Add universal cryptobox hash API.

diff --git a/src/libcryptobox/cryptobox.c b/src/libcryptobox/cryptobox.c
index 051848e3df2b73e42924872238dea3ff1975b989..0b9e5ad04c75e7741b899399bcda2a207eb8a64e 100644 (file)
--- a/src/libcryptobox/cryptobox.c
+++ b/src/libcryptobox/cryptobox.c
@@ -976,12 +976,11 @@ rspamd_cryptobox_pbkdf (const char *pass, gsize pass_len,
                asalt[salt_len + 1] = (count >> 16) & 0xff;
                asalt[salt_len + 2] = (count >> 8) & 0xff;
                asalt[salt_len + 3] = count & 0xff;
-               blake2b (d1, asalt, pass, BLAKE2B_OUTBYTES, salt_len + 4, pass_len);
+               blake2b_keyed (d1, asalt, salt_len + 4, pass, pass_len);
                memcpy (obuf, d1, sizeof(obuf));
 
                for (i = 1; i < rounds; i++) {
-                       blake2b (d2, d1, pass, BLAKE2B_OUTBYTES, BLAKE2B_OUTBYTES,
-                                       pass_len);
+                       blake2b_keyed (d2, d1, BLAKE2B_OUTBYTES, pass, pass_len);
                        memcpy (d1, d2, sizeof(d1));
 
                        for (j = 0; j < sizeof(obuf); j++) {
@@ -1054,3 +1053,49 @@ rspamd_cryptobox_mac_bytes (void)
 {
        return 16;
 }
+
+void
+rspamd_cryptobox_hash_init (void *st, const guchar *key, gsize keylen)
+{
+       if (key != NULL && keylen > 0) {
+               blake2b_keyed_init (st, key, keylen);
+       }
+       else {
+               blake2b_init (st);
+       }
+}
+
+/**
+ * Update hash with data portion
+ */
+void
+rspamd_cryptobox_hash_update (void *st, const guchar *data, gsize len)
+{
+       blake2b_update (st, data, len);
+}
+
+/**
+ * Output hash to the buffer of rspamd_cryptobox_HASHBYTES length
+ */
+void
+rspamd_cryptobox_hash_final (void *st, guchar *out)
+{
+       blake2b_final (st, out);
+       rspamd_explicit_memzero (st, rspamd_cryptobox_HASHSTATEBYTES);
+}
+
+/**
+ * One in all function
+ */
+void rspamd_cryptobox_hash (guchar *out,
+               const guchar *data,
+               gsize len,
+               const guchar *key,
+               gsize keylen)
+{
+       blake2b_state RSPAMD_ALIGNED(32) st;
+
+       rspamd_cryptobox_hash_init (&st, key, keylen);
+       rspamd_cryptobox_hash_update (&st, data, len);
+       rspamd_cryptobox_hash_final (&st, out);
+}

diff --git a/src/libcryptobox/cryptobox.h b/src/libcryptobox/cryptobox.h
index a9eef3770d98cbacb898f2de8529a8c32327cf05..fc7ddd8b3876e621fbddbaca8e451a0d04c48516 100644 (file)
--- a/src/libcryptobox/cryptobox.h
+++ b/src/libcryptobox/cryptobox.h
@@ -36,6 +36,8 @@ struct rspamd_cryptobox_segment {
 #define rspamd_cryptobox_MAX_MACBYTES 16
 #define rspamd_cryptobox_MAX_NMBYTES 32
 #define rspamd_cryptobox_SIPKEYBYTES 16
+#define rspamd_cryptobox_HASHBYTES 64
+#define rspamd_cryptobox_HASHSTATEBYTES 256
 
 typedef guchar rspamd_pk_t[rspamd_cryptobox_MAX_PKBYTES];
 typedef guchar rspamd_sk_t[rspamd_cryptobox_MAX_SKBYTES];
@@ -205,4 +207,32 @@ guint rspamd_cryptobox_nm_bytes (void);
  */
 guint rspamd_cryptobox_mac_bytes (void);
 
+/* Hash IUF interface */
+
+/**
+ * Init cryptobox hash state using key if needed, `st` must point to the buffer
+ * with at least rspamd_cryptobox_HASHSTATEBYTES bytes length. If keylen == 0, then
+ * non-keyed hash is generated
+ */
+void rspamd_cryptobox_hash_init (void *st, const guchar *key, gsize keylen);
+
+/**
+ * Update hash with data portion
+ */
+void rspamd_cryptobox_hash_update (void *st, const guchar *data, gsize len);
+
+/**
+ * Output hash to the buffer of rspamd_cryptobox_HASHBYTES length
+ */
+void rspamd_cryptobox_hash_final (void *st, guchar *out);
+
+/**
+ * One in all function
+ */
+void rspamd_cryptobox_hash (guchar *out,
+               const guchar *data,
+               gsize len,
+               const guchar *key,
+               gsize keylen);
+
 #endif /* CRYPTOBOX_H_ */