diff options
| author | Bill Cox <waywardgeek@google.com> | 2016-03-09 23:08:31 +0100 |
|---|---|---|
| committer | Rich Salz <rsalz@openssl.org> | 2016-03-11 10:39:10 -0500 |
| commit | 2d0b44126763f989a4cbffbffe9d0c7518158bb7 (patch) | |
| tree | 241855d2b5a9b91688f969bf849037f6a0343594 | |
| parent | 40f43f8a2e7c75f032672d198604e4fbd6a60fd8 (diff) | |
| download | openssl-2d0b44126763f989a4cbffbffe9d0c7518158bb7.tar.gz | |
Add blake2 support.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
| -rwxr-xr-x | Configure | 4 | ||||
| -rw-r--r-- | Makefile.in | 2 | ||||
| -rw-r--r-- | apps/openssl.c | 3 | ||||
| -rw-r--r-- | apps/progs.h | 6 | ||||
| -rw-r--r-- | apps/progs.pl | 2 | ||||
| -rw-r--r-- | crypto/blake2/Makefile.in | 48 | ||||
| -rw-r--r-- | crypto/blake2/blake2_impl.h | 144 | ||||
| -rw-r--r-- | crypto/blake2/blake2b.c | 225 | ||||
| -rw-r--r-- | crypto/blake2/blake2s.c | 220 | ||||
| -rw-r--r-- | crypto/blake2/build.info | 3 | ||||
| -rw-r--r-- | crypto/evp/Makefile.in | 4 | ||||
| -rw-r--r-- | crypto/evp/build.info | 2 | ||||
| -rw-r--r-- | crypto/evp/c_alld.c | 4 | ||||
| -rw-r--r-- | crypto/evp/m_blake2b.c | 62 | ||||
| -rw-r--r-- | crypto/evp/m_blake2s.c | 62 | ||||
| -rw-r--r-- | crypto/include/internal/blake2_locl.h | 98 | ||||
| -rw-r--r-- | crypto/objects/obj_dat.h | 22 | ||||
| -rw-r--r-- | crypto/objects/obj_mac.num | 2 | ||||
| -rw-r--r-- | crypto/objects/objects.txt | 3 | ||||
| -rw-r--r-- | doc/apps/dgst.pod | 2 | ||||
| -rw-r--r-- | doc/crypto/EVP_DigestInit.pod | 17 | ||||
| -rw-r--r-- | doc/standards.txt | 2 | ||||
| -rw-r--r-- | include/openssl/evp.h | 4 | ||||
| -rw-r--r-- | include/openssl/obj_mac.h | 10 | ||||
| -rw-r--r-- | include/openssl/objects.h | 10 | ||||
| -rw-r--r-- | test/evptests.txt | 57 | ||||
| -rw-r--r-- | util/libcrypto.num | 2 | ||||
| -rwxr-xr-x | util/mkdef.pl | 2 | ||||
| -rwxr-xr-x | util/mkfiles.pl | 1 |
29 files changed, 1004 insertions, 19 deletions
@@ -220,7 +220,7 @@ $config{dirs} = [ "crypto", "ssl", "engines", "apps", "test", "tools" ]; # crypto/ subdirectories to build $config{sdirs} = [ "objects", - "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", + "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "des", "aes", "rc2", "rc4", "rc5", "idea", "bf", "cast", "camellia", "seed", "chacha", "modes", "bn", "ec", "rsa", "dsa", "dh", "dso", "engine", "buffer", "bio", "stack", "lhash", "rand", "err", @@ -243,6 +243,7 @@ my @disablables = ( "autoalginit", "autoerrinit", "bf", + "blake2", "camellia", "capieng", "cast", @@ -1787,6 +1788,7 @@ print "MODES_OBJ =$target{modes_obj}\n"; print "PADLOCK_OBJ =$target{padlock_obj}\n"; print "CHACHA_ENC =$target{chacha_obj}\n"; print "POLY1305_OBJ =$target{poly1305_obj}\n"; +print "BLAKE2_OBJ =$target{blake2_obj}\n"; print "PROCESSOR =$config{processor}\n"; print "RANLIB =$target{ranlib}\n"; print "ARFLAGS =$target{arflags}\n"; diff --git a/Makefile.in b/Makefile.in index e7b3f99650..d101df1ca8 100644 --- a/Makefile.in +++ b/Makefile.in @@ -137,6 +137,7 @@ RC5_ENC= {- $target{rc5_obj} -} MD5_ASM_OBJ= {- $target{md5_obj} -} SHA1_ASM_OBJ= {- $target{sha1_obj} -} RMD160_ASM_OBJ= {- $target{rmd160_obj} -} +BLAKE2_OBJ= {- $target{blake2_obj} -} WP_ASM_OBJ= {- $target{wp_obj} -} CMLL_ENC= {- $target{cmll_obj} -} MODES_ASM_OBJ= {- $target{modes_obj} -} @@ -281,6 +282,7 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\ SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)' \ MD5_ASM_OBJ='$(MD5_ASM_OBJ)' \ RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)' \ + BLAKE2_OBJ='$(BLAKE2_OBJ)' \ WP_ASM_OBJ='$(WP_ASM_OBJ)' \ MODES_ASM_OBJ='$(MODES_ASM_OBJ)' \ PADLOCK_ASM_OBJ='$(PADLOCK_ASM_OBJ)' \ diff --git a/apps/openssl.c b/apps/openssl.c index e0694fc3b4..d460a6b886 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -650,6 +650,9 @@ static void list_disabled(void) #ifdef OPENSSL_NO_BF BIO_puts(bio_out, "BF\n"); #endif +#ifndef OPENSSL_NO_BLAKE2 + BIO_puts(bio_out, "BLAKE2\n"); +#endif #ifdef OPENSSL_NO_CAMELLIA BIO_puts(bio_out, "CAMELLIA\n"); #endif diff --git a/apps/progs.h b/apps/progs.h index 266e48dc78..77b4555cd5 100644 --- a/apps/progs.h +++ b/apps/progs.h @@ -225,6 +225,12 @@ static FUNCTION functions[] = { #ifndef OPENSSL_NO_RMD160 { FT_md, "rmd160", dgst_main}, #endif +#ifndef OPENSSL_NO_BLAKE2B + { FT_md, "blake2b", dgst_main}, +#endif +#ifndef OPENSSL_NO_BLAKE2S + { FT_md, "blake2s", dgst_main}, +#endif #ifndef OPENSSL_NO_AES { FT_cipher, "aes-128-cbc", enc_main, enc_options }, #endif diff --git a/apps/progs.pl b/apps/progs.pl index b87aef610e..f24b91bde8 100644 --- a/apps/progs.pl +++ b/apps/progs.pl @@ -84,7 +84,7 @@ foreach ( "md2", "md4", "md5", "md_ghost94", "sha1", "sha224", "sha256", "sha384", "sha512", - "mdc2", "rmd160" + "mdc2", "rmd160", "blake2b", "blake2s" ) { printf "#ifndef OPENSSL_NO_".uc($_)."\n" if ! /sha/; printf " { FT_md, \"".$_."