Crypto++  8.0
Free C++ class library of cryptographic schemes
blake2.h
Go to the documentation of this file.
1 // blake2.h - written and placed in the public domain by Jeffrey Walton
2 // and Zooko Wilcox-O'Hearn. Based on Aumasson, Neves,
3 // Wilcox-O'Hearn and Winnerlein's reference BLAKE2
4 // implementation at http://github.com/BLAKE2/BLAKE2.
5 
6 /// \file blake2.h
7 /// \brief Classes for BLAKE2b and BLAKE2s message digests and keyed message digests
8 /// \details This implementation follows Aumasson, Neves, Wilcox-O'Hearn and Winnerlein's
9 /// <A HREF="http://blake2.net/blake2.pdf">BLAKE2: simpler, smaller, fast as MD5</A> (2013.01.29).
10 /// Static algorithm name return either "BLAKE2b" or "BLAKE2s". An object algorithm name follows
11 /// the naming described in <A HREF="http://tools.ietf.org/html/rfc7693#section-4">RFC 7693, The
12 /// BLAKE2 Cryptographic Hash and Message Authentication Code (MAC)</A>.
13 /// \since C++ since Crypto++ 5.6.4, SSE since Crypto++ 5.6.4, NEON since Crypto++ 6.0,
14 /// Power8 since Crypto++ 8.0
15 
16 #ifndef CRYPTOPP_BLAKE2_H
17 #define CRYPTOPP_BLAKE2_H
18 
19 #include "cryptlib.h"
20 #include "secblock.h"
21 #include "seckey.h"
22 
23 NAMESPACE_BEGIN(CryptoPP)
24 
25 /// \brief BLAKE2s hash information
26 /// \since Crypto++ 5.6.4
27 struct BLAKE2s_Info : public VariableKeyLength<32,0,32,1,SimpleKeyingInterface::NOT_RESYNCHRONIZABLE>
28 {
30  CRYPTOPP_CONSTANT(MIN_KEYLENGTH = KeyBase::MIN_KEYLENGTH)
31  CRYPTOPP_CONSTANT(MAX_KEYLENGTH = KeyBase::MAX_KEYLENGTH)
32  CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH = KeyBase::DEFAULT_KEYLENGTH)
33 
34  CRYPTOPP_CONSTANT(BLOCKSIZE = 64)
35  CRYPTOPP_CONSTANT(DIGESTSIZE = 32)
36  CRYPTOPP_CONSTANT(SALTSIZE = 8)
37  CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = 8)
38 
39  CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "BLAKE2s";}
40 };
41 
42 /// \brief BLAKE2b hash information
43 /// \since Crypto++ 5.6.4
44 struct BLAKE2b_Info : public VariableKeyLength<64,0,64,1,SimpleKeyingInterface::NOT_RESYNCHRONIZABLE>
45 {
47  CRYPTOPP_CONSTANT(MIN_KEYLENGTH = KeyBase::MIN_KEYLENGTH)
48  CRYPTOPP_CONSTANT(MAX_KEYLENGTH = KeyBase::MAX_KEYLENGTH)
49  CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH = KeyBase::DEFAULT_KEYLENGTH)
50 
51  CRYPTOPP_CONSTANT(BLOCKSIZE = 128)
52  CRYPTOPP_CONSTANT(DIGESTSIZE = 64)
53  CRYPTOPP_CONSTANT(SALTSIZE = 16)
54  CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = 16)
55 
56  CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "BLAKE2b";}
57 };
58 
59 /// \brief BLAKE2s parameter block
60 struct CRYPTOPP_NO_VTABLE BLAKE2s_ParameterBlock
61 {
62  CRYPTOPP_CONSTANT(SALTSIZE = BLAKE2s_Info::SALTSIZE)
63  CRYPTOPP_CONSTANT(DIGESTSIZE = BLAKE2s_Info::DIGESTSIZE)
64  CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = BLAKE2s_Info::PERSONALIZATIONSIZE)
65 
67  {
68  Reset();
69  }
70 
71  BLAKE2s_ParameterBlock(size_t digestSize)
72  {
73  Reset(digestSize);
74  }
75 
76  BLAKE2s_ParameterBlock(size_t digestSize, size_t keyLength, const byte* salt, size_t saltLength,
77  const byte* personalization, size_t personalizationLength);
78 
79  void Reset(size_t digestLength=DIGESTSIZE, size_t keyLength=0);
80 
81  byte* data() {
82  return m_data.data();
83  }
84 
85  const byte* data() const {
86  return m_data.data();
87  }
88 
89  size_t size() const {
90  return m_data.size();
91  }
92 
93  byte* salt() {
94  return m_data + SaltOff;
95  }
96 
97  byte* personalization() {
