Home Explore Help
Sign In
OWEALs
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
2
0
Fork 0
Files Issues 8 Wiki
Tree: 9d9549fbd3
Branches Tags
wolfssl
/
wolfcrypt
/
src
/
blake2b.c

blake2b.c 13 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510 
  1. /*
    2. 

  2.    BLAKE2 reference source code package - reference C implementations
    3. 

  3. 

  4.    Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
    5. 

  5. 

  6.    To the extent possible under law, the author(s) have dedicated all copyright
    7. 

  7.    and related and neighboring rights to this software to the public domain
    8. 

  8.    worldwide. This software is distributed without any warranty.
    9. 

  9. 

  10.    You should have received a copy of the CC0 Public Domain Dedication along with
    11. 

  11.    this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
    12. 

  12. */
    13. 

  13. /* blake2b.c
    14. 

  14.  *
    15. 

  15.  * Copyright (C) 2006-2022 wolfSSL Inc.
    16. 

  16.  *
    17. 

  17.  * This file is part of wolfSSL.
    18. 

  18.  *
    19. 

  19.  * wolfSSL is free software; you can redistribute it and/or modify
    20. 

  20.  * it under the terms of the GNU General Public License as published by
    21. 

  21.  * the Free Software Foundation; either version 2 of the License, or
    22. 

  22.  * (at your option) any later version.
    23. 

  23.  *
    24. 

  24.  * wolfSSL is distributed in the hope that it will be useful,
    25. 

  25.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    26. 

  26.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    27. 

  27.  * GNU General Public License for more details.
    28. 

  28.  *
    29. 

  29.  * You should have received a copy of the GNU General Public License
    30. 

  30.  * along with this program; if not, write to the Free Software
    31. 

  31.  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
    32. 

  32.  */
    33. 

  33. 

  34. 

  35. 

  36. #ifdef HAVE_CONFIG_H
    37. 

  37.     #include <config.h>
    38. 

  38. #endif
    39. 

  39. 

  40. #include <wolfssl/wolfcrypt/settings.h>
    41. 

  41. 

  42. #ifdef HAVE_BLAKE2
    43. 

  43. 

  44. #include <wolfssl/wolfcrypt/blake2.h>
    45. 

  45. #include <wolfssl/wolfcrypt/blake2-impl.h>
    46. 

  46. #include <wolfssl/wolfcrypt/error-crypt.h>
    47. 

  47. 

  48. 

  49. static const word64 blake2b_IV[8] =
    50. 

  50. {
    51. 

  51.   0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL,
    52. 

  52.   0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL,
    53. 

  53.   0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL,
    54. 

  54.   0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL
    55. 

  55. };
    56. 

  56. 

  57. static const byte blake2b_sigma[12][16] =
    58. 

  58. {
    59. 

  59.   {  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15 } ,
    60. 

  60.   { 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 } ,
    61. 

  61.   { 11,  8, 12,  0,  5,  2, 15, 13, 10, 14,  3,  6,  7,  1,  9,  4 } ,
    62. 

  62.   {  7,  9,  3,  1, 13, 12, 11, 14,  2,  6,  5, 10,  4,  0, 15,  8 } ,
    63. 

  63.   {  9,  0,  5,  7,  2,  4, 10, 15, 14,  1, 11, 12,  6,  8,  3, 13 } ,
    64. 

  64.   {  2, 12,  6, 10,  0, 11,  8,  3,  4, 13,  7,  5, 15, 14,  1,  9 } ,
    65. 

  65.   { 12,  5,  1, 15, 14, 13,  4, 10,  0,  7,  6,  3,  9,  2,  8, 11 } ,
    66. 

  66.   { 13, 11,  7, 14, 12,  1,  3,  9,  5,  0, 15,  4,  8,  6,  2, 10 } ,
    67. 

  67.   {  6, 15, 14,  9, 11,  3,  0,  8, 12,  2, 13,  7,  1,  4, 10,  5 } ,
    68. 

  68.   { 10,  2,  8,  4,  7,  6,  1,  5, 15, 11,  9, 14,  3, 12, 13 , 0 } ,
    69. 

  69.   {  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15 } ,
    70. 

  70.   { 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 }
    71. 

  71. };
    72. 

  72. 

  73. 

  74. static WC_INLINE int blake2b_set_lastnode( blake2b_state *S )
    75. 

