freebsd-skq/sys/crypto/blake2/blake2-sw.c

/* This file is in the public domain. */

#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");

#include <contrib/libb2/blake2.h>
#include <opencrypto/xform_auth.h>

extern int blake2b_init_ref(blake2b_state *S, size_t outlen);
extern int blake2b_init_param_ref(blake2b_state *S, const blake2b_param *P);
extern int blake2b_init_key_ref(blake2b_state *S, size_t outlen,
    const void *key, size_t keylen);
extern int blake2b_update_ref(blake2b_state *S, const uint8_t *in,
    size_t inlen);
extern int blake2b_final_ref(blake2b_state *S, uint8_t *out, size_t outlen);
extern int blake2b_ref(uint8_t *out, const void *in, const void *key,
    size_t outlen, size_t inlen, size_t keylen);

extern int blake2s_init_ref(blake2s_state *S, size_t outlen);
extern int blake2s_init_param_ref(blake2s_state *S, const blake2s_param *P);
extern int blake2s_init_key_ref(blake2s_state *S, size_t outlen,
    const void *key, size_t keylen);
extern int blake2s_update_ref(blake2s_state *S, const uint8_t *in,
    size_t inlen);
extern int blake2s_final_ref(blake2s_state *S, uint8_t *out, size_t outlen);
extern int blake2s_ref(uint8_t *out, const void *in, const void *key,
    size_t outlen, size_t inlen, size_t keylen);

struct blake2b_xform_ctx {
	blake2b_state state;
	uint8_t key[BLAKE2B_KEYBYTES];
	uint16_t klen;
};
CTASSERT(sizeof(union authctx) >= sizeof(struct blake2b_xform_ctx));

static void
blake2b_xform_init(void *vctx)
{
	struct blake2b_xform_ctx *ctx = vctx;
	int rc;

	if (ctx->klen > 0)
		rc = blake2b_init_key_ref(&ctx->state, BLAKE2B_OUTBYTES,
		    ctx->key, ctx->klen);
	else
		rc = blake2b_init_ref(&ctx->state, BLAKE2B_OUTBYTES);
	if (rc != 0)
		panic("blake2b_init_key: invalid arguments");
}

static void
blake2b_xform_setkey(void *vctx, const uint8_t *key, u_int klen)
{
	struct blake2b_xform_ctx *ctx = vctx;

	if (klen > sizeof(ctx->key))
		panic("invalid klen %u", (unsigned)klen);
	memcpy(ctx->key, key, klen);
	ctx->klen = klen;
}

static int
blake2b_xform_update(void *vctx, const void *data, u_int len)
{
	struct blake2b_xform_ctx *ctx = vctx;
	int rc;

	rc = blake2b_update_ref(&ctx->state, data, len);
	if (rc != 0)
		return (EINVAL);
	return (0);
}

static void
blake2b_xform_final(uint8_t *out, void *vctx)
{
	struct blake2b_xform_ctx *ctx = vctx;
	int rc;

	rc = blake2b_final_ref(&ctx->state, out, BLAKE2B_OUTBYTES);
	if (rc != 0)
		panic("blake2b_final: invalid");
}

struct auth_hash auth_hash_blake2b = {
	.type = CRYPTO_BLAKE2B,
	.name = "Blake2b",
	.keysize = BLAKE2B_KEYBYTES,
	.hashsize = BLAKE2B_OUTBYTES,
	.ctxsize = sizeof(struct blake2b_xform_ctx),
	.Setkey = blake2b_xform_setkey,
	.Init = blake2b_xform_init,
	.Update = blake2b_xform_update,
	.Final = blake2b_xform_final,
};

struct blake2s_xform_ctx {
	blake2s_state state;
	uint8_t key[BLAKE2S_KEYBYTES];
	uint16_t klen;
};
CTASSERT(sizeof(union authctx) >= sizeof(struct blake2s_xform_ctx));

static void
blake2s_xform_init(void *vctx)
{
	struct blake2s_xform_ctx *ctx = vctx;
	int rc;

	if (ctx->klen > 0)
		rc = blake2s_init_key_ref(&ctx->state, BLAKE2S_OUTBYTES,
		    ctx->key, ctx->klen);
	else
		rc = blake2s_init_ref(&ctx->state, BLAKE2S_OUTBYTES);
	if (rc != 0)
		panic("blake2s_init_key: invalid arguments");
}

static void
blake2s_xform_setkey(void *vctx, const uint8_t *key, u_int klen)
{
	struct blake2s_xform_ctx *ctx = vctx;

