-
Notifications
You must be signed in to change notification settings - Fork 448
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add BLAKE2[sb] hash #191
Add BLAKE2[sb] hash #191
Conversation
Looks good, do you plan to add |
I have added blake2b as well. |
Ad Travis-CI failures e.g. https://travis-ci.org/libtom/libtomcrypt/jobs/220116643 you have to move all declaration at the block beginning like this:
|
It has been updated. |
One more place that needs a fix
|
src/hashes/blake2s.c
Outdated
{ | ||
XMEMSET(&md->blake2s, 0, sizeof(struct blake2s_state)); | ||
|
||
for (int i = 0; i < 8; ++i) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
move declaration int i
at the block beginning
src/hashes/blake2s.c
Outdated
static int blake2s_init_param(hash_state *md, const struct blake2s_param *P) | ||
{ | ||
blake2s_init0(md); | ||
ulong32 *p = (ulong32 *)(P); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
declaration ulong32 *p
should go at the block beginning before any code
src/hashes/blake2s.c
Outdated
ulong32 *p = (ulong32 *)(P); | ||
|
||
/* IV XOR ParamBlock */ | ||
for (size_t i = 0; i < 8; ++i) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
move declaration size_t i
at the block beginning
src/hashes/blake2s.c
Outdated
LOAD32L(m[i], buf + i * sizeof(m[i])); | ||
} | ||
|
||
for (size_t i = 0; i < 8; ++i) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remove the declaration size_t i
src/hashes/blake2s.c
Outdated
ulong32 m[16]; | ||
ulong32 v[16]; | ||
|
||
for (size_t i = 0; i < 16; ++i) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
move declaration size_t i
at the block beginning
src/hashes/blake2s.c
Outdated
ROUND(8); | ||
ROUND(9); | ||
|
||
for (size_t i = 0; i < 8; ++i) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remove the declaration size_t i
src/hashes/blake2s.c
Outdated
/* IV XOR ParamBlock */ | ||
for (i = 0; i < 8; ++i) { | ||
ulong32 tmp; | ||
LOAD32L(tmp, &p[i]); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I propose a change like this:
static int blake2s_init_param(hash_state *md, const struct blake2s_param *P)
{
unsigned long i;
- ulong32 *p = (ulong32 *)(P);
+ unsigned char *p = (unsigned char *)(P);
blake2s_init0(md);
/* IV XOR ParamBlock */
for (i = 0; i < 8; ++i) {
ulong32 tmp;
- LOAD32L(tmp, &p[i]);
+ LOAD32L(tmp, p + i*4);
md->blake2s.h[i] ^= tmp;
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
c.f. my comments to blake2b_init_param()
src/hashes/blake2s.c
Outdated
STORE32L(md->blake2s.h[i], buffer + sizeof(md->blake2s.h[i]) * i); | ||
|
||
XMEMCPY(out, buffer, md->blake2s.outlen); | ||
#ifdef LTC_CLEAN_STACK |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
md
is not on stack
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
& you forgot to clean buffer
src/hashes/blake2b.c
Outdated
XMEMCPY(out, buffer, md->blake2b.outlen); | ||
#ifdef LTC_CLEAN_STACK | ||
zeromem(buffer, sizeof(buffer)); | ||
zeromem(md, sizeof(hash_state)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
md
is not on stack
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMO zeromem(md, sizeof(hash_state))
should be out of #ifdef LTC_CLEAN_STACK ... #endif
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMO
zeromem(md, sizeof(hash_state))
should be out of#ifdef LTC_CLEAN_STACK ... #endif
true
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Regarding my comments to the struct blake2[bs]_param
I also don't have a good solution yet...
src/headers/tomcrypt_hash.h
Outdated
ulong32 h[8]; | ||
ulong32 t[2]; | ||
ulong32 f[2]; | ||
unsigned char buf[2 * 64]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why 2*64 here and 128 for blake2b?
src/headers/tomcrypt_hash.h
Outdated
ulong32 t[2]; | ||
ulong32 f[2]; | ||
unsigned char buf[2 * 64]; | ||
ulong32 curlen; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also these types (curlen, outlen, last_node
) could be the same type as in blake2b or not? (or in blake2b the same as here, whichever makes most sense, at least it should be consistent)
src/hashes/blake2b.c
Outdated
/* IV XOR ParamBlock */ | ||
for (i = 0; i < 8; ++i) { | ||
ulong64 tmp; | ||
LOAD64L(tmp, p + sizeof(md->blake2b.h[i]) * i); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ugh @ the typecast before and then p + sizeof(md->blake2b.h[i]) * i
especially since the blake2b_param
struct isn't packed... and I'm not really a fan of packed structs regarding portability...