  75. {
    76. 

  76.   S->f[1] = ~0ULL;
    77. 

  77.   return 0;
    78. 

  78. }
    79. 

  79. 

  80. /* Some helper functions, not necessarily useful */
    81. 

  81. static WC_INLINE int blake2b_set_lastblock( blake2b_state *S )
    82. 

  82. {
    83. 

  83.   if( S->last_node ) blake2b_set_lastnode( S );
    84. 

  84. 

  85.   S->f[0] = ~0ULL;
    86. 

  86.   return 0;
    87. 

  87. }
    88. 

  88. 

  89. static WC_INLINE int blake2b_increment_counter( blake2b_state *S, const word64
    90. 

  90.                                              inc )
    91. 

  91. {
    92. 

  92.   S->t[0] += inc;
    93. 

  93.   S->t[1] += ( S->t[0] < inc );
    94. 

  94.   return 0;
    95. 

  95. }
    96. 

  96. 

  97. static WC_INLINE int blake2b_init0( blake2b_state *S )
    98. 

  98. {
    99. 

  99.   int i;
    100. 

  100.   XMEMSET( S, 0, sizeof( blake2b_state ) );
    101. 

  101. 

  102.   for( i = 0; i < 8; ++i ) S->h[i] = blake2b_IV[i];
    103. 

  103. 

  104.   return 0;
    105. 

  105. }
    106. 

  106. 

  107. /* init xors IV with input parameter block */
    108. 

  108. int blake2b_init_param( blake2b_state *S, const blake2b_param *P )
    109. 

  109. {
    110. 

  110.   word32 i;
    111. 

  111.   byte *p ;
    112. 

  112.   blake2b_init0( S );
    113. 

  113.   p =  ( byte * )( P );
    114. 

  114. 

  115.   /* IV XOR ParamBlock */
    116. 

  116.   for( i = 0; i < 8; ++i )
    117. 

  117.     S->h[i] ^= load64( p + sizeof( S->h[i] ) * i );
    118. 

  118. 

  119.   return 0;
    120. 

  120. }
    121. 

  121. 

  122. 

  123. int blake2b_init( blake2b_state *S, const byte outlen )
    124. 

  124. {
    125. 

  125. #ifdef WOLFSSL_BLAKE2B_INIT_EACH_FIELD
    126. 

  126.   blake2b_param P[1];
    127. 

  127. #else
    128. 

  128.   volatile blake2b_param P[1];
    129. 

  129. #endif
    130. 

  130. 

  131.   if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return BAD_FUNC_ARG;
    132. 

  132. 

  133. #ifdef WOLFSSL_BLAKE2B_INIT_EACH_FIELD
    134. 

  134.   P->digest_length = outlen;
    135. 

  135.   P->key_length    = 0;
    136. 

  136.   P->fanout        = 1;
    137. 

  137.   P->depth         = 1;
    138. 

  138.   store32( &P->leaf_length, 0 );
    139. 

  139.   store64( &P->node_offset, 0 );
    140. 

  140.   P->node_depth    = 0;
    141. 

  141.   P->inner_length  = 0;
    142. 

  142.   XMEMSET( P->reserved, 0, sizeof( P->reserved ) );
    143. 

  143.   XMEMSET( P->salt,     0, sizeof( P->salt ) );
    144. 

  144.   XMEMSET( P->personal, 0, sizeof( P->personal ) );
    145. 

  145. #else
    146. 

  146.   XMEMSET( (blake2b_param *)P, 0, sizeof( *P ) );
    147. 

  147.   P->digest_length = outlen;
    148. 

  148.   P->fanout        = 1;
    149. 

  149.   P->depth         = 1;
    150. 

  150. #endif
    151. 

  151.   return blake2b_init_param( S, (blake2b_param *)P );
    152. 

  152. }
    153. 

  153. 

  154. 

  155. int blake2b_init_key( blake2b_state *S, const byte outlen, const void *key,
    156. 

  156.                       const byte keylen )
    157. 

  157. {
    158. 

  158.   int ret = 0;
    159. 

  159. #ifdef WOLFSSL_BLAKE2B_INIT_EACH_FIELD
    160. 

  160.   blake2b_param P[1];
    161. 

  161. #else
    162. 

  162.   volatile blake2b_param P[1];
    163. 

  163. #endif
    164. 

