Crypto++  6.1
Free C++ class library of cryptographic schemes
blake2.cpp
1 // blake2.cpp - written and placed in the public domain by Jeffrey Walton and Zooko
2 // Wilcox-O'Hearn. Based on Aumasson, Neves, Wilcox-O'Hearn and Winnerlein's
3 // reference BLAKE2 implementation at http://github.com/BLAKE2/BLAKE2.
4 
5 #include "pch.h"
6 #include "config.h"
7 #include "cryptlib.h"
8 #include "argnames.h"
9 #include "algparam.h"
10 #include "blake2.h"
11 #include "cpu.h"
12 
13 // Uncomment for benchmarking C++ against SSE2 or NEON.
14 // Do so in both blake2.cpp and blake2-simd.cpp.
15 // #undef CRYPTOPP_SSE41_AVAILABLE
16 // #undef CRYPTOPP_ARM_NEON_AVAILABLE
17 
18 // Disable NEON/ASIMD for Cortex-A53 and A57. The shifts are too slow and C/C++ is about
19 // 3 cpb faster than NEON/ASIMD. Also see http://github.com/weidai11/cryptopp/issues/367.
20 #if (defined(__aarch32__) || defined(__aarch64__)) && defined(CRYPTOPP_SLOW_ARMV8_SHIFT)
21 # undef CRYPTOPP_ARM_NEON_AVAILABLE
22 #endif
23 
24 ANONYMOUS_NAMESPACE_BEGIN
25 
26 using CryptoPP::byte;
27 using CryptoPP::word32;
28 using CryptoPP::word64;
30 
31 template <class W, bool T_64bit>
32 struct BLAKE2_IV
33 {
34  CRYPTOPP_ALIGN_DATA(16)
35  static const W iv[8];
36 };
37 
38 template <>
39 const word32 BLAKE2_IV<word32, false>::iv[8] = {
40  0x6A09E667UL, 0xBB67AE85UL, 0x3C6EF372UL, 0xA54FF53AUL,
41  0x510E527FUL, 0x9B05688CUL, 0x1F83D9ABUL, 0x5BE0CD19UL
42 };
43 
44 template <>
45 const word64 BLAKE2_IV<word64, true>::iv[8] = {
46  W64LIT(0x6a09e667f3bcc908), W64LIT(0xbb67ae8584caa73b),
47  W64LIT(0x3c6ef372fe94f82b), W64LIT(0xa54ff53a5f1d36f1),
48  W64LIT(0x510e527fade682d1), W64LIT(0x9b05688c2b3e6c1f),
49  W64LIT(0x1f83d9abfb41bd6b), W64LIT(0x5be0cd19137e2179)
50 };
51 
52 CRYPTOPP_ALIGN_DATA(16)
53 const byte BLAKE2S_SIGMA[10][16] = {
54  { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 },
55  { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 },
56  { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 },
57  { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 },
58  { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 },
59  { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 },
60  { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 },
61  { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 },
62  { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 },
63  { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 },
64 };
65 
66 CRYPTOPP_ALIGN_DATA(16)
67 const byte BLAKE2B_SIGMA[12][16] = {
68  { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 },
69  { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 },
70  { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 },
71  { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 },
72  { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 },
73  { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 },
74  { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 },
75  { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 },
76  { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 },
77  { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13 , 0 },
78  { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 },