	if (klen > sizeof(ctx->key))
		panic("invalid klen %u", (unsigned)klen);
	memcpy(ctx->key, key, klen);
	ctx->klen = klen;
}

static int
blake2s_xform_update(void *vctx, const void *data, u_int len)
{
	struct blake2s_xform_ctx *ctx = vctx;
	int rc;

	rc = blake2s_update_ref(&ctx->state, data, len);
	if (rc != 0)
		return (EINVAL);
	return (0);
}

static void
blake2s_xform_final(uint8_t *out, void *vctx)
{
	struct blake2s_xform_ctx *ctx = vctx;
	int rc;

	rc = blake2s_final_ref(&ctx->state, out, BLAKE2S_OUTBYTES);
	if (rc != 0)
		panic("blake2s_final: invalid");
}

struct auth_hash auth_hash_blake2s = {
	.type = CRYPTO_BLAKE2S,
	.name = "Blake2s",
	.keysize = BLAKE2S_KEYBYTES,
	.hashsize = BLAKE2S_OUTBYTES,
	.ctxsize = sizeof(struct blake2s_xform_ctx),
	.Setkey = blake2s_xform_setkey,
	.Init = blake2s_xform_init,
	.Update = blake2s_xform_update,
	.Final = blake2s_xform_final,
};
Import Blake2 algorithms (blake2b, blake2s) from libb2 The upstream repository is on github BLAKE2/libb2. Files landed in sys/contrib/libb2 are the unmodified upstream files, except for one difference: secure_zero_memory's contents have been replaced with explicit_bzero() only because the previous implementation broke powerpc link. Preferential use of explicit_bzero() is in progress upstream, so it is anticipated we will be able to drop this diff in the future. sys/crypto/blake2 contains the source files needed to port libb2 to our build system, a wrapped (limited) variant of the algorithm to match the API of our auth_transform softcrypto abstraction, incorporation into the Open Crypto Framework (OCF) cryptosoft(4) driver, as well as an x86 SSE/AVX accelerated OCF driver, blake2(4). Optimized variants of blake2 are compiled for a number of x86 machines (anything from SSE2 to AVX + XOP). On those machines, FPU context will need to be explicitly saved before using blake2(4)-provided algorithms directly. Use via cryptodev / OCF saves FPU state automatically, and use via the auth_transform softcrypto abstraction does not use FPU. The intent of the OCF driver is mostly to enable testing in userspace via /dev/crypto. ATF tests are added with published KAT test vectors to validate correctness. Reviewed by: jhb, markj Obtained from: github BLAKE2/libb2 Differential Revision: https://reviews.freebsd.org/D14662 2018-03-21 16:18:14 +00:00			`/* This file is in the public domain. */`

			`#include <sys/cdefs.h>`
			`__FBSDID("$FreeBSD$");`

			`#include <contrib/libb2/blake2.h>`
			`#include <opencrypto/xform_auth.h>`

			`extern int blake2b_init_ref(blake2b_state *S, size_t outlen);`
			`extern int blake2b_init_param_ref(blake2b_state S, const blake2b_param P);`
			`extern int blake2b_init_key_ref(blake2b_state *S, size_t outlen,`
			`const void *key, size_t keylen);`
			`extern int blake2b_update_ref(blake2b_state S, const uint8_t in,`
			`size_t inlen);`
			`extern int blake2b_final_ref(blake2b_state S, uint8_t out, size_t outlen);`
			`extern int blake2b_ref(uint8_t out, const void in, const void *key,`
			`size_t outlen, size_t inlen, size_t keylen);`

			`extern int blake2s_init_ref(blake2s_state *S, size_t outlen);`
			`extern int blake2s_init_param_ref(blake2s_state S, const blake2s_param P);`
			`extern int blake2s_init_key_ref(blake2s_state *S, size_t outlen,`
			`const void *key, size_t keylen);`
			`extern int blake2s_update_ref(blake2s_state S, const uint8_t in,`
			`size_t inlen);`
			`extern int blake2s_final_ref(blake2s_state S, uint8_t out, size_t outlen);`
			`extern int blake2s_ref(uint8_t out, const void in, const void *key,`
			`size_t outlen, size_t inlen, size_t keylen);`

			`struct blake2b_xform_ctx {`
			`blake2b_state state;`
			`uint8_t key[BLAKE2B_KEYBYTES];`
			`uint16_t klen;`
			`};`
			`CTASSERT(sizeof(union authctx) >= sizeof(struct blake2b_xform_ctx));`