  164. 

  165.   if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return BAD_FUNC_ARG;
    166. 

  166. 

  167.   if ( !key || !keylen || keylen > BLAKE2B_KEYBYTES ) return BAD_FUNC_ARG;
    168. 

  168. 

  169. #ifdef WOLFSSL_BLAKE2B_INIT_EACH_FIELD
    170. 

  170.   P->digest_length = outlen;
    171. 

  171.   P->key_length    = keylen;
    172. 

  172.   P->fanout        = 1;
    173. 

  173.   P->depth         = 1;
    174. 

  174.   store32( &P->leaf_length, 0 );
    175. 

  175.   store64( &P->node_offset, 0 );
    176. 

  176.   P->node_depth    = 0;
    177. 

  177.   P->inner_length  = 0;
    178. 

  178.   XMEMSET( P->reserved, 0, sizeof( P->reserved ) );
    179. 

  179.   XMEMSET( P->salt,     0, sizeof( P->salt ) );
    180. 

  180.   XMEMSET( P->personal, 0, sizeof( P->personal ) );
    181. 

  181. #else
    182. 

  182.   XMEMSET( (blake2b_param *)P, 0, sizeof( *P ) );
    183. 

  183.   P->digest_length = outlen;
    184. 

  184.   P->key_length    = keylen;
    185. 

  185.   P->fanout        = 1;
    186. 

  186.   P->depth         = 1;
    187. 

  187. #endif
    188. 

  188. 

  189.   ret = blake2b_init_param( S, (blake2b_param *)P );
    190. 

  190.   if ( ret < 0 ) return ret;
    191. 

  191. 

  192.   {
    193. 

  193. #ifdef WOLFSSL_SMALL_STACK
    194. 

  194.     byte* block;
    195. 

  195. 

  196.     block = (byte*)XMALLOC(BLAKE2B_BLOCKBYTES, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    197. 

  197. 

  198.     if ( block == NULL ) return MEMORY_E;
    199. 

  199. #else
    200. 

  200.     byte block[BLAKE2B_BLOCKBYTES];
    201. 

  201. #endif
    202. 

  202. 

  203.     XMEMSET( block, 0, BLAKE2B_BLOCKBYTES );
    204. 

  204.     XMEMCPY( block, key, keylen );
    205. 

  205.     ret = blake2b_update( S, block, BLAKE2B_BLOCKBYTES );
    206. 

  206.     secure_zero_memory( block, BLAKE2B_BLOCKBYTES ); /* Burn the key from */
    207. 

  207.                                                      /* memory */
    208. 

  208. 

  209. #ifdef WOLFSSL_SMALL_STACK
    210. 

  210.     XFREE(block, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    211. 

  211. #endif
    212. 

  212.   }
    213. 

  213.   return ret;
    214. 

  214. }
    215. 

  215. 

  216. static WC_INLINE int blake2b_compress(
    217. 

  217.     blake2b_state *S,
    218. 

  218.     const byte block[BLAKE2B_BLOCKBYTES],
    219. 

  219.     word64* m,
    220. 

  220.     word64* v)
    221. 

  221. {
    222. 

  222.   int i;
    223. 

  223. 

  224.   for( i = 0; i < 16; ++i )
    225. 

  225.     m[i] = load64( block + i * sizeof( m[i] ) );
    226. 

  226. 

  227.   for( i = 0; i < 8; ++i )
    228. 

  228.     v[i] = S->h[i];
    229. 

  229. 

  230.   v[ 8] = blake2b_IV[0];
    231. 

  231.   v[ 9] = blake2b_IV[1];
    232. 

  232.   v[10] = blake2b_IV[2];
    233. 

  233.   v[11] = blake2b_IV[3];
    234. 

  234.   v[12] = S->t[0] ^ blake2b_IV[4];
    235. 

  235.   v[13] = S->t[1] ^ blake2b_IV[5];
    236. 

  236.   v[14] = S->f[0] ^ blake2b_IV[6];
    237. 

  237.   v[15] = S->f[1] ^ blake2b_IV[7];
    238. 

  238. #define G(r,i,a,b,c,d) \
    239. 

  239.   do { \
    240. 

  240.       (a) = (a) + (b) + m[blake2b_sigma[r][2*(i)+0]];   \
    241. 

  241.       (d) = rotr64((d) ^ (a), 32);                      \
    242. 