79  { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 }
80 };
81 
82 template <unsigned int R, unsigned int N>
83 inline void BLAKE2B_G(const word64 m[16], word64& a, word64& b, word64& c, word64& d)
84 {
85  a = a + b + m[BLAKE2B_SIGMA[R][2*N+0]];
86  d = rotrConstant<32>(d ^ a);
87  c = c + d;
88  b = rotrConstant<24>(b ^ c);
89  a = a + b + m[BLAKE2B_SIGMA[R][2*N+1]];
90  d = rotrConstant<16>(d ^ a);
91  c = c + d;
92  b = rotrConstant<63>(b ^ c);
93 }
94 
95 template <unsigned int R>
96 inline void BLAKE2B_ROUND(const word64 m[16], word64 v[16])
97 {
98  BLAKE2B_G<R,0>(m,v[ 0],v[ 4],v[ 8],v[12]);
99  BLAKE2B_G<R,1>(m,v[ 1],v[ 5],v[ 9],v[13]);
100  BLAKE2B_G<R,2>(m,v[ 2],v[ 6],v[10],v[14]);
101  BLAKE2B_G<R,3>(m,v[ 3],v[ 7],v[11],v[15]);
102  BLAKE2B_G<R,4>(m,v[ 0],v[ 5],v[10],v[15]);
103  BLAKE2B_G<R,5>(m,v[ 1],v[ 6],v[11],v[12]);
104  BLAKE2B_G<R,6>(m,v[ 2],v[ 7],v[ 8],v[13]);
105  BLAKE2B_G<R,7>(m,v[ 3],v[ 4],v[ 9],v[14]);
106 }
107 
108 template <unsigned int R, unsigned int N>
109 inline void BLAKE2S_G(const word32 m[16], word32& a, word32& b, word32& c, word32& d)
110 {
111  a = a + b + m[BLAKE2S_SIGMA[R][2*N+0]];
112  d = rotrConstant<16>(d ^ a);
113  c = c + d;
114  b = rotrConstant<12>(b ^ c);
115  a = a + b + m[BLAKE2S_SIGMA[R][2*N+1]];
116  d = rotrConstant<8>(d ^ a);
117  c = c + d;
118  b = rotrConstant<7>(b ^ c);
119 }
120 
121 template <unsigned int R>
122 inline void BLAKE2S_ROUND(const word32 m[16], word32 v[])
123 {
124  BLAKE2S_G<R,0>(m,v[ 0],v[ 4],v[ 8],v[12]);
125  BLAKE2S_G<R,1>(m,v[ 1],v[ 5],v[ 9],v[13]);
126  BLAKE2S_G<R,2>(m,v[ 2],v[ 6],v[10],v[14]);
127  BLAKE2S_G<R,3>(m,v[ 3],v[ 7],v[11],v[15]);
128  BLAKE2S_G<R,4>(m,v[ 0],v[ 5],v[10],v[15]);
129  BLAKE2S_G<R,5>(m,v[ 1],v[ 6],v[11],v[12]);
130  BLAKE2S_G<R,6>(m,v[ 2],v[ 7],v[ 8],v[13]);
131  BLAKE2S_G<R,7>(m,v[ 3],v[ 4],v[ 9],v[14]);
132 }
133 
134 ANONYMOUS_NAMESPACE_END
135 
136 NAMESPACE_BEGIN(CryptoPP)
137 
138 void BLAKE2_Compress32_CXX(const byte* input, BLAKE2_State<word32, false>& state);
139 void BLAKE2_Compress64_CXX(const byte* input, BLAKE2_State<word64, true>& state);
140 
141 #if CRYPTOPP_SSE41_AVAILABLE
142 extern void BLAKE2_Compress32_SSE4(const byte* input, BLAKE2_State<word32, false>& state);
143 extern void BLAKE2_Compress64_SSE4(const byte* input, BLAKE2_State<word64, true>& state);
144 #endif
145 
146 #if CRYPTOPP_ARM_NEON_AVAILABLE
147 extern void BLAKE2_Compress32_NEON(const byte* input, BLAKE2_State<word32, false>& state);
148 extern void BLAKE2_Compress64_NEON(const byte* input, BLAKE2_State<word64, true>& state);
149 #endif
150 
151 BLAKE2_ParameterBlock<false>::BLAKE2_ParameterBlock(size_t digestLen, size_t keyLen,
152  const byte* saltStr, size_t saltLen,
153  const byte* personalizationStr, size_t personalizationLen)
154 {
155  // Avoid Coverity finding SIZEOF_MISMATCH/suspicious_sizeof
156  digestLength = (byte)digestLen;
157  keyLength = (byte)keyLen;
158  fanout = depth = 1;
159  nodeDepth = innerLength = 0;
160 
161  memset(leafLength, 0x00, COUNTOF(leafLength));
162  memset(nodeOffset, 0x00, COUNTOF(nodeOffset));
163 
164  if (saltStr && saltLen)
165  {
166  memcpy_s(salt, COUNTOF(salt), saltStr, saltLen);
