cryptonite 0.28 → 0.30
raw patch · 29 files changed
Files
- CHANGELOG.md +12/−0
- Crypto/ECC/Edwards25519.hs +12/−12
- Crypto/Hash.hs +4/−3
- Crypto/Internal/Builder.hs +53/−0
- Crypto/Internal/CompatPrim.hs +13/−12
- Crypto/Internal/Imports.hs +4/−0
- Crypto/MAC/HMAC.hs +10/−1
- Crypto/MAC/KMAC.hs +14/−39
- Crypto/Number/Compat.hs +9/−3
- Crypto/PubKey/EdDSA.hs +390/−0
- benchs/Bench.hs +42/−0
- cbits/argon2/core.c +34/−34
- cbits/blake2/ref/blake2.h +33/−33
- cbits/blake2/ref/blake2b-ref.c +23/−23
- cbits/blake2/ref/blake2bp-ref.c +24/−24
- cbits/blake2/ref/blake2s-ref.c +19/−19
- cbits/blake2/ref/blake2sp-ref.c +25/−25
- cbits/blake2/sse/blake2.h +33/−33
- cbits/blake2/sse/blake2b.c +20/−20
- cbits/blake2/sse/blake2bp.c +25/−25
- cbits/blake2/sse/blake2s.c +16/−16
- cbits/blake2/sse/blake2sp.c +25/−25
- cbits/cryptonite_blake2b.c +3/−3
- cbits/cryptonite_blake2bp.c +3/−3
- cbits/cryptonite_blake2s.c +3/−3
- cbits/cryptonite_blake2sp.c +3/−3
- cryptonite.cabal +6/−3
- tests/KAT_EdDSA.hs +131/−0
- tests/Tests.hs +2/−0
CHANGELOG.md view
@@ -1,3 +1,15 @@+## 0.30++* Fix some C symbol blake2b prefix to be cryptonite_ prefix (fix mixing with other C library)+* add hmac-lazy+* Fix compilation with GHC 9.2+* Drop support for GHC8.0, GHC8.2, GHC8.4, GHC8.6++## 0.29++* advance compilation with gmp breakage due to change upstream+* Add native EdDSA support+ ## 0.28 * Add hash constant time capability
Crypto/ECC/Edwards25519.hs view
@@ -283,45 +283,45 @@ withByteArray p $ \pp -> ed25519_base_double_scalarmul_vartime out ps1 pp ps2 -foreign import ccall "cryptonite_ed25519_scalar_eq"+foreign import ccall unsafe "cryptonite_ed25519_scalar_eq" ed25519_scalar_eq :: Ptr Scalar -> Ptr Scalar -> IO CInt -foreign import ccall "cryptonite_ed25519_scalar_encode"+foreign import ccall unsafe "cryptonite_ed25519_scalar_encode" ed25519_scalar_encode :: Ptr Word8 -> Ptr Scalar -> IO () -foreign import ccall "cryptonite_ed25519_scalar_decode_long"+foreign import ccall unsafe "cryptonite_ed25519_scalar_decode_long" ed25519_scalar_decode_long :: Ptr Scalar -> Ptr Word8 -> CSize -> IO () -foreign import ccall "cryptonite_ed25519_scalar_add"+foreign import ccall unsafe "cryptonite_ed25519_scalar_add" ed25519_scalar_add :: Ptr Scalar -- sum -> Ptr Scalar -- a -> Ptr Scalar -- b -> IO () -foreign import ccall "cryptonite_ed25519_scalar_mul"+foreign import ccall unsafe "cryptonite_ed25519_scalar_mul" ed25519_scalar_mul :: Ptr Scalar -- out -> Ptr Scalar -- a -> Ptr Scalar -- b -> IO () -foreign import ccall "cryptonite_ed25519_point_encode"+foreign import ccall unsafe "cryptonite_ed25519_point_encode" ed25519_point_encode :: Ptr Word8 -> Ptr Point -> IO () -foreign import ccall "cryptonite_ed25519_point_decode_vartime"+foreign import ccall unsafe "cryptonite_ed25519_point_decode_vartime" ed25519_point_decode_vartime :: Ptr Point -> Ptr Word8 -> IO CInt -foreign import ccall "cryptonite_ed25519_point_eq"+foreign import ccall unsafe "cryptonite_ed25519_point_eq" ed25519_point_eq :: Ptr Point -> Ptr Point -> IO CInt@@ -330,23 +330,23 @@ ed25519_point_has_prime_order :: Ptr Point -> IO CInt -foreign import ccall "cryptonite_ed25519_point_negate"+foreign import ccall unsafe "cryptonite_ed25519_point_negate" ed25519_point_negate :: Ptr Point -- minus_a -> Ptr Point -- a -> IO () -foreign import ccall "cryptonite_ed25519_point_add"+foreign import ccall unsafe "cryptonite_ed25519_point_add" ed25519_point_add :: Ptr Point -- sum -> Ptr Point -- a -> Ptr Point -- b -> IO () -foreign import ccall "cryptonite_ed25519_point_double"+foreign import ccall unsafe "cryptonite_ed25519_point_double" ed25519_point_double :: Ptr Point -- two_a -> Ptr Point -- a -> IO () -foreign import ccall "cryptonite_ed25519_point_mul_by_cofactor"+foreign import ccall unsafe "cryptonite_ed25519_point_mul_by_cofactor" ed25519_point_mul_by_cofactor :: Ptr Point -- eight_a -> Ptr Point -- a -> IO ()
Crypto/Hash.hs view
@@ -54,7 +54,8 @@ import Crypto.Internal.ByteArray (ByteArrayAccess) import qualified Crypto.Internal.ByteArray as B import qualified Data.ByteString.Lazy as L-import Data.Word (Word8, Word32)+import Data.Word (Word8)+import Data.Int (Int32) -- | Hash a strict bytestring into a digest. hash :: (ByteArrayAccess ba, HashAlgorithm a) => ba -> Digest a@@ -91,14 +92,14 @@ mapM_ (\b -> B.withByteArray b (processBlocks ctx (B.length b))) ls where ls = filter (not . B.null) l- -- process the data in 4GB chunks to fit in uint32_t+ -- process the data in 2GB chunks to fit in uint32_t and Int on 32 bit systems processBlocks ctx bytesLeft dataPtr | bytesLeft == 0 = return () | otherwise = do hashInternalUpdate ctx dataPtr (fromIntegral actuallyProcessed) processBlocks ctx (bytesLeft - actuallyProcessed) (dataPtr `plusPtr` actuallyProcessed) where- actuallyProcessed = min bytesLeft (fromIntegral (maxBound :: Word32))+ actuallyProcessed = min bytesLeft (fromIntegral (maxBound :: Int32)) -- | Finalize a context and return a digest. hashFinalize :: forall a . HashAlgorithm a
+ Crypto/Internal/Builder.hs view
@@ -0,0 +1,53 @@+-- |+-- Module : Crypto.Internal.Builder+-- License : BSD-style+-- Maintainer : Olivier Chéron <olivier.cheron@gmail.com>+-- Stability : stable+-- Portability : Good+--+-- Delaying and merging ByteArray allocations. This is similar to module+-- "Data.ByteArray.Pack" except the total length is computed automatically based+-- on what is appended.+--+{-# LANGUAGE BangPatterns #-}+module Crypto.Internal.Builder+ ( Builder+ , buildAndFreeze+ , builderLength+ , byte+ , bytes+ , zero+ ) where++import Data.ByteArray (ByteArray, ByteArrayAccess)+import qualified Data.ByteArray as B+import Data.Memory.PtrMethods (memSet)++import Foreign.Ptr (Ptr, plusPtr)+import Foreign.Storable (poke)++import Crypto.Internal.Imports hiding (empty)++data Builder = Builder !Int (Ptr Word8 -> IO ()) -- size and initializer++instance Semigroup Builder where+ (Builder s1 f1) <> (Builder s2 f2) = Builder (s1 + s2) f+ where f p = f1 p >> f2 (p `plusPtr` s1)++builderLength :: Builder -> Int+builderLength (Builder s _) = s++buildAndFreeze :: ByteArray ba => Builder -> ba+buildAndFreeze (Builder s f) = B.allocAndFreeze s f++byte :: Word8 -> Builder+byte !b = Builder 1 (`poke` b)++bytes :: ByteArrayAccess ba => ba -> Builder+bytes bs = Builder (B.length bs) (B.copyByteArrayToPtr bs)++zero :: Int -> Builder+zero s = if s > 0 then Builder s (\p -> memSet p 0 s) else empty++empty :: Builder+empty = Builder 0 (const $ return ())
Crypto/Internal/CompatPrim.hs view
@@ -23,15 +23,21 @@ , convert4To32 ) where -import GHC.Prim #if !defined(ARCH_IS_LITTLE_ENDIAN) && !defined(ARCH_IS_BIG_ENDIAN) import Data.Memory.Endian (getSystemEndianness, Endianness(..)) #endif +#if __GLASGOW_HASKELL__ >= 902+import GHC.Prim+#else+import GHC.Prim hiding (Word32#)+type Word32# = Word#+#endif+ -- | Byteswap Word# to or from Big Endian -- -- On a big endian machine, this function is a nop.-be32Prim :: Word# -> Word#+be32Prim :: Word32# -> Word32# #ifdef ARCH_IS_LITTLE_ENDIAN be32Prim = byteswap32Prim #elif defined(ARCH_IS_BIG_ENDIAN)@@ -43,7 +49,7 @@ -- | Byteswap Word# to or from Little Endian -- -- On a little endian machine, this function is a nop.-le32Prim :: Word# -> Word#+le32Prim :: Word32# -> Word32# #ifdef ARCH_IS_LITTLE_ENDIAN le32Prim w = w #elif defined(ARCH_IS_BIG_ENDIAN)@@ -54,16 +60,11 @@ -- | Simple compatibility for byteswap the lower 32 bits of a Word# -- at the primitive level-byteswap32Prim :: Word# -> Word#-#if __GLASGOW_HASKELL__ >= 708-byteswap32Prim w = byteSwap32# w+byteswap32Prim :: Word32# -> Word32#+#if __GLASGOW_HASKELL__ >= 902+byteswap32Prim w = wordToWord32# (byteSwap32# (word32ToWord# w)) #else-byteswap32Prim w =- let !a = uncheckedShiftL# w 24#- !b = and# (uncheckedShiftL# w 8#) 0x00ff0000##- !c = and# (uncheckedShiftRL# w 8#) 0x0000ff00##- !d = and# (uncheckedShiftRL# w 24#) 0x000000ff##- in or# a (or# b (or# c d))+byteswap32Prim w = byteSwap32# w #endif -- | Combine 4 word8 [a,b,c,d] to a word32 representing [a,b,c,d]
Crypto/Internal/Imports.hs view
@@ -5,11 +5,15 @@ -- Stability : experimental -- Portability : unknown --+{-# LANGUAGE CPP #-} module Crypto.Internal.Imports ( module X ) where import Data.Word as X+#if !(MIN_VERSION_base(4,11,0))+import Data.Semigroup as X (Semigroup(..))+#endif import Control.Applicative as X import Control.Monad as X (forM, forM_, void) import Control.Arrow as X (first, second)
Crypto/MAC/HMAC.hs view
@@ -12,6 +12,7 @@ {-# LANGUAGE GeneralizedNewtypeDeriving #-} module Crypto.MAC.HMAC ( hmac+ , hmacLazy , HMAC(..) -- * Incremental , Context(..)@@ -28,6 +29,7 @@ import qualified Crypto.Internal.ByteArray as B import Data.Memory.PtrMethods import Crypto.Internal.Compat+import qualified Data.ByteString.Lazy as L -- | Represent an HMAC that is a phantom type with the hash used to produce the mac. --@@ -39,12 +41,19 @@ instance Eq (HMAC a) where (HMAC b1) == (HMAC b2) = B.constEq b1 b2 --- | compute a MAC using the supplied hashing function+-- | Compute a MAC using the supplied hashing function hmac :: (ByteArrayAccess key, ByteArrayAccess message, HashAlgorithm a) => key -- ^ Secret key -> message -- ^ Message to MAC -> HMAC a hmac secret msg = finalize $ updates (initialize secret) [msg]++-- | Compute a MAC using the supplied hashing function, for a lazy input+hmacLazy :: (ByteArrayAccess key, HashAlgorithm a)+ => key -- ^ Secret key+ -> L.ByteString -- ^ Message to MAC+ -> HMAC a+hmacLazy secret msg = finalize $ updates (initialize secret) (L.toChunks msg) -- | Represent an ongoing HMAC state, that can be appended with 'update' -- and finalize to an HMAC with 'hmacFinalize'
Crypto/MAC/KMAC.hs view
@@ -27,13 +27,12 @@ import Crypto.Hash.SHAKE (HashSHAKE(..)) import Crypto.Hash.Types (HashAlgorithm(..), Digest(..)) import qualified Crypto.Hash.Types as H-import Foreign.Ptr (Ptr, plusPtr)-import Foreign.Storable (poke)+import Crypto.Internal.Builder+import Crypto.Internal.Imports+import Foreign.Ptr (Ptr) import Data.Bits (shiftR)-import Data.ByteArray (ByteArray, ByteArrayAccess)+import Data.ByteArray (ByteArrayAccess) import qualified Data.ByteArray as B-import Data.Word (Word8)-import Data.Memory.PtrMethods (memSet) -- cSHAKE@@ -47,8 +46,8 @@ where c = hashInternalContextSize (undefined :: a) w = hashBlockSize (undefined :: a)- x = encodeString n <+> encodeString s- b = builderAllocAndFreeze (bytepad x w) :: B.Bytes+ x = encodeString n <> encodeString s+ b = buildAndFreeze (bytepad x w) :: B.Bytes cshakeUpdate :: (HashSHAKE a, ByteArrayAccess ba) => H.Context a -> ba -> H.Context a@@ -77,7 +76,7 @@ -- The Eq instance is constant time. No Show instance is provided, to avoid -- printing by mistake. newtype KMAC a = KMAC { kmacGetDigest :: Digest a }- deriving ByteArrayAccess+ deriving (ByteArrayAccess,NFData) instance Eq (KMAC a) where (KMAC b1) == (KMAC b2) = B.constEq b1 b2@@ -99,7 +98,7 @@ where n = B.pack [75,77,65,67] :: B.Bytes -- "KMAC" w = hashBlockSize (undefined :: a)- p = builderAllocAndFreeze (bytepad (encodeString key) w) :: B.ScrubbedBytes+ p = buildAndFreeze (bytepad (encodeString key) w) :: B.ScrubbedBytes -- | Incrementally update a KMAC context. update :: (HashSHAKE a, ByteArrayAccess ba) => Context a -> ba -> Context a@@ -114,56 +113,32 @@ finalize (Context ctx) = KMAC $ cshakeFinalize ctx suffix where l = cshakeOutputLength (undefined :: a)- suffix = builderAllocAndFreeze (rightEncode l) :: B.Bytes+ suffix = buildAndFreeze (rightEncode l) :: B.Bytes -- Utilities bytepad :: Builder -> Int -> Builder-bytepad x w = prefix <+> x <+> zero padLen+bytepad x w = prefix <> x <> zero padLen where prefix = leftEncode w padLen = (w - builderLength prefix - builderLength x) `mod` w encodeString :: ByteArrayAccess bin => bin -> Builder-encodeString s = leftEncode (8 * B.length s) <+> bytes s+encodeString s = leftEncode (8 * B.length s) <> bytes s leftEncode :: Int -> Builder-leftEncode x = byte len <+> digits+leftEncode x = byte len <> digits where digits = i2osp x len = fromIntegral (builderLength digits) rightEncode :: Int -> Builder-rightEncode x = digits <+> byte len+rightEncode x = digits <> byte len where digits = i2osp x len = fromIntegral (builderLength digits) i2osp :: Int -> Builder-i2osp i | i >= 256 = i2osp (shiftR i 8) <+> byte (fromIntegral i)+i2osp i | i >= 256 = i2osp (shiftR i 8) <> byte (fromIntegral i) | otherwise = byte (fromIntegral i)----- Delaying and merging ByteArray allocations--data Builder = Builder !Int (Ptr Word8 -> IO ()) -- size and initializer--(<+>) :: Builder -> Builder -> Builder-(Builder s1 f1) <+> (Builder s2 f2) = Builder (s1 + s2) f- where f p = f1 p >> f2 (p `plusPtr` s1)--builderLength :: Builder -> Int-builderLength (Builder s _) = s--builderAllocAndFreeze :: ByteArray ba => Builder -> ba-builderAllocAndFreeze (Builder s f) = B.allocAndFreeze s f--byte :: Word8 -> Builder-byte !b = Builder 1 (`poke` b)--bytes :: ByteArrayAccess ba => ba -> Builder-bytes bs = Builder (B.length bs) (B.copyByteArrayToPtr bs)--zero :: Int -> Builder-zero s = Builder s (\p -> memSet p 0 s)
