luajitos

BLAKE2.c (6553B)

---

 /*
  * BLAKE2b Implementation
  * RFC 7693
  *
  * Fast cryptographic hash function, faster than SHA-2/SHA-3
  * Optimized for 64-bit platforms
  */
 
 #include <stdint.h>
 #include <string.h>
 #include <stdlib.h>
 
 /* BLAKE2b IV */
 static const uint64_t blake2b_iv[8] = {
     0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL,
     0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL,
     0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL,
     0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL
 };
 
 /* BLAKE2b sigma (message schedule) */
 static const uint8_t blake2b_sigma[12][16] = {
     {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15},
     {14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3},
     {11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4},
     {7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8},
     {9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13},
     {2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9},
     {12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11},
     {13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10},
     {6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5},
     {10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0},
     {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15},
     {14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3}
 };
 
 #define ROR64(x, n) (((x) >> (n)) | ((x) << (64 - (n))))
 
 /* Load 64-bit little-endian */
 static inline uint64_t load64_le(const uint8_t *src) {
     return (uint64_t)src[0] |
            ((uint64_t)src[1] << 8) |
            ((uint64_t)src[2] << 16) |
            ((uint64_t)src[3] << 24) |
            ((uint64_t)src[4] << 32) |
            ((uint64_t)src[5] << 40) |
            ((uint64_t)src[6] << 48) |
            ((uint64_t)src[7] << 56);
 }
 
 /* Store 64-bit little-endian */
 static inline void store64_le(uint8_t *dst, uint64_t w) {
     dst[0] = (uint8_t)w;
     dst[1] = (uint8_t)(w >> 8);
     dst[2] = (uint8_t)(w >> 16);
     dst[3] = (uint8_t)(w >> 24);
     dst[4] = (uint8_t)(w >> 32);
     dst[5] = (uint8_t)(w >> 40);
     dst[6] = (uint8_t)(w >> 48);
     dst[7] = (uint8_t)(w >> 56);
 }
 
 /* BLAKE2b mixing function G */
 #define G(r, i, a, b, c, d, m)                           \
     do {                                                  \
         a = a + b + m[blake2b_sigma[r][2 * i]];         \
         d = ROR64(d ^ a, 32);                            \
         c = c + d;                                       \
         b = ROR64(b ^ c, 24);                            \
         a = a + b + m[blake2b_sigma[r][2 * i + 1]];     \
         d = ROR64(d ^ a, 16);                            \
         c = c + d;                                       \
         b = ROR64(b ^ c, 63);                            \
     } while (0)
 
 /* BLAKE2b compression function */
 static void blake2b_compress(uint64_t h[8], const uint8_t block[128],
                              uint64_t t0, uint64_t t1, int last) {
     uint64_t v[16], m[16];
 
     /* Initialize work vector */
     for (int i = 0; i < 8; i++) {
         v[i] = h[i];
         v[i + 8] = blake2b_iv[i];
     }
 
     v[12] ^= t0;
     v[13] ^= t1;
 
     if (last) {
         v[14] = ~v[14];
     }
 
     /* Load message */
     for (int i = 0; i < 16; i++) {
         m[i] = load64_le(block + i * 8);
     }
 
     /* 12 rounds */
     for (int r = 0; r < 12; r++) {
         G(r, 0, v[0], v[4], v[8], v[12], m);
         G(r, 1, v[1], v[5], v[9], v[13], m);
         G(r, 2, v[2], v[6], v[10], v[14], m);
         G(r, 3, v[3], v[7], v[11], v[15], m);
         G(r, 4, v[0], v[5], v[10], v[15], m);
         G(r, 5, v[1], v[6], v[11], v[12], m);
         G(r, 6, v[2], v[7], v[8], v[13], m);
         G(r, 7, v[3], v[4], v[9], v[14], m);
     }
 
     /* Update hash */
     for (int i = 0; i < 8; i++) {
         h[i] ^= v[i] ^ v[i + 8];
     }
 }
 
 /* BLAKE2b context */
 typedef struct {
     uint64_t h[8];
     uint64_t t[2];
     uint8_t buf[128];
     size_t buflen;
     size_t outlen;
 } blake2b_context;
 
 /* Initialize BLAKE2b */
 static void blake2b_init(blake2b_context *ctx, size_t outlen, const uint8_t *key, size_t keylen) {
     memset(ctx, 0, sizeof(blake2b_context));
 
     ctx->outlen = outlen;
 
     /* Initialize hash state */
     for (int i = 0; i < 8; i++) {
         ctx->h[i] = blake2b_iv[i];
     }
 
     /* Parameter block */
     ctx->h[0] ^= 0x01010000 ^ (keylen << 8) ^ outlen;
 
     /* Process key if present */
     if (keylen > 0) {
         memcpy(ctx->buf, key, keylen);
         ctx->buflen = 128;
     }
 }
 
 /* Update BLAKE2b */
 static void blake2b_update(blake2b_context *ctx, const uint8_t *data, size_t len) {
     while (len > 0) {
         size_t take = 128 - ctx->buflen;
         if (take > len) take = len;
 
         memcpy(ctx->buf + ctx->buflen, data, take);
         ctx->buflen += take;
         data += take;
         len -= take;
 
         if (ctx->buflen == 128) {
             ctx->t[0] += 128;
             if (ctx->t[0] < 128) ctx->t[1]++;
 
             blake2b_compress(ctx->h, ctx->buf, ctx->t[0], ctx->t[1], 0);
             ctx->buflen = 0;
         }
     }
 }
 
 /* Finalize BLAKE2b */
 static void blake2b_final(blake2b_context *ctx, uint8_t *out) {
     ctx->t[0] += ctx->buflen;
     if (ctx->t[0] < ctx->buflen) ctx->t[1]++;
 
     /* Pad with zeros */
     memset(ctx->buf + ctx->buflen, 0, 128 - ctx->buflen);
 
     blake2b_compress(ctx->h, ctx->buf, ctx->t[0], ctx->t[1], 1);
 
     /* Output hash */
     for (size_t i = 0; i < ctx->outlen / 8; i++) {
         store64_le(out + i * 8, ctx->h[i]);
     }
 
     /* Handle partial word */
     if (ctx->outlen % 8) {
         uint8_t temp[8];
         store64_le(temp, ctx->h[ctx->outlen / 8]);
         memcpy(out + (ctx->outlen / 8) * 8, temp, ctx->outlen % 8);
     }
 }
 
 /* BLAKE2b hash function (simple interface) */
 void blake2b(const uint8_t *data, size_t len, uint8_t *out, size_t outlen) {
     blake2b_context ctx;
     blake2b_init(&ctx, outlen, NULL, 0);
     blake2b_update(&ctx, data, len);
     blake2b_final(&ctx, out);
     memset(&ctx, 0, sizeof(ctx));
 }
 
 /* BLAKE2b-256 (32 bytes) */
 void blake2b_256(const uint8_t *data, size_t len, uint8_t digest[32]) {
     blake2b(data, len, digest, 32);
 }
 
 /* BLAKE2b-512 (64 bytes) */
 void blake2b_512(const uint8_t *data, size_t len, uint8_t digest[64]) {
     blake2b(data, len, digest, 64);
 }
 
 /* BLAKE2b with key (MAC) */
 void blake2b_mac(const uint8_t *key, size_t keylen,
                  const uint8_t *data, size_t len,
                  uint8_t *out, size_t outlen) {
     blake2b_context ctx;
     blake2b_init(&ctx, outlen, key, keylen);
     blake2b_update(&ctx, data, len);
     blake2b_final(&ctx, out);
     memset(&ctx, 0, sizeof(ctx));
 }