@leocuvee/wrkzcoin-multi-hashing 0.0.20

package/crypto/aesb.c

@@ -0,0 +1,177 @@
+/*
+---------------------------------------------------------------------------
+Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
+
+The redistribution and use of this software (with or without changes)
+is allowed without the payment of fees or royalties provided that:
+
+  source code distributions include the above copyright notice, this
+  list of conditions and the following disclaimer;
+
+  binary distributions include the above copyright notice, this list
+  of conditions and the following disclaimer in their documentation.
+
+This software is provided 'as is' with no explicit or implied warranties
+in respect of its operation, including, but not limited to, correctness
+and fitness for purpose.
+---------------------------------------------------------------------------
+Issue Date: 20/12/2007
+*/
+
+#include <stdint.h>
+
+#if defined(__cplusplus)
+extern "C"
+{
+#endif
+
+#define TABLE_ALIGN     32
+#define WPOLY           0x011b
+#define N_COLS          4
+#define AES_BLOCK_SIZE  16
+#define RC_LENGTH       (5 * (AES_BLOCK_SIZE / 4 - 2))
+
+#if defined(_MSC_VER)
+#define ALIGN __declspec(align(TABLE_ALIGN))
+#elif defined(__GNUC__)
+#define ALIGN __attribute__ ((aligned(16)))
+#else
+#define ALIGN
+#endif
+
+#define rf1(r,c) (r)
+#define word_in(x,c) (*((uint32_t*)(x)+(c)))
+#define word_out(x,c,v) (*((uint32_t*)(x)+(c)) = (v))
+
+#define s(x,c) x[c]
+#define si(y,x,c) (s(y,c) = word_in(x, c))
+#define so(y,x,c) word_out(y, c, s(x,c))
+#define state_in(y,x) si(y,x,0); si(y,x,1); si(y,x,2); si(y,x,3)
+#define state_out(y,x)  so(y,x,0); so(y,x,1); so(y,x,2); so(y,x,3)
+#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); rm(y,x,k,3)
+#define to_byte(x) ((x) & 0xff)
+#define bval(x,n) to_byte((x) >> (8 * (n)))
+
+#define fwd_var(x,r,c)\
+ ( r == 0 ? ( c == 0 ? s(x,0) : c == 1 ? s(x,1) : c == 2 ? s(x,2) : s(x,3))\
+ : r == 1 ? ( c == 0 ? s(x,1) : c == 1 ? s(x,2) : c == 2 ? s(x,3) : s(x,0))\
+ : r == 2 ? ( c == 0 ? s(x,2) : c == 1 ? s(x,3) : c == 2 ? s(x,0) : s(x,1))\
+ :          ( c == 0 ? s(x,3) : c == 1 ? s(x,0) : c == 2 ? s(x,1) : s(x,2)))
+
+#define fwd_rnd(y,x,k,c)  (s(y,c) = (k)[c] ^ four_tables(x,t_use(f,n),fwd_var,rf1,c))
+
+#define sb_data(w) {\
+    w(0x63), w(0x7c), w(0x77), w(0x7b), w(0xf2), w(0x6b), w(0x6f), w(0xc5),\
+    w(0x30), w(0x01), w(0x67), w(0x2b), w(0xfe), w(0xd7), w(0xab), w(0x76),\
+    w(0xca), w(0x82), w(0xc9), w(0x7d), w(0xfa), w(0x59), w(0x47), w(0xf0),\
+    w(0xad), w(0xd4), w(0xa2), w(0xaf), w(0x9c), w(0xa4), w(0x72), w(0xc0),\