167  const size_t rem = COUNTOF(salt) - saltLen;
168  const size_t off = COUNTOF(salt) - rem;
169  if (rem)
170  memset(salt+off, 0x00, rem);
171  }
172  else
173  {
174  memset(salt, 0x00, COUNTOF(salt));
175  }
176 
177  if (personalizationStr && personalizationLen)
178  {
179  memcpy_s(personalization, COUNTOF(personalization), personalizationStr, personalizationLen);
180  const size_t rem = COUNTOF(personalization) - personalizationLen;
181  const size_t off = COUNTOF(personalization) - rem;
182  if (rem)
183  memset(personalization+off, 0x00, rem);
184  }
185  else
186  {
187  memset(personalization, 0x00, COUNTOF(personalization));
188  }
189 }
190 
191 BLAKE2_ParameterBlock<true>::BLAKE2_ParameterBlock(size_t digestLen, size_t keyLen,
192  const byte* saltStr, size_t saltLen,
193  const byte* personalizationStr, size_t personalizationLen)
194 {
195  // Avoid Coverity finding SIZEOF_MISMATCH/suspicious_sizeof
196  digestLength = (byte)digestLen;
197  keyLength = (byte)keyLen;
198  fanout = depth = 1;
199  nodeDepth = innerLength = 0;
200 
201  memset(rfu, 0x00, COUNTOF(rfu));
202  memset(leafLength, 0x00, COUNTOF(leafLength));
203  memset(nodeOffset, 0x00, COUNTOF(nodeOffset));
204 
205  if (saltStr && saltLen)
206  {
207  memcpy_s(salt, COUNTOF(salt), saltStr, saltLen);
208  const size_t rem = COUNTOF(salt) - saltLen;
209  const size_t off = COUNTOF(salt) - rem;
210  if (rem)
211  memset(salt+off, 0x00, rem);
212  }
213  else
214  {
215  memset(salt, 0x00, COUNTOF(salt));
216  }
217 
218  if (personalizationStr && personalizationLen)
219  {
220  memcpy_s(personalization, COUNTOF(personalization), personalizationStr, personalizationLen);
221  const size_t rem = COUNTOF(personalization) - personalizationLen;
222  const size_t off = COUNTOF(personalization) - rem;
223  if (rem)
224  memset(personalization+off, 0x00, rem);
225  }
226  else
227  {
228  memset(personalization, 0x00, COUNTOF(personalization));
229  }
230 }
231 
232 template <class W, bool T_64bit>
233 void BLAKE2_Base<W, T_64bit>::UncheckedSetKey(const byte *key, unsigned int length, const CryptoPP::NameValuePairs& params)
234 {
235  if (key && length)
236  {
237  AlignedSecByteBlock temp(BLOCKSIZE);
238  memcpy_s(temp, BLOCKSIZE, key, length);
239 
240  const size_t rem = BLOCKSIZE - length;
241  if (rem)
242  memset(temp+length, 0x00, rem);
243 
244  m_key.swap(temp);
245  }
246  else
247  {
248  m_key.resize(0);
249  }
250 
251  // Avoid Coverity finding SIZEOF_MISMATCH/suspicious_sizeof
252  ParameterBlock& block = *m_block.data();
253  memset(m_block.data(), 0x00, sizeof(ParameterBlock));
254 
255  block.keyLength = (byte)length;
256  block.digestLength = (byte)params.GetIntValueWithDefault(Name::DigestSize(), DIGESTSIZE);
257  block.fanout = block.depth = 1;
258 
260  if (params.GetValue(Name::Salt(), t) && t.begin() && t.size())
261  {
262  memcpy_s(block.salt, COUNTOF(block.salt), t.begin(), t.size());
263  const size_t rem = COUNTOF(block.salt) - t.size();
264  const size_t off = COUNTOF(block.salt) - rem;
265  if (rem)
266  memset(block.salt+off, 0x00, rem);
267  }
268  else
269  {
270  memset(block.salt, 0x00, COUNTOF(block.salt));