  242.       (c) = (c) + (d);                                  \
    243. 

  243.       (b) = rotr64((b) ^ (c), 24);                      \
    244. 

  244.       (a) = (a) + (b) + m[blake2b_sigma[r][2*(i)+1]];   \
    245. 

  245.       (d) = rotr64((d) ^ (a), 16);                      \
    246. 

  246.       (c) = (c) + (d);                                  \
    247. 

  247.       (b) = rotr64((b) ^ (c), 63);                      \
    248. 

  248.   } while(0)
    249. 

  249. #define ROUND(r)  \
    250. 

  250.   do { \
    251. 

  251.     G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \
    252. 

  252.     G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \
    253. 

  253.     G(r,2,v[ 2],v[ 6],v[10],v[14]); \
    254. 

  254.     G(r,3,v[ 3],v[ 7],v[11],v[15]); \
    255. 

  255.     G(r,4,v[ 0],v[ 5],v[10],v[15]); \
    256. 

  256.     G(r,5,v[ 1],v[ 6],v[11],v[12]); \
    257. 

  257.     G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
    258. 

  258.     G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \
    259. 

  259.   } while(0)
    260. 

  260.   ROUND( 0 );
    261. 

  261.   ROUND( 1 );
    262. 

  262.   ROUND( 2 );
    263. 

  263.   ROUND( 3 );
    264. 

  264.   ROUND( 4 );
    265. 

  265.   ROUND( 5 );
    266. 

  266.   ROUND( 6 );
    267. 

  267.   ROUND( 7 );
    268. 

  268.   ROUND( 8 );
    269. 

  269.   ROUND( 9 );
    270. 

  270.   ROUND( 10 );
    271. 

  271.   ROUND( 11 );
    272. 

  272. 

  273.   for( i = 0; i < 8; ++i )
    274. 

  274.     S->h[i] = S->h[i] ^ v[i] ^ v[i + 8];
    275. 

  275. 

  276. #undef G
    277. 

  277. #undef ROUND
    278. 

  278. 

  279.   return 0;
    280. 

  280. }
    281. 

  281. 

  282. /* inlen now in bytes */
    283. 

  283. int blake2b_update( blake2b_state *S, const byte *in, word64 inlen )
    284. 

  284. {
    285. 

  285.   int ret = 0;
    286. 

  286. #ifdef WOLFSSL_SMALL_STACK
    287. 

  287.   word64* m;
    288. 

  288.   word64* v;
    289. 

  289. 

  290.   m = (word64*)XMALLOC(sizeof(word64) * 32, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    291. 

  291. 

  292.   if ( m == NULL ) return MEMORY_E;
    293. 

  293. 

  294.   v = &m[16];
    295. 

  295. #else
    296. 

  296.   word64 m[16];
    297. 

  297.   word64 v[16];
    298. 

  298. #endif
    299. 

  299. 

  300.   while( inlen > 0 )
    301. 

  301.   {
    302. 

  302.     word64 left = S->buflen;
    303. 

  303.     word64 fill = 2 * BLAKE2B_BLOCKBYTES - left;
    304. 

  304. 

  305.     if( inlen > fill )
    306. 

  306.     {
    307. 

  307.       XMEMCPY( S->buf + left, in, (wolfssl_word)fill ); /* Fill buffer */
    308. 

  308.       S->buflen += fill;
    309. 

  309.       blake2b_increment_counter( S, BLAKE2B_BLOCKBYTES );
    310. 

  310. 

  311.       {
    312. 

  312.           ret = blake2b_compress( S, S->buf, m, v );
    313. 

  313.           if (ret < 0) break;
    314. 

  314.       }
    315. 

  315. 

  316.       XMEMCPY( S->buf, S->buf + BLAKE2B_BLOCKBYTES, BLAKE2B_BLOCKBYTES );
    317. 

  317.               /* Shift buffer left */
    318. 

  318.       S->buflen -= BLAKE2B_BLOCKBYTES;
    319. 

  319.       in += fill;
    320. 

  320.       inlen -= fill;
    321. 

  321.     }
    322. 

  322.     else /* inlen <= fill */
    323. 

  323.     {
    324. 

  324.       XMEMCPY( S->buf + left, in, (wolfssl_word)inlen );
    325. 

  325.       S->buflen += inlen; /* Be lazy, do not compress */
    326. 

  326.       inlen = 0;
    327. 