+    w(0xb7), w(0xfd), w(0x93), w(0x26), w(0x36), w(0x3f), w(0xf7), w(0xcc),\
+    w(0x34), w(0xa5), w(0xe5), w(0xf1), w(0x71), w(0xd8), w(0x31), w(0x15),\
+    w(0x04), w(0xc7), w(0x23), w(0xc3), w(0x18), w(0x96), w(0x05), w(0x9a),\
+    w(0x07), w(0x12), w(0x80), w(0xe2), w(0xeb), w(0x27), w(0xb2), w(0x75),\
+    w(0x09), w(0x83), w(0x2c), w(0x1a), w(0x1b), w(0x6e), w(0x5a), w(0xa0),\
+    w(0x52), w(0x3b), w(0xd6), w(0xb3), w(0x29), w(0xe3), w(0x2f), w(0x84),\
+    w(0x53), w(0xd1), w(0x00), w(0xed), w(0x20), w(0xfc), w(0xb1), w(0x5b),\
+    w(0x6a), w(0xcb), w(0xbe), w(0x39), w(0x4a), w(0x4c), w(0x58), w(0xcf),\
+    w(0xd0), w(0xef), w(0xaa), w(0xfb), w(0x43), w(0x4d), w(0x33), w(0x85),\
+    w(0x45), w(0xf9), w(0x02), w(0x7f), w(0x50), w(0x3c), w(0x9f), w(0xa8),\
+    w(0x51), w(0xa3), w(0x40), w(0x8f), w(0x92), w(0x9d), w(0x38), w(0xf5),\
+    w(0xbc), w(0xb6), w(0xda), w(0x21), w(0x10), w(0xff), w(0xf3), w(0xd2),\
+    w(0xcd), w(0x0c), w(0x13), w(0xec), w(0x5f), w(0x97), w(0x44), w(0x17),\
+    w(0xc4), w(0xa7), w(0x7e), w(0x3d), w(0x64), w(0x5d), w(0x19), w(0x73),\
+    w(0x60), w(0x81), w(0x4f), w(0xdc), w(0x22), w(0x2a), w(0x90), w(0x88),\
+    w(0x46), w(0xee), w(0xb8), w(0x14), w(0xde), w(0x5e), w(0x0b), w(0xdb),\
+    w(0xe0), w(0x32), w(0x3a), w(0x0a), w(0x49), w(0x06), w(0x24), w(0x5c),\
+    w(0xc2), w(0xd3), w(0xac), w(0x62), w(0x91), w(0x95), w(0xe4), w(0x79),\
+    w(0xe7), w(0xc8), w(0x37), w(0x6d), w(0x8d), w(0xd5), w(0x4e), w(0xa9),\
+    w(0x6c), w(0x56), w(0xf4), w(0xea), w(0x65), w(0x7a), w(0xae), w(0x08),\
+    w(0xba), w(0x78), w(0x25), w(0x2e), w(0x1c), w(0xa6), w(0xb4), w(0xc6),\
+    w(0xe8), w(0xdd), w(0x74), w(0x1f), w(0x4b), w(0xbd), w(0x8b), w(0x8a),\
+    w(0x70), w(0x3e), w(0xb5), w(0x66), w(0x48), w(0x03), w(0xf6), w(0x0e),\
+    w(0x61), w(0x35), w(0x57), w(0xb9), w(0x86), w(0xc1), w(0x1d), w(0x9e),\
+    w(0xe1), w(0xf8), w(0x98), w(0x11), w(0x69), w(0xd9), w(0x8e), w(0x94),\
+    w(0x9b), w(0x1e), w(0x87), w(0xe9), w(0xce), w(0x55), w(0x28), w(0xdf),\
+    w(0x8c), w(0xa1), w(0x89), w(0x0d), w(0xbf), w(0xe6), w(0x42), w(0x68),\
+    w(0x41), w(0x99), w(0x2d), w(0x0f), w(0xb0), w(0x54), w(0xbb), w(0x16) }
+
+#define rc_data(w) {\
+    w(0x01), w(0x02), w(0x04), w(0x08), w(0x10),w(0x20), w(0x40), w(0x80),\
+    w(0x1b), w(0x36) }
+
+#define bytes2word(b0, b1, b2, b3) (((uint32_t)(b3) << 24) | \
+    ((uint32_t)(b2) << 16) | ((uint32_t)(b1) << 8) | (b0))
+
+#define h0(x)   (x)
+#define w0(p)   bytes2word(p, 0, 0, 0)
+#define w1(p)   bytes2word(0, p, 0, 0)
