (Digest a) -> IO ()
foreign import ccall unsafe "cryptonite_sha3_ctx_to_be"
c_sha3_ctx_to_be :: Ptr (Context a) -> Ptr Word8 -> IO ()
foreign import ccall unsafe "cryptonite_sha3_be_to_ctx"
c_sha3_be_to_ctx :: Ptr Word8 -> Ptr (Context a) -> IO ()

6
Crypto/Hash/MD5.hs
View File

@ -34,9 +34,6 @@ instance HashAlgorithm MD5 where
hashInternalUpdate = c_md5_update
hashInternalFinalize = c_md5_finalize
instance HashAlgorithmPrefix MD5 where
hashInternalFinalizePrefix = c_md5_finalize_prefix
foreign import ccall unsafe "cryptonite_md5_init"
c_md5_init :: Ptr (Context a)-> IO ()
@ -45,6 +42,3 @@ foreign import ccall "cryptonite_md5_update"
foreign import ccall unsafe "cryptonite_md5_finalize"
c_md5_finalize :: Ptr (Context a) -> Ptr (Digest a) -> IO ()
foreign import ccall "cryptonite_md5_finalize_prefix"
c_md5_finalize_prefix :: Ptr (Context a) -> Ptr Word8 -> Word32 -> Word32 -> Ptr (Digest a) -> IO ()

6
Crypto/Hash/SHA1.hs
View File

@ -34,9 +34,6 @@ instance HashAlgorithm SHA1 where
hashInternalUpdate = c_sha1_update
hashInternalFinalize = c_sha1_finalize
instance HashAlgorithmPrefix SHA1 where
hashInternalFinalizePrefix = c_sha1_finalize_prefix
foreign import ccall unsafe "cryptonite_sha1_init"
c_sha1_init :: Ptr (Context a)-> IO ()
@ -45,6 +42,3 @@ foreign import ccall "cryptonite_sha1_update"
foreign import ccall unsafe "cryptonite_sha1_finalize"
c_sha1_finalize :: Ptr (Context a) -> Ptr (Digest a) -> IO ()
foreign import ccall "cryptonite_sha1_finalize_prefix"
c_sha1_finalize_prefix :: Ptr (Context a) -> Ptr Word8 -> Word32 -> Word32 -> Ptr (Digest a) -> IO ()

6
Crypto/Hash/SHA224.hs
View File

@ -34,9 +34,6 @@ instance HashAlgorithm SHA224 where
hashInternalUpdate = c_sha224_update
hashInternalFinalize = c_sha224_finalize
instance HashAlgorithmPrefix SHA224 where
hashInternalFinalizePrefix = c_sha224_finalize_prefix
foreign import ccall unsafe "cryptonite_sha224_init"
c_sha224_init :: Ptr (Context a)-> IO ()
@ -45,6 +42,3 @@ foreign import ccall "cryptonite_sha224_update"
foreign import ccall unsafe "cryptonite_sha224_finalize"
c_sha224_finalize :: Ptr (Context a) -> Ptr (Digest a) -> IO ()
foreign import ccall "cryptonite_sha224_finalize_prefix"
c_sha224_finalize_prefix :: Ptr (Context a) -> Ptr Word8 -> Word32 -> Word32 -> Ptr (Digest a) -> IO ()

6
Crypto/Hash/SHA256.hs
View File

@ -34,9 +34,6 @@ instance HashAlgorithm SHA256 where
hashInternalUpdate = c_sha256_update
hashInternalFinalize = c_sha256_finalize
instance HashAlgorithmPrefix SHA256 where
hashInternalFinalizePrefix = c_sha256_finalize_prefix
foreign import ccall unsafe "cryptonite_sha256_init"
c_sha256_init :: Ptr (Context a)-> IO ()
@ -45,6 +42,3 @@ foreign import ccall "cryptonite_sha256_update"
foreign import ccall unsafe "cryptonite_sha256_finalize"
c_sha256_finalize :: Ptr (Context a) -> Ptr (Digest a) -> IO ()
foreign import ccall "cryptonite_sha256_finalize_prefix"
c_sha256_finalize_prefix :: Ptr (Context a) -> Ptr Word8 -> Word32 -> Word32 -> Ptr (Digest a) -> IO ()

22
Crypto/Hash/SHA3.hs
View File

@ -37,10 +37,6 @@ instance HashAlgorithm SHA3_224 where
hashInternalUpdate = c_sha3_update
hashInternalFinalize p = c_sha3_finalize p 224
instance HashAlgorithmResumable SHA3_224 where
hashInternalPutContextBE = c_sha3_ctx_to_be
hashInternalGetContextBE = c_sha3_be_to_ctx
-- | SHA3 (256 bits) cryptographic hash algorithm
data SHA3_256 = SHA3_256
deriving (Show,Data)
@ -56,10 +52,6 @@ instance HashAlgorithm SHA3_256 where
hashInternalUpdate = c_sha3_update
hashInternalFinalize p = c_sha3_finalize p 256
instance HashAlgorithmResumable SHA3_256 where
hashInternalPutContextBE = c_sha3_ctx_to_be
hashInternalGetContextBE = c_sha3_be_to_ctx
-- | SHA3 (384 bits) cryptographic hash algorithm
data SHA3_384 = SHA3_384
deriving (Show,Data)
@ -75,10 +67,6 @@ instance HashAlgorithm SHA3_384 where
hashInternalUpdate = c_sha3_update
hashInternalFinalize p = c_sha3_finalize p 384
instance HashAlgorithmResumable SHA3_384 where
hashInternalPutContextBE = c_sha3_ctx_to_be
hashInternalGetContextBE = c_sha3_be_to_ctx
-- | SHA3 (512 bits) cryptographic hash algorithm
data SHA3_512 = SHA3_512
deriving (Show,Data)
@ -94,10 +82,6 @@ instance HashAlgorithm SHA3_512 where
hashInternalUpdate = c_sha3_update
hashInternalFinalize p = c_sha3_finalize p 512
instance HashAlgorithmResumable SHA3_512 where
hashInternalPutContextBE = c_sha3_ctx_to_be
hashInternalGetContextBE = c_sha3_be_to_ctx
foreign import ccall unsafe "cryptonite_sha3_init"
c_sha3_init :: Ptr (Context a) -> Word32 -> IO ()
@ -107,9 +91,3 @@ foreign import ccall "cryptonite_sha3_update"
foreign import ccall unsafe "cryptonite_sha3_finalize"
c_sha3_finalize :: Ptr (Context a) -> Word32 -> Ptr (Digest a) -> IO ()
foreign import ccall unsafe "cryptonite_sha3_ctx_to_be"
c_sha3_ctx_to_be :: Ptr (Context a) -> Ptr Word8 -> IO ()
foreign import ccall unsafe "cryptonite_sha3_be_to_ctx"
c_sha3_be_to_ctx :: Ptr Word8 -> Ptr (Context a) -> IO ()

6
Crypto/Hash/SHA384.hs
View File

@ -34,9 +34,6 @@ instance HashAlgorithm SHA384 where
hashInternalUpdate = c_sha384_update
hashInternalFinalize = c_sha384_finalize
instance HashAlgorithmPrefix SHA384 where
hashInternalFinalizePrefix = c_sha384_finalize_prefix
foreign import ccall unsafe "cryptonite_sha384_init"
c_sha384_init :: Ptr (Context a)-> IO ()
@ -45,6 +42,3 @@ foreign import ccall "cryptonite_sha384_update"
foreign import ccall unsafe "cryptonite_sha384_finalize"
c_sha384_finalize :: Ptr (Context a) -> Ptr (Digest a) -> IO ()
foreign import ccall "cryptonite_sha384_finalize_prefix"
c_sha384_finalize_prefix :: Ptr (Context a) -> Ptr Word8 -> Word32 -> Word32 -> Ptr (Digest a) -> IO ()

6
Crypto/Hash/SHA512.hs
View File

@ -34,9 +34,6 @@ instance HashAlgorithm SHA512 where
hashInternalUpdate = c_sha512_update
hashInternalFinalize = c_sha512_finalize
instance HashAlgorithmPrefix SHA512 where
hashInternalFinalizePrefix = c_sha512_finalize_prefix
foreign import ccall unsafe "cryptonite_sha512_init"
c_sha512_init :: Ptr (Context a)-> IO ()
@ -45,6 +42,3 @@ foreign import ccall "cryptonite_sha512_update"
foreign import ccall unsafe "cryptonite_sha512_finalize"
c_sha512_finalize :: Ptr (Context a) -> Ptr (Digest a) -> IO ()
foreign import ccall "cryptonite_sha512_finalize_prefix"
c_sha512_finalize_prefix :: Ptr (Context a) -> Ptr Word8 -> Word32 -> Word32 -> Ptr (Digest a) -> IO ()

14
Crypto/Hash/SHAKE.hs
View File

@ -62,10 +62,6 @@ instance KnownNat bitlen => HashSHAKE (SHAKE128 bitlen) where
cshakeInternalFinalize = cshakeFinalizeOutput (Proxy :: Proxy bitlen)
cshakeOutputLength _ = integralNatVal (Proxy :: Proxy bitlen)
instance KnownNat bitlen => HashAlgorithmResumable (SHAKE128 bitlen) where
hashInternalPutContextBE = c_sha3_ctx_to_be
hashInternalGetContextBE = c_sha3_be_to_ctx
-- | SHAKE256 (256 bits) extendable output function. Supports an arbitrary
-- digest size, to be specified as a type parameter of kind 'Nat'.
--
@ -90,10 +86,6 @@ instance KnownNat bitlen => HashSHAKE (SHAKE256 bitlen) where
cshakeInternalFinalize = cshakeFinalizeOutput (Proxy :: Proxy bitlen)
cshakeOutputLength _ = integralNatVal (Proxy :: Proxy bitlen)
instance KnownNat bitlen => HashAlgorithmResumable (SHAKE256 bitlen) where
hashInternalPutContextBE = c_sha3_ctx_to_be
hashInternalGetContextBE = c_sha3_be_to_ctx
shakeFinalizeOutput :: KnownNat bitlen
=> proxy bitlen
-> Ptr (Context a)
@ -137,9 +129,3 @@ foreign import ccall unsafe "cryptonite_sha3_finalize_cshake"
foreign import ccall unsafe "cryptonite_sha3_output"
c_sha3_output :: Ptr (Context a) -> Ptr (Digest a) -> Word32 -> IO ()
foreign import ccall unsafe "cryptonite_sha3_ctx_to_be"
c_sha3_ctx_to_be :: Ptr (Context a) -> Ptr Word8 -> IO ()
foreign import ccall unsafe "cryptonite_sha3_be_to_ctx"
c_sha3_be_to_ctx :: Ptr Word8 -> Ptr (Context a) -> IO ()

21
Crypto/Hash/Types.hs
View File

@ -14,8 +14,6 @@
{-# LANGUAGE TypeFamilies #-}
module Crypto.Hash.Types
( HashAlgorithm(..)
, HashAlgorithmPrefix(..)
, HashAlgorithmResumable(..)
, Context(..)
, Digest(..)
) where
@ -61,31 +59,12 @@ class HashAlgorithm a where
-- | Finalize the context and set the digest raw memory to the right value
hashInternalFinalize :: Ptr (Context a) -> Ptr (Digest a) -> IO ()
-- | Hashing algorithms with a constant-time implementation.
class HashAlgorithm a => HashAlgorithmPrefix a where
-- | Update the context with the first N bytes of a buffer and finalize this
-- context. The code path executed is independent from N and depends only
-- on the complete buffer length.
hashInternalFinalizePrefix :: Ptr (Context a)
-> Ptr Word8 -> Word32
-> Word32
-> Ptr (Digest a)
-> IO ()
class HashAlgorithm a => HashAlgorithmResumable a where
hashInternalPutContextBE :: Ptr (Context a) -> Ptr Word8 -> IO ()
hashInternalGetContextBE :: Ptr Word8 -> Ptr (Context a) -> IO ()
{-
hashContextGetAlgorithm :: HashAlgorithm a => Context a -> a
hashContextGetAlgorithm = undefined
-}
-- | Represent a context for a given hash algorithm.
--
-- This type is an instance of 'ByteArrayAccess' for debugging purpose. Internal
-- layout is architecture dependent, may contain uninitialized data fragments,
-- and change in future versions. The bytearray should not be used as input to
-- cryptographic algorithms.
newtype Context a = Context Bytes
deriving (ByteArrayAccess,NFData)

53
Crypto/Internal/Builder.hs
View File

@ -1,53 +0,0 @@
-- |
-- Module : Crypto.Internal.Builder
-- License : BSD-style
-- Maintainer : Olivier Chéron <olivier.cheron@gmail.com>
-- Stability : stable
-- Portability : Good
--
-- Delaying and merging ByteArray allocations. This is similar to module
-- "Data.ByteArray.Pack" except the total length is computed automatically based
-- on what is appended.
--
{-# LANGUAGE BangPatterns #-}
module Crypto.Internal.Builder
( Builder
, buildAndFreeze
, builderLength
, byte
, bytes
, zero
) where
import Data.ByteArray (ByteArray, ByteArrayAccess)
import qualified Data.ByteArray as B
import Data.Memory.PtrMethods (memSet)
import Foreign.Ptr (Ptr, plusPtr)
import Foreign.Storable (poke)
import Crypto.Internal.Imports hiding (empty)
data Builder = Builder !Int (Ptr Word8 -> IO ()) -- size and initializer
instance Semigroup Builder where
(Builder s1 f1) <> (Builder s2 f2) = Builder (s1 + s2) f
where f p = f1 p >> f2 (p `plusPtr` s1)
builderLength :: Builder -> Int
builderLength (Builder s _) = s
buildAndFreeze :: ByteArray ba => Builder -> ba
buildAndFreeze (Builder s f) = B.allocAndFreeze s f
byte :: Word8 -> Builder
byte !b = Builder 1 (`poke` b)
bytes :: ByteArrayAccess ba => ba -> Builder
bytes bs = Builder (B.length bs) (B.copyByteArrayToPtr bs)
zero :: Int -> Builder
zero s = if s > 0 then Builder s (\p -> memSet p 0 s) else empty
empty :: Builder
empty = Builder 0 (const $ return ())

25
Crypto/Internal/CompatPrim.hs
View File

@ -23,21 +23,15 @@ module Crypto.Internal.CompatPrim
, convert4To32
) where
import GHC.Prim
#if !defined(ARCH_IS_LITTLE_ENDIAN) && !defined(ARCH_IS_BIG_ENDIAN)
import Data.Memory.Endian (getSystemEndianness, Endianness(..))
#endif
#if __GLASGOW_HASKELL__ >= 902
import GHC.Prim
#else
import GHC.Prim hiding (Word32#)
type Word32# = Word#
#endif
-- | Byteswap Word# to or from Big Endian
--
-- On a big endian machine, this function is a nop.
be32Prim :: Word32# -> Word32#
be32Prim :: Word# -> Word#
#ifdef ARCH_IS_LITTLE_ENDIAN
be32Prim = byteswap32Prim
#elif defined(ARCH_IS_BIG_ENDIAN)
@ -49,7 +43,7 @@ be32Prim w = if getSystemEndianness == LittleEndian then byteswap32Prim w else w
-- | Byteswap Word# to or from Little Endian
--
-- On a little endian machine, this function is a nop.
le32Prim :: Word32# -> Word32#
le32Prim :: Word# -> Word#
#ifdef ARCH_IS_LITTLE_ENDIAN
le32Prim w = w
#elif defined(ARCH_IS_BIG_ENDIAN)
@ -60,11 +54,16 @@ le32Prim w = if getSystemEndianness == LittleEndian then w else byteswap32Prim w
-- | Simple compatibility for byteswap the lower 32 bits of a Word#
-- at the primitive level
byteswap32Prim :: Word32# -> Word32#
#if __GLASGOW_HASKELL__ >= 902
byteswap32Prim w = wordToWord32# (byteSwap32# (word32ToWord# w))
#else
byteswap32Prim :: Word# -> Word#
#if __GLASGOW_HASKELL__ >= 708
byteswap32Prim w = byteSwap32# w
#else
byteswap32Prim w =
let !a = uncheckedShiftL# w 24#
!b = and# (uncheckedShiftL# w 8#) 0x00ff0000##
!c = and# (uncheckedShiftRL# w 8#) 0x0000ff00##
!d = and# (uncheckedShiftRL# w 24#) 0x000000ff##
in or# a (or# b (or# c d))
#endif
-- | Combine 4 word8 [a,b,c,d] to a word32 representing [a,b,c,d]

4
Crypto/Internal/Imports.hs
View File

@ -5,15 +5,11 @@
-- Stability : experimental
-- Portability : unknown
--
{-# LANGUAGE CPP #-}
module Crypto.Internal.Imports
( module X
) where
import Data.Word as X
#if !(MIN_VERSION_base(4,11,0))
import Data.Semigroup as X (Semigroup(..))
#endif
import Control.Applicative as X
import Control.Monad as X (forM, forM_, void)
import Control.Arrow as X (first, second)

11
Crypto/MAC/HMAC.hs
View File

@ -12,7 +12,6 @@
{-# LANGUAGE GeneralizedNewtypeDeriving #-}
module Crypto.MAC.HMAC
( hmac
, hmacLazy
, HMAC(..)
-- * Incremental
, Context(..)
@ -29,7 +28,6 @@ import Crypto.Internal.ByteArray (ScrubbedBytes, ByteArrayAccess)
import qualified Crypto.Internal.ByteArray as B
import Data.Memory.PtrMethods
import Crypto.Internal.Compat
import qualified Data.ByteString.Lazy as L
-- | Represent an HMAC that is a phantom type with the hash used to produce the mac.
--
@ -41,20 +39,13 @@ newtype HMAC a = HMAC { hmacGetDigest :: Digest a }
instance Eq (HMAC a) where
(HMAC b1) == (HMAC b2) = B.constEq b1 b2
-- | Compute a MAC using the supplied hashing function
-- | compute a MAC using the supplied hashing function
hmac :: (ByteArrayAccess key, ByteArrayAccess message, HashAlgorithm a)
=> key -- ^ Secret key
-> message -- ^ Message to MAC
-> HMAC a
hmac secret msg = finalize $ updates (initialize secret) [msg]
-- | Compute a MAC using the supplied hashing function, for a lazy input
hmacLazy :: (ByteArrayAccess key, HashAlgorithm a)
=> key -- ^ Secret key
-> L.ByteString -- ^ Message to MAC
-> HMAC a
hmacLazy secret msg = finalize $ updates (initialize secret) (L.toChunks msg)
-- | Represent an ongoing HMAC state, that can be appended with 'update'
-- and finalize to an HMAC with 'hmacFinalize'
data Context hashalg = Context !(Hash.Context hashalg) !(Hash.Context hashalg)

53
Crypto/MAC/KMAC.hs
View File

@ -27,12 +27,13 @@ import qualified Crypto.Hash as H
import Crypto.Hash.SHAKE (HashSHAKE(..))
import Crypto.Hash.Types (HashAlgorithm(..), Digest(..))
import qualified Crypto.Hash.Types as H
import Crypto.Internal.Builder
import Crypto.Internal.Imports
import Foreign.Ptr (Ptr)
import Foreign.Ptr (Ptr, plusPtr)
import Foreign.Storable (poke)
import Data.Bits (shiftR)
import Data.ByteArray (ByteArrayAccess)
import Data.ByteArray (ByteArray, ByteArrayAccess)
import qualified Data.ByteArray as B
import Data.Word (Word8)
import Data.Memory.PtrMethods (memSet)
-- cSHAKE
@ -46,8 +47,8 @@ cshakeInit n s p = H.Context $ B.allocAndFreeze c $ \(ptr :: Ptr (H.Context a))
where
c = hashInternalContextSize (undefined :: a)
w = hashBlockSize (undefined :: a)
x = encodeString n <> encodeString s
b = buildAndFreeze (bytepad x w) :: B.Bytes
x = encodeString n <+> encodeString s
b = builderAllocAndFreeze (bytepad x w) :: B.Bytes
cshakeUpdate :: (HashSHAKE a, ByteArrayAccess ba)
=> H.Context a -> ba -> H.Context a
@ -76,7 +77,7 @@ cshakeFinalize !c s =
-- The Eq instance is constant time. No Show instance is provided, to avoid
-- printing by mistake.
newtype KMAC a = KMAC { kmacGetDigest :: Digest a }
deriving (ByteArrayAccess,NFData)
deriving ByteArrayAccess
instance Eq (KMAC a) where
(KMAC b1) == (KMAC b2) = B.constEq b1 b2
@ -98,7 +99,7 @@ initialize str key = Context $ cshakeInit n str p
where
n = B.pack [75,77,65,67] :: B.Bytes -- "KMAC"
w = hashBlockSize (undefined :: a)
p = buildAndFreeze (bytepad (encodeString key) w) :: B.ScrubbedBytes
p = builderAllocAndFreeze (bytepad (encodeString key) w) :: B.ScrubbedBytes
-- | Incrementally update a KMAC context.
update :: (HashSHAKE a, ByteArrayAccess ba) => Context a -> ba -> Context a
@ -113,32 +114,56 @@ finalize :: forall a . HashSHAKE a => Context a -> KMAC a
finalize (Context ctx) = KMAC $ cshakeFinalize ctx suffix
where
l = cshakeOutputLength (undefined :: a)
suffix = buildAndFreeze (rightEncode l) :: B.Bytes
suffix = builderAllocAndFreeze (rightEncode l) :: B.Bytes
-- Utilities
bytepad :: Builder -> Int -> Builder
bytepad x w = prefix <> x <> zero padLen
bytepad x w = prefix <+> x <+> zero padLen
where
prefix = leftEncode w
padLen = (w - builderLength prefix - builderLength x) `mod` w
encodeString :: ByteArrayAccess bin => bin -> Builder
encodeString s = leftEncode (8 * B.length s) <> bytes s
encodeString s = leftEncode (8 * B.length s) <+> bytes s
leftEncode :: Int -> Builder
leftEncode x = byte len <> digits
leftEncode x = byte len <+> digits
where
digits = i2osp x
len = fromIntegral (builderLength digits)
rightEncode :: Int -> Builder
rightEncode x = digits <> byte len
rightEncode x = digits <+> byte len
where
digits = i2osp x
len = fromIntegral (builderLength digits)
i2osp :: Int -> Builder
i2osp i | i >= 256 = i2osp (shiftR i 8) <> byte (fromIntegral i)
i2osp i | i >= 256 = i2osp (shiftR i 8) <+> byte (fromIntegral i)
| otherwise = byte (fromIntegral i)
-- Delaying and merging ByteArray allocations
data Builder = Builder !Int (Ptr Word8 -> IO ()) -- size and initializer
(<+>) :: Builder -> Builder -> Builder
(Builder s1 f1) <+> (Builder s2 f2) = Builder (s1 + s2) f
where f p = f1 p >> f2 (p `plusPtr` s1)
builderLength :: Builder -> Int
builderLength (Builder s _) = s
builderAllocAndFreeze :: ByteArray ba => Builder -> ba
builderAllocAndFreeze (Builder s f) = B.allocAndFreeze s f
byte :: Word8 -> Builder
byte !b = Builder 1 (`poke` b)
bytes :: ByteArrayAccess ba => ba -> Builder
bytes bs = Builder (B.length bs) (B.copyByteArrayToPtr bs)
zero :: Int -> Builder
zero s = Builder s (\p -> memSet p 0 s)

5
Crypto/MAC/Poly1305.hs
View File

@ -33,11 +33,6 @@ import Crypto.Internal.DeepSeq
import Crypto.Error
-- | Poly1305 State
--
-- This type is an instance of 'ByteArrayAccess' for debugging purpose. Internal
-- layout is architecture dependent, may contain uninitialized data fragments,
-- and change in future versions. The bytearray should not be used as input to
-- cryptographic algorithms.
newtype State = State ScrubbedBytes
deriving (ByteArrayAccess)

12
Crypto/Number/Compat.hs
View File

@ -72,9 +72,7 @@ gmpLog2 _ = GmpUnsupported
-- | Compute the power modulus using extra security to remain constant
-- time wise through GMP
gmpPowModSecInteger :: Integer -> Integer -> Integer -> GmpSupported Integer
#if MIN_VERSION_integer_gmp(1,1,0)
gmpPowModSecInteger _ _ _ = GmpUnsupported
#elif MIN_VERSION_integer_gmp(1,0,2)
#if MIN_VERSION_integer_gmp(1,0,2)
gmpPowModSecInteger b e m = GmpSupported (powModSecInteger b e m)
#elif MIN_VERSION_integer_gmp(1,0,0)
gmpPowModSecInteger _ _ _ = GmpUnsupported
@ -105,9 +103,7 @@ gmpInverse _ _ = GmpUnsupported
-- | Get the next prime from a specific value through GMP
gmpNextPrime :: Integer -> GmpSupported Integer
#if MIN_VERSION_integer_gmp(1,1,0)
gmpNextPrime _ = GmpUnsupported
#elif MIN_VERSION_integer_gmp(0,5,1)
#if MIN_VERSION_integer_gmp(0,5,1)
gmpNextPrime n = GmpSupported (nextPrimeInteger n)
#else
gmpNextPrime _ = GmpUnsupported
@ -115,9 +111,7 @@ gmpNextPrime _ = GmpUnsupported
-- | Test if a number is prime using Miller Rabin
gmpTestPrimeMillerRabin :: Int -> Integer -> GmpSupported Bool
#if MIN_VERSION_integer_gmp(1,1,0)
gmpTestPrimeMillerRabin _ _ = GmpUnsupported
#elif MIN_VERSION_integer_gmp(0,5,1)
#if MIN_VERSION_integer_gmp(0,5,1)
gmpTestPrimeMillerRabin (I# tries) !n = GmpSupported $
case testPrimeInteger n tries of
0# -> False