\", dgst_main},\n"; diff --git a/crypto/blake2/Makefile.in b/crypto/blake2/Makefile.in new file mode 100644 index 0000000000..b992c853ae --- /dev/null +++ b/crypto/blake2/Makefile.in @@ -0,0 +1,48 @@ +# +# OpenSSL/crypto/blake2/Makefile +# + +DIR= blake2 +TOP= ../.. +CC= cc +CPP= $(CC) -E +INCLUDES= +CFLAG=-g +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) $(SHARED_CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) +AFLAGS= $(ASFLAGS) + +GENERAL=Makefile + +LIB=$(TOP)/libcrypto.a +LIBSRC=blake2b.c blake2s.c +LIBOBJ=blake2b.o blake2s.o + +SRC= $(LIBSRC) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +update: depend + +depend: + $(TOP)/util/domd $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + +clean: + rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/blake2/blake2_impl.h b/crypto/blake2/blake2_impl.h new file mode 100644 index 0000000000..6490e1e155 --- /dev/null +++ b/crypto/blake2/blake2_impl.h @@ -0,0 +1,144 @@ +/* + * BLAKE2 reference source code package - reference C implementations + * + * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>. + * You may use this under the terms of the CC0, the OpenSSL Licence, or the + * Apache Public License 2.0, at your option. The terms of these licenses can + * be found at: + * + * - OpenSSL license : https://www.openssl.org/source/license.html + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * + * More information about the BLAKE2 hash function can be found at + * https://blake2.net. + */ + +/* crypto/blake2/blake2_impl.h */ + +#include <stdint.h> +#include <string.h> + +static inline uint32_t load32(const void *src) +{ +#if defined(L_ENDIAN) + uint32_t w; + memcpy(&w, src, sizeof(w)); + return w; +#else + const uint8_t *p = (const uint8_t *)src; + uint32_t w = *p++; + w |= (uint32_t)(*p++) << 8; + w |= (uint32_t)(*p++) << 16; + w |= (uint32_t)(*p++) << 24; + return w; +#endif +} + +static inline uint64_t load64(const void *src) +{ +#if defined(L_ENDIAN) + uint64_t w; + memcpy(&w, src, sizeof(w)); + return w; +#else + const uint8_t *p = (const uint8_t *)src; + uint64_t w = *p++; + w |= (uint64_t)(*p++) << 8; + w |= (uint64_t)(*p++) << 16; + w |= (uint64_t)(*p++) << 24; + w |= (uint64_t)(*p++) << 32; + w |= (uint64_t)(*p++) << 40; + w |= (uint64_t)(*p++) << 48; + w |= (uint64_t)(*p++) << 56; + return w; +#endif +} + +static inline void store32(void *dst, uint32_t w) +{ +#if defined(L_ENDIAN) + memcpy(dst, &w, sizeof(w)); +#else + uint8_t *p = (uint8_t *)dst; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; +#endif +} + +static inline void store64(void *dst, uint64_t w) +{ +#if defined(L_ENDIAN) + memcpy(dst, &w, sizeof(w)); +#else + uint8_t *p = (uint8_t *)dst; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; +#endif +} + +static inline uint64_t load48(const void *src) +{ + const uint8_t *p = (const uint8_t *)src; + uint64_t w = *p++; + w |= (uint64_t)(*p++) << 8; + w |= (uint64_t)(*p++) << 16; + w |= (uint64_t)(*p++) << 24; + w |= (uint64_t)(*p++) << 32; + w |= (uint64_t)(*p++) << 40; + return w; +} + +static inline void store48(void *dst, uint64_t w) +{ + uint8_t *p = (uint8_t *)dst; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; + w >>= 8; + *p++ = (uint8_t)w; +} + +static inline uint32_t rotl32(const uint32_t w, const unsigned c) +{ + return (w << c) | (w >> (32 - c)); +} + +static inline uint64_t rotl64(const uint64_t w, const unsigned c) +{ + return (w << c) | (w >> (64 - c)); +} + +static inline uint32_t rotr32(const uint32_t w, const unsigned c) +{ + return (w >> c) | (w << (32 - c)); +} + +static inline uint64_t rotr64(const uint64_t w, const unsigned c) +{ + return (w >> c) | (w << (64 - c)); +} diff --git a/crypto/blake2/blake2b.c b/crypto/blake2/blake2b.c new file mode 100644 index 0000000000..23ad58359c --- /dev/null +++ b/crypto/blake2/blake2b.c @@ -0,0 +1,225 @@ +/* + * BLAKE2 reference source code package - reference C implementations + * + * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>. + * You may use this under the terms of the CC0, the OpenSSL Licence, or the + * Apache Public License 2.0, at your option. The terms of these licenses can + * be found at: + * + * - OpenSSL license : https://www.openssl.org/source/license.html + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * + * More information about the BLAKE2 hash function can be found at + * https://blake2.net. + */ + +/* crypto/blake2/blake2b.c */ + +#include <stdint.h> +#include <string.h> +#include <stdio.h> +#include <openssl/crypto.h> + +#include "internal/blake2_locl.h" +#include "blake2_impl.h" + +static const uint64_t blake2b_IV[8] = +{ + 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, + 0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL, + 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, + 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL +}; + +static const uint8_t blake2b_sigma[12][16] = +{ + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } , + { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } , + { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } , + { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } , + { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } , + { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } , + { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } , + { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } , + { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } , + { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } , + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } , + { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } +}; + +/* Some helper functions, not necessarily useful */ +static inline void blake2b_set_lastblock(BLAKE2B_CTX *S) +{ + S->f[0] = -1; +} + +/* Increment the data hashed couter. */ +static inline void blake2b_increment_counter(BLAKE2B_CTX *S, + const uint64_t inc) +{ + S->t[0] += inc; + S->t[1] += (S->t[0] < inc); +} + +/* Initialize the hashing state. */ +static inline void blake2b_init0(BLAKE2B_CTX *S) +{ + int i; + memset(S, 0, sizeof(BLAKE2B_CTX)); + + for(i = 0; i < 8; ++i) { + S->h[i] = blake2b_IV[i]; + } +} + +/* init xors IV with input parameter block */ +static void blake2b_init_param(BLAKE2B_CTX *S, const BLAKE2B_PARAM *P) +{ + size_t i; + const uint8_t *p = (const uint8_t *)(P); + blake2b_init0(S); + + /* The param struct is carefully hand packed, and should be 64 bytes on + * every platform. */ + OPENSSL_assert(sizeof(BLAKE2B_PARAM) == 64); + /* IV XOR ParamBlock */ + for(i = 0; i < 8; ++i) { + S->h[i] ^= load64(p + sizeof(S->h[i]) * i); + } +} + +/* Initialize the hashing context. Always returns 1. */ +int BLAKE2b_Init(BLAKE2B_CTX *c) +{ + BLAKE2B_PARAM P[1]; + P->digest_length = BLAKE2B_DIGEST_LENGTH; + P->key_length = 0; + P->fanout = 1; + P->depth = 1; + store32(&P->leaf_length, 0); + store64(&P->node_offset, 0); + P->node_depth = 0; + P->inner_length = 0; + memset(P->reserved, 0, sizeof(P->reserved)); + memset(P->salt, 0, sizeof(P->salt)); + memset(P->personal, 0, sizeof(P->personal)); + blake2b_init_param(c, P); + return 1; +} + +/* Permute the state while xoring in the block of data. */ +static void blake2b_compress(BLAKE2B_CTX *S, + const uint8_t block[BLAKE2B_BLOCKBYTES]) +{ + uint64_t m[16]; + uint64_t v[16]; + int i; + + for(i = 0; i < 16; ++i) { + m[i] = load64(block + i * sizeof(m[i])); + } + + for(i = 0; i < 8; ++i) { + v[i] = S->h[i]; + } + + v[8] = blake2b_IV[0]; + v[9] = blake2b_IV[1]; + v[10] = blake2b_IV[2]; + v[11] = blake2b_IV[3]; + v[12] = S->t[0] ^ blake2b_IV[4]; + v[13] = S->t[1] ^ blake2b_IV[5]; + v[14] = S->f[0] ^ blake2b_IV[6]; + v[15] = S->f[1] ^ blake2b_IV[7]; +#define G(r,i,a,b,c,d) \ + do { \ + a = a + b + m[blake2b_sigma[r][2*i+0]]; \ + d = rotr64(d ^ a, 32); \ + c = c + d; \ + b = rotr64(b ^ c, 24); \ + a = a + b + m[blake2b_sigma[r][2*i+1]]; \ + d = rotr64(d ^ a, 16); \ + c = c + d; \ + b = rotr64(b ^ c, 63); \ + } while(0) +#define ROUND(r) \ + do { \ + G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \ + G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \ + G(r,2,v[ 2],v[ 6],v[10],v[14]); \ + G(r,3,v[ 3],v[ 7],v[11],v[15]); \ + G(r,4,v[ 0],v[ 5],v[10],v[15]); \ + G(r,5,v[ 1],v[ 6],v[11],v[12]); \ + G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \ + G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \ + } while(0) + ROUND(0); + ROUND(1); + ROUND(2); + ROUND(3); + ROUND(4); + ROUND(5); + ROUND(6); + ROUND(7); + ROUND(8); + ROUND(9); + ROUND(10); + ROUND(11); + + for(i = 0; i < 8; ++i) { + S->h[i] = S->h[i] ^ v[i] ^ v[i + 8]; + } + +#undef G +#undef ROUND +} + +/* Absorb the input data into the hash state. Always returns 1. */ +int BLAKE2b_Update(BLAKE2B_CTX *c, const void *data, size_t datalen) +{ + const uint8_t *in = data; + size_t fill; + + while(datalen > 0) { + fill = sizeof(c->buf) - c->buflen; + /* Must be >, not >=, so that last block can be hashed differently */ + if(datalen > fill) { + memcpy(c->buf + c->buflen, in, fill); /* Fill buffer */ + blake2b_increment_counter(c, BLAKE2B_BLOCKBYTES); + blake2b_compress(c, c->buf); /* Compress */ + c->buflen = 0; + in += fill; + datalen -= fill; + } else { /* datalen <= fill */ + memcpy(c->buf + c->buflen, in, datalen); + c->buflen += datalen; /* Be lazy, do not compress */ + return 1; + } + } + + return 1; +} + +/* + * Finalize the hash state in a way that avoids length extension attacks. + * Always returns 1. + */ +int BLAKE2b_Final(unsigned char *md, BLAKE2B_CTX *c) +{ + int i; + + blake2b_increment_counter(c, c->buflen); + blake2b_set_lastblock(c); + /* Padding */ + memset(c->buf + c->buflen, 0, sizeof(c->buf) - c->buflen); + blake2b_compress(c, c->buf); + + /* Output full hash to message digest */ + for(i = 0; i < 8; ++i) { + store64(md + sizeof(c->h[i]) * i, c->h[i]); + } + + OPENSSL_cleanse(c, sizeof(BLAKE2B_CTX)); + return 1; +} diff --git a/crypto/blake2/blake2s.c b/crypto/blake2/blake2s.c new file mode 100644 index 0000000000..174d20cd21 --- /dev/null +++ b/crypto/blake2/blake2s.c @@ -0,0 +1,220 @@ +/* + * BLAKE2 reference source code package - reference C implementations + * + * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>. + * You may use this under the terms of the CC0, the OpenSSL Licence, or the + * Apache Public License 2.0, at your option. The terms of