+#define w2(p)   bytes2word(0, 0, p, 0)
+#define w3(p)   bytes2word(0, 0, 0, p)
+
+#define u0(p)   bytes2word(f2(p), p, p, f3(p))
+#define u1(p)   bytes2word(f3(p), f2(p), p, p)
+#define u2(p)   bytes2word(p, f3(p), f2(p), p)
+#define u3(p)   bytes2word(p, p, f3(p), f2(p))
+
+#define v0(p)   bytes2word(fe(p), f9(p), fd(p), fb(p))
+#define v1(p)   bytes2word(fb(p), fe(p), f9(p), fd(p))
+#define v2(p)   bytes2word(fd(p), fb(p), fe(p), f9(p))
+#define v3(p)   bytes2word(f9(p), fd(p), fb(p), fe(p))
+
+#define f2(x)   ((x<<1) ^ (((x>>7) & 1) * WPOLY))
+#define f4(x)   ((x<<2) ^ (((x>>6) & 1) * WPOLY) ^ (((x>>6) & 2) * WPOLY))
+#define f8(x)   ((x<<3) ^ (((x>>5) & 1) * WPOLY) ^ (((x>>5) & 2) * WPOLY) ^ (((x>>5) & 4) * WPOLY))
+#define f3(x)   (f2(x) ^ x)
+#define f9(x)   (f8(x) ^ x)
+#define fb(x)   (f8(x) ^ f2(x) ^ x)
+#define fd(x)   (f8(x) ^ f4(x) ^ x)
+#define fe(x)   (f8(x) ^ f4(x) ^ f2(x))
+
+#define t_dec(m,n) t_##m##n
+#define t_set(m,n) t_##m##n
+#define t_use(m,n) t_##m##n
+
+#define d_4(t,n,b,e,f,g,h) ALIGN const t n[4][256] = { b(e), b(f), b(g), b(h) }
+
+#define four_tables(x,tab,vf,rf,c) \
+    (tab[0][bval(vf(x,0,c),rf(0,c))] \
+    ^ tab[1][bval(vf(x,1,c),rf(1,c))] \
+    ^ tab[2][bval(vf(x,2,c),rf(2,c))] \
+    ^ tab[3][bval(vf(x,3,c),rf(3,c))])
+
+d_4(uint32_t, t_dec(f,n), sb_data, u0, u1, u2, u3);
+
+void aesb_single_round(const uint8_t *in, uint8_t *out, uint8_t *expandedKey)
+{
+    uint32_t b0[4], b1[4];
+    const uint32_t  *kp = (uint32_t *) expandedKey;
+    state_in(b0, in);
+
+    round(fwd_rnd,  b1, b0, kp);
+
+    state_out(out, b1);
+}
+
+void aesb_pseudo_round(const uint8_t *in, uint8_t *out, uint8_t *expandedKey)
+{
+    uint32_t b0[4], b1[4];
+    const uint32_t  *kp = (uint32_t *) expandedKey;
+    state_in(b0, in);
+
+    round(fwd_rnd,  b1, b0, kp);
+    round(fwd_rnd,  b0, b1, kp + 1 * N_COLS);
+    round(fwd_rnd,  b1, b0, kp + 2 * N_COLS);
+    round(fwd_rnd,  b0, b1, kp + 3 * N_COLS);
+    round(fwd_rnd,  b1, b0, kp + 4 * N_COLS);
+    round(fwd_rnd,  b0, b1, kp + 5 * N_COLS);
+    round(fwd_rnd,  b1, b0, kp + 6 * N_COLS);
+    round(fwd_rnd,  b0, b1, kp + 7 * N_COLS);
+    round(fwd_rnd,  b1, b0, kp + 8 * N_COLS);
+    round(fwd_rnd,  b0, b1, kp + 9 * N_COLS);
+
+    state_out(out, b0);
+}
+
+
+#if defined(__cplusplus)
+}
+#endif

package/crypto/c_blake256.c

@@ -0,0 +1,326 @@
+/*
+ * The blake256_* and blake224_* functions are largely copied from
+ * blake256_light.c and blake224_light.c from the BLAKE website:
+ *
+ *     http://131002.net/blake/
+ *
+ * The hmac_* functions implement HMAC-BLAKE-256 and HMAC-BLAKE-224.