src/hashes/blake2b.c
Outdated
} | ||
|
||
/* init xors IV with input parameter block */ | ||
int blake2b_init_param(hash_state *md, const struct blake2b_param *P) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this can be static
src/hashes/blake2s.c
Outdated
/* IV XOR ParamBlock */ | ||
for (i = 0; i < 8; ++i) { | ||
ulong32 tmp; | ||
LOAD32L(tmp, &p[i]); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
c.f. my comments to blake2b_init_param()
src/hashes/blake2s.c
Outdated
STORE32L(md->blake2s.h[i], buffer + sizeof(md->blake2s.h[i]) * i); | ||
|
||
XMEMCPY(out, buffer, md->blake2s.outlen); | ||
#ifdef LTC_CLEAN_STACK |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
& you forgot to clean buffer
src/hashes/blake2s.c
Outdated
{ | ||
int err; | ||
err = _blake2s_compress(md, buf); | ||
burn_stack(sizeof(ulong32) * 32); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you forgot i
:)
src/hashes/blake2b.c
Outdated
return CRYPT_OK; | ||
} | ||
|
||
int blake2b_init(hash_state *md, unsigned long outlen) | ||
{ | ||
struct blake2b_param P; | ||
unsigned char P[BLAKE2B_PARAM_SIZE]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
src/hashes/blake2s.c
Outdated
} | ||
|
||
/* Some helper functions, not necessarily useful */ | ||
static int blake2s_is_lastblock(const hash_state *md) { return md->blake2s.f[0] != 0; } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
format
src/hashes/blake2b.c
Outdated
static void blake2b_set_lastnode(hash_state *md) | ||
{ | ||
md->blake2b.f[1] = CONST64(0xffffffffffffffff); | ||
} | ||
|
||
/* Some helper functions, not necessarily useful */ | ||
static int blake2b_is_lastblock(const hash_state *md) { return md->blake2b.f[0] != 0; } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
format
src/hashes/blake2s.c
Outdated
|
||
XMEMCPY(out, buffer, md->blake2s.outlen); | ||
#ifdef LTC_CLEAN_STACK | ||
zeromem(md, sizeof(hash_state)); | ||
zeromem(buffer, sizeof(buffer)); | ||
zeromem(md, sizeof(hash_state)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
shouldn't we better remove the zero'ing of I just realized that's in line with all the other hash implementations...md
for both _done
functions? or is the hash descriptor unusable anyways after having called done
on it?
sounds fine by me, it doesn't look like a
also sounds fine by me, I'd just put them in please have a look at #184 regarding the structure & API signatures used. |
Yes, having both BLAKE2 based MACs in |
src/hashes/blake2b.c
Outdated
|
||
const struct ltc_hash_descriptor blake2b_160_desc = | ||
{ | ||
"blake2b_160", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you please rename the identifiers for all blake2[bs] hash descriptors to blake2[bs]-XXX
etc.
please also add this patch and then we're ready to merge
|
Ad blake2b_160 vs. blake2b-160 I prefer the underscore variant as can be
seen in my recent sha3_nnn addition. But the fact is that sha512 family
uses a dash. We should be definitely consistent.
Before merge test vectors should be regenerated via tv_gen.
|
I don't think it should be a personal preference, so I just use the notation that is used in the standards... therefore - and not _ |
And what about zeroing md always (not only #ifdef LTC_CLEAN_STACK) as
mentioned in my comment?
Especially if we'll use the same routines for BLAKE2 based MACs, the MD
will contain key related material.
|
true, I missed that |
src/hashes/blake2b.c
Outdated
XMEMCPY(out, buffer, md->blake2b.outlen); | ||
#ifdef LTC_CLEAN_STACK | ||
zeromem(buffer, sizeof(buffer)); | ||
zeromem(md, sizeof(hash_state)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMO
zeromem(md, sizeof(hash_state))
should be out of#ifdef LTC_CLEAN_STACK ... #endif
true
src/hashes/blake2s.c
Outdated
XMEMCPY(out, buffer, md->blake2s.outlen); | ||
#ifdef LTC_CLEAN_STACK | ||
zeromem(buffer, sizeof(buffer)); | ||
zeromem(md, sizeof(hash_state)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same
you need something like this
@karel-m should we add something like the following to helper.pl? for f in demos/tv_gen.c demos/hashsum.c testprof/x86_prof.c ; do for h in $(rgrep ltc_hash_desc ./src/hashes/ | awk '{print $4}'); do rgrep -q $h $f || echo $h not in $f ; done ; done ...which immediately shows
|
I don't know how you created these testvectors, but the ones you pushed fail on my machine as well 😮 |
The hash_sizes in blakes2-160 and blake2s-224 were a little off. hmac_tv.txt should be a little more consistent now. |
👍 I am for merging
|
thx @ksherlock & @karel-m for the good review process |
Hi,
This adds the blake2s hash (https://blake2.net, https://www.ietf.org/rfc/rfc7693.txt) based on the reference implementation (https://github.com/BLAKE2/BLAKE2/blob/master/ref/blake2s-ref.c)