1 files changed, 176 insertions, 0 deletions
diff --git a/src/fids/blake2b.c b/src/fids/blake2b.c
new file mode 100644
index 000000000..f2aa5ae66
--- /dev/null
+++ b/src/fids/blake2b.c
@@ -0,0 +1,176 @@
+/*
+ * Copyright (C) 2014-2021 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+/* A simple unkeyed BLAKE2b Implementation based on the official reference
+ * from https://github.com/BLAKE2/BLAKE2.
+ *
+ * The original code was released under CC0 1.0 Universal license (Creative Commons),
+ * a public domain license.
+ */
+#include "fids.h"
+// little-endian vs big-endian is irrelevant since the checksum is calculated and checked on the same computer.
+static inline uint64_t load64( const void *src ) {
+        uint64_t w;
+        memcpy( &w, src, sizeof( w ) );
+        return w;
+}
+// mixing function
+#define ROTR64(x, y)  (((x) >> (y)) ^ ((x) << (64 - (y))))
+#define G(a, b, c, d, x, y) {   \
+                v[a] = v[a] + v[b] + x;         \
+                v[d] = ROTR64(v[d] ^ v[a], 32); \
+                v[c] = v[c] + v[d];             \
+                v[b] = ROTR64(v[b] ^ v[c], 24); \
+                v[a] = v[a] + v[b] + y;         \
+                v[d] = ROTR64(v[d] ^ v[a], 16); \
+                v[c] = v[c] + v[d];             \
+                v[b] = ROTR64(v[b] ^ v[c], 63); }
+// init vector
+static const uint64_t iv[8] = {
+        0x6A09E667F3BCC908, 0xBB67AE8584CAA73B,
+        0x3C6EF372FE94F82B, 0xA54FF53A5F1D36F1,
+        0x510E527FADE682D1, 0x9B05688C2B3E6C1F,
+        0x1F83D9ABFB41BD6B, 0x5BE0CD19137E2179
+};
+const uint8_t sigma[12][16] = {
+        { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 },
+        { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 },
+        { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 },
+        { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 },
+        { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 },
+        { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 },
+        { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 },
+        { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 },
+        { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 },
+        { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0 },
+        { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 },
+        { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 }
+};
+// blake2b context
+typedef struct {
+        uint8_t b[128];                     // input buffer
+        uint64_t h[8];                      // chained state
+        uint64_t t[2];                      // total number of bytes
+        size_t c;                           // pointer for b[]
+        size_t outlen;                      // digest size
+} CTX;
+// compress function
+static void compress(CTX *ctx, int last) {
+        uint64_t m[16];
+        uint64_t v[16];
+        size_t i;
+        for (i = 0; i < 16; i++)
+                m[i] = load64(&ctx->b[8 * i]);
+        for (i = 0; i < 8; i++) {
+                v[i] = ctx->h[i];
+                v[i + 8] = iv[i];
+        }
+        v[12] ^= ctx->t[0];
+        v[13] ^= ctx->t[1];
+        if (last)
+                v[14] = ~v[14];
+        for (i = 0; i < 12; i++) {
+                G( 0, 4,  8, 12, m[sigma[i][ 0]], m[sigma[i][ 1]]);
+                G( 1, 5,  9, 13, m[sigma[i][ 2]], m[sigma[i][ 3]]);
+                G( 2, 6, 10, 14, m[sigma[i][ 4]], m[sigma[i][ 5]]);
+                G( 3, 7, 11, 15, m[sigma[i][ 6]], m[sigma[i][ 7]]);
+                G( 0, 5, 10, 15, m[sigma[i][ 8]], m[sigma[i][ 9]]);