390
Crypto/PubKey/EdDSA.hs
View File

@ -1,390 +0,0 @@
-- |
-- Module : Crypto.PubKey.EdDSA
-- License : BSD-style
-- Maintainer : Olivier Chéron <olivier.cheron@gmail.com>
-- Stability : experimental
-- Portability : unknown
--
-- EdDSA signature generation and verification, implemented in Haskell and
-- parameterized with elliptic curve and hash algorithm. Only edwards25519 is
-- supported at the moment.
--
-- The module provides \"context\" and \"prehash\" variants defined in
-- <https://tools.ietf.org/html/rfc8032 RFC 8032>.
--
-- This implementation is most useful when wanting to customize the hash
-- algorithm. See module "Crypto.PubKey.Ed25519" for faster Ed25519 with
-- SHA-512.
--
{-# LANGUAGE DataKinds #-}
{-# LANGUAGE FlexibleContexts #-}
{-# LANGUAGE GeneralizedNewtypeDeriving #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RankNTypes #-}
{-# LANGUAGE ScopedTypeVariables #-}
{-# LANGUAGE TypeFamilies #-}
module Crypto.PubKey.EdDSA
( SecretKey
, PublicKey
, Signature
-- * Curves with EdDSA implementation
, EllipticCurveEdDSA(CurveDigestSize)
, publicKeySize
, secretKeySize
, signatureSize
-- * Smart constructors
, signature
, publicKey
, secretKey
-- * Methods
, toPublic
, sign
, signCtx
, signPh
, verify
, verifyCtx
, verifyPh
, generateSecretKey
) where
import Data.Bits
import Data.ByteArray (ByteArray, ByteArrayAccess, Bytes, ScrubbedBytes, View)
import qualified Data.ByteArray as B
import Data.ByteString (ByteString)
import Data.Proxy
import Crypto.ECC
import qualified Crypto.ECC.Edwards25519 as Edwards25519
import Crypto.Error
import Crypto.Hash (Digest)
import Crypto.Hash.IO
import Crypto.Random
import GHC.TypeLits (KnownNat, Nat)
import Crypto.Internal.Builder
import Crypto.Internal.Compat
import Crypto.Internal.Imports
import Crypto.Internal.Nat (integralNatVal)
import Foreign.Storable
-- API
-- | An EdDSA Secret key
newtype SecretKey curve = SecretKey ScrubbedBytes
deriving (Show,Eq,ByteArrayAccess,NFData)
-- | An EdDSA public key
newtype PublicKey curve hash = PublicKey Bytes
deriving (Show,Eq,ByteArrayAccess,NFData)
-- | An EdDSA signature
newtype Signature curve hash = Signature Bytes
deriving (Show,Eq,ByteArrayAccess,NFData)
-- | Elliptic curves with an implementation of EdDSA
class ( EllipticCurveBasepointArith curve
, KnownNat (CurveDigestSize curve)
) => EllipticCurveEdDSA curve where
-- | Size of the digest for this curve (in bytes)
type CurveDigestSize curve :: Nat
-- | Size of secret keys for this curve (in bytes)
secretKeySize :: proxy curve -> Int
-- hash with specified parameters
hashWithDom :: (HashAlgorithm hash, ByteArrayAccess ctx, ByteArrayAccess msg)
=> proxy curve -> hash -> Bool -> ctx -> Builder -> msg -> Bytes
-- conversion between scalar, point and public key
pointPublic :: proxy curve -> Point curve -> PublicKey curve hash
publicPoint :: proxy curve -> PublicKey curve hash -> CryptoFailable (Point curve)
encodeScalarLE :: ByteArray bs => proxy curve -> Scalar curve -> bs
decodeScalarLE :: ByteArrayAccess bs => proxy curve -> bs -> CryptoFailable (Scalar curve)
-- how to use bits in a secret key
scheduleSecret :: ( HashAlgorithm hash
, HashDigestSize hash ~ CurveDigestSize curve
)
=> proxy curve
-> hash
-> SecretKey curve
-> (Scalar curve, View Bytes)
-- | Size of public keys for this curve (in bytes)
publicKeySize :: EllipticCurveEdDSA curve => proxy curve -> Int
publicKeySize prx = signatureSize prx `div` 2
-- | Size of signatures for this curve (in bytes)
signatureSize :: forall proxy curve . EllipticCurveEdDSA curve
=> proxy curve -> Int
signatureSize _ = integralNatVal (Proxy :: Proxy (CurveDigestSize curve))
-- Constructors
-- | Try to build a public key from a bytearray
publicKey :: ( EllipticCurveEdDSA curve
, HashAlgorithm hash
, HashDigestSize hash ~ CurveDigestSize curve
, ByteArrayAccess ba
)
=> proxy curve -> hash -> ba -> CryptoFailable (PublicKey curve hash)
publicKey prx _ bs
| B.length bs == publicKeySize prx =
CryptoPassed (PublicKey $ B.convert bs)
| otherwise =
CryptoFailed CryptoError_PublicKeySizeInvalid
-- | Try to build a secret key from a bytearray
secretKey :: (EllipticCurveEdDSA curve, ByteArrayAccess ba)
=> proxy curve -> ba -> CryptoFailable (SecretKey curve)
secretKey prx bs
| B.length bs == secretKeySize prx =
CryptoPassed (SecretKey $ B.convert bs)
| otherwise =
CryptoFailed CryptoError_SecretKeyStructureInvalid
-- | Try to build a signature from a bytearray
signature :: ( EllipticCurveEdDSA curve
, HashAlgorithm hash
, HashDigestSize hash ~ CurveDigestSize curve
, ByteArrayAccess ba
)
=> proxy curve -> hash -> ba -> CryptoFailable (Signature curve hash)
signature prx _ bs
| B.length bs == signatureSize prx =
CryptoPassed (Signature $ B.convert bs)
| otherwise =
CryptoFailed CryptoError_SecretKeyStructureInvalid
-- Conversions
-- | Generate a secret key
generateSecretKey :: (EllipticCurveEdDSA curve, MonadRandom m)
=> proxy curve -> m (SecretKey curve)
generateSecretKey prx = SecretKey <$> getRandomBytes (secretKeySize prx)
-- | Create a public key from a secret key
toPublic :: ( EllipticCurveEdDSA curve
, HashAlgorithm hash
, HashDigestSize hash ~ CurveDigestSize curve
)
=> proxy curve -> hash -> SecretKey curve -> PublicKey curve hash
toPublic prx alg priv =
let p = pointBaseSmul prx (secretScalar prx alg priv)
in pointPublic prx p
secretScalar :: ( EllipticCurveEdDSA curve
, HashAlgorithm hash
, HashDigestSize hash ~ CurveDigestSize curve
)
=> proxy curve -> hash -> SecretKey curve -> Scalar curve
secretScalar prx alg priv = fst (scheduleSecret prx alg priv)
-- EdDSA signature generation & verification
-- | Sign a message using the key pair
sign :: ( EllipticCurveEdDSA curve
, HashAlgorithm hash
, HashDigestSize hash ~ CurveDigestSize curve
, ByteArrayAccess msg
)
=> proxy curve -> SecretKey curve -> PublicKey curve hash -> msg -> Signature curve hash
sign prx = signCtx prx emptyCtx
-- | Verify a message
verify :: ( EllipticCurveEdDSA curve
, HashAlgorithm hash
, HashDigestSize hash ~ CurveDigestSize curve
, ByteArrayAccess msg
)
=> proxy curve -> PublicKey curve hash -> msg -> Signature curve hash -> Bool
verify prx = verifyCtx prx emptyCtx
-- | Sign a message using the key pair under context @ctx@
signCtx :: ( EllipticCurveEdDSA curve
, HashAlgorithm hash
, HashDigestSize hash ~ CurveDigestSize curve
, ByteArrayAccess ctx
, ByteArrayAccess msg
)
=> proxy curve -> ctx -> SecretKey curve -> PublicKey curve hash -> msg -> Signature curve hash
signCtx prx = signPhCtx prx False
-- | Verify a message under context @ctx@
verifyCtx :: ( EllipticCurveEdDSA curve
, HashAlgorithm hash
, HashDigestSize hash ~ CurveDigestSize curve
, ByteArrayAccess ctx
, ByteArrayAccess msg
)
=> proxy curve -> ctx -> PublicKey curve hash -> msg -> Signature curve hash -> Bool
verifyCtx prx = verifyPhCtx prx False
-- | Sign a prehashed message using the key pair under context @ctx@
signPh :: ( EllipticCurveEdDSA curve
, HashAlgorithm hash
, HashDigestSize hash ~ CurveDigestSize curve
, ByteArrayAccess ctx
)
=> proxy curve -> ctx -> SecretKey curve -> PublicKey curve hash -> Digest prehash -> Signature curve hash
signPh prx = signPhCtx prx True
-- | Verify a prehashed message under context @ctx@
verifyPh :: ( EllipticCurveEdDSA curve
, HashAlgorithm hash
, HashDigestSize hash ~ CurveDigestSize curve
, ByteArrayAccess ctx
)
=> proxy curve -> ctx -> PublicKey curve hash -> Digest prehash -> Signature curve hash -> Bool
verifyPh prx = verifyPhCtx prx True
signPhCtx :: forall proxy curve hash ctx msg .
( EllipticCurveEdDSA curve
, HashAlgorithm hash
, HashDigestSize hash ~ CurveDigestSize curve
, ByteArrayAccess ctx
, ByteArrayAccess msg
)
=> proxy curve -> Bool -> ctx -> SecretKey curve -> PublicKey curve hash -> msg -> Signature curve hash
signPhCtx prx ph ctx priv pub msg =
let alg = undefined :: hash
(s, prefix) = scheduleSecret prx alg priv
digR = hashWithDom prx alg ph ctx (bytes prefix) msg
r = decodeScalarNoErr prx digR
pR = pointBaseSmul prx r
bsR = encodePoint prx pR
sK = getK prx ph ctx pub bsR msg
sS = scalarAdd prx r (scalarMul prx sK s)
in encodeSignature prx (bsR, pR, sS)
verifyPhCtx :: ( EllipticCurveEdDSA curve
, HashAlgorithm hash
, HashDigestSize hash ~ CurveDigestSize curve
, ByteArrayAccess ctx
, ByteArrayAccess msg
)
=> proxy curve -> Bool -> ctx -> PublicKey curve hash -> msg -> Signature curve hash -> Bool
verifyPhCtx prx ph ctx pub msg sig =
case doVerify of
CryptoPassed verified -> verified
CryptoFailed _ -> False
where
doVerify = do
(bsR, pR, sS) <- decodeSignature prx sig
nPub <- pointNegate prx `fmap` publicPoint prx pub
let sK = getK prx ph ctx pub bsR msg
pR' = pointsSmulVarTime prx sS sK nPub
return (pR == pR')
emptyCtx :: Bytes
emptyCtx = B.empty
getK :: forall proxy curve hash ctx msg .
( EllipticCurveEdDSA curve
, HashAlgorithm hash
, HashDigestSize hash ~ CurveDigestSize curve
, ByteArrayAccess ctx
, ByteArrayAccess msg
)
=> proxy curve -> Bool -> ctx -> PublicKey curve hash -> Bytes -> msg -> Scalar curve
getK prx ph ctx (PublicKey pub) bsR msg =
let alg = undefined :: hash
digK = hashWithDom prx alg ph ctx (bytes bsR <> bytes pub) msg
in decodeScalarNoErr prx digK
encodeSignature :: EllipticCurveEdDSA curve
=> proxy curve
-> (Bytes, Point curve, Scalar curve)
-> Signature curve hash
encodeSignature prx (bsR, _, sS) = Signature $ buildAndFreeze $
bytes bsR <> bytes bsS <> zero len0
where
bsS = encodeScalarLE prx sS :: Bytes
len0 = signatureSize prx - B.length bsR - B.length bsS
decodeSignature :: ( EllipticCurveEdDSA curve
, HashDigestSize hash ~ CurveDigestSize curve
)
=> proxy curve
-> Signature curve hash
-> CryptoFailable (Bytes, Point curve, Scalar curve)
decodeSignature prx (Signature bs) = do
let (bsR, bsS) = B.splitAt (publicKeySize prx) bs
pR <- decodePoint prx bsR
sS <- decodeScalarLE prx bsS
return (bsR, pR, sS)
-- implementations are supposed to decode any scalar up to the size of the digest
decodeScalarNoErr :: (EllipticCurveEdDSA curve, ByteArrayAccess bs)
=> proxy curve -> bs -> Scalar curve
decodeScalarNoErr prx = unwrap "decodeScalarNoErr" . decodeScalarLE prx
unwrap :: String -> CryptoFailable a -> a
unwrap name (CryptoFailed _) = error (name ++ ": assumption failed")
unwrap _ (CryptoPassed x) = x
-- Ed25519 implementation
instance EllipticCurveEdDSA Curve_Edwards25519 where
type CurveDigestSize Curve_Edwards25519 = 64
secretKeySize _ = 32
hashWithDom _ alg ph ctx bss
| not ph && B.null ctx = digestDomMsg alg bss
| otherwise = digestDomMsg alg (dom <> bss)
where dom = bytes ("SigEd25519 no Ed25519 collisions" :: ByteString) <>
byte (if ph then 1 else 0) <>
byte (fromIntegral $ B.length ctx) <>
bytes ctx
pointPublic _ = PublicKey . Edwards25519.pointEncode
publicPoint _ = Edwards25519.pointDecode
encodeScalarLE _ = Edwards25519.scalarEncode
decodeScalarLE _ = Edwards25519.scalarDecodeLong
scheduleSecret prx alg priv =
(decodeScalarNoErr prx clamped, B.dropView hashed 32)
where
hashed = digest alg $ \update -> update priv
clamped :: Bytes
clamped = B.copyAndFreeze (B.takeView hashed 32) $ \p -> do
b0 <- peekElemOff p 0 :: IO Word8
b31 <- peekElemOff p 31 :: IO Word8
pokeElemOff p 31 ((b31 .&. 0x7F) .|. 0x40)
pokeElemOff p 0 (b0 .&. 0xF8)
{-
Optimize hashing by limiting the number of roundtrips between Haskell and C.
Hash "update" functions do not use unsafe FFI call, so better concanetate
small fragments together and call the update function once.
Using the IO hash interface avoids context buffer copies.
Data type Digest is not used directly but converted to Bytes early. Any use of
withByteArray on the unpinned Digest backend would require copy through a
pinned trampoline.
-}
digestDomMsg :: (HashAlgorithm alg, ByteArrayAccess msg)
=> alg -> Builder -> msg -> Bytes
digestDomMsg alg bss bs = digest alg $ \update ->
update (buildAndFreeze bss :: Bytes) >> update bs
digest :: HashAlgorithm alg
=> alg
-> ((forall bs . ByteArrayAccess bs => bs -> IO ()) -> IO ())
-> Bytes
digest alg fn = B.convert $ unsafeDoIO $ do
mc <- hashMutableInitWith alg
fn (hashMutableUpdate mc)
hashMutableFinalize mc

3
Crypto/Random.hs
View File

@ -84,9 +84,6 @@ drgNewSeed (Seed seed) = initialize seed
-- Note that the @Arbitrary@ instance provided by QuickCheck for 'Word64' does
-- not have a uniform distribution. It is often better to use instead
-- @arbitraryBoundedRandom@.
--
-- System endianness impacts how the tuple is interpreted and therefore changes
-- the resulting DRG.
drgNewTest :: (Word64, Word64, Word64, Word64, Word64) -> ChaChaDRG
drgNewTest = initializeWords

5
Crypto/Random/Entropy/Unsafe.hs
View File

@ -25,9 +25,10 @@ replenish :: Int -> [EntropyBackend] -> Ptr Word8 -> IO ()
replenish _ [] _ = fail "cryptonite: random: cannot get any source of entropy on this system"
replenish poolSize backends ptr = loop 0 backends ptr poolSize
where loop :: Int -> [EntropyBackend] -> Ptr Word8 -> Int -> IO ()
loop _ _ _ 0 = return ()
loop retry [] p n | retry == 3 = error "cryptonite: random: cannot fully replenish"
loop retry [] p n | n == 0 = return ()
| retry == 3 = error "cryptonite: random: cannot fully replenish"
| otherwise = loop (retry+1) backends p n
loop _ (_:_) _ 0 = return ()
loop retry (b:bs) p n = do
r <- gatherBackend b p n
loop retry bs (p `plusPtr` r) (n - r)

11
README.md
View File

@ -52,10 +52,6 @@ On OSX <= 10.7, the system compiler doesn't understand the '-maes' option, and
with the lack of autodetection feature builtin in .cabal file, it is left on
the user to disable the aesni. See the [Disabling AESNI] section
On CentOS 7 the default C compiler includes intrinsic header files incompatible
with per-function target options. Solutions are to use GCC >= 4.9 or disable
flag *use_target_attributes* (see flag configuration examples below).
Disabling AESNI
---------------
@ -76,13 +72,6 @@ or as part of an installation:
For help with cabal flags, see: [stackoverflow : is there a way to define flags for cabal](http://stackoverflow.com/questions/23523869/is-there-any-way-to-define-flags-for-cabal-dependencies)
Enabling PCLMULDQ
-----------------
When the C toolchain supports it, enabling flag *support_pclmuldq* can bring
additional security and performance for AES GCM. A CPU with the necessary
instruction set will use an alternate implementation selected at runtime.
Links
-----

42
benchs/Bench.hs
View File

@ -1,7 +1,6 @@
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE ExistentialQuantification #-}
{-# LANGUAGE FlexibleContexts #-}
{-# LANGUAGE TypeFamilies #-}
module Main where
import Gauge.Main
@ -25,8 +24,6 @@ import qualified Crypto.PubKey.DH as DH
import qualified Crypto.PubKey.ECC.Types as ECC
import qualified Crypto.PubKey.ECC.Prim as ECC
import qualified Crypto.PubKey.ECDSA as ECDSA
import qualified Crypto.PubKey.Ed25519 as Ed25519
import qualified Crypto.PubKey.EdDSA as EdDSA
import Crypto.Random
import Control.DeepSeq (NFData)
@ -328,44 +325,6 @@ benchECDSA = map doECDSABench curveHashes
, ("secp521r1_sha512", CurveHashECDSA Curve_P521R1 SHA512)
]
benchEdDSA =
[ bgroup "EdDSA-Ed25519" benchGenEd25519
, bgroup "Ed25519" benchEd25519
]
where
benchGen prx alg =
[ bench "sign" $ perBatchEnv (genEnv prx alg) (run_gen_sign prx)
, bench "verify" $ perBatchEnv (genEnv prx alg) (run_gen_verify prx)
]
benchGenEd25519 = benchGen (Just Curve_Edwards25519) SHA512
benchEd25519 =
[ bench "sign" $ perBatchEnv ed25519Env run_ed25519_sign
, bench "verify" $ perBatchEnv ed25519Env run_ed25519_verify
]
msg = B.empty -- empty message = worst-case scenario showing API overhead
genEnv prx alg _ = do
sec <- EdDSA.generateSecretKey prx
let pub = EdDSA.toPublic prx alg sec
sig = EdDSA.sign prx sec pub msg
return (sec, pub, sig)
run_gen_sign prx (sec, pub, _) = return (EdDSA.sign prx sec pub msg)
run_gen_verify prx (_, pub, sig) = return (EdDSA.verify prx pub msg sig)
ed25519Env _ = do
sec <- Ed25519.generateSecretKey
let pub = Ed25519.toPublic sec
sig = Ed25519.sign sec pub msg
return (sec, pub, sig)
run_ed25519_sign (sec, pub, _) = return (Ed25519.sign sec pub msg)
run_ed25519_verify (_, pub, sig) = return (Ed25519.verify pub msg sig)
main = defaultMain
[ bgroup "hash" benchHash
, bgroup "block-cipher" benchBlockCipher
@ -379,6 +338,5 @@ main = defaultMain
, bgroup "ECDH" benchECDH
]
, bgroup "ECDSA" benchECDSA
, bgroup "EdDSA" benchEdDSA
, bgroup "F2m" benchF2m
]

2
cbits/aes/x86ni.c
View File

@ -165,7 +165,7 @@ static __m128i gfmulx(__m128i v)
TARGET_AESNI
static __m128i gfmul_generic(__m128i tag, const table_4bit htable)
{
aes_block _t ALIGNMENT(16);
aes_block _t;
_mm_store_si128((__m128i *) &_t, tag);
cryptonite_aes_generic_gf_mul(&_t, htable);
tag = _mm_load_si128((__m128i *) &_t);

52
cbits/argon2/core.c
View File

@ -83,25 +83,25 @@ static int blake2b_long(void *pout, size_t outlen, const void *in, size_t inlen)
} while ((void)0, 0)
if (outlen <= BLAKE2B_OUTBYTES) {
TRY(_cryptonite_blake2b_init(&blake_state, outlen));
TRY(_cryptonite_blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes)));
TRY(_cryptonite_blake2b_update(&blake_state, in, inlen));
TRY(_cryptonite_blake2b_final(&blake_state, out, outlen));
TRY(blake2b_init(&blake_state, outlen));
TRY(blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes)));
TRY(blake2b_update(&blake_state, in, inlen));
TRY(blake2b_final(&blake_state, out, outlen));
} else {
uint32_t toproduce;
uint8_t out_buffer[BLAKE2B_OUTBYTES];
uint8_t in_buffer[BLAKE2B_OUTBYTES];
TRY(_cryptonite_blake2b_init(&blake_state, BLAKE2B_OUTBYTES));
TRY(_cryptonite_blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes)));
TRY(_cryptonite_blake2b_update(&blake_state, in, inlen));
TRY(_cryptonite_blake2b_final(&blake_state, out_buffer, BLAKE2B_OUTBYTES));
TRY(blake2b_init(&blake_state, BLAKE2B_OUTBYTES));
TRY(blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes)));
TRY(blake2b_update(&blake_state, in, inlen));
TRY(blake2b_final(&blake_state, out_buffer, BLAKE2B_OUTBYTES));
memcpy(out, out_buffer, BLAKE2B_OUTBYTES / 2);
out += BLAKE2B_OUTBYTES / 2;
toproduce = (uint32_t)outlen - BLAKE2B_OUTBYTES / 2;
while (toproduce > BLAKE2B_OUTBYTES) {
memcpy(in_buffer, out_buffer, BLAKE2B_OUTBYTES);
TRY(_cryptonite_blake2b(out_buffer, BLAKE2B_OUTBYTES, in_buffer,
TRY(blake2b(out_buffer, BLAKE2B_OUTBYTES, in_buffer,
BLAKE2B_OUTBYTES, NULL, 0));
memcpy(out, out_buffer, BLAKE2B_OUTBYTES / 2);
out += BLAKE2B_OUTBYTES / 2;
@ -109,7 +109,7 @@ static int blake2b_long(void *pout, size_t outlen, const void *in, size_t inlen)
}
memcpy(in_buffer, out_buffer, BLAKE2B_OUTBYTES);
TRY(_cryptonite_blake2b(out_buffer, toproduce, in_buffer, BLAKE2B_OUTBYTES, NULL,
TRY(blake2b(out_buffer, toproduce, in_buffer, BLAKE2B_OUTBYTES, NULL,
0));
memcpy(out, out_buffer, toproduce);
}
@ -597,31 +597,31 @@ void initial_hash(uint8_t *blockhash, argon2_context *context,
return;
}
_cryptonite_blake2b_init(&BlakeHash, ARGON2_PREHASH_DIGEST_LENGTH);
blake2b_init(&BlakeHash, ARGON2_PREHASH_DIGEST_LENGTH);
store32(&value, context->lanes);
_cryptonite_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
store32(&value, context->outlen);
_cryptonite_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
store32(&value, context->m_cost);
_cryptonite_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
store32(&value, context->t_cost);
_cryptonite_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
store32(&value, context->version);
_cryptonite_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
store32(&value, (uint32_t)type);
_cryptonite_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
store32(&value, context->pwdlen);
_cryptonite_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
if (context->pwd != NULL) {
_cryptonite_blake2b_update(&BlakeHash, (const uint8_t *)context->pwd,
blake2b_update(&BlakeHash, (const uint8_t *)context->pwd,
context->pwdlen);
if (context->flags & ARGON2_FLAG_CLEAR_PASSWORD) {
@ -631,18 +631,18 @@ void initial_hash(uint8_t *blockhash, argon2_context *context,
}
store32(&value, context->saltlen);
_cryptonite_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
if (context->salt != NULL) {
_cryptonite_blake2b_update(&BlakeHash, (const uint8_t *)context->salt,
blake2b_update(&BlakeHash, (const uint8_t *)context->salt,
context->saltlen);
}
store32(&value, context->secretlen);
_cryptonite_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
if (context->secret != NULL) {
_cryptonite_blake2b_update(&BlakeHash, (const uint8_t *)context->secret,
blake2b_update(&BlakeHash, (const uint8_t *)context->secret,
context->secretlen);
if (context->flags & ARGON2_FLAG_CLEAR_SECRET) {
@ -652,14 +652,14 @@ void initial_hash(uint8_t *blockhash, argon2_context *context,
}
store32(&value, context->adlen);
_cryptonite_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
if (context->ad != NULL) {
_cryptonite_blake2b_update(&BlakeHash, (const uint8_t *)context->ad,
blake2b_update(&BlakeHash, (const uint8_t *)context->ad,
context->adlen);
}
_cryptonite_blake2b_final(&BlakeHash, blockhash, ARGON2_PREHASH_DIGEST_LENGTH);
blake2b_final(&BlakeHash, blockhash, ARGON2_PREHASH_DIGEST_LENGTH);
}
static
int initialize(argon2_instance_t *instance, argon2_context *context) {

66
cbits/blake2/ref/blake2.h
View File

@ -142,51 +142,51 @@ extern "C" {
};
/* Streaming API */
int _cryptonite_blake2s_init( blake2s_state *S, size_t outlen );
int _cryptonite_blake2s_init_key( blake2s_state *S, size_t outlen, const void *key, size_t keylen );
int _cryptonite_blake2s_init_param( blake2s_state *S, const blake2s_param *P );
int _cryptonite_blake2s_update( blake2s_state *S, const void *in, size_t inlen );
int _cryptonite_blake2s_final( blake2s_state *S, void *out, size_t outlen );
int blake2s_init( blake2s_state *S, size_t outlen );
int blake2s_init_key( blake2s_state *S, size_t outlen, const void *key, size_t keylen );
int blake2s_init_param( blake2s_state *S, const blake2s_param *P );
int blake2s_update( blake2s_state *S, const void *in, size_t inlen );
int blake2s_final( blake2s_state *S, void *out, size_t outlen );
int _cryptonite_blake2b_init( blake2b_state *S, size_t outlen );
int _cryptonite_blake2b_init_key( blake2b_state *S, size_t outlen, const void *key, size_t keylen );
int _cryptonite_blake2b_init_param( blake2b_state *S, const blake2b_param *P );
int _cryptonite_blake2b_update( blake2b_state *S, const void *in, size_t inlen );
int _cryptonite_blake2b_final( blake2b_state *S, void *out, size_t outlen );
int blake2b_init( blake2b_state *S, size_t outlen );
int blake2b_init_key( blake2b_state *S, size_t outlen, const void *key, size_t keylen );
int blake2b_init_param( blake2b_state *S, const blake2b_param *P );
int blake2b_update( blake2b_state *S, const void *in, size_t inlen );
int blake2b_final( blake2b_state *S, void *out, size_t outlen );
int _cryptonite_blake2sp_init( blake2sp_state *S, size_t outlen );
int _cryptonite_blake2sp_init_key( blake2sp_state *S, size_t outlen, const void *key, size_t keylen );
int _cryptonite_blake2sp_update( blake2sp_state *S, const void *in, size_t inlen );
int _cryptonite_blake2sp_final( blake2sp_state *S, void *out, size_t outlen );
int blake2sp_init( blake2sp_state *S, size_t outlen );
int blake2sp_init_key( blake2sp_state *S, size_t outlen, const void *key, size_t keylen );
int blake2sp_update( blake2sp_state *S, const void *in, size_t inlen );
int blake2sp_final( blake2sp_state *S, void *out, size_t outlen );
int _cryptonite_blake2bp_init( blake2bp_state *S, size_t outlen );
int _cryptonite_blake2bp_init_key( blake2bp_state *S, size_t outlen, const void *key, size_t keylen );
int _cryptonite_blake2bp_update( blake2bp_state *S, const void *in, size_t inlen );
int _cryptonite_blake2bp_final( blake2bp_state *S, void *out, size_t outlen );
int blake2bp_init( blake2bp_state *S, size_t outlen );
int blake2bp_init_key( blake2bp_state *S, size_t outlen, const void *key, size_t keylen );
int blake2bp_update( blake2bp_state *S, const void *in, size_t inlen );
int blake2bp_final( blake2bp_state *S, void *out, size_t outlen );
/* Variable output length API */
int _cryptonite_blake2xs_init( blake2xs_state *S, const size_t outlen );
int _cryptonite_blake2xs_init_key( blake2xs_state *S, const size_t outlen, const void *key, size_t keylen );
int _cryptonite_blake2xs_update( blake2xs_state *S, const void *in, size_t inlen );
int _cryptonite_blake2xs_final(blake2xs_state *S, void *out, size_t outlen);
int blake2xs_init( blake2xs_state *S, const size_t outlen );
int blake2xs_init_key( blake2xs_state *S, const size_t outlen, const void *key, size_t keylen );
int blake2xs_update( blake2xs_state *S, const void *in, size_t inlen );
int blake2xs_final(blake2xs_state *S, void *out, size_t outlen);
int _cryptonite_blake2xb_init( blake2xb_state *S, const size_t outlen );
int _cryptonite_blake2xb_init_key( blake2xb_state *S, const size_t outlen, const void *key, size_t keylen );
int _cryptonite_blake2xb_update( blake2xb_state *S, const void *in, size_t inlen );
int _cryptonite_blake2xb_final(blake2xb_state *S, void *out, size_t outlen);
int blake2xb_init( blake2xb_state *S, const size_t outlen );
int blake2xb_init_key( blake2xb_state *S, const size_t outlen, const void *key, size_t keylen );
int blake2xb_update( blake2xb_state *S, const void *in, size_t inlen );
int blake2xb_final(blake2xb_state *S, void *out, size_t outlen);
/* Simple API */
int _cryptonite_blake2s( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
int _cryptonite_blake2b( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
int blake2s( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
int blake2b( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
int _cryptonite_blake2sp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
int _cryptonite_blake2bp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
int blake2sp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
int blake2bp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
int _cryptonite_blake2xs( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
int _cryptonite_blake2xb( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
int blake2xs( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
int blake2xb( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
/* This is simply an alias for blake2b */
int _cryptonite_blake2( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
int blake2( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
#if defined(__cplusplus)
}