these licenses can + * be found at: + * + * - OpenSSL license : https://www.openssl.org/source/license.html + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 + * + * More information about the BLAKE2 hash function can be found at + * https://blake2.net. + */ + +/* crypto/blake2/blake2s.c */ + +#include <stdint.h> +#include <string.h> +#include <stdio.h> +#include <openssl/crypto.h> + +#include "internal/blake2_locl.h" +#include "blake2_impl.h" + +static const uint32_t blake2s_IV[8] = +{ + 0x6A09E667UL, 0xBB67AE85UL, 0x3C6EF372UL, 0xA54FF53AUL, + 0x510E527FUL, 0x9B05688CUL, 0x1F83D9ABUL, 0x5BE0CD19UL +}; + +static const uint8_t blake2s_sigma[10][16] = +{ + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 } , + { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } , + { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 } , + { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 } , + { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 } , + { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 } , + { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 } , + { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 } , + { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 } , + { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 } , +}; + +/* Some helper functions, not necessarily useful */ +static inline void blake2s_set_lastblock(BLAKE2S_CTX *S) +{ + S->f[0] = -1; +} + +/* Increment the data hashed couter. */ +static inline void blake2s_increment_counter(BLAKE2S_CTX *S, + const uint32_t inc) +{ + S->t[0] += inc; + S->t[1] += (S->t[0] < inc); +} + +/* Initialize the hashing state. */ +static inline void blake2s_init0(BLAKE2S_CTX *S) +{ + int i; + + memset(S, 0, sizeof(BLAKE2S_CTX)); + for(i = 0; i < 8; ++i) { + S->h[i] = blake2s_IV[i]; + } +} + +/* init2 xors IV with input parameter block */ +static void blake2s_init_param(BLAKE2S_CTX *S, const BLAKE2S_PARAM *P) +{ + const uint32_t *p = (const uint32_t *)(P); + size_t i; + + /* The param struct is carefully hand packed, and should be 32 bytes on + * every platform. */ + OPENSSL_assert(sizeof(BLAKE2S_PARAM) == 32); + blake2s_init0(S); + /* IV XOR ParamBlock */ + for(i = 0; i < 8; ++i) { + S->h[i] ^= load32(&p[i]); + } +} + +/* Initialize the hashing context. Always returns 1. */ +int BLAKE2s_Init(BLAKE2S_CTX *c) +{ + BLAKE2S_PARAM P[1]; + + P->digest_length = BLAKE2S_DIGEST_LENGTH; + P->key_length = 0; + P->fanout = 1; + P->depth = 1; + store32(&P->leaf_length, 0); + store48(&P->node_offset, 0); + P->node_depth = 0; + P->inner_length = 0; + /* memset(P->reserved, 0, sizeof(P->reserved)); */ + memset(P->salt, 0, sizeof(P->salt)); + memset(P->personal, 0, sizeof(P->personal)); + blake2s_init_param(c, P); + return 1; +} + +/* Permute the state while xoring in the block of data. */ +static void blake2s_compress(BLAKE2S_CTX *S, + const uint8_t block[BLAKE2S_BLOCKBYTES]) +{ + uint32_t m[16]; + uint32_t v[16]; + size_t i; + + for(i = 0; i < 16; ++i) { + m[i] = load32(block + i * sizeof(m[i])); + } + + for(i = 0; i < 8; ++i) { + v[i] = S->h[i]; + } + + v[ 8] = blake2s_IV[0]; + v[ 9] = blake2s_IV[1]; + v[10] = blake2s_IV[2]; + v[11] = blake2s_IV[3]; + v[12] = S->t[0] ^ blake2s_IV[4]; + v[13] = S->t[1] ^ blake2s_IV[5]; + v[14] = S->f[0] ^ blake2s_IV[6]; + v[15] = S->f[1] ^ blake2s_IV[7]; +#define G(r,i,a,b,c,d) \ + do { \ + a = a + b + m[blake2s_sigma[r][2*i+0]]; \ + d = rotr32(d ^ a, 16); \ + c = c + d; \ + b = rotr32(b ^ c, 12); \ + a = a + b + m[blake2s_sigma[r][2*i+1]]; \ + d = rotr32(d ^ a, 8); \ + c = c + d; \ + b = rotr32(b ^ c, 7); \ + } while(0) +#define ROUND(r) \ + do { \ + G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \ + G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \ + G(r,2,v[ 2],v[ 6],v[10],v[14]); \ + G(r,3,v[ 3],v[ 7],v[11],v[15]); \ + G(r,4,v[ 0],v[ 5],v[10],v[15]); \ + G(r,5,v[ 1],v[ 6],v[11],v[12]); \ + G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \ + G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \ + } while(0) + ROUND(0); + ROUND(1); + ROUND(2); + ROUND(3); + ROUND(4); + ROUND(5); + ROUND(6); + ROUND(7); + ROUND(8); + ROUND(9); + + for(i = 0; i < 8; ++i) { + S->h[i] = S->h[i] ^ v[i] ^ v[i + 8]; + } + +#undef G +#undef ROUND +} + +/* Absorb the input data into the hash state. Always returns 1. */ +int BLAKE2s_Update(BLAKE2S_CTX *c, const void *data, size_t datalen) +{ + const uint8_t *in = data; + size_t fill; + + while(datalen > 0) { + fill = sizeof(c->buf) - c->buflen; + /* Must be >, not >=, so that last block can be hashed differently */ + if(datalen > fill) { + memcpy(c->buf + c->buflen, in, fill); /* Fill buffer */ + blake2s_increment_counter(c, BLAKE2S_BLOCKBYTES); + blake2s_compress(c, c->buf); /* Compress */ + c->buflen = 0; + in += fill; + datalen -= fill; + } else { /* datalen <= fill */ + memcpy(c->buf + c->buflen, in, datalen); + c->buflen += datalen; /* Be lazy, do not compress */ + return 1; + } + } + + return 1; +} + +/* + * Finalize the hash state in a way that avoids length extension attacks. + * Always returns 1. + */ +int