  327.     }
    328. 

  328.   }
    329. 

  329. 

  330. #ifdef WOLFSSL_SMALL_STACK
    331. 

  331.   XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    332. 

  332. #endif
    333. 

  333. 

  334.   return ret;
    335. 

  335. }
    336. 

  336. 

  337. /* Is this correct? */
    338. 

  338. int blake2b_final( blake2b_state *S, byte *out, byte outlen )
    339. 

  339. {
    340. 

  340.   int ret = 0;
    341. 

  341.   byte buffer[BLAKE2B_OUTBYTES];
    342. 

  342.   int     i;
    343. 

  343. #ifdef WOLFSSL_SMALL_STACK
    344. 

  344.   word64* m;
    345. 

  345.   word64* v;
    346. 

  346. 

  347.   m = (word64*)XMALLOC(sizeof(word64) * 32, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    348. 

  348. 

  349.   if ( m == NULL ) return MEMORY_E;
    350. 

  350. 

  351.   v = &m[16];
    352. 

  352. #else
    353. 

  353.   word64 m[16];
    354. 

  354.   word64 v[16];
    355. 

  355. #endif
    356. 

  356. 

  357.   if( S->buflen > BLAKE2B_BLOCKBYTES )
    358. 

  358.   {
    359. 

  359.     blake2b_increment_counter( S, BLAKE2B_BLOCKBYTES );
    360. 

  360. 

  361.     {
    362. 

  362.       ret = blake2b_compress( S, S->buf, m, v );
    363. 

  363.       if (ret < 0) goto out;
    364. 

  364.     }
    365. 

  365. 

  366.     S->buflen -= BLAKE2B_BLOCKBYTES;
    367. 

  367.     XMEMCPY( S->buf, S->buf + BLAKE2B_BLOCKBYTES, (wolfssl_word)S->buflen );
    368. 

  368.   }
    369. 

  369. 

  370.   blake2b_increment_counter( S, S->buflen );
    371. 

  371.   blake2b_set_lastblock( S );
    372. 

  372.   XMEMSET( S->buf + S->buflen, 0, (wolfssl_word)(2 * BLAKE2B_BLOCKBYTES - S->buflen) );
    373. 

  373.          /* Padding */
    374. 

  374.   {
    375. 

  375.     ret = blake2b_compress( S, S->buf, m, v );
    376. 

  376.     if (ret < 0) goto out;
    377. 

  377.   }
    378. 

  378. 

  379.   for( i = 0; i < 8; ++i ) /* Output full hash to temp buffer */
    380. 

  380.     store64( buffer + sizeof( S->h[i] ) * i, S->h[i] );
    381. 

  381. 

  382.   XMEMCPY( out, buffer, outlen );
    383. 

  383. 

  384.  out:
    385. 

  385. 

  386. #ifdef WOLFSSL_SMALL_STACK
    387. 

  387.   XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    388. 

  388. #endif
    389. 

  389. 

  390.   return ret;
    391. 

  391. }
    392. 

  392. 

  393. /* inlen, at least, should be word64. Others can be size_t. */
    394. 

  394. int blake2b( byte *out, const void *in, const void *key, const byte outlen,
    395. 

  395.              const word64 inlen, byte keylen )
    396. 

  396. {
    397. 

  397.   blake2b_state S[1];
    398. 

  398. 

  399.   /* Verify parameters */
    400. 

  400.   if ( NULL == in ) return BAD_FUNC_ARG;
    401. 

  401. 

  402.   if ( NULL == out ) return BAD_FUNC_ARG;
    403. 

  403. 

  404.   if( NULL == key ) keylen = 0;
    405. 

  405. 

  406.   if( keylen > 0 )
    407. 

  407.   {
    408. 

  408.     int ret = blake2b_init_key( S, outlen, key, keylen );
    409. 

  409.     if (ret < 0) return ret;
    410. 

  410.   }
    411. 

  411.   else
    412. 

  412.   {
    413. 

  413.     int ret = blake2b_init( S, outlen );
    414. 

  414.     if (ret < 0) return ret;
    415. 

  415.   }
    416. 

  416. 

  417.   {
    418. 

  418.     int ret = blake2b_update( S, ( byte * )in, inlen );
    419. 

