Print this page
NEX-16819 loader UEFI support
Includes work by Toomas Soome <tsoome@me.com>
Upstream commits:
loader: pxe receive cleanup
9475 libefi: Do not return only if ReceiveFilter
installboot: should support efi system partition
8931 boot1.efi: scan all display modes rather than
loader: spinconsole updates
loader: gfx experiment to try GOP Blt() function.
sha1 build test
loader: add sha1 hash calculation
common/sha1: update for loader build
loader: biosdisk rework
uts: 32-bit kernel FB needs mapping in low memory
uts: add diag-device
uts: boot console mirror with diag-device
uts: enable very early console on ttya
kmdb: add diag-device as input/output device
uts: test VGA memory exclusion from mapping
uts: clear boot mapping and protect boot pages test
uts: add dboot map debug printf
uts: need to release FB pages in release_bootstrap()
uts: add screenmap ioctl
uts: update sys/queue.h
loader: add illumos uts/common to include path
loader: tem/gfx font cleanup
loader: vbe checks
uts: gfx_private set KD_TEXT when KD_RESETTEXT is
uts: gfx 8-bit update
loader: gfx 8-bit fix
loader: always set media size from partition.
uts: MB2 support for 32-bit kernel
loader: x86 should have tem 80x25
uts: x86 should have tem 80x25
uts: font update
loader: font update
uts: tem attributes
loader: tem.c comment added
uts: use font module
loader: add font module
loader: build rules for new font setup
uts: gfx_private update for new font structure
uts: early boot update for new font structure
uts: font update
uts: font build rules update for new fonts
uts: tem update to new font structure
loader: module.c needs to include tem_impl.h
uts: gfx_private 8x16 font rework
uts: make font_lookup public
loader: font rework
uts: font rework
9259 libefi: efi_alloc_and_read should check for PMBR
uts: tem utf-8 support
loader: implement tem utf-8 support
loader: tem should be able to display UTF-8
7784 uts: console input should support utf-8
7796 uts: ldterm default to utf-8
uts: do not reset serial console
uts: set up colors even if tem is not console
uts: add type for early boot properties
uts: gfx_private experiment with drm and vga
uts: gfx_private should use setmode drm callback.
uts: identify FB types and set up gfx_private based
loader: replace gop and vesa with framebuffer
uts: boot needs simple tem to support mdb
uts: boot_keyboard should emit esc sequences for
uts: gfx_private FB showuld be written by line
kmdb: set terminal window size
uts: gfx_private needs to keep track of early boot FB
pnglite: move pnglite to usr/src/common
loader: gfx_fb
ficl-sys: add gfx primitives
loader: add illumos.png logo
ficl: add fb-putimage
loader: add png support
loader: add alpha blending for gfx_fb
loader: use term-drawrect for menu frame
ficl: add simple gfx words
uts: provide fb_info via fbgattr dev_specific array.
uts: gfx_private add alpha blending
uts: update sys/ascii.h
uts: tem OSC support (incomplete)
uts: implement env module support and use data from
uts: tem get colors from early boot data
loader: use crc32 from libstand (libz)
loader: optimize for size
loader: pass tem info to the environment
loader: import tem for loader console
loader: UEFI loader needs to set ISADIR based on
loader: need UEFI32 support
8918 loader.efi: add vesa edid support
uts: tem_safe_pix_clear_prom_output() should only
uts: tem_safe_pix_clear_entire_screen() should use
uts: tem_safe_check_first_time() should query cursor
uts: tem implement cls callback & visual_io v4
uts: gfx_vgatext use block cursor for vgatext
uts: gfx_private implement cls callback & visual_io
uts: gfx_private bitmap framebuffer implementation
uts: early start frame buffer console support
uts: font functions should check the input char
uts: font rendering should support 16/24/32bit depths
uts: use smallest font as fallback default.
uts: update terminal dimensions based on selected
7834 uts: vgatext should use gfx_private
uts: add spacing property to 8859-1.bdf
terminfo: add underline for sun-color
terminfo: sun-color has 16 colors
uts: add font load callback type
loader: do not repeat int13 calls with error 0x20 and
8905 loader: add skein/edonr support
8904 common/crypto: make skein and edonr loader
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
Reviewed by: Sanjay Nadkarni <sanjay.nadkarni@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Revert "NEX-16819 loader UEFI support"
This reverts commit ec06b9fc617b99234e538bf2e7e4d02a24993e0c.
Reverting due to failures in the zfs-tests and the sharefs-tests
NEX-16819 loader UEFI support
Includes work by Toomas Soome <tsoome@me.com>
Upstream commits:
loader: pxe receive cleanup
9475 libefi: Do not return only if ReceiveFilter
installboot: should support efi system partition
8931 boot1.efi: scan all display modes rather than
loader: spinconsole updates
loader: gfx experiment to try GOP Blt() function.
