Skip to content

Hacl blake2 #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 18 commits into
base: hacl-sha2
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion .github/workflows/crypto-test-harness.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ name: Linux

on:
pull_request:
branches: ["cf-zeta"]
workflow_dispatch:

jobs:
Expand Down
32 changes: 32 additions & 0 deletions crypto/Kconfig
Original file line number Diff line number Diff line change
Expand Up @@ -921,6 +921,23 @@ config CRYPTO_BLAKE2B

See https://blake2.net for further information.

config CRYPTO_BLAKE2_HACL
tristate "BLAKE2 (HACL*)"
select CRYPTO_HASH
help
BLAKE2 cryptographic hash function (RFC 7693)

This is a formally-verified implementation of BLAKE2b and BLAKE2s,
ported from the HACL* project.

This module provides the following algorithms:
- blake2b-160
- blake2b-256
- blake2b-384
- blake2b-512
- blake2s-160
- blake2s-256

config CRYPTO_CMAC
tristate "CMAC (Cipher-based MAC)"
select CRYPTO_HASH
Expand Down Expand Up @@ -1026,6 +1043,21 @@ config CRYPTO_SHA256
This is required for IPsec AH (XFRM_AH) and IPsec ESP (XFRM_ESP).
Used by the btrfs filesystem, Ceph, NFS, and SMB.

config CRYPTO_SHA2_HACL
tristate "SHA-2 (HACL*)"
select CRYPTO_HASH
help
SHA-2 secure hash algorithms (FIPS 180, ISO/IEC 10118-3) from HACL*

This is a formally-verified implementation of SHA-2 ported
from the HACL* project.

This module provides the following algorithms:
- SHA-224
- SHA-256
- SHA-384
- SHA-512

config CRYPTO_SHA512
tristate "SHA-384 and SHA-512"
select CRYPTO_HASH
Expand Down
6 changes: 6 additions & 0 deletions crypto/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,9 @@ obj-$(CONFIG_CRYPTO_MD5) += md5.o
obj-$(CONFIG_CRYPTO_RMD160) += rmd160.o
obj-$(CONFIG_CRYPTO_SHA1) += sha1_generic.o
obj-$(CONFIG_CRYPTO_SHA256) += sha256_generic.o
sha2_hacl-y := sha2-hacl-generated.o
sha2_hacl-y += sha2-hacl.o
obj-$(CONFIG_CRYPTO_SHA2_HACL) += sha2_hacl.o
obj-$(CONFIG_CRYPTO_SHA512) += sha512_generic.o
obj-$(CONFIG_CRYPTO_SHA3) += sha3_generic.o
obj-$(CONFIG_CRYPTO_SM3) += sm3.o
Expand All @@ -86,6 +89,9 @@ obj-$(CONFIG_CRYPTO_WP512) += wp512.o
CFLAGS_wp512.o := $(call cc-option,-fno-schedule-insns) # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79149
obj-$(CONFIG_CRYPTO_BLAKE2B) += blake2b_generic.o
CFLAGS_blake2b_generic.o := -Wframe-larger-than=4096 # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105930
blake2_hacl-y := blake2-hacl-generated.o
blake2_hacl-y += blake2-hacl.o
obj-$(CONFIG_CRYPTO_BLAKE2_HACL) += blake2_hacl.o
obj-$(CONFIG_CRYPTO_ECB) += ecb.o
obj-$(CONFIG_CRYPTO_CBC) += cbc.o
obj-$(CONFIG_CRYPTO_CFB) += cfb.o
Expand Down
1,376 changes: 1,376 additions & 0 deletions crypto/blake2-hacl-generated.c

Large diffs are not rendered by default.