46
cbits/blake2/ref/blake2b-ref.c
View File

@ -78,7 +78,7 @@ static void blake2b_init0( blake2b_state *S )
}
/* init xors IV with input parameter block */
int _cryptonite_blake2b_init_param( blake2b_state *S, const blake2b_param *P )
int blake2b_init_param( blake2b_state *S, const blake2b_param *P )
{
const uint8_t *p = ( const uint8_t * )( P );
size_t i;
@ -95,7 +95,7 @@ int _cryptonite_blake2b_init_param( blake2b_state *S, const blake2b_param *P )
int _cryptonite_blake2b_init( blake2b_state *S, size_t outlen )
int blake2b_init( blake2b_state *S, size_t outlen )
{
blake2b_param P[1];
@ -113,11 +113,11 @@ int _cryptonite_blake2b_init( blake2b_state *S, size_t outlen )
memset( P->reserved, 0, sizeof( P->reserved ) );
memset( P->salt, 0, sizeof( P->salt ) );
memset( P->personal, 0, sizeof( P->personal ) );
return _cryptonite_blake2b_init_param( S, P );
return blake2b_init_param( S, P );
}
int _cryptonite_blake2b_init_key( blake2b_state *S, size_t outlen, const void *key, size_t keylen )
int blake2b_init_key( blake2b_state *S, size_t outlen, const void *key, size_t keylen )
{
blake2b_param P[1];
@ -138,13 +138,13 @@ int _cryptonite_blake2b_init_key( blake2b_state *S, size_t outlen, const void *k
memset( P->salt, 0, sizeof( P->salt ) );
memset( P->personal, 0, sizeof( P->personal ) );
if( _cryptonite_blake2b_init_param( S, P ) < 0 ) return -1;
if( blake2b_init_param( S, P ) < 0 ) return -1;
{
uint8_t block[BLAKE2B_BLOCKBYTES];
memset( block, 0, BLAKE2B_BLOCKBYTES );
memcpy( block, key, keylen );
_cryptonite_blake2b_update( S, block, BLAKE2B_BLOCKBYTES );
blake2b_update( S, block, BLAKE2B_BLOCKBYTES );
secure_zero_memory( block, BLAKE2B_BLOCKBYTES ); /* Burn the key from stack */
}
return 0;
@ -218,7 +218,7 @@ static void blake2b_compress( blake2b_state *S, const uint8_t block[BLAKE2B_BLOC
#undef G
#undef ROUND
int _cryptonite_blake2b_update( blake2b_state *S, const void *pin, size_t inlen )
int blake2b_update( blake2b_state *S, const void *pin, size_t inlen )
{
const unsigned char * in = (const unsigned char *)pin;
if( inlen > 0 )
@ -245,7 +245,7 @@ int _cryptonite_blake2b_update( blake2b_state *S, const void *pin, size_t inlen
return 0;
}
int _cryptonite_blake2b_final( blake2b_state *S, void *out, size_t outlen )
int blake2b_final( blake2b_state *S, void *out, size_t outlen )
{
uint8_t buffer[BLAKE2B_OUTBYTES] = {0};
size_t i;
@ -270,7 +270,7 @@ int _cryptonite_blake2b_final( blake2b_state *S, void *out, size_t outlen )
}
/* inlen, at least, should be uint64_t. Others can be size_t. */
int _cryptonite_blake2b( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen )
int blake2b( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen )
{
blake2b_state S[1];
@ -287,26 +287,26 @@ int _cryptonite_blake2b( void *out, size_t outlen, const void *in, size_t inlen,
if( keylen > 0 )
{
if( _cryptonite_blake2b_init_key( S, outlen, key, keylen ) < 0 ) return -1;
if( blake2b_init_key( S, outlen, key, keylen ) < 0 ) return -1;
}
else
{
if( _cryptonite_blake2b_init( S, outlen ) < 0 ) return -1;
if( blake2b_init( S, outlen ) < 0 ) return -1;
}
_cryptonite_blake2b_update( S, ( const uint8_t * )in, inlen );
_cryptonite_blake2b_final( S, out, outlen );
blake2b_update( S, ( const uint8_t * )in, inlen );
blake2b_final( S, out, outlen );
return 0;
}
int _cryptonite_blake2( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ) {
return _cryptonite_blake2b(out, outlen, in, inlen, key, keylen);
int blake2( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ) {
return blake2b(out, outlen, in, inlen, key, keylen);
}
#if defined(SUPERCOP)
int crypto_hash( unsigned char *out, unsigned char *in, unsigned long long inlen )
{
return _cryptonite_blake2b( out, BLAKE2B_OUTBYTES, in, inlen, NULL, 0 );
return blake2b( out, BLAKE2B_OUTBYTES, in, inlen, NULL, 0 );
}
#endif
@ -329,9 +329,9 @@ int main( void )
for( i = 0; i < BLAKE2_KAT_LENGTH; ++i )
{
uint8_t hash[BLAKE2B_OUTBYTES];
_cryptonite_blake2b( hash, BLAKE2B_OUTBYTES, buf, i, key, BLAKE2B_KEYBYTES );
blake2b( hash, BLAKE2B_OUTBYTES, buf, i, key, BLAKE2B_KEYBYTES );
if( 0 != memcmp( hash, _cryptonite_blake2b_keyed_kat[i], BLAKE2B_OUTBYTES ) )
if( 0 != memcmp( hash, blake2b_keyed_kat[i], BLAKE2B_OUTBYTES ) )
{
goto fail;
}
@ -346,25 +346,25 @@ int main( void )
size_t mlen = i;
int err = 0;
if( (err = _cryptonite_blake2b_init_key(&S, BLAKE2B_OUTBYTES, key, BLAKE2B_KEYBYTES)) < 0 ) {
if( (err = blake2b_init_key(&S, BLAKE2B_OUTBYTES, key, BLAKE2B_KEYBYTES)) < 0 ) {
goto fail;
}
while (mlen >= step) {
if ( (err = _cryptonite_blake2b_update(&S, p, step)) < 0 ) {
if ( (err = blake2b_update(&S, p, step)) < 0 ) {
goto fail;
}
mlen -= step;
p += step;
}
if ( (err = _cryptonite_blake2b_update(&S, p, mlen)) < 0) {
if ( (err = blake2b_update(&S, p, mlen)) < 0) {
goto fail;
}
if ( (err = _cryptonite_blake2b_final(&S, hash, BLAKE2B_OUTBYTES)) < 0) {
if ( (err = blake2b_final(&S, hash, BLAKE2B_OUTBYTES)) < 0) {
goto fail;
}
if (0 != memcmp(hash, _cryptonite_blake2b_keyed_kat[i], BLAKE2B_OUTBYTES)) {
if (0 != memcmp(hash, blake2b_keyed_kat[i], BLAKE2B_OUTBYTES)) {
goto fail;
}
}

48
cbits/blake2/ref/blake2bp-ref.c
View File

@ -36,7 +36,7 @@
*/
static int blake2bp_init_leaf_param( blake2b_state *S, const blake2b_param *P )
{
int err = _cryptonite_blake2b_init_param(S, P);
int err = blake2b_init_param(S, P);
S->outlen = P->inner_length;
return err;
}
@ -74,11 +74,11 @@ static int blake2bp_init_root( blake2b_state *S, size_t outlen, size_t keylen )
memset( P->reserved, 0, sizeof( P->reserved ) );
memset( P->salt, 0, sizeof( P->salt ) );
memset( P->personal, 0, sizeof( P->personal ) );
return _cryptonite_blake2b_init_param( S, P );
return blake2b_init_param( S, P );
}
int _cryptonite_blake2bp_init( blake2bp_state *S, size_t outlen )
int blake2bp_init( blake2bp_state *S, size_t outlen )
{
size_t i;
@ -99,7 +99,7 @@ int _cryptonite_blake2bp_init( blake2bp_state *S, size_t outlen )
return 0;
}
int _cryptonite_blake2bp_init_key( blake2bp_state *S, size_t outlen, const void *key, size_t keylen )
int blake2bp_init_key( blake2bp_state *S, size_t outlen, const void *key, size_t keylen )
{
size_t i;
@ -125,7 +125,7 @@ int _cryptonite_blake2bp_init_key( blake2bp_state *S, size_t outlen, const void
memcpy( block, key, keylen );
for( i = 0; i < PARALLELISM_DEGREE; ++i )
_cryptonite_blake2b_update( S->S[i], block, BLAKE2B_BLOCKBYTES );
blake2b_update( S->S[i], block, BLAKE2B_BLOCKBYTES );
secure_zero_memory( block, BLAKE2B_BLOCKBYTES ); /* Burn the key from stack */
}
@ -133,7 +133,7 @@ int _cryptonite_blake2bp_init_key( blake2bp_state *S, size_t outlen, const void
}
int _cryptonite_blake2bp_update( blake2bp_state *S, const void *pin, size_t inlen )
int blake2bp_update( blake2bp_state *S, const void *pin, size_t inlen )
{
const unsigned char * in = (const unsigned char *)pin;
size_t left = S->buflen;
@ -145,7 +145,7 @@ int _cryptonite_blake2bp_update( blake2bp_state *S, const void *pin, size_t inle
memcpy( S->buf + left, in, fill );
for( i = 0; i < PARALLELISM_DEGREE; ++i )
_cryptonite_blake2b_update( S->S[i], S->buf + i * BLAKE2B_BLOCKBYTES, BLAKE2B_BLOCKBYTES );
blake2b_update( S->S[i], S->buf + i * BLAKE2B_BLOCKBYTES, BLAKE2B_BLOCKBYTES );
in += fill;
inlen -= fill;
@ -168,7 +168,7 @@ int _cryptonite_blake2bp_update( blake2bp_state *S, const void *pin, size_t inle
while( inlen__ >= PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES )
{
_cryptonite_blake2b_update( S->S[i], in__, BLAKE2B_BLOCKBYTES );
blake2b_update( S->S[i], in__, BLAKE2B_BLOCKBYTES );
in__ += PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES;
inlen__ -= PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES;
}
@ -184,7 +184,7 @@ int _cryptonite_blake2bp_update( blake2bp_state *S, const void *pin, size_t inle
return 0;
}
int _cryptonite_blake2bp_final( blake2bp_state *S, void *out, size_t outlen )
int blake2bp_final( blake2bp_state *S, void *out, size_t outlen )
{
uint8_t hash[PARALLELISM_DEGREE][BLAKE2B_OUTBYTES];
size_t i;
@ -201,19 +201,19 @@ int _cryptonite_blake2bp_final( blake2bp_state *S, void *out, size_t outlen )
if( left > BLAKE2B_BLOCKBYTES ) left = BLAKE2B_BLOCKBYTES;
_cryptonite_blake2b_update( S->S[i], S->buf + i * BLAKE2B_BLOCKBYTES, left );
blake2b_update( S->S[i], S->buf + i * BLAKE2B_BLOCKBYTES, left );
}
_cryptonite_blake2b_final( S->S[i], hash[i], BLAKE2B_OUTBYTES );
blake2b_final( S->S[i], hash[i], BLAKE2B_OUTBYTES );
}
for( i = 0; i < PARALLELISM_DEGREE; ++i )
_cryptonite_blake2b_update( S->R, hash[i], BLAKE2B_OUTBYTES );
blake2b_update( S->R, hash[i], BLAKE2B_OUTBYTES );
return _cryptonite_blake2b_final( S->R, out, S->outlen );
return blake2b_final( S->R, out, S->outlen );
}
int _cryptonite_blake2bp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen )
int blake2bp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen )
{
uint8_t hash[PARALLELISM_DEGREE][BLAKE2B_OUTBYTES];
blake2b_state S[PARALLELISM_DEGREE][1];
@ -243,7 +243,7 @@ int _cryptonite_blake2bp( void *out, size_t outlen, const void *in, size_t inlen
memcpy( block, key, keylen );
for( i = 0; i < PARALLELISM_DEGREE; ++i )
_cryptonite_blake2b_update( S[i], block, BLAKE2B_BLOCKBYTES );
blake2b_update( S[i], block, BLAKE2B_BLOCKBYTES );
secure_zero_memory( block, BLAKE2B_BLOCKBYTES ); /* Burn the key from stack */
}
@ -264,7 +264,7 @@ int _cryptonite_blake2bp( void *out, size_t outlen, const void *in, size_t inlen
while( inlen__ >= PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES )
{
_cryptonite_blake2b_update( S[i], in__, BLAKE2B_BLOCKBYTES );
blake2b_update( S[i], in__, BLAKE2B_BLOCKBYTES );
in__ += PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES;
inlen__ -= PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES;
}
@ -273,10 +273,10 @@ int _cryptonite_blake2bp( void *out, size_t outlen, const void *in, size_t inlen
{
const size_t left = inlen__ - i * BLAKE2B_BLOCKBYTES;
const size_t len = left <= BLAKE2B_BLOCKBYTES ? left : BLAKE2B_BLOCKBYTES;
_cryptonite_blake2b_update( S[i], in__, len );
blake2b_update( S[i], in__, len );
}
_cryptonite_blake2b_final( S[i], hash[i], BLAKE2B_OUTBYTES );
blake2b_final( S[i], hash[i], BLAKE2B_OUTBYTES );
}
if( blake2bp_init_root( FS, outlen, keylen ) < 0 )
@ -285,9 +285,9 @@ int _cryptonite_blake2bp( void *out, size_t outlen, const void *in, size_t inlen
FS->last_node = 1; /* Mark as last node */
for( i = 0; i < PARALLELISM_DEGREE; ++i )
_cryptonite_blake2b_update( FS, hash[i], BLAKE2B_OUTBYTES );
blake2b_update( FS, hash[i], BLAKE2B_OUTBYTES );
return _cryptonite_blake2b_final( FS, out, outlen );;
return blake2b_final( FS, out, outlen );;
}
#if defined(BLAKE2BP_SELFTEST)
@ -326,21 +326,21 @@ int main( void )
size_t mlen = i;
int err = 0;
if( (err = _cryptonite_blake2bp_init_key(&S, BLAKE2B_OUTBYTES, key, BLAKE2B_KEYBYTES)) < 0 ) {
if( (err = blake2bp_init_key(&S, BLAKE2B_OUTBYTES, key, BLAKE2B_KEYBYTES)) < 0 ) {
goto fail;
}
while (mlen >= step) {
if ( (err = _cryptonite_blake2bp_update(&S, p, step)) < 0 ) {
if ( (err = blake2bp_update(&S, p, step)) < 0 ) {
goto fail;
}
mlen -= step;
p += step;
}
if ( (err = _cryptonite_blake2bp_update(&S, p, mlen)) < 0) {
if ( (err = blake2bp_update(&S, p, mlen)) < 0) {
goto fail;
}
if ( (err = _cryptonite_blake2bp_final(&S, hash, BLAKE2B_OUTBYTES)) < 0) {
if ( (err = blake2bp_final(&S, hash, BLAKE2B_OUTBYTES)) < 0) {
goto fail;
}

38
cbits/blake2/ref/blake2s-ref.c
View File

@ -73,7 +73,7 @@ static void blake2s_init0( blake2s_state *S )
}
/* init2 xors IV with input parameter block */
int _cryptonite_blake2s_init_param( blake2s_state *S, const blake2s_param *P )
int blake2s_init_param( blake2s_state *S, const blake2s_param *P )
{
const unsigned char *p = ( const unsigned char * )( P );
size_t i;
@ -90,7 +90,7 @@ int _cryptonite_blake2s_init_param( blake2s_state *S, const blake2s_param *P )
/* Sequential blake2s initialization */
int _cryptonite_blake2s_init( blake2s_state *S, size_t outlen )
int blake2s_init( blake2s_state *S, size_t outlen )
{
blake2s_param P[1];
@ -109,10 +109,10 @@ int _cryptonite_blake2s_init( blake2s_state *S, size_t outlen )
/* memset(P->reserved, 0, sizeof(P->reserved) ); */
memset( P->salt, 0, sizeof( P->salt ) );
memset( P->personal, 0, sizeof( P->personal ) );
return _cryptonite_blake2s_init_param( S, P );
return blake2s_init_param( S, P );
}
int _cryptonite_blake2s_init_key( blake2s_state *S, size_t outlen, const void *key, size_t keylen )
int blake2s_init_key( blake2s_state *S, size_t outlen, const void *key, size_t keylen )
{
blake2s_param P[1];
@ -133,13 +133,13 @@ int _cryptonite_blake2s_init_key( blake2s_state *S, size_t outlen, const void *k
memset( P->salt, 0, sizeof( P->salt ) );
memset( P->personal, 0, sizeof( P->personal ) );
if( _cryptonite_blake2s_init_param( S, P ) < 0 ) return -1;
if( blake2s_init_param( S, P ) < 0 ) return -1;
{
uint8_t block[BLAKE2S_BLOCKBYTES];
memset( block, 0, BLAKE2S_BLOCKBYTES );
memcpy( block, key, keylen );
_cryptonite_blake2s_update( S, block, BLAKE2S_BLOCKBYTES );
blake2s_update( S, block, BLAKE2S_BLOCKBYTES );
secure_zero_memory( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from stack */
}
return 0;
@ -211,7 +211,7 @@ static void blake2s_compress( blake2s_state *S, const uint8_t in[BLAKE2S_BLOCKBY
#undef G
#undef ROUND
int _cryptonite_blake2s_update( blake2s_state *S, const void *pin, size_t inlen )
int blake2s_update( blake2s_state *S, const void *pin, size_t inlen )
{
const unsigned char * in = (const unsigned char *)pin;
if( inlen > 0 )
@ -238,7 +238,7 @@ int _cryptonite_blake2s_update( blake2s_state *S, const void *pin, size_t inlen
return 0;
}
int _cryptonite_blake2s_final( blake2s_state *S, void *out, size_t outlen )
int blake2s_final( blake2s_state *S, void *out, size_t outlen )
{
uint8_t buffer[BLAKE2S_OUTBYTES] = {0};
size_t i;
@ -262,7 +262,7 @@ int _cryptonite_blake2s_final( blake2s_state *S, void *out, size_t outlen )
return 0;
}
int _cryptonite_blake2s( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen )
int blake2s( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen )
{
blake2s_state S[1];
@ -279,22 +279,22 @@ int _cryptonite_blake2s( void *out, size_t outlen, const void *in, size_t inlen,
if( keylen > 0 )
{
if( _cryptonite_blake2s_init_key( S, outlen, key, keylen ) < 0 ) return -1;
if( blake2s_init_key( S, outlen, key, keylen ) < 0 ) return -1;
}
else
{
if( _cryptonite_blake2s_init( S, outlen ) < 0 ) return -1;
if( blake2s_init( S, outlen ) < 0 ) return -1;
}
_cryptonite_blake2s_update( S, ( const uint8_t * )in, inlen );
_cryptonite_blake2s_final( S, out, outlen );
blake2s_update( S, ( const uint8_t * )in, inlen );
blake2s_final( S, out, outlen );
return 0;
}
#if defined(SUPERCOP)
int crypto_hash( unsigned char *out, unsigned char *in, unsigned long long inlen )
{
return _cryptonite_blake2s( out, BLAKE2S_OUTBYTES, in, inlen, NULL, 0 );
return blake2s( out, BLAKE2S_OUTBYTES, in, inlen, NULL, 0 );
}
#endif
@ -317,7 +317,7 @@ int main( void )
for( i = 0; i < BLAKE2_KAT_LENGTH; ++i )
{
uint8_t hash[BLAKE2S_OUTBYTES];
_cryptonite_blake2s( hash, BLAKE2S_OUTBYTES, buf, i, key, BLAKE2S_KEYBYTES );
blake2s( hash, BLAKE2S_OUTBYTES, buf, i, key, BLAKE2S_KEYBYTES );
if( 0 != memcmp( hash, blake2s_keyed_kat[i], BLAKE2S_OUTBYTES ) )
{
@ -334,21 +334,21 @@ int main( void )
size_t mlen = i;
int err = 0;
if( (err = _cryptonite_blake2s_init_key(&S, BLAKE2S_OUTBYTES, key, BLAKE2S_KEYBYTES)) < 0 ) {
if( (err = blake2s_init_key(&S, BLAKE2S_OUTBYTES, key, BLAKE2S_KEYBYTES)) < 0 ) {
goto fail;
}
while (mlen >= step) {
if ( (err = _cryptonite_blake2s_update(&S, p, step)) < 0 ) {
if ( (err = blake2s_update(&S, p, step)) < 0 ) {
goto fail;
}
mlen -= step;
p += step;
}
if ( (err = _cryptonite_blake2s_update(&S, p, mlen)) < 0) {
if ( (err = blake2s_update(&S, p, mlen)) < 0) {
goto fail;
}
if ( (err = _cryptonite_blake2s_final(&S, hash, BLAKE2S_OUTBYTES)) < 0) {
if ( (err = blake2s_final(&S, hash, BLAKE2S_OUTBYTES)) < 0) {
goto fail;
}

50
cbits/blake2/ref/blake2sp-ref.c
View File

@ -35,7 +35,7 @@
*/
static int blake2sp_init_leaf_param( blake2s_state *S, const blake2s_param *P )
{
int err = _cryptonite_blake2s_init_param(S, P);
int err = blake2s_init_param(S, P);
S->outlen = P->inner_length;
return err;
}
@ -71,11 +71,11 @@ static int blake2sp_init_root( blake2s_state *S, size_t outlen, size_t keylen )
P->inner_length = BLAKE2S_OUTBYTES;
memset( P->salt, 0, sizeof( P->salt ) );
memset( P->personal, 0, sizeof( P->personal ) );
return _cryptonite_blake2s_init_param( S, P );
return blake2s_init_param( S, P );
}
int _cryptonite_blake2sp_init( blake2sp_state *S, size_t outlen )
int blake2sp_init( blake2sp_state *S, size_t outlen )
{
size_t i;
@ -96,7 +96,7 @@ int _cryptonite_blake2sp_init( blake2sp_state *S, size_t outlen )
return 0;
}
int _cryptonite_blake2sp_init_key( blake2sp_state *S, size_t outlen, const void *key, size_t keylen )
int blake2sp_init_key( blake2sp_state *S, size_t outlen, const void *key, size_t keylen )
{
size_t i;
@ -122,7 +122,7 @@ int _cryptonite_blake2sp_init_key( blake2sp_state *S, size_t outlen, const void
memcpy( block, key, keylen );
for( i = 0; i < PARALLELISM_DEGREE; ++i )
_cryptonite_blake2s_update( S->S[i], block, BLAKE2S_BLOCKBYTES );
blake2s_update( S->S[i], block, BLAKE2S_BLOCKBYTES );
secure_zero_memory( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from stack */
}
@ -130,7 +130,7 @@ int _cryptonite_blake2sp_init_key( blake2sp_state *S, size_t outlen, const void
}
int _cryptonite_blake2sp_update( blake2sp_state *S, const void *pin, size_t inlen )
int blake2sp_update( blake2sp_state *S, const void *pin, size_t inlen )
{
const unsigned char * in = (const unsigned char *)pin;
size_t left = S->buflen;
@ -142,7 +142,7 @@ int _cryptonite_blake2sp_update( blake2sp_state *S, const void *pin, size_t inle
memcpy( S->buf + left, in, fill );
for( i = 0; i < PARALLELISM_DEGREE; ++i )
_cryptonite_blake2s_update( S->S[i], S->buf + i * BLAKE2S_BLOCKBYTES, BLAKE2S_BLOCKBYTES );
blake2s_update( S->S[i], S->buf + i * BLAKE2S_BLOCKBYTES, BLAKE2S_BLOCKBYTES );
in += fill;
inlen -= fill;
@ -164,7 +164,7 @@ int _cryptonite_blake2sp_update( blake2sp_state *S, const void *pin, size_t inle
while( inlen__ >= PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES )
{
_cryptonite_blake2s_update( S->S[i], in__, BLAKE2S_BLOCKBYTES );
blake2s_update( S->S[i], in__, BLAKE2S_BLOCKBYTES );
in__ += PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES;
inlen__ -= PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES;
}
@ -181,7 +181,7 @@ int _cryptonite_blake2sp_update( blake2sp_state *S, const void *pin, size_t inle
}
int _cryptonite_blake2sp_final( blake2sp_state *S, void *out, size_t outlen )
int blake2sp_final( blake2sp_state *S, void *out, size_t outlen )
{
uint8_t hash[PARALLELISM_DEGREE][BLAKE2S_OUTBYTES];
size_t i;
@ -198,20 +198,20 @@ int _cryptonite_blake2sp_final( blake2sp_state *S, void *out, size_t outlen )
if( left > BLAKE2S_BLOCKBYTES ) left = BLAKE2S_BLOCKBYTES;
_cryptonite_blake2s_update( S->S[i], S->buf + i * BLAKE2S_BLOCKBYTES, left );
blake2s_update( S->S[i], S->buf + i * BLAKE2S_BLOCKBYTES, left );
}
_cryptonite_blake2s_final( S->S[i], hash[i], BLAKE2S_OUTBYTES );
blake2s_final( S->S[i], hash[i], BLAKE2S_OUTBYTES );
}
for( i = 0; i < PARALLELISM_DEGREE; ++i )
_cryptonite_blake2s_update( S->R, hash[i], BLAKE2S_OUTBYTES );
blake2s_update( S->R, hash[i], BLAKE2S_OUTBYTES );
return _cryptonite_blake2s_final( S->R, out, S->outlen );
return blake2s_final( S->R, out, S->outlen );
}
int _cryptonite_blake2sp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen )
int blake2sp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen )
{
uint8_t hash[PARALLELISM_DEGREE][BLAKE2S_OUTBYTES];
blake2s_state S[PARALLELISM_DEGREE][1];
@ -241,7 +241,7 @@ int _cryptonite_blake2sp( void *out, size_t outlen, const void *in, size_t inlen
memcpy( block, key, keylen );
for( i = 0; i < PARALLELISM_DEGREE; ++i )
_cryptonite_blake2s_update( S[i], block, BLAKE2S_BLOCKBYTES );
blake2s_update( S[i], block, BLAKE2S_BLOCKBYTES );
secure_zero_memory( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from stack */
}
@ -262,7 +262,7 @@ int _cryptonite_blake2sp( void *out, size_t outlen, const void *in, size_t inlen
while( inlen__ >= PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES )
{
_cryptonite_blake2s_update( S[i], in__, BLAKE2S_BLOCKBYTES );
blake2s_update( S[i], in__, BLAKE2S_BLOCKBYTES );
in__ += PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES;
inlen__ -= PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES;
}
@ -271,10 +271,10 @@ int _cryptonite_blake2sp( void *out, size_t outlen, const void *in, size_t inlen
{
const size_t left = inlen__ - i * BLAKE2S_BLOCKBYTES;
const size_t len = left <= BLAKE2S_BLOCKBYTES ? left : BLAKE2S_BLOCKBYTES;
_cryptonite_blake2s_update( S[i], in__, len );
blake2s_update( S[i], in__, len );
}
_cryptonite_blake2s_final( S[i], hash[i], BLAKE2S_OUTBYTES );
blake2s_final( S[i], hash[i], BLAKE2S_OUTBYTES );
}
if( blake2sp_init_root( FS, outlen, keylen ) < 0 )
@ -283,9 +283,9 @@ int _cryptonite_blake2sp( void *out, size_t outlen, const void *in, size_t inlen
FS->last_node = 1;
for( i = 0; i < PARALLELISM_DEGREE; ++i )
_cryptonite_blake2s_update( FS, hash[i], BLAKE2S_OUTBYTES );
blake2s_update( FS, hash[i], BLAKE2S_OUTBYTES );
return _cryptonite_blake2s_final( FS, out, outlen );
return blake2s_final( FS, out, outlen );
}
@ -309,7 +309,7 @@ int main( void )
for( i = 0; i < BLAKE2_KAT_LENGTH; ++i )
{
uint8_t hash[BLAKE2S_OUTBYTES];
_cryptonite_blake2sp( hash, BLAKE2S_OUTBYTES, buf, i, key, BLAKE2S_KEYBYTES );
blake2sp( hash, BLAKE2S_OUTBYTES, buf, i, key, BLAKE2S_KEYBYTES );
if( 0 != memcmp( hash, blake2sp_keyed_kat[i], BLAKE2S_OUTBYTES ) )
{
@ -326,21 +326,21 @@ int main( void )
size_t mlen = i;
int err = 0;
if( (err = _cryptonite_blake2sp_init_key(&S, BLAKE2S_OUTBYTES, key, BLAKE2S_KEYBYTES)) < 0 ) {
if( (err = blake2sp_init_key(&S, BLAKE2S_OUTBYTES, key, BLAKE2S_KEYBYTES)) < 0 ) {
goto fail;
}
while (mlen >= step) {
if ( (err = _cryptonite_blake2sp_update(&S, p, step)) < 0 ) {
if ( (err = blake2sp_update(&S, p, step)) < 0 ) {
goto fail;
}
mlen -= step;
p += step;
}
if ( (err = _cryptonite_blake2sp_update(&S, p, mlen)) < 0) {
if ( (err = blake2sp_update(&S, p, mlen)) < 0) {
goto fail;
}
if ( (err = _cryptonite_blake2sp_final(&S, hash, BLAKE2S_OUTBYTES)) < 0) {
if ( (err = blake2sp_final(&S, hash, BLAKE2S_OUTBYTES)) < 0) {
goto fail;
}