Crypto/Number/Compat.hs view
@@ -72,7 +72,9 @@ -- | Compute the power modulus using extra security to remain constant -- time wise through GMP gmpPowModSecInteger :: Integer -> Integer -> Integer -> GmpSupported Integer-#if MIN_VERSION_integer_gmp(1,0,2)+#if MIN_VERSION_integer_gmp(1,1,0)+gmpPowModSecInteger _ _ _ = GmpUnsupported+#elif MIN_VERSION_integer_gmp(1,0,2) gmpPowModSecInteger b e m = GmpSupported (powModSecInteger b e m) #elif MIN_VERSION_integer_gmp(1,0,0) gmpPowModSecInteger _ _ _ = GmpUnsupported@@ -103,7 +105,9 @@ -- | Get the next prime from a specific value through GMP gmpNextPrime :: Integer -> GmpSupported Integer-#if MIN_VERSION_integer_gmp(0,5,1)+#if MIN_VERSION_integer_gmp(1,1,0)+gmpNextPrime _ = GmpUnsupported+#elif MIN_VERSION_integer_gmp(0,5,1) gmpNextPrime n = GmpSupported (nextPrimeInteger n) #else gmpNextPrime _ = GmpUnsupported@@ -111,7 +115,9 @@ -- | Test if a number is prime using Miller Rabin gmpTestPrimeMillerRabin :: Int -> Integer -> GmpSupported Bool-#if MIN_VERSION_integer_gmp(0,5,1)+#if MIN_VERSION_integer_gmp(1,1,0)+gmpTestPrimeMillerRabin _ _ = GmpUnsupported+#elif MIN_VERSION_integer_gmp(0,5,1) gmpTestPrimeMillerRabin (I# tries) !n = GmpSupported $ case testPrimeInteger n tries of 0# -> False
+ Crypto/PubKey/EdDSA.hs view
@@ -0,0 +1,390 @@+-- |+-- Module : Crypto.PubKey.EdDSA+-- License : BSD-style+-- Maintainer : Olivier Chéron <olivier.cheron@gmail.com>+-- Stability : experimental+-- Portability : unknown+--+-- EdDSA signature generation and verification, implemented in Haskell and+-- parameterized with elliptic curve and hash algorithm. Only edwards25519 is+-- supported at the moment.+--+-- The module provides \"context\" and \"prehash\" variants defined in+-- <https://tools.ietf.org/html/rfc8032 RFC 8032>.+--+-- This implementation is most useful when wanting to customize the hash+-- algorithm. See module "Crypto.PubKey.Ed25519" for faster Ed25519 with+-- SHA-512.+--+{-# LANGUAGE DataKinds #-}+{-# LANGUAGE FlexibleContexts #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RankNTypes #-}+{-# LANGUAGE ScopedTypeVariables #-}+{-# LANGUAGE TypeFamilies #-}+module Crypto.PubKey.EdDSA+ ( SecretKey+ , PublicKey+ , Signature+ -- * Curves with EdDSA implementation+ , EllipticCurveEdDSA(CurveDigestSize)+ , publicKeySize+ , secretKeySize+ , signatureSize+ -- * Smart constructors+ , signature+ , publicKey+ , secretKey+ -- * Methods+ , toPublic+ , sign+ , signCtx+ , signPh+ , verify+ , verifyCtx+ , verifyPh+ , generateSecretKey+ ) where++import Data.Bits+import Data.ByteArray (ByteArray, ByteArrayAccess, Bytes, ScrubbedBytes, View)+import qualified Data.ByteArray as B+import Data.ByteString (ByteString)+import Data.Proxy++import Crypto.ECC+import qualified Crypto.ECC.Edwards25519 as Edwards25519+import Crypto.Error+import Crypto.Hash (Digest)+import Crypto.Hash.IO+import Crypto.Random++import GHC.TypeLits (KnownNat, Nat)++import Crypto.Internal.Builder+import Crypto.Internal.Compat+import Crypto.Internal.Imports+import Crypto.Internal.Nat (integralNatVal)++import Foreign.Storable+++-- API++-- | An EdDSA Secret key+newtype SecretKey curve = SecretKey ScrubbedBytes+ deriving (Show,Eq,ByteArrayAccess,NFData)++-- | An EdDSA public key+newtype PublicKey curve hash = PublicKey Bytes+ deriving (Show,Eq,ByteArrayAccess,NFData)++-- | An EdDSA signature+newtype Signature curve hash = Signature Bytes+ deriving (Show,Eq,ByteArrayAccess,NFData)++-- | Elliptic curves with an implementation of EdDSA+class ( EllipticCurveBasepointArith curve+ , KnownNat (CurveDigestSize curve)+ ) => EllipticCurveEdDSA curve where++ -- | Size of the digest for this curve (in bytes)+ type CurveDigestSize curve :: Nat++ -- | Size of secret keys for this curve (in bytes)+ secretKeySize :: proxy curve -> Int++ -- hash with specified parameters+ hashWithDom :: (HashAlgorithm hash, ByteArrayAccess ctx, ByteArrayAccess msg)+ => proxy curve -> hash -> Bool -> ctx -> Builder -> msg -> Bytes++ -- conversion between scalar, point and public key+ pointPublic :: proxy curve -> Point curve -> PublicKey curve hash+ publicPoint :: proxy curve -> PublicKey curve hash -> CryptoFailable (Point curve)+ encodeScalarLE :: ByteArray bs => proxy curve -> Scalar curve -> bs+ decodeScalarLE :: ByteArrayAccess bs => proxy curve -> bs -> CryptoFailable (Scalar curve)++ -- how to use bits in a secret key+ scheduleSecret :: ( HashAlgorithm hash+ , HashDigestSize hash ~ CurveDigestSize curve+ )+ => proxy curve+ -> hash+ -> SecretKey curve+ -> (Scalar curve, View Bytes)++-- | Size of public keys for this curve (in bytes)+publicKeySize :: EllipticCurveEdDSA curve => proxy curve -> Int+publicKeySize prx = signatureSize prx `div` 2++-- | Size of signatures for this curve (in bytes)+signatureSize :: forall proxy curve . EllipticCurveEdDSA curve+ => proxy curve -> Int+signatureSize _ = integralNatVal (Proxy :: Proxy (CurveDigestSize curve))+++-- Constructors++-- | Try to build a public key from a bytearray+publicKey :: ( EllipticCurveEdDSA curve+ , HashAlgorithm hash+ , HashDigestSize hash ~ CurveDigestSize curve+ , ByteArrayAccess ba+ )+ => proxy curve -> hash -> ba -> CryptoFailable (PublicKey curve hash)+publicKey prx _ bs+ | B.length bs == publicKeySize prx =+ CryptoPassed (PublicKey $ B.convert bs)+ | otherwise =+ CryptoFailed CryptoError_PublicKeySizeInvalid++-- | Try to build a secret key from a bytearray+secretKey :: (EllipticCurveEdDSA curve, ByteArrayAccess ba)+ => proxy curve -> ba -> CryptoFailable (SecretKey curve)+secretKey prx bs+ | B.length bs == secretKeySize prx =+ CryptoPassed (SecretKey $ B.convert bs)+ | otherwise =+ CryptoFailed CryptoError_SecretKeyStructureInvalid++-- | Try to build a signature from a bytearray+signature :: ( EllipticCurveEdDSA curve+ , HashAlgorithm hash+ , HashDigestSize hash ~ CurveDigestSize curve+ , ByteArrayAccess ba+ )+ => proxy curve -> hash -> ba -> CryptoFailable (Signature curve hash)+signature prx _ bs+ | B.length bs == signatureSize prx =+ CryptoPassed (Signature $ B.convert bs)+ | otherwise =+ CryptoFailed CryptoError_SecretKeyStructureInvalid+++-- Conversions++-- | Generate a secret key+generateSecretKey :: (EllipticCurveEdDSA curve, MonadRandom m)+ => proxy curve -> m (SecretKey curve)+generateSecretKey prx = SecretKey <$> getRandomBytes (secretKeySize prx)++-- | Create a public key from a secret key+toPublic :: ( EllipticCurveEdDSA curve+ , HashAlgorithm hash+ , HashDigestSize hash ~ CurveDigestSize curve+ )+ => proxy curve -> hash -> SecretKey curve -> PublicKey curve hash+toPublic prx alg priv =+ let p = pointBaseSmul prx (secretScalar prx alg priv)+ in pointPublic prx p++secretScalar :: ( EllipticCurveEdDSA curve+ , HashAlgorithm hash+ , HashDigestSize hash ~ CurveDigestSize curve+ )+ => proxy curve -> hash -> SecretKey curve -> Scalar curve+secretScalar prx alg priv = fst (scheduleSecret prx alg priv)+++-- EdDSA signature generation & verification++-- | Sign a message using the key pair+sign :: ( EllipticCurveEdDSA curve+ , HashAlgorithm hash+ , HashDigestSize hash ~ CurveDigestSize curve+ , ByteArrayAccess msg+ )+ => proxy curve -> SecretKey curve -> PublicKey curve hash -> msg -> Signature curve hash+sign prx = signCtx prx emptyCtx++-- | Verify a message+verify :: ( EllipticCurveEdDSA curve+ , HashAlgorithm hash+ , HashDigestSize hash ~ CurveDigestSize curve+ , ByteArrayAccess msg+ )+ => proxy curve -> PublicKey curve hash -> msg -> Signature curve hash -> Bool+verify prx = verifyCtx prx emptyCtx++-- | Sign a message using the key pair under context @ctx@+signCtx :: ( EllipticCurveEdDSA curve+ , HashAlgorithm hash+ , HashDigestSize hash ~ CurveDigestSize curve+ , ByteArrayAccess ctx+ , ByteArrayAccess msg+ )+ => proxy curve -> ctx -> SecretKey curve -> PublicKey curve hash -> msg -> Signature curve hash+signCtx prx = signPhCtx prx False++-- | Verify a message under context @ctx@+verifyCtx :: ( EllipticCurveEdDSA curve+ , HashAlgorithm hash+ , HashDigestSize hash ~ CurveDigestSize curve+ , ByteArrayAccess ctx+ , ByteArrayAccess msg+ )+ => proxy curve -> ctx -> PublicKey curve hash -> msg -> Signature curve hash -> Bool+verifyCtx prx = verifyPhCtx prx False++-- | Sign a prehashed message using the key pair under context @ctx@+signPh :: ( EllipticCurveEdDSA curve+ , HashAlgorithm hash+ , HashDigestSize hash ~ CurveDigestSize curve+ , ByteArrayAccess ctx+ )+ => proxy curve -> ctx -> SecretKey curve -> PublicKey curve hash -> Digest prehash -> Signature curve hash+signPh prx = signPhCtx prx True++-- | Verify a prehashed message under context @ctx@+verifyPh :: ( EllipticCurveEdDSA curve+ , HashAlgorithm hash+ , HashDigestSize hash ~ CurveDigestSize curve+ , ByteArrayAccess ctx+ )+ => proxy curve -> ctx -> PublicKey curve hash -> Digest prehash -> Signature curve hash -> Bool+verifyPh prx = verifyPhCtx prx True++signPhCtx :: forall proxy curve hash ctx msg .+ ( EllipticCurveEdDSA curve+ , HashAlgorithm hash+ , HashDigestSize hash ~ CurveDigestSize curve+ , ByteArrayAccess ctx+ , ByteArrayAccess msg+ )+ => proxy curve -> Bool -> ctx -> SecretKey curve -> PublicKey curve hash -> msg -> Signature curve hash+signPhCtx prx ph ctx priv pub msg =+ let alg = undefined :: hash+ (s, prefix) = scheduleSecret prx alg priv+ digR = hashWithDom prx alg ph ctx (bytes prefix) msg+ r = decodeScalarNoErr prx digR+ pR = pointBaseSmul prx r+ bsR = encodePoint prx pR+ sK = getK prx ph ctx pub bsR msg+ sS = scalarAdd prx r (scalarMul prx sK s)+ in encodeSignature prx (bsR, pR, sS)++verifyPhCtx :: ( EllipticCurveEdDSA curve+ , HashAlgorithm hash+ , HashDigestSize hash ~ CurveDigestSize curve+ , ByteArrayAccess ctx+ , ByteArrayAccess msg+ )+ => proxy curve -> Bool -> ctx -> PublicKey curve hash -> msg -> Signature curve hash -> Bool+verifyPhCtx prx ph ctx pub msg sig =+ case doVerify of+ CryptoPassed verified -> verified+ CryptoFailed _ -> False+ where+ doVerify = do+ (bsR, pR, sS) <- decodeSignature prx sig+ nPub <- pointNegate prx `fmap` publicPoint prx pub+ let sK = getK prx ph ctx pub bsR msg+ pR' = pointsSmulVarTime prx sS sK nPub+ return (pR == pR')++emptyCtx :: Bytes+emptyCtx = B.empty++getK :: forall proxy curve hash ctx msg .+ ( EllipticCurveEdDSA curve+ , HashAlgorithm hash+ , HashDigestSize hash ~ CurveDigestSize curve+ , ByteArrayAccess ctx+ , ByteArrayAccess msg+ )+ => proxy curve -> Bool -> ctx -> PublicKey curve hash -> Bytes -> msg -> Scalar curve+getK prx ph ctx (PublicKey pub) bsR msg =+ let alg = undefined :: hash+ digK = hashWithDom prx alg ph ctx (bytes bsR <> bytes pub) msg+ in decodeScalarNoErr prx digK++encodeSignature :: EllipticCurveEdDSA curve+ => proxy curve+ -> (Bytes, Point curve, Scalar curve)+ -> Signature curve hash+encodeSignature prx (bsR, _, sS) = Signature $ buildAndFreeze $+ bytes bsR <> bytes bsS <> zero len0+ where+ bsS = encodeScalarLE prx sS :: Bytes+ len0 = signatureSize prx - B.length bsR - B.length bsS++decodeSignature :: ( EllipticCurveEdDSA curve+ , HashDigestSize hash ~ CurveDigestSize curve+ )+ => proxy curve+ -> Signature curve hash+ -> CryptoFailable (Bytes, Point curve, Scalar curve)+decodeSignature prx (Signature bs) = do+ let (bsR, bsS) = B.splitAt (publicKeySize prx) bs+ pR <- decodePoint prx bsR+ sS <- decodeScalarLE prx bsS+ return (bsR, pR, sS)++-- implementations are supposed to decode any scalar up to the size of the digest+decodeScalarNoErr :: (EllipticCurveEdDSA curve, ByteArrayAccess bs)+ => proxy curve -> bs -> Scalar curve+decodeScalarNoErr prx = unwrap "decodeScalarNoErr" . decodeScalarLE prx++unwrap :: String -> CryptoFailable a -> a+unwrap name (CryptoFailed _) = error (name ++ ": assumption failed")+unwrap _ (CryptoPassed x) = x+++-- Ed25519 implementation++instance EllipticCurveEdDSA Curve_Edwards25519 where+ type CurveDigestSize Curve_Edwards25519 = 64+ secretKeySize _ = 32++ hashWithDom _ alg ph ctx bss+ | not ph && B.null ctx = digestDomMsg alg bss+ | otherwise = digestDomMsg alg (dom <> bss)+ where dom = bytes ("SigEd25519 no Ed25519 collisions" :: ByteString) <>+ byte (if ph then 1 else 0) <>+ byte (fromIntegral $ B.length ctx) <>+ bytes ctx++ pointPublic _ = PublicKey . Edwards25519.pointEncode+ publicPoint _ = Edwards25519.pointDecode+ encodeScalarLE _ = Edwards25519.scalarEncode+ decodeScalarLE _ = Edwards25519.scalarDecodeLong++ scheduleSecret prx alg priv =+ (decodeScalarNoErr prx clamped, B.dropView hashed 32)+ where+ hashed = digest alg $ \update -> update priv++ clamped :: Bytes+ clamped = B.copyAndFreeze (B.takeView hashed 32) $ \p -> do+ b0 <- peekElemOff p 0 :: IO Word8+ b31 <- peekElemOff p 31 :: IO Word8+ pokeElemOff p 31 ((b31 .&. 0x7F) .|. 0x40)+ pokeElemOff p 0 (b0 .&. 0xF8)+++{-+ Optimize hashing by limiting the number of roundtrips between Haskell and C.+ Hash "update" functions do not use unsafe FFI call, so better concanetate+ small fragments together and call the update function once.++ Using the IO hash interface avoids context buffer copies.++ Data type Digest is not used directly but converted to Bytes early. Any use of+ withByteArray on the unpinned Digest backend would require copy through a+ pinned trampoline.+-}++digestDomMsg :: (HashAlgorithm alg, ByteArrayAccess msg)+ => alg -> Builder -> msg -> Bytes+digestDomMsg alg bss bs = digest alg $ \update ->+ update (buildAndFreeze bss :: Bytes) >> update bs++digest :: HashAlgorithm alg+ => alg+ -> ((forall bs . ByteArrayAccess bs => bs -> IO ()) -> IO ())+ -> Bytes+digest alg fn = B.convert $ unsafeDoIO $ do+ mc <- hashMutableInitWith alg+ fn (hashMutableUpdate mc)+ hashMutableFinalize mc