			`static void`
			`blake2b_xform_init(void *vctx)`
			`{`
			`struct blake2b_xform_ctx *ctx = vctx;`
			`int rc;`

			`if (ctx->klen > 0)`
			`rc = blake2b_init_key_ref(&ctx->state, BLAKE2B_OUTBYTES,`
			`ctx->key, ctx->klen);`
			`else`
			`rc = blake2b_init_ref(&ctx->state, BLAKE2B_OUTBYTES);`
			`if (rc != 0)`
			`panic("blake2b_init_key: invalid arguments");`
			`}`

			`static void`
Adjust crypto_apply function callbacks for OCF. - crypto_apply() is only used for reading a buffer to compute a digest, so change the data pointer to a const pointer. - To better match m_apply(), change the data pointer type to void * and the length from uint16_t to u_int. The length field in particular matters as none of the apply logic was splitting requests larger than UINT16_MAX. - Adjust the auth_xform Update callback to match the function prototype passed to crypto_apply() and crypto_apply_buf(). This removes the needs for casts when using the Update callback. - Change the Reinit and Setkey callbacks to also use a u_int length instead of uint16_t. - Update auth transforms for the changes. While here, use C99 initializers for auth_hash structures and avoid casts on callbacks. Reviewed by: cem Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D25171 2020-06-10 21:18:19 +00:00			`blake2b_xform_setkey(void vctx, const uint8_t key, u_int klen)`
Import Blake2 algorithms (blake2b, blake2s) from libb2 The upstream repository is on github BLAKE2/libb2. Files landed in sys/contrib/libb2 are the unmodified upstream files, except for one difference: secure_zero_memory's contents have been replaced with explicit_bzero() only because the previous implementation broke powerpc link. Preferential use of explicit_bzero() is in progress upstream, so it is anticipated we will be able to drop this diff in the future. sys/crypto/blake2 contains the source files needed to port libb2 to our build system, a wrapped (limited) variant of the algorithm to match the API of our auth_transform softcrypto abstraction, incorporation into the Open Crypto Framework (OCF) cryptosoft(4) driver, as well as an x86 SSE/AVX accelerated OCF driver, blake2(4). Optimized variants of blake2 are compiled for a number of x86 machines (anything from SSE2 to AVX + XOP). On those machines, FPU context will need to be explicitly saved before using blake2(4)-provided algorithms directly. Use via cryptodev / OCF saves FPU state automatically, and use via the auth_transform softcrypto abstraction does not use FPU. The intent of the OCF driver is mostly to enable testing in userspace via /dev/crypto. ATF tests are added with published KAT test vectors to validate correctness. Reviewed by: jhb, markj Obtained from: github BLAKE2/libb2 Differential Revision: https://reviews.freebsd.org/D14662 2018-03-21 16:18:14 +00:00			`{`
			`struct blake2b_xform_ctx *ctx = vctx;`

			`if (klen > sizeof(ctx->key))`
			`panic("invalid klen %u", (unsigned)klen);`
			`memcpy(ctx->key, key, klen);`
			`ctx->klen = klen;`
			`}`

			`static int`
Adjust crypto_apply function callbacks for OCF. - crypto_apply() is only used for reading a buffer to compute a digest, so change the data pointer to a const pointer. - To better match m_apply(), change the data pointer type to void * and the length from uint16_t to u_int. The length field in particular matters as none of the apply logic was splitting requests larger than UINT16_MAX. - Adjust the auth_xform Update callback to match the function prototype passed to crypto_apply() and crypto_apply_buf(). This removes the needs for casts when using the Update callback. - Change the Reinit and Setkey callbacks to also use a u_int length instead of uint16_t. - Update auth transforms for the changes. While here, use C99 initializers for auth_hash structures and avoid casts on callbacks. Reviewed by: cem Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D25171 2020-06-10 21:18:19 +00:00			`blake2b_xform_update(void vctx, const void data, u_int len)`
Import Blake2 algorithms (blake2b, blake2s) from libb2 The upstream repository is on github BLAKE2/libb2. Files landed in sys/contrib/libb2 are the unmodified upstream files, except for one difference: secure_zero_memory's contents have been replaced with explicit_bzero() only because the previous implementation broke powerpc link. Preferential use of explicit_bzero() is in progress upstream, so it is anticipated we will be able to drop this diff in the future. sys/crypto/blake2 contains the source files needed to port libb2 to our build system, a wrapped (limited) variant of the algorithm to match the API of our auth_transform softcrypto abstraction, incorporation into the Open Crypto Framework (OCF) cryptosoft(4) driver, as well as an x86 SSE/AVX accelerated OCF driver, blake2(4). Optimized variants of blake2 are compiled for a number of x86 machines (anything from SSE2 to AVX + XOP). On those machines, FPU context will need to be explicitly saved before using blake2(4)-provided algorithms directly. Use via cryptodev / OCF saves FPU state automatically, and use via the auth_transform softcrypto abstraction does not use FPU. The intent of the OCF driver is mostly to enable testing in userspace via /dev/crypto. ATF tests are added with published KAT test vectors to validate correctness. Reviewed by: jhb, markj Obtained from: github BLAKE2/libb2 Differential Revision: https://reviews.freebsd.org/D14662 2018-03-21 16:18:14 +00:00			`{`
			`struct blake2b_xform_ctx *ctx = vctx;`
			`int rc;`