271  }
272 
273  if (params.GetValue(Name::Personalization(), t) && t.begin() && t.size())
274  {
275  memcpy_s(block.personalization, COUNTOF(block.personalization), t.begin(), t.size());
276  const size_t rem = COUNTOF(block.personalization) - t.size();
277  const size_t off = COUNTOF(block.personalization) - rem;
278  if (rem)
279  memset(block.personalization+off, 0x00, rem);
280  }
281  else
282  {
283  memset(block.personalization, 0x00, COUNTOF(block.personalization));
284  }
285 }
286 
287 template <class W, bool T_64bit>
288 BLAKE2_Base<W, T_64bit>::BLAKE2_Base() : m_state(1), m_block(1), m_digestSize(DIGESTSIZE), m_treeMode(false)
289 {
290  UncheckedSetKey(NULLPTR, 0, g_nullNameValuePairs);
291  Restart();
292 }
293 
294 template <class W, bool T_64bit>
295 BLAKE2_Base<W, T_64bit>::BLAKE2_Base(bool treeMode, unsigned int digestSize) : m_state(1), m_block(1), m_digestSize(digestSize), m_treeMode(treeMode)
296 {
297  CRYPTOPP_ASSERT(digestSize <= DIGESTSIZE);
298 
299  UncheckedSetKey(NULLPTR, 0, MakeParameters(Name::DigestSize(), (int)digestSize)(Name::TreeMode(), treeMode, false));
300  Restart();
301 }
302 
303 template <class W, bool T_64bit>
304 BLAKE2_Base<W, T_64bit>::BLAKE2_Base(const byte *key, size_t keyLength, const byte* salt, size_t saltLength,
305  const byte* personalization, size_t personalizationLength, bool treeMode, unsigned int digestSize)
306  : m_state(1), m_block(1), m_digestSize(digestSize), m_treeMode(treeMode)
307 {
308  CRYPTOPP_ASSERT(keyLength <= MAX_KEYLENGTH);
309  CRYPTOPP_ASSERT(digestSize <= DIGESTSIZE);
310  CRYPTOPP_ASSERT(saltLength <= SALTSIZE);
311  CRYPTOPP_ASSERT(personalizationLength <= PERSONALIZATIONSIZE);
312 
313  UncheckedSetKey(key, static_cast<unsigned int>(keyLength), MakeParameters(Name::DigestSize(),(int)digestSize)(Name::TreeMode(),treeMode, false)
314  (Name::Salt(), ConstByteArrayParameter(salt, saltLength))(Name::Personalization(), ConstByteArrayParameter(personalization, personalizationLength)));
315  Restart();
316 }
317 
318 template <class W, bool T_64bit>
320 {
321  static const W zero[2] = {0,0};
322  Restart(*m_block.data(), zero);
323 }
324 
325 template <class W, bool T_64bit>
327 {
328  // We take a parameter block as a parameter to allow customized state.
329  // Avoid the copy of the parameter block when we are passing our own block.
330  if (&block != m_block.data())
331  {
332  memcpy_s(m_block.data(), sizeof(ParameterBlock), &block, sizeof(ParameterBlock));
333  m_block.data()->digestLength = (byte)m_digestSize;
334  m_block.data()->keyLength = (byte)m_key.size();
335  }
336 
337  State& state = *m_state.data();
338  state.t[0] = state.t[1] = 0, state.f[0] = state.f[1] = 0, state.length = 0;
339 
340  if (counter != NULLPTR)
341  {
342  state.t[0] = counter[0];
343  state.t[1] = counter[1];
344  }
345 
346  const W* iv = BLAKE2_IV<W, T_64bit>::iv;
347  PutBlock<W, LittleEndian, true> put(m_block.data(), &state.h[0]);
348  put(iv[0])(iv[1])(iv[2])(iv[3])(iv[4])(iv[5])(iv[6])(iv[7]);
349 
350  // When BLAKE2 is keyed, the input stream is simply {key||message}. Key it
351  // during Restart to avoid FirstPut and friends. Key size == 0 means no key.
352  if (m_key.size())
353  Update(m_key, m_key.size());
354 }
355 
356 template <class W, bool T_64bit>
357 void BLAKE2_Base<W, T_64bit>::Update(const byte *input, size_t length)
358 {
359  State& state = *m_state.data();
360  if (state.length + length > BLOCKSIZE)
361  {
362  // Complete current block
363  const size_t fill = BLOCKSIZE - state.length;
364  memcpy_s(&state.buffer[state.length], fill, input, fill);
365 
366  IncrementCounter();
367  Compress(state.buffer);
368  state.length = 0;
369 
370  length -= fill, input += fill;
371 
372  // Compress in-place to avoid copies
373  while (length > BLOCKSIZE)
374  {
375  IncrementCounter();
376  Compress(input);
377  length -= BLOCKSIZE, input += BLOCKSIZE;
378  }
379  }
380 
381  // Copy tail bytes
382  if (input && length)
383  {
384  CRYPTOPP_ASSERT(length <= BLOCKSIZE - state.length);
385  memcpy_s(&state.buffer[state.length], length, input, length);
386  state.length += static_cast<unsigned int>(length);
387  }
388 }
389 
390 template <class W, bool T_64bit>
391 void BLAKE2_Base<W, T_64bit>::TruncatedFinal(byte *hash, size_t size)
392 {
393  this->ThrowIfInvalidTruncatedSize(size);
394 
395  // Set last block unconditionally
396  State& state = *m_state.data();
397  state.f[0] = static_cast<W>(-1);
398 
399  // Set last node if tree mode
400  if (m_treeMode)
401  state.f[1] = static_cast<W>(-1);
402 
403  // Increment counter for tail bytes only
404  IncrementCounter(state.length);
405 
406  memset(state.buffer + state.length, 0x00, BLOCKSIZE - state.length);
407  Compress(state.buffer);
408 
409  // Copy to caller buffer
410  memcpy_s(hash, size, &state.h[0], size);
411 
412  Restart();
413 }
414 
415 template <class W, bool T_64bit>
417 {
418  State& state = *m_state.data();
419  state.t[0] += static_cast<W>(count);
420  state.t[1] += !!(state.t[0] < count);
421 }
422 
423 template <>
424 void BLAKE2_Base<word64, true>::Compress(const byte *input)
425 {
426 #if CRYPTOPP_SSE41_AVAILABLE
427  if(HasSSE41())
428  {
429  return BLAKE2_Compress64_SSE4(input, *m_state.data());
430  }
431 #endif
432 #if CRYPTOPP_ARM_NEON_AVAILABLE
433  if(HasNEON())
434  {
435  return BLAKE2_Compress64_NEON(input, *m_state.data());
436  }
437 #endif
438  return BLAKE2_Compress64_CXX(input, *m_state.data());
439 }
440 
441 template <>
442 void BLAKE2_Base<word32, false>::Compress(const byte *input)
443 {
444 #if CRYPTOPP_SSE41_AVAILABLE
445  if(HasSSE41())
446  {
447  return BLAKE2_Compress32_SSE4(input, *m_state.data());
448  }
449 #endif
450 #if CRYPTOPP_ARM_NEON_AVAILABLE
451  if(HasNEON())
452  {
453  return BLAKE2_Compress32_NEON(input, *m_state.data());
454  }
455 #endif
456  return BLAKE2_Compress32_CXX(input, *m_state.data());
457 }
458 
459 void BLAKE2_Compress64_CXX(const byte* input, BLAKE2_State<word64, true>& state)
460 {
461  word64 m[16], v[16];
462 
464  get1(m[0])(m[1])(m[2])(m[3])(m[4])(m[5])(m[6])(m[7])(m[8])(m[9])(m[10])(m[11])(m[12])(m[13])(m[14])(m[15]);
465 
466  GetBlock<word64, LittleEndian, true> get2(&state.h[0]);
467  get2(v[0])(v[1])(v[2])(v[3])(v[4])(v[5])(v[6])(v[7]);
468 
469  const word64* iv = BLAKE2_IV<word64, true>::iv;
470  v[ 8] = iv[0];
471  v[ 9] = iv[1];
472  v[10] = iv[2];
473  v[11] = iv[3];
474  v[12] = state.t[0] ^ iv[4];
475  v[13] = state.t[1] ^ iv[5];
476  v[14] = state.f[0] ^ iv[6];
477  v[15] = state.f[1] ^ iv[7];
478 
479  BLAKE2B_ROUND<0>(m, v);
480  BLAKE2B_ROUND<1>(m, v);
481  BLAKE2B_ROUND<2>(m, v);
482  BLAKE2B_ROUND<3>(m, v);
483  BLAKE2B_ROUND<4>(m, v);
484  BLAKE2B_ROUND<5>(m, v);
485  BLAKE2B_ROUND<6>(m, v);
486  BLAKE2B_ROUND<7>(m, v);
487  BLAKE2B_ROUND<8>(m, v);
488  BLAKE2B_ROUND<9>(m, v);
489  BLAKE2B_ROUND<10>(m, v);
490  BLAKE2B_ROUND<11>(m, v);
491 
492  for(unsigned int i = 0; i < 8; ++i)
493  state.h[i] = state.h[i] ^ ConditionalByteReverse(LittleEndian::ToEnum(), v[i] ^ v[i + 8]);