benchs/Bench.hs view
@@ -1,6 +1,7 @@ {-# LANGUAGE OverloadedStrings #-} {-# LANGUAGE ExistentialQuantification #-} {-# LANGUAGE FlexibleContexts #-}+{-# LANGUAGE TypeFamilies #-} module Main where import Gauge.Main@@ -24,6 +25,8 @@ import qualified Crypto.PubKey.ECC.Types as ECC import qualified Crypto.PubKey.ECC.Prim as ECC import qualified Crypto.PubKey.ECDSA as ECDSA+import qualified Crypto.PubKey.Ed25519 as Ed25519+import qualified Crypto.PubKey.EdDSA as EdDSA import Crypto.Random import Control.DeepSeq (NFData)@@ -325,6 +328,44 @@ , ("secp521r1_sha512", CurveHashECDSA Curve_P521R1 SHA512) ] +benchEdDSA =+ [ bgroup "EdDSA-Ed25519" benchGenEd25519+ , bgroup "Ed25519" benchEd25519+ ]+ where+ benchGen prx alg =+ [ bench "sign" $ perBatchEnv (genEnv prx alg) (run_gen_sign prx)+ , bench "verify" $ perBatchEnv (genEnv prx alg) (run_gen_verify prx)+ ]++ benchGenEd25519 = benchGen (Just Curve_Edwards25519) SHA512+ benchEd25519 =+ [ bench "sign" $ perBatchEnv ed25519Env run_ed25519_sign+ , bench "verify" $ perBatchEnv ed25519Env run_ed25519_verify+ ]++ msg = B.empty -- empty message = worst-case scenario showing API overhead++ genEnv prx alg _ = do+ sec <- EdDSA.generateSecretKey prx+ let pub = EdDSA.toPublic prx alg sec+ sig = EdDSA.sign prx sec pub msg+ return (sec, pub, sig)++ run_gen_sign prx (sec, pub, _) = return (EdDSA.sign prx sec pub msg)++ run_gen_verify prx (_, pub, sig) = return (EdDSA.verify prx pub msg sig)++ ed25519Env _ = do+ sec <- Ed25519.generateSecretKey+ let pub = Ed25519.toPublic sec+ sig = Ed25519.sign sec pub msg+ return (sec, pub, sig)++ run_ed25519_sign (sec, pub, _) = return (Ed25519.sign sec pub msg)++ run_ed25519_verify (_, pub, sig) = return (Ed25519.verify pub msg sig)+ main = defaultMain [ bgroup "hash" benchHash , bgroup "block-cipher" benchBlockCipher@@ -338,5 +379,6 @@ , bgroup "ECDH" benchECDH ] , bgroup "ECDSA" benchECDSA+ , bgroup "EdDSA" benchEdDSA , bgroup "F2m" benchF2m ]
cbits/argon2/core.c view
@@ -4,7 +4,7 @@ * Copyright 2015 * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves *- * You may use this work under the terms of a Creative Commons CC0 1.0 + * You may use this work under the terms of a Creative Commons CC0 1.0 * License/Waiver or the Apache Public License 2.0, at your option. The terms of * these licenses can be found at: *@@ -83,25 +83,25 @@ } while ((void)0, 0) if (outlen <= BLAKE2B_OUTBYTES) {- TRY(blake2b_init(&blake_state, outlen));- TRY(blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes)));- TRY(blake2b_update(&blake_state, in, inlen));- TRY(blake2b_final(&blake_state, out, outlen));+ TRY(_cryptonite_blake2b_init(&blake_state, outlen));+ TRY(_cryptonite_blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes)));+ TRY(_cryptonite_blake2b_update(&blake_state, in, inlen));+ TRY(_cryptonite_blake2b_final(&blake_state, out, outlen)); } else { uint32_t toproduce; uint8_t out_buffer[BLAKE2B_OUTBYTES]; uint8_t in_buffer[BLAKE2B_OUTBYTES];- TRY(blake2b_init(&blake_state, BLAKE2B_OUTBYTES));- TRY(blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes)));- TRY(blake2b_update(&blake_state, in, inlen));- TRY(blake2b_final(&blake_state, out_buffer, BLAKE2B_OUTBYTES));+ TRY(_cryptonite_blake2b_init(&blake_state, BLAKE2B_OUTBYTES));+ TRY(_cryptonite_blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes)));+ TRY(_cryptonite_blake2b_update(&blake_state, in, inlen));+ TRY(_cryptonite_blake2b_final(&blake_state, out_buffer, BLAKE2B_OUTBYTES)); memcpy(out, out_buffer, BLAKE2B_OUTBYTES / 2); out += BLAKE2B_OUTBYTES / 2; toproduce = (uint32_t)outlen - BLAKE2B_OUTBYTES / 2; while (toproduce > BLAKE2B_OUTBYTES) { memcpy(in_buffer, out_buffer, BLAKE2B_OUTBYTES);- TRY(blake2b(out_buffer, BLAKE2B_OUTBYTES, in_buffer,+ TRY(_cryptonite_blake2b(out_buffer, BLAKE2B_OUTBYTES, in_buffer, BLAKE2B_OUTBYTES, NULL, 0)); memcpy(out, out_buffer, BLAKE2B_OUTBYTES / 2); out += BLAKE2B_OUTBYTES / 2;@@ -109,7 +109,7 @@ } memcpy(in_buffer, out_buffer, BLAKE2B_OUTBYTES);- TRY(blake2b(out_buffer, toproduce, in_buffer, BLAKE2B_OUTBYTES, NULL,+ TRY(_cryptonite_blake2b(out_buffer, toproduce, in_buffer, BLAKE2B_OUTBYTES, NULL, 0)); memcpy(out, out_buffer, toproduce); }@@ -149,7 +149,7 @@ } /***************Memory functions*****************/-static +static int allocate_memory(const argon2_context *context, uint8_t **memory, size_t num, size_t size) { size_t memory_size = num*size;@@ -175,7 +175,7 @@ return ARGON2_OK; }-static +static void free_memory(const argon2_context *context, uint8_t *memory, size_t num, size_t size) { size_t memory_size = num*size;@@ -425,7 +425,7 @@ } #endif /* ARGON2_NO_THREADS */-static +static int fill_memory_blocks(argon2_instance_t *instance) { if (instance == NULL || instance->lanes == 0) { return ARGON2_INCORRECT_PARAMETER;@@ -437,7 +437,7 @@ fill_memory_blocks_st(instance) : fill_memory_blocks_mt(instance); #endif }-static +static int validate_inputs(const argon2_context *context) { if (NULL == context) { return ARGON2_INCORRECT_PARAMETER;@@ -564,7 +564,7 @@ return ARGON2_OK; }-static +static void fill_first_blocks(uint8_t *blockhash, const argon2_instance_t *instance) { uint32_t l; /* Make the first and second block in each lane as G(H0||i||0) or@@ -587,7 +587,7 @@ } clear_internal_memory(blockhash_bytes, ARGON2_BLOCK_SIZE); }-static +static void initial_hash(uint8_t *blockhash, argon2_context *context, argon2_type type) { blake2b_state BlakeHash;@@ -597,31 +597,31 @@ return; } - blake2b_init(&BlakeHash, ARGON2_PREHASH_DIGEST_LENGTH);+ _cryptonite_blake2b_init(&BlakeHash, ARGON2_PREHASH_DIGEST_LENGTH); store32(&value, context->lanes);- blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));+ _cryptonite_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); store32(&value, context->outlen);- blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));+ _cryptonite_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); store32(&value, context->m_cost);- blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));+ _cryptonite_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); store32(&value, context->t_cost);- blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));+ _cryptonite_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); store32(&value, context->version);- blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));+ _cryptonite_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); store32(&value, (uint32_t)type);- blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));+ _cryptonite_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); store32(&value, context->pwdlen);- blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));+ _cryptonite_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); if (context->pwd != NULL) {- blake2b_update(&BlakeHash, (const uint8_t *)context->pwd,+ _cryptonite_blake2b_update(&BlakeHash, (const uint8_t *)context->pwd, context->pwdlen); if (context->flags & ARGON2_FLAG_CLEAR_PASSWORD) {@@ -631,18 +631,18 @@ } store32(&value, context->saltlen);- blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));+ _cryptonite_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); if (context->salt != NULL) {- blake2b_update(&BlakeHash, (const uint8_t *)context->salt,+ _cryptonite_blake2b_update(&BlakeHash, (const uint8_t *)context->salt, context->saltlen); } store32(&value, context->secretlen);- blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));+ _cryptonite_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); if (context->secret != NULL) {- blake2b_update(&BlakeHash, (const uint8_t *)context->secret,+ _cryptonite_blake2b_update(&BlakeHash, (const uint8_t *)context->secret, context->secretlen); if (context->flags & ARGON2_FLAG_CLEAR_SECRET) {@@ -652,16 +652,16 @@ } store32(&value, context->adlen);- blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));+ _cryptonite_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); if (context->ad != NULL) {- blake2b_update(&BlakeHash, (const uint8_t *)context->ad,+ _cryptonite_blake2b_update(&BlakeHash, (const uint8_t *)context->ad, context->adlen); } - blake2b_final(&BlakeHash, blockhash, ARGON2_PREHASH_DIGEST_LENGTH);+ _cryptonite_blake2b_final(&BlakeHash, blockhash, ARGON2_PREHASH_DIGEST_LENGTH); }-static +static int initialize(argon2_instance_t *instance, argon2_context *context) { uint8_t blockhash[ARGON2_PREHASH_SEED_LENGTH]; int result = ARGON2_OK;
cbits/blake2/ref/blake2.h view
@@ -142,51 +142,51 @@ }; /* Streaming API */- int blake2s_init( blake2s_state *S, size_t outlen );- int blake2s_init_key( blake2s_state *S, size_t outlen, const void *key, size_t keylen );- int blake2s_init_param( blake2s_state *S, const blake2s_param *P );- int blake2s_update( blake2s_state *S, const void *in, size_t inlen );- int blake2s_final( blake2s_state *S, void *out, size_t outlen );+ int _cryptonite_blake2s_init( blake2s_state *S, size_t outlen );+ int _cryptonite_blake2s_init_key( blake2s_state *S, size_t outlen, const void *key, size_t keylen );+ int _cryptonite_blake2s_init_param( blake2s_state *S, const blake2s_param *P );+ int _cryptonite_blake2s_update( blake2s_state *S, const void *in, size_t inlen );+ int _cryptonite_blake2s_final( blake2s_state *S, void *out, size_t outlen ); - int blake2b_init( blake2b_state *S, size_t outlen );- int blake2b_init_key( blake2b_state *S, size_t outlen, const void *key, size_t keylen );- int blake2b_init_param( blake2b_state *S, const blake2b_param *P );- int blake2b_update( blake2b_state *S, const void *in, size_t inlen );- int blake2b_final( blake2b_state *S, void *out, size_t outlen );+ int _cryptonite_blake2b_init( blake2b_state *S, size_t outlen );+ int _cryptonite_blake2b_init_key( blake2b_state *S, size_t outlen, const void *key, size_t keylen );+ int _cryptonite_blake2b_init_param( blake2b_state *S, const blake2b_param *P );+ int _cryptonite_blake2b_update( blake2b_state *S, const void *in, size_t inlen );+ int _cryptonite_blake2b_final( blake2b_state *S, void *out, size_t outlen ); - int blake2sp_init( blake2sp_state *S, size_t outlen );- int blake2sp_init_key( blake2sp_state *S, size_t outlen, const void *key, size_t keylen );- int blake2sp_update( blake2sp_state *S, const void *in, size_t inlen );- int blake2sp_final( blake2sp_state *S, void *out, size_t outlen );+ int _cryptonite_blake2sp_init( blake2sp_state *S, size_t outlen );+ int _cryptonite_blake2sp_init_key( blake2sp_state *S, size_t outlen, const void *key, size_t keylen );+ int _cryptonite_blake2sp_update( blake2sp_state *S, const void *in, size_t inlen );+ int _cryptonite_blake2sp_final( blake2sp_state *S, void *out, size_t outlen ); - int blake2bp_init( blake2bp_state *S, size_t outlen );- int blake2bp_init_key( blake2bp_state *S, size_t outlen, const void *key, size_t keylen );- int blake2bp_update( blake2bp_state *S, const void *in, size_t inlen );- int blake2bp_final( blake2bp_state *S, void *out, size_t outlen );+ int _cryptonite_blake2bp_init( blake2bp_state *S, size_t outlen );+ int _cryptonite_blake2bp_init_key( blake2bp_state *S, size_t outlen, const void *key, size_t keylen );+ int _cryptonite_blake2bp_update( blake2bp_state *S, const void *in, size_t inlen );+ int _cryptonite_blake2bp_final( blake2bp_state *S, void *out, size_t outlen ); /* Variable output length API */- int blake2xs_init( blake2xs_state *S, const size_t outlen );- int blake2xs_init_key( blake2xs_state *S, const size_t outlen, const void *key, size_t keylen );- int blake2xs_update( blake2xs_state *S, const void *in, size_t inlen );- int blake2xs_final(blake2xs_state *S, void *out, size_t outlen);+ int _cryptonite_blake2xs_init( blake2xs_state *S, const size_t outlen );+ int _cryptonite_blake2xs_init_key( blake2xs_state *S, const size_t outlen, const void *key, size_t keylen );+ int _cryptonite_blake2xs_update( blake2xs_state *S, const void *in, size_t inlen );+ int _cryptonite_blake2xs_final(blake2xs_state *S, void *out, size_t outlen); - int blake2xb_init( blake2xb_state *S, const size_t outlen );- int blake2xb_init_key( blake2xb_state *S, const size_t outlen, const void *key, size_t keylen );- int blake2xb_update( blake2xb_state *S, const void *in, size_t inlen );- int blake2xb_final(blake2xb_state *S, void *out, size_t outlen);+ int _cryptonite_blake2xb_init( blake2xb_state *S, const size_t outlen );+ int _cryptonite_blake2xb_init_key( blake2xb_state *S, const size_t outlen, const void *key, size_t keylen );+ int _cryptonite_blake2xb_update( blake2xb_state *S, const void *in, size_t inlen );+ int _cryptonite_blake2xb_final(blake2xb_state *S, void *out, size_t outlen); /* Simple API */- int blake2s( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );- int blake2b( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );+ int _cryptonite_blake2s( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );+ int _cryptonite_blake2b( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ); - int blake2sp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );- int blake2bp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );+ int _cryptonite_blake2sp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );+ int _cryptonite_blake2bp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ); - int blake2xs( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );- int blake2xb( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );+ int _cryptonite_blake2xs( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );+ int _cryptonite_blake2xb( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ); /* This is simply an alias for blake2b */- int blake2( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );+ int _cryptonite_blake2( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ); #if defined(__cplusplus) }