+ * HMAC is specified by RFC 2104.
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include <stdint.h>
+#include "c_blake256.h"
+
+#define U8TO32(p) \
+    (((uint32_t)((p)[0]) << 24) | ((uint32_t)((p)[1]) << 16) |    \
+     ((uint32_t)((p)[2]) <<  8) | ((uint32_t)((p)[3])      ))
+#define U32TO8(p, v) \
+    (p)[0] = (uint8_t)((v) >> 24); (p)[1] = (uint8_t)((v) >> 16); \
+    (p)[2] = (uint8_t)((v) >>  8); (p)[3] = (uint8_t)((v)      );
+
+const uint8_t sigma[][16] = {
+    { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,10,11,12,13,14,15},
+    {14,10, 4, 8, 9,15,13, 6, 1,12, 0, 2,11, 7, 5, 3},
+    {11, 8,12, 0, 5, 2,15,13,10,14, 3, 6, 7, 1, 9, 4},
+    { 7, 9, 3, 1,13,12,11,14, 2, 6, 5,10, 4, 0,15, 8},
+    { 9, 0, 5, 7, 2, 4,10,15,14, 1,11,12, 6, 8, 3,13},
+    { 2,12, 6,10, 0,11, 8, 3, 4,13, 7, 5,15,14, 1, 9},
+    {12, 5, 1,15,14,13, 4,10, 0, 7, 6, 3, 9, 2, 8,11},
+    {13,11, 7,14,12, 1, 3, 9, 5, 0,15, 4, 8, 6, 2,10},
+    { 6,15,14, 9,11, 3, 0, 8,12, 2,13, 7, 1, 4,10, 5},
+    {10, 2, 8, 4, 7, 6, 1, 5,15,11, 9,14, 3,12,13, 0},
+    { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,10,11,12,13,14,15},
+    {14,10, 4, 8, 9,15,13, 6, 1,12, 0, 2,11, 7, 5, 3},
+    {11, 8,12, 0, 5, 2,15,13,10,14, 3, 6, 7, 1, 9, 4},
+    { 7, 9, 3, 1,13,12,11,14, 2, 6, 5,10, 4, 0,15, 8}
+};
+
+const uint32_t cst[16] = {
+    0x243F6A88, 0x85A308D3, 0x13198A2E, 0x03707344,
+    0xA4093822, 0x299F31D0, 0x082EFA98, 0xEC4E6C89,
+    0x452821E6, 0x38D01377, 0xBE5466CF, 0x34E90C6C,
+    0xC0AC29B7, 0xC97C50DD, 0x3F84D5B5, 0xB5470917
+};
+
+static const uint8_t padding[] = {
+    0x80,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+};
+
+
+void blake256_compress(state *S, const uint8_t *block) {
+    uint32_t v[16], m[16], i;
+
+#define ROT(x,n) (((x)<<(32-n))|((x)>>(n)))
+#define G(a,b,c,d,e)                                      \
+    v[a] += (m[sigma[i][e]] ^ cst[sigma[i][e+1]]) + v[b]; \
+    v[d] = ROT(v[d] ^ v[a],16);                           \
+    v[c] += v[d];                                         \
+    v[b] = ROT(v[b] ^ v[c],12);                           \
+    v[a] += (m[sigma[i][e+1]] ^ cst[sigma[i][e]])+v[b];   \
+    v[d] = ROT(v[d] ^ v[a], 8);                           \
+    v[c] += v[d];                                         \
+    v[b] = ROT(v[b] ^ v[c], 7);
+
+    for (i = 0; i < 16; ++i) m[i] = U8TO32(block + i * 4);
+    for (i = 0; i < 8;  ++i) v[i] = S->h[i];
+    v[ 8] = S->s[0] ^ 0x243F6A88;
+    v[ 9] = S->s[1] ^ 0x85A308D3;
+    v[10] = S->s[2] ^ 0x13198A2E;
+    v[11] = S->s[3] ^ 0x03707344;
+    v[12] = 0xA4093822;
+    v[13] = 0x299F31D0;
+    v[14] = 0x082EFA98;
+    v[15] = 0xEC4E6C89;
+
+    if (S->nullt == 0) {
+        v[12] ^= S->t[0];
+        v[13] ^= S->t[0];