42
cbits/blake2/ref/blake2xb-ref.c
View File

@ -23,11 +23,11 @@
#include "blake2.h"
#include "blake2-impl.h"
int _cryptonite_blake2xb_init( blake2xb_state *S, const size_t outlen ) {
return _cryptonite_blake2xb_init_key(S, outlen, NULL, 0);
int blake2xb_init( blake2xb_state *S, const size_t outlen ) {
return blake2xb_init_key(S, outlen, NULL, 0);
}
int _cryptonite_blake2xb_init_key( blake2xb_state *S, const size_t outlen, const void *key, size_t keylen)
int blake2xb_init_key( blake2xb_state *S, const size_t outlen, const void *key, size_t keylen)
{
if ( outlen == 0 || outlen > 0xFFFFFFFFUL ) {
return -1;
@ -55,7 +55,7 @@ int _cryptonite_blake2xb_init_key( blake2xb_state *S, const size_t outlen, const
memset( S->P->salt, 0, sizeof( S->P->salt ) );
memset( S->P->personal, 0, sizeof( S->P->personal ) );
if( _cryptonite_blake2b_init_param( S->S, S->P ) < 0 ) {
if( blake2b_init_param( S->S, S->P ) < 0 ) {
return -1;
}
@ -63,17 +63,17 @@ int _cryptonite_blake2xb_init_key( blake2xb_state *S, const size_t outlen, const
uint8_t block[BLAKE2B_BLOCKBYTES];
memset(block, 0, BLAKE2B_BLOCKBYTES);
memcpy(block, key, keylen);
_cryptonite_blake2b_update(S->S, block, BLAKE2B_BLOCKBYTES);
blake2b_update(S->S, block, BLAKE2B_BLOCKBYTES);
secure_zero_memory(block, BLAKE2B_BLOCKBYTES);
}
return 0;
}
int _cryptonite_blake2xb_update( blake2xb_state *S, const void *in, size_t inlen ) {
return _cryptonite_blake2b_update( S->S, in, inlen );
int blake2xb_update( blake2xb_state *S, const void *in, size_t inlen ) {
return blake2b_update( S->S, in, inlen );
}
int _cryptonite_blake2xb_final( blake2xb_state *S, void *out, size_t outlen) {
int blake2xb_final( blake2xb_state *S, void *out, size_t outlen) {
blake2b_state C[1];
blake2b_param P[1];
@ -98,7 +98,7 @@ int _cryptonite_blake2xb_final( blake2xb_state *S, void *out, size_t outlen) {
}
/* Finalize the root hash */
if (_cryptonite_blake2b_final(S->S, root, BLAKE2B_OUTBYTES) < 0) {
if (blake2b_final(S->S, root, BLAKE2B_OUTBYTES) < 0) {
return -1;
}
@ -117,10 +117,10 @@ int _cryptonite_blake2xb_final( blake2xb_state *S, void *out, size_t outlen) {
/* Initialize state */
P->digest_length = block_size;
store32(&P->node_offset, i);
_cryptonite_blake2b_init_param(C, P);
blake2b_init_param(C, P);
/* Process key if needed */
_cryptonite_blake2b_update(C, root, BLAKE2B_OUTBYTES);
if (_cryptonite_blake2b_final(C, (uint8_t *)out + i * BLAKE2B_OUTBYTES, block_size) < 0 ) {
blake2b_update(C, root, BLAKE2B_OUTBYTES);
if (blake2b_final(C, (uint8_t *)out + i * BLAKE2B_OUTBYTES, block_size) < 0 ) {
return -1;
}
outlen -= block_size;
@ -133,7 +133,7 @@ int _cryptonite_blake2xb_final( blake2xb_state *S, void *out, size_t outlen) {
}
int _cryptonite_blake2xb(void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen)
int blake2xb(void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen)
{
blake2xb_state S[1];
@ -154,15 +154,15 @@ int _cryptonite_blake2xb(void *out, size_t outlen, const void *in, size_t inlen,
return -1;
/* Initialize the root block structure */
if (_cryptonite_blake2xb_init_key(S, outlen, key, keylen) < 0) {
if (blake2xb_init_key(S, outlen, key, keylen) < 0) {
return -1;
}
/* Absorb the input message */
_cryptonite_blake2xb_update(S, in, inlen);
blake2xb_update(S, in, inlen);
/* Compute the root node of the tree and the final hash using the counter construction */
return _cryptonite_blake2xb_final(S, out, outlen);
return blake2xb_final(S, out, outlen);
}
#if defined(BLAKE2XB_SELFTEST)
@ -189,7 +189,7 @@ int main( void )
for( outlen = 1; outlen <= BLAKE2_KAT_LENGTH; ++outlen )
{
uint8_t hash[BLAKE2_KAT_LENGTH] = {0};
if( _cryptonite_blake2xb( hash, outlen, buf, BLAKE2_KAT_LENGTH, key, BLAKE2B_KEYBYTES ) < 0 ) {
if( blake2xb( hash, outlen, buf, BLAKE2_KAT_LENGTH, key, BLAKE2B_KEYBYTES ) < 0 ) {
goto fail;
}
@ -208,21 +208,21 @@ int main( void )
size_t mlen = BLAKE2_KAT_LENGTH;
int err = 0;
if( (err = _cryptonite_blake2xb_init_key(&S, outlen, key, BLAKE2B_KEYBYTES)) < 0 ) {
if( (err = blake2xb_init_key(&S, outlen, key, BLAKE2B_KEYBYTES)) < 0 ) {
goto fail;
}
while (mlen >= step) {
if ( (err = _cryptonite_blake2xb_update(&S, p, step)) < 0 ) {
if ( (err = blake2xb_update(&S, p, step)) < 0 ) {
goto fail;
}
mlen -= step;
p += step;
}
if ( (err = _cryptonite_blake2xb_update(&S, p, mlen)) < 0) {
if ( (err = blake2xb_update(&S, p, mlen)) < 0) {
goto fail;
}
if ( (err = _cryptonite_blake2xb_final(&S, hash, outlen)) < 0) {
if ( (err = blake2xb_final(&S, hash, outlen)) < 0) {
goto fail;
}

42
cbits/blake2/ref/blake2xs-ref.c
View File

@ -23,11 +23,11 @@
#include "blake2.h"
#include "blake2-impl.h"
int _cryptonite_blake2xs_init( blake2xs_state *S, const size_t outlen ) {
return _cryptonite_blake2xs_init_key(S, outlen, NULL, 0);
int blake2xs_init( blake2xs_state *S, const size_t outlen ) {
return blake2xs_init_key(S, outlen, NULL, 0);
}
int _cryptonite_blake2xs_init_key( blake2xs_state *S, const size_t outlen, const void *key, size_t keylen )
int blake2xs_init_key( blake2xs_state *S, const size_t outlen, const void *key, size_t keylen )
{
if ( outlen == 0 || outlen > 0xFFFFUL ) {
return -1;
@ -54,7 +54,7 @@ int _cryptonite_blake2xs_init_key( blake2xs_state *S, const size_t outlen, const
memset( S->P->salt, 0, sizeof( S->P->salt ) );
memset( S->P->personal, 0, sizeof( S->P->personal ) );
if( _cryptonite_blake2s_init_param( S->S, S->P ) < 0 ) {
if( blake2s_init_param( S->S, S->P ) < 0 ) {
return -1;
}
@ -62,17 +62,17 @@ int _cryptonite_blake2xs_init_key( blake2xs_state *S, const size_t outlen, const
uint8_t block[BLAKE2S_BLOCKBYTES];
memset(block, 0, BLAKE2S_BLOCKBYTES);
memcpy(block, key, keylen);
_cryptonite_blake2s_update(S->S, block, BLAKE2S_BLOCKBYTES);
blake2s_update(S->S, block, BLAKE2S_BLOCKBYTES);
secure_zero_memory(block, BLAKE2S_BLOCKBYTES);
}
return 0;
}
int _cryptonite_blake2xs_update( blake2xs_state *S, const void *in, size_t inlen ) {
return _cryptonite_blake2s_update( S->S, in, inlen );
int blake2xs_update( blake2xs_state *S, const void *in, size_t inlen ) {
return blake2s_update( S->S, in, inlen );
}
int _cryptonite_blake2xs_final(blake2xs_state *S, void *out, size_t outlen) {
int blake2xs_final(blake2xs_state *S, void *out, size_t outlen) {
blake2s_state C[1];
blake2s_param P[1];
@ -97,7 +97,7 @@ int _cryptonite_blake2xs_final(blake2xs_state *S, void *out, size_t outlen) {
}
/* Finalize the root hash */
if (_cryptonite_blake2s_final(S->S, root, BLAKE2S_OUTBYTES) < 0) {
if (blake2s_final(S->S, root, BLAKE2S_OUTBYTES) < 0) {
return -1;
}
@ -116,10 +116,10 @@ int _cryptonite_blake2xs_final(blake2xs_state *S, void *out, size_t outlen) {
/* Initialize state */
P->digest_length = block_size;
store32(&P->node_offset, i);
_cryptonite_blake2s_init_param(C, P);
blake2s_init_param(C, P);
/* Process key if needed */
_cryptonite_blake2s_update(C, root, BLAKE2S_OUTBYTES);
if (_cryptonite_blake2s_final(C, (uint8_t *)out + i * BLAKE2S_OUTBYTES, block_size) < 0) {
blake2s_update(C, root, BLAKE2S_OUTBYTES);
if (blake2s_final(C, (uint8_t *)out + i * BLAKE2S_OUTBYTES, block_size) < 0) {
return -1;
}
outlen -= block_size;
@ -131,7 +131,7 @@ int _cryptonite_blake2xs_final(blake2xs_state *S, void *out, size_t outlen) {
return 0;
}
int _cryptonite_blake2xs(void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen)
int blake2xs(void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen)
{
blake2xs_state S[1];
@ -152,15 +152,15 @@ int _cryptonite_blake2xs(void *out, size_t outlen, const void *in, size_t inlen,
return -1;
/* Initialize the root block structure */
if (_cryptonite_blake2xs_init_key(S, outlen, key, keylen) < 0) {
if (blake2xs_init_key(S, outlen, key, keylen) < 0) {
return -1;
}
/* Absorb the input message */
_cryptonite_blake2xs_update(S, in, inlen);
blake2xs_update(S, in, inlen);
/* Compute the root node of the tree and the final hash using the counter construction */
return _cryptonite_blake2xs_final(S, out, outlen);
return blake2xs_final(S, out, outlen);
}
#if defined(BLAKE2XS_SELFTEST)
@ -187,7 +187,7 @@ int main( void )
for( outlen = 1; outlen <= BLAKE2_KAT_LENGTH; ++outlen )
{
uint8_t hash[BLAKE2_KAT_LENGTH] = {0};
if( _cryptonite_blake2xs( hash, outlen, buf, BLAKE2_KAT_LENGTH, key, BLAKE2S_KEYBYTES ) < 0 ) {
if( blake2xs( hash, outlen, buf, BLAKE2_KAT_LENGTH, key, BLAKE2S_KEYBYTES ) < 0 ) {
goto fail;
}
@ -206,21 +206,21 @@ int main( void )
size_t mlen = BLAKE2_KAT_LENGTH;
int err = 0;
if( (err = _cryptonite_blake2xs_init_key(&S, outlen, key, BLAKE2S_KEYBYTES)) < 0 ) {
if( (err = blake2xs_init_key(&S, outlen, key, BLAKE2S_KEYBYTES)) < 0 ) {
goto fail;
}
while (mlen >= step) {
if ( (err = _cryptonite_blake2xs_update(&S, p, step)) < 0 ) {
if ( (err = blake2xs_update(&S, p, step)) < 0 ) {
goto fail;
}
mlen -= step;
p += step;
}
if ( (err = _cryptonite_blake2xs_update(&S, p, mlen)) < 0) {
if ( (err = blake2xs_update(&S, p, mlen)) < 0) {
goto fail;
}
if ( (err = _cryptonite_blake2xs_final(&S, hash, outlen)) < 0) {
if ( (err = blake2xs_final(&S, hash, outlen)) < 0) {
goto fail;
}

66
cbits/blake2/sse/blake2.h
View File

@ -142,51 +142,51 @@ extern "C" {
};
/* Streaming API */
int _cryptonite_blake2s_init( blake2s_state *S, size_t outlen );
int _cryptonite_blake2s_init_key( blake2s_state *S, size_t outlen, const void *key, size_t keylen );
int _cryptonite_blake2s_init_param( blake2s_state *S, const blake2s_param *P );
int _cryptonite_blake2s_update( blake2s_state *S, const void *in, size_t inlen );
int _cryptonite_blake2s_final( blake2s_state *S, void *out, size_t outlen );
int blake2s_init( blake2s_state *S, size_t outlen );
int blake2s_init_key( blake2s_state *S, size_t outlen, const void *key, size_t keylen );
int blake2s_init_param( blake2s_state *S, const blake2s_param *P );
int blake2s_update( blake2s_state *S, const void *in, size_t inlen );
int blake2s_final( blake2s_state *S, void *out, size_t outlen );
int _cryptonite_blake2b_init( blake2b_state *S, size_t outlen );
int _cryptonite_blake2b_init_key( blake2b_state *S, size_t outlen, const void *key, size_t keylen );
int _cryptonite_blake2b_init_param( blake2b_state *S, const blake2b_param *P );
int _cryptonite_blake2b_update( blake2b_state *S, const void *in, size_t inlen );
int _cryptonite_blake2b_final( blake2b_state *S, void *out, size_t outlen );
int blake2b_init( blake2b_state *S, size_t outlen );
int blake2b_init_key( blake2b_state *S, size_t outlen, const void *key, size_t keylen );
int blake2b_init_param( blake2b_state *S, const blake2b_param *P );
int blake2b_update( blake2b_state *S, const void *in, size_t inlen );
int blake2b_final( blake2b_state *S, void *out, size_t outlen );
int _cryptonite_blake2sp_init( blake2sp_state *S, size_t outlen );
int _cryptonite_blake2sp_init_key( blake2sp_state *S, size_t outlen, const void *key, size_t keylen );
int _cryptonite_blake2sp_update( blake2sp_state *S, const void *in, size_t inlen );
int _cryptonite_blake2sp_final( blake2sp_state *S, void *out, size_t outlen );
int blake2sp_init( blake2sp_state *S, size_t outlen );
int blake2sp_init_key( blake2sp_state *S, size_t outlen, const void *key, size_t keylen );
int blake2sp_update( blake2sp_state *S, const void *in, size_t inlen );
int blake2sp_final( blake2sp_state *S, void *out, size_t outlen );
int _cryptonite_blake2bp_init( blake2bp_state *S, size_t outlen );
int _cryptonite_blake2bp_init_key( blake2bp_state *S, size_t outlen, const void *key, size_t keylen );
int _cryptonite_blake2bp_update( blake2bp_state *S, const void *in, size_t inlen );
int _cryptonite_blake2bp_final( blake2bp_state *S, void *out, size_t outlen );
int blake2bp_init( blake2bp_state *S, size_t outlen );
int blake2bp_init_key( blake2bp_state *S, size_t outlen, const void *key, size_t keylen );
int blake2bp_update( blake2bp_state *S, const void *in, size_t inlen );
int blake2bp_final( blake2bp_state *S, void *out, size_t outlen );
/* Variable output length API */
int _cryptonite_blake2xs_init( blake2xs_state *S, const size_t outlen );
int _cryptonite_blake2xs_init_key( blake2xs_state *S, const size_t outlen, const void *key, size_t keylen );
int _cryptonite_blake2xs_update( blake2xs_state *S, const void *in, size_t inlen );
int _cryptonite_blake2xs_final(blake2xs_state *S, void *out, size_t outlen);
int blake2xs_init( blake2xs_state *S, const size_t outlen );
int blake2xs_init_key( blake2xs_state *S, const size_t outlen, const void *key, size_t keylen );
int blake2xs_update( blake2xs_state *S, const void *in, size_t inlen );
int blake2xs_final(blake2xs_state *S, void *out, size_t outlen);
int _cryptonite_blake2xb_init( blake2xb_state *S, const size_t outlen );
int _cryptonite_blake2xb_init_key( blake2xb_state *S, const size_t outlen, const void *key, size_t keylen );
int _cryptonite_blake2xb_update( blake2xb_state *S, const void *in, size_t inlen );
int _cryptonite_blake2xb_final(blake2xb_state *S, void *out, size_t outlen);
int blake2xb_init( blake2xb_state *S, const size_t outlen );
int blake2xb_init_key( blake2xb_state *S, const size_t outlen, const void *key, size_t keylen );
int blake2xb_update( blake2xb_state *S, const void *in, size_t inlen );
int blake2xb_final(blake2xb_state *S, void *out, size_t outlen);
/* Simple API */
int _cryptonite_blake2s( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
int _cryptonite_blake2b( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
int blake2s( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
int blake2b( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
int _cryptonite_blake2sp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
int _cryptonite_blake2bp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
int blake2sp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
int blake2bp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
int _cryptonite_blake2xs( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
int _cryptonite_blake2xb( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
int blake2xs( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
int blake2xb( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
/* This is simply an alias for blake2b */
int _cryptonite_blake2( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
int blake2( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );
#if defined(__cplusplus)
}

40
cbits/blake2/sse/blake2b.c
View File

@ -74,7 +74,7 @@ static void blake2b_increment_counter( blake2b_state *S, const uint64_t inc )
}
/* init xors IV with input parameter block */
int _cryptonite_blake2b_init_param( blake2b_state *S, const blake2b_param *P )
int blake2b_init_param( blake2b_state *S, const blake2b_param *P )
{
size_t i;
/*blake2b_init0( S ); */
@ -92,7 +92,7 @@ int _cryptonite_blake2b_init_param( blake2b_state *S, const blake2b_param *P )
/* Some sort of default parameter block initialization, for sequential blake2b */
int _cryptonite_blake2b_init( blake2b_state *S, size_t outlen )
int blake2b_init( blake2b_state *S, size_t outlen )
{
blake2b_param P[1];
@ -111,10 +111,10 @@ int _cryptonite_blake2b_init( blake2b_state *S, size_t outlen )
memset( P->salt, 0, sizeof( P->salt ) );
memset( P->personal, 0, sizeof( P->personal ) );
return _cryptonite_blake2b_init_param( S, P );
return blake2b_init_param( S, P );
}
int _cryptonite_blake2b_init_key( blake2b_state *S, size_t outlen, const void *key, size_t keylen )
int blake2b_init_key( blake2b_state *S, size_t outlen, const void *key, size_t keylen )
{
blake2b_param P[1];
@ -135,14 +135,14 @@ int _cryptonite_blake2b_init_key( blake2b_state *S, size_t outlen, const void *k
memset( P->salt, 0, sizeof( P->salt ) );
memset( P->personal, 0, sizeof( P->personal ) );
if( _cryptonite_blake2b_init_param( S, P ) < 0 )
if( blake2b_init_param( S, P ) < 0 )
return 0;
{
uint8_t block[BLAKE2B_BLOCKBYTES];
memset( block, 0, BLAKE2B_BLOCKBYTES );
memcpy( block, key, keylen );
_cryptonite_blake2b_update( S, block, BLAKE2B_BLOCKBYTES );
blake2b_update( S, block, BLAKE2B_BLOCKBYTES );
secure_zero_memory( block, BLAKE2B_BLOCKBYTES ); /* Burn the key from stack */
}
return 0;
@ -218,7 +218,7 @@ static void blake2b_compress( blake2b_state *S, const uint8_t block[BLAKE2B_BLOC
}
int _cryptonite_blake2b_update( blake2b_state *S, const void *pin, size_t inlen )
int blake2b_update( blake2b_state *S, const void *pin, size_t inlen )
{
const unsigned char * in = (const unsigned char *)pin;
if( inlen > 0 )
@ -246,7 +246,7 @@ int _cryptonite_blake2b_update( blake2b_state *S, const void *pin, size_t inlen
}
int _cryptonite_blake2b_final( blake2b_state *S, void *out, size_t outlen )
int blake2b_final( blake2b_state *S, void *out, size_t outlen )
{
if( out == NULL || outlen < S->outlen )
return -1;
@ -264,7 +264,7 @@ int _cryptonite_blake2b_final( blake2b_state *S, void *out, size_t outlen )
}
int _cryptonite_blake2b( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen )
int blake2b( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen )
{
blake2b_state S[1];
@ -281,26 +281,26 @@ int _cryptonite_blake2b( void *out, size_t outlen, const void *in, size_t inlen,
if( keylen )
{
if( _cryptonite_blake2b_init_key( S, outlen, key, keylen ) < 0 ) return -1;
if( blake2b_init_key( S, outlen, key, keylen ) < 0 ) return -1;
}
else
{
if( _cryptonite_blake2b_init( S, outlen ) < 0 ) return -1;
if( blake2b_init( S, outlen ) < 0 ) return -1;
}
_cryptonite_blake2b_update( S, ( const uint8_t * )in, inlen );
_cryptonite_blake2b_final( S, out, outlen );
blake2b_update( S, ( const uint8_t * )in, inlen );
blake2b_final( S, out, outlen );
return 0;
}
int _cryptonite_blake2( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ) {
return _cryptonite_blake2b(out, outlen, in, inlen, key, keylen);
int blake2( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ) {
return blake2b(out, outlen, in, inlen, key, keylen);
}
#if defined(SUPERCOP)
int crypto_hash( unsigned char *out, unsigned char *in, unsigned long long inlen )
{
return _cryptonite_blake2b( out, BLAKE2B_OUTBYTES, in, inlen, NULL, 0 );
return blake2b( out, BLAKE2B_OUTBYTES, in, inlen, NULL, 0 );
}
#endif
@ -340,21 +340,21 @@ int main( void )
size_t mlen = i;
int err = 0;
if( (err = _cryptonite_blake2b_init_key(&S, BLAKE2B_OUTBYTES, key, BLAKE2B_KEYBYTES)) < 0 ) {
if( (err = blake2b_init_key(&S, BLAKE2B_OUTBYTES, key, BLAKE2B_KEYBYTES)) < 0 ) {
goto fail;
}
while (mlen >= step) {
if ( (err = _cryptonite_blake2b_update(&S, p, step)) < 0 ) {
if ( (err = blake2b_update(&S, p, step)) < 0 ) {
goto fail;
}
mlen -= step;
p += step;
}
if ( (err = _cryptonite_blake2b_update(&S, p, mlen)) < 0) {
if ( (err = blake2b_update(&S, p, mlen)) < 0) {
goto fail;
}
if ( (err = _cryptonite_blake2b_final(&S, hash, BLAKE2B_OUTBYTES)) < 0) {
if ( (err = blake2b_final(&S, hash, BLAKE2B_OUTBYTES)) < 0) {
goto fail;
}