cbits/blake2/ref/blake2b-ref.c view
@@ -78,7 +78,7 @@ } /* init xors IV with input parameter block */-int blake2b_init_param( blake2b_state *S, const blake2b_param *P )+int _cryptonite_blake2b_init_param( blake2b_state *S, const blake2b_param *P ) { const uint8_t *p = ( const uint8_t * )( P ); size_t i;@@ -95,7 +95,7 @@ -int blake2b_init( blake2b_state *S, size_t outlen )+int _cryptonite_blake2b_init( blake2b_state *S, size_t outlen ) { blake2b_param P[1]; @@ -113,11 +113,11 @@ memset( P->reserved, 0, sizeof( P->reserved ) ); memset( P->salt, 0, sizeof( P->salt ) ); memset( P->personal, 0, sizeof( P->personal ) );- return blake2b_init_param( S, P );+ return _cryptonite_blake2b_init_param( S, P ); } -int blake2b_init_key( blake2b_state *S, size_t outlen, const void *key, size_t keylen )+int _cryptonite_blake2b_init_key( blake2b_state *S, size_t outlen, const void *key, size_t keylen ) { blake2b_param P[1]; @@ -138,13 +138,13 @@ memset( P->salt, 0, sizeof( P->salt ) ); memset( P->personal, 0, sizeof( P->personal ) ); - if( blake2b_init_param( S, P ) < 0 ) return -1;+ if( _cryptonite_blake2b_init_param( S, P ) < 0 ) return -1; { uint8_t block[BLAKE2B_BLOCKBYTES]; memset( block, 0, BLAKE2B_BLOCKBYTES ); memcpy( block, key, keylen );- blake2b_update( S, block, BLAKE2B_BLOCKBYTES );+ _cryptonite_blake2b_update( S, block, BLAKE2B_BLOCKBYTES ); secure_zero_memory( block, BLAKE2B_BLOCKBYTES ); /* Burn the key from stack */ } return 0;@@ -218,7 +218,7 @@ #undef G #undef ROUND -int blake2b_update( blake2b_state *S, const void *pin, size_t inlen )+int _cryptonite_blake2b_update( blake2b_state *S, const void *pin, size_t inlen ) { const unsigned char * in = (const unsigned char *)pin; if( inlen > 0 )@@ -245,7 +245,7 @@ return 0; } -int blake2b_final( blake2b_state *S, void *out, size_t outlen )+int _cryptonite_blake2b_final( blake2b_state *S, void *out, size_t outlen ) { uint8_t buffer[BLAKE2B_OUTBYTES] = {0}; size_t i;@@ -270,7 +270,7 @@ } /* inlen, at least, should be uint64_t. Others can be size_t. */-int blake2b( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen )+int _cryptonite_blake2b( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ) { blake2b_state S[1]; @@ -287,26 +287,26 @@ if( keylen > 0 ) {- if( blake2b_init_key( S, outlen, key, keylen ) < 0 ) return -1;+ if( _cryptonite_blake2b_init_key( S, outlen, key, keylen ) < 0 ) return -1; } else {- if( blake2b_init( S, outlen ) < 0 ) return -1;+ if( _cryptonite_blake2b_init( S, outlen ) < 0 ) return -1; } - blake2b_update( S, ( const uint8_t * )in, inlen );- blake2b_final( S, out, outlen );+ _cryptonite_blake2b_update( S, ( const uint8_t * )in, inlen );+ _cryptonite_blake2b_final( S, out, outlen ); return 0; } -int blake2( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ) {- return blake2b(out, outlen, in, inlen, key, keylen);+int _cryptonite_blake2( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ) {+ return _cryptonite_blake2b(out, outlen, in, inlen, key, keylen); } #if defined(SUPERCOP) int crypto_hash( unsigned char *out, unsigned char *in, unsigned long long inlen ) {- return blake2b( out, BLAKE2B_OUTBYTES, in, inlen, NULL, 0 );+ return _cryptonite_blake2b( out, BLAKE2B_OUTBYTES, in, inlen, NULL, 0 ); } #endif @@ -329,9 +329,9 @@ for( i = 0; i < BLAKE2_KAT_LENGTH; ++i ) { uint8_t hash[BLAKE2B_OUTBYTES];- blake2b( hash, BLAKE2B_OUTBYTES, buf, i, key, BLAKE2B_KEYBYTES );+ _cryptonite_blake2b( hash, BLAKE2B_OUTBYTES, buf, i, key, BLAKE2B_KEYBYTES ); - if( 0 != memcmp( hash, blake2b_keyed_kat[i], BLAKE2B_OUTBYTES ) )+ if( 0 != memcmp( hash, _cryptonite_blake2b_keyed_kat[i], BLAKE2B_OUTBYTES ) ) { goto fail; }@@ -346,25 +346,25 @@ size_t mlen = i; int err = 0; - if( (err = blake2b_init_key(&S, BLAKE2B_OUTBYTES, key, BLAKE2B_KEYBYTES)) < 0 ) {+ if( (err = _cryptonite_blake2b_init_key(&S, BLAKE2B_OUTBYTES, key, BLAKE2B_KEYBYTES)) < 0 ) { goto fail; } while (mlen >= step) {- if ( (err = blake2b_update(&S, p, step)) < 0 ) {+ if ( (err = _cryptonite_blake2b_update(&S, p, step)) < 0 ) { goto fail; } mlen -= step; p += step; }- if ( (err = blake2b_update(&S, p, mlen)) < 0) {+ if ( (err = _cryptonite_blake2b_update(&S, p, mlen)) < 0) { goto fail; }- if ( (err = blake2b_final(&S, hash, BLAKE2B_OUTBYTES)) < 0) {+ if ( (err = _cryptonite_blake2b_final(&S, hash, BLAKE2B_OUTBYTES)) < 0) { goto fail; } - if (0 != memcmp(hash, blake2b_keyed_kat[i], BLAKE2B_OUTBYTES)) {+ if (0 != memcmp(hash, _cryptonite_blake2b_keyed_kat[i], BLAKE2B_OUTBYTES)) { goto fail; } }
cbits/blake2/ref/blake2bp-ref.c view
@@ -36,7 +36,7 @@ */ static int blake2bp_init_leaf_param( blake2b_state *S, const blake2b_param *P ) {- int err = blake2b_init_param(S, P);+ int err = _cryptonite_blake2b_init_param(S, P); S->outlen = P->inner_length; return err; }@@ -74,11 +74,11 @@ memset( P->reserved, 0, sizeof( P->reserved ) ); memset( P->salt, 0, sizeof( P->salt ) ); memset( P->personal, 0, sizeof( P->personal ) );- return blake2b_init_param( S, P );+ return _cryptonite_blake2b_init_param( S, P ); } -int blake2bp_init( blake2bp_state *S, size_t outlen )+int _cryptonite_blake2bp_init( blake2bp_state *S, size_t outlen ) { size_t i; @@ -99,7 +99,7 @@ return 0; } -int blake2bp_init_key( blake2bp_state *S, size_t outlen, const void *key, size_t keylen )+int _cryptonite_blake2bp_init_key( blake2bp_state *S, size_t outlen, const void *key, size_t keylen ) { size_t i; @@ -125,7 +125,7 @@ memcpy( block, key, keylen ); for( i = 0; i < PARALLELISM_DEGREE; ++i )- blake2b_update( S->S[i], block, BLAKE2B_BLOCKBYTES );+ _cryptonite_blake2b_update( S->S[i], block, BLAKE2B_BLOCKBYTES ); secure_zero_memory( block, BLAKE2B_BLOCKBYTES ); /* Burn the key from stack */ }@@ -133,7 +133,7 @@ } -int blake2bp_update( blake2bp_state *S, const void *pin, size_t inlen )+int _cryptonite_blake2bp_update( blake2bp_state *S, const void *pin, size_t inlen ) { const unsigned char * in = (const unsigned char *)pin; size_t left = S->buflen;@@ -145,7 +145,7 @@ memcpy( S->buf + left, in, fill ); for( i = 0; i < PARALLELISM_DEGREE; ++i )- blake2b_update( S->S[i], S->buf + i * BLAKE2B_BLOCKBYTES, BLAKE2B_BLOCKBYTES );+ _cryptonite_blake2b_update( S->S[i], S->buf + i * BLAKE2B_BLOCKBYTES, BLAKE2B_BLOCKBYTES ); in += fill; inlen -= fill;@@ -168,7 +168,7 @@ while( inlen__ >= PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES ) {- blake2b_update( S->S[i], in__, BLAKE2B_BLOCKBYTES );+ _cryptonite_blake2b_update( S->S[i], in__, BLAKE2B_BLOCKBYTES ); in__ += PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES; inlen__ -= PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES; }@@ -184,7 +184,7 @@ return 0; } -int blake2bp_final( blake2bp_state *S, void *out, size_t outlen )+int _cryptonite_blake2bp_final( blake2bp_state *S, void *out, size_t outlen ) { uint8_t hash[PARALLELISM_DEGREE][BLAKE2B_OUTBYTES]; size_t i;@@ -201,19 +201,19 @@ if( left > BLAKE2B_BLOCKBYTES ) left = BLAKE2B_BLOCKBYTES; - blake2b_update( S->S[i], S->buf + i * BLAKE2B_BLOCKBYTES, left );+ _cryptonite_blake2b_update( S->S[i], S->buf + i * BLAKE2B_BLOCKBYTES, left ); } - blake2b_final( S->S[i], hash[i], BLAKE2B_OUTBYTES );+ _cryptonite_blake2b_final( S->S[i], hash[i], BLAKE2B_OUTBYTES ); } for( i = 0; i < PARALLELISM_DEGREE; ++i )- blake2b_update( S->R, hash[i], BLAKE2B_OUTBYTES );+ _cryptonite_blake2b_update( S->R, hash[i], BLAKE2B_OUTBYTES ); - return blake2b_final( S->R, out, S->outlen );+ return _cryptonite_blake2b_final( S->R, out, S->outlen ); } -int blake2bp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen )+int _cryptonite_blake2bp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ) { uint8_t hash[PARALLELISM_DEGREE][BLAKE2B_OUTBYTES]; blake2b_state S[PARALLELISM_DEGREE][1];@@ -243,7 +243,7 @@ memcpy( block, key, keylen ); for( i = 0; i < PARALLELISM_DEGREE; ++i )- blake2b_update( S[i], block, BLAKE2B_BLOCKBYTES );+ _cryptonite_blake2b_update( S[i], block, BLAKE2B_BLOCKBYTES ); secure_zero_memory( block, BLAKE2B_BLOCKBYTES ); /* Burn the key from stack */ }@@ -264,7 +264,7 @@ while( inlen__ >= PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES ) {- blake2b_update( S[i], in__, BLAKE2B_BLOCKBYTES );+ _cryptonite_blake2b_update( S[i], in__, BLAKE2B_BLOCKBYTES ); in__ += PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES; inlen__ -= PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES; }@@ -273,10 +273,10 @@ { const size_t left = inlen__ - i * BLAKE2B_BLOCKBYTES; const size_t len = left <= BLAKE2B_BLOCKBYTES ? left : BLAKE2B_BLOCKBYTES;- blake2b_update( S[i], in__, len );+ _cryptonite_blake2b_update( S[i], in__, len ); } - blake2b_final( S[i], hash[i], BLAKE2B_OUTBYTES );+ _cryptonite_blake2b_final( S[i], hash[i], BLAKE2B_OUTBYTES ); } if( blake2bp_init_root( FS, outlen, keylen ) < 0 )@@ -285,9 +285,9 @@ FS->last_node = 1; /* Mark as last node */ for( i = 0; i < PARALLELISM_DEGREE; ++i )- blake2b_update( FS, hash[i], BLAKE2B_OUTBYTES );+ _cryptonite_blake2b_update( FS, hash[i], BLAKE2B_OUTBYTES ); - return blake2b_final( FS, out, outlen );;+ return _cryptonite_blake2b_final( FS, out, outlen );; } #if defined(BLAKE2BP_SELFTEST)@@ -326,21 +326,21 @@ size_t mlen = i; int err = 0; - if( (err = blake2bp_init_key(&S, BLAKE2B_OUTBYTES, key, BLAKE2B_KEYBYTES)) < 0 ) {+ if( (err = _cryptonite_blake2bp_init_key(&S, BLAKE2B_OUTBYTES, key, BLAKE2B_KEYBYTES)) < 0 ) { goto fail; } while (mlen >= step) {- if ( (err = blake2bp_update(&S, p, step)) < 0 ) {+ if ( (err = _cryptonite_blake2bp_update(&S, p, step)) < 0 ) { goto fail; } mlen -= step; p += step; }- if ( (err = blake2bp_update(&S, p, mlen)) < 0) {+ if ( (err = _cryptonite_blake2bp_update(&S, p, mlen)) < 0) { goto fail; }- if ( (err = blake2bp_final(&S, hash, BLAKE2B_OUTBYTES)) < 0) {+ if ( (err = _cryptonite_blake2bp_final(&S, hash, BLAKE2B_OUTBYTES)) < 0) { goto fail; }
cbits/blake2/ref/blake2s-ref.c view