+        v[14] ^= S->t[1];
+        v[15] ^= S->t[1];
+    }
+
+    for (i = 0; i < 14; ++i) {
+        G(0, 4,  8, 12,  0);
+        G(1, 5,  9, 13,  2);
+        G(2, 6, 10, 14,  4);
+        G(3, 7, 11, 15,  6);
+        G(3, 4,  9, 14, 14);
+        G(2, 7,  8, 13, 12);
+        G(0, 5, 10, 15,  8);
+        G(1, 6, 11, 12, 10);
+    }
+
+    for (i = 0; i < 16; ++i) S->h[i % 8] ^= v[i];
+    for (i = 0; i < 8;  ++i) S->h[i] ^= S->s[i % 4];
+}
+
+void blake256_init(state *S) {
+    S->h[0] = 0x6A09E667;
+    S->h[1] = 0xBB67AE85;
+    S->h[2] = 0x3C6EF372;
+    S->h[3] = 0xA54FF53A;
+    S->h[4] = 0x510E527F;
+    S->h[5] = 0x9B05688C;
+    S->h[6] = 0x1F83D9AB;
+    S->h[7] = 0x5BE0CD19;
+    S->t[0] = S->t[1] = S->buflen = S->nullt = 0;
+    S->s[0] = S->s[1] = S->s[2] = S->s[3] = 0;
+}
+
+void blake224_init(state *S) {
+    S->h[0] = 0xC1059ED8;
+    S->h[1] = 0x367CD507;
+    S->h[2] = 0x3070DD17;
+    S->h[3] = 0xF70E5939;
+    S->h[4] = 0xFFC00B31;
+    S->h[5] = 0x68581511;
+    S->h[6] = 0x64F98FA7;
+    S->h[7] = 0xBEFA4FA4;
+    S->t[0] = S->t[1] = S->buflen = S->nullt = 0;
+    S->s[0] = S->s[1] = S->s[2] = S->s[3] = 0;
+}
+
+// datalen = number of bits
+void blake256_update(state *S, const uint8_t *data, uint64_t datalen) {
+    int left = S->buflen >> 3;
+    int fill = 64 - left;
+
+    if (left && (((datalen >> 3) & 0x3F) >= (unsigned) fill)) {
+        memcpy((void *) (S->buf + left), (void *) data, fill);
+        S->t[0] += 512;
+        if (S->t[0] == 0) S->t[1]++;
+        blake256_compress(S, S->buf);
+        data += fill;
+        datalen -= (fill << 3);
+        left = 0;
+    }
+
+    while (datalen >= 512) {
+        S->t[0] += 512;
+        if (S->t[0] == 0) S->t[1]++;
+        blake256_compress(S, data);
+        data += 64;
+        datalen -= 512;
+    }
+
+    if (datalen > 0) {
+        memcpy((void *) (S->buf + left), (void *) data, datalen >> 3);
+        S->buflen = (left << 3) + (int)datalen;
+    } else {
+        S->buflen = 0;
+    }
+}
+
+// datalen = number of bits
+void blake224_update(state *S, const uint8_t *data, uint64_t datalen) {
+    blake256_update(S, data, datalen);
+}
+
+void blake256_final_h(state *S, uint8_t *digest, uint8_t pa, uint8_t pb) {
+    uint8_t msglen[8];
+    uint32_t lo = S->t[0] + S->buflen, hi = S->t[1];
+    if (lo < (unsigned) S->buflen) hi++;
+    U32TO8(msglen + 0, hi);
+    U32TO8(msglen + 4, lo);
+
+    if (S->buflen == 440) { /* one padding byte */
+        S->t[0] -= 8;
+        blake256_update(S, &pa, 8);
+    } else {
+        if (S->buflen < 440) { /* enough space to fill the block  */
+            if (S->buflen == 0) S->nullt = 1;
+            S->t[0] -= 440 - S->buflen;
+            blake256_update(S, padding, 440 - S->buflen);
+        } else { /* need 2 compressions */
+            S->t[0] -= 512 - S->buflen;
+            blake256_update(S, padding, 512 - S->buflen);
+            S->t[0] -= 440;
+            blake256_update(S, padding + 1, 440);
+            S->nullt = 1;
+        }
+        blake256_update(S, &pb, 8);
+        S->t[0] -= 8;
+    }
+    S->t[0] -= 64;
+    blake256_update(S, msglen, 64);
+
+    U32TO8(digest +  0, S->h[0]);
+    U32TO8(digest +  4, S->h[1]);
+    U32TO8(digest +  8, S->h[2]);
+    U32TO8(digest + 12, S->h[3]);
+    U32TO8(digest + 16, S->h[4]);
+    U32TO8(digest + 20, S->h[5]);
+    U32TO8(digest + 24, S->h[6]);
+    U32TO8(digest + 28, S->h[7]);
+}
+
+void blake256_final(state *S, uint8_t *digest) {
+    blake256_final_h(S, digest, 0x81, 0x01);
+}
+
+void blake224_final(state *S, uint8_t *digest) {
+    blake256_final_h(S, digest, 0x80, 0x00);
+}
+
+// inlen = number of bytes
+void blake256_hash(uint8_t *out, const uint8_t *in, uint64_t inlen) {
+    state S;
+    blake256_init(&S);
+    blake256_update(&S, in, inlen * 8);
+    blake256_final(&S, out);
+}
+
+// inlen = number of bytes
+void blake224_hash(uint8_t *out, const uint8_t *in, uint64_t inlen) {
+    state S;
+    blake224_init(&S);
+    blake224_update(&S, in, inlen * 8);
+    blake224_final(&S, out);
+}
+
+// keylen = number of bytes
+void hmac_blake256_init(hmac_state *S, const uint8_t *_key, uint64_t keylen) {
+    const uint8_t *key = _key;
+    uint8_t keyhash[32];
+    uint8_t pad[64];
+    uint64_t i;
+
+    if (keylen > 64) {
+        blake256_hash(keyhash, key, keylen);
+        key = keyhash;
+        keylen = 32;
+    }
+
+    blake256_init(&S->inner);
+    memset(pad, 0x36, 64);
+    for (i = 0; i < keylen; ++i) {
+        pad[i] ^= key[i];
+    }
+    blake256_update(&S->inner, pad, 512);
+
+    blake256_init(&S->outer);
+    memset(pad, 0x5c, 64);
+    for (i = 0; i < keylen; ++i) {
+        pad[i] ^= key[i];
+    }
+    blake256_update(&S->outer, pad, 512);
+
+    memset(keyhash, 0, 32);
+}
+
+// keylen = number of bytes
+void hmac_blake224_init(hmac_state *S, const uint8_t *_key, uint64_t keylen) {
+    const uint8_t *key = _key;
+    uint8_t keyhash[32];
+    uint8_t pad[64];
+    uint64_t i;
+
+    if (keylen > 64) {
+        blake256_hash(keyhash, key, keylen);
+        key = keyhash;
+        keylen = 28;
+    }
+
+    blake224_init(&S->inner);
+    memset(pad, 0x36, 64);
+    for (i = 0; i < keylen; ++i) {
+        pad[i] ^= key[i];
+    }
+    blake224_update(&S->inner, pad, 512);
+
+    blake224_init(&S->outer);
+    memset(pad, 0x5c, 64);
+    for (i = 0; i < keylen; ++i) {
+        pad[i] ^= key[i];
+    }
+    blake224_update(&S->outer, pad, 512);
+
+    memset(keyhash, 0, 32);
+}
+
+// datalen = number of bits