  419.     if (ret < 0) return ret;
    420. 

  420.   }
    421. 

  421. 

  422.   return blake2b_final( S, out, outlen );
    423. 

  423. }
    424. 

  424. 

  425. #if defined(BLAKE2B_SELFTEST)
    426. 

  426. #include <string.h>
    427. 

  427. #include "blake2-kat.h"
    428. 

  428. int main( int argc, char **argv )
    429. 

  429. {
    430. 

  430.   byte key[BLAKE2B_KEYBYTES];
    431. 

  431.   byte buf[KAT_LENGTH];
    432. 

  432. 

  433.   for( word32 i = 0; i < BLAKE2B_KEYBYTES; ++i )
    434. 

  434.     key[i] = ( byte )i;
    435. 

  435. 

  436.   for( word32 i = 0; i < KAT_LENGTH; ++i )
    437. 

  437.     buf[i] = ( byte )i;
    438. 

  438. 

  439.   for( word32 i = 0; i < KAT_LENGTH; ++i )
    440. 

  440.   {
    441. 

  441.     byte hash[BLAKE2B_OUTBYTES];
    442. 

  442.     if ( blake2b( hash, buf, key, BLAKE2B_OUTBYTES, i, BLAKE2B_KEYBYTES ) < 0 )
    443. 

  443.     {
    444. 

  444.       puts( "error" );
    445. 

  445.       return -1;
    446. 

  446.     }
    447. 

  447. 

  448.     if( 0 != XMEMCMP( hash, blake2b_keyed_kat[i], BLAKE2B_OUTBYTES ) )
    449. 

  449.     {
    450. 

  450.       puts( "error" );
    451. 

  451.       return -1;
    452. 

  452.     }
    453. 

  453.   }
    454. 

  454. 

  455.   puts( "ok" );
    456. 

  456.   return 0;
    457. 

  457. }
    458. 

  458. #endif
    459. 

  459. 

  460. 

  461. /* wolfCrypt API */
    462. 

  462. 

  463. /* Init Blake2b digest, track size in case final doesn't want to "remember" */
    464. 

  464. int wc_InitBlake2b(Blake2b* b2b, word32 digestSz)
    465. 

  465. {
    466. 

  466.     if (b2b == NULL){
    467. 

  467.         return BAD_FUNC_ARG;
    468. 

  468.     }
    469. 

  469.     b2b->digestSz = digestSz;
    470. 

  470. 

  471.     return blake2b_init(b2b->S, (byte)digestSz);
    472. 

  472. }
    473. 

  473. 

  474. /* Init Blake2b digest with key, track size in case final doesn't want to "remember" */
    475. 

  475. int wc_InitBlake2b_WithKey(Blake2b* b2b, word32 digestSz, const byte *key, word32 keylen)
    476. 

  476. {
    477. 

  477.     if (b2b == NULL){
    478. 

  478.         return BAD_FUNC_ARG;
    479. 

  479.     }
    480. 

  480.     b2b->digestSz = digestSz;
    481. 

  481. 

  482.     if (keylen >= 256)
    483. 

  483.         return BAD_FUNC_ARG;
    484. 

  484. 

  485.     if (key)
    486. 

  486.         return blake2b_init_key(b2b->S, (byte)digestSz, key, (byte)keylen);
    487. 

  487.     else
    488. 

  488.         return blake2b_init(b2b->S, (byte)digestSz);
    489. 

  489. }
    490. 

  490. 

  491. /* Blake2b Update */
    492. 

  492. int wc_Blake2bUpdate(Blake2b* b2b, const byte* data, word32 sz)
    493. 

  493. {
    494. 

  494.     return blake2b_update(b2b->S, data, sz);
    495. 

  495. }
    496. 

  496. 

  497. 

  498. /* Blake2b Final, if pass in zero size we use init digestSz */
    499. 

  499. int wc_Blake2bFinal(Blake2b* b2b, byte* final, word32 requestSz)
    500. 

  500. {
    501. 

  501.     word32 sz = requestSz ? requestSz : b2b->digestSz;
    502. 

  502. 

  503.     return blake2b_final(b2b->S, final, (byte)sz);
    504. 

  504. }
    505. 

  505. 

  506. 

  507. /* end CTaoCrypt API */
    508. 

  508. 

  509. #endif  /* HAVE_BLAKE2 */
    510. 

  510.