@@ -73,7 +73,7 @@ } /* init2 xors IV with input parameter block */-int blake2s_init_param( blake2s_state *S, const blake2s_param *P )+int _cryptonite_blake2s_init_param( blake2s_state *S, const blake2s_param *P ) { const unsigned char *p = ( const unsigned char * )( P ); size_t i;@@ -90,7 +90,7 @@ /* Sequential blake2s initialization */-int blake2s_init( blake2s_state *S, size_t outlen )+int _cryptonite_blake2s_init( blake2s_state *S, size_t outlen ) { blake2s_param P[1]; @@ -109,10 +109,10 @@ /* memset(P->reserved, 0, sizeof(P->reserved) ); */ memset( P->salt, 0, sizeof( P->salt ) ); memset( P->personal, 0, sizeof( P->personal ) );- return blake2s_init_param( S, P );+ return _cryptonite_blake2s_init_param( S, P ); } -int blake2s_init_key( blake2s_state *S, size_t outlen, const void *key, size_t keylen )+int _cryptonite_blake2s_init_key( blake2s_state *S, size_t outlen, const void *key, size_t keylen ) { blake2s_param P[1]; @@ -133,13 +133,13 @@ memset( P->salt, 0, sizeof( P->salt ) ); memset( P->personal, 0, sizeof( P->personal ) ); - if( blake2s_init_param( S, P ) < 0 ) return -1;+ if( _cryptonite_blake2s_init_param( S, P ) < 0 ) return -1; { uint8_t block[BLAKE2S_BLOCKBYTES]; memset( block, 0, BLAKE2S_BLOCKBYTES ); memcpy( block, key, keylen );- blake2s_update( S, block, BLAKE2S_BLOCKBYTES );+ _cryptonite_blake2s_update( S, block, BLAKE2S_BLOCKBYTES ); secure_zero_memory( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from stack */ } return 0;@@ -211,7 +211,7 @@ #undef G #undef ROUND -int blake2s_update( blake2s_state *S, const void *pin, size_t inlen )+int _cryptonite_blake2s_update( blake2s_state *S, const void *pin, size_t inlen ) { const unsigned char * in = (const unsigned char *)pin; if( inlen > 0 )@@ -238,7 +238,7 @@ return 0; } -int blake2s_final( blake2s_state *S, void *out, size_t outlen )+int _cryptonite_blake2s_final( blake2s_state *S, void *out, size_t outlen ) { uint8_t buffer[BLAKE2S_OUTBYTES] = {0}; size_t i;@@ -262,7 +262,7 @@ return 0; } -int blake2s( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen )+int _cryptonite_blake2s( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ) { blake2s_state S[1]; @@ -279,22 +279,22 @@ if( keylen > 0 ) {- if( blake2s_init_key( S, outlen, key, keylen ) < 0 ) return -1;+ if( _cryptonite_blake2s_init_key( S, outlen, key, keylen ) < 0 ) return -1; } else {- if( blake2s_init( S, outlen ) < 0 ) return -1;+ if( _cryptonite_blake2s_init( S, outlen ) < 0 ) return -1; } - blake2s_update( S, ( const uint8_t * )in, inlen );- blake2s_final( S, out, outlen );+ _cryptonite_blake2s_update( S, ( const uint8_t * )in, inlen );+ _cryptonite_blake2s_final( S, out, outlen ); return 0; } #if defined(SUPERCOP) int crypto_hash( unsigned char *out, unsigned char *in, unsigned long long inlen ) {- return blake2s( out, BLAKE2S_OUTBYTES, in, inlen, NULL, 0 );+ return _cryptonite_blake2s( out, BLAKE2S_OUTBYTES, in, inlen, NULL, 0 ); } #endif @@ -317,7 +317,7 @@ for( i = 0; i < BLAKE2_KAT_LENGTH; ++i ) { uint8_t hash[BLAKE2S_OUTBYTES];- blake2s( hash, BLAKE2S_OUTBYTES, buf, i, key, BLAKE2S_KEYBYTES );+ _cryptonite_blake2s( hash, BLAKE2S_OUTBYTES, buf, i, key, BLAKE2S_KEYBYTES ); if( 0 != memcmp( hash, blake2s_keyed_kat[i], BLAKE2S_OUTBYTES ) ) {@@ -334,21 +334,21 @@ size_t mlen = i; int err = 0; - if( (err = blake2s_init_key(&S, BLAKE2S_OUTBYTES, key, BLAKE2S_KEYBYTES)) < 0 ) {+ if( (err = _cryptonite_blake2s_init_key(&S, BLAKE2S_OUTBYTES, key, BLAKE2S_KEYBYTES)) < 0 ) { goto fail; } while (mlen >= step) {- if ( (err = blake2s_update(&S, p, step)) < 0 ) {+ if ( (err = _cryptonite_blake2s_update(&S, p, step)) < 0 ) { goto fail; } mlen -= step; p += step; }- if ( (err = blake2s_update(&S, p, mlen)) < 0) {+ if ( (err = _cryptonite_blake2s_update(&S, p, mlen)) < 0) { goto fail; }- if ( (err = blake2s_final(&S, hash, BLAKE2S_OUTBYTES)) < 0) {+ if ( (err = _cryptonite_blake2s_final(&S, hash, BLAKE2S_OUTBYTES)) < 0) { goto fail; }
cbits/blake2/ref/blake2sp-ref.c view
@@ -35,7 +35,7 @@ */ static int blake2sp_init_leaf_param( blake2s_state *S, const blake2s_param *P ) {- int err = blake2s_init_param(S, P);+ int err = _cryptonite_blake2s_init_param(S, P); S->outlen = P->inner_length; return err; }@@ -71,11 +71,11 @@ P->inner_length = BLAKE2S_OUTBYTES; memset( P->salt, 0, sizeof( P->salt ) ); memset( P->personal, 0, sizeof( P->personal ) );- return blake2s_init_param( S, P );+ return _cryptonite_blake2s_init_param( S, P ); } -int blake2sp_init( blake2sp_state *S, size_t outlen )+int _cryptonite_blake2sp_init( blake2sp_state *S, size_t outlen ) { size_t i; @@ -96,7 +96,7 @@ return 0; } -int blake2sp_init_key( blake2sp_state *S, size_t outlen, const void *key, size_t keylen )+int _cryptonite_blake2sp_init_key( blake2sp_state *S, size_t outlen, const void *key, size_t keylen ) { size_t i; @@ -122,7 +122,7 @@ memcpy( block, key, keylen ); for( i = 0; i < PARALLELISM_DEGREE; ++i )- blake2s_update( S->S[i], block, BLAKE2S_BLOCKBYTES );+ _cryptonite_blake2s_update( S->S[i], block, BLAKE2S_BLOCKBYTES ); secure_zero_memory( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from stack */ }@@ -130,7 +130,7 @@ } -int blake2sp_update( blake2sp_state *S, const void *pin, size_t inlen )+int _cryptonite_blake2sp_update( blake2sp_state *S, const void *pin, size_t inlen ) { const unsigned char * in = (const unsigned char *)pin; size_t left = S->buflen;@@ -142,7 +142,7 @@ memcpy( S->buf + left, in, fill ); for( i = 0; i < PARALLELISM_DEGREE; ++i )- blake2s_update( S->S[i], S->buf + i * BLAKE2S_BLOCKBYTES, BLAKE2S_BLOCKBYTES );+ _cryptonite_blake2s_update( S->S[i], S->buf + i * BLAKE2S_BLOCKBYTES, BLAKE2S_BLOCKBYTES ); in += fill; inlen -= fill;@@ -164,7 +164,7 @@ while( inlen__ >= PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES ) {- blake2s_update( S->S[i], in__, BLAKE2S_BLOCKBYTES );+ _cryptonite_blake2s_update( S->S[i], in__, BLAKE2S_BLOCKBYTES ); in__ += PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES; inlen__ -= PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES; }@@ -181,7 +181,7 @@ } -int blake2sp_final( blake2sp_state *S, void *out, size_t outlen )+int _cryptonite_blake2sp_final( blake2sp_state *S, void *out, size_t outlen ) { uint8_t hash[PARALLELISM_DEGREE][BLAKE2S_OUTBYTES]; size_t i;@@ -198,20 +198,20 @@ if( left > BLAKE2S_BLOCKBYTES ) left = BLAKE2S_BLOCKBYTES; - blake2s_update( S->S[i], S->buf + i * BLAKE2S_BLOCKBYTES, left );+ _cryptonite_blake2s_update( S->S[i], S->buf + i * BLAKE2S_BLOCKBYTES, left ); } - blake2s_final( S->S[i], hash[i], BLAKE2S_OUTBYTES );+ _cryptonite_blake2s_final( S->S[i], hash[i], BLAKE2S_OUTBYTES ); } for( i = 0; i < PARALLELISM_DEGREE; ++i )- blake2s_update( S->R, hash[i], BLAKE2S_OUTBYTES );+ _cryptonite_blake2s_update( S->R, hash[i], BLAKE2S_OUTBYTES ); - return blake2s_final( S->R, out, S->outlen );+ return _cryptonite_blake2s_final( S->R, out, S->outlen ); } -int blake2sp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen )+int _cryptonite_blake2sp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ) { uint8_t hash[PARALLELISM_DEGREE][BLAKE2S_OUTBYTES]; blake2s_state S[PARALLELISM_DEGREE][1];@@ -241,7 +241,7 @@ memcpy( block, key, keylen ); for( i = 0; i < PARALLELISM_DEGREE; ++i )- blake2s_update( S[i], block, BLAKE2S_BLOCKBYTES );+ _cryptonite_blake2s_update( S[i], block, BLAKE2S_BLOCKBYTES ); secure_zero_memory( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from stack */ }@@ -262,7 +262,7 @@ while( inlen__ >= PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES ) {- blake2s_update( S[i], in__, BLAKE2S_BLOCKBYTES );+ _cryptonite_blake2s_update( S[i], in__, BLAKE2S_BLOCKBYTES ); in__ += PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES; inlen__ -= PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES; }@@ -271,10 +271,10 @@ { const size_t left = inlen__ - i * BLAKE2S_BLOCKBYTES; const size_t len = left <= BLAKE2S_BLOCKBYTES ? left : BLAKE2S_BLOCKBYTES;- blake2s_update( S[i], in__, len );+ _cryptonite_blake2s_update( S[i], in__, len ); } - blake2s_final( S[i], hash[i], BLAKE2S_OUTBYTES );+ _cryptonite_blake2s_final( S[i], hash[i], BLAKE2S_OUTBYTES ); } if( blake2sp_init_root( FS, outlen, keylen ) < 0 )@@ -283,9 +283,9 @@ FS->last_node = 1; for( i = 0; i < PARALLELISM_DEGREE; ++i )- blake2s_update( FS, hash[i], BLAKE2S_OUTBYTES );+ _cryptonite_blake2s_update( FS, hash[i], BLAKE2S_OUTBYTES ); - return blake2s_final( FS, out, outlen );+ return _cryptonite_blake2s_final( FS, out, outlen ); } @@ -309,7 +309,7 @@ for( i = 0; i < BLAKE2_KAT_LENGTH; ++i ) { uint8_t hash[BLAKE2S_OUTBYTES];- blake2sp( hash, BLAKE2S_OUTBYTES, buf, i, key, BLAKE2S_KEYBYTES );+ _cryptonite_blake2sp( hash, BLAKE2S_OUTBYTES, buf, i, key, BLAKE2S_KEYBYTES ); if( 0 != memcmp( hash, blake2sp_keyed_kat[i], BLAKE2S_OUTBYTES ) ) {@@ -326,21 +326,21 @@ size_t mlen = i; int err = 0; - if( (err = blake2sp_init_key(&S, BLAKE2S_OUTBYTES, key, BLAKE2S_KEYBYTES)) < 0 ) {+ if( (err = _cryptonite_blake2sp_init_key(&S, BLAKE2S_OUTBYTES, key, BLAKE2S_KEYBYTES)) < 0 ) { goto fail; } while (mlen >= step) {- if ( (err = blake2sp_update(&S, p, step)) < 0 ) {+ if ( (err = _cryptonite_blake2sp_update(&S, p, step)) < 0 ) { goto fail; } mlen -= step; p += step; }- if ( (err = blake2sp_update(&S, p, mlen)) < 0) {+ if ( (err = _cryptonite_blake2sp_update(&S, p, mlen)) < 0) { goto fail; }- if ( (err = blake2sp_final(&S, hash, BLAKE2S_OUTBYTES)) < 0) {+ if ( (err = _cryptonite_blake2sp_final(&S, hash, BLAKE2S_OUTBYTES)) < 0) { goto fail; }
cbits/blake2/sse/blake2.h view
@@ -142,51 +142,51 @@ }; /* Streaming API */- int blake2s_init( blake2s_state *S, size_t outlen );- int blake2s_init_key( blake2s_state *S, size_t outlen, const void *key, size_t keylen );- int blake2s_init_param( blake2s_state *S, const blake2s_param *P );- int blake2s_update( blake2s_state *S, const void *in, size_t inlen );- int blake2s_final( blake2s_state *S, void *out, size_t outlen );+ int _cryptonite_blake2s_init( blake2s_state *S, size_t outlen );+ int _cryptonite_blake2s_init_key( blake2s_state *S, size_t outlen, const void *key, size_t keylen );+ int _cryptonite_blake2s_init_param( blake2s_state *S, const blake2s_param *P );+ int _cryptonite_blake2s_update( blake2s_state *S, const void *in, size_t inlen );+ int _cryptonite_blake2s_final( blake2s_state *S, void *out, size_t outlen ); - int blake2b_init( blake2b_state *S, size_t outlen );- int blake2b_init_key( blake2b_state *S, size_t outlen, const void *key, size_t keylen );- int blake2b_init_param( blake2b_state *S, const blake2b_param *P );- int blake2b_update( blake2b_state *S, const void *in, size_t inlen );- int blake2b_final( blake2b_state *S, void *out, size_t outlen );+ int _cryptonite_blake2b_init( blake2b_state *S, size_t outlen );+ int _cryptonite_blake2b_init_key( blake2b_state *S, size_t outlen, const void *key, size_t keylen );+ int _cryptonite_blake2b_init_param( blake2b_state *S, const blake2b_param *P );+ int _cryptonite_blake2b_update( blake2b_state *S, const void *in, size_t inlen );+ int _cryptonite_blake2b_final( blake2b_state *S, void *out, size_t outlen ); - int blake2sp_init( blake2sp_state *S, size_t outlen );- int blake2sp_init_key( blake2sp_state *S, size_t outlen, const void *key, size_t keylen );- int blake2sp_update( blake2sp_state *S, const void *in, size_t inlen );- int blake2sp_final( blake2sp_state *S, void *out, size_t outlen );+ int _cryptonite_blake2sp_init( blake2sp_state *S, size_t outlen );+ int _cryptonite_blake2sp_init_key( blake2sp_state *S, size_t outlen, const void *key, size_t keylen );+ int _cryptonite_blake2sp_update( blake2sp_state *S, const void *in, size_t inlen );+ int _cryptonite_blake2sp_final( blake2sp_state *S, void *out, size_t outlen ); - int blake2bp_init( blake2bp_state *S, size_t outlen );- int blake2bp_init_key( blake2bp_state *S, size_t outlen, const void *key, size_t keylen );- int blake2bp_update( blake2bp_state *S, const void *in, size_t inlen );- int blake2bp_final( blake2bp_state *S, void *out, size_t outlen );+ int _cryptonite_blake2bp_init( blake2bp_state *S, size_t outlen );+ int _cryptonite_blake2bp_init_key( blake2bp_state *S, size_t outlen, const void *key, size_t keylen );+ int _cryptonite_blake2bp_update( blake2bp_state *S, const void *in, size_t inlen );+ int _cryptonite_blake2bp_final( blake2bp_state *S, void *out, size_t outlen ); /* Variable output length API */- int blake2xs_init( blake2xs_state *S, const size_t outlen );- int blake2xs_init_key( blake2xs_state *S, const size_t outlen, const void *key, size_t keylen );- int blake2xs_update( blake2xs_state *S, const void *in, size_t inlen );- int blake2xs_final(blake2xs_state *S, void *out, size_t outlen);+ int _cryptonite_blake2xs_init( blake2xs_state *S, const size_t outlen );+ int _cryptonite_blake2xs_init_key( blake2xs_state *S, const size_t outlen, const void *key, size_t keylen );+ int _cryptonite_blake2xs_update( blake2xs_state *S, const void *in, size_t inlen );+ int _cryptonite_blake2xs_final(blake2xs_state *S, void *out, size_t outlen); - int blake2xb_init( blake2xb_state *S, const size_t outlen );- int blake2xb_init_key( blake2xb_state *S, const size_t outlen, const void *key, size_t keylen );- int blake2xb_update( blake2xb_state *S, const void *in, size_t inlen );- int blake2xb_final(blake2xb_state *S, void *out, size_t outlen);+ int _cryptonite_blake2xb_init( blake2xb_state *S, const size_t outlen );+ int _cryptonite_blake2xb_init_key( blake2xb_state *S, const size_t outlen, const void *key, size_t keylen );+ int _cryptonite_blake2xb_update( blake2xb_state *S, const void *in, size_t inlen );+ int _cryptonite_blake2xb_final(blake2xb_state *S, void *out, size_t outlen); /* Simple API */- int blake2s( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );- int blake2b( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );+ int _cryptonite_blake2s( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );+ int _cryptonite_blake2b( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ); - int blake2sp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );- int blake2bp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );+ int _cryptonite_blake2sp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );+ int _cryptonite_blake2bp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ); - int blake2xs( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );- int blake2xb( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );+ int _cryptonite_blake2xs( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );+ int _cryptonite_blake2xb( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ); /* This is simply an alias for blake2b */- int blake2( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen );+ int _cryptonite_blake2( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ); #if defined(__cplusplus) }