+                G( 1, 6, 11, 12, m[sigma[i][10]], m[sigma[i][11]]);
+                G( 2, 7,  8, 13, m[sigma[i][12]], m[sigma[i][13]]);
+                G( 3, 4,  9, 14, m[sigma[i][14]], m[sigma[i][15]]);
+        }
+        for( i = 0; i < 8; ++i )
+                ctx->h[i] ^= v[i] ^ v[i + 8];
+}
+static int init(CTX *ctx, size_t outlen) {      // (keylen=0: no key)
+        size_t i;
+        if (outlen == 0 || outlen > 64)
+                return -1;
+        for (i = 0; i < 8; i++)
+                ctx->h[i] = iv[i];
+        ctx->h[0] ^= 0x01010000  ^ outlen;
+        ctx->t[0] = 0;
+        ctx->t[1] = 0;
+        ctx->c = 0;
+        ctx->outlen = outlen;
+        return 0;
+}
+static void update(CTX *ctx, const void *in, size_t inlen) {
+        size_t i;
+        for (i = 0; i < inlen; i++) {
+                if (ctx->c == 128) {
+                        ctx->t[0] += ctx->c;
+                        if (ctx->t[0] < ctx->c)
+                                ctx->t[1]++;
+                        compress(ctx, 0);
+                        ctx->c = 0;
+                }
+                ctx->b[ctx->c++] = ((const uint8_t *) in)[i];
+        }
+}
+static void final(CTX *ctx, void *out) {
+        size_t i;
+        ctx->t[0] += ctx->c;
+        if (ctx->t[0] < ctx->c)
+                ctx->t[1]++;
+        while (ctx->c < 128)
+                ctx->b[ctx->c++] = 0;
+        compress(ctx, 1);
+        for (i = 0; i < ctx->outlen; i++) {
+                ((uint8_t *) out)[i] =
+                        (ctx->h[i >> 3] >> (8 * (i & 7))) & 0xFF;
+        }
+}
+// public function
+int blake2b(void *out, size_t outlen, const void *in, size_t inlen) {
+        CTX ctx;
+        if (init(&ctx, outlen))
+                return -1;
+        update(&ctx, in, inlen);
+        final(&ctx, out);
+        return 0;
+}

diff --git a/src/fids/blake2b.c b/src/fids/blake2b.c new file mode 100644 index 000000000..f2aa5ae66 --- /dev/null +++ b/src/fids/blake2b.c
@@ -0,0 +1,176 @@
	1	/*
	2	* Copyright (C) 2014-2021 Firejail Authors
	3	*
	4	* This file is part of firejail project
	5	*
	6	* This program is free software; you can redistribute it and/or modify
	7	* it under the terms of the GNU General Public License as published by
	8	* the Free Software Foundation; either version 2 of the License, or
	9	* (at your option) any later version.
	10	*
	11	* This program is distributed in the hope that it will be useful,
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	* GNU General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU General Public License along
	17	* with this program; if not, write to the Free Software Foundation, Inc.,
	18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
	19	*/
	20
	21	/* A simple unkeyed BLAKE2b Implementation based on the official reference
	22	* from https://github.com/BLAKE2/BLAKE2.
	23	*
	24	* The original code was released under CC0 1.0 Universal license (Creative Commons),
	25	* a public domain license.
	26	*/
	27
	28	#include "fids.h"
	29
	30	// little-endian vs big-endian is irrelevant since the checksum is calculated and checked on the same computer.
	31	static inline uint64_t load64( const void *src ) {
	32	uint64_t w;
	33	memcpy( &w, src, sizeof( w ) );
	34	return w;
	35	}
	36
	37	// mixing function
	38	#define ROTR64(x, y) (((x) >> (y)) ^ ((x) << (64 - (y))))
	39	#define G(a, b, c, d, x, y) { \
	40	v[a] = v[a] + v[b] + x; \
	41	v[d] = ROTR64(v[d] ^ v[a], 32); \
	42	v[c] = v[c] + v[d]; \
	43	v[b] = ROTR64(v[b] ^ v[c], 24); \
	44	v[a] = v[a] + v[b] + y; \
	45	v[d] = ROTR64(v[d] ^ v[a], 16); \