			`rc = blake2b_update_ref(&ctx->state, data, len);`
			`if (rc != 0)`
			`return (EINVAL);`
			`return (0);`
			`}`

			`static void`
			`blake2b_xform_final(uint8_t out, void vctx)`
			`{`
			`struct blake2b_xform_ctx *ctx = vctx;`
			`int rc;`

			`rc = blake2b_final_ref(&ctx->state, out, BLAKE2B_OUTBYTES);`
			`if (rc != 0)`
			`panic("blake2b_final: invalid");`
			`}`

			`struct auth_hash auth_hash_blake2b = {`
			`.type = CRYPTO_BLAKE2B,`
			`.name = "Blake2b",`
			`.keysize = BLAKE2B_KEYBYTES,`
			`.hashsize = BLAKE2B_OUTBYTES,`
			`.ctxsize = sizeof(struct blake2b_xform_ctx),`
			`.Setkey = blake2b_xform_setkey,`
			`.Init = blake2b_xform_init,`
			`.Update = blake2b_xform_update,`
			`.Final = blake2b_xform_final,`
			`};`

			`struct blake2s_xform_ctx {`
			`blake2s_state state;`
			`uint8_t key[BLAKE2S_KEYBYTES];`
			`uint16_t klen;`
			`};`
			`CTASSERT(sizeof(union authctx) >= sizeof(struct blake2s_xform_ctx));`

			`static void`
			`blake2s_xform_init(void *vctx)`
			`{`
			`struct blake2s_xform_ctx *ctx = vctx;`
			`int rc;`

			`if (ctx->klen > 0)`
			`rc = blake2s_init_key_ref(&ctx->state, BLAKE2S_OUTBYTES,`
			`ctx->key, ctx->klen);`
			`else`
			`rc = blake2s_init_ref(&ctx->state, BLAKE2S_OUTBYTES);`
			`if (rc != 0)`
			`panic("blake2s_init_key: invalid arguments");`
			`}`

			`static void`
Adjust crypto_apply function callbacks for OCF. - crypto_apply() is only used for reading a buffer to compute a digest, so change the data pointer to a const pointer. - To better match m_apply(), change the data pointer type to void * and the length from uint16_t to u_int. The length field in particular matters as none of the apply logic was splitting requests larger than UINT16_MAX. - Adjust the auth_xform Update callback to match the function prototype passed to crypto_apply() and crypto_apply_buf(). This removes the needs for casts when using the Update callback. - Change the Reinit and Setkey callbacks to also use a u_int length instead of uint16_t. - Update auth transforms for the changes. While here, use C99 initializers for auth_hash structures and avoid casts on callbacks. Reviewed by: cem Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D25171 2020-06-10 21:18:19 +00:00			`blake2s_xform_setkey(void vctx, const uint8_t key, u_int klen)`
Import Blake2 algorithms (blake2b, blake2s) from libb2 The upstream repository is on github BLAKE2/libb2. Files landed in sys/contrib/libb2 are the unmodified upstream files, except for one difference: secure_zero_memory's contents have been replaced with explicit_bzero() only because the previous implementation broke powerpc link. Preferential use of explicit_bzero() is in progress upstream, so it is anticipated we will be able to drop this diff in the future. sys/crypto/blake2 contains the source files needed to port libb2 to our build system, a wrapped (limited) variant of the algorithm to match the API of our auth_transform softcrypto abstraction, incorporation into the Open Crypto Framework (OCF) cryptosoft(4) driver, as well as an x86 SSE/AVX accelerated OCF driver, blake2(4). Optimized variants of blake2 are compiled for a number of x86 machines (anything from SSE2 to AVX + XOP). On those machines, FPU context will need to be explicitly saved before using blake2(4)-provided algorithms directly. Use via cryptodev / OCF saves FPU state automatically, and use via the auth_transform softcrypto abstraction does not use FPU. The intent of the OCF driver is mostly to enable testing in userspace via /dev/crypto. ATF tests are added with published KAT test vectors to validate correctness. Reviewed by: jhb, markj Obtained from: github BLAKE2/libb2 Differential Revision: https://reviews.freebsd.org/D14662 2018-03-21 16:18:14 +00:00			`{`
			`struct blake2s_xform_ctx *ctx = vctx;`

