From 13d1587064ee25b8dab3e5d37db383a1d48bcc8d Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Sun, 25 Oct 2015 23:00:49 +0000 Subject: [PATCH] Add universal cryptobox hash API. --- src/libcryptobox/cryptobox.c | 51 +++++++++++++++++++++++++++++++++--- src/libcryptobox/cryptobox.h | 30 +++++++++++++++++++++ 2 files changed, 78 insertions(+), 3 deletions(-) diff --git a/src/libcryptobox/cryptobox.c b/src/libcryptobox/cryptobox.c index 051848e3d..0b9e5ad04 100644 --- a/src/libcryptobox/cryptobox.c +++ b/src/libcryptobox/cryptobox.c @@ -976,12 +976,11 @@ rspamd_cryptobox_pbkdf (const char *pass, gsize pass_len, asalt[salt_len + 1] = (count >> 16) & 0xff; asalt[salt_len + 2] = (count >> 8) & 0xff; asalt[salt_len + 3] = count & 0xff; - blake2b (d1, asalt, pass, BLAKE2B_OUTBYTES, salt_len + 4, pass_len); + blake2b_keyed (d1, asalt, salt_len + 4, pass, pass_len); memcpy (obuf, d1, sizeof(obuf)); for (i = 1; i < rounds; i++) { - blake2b (d2, d1, pass, BLAKE2B_OUTBYTES, BLAKE2B_OUTBYTES, - pass_len); + blake2b_keyed (d2, d1, BLAKE2B_OUTBYTES, pass, pass_len); memcpy (d1, d2, sizeof(d1)); for (j = 0; j < sizeof(obuf); j++) { @@ -1054,3 +1053,49 @@ rspamd_cryptobox_mac_bytes (void) { return 16; } + +void +rspamd_cryptobox_hash_init (void *st, const guchar *key, gsize keylen) +{ + if (key != NULL && keylen > 0) { + blake2b_keyed_init (st, key, keylen); + } + else { + blake2b_init (st); + } +} + +/** + * Update hash with data portion + */ +void +rspamd_cryptobox_hash_update (void *st, const guchar *data, gsize len) +{ + blake2b_update (st, data, len); +} + +/** + * Output hash to the buffer of rspamd_cryptobox_HASHBYTES length + */ +void +rspamd_cryptobox_hash_final (void *st, guchar *out) +{ + blake2b_final (st, out); + rspamd_explicit_memzero (st, rspamd_cryptobox_HASHSTATEBYTES); +} + +/** + * One in all function + */ +void rspamd_cryptobox_hash (guchar *out, + const guchar *data, + gsize len, + const guchar *key, + gsize keylen) +{ + blake2b_state RSPAMD_ALIGNED(32) st; + + rspamd_cryptobox_hash_init (&st, key, keylen); + rspamd_cryptobox_hash_update (&st, data, len); + rspamd_cryptobox_hash_final (&st, out); +} diff --git a/src/libcryptobox/cryptobox.h b/src/libcryptobox/cryptobox.h index a9eef3770..fc7ddd8b3 100644 --- a/src/libcryptobox/cryptobox.h +++ b/src/libcryptobox/cryptobox.h @@ -36,6 +36,8 @@ struct rspamd_cryptobox_segment { #define rspamd_cryptobox_MAX_MACBYTES 16 #define rspamd_cryptobox_MAX_NMBYTES 32 #define rspamd_cryptobox_SIPKEYBYTES 16 +#define rspamd_cryptobox_HASHBYTES 64 +#define rspamd_cryptobox_HASHSTATEBYTES 256 typedef guchar rspamd_pk_t[rspamd_cryptobox_MAX_PKBYTES]; typedef guchar rspamd_sk_t[rspamd_cryptobox_MAX_SKBYTES]; @@ -205,4 +207,32 @@ guint rspamd_cryptobox_nm_bytes (void); */ guint rspamd_cryptobox_mac_bytes (void); +/* Hash IUF interface */ + +/** + * Init cryptobox hash state using key if needed, `st` must point to the buffer + * with at least rspamd_cryptobox_HASHSTATEBYTES bytes length. If keylen == 0, then + * non-keyed hash is generated + */ +void rspamd_cryptobox_hash_init (void *st, const guchar *key, gsize keylen); + +/** + * Update hash with data portion + */ +void rspamd_cryptobox_hash_update (void *st, const guchar *data, gsize len); + +/** + * Output hash to the buffer of rspamd_cryptobox_HASHBYTES length + */ +void rspamd_cryptobox_hash_final (void *st, guchar *out); + +/** + * One in all function + */ +void rspamd_cryptobox_hash (guchar *out, + const guchar *data, + gsize len, + const guchar *key, + gsize keylen); + #endif /* CRYPTOBOX_H_ */ -- 2.39.5