1194ea909SVictor Perevertkin /*
2194ea909SVictor Perevertkin BLAKE2 reference source code package - reference C implementations
3194ea909SVictor Perevertkin
4194ea909SVictor Perevertkin Copyright 2012, Samuel Neves <sneves@dei.uc.pt>. You may use this under the
5194ea909SVictor Perevertkin terms of the CC0, the OpenSSL Licence, or the Apache Public License 2.0, at
6194ea909SVictor Perevertkin your option. The terms of these licenses can be found at:
7194ea909SVictor Perevertkin
8194ea909SVictor Perevertkin - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
9194ea909SVictor Perevertkin - OpenSSL license : https://www.openssl.org/source/license.html
10194ea909SVictor Perevertkin - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0
11194ea909SVictor Perevertkin
12194ea909SVictor Perevertkin More information about the BLAKE2 hash function can be found at
13194ea909SVictor Perevertkin https://blake2.net.
14194ea909SVictor Perevertkin */
15194ea909SVictor Perevertkin #pragma once
16194ea909SVictor Perevertkin
17194ea909SVictor Perevertkin #include <stdint.h>
18194ea909SVictor Perevertkin #include <string.h>
19194ea909SVictor Perevertkin
20194ea909SVictor Perevertkin #if !defined(__cplusplus) && (!defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L)
21194ea909SVictor Perevertkin #if defined(_MSC_VER)
22194ea909SVictor Perevertkin #define BLAKE2_INLINE __inline
23194ea909SVictor Perevertkin #elif defined(__GNUC__)
24194ea909SVictor Perevertkin #define BLAKE2_INLINE __inline__
25194ea909SVictor Perevertkin #else
26194ea909SVictor Perevertkin #define BLAKE2_INLINE
27194ea909SVictor Perevertkin #endif
28194ea909SVictor Perevertkin #else
29194ea909SVictor Perevertkin #define BLAKE2_INLINE inline
30194ea909SVictor Perevertkin #endif
31194ea909SVictor Perevertkin
32*f5556fdcSVincent Franchomme #define NATIVE_LITTLE_ENDIAN
33*f5556fdcSVincent Franchomme
load32(const void * src)34194ea909SVictor Perevertkin static BLAKE2_INLINE uint32_t load32( const void *src )
35194ea909SVictor Perevertkin {
36194ea909SVictor Perevertkin #if defined(NATIVE_LITTLE_ENDIAN)
37194ea909SVictor Perevertkin uint32_t w;
38194ea909SVictor Perevertkin memcpy(&w, src, sizeof w);
39194ea909SVictor Perevertkin return w;
40194ea909SVictor Perevertkin #else
41194ea909SVictor Perevertkin const uint8_t *p = ( const uint8_t * )src;
42194ea909SVictor Perevertkin return (( uint32_t )( p[0] ) << 0) |
43194ea909SVictor Perevertkin (( uint32_t )( p[1] ) << 8) |
44194ea909SVictor Perevertkin (( uint32_t )( p[2] ) << 16) |
45194ea909SVictor Perevertkin (( uint32_t )( p[3] ) << 24) ;
46194ea909SVictor Perevertkin #endif
47194ea909SVictor Perevertkin }
48194ea909SVictor Perevertkin
load64(const void * src)49194ea909SVictor Perevertkin static BLAKE2_INLINE uint64_t load64( const void *src )
50194ea909SVictor Perevertkin {
51194ea909SVictor Perevertkin #if defined(NATIVE_LITTLE_ENDIAN)
52194ea909SVictor Perevertkin uint64_t w;
53194ea909SVictor Perevertkin memcpy(&w, src, sizeof w);
54194ea909SVictor Perevertkin return w;
55194ea909SVictor Perevertkin #else
56194ea909SVictor Perevertkin const uint8_t *p = ( const uint8_t * )src;
57194ea909SVictor Perevertkin return (( uint64_t )( p[0] ) << 0) |
58194ea909SVictor Perevertkin (( uint64_t )( p[1] ) << 8) |
59194ea909SVictor Perevertkin (( uint64_t )( p[2] ) << 16) |
60194ea909SVictor Perevertkin (( uint64_t )( p[3] ) << 24) |
61194ea909SVictor Perevertkin (( uint64_t )( p[4] ) << 32) |
62194ea909SVictor Perevertkin (( uint64_t )( p[5] ) << 40) |
63194ea909SVictor Perevertkin (( uint64_t )( p[6] ) << 48) |
64194ea909SVictor Perevertkin (( uint64_t )( p[7] ) << 56) ;