			`if (klen > sizeof(ctx->key))`
			`panic("invalid klen %u", (unsigned)klen);`
			`memcpy(ctx->key, key, klen);`
			`ctx->klen = klen;`
			`}`

			`static int`
Adjust crypto_apply function callbacks for OCF. - crypto_apply() is only used for reading a buffer to compute a digest, so change the data pointer to a const pointer. - To better match m_apply(), change the data pointer type to void * and the length from uint16_t to u_int. The length field in particular matters as none of the apply logic was splitting requests larger than UINT16_MAX. - Adjust the auth_xform Update callback to match the function prototype passed to crypto_apply() and crypto_apply_buf(). This removes the needs for casts when using the Update callback. - Change the Reinit and Setkey callbacks to also use a u_int length instead of uint16_t. - Update auth transforms for the changes. While here, use C99 initializers for auth_hash structures and avoid casts on callbacks. Reviewed by: cem Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D25171 2020-06-10 21:18:19 +00:00			`blake2s_xform_update(void vctx, const void data, u_int len)`
Import Blake2 algorithms (blake2b, blake2s) from libb2 The upstream repository is on github BLAKE2/libb2. Files landed in sys/contrib/libb2 are the unmodified upstream files, except for one difference: secure_zero_memory's contents have been replaced with explicit_bzero() only because the previous implementation broke powerpc link. Preferential use of explicit_bzero() is in progress upstream, so it is anticipated we will be able to drop this diff in the future. sys/crypto/blake2 contains the source files needed to port libb2 to our build system, a wrapped (limited) variant of the algorithm to match the API of our auth_transform softcrypto abstraction, incorporation into the Open Crypto Framework (OCF) cryptosoft(4) driver, as well as an x86 SSE/AVX accelerated OCF driver, blake2(4). Optimized variants of blake2 are compiled for a number of x86 machines (anything from SSE2 to AVX + XOP). On those machines, FPU context will need to be explicitly saved before using blake2(4)-provided algorithms directly. Use via cryptodev / OCF saves FPU state automatically, and use via the auth_transform softcrypto abstraction does not use FPU. The intent of the OCF driver is mostly to enable testing in userspace via /dev/crypto. ATF tests are added with published KAT test vectors to validate correctness. Reviewed by: jhb, markj Obtained from: github BLAKE2/libb2 Differential Revision: https://reviews.freebsd.org/D14662 2018-03-21 16:18:14 +00:00			`{`
			`struct blake2s_xform_ctx *ctx = vctx;`
			`int rc;`

			`rc = blake2s_update_ref(&ctx->state, data, len);`
			`if (rc != 0)`
			`return (EINVAL);`
			`return (0);`
			`}`

			`static void`
			`blake2s_xform_final(uint8_t out, void vctx)`
			`{`
			`struct blake2s_xform_ctx *ctx = vctx;`
			`int rc;`

			`rc = blake2s_final_ref(&ctx->state, out, BLAKE2S_OUTBYTES);`
			`if (rc != 0)`
			`panic("blake2s_final: invalid");`
			`}`

			`struct auth_hash auth_hash_blake2s = {`
			`.type = CRYPTO_BLAKE2S,`
			`.name = "Blake2s",`
			`.keysize = BLAKE2S_KEYBYTES,`
			`.hashsize = BLAKE2S_OUTBYTES,`
			`.ctxsize = sizeof(struct blake2s_xform_ctx),`
			`.Setkey = blake2s_xform_setkey,`
			`.Init = blake2s_xform_init,`
			`.Update = blake2s_xform_update,`
			`.Final = blake2s_xform_final,`
			`};`