BLAKE2s_Final(unsigned char *md, BLAKE2S_CTX *c) +{ + int i; + + blake2s_increment_counter(c, (uint32_t)c->buflen); + blake2s_set_lastblock(c); + /* Padding */ + memset(c->buf + c->buflen, 0, sizeof(c->buf) - c->buflen); + blake2s_compress(c, c->buf); + + /* Output full hash to temp buffer */ + for(i = 0; i < 8; ++i) { + store32(md + sizeof(c->h[i]) * i, c->h[i]); + } + + OPENSSL_cleanse(c, sizeof(BLAKE2S_CTX)); + return 1; +} diff --git a/crypto/blake2/build.info b/crypto/blake2/build.info new file mode 100644 index 0000000000..f2b8f41990 --- /dev/null +++ b/crypto/blake2/build.info @@ -0,0 +1,3 @@ +LIBS=../../libcrypto +SOURCE[../../libcrypto]=\ + blake2b.c blake2s.c diff --git a/crypto/evp/Makefile.in b/crypto/evp/Makefile.in index 5b24ae5909..d7b12035a4 100644 --- a/crypto/evp/Makefile.in +++ b/crypto/evp/Makefile.in @@ -20,7 +20,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_cnf.c \ e_rc4.c e_aes.c names.c e_seed.c \ e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \ m_null.c m_md2.c m_md4.c m_md5.c m_sha1.c m_wp.c \ - m_md5_sha1.c m_mdc2.c m_ripemd.c \ + m_md5_sha1.c m_mdc2.c m_ripemd.c m_blake2b.c m_blake2s.c \ p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ c_allc.c c_alld.c evp_lib.c bio_ok.c \ @@ -34,7 +34,7 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_cnf.o \ e_rc4.o e_aes.o names.o e_seed.o \ e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \ m_null.o m_md2.o m_md4.o m_md5.o m_sha1.o m_wp.o \ - m_md5_sha1.o m_mdc2.o m_ripemd.o \ + m_md5_sha1.o m_mdc2.o m_ripemd.o m_blake2b.o m_blake2s.o \ p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \ bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \ c_allc.o c_alld.o evp_lib.o bio_ok.o \ diff --git a/crypto/evp/build.info b/crypto/evp/build.info index bf633dc713..8dc60f6414 100644 --- a/crypto/evp/build.info +++ b/crypto/evp/build.info @@ -5,7 +5,7 @@ SOURCE[../../libcrypto]=\ e_rc4.c e_aes.c names.c e_seed.c \ e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \ m_null.c m_md2.c m_md4.c m_md5.c m_sha1.c m_wp.c \ - m_md5_sha1.c m_mdc2.c m_ripemd.c \ + m_md5_sha1.c m_mdc2.c m_ripemd.c m_blake2b.c m_blake2s.c \ p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ c_allc.c c_alld.c evp_lib.c bio_ok.c \ diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c index e28ba3df12..78be9fbc6a 100644 --- a/crypto/evp/c_alld.c +++ b/crypto/evp/c_alld.c @@ -90,4 +90,8 @@ void openssl_add_all_digests_internal(void) #ifndef OPENSSL_NO_WHIRLPOOL EVP_add_digest(EVP_whirlpool()); #endif +#ifndef OPENSSL_NO_BLAKE2 + EVP_add_digest(EVP_blake2b()); + EVP_add_digest(EVP_blake2s()); +#endif } diff --git a/crypto/evp/m_blake2b.c b/crypto/evp/m_blake2b.c new file mode 100644 index 0000000000..e3cf6f30a5 --- /dev/null +++ b/crypto/evp/m_blake2b.c @@ -0,0 +1,62 @@ +/* + * BLAKE2 reference source code package - reference C implementations + * + * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>. + * You may use this under the terms of the CC0, the OpenSSL Licence, or the + * Apache Public License 2.0, at your option. The terms of these licenses can + * be found at: + * + * - OpenSSL license : https://www.openssl.org/source/license.html + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * - CC0 1.0 Universal : http://www.apache.org/licenses/LICENSE-2.0 + * + * More information about the BLAKE2 hash function can be found at + * https://blake2.net. + */ + +/* crypto/evp/m_blake2b.c */ + +#include <stdio.h> +#include "internal/cryptlib.h" + +#ifndef OPENSSL_NO_BLAKE2 + +# include <openssl/evp.h> +# include <openssl/objects.h> +# include "internal/blake2_locl.h" +# include "internal/evp_int.h" + +static int init(EVP_MD_CTX *ctx) +{ + return BLAKE2b_Init(EVP_MD_CTX_md_data(ctx)); +} + +static int update(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + return BLAKE2b_Update(EVP_MD_CTX_md_data(ctx), data, count); +} + +static int final(EVP_MD_CTX *ctx, unsigned char *md) +{ + return BLAKE2b_Final(md, EVP_MD_CTX_md_data(ctx)); +} + +static const EVP_MD blake2b_md = { + NID_blake2b, + 0, + BLAKE2B_DIGEST_LENGTH, + 0, + init, + update, + final, + NULL, + NULL, + 0, + sizeof(EVP_MD *) + sizeof(BLAKE2B_CTX), +}; + +const EVP_MD *EVP_blake2b(void) +{ + return (&blake2b_md); +} +#endif diff --git a/crypto/evp/m_blake2s.c b/crypto/evp/m_blake2s.c new file mode 100644 index 0000000000..511b192c1d --- /dev/null +++ b/crypto/evp/m_blake2s.c @@ -0,0 +1,62 @@ +/* + * BLAKE2 reference source code package - reference C implementations + * + * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>. + * You may use this under the terms of the CC0, the OpenSSL Licence, or the + * Apache Public License 2.0, at your option. The terms of these licenses can + * be found at: + * + * - OpenSSL license : https://www.openssl.org/source/license.html + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * - CC0 1.0 Universal : http://www.apache.org/licenses/LICENSE-2.0 + * + * More information about the BLAKE2 hash function can be found at + * https://blake2.net. + */ + +/* crypto/evp/m_blake2s.c */ + +#include <stdio.h> +#include "internal/cryptlib.h" + +#ifndef OPENSSL_NO_BLAKE2 + +# include <openssl/evp.h> +# include <openssl/objects.h> +# include "internal/blake2_locl.h" +# include "internal/evp_int.h" + +static int init(EVP_MD_CTX *ctx) +{ + return BLAKE2s_Init(EVP_MD_CTX_md_data(ctx)); +} + +static int update(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + return BLAKE2s_Update(EVP_MD_CTX_md_data(ctx), data, count); +} + +static int final(EVP_MD_CTX *ctx, unsigned char *md) +{ + return BLAKE2s_Final(md, EVP_MD_CTX_md_data(ctx)); +} + +static const EVP_MD blake2s_md = { + NID_blake2s, + 0, + BLAKE2S_DIGEST_LENGTH, + 0, + init, + update, + final, + NULL, + NULL, + 0, + sizeof(EVP_MD *) + sizeof(BLAKE2S_CTX), +}; + +const EVP_MD *EVP_blake2s(void) +{ + return (&blake2s_md); +} +#endif diff --git a/crypto/include/internal/blake2_locl.h b/crypto/include/internal/blake2_locl.h new file mode 100644 index 0000000000..1f19def632 --- /dev/null +++ b/crypto/include/internal/blake2_locl.h @@ -0,0 +1,98 @@ +/* + * BLAKE2 reference source code package - reference C implementations + * + * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>. + * You may use this under the terms of the CC0, the OpenSSL Licence, or the + * Apache Public License 2.0, at your option. The terms of these licenses can + * be found at: + * + * - OpenSSL license : https://www.openssl.org/source/license.html + * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 + * - CC0 1.0 Universal : http://www.apache.org/licenses/LICENSE-2.0 + * + * More information about the BLAKE2 hash function can be found at + * https://blake2.net. + */ + +/* crypto/blake2/blake2_locl.h */ + +#include <stddef.h> +#include <stdint.h> + +# ifdef OPENSSL_NO_BLAKE2 +# error BLAKE2 is disabled. +# endif + +#define BLAKE2S_BLOCKBYTES 64 +#define BLAKE2S_OUTBYTES 32 +#define BLAKE2S_KEYBYTES 32 +#define BLAKE2S_SALTBYTES 8 +#define BLAKE2S_PERSONALBYTES 8 + +#define BLAKE2B_BLOCKBYTES 128 +#define BLAKE2B_OUTBYTES 64 +#define BLAKE2B_KEYBYTES 64 +#define BLAKE2B_SALTBYTES 16 +#define BLAKE2B_PERSONALBYTES 16 + +struct blake2s_param_st { + uint8_t digest_length; /* 1 */ + uint8_t key_length; /* 2 */ + uint8_t fanout; /* 3 */ + uint8_t depth; /* 4 */ + uint32_t leaf_length; /* 8 */ + uint8_t node_offset[6];/* 14 */ + uint8_t node_depth; /* 15 */ + uint8_t inner_length; /* 16 */ + /* uint8_t reserved[0]; */ + uint8_t salt[BLAKE2S_SALTBYTES]; /* 24 */ + uint8_t personal[BLAKE2S_PERSONALBYTES]; /* 32 */ +}; + +typedef struct blake2s_param_st BLAKE2S_PARAM; + +struct blake2s_ctx_st { + uint32_t h[8]; + uint32_t t[2]; + uint32_t f[2]; + uint8_t buf[BLAKE2S_BLOCKBYTES]; + size_t buflen; +}; + +struct blake2b_param_st { + uint8_t digest_length; /* 1 */ + uint8_t key_length; /* 2 */ + uint8_t fanout; /* 3 */ + uint8_t depth; /* 4 */ + uint32_t leaf_length; /* 8 */ + uint64_t node_offset; /* 16 */ + uint8_t node_depth; /* 17 */ + uint8_t inner_length; /* 18 */ + uint8_t reserved[14]; /* 32 */ + uint8_t salt[BLAKE2B_SALTBYTES]; /* 48 */ + uint8_t personal[BLAKE2B_PERSONALBYTES]; /* 64 */ +}; + +typedef struct blake2b_param_st BLAKE2B_PARAM; + +struct blake2b_ctx_st { + uint64_t h[8]; + uint64_t t[2]; + uint64_t f[2]; + uint8_t buf[BLAKE2B_BLOCKBYTES]; + size_t buflen; +}; + +#define BLAKE2B_DIGEST_LENGTH 64 +#define BLAKE2S_DIGEST_LENGTH 32 + +typedef struct blake2s_ctx_st BLAKE2S_CTX; +typedef struct blake2b_ctx_st BLAKE2B_CTX; + +int BLAKE2b_Init(BLAKE2B_CTX *c); +int BLAKE2b_Update(BLAKE2B_CTX *c, const void *data, size_t datalen); +int BLAKE2b_Final(unsigned char *md, BLAKE2B_CTX *c); + +int BLAKE2s_Init(BLAKE2S_CTX *c); +int BLAKE2s_Update(BLAKE2S_CTX *c, const void *data, size_t datalen); +int BLAKE2s_Final(unsigned char *md, BLAKE2S_CTX *c); diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 8cd3b2071e..c9314208a7 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -60,12 +60,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 1054 -#define NUM_SN 1047 -#define NUM_LN 1047 -#define NUM_OBJ 951 +#define NUM_NID 1058 +#define NUM_SN 1049 +#define NUM_LN 1049 +#define NUM_OBJ 953 -static const unsigned char lvalues[6722]={ +static const unsigned char lvalues[6744]={ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -1011,6 +1011,8 @@ static const unsigned char lvalues[6722]={ 0x2B,0x06,0x01,0x05,0x02,0x03,0x05, /* [6696] OBJ_pkInitKDC */ 0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x0F,0x01,/* [6703] OBJ_X25519 */ 0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x0F,0x02,/* [6712] OBJ_X448 */ +0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x01,0x10,/* [6721] OBJ_blake2b */ +0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x02,0x08,/* [6732] OBJ_blake2s */ }; static const ASN1_OBJECT nid_objs[NUM_NID]={ @@ -2722,6 +2724,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ {"AuthGOST12","auth-gost12",NID_auth_gost12,0,NULL,0}, {"AuthSRP","auth-srp",NID_auth_srp,0,NULL,0}, {"AuthNULL","auth-null",NID_auth_null,0,NULL,0}, +{NULL,NULL,NID_undef,0,NULL,0}, +{NULL,NULL,NID_undef,0,NULL,0}, +{"BLAKE2b","blake2b",NID_blake2b,11,&(lvalues[6721]),0}, +{"BLAKE2s","blake2s",NID_blake2s,11,&(lvalues[6732]),0}, }; static