65194ea909SVictor Perevertkin #endif
66194ea909SVictor Perevertkin }
67194ea909SVictor Perevertkin
load16(const void * src)68194ea909SVictor Perevertkin static BLAKE2_INLINE uint16_t load16( const void *src )
69194ea909SVictor Perevertkin {
70194ea909SVictor Perevertkin #if defined(NATIVE_LITTLE_ENDIAN)
71194ea909SVictor Perevertkin uint16_t w;
72194ea909SVictor Perevertkin memcpy(&w, src, sizeof w);
73194ea909SVictor Perevertkin return w;
74194ea909SVictor Perevertkin #else
75194ea909SVictor Perevertkin const uint8_t *p = ( const uint8_t * )src;
76194ea909SVictor Perevertkin return ( uint16_t )((( uint32_t )( p[0] ) << 0) |
77194ea909SVictor Perevertkin (( uint32_t )( p[1] ) << 8));
78194ea909SVictor Perevertkin #endif
79194ea909SVictor Perevertkin }
80194ea909SVictor Perevertkin
store16(void * dst,uint16_t w)81194ea909SVictor Perevertkin static BLAKE2_INLINE void store16( void *dst, uint16_t w )
82194ea909SVictor Perevertkin {
83194ea909SVictor Perevertkin #if defined(NATIVE_LITTLE_ENDIAN)
84194ea909SVictor Perevertkin memcpy(dst, &w, sizeof w);
85194ea909SVictor Perevertkin #else
86194ea909SVictor Perevertkin uint8_t *p = ( uint8_t * )dst;
87194ea909SVictor Perevertkin *p++ = ( uint8_t )w; w >>= 8;
88194ea909SVictor Perevertkin *p++ = ( uint8_t )w;
89194ea909SVictor Perevertkin #endif
90194ea909SVictor Perevertkin }
91194ea909SVictor Perevertkin
store32(void * dst,uint32_t w)92194ea909SVictor Perevertkin static BLAKE2_INLINE void store32( void *dst, uint32_t w )
93194ea909SVictor Perevertkin {
94194ea909SVictor Perevertkin #if defined(NATIVE_LITTLE_ENDIAN)
95194ea909SVictor Perevertkin memcpy(dst, &w, sizeof w);
96194ea909SVictor Perevertkin #else
97194ea909SVictor Perevertkin uint8_t *p = ( uint8_t * )dst;
98194ea909SVictor Perevertkin p[0] = (uint8_t)(w >> 0);
99194ea909SVictor Perevertkin p[1] = (uint8_t)(w >> 8);
100194ea909SVictor Perevertkin p[2] = (uint8_t)(w >> 16);
101194ea909SVictor Perevertkin p[3] = (uint8_t)(w >> 24);
102194ea909SVictor Perevertkin #endif
103194ea909SVictor Perevertkin }
104194ea909SVictor Perevertkin
store64(void * dst,uint64_t w)105194ea909SVictor Perevertkin static BLAKE2_INLINE void store64( void *dst, uint64_t w )
106194ea909SVictor Perevertkin {
107194ea909SVictor Perevertkin #if defined(NATIVE_LITTLE_ENDIAN)
108194ea909SVictor Perevertkin memcpy(dst, &w, sizeof w);
109194ea909SVictor Perevertkin #else
110194ea909SVictor Perevertkin uint8_t *p = ( uint8_t * )dst;
111194ea909SVictor Perevertkin p[0] = (uint8_t)(w >> 0);
112194ea909SVictor Perevertkin p[1] = (uint8_t)(w >> 8);
113194ea909SVictor Perevertkin p[2] = (uint8_t)(w >> 16);
114194ea909SVictor Perevertkin p[3] = (uint8_t)(w >> 24);
115194ea909SVictor Perevertkin p[4] = (uint8_t)(w >> 32);
116194ea909SVictor Perevertkin p[5] = (uint8_t)(w >> 40);
117194ea909SVictor Perevertkin p[6] = (uint8_t)(w >> 48);
118194ea909SVictor Perevertkin p[7] = (uint8_t)(w >> 56);
119194ea909SVictor Perevertkin #endif
120194ea909SVictor Perevertkin }
121194ea909SVictor Perevertkin
load48(const void * src)122194ea909SVictor Perevertkin static BLAKE2_INLINE uint64_t load48( const void *src )
123194ea909SVictor Perevertkin {
124194ea909SVictor Perevertkin const uint8_t *p = ( const uint8_t * )src;
125194ea909SVictor Perevertkin return (( uint64_t )( p[0] ) << 0) |
126194ea909SVictor Perevertkin (( uint64_t )( p[1] ) << 8) |
127194ea909SVictor Perevertkin (( uint64_t )( p[2] ) << 16) |
128194ea909SVictor Perevertkin (( uint64_t )( p[3] ) << 24) |
129194ea909SVictor Perevertkin (( uint64_t )( p[4] ) << 32) |
130194ea909SVictor Perevertkin (( uint64_t )( p[5] ) << 40) ;
