summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2015-10-25 23:00:49 +0000
committerVsevolod Stakhov <vsevolod@highsecure.ru>2015-10-25 23:00:49 +0000
commit13d1587064ee25b8dab3e5d37db383a1d48bcc8d (patch)
treea88649db8bf011bbb065c946ec18831fef9dd63e
parent13d9c7e4216f1da8c49f4fe9ec55111e49114645 (diff)
downloadrspamd-13d1587064ee25b8dab3e5d37db383a1d48bcc8d.tar.gz
rspamd-13d1587064ee25b8dab3e5d37db383a1d48bcc8d.zip
Add universal cryptobox hash API.
-rw-r--r--src/libcryptobox/cryptobox.c51
-rw-r--r--src/libcryptobox/cryptobox.h30
2 files changed, 78 insertions, 3 deletions
diff --git a/src/libcryptobox/cryptobox.c b/src/libcryptobox/cryptobox.c
index 051848e3d..0b9e5ad04 100644
--- a/src/libcryptobox/cryptobox.c
+++ b/src/libcryptobox/cryptobox.c
@@ -976,12 +976,11 @@ rspamd_cryptobox_pbkdf (const char *pass, gsize pass_len,
asalt[salt_len + 1] = (count >> 16) & 0xff;
asalt[salt_len + 2] = (count >> 8) & 0xff;
asalt[salt_len + 3] = count & 0xff;
- blake2b (d1, asalt, pass, BLAKE2B_OUTBYTES, salt_len + 4, pass_len);
+ blake2b_keyed (d1, asalt, salt_len + 4, pass, pass_len);
memcpy (obuf, d1, sizeof(obuf));
for (i = 1; i < rounds; i++) {
- blake2b (d2, d1, pass, BLAKE2B_OUTBYTES, BLAKE2B_OUTBYTES,
- pass_len);
+ blake2b_keyed (d2, d1, BLAKE2B_OUTBYTES, pass, pass_len);
memcpy (d1, d2, sizeof(d1));
for (j = 0; j < sizeof(obuf); j++) {
@@ -1054,3 +1053,49 @@ rspamd_cryptobox_mac_bytes (void)
{
return 16;
}
+
+void
+rspamd_cryptobox_hash_init (void *st, const guchar *key, gsize keylen)
+{
+ if (key != NULL && keylen > 0) {
+ blake2b_keyed_init (st, key, keylen);
+ }
+ else {
+ blake2b_init (st);
+ }
+}
+
+/**
+ * Update hash with data portion
+ */
+void
+rspamd_cryptobox_hash_update (void *st, const guchar *data, gsize len)
+{
+ blake2b_update (st, data, len);
+}
+
+/**
+ * Output hash to the buffer of rspamd_cryptobox_HASHBYTES length
+ */
+void
+rspamd_cryptobox_hash_final (void *st, guchar *out)
+{
+ blake2b_final (st, out);
+ rspamd_explicit_memzero (st, rspamd_cryptobox_HASHSTATEBYTES);
+}
+
+/**
+ * One in all function
+ */
+void rspamd_cryptobox_hash (guchar *out,
+ const guchar *data,
+ gsize len,
+ const guchar *key,
+ gsize keylen)
+{
+ blake2b_state RSPAMD_ALIGNED(32) st;
+
+ rspamd_cryptobox_hash_init (&st, key, keylen);
+ rspamd_cryptobox_hash_update (&st, data, len);
+ rspamd_cryptobox_hash_final (&st, out);
+}
diff --git a/src/libcryptobox/cryptobox.h b/src/libcryptobox/cryptobox.h
index a9eef3770..fc7ddd8b3 100644
--- a/src/libcryptobox/cryptobox.h
+++ b/src/libcryptobox/cryptobox.h
@@ -36,6 +36,8 @@ struct rspamd_cryptobox_segment {
#define rspamd_cryptobox_MAX_MACBYTES 16
#define rspamd_cryptobox_MAX_NMBYTES 32
#define rspamd_cryptobox_SIPKEYBYTES 16
+#define rspamd_cryptobox_HASHBYTES 64
+#define rspamd_cryptobox_HASHSTATEBYTES 256
typedef guchar rspamd_pk_t[rspamd_cryptobox_MAX_PKBYTES];
typedef guchar rspamd_sk_t[rspamd_cryptobox_MAX_SKBYTES];
@@ -205,4 +207,32 @@ guint rspamd_cryptobox_nm_bytes (void);
*/
guint rspamd_cryptobox_mac_bytes (void);
+/* Hash IUF interface */
+
+/**
+ * Init cryptobox hash state using key if needed, `st` must point to the buffer
+ * with at least rspamd_cryptobox_HASHSTATEBYTES bytes length. If keylen == 0, then
+ * non-keyed hash is generated
+ */
+void rspamd_cryptobox_hash_init (void *st, const guchar *key, gsize keylen);
+
+/**
+ * Update hash with data portion
+ */
+void rspamd_cryptobox_hash_update (void *st, const guchar *data, gsize len);
+
+/**
+ * Output hash to the buffer of rspamd_cryptobox_HASHBYTES length
+ */
+void rspamd_cryptobox_hash_final (void *st, guchar *out);
+
+/**
+ * One in all function
+ */
+void rspamd_cryptobox_hash (guchar *out,
+ const guchar *data,
+ gsize len,
+ const guchar *key,
+ gsize keylen);
+
#endif /* CRYPTOBOX_H_ */