50
cbits/blake2/sse/blake2bp.c
View File

@ -36,7 +36,7 @@
*/
static int blake2bp_init_leaf_param( blake2b_state *S, const blake2b_param *P )
{
int err = _cryptonite_blake2b_init_param(S, P);
int err = blake2b_init_param(S, P);
S->outlen = P->inner_length;
return err;
}
@ -74,11 +74,11 @@ static int blake2bp_init_root( blake2b_state *S, size_t outlen, size_t keylen )
memset( P->reserved, 0, sizeof( P->reserved ) );
memset( P->salt, 0, sizeof( P->salt ) );
memset( P->personal, 0, sizeof( P->personal ) );
return _cryptonite_blake2b_init_param( S, P );
return blake2b_init_param( S, P );
}
int _cryptonite_blake2bp_init( blake2bp_state *S, size_t outlen )
int blake2bp_init( blake2bp_state *S, size_t outlen )
{
size_t i;
if( !outlen || outlen > BLAKE2B_OUTBYTES ) return -1;
@ -98,7 +98,7 @@ int _cryptonite_blake2bp_init( blake2bp_state *S, size_t outlen )
return 0;
}
int _cryptonite_blake2bp_init_key( blake2bp_state *S, size_t outlen, const void *key, size_t keylen )
int blake2bp_init_key( blake2bp_state *S, size_t outlen, const void *key, size_t keylen )
{
size_t i;
@ -124,7 +124,7 @@ int _cryptonite_blake2bp_init_key( blake2bp_state *S, size_t outlen, const void
memcpy( block, key, keylen );
for( i = 0; i < PARALLELISM_DEGREE; ++i )
_cryptonite_blake2b_update( S->S[i], block, BLAKE2B_BLOCKBYTES );
blake2b_update( S->S[i], block, BLAKE2B_BLOCKBYTES );
secure_zero_memory( block, BLAKE2B_BLOCKBYTES ); /* Burn the key from stack */
}
@ -132,7 +132,7 @@ int _cryptonite_blake2bp_init_key( blake2bp_state *S, size_t outlen, const void
}
int _cryptonite_blake2bp_update( blake2bp_state *S, const void *pin, size_t inlen )
int blake2bp_update( blake2bp_state *S, const void *pin, size_t inlen )
{
const unsigned char * in = (const unsigned char *)pin;
size_t left = S->buflen;
@ -144,7 +144,7 @@ int _cryptonite_blake2bp_update( blake2bp_state *S, const void *pin, size_t inle
memcpy( S->buf + left, in, fill );
for( i = 0; i < PARALLELISM_DEGREE; ++i )
_cryptonite_blake2b_update( S->S[i], S->buf + i * BLAKE2B_BLOCKBYTES, BLAKE2B_BLOCKBYTES );
blake2b_update( S->S[i], S->buf + i * BLAKE2B_BLOCKBYTES, BLAKE2B_BLOCKBYTES );
in += fill;
inlen -= fill;
@ -167,7 +167,7 @@ int _cryptonite_blake2bp_update( blake2bp_state *S, const void *pin, size_t inle
while( inlen__ >= PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES )
{
_cryptonite_blake2b_update( S->S[i], in__, BLAKE2B_BLOCKBYTES );
blake2b_update( S->S[i], in__, BLAKE2B_BLOCKBYTES );
in__ += PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES;
inlen__ -= PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES;
}
@ -185,7 +185,7 @@ int _cryptonite_blake2bp_update( blake2bp_state *S, const void *pin, size_t inle
int _cryptonite_blake2bp_final( blake2bp_state *S, void *out, size_t outlen )
int blake2bp_final( blake2bp_state *S, void *out, size_t outlen )
{
uint8_t hash[PARALLELISM_DEGREE][BLAKE2B_OUTBYTES];
size_t i;
@ -202,19 +202,19 @@ int _cryptonite_blake2bp_final( blake2bp_state *S, void *out, size_t outlen )
if( left > BLAKE2B_BLOCKBYTES ) left = BLAKE2B_BLOCKBYTES;
_cryptonite_blake2b_update( S->S[i], S->buf + i * BLAKE2B_BLOCKBYTES, left );
blake2b_update( S->S[i], S->buf + i * BLAKE2B_BLOCKBYTES, left );
}
_cryptonite_blake2b_final( S->S[i], hash[i], BLAKE2B_OUTBYTES );
blake2b_final( S->S[i], hash[i], BLAKE2B_OUTBYTES );
}
for( i = 0; i < PARALLELISM_DEGREE; ++i )
_cryptonite_blake2b_update( S->R, hash[i], BLAKE2B_OUTBYTES );
blake2b_update( S->R, hash[i], BLAKE2B_OUTBYTES );
return _cryptonite_blake2b_final( S->R, out, S->outlen );
return blake2b_final( S->R, out, S->outlen );
}
int _cryptonite_blake2bp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen )
int blake2bp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen )
{
uint8_t hash[PARALLELISM_DEGREE][BLAKE2B_OUTBYTES];
blake2b_state S[PARALLELISM_DEGREE][1];
@ -244,7 +244,7 @@ int _cryptonite_blake2bp( void *out, size_t outlen, const void *in, size_t inlen
memcpy( block, key, keylen );
for( i = 0; i < PARALLELISM_DEGREE; ++i )
_cryptonite_blake2b_update( S[i], block, BLAKE2B_BLOCKBYTES );
blake2b_update( S[i], block, BLAKE2B_BLOCKBYTES );
secure_zero_memory( block, BLAKE2B_BLOCKBYTES ); /* Burn the key from stack */
}
@ -265,7 +265,7 @@ int _cryptonite_blake2bp( void *out, size_t outlen, const void *in, size_t inlen
while( inlen__ >= PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES )
{
_cryptonite_blake2b_update( S[i], in__, BLAKE2B_BLOCKBYTES );
blake2b_update( S[i], in__, BLAKE2B_BLOCKBYTES );
in__ += PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES;
inlen__ -= PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES;
}
@ -274,10 +274,10 @@ int _cryptonite_blake2bp( void *out, size_t outlen, const void *in, size_t inlen
{
const size_t left = inlen__ - i * BLAKE2B_BLOCKBYTES;
const size_t len = left <= BLAKE2B_BLOCKBYTES ? left : BLAKE2B_BLOCKBYTES;
_cryptonite_blake2b_update( S[i], in__, len );
blake2b_update( S[i], in__, len );
}
_cryptonite_blake2b_final( S[i], hash[i], BLAKE2B_OUTBYTES );
blake2b_final( S[i], hash[i], BLAKE2B_OUTBYTES );
}
if( blake2bp_init_root( FS, outlen, keylen ) < 0 )
@ -286,9 +286,9 @@ int _cryptonite_blake2bp( void *out, size_t outlen, const void *in, size_t inlen
FS->last_node = 1; /* Mark as last node */
for( i = 0; i < PARALLELISM_DEGREE; ++i )
_cryptonite_blake2b_update( FS, hash[i], BLAKE2B_OUTBYTES );
blake2b_update( FS, hash[i], BLAKE2B_OUTBYTES );
return _cryptonite_blake2b_final( FS, out, outlen );
return blake2b_final( FS, out, outlen );
}
@ -311,7 +311,7 @@ int main( void )
for( i = 0; i < BLAKE2_KAT_LENGTH; ++i )
{
uint8_t hash[BLAKE2B_OUTBYTES];
_cryptonite_blake2bp( hash, BLAKE2B_OUTBYTES, buf, i, key, BLAKE2B_KEYBYTES );
blake2bp( hash, BLAKE2B_OUTBYTES, buf, i, key, BLAKE2B_KEYBYTES );
if( 0 != memcmp( hash, blake2bp_keyed_kat[i], BLAKE2B_OUTBYTES ) )
{
@ -328,21 +328,21 @@ int main( void )
size_t mlen = i;
int err = 0;
if( (err = _cryptonite_blake2bp_init_key(&S, BLAKE2B_OUTBYTES, key, BLAKE2B_KEYBYTES)) < 0 ) {
if( (err = blake2bp_init_key(&S, BLAKE2B_OUTBYTES, key, BLAKE2B_KEYBYTES)) < 0 ) {
goto fail;
}
while (mlen >= step) {
if ( (err = _cryptonite_blake2bp_update(&S, p, step)) < 0 ) {
if ( (err = blake2bp_update(&S, p, step)) < 0 ) {
goto fail;
}
mlen -= step;
p += step;
}
if ( (err = _cryptonite_blake2bp_update(&S, p, mlen)) < 0) {
if ( (err = blake2bp_update(&S, p, mlen)) < 0) {
goto fail;
}
if ( (err = _cryptonite_blake2bp_final(&S, hash, BLAKE2B_OUTBYTES)) < 0) {
if ( (err = blake2bp_final(&S, hash, BLAKE2B_OUTBYTES)) < 0) {
goto fail;
}

32
cbits/blake2/sse/blake2s.c
View File

@ -72,7 +72,7 @@ static void blake2s_increment_counter( blake2s_state *S, const uint32_t inc )
}
/* init2 xors IV with input parameter block */
int _cryptonite_blake2s_init_param( blake2s_state *S, const blake2s_param *P )
int blake2s_init_param( blake2s_state *S, const blake2s_param *P )
{
size_t i;
/*blake2s_init0( S ); */
@ -90,7 +90,7 @@ int _cryptonite_blake2s_init_param( blake2s_state *S, const blake2s_param *P )
/* Some sort of default parameter block initialization, for sequential blake2s */
int _cryptonite_blake2s_init( blake2s_state *S, size_t outlen )
int blake2s_init( blake2s_state *S, size_t outlen )
{
blake2s_param P[1];
@ -110,11 +110,11 @@ int _cryptonite_blake2s_init( blake2s_state *S, size_t outlen )
memset( P->salt, 0, sizeof( P->salt ) );
memset( P->personal, 0, sizeof( P->personal ) );
return _cryptonite_blake2s_init_param( S, P );
return blake2s_init_param( S, P );
}
int _cryptonite_blake2s_init_key( blake2s_state *S, size_t outlen, const void *key, size_t keylen )
int blake2s_init_key( blake2s_state *S, size_t outlen, const void *key, size_t keylen )
{
blake2s_param P[1];
@ -136,14 +136,14 @@ int _cryptonite_blake2s_init_key( blake2s_state *S, size_t outlen, const void *k
memset( P->salt, 0, sizeof( P->salt ) );
memset( P->personal, 0, sizeof( P->personal ) );
if( _cryptonite_blake2s_init_param( S, P ) < 0 )
if( blake2s_init_param( S, P ) < 0 )
return -1;
{
uint8_t block[BLAKE2S_BLOCKBYTES];
memset( block, 0, BLAKE2S_BLOCKBYTES );
memcpy( block, key, keylen );
_cryptonite_blake2s_update( S, block, BLAKE2S_BLOCKBYTES );
blake2s_update( S, block, BLAKE2S_BLOCKBYTES );
secure_zero_memory( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from stack */
}
return 0;
@ -206,7 +206,7 @@ static void blake2s_compress( blake2s_state *S, const uint8_t block[BLAKE2S_BLOC
STOREU( &S->h[4], _mm_xor_si128( ff1, _mm_xor_si128( row2, row4 ) ) );
}
int _cryptonite_blake2s_update( blake2s_state *S, const void *pin, size_t inlen )
int blake2s_update( blake2s_state *S, const void *pin, size_t inlen )
{
const unsigned char * in = (const unsigned char *)pin;
if( inlen > 0 )
@ -233,7 +233,7 @@ int _cryptonite_blake2s_update( blake2s_state *S, const void *pin, size_t inlen
return 0;
}
int _cryptonite_blake2s_final( blake2s_state *S, void *out, size_t outlen )
int blake2s_final( blake2s_state *S, void *out, size_t outlen )
{
uint8_t buffer[BLAKE2S_OUTBYTES] = {0};
size_t i;
@ -275,15 +275,15 @@ int blake2s( void *out, size_t outlen, const void *in, size_t inlen, const void
if( keylen > 0 )
{
if( _cryptonite_blake2s_init_key( S, outlen, key, keylen ) < 0 ) return -1;
if( blake2s_init_key( S, outlen, key, keylen ) < 0 ) return -1;
}
else
{
if( _cryptonite_blake2s_init( S, outlen ) < 0 ) return -1;
if( blake2s_init( S, outlen ) < 0 ) return -1;
}
_cryptonite_blake2s_update( S, ( const uint8_t * )in, inlen );
_cryptonite_blake2s_final( S, out, outlen );
blake2s_update( S, ( const uint8_t * )in, inlen );
blake2s_final( S, out, outlen );
return 0;
}
@ -330,21 +330,21 @@ int main( void )
size_t mlen = i;
int err = 0;
if( (err = _cryptonite_blake2s_init_key(&S, BLAKE2S_OUTBYTES, key, BLAKE2S_KEYBYTES)) < 0 ) {
if( (err = blake2s_init_key(&S, BLAKE2S_OUTBYTES, key, BLAKE2S_KEYBYTES)) < 0 ) {
goto fail;
}
while (mlen >= step) {
if ( (err = _cryptonite_blake2s_update(&S, p, step)) < 0 ) {
if ( (err = blake2s_update(&S, p, step)) < 0 ) {
goto fail;
}
mlen -= step;
p += step;
}
if ( (err = _cryptonite_blake2s_update(&S, p, mlen)) < 0) {
if ( (err = blake2s_update(&S, p, mlen)) < 0) {
goto fail;
}
if ( (err = _cryptonite_blake2s_final(&S, hash, BLAKE2S_OUTBYTES)) < 0) {
if ( (err = blake2s_final(&S, hash, BLAKE2S_OUTBYTES)) < 0) {
goto fail;
}

50
cbits/blake2/sse/blake2sp.c
View File

@ -35,7 +35,7 @@
*/
static int blake2sp_init_leaf_param( blake2s_state *S, const blake2s_param *P )
{
int err = _cryptonite_blake2s_init_param(S, P);
int err = blake2s_init_param(S, P);
S->outlen = P->inner_length;
return err;
}
@ -71,11 +71,11 @@ static int blake2sp_init_root( blake2s_state *S, size_t outlen, size_t keylen )
P->inner_length = BLAKE2S_OUTBYTES;
memset( P->salt, 0, sizeof( P->salt ) );
memset( P->personal, 0, sizeof( P->personal ) );
return _cryptonite_blake2s_init_param( S, P );
return blake2s_init_param( S, P );
}
int _cryptonite_blake2sp_init( blake2sp_state *S, size_t outlen )
int blake2sp_init( blake2sp_state *S, size_t outlen )
{
size_t i;
@ -96,7 +96,7 @@ int _cryptonite_blake2sp_init( blake2sp_state *S, size_t outlen )
return 0;
}
int _cryptonite_blake2sp_init_key( blake2sp_state *S, size_t outlen, const void *key, size_t keylen )
int blake2sp_init_key( blake2sp_state *S, size_t outlen, const void *key, size_t keylen )
{
size_t i;
@ -122,7 +122,7 @@ int _cryptonite_blake2sp_init_key( blake2sp_state *S, size_t outlen, const void
memcpy( block, key, keylen );
for( i = 0; i < PARALLELISM_DEGREE; ++i )
_cryptonite_blake2s_update( S->S[i], block, BLAKE2S_BLOCKBYTES );
blake2s_update( S->S[i], block, BLAKE2S_BLOCKBYTES );
secure_zero_memory( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from stack */
}
@ -130,7 +130,7 @@ int _cryptonite_blake2sp_init_key( blake2sp_state *S, size_t outlen, const void
}
int _cryptonite_blake2sp_update( blake2sp_state *S, const void *pin, size_t inlen )
int blake2sp_update( blake2sp_state *S, const void *pin, size_t inlen )
{
const unsigned char * in = (const unsigned char *)pin;
size_t left = S->buflen;
@ -142,7 +142,7 @@ int _cryptonite_blake2sp_update( blake2sp_state *S, const void *pin, size_t inle
memcpy( S->buf + left, in, fill );
for( i = 0; i < PARALLELISM_DEGREE; ++i )
_cryptonite_blake2s_update( S->S[i], S->buf + i * BLAKE2S_BLOCKBYTES, BLAKE2S_BLOCKBYTES );
blake2s_update( S->S[i], S->buf + i * BLAKE2S_BLOCKBYTES, BLAKE2S_BLOCKBYTES );
in += fill;
inlen -= fill;
@ -165,7 +165,7 @@ int _cryptonite_blake2sp_update( blake2sp_state *S, const void *pin, size_t inle
while( inlen__ >= PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES )
{
_cryptonite_blake2s_update( S->S[i], in__, BLAKE2S_BLOCKBYTES );
blake2s_update( S->S[i], in__, BLAKE2S_BLOCKBYTES );
in__ += PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES;
inlen__ -= PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES;
}
@ -182,7 +182,7 @@ int _cryptonite_blake2sp_update( blake2sp_state *S, const void *pin, size_t inle
}
int _cryptonite_blake2sp_final( blake2sp_state *S, void *out, size_t outlen )
int blake2sp_final( blake2sp_state *S, void *out, size_t outlen )
{
uint8_t hash[PARALLELISM_DEGREE][BLAKE2S_OUTBYTES];
size_t i;
@ -199,20 +199,20 @@ int _cryptonite_blake2sp_final( blake2sp_state *S, void *out, size_t outlen )
if( left > BLAKE2S_BLOCKBYTES ) left = BLAKE2S_BLOCKBYTES;
_cryptonite_blake2s_update( S->S[i], S->buf + i * BLAKE2S_BLOCKBYTES, left );
blake2s_update( S->S[i], S->buf + i * BLAKE2S_BLOCKBYTES, left );
}
_cryptonite_blake2s_final( S->S[i], hash[i], BLAKE2S_OUTBYTES );
blake2s_final( S->S[i], hash[i], BLAKE2S_OUTBYTES );
}
for( i = 0; i < PARALLELISM_DEGREE; ++i )
_cryptonite_blake2s_update( S->R, hash[i], BLAKE2S_OUTBYTES );
blake2s_update( S->R, hash[i], BLAKE2S_OUTBYTES );
return _cryptonite_blake2s_final( S->R, out, S->outlen );
return blake2s_final( S->R, out, S->outlen );
}
int _cryptonite_blake2sp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen )
int blake2sp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen )
{
uint8_t hash[PARALLELISM_DEGREE][BLAKE2S_OUTBYTES];
blake2s_state S[PARALLELISM_DEGREE][1];
@ -242,7 +242,7 @@ int _cryptonite_blake2sp( void *out, size_t outlen, const void *in, size_t inlen
memcpy( block, key, keylen );
for( i = 0; i < PARALLELISM_DEGREE; ++i )
_cryptonite_blake2s_update( S[i], block, BLAKE2S_BLOCKBYTES );
blake2s_update( S[i], block, BLAKE2S_BLOCKBYTES );
secure_zero_memory( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from stack */
}
@ -263,7 +263,7 @@ int _cryptonite_blake2sp( void *out, size_t outlen, const void *in, size_t inlen
while( inlen__ >= PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES )
{
_cryptonite_blake2s_update( S[i], in__, BLAKE2S_BLOCKBYTES );
blake2s_update( S[i], in__, BLAKE2S_BLOCKBYTES );
in__ += PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES;
inlen__ -= PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES;
}
@ -272,10 +272,10 @@ int _cryptonite_blake2sp( void *out, size_t outlen, const void *in, size_t inlen
{
const size_t left = inlen__ - i * BLAKE2S_BLOCKBYTES;
const size_t len = left <= BLAKE2S_BLOCKBYTES ? left : BLAKE2S_BLOCKBYTES;
_cryptonite_blake2s_update( S[i], in__, len );
blake2s_update( S[i], in__, len );
}
_cryptonite_blake2s_final( S[i], hash[i], BLAKE2S_OUTBYTES );
blake2s_final( S[i], hash[i], BLAKE2S_OUTBYTES );
}
if( blake2sp_init_root( FS, outlen, keylen ) < 0 )
@ -284,9 +284,9 @@ int _cryptonite_blake2sp( void *out, size_t outlen, const void *in, size_t inlen
FS->last_node = 1;
for( i = 0; i < PARALLELISM_DEGREE; ++i )
_cryptonite_blake2s_update( FS, hash[i], BLAKE2S_OUTBYTES );
blake2s_update( FS, hash[i], BLAKE2S_OUTBYTES );
return _cryptonite_blake2s_final( FS, out, outlen );
return blake2s_final( FS, out, outlen );
}
#if defined(BLAKE2SP_SELFTEST)
@ -308,7 +308,7 @@ int main( void )
for( i = 0; i < BLAKE2_KAT_LENGTH; ++i )
{
uint8_t hash[BLAKE2S_OUTBYTES];
_cryptonite_blake2sp( hash, BLAKE2S_OUTBYTES, buf, i, key, BLAKE2S_KEYBYTES );
blake2sp( hash, BLAKE2S_OUTBYTES, buf, i, key, BLAKE2S_KEYBYTES );
if( 0 != memcmp( hash, blake2sp_keyed_kat[i], BLAKE2S_OUTBYTES ) )
{
@ -325,21 +325,21 @@ int main( void )
size_t mlen = i;
int err = 0;
if( (err = _cryptonite_blake2sp_init_key(&S, BLAKE2S_OUTBYTES, key, BLAKE2S_KEYBYTES)) < 0 ) {
if( (err = blake2sp_init_key(&S, BLAKE2S_OUTBYTES, key, BLAKE2S_KEYBYTES)) < 0 ) {
goto fail;
}
while (mlen >= step) {
if ( (err = _cryptonite_blake2sp_update(&S, p, step)) < 0 ) {
if ( (err = blake2sp_update(&S, p, step)) < 0 ) {
goto fail;
}
mlen -= step;
p += step;
}
if ( (err = _cryptonite_blake2sp_update(&S, p, mlen)) < 0) {
if ( (err = blake2sp_update(&S, p, mlen)) < 0) {
goto fail;
}
if ( (err = _cryptonite_blake2sp_final(&S, hash, BLAKE2S_OUTBYTES)) < 0) {
if ( (err = blake2sp_final(&S, hash, BLAKE2S_OUTBYTES)) < 0) {
goto fail;
}

42
cbits/blake2/sse/blake2xb.c
View File

@ -23,11 +23,11 @@
#include "blake2.h"
#include "blake2-impl.h"
int _cryptonite_blake2xb_init( blake2xb_state *S, const size_t outlen ) {
return _cryptonite_blake2xb_init_key(S, outlen, NULL, 0);
int blake2xb_init( blake2xb_state *S, const size_t outlen ) {
return blake2xb_init_key(S, outlen, NULL, 0);
}
int _cryptonite_blake2xb_init_key( blake2xb_state *S, const size_t outlen, const void *key, size_t keylen)
int blake2xb_init_key( blake2xb_state *S, const size_t outlen, const void *key, size_t keylen)
{
if ( outlen == 0 || outlen > 0xFFFFFFFFUL ) {
return -1;
@ -55,7 +55,7 @@ int _cryptonite_blake2xb_init_key( blake2xb_state *S, const size_t outlen, const
memset( S->P->salt, 0, sizeof( S->P->salt ) );
memset( S->P->personal, 0, sizeof( S->P->personal ) );
if( _cryptonite_blake2b_init_param( S->S, S->P ) < 0 ) {
if( blake2b_init_param( S->S, S->P ) < 0 ) {
return -1;
}
@ -63,17 +63,17 @@ int _cryptonite_blake2xb_init_key( blake2xb_state *S, const size_t outlen, const
uint8_t block[BLAKE2B_BLOCKBYTES];
memset(block, 0, BLAKE2B_BLOCKBYTES);
memcpy(block, key, keylen);
_cryptonite_blake2b_update(S->S, block, BLAKE2B_BLOCKBYTES);
blake2b_update(S->S, block, BLAKE2B_BLOCKBYTES);
secure_zero_memory(block, BLAKE2B_BLOCKBYTES);
}
return 0;
}
int _cryptonite_blake2xb_update( blake2xb_state *S, const void *in, size_t inlen ) {
return _cryptonite_blake2b_update( S->S, in, inlen );
int blake2xb_update( blake2xb_state *S, const void *in, size_t inlen ) {
return blake2b_update( S->S, in, inlen );
}
int _cryptonite_blake2xb_final( blake2xb_state *S, void *out, size_t outlen) {
int blake2xb_final( blake2xb_state *S, void *out, size_t outlen) {
blake2b_state C[1];
blake2b_param P[1];
@ -98,7 +98,7 @@ int _cryptonite_blake2xb_final( blake2xb_state *S, void *out, size_t outlen) {
}
/* Finalize the root hash */
if (_cryptonite_blake2b_final(S->S, root, BLAKE2B_OUTBYTES) < 0) {
if (blake2b_final(S->S, root, BLAKE2B_OUTBYTES) < 0) {
return -1;
}
@ -117,10 +117,10 @@ int _cryptonite_blake2xb_final( blake2xb_state *S, void *out, size_t outlen) {
/* Initialize state */
P->digest_length = block_size;
store32(&P->node_offset, i);
_cryptonite_blake2b_init_param(C, P);
blake2b_init_param(C, P);
/* Process key if needed */
_cryptonite_blake2b_update(C, root, BLAKE2B_OUTBYTES);
if (_cryptonite_blake2b_final(C, (uint8_t *)out + i * BLAKE2B_OUTBYTES, block_size) < 0 ) {
blake2b_update(C, root, BLAKE2B_OUTBYTES);
if (blake2b_final(C, (uint8_t *)out + i * BLAKE2B_OUTBYTES, block_size) < 0 ) {
return -1;
}
outlen -= block_size;
@ -133,7 +133,7 @@ int _cryptonite_blake2xb_final( blake2xb_state *S, void *out, size_t outlen) {
}
int _cryptonite_blake2xb(void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen)
int blake2xb(void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen)
{
blake2xb_state S[1];
@ -154,15 +154,15 @@ int _cryptonite_blake2xb(void *out, size_t outlen, const void *in, size_t inlen,
return -1;
/* Initialize the root block structure */
if (_cryptonite_blake2xb_init_key(S, outlen, key, keylen) < 0) {
if (blake2xb_init_key(S, outlen, key, keylen) < 0) {
return -1;
}
/* Absorb the input message */
_cryptonite_blake2xb_update(S, in, inlen);
blake2xb_update(S, in, inlen);
/* Compute the root node of the tree and the final hash using the counter construction */
return _cryptonite_blake2xb_final(S, out, outlen);
return blake2xb_final(S, out, outlen);
}
#if defined(BLAKE2XB_SELFTEST)
@ -189,7 +189,7 @@ int main( void )
for( outlen = 1; outlen <= BLAKE2_KAT_LENGTH; ++outlen )
{
uint8_t hash[BLAKE2_KAT_LENGTH] = {0};
if( _cryptonite_blake2xb( hash, outlen, buf, BLAKE2_KAT_LENGTH, key, BLAKE2B_KEYBYTES ) < 0 ) {
if( blake2xb( hash, outlen, buf, BLAKE2_KAT_LENGTH, key, BLAKE2B_KEYBYTES ) < 0 ) {
goto fail;
}
@ -208,21 +208,21 @@ int main( void )
size_t mlen = BLAKE2_KAT_LENGTH;
int err = 0;
if( (err = _cryptonite_blake2xb_init_key(&S, outlen, key, BLAKE2B_KEYBYTES)) < 0 ) {
if( (err = blake2xb_init_key(&S, outlen, key, BLAKE2B_KEYBYTES)) < 0 ) {
goto fail;
}
while (mlen >= step) {
if ( (err = _cryptonite_blake2xb_update(&S, p, step)) < 0 ) {
if ( (err = blake2xb_update(&S, p, step)) < 0 ) {
goto fail;
}
mlen -= step;
p += step;
}
if ( (err = _cryptonite_blake2xb_update(&S, p, mlen)) < 0) {
if ( (err = blake2xb_update(&S, p, mlen)) < 0) {
goto fail;
}
if ( (err = _cryptonite_blake2xb_final(&S, hash, outlen)) < 0) {
if ( (err = blake2xb_final(&S, hash, outlen)) < 0) {
goto fail;
}