const unsigned int sn_objs[NUM_SN]={ @@ -2770,6 +2776,8 @@ static const unsigned int sn_objs[NUM_SN]={ 93, /* "BF-CFB" */ 92, /* "BF-ECB" */ 94, /* "BF-OFB" */ +1056, /* "BLAKE2b" */ +1057, /* "BLAKE2s" */ 14, /* "C" */ 751, /* "CAMELLIA-128-CBC" */ 962, /* "CAMELLIA-128-CCM" */ @@ -4008,6 +4016,8 @@ static const unsigned int ln_objs[NUM_LN]={ 93, /* "bf-cfb" */ 92, /* "bf-ecb" */ 94, /* "bf-ofb" */ +1056, /* "blake2b" */ +1057, /* "blake2s" */ 921, /* "brainpoolP160r1" */ 922, /* "brainpoolP160t1" */ 923, /* "brainpoolP192r1" */ @@ -5776,5 +5786,7 @@ static const unsigned int obj_objs[NUM_OBJ]={ 955, /* OBJ_jurisdictionLocalityName 1 3 6 1 4 1 311 60 2 1 1 */ 956, /* OBJ_jurisdictionStateOrProvinceName 1 3 6 1 4 1 311 60 2 1 2 */ 957, /* OBJ_jurisdictionCountryName 1 3 6 1 4 1 311 60 2 1 3 */ +1056, /* OBJ_blake2b 1 3 6 1 4 1 1722 12 2 1 16 */ +1057, /* OBJ_blake2s 1 3 6 1 4 1 1722 12 2 2 8 */ }; diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 2a80d9d0c9..dfdb61aa5d 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -1053,3 +1053,5 @@ auth_srp 1052 auth_null 1053 fips_none 1054 fips_140_2 1055 +blake2b 1056 +blake2s 1057 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index a79968b85a..24b0f42e52 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -671,6 +671,9 @@ algorithm 29 : RSA-SHA1-2 : sha1WithRSA 1 3 36 3 2 1 : RIPEMD160 : ripemd160 1 3 36 3 3 1 2 : RSA-RIPEMD160 : ripemd160WithRSA +1 3 6 1 4 1 1722 12 2 1 16 : BLAKE2b : blake2b +1 3 6 1 4 1 1722 12 2 2 8 : BLAKE2s : blake2s + !Cname sxnet 1 3 101 1 4 1 : SXNetID : Strong Extranet ID diff --git a/doc/apps/dgst.pod b/doc/apps/dgst.pod index 1c595dcf74..7b3001e932 100644 --- a/doc/apps/dgst.pod +++ b/doc/apps/dgst.pod @@ -2,7 +2,7 @@ =head1 NAME -dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md4, md5 - message digests +dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md4, md5, blake2b, blake2s - message digests =head1 SYNOPSIS diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod index db9c04004e..fdc407fa32 100644 --- a/doc/crypto/EVP_DigestInit.pod +++ b/doc/crypto/EVP_DigestInit.pod @@ -8,8 +8,8 @@ EVP_DigestInit, EVP_DigestFinal, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha1, EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_mdc2, -EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - -EVP digest routines +EVP_ripemd160, EVP_blake2b, EVP_blake2s, EVP_get_digestbyname, +EVP_get_digestbynid, EVP_get_digestbyobj - EVP digest routines =head1 SYNOPSIS @@ -57,6 +57,8 @@ EVP digest routines const EVP_MD *EVP_sha1(void); const EVP_MD *EVP_mdc2(void); const EVP_MD *EVP_ripemd160(void); + const EVP_MD *EVP_blake2b(void); + const EVP_MD *EVP_blake2s(void); const EVP_MD *EVP_sha224(void); const EVP_MD *EVP_sha256(void); @@ -134,9 +136,10 @@ are no longer linked this function is only retained for compatibility reasons. EVP_md2(), EVP_md5(), EVP_sha1(), EVP_sha224(), EVP_sha256(), -EVP_sha384(), EVP_sha512(), EVP_mdc2() and EVP_ripemd160() return B<EVP_MD> -structures for the MD2, MD5, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2 -and RIPEMD160 digest algorithms respectively. +EVP_sha384(), EVP_sha512(), EVP_mdc2(), EVP_ripemd160(), EVP_blake2b, and +EVP_blake2s return B<EVP_MD> structures for the MD2, MD5, SHA1, SHA224, SHA256, +SHA384, SHA512, MDC2, RIPEMD160, BLAKE2b, and BLAKE2s digest algorithms +respectively. EVP_md_null() is a "null" message digest that does nothing: i.e. the hash it returns is of zero length. @@ -159,8 +162,8 @@ EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and EVP_MD_CTX_block_size() return the digest or block size in bytes. EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(), -EVP_mdc2() and EVP_ripemd160() return pointers to the -corresponding EVP_MD structures. +EVP_mdc2(), EVP_ripemd160(), EVP_blake2b(), and EVP_blake2s() return pointers +to the corresponding EVP_MD structures. EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj() return either an B<EVP_MD> structure or NULL if an error occurs. diff --git a/doc/standards.txt b/doc/standards.txt index d28b167d4a..747286433f 100644 --- a/doc/standards.txt +++ b/doc/standards.txt @@ -163,3 +163,5 @@ STARTTLS documents. 