98  return m_data + PersonalizationOff;
99  }
100 
101  // Offsets into the byte array
102  enum {
103  DigestOff = 0, KeyOff = 1, FanoutOff = 2, DepthOff = 3, LeafOff = 4, NodeOff = 8,
104  NodeDepthOff = 14, InnerOff = 15, SaltOff = 16, PersonalizationOff = 24
105  };
106 
108 };
109 
110 /// \brief BLAKE2b parameter block
111 struct CRYPTOPP_NO_VTABLE BLAKE2b_ParameterBlock
112 {
113  CRYPTOPP_CONSTANT(SALTSIZE = BLAKE2b_Info::SALTSIZE)
114  CRYPTOPP_CONSTANT(DIGESTSIZE = BLAKE2b_Info::DIGESTSIZE)
115  CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = BLAKE2b_Info::PERSONALIZATIONSIZE)
116 
118  {
119  Reset();
120  }
121 
122  BLAKE2b_ParameterBlock(size_t digestSize)
123  {
124  Reset(digestSize);
125  }
126 
127  BLAKE2b_ParameterBlock(size_t digestSize, size_t keyLength, const byte* salt, size_t saltLength,
128  const byte* personalization, size_t personalizationLength);
129 
130  void Reset(size_t digestLength=DIGESTSIZE, size_t keyLength=0);
131 
132  byte* data() {
133  return m_data.data();
134  }
135 
136  const byte* data() const {
137  return m_data.data();
138  }
139 
140  size_t size() const {
141  return m_data.size();
142  }
143 
144  byte* salt() {
145  return m_data + SaltOff;
146  }
147 
148  byte* personalization() {
149  return m_data + PersonalizationOff;
150  }
151 
152  // Offsets into the byte array
153  enum {
154  DigestOff = 0, KeyOff = 1, FanoutOff = 2, DepthOff = 3, LeafOff = 4, NodeOff = 8,
155  NodeDepthOff = 16, InnerOff = 17, RfuOff = 18, SaltOff = 32, PersonalizationOff = 48
156  };
157 
159 };
160 
161 /// \brief BLAKE2s state information
162 /// \since Crypto++ 5.6.4
163 struct CRYPTOPP_NO_VTABLE BLAKE2s_State
164 {
165  BLAKE2s_State() {
166  Reset();
167  }
168 
169  void Reset();
170 
171  inline word32* h() {
172  return m_hft.data();
173  }
174 
175  inline word32* t() {
176  return m_hft.data() + 8;
177  }
178 
179  inline word32* f() {
180  return m_hft.data() + 10;
181  }
182 
183  inline byte* data() {
184  return m_buf.data();
185  }
186 
187  // SSE4, Power7 and NEON depend upon t[] and f[] being side-by-side
188  CRYPTOPP_CONSTANT(BLOCKSIZE = BLAKE2s_Info::BLOCKSIZE)
191  size_t m_len;
192 };
193 
194 /// \brief BLAKE2b state information
195 /// \since Crypto++ 5.6.4
196 struct CRYPTOPP_NO_VTABLE BLAKE2b_State
197 {
198  BLAKE2b_State() {
199  Reset();
200  }
201 
202  void Reset();
203 
204  inline word64* h() {
205  return m_hft.data();
206  }
207 
208  inline word64* t() {
209  return m_hft.data() + 8;
210  }
211 
212  inline word64* f() {
213  return m_hft.data() + 10;
214  }
215 
216  inline byte* data() {
217  return m_buf.data();
218  }
219 
220  // SSE4, Power8 and NEON depend upon t[] and f[] being side-by-side
221  CRYPTOPP_CONSTANT(BLOCKSIZE = BLAKE2b_Info::BLOCKSIZE)
224  size_t m_len;
225 };
226 
227 /// \brief The BLAKE2s cryptographic hash function
228 /// \details BLAKE2s can function as both a hash and keyed hash. If you want only the hash,
229 /// then use the BLAKE2s constructor that accepts no parameters or digest size. If you
230 /// want a keyed hash, then use the constructor that accpts the key as a parameter.
231 /// Once a key and digest size are selected, its effectively immutable. The Restart()
232 /// method that accepts a ParameterBlock does not allow you to change it.
233 /// \sa Aumasson, Neves, Wilcox-O'Hearn and Winnerlein's
234 /// <A HREF="http://blake2.net/blake2.pdf">BLAKE2: simpler, smaller, fast as MD5</A> (2013.01.29).