186 changes: 186 additions & 0 deletions crypto/blake2-hacl.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,186 @@
// SPDX-License-Identifier: GPL-2.0 OR MIT
/*
* Copyright (c) 2023 Cryspen
*
* This is a formally-verified implementation of BLAKE2 produced by HACL*.
*/

#include <crypto/blake2b.h>
#include <crypto/blake2s.h>
#include <crypto/internal/blake2b.h>

#include "hacl_hash.h"
#include "hacl_lib.h"

int hacl_blake2b_init(struct shash_desc *desc)
{
unsigned int outlen = crypto_shash_digestsize(desc->tfm);
struct Hacl_Streaming_Blake2_blake2b_32_state_s *state =
shash_desc_ctx(desc);
uint8_t *buf = (uint8_t *)kmalloc((uint32_t)128U, sizeof(uint8_t));
uint64_t *wv = (uint64_t *)kmalloc((uint32_t)16U, sizeof(uint64_t));
uint64_t *b = (uint64_t *)kmalloc((uint32_t)16U, sizeof(uint64_t));
struct Hacl_Streaming_Blake2_blake2b_32_block_state_s block_state = {
.fst = wv, .snd = b
};
struct Hacl_Streaming_Blake2_blake2b_32_state_s s1 = {
.block_state = block_state,
.buf = buf,
.total_len = (uint64_t)(uint32_t)0U
};
state[0] = s1;
Hacl_Blake2b_32_blake2b_init(block_state.snd, (uint32_t)0U,
(uint32_t)outlen);
return 0;
}
EXPORT_SYMBOL(hacl_blake2b_init);

int hacl_blake2b_update(struct shash_desc *desc, const u8 *in,
unsigned int inlen)
{
struct Hacl_Streaming_Blake2_blake2b_32_state_s *sctx =
shash_desc_ctx(desc);
Hacl_Streaming_Blake2_blake2b_32_no_key_update(sctx, (u8 *)in, inlen);
return 0;
}
EXPORT_SYMBOL(hacl_blake2b_update);

int hacl_blake2b_final(struct shash_desc *desc, u8 *out)
{
struct Hacl_Streaming_Blake2_blake2b_32_state_s *sctx =
shash_desc_ctx(desc);
u8 full_hash[64];
int outlen = crypto_shash_digestsize(desc->tfm);
Hacl_Streaming_Blake2_blake2b_32_no_key_finish(sctx, full_hash);
memcpy(out,full_hash,outlen);

struct Hacl_Streaming_Blake2_blake2b_32_state_s scrut = *sctx;
uint8_t *buf = scrut.buf;
struct Hacl_Streaming_Blake2_blake2b_32_block_state_s block_state =
scrut.block_state;
uint64_t *wv = block_state.fst;
uint64_t *b = block_state.snd;
kfree(wv);
kfree(b);
kfree(buf);
return 0;
}
EXPORT_SYMBOL(hacl_blake2b_final);

#define BLAKE2B_ALG(name, driver_name, digest_size) \
{ \
.base.cra_name = name, .base.cra_driver_name = driver_name, \
.base.cra_priority = 100, \
.base.cra_blocksize = BLAKE2B_BLOCK_SIZE, \
.base.cra_module = THIS_MODULE, .digestsize = digest_size, \
.init = hacl_blake2b_init, .update = hacl_blake2b_update, \
.final = hacl_blake2b_final, \
.descsize = sizeof( \
struct Hacl_Streaming_Blake2_blake2b_32_state_s), \
}

int hacl_blake2s_init(struct shash_desc *desc)
{
unsigned int outlen = crypto_shash_digestsize(desc->tfm);
struct Hacl_Streaming_Blake2_blake2s_32_state_s *state =
shash_desc_ctx(desc);
uint8_t *buf = (uint8_t *)kmalloc((uint32_t)64U, sizeof(uint8_t));
uint32_t *wv = (uint32_t *)kmalloc((uint32_t)16U, sizeof(uint32_t));
uint32_t *b = (uint32_t *)kmalloc((uint32_t)16U, sizeof(uint32_t));
struct Hacl_Streaming_Blake2_blake2s_32_block_state_s block_state = {
.fst = wv, .snd = b
};
struct Hacl_Streaming_Blake2_blake2s_32_state_s s1 = {
.block_state = block_state,
.buf = buf,
.total_len = (uint64_t)(uint32_t)0U
};
state[0] = s1;
Hacl_Blake2s_32_blake2s_init(block_state.snd, (uint32_t)0U,
(uint32_t)outlen);
return 0;
}
EXPORT_SYMBOL(hacl_blake2s_init);