3657 Use of the Camellia Encryption Algorithm in Cryptographic Message Syntax (CMS) + +7693 The BLAKE2 Cryptographic Hash and Message Authentication Code (MAC) diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 4516db130e..c5598133e3 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -700,6 +700,10 @@ const EVP_MD *EVP_md4(void); const EVP_MD *EVP_md5(void); const EVP_MD *EVP_md5_sha1(void); # endif +# ifndef OPENSSL_NO_BLAKE2 +const EVP_MD *EVP_blake2b(void); +const EVP_MD *EVP_blake2s(void); +# endif const EVP_MD *EVP_sha1(void); const EVP_MD *EVP_sha224(void); const EVP_MD *EVP_sha256(void); diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index 4725a6c574..28d9637735 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -2078,6 +2078,16 @@ #define NID_ripemd160WithRSA 119 #define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L +#define SN_blake2b "BLAKE2b" +#define LN_blake2b "blake2b" +#define NID_blake2b 1056 +#define OBJ_blake2b 1L,3L,6L,1L,4L,1L,1722L,12L,2L,1L,16L + +#define SN_blake2s "BLAKE2s" +#define LN_blake2s "blake2s" +#define NID_blake2s 1057 +#define OBJ_blake2s 1L,3L,6L,1L,4L,1L,1722L,12L,2L,2L,8L + #define SN_sxnet "SXNetID" #define LN_sxnet "Strong Extranet ID" #define NID_sxnet 143 diff --git a/include/openssl/objects.h b/include/openssl/objects.h index 05bc9b0248..7766f3a32f 100644 --- a/include/openssl/objects.h +++ b/include/openssl/objects.h @@ -642,6 +642,16 @@ # define NID_ripemd160WithRSA 119 # define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L +# define SN_blake2b "BLAKE2b" +# define LN_blake2b "blake2b" +# define NID_blake2b 1022 +# define OBJ_blake2b 1,3,6,1,4,1,1722,12,2,1,16 + +# define SN_blake2s "BLAKE2s" +# define LN_blake2s "blake2" +# define NID_blake2s 1023 +# define OBJ_blake2s 1,3,6,1,4,1,1722,12,2,2,8 + /*- * Taken from rfc2040 * RC5_CBC_Parameters ::= SEQUENCE { diff --git a/test/evptests.txt b/test/evptests.txt index 0a45e2f71a..a9a711b6c4 100644 --- a/test/evptests.txt +++ b/test/evptests.txt @@ -2,6 +2,63 @@ #aadcipher:key:iv:plaintext:ciphertext:aad:tag:0/1(decrypt/encrypt) #digest:::input:output +# BLAKE2 tests, using same inputs as MD5 +Digest = BLAKE2s +Input = +Output = 69217a3079908094e11121d042354a7c1f55b6482ca1a51e1b250dfd1ed0eef9 + +Digest = BLAKE2s +Input = 61 +Output = 4a0d129873403037c2cd9b9048203687f6233fb6738956e0349bd4320fec3e90 + +Digest = BLAKE2s +Input = 616263 +Output = 508c5e8c327c14e2e1a72ba34eeb452f37458b209ed63a294d999b4c86675982 + +Digest = BLAKE2s +Input = 6d65737361676520646967657374 +Output = fa10ab775acf89b7d3c8a6e823d586f6b67bdbac4ce207fe145b7d3ac25cd28c + +Digest = BLAKE2s +Input = 6162636465666768696a6b6c6d6e6f707172737475767778797a +Output = bdf88eb1f86a0cdf0e840ba88fa118508369df186c7355b4b16cf79fa2710a12 + +Digest = BLAKE2s +Input = 4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839 +Output = c75439ea17e1de6fa4510c335dc3d3f343e6f9e1ce2773e25b4174f1df8b119b + +Digest = BLAKE2s +Input = 3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930 +Output = fdaedb290a0d5af9870864fec2e090200989dc9cd53a3c092129e8535e8b4f66 + +Digest = BLAKE2b +Input = +Output = 786a02f742015903c6c6fd852552d272912f4740e15847618a86e217f71f5419d25e1031afee585313896444934eb04b903a685b1448b755d56f701afe9be2ce + +Digest = BLAKE2b +Input = 61 +Output = 333fcb4ee1aa7c115355ec66ceac917c8bfd815bf7587d325aec1864edd24e34d5abe2c6b1b5ee3face62fed78dbef802f2a85cb91d455a8f5249d330853cb3c + +Digest = BLAKE2b +Input = 616263 +Output = ba80a53f981c4d0d6a2797b69f12f6e94c212f14685ac4b74b12bb6fdbffa2d17d87c5392aab792dc252d5de4533cc9518d38aa8dbf1925ab92386edd4009923 + +Digest = BLAKE2b +Input = 6d65737361676520646967657374 +Output = 3c26ce487b1c0f062363afa3c675ebdbf5f4ef9bdc022cfbef91e3111cdc283840d8331fc30a8a0906cff4bcdbcd230c61aaec60fdfad457ed96b709a382359a + +Digest = BLAKE2b +Input = 6162636465666768696a6b6c6d6e6f707172737475767778797a +Output = c68ede143e416eb7b4aaae0d8e48e55dd529eafed10b1df1a61416953a2b0a5666c761e7d412e6709e31ffe221b7a7a73908cb95a4d120b8b090a87d1fbedb4c + +Digest = BLAKE2b +Input = 4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839 +Output = 99964802e5c25e703722905d3fb80046b6bca698ca9e2cc7e49b4fe1fa087c2edf0312dfbb275cf250a1e542fd5dc2edd313f9c491127c2e8c0c9b24168e2d50 + +Digest = BLAKE2b +Input = 3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930 +Output = 686f41ec5afff6e87e1f076f542aa466466ff5fbde162c48481ba48a748d842799f5b30f5b67fc684771b33b994206d05cc310f31914edd7b97e41860d77d282 + # SHA(1) tests (from shatest.c) Digest = SHA1 Input = 616263 diff --git a/util/libcrypto.num b/util/libcrypto.num index 7d893a1134..d23dbc44e9 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4057,3 +4057,5 @@ ECPKPARAMETERS_it 3923 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION: EC_GROUP_get_ecparameters 3924 1_1_0 EXIST::FUNCTION:EC DHparams_it 3925 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DH DHparams_it 3925 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DH +EVP_blake2b 3926 1_1_0 EXIST::FUNCTION:BLAKE2 +EVP_blake2s 3927 1_1_0 EXIST::FUNCTION:BLAKE2 diff --git a/util/mkdef.pl b/util/mkdef.pl index a847b0b077..4578c9afc2 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -75,7 +75,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "SHA256", "SHA512", "RMD160", "MDC2", "WHIRLPOOL", "RSA", "DSA", "DH", "EC", "EC2M", "HMAC", "AES", "CAMELLIA", "SEED", "GOST", - "SCRYPT", "CHACHA", "POLY1305", + "SCRYPT", "CHACHA", "POLY1305", "BLAKE2", # EC_NISTP_64_GCC_128 "EC_NISTP_64_GCC_128", # Envelope "algorithms" diff --git a/util/mkfiles.pl b/util/mkfiles.pl index 1e5f84e049..0e4f71e04d 100755 --- a/util/mkfiles.pl +++ b/util/mkfiles.pl @@ -63,6 +63,7 @@ my @dirs = ( "crypto/async", "crypto/chacha", "crypto/poly1305", +"crypto/blake2", "crypto/kdf", "ssl", "apps", |