494 }
495 
496 void BLAKE2_Compress32_CXX(const byte* input, BLAKE2_State<word32, false>& state)
497 {
498  word32 m[16], v[16];
499 
501  get1(m[0])(m[1])(m[2])(m[3])(m[4])(m[5])(m[6])(m[7])(m[8])(m[9])(m[10])(m[11])(m[12])(m[13])(m[14])(m[15]);
502 
503  GetBlock<word32, LittleEndian, true> get2(&state.h[0]);
504  get2(v[0])(v[1])(v[2])(v[3])(v[4])(v[5])(v[6])(v[7]);
505 
506  const word32* iv = BLAKE2_IV<word32, false>::iv;
507  v[ 8] = iv[0];
508  v[ 9] = iv[1];
509  v[10] = iv[2];
510  v[11] = iv[3];
511  v[12] = state.t[0] ^ iv[4];
512  v[13] = state.t[1] ^ iv[5];
513  v[14] = state.f[0] ^ iv[6];
514  v[15] = state.f[1] ^ iv[7];
515 
516  BLAKE2S_ROUND<0>(m, v);
517  BLAKE2S_ROUND<1>(m, v);
518  BLAKE2S_ROUND<2>(m, v);
519  BLAKE2S_ROUND<3>(m, v);
520  BLAKE2S_ROUND<4>(m, v);
521  BLAKE2S_ROUND<5>(m, v);
522  BLAKE2S_ROUND<6>(m, v);
523  BLAKE2S_ROUND<7>(m, v);
524  BLAKE2S_ROUND<8>(m, v);
525  BLAKE2S_ROUND<9>(m, v);
526 
527  for(unsigned int i = 0; i < 8; ++i)
528  state.h[i] = state.h[i] ^ ConditionalByteReverse(LittleEndian::ToEnum(), v[i] ^ v[i + 8]);
529 }
530 
531 template class BLAKE2_Base<word32, false>;
532 template class BLAKE2_Base<word64, true>;
533 
534 NAMESPACE_END
Used to pass byte array input as part of a NameValuePairs object.
Definition: algparam.h:20
void Restart()
Restart the hash.
Definition: blake2.cpp:319
Standard names for retrieving values by name when working with NameValuePairs.
const char * DigestSize()
int, in bytes
Definition: argnames.h:79
const char * TreeMode()
byte
Definition: argnames.h:90
Classes for working with NameValuePairs.
BLAKE2 hash implementation.
Definition: blake2.h:157
size_t size() const
Length of the memory block.
Definition: algparam.h:84
void TruncatedFinal(byte *hash, size_t size)
Computes the hash of the current message.
Definition: blake2.cpp:391
Abstract base classes that provide a uniform interface to this library.
void memcpy_s(void *dest, size_t sizeInBytes, const void *src, size_t count)
Bounds checking replacement for memcpy()
Definition: misc.h:383
Library configuration file.
const byte * begin() const
Pointer to the first byte in the memory block.
Definition: algparam.h:80
AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwIfNotUsed=true)
Create an object that implements NameValuePairs.
Definition: algparam.h:502
T ConditionalByteReverse(ByteOrder order, T value)
Reverses bytes in a value depending upon endianness.
Definition: misc.h:1979
A::pointer data()
Provides a pointer to the first element in the memory block.
Definition: secblock.h:553
const char * Salt()
ConstByteArrayParameter.
Definition: argnames.h:87
Precompiled header file.
#define COUNTOF(arr)
Counts elements in an array.
Definition: misc.h:181
SecBlock using AllocatorWithCleanup<byte, true> typedef.
Definition: secblock.h:826
Classes for BLAKE2b and BLAKE2s message digests and keyed message digests.
const char * Personalization()
ConstByteArrayParameter.
Definition: argnames.h:85
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Definition: trap.h:60
Functions for CPU features and intrinsics.
BLAKE2 state information.
Definition: blake2.h:132
BLAKE2 parameter block.
Definition: blake2.h:51
const NameValuePairs g_nullNameValuePairs
An empty set of name-value pairs.
Definition: cryptlib.h:495
T rotrConstant(T x)
Performs a right rotate.
Definition: misc.h:1391
Access a block of memory.
Definition: misc.h:2324
bool HasSSE41()
Determines SSE4.1 availability.
Definition: cpu.h:140
Access a block of memory.
Definition: misc.h:2365
Crypto++ library namespace.
bool HasNEON()
Determine if an ARM processor has Advanced SIMD available.
Definition: cpu.h:329
void Update(const byte *input, size_t length)
Updates a hash with additional input.
Definition: blake2.cpp:357