42
cbits/blake2/sse/blake2xs.c
View File

@ -23,11 +23,11 @@
#include "blake2.h"
#include "blake2-impl.h"
int _cryptonite_blake2xs_init( blake2xs_state *S, const size_t outlen ) {
return _cryptonite_blake2xs_init_key(S, outlen, NULL, 0);
int blake2xs_init( blake2xs_state *S, const size_t outlen ) {
return blake2xs_init_key(S, outlen, NULL, 0);
}
int _cryptonite_blake2xs_init_key( blake2xs_state *S, const size_t outlen, const void *key, size_t keylen )
int blake2xs_init_key( blake2xs_state *S, const size_t outlen, const void *key, size_t keylen )
{
if ( outlen == 0 || outlen > 0xFFFFUL ) {
return -1;
@ -54,7 +54,7 @@ int _cryptonite_blake2xs_init_key( blake2xs_state *S, const size_t outlen, const
memset( S->P->salt, 0, sizeof( S->P->salt ) );
memset( S->P->personal, 0, sizeof( S->P->personal ) );
if( _cryptonite_blake2s_init_param( S->S, S->P ) < 0 ) {
if( blake2s_init_param( S->S, S->P ) < 0 ) {
return -1;
}
@ -62,17 +62,17 @@ int _cryptonite_blake2xs_init_key( blake2xs_state *S, const size_t outlen, const
uint8_t block[BLAKE2S_BLOCKBYTES];
memset(block, 0, BLAKE2S_BLOCKBYTES);
memcpy(block, key, keylen);
_cryptonite_blake2s_update(S->S, block, BLAKE2S_BLOCKBYTES);
blake2s_update(S->S, block, BLAKE2S_BLOCKBYTES);
secure_zero_memory(block, BLAKE2S_BLOCKBYTES);
}
return 0;
}
int _cryptonite_blake2xs_update( blake2xs_state *S, const void *in, size_t inlen ) {
return _cryptonite_blake2s_update( S->S, in, inlen );
int blake2xs_update( blake2xs_state *S, const void *in, size_t inlen ) {
return blake2s_update( S->S, in, inlen );
}
int _cryptonite_blake2xs_final(blake2xs_state *S, void *out, size_t outlen) {
int blake2xs_final(blake2xs_state *S, void *out, size_t outlen) {
blake2s_state C[1];
blake2s_param P[1];
@ -97,7 +97,7 @@ int _cryptonite_blake2xs_final(blake2xs_state *S, void *out, size_t outlen) {
}
/* Finalize the root hash */
if (_cryptonite_blake2s_final(S->S, root, BLAKE2S_OUTBYTES) < 0) {
if (blake2s_final(S->S, root, BLAKE2S_OUTBYTES) < 0) {
return -1;
}
@ -116,10 +116,10 @@ int _cryptonite_blake2xs_final(blake2xs_state *S, void *out, size_t outlen) {
/* Initialize state */
P->digest_length = block_size;
store32(&P->node_offset, i);
_cryptonite_blake2s_init_param(C, P);
blake2s_init_param(C, P);
/* Process key if needed */
_cryptonite_blake2s_update(C, root, BLAKE2S_OUTBYTES);
if (_cryptonite_blake2s_final(C, (uint8_t *)out + i * BLAKE2S_OUTBYTES, block_size) < 0) {
blake2s_update(C, root, BLAKE2S_OUTBYTES);
if (blake2s_final(C, (uint8_t *)out + i * BLAKE2S_OUTBYTES, block_size) < 0) {
return -1;
}
outlen -= block_size;
@ -131,7 +131,7 @@ int _cryptonite_blake2xs_final(blake2xs_state *S, void *out, size_t outlen) {
return 0;
}
int _cryptonite_blake2xs(void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen)
int blake2xs(void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen)
{
blake2xs_state S[1];
@ -152,15 +152,15 @@ int _cryptonite_blake2xs(void *out, size_t outlen, const void *in, size_t inlen,
return -1;
/* Initialize the root block structure */
if (_cryptonite_blake2xs_init_key(S, outlen, key, keylen) < 0) {
if (blake2xs_init_key(S, outlen, key, keylen) < 0) {
return -1;
}
/* Absorb the input message */
_cryptonite_blake2xs_update(S, in, inlen);
blake2xs_update(S, in, inlen);
/* Compute the root node of the tree and the final hash using the counter construction */
return _cryptonite_blake2xs_final(S, out, outlen);
return blake2xs_final(S, out, outlen);
}
#if defined(BLAKE2XS_SELFTEST)
@ -187,7 +187,7 @@ int main( void )
for( outlen = 1; outlen <= BLAKE2_KAT_LENGTH; ++outlen )
{
uint8_t hash[BLAKE2_KAT_LENGTH] = {0};
if( _cryptonite_blake2xs( hash, outlen, buf, BLAKE2_KAT_LENGTH, key, BLAKE2S_KEYBYTES ) < 0 ) {
if( blake2xs( hash, outlen, buf, BLAKE2_KAT_LENGTH, key, BLAKE2S_KEYBYTES ) < 0 ) {
goto fail;
}
@ -206,21 +206,21 @@ int main( void )
size_t mlen = BLAKE2_KAT_LENGTH;
int err = 0;
if( (err = _cryptonite_blake2xs_init_key(&S, outlen, key, BLAKE2S_KEYBYTES)) < 0 ) {
if( (err = blake2xs_init_key(&S, outlen, key, BLAKE2S_KEYBYTES)) < 0 ) {
goto fail;
}
while (mlen >= step) {
if ( (err = _cryptonite_blake2xs_update(&S, p, step)) < 0 ) {
if ( (err = blake2xs_update(&S, p, step)) < 0 ) {
goto fail;
}
mlen -= step;
p += step;
}
if ( (err = _cryptonite_blake2xs_update(&S, p, mlen)) < 0) {
if ( (err = blake2xs_update(&S, p, mlen)) < 0) {
goto fail;
}
if ( (err = _cryptonite_blake2xs_final(&S, hash, outlen)) < 0) {
if ( (err = blake2xs_final(&S, hash, outlen)) < 0) {
goto fail;
}

31
cbits/cryptonite_align.h
View File

@ -44,21 +44,11 @@ static inline void store_le32_aligned(uint8_t *dst, const uint32_t v)
*((uint32_t *) dst) = cpu_to_le32(v);
}
static inline void xor_le32_aligned(uint8_t *dst, const uint32_t v)
{
*((uint32_t *) dst) ^= cpu_to_le32(v);
}
static inline void store_be32_aligned(uint8_t *dst, const uint32_t v)
{
*((uint32_t *) dst) = cpu_to_be32(v);
}
static inline void xor_be32_aligned(uint8_t *dst, const uint32_t v)
{
*((uint32_t *) dst) ^= cpu_to_be32(v);
}
static inline void store_le64_aligned(uint8_t *dst, const uint64_t v)
{
*((uint64_t *) dst) = cpu_to_le64(v);
@ -69,11 +59,6 @@ static inline void store_be64_aligned(uint8_t *dst, const uint64_t v)
*((uint64_t *) dst) = cpu_to_be64(v);
}
static inline void xor_be64_aligned(uint8_t *dst, const uint64_t v)
{
*((uint64_t *) dst) ^= cpu_to_be64(v);
}
#ifdef UNALIGNED_ACCESS_OK
#define load_le32(a) load_le32_aligned(a)
#else
@ -85,30 +70,20 @@ static inline uint32_t load_le32(const uint8_t *p)
#ifdef UNALIGNED_ACCESS_OK
#define store_le32(a, b) store_le32_aligned(a, b)
#define xor_le32(a, b) xor_le32_aligned(a, b)
#else
static inline void store_le32(uint8_t *dst, const uint32_t v)
{
dst[0] = v; dst[1] = v >> 8; dst[2] = v >> 16; dst[3] = v >> 24;
}
static inline void xor_le32(uint8_t *dst, const uint32_t v)
{
dst[0] ^= v; dst[1] ^= v >> 8; dst[2] ^= v >> 16; dst[3] ^= v >> 24;
}
#endif
#ifdef UNALIGNED_ACCESS_OK
#define store_be32(a, b) store_be32_aligned(a, b)
#define xor_be32(a, b) xor_be32_aligned(a, b)
#else
static inline void store_be32(uint8_t *dst, const uint32_t v)
{
dst[3] = v; dst[2] = v >> 8; dst[1] = v >> 16; dst[0] = v >> 24;
}
static inline void xor_be32(uint8_t *dst, const uint32_t v)
{
dst[3] ^= v; dst[2] ^= v >> 8; dst[1] ^= v >> 16; dst[0] ^= v >> 24;
}
#endif
#ifdef UNALIGNED_ACCESS_OK
@ -123,18 +98,12 @@ static inline void store_le64(uint8_t *dst, const uint64_t v)
#ifdef UNALIGNED_ACCESS_OK
#define store_be64(a, b) store_be64_aligned(a, b)
#define xor_be64(a, b) xor_be64_aligned(a, b)
#else
static inline void store_be64(uint8_t *dst, const uint64_t v)
{
dst[7] = v ; dst[6] = v >> 8 ; dst[5] = v >> 16; dst[4] = v >> 24;
dst[3] = v >> 32; dst[2] = v >> 40; dst[1] = v >> 48; dst[0] = v >> 56;
}
static inline void xor_be64(uint8_t *dst, const uint64_t v)
{
dst[7] ^= v ; dst[6] ^= v >> 8 ; dst[5] ^= v >> 16; dst[4] ^= v >> 24;
dst[3] ^= v >> 32; dst[2] ^= v >> 40; dst[1] ^= v >> 48; dst[0] ^= v >> 56;
}
#endif
#endif

6
cbits/cryptonite_blake2b.c
View File

@ -2,15 +2,15 @@
void cryptonite_blake2b_init(blake2b_ctx *ctx, uint32_t hashlen)
{
_cryptonite_blake2b_init(ctx, hashlen / 8);
blake2b_init(ctx, hashlen / 8);
}
void cryptonite_blake2b_update(blake2b_ctx *ctx, const uint8_t *data, uint32_t len)
{
_cryptonite_blake2b_update(ctx, data, len);
blake2b_update(ctx, data, len);
}
void cryptonite_blake2b_finalize(blake2b_ctx *ctx, uint32_t hashlen, uint8_t *out)
{
_cryptonite_blake2b_final(ctx, out, hashlen / 8);
blake2b_final(ctx, out, hashlen / 8);
}

6
cbits/cryptonite_blake2bp.c
View File

@ -2,15 +2,15 @@
void cryptonite_blake2bp_init(blake2bp_ctx *ctx, uint32_t hashlen)
{
_cryptonite_blake2bp_init(ctx, hashlen / 8);
blake2bp_init(ctx, hashlen / 8);
}
void cryptonite_blake2bp_update(blake2bp_ctx *ctx, const uint8_t *data, uint32_t len)
{
_cryptonite_blake2bp_update(ctx, data, len);
blake2bp_update(ctx, data, len);
}
void cryptonite_blake2bp_finalize(blake2bp_ctx *ctx, uint32_t hashlen, uint8_t *out)
{
_cryptonite_blake2bp_final(ctx, out, hashlen / 8);
blake2bp_final(ctx, out, hashlen / 8);
}

6
cbits/cryptonite_blake2s.c
View File

@ -2,15 +2,15 @@
void cryptonite_blake2s_init(blake2s_ctx *ctx, uint32_t hashlen)
{
_cryptonite_blake2s_init(ctx, hashlen / 8);
blake2s_init(ctx, hashlen / 8);
}
void cryptonite_blake2s_update(blake2s_ctx *ctx, const uint8_t *data, uint32_t len)
{
_cryptonite_blake2s_update(ctx, data, len);
blake2s_update(ctx, data, len);
}
void cryptonite_blake2s_finalize(blake2s_ctx *ctx, uint32_t hashlen, uint8_t *out)
{
_cryptonite_blake2s_final(ctx, out, hashlen / 8);
blake2s_final(ctx, out, hashlen / 8);
}

6
cbits/cryptonite_blake2sp.c
View File

@ -2,15 +2,15 @@
void cryptonite_blake2sp_init(blake2sp_ctx *ctx, uint32_t hashlen)
{
_cryptonite_blake2sp_init(ctx, hashlen / 8);
blake2sp_init(ctx, hashlen / 8);
}
void cryptonite_blake2sp_update(blake2sp_ctx *ctx, const uint8_t *data, uint32_t len)
{
_cryptonite_blake2sp_update(ctx, data, len);
blake2sp_update(ctx, data, len);
}
void cryptonite_blake2sp_finalize(blake2sp_ctx *ctx, uint32_t hashlen, uint8_t *out)
{
_cryptonite_blake2sp_final(ctx, out, hashlen / 8);
blake2sp_final(ctx, out, hashlen / 8);
}

90
cbits/cryptonite_hash_prefix.c
View File

@ -1,90 +0,0 @@
/*
* Copyright (C) 2020 Olivier Chéron <olivier.cheron@gmail.com>
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <cryptonite_hash_prefix.h>
void CRYPTONITE_HASHED(finalize_prefix)(struct HASHED_LOWER(ctx) *ctx, const uint8_t *data, uint32_t len, uint32_t n, uint8_t *out)
{
uint64_t bits[HASHED(BITS_ELEMS)];
uint8_t *p = (uint8_t *) &bits;
uint32_t index, padidx, padlen, pos, out_mask;
static const uint32_t cut_off = HASHED(BLOCK_SIZE) - sizeof(bits);
/* Make sure n <= len */
n += (len - n) & constant_time_lt(len, n);
/* Initial index, based on current context state */
index = CRYPTONITE_HASHED(get_index)(ctx);
/* Final size after n bytes */
CRYPTONITE_HASHED(incr_sz)(ctx, bits, n);
/* Padding index and length */
padidx = CRYPTONITE_HASHED(get_index)(ctx);
padlen = HASHED(BLOCK_SIZE) + cut_off - padidx;
padlen -= HASHED(BLOCK_SIZE) & constant_time_lt(padidx, cut_off);
/* Initialize buffers because we will XOR into them */
memset(ctx->buf + index, 0, HASHED(BLOCK_SIZE) - index);
memset(out, 0, HASHED(DIGEST_SIZE));
pos = 0;
/* Iterate based on the full buffer length, regardless of n, and include
* the maximum overhead with padding and size bytes
*/
while (pos < len + HASHED(BLOCK_SIZE) + sizeof(bits)) {
uint8_t b;
/* Take as many bytes from the input buffer as possible */
if (pos < len)
b = *(data++) & (uint8_t) constant_time_lt(pos, n);
else
b = 0;
/* First padding byte */
b |= 0x80 & (uint8_t) constant_time_eq(pos, n);
/* Size bytes are always at the end of a block */
if (index >= cut_off)
b |= p[index - cut_off] & (uint8_t) constant_time_ge(pos, n + padlen);
/* Store this byte into the buffer */
ctx->buf[index++] ^= b;
pos++;
/* Process a full block, at a boundary which is independent from n */
if (index >= HASHED(BLOCK_SIZE)) {
index = 0;
HASHED_LOWER(do_chunk)(ctx, (void *) ctx->buf);
memset(ctx->buf, 0, HASHED(BLOCK_SIZE));
/* Try to store the result: this is a no-op except when we reach the
* actual size based on n, more iterations may continue after that
* when len is really larger
*/
out_mask = constant_time_eq(pos, n + padlen + sizeof(bits));
CRYPTONITE_HASHED(select_digest)(ctx, out, out_mask);
}
}
}

65
cbits/cryptonite_hash_prefix.h
View File

@ -1,65 +0,0 @@
/*
* Copyright (C) 2020 Olivier Chéron <olivier.cheron@gmail.com>
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef CRYPTONITE_HASH_PREFIX_H
#define CRYPTONITE_HASH_PREFIX_H
#include <stdint.h>
static inline uint32_t constant_time_msb(uint32_t a)
{
return 0 - (a >> 31);
}
static inline uint32_t constant_time_lt(uint32_t a, uint32_t b)
{
return constant_time_msb(a ^ ((a ^ b) | ((a - b) ^ b)));
}
static inline uint32_t constant_time_ge(uint32_t a, uint32_t b)
{
return ~constant_time_lt(a, b);
}
static inline uint32_t constant_time_is_zero(uint32_t a)
{
return constant_time_msb(~a & (a - 1));
}
static inline uint32_t constant_time_eq(uint32_t a, uint32_t b)
{
return constant_time_is_zero(a ^ b);
}
static inline uint64_t constant_time_msb_64(uint64_t a)
{
return 0 - (a >> 63);
}
static inline uint64_t constant_time_lt_64(uint64_t a, uint64_t b)
{
return constant_time_msb_64(a ^ ((a ^ b) | ((a - b) ^ b)));
}
#endif

27
cbits/cryptonite_md5.c
View File

@ -185,30 +185,3 @@ void cryptonite_md5_finalize(struct md5_ctx *ctx, uint8_t *out)
store_le32(out+ 8, ctx->h[2]);
store_le32(out+12, ctx->h[3]);
}
#define HASHED(m) MD5_##m
#define HASHED_LOWER(m) md5_##m
#define CRYPTONITE_HASHED(m) cryptonite_md5_##m
#define MD5_BLOCK_SIZE 64
#define MD5_BITS_ELEMS 1
static inline uint32_t cryptonite_md5_get_index(const struct md5_ctx *ctx)
{
return (uint32_t) (ctx->sz & 0x3f);
}
static inline void cryptonite_md5_incr_sz(struct md5_ctx *ctx, uint64_t *bits, uint32_t n)
{
ctx->sz += n;
*bits = cpu_to_le64(ctx->sz << 3);
}
static inline void cryptonite_md5_select_digest(const struct md5_ctx *ctx, uint8_t *out, uint32_t out_mask)
{
xor_le32(out , ctx->h[0] & out_mask);
xor_le32(out+ 4, ctx->h[1] & out_mask);
xor_le32(out+ 8, ctx->h[2] & out_mask);
xor_le32(out+12, ctx->h[3] & out_mask);
}
#include <cryptonite_hash_prefix.c>

1
cbits/cryptonite_md5.h
View File

@ -39,6 +39,5 @@ struct md5_ctx
void cryptonite_md5_init(struct md5_ctx *ctx);
void cryptonite_md5_update(struct md5_ctx *ctx, const uint8_t *data, uint32_t len);
void cryptonite_md5_finalize(struct md5_ctx *ctx, uint8_t *out);
void cryptonite_md5_finalize_prefix(struct md5_ctx *ctx, const uint8_t *data, uint32_t len, uint32_t n, uint8_t *out);
#endif

28
cbits/cryptonite_sha1.c
View File

@ -216,31 +216,3 @@ void cryptonite_sha1_finalize(struct sha1_ctx *ctx, uint8_t *out)
store_be32(out+12, ctx->h[3]);
store_be32(out+16, ctx->h[4]);
}
#define HASHED(m) SHA1_##m
#define HASHED_LOWER(m) sha1_##m
#define CRYPTONITE_HASHED(m) cryptonite_sha1_##m
#define SHA1_BLOCK_SIZE 64
#define SHA1_BITS_ELEMS 1
static inline uint32_t cryptonite_sha1_get_index(const struct sha1_ctx *ctx)
{
return (uint32_t) (ctx->sz & 0x3f);
}
static inline void cryptonite_sha1_incr_sz(struct sha1_ctx *ctx, uint64_t *bits, uint32_t n)
{
ctx->sz += n;
*bits = cpu_to_be64(ctx->sz << 3);
}
static inline void cryptonite_sha1_select_digest(const struct sha1_ctx *ctx, uint8_t *out, uint32_t out_mask)
{
xor_be32(out , ctx->h[0] & out_mask);
xor_be32(out+ 4, ctx->h[1] & out_mask);
xor_be32(out+ 8, ctx->h[2] & out_mask);
xor_be32(out+12, ctx->h[3] & out_mask);
xor_be32(out+16, ctx->h[4] & out_mask);
}
#include <cryptonite_hash_prefix.c>

1
cbits/cryptonite_sha1.h
View File

@ -41,6 +41,5 @@ struct sha1_ctx
void cryptonite_sha1_init(struct sha1_ctx *ctx);
void cryptonite_sha1_update(struct sha1_ctx *ctx, const uint8_t *data, uint32_t len);
void cryptonite_sha1_finalize(struct sha1_ctx *ctx, uint8_t *out);
void cryptonite_sha1_finalize_prefix(struct sha1_ctx *ctx, const uint8_t *data, uint32_t len, uint32_t n, uint8_t *out);
#endif

34
cbits/cryptonite_sha256.c
View File

@ -161,14 +161,6 @@ void cryptonite_sha224_finalize(struct sha224_ctx *ctx, uint8_t *out)
memcpy(out, intermediate, SHA224_DIGEST_SIZE);
}
void cryptonite_sha224_finalize_prefix(struct sha224_ctx *ctx, const uint8_t *data, uint32_t len, uint32_t n, uint8_t *out)
{
uint8_t intermediate[SHA256_DIGEST_SIZE];
cryptonite_sha256_finalize_prefix(ctx, data, len, n, intermediate);
memcpy(out, intermediate, SHA224_DIGEST_SIZE);
}
void cryptonite_sha256_finalize(struct sha256_ctx *ctx, uint8_t *out)
{
static uint8_t padding[64] = { 0x80, };
@ -190,29 +182,3 @@ void cryptonite_sha256_finalize(struct sha256_ctx *ctx, uint8_t *out)
for (i = 0; i < 8; i++)
store_be32(out+4*i, ctx->h[i]);
}
#define HASHED(m) SHA256_##m
#define HASHED_LOWER(m) sha256_##m
#define CRYPTONITE_HASHED(m) cryptonite_sha256_##m
#define SHA256_BLOCK_SIZE 64
#define SHA256_BITS_ELEMS 1
static inline uint32_t cryptonite_sha256_get_index(const struct sha256_ctx *ctx)
{
return (uint32_t) (ctx->sz & 0x3f);
}
static inline void cryptonite_sha256_incr_sz(struct sha256_ctx *ctx, uint64_t *bits, uint32_t n)
{
ctx->sz += n;
*bits = cpu_to_be64(ctx->sz << 3);
}
static inline void cryptonite_sha256_select_digest(const struct sha256_ctx *ctx, uint8_t *out, uint32_t out_mask)
{
uint32_t i;
for (i = 0; i < 8; i++)
xor_be32(out+4*i, ctx->h[i] & out_mask);
}
#include <cryptonite_hash_prefix.c>

2
cbits/cryptonite_sha256.h
View File

@ -47,11 +47,9 @@ struct sha256_ctx
void cryptonite_sha224_init(struct sha224_ctx *ctx);
void cryptonite_sha224_update(struct sha224_ctx *ctx, const uint8_t *data, uint32_t len);
void cryptonite_sha224_finalize(struct sha224_ctx *ctx, uint8_t *out);
void cryptonite_sha224_finalize_prefix(struct sha224_ctx *ctx, const uint8_t *data, uint32_t len, uint32_t n, uint8_t *out);
void cryptonite_sha256_init(struct sha256_ctx *ctx);
void cryptonite_sha256_update(struct sha256_ctx *ctx, const uint8_t *data, uint32_t len);
void cryptonite_sha256_finalize(struct sha256_ctx *ctx, uint8_t *out);
void cryptonite_sha256_finalize_prefix(struct sha256_ctx *ctx, const uint8_t *data, uint32_t len, uint32_t n, uint8_t *out);
#endif

36
cbits/cryptonite_sha3.c
View File

@ -121,14 +121,14 @@ void cryptonite_sha3_update(struct sha3_ctx *ctx, const uint8_t *data, uint32_t
to_fill = ctx->bufsz - ctx->bufindex;
if (ctx->bufindex == ctx->bufsz) {
sha3_do_chunk(ctx->state, ctx->bufwords, ctx->bufsz / 8);
sha3_do_chunk(ctx->state, (uint64_t *) ctx->buf, ctx->bufsz / 8);
ctx->bufindex = 0;
}
/* process partial buffer if there's enough data to make a block */
if (ctx->bufindex && len >= to_fill) {
memcpy(ctx->buf + ctx->bufindex, data, to_fill);
sha3_do_chunk(ctx->state, ctx->bufwords, ctx->bufsz / 8);
sha3_do_chunk(ctx->state, (uint64_t *) ctx->buf, ctx->bufsz / 8);
len -= to_fill;
data += to_fill;
ctx->bufindex = 0;
@ -159,7 +159,7 @@ void cryptonite_sha3_finalize_with_pad_byte(struct sha3_ctx *ctx, uint8_t pad_by
{
/* process full buffer if needed */
if (ctx->bufindex == ctx->bufsz) {
sha3_do_chunk(ctx->state, ctx->bufwords, ctx->bufsz / 8);
sha3_do_chunk(ctx->state, (uint64_t *) ctx->buf, ctx->bufsz / 8);
ctx->bufindex = 0;
}
@ -169,7 +169,7 @@ void cryptonite_sha3_finalize_with_pad_byte(struct sha3_ctx *ctx, uint8_t pad_by
ctx->buf[ctx->bufsz - 1] |= 0x80;
/* process */
sha3_do_chunk(ctx->state, ctx->bufwords, ctx->bufsz / 8);
sha3_do_chunk(ctx->state, (uint64_t *) ctx->buf, ctx->bufsz / 8);
ctx->bufindex = 0;
}
@ -250,31 +250,3 @@ void cryptonite_keccak_finalize(struct sha3_ctx *ctx, uint32_t hashlen, uint8_t
cryptonite_sha3_finalize_with_pad_byte(ctx, 1);
cryptonite_sha3_output(ctx, out, hashlen / 8);
}
void cryptonite_sha3_ctx_to_be(struct sha3_ctx *ctx, uint8_t *out)
{
void *ptr = out;
const uint32_t bufindex_be = cpu_to_be32(ctx->bufindex);
memcpy(ptr, &bufindex_be, sizeof(uint32_t));
ptr += sizeof(uint32_t);
const uint32_t bufsz_be = cpu_to_be32(ctx->bufsz);
memcpy(ptr, &bufsz_be, sizeof(uint32_t));
ptr += sizeof(uint32_t);
cpu_to_be64_array((uint64_t *) ptr, ctx->state, 25);
ptr += 25 * sizeof(uint64_t);
cpu_to_be64_array((uint64_t *) ptr, ctx->bufwords, ctx->bufsz / sizeof(uint64_t));
}
void cryptonite_sha3_be_to_ctx(uint8_t *in, struct sha3_ctx *ctx)
{
const uint32_t bufindex_cpu = be32_to_cpu(* (uint32_t *) in);
memcpy(&ctx->bufindex, &bufindex_cpu, sizeof(uint32_t));
in += sizeof(uint32_t);
const uint32_t bufsz_cpu = be32_to_cpu(* (uint32_t *) in);
memcpy(&ctx->bufsz, &bufsz_cpu, sizeof(uint32_t));
in += sizeof(uint32_t);
be64_to_cpu_array(ctx->state, (uint64_t *) in, 25);
in += 25 * sizeof(uint64_t);
be64_to_cpu_array(ctx->bufwords, (uint64_t *) in, ctx->bufsz / sizeof(uint64_t));
}

