diff --git a/doc/crypto.dox b/doc/crypto.dox
index ae7bf523..d4214d14 100644
--- a/doc/crypto.dox
+++ b/doc/crypto.dox
@@ -99,13 +99,13 @@ Ardunino Mega 2560 running at 16 MHz are similar:
| SHA512 | 122.82us | 15953.42us | | 211 |
| SHA3_256 | 60.69us | 8180.24us | | 205 |
| SHA3_512 | 113.88us | 8196.34us | | 205 |
-| BLAKE2s | 18.54us | 1200.06us | | 171 |
-| BLAKE2b | 50.70us | 6515.87us | | 339 |
+| BLAKE2s | 20.65us | 1335.25us | | 107 |
+| BLAKE2b | 65.22us | 8375.36us | | 211 |
| |
| Authentication Algorithm | Hashing (per byte) | Finalization | Key Setup | State Size (bytes) |
| SHA1 (HMAC mode) | 21.90us | 4296.33us | 1420.24us | 95 |
| SHA256 (HMAC mode) | 43.85us | 8552.61us | 2836.49us | 107 |
-| BLAKE2s (HMAC mode) | 18.54us | 3649.98us | 1214.81us | 171 |
+| BLAKE2s (HMAC mode) | 20.65us | 4055.56us | 1350.00us | 107 |
| Poly1305 | 26.29us | 486.15us | 17.26us | 87 |
| GHASH | 148.14us | 17.09us | 21.87us | 33 |
| |
@@ -156,13 +156,13 @@ All figures are for the Arduino Due running at 84 MHz:
| SHA512 | 2.87us | 370.37us | | 224 |
| SHA3_256 | 5.64us | 735.29us | | 224 |
| SHA3_512 | 10.42us | 735.49us | | 224 |
-| BLAKE2s | 0.76us | 50.88us | | 184 |
-| BLAKE2b | 1.33us | 170.93us | | 352 |
+| BLAKE2s | 0.72us | 48.24us | | 120 |
+| BLAKE2b | 1.29us | 165.28us | | 224 |
| |
| Authentication Algorithm | Hashing (per byte) | Finalization | Key Setup | State Size (bytes) |
| SHA1 (HMAC mode) | 0.94us | 193.92us | 65.09us | 112 |
| SHA256 (HMAC mode) | 1.15us | 238.98us | 80.44us | 120 |
-| BLAKE2s (HMAC mode) | 0.76us | 165.64us | 59.92us | 184 |
+| BLAKE2s (HMAC mode) | 0.72us | 157.75us | 57.18us | 120 |
| Poly1305 | 0.85us | 19.25us | 2.35us | 96 |
| GHASH | 4.37us | 1.50us | 4.37us | 36 |
| |
diff --git a/libraries/Crypto/BLAKE2b.cpp b/libraries/Crypto/BLAKE2b.cpp
index 3c21e3c1..1f7d21e7 100644
--- a/libraries/Crypto/BLAKE2b.cpp
+++ b/libraries/Crypto/BLAKE2b.cpp
@@ -216,6 +216,7 @@ static const uint8_t sigma[12][16] PROGMEM = {
void BLAKE2b::processChunk(uint64_t f0)
{
uint8_t index;
+ uint64_t v[16];
// Byte-swap the message buffer into little-endian if necessary.
#if !defined(CRYPTO_LITTLE_ENDIAN)
@@ -224,32 +225,32 @@ void BLAKE2b::processChunk(uint64_t f0)
#endif
// Format the block to be hashed.
- memcpy(state.v, state.h, sizeof(state.h));
- state.v[8] = BLAKE2b_IV0;
- state.v[9] = BLAKE2b_IV1;
- state.v[10] = BLAKE2b_IV2;
- state.v[11] = BLAKE2b_IV3;
- state.v[12] = BLAKE2b_IV4 ^ state.lengthLow;
- state.v[13] = BLAKE2b_IV5 ^ state.lengthHigh;
- state.v[14] = BLAKE2b_IV6 ^ f0;
- state.v[15] = BLAKE2b_IV7;
+ memcpy(v, state.h, sizeof(state.h));
+ v[8] = BLAKE2b_IV0;
+ v[9] = BLAKE2b_IV1;
+ v[10] = BLAKE2b_IV2;
+ v[11] = BLAKE2b_IV3;
+ v[12] = BLAKE2b_IV4 ^ state.lengthLow;
+ v[13] = BLAKE2b_IV5 ^ state.lengthHigh;
+ v[14] = BLAKE2b_IV6 ^ f0;
+ v[15] = BLAKE2b_IV7;
// Perform the 12 BLAKE2b rounds.
for (index = 0; index < 12; ++index) {
// Column round.
- quarterRound(state.v[0], state.v[4], state.v[8], state.v[12], 0);
- quarterRound(state.v[1], state.v[5], state.v[9], state.v[13], 1);
- quarterRound(state.v[2], state.v[6], state.v[10], state.v[14], 2);
- quarterRound(state.v[3], state.v[7], state.v[11], state.v[15], 3);
+ quarterRound(v[0], v[4], v[8], v[12], 0);
+ quarterRound(v[1], v[5], v[9], v[13], 1);
+ quarterRound(v[2], v[6], v[10], v[14], 2);
+ quarterRound(v[3], v[7], v[11], v[15], 3);
// Diagonal round.