235 /// \since C++ since Crypto++ 5.6.4, SSE since Crypto++ 5.6.4, NEON since Crypto++ 6.0,
236 /// Power8 since Crypto++ 8.0
237 class BLAKE2s : public SimpleKeyingInterfaceImpl<MessageAuthenticationCode, BLAKE2s_Info>
238 {
239 public:
240  CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH = BLAKE2s_Info::DEFAULT_KEYLENGTH)
241  CRYPTOPP_CONSTANT(MIN_KEYLENGTH = BLAKE2s_Info::MIN_KEYLENGTH)
242  CRYPTOPP_CONSTANT(MAX_KEYLENGTH = BLAKE2s_Info::MAX_KEYLENGTH)
243 
244  CRYPTOPP_CONSTANT(DIGESTSIZE = BLAKE2s_Info::DIGESTSIZE)
245  CRYPTOPP_CONSTANT(BLOCKSIZE = BLAKE2s_Info::BLOCKSIZE)
246  CRYPTOPP_CONSTANT(SALTSIZE = BLAKE2s_Info::SALTSIZE)
247  CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = BLAKE2s_Info::PERSONALIZATIONSIZE)
248 
249  typedef BLAKE2s_State State;
251 
252  CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "BLAKE2s";}
253 
254  virtual ~BLAKE2s() {}
255 
256  /// \brief Construct a BLAKE2s hash
257  /// \param digestSize the digest size, in bytes
258  /// \param treeMode flag indicating tree mode
259  BLAKE2s(bool treeMode=false, unsigned int digestSize = DIGESTSIZE);
260 
261  /// \brief Construct a BLAKE2s hash
262  /// \param key a byte array used to key the cipher
263  /// \param keyLength the size of the byte array
264  /// \param salt a byte array used as salt
265  /// \param saltLength the size of the byte array
266  /// \param personalization a byte array used as prsonalization string
267  /// \param personalizationLength the size of the byte array
268  /// \param treeMode flag indicating tree mode
269  /// \param digestSize the digest size, in bytes
270  BLAKE2s(const byte *key, size_t keyLength, const byte* salt = NULLPTR, size_t saltLength = 0,
271  const byte* personalization = NULLPTR, size_t personalizationLength = 0,
272  bool treeMode=false, unsigned int digestSize = DIGESTSIZE);
273 
274  /// \brief Retrieve the object's name
275  /// \returns the object's algorithm name following RFC 7693
276  /// \details Object algorithm name follows the naming described in
277  /// <A HREF="http://tools.ietf.org/html/rfc7693#section-4">RFC 7693, The BLAKE2 Cryptographic Hash and
278  /// Message Authentication Code (MAC)</A>. For example, "BLAKE2b-512" and "BLAKE2s-256".
279  std::string AlgorithmName() const {return std::string(BLAKE2s_Info::StaticAlgorithmName()) + "-" + IntToString(DigestSize()*8);}
280 
281  unsigned int DigestSize() const {return m_digestSize;}
282  unsigned int OptimalDataAlignment() const;
283 
284  void Update(const byte *input, size_t length);
285  void Restart();
286 
287  /// \brief Restart a hash with parameter block and counter
288  /// \param block parameter block
289  /// \param counter counter array
290  /// \details Parameter block is persisted across calls to Restart().
291  void Restart(const BLAKE2s_ParameterBlock& block, const word32 counter[2]);
292 
293  /// \brief Set tree mode
294  /// \param mode the new tree mode
295  /// \details BLAKE2 has two finalization flags, called State::f[0] and State::f[1].
296  /// If <tt>treeMode=false</tt> (default), then State::f[1] is never set. If
297  /// <tt>treeMode=true</tt>, then State::f[1] is set when State::f[0] is set.
298  /// Tree mode is persisted across calls to Restart().
299  void SetTreeMode(bool mode) {m_treeMode=mode;}
300 
301  /// \brief Get tree mode
302  /// \returns the current tree mode
303  /// \details Tree mode is persisted across calls to Restart().
304  bool GetTreeMode() const {return m_treeMode;}
305 
306  void TruncatedFinal(byte *hash, size_t size);
307 
308  std::string AlgorithmProvider() const;
309 
310 protected:
311  // Operates on state buffer and/or input. Must be BLOCKSIZE, final block will pad with 0's.