sha1 build test
loader: add sha1 hash calculation
common/sha1: update for loader build
loader: biosdisk rework
uts: 32-bit kernel FB needs mapping in low memory
uts: add diag-device
uts: boot console mirror with diag-device
uts: enable very early console on ttya
kmdb: add diag-device as input/output device
uts: test VGA memory exclusion from mapping
uts: clear boot mapping and protect boot pages test
uts: add dboot map debug printf
uts: need to release FB pages in release_bootstrap()
uts: add screenmap ioctl
uts: update sys/queue.h
loader: add illumos uts/common to include path
loader: tem/gfx font cleanup
loader: vbe checks
uts: gfx_private set KD_TEXT when KD_RESETTEXT is
uts: gfx 8-bit update
loader: gfx 8-bit fix
loader: always set media size from partition.
uts: MB2 support for 32-bit kernel
loader: x86 should have tem 80x25
uts: x86 should have tem 80x25
uts: font update
loader: font update
uts: tem attributes
loader: tem.c comment added
uts: use font module
loader: add font module
loader: build rules for new font setup
uts: gfx_private update for new font structure
uts: early boot update for new font structure
uts: font update
uts: font build rules update for new fonts
uts: tem update to new font structure
loader: module.c needs to include tem_impl.h
uts: gfx_private 8x16 font rework
uts: make font_lookup public
loader: font rework
uts: font rework
libefi: efi_alloc_and_read should check for PMBR
uts: tem utf-8 support
loader: implement tem utf-8 support
loader: tem should be able to display UTF-8
7784 uts: console input should support utf-8
7796 uts: ldterm default to utf-8
uts: do not reset serial console
uts: set up colors even if tem is not console
uts: add type for early boot properties
uts: gfx_private experiment with drm and vga
uts: gfx_private should use setmode drm callback.
uts: identify FB types and set up gfx_private based
loader: replace gop and vesa with framebuffer
uts: boot needs simple tem to support mdb
uts: boot_keyboard should emit esc sequences for
uts: gfx_private FB showuld be written by line
kmdb: set terminal window size
uts: gfx_private needs to keep track of early boot FB
pnglite: move pnglite to usr/src/common
loader: gfx_fb
ficl-sys: add gfx primitives
loader: add illumos.png logo
ficl: add fb-putimage
loader: add png support
loader: add alpha blending for gfx_fb
loader: use term-drawrect for menu frame
ficl: add simple gfx words
uts: provide fb_info via fbgattr dev_specific array.
uts: gfx_private add alpha blending
uts: update sys/ascii.h
uts: tem OSC support (incomplete)
uts: implement env module support and use data from
uts: tem get colors from early boot data
loader: use crc32 from libstand (libz)
loader: optimize for size
loader: pass tem info to the environment
loader: import tem for loader console
loader: UEFI loader needs to set ISADIR based on
loader: need UEFI32 support
8918 loader.efi: add vesa edid support
uts: tem_safe_pix_clear_prom_output() should only
uts: tem_safe_pix_clear_entire_screen() should use
uts: tem_safe_check_first_time() should query cursor
uts: tem implement cls callback & visual_io v4
uts: gfx_vgatext use block cursor for vgatext
uts: gfx_private implement cls callback & visual_io
uts: gfx_private bitmap framebuffer implementation
uts: early start frame buffer console support
uts: font functions should check the input char
uts: font rendering should support 16/24/32bit depths
uts: use smallest font as fallback default.
uts: update terminal dimensions based on selected
7834 uts: vgatext should use gfx_private
uts: add spacing property to 8859-1.bdf
terminfo: add underline for sun-color
terminfo: sun-color has 16 colors
uts: add font load callback type
loader: do not repeat int13 calls with error 0x20 and
8905 loader: add skein/edonr support
8904 common/crypto: make skein and edonr loader
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
Reviewed by: Sanjay Nadkarni <sanjay.nadkarni@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
4185 add new cryptographic checksums to ZFS: SHA-512, Skein, Edon-R (fix studio build)
4185 add new cryptographic checksums to ZFS: SHA-512, Skein, Edon-R
Reviewed by: George Wilson <george.wilson@delphix.com>
Reviewed by: Prakash Surya <prakash.surya@delphix.com>
Reviewed by: Saso Kiselkov <saso.kiselkov@nexenta.com>
Reviewed by: Richard Lowe <richlowe@richlowe.net>
Approved by: Garrett D'Amore <garrett@damore.org>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/common/crypto/edonr/edonr.c
+++ new/usr/src/common/crypto/edonr/edonr.c
1 1 /*
2 2 * IDI,NTNU
3 3 *
4 4 * CDDL HEADER START
5 5 *
6 6 * The contents of this file are subject to the terms of the
7 7 * Common Development and Distribution License (the "License").
8 8 * You may not use this file except in compliance with the License.
9 9 *
10 10 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
11 11 * or http://opensource.org/licenses/CDDL-1.0.
12 12 * See the License for the specific language governing permissions
13 13 * and limitations under the License.
14 14 *
15 15 * When distributing Covered Code, include this CDDL HEADER in each
16 16 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
17 17 * If applicable, add the following below this CDDL HEADER, with the
18 18 * fields enclosed by brackets "[]" replaced with your own identifying
19 19 * information: Portions Copyright [yyyy] [name of copyright owner]
20 20 *
21 21 * CDDL HEADER END
22 22 *
|
↓ open down ↓ |
22 lines elided |
↑ open up ↑ |
23 23 * Copyright (C) 2009, 2010, Jorn Amundsen <jorn.amundsen@ntnu.no>
24 24 * