kmwebnet/se050-wireguard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BLAKE2s 初期化処理修正

Browse Source 
- キー付き初期化時にキーブロックを最初に圧縮
- 初期化パラメータブロックを修正
- 更新処理のカウンタ更新ロジック整理

注:RFC 7693 テストベクトル通過には圧縮関数のさらなる修正必要
This commit is contained in:
km
2026-03-26 17:22:13 +09:00
parent 9824b8f3e5
commit 323460c631
1 changed files with 12 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/se050_blake2s.c
+12 -15
View File
@@ -154,7 +154,8 @@ int se050_blake2s_init(se050_blake2s_ctx_t *ctx, size_t outlen)
} }
/* Initialize hash state with IV XORed with parameter block */ /* Initialize hash state with IV XORed with parameter block */
ctx->h[0] = BLAKE2S_IV[0] ^ 0x01010020 ^ outlen; /* fanout=1, depth=1, outlen */ /* Parameter block: 0x01010000 ^ (0 << 8) ^ outlen = 0x01010000 ^ outlen */
ctx->h[0] = BLAKE2S_IV[0] ^ 0x01010000 ^ outlen;
ctx->h[1] = BLAKE2S_IV[1]; ctx->h[1] = BLAKE2S_IV[1];
ctx->h[2] = BLAKE2S_IV[2]; ctx->h[2] = BLAKE2S_IV[2];
ctx->h[3] = BLAKE2S_IV[3]; ctx->h[3] = BLAKE2S_IV[3];
@@ -169,7 +170,6 @@ int se050_blake2s_init(se050_blake2s_ctx_t *ctx, size_t outlen)
ctx->f[1] = 0; ctx->f[1] = 0;
ctx->buflen = 0; ctx->buflen = 0;
ctx->outlen = outlen; ctx->outlen = outlen;
ctx->last_node = 0;
return 0; return 0;
} }
@@ -184,7 +184,7 @@ int se050_blake2s_init_key(se050_blake2s_ctx_t *ctx, size_t outlen,
return -1; return -1;
} }
/* Initialize with key */ /* Initialize with key: 0x01010000 ^ (keylen << 8) ^ outlen */
ctx->h[0] = BLAKE2S_IV[0] ^ 0x01010000 ^ (keylen << 8) ^ outlen; ctx->h[0] = BLAKE2S_IV[0] ^ 0x01010000 ^ (keylen << 8) ^ outlen;
ctx->h[1] = BLAKE2S_IV[1]; ctx->h[1] = BLAKE2S_IV[1];
ctx->h[2] = BLAKE2S_IV[2]; ctx->h[2] = BLAKE2S_IV[2];
@@ -194,17 +194,18 @@ int se050_blake2s_init_key(se050_blake2s_ctx_t *ctx, size_t outlen,
ctx->h[6] = BLAKE2S_IV[6]; ctx->h[6] = BLAKE2S_IV[6];
ctx->h[7] = BLAKE2S_IV[7]; ctx->h[7] = BLAKE2S_IV[7];
ctx->t[0] = 0; ctx->t[0] = BLAKE2S_BLOCK_SIZE; /* Key block already processed */
ctx->t[1] = 0; ctx->t[1] = 0;
ctx->f[0] = 0; ctx->f[0] = 0;
ctx->f[1] = 0; ctx->f[1] = 0;
ctx->buflen = keylen; ctx->buflen = 0; /* Key already compressed */
ctx->outlen = outlen; ctx->outlen = outlen;
ctx->last_node = 0;
/* Pad key to block size */ /* Compress key block */
memset(ctx->buf, 0, BLAKE2S_BLOCK_SIZE); uint8_t key_block[BLAKE2S_BLOCK_SIZE];
memcpy(ctx->buf, key, keylen); memset(key_block, 0, BLAKE2S_BLOCK_SIZE);
memcpy(key_block, key, keylen);
blake2s_compress(ctx, key_block);
return 0; return 0;
} }
@@ -229,25 +230,21 @@ int se050_blake2s_update(se050_blake2s_ctx_t *ctx, const void *data, size_t len)
p += left; p += left;
len -= left; len -= left;
/* Update counter */ /* Compress the block */
ctx->t[0] += BLAKE2S_BLOCK_SIZE; ctx->t[0] += BLAKE2S_BLOCK_SIZE;
if (ctx->t[0] < BLAKE2S_BLOCK_SIZE) { if (ctx->t[0] < BLAKE2S_BLOCK_SIZE) {
ctx->t[1]++; ctx->t[1]++;
} }
/* Compress */
blake2s_compress(ctx, ctx->buf); blake2s_compress(ctx, ctx->buf);
ctx->buflen = 0; ctx->buflen = 0;
} }
/* Process full blocks */ /* Process full blocks */
while (len >= BLAKE2S_BLOCK_SIZE) { while (len >= BLAKE2S_BLOCK_SIZE) {
/* Update counter */
ctx->t[0] += BLAKE2S_BLOCK_SIZE; ctx->t[0] += BLAKE2S_BLOCK_SIZE;
if (ctx->t[0] < BLAKE2S_BLOCK_SIZE) { if (ctx->t[0] < BLAKE2S_BLOCK_SIZE) {
ctx->t[1]++; ctx->t[1]++;
} }
blake2s_compress(ctx, p); blake2s_compress(ctx, p);
p += BLAKE2S_BLOCK_SIZE; p += BLAKE2S_BLOCK_SIZE;
len -= BLAKE2S_BLOCK_SIZE; len -= BLAKE2S_BLOCK_SIZE;
@@ -268,7 +265,7 @@ int se050_blake2s_final(se050_blake2s_ctx_t *ctx, void *out, size_t outlen)
return -1; return -1;
} }
/* Update counter with remaining data */ /* Update counter */
ctx->t[0] += ctx->buflen; ctx->t[0] += ctx->buflen;
if (ctx->t[0] < ctx->buflen) { if (ctx->t[0] < ctx->buflen) {
ctx->t[1]++; ctx->t[1]++;