312  void Compress(const byte *input);
313  inline void IncrementCounter(size_t count=BLOCKSIZE);
314 
315  void UncheckedSetKey(const byte* key, unsigned int length, const CryptoPP::NameValuePairs& params);
316 
317 private:
318  State m_state;
319  ParameterBlock m_block;
320  AlignedSecByteBlock m_key;
321  word32 m_digestSize, m_keyLength;
322  bool m_treeMode;
323 };
324 
325 /// \brief The BLAKE2b cryptographic hash function
326 /// \details BLAKE2b can function as both a hash and keyed hash. If you want only the hash,
327 /// then use the BLAKE2b constructor that accepts no parameters or digest size. If you
328 /// want a keyed hash, then use the constructor that accpts the key as a parameter.
329 /// Once a key and digest size are selected, its effectively immutable. The Restart()
330 /// method that accepts a ParameterBlock does not allow you to change it.
331 /// \sa Aumasson, Neves, Wilcox-O'Hearn and Winnerlein's
332 /// <A HREF="http://blake2.net/blake2.pdf">BLAKE2: simpler, smaller, fast as MD5</A> (2013.01.29).
333 /// \since C++ since Crypto++ 5.6.4, SSE since Crypto++ 5.6.4, NEON since Crypto++ 6.0,
334 /// Power8 since Crypto++ 8.0
335 class BLAKE2b : public SimpleKeyingInterfaceImpl<MessageAuthenticationCode, BLAKE2b_Info>
336 {
337 public:
338  CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH = BLAKE2b_Info::DEFAULT_KEYLENGTH)
339  CRYPTOPP_CONSTANT(MIN_KEYLENGTH = BLAKE2b_Info::MIN_KEYLENGTH)
340  CRYPTOPP_CONSTANT(MAX_KEYLENGTH = BLAKE2b_Info::MAX_KEYLENGTH)
341 
342  CRYPTOPP_CONSTANT(DIGESTSIZE = BLAKE2b_Info::DIGESTSIZE)
343  CRYPTOPP_CONSTANT(BLOCKSIZE = BLAKE2b_Info::BLOCKSIZE)
344  CRYPTOPP_CONSTANT(SALTSIZE = BLAKE2b_Info::SALTSIZE)
345  CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = BLAKE2b_Info::PERSONALIZATIONSIZE)
346 
347  typedef BLAKE2b_State State;
349 
350  CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "BLAKE2b";}
351 
352  virtual ~BLAKE2b() {}
353 
354  /// \brief Construct a BLAKE2b hash
355  /// \param digestSize the digest size, in bytes
356  /// \param treeMode flag indicating tree mode
357  BLAKE2b(bool treeMode=false, unsigned int digestSize = DIGESTSIZE);
358 
359  /// \brief Construct a BLAKE2b hash
360  /// \param key a byte array used to key the cipher
361  /// \param keyLength the size of the byte array
362  /// \param salt a byte array used as salt
363  /// \param saltLength the size of the byte array
364  /// \param personalization a byte array used as prsonalization string
365  /// \param personalizationLength the size of the byte array
366  /// \param treeMode flag indicating tree mode
367  /// \param digestSize the digest size, in bytes
368  BLAKE2b(const byte *key, size_t keyLength, const byte* salt = NULLPTR, size_t saltLength = 0,
369  const byte* personalization = NULLPTR, size_t personalizationLength = 0,
370  bool treeMode=false, unsigned int digestSize = DIGESTSIZE);
371 
372  /// \brief Retrieve the object's name
373  /// \returns the object's algorithm name following RFC 7693
374  /// \details Object algorithm name follows the naming described in
375  /// <A HREF="http://tools.ietf.org/html/rfc7693#section-4">RFC 7693, The BLAKE2 Cryptographic Hash and
376  /// Message Authentication Code (MAC)</A>. For example, "BLAKE2b-512" and "BLAKE2s-256".
377  std::string AlgorithmName() const {return std::string(BLAKE2b_Info::StaticAlgorithmName()) + "-" + IntToString(DigestSize()*8);}
378 
379  unsigned int DigestSize() const {return m_digestSize;}
380  unsigned int OptimalDataAlignment() const;
381 
382  void Update(const byte *input, size_t length);
383  void Restart();
384 
385  /// \brief Restart a hash with parameter block and counter
386  /// \param block parameter block
387  /// \param counter counter array
388  /// \details Parameter block is persisted across calls to Restart().
389  void Restart(const BLAKE2b_ParameterBlock& block, const word64 counter[2]);
390 
391  /// \brief Set tree mode
392  /// \param mode the new tree mode
393  /// \details BLAKE2 has two finalization flags, called State::f[0] and State::f[1].
394  /// If <tt>treeMode=false</tt> (default), then State::f[1] is never set. If
395  /// <tt>treeMode=true</tt>, then State::f[1] is set when State::f[0] is set.
396  /// Tree mode is persisted across calls to Restart().