int hacl_blake2s_update(struct shash_desc *desc, const u8 *in,
unsigned int inlen)
{
struct Hacl_Streaming_Blake2_blake2s_32_state_s *sctx =
shash_desc_ctx(desc);
Hacl_Streaming_Blake2_blake2s_32_no_key_update(sctx, (u8 *)in, inlen);
return 0;
}
EXPORT_SYMBOL(hacl_blake2s_update);

int hacl_blake2s_final(struct shash_desc *desc, u8 *out)
{
struct Hacl_Streaming_Blake2_blake2s_32_state_s *sctx =
shash_desc_ctx(desc);
u8 full_hash[32];
int outlen = crypto_shash_digestsize(desc->tfm);
Hacl_Streaming_Blake2_blake2s_32_no_key_finish(sctx, full_hash);
memcpy(out,full_hash,outlen);
struct Hacl_Streaming_Blake2_blake2s_32_state_s scrut = *sctx;
uint8_t *buf = scrut.buf;
struct Hacl_Streaming_Blake2_blake2s_32_block_state_s block_state =
scrut.block_state;
uint32_t *wv = block_state.fst;
uint32_t *b = block_state.snd;
kfree(wv);
kfree(b);
kfree(buf);
return 0;
}
EXPORT_SYMBOL(hacl_blake2s_final);

#define BLAKE2S_ALG(name, driver_name, digest_size) \
{ \
.base.cra_name = name, .base.cra_driver_name = driver_name, \
.base.cra_priority = 100, \
.base.cra_blocksize = BLAKE2S_BLOCK_SIZE, \
.base.cra_module = THIS_MODULE, .digestsize = digest_size, \
.init = hacl_blake2s_init, .update = hacl_blake2s_update, \
.final = hacl_blake2s_final, \
.descsize = sizeof( \
struct Hacl_Streaming_Blake2_blake2s_32_state_s), \
}

static struct shash_alg blake2_hacl_algs[] = {
BLAKE2B_ALG("blake2b-160", "blake2b-160-hacl", BLAKE2B_160_HASH_SIZE),
BLAKE2B_ALG("blake2b-256", "blake2b-256-hacl", BLAKE2B_256_HASH_SIZE),
BLAKE2B_ALG("blake2b-384", "blake2b-384-hacl", BLAKE2B_384_HASH_SIZE),
BLAKE2B_ALG("blake2b-512", "blake2b-512-hacl", BLAKE2B_512_HASH_SIZE),
BLAKE2S_ALG("blake2s-160", "blake2s-160-hacl", 20),
BLAKE2S_ALG("blake2s-256", "blake2s-256-hacl", 32),
};

static int __init blake2_hacl_mod_init(void)
{
return crypto_register_shashes(blake2_hacl_algs,
ARRAY_SIZE(blake2_hacl_algs));
}

static void __exit blake2_hacl_mod_fini(void)
{
crypto_unregister_shashes(blake2_hacl_algs,
ARRAY_SIZE(blake2_hacl_algs));
}

subsys_initcall(blake2_hacl_mod_init);
module_exit(blake2_hacl_mod_fini);

MODULE_LICENSE("Dual MIT/GPL");
MODULE_DESCRIPTION("Formally Verified BLAKE2 Secure Hash Algorithm from HACL*");

MODULE_ALIAS_CRYPTO("blake2b-160");
MODULE_ALIAS_CRYPTO("blake2b-160-hacl");
MODULE_ALIAS_CRYPTO("blake2b-256");
MODULE_ALIAS_CRYPTO("blake2b-256-hacl");
MODULE_ALIAS_CRYPTO("blake2b-384");
MODULE_ALIAS_CRYPTO("blake2b-384-hacl");
MODULE_ALIAS_CRYPTO("blake2b-512");
MODULE_ALIAS_CRYPTO("blake2b-512-hacl");
MODULE_ALIAS_CRYPTO("blake2s-160");
MODULE_ALIAS_CRYPTO("blake2s-160-hacl");
MODULE_ALIAS_CRYPTO("blake2s-256");
MODULE_ALIAS_CRYPTO("blake2s-256-hacl");
Loading