- quarterRound(state.v[0], state.v[5], state.v[10], state.v[15], 4);
- quarterRound(state.v[1], state.v[6], state.v[11], state.v[12], 5);
- quarterRound(state.v[2], state.v[7], state.v[8], state.v[13], 6);
- quarterRound(state.v[3], state.v[4], state.v[9], state.v[14], 7);
+ quarterRound(v[0], v[5], v[10], v[15], 4);
+ quarterRound(v[1], v[6], v[11], v[12], 5);
+ quarterRound(v[2], v[7], v[8], v[13], 6);
+ quarterRound(v[3], v[4], v[9], v[14], 7);
}
// Combine the new and old hash values.
for (index = 0; index < 8; ++index)
- state.h[index] ^= (state.v[index] ^ state.v[index + 8]);
+ state.h[index] ^= (v[index] ^ v[index + 8]);
}
diff --git a/libraries/Crypto/BLAKE2b.h b/libraries/Crypto/BLAKE2b.h
index db9964a8..7f876647 100644
--- a/libraries/Crypto/BLAKE2b.h
+++ b/libraries/Crypto/BLAKE2b.h
@@ -48,7 +48,6 @@ private:
struct {
uint64_t h[8];
uint64_t m[16];
- uint64_t v[16];
uint64_t lengthLow;
uint64_t lengthHigh;
uint8_t chunkSize;
diff --git a/libraries/Crypto/BLAKE2s.cpp b/libraries/Crypto/BLAKE2s.cpp
index 26bdd548..3d70304d 100644
--- a/libraries/Crypto/BLAKE2s.cpp
+++ b/libraries/Crypto/BLAKE2s.cpp
@@ -209,6 +209,7 @@ static const uint8_t sigma[10][16] PROGMEM = {
void BLAKE2s::processChunk(uint32_t f0)
{
uint8_t index;
+ uint32_t v[16];
// Byte-swap the message buffer into little-endian if necessary.
#if !defined(CRYPTO_LITTLE_ENDIAN)
@@ -217,32 +218,32 @@ void BLAKE2s::processChunk(uint32_t f0)
#endif
// Format the block to be hashed.
- memcpy(state.v, state.h, sizeof(state.h));
- state.v[8] = BLAKE2s_IV0;
- state.v[9] = BLAKE2s_IV1;
- state.v[10] = BLAKE2s_IV2;
- state.v[11] = BLAKE2s_IV3;
- state.v[12] = BLAKE2s_IV4 ^ (uint32_t)(state.length);
- state.v[13] = BLAKE2s_IV5 ^ (uint32_t)(state.length >> 32);
- state.v[14] = BLAKE2s_IV6 ^ f0;
- state.v[15] = BLAKE2s_IV7;
+ memcpy(v, state.h, sizeof(state.h));
+ v[8] = BLAKE2s_IV0;
+ v[9] = BLAKE2s_IV1;
+ v[10] = BLAKE2s_IV2;
+ v[11] = BLAKE2s_IV3;
+ v[12] = BLAKE2s_IV4 ^ (uint32_t)(state.length);
+ v[13] = BLAKE2s_IV5 ^ (uint32_t)(state.length >> 32);
+ v[14] = BLAKE2s_IV6 ^ f0;
+ v[15] = BLAKE2s_IV7;
// Perform the 10 BLAKE2s rounds.
for (index = 0; index < 10; ++index) {
// Column round.
- quarterRound(state.v[0], state.v[4], state.v[8], state.v[12], 0);
- quarterRound(state.v[1], state.v[5], state.v[9], state.v[13], 1);
- quarterRound(state.v[2], state.v[6], state.v[10], state.v[14], 2);
- quarterRound(state.v[3], state.v[7], state.v[11], state.v[15], 3);
+ quarterRound(v[0], v[4], v[8], v[12], 0);
+ quarterRound(v[1], v[5], v[9], v[13], 1);
+ quarterRound(v[2], v[6], v[10], v[14], 2);
+ quarterRound(v[3], v[7], v[11], v[15], 3);
// Diagonal round.
- quarterRound(state.v[0], state.v[5], state.v[10], state.v[15], 4);
- quarterRound(state.v[1], state.v[6], state.v[11], state.v[12], 5);
- quarterRound(state.v[2], state.v[7], state.v[8], state.v[13], 6);
- quarterRound(state.v[3], state.v[4], state.v[9], state.v[14], 7);
+ quarterRound(v[0], v[5], v[10], v[15], 4);
+ quarterRound(v[1], v[6], v[11], v[12], 5);
+ quarterRound(v[2], v[7], v[8], v[13], 6);
+ quarterRound(v[3], v[4], v[9], v[14], 7);
}
// Combine the new and old hash values.
for (index = 0; index < 8; ++index)
- state.h[index] ^= (state.v[index] ^ state.v[index + 8]);
+ state.h[index] ^= (v[index] ^ v[index + 8]);
}
diff --git a/libraries/Crypto/BLAKE2s.h b/libraries/Crypto/BLAKE2s.h
index baece681..1131e282 100644
--- a/libraries/Crypto/BLAKE2s.h
+++ b/libraries/Crypto/BLAKE2s.h
@@ -48,7 +48,6 @@ private:
struct {
uint32_t h[8];
uint32_t m[16];
- uint32_t v[16];
uint64_t length;
uint8_t chunkSize;
} state;