+void hmac_blake256_update(hmac_state *S, const uint8_t *data, uint64_t datalen) {
+  // update the inner state
+  blake256_update(&S->inner, data, datalen);
+}
+
+// datalen = number of bits
+void hmac_blake224_update(hmac_state *S, const uint8_t *data, uint64_t datalen) {
+  // update the inner state
+  blake224_update(&S->inner, data, datalen);
+}
+
+void hmac_blake256_final(hmac_state *S, uint8_t *digest) {
+    uint8_t ihash[32];
+    blake256_final(&S->inner, ihash);
+    blake256_update(&S->outer, ihash, 256);
+    blake256_final(&S->outer, digest);
+    memset(ihash, 0, 32);
+}
+
+void hmac_blake224_final(hmac_state *S, uint8_t *digest) {
+    uint8_t ihash[32];
+    blake224_final(&S->inner, ihash);
+    blake224_update(&S->outer, ihash, 224);
+    blake224_final(&S->outer, digest);
+    memset(ihash, 0, 32);
+}
+
+// keylen = number of bytes; inlen = number of bytes
+void hmac_blake256_hash(uint8_t *out, const uint8_t *key, uint64_t keylen, const uint8_t *in, uint64_t inlen) {
+    hmac_state S;
+    hmac_blake256_init(&S, key, keylen);
+    hmac_blake256_update(&S, in, inlen * 8);
+    hmac_blake256_final(&S, out);
+}
+
+// keylen = number of bytes; inlen = number of bytes
+void hmac_blake224_hash(uint8_t *out, const uint8_t *key, uint64_t keylen, const uint8_t *in, uint64_t inlen) {
+    hmac_state S;
+    hmac_blake224_init(&S, key, keylen);
+    hmac_blake224_update(&S, in, inlen * 8);
+    hmac_blake224_final(&S, out);
+}

package/crypto/c_blake256.h

@@ -0,0 +1,43 @@
+#ifndef _BLAKE256_H_
+#define _BLAKE256_H_
+
+#include <stdint.h>
+
+typedef struct {
+  uint32_t h[8], s[4], t[2];
+  int buflen, nullt;
+  uint8_t buf[64];
+} state;
+
+typedef struct {
+  state inner;
+  state outer;
+} hmac_state;
+
+void blake256_init(state *);
+void blake224_init(state *);
+
+void blake256_update(state *, const uint8_t *, uint64_t);
+void blake224_update(state *, const uint8_t *, uint64_t);
+
+void blake256_final(state *, uint8_t *);
+void blake224_final(state *, uint8_t *);
+
+void blake256_hash(uint8_t *, const uint8_t *, uint64_t);
+void blake224_hash(uint8_t *, const uint8_t *, uint64_t);
+
+/* HMAC functions: */
+
+void hmac_blake256_init(hmac_state *, const uint8_t *, uint64_t);
+void hmac_blake224_init(hmac_state *, const uint8_t *, uint64_t);
+
+void hmac_blake256_update(hmac_state *, const uint8_t *, uint64_t);
+void hmac_blake224_update(hmac_state *, const uint8_t *, uint64_t);
+
+void hmac_blake256_final(hmac_state *, uint8_t *);
+void hmac_blake224_final(hmac_state *, uint8_t *);
+
+void hmac_blake256_hash(uint8_t *, const uint8_t *, uint64_t, const uint8_t *, uint64_t);
+void hmac_blake224_hash(uint8_t *, const uint8_t *, uint64_t, const uint8_t *, uint64_t);
+
+#endif /* _BLAKE256_H_ */