cbits/blake2/sse/blake2b.c view
@@ -74,7 +74,7 @@ } /* init xors IV with input parameter block */-int blake2b_init_param( blake2b_state *S, const blake2b_param *P )+int _cryptonite_blake2b_init_param( blake2b_state *S, const blake2b_param *P ) { size_t i; /*blake2b_init0( S ); */@@ -92,7 +92,7 @@ /* Some sort of default parameter block initialization, for sequential blake2b */-int blake2b_init( blake2b_state *S, size_t outlen )+int _cryptonite_blake2b_init( blake2b_state *S, size_t outlen ) { blake2b_param P[1]; @@ -111,10 +111,10 @@ memset( P->salt, 0, sizeof( P->salt ) ); memset( P->personal, 0, sizeof( P->personal ) ); - return blake2b_init_param( S, P );+ return _cryptonite_blake2b_init_param( S, P ); } -int blake2b_init_key( blake2b_state *S, size_t outlen, const void *key, size_t keylen )+int _cryptonite_blake2b_init_key( blake2b_state *S, size_t outlen, const void *key, size_t keylen ) { blake2b_param P[1]; @@ -135,14 +135,14 @@ memset( P->salt, 0, sizeof( P->salt ) ); memset( P->personal, 0, sizeof( P->personal ) ); - if( blake2b_init_param( S, P ) < 0 )+ if( _cryptonite_blake2b_init_param( S, P ) < 0 ) return 0; { uint8_t block[BLAKE2B_BLOCKBYTES]; memset( block, 0, BLAKE2B_BLOCKBYTES ); memcpy( block, key, keylen );- blake2b_update( S, block, BLAKE2B_BLOCKBYTES );+ _cryptonite_blake2b_update( S, block, BLAKE2B_BLOCKBYTES ); secure_zero_memory( block, BLAKE2B_BLOCKBYTES ); /* Burn the key from stack */ } return 0;@@ -218,7 +218,7 @@ } -int blake2b_update( blake2b_state *S, const void *pin, size_t inlen )+int _cryptonite_blake2b_update( blake2b_state *S, const void *pin, size_t inlen ) { const unsigned char * in = (const unsigned char *)pin; if( inlen > 0 )@@ -246,7 +246,7 @@ } -int blake2b_final( blake2b_state *S, void *out, size_t outlen )+int _cryptonite_blake2b_final( blake2b_state *S, void *out, size_t outlen ) { if( out == NULL || outlen < S->outlen ) return -1;@@ -264,7 +264,7 @@ } -int blake2b( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen )+int _cryptonite_blake2b( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ) { blake2b_state S[1]; @@ -281,26 +281,26 @@ if( keylen ) {- if( blake2b_init_key( S, outlen, key, keylen ) < 0 ) return -1;+ if( _cryptonite_blake2b_init_key( S, outlen, key, keylen ) < 0 ) return -1; } else {- if( blake2b_init( S, outlen ) < 0 ) return -1;+ if( _cryptonite_blake2b_init( S, outlen ) < 0 ) return -1; } - blake2b_update( S, ( const uint8_t * )in, inlen );- blake2b_final( S, out, outlen );+ _cryptonite_blake2b_update( S, ( const uint8_t * )in, inlen );+ _cryptonite_blake2b_final( S, out, outlen ); return 0; } -int blake2( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ) {- return blake2b(out, outlen, in, inlen, key, keylen);+int _cryptonite_blake2( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ) {+ return _cryptonite_blake2b(out, outlen, in, inlen, key, keylen); } #if defined(SUPERCOP) int crypto_hash( unsigned char *out, unsigned char *in, unsigned long long inlen ) {- return blake2b( out, BLAKE2B_OUTBYTES, in, inlen, NULL, 0 );+ return _cryptonite_blake2b( out, BLAKE2B_OUTBYTES, in, inlen, NULL, 0 ); } #endif @@ -340,21 +340,21 @@ size_t mlen = i; int err = 0; - if( (err = blake2b_init_key(&S, BLAKE2B_OUTBYTES, key, BLAKE2B_KEYBYTES)) < 0 ) {+ if( (err = _cryptonite_blake2b_init_key(&S, BLAKE2B_OUTBYTES, key, BLAKE2B_KEYBYTES)) < 0 ) { goto fail; } while (mlen >= step) {- if ( (err = blake2b_update(&S, p, step)) < 0 ) {+ if ( (err = _cryptonite_blake2b_update(&S, p, step)) < 0 ) { goto fail; } mlen -= step; p += step; }- if ( (err = blake2b_update(&S, p, mlen)) < 0) {+ if ( (err = _cryptonite_blake2b_update(&S, p, mlen)) < 0) { goto fail; }- if ( (err = blake2b_final(&S, hash, BLAKE2B_OUTBYTES)) < 0) {+ if ( (err = _cryptonite_blake2b_final(&S, hash, BLAKE2B_OUTBYTES)) < 0) { goto fail; }
cbits/blake2/sse/blake2bp.c view
@@ -36,7 +36,7 @@ */ static int blake2bp_init_leaf_param( blake2b_state *S, const blake2b_param *P ) {- int err = blake2b_init_param(S, P);+ int err = _cryptonite_blake2b_init_param(S, P); S->outlen = P->inner_length; return err; }@@ -74,11 +74,11 @@ memset( P->reserved, 0, sizeof( P->reserved ) ); memset( P->salt, 0, sizeof( P->salt ) ); memset( P->personal, 0, sizeof( P->personal ) );- return blake2b_init_param( S, P );+ return _cryptonite_blake2b_init_param( S, P ); } -int blake2bp_init( blake2bp_state *S, size_t outlen )+int _cryptonite_blake2bp_init( blake2bp_state *S, size_t outlen ) { size_t i; if( !outlen || outlen > BLAKE2B_OUTBYTES ) return -1;@@ -98,7 +98,7 @@ return 0; } -int blake2bp_init_key( blake2bp_state *S, size_t outlen, const void *key, size_t keylen )+int _cryptonite_blake2bp_init_key( blake2bp_state *S, size_t outlen, const void *key, size_t keylen ) { size_t i; @@ -124,7 +124,7 @@ memcpy( block, key, keylen ); for( i = 0; i < PARALLELISM_DEGREE; ++i )- blake2b_update( S->S[i], block, BLAKE2B_BLOCKBYTES );+ _cryptonite_blake2b_update( S->S[i], block, BLAKE2B_BLOCKBYTES ); secure_zero_memory( block, BLAKE2B_BLOCKBYTES ); /* Burn the key from stack */ }@@ -132,7 +132,7 @@ } -int blake2bp_update( blake2bp_state *S, const void *pin, size_t inlen )+int _cryptonite_blake2bp_update( blake2bp_state *S, const void *pin, size_t inlen ) { const unsigned char * in = (const unsigned char *)pin; size_t left = S->buflen;@@ -144,7 +144,7 @@ memcpy( S->buf + left, in, fill ); for( i = 0; i < PARALLELISM_DEGREE; ++i )- blake2b_update( S->S[i], S->buf + i * BLAKE2B_BLOCKBYTES, BLAKE2B_BLOCKBYTES );+ _cryptonite_blake2b_update( S->S[i], S->buf + i * BLAKE2B_BLOCKBYTES, BLAKE2B_BLOCKBYTES ); in += fill; inlen -= fill;@@ -167,7 +167,7 @@ while( inlen__ >= PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES ) {- blake2b_update( S->S[i], in__, BLAKE2B_BLOCKBYTES );+ _cryptonite_blake2b_update( S->S[i], in__, BLAKE2B_BLOCKBYTES ); in__ += PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES; inlen__ -= PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES; }@@ -185,7 +185,7 @@ -int blake2bp_final( blake2bp_state *S, void *out, size_t outlen )+int _cryptonite_blake2bp_final( blake2bp_state *S, void *out, size_t outlen ) { uint8_t hash[PARALLELISM_DEGREE][BLAKE2B_OUTBYTES]; size_t i;@@ -202,19 +202,19 @@ if( left > BLAKE2B_BLOCKBYTES ) left = BLAKE2B_BLOCKBYTES; - blake2b_update( S->S[i], S->buf + i * BLAKE2B_BLOCKBYTES, left );+ _cryptonite_blake2b_update( S->S[i], S->buf + i * BLAKE2B_BLOCKBYTES, left ); } - blake2b_final( S->S[i], hash[i], BLAKE2B_OUTBYTES );+ _cryptonite_blake2b_final( S->S[i], hash[i], BLAKE2B_OUTBYTES ); } for( i = 0; i < PARALLELISM_DEGREE; ++i )- blake2b_update( S->R, hash[i], BLAKE2B_OUTBYTES );+ _cryptonite_blake2b_update( S->R, hash[i], BLAKE2B_OUTBYTES ); - return blake2b_final( S->R, out, S->outlen );+ return _cryptonite_blake2b_final( S->R, out, S->outlen ); } -int blake2bp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen )+int _cryptonite_blake2bp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ) { uint8_t hash[PARALLELISM_DEGREE][BLAKE2B_OUTBYTES]; blake2b_state S[PARALLELISM_DEGREE][1];@@ -244,7 +244,7 @@ memcpy( block, key, keylen ); for( i = 0; i < PARALLELISM_DEGREE; ++i )- blake2b_update( S[i], block, BLAKE2B_BLOCKBYTES );+ _cryptonite_blake2b_update( S[i], block, BLAKE2B_BLOCKBYTES ); secure_zero_memory( block, BLAKE2B_BLOCKBYTES ); /* Burn the key from stack */ }@@ -265,7 +265,7 @@ while( inlen__ >= PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES ) {- blake2b_update( S[i], in__, BLAKE2B_BLOCKBYTES );+ _cryptonite_blake2b_update( S[i], in__, BLAKE2B_BLOCKBYTES ); in__ += PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES; inlen__ -= PARALLELISM_DEGREE * BLAKE2B_BLOCKBYTES; }@@ -274,10 +274,10 @@ { const size_t left = inlen__ - i * BLAKE2B_BLOCKBYTES; const size_t len = left <= BLAKE2B_BLOCKBYTES ? left : BLAKE2B_BLOCKBYTES;- blake2b_update( S[i], in__, len );+ _cryptonite_blake2b_update( S[i], in__, len ); } - blake2b_final( S[i], hash[i], BLAKE2B_OUTBYTES );+ _cryptonite_blake2b_final( S[i], hash[i], BLAKE2B_OUTBYTES ); } if( blake2bp_init_root( FS, outlen, keylen ) < 0 )@@ -286,9 +286,9 @@ FS->last_node = 1; /* Mark as last node */ for( i = 0; i < PARALLELISM_DEGREE; ++i )- blake2b_update( FS, hash[i], BLAKE2B_OUTBYTES );+ _cryptonite_blake2b_update( FS, hash[i], BLAKE2B_OUTBYTES ); - return blake2b_final( FS, out, outlen );+ return _cryptonite_blake2b_final( FS, out, outlen ); } @@ -311,7 +311,7 @@ for( i = 0; i < BLAKE2_KAT_LENGTH; ++i ) { uint8_t hash[BLAKE2B_OUTBYTES];- blake2bp( hash, BLAKE2B_OUTBYTES, buf, i, key, BLAKE2B_KEYBYTES );+ _cryptonite_blake2bp( hash, BLAKE2B_OUTBYTES, buf, i, key, BLAKE2B_KEYBYTES ); if( 0 != memcmp( hash, blake2bp_keyed_kat[i], BLAKE2B_OUTBYTES ) ) {@@ -328,21 +328,21 @@ size_t mlen = i; int err = 0; - if( (err = blake2bp_init_key(&S, BLAKE2B_OUTBYTES, key, BLAKE2B_KEYBYTES)) < 0 ) {+ if( (err = _cryptonite_blake2bp_init_key(&S, BLAKE2B_OUTBYTES, key, BLAKE2B_KEYBYTES)) < 0 ) { goto fail; } while (mlen >= step) {- if ( (err = blake2bp_update(&S, p, step)) < 0 ) {+ if ( (err = _cryptonite_blake2bp_update(&S, p, step)) < 0 ) { goto fail; } mlen -= step; p += step; }- if ( (err = blake2bp_update(&S, p, mlen)) < 0) {+ if ( (err = _cryptonite_blake2bp_update(&S, p, mlen)) < 0) { goto fail; }- if ( (err = blake2bp_final(&S, hash, BLAKE2B_OUTBYTES)) < 0) {+ if ( (err = _cryptonite_blake2bp_final(&S, hash, BLAKE2B_OUTBYTES)) < 0) { goto fail; }
cbits/blake2/sse/blake2s.c view
@@ -72,7 +72,7 @@ } /* init2 xors IV with input parameter block */-int blake2s_init_param( blake2s_state *S, const blake2s_param *P )+int _cryptonite_blake2s_init_param( blake2s_state *S, const blake2s_param *P ) { size_t i; /*blake2s_init0( S ); */@@ -90,7 +90,7 @@ /* Some sort of default parameter block initialization, for sequential blake2s */-int blake2s_init( blake2s_state *S, size_t outlen )+int _cryptonite_blake2s_init( blake2s_state *S, size_t outlen ) { blake2s_param P[1]; @@ -110,11 +110,11 @@ memset( P->salt, 0, sizeof( P->salt ) ); memset( P->personal, 0, sizeof( P->personal ) ); - return blake2s_init_param( S, P );+ return _cryptonite_blake2s_init_param( S, P ); } -int blake2s_init_key( blake2s_state *S, size_t outlen, const void *key, size_t keylen )+int _cryptonite_blake2s_init_key( blake2s_state *S, size_t outlen, const void *key, size_t keylen ) { blake2s_param P[1]; @@ -136,14 +136,14 @@ memset( P->salt, 0, sizeof( P->salt ) ); memset( P->personal, 0, sizeof( P->personal ) ); - if( blake2s_init_param( S, P ) < 0 )+ if( _cryptonite_blake2s_init_param( S, P ) < 0 ) return -1; { uint8_t block[BLAKE2S_BLOCKBYTES]; memset( block, 0, BLAKE2S_BLOCKBYTES ); memcpy( block, key, keylen );- blake2s_update( S, block, BLAKE2S_BLOCKBYTES );+ _cryptonite_blake2s_update( S, block, BLAKE2S_BLOCKBYTES ); secure_zero_memory( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from stack */ } return 0;@@ -206,7 +206,7 @@ STOREU( &S->h[4], _mm_xor_si128( ff1, _mm_xor_si128( row2, row4 ) ) ); } -int blake2s_update( blake2s_state *S, const void *pin, size_t inlen )+int _cryptonite_blake2s_update( blake2s_state *S, const void *pin, size_t inlen ) { const unsigned char * in = (const unsigned char *)pin; if( inlen > 0 )@@ -233,7 +233,7 @@ return 0; } -int blake2s_final( blake2s_state *S, void *out, size_t outlen )+int _cryptonite_blake2s_final( blake2s_state *S, void *out, size_t outlen ) { uint8_t buffer[BLAKE2S_OUTBYTES] = {0}; size_t i;@@ -275,15 +275,15 @@ if( keylen > 0 ) {- if( blake2s_init_key( S, outlen, key, keylen ) < 0 ) return -1;+ if( _cryptonite_blake2s_init_key( S, outlen, key, keylen ) < 0 ) return -1; } else {- if( blake2s_init( S, outlen ) < 0 ) return -1;+ if( _cryptonite_blake2s_init( S, outlen ) < 0 ) return -1; } - blake2s_update( S, ( const uint8_t * )in, inlen );- blake2s_final( S, out, outlen );+ _cryptonite_blake2s_update( S, ( const uint8_t * )in, inlen );+ _cryptonite_blake2s_final( S, out, outlen ); return 0; } @@ -330,21 +330,21 @@ size_t mlen = i; int err = 0; - if( (err = blake2s_init_key(&S, BLAKE2S_OUTBYTES, key, BLAKE2S_KEYBYTES)) < 0 ) {+ if( (err = _cryptonite_blake2s_init_key(&S, BLAKE2S_OUTBYTES, key, BLAKE2S_KEYBYTES)) < 0 ) { goto fail; } while (mlen >= step) {- if ( (err = blake2s_update(&S, p, step)) < 0 ) {+ if ( (err = _cryptonite_blake2s_update(&S, p, step)) < 0 ) { goto fail; } mlen -= step; p += step; }- if ( (err = blake2s_update(&S, p, mlen)) < 0) {+ if ( (err = _cryptonite_blake2s_update(&S, p, mlen)) < 0) { goto fail; }- if ( (err = blake2s_final(&S, hash, BLAKE2S_OUTBYTES)) < 0) {+ if ( (err = _cryptonite_blake2s_final(&S, hash, BLAKE2S_OUTBYTES)) < 0) { goto fail; }