10
cbits/cryptonite_sha3.h
View File

@ -29,12 +29,9 @@
struct sha3_ctx
{
uint32_t bufindex;
uint32_t bufsz; /* size of buf, i.e. in bytes */
uint32_t bufsz;
uint64_t state[25];
union { /* maximum SHAKE128 is 168 bytes, otherwise buffer can be decreased */
uint8_t buf[0];
uint64_t bufwords[0];
};
uint8_t buf[0]; /* maximum SHAKE128 is 168 bytes, otherwise buffer can be decreased */
};
#define SHA3_CTX_SIZE sizeof(struct sha3_ctx)
@ -67,7 +64,4 @@ void cryptonite_keccak_init(struct sha3_ctx *ctx, uint32_t hashlen);
void cryptonite_keccak_update(struct sha3_ctx *ctx, uint8_t *data, uint32_t len);
void cryptonite_keccak_finalize(struct sha3_ctx *ctx, uint32_t hashlen, uint8_t *out);
void cryptonite_sha3_ctx_to_be(struct sha3_ctx *ctx, uint8_t *out);
void cryptonite_sha3_be_to_ctx(uint8_t *in, struct sha3_ctx *ctx);
#endif

40
cbits/cryptonite_sha512.c
View File

@ -180,14 +180,6 @@ void cryptonite_sha384_finalize(struct sha384_ctx *ctx, uint8_t *out)
memcpy(out, intermediate, SHA384_DIGEST_SIZE);
}
void cryptonite_sha384_finalize_prefix(struct sha384_ctx *ctx, const uint8_t *data, uint32_t len, uint32_t n, uint8_t *out)
{
uint8_t intermediate[SHA512_DIGEST_SIZE];
cryptonite_sha512_finalize_prefix(ctx, data, len, n, intermediate);
memcpy(out, intermediate, SHA384_DIGEST_SIZE);
}
void cryptonite_sha512_finalize(struct sha512_ctx *ctx, uint8_t *out)
{
static uint8_t padding[128] = { 0x80, };
@ -211,38 +203,6 @@ void cryptonite_sha512_finalize(struct sha512_ctx *ctx, uint8_t *out)
store_be64(out+8*i, ctx->h[i]);
}
#define HASHED(m) SHA512_##m
#define HASHED_LOWER(m) sha512_##m
#define CRYPTONITE_HASHED(m) cryptonite_sha512_##m
#define SHA512_BLOCK_SIZE 128
#define SHA512_BITS_ELEMS 2
#include <cryptonite_hash_prefix.h>
static inline uint32_t cryptonite_sha512_get_index(const struct sha512_ctx *ctx)
{
return (uint32_t) (ctx->sz[0] & 0x7f);
}
static inline void cryptonite_sha512_incr_sz(struct sha512_ctx *ctx, uint64_t *bits, uint32_t n)
{
ctx->sz[0] += n;
ctx->sz[1] += 1 & constant_time_lt_64(ctx->sz[0], n);
bits[0] = cpu_to_be64((ctx->sz[1] << 3 | ctx->sz[0] >> 61));
bits[1] = cpu_to_be64((ctx->sz[0] << 3));
}
static inline void cryptonite_sha512_select_digest(const struct sha512_ctx *ctx, uint8_t *out, uint32_t out_mask)
{
uint32_t i;
uint64_t out_mask_64 = out_mask;
out_mask_64 |= out_mask_64 << 32;
for (i = 0; i < 8; i++)
xor_be64(out+8*i, ctx->h[i] & out_mask_64);
}
#include <cryptonite_hash_prefix.c>
#include <stdio.h>
void cryptonite_sha512t_init(struct sha512_ctx *ctx, uint32_t hashlen)

2
cbits/cryptonite_sha512.h
View File

@ -46,12 +46,10 @@ struct sha512_ctx
void cryptonite_sha384_init(struct sha384_ctx *ctx);
void cryptonite_sha384_update(struct sha384_ctx *ctx, const uint8_t *data, uint32_t len);
void cryptonite_sha384_finalize(struct sha384_ctx *ctx, uint8_t *out);
void cryptonite_sha384_finalize_prefix(struct sha384_ctx *ctx, const uint8_t *data, uint32_t len, uint32_t n, uint8_t *out);
void cryptonite_sha512_init(struct sha512_ctx *ctx);
void cryptonite_sha512_update(struct sha512_ctx *ctx, const uint8_t *data, uint32_t len);
void cryptonite_sha512_finalize(struct sha512_ctx *ctx, uint8_t *out);
void cryptonite_sha512_finalize_prefix(struct sha512_ctx *ctx, const uint8_t *data, uint32_t len, uint32_t n, uint8_t *out);
/* only multiples of 8 are supported as valid t values */
void cryptonite_sha512t_init(struct sha512_ctx *ctx, uint32_t hashlen);

11
cryptonite.cabal
View File

@ -1,5 +1,5 @@
Name: cryptonite
version: 0.30
version: 0.27
Synopsis: Cryptography Primitives sink
Description:
A repository of cryptographic primitives.
@ -36,7 +36,7 @@ Build-Type: Simple
Homepage: https://github.com/haskell-crypto/cryptonite
Bug-reports: https://github.com/haskell-crypto/cryptonite/issues
Cabal-Version: 1.18
tested-with: GHC==9.2.2, GHC==9.0.2, GHC==8.10.7, GHC==8.8.4
tested-with: GHC==8.8.2, GHC==8.6.5, GHC==8.4.4, GHC==8.2.2, GHC==8.0.2
extra-doc-files: README.md CHANGELOG.md
extra-source-files: cbits/*.h
cbits/aes/*.h
@ -57,7 +57,6 @@ extra-source-files: cbits/*.h
cbits/argon2/*.h
cbits/argon2/*.c
cbits/aes/x86ni_impl.c
cbits/cryptonite_hash_prefix.c
tests/*.hs
source-repository head
@ -170,7 +169,6 @@ Library
Crypto.PubKey.ECIES
Crypto.PubKey.Ed25519
Crypto.PubKey.Ed448
Crypto.PubKey.EdDSA
Crypto.PubKey.RSA
Crypto.PubKey.RSA.PKCS15
Crypto.PubKey.RSA.Prim
@ -236,7 +234,6 @@ Library
Crypto.PubKey.ElGamal
Crypto.ECC.Simple.Types
Crypto.ECC.Simple.Prim
Crypto.Internal.Builder
Crypto.Internal.ByteArray
Crypto.Internal.Compat
Crypto.Internal.CompatPrim
@ -245,7 +242,7 @@ Library
Crypto.Internal.Nat
Crypto.Internal.Words
Crypto.Internal.WordArray
if impl(ghc < 8.8)
if impl(ghc < 8.0)
Buildable: False
else
Build-depends: base
@ -412,7 +409,6 @@ Test-Suite test-cryptonite
ECC.Edwards25519
ECDSA
Hash
ResumableHash
Imports
KAT_AES.KATCBC
KAT_AES.KATECB
@ -432,7 +428,6 @@ Test-Suite test-cryptonite
KAT_DES
KAT_Ed25519
KAT_Ed448
KAT_EdDSA
KAT_CMAC
KAT_HKDF
KAT_HMAC

44
flake.lock
View File

@ -1,44 +0,0 @@
{
"nodes": {
"flake-utils": {
"locked": {
"lastModified": 1619345332,
"narHash": "sha256-qHnQkEp1uklKTpx3MvKtY6xzgcqXDsz5nLilbbuL+3A=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "2ebf2558e5bf978c7fb8ea927dfaed8fefab2e28",
"type": "github"
},
"original": {
"owner": "numtide",
"ref": "master",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1620323686,
"narHash": "sha256-+gfcE3YTGl+Osc8HzOUXSFO8/0PAK4J8ZxCXZ4hjXHI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dfacb8329b2236688b9a1e705116203a213b283a",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

30
flake.nix
View File

@ -1,30 +0,0 @@
{
inputs = {
nixpkgs = {
type = "github";
owner = "NixOS";
repo = "nixpkgs";
ref = "master";
};
flake-utils = {
type = "github";
owner = "numtide";
repo = "flake-utils";
ref = "master";
};
};
outputs = { self, nixpkgs, flake-utils, ... }: flake-utils.lib.eachDefaultSystem
(system:
let pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
};
in {
devShell = pkgs.mkShell {
name = "uni2work-cryptonite";
nativeBuildInputs = with pkgs.haskellPackages; [ stack ];
};
}
);
}

30
gen/Gen.hs
View File

@ -54,7 +54,6 @@ data Prop =
data HashCustom =
HashSimple Bits -- digest size in bits
Bytes -- block length in bytes
Bool -- has HashAlgorithmPrefix instance?
| HashMulti [Prop] [(Bits, Bytes)] -- list of (digest output size in *bits*, block size in bytes)
hashModules =
@ -63,22 +62,22 @@ hashModules =
, GenHashModule "Blake2sp" "blake2.h" "blake2sp" 1752 (HashMulti [] [(224,64), (256,64)])
, GenHashModule "Blake2b" "blake2.h" "blake2b" 248 (HashMulti [] [(160, 128), (224, 128), (256, 128), (384, 128), (512,128)])
, GenHashModule "Blake2bp" "blake2.h" "blake2bp" 1768 (HashMulti [] [(512,128)])
, GenHashModule "MD2" "md2.h" "md2" 96 (HashSimple 128 16 False)
, GenHashModule "MD4" "md4.h" "md4" 96 (HashSimple 128 64 False)
, GenHashModule "MD5" "md5.h" "md5" 96 (HashSimple 128 64 True)
, GenHashModule "SHA1" "sha1.h" "sha1" 96 (HashSimple 160 64 True)
, GenHashModule "SHA224" "sha256.h" "sha224" 192 (HashSimple 224 64 True)
, GenHashModule "SHA256" "sha256.h" "sha256" 192 (HashSimple 256 64 True)
, GenHashModule "SHA384" "sha512.h" "sha384" 256 (HashSimple 384 128 True)
, GenHashModule "SHA512" "sha512.h" "sha512" 256 (HashSimple 512 128 True)
, GenHashModule "MD2" "md2.h" "md2" 96 (HashSimple 128 16)
, GenHashModule "MD4" "md4.h" "md4" 96 (HashSimple 128 64)
, GenHashModule "MD5" "md5.h" "md5" 96 (HashSimple 128 64)
, GenHashModule "SHA1" "sha1.h" "sha1" 96 (HashSimple 160 64)
, GenHashModule "SHA224" "sha256.h" "sha224" 192 (HashSimple 224 64)
, GenHashModule "SHA256" "sha256.h" "sha256" 192 (HashSimple 256 64)
, GenHashModule "SHA384" "sha512.h" "sha384" 256 (HashSimple 384 128)
, GenHashModule "SHA512" "sha512.h" "sha512" 256 (HashSimple 512 128)
, GenHashModule "SHA512t" "sha512.h" "sha512t" 256 (HashMulti [] [(224,128),(256,128)])
, GenHashModule "Keccak" "keccak.h" "keccak" 352 (HashMulti [VarCtx sha3CtxSize] [(224,144),(256,136),(384,104),(512,72)])
, GenHashModule "SHA3" "sha3.h" "sha3" 352 (HashMulti [VarCtx sha3CtxSize] [(224,144),(256,136),(384,104),(512,72)])
, GenHashModule "RIPEMD160" "ripemd.h" "ripemd160" 128 (HashSimple 160 64 False)
, GenHashModule "RIPEMD160" "ripemd.h" "ripemd160" 128 (HashSimple 160 64)
, GenHashModule "Skein256" "skein256.h" "skein256" 96 (HashMulti [] [(224,32),(256,32)])
, GenHashModule "Skein512" "skein512.h" "skein512" 160 (HashMulti [] [(224,64),(256,64),(384,64),(512,64)])
, GenHashModule "Tiger" "tiger.h" "tiger" 96 (HashSimple 192 64 False)
, GenHashModule "Whirlpool" "whirlpool.h" "whirlpool" 168 (HashSimple 512 64 False)
, GenHashModule "Tiger" "tiger.h" "tiger" 96 (HashSimple 192 64)
, GenHashModule "Whirlpool" "whirlpool.h" "whirlpool" 168 (HashSimple 512 64)
]
sha3CtxSize :: Bits -> Bytes
@ -106,16 +105,13 @@ renderHashModules genOpts = do
let (tpl, addVars, multiVars) =
case ghmCustomizable ghm of
HashSimple digestSize blockLength hasPrefixInstance ->
HashSimple digestSize blockLength ->
(hashTemplate,
[ ("DIGEST_SIZE_BITS" , showBits digestSize)
, ("DIGEST_SIZE_BYTES", showBytes digestSize)
, ("BLOCK_SIZE_BYTES" , showBytes blockLength)
],
[ ("HASPREFIXINSTANCE",
[[] | hasPrefixInstance]
)
]
, []
)
HashMulti props customSizes ->
let customCtxSize =

2
gen/Template.hs
View File

@ -45,7 +45,7 @@ renderTemplate template attrs multiAttrs =
renderAtom (Tpl n t) =
case lookup n multiAttrs of
Nothing -> error ("cannot find inner template attributes for: " ++ n)
Just [] -> ""
Just [] -> error ("empty multiattrs for: " ++ n)
Just (i:is) ->
renderTemplate t (i ++ attrs) [] ++
concatMap (\inAttrs -> renderTemplate t (inAttrs ++ attrs ++ [("COMMA", ",")]) []) is

10
gen/template/hash.hs
View File

@ -32,10 +32,7 @@ instance HashAlgorithm %%MODULENAME%% where
hashInternalContextSize _ = %%CTX_SIZE_BYTES%%
hashInternalInit = c_%%HASHNAME%%_init
hashInternalUpdate = c_%%HASHNAME%%_update
hashInternalFinalize = c_%%HASHNAME%%_finalize%{HASPREFIXINSTANCE%}
instance HashAlgorithmPrefix %%MODULENAME%% where
hashInternalFinalizePrefix = c_%%HASHNAME%%_finalize_prefix%{HASPREFIXINSTANCE%}
hashInternalFinalize = c_%%HASHNAME%%_finalize
foreign import ccall unsafe "cryptonite_%%HASHNAME%%_init"
c_%%HASHNAME%%_init :: Ptr (Context a)-> IO ()
@ -44,7 +41,4 @@ foreign import ccall "cryptonite_%%HASHNAME%%_update"
c_%%HASHNAME%%_update :: Ptr (Context a) -> Ptr Word8 -> Word32 -> IO ()
foreign import ccall unsafe "cryptonite_%%HASHNAME%%_finalize"
c_%%HASHNAME%%_finalize :: Ptr (Context a) -> Ptr (Digest a) -> IO ()%{HASPREFIXINSTANCE%}
foreign import ccall "cryptonite_%%HASHNAME%%_finalize_prefix"
c_%%HASHNAME%%_finalize_prefix :: Ptr (Context a) -> Ptr Word8 -> Word32 -> Word32 -> Ptr (Digest a) -> IO ()%{HASPREFIXINSTANCE%}
c_%%HASHNAME%%_finalize :: Ptr (Context a) -> Ptr (Digest a) -> IO ()

3
stack.yaml
View File

@ -1,2 +1,3 @@
# ~*~ auto-generated by haskell-ci with config : 4fdddfa41dd039e198b8d125a70471f7dd140fa01001d99126af56fb31429ece ~*~
{ resolver: nightly-2022-03-12, packages: [ '.' ], extra-deps: [ memory-0.17.0 ], flags: {} }
{ resolver: lts-14.27, packages: [ '.' ], extra-deps: [], flags: {} }

33
tests/Hash.hs
View File

@ -221,24 +221,6 @@ runhashinc :: HashAlg -> [ByteString] -> ByteString
runhashinc (HashAlg hashAlg) v = B.convertToBase B.Base16 $ hashinc $ v
where hashinc = hashFinalize . foldl hashUpdate (hashInitWith hashAlg)
data HashPrefixAlg = forall alg . HashAlgorithmPrefix alg => HashPrefixAlg alg
expectedPrefix :: [ (String, HashPrefixAlg) ]
expectedPrefix =
[ ("MD5", HashPrefixAlg MD5)
, ("SHA1", HashPrefixAlg SHA1)
, ("SHA224", HashPrefixAlg SHA224)
, ("SHA256", HashPrefixAlg SHA256)
, ("SHA384", HashPrefixAlg SHA384)
, ("SHA512", HashPrefixAlg SHA512)
]
runhashpfx :: HashPrefixAlg -> ByteString -> ByteString
runhashpfx (HashPrefixAlg hashAlg) v = B.convertToBase B.Base16 $ hashWith hashAlg v
runhashpfxpfx :: HashPrefixAlg -> ByteString -> Int -> ByteString
runhashpfxpfx (HashPrefixAlg hashAlg) v len = B.convertToBase B.Base16 $ hashPrefixWith hashAlg v len
makeTestAlg (name, hashAlg, results) =
testGroup name $ concatMap maketest (zip3 is vectors results)
where
@ -254,19 +236,6 @@ makeTestChunk (hashName, hashAlg, _) =
runhash hashAlg inp `propertyEq` runhashinc hashAlg (chunkS ckLen inp)
]
makeTestPrefix (hashName, hashAlg) =
[ testProperty hashName $ \(ArbitraryBS0_2901 inp) (Int0_2901 len) ->
runhashpfx hashAlg (B.take len inp) `propertyEq` runhashpfxpfx hashAlg inp len
]
makeTestHybrid (hashName, HashPrefixAlg alg) =
[ testProperty hashName $ \(ArbitraryBS0_2901 start) (ArbitraryBS0_2901 end) -> do
len <- choose (0, B.length end)
let ref = hashWith alg (start `B.append` B.take len end)
hyb = hashFinalizePrefix (hashUpdate (hashInitWith alg) start) end len
return (ref `propertyEq` hyb)
]
-- SHAKE128 truncation example with expected byte at final position
-- <https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/ShakeTruncation.pdf>
shake128TruncationBytes = [0x01, 0x03, 0x07, 0x0f, 0x0f, 0x2f, 0x6f, 0x6f]
@ -284,8 +253,6 @@ makeTestSHAKE128Truncation i byte =
tests = testGroup "hash"
[ testGroup "KATs" (map makeTestAlg expected)
, testGroup "Chunking" (concatMap makeTestChunk expected)
, testGroup "Prefix" (concatMap makeTestPrefix expectedPrefix)
, testGroup "Hybrid" (concatMap makeTestHybrid expectedPrefix)
, testGroup "Truncating"
[ testGroup "SHAKE128"
(zipWith makeTestSHAKE128Truncation [1..] shake128TruncationBytes)

