From: Antoine Salon <asalon@vmware.com>
Date: Thu, 20 Dec 2018 23:20:00 +0000 (-0800)
Subject: blake2b: add support for parameter setting and keyed hash
X-Git-Tag: openssl-3.0.0-alpha1~2575
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=fc3c0223e8a70bfe8f8aefc98b819f7d852f3594

blake2b: add support for parameter setting and keyed hash

The param block structure is used as a container for parameter values
Added blake2b keyed init

Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7726)
---

diff --git a/crypto/blake2/blake2_locl.h b/crypto/blake2/blake2_locl.h
index 33bd64ba58..96af32500d 100644
--- a/crypto/blake2/blake2_locl.h
+++ b/crypto/blake2/blake2_locl.h
@@ -83,10 +83,22 @@ struct blake2b_ctx_st {
 typedef struct blake2s_ctx_st BLAKE2S_CTX;
 typedef struct blake2b_ctx_st BLAKE2B_CTX;
 
-int BLAKE2b_Init(BLAKE2B_CTX *c);
+int BLAKE2b_Init(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P);
+int BLAKE2b_Init_key(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P, const void *key);
 int BLAKE2b_Update(BLAKE2B_CTX *c, const void *data, size_t datalen);
 int BLAKE2b_Final(unsigned char *md, BLAKE2B_CTX *c);
 
+/*
+ * These setters are internal and do not check the validity of their parameters.
+ * See blake2b_mac_ctrl for validation logic.
+ */
+
+void blake2b_param_init(BLAKE2B_PARAM *P);
+void blake2b_param_set_digest_length(BLAKE2B_PARAM *P, uint8_t outlen);
+void blake2b_param_set_key_length(BLAKE2B_PARAM *P, uint8_t keylen);
+void blake2b_param_set_personal(BLAKE2B_PARAM *P, const uint8_t *personal, size_t length);
+void blake2b_param_set_salt(BLAKE2B_PARAM *P, const uint8_t *salt, size_t length);
+
 int BLAKE2s_Init(BLAKE2S_CTX *c);
 int BLAKE2s_Update(BLAKE2S_CTX *c, const void *data, size_t datalen);
 int BLAKE2s_Final(unsigned char *md, BLAKE2S_CTX *c);
diff --git a/crypto/blake2/blake2b.c b/crypto/blake2/blake2b.c
index fb128e4bb4..b5eb928708 100644
--- a/crypto/blake2/blake2b.c
+++ b/crypto/blake2/blake2b.c
@@ -80,10 +80,9 @@ static void blake2b_init_param(BLAKE2B_CTX *S, const BLAKE2B_PARAM *P)
     }
 }
 
-/* Initialize the hashing context.  Always returns 1. */
-int BLAKE2b_Init(BLAKE2B_CTX *c)
+/* Initialize the parameter block with default values */
+void blake2b_param_init(BLAKE2B_PARAM *P)
 {
-    BLAKE2B_PARAM P[1];
     P->digest_length = BLAKE2B_DIGEST_LENGTH;
     P->key_length    = 0;
     P->fanout        = 1;
@@ -95,10 +94,60 @@ int BLAKE2b_Init(BLAKE2B_CTX *c)
     memset(P->reserved, 0, sizeof(P->reserved));
     memset(P->salt,     0, sizeof(P->salt));
     memset(P->personal, 0, sizeof(P->personal));
+}
+
+void blake2b_param_set_digest_length(BLAKE2B_PARAM *P, uint8_t outlen)
+{
+    P->digest_length = outlen;
+}
+
+void blake2b_param_set_key_length(BLAKE2B_PARAM *P, uint8_t keylen)
+{
+    P->key_length = keylen;
+}
+
+void blake2b_param_set_personal(BLAKE2B_PARAM *P, const uint8_t *personal, size_t len)
+{
+    memcpy(P->personal, personal, len);
+    memset(P->personal + len, 0, BLAKE2B_PERSONALBYTES - len);
+}
+
+void blake2b_param_set_salt(BLAKE2B_PARAM *P, const uint8_t *salt, size_t len)
+{
+    memcpy(P->salt, salt, len);
+    memset(P->salt + len, 0, BLAKE2B_SALTBYTES - len);
+}
+
+/*
+ * Initialize the hashing context with the given parameter block.
+ * Always returns 1.
+ */
+int BLAKE2b_Init(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P)
+{
     blake2b_init_param(c, P);
     return 1;
 }
 
+/*
+ * Initialize the hashing context with the given parameter block and key.
+ * Always returns 1.
+ */
+int BLAKE2b_Init_key(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P, const void *key)
+{
+    blake2b_init_param(c, P);
+
+    /* Pad the key to form first data block */
+    {
+        uint8_t block[BLAKE2B_BLOCKBYTES] = {0};
+
+        memcpy(block, key, P->key_length);
+        BLAKE2b_Update(c, block, BLAKE2B_BLOCKBYTES);
+        OPENSSL_cleanse(block, BLAKE2B_BLOCKBYTES);
+    }
+
+    return 1;
+}
+
 /* Permute the state while xoring in the block of data. */
 static void blake2b_compress(BLAKE2B_CTX *S,
                             const uint8_t *blocks,
diff --git a/crypto/blake2/m_blake2b.c b/crypto/blake2/m_blake2b.c
index a37ab89ef2..2fb80f8b4e 100644
--- a/crypto/blake2/m_blake2b.c
+++ b/crypto/blake2/m_blake2b.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -25,7 +25,9 @@
 
 static int init(EVP_MD_CTX *ctx)
 {
-    return BLAKE2b_Init(EVP_MD_CTX_md_data(ctx));
+    BLAKE2B_PARAM P;
+    blake2b_param_init(&P);
+    return BLAKE2b_Init(EVP_MD_CTX_md_data(ctx), &P);
 }
 
 static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
@@ -49,7 +51,7 @@ static const EVP_MD blake2b_md = {
     NULL,
     NULL,
     BLAKE2B_BLOCKBYTES,
-    sizeof(EVP_MD *) + sizeof(BLAKE2B_CTX),
+    sizeof(BLAKE2B_CTX),
 };
 
 const EVP_MD *EVP_blake2b512(void)