cbits/blake2/sse/blake2sp.c view
@@ -35,7 +35,7 @@ */ static int blake2sp_init_leaf_param( blake2s_state *S, const blake2s_param *P ) {- int err = blake2s_init_param(S, P);+ int err = _cryptonite_blake2s_init_param(S, P); S->outlen = P->inner_length; return err; }@@ -71,11 +71,11 @@ P->inner_length = BLAKE2S_OUTBYTES; memset( P->salt, 0, sizeof( P->salt ) ); memset( P->personal, 0, sizeof( P->personal ) );- return blake2s_init_param( S, P );+ return _cryptonite_blake2s_init_param( S, P ); } -int blake2sp_init( blake2sp_state *S, size_t outlen )+int _cryptonite_blake2sp_init( blake2sp_state *S, size_t outlen ) { size_t i; @@ -96,7 +96,7 @@ return 0; } -int blake2sp_init_key( blake2sp_state *S, size_t outlen, const void *key, size_t keylen )+int _cryptonite_blake2sp_init_key( blake2sp_state *S, size_t outlen, const void *key, size_t keylen ) { size_t i; @@ -122,7 +122,7 @@ memcpy( block, key, keylen ); for( i = 0; i < PARALLELISM_DEGREE; ++i )- blake2s_update( S->S[i], block, BLAKE2S_BLOCKBYTES );+ _cryptonite_blake2s_update( S->S[i], block, BLAKE2S_BLOCKBYTES ); secure_zero_memory( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from stack */ }@@ -130,7 +130,7 @@ } -int blake2sp_update( blake2sp_state *S, const void *pin, size_t inlen )+int _cryptonite_blake2sp_update( blake2sp_state *S, const void *pin, size_t inlen ) { const unsigned char * in = (const unsigned char *)pin; size_t left = S->buflen;@@ -142,7 +142,7 @@ memcpy( S->buf + left, in, fill ); for( i = 0; i < PARALLELISM_DEGREE; ++i )- blake2s_update( S->S[i], S->buf + i * BLAKE2S_BLOCKBYTES, BLAKE2S_BLOCKBYTES );+ _cryptonite_blake2s_update( S->S[i], S->buf + i * BLAKE2S_BLOCKBYTES, BLAKE2S_BLOCKBYTES ); in += fill; inlen -= fill;@@ -165,7 +165,7 @@ while( inlen__ >= PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES ) {- blake2s_update( S->S[i], in__, BLAKE2S_BLOCKBYTES );+ _cryptonite_blake2s_update( S->S[i], in__, BLAKE2S_BLOCKBYTES ); in__ += PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES; inlen__ -= PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES; }@@ -182,7 +182,7 @@ } -int blake2sp_final( blake2sp_state *S, void *out, size_t outlen )+int _cryptonite_blake2sp_final( blake2sp_state *S, void *out, size_t outlen ) { uint8_t hash[PARALLELISM_DEGREE][BLAKE2S_OUTBYTES]; size_t i;@@ -199,20 +199,20 @@ if( left > BLAKE2S_BLOCKBYTES ) left = BLAKE2S_BLOCKBYTES; - blake2s_update( S->S[i], S->buf + i * BLAKE2S_BLOCKBYTES, left );+ _cryptonite_blake2s_update( S->S[i], S->buf + i * BLAKE2S_BLOCKBYTES, left ); } - blake2s_final( S->S[i], hash[i], BLAKE2S_OUTBYTES );+ _cryptonite_blake2s_final( S->S[i], hash[i], BLAKE2S_OUTBYTES ); } for( i = 0; i < PARALLELISM_DEGREE; ++i )- blake2s_update( S->R, hash[i], BLAKE2S_OUTBYTES );+ _cryptonite_blake2s_update( S->R, hash[i], BLAKE2S_OUTBYTES ); - return blake2s_final( S->R, out, S->outlen );+ return _cryptonite_blake2s_final( S->R, out, S->outlen ); } -int blake2sp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen )+int _cryptonite_blake2sp( void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen ) { uint8_t hash[PARALLELISM_DEGREE][BLAKE2S_OUTBYTES]; blake2s_state S[PARALLELISM_DEGREE][1];@@ -242,7 +242,7 @@ memcpy( block, key, keylen ); for( i = 0; i < PARALLELISM_DEGREE; ++i )- blake2s_update( S[i], block, BLAKE2S_BLOCKBYTES );+ _cryptonite_blake2s_update( S[i], block, BLAKE2S_BLOCKBYTES ); secure_zero_memory( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from stack */ }@@ -263,7 +263,7 @@ while( inlen__ >= PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES ) {- blake2s_update( S[i], in__, BLAKE2S_BLOCKBYTES );+ _cryptonite_blake2s_update( S[i], in__, BLAKE2S_BLOCKBYTES ); in__ += PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES; inlen__ -= PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES; }@@ -272,10 +272,10 @@ { const size_t left = inlen__ - i * BLAKE2S_BLOCKBYTES; const size_t len = left <= BLAKE2S_BLOCKBYTES ? left : BLAKE2S_BLOCKBYTES;- blake2s_update( S[i], in__, len );+ _cryptonite_blake2s_update( S[i], in__, len ); } - blake2s_final( S[i], hash[i], BLAKE2S_OUTBYTES );+ _cryptonite_blake2s_final( S[i], hash[i], BLAKE2S_OUTBYTES ); } if( blake2sp_init_root( FS, outlen, keylen ) < 0 )@@ -284,9 +284,9 @@ FS->last_node = 1; for( i = 0; i < PARALLELISM_DEGREE; ++i )- blake2s_update( FS, hash[i], BLAKE2S_OUTBYTES );+ _cryptonite_blake2s_update( FS, hash[i], BLAKE2S_OUTBYTES ); - return blake2s_final( FS, out, outlen );+ return _cryptonite_blake2s_final( FS, out, outlen ); } #if defined(BLAKE2SP_SELFTEST)@@ -308,7 +308,7 @@ for( i = 0; i < BLAKE2_KAT_LENGTH; ++i ) { uint8_t hash[BLAKE2S_OUTBYTES];- blake2sp( hash, BLAKE2S_OUTBYTES, buf, i, key, BLAKE2S_KEYBYTES );+ _cryptonite_blake2sp( hash, BLAKE2S_OUTBYTES, buf, i, key, BLAKE2S_KEYBYTES ); if( 0 != memcmp( hash, blake2sp_keyed_kat[i], BLAKE2S_OUTBYTES ) ) {@@ -325,21 +325,21 @@ size_t mlen = i; int err = 0; - if( (err = blake2sp_init_key(&S, BLAKE2S_OUTBYTES, key, BLAKE2S_KEYBYTES)) < 0 ) {+ if( (err = _cryptonite_blake2sp_init_key(&S, BLAKE2S_OUTBYTES, key, BLAKE2S_KEYBYTES)) < 0 ) { goto fail; } while (mlen >= step) {- if ( (err = blake2sp_update(&S, p, step)) < 0 ) {+ if ( (err = _cryptonite_blake2sp_update(&S, p, step)) < 0 ) { goto fail; } mlen -= step; p += step; }- if ( (err = blake2sp_update(&S, p, mlen)) < 0) {+ if ( (err = _cryptonite_blake2sp_update(&S, p, mlen)) < 0) { goto fail; }- if ( (err = blake2sp_final(&S, hash, BLAKE2S_OUTBYTES)) < 0) {+ if ( (err = _cryptonite_blake2sp_final(&S, hash, BLAKE2S_OUTBYTES)) < 0) { goto fail; }
cbits/cryptonite_blake2b.c view
@@ -2,15 +2,15 @@ void cryptonite_blake2b_init(blake2b_ctx *ctx, uint32_t hashlen) {- blake2b_init(ctx, hashlen / 8);+ _cryptonite_blake2b_init(ctx, hashlen / 8); } void cryptonite_blake2b_update(blake2b_ctx *ctx, const uint8_t *data, uint32_t len) {- blake2b_update(ctx, data, len);+ _cryptonite_blake2b_update(ctx, data, len); } void cryptonite_blake2b_finalize(blake2b_ctx *ctx, uint32_t hashlen, uint8_t *out) {- blake2b_final(ctx, out, hashlen / 8);+ _cryptonite_blake2b_final(ctx, out, hashlen / 8); }
cbits/cryptonite_blake2bp.c view
@@ -2,15 +2,15 @@ void cryptonite_blake2bp_init(blake2bp_ctx *ctx, uint32_t hashlen) {- blake2bp_init(ctx, hashlen / 8);+ _cryptonite_blake2bp_init(ctx, hashlen / 8); } void cryptonite_blake2bp_update(blake2bp_ctx *ctx, const uint8_t *data, uint32_t len) {- blake2bp_update(ctx, data, len);+ _cryptonite_blake2bp_update(ctx, data, len); } void cryptonite_blake2bp_finalize(blake2bp_ctx *ctx, uint32_t hashlen, uint8_t *out) {- blake2bp_final(ctx, out, hashlen / 8);+ _cryptonite_blake2bp_final(ctx, out, hashlen / 8); }
cbits/cryptonite_blake2s.c view
@@ -2,15 +2,15 @@ void cryptonite_blake2s_init(blake2s_ctx *ctx, uint32_t hashlen) {- blake2s_init(ctx, hashlen / 8);+ _cryptonite_blake2s_init(ctx, hashlen / 8); } void cryptonite_blake2s_update(blake2s_ctx *ctx, const uint8_t *data, uint32_t len) {- blake2s_update(ctx, data, len);+ _cryptonite_blake2s_update(ctx, data, len); } void cryptonite_blake2s_finalize(blake2s_ctx *ctx, uint32_t hashlen, uint8_t *out) {- blake2s_final(ctx, out, hashlen / 8);+ _cryptonite_blake2s_final(ctx, out, hashlen / 8); }
cbits/cryptonite_blake2sp.c view
@@ -2,15 +2,15 @@ void cryptonite_blake2sp_init(blake2sp_ctx *ctx, uint32_t hashlen) {- blake2sp_init(ctx, hashlen / 8);+ _cryptonite_blake2sp_init(ctx, hashlen / 8); } void cryptonite_blake2sp_update(blake2sp_ctx *ctx, const uint8_t *data, uint32_t len) {- blake2sp_update(ctx, data, len);+ _cryptonite_blake2sp_update(ctx, data, len); } void cryptonite_blake2sp_finalize(blake2sp_ctx *ctx, uint32_t hashlen, uint8_t *out) {- blake2sp_final(ctx, out, hashlen / 8);+ _cryptonite_blake2sp_final(ctx, out, hashlen / 8); }
cryptonite.cabal view
@@ -1,5 +1,5 @@ Name: cryptonite-version: 0.28+version: 0.30 Synopsis: Cryptography Primitives sink Description: A repository of cryptographic primitives.@@ -36,7 +36,7 @@ Homepage: https://github.com/haskell-crypto/cryptonite Bug-reports: https://github.com/haskell-crypto/cryptonite/issues Cabal-Version: 1.18-tested-with: GHC==8.8.2, GHC==8.6.5, GHC==8.4.4, GHC==8.2.2, GHC==8.0.2+tested-with: GHC==9.2.2, GHC==9.0.2, GHC==8.10.7, GHC==8.8.4 extra-doc-files: README.md CHANGELOG.md extra-source-files: cbits/*.h cbits/aes/*.h@@ -170,6 +170,7 @@ Crypto.PubKey.ECIES Crypto.PubKey.Ed25519 Crypto.PubKey.Ed448+ Crypto.PubKey.EdDSA Crypto.PubKey.RSA Crypto.PubKey.RSA.PKCS15 Crypto.PubKey.RSA.Prim@@ -235,6 +236,7 @@ Crypto.PubKey.ElGamal Crypto.ECC.Simple.Types Crypto.ECC.Simple.Prim+ Crypto.Internal.Builder Crypto.Internal.ByteArray Crypto.Internal.Compat Crypto.Internal.CompatPrim@@ -243,7 +245,7 @@ Crypto.Internal.Nat Crypto.Internal.Words Crypto.Internal.WordArray- if impl(ghc < 8.0)+ if impl(ghc < 8.8) Buildable: False else Build-depends: base@@ -429,6 +431,7 @@ KAT_DES KAT_Ed25519 KAT_Ed448+ KAT_EdDSA KAT_CMAC KAT_HKDF KAT_HMAC
+ tests/KAT_EdDSA.hs view
@@ -0,0 +1,131 @@+{-# LANGUAGE BangPatterns #-}+{-# LANGUAGE ExistentialQuantification #-}+{-# LANGUAGE GADTs #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+module KAT_EdDSA ( tests ) where++import Crypto.Error+import Crypto.ECC+import Crypto.Hash.Algorithms+import Crypto.Hash.IO+import qualified Crypto.PubKey.EdDSA as EdDSA+import Imports++data Vec = forall curve hash .+ ( EdDSA.EllipticCurveEdDSA curve+ , HashAlgorithm hash+ , HashDigestSize hash ~ EdDSA.CurveDigestSize curve+ ) => Vec+ { vecPrx :: Maybe curve+ , vecAlg :: hash+ , vecSec :: ByteString+ , vecPub :: ByteString+ , vecMsg :: ByteString+ , vecSig :: ByteString+ }++vectors =+ [ Vec+ { vecPrx = Just Curve_Edwards25519+ , vecAlg = SHA512+ , vecSec = "\x9d\x61\xb1\x9d\xef\xfd\x5a\x60\xba\x84\x4a\xf4\x92\xec\x2c\xc4\x44\x49\xc5\x69\x7b\x32\x69\x19\x70\x3b\xac\x03\x1c\xae\x7f\x60"+ , vecPub = "\xd7\x5a\x98\x01\x82\xb1\x0a\xb7\xd5\x4b\xfe\xd3\xc9\x64\x07\x3a\x0e\xe1\x72\xf3\xda\xa6\x23\x25\xaf\x02\x1a\x68\xf7\x07\x51\x1a"+ , vecMsg = ""+ , vecSig = "\xe5\x56\x43\x00\xc3\x60\xac\x72\x90\x86\xe2\xcc\x80\x6e\x82\x8a\x84\x87\x7f\x1e\xb8\xe5\xd9\x74\xd8\x73\xe0\x65\x22\x49\x01\x55\x5f\xb8\x82\x15\x90\xa3\x3b\xac\xc6\x1e\x39\x70\x1c\xf9\xb4\x6b\xd2\x5b\xf5\xf0\x59\x5b\xbe\x24\x65\x51\x41\x43\x8e\x7a\x10\x0b"+ }+ , Vec+ { vecPrx = Just Curve_Edwards25519+ , vecAlg = SHA512+ , vecSec = "\x4c\xcd\x08\x9b\x28\xff\x96\xda\x9d\xb6\xc3\x46\xec\x11\x4e\x0f\x5b\x8a\x31\x9f\x35\xab\xa6\x24\xda\x8c\xf6\xed\x4f\xb8\xa6\xfb"+ , vecPub = "\x3d\x40\x17\xc3\xe8\x43\x89\x5a\x92\xb7\x0a\xa7\x4d\x1b\x7e\xbc\x9c\x98\x2c\xcf\x2e\xc4\x96\x8c\xc0\xcd\x55\xf1\x2a\xf4\x66\x0c"+ , vecMsg = "\x72"+ , vecSig = "\x92\xa0\x09\xa9\xf0\xd4\xca\xb8\x72\x0e\x82\x0b\x5f\x64\x25\x40\xa2\xb2\x7b\x54\x16\x50\x3f\x8f\xb3\x76\x22\x23\xeb\xdb\x69\xda\x08\x5a\xc1\xe4\x3e\x15\x99\x6e\x45\x8f\x36\x13\xd0\xf1\x1d\x8c\x38\x7b\x2e\xae\xb4\x30\x2a\xee\xb0\x0d\x29\x16\x12\xbb\x0c\x00"+ }+ , Vec+ { vecPrx = Just Curve_Edwards25519+ , vecAlg = SHA512+ , vecSec = "\xc5\xaa\x8d\xf4\x3f\x9f\x83\x7b\xed\xb7\x44\x2f\x31\xdc\xb7\xb1\x66\xd3\x85\x35\x07\x6f\x09\x4b\x85\xce\x3a\x2e\x0b\x44\x58\xf7"+ , vecPub = "\xfc\x51\xcd\x8e\x62\x18\xa1\xa3\x8d\xa4\x7e\xd0\x02\x30\xf0\x58\x08\x16\xed\x13\xba\x33\x03\xac\x5d\xeb\x91\x15\x48\x90\x80\x25"+ , vecMsg = "\xaf\x82"+ , vecSig = "\x62\x91\xd6\x57\xde\xec\x24\x02\x48\x27\xe6\x9c\x3a\xbe\x01\xa3\x0c\xe5\x48\xa2\x84\x74\x3a\x44\x5e\x36\x80\xd7\xdb\x5a\xc3\xac\x18\xff\x9b\x53\x8d\x16\xf2\x90\xae\x67\xf7\x60\x98\x4d\xc6\x59\x4a\x7c\x15\xe9\x71\x6e\xd2\x8d\xc0\x27\xbe\xce\xea\x1e\xc4\x0a"+ }+ , Vec+ { vecPrx = Just Curve_Edwards25519+ , vecAlg = SHA512+ , vecSec = "\xf5\xe5\x76\x7c\xf1\x53\x31\x95\x17\x63\x0f\x22\x68\x76\xb8\x6c\x81\x60\xcc\x58\x3b\xc0\x13\x74\x4c\x6b\xf2\x55\xf5\xcc\x0e\xe5"+ , vecPub = "\x27\x81\x17\xfc\x14\x4c\x72\x34\x0f\x67\xd0\xf2\x31\x6e\x83\x86\xce\xff\xbf\x2b\x24\x28\xc9\xc5\x1f\xef\x7c\x59\x7f\x1d\x42\x6e"+ , vecMsg = "\x08\xb8\xb2\xb7\x33\x42\x42\x43\x76\x0f\xe4\x26\xa4\xb5\x49\x08\x63\x21\x10\xa6\x6c\x2f\x65\x91\xea\xbd\x33\x45\xe3\xe4\xeb\x98\xfa\x6e\x26\x4b\xf0\x9e\xfe\x12\xee\x50\xf8\xf5\x4e\x9f\x77\xb1\xe3\x55\xf6\xc5\x05\x44\xe2\x3f\xb1\x43\x3d\xdf\x73\xbe\x84\xd8\x79\xde\x7c\x00\x46\xdc\x49\x96\xd9\xe7\x73\xf4\xbc\x9e\xfe\x57\x38\x82\x9a\xdb\x26\xc8\x1b\x37\xc9\x3a\x1b\x27\x0b\x20\x32\x9d\x65\x86\x75\xfc\x6e\xa5\x34\xe0\x81\x0a\x44\x32\x82\x6b\xf5\x8c\x94\x1e\xfb\x65\xd5\x7a\x33\x8b\xbd\x2e\x26\x64\x0f\x89\xff\xbc\x1a\x85\x8e\xfc\xb8\x55\x0e\xe3\xa5\xe1\x99\x8b\xd1\x77\xe9\x3a\x73\x63\xc3\x44\xfe\x6b\x19\x9e\xe5\xd0\x2e\x82\xd5\x22\xc4\xfe\xba\x15\x45\x2f\x80\x28\x8a\x82\x1a\x57\x91\x16\xec\x6d\xad\x2b\x3b\x31\x0d\xa9\x03\x40\x1a\xa6\x21\x00\xab\x5d\x1a\x36\x55\x3e\x06\x20\x3b\x33\x89\x0c\xc9\xb8\x32\xf7\x9e\xf8\x05\x60\xcc\xb9\xa3\x9c\xe7\x67\x96\x7e\xd6\x28\xc6\xad\x57\x3c\xb1\x16\xdb\xef\xef\xd7\x54\x99\xda\x96\xbd\x68\xa8\xa9\x7b\x92\x8a\x8b\xbc\x10\x3b\x66\x21\xfc\xde\x2b\xec\xa1\x23\x1d\x20\x6b\xe6\xcd\x9e\xc7\xaf\xf6\xf6\xc9\x4f\xcd\x72\x04\xed\x34\x55\xc6\x8c\x83\xf4\xa4\x1d\xa4\xaf\x2b\x74\xef\x5c\x53\xf1\xd8\xac\x70\xbd\xcb\x7e\xd1\x85\xce\x81\xbd\x84\x35\x9d\x44\x25\x4d\x95\x62\x9e\x98\x55\xa9\x4a\x7c\x19\x58\xd1\xf8\xad\xa5\xd0\x53\x2e\xd8\xa5\xaa\x3f\xb2\xd1\x7b\xa7\x0e\xb6\x24\x8e\x59\x4e\x1a\x22\x97\xac\xbb\xb3\x9d\x50\x2f\x1a\x8c\x6e\xb6\xf1\xce\x22\xb3\xde\x1a\x1f\x40\xcc\x24\x55\x41\x19\xa8\x31\xa9\xaa\xd6\x07\x9c\xad\x88\x42\x5d\xe6\xbd\xe1\xa9\x18\x7e\xbb\x60\x92\xcf\x67\xbf\x2b\x13\xfd\x65\xf2\x70\x88\xd7\x8b\x7e\x88\x3c\x87\x59\xd2\xc4\xf5\xc6\x5a\xdb\x75\x53\x87\x8a\xd5\x75\xf9\xfa\xd8\x78\xe8\x0a\x0c\x9b\xa6\x3b\xcb\xcc\x27\x32\xe6\x94\x85\xbb\xc9\xc9\x0b\xfb\xd6\x24\x81\xd9\x08\x9b\xec\xcf\x80\xcf\xe2\xdf\x16\xa2\xcf\x65\xbd\x92\xdd\x59\x7b\x07\x07\xe0\x91\x7a\xf4\x8b\xbb\x75\xfe\xd4\x13\xd2\x38\xf5\x55\x5a\x7a\x56\x9d\x80\xc3\x41\x4a\x8d\x08\x59\xdc\x65\xa4\x61\x28\xba\xb2\x7a\xf8\x7a\x71\x31\x4f\x31\x8c\x78\x2b\x23\xeb\xfe\x80\x8b\x82\xb0\xce\x26\x40\x1d\x2e\x22\xf0\x4d\x83\xd1\x25\x5d\xc5\x1a\xdd\xd3\xb7\x5a\x2b\x1a\xe0\x78\x45\x04\xdf\x54\x3a\xf8\x96\x9b\xe3\xea\x70\x82\xff\x7f\xc9\x88\x8c\x14\x4d\xa2\xaf\x58\x42\x9e\xc9\x60\x31\xdb\xca\xd3\xda\xd9\xaf\x0d\xcb\xaa\xaf\x26\x8c\xb8\xfc\xff\xea\xd9\x4f\x3c\x7c\xa4\x95\xe0\x56\xa9\xb4\x7a\xcd\xb7\x51\xfb\x73\xe6\x66\xc6\xc6\x55\xad\xe8\x29\x72\x97\xd0\x7a\xd1\xba\x5e\x43\xf1\xbc\xa3\x23\x01\x65\x13\x39\xe2\x29\x04\xcc\x8c\x42\xf5\x8c\x30\xc0\x4a\xaf\xdb\x03\x8d\xda\x08\x47\xdd\x98\x8d\xcd\xa6\xf3\xbf\xd1\x5c\x4b\x4c\x45\x25\x00\x4a\xa0\x6e\xef\xf8\xca\x61\x78\x3a\xac\xec\x57\xfb\x3d\x1f\x92\xb0\xfe\x2f\xd1\xa8\x5f\x67\x24\x51\x7b\x65\xe6\x14\xad\x68\x08\xd6\xf6\xee\x34\xdf\xf7\x31\x0f\xdc\x82\xae\xbf\xd9\x04\xb0\x1e\x1d\xc5\x4b\x29\x27\x09\x4b\x2d\xb6\x8d\x6f\x90\x3b\x68\x40\x1a\xde\xbf\x5a\x7e\x08\xd7\x8f\xf4\xef\x5d\x63\x65\x3a\x65\x04\x0c\xf9\xbf\xd4\xac\xa7\x98\x4a\x74\xd3\x71\x45\x98\x67\x80\xfc\x0b\x16\xac\x45\x16\x49\xde\x61\x88\xa7\xdb\xdf\x19\x1f\x64\xb5\xfc\x5e\x2a\xb4\x7b\x57\xf7\xf7\x27\x6c\xd4\x19\xc1\x7a\x3c\xa8\xe1\xb9\x39\xae\x49\xe4\x88\xac\xba\x6b\x96\x56\x10\xb5\x48\x01\x09\xc8\xb1\x7b\x80\xe1\xb7\xb7\x50\xdf\xc7\x59\x8d\x5d\x50\x11\xfd\x2d\xcc\x56\x00\xa3\x2e\xf5\xb5\x2a\x1e\xcc\x82\x0e\x30\x8a\xa3\x42\x72\x1a\xac\x09\x43\xbf\x66\x86\xb6\x4b\x25\x79\x37\x65\x04\xcc\xc4\x93\xd9\x7e\x6a\xed\x3f\xb0\xf9\xcd\x71\xa4\x3d\xd4\x97\xf0\x1f\x17\xc0\xe2\xcb\x37\x97\xaa\x2a\x2f\x25\x66\x56\x16\x8e\x6c\x49\x6a\xfc\x5f\xb9\x32\x46\xf6\xb1\x11\x63\x98\xa3\x46\xf1\xa6\x41\xf3\xb0\x41\xe9\x89\xf7\x91\x4f\x90\xcc\x2c\x7f\xff\x35\x78\x76\xe5\x06\xb5\x0d\x33\x4b\xa7\x7c\x22\x5b\xc3\x07\xba\x53\x71\x52\xf3\xf1\x61\x0e\x4e\xaf\xe5\x95\xf6\xd9\xd9\x0d\x11\xfa\xa9\x33\xa1\x5e\xf1\x36\x95\x46\x86\x8a\x7f\x3a\x45\xa9\x67\x68\xd4\x0f\xd9\xd0\x34\x12\xc0\x91\xc6\x31\x5c\xf4\xfd\xe7\xcb\x68\x60\x69\x37\x38\x0d\xb2\xea\xaa\x70\x7b\x4c\x41\x85\xc3\x2e\xdd\xcd\xd3\x06\x70\x5e\x4d\xc1\xff\xc8\x72\xee\xee\x47\x5a\x64\xdf\xac\x86\xab\xa4\x1c\x06\x18\x98\x3f\x87\x41\xc5\xef\x68\xd3\xa1\x01\xe8\xa3\xb8\xca\xc6\x0c\x90\x5c\x15\xfc\x91\x08\x40\xb9\x4c\x00\xa0\xb9\xd0"+ , vecSig = "\x0a\xab\x4c\x90\x05\x01\xb3\xe2\x4d\x7c\xdf\x46\x63\x32\x6a\x3a\x87\xdf\x5e\x48\x43\xb2\xcb\xdb\x67\xcb\xf6\xe4\x60\xfe\xc3\x50\xaa\x53\x71\xb1\x50\x8f\x9f\x45\x28\xec\xea\x23\xc4\x36\xd9\x4b\x5e\x8f\xcd\x4f\x68\x1e\x30\xa6\xac\x00\xa9\x70\x4a\x18\x8a\x03"+ }+ , Vec+ { vecPrx = Just Curve_Edwards25519+ , vecAlg = SHA512+ , vecSec = "\x83\x3f\xe6\x24\x09\x23\x7b\x9d\x62\xec\x77\x58\x75\x20\x91\x1e\x9a\x75\x9c\xec\x1d\x19\x75\x5b\x7d\xa9\x01\xb9\x6d\xca\x3d\x42"+ , vecPub = "\xec\x17\x2b\x93\xad\x5e\x56\x3b\xf4\x93\x2c\x70\xe1\x24\x50\x34\xc3\x54\x67\xef\x2e\xfd\x4d\x64\xeb\xf8\x19\x68\x34\x67\xe2\xbf"+ , vecMsg = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f\xa5\x4c\xa4\x9f"+ , vecSig = "\xdc\x2a\x44\x59\xe7\x36\x96\x33\xa5\x2b\x1b\xf2\x77\x83\x9a\x00\x20\x10\x09\xa3\xef\xbf\x3e\xcb\x69\xbe\xa2\x18\x6c\x26\xb5\x89\x09\x35\x1f\xc9\xac\x90\xb3\xec\xfd\xfb\xc7\xc6\x64\x31\xe0\x30\x3d\xca\x17\x9c\x13\x8a\xc1\x7a\xd9\xbe\xf1\x17\x73\x31\xa7\x04"+ }+ , Vec+ { vecPrx = Just Curve_Edwards25519+ , vecAlg = Blake2b_512+ , vecSec = "\x9d\x61\xb1\x9d\xef\xfd\x5a\x60\xba\x84\x4a\xf4\x92\xec\x2c\xc4\x44\x49\xc5\x69\x7b\x32\x69\x19\x70\x3b\xac\x03\x1c\xae\x7f\x60"+ , vecPub = "\x78\xe6\x5b\xf3\x0f\x89\x3d\x32\xfc\x57\xef\x05\x1c\x34\x1b\xde\xde\x24\x25\x44\xfc\x2a\x21\x12\xf0\xfa\x2c\x7a\xfd\xeb\xc0\x2f"+ , vecMsg = ""+ , vecSig = "\x99\xa5\x23\xbd\x46\x16\xc8\x16\x11\x44\xd6\xa9\x9d\x3c\x32\x40\x0c\xb4\xa3\x26\xf4\xd7\x9e\x30\x73\x40\xf6\xaf\xa1\x17\x50\xa0\x08\x5d\x7d\x84\x62\x6b\xc9\xe4\xb1\x53\xfc\x0e\x39\x6d\x15\xce\x44\xc3\x9b\xae\x45\x33\x80\x4d\xb1\xfe\x5b\x52\xf2\xb1\xb8\x05"+ }+ , Vec+ { vecPrx = Just Curve_Edwards25519+ , vecAlg = Blake2b_512+ , vecSec = "\x4c\xcd\x08\x9b\x28\xff\x96\xda\x9d\xb6\xc3\x46\xec\x11\x4e\x0f\x5b\x8a\x31\x9f\x35\xab\xa6\x24\xda\x8c\xf6\xed\x4f\xb8\xa6\xfb"+ , vecPub = "\x5e\x71\x39\x2d\x91\xe6\xa5\x8f\xed\xeb\x08\x50\x36\x4f\x56\xcd\x15\x8a\x60\x44\x75\x57\xd7\x89\x03\x89\xc9\xb3\xd4\x57\x6d\x4d"+ , vecMsg = "\x72"+ , vecSig = "\x6d\xa7\x5e\x15\xb5\x70\x7f\x4d\xe5\xa1\x53\xc4\x8a\x5d\x83\x9f\xb8\x50\x74\xc3\x8a\xeb\x62\x85\x97\x7f\x03\xa1\x39\x77\x59\x7f\x97\x60\x69\xfd\xb9\x03\xf1\x83\x47\x4a\xaa\x5e\xd0\xcf\xe8\x78\xba\x8e\xf8\x68\xc5\xe4\x7c\xa3\xf9\x6c\xcf\xb3\xa8\x9b\x2a\x06"+ }+ , Vec+ { vecPrx = Just Curve_Edwards25519+ , vecAlg = Blake2b_512+ , vecSec = "\xc5\xaa\x8d\xf4\x3f\x9f\x83\x7b\xed\xb7\x44\x2f\x31\xdc\xb7\xb1\x66\xd3\x85\x35\x07\x6f\x09\x4b\x85\xce\x3a\x2e\x0b\x44\x58\xf7"+ , vecPub = "\x8d\x53\xca\x70\xf0\xea\xb2\x3b\x91\x78\x34\x57\x85\xfc\xdb\x69\xed\x67\x23\xf8\x14\x8f\x7e\x33\x9e\x88\x65\x37\x00\xb7\x18\xda"+ , vecMsg = "\xaf\x82"+ , vecSig = "\x7c\xc3\xc1\x38\x52\xbd\x12\xab\xf3\xce\x4c\xa8\xca\x28\x36\xcb\xf8\x6d\xa9\x6c\x46\x34\xc5\x0d\xf3\xfb\x80\xdc\x80\x9e\x29\xdb\x0e\x10\x9c\x36\x13\x53\x40\x7c\x12\x36\xa9\x04\xf6\x36\x86\x8a\xa3\x39\x77\xa9\x9d\x3f\x84\x45\x98\xdb\x15\x38\xb4\x29\x52\x03"+ }+ , Vec+ { vecPrx = Just Curve_Edwards25519+ , vecAlg = Blake2b_512+ , vecSec = "\xf5\xe5\x76\x7c\xf1\x53\x31\x95\x17\x63\x0f\x22\x68\x76\xb8\x6c\x81\x60\xcc\x58\x3b\xc0\x13\x74\x4c\x6b\xf2\x55\xf5\xcc\x0e\xe5"+ , vecPub = "\x9e\x3c\xa4\x9b\xb2\xd9\xe3\x6b\x8f\x0c\x94\x4a\x7b\x1c\x29\x26\x45\xda\x87\xce\x6f\xa6\xb4\x28\x86\xe5\xd7\xc8\x68\x33\xa7\x14"+ , vecMsg = "\x08\xb8\xb2\xb7\x33\x42\x42\x43\x76\x0f\xe4\x26\xa4\xb5\x49\x08\x63\x21\x10\xa6\x6c\x2f\x65\x91\xea\xbd\x33\x45\xe3\xe4\xeb\x98\xfa\x6e\x26\x4b\xf0\x9e\xfe\x12\xee\x50\xf8\xf5\x4e\x9f\x77\xb1\xe3\x55\xf6\xc5\x05\x44\xe2\x3f\xb1\x43\x3d\xdf\x73\xbe\x84\xd8\x79\xde\x7c\x00\x46\xdc\x49\x96\xd9\xe7\x73\xf4\xbc\x9e\xfe\x57\x38\x82\x9a\xdb\x26\xc8\x1b\x37\xc9\x3a\x1b\x27\x0b\x20\x32\x9d\x65\x86\x75\xfc\x6e\xa5\x34\xe0\x81\x0a\x44\x32\x82\x6b\xf5\x8c\x94\x1e\xfb\x65\xd5\x7a\x33\x8b\xbd\x2e\x26\x64\x0f\x89\xff\xbc\x1a\x85\x8e\xfc\xb8\x55\x0e\xe3\xa5\xe1\x99\x8b\xd1\x77\xe9\x3a\x73\x63\xc3\x44\xfe\x6b\x19\x9e\xe5\xd0\x2e\x82\xd5\x22\xc4\xfe\xba\x15\x45\x2f\x80\x28\x8a\x82\x1a\x57\x91\x16\xec\x6d\xad\x2b\x3b\x31\x0d\xa9\x03\x40\x1a\xa6\x21\x00\xab\x5d\x1a\x36\x55\x3e\x06\x20\x3b\x33\x89\x0c\xc9\xb8\x32\xf7\x9e\xf8\x05\x60\xcc\xb9\xa3\x9c\xe7\x67\x96\x7e\xd6\x28\xc6\xad\x57\x3c\xb1\x16\xdb\xef\xef\xd7\x54\x99\xda\x96\xbd\x68\xa8\xa9\x7b\x92\x8a\x8b\xbc\x10\x3b\x66\x21\xfc\xde\x2b\xec\xa1\x23\x1d\x20\x6b\xe6\xcd\x9e\xc7\xaf\xf6\xf6\xc9\x4f\xcd\x72\x04\xed\x34\x55\xc6\x8c\x83\xf4\xa4\x1d\xa4\xaf\x2b\x74\xef\x5c\x53\xf1\xd8\xac\x70\xbd\xcb\x7e\xd1\x85\xce\x81\xbd\x84\x35\x9d\x44\x25\x4d\x95\x62\x9e\x98\x55\xa9\x4a\x7c\x19\x58\xd1\xf8\xad\xa5\xd0\x53\x2e\xd8\xa5\xaa\x3f\xb2\xd1\x7b\xa7\x0e\xb6\x24\x8e\x59\x4e\x1a\x22\x97\xac\xbb\xb3\x9d\x50\x2f\x1a\x8c\x6e\xb6\xf1\xce\x22\xb3\xde\x1a\x1f\x40\xcc\x24\x55\x41\x19\xa8\x31\xa9\xaa\xd6\x07\x9c\xad\x88\x42\x5d\xe6\xbd\xe1\xa9\x18\x7e\xbb\x60\x92\xcf\x67\xbf\x2b\x13\xfd\x65\xf2\x70\x88\xd7\x8b\x7e\x88\x3c\x87\x59\xd2\xc4\xf5\xc6\x5a\xdb\x75\x53\x87\x8a\xd5\x75\xf9\xfa\xd8\x78\xe8\x0a\x0c\x9b\xa6\x3b\xcb\xcc\x27\x32\xe6\x94\x85\xbb\xc9\xc9\x0b\xfb\xd6\x24\x81\xd9\x08\x9b\xec\xcf\x80\xcf\xe2\xdf\x16\xa2\xcf\x65\xbd\x92\xdd\x59\x7b\x07\x07\xe0\x91\x7a\xf4\x8b\xbb\x75\xfe\xd4\x13\xd2\x38\xf5\x55\x5a\x7a\x56\x9d\x80\xc3\x41\x4a\x8d\x08\x59\xdc\x65\xa4\x61\x28\xba\xb2\x7a\xf8\x7a\x71\x31\x4f\x31\x8c\x78\x2b\x23\xeb\xfe\x80\x8b\x82\xb0\xce\x26\x40\x1d\x2e\x22\xf0\x4d\x83\xd1\x25\x5d\xc5\x1a\xdd\xd3\xb7\x5a\x2b\x1a\xe0\x78\x45\x04\xdf\x54\x3a\xf8\x96\x9b\xe3\xea\x70\x82\xff\x7f\xc9\x88\x8c\x14\x4d\xa2\xaf\x58\x42\x9e\xc9\x60\x31\xdb\xca\xd3\xda\xd9\xaf\x0d\xcb\xaa\xaf\x26\x8c\xb8\xfc\xff\xea\xd9\x4f\x3c\x7c\xa4\x95\xe0\x56\xa9\xb4\x7a\xcd\xb7\x51\xfb\x73\xe6\x66\xc6\xc6\x55\xad\xe8\x29\x72\x97\xd0\x7a\xd1\xba\x5e\x43\xf1\xbc\xa3\x23\x01\x65\x13\x39\xe2\x29\x04\xcc\x8c\x42\xf5\x8c\x30\xc0\x4a\xaf\xdb\x03\x8d\xda\x08\x47\xdd\x98\x8d\xcd\xa6\xf3\xbf\xd1\x5c\x4b\x4c\x45\x25\x00\x4a\xa0\x6e\xef\xf8\xca\x61\x78\x3a\xac\xec\x57\xfb\x3d\x1f\x92\xb0\xfe\x2f\xd1\xa8\x5f\x67\x24\x51\x7b\x65\xe6\x14\xad\x68\x08\xd6\xf6\xee\x34\xdf\xf7\x31\x0f\xdc\x82\xae\xbf\xd9\x04\xb0\x1e\x1d\xc5\x4b\x29\x27\x09\x4b\x2d\xb6\x8d\x6f\x90\x3b\x68\x40\x1a\xde\xbf\x5a\x7e\x08\xd7\x8f\xf4\xef\x5d\x63\x65\x3a\x65\x04\x0c\xf9\xbf\xd4\xac\xa7\x98\x4a\x74\xd3\x71\x45\x98\x67\x80\xfc\x0b\x16\xac\x45\x16\x49\xde\x61\x88\xa7\xdb\xdf\x19\x1f\x64\xb5\xfc\x5e\x2a\xb4\x7b\x57\xf7\xf7\x27\x6c\xd4\x19\xc1\x7a\x3c\xa8\xe1\xb9\x39\xae\x49\xe4\x88\xac\xba\x6b\x96\x56\x10\xb5\x48\x01\x09\xc8\xb1\x7b\x80\xe1\xb7\xb7\x50\xdf\xc7\x59\x8d\x5d\x50\x11\xfd\x2d\xcc\x56\x00\xa3\x2e\xf5\xb5\x2a\x1e\xcc\x82\x0e\x30\x8a\xa3\x42\x72\x1a\xac\x09\x43\xbf\x66\x86\xb6\x4b\x25\x79\x37\x65\x04\xcc\xc4\x93\xd9\x7e\x6a\xed\x3f\xb0\xf9\xcd\x71\xa4\x3d\xd4\x97\xf0\x1f\x17\xc0\xe2\xcb\x37\x97\xaa\x2a\x2f\x25\x66\x56\x16\x8e\x6c\x49\x6a\xfc\x5f\xb9\x32\x46\xf6\xb1\x11\x63\x98\xa3\x46\xf1\xa6\x41\xf3\xb0\x41\xe9\x89\xf7\x91\x4f\x90\xcc\x2c\x7f\xff\x35\x78\x76\xe5\x06\xb5\x0d\x33\x4b\xa7\x7c\x22\x5b\xc3\x07\xba\x53\x71\x52\xf3\xf1\x61\x0e\x4e\xaf\xe5\x95\xf6\xd9\xd9\x0d\x11\xfa\xa9\x33\xa1\x5e\xf1\x36\x95\x46\x86\x8a\x7f\x3a\x45\xa9\x67\x68\xd4\x0f\xd9\xd0\x34\x12\xc0\x91\xc6\x31\x5c\xf4\xfd\xe7\xcb\x68\x60\x69\x37\x38\x0d\xb2\xea\xaa\x70\x7b\x4c\x41\x85\xc3\x2e\xdd\xcd\xd3\x06\x70\x5e\x4d\xc1\xff\xc8\x72\xee\xee\x47\x5a\x64\xdf\xac\x86\xab\xa4\x1c\x06\x18\x98\x3f\x87\x41\xc5\xef\x68\xd3\xa1\x01\xe8\xa3\xb8\xca\xc6\x0c\x90\x5c\x15\xfc\x91\x08\x40\xb9\x4c\x00\xa0\xb9\xd0"+ , vecSig = "\xd0\x39\x65\xac\x31\x6a\x20\xf5\xa4\x7a\xb2\xd6\x18\x5e\xb3\xf0\xae\xea\x9c\x2e\xb8\xab\xe9\x22\xe9\x6d\x31\x7b\x3b\xd0\xef\x02\xe8\xd4\x7f\xd9\x23\x84\xe2\x86\x15\xeb\x33\x14\xad\xbc\x71\xc4\x67\x59\x96\x09\x9e\x48\x4c\xeb\x16\x28\x47\xc4\x0c\x32\x44\x0e"+ }+ ]+++doPublicKeyTest :: Int -> Vec -> TestTree+doPublicKeyTest i Vec{..} =+ testCase (show i) (pub @=? EdDSA.toPublic vecPrx vecAlg sec)+ where+ !pub = throwCryptoError $ EdDSA.publicKey vecPrx vecAlg vecPub+ !sec = throwCryptoError $ EdDSA.secretKey vecPrx vecSec++doSignatureTest :: Int -> Vec -> TestTree+doSignatureTest i Vec{..} =+ testCase (show i) (sig @=? EdDSA.sign vecPrx sec pub vecMsg)+ where+ !sig = throwCryptoError $ EdDSA.signature vecPrx vecAlg vecSig+ !pub = throwCryptoError $ EdDSA.publicKey vecPrx vecAlg vecPub+ !sec = throwCryptoError $ EdDSA.secretKey vecPrx vecSec++doVerifyTest :: Int -> Vec -> TestTree+doVerifyTest i Vec{..} =+ testCase (show i) (True @=? EdDSA.verify vecPrx pub vecMsg sig)+ where+ !sig = throwCryptoError $ EdDSA.signature vecPrx vecAlg vecSig+ !pub = throwCryptoError $ EdDSA.publicKey vecPrx vecAlg vecPub+++tests = testGroup "EdDSA"+ [ testGroup "gen publickey" $ zipWith doPublicKeyTest [katZero..] vectors+ , testGroup "gen signature" $ zipWith doSignatureTest [katZero..] vectors+ , testGroup "verify sig" $ zipWith doVerifyTest [katZero..] vectors+ ]
tests/Tests.hs view
@@ -29,6 +29,7 @@ import qualified KAT_Curve448 import qualified KAT_Ed25519 import qualified KAT_Ed448+import qualified KAT_EdDSA import qualified KAT_OTP import qualified KAT_PubKey import qualified KAT_Scrypt@@ -67,6 +68,7 @@ , KAT_Curve448.tests , KAT_Ed25519.tests , KAT_Ed448.tests+ , KAT_EdDSA.tests , KAT_PubKey.tests , KAT_OTP.tests , testGroup "KDF"