	46	v[c] = v[c] + v[d]; \
	47	v[b] = ROTR64(v[b] ^ v[c], 63); }
	48
	49	// init vector
	50	static const uint64_t iv[8] = {
	51	0x6A09E667F3BCC908, 0xBB67AE8584CAA73B,
	52	0x3C6EF372FE94F82B, 0xA54FF53A5F1D36F1,
	53	0x510E527FADE682D1, 0x9B05688C2B3E6C1F,
	54	0x1F83D9ABFB41BD6B, 0x5BE0CD19137E2179
	55	};
	56
	57
	58	const uint8_t sigma[12][16] = {
	59	{ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 },
	60	{ 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 },
	61	{ 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 },
	62	{ 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 },
	63	{ 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 },
	64	{ 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 },
	65	{ 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 },
	66	{ 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 },
	67	{ 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 },
	68	{ 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0 },
	69	{ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 },
	70	{ 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 }
	71	};
	72
	73	// blake2b context
	74	typedef struct {
	75	uint8_t b[128]; // input buffer
	76	uint64_t h[8]; // chained state
	77	uint64_t t[2]; // total number of bytes
	78	size_t c; // pointer for b[]
	79	size_t outlen; // digest size
	80	} CTX;
	81
	82	// compress function
	83	static void compress(CTX *ctx, int last) {
	84	uint64_t m[16];
	85	uint64_t v[16];
	86	size_t i;
	87
	88	for (i = 0; i < 16; i++)
	89	m[i] = load64(&ctx->b[8 * i]);
	90
	91	for (i = 0; i < 8; i++) {
	92	v[i] = ctx->h[i];
	93	v[i + 8] = iv[i];
	94	}
	95
	96	v[12] ^= ctx->t[0];
	97	v[13] ^= ctx->t[1];
	98	if (last)
	99	v[14] = ~v[14];
	100
	101	for (i = 0; i < 12; i++) {
	102	G( 0, 4, 8, 12, m[sigma[i][ 0]], m[sigma[i][ 1]]);
	103	G( 1, 5, 9, 13, m[sigma[i][ 2]], m[sigma[i][ 3]]);
	104	G( 2, 6, 10, 14, m[sigma[i][ 4]], m[sigma[i][ 5]]);
	105	G( 3, 7, 11, 15, m[sigma[i][ 6]], m[sigma[i][ 7]]);
	106	G( 0, 5, 10, 15, m[sigma[i][ 8]], m[sigma[i][ 9]]);
	107	G( 1, 6, 11, 12, m[sigma[i][10]], m[sigma[i][11]]);
	108	G( 2, 7, 8, 13, m[sigma[i][12]], m[sigma[i][13]]);
	109	G( 3, 4, 9, 14, m[sigma[i][14]], m[sigma[i][15]]);
	110	}
	111
	112	for( i = 0; i < 8; ++i )
	113	ctx->h[i] ^= v[i] ^ v[i + 8];
	114	}
	115
	116	static int init(CTX *ctx, size_t outlen) { // (keylen=0: no key)
	117	size_t i;
	118
	119	if (outlen == 0 \|\| outlen > 64)
	120	return -1;
	121
	122	for (i = 0; i < 8; i++)
	123	ctx->h[i] = iv[i];
	124	ctx->h[0] ^= 0x01010000 ^ outlen;
	125
	126	ctx->t[0] = 0;
	127	ctx->t[1] = 0;
	128	ctx->c = 0;
	129	ctx->outlen = outlen;
	130
	131	return 0;
	132	}
	133
	134	static void update(CTX ctx, const void in, size_t inlen) {
	135	size_t i;
	136
	137	for (i = 0; i < inlen; i++) {
	138	if (ctx->c == 128) {
	139	ctx->t[0] += ctx->c;
	140	if (ctx->t[0] < ctx->c)
	141	ctx->t[1]++;
	142	compress(ctx, 0);
	143	ctx->c = 0;
	144	}
	145	ctx->b[ctx->c++] = ((const uint8_t *) in)[i];
	146	}
	147	}
	148
	149	static void final(CTX ctx, void out) {
	150	size_t i;
	151
	152	ctx->t[0] += ctx->c;
	153	if (ctx->t[0] < ctx->c)
	154	ctx->t[1]++;
	155
	156	while (ctx->c < 128)
	157	ctx->b[ctx->c++] = 0;
	158	compress(ctx, 1);
	159
	160	for (i = 0; i < ctx->outlen; i++) {
	161	((uint8_t *) out)[i] =
	162	(ctx->h[i >> 3] >> (8 * (i & 7))) & 0xFF;
	163	}
	164	}
	165
	166	// public function
	167	int blake2b(void out, size_t outlen, const void in, size_t inlen) {
	168	CTX ctx;
	169
	170	if (init(&ctx, outlen))
	171	return -1;
	172	update(&ctx, in, inlen);
	173	final(&ctx, out);
	174
	175	return 0;
	176	}