From c106a56a415bcef201bca8c1f1454ab6fe9bdb46 Mon Sep 17 00:00:00 2001 From: Hans Svensson Date: Mon, 4 Feb 2019 10:47:25 +0100 Subject: Add hash function BLAKE2 to crypto:hash/hmac Adds two hash functions blake2b and blake2s (64 bit hash and 32 bit hash respectively). These are modern and standard hash functions used in blockchains and encrypted communication protocols (e.g. Noise - http://www.noiseprotocol.org/). The hash functions are available in OpenSSL since version 1.1.1. Also add test cases and mention in documentation. --- lib/crypto/c_src/algorithms.c | 9 +++++++-- lib/crypto/c_src/atoms.c | 9 +++++++++ lib/crypto/c_src/atoms.h | 4 ++++ lib/crypto/c_src/digest.c | 14 ++++++++++++++ lib/crypto/c_src/openssl_config.h | 6 ++++++ 5 files changed, 40 insertions(+), 2 deletions(-) (limited to 'lib/crypto/c_src') diff --git a/lib/crypto/c_src/algorithms.c b/lib/crypto/c_src/algorithms.c index 6318c8ad5a..a5bf248ea0 100644 --- a/lib/crypto/c_src/algorithms.c +++ b/lib/crypto/c_src/algorithms.c @@ -21,7 +21,7 @@ #include "algorithms.h" static unsigned int algo_hash_cnt, algo_hash_fips_cnt; -static ERL_NIF_TERM algo_hash[12]; /* increase when extending the list */ +static ERL_NIF_TERM algo_hash[14]; /* increase when extending the list */ static unsigned int algo_pubkey_cnt, algo_pubkey_fips_cnt; static ERL_NIF_TERM algo_pubkey[12]; /* increase when extending the list */ static unsigned int algo_cipher_cnt, algo_cipher_fips_cnt; @@ -62,6 +62,11 @@ void init_algorithms_types(ErlNifEnv* env) #ifdef HAVE_SHA3_512 algo_hash[algo_hash_cnt++] = enif_make_atom(env, "sha3_512"); #endif +#ifdef HAVE_BLAKE2 + algo_hash[algo_hash_cnt++] = enif_make_atom(env, "blake2b"); + algo_hash[algo_hash_cnt++] = enif_make_atom(env, "blake2s"); +#endif + // Non-validated algorithms follow algo_hash_fips_cnt = algo_hash_cnt; algo_hash[algo_hash_cnt++] = enif_make_atom(env, "md4"); @@ -136,7 +141,7 @@ void init_algorithms_types(ErlNifEnv* env) #if defined(HAVE_CHACHA20) algo_cipher[algo_cipher_cnt++] = enif_make_atom(env,"chacha20"); #endif - + // Validated algorithms first algo_mac_cnt = 0; algo_mac[algo_mac_cnt++] = enif_make_atom(env,"hmac"); diff --git a/lib/crypto/c_src/atoms.c b/lib/crypto/c_src/atoms.c index 3a028b9a67..5f19327197 100644 --- a/lib/crypto/c_src/atoms.c +++ b/lib/crypto/c_src/atoms.c @@ -110,6 +110,11 @@ ERL_NIF_TERM atom_sha3_512; ERL_NIF_TERM atom_md5; ERL_NIF_TERM atom_ripemd160; +#ifdef HAVE_BLAKE2 +ERL_NIF_TERM atom_blake2b; +ERL_NIF_TERM atom_blake2s; +#endif + #ifdef HAS_ENGINE_SUPPORT ERL_NIF_TERM atom_bad_engine_method; ERL_NIF_TERM atom_bad_engine_id; @@ -239,6 +244,10 @@ int init_atoms(ErlNifEnv *env, const ERL_NIF_TERM fips_mode, const ERL_NIF_TERM atom_sha3_512 = enif_make_atom(env,"sha3_512"); atom_md5 = enif_make_atom(env,"md5"); atom_ripemd160 = enif_make_atom(env,"ripemd160"); +#ifdef HAVE_BLAKE2 + atom_blake2b = enif_make_atom(env,"blake2b"); + atom_blake2s = enif_make_atom(env,"blake2s"); +#endif #ifdef HAS_ENGINE_SUPPORT atom_bad_engine_method = enif_make_atom(env,"bad_engine_method"); diff --git a/lib/crypto/c_src/atoms.h b/lib/crypto/c_src/atoms.h index 9ddf0131ac..32f5ec856c 100644 --- a/lib/crypto/c_src/atoms.h +++ b/lib/crypto/c_src/atoms.h @@ -113,6 +113,10 @@ extern ERL_NIF_TERM atom_sha3_384; extern ERL_NIF_TERM atom_sha3_512; extern ERL_NIF_TERM atom_md5; extern ERL_NIF_TERM atom_ripemd160; +#ifdef HAVE_BLAKE2 +extern ERL_NIF_TERM atom_blake2b; +extern ERL_NIF_TERM atom_blake2s; +#endif #ifdef HAS_ENGINE_SUPPORT extern ERL_NIF_TERM atom_bad_engine_method; diff --git a/lib/crypto/c_src/digest.c b/lib/crypto/c_src/digest.c index 00ba65bf54..fec286c000 100644 --- a/lib/crypto/c_src/digest.c +++ b/lib/crypto/c_src/digest.c @@ -82,6 +82,20 @@ static struct digest_type_t digest_types[] = {NULL} #endif }, + {{"blake2b"}, +#ifdef HAVE_BLAKE2 + {&EVP_blake2b512} +#else + {NULL} +#endif + }, + {{"blake2s"}, +#ifdef HAVE_BLAKE2 + {&EVP_blake2s256} +#else + {NULL} +#endif + }, {{NULL}, {NULL}} }; diff --git a/lib/crypto/c_src/openssl_config.h b/lib/crypto/c_src/openssl_config.h index c0ce1a59fe..16bc59a865 100644 --- a/lib/crypto/c_src/openssl_config.h +++ b/lib/crypto/c_src/openssl_config.h @@ -158,6 +158,12 @@ # define HAVE_SHA3_512 # endif +// BLAKE2: +#if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION_PLAIN(1,1,1) \ + && !defined(OPENSSL_NO_BLAKE2) +# define HAVE_BLAKE2 +#endif + #if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION(0,9,8,'o') \ && !defined(OPENSSL_NO_EC) \ && !defined(OPENSSL_NO_ECDH) \ -- cgit v1.2.3