131
tests/KAT_EdDSA.hs
View File

@ -1,131 +0,0 @@
{-# LANGUAGE BangPatterns #-}
{-# LANGUAGE ExistentialQuantification #-}
{-# LANGUAGE GADTs #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
module KAT_EdDSA ( tests ) where
import Crypto.Error
import Crypto.ECC
import Crypto.Hash.Algorithms
import Crypto.Hash.IO
import qualified Crypto.PubKey.EdDSA as EdDSA
import Imports
data Vec = forall curve hash .
( EdDSA.EllipticCurveEdDSA curve
, HashAlgorithm hash
, HashDigestSize hash ~ EdDSA.CurveDigestSize curve
) => Vec
{ vecPrx :: Maybe curve
, vecAlg :: hash
, vecSec :: ByteString
, vecPub :: ByteString
, vecMsg :: ByteString
, vecSig :: ByteString
}
vectors =
[ Vec
{ vecPrx = Just Curve_Edwards25519
, vecAlg = SHA512
, vecSec = "\x9d\x61\xb1\x9d\xef\xfd\x5a\x60\xba\x84\x4a\xf4\x92\xec\x2c\xc4\x44\x49\xc5\x69\x7b\x32\x69\x19\x70\x3b\xac\x03\x1c\xae\x7f\x60"
, vecPub = "\xd7\x5a\x98\x01\x82\xb1\x0a\xb7\xd5\x4b\xfe\xd3\xc9\x64\x07\x3a\x0e\xe1\x72\xf3\xda\xa6\x23\x25\xaf\x02\x1a\x68\xf7\x07\x51\x1a"
, vecMsg = ""
, vecSig = "\xe5\x56\x43\x00\xc3\x60\xac\x72\x90\x86\xe2\xcc\x80\x6e\x82\x8a\x84\x87\x7f\x1e\xb8\xe5\xd9\x74\xd8\x73\xe0\x65\x22\x49\x01\x55\x5f\xb8\x82\x15\x90\xa3\x3b\xac\xc6\x1e\x39\x70\x1c\xf9\xb4\x6b\xd2\x5b\xf5\xf0\x59\x5b\xbe\x24\x65\x51\x41\x43\x8e\x7a\x10\x0b"
}
, Vec
{ vecPrx = Just Curve_Edwards25519
, vecAlg = SHA512
, vecSec = "\x4c\xcd\x08\x9b\x28\xff\x96\xda\x9d\xb6\xc3\x46\xec\x11\x4e\x0f\x5b\x8a\x31\x9f\x35\xab\xa6\x24\xda\x8c\xf6\xed\x4f\xb8\xa6\xfb"
, vecPub = "\x3d\x40\x17\xc3\xe8\x43\x89\x5a\x92\xb7\x0a\xa7\x4d\x1b\x7e\xbc\x9c\x98\x2c\xcf\x2e\xc4\x96\x8c\xc0\xcd\x55\xf1\x2a\xf4\x66\x0c"
, vecMsg = "\x72"
, vecSig = "\x92\xa0\x09\xa9\xf0\xd4\xca\xb8\x72\x0e\x82\x0b\x5f\x64\x25\x40\xa2\xb2\x7b\x54\x16\x50\x3f\x8f\xb3\x76\x22\x23\xeb\xdb\x69\xda\x08\x5a\xc1\xe4\x3e\x15\x99\x6e\x45\x8f\x36\x13\xd0\xf1\x1d\x8c\x38\x7b\x2e\xae\xb4\x30\x2a\xee\xb0\x0d\x29\x16\x12\xbb\x0c\x00"
}
, Vec
{ vecPrx = Just Curve_Edwards25519
, vecAlg = SHA512
, vecSec = "\xc5\xaa\x8d\xf4\x3f\x9f\x83\x7b\xed\xb7\x44\x2f\x31\xdc\xb7\xb1\x66\xd3\x85\x35\x07\x6f\x09\x4b\x85\xce\x3a\x2e\x0b\x44\x58\xf7"
, vecPub = "\xfc\x51\xcd\x8e\x62\x18\xa1\xa3\x8d\xa4\x7e\xd0\x02\x30\xf0\x58\x08\x16\xed\x13\xba\x33\x03\xac\x5d\xeb\x91\x15\x48\x90\x80\x25"
, vecMsg = "\xaf\x82"
, vecSig = "\x62\x91\xd6\x57\xde\xec\x24\x02\x48\x27\xe6\x9c\x3a\xbe\x01\xa3\x0c\xe5\x48\xa2\x84\x74\x3a\x44\x5e\x36\x80\xd7\xdb\x5a\xc3\xac\x18\xff\x9b\x53\x8d\x16\xf2\x90\xae\x67\xf7\x60\x98\x4d\xc6\x59\x4a\x7c\x15\xe9\x71\x6e\xd2\x8d\xc0\x27\xbe\xce\xea\x1e\xc4\x0a"
}
, Vec
{ vecPrx = Just Curve_Edwards25519
, vecAlg = SHA512
, vecSec = "\xf5\xe5\x76\x7c\xf1\x53\x31\x95\x17\x63\x0f\x22\x68\x76\xb8\x6c\x81\x60\xcc\x58\x3b\xc0\x13\x74\x4c\x6b\xf2\x55\xf5\xcc\x0e\xe5"
, vecPub = "\x27\x81\x17\xfc\x14\x4c\x72\x34\x0f\x67\xd0\xf2\x31\x6e\x83\x86\xce\xff\xbf\x2b\x24\x28\xc9\xc5\x1f\xef\x7c\x59\x7f\x1d\x42\x6e"
, vecMsg = "\x08\xb8\xb2\xb7\x33\x42\x42\x43\x76\x0f\xe4\x26\xa4\xb5\x49\x08\x63\x21\x10\xa6\x6c\x2f\x65\x91\xea\xbd\x33\x45\xe3\xe4\xeb\x98\xfa\x6e\x26\x4b\xf0\x9e\xfe\x12\xee\x50\xf8\xf5\x4e\x9f\x77\xb1\xe3\x55\xf6\xc5\x05\x44\xe2\x3f\xb1\x43\x3d\xdf\x73\xbe\x84\xd8\x79\xde\x7c\x00\x46\xdc\x49\x96\xd9\xe7\x73\xf4\xbc\x9e\xfe\x57\x38\x82\x9a\xdb\x26\xc8\x1b\x37\xc9\x3a\x1b\x27\x0b\x20\x32\x9d\x65\x86\x75\xfc\x6e\xa5\x34\xe0\x81\x0a\x44\x32\x82\x6b\xf5\x8c\x94\x1e\xfb\x65\xd5\x7a\x33\x8b\xbd\x2e\x26\x64\x0f\x89\xff\xbc\x1a\x85\x8e\xfc\xb8\x55\x0e\xe3\xa5\xe1\x99\x8b\xd1\x77\xe9\x3a\x73\x63\xc3\x44\xfe\x6b\x19\x9e\xe5\xd0\x2e\x82\xd5\x22\xc4\xfe\xba\x15\x45\x2f\x80\x28\x8a\x82\x1a\x57\x91\x16\xec\x6d\xad\x2b\x3b\x31\x0d\xa9\x03\x40\x1a\xa6\x21\x00\xab\x5d\x1a\x36\x55\x3e\x06\x20\x3b\x33\x89\x0c\xc9\xb8\x32\xf7\x9e\xf8\x05\x60\xcc\xb9\xa3\x9c\xe7\x67\x96\x7e\xd6\x28\xc6\xad\x57\x3c\xb1\x16\xdb\xef\xef\xd7\x54\x99\xda\x96\xbd\x68\xa8\xa9\x7b\x92\x8a\x8b\xbc\x10\x3b\x66\x21\xfc\xde\x2b\xec\xa1\x23\x1d\x20\x6b\xe6\xcd\x9e\xc7\xaf\xf6\xf6\xc9\x4f\xcd\x72\x04\xed\x34\x55\xc6\x8c\x83\xf4\xa4\x1d\xa4\xaf\x2b\x74\xef\x5c\x53\xf1\xd8\xac\x70\xbd\xcb\x7e\xd1\x85\xce\x81\xbd\x84\x35\x9d\x44\x25\x4d\x95\x62\x9e\x98\x55\xa9\x4a\x7c\x19\x58\xd1\xf8\xad\xa5\xd0\x53\x2e\xd8\xa5\xaa\x3f\xb2\xd1\x7b\xa7\x0e\xb6\x24\x8e\x59\x4e\x1a\x22\x97\xac\xbb\xb3\x9d\x50\x2f\x1a\x8c\x6e\xb6\xf1\xce\x22\xb3\xde\x1a\x1f\x40\xcc\x24\x55\x41\x19\xa8\x31\xa9\xaa\xd6\x07\x9c\xad\x88\x42\x5d\xe6\xbd\xe1\xa9\x18\x7e\xbb\x60\x92\xcf\x67\xbf\x2b\x13\xfd\x65\xf2\x70\x88\xd7\x8b\x7e\x88\x3c\x87\x59\xd2\xc4\xf5\xc6\x5a\xdb\x75\x53\x87\x8a\xd5\x75\xf9\xfa\xd8\x78\xe8\x0a\x0c\x9b\xa6\x3b\xcb\xcc\x27\x32\xe6\x94\x85\xbb\xc9\xc9\x0b\xfb\xd6\x24\x81\xd9\x08\x9b\xec\xcf\x80\xcf\xe2\xdf\x16\xa2\xcf\x65\xbd\x92\xdd\x59\x7b\x07\x07\xe0\x91\x7a\xf4\x8b\xbb\x75\xfe\xd4\x13\xd2\x38\xf5\x55\x5a\x7a\x56\x9d\x80\xc3\x41\x4a\x8d\x08\x59\xdc\x65\xa4\x61\x28\xba\xb2\x7a\xf8\x7a\x71\x31\x4f\x31\x8c\x78\x2b\x23\xeb\xfe\x80\x8b\x82\xb0\xce\x26\x40\x1d\x2e\x22\xf0\x4d\x83\xd1\x25\x5d\xc5\x1a\xdd\xd3\xb7\x5a\x2b\x1a\xe0\x78\x45\x04\xdf\x54\x3a\xf8\x96\x9b\xe3\xea\x70\x82\xff\x7f\xc9\x88\x8c\x14\x4d\xa2\xaf\x58\x42\x9e\xc9\x60\x31\xdb\xca\xd3\xda\xd9\xaf\x0d\xcb\xaa\xaf\x26\x8c\xb8\xfc\xff\xea\xd9\x4f\x3c\x7c\xa4\x95\xe0\x56\xa9\xb4\x7a\xcd\xb7\x51\xfb\x73\xe6\x66\xc6\xc6\x55\xad\xe8\x29\x72\x97\xd0\x7a\xd1\xba\x5e\x43\xf1\xbc\xa3\x23\x01\x65\x13\x39\xe2\x29\x04\xcc\x8c\x42\xf5\x8c\x30\xc0\x4a\xaf\xdb\x03\x8d\xda\x08\x47\xdd\x98\x8d\xcd\xa6\xf3\xbf\xd1\x5c\x4b\x4c\x45\x25\x00\x4a\xa0\x6e\xef\xf8\xca\x61\x78\x3a\xac\xec\x57\xfb\x3d\x1f\x92\xb0\xfe\x2f\xd1\xa8\x5f\x67\x24\x51\x7b\x65\xe6\x14\xad\x68\x08\xd6\xf6\xee\x34\xdf\xf7\x31\x0f\xdc\x82\xae\xbf\xd9\x04\xb0\x1e\x1d\xc5\x4b\x29\x27\x09\x4b\x2d\xb6\x8d\x6f\x90\x3b\x68\x40\x1a\xde\xbf\x5a\x7e\x08\xd7\x8f\xf4\xef\x5d\x63\x65\x3a\x65\x04\x0c\xf9\xbf\xd4\xac\xa7\x98\x4a\x74\xd3\x71\x45\x98\x67\x80\xfc\x0b\x16\xac\x45\x16\x49\xde\x61\x88\xa7\xdb\xdf\x19\x1f\x64\xb5\xfc\x5e\x2a\xb4\x7b\x57\xf7\xf7\x27\x6c\xd4\x19\xc1\x7a\x3c\xa8\xe1\xb9\x39\xae\x49\xe4\x88\xac\xba\x6b\x96\x56\x10\xb5\x48\x01\x09\xc8\xb1\x7b\x80\xe1\xb7\xb7\x50\xdf\xc7\x59\x8d\x5d\x50\x11\xfd\x2d\xcc\x56\x00\xa3\x2e\xf5\xb5\x2a\x1e\xcc\x82\x0e\x30\x8a\xa3\x42\x72\x1a\xac\x09\x43\xbf\x66\x86\xb6\x4b\x25\x79\x37\x65\x04\xcc\xc4\x93\xd9\x7e\x6a\xed\x3f\xb0\xf9\xcd\x71\xa4\x3d\xd4\x97\xf0\x1f\x17\xc0\xe2\xcb\x37\x97\xaa\x2a\x2f\x25\x66\x56\x16\x8e\x6c\x49\x6a\xfc\x5f\xb9\x32\x46\xf6\xb1\x11\x63\x98\xa3\x46\xf1\xa6\x41\xf3\xb0\x41\xe9\x89\xf7\x91\x4f\x90\xcc\x2c\x7f\xff\x35\x78\x76\xe5\x06\xb5\x0d\x33\x4b\xa7\x7c\x22\x5b\xc3\x07\xba\x53\x71\x52\xf3\xf1\x61\x0e\x4e\xaf\xe5\x95\xf6\xd9\xd9\x0d\x11\xfa\xa9\x33\xa1\x5e\xf1\x36\x95\x46\x86\x8a\x7f\x3a\x45\xa9\x67\x68\xd4\x0f\xd9\xd0\x34\x12\xc0\x91\xc6\x31\x5c\xf4\xfd\xe7\xcb\x68\x60\x69\x37\x38\x0d\xb2\xea\xaa\x70\x7b\x4c\x41\x85\xc3\x2e\xdd\xcd\xd3\x06\x70\x5e\x4d\xc1\xff\xc8\x72\xee\xee\x47\x5a\x64\xdf\xac\x86\xab\xa4\x1c\x06\x18\x98\x3f\x87\x41\xc5\xef\x68\xd3\xa1\x01\xe8\xa3\xb8\xca\xc6\x0c\x90\x5c\x15\xfc\x91\x08\x40\xb9\x4c\x00\xa0\xb9\xd0"
, vecSig = "\x0a\xab\x4c\x90\x05\x01\xb3\xe2\x4d\x7c\xdf\x46\x63\x32\x6a\x3a\x87\xdf\x5e\x48\x43\xb2\xcb\xdb\x67\xcb\xf6\xe4\x60\xfe\xc3\x50\xaa\x53\x71\xb1\x50\x8f\x9f\x45\x28\xec\xea\x23\xc4\x36\xd9\x4b\x5e\x8f\xcd\x4f\x68\x1e\x30\xa6\xac\x00\xa9\x70\x4a\x18\x8a\x03"
}
, Vec
{ vecPrx = Just Curve_Edwards25519
, vecAlg = SHA512
, vecSec = "\x83\x3f\xe6\x24\x09\x23\x7b\x9d\x62\xec\x77\x58\x75\x20\x91\x1e\x9a\x75\x9c\xec\x1d\x19\x75\x5b\x7d\xa9\x01\xb9\x6d\xca\x3d\x42"
, vecPub = "\xec\x17\x2b\x93\xad\x5e\x56\x3b\xf4\x93\x2c\x70\xe1\x24\x50\x34\xc3\x54\x67\xef\x2e\xfd\x4d\x64\xeb\xf8\x19\x68\x34\x67\xe2\xbf"
, vecMsg = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f\xa5\x4c\xa4\x9f"
, vecSig = "\xdc\x2a\x44\x59\xe7\x36\x96\x33\xa5\x2b\x1b\xf2\x77\x83\x9a\x00\x20\x10\x09\xa3\xef\xbf\x3e\xcb\x69\xbe\xa2\x18\x6c\x26\xb5\x89\x09\x35\x1f\xc9\xac\x90\xb3\xec\xfd\xfb\xc7\xc6\x64\x31\xe0\x30\x3d\xca\x17\x9c\x13\x8a\xc1\x7a\xd9\xbe\xf1\x17\x73\x31\xa7\x04"
}
, Vec
{ vecPrx = Just Curve_Edwards25519
, vecAlg = Blake2b_512
, vecSec = "\x9d\x61\xb1\x9d\xef\xfd\x5a\x60\xba\x84\x4a\xf4\x92\xec\x2c\xc4\x44\x49\xc5\x69\x7b\x32\x69\x19\x70\x3b\xac\x03\x1c\xae\x7f\x60"
, vecPub = "\x78\xe6\x5b\xf3\x0f\x89\x3d\x32\xfc\x57\xef\x05\x1c\x34\x1b\xde\xde\x24\x25\x44\xfc\x2a\x21\x12\xf0\xfa\x2c\x7a\xfd\xeb\xc0\x2f"
, vecMsg = ""
, vecSig = "\x99\xa5\x23\xbd\x46\x16\xc8\x16\x11\x44\xd6\xa9\x9d\x3c\x32\x40\x0c\xb4\xa3\x26\xf4\xd7\x9e\x30\x73\x40\xf6\xaf\xa1\x17\x50\xa0\x08\x5d\x7d\x84\x62\x6b\xc9\xe4\xb1\x53\xfc\x0e\x39\x6d\x15\xce\x44\xc3\x9b\xae\x45\x33\x80\x4d\xb1\xfe\x5b\x52\xf2\xb1\xb8\x05"
}
, Vec
{ vecPrx = Just Curve_Edwards25519
, vecAlg = Blake2b_512
, vecSec = "\x4c\xcd\x08\x9b\x28\xff\x96\xda\x9d\xb6\xc3\x46\xec\x11\x4e\x0f\x5b\x8a\x31\x9f\x35\xab\xa6\x24\xda\x8c\xf6\xed\x4f\xb8\xa6\xfb"
, vecPub = "\x5e\x71\x39\x2d\x91\xe6\xa5\x8f\xed\xeb\x08\x50\x36\x4f\x56\xcd\x15\x8a\x60\x44\x75\x57\xd7\x89\x03\x89\xc9\xb3\xd4\x57\x6d\x4d"
, vecMsg = "\x72"
, vecSig = "\x6d\xa7\x5e\x15\xb5\x70\x7f\x4d\xe5\xa1\x53\xc4\x8a\x5d\x83\x9f\xb8\x50\x74\xc3\x8a\xeb\x62\x85\x97\x7f\x03\xa1\x39\x77\x59\x7f\x97\x60\x69\xfd\xb9\x03\xf1\x83\x47\x4a\xaa\x5e\xd0\xcf\xe8\x78\xba\x8e\xf8\x68\xc5\xe4\x7c\xa3\xf9\x6c\xcf\xb3\xa8\x9b\x2a\x06"
}
, Vec
{ vecPrx = Just Curve_Edwards25519
, vecAlg = Blake2b_512
, vecSec = "\xc5\xaa\x8d\xf4\x3f\x9f\x83\x7b\xed\xb7\x44\x2f\x31\xdc\xb7\xb1\x66\xd3\x85\x35\x07\x6f\x09\x4b\x85\xce\x3a\x2e\x0b\x44\x58\xf7"
, vecPub = "\x8d\x53\xca\x70\xf0\xea\xb2\x3b\x91\x78\x34\x57\x85\xfc\xdb\x69\xed\x67\x23\xf8\x14\x8f\x7e\x33\x9e\x88\x65\x37\x00\xb7\x18\xda"
, vecMsg = "\xaf\x82"
, vecSig = "\x7c\xc3\xc1\x38\x52\xbd\x12\xab\xf3\xce\x4c\xa8\xca\x28\x36\xcb\xf8\x6d\xa9\x6c\x46\x34\xc5\x0d\xf3\xfb\x80\xdc\x80\x9e\x29\xdb\x0e\x10\x9c\x36\x13\x53\x40\x7c\x12\x36\xa9\x04\xf6\x36\x86\x8a\xa3\x39\x77\xa9\x9d\x3f\x84\x45\x98\xdb\x15\x38\xb4\x29\x52\x03"
}
, Vec
{ vecPrx = Just Curve_Edwards25519
, vecAlg = Blake2b_512
, vecSec = "\xf5\xe5\x76\x7c\xf1\x53\x31\x95\x17\x63\x0f\x22\x68\x76\xb8\x6c\x81\x60\xcc\x58\x3b\xc0\x13\x74\x4c\x6b\xf2\x55\xf5\xcc\x0e\xe5"
, vecPub = "\x9e\x3c\xa4\x9b\xb2\xd9\xe3\x6b\x8f\x0c\x94\x4a\x7b\x1c\x29\x26\x45\xda\x87\xce\x6f\xa6\xb4\x28\x86\xe5\xd7\xc8\x68\x33\xa7\x14"
, vecMsg = "\x08\xb8\xb2\xb7\x33\x42\x42\x43\x76\x0f\xe4\x26\xa4\xb5\x49\x08\x63\x21\x10\xa6\x6c\x2f\x65\x91\xea\xbd\x33\x45\xe3\xe4\xeb\x98\xfa\x6e\x26\x4b\xf0\x9e\xfe\x12\xee\x50\xf8\xf5\x4e\x9f\x77\xb1\xe3\x55\xf6\xc5\x05\x44\xe2\x3f\xb1\x43\x3d\xdf\x73\xbe\x84\xd8\x79\xde\x7c\x00\x46\xdc\x49\x96\xd9\xe7\x73\xf4\xbc\x9e\xfe\x57\x38\x82\x9a\xdb\x26\xc8\x1b\x37\xc9\x3a\x1b\x27\x0b\x20\x32\x9d\x65\x86\x75\xfc\x6e\xa5\x34\xe0\x81\x0a\x44\x32\x82\x6b\xf5\x8c\x94\x1e\xfb\x65\xd5\x7a\x33\x8b\xbd\x2e\x26\x64\x0f\x89\xff\xbc\x1a\x85\x8e\xfc\xb8\x55\x0e\xe3\xa5\xe1\x99\x8b\xd1\x77\xe9\x3a\x73\x63\xc3\x44\xfe\x6b\x19\x9e\xe5\xd0\x2e\x82\xd5\x22\xc4\xfe\xba\x15\x45\x2f\x80\x28\x8a\x82\x1a\x57\x91\x16\xec\x6d\xad\x2b\x3b\x31\x0d\xa9\x03\x40\x1a\xa6\x21\x00\xab\x5d\x1a\x36\x55\x3e\x06\x20\x3b\x33\x89\x0c\xc9\xb8\x32\xf7\x9e\xf8\x05\x60\xcc\xb9\xa3\x9c\xe7\x67\x96\x7e\xd6\x28\xc6\xad\x57\x3c\xb1\x16\xdb\xef\xef\xd7\x54\x99\xda\x96\xbd\x68\xa8\xa9\x7b\x92\x8a\x8b\xbc\x10\x3b\x66\x21\xfc\xde\x2b\xec\xa1\x23\x1d\x20\x6b\xe6\xcd\x9e\xc7\xaf\xf6\xf6\xc9\x4f\xcd\x72\x04\xed\x34\x55\xc6\x8c\x83\xf4\xa4\x1d\xa4\xaf\x2b\x74\xef\x5c\x53\xf1\xd8\xac\x70\xbd\xcb\x7e\xd1\x85\xce\x81\xbd\x84\x35\x9d\x44\x25\x4d\x95\x62\x9e\x98\x55\xa9\x4a\x7c\x19\x58\xd1\xf8\xad\xa5\xd0\x53\x2e\xd8\xa5\xaa\x3f\xb2\xd1\x7b\xa7\x0e\xb6\x24\x8e\x59\x4e\x1a\x22\x97\xac\xbb\xb3\x9d\x50\x2f\x1a\x8c\x6e\xb6\xf1\xce\x22\xb3\xde\x1a\x1f\x40\xcc\x24\x55\x41\x19\xa8\x31\xa9\xaa\xd6\x07\x9c\xad\x88\x42\x5d\xe6\xbd\xe1\xa9\x18\x7e\xbb\x60\x92\xcf\x67\xbf\x2b\x13\xfd\x65\xf2\x70\x88\xd7\x8b\x7e\x88\x3c\x87\x59\xd2\xc4\xf5\xc6\x5a\xdb\x75\x53\x87\x8a\xd5\x75\xf9\xfa\xd8\x78\xe8\x0a\x0c\x9b\xa6\x3b\xcb\xcc\x27\x32\xe6\x94\x85\xbb\xc9\xc9\x0b\xfb\xd6\x24\x81\xd9\x08\x9b\xec\xcf\x80\xcf\xe2\xdf\x16\xa2\xcf\x65\xbd\x92\xdd\x59\x7b\x07\x07\xe0\x91\x7a\xf4\x8b\xbb\x75\xfe\xd4\x13\xd2\x38\xf5\x55\x5a\x7a\x56\x9d\x80\xc3\x41\x4a\x8d\x08\x59\xdc\x65\xa4\x61\x28\xba\xb2\x7a\xf8\x7a\x71\x31\x4f\x31\x8c\x78\x2b\x23\xeb\xfe\x80\x8b\x82\xb0\xce\x26\x40\x1d\x2e\x22\xf0\x4d\x83\xd1\x25\x5d\xc5\x1a\xdd\xd3\xb7\x5a\x2b\x1a\xe0\x78\x45\x04\xdf\x54\x3a\xf8\x96\x9b\xe3\xea\x70\x82\xff\x7f\xc9\x88\x8c\x14\x4d\xa2\xaf\x58\x42\x9e\xc9\x60\x31\xdb\xca\xd3\xda\xd9\xaf\x0d\xcb\xaa\xaf\x26\x8c\xb8\xfc\xff\xea\xd9\x4f\x3c\x7c\xa4\x95\xe0\x56\xa9\xb4\x7a\xcd\xb7\x51\xfb\x73\xe6\x66\xc6\xc6\x55\xad\xe8\x29\x72\x97\xd0\x7a\xd1\xba\x5e\x43\xf1\xbc\xa3\x23\x01\x65\x13\x39\xe2\x29\x04\xcc\x8c\x42\xf5\x8c\x30\xc0\x4a\xaf\xdb\x03\x8d\xda\x08\x47\xdd\x98\x8d\xcd\xa6\xf3\xbf\xd1\x5c\x4b\x4c\x45\x25\x00\x4a\xa0\x6e\xef\xf8\xca\x61\x78\x3a\xac\xec\x57\xfb\x3d\x1f\x92\xb0\xfe\x2f\xd1\xa8\x5f\x67\x24\x51\x7b\x65\xe6\x14\xad\x68\x08\xd6\xf6\xee\x34\xdf\xf7\x31\x0f\xdc\x82\xae\xbf\xd9\x04\xb0\x1e\x1d\xc5\x4b\x29\x27\x09\x4b\x2d\xb6\x8d\x6f\x90\x3b\x68\x40\x1a\xde\xbf\x5a\x7e\x08\xd7\x8f\xf4\xef\x5d\x63\x65\x3a\x65\x04\x0c\xf9\xbf\xd4\xac\xa7\x98\x4a\x74\xd3\x71\x45\x98\x67\x80\xfc\x0b\x16\xac\x45\x16\x49\xde\x61\x88\xa7\xdb\xdf\x19\x1f\x64\xb5\xfc\x5e\x2a\xb4\x7b\x57\xf7\xf7\x27\x6c\xd4\x19\xc1\x7a\x3c\xa8\xe1\xb9\x39\xae\x49\xe4\x88\xac\xba\x6b\x96\x56\x10\xb5\x48\x01\x09\xc8\xb1\x7b\x80\xe1\xb7\xb7\x50\xdf\xc7\x59\x8d\x5d\x50\x11\xfd\x2d\xcc\x56\x00\xa3\x2e\xf5\xb5\x2a\x1e\xcc\x82\x0e\x30\x8a\xa3\x42\x72\x1a\xac\x09\x43\xbf\x66\x86\xb6\x4b\x25\x79\x37\x65\x04\xcc\xc4\x93\xd9\x7e\x6a\xed\x3f\xb0\xf9\xcd\x71\xa4\x3d\xd4\x97\xf0\x1f\x17\xc0\xe2\xcb\x37\x97\xaa\x2a\x2f\x25\x66\x56\x16\x8e\x6c\x49\x6a\xfc\x5f\xb9\x32\x46\xf6\xb1\x11\x63\x98\xa3\x46\xf1\xa6\x41\xf3\xb0\x41\xe9\x89\xf7\x91\x4f\x90\xcc\x2c\x7f\xff\x35\x78\x76\xe5\x06\xb5\x0d\x33\x4b\xa7\x7c\x22\x5b\xc3\x07\xba\x53\x71\x52\xf3\xf1\x61\x0e\x4e\xaf\xe5\x95\xf6\xd9\xd9\x0d\x11\xfa\xa9\x33\xa1\x5e\xf1\x36\x95\x46\x86\x8a\x7f\x3a\x45\xa9\x67\x68\xd4\x0f\xd9\xd0\x34\x12\xc0\x91\xc6\x31\x5c\xf4\xfd\xe7\xcb\x68\x60\x69\x37\x38\x0d\xb2\xea\xaa\x70\x7b\x4c\x41\x85\xc3\x2e\xdd\xcd\xd3\x06\x70\x5e\x4d\xc1\xff\xc8\x72\xee\xee\x47\x5a\x64\xdf\xac\x86\xab\xa4\x1c\x06\x18\x98\x3f\x87\x41\xc5\xef\x68\xd3\xa1\x01\xe8\xa3\xb8\xca\xc6\x0c\x90\x5c\x15\xfc\x91\x08\x40\xb9\x4c\x00\xa0\xb9\xd0"
, vecSig = "\xd0\x39\x65\xac\x31\x6a\x20\xf5\xa4\x7a\xb2\xd6\x18\x5e\xb3\xf0\xae\xea\x9c\x2e\xb8\xab\xe9\x22\xe9\x6d\x31\x7b\x3b\xd0\xef\x02\xe8\xd4\x7f\xd9\x23\x84\xe2\x86\x15\xeb\x33\x14\xad\xbc\x71\xc4\x67\x59\x96\x09\x9e\x48\x4c\xeb\x16\x28\x47\xc4\x0c\x32\x44\x0e"
}
]
doPublicKeyTest :: Int -> Vec -> TestTree
doPublicKeyTest i Vec{..} =
testCase (show i) (pub @=? EdDSA.toPublic vecPrx vecAlg sec)
where
!pub = throwCryptoError $ EdDSA.publicKey vecPrx vecAlg vecPub
!sec = throwCryptoError $ EdDSA.secretKey vecPrx vecSec
doSignatureTest :: Int -> Vec -> TestTree
doSignatureTest i Vec{..} =
testCase (show i) (sig @=? EdDSA.sign vecPrx sec pub vecMsg)
where
!sig = throwCryptoError $ EdDSA.signature vecPrx vecAlg vecSig
!pub = throwCryptoError $ EdDSA.publicKey vecPrx vecAlg vecPub
!sec = throwCryptoError $ EdDSA.secretKey vecPrx vecSec
doVerifyTest :: Int -> Vec -> TestTree
doVerifyTest i Vec{..} =
testCase (show i) (True @=? EdDSA.verify vecPrx pub vecMsg sig)
where
!sig = throwCryptoError $ EdDSA.signature vecPrx vecAlg vecSig
!pub = throwCryptoError $ EdDSA.publicKey vecPrx vecAlg vecPub
tests = testGroup "EdDSA"
[ testGroup "gen publickey" $ zipWith doPublicKeyTest [katZero..] vectors
, testGroup "gen signature" $ zipWith doSignatureTest [katZero..] vectors
, testGroup "verify sig" $ zipWith doVerifyTest [katZero..] vectors
]

65
tests/ResumableHash.hs
View File

@ -1,65 +0,0 @@
{-# LANGUAGE DataKinds #-}
{-# LANGUAGE ScopedTypeVariables #-}
{-# LANGUAGE TupleSections #-}
module ResumableHash (tests) where
import Crypto.Hash ( SHAKE128(..), SHAKE256(..), SHA3_224(..), SHA3_256(..), SHA3_384(..), SHA3_512(..), Keccak_224(..), Keccak_256(..), Keccak_384(..), Keccak_512(..)
, HashAlgorithm, HashAlgorithmResumable, Context, hashPutContext, hashGetContext)
import qualified Crypto.Hash as Hash
import qualified Data.ByteString as B
import qualified Data.ByteString.Lazy as LB
import qualified Data.ByteString.Builder as Builder
import Data.Maybe (fromMaybe)
import Imports
data HashResume a = HashResume [ByteString] [ByteString] (Hash.Digest a)
deriving (Show, Eq)
instance HashAlgorithm a => Arbitrary (HashResume a) where
arbitrary = do
(beforeChunks, afterChunks) <- oneof
[ ([], ) <$> (choose (1,20) >>= \n -> replicateM n (arbitraryBSof 1 99))
, (,) <$> (choose (1,20) >>= \n -> replicateM n (arbitraryBSof 1 99))
<*> (choose (1,20) >>= \n -> replicateM n (arbitraryBSof 1 99))
, (, []) <$> (choose (1,20) >>= \n -> replicateM n (arbitraryBSof 1 99))
, pure ([], [])
]
return $ HashResume beforeChunks afterChunks (Hash.hashlazy . LB.fromChunks $ beforeChunks ++ afterChunks)
resumeTests =
[ testResumeProperties "SHAKE128_256" (SHAKE128 :: SHAKE128 256)
, testResumeProperties "SHAKE256_256" (SHAKE256 :: SHAKE256 512)
, testResumeProperties "SHA3_224" SHA3_224
, testResumeProperties "SHA3_256" SHA3_256
, testResumeProperties "SHA3_384" SHA3_384
, testResumeProperties "SHA3_512" SHA3_512
, testResumeProperties "Keccak_224" Keccak_224
, testResumeProperties "Keccak_256" Keccak_256
, testResumeProperties "Keccak_384" Keccak_384
, testResumeProperties "Keccak_512" Keccak_512
, testCase "serializes big endian" $ test_is_be 168 (SHAKE128 :: SHAKE128 256)
]
where
testResumeProperties :: HashAlgorithmResumable a => TestName -> a -> TestTree
testResumeProperties name a = testGroup name
[ testProperty "resume" (prop_resume_start a)
]
prop_resume_start :: forall a. HashAlgorithmResumable a => a -> HashResume a -> Bool
prop_resume_start _ (HashResume beforeChunks afterChunks result) = fromMaybe False $ do
let beforeCtx = Hash.hashUpdates (Hash.hashInit :: Context a) beforeChunks
ctx <- hashGetContext (hashPutContext beforeCtx :: ByteString)
let afterCtx = Hash.hashUpdates ctx afterChunks
return $ result `assertEq` Hash.hashFinalize afterCtx
test_is_be :: forall a. HashAlgorithmResumable a => Word32 -> a -> Assertion
test_is_be size _ = slice @=? size_be
where size_be = LB.toStrict $ Builder.toLazyByteString $ Builder.word32BE size
serialized = hashPutContext (Hash.hashInit :: Context a) :: ByteString
slice = B.take 4 $ B.drop 4 serialized
tests = testGroup "ResumableHash" resumeTests

4
tests/Tests.hs
View File

@ -13,7 +13,6 @@ import qualified ECC
import qualified ECC.Edwards25519
import qualified ECDSA
import qualified Hash
import qualified ResumableHash
import qualified Poly1305
import qualified Salsa
import qualified XSalsa
@ -30,7 +29,6 @@ import qualified KAT_Curve25519
import qualified KAT_Curve448
import qualified KAT_Ed25519
import qualified KAT_Ed448
import qualified KAT_EdDSA
import qualified KAT_OTP
import qualified KAT_PubKey
import qualified KAT_Scrypt
@ -55,7 +53,6 @@ tests = testGroup "cryptonite"
, Number.tests
, Number.F2m.tests
, Hash.tests
, ResumableHash.tests
, Padding.tests
, testGroup "ConstructHash"
[ KAT_MiyaguchiPreneel.tests
@ -70,7 +67,6 @@ tests = testGroup "cryptonite"
, KAT_Curve448.tests
, KAT_Ed25519.tests
, KAT_Ed448.tests
, KAT_EdDSA.tests
, KAT_PubKey.tests
, KAT_OTP.tests
, testGroup "KDF"