397  void SetTreeMode(bool mode) {m_treeMode=mode;}
398 
399  /// \brief Get tree mode
400  /// \returns the current tree mode
401  /// \details Tree mode is persisted across calls to Restart().
402  bool GetTreeMode() const {return m_treeMode;}
403 
404  void TruncatedFinal(byte *hash, size_t size);
405 
406  std::string AlgorithmProvider() const;
407 
408 protected:
409 
410  // Operates on state buffer and/or input. Must be BLOCKSIZE, final block will pad with 0's.
411  void Compress(const byte *input);
412  inline void IncrementCounter(size_t count=BLOCKSIZE);
413 
414  void UncheckedSetKey(const byte* key, unsigned int length, const CryptoPP::NameValuePairs& params);
415 
416 private:
417  State m_state;
418  ParameterBlock m_block;
419  AlignedSecByteBlock m_key;
420  word32 m_digestSize, m_keyLength;
421  bool m_treeMode;
422 };
423 
424 NAMESPACE_END
425 
426 #endif
void Update(const byte *input, size_t length)
Updates a hash with additional input.
Definition: blake2.cpp:557
BLAKE2b parameter block.
Definition: blake2.h:111
std::string AlgorithmProvider() const
Retrieve the provider of this algorithm.
Definition: blake2.cpp:248
unsigned int OptimalDataAlignment() const
Provides input and output data alignment for optimal performance.
Definition: blake2.cpp:184
static const int MAX_KEYLENGTH
The maximum key length used by the algorithm provided as a constant.
Definition: seckey.h:181
Provides a base implementation of SimpleKeyingInterface.
Definition: seckey.h:257
std::string AlgorithmProvider() const
Retrieve the provider of this algorithm.
Definition: blake2.cpp:204
Abstract base classes that provide a uniform interface to this library.
void SetTreeMode(bool mode)
Set tree mode.
Definition: blake2.h:397
void TruncatedFinal(byte *hash, size_t size)
Computes the hash of the current message.
Definition: blake2.cpp:595
BLAKE2s parameter block.
Definition: blake2.h:60
BLAKE2s(bool treeMode=false, unsigned int digestSize=DIGESTSIZE)
Construct a BLAKE2s hash.
Definition: blake2.cpp:326
The BLAKE2s cryptographic hash function.
Definition: blake2.h:237
Classes and functions for secure memory allocations.
unsigned int DigestSize() const
Provides the digest size of the hash.
Definition: blake2.h:281
Classes and functions for implementing secret key algorithms.
static const int DEFAULT_KEYLENGTH
The default key length used by the algorithm provided as a constant.
Definition: seckey.h:184
unsigned int DigestSize() const
Provides the digest size of the hash.
Definition: blake2.h:379
Interface for algorithms that take byte strings as keys.
Definition: cryptlib.h:613
std::string AlgorithmName() const
Retrieve the object&#39;s name.
Definition: blake2.h:279
BLAKE2s hash information.
Definition: blake2.h:27
SecBlock using AllocatorWithCleanup<byte, true> typedef.
Definition: secblock.h:1062
void SetTreeMode(bool mode)
Set tree mode.
Definition: blake2.h:299
void Update(const byte *input, size_t length)
Updates a hash with additional input.
Definition: blake2.cpp:520
Inherited by keyed algorithms with variable key length.
Definition: seckey.h:165
bool GetTreeMode() const
Get tree mode.
Definition: blake2.h:304
void Restart()
Restart the hash.
Definition: blake2.cpp:442
static const int MIN_KEYLENGTH
The minimum key length used by the algorithm provided as a constant.
Definition: seckey.h:178
std::string AlgorithmName() const
Retrieve the object&#39;s name.
Definition: blake2.h:377
bool GetTreeMode() const
Get tree mode.
Definition: blake2.h:402
BLAKE2s state information.
Definition: blake2.h:163
BLAKE2b state information.
Definition: blake2.h:196
std::string IntToString(T value, unsigned int base=10)
Converts a value to a string.
Definition: misc.h:604
void TruncatedFinal(byte *hash, size_t size)
Computes the hash of the current message.
Definition: blake2.cpp:620
BLAKE2b hash information.
Definition: blake2.h:44
Crypto++ library namespace.
BLAKE2b(bool treeMode=false, unsigned int digestSize=DIGESTSIZE)
Construct a BLAKE2b hash.
Definition: blake2.cpp:336
unsigned int OptimalDataAlignment() const
Provides input and output data alignment for optimal performance.
Definition: blake2.cpp:224
The BLAKE2b cryptographic hash function.
Definition: blake2.h:335
void Restart()
Restart the hash.
Definition: blake2.cpp:448