131194ea909SVictor Perevertkin }
132194ea909SVictor Perevertkin
store48(void * dst,uint64_t w)133194ea909SVictor Perevertkin static BLAKE2_INLINE void store48( void *dst, uint64_t w )
134194ea909SVictor Perevertkin {
135194ea909SVictor Perevertkin uint8_t *p = ( uint8_t * )dst;
136194ea909SVictor Perevertkin p[0] = (uint8_t)(w >> 0);
137194ea909SVictor Perevertkin p[1] = (uint8_t)(w >> 8);
138194ea909SVictor Perevertkin p[2] = (uint8_t)(w >> 16);
139194ea909SVictor Perevertkin p[3] = (uint8_t)(w >> 24);
140194ea909SVictor Perevertkin p[4] = (uint8_t)(w >> 32);
141194ea909SVictor Perevertkin p[5] = (uint8_t)(w >> 40);
142194ea909SVictor Perevertkin }
143194ea909SVictor Perevertkin
rotr32(const uint32_t w,const unsigned c)144194ea909SVictor Perevertkin static BLAKE2_INLINE uint32_t rotr32( const uint32_t w, const unsigned c )
145194ea909SVictor Perevertkin {
146194ea909SVictor Perevertkin return ( w >> c ) | ( w << ( 32 - c ) );
147194ea909SVictor Perevertkin }
148194ea909SVictor Perevertkin
rotr64(const uint64_t w,const unsigned c)149194ea909SVictor Perevertkin static BLAKE2_INLINE uint64_t rotr64( const uint64_t w, const unsigned c )
150194ea909SVictor Perevertkin {
151194ea909SVictor Perevertkin return ( w >> c ) | ( w << ( 64 - c ) );
152194ea909SVictor Perevertkin }
153194ea909SVictor Perevertkin
154194ea909SVictor Perevertkin #if defined(_MSC_VER)
155194ea909SVictor Perevertkin #define BLAKE2_PACKED(x) __pragma(pack(push, 1)) x __pragma(pack(pop))
156194ea909SVictor Perevertkin #else
157194ea909SVictor Perevertkin #define BLAKE2_PACKED(x) x __attribute__((packed))
158194ea909SVictor Perevertkin #endif
159194ea909SVictor Perevertkin
160194ea909SVictor Perevertkin enum blake2b_constant
161194ea909SVictor Perevertkin {
162194ea909SVictor Perevertkin BLAKE2B_BLOCKBYTES = 128,
163194ea909SVictor Perevertkin BLAKE2B_OUTBYTES = 64,
164194ea909SVictor Perevertkin BLAKE2B_KEYBYTES = 64,
165194ea909SVictor Perevertkin BLAKE2B_SALTBYTES = 16,
166194ea909SVictor Perevertkin BLAKE2B_PERSONALBYTES = 16
167194ea909SVictor Perevertkin };
168194ea909SVictor Perevertkin
169194ea909SVictor Perevertkin typedef struct blake2b_state__
170194ea909SVictor Perevertkin {
171194ea909SVictor Perevertkin uint64_t h[8];
172194ea909SVictor Perevertkin uint64_t t[2];
173194ea909SVictor Perevertkin uint64_t f[2];
174194ea909SVictor Perevertkin uint8_t buf[BLAKE2B_BLOCKBYTES];
175194ea909SVictor Perevertkin size_t buflen;
176194ea909SVictor Perevertkin size_t outlen;
177194ea909SVictor Perevertkin uint8_t last_node;
178194ea909SVictor Perevertkin } blake2b_state;
179194ea909SVictor Perevertkin
180194ea909SVictor Perevertkin BLAKE2_PACKED(struct blake2b_param__
181194ea909SVictor Perevertkin {
182194ea909SVictor Perevertkin uint8_t digest_length; /* 1 */
183194ea909SVictor Perevertkin uint8_t key_length; /* 2 */
184194ea909SVictor Perevertkin uint8_t fanout; /* 3 */
185194ea909SVictor Perevertkin uint8_t depth; /* 4 */
186194ea909SVictor Perevertkin uint32_t leaf_length; /* 8 */
187194ea909SVictor Perevertkin uint32_t node_offset; /* 12 */
188194ea909SVictor Perevertkin uint32_t xof_length; /* 16 */
189194ea909SVictor Perevertkin uint8_t node_depth; /* 17 */
190194ea909SVictor Perevertkin uint8_t inner_length; /* 18 */
191194ea909SVictor Perevertkin uint8_t reserved[14]; /* 32 */
192194ea909SVictor Perevertkin uint8_t salt[BLAKE2B_SALTBYTES]; /* 48 */
193194ea909SVictor Perevertkin uint8_t personal[BLAKE2B_PERSONALBYTES]; /* 64 */
194194ea909SVictor Perevertkin });
195194ea909SVictor Perevertkin
196194ea909SVictor Perevertkin typedef struct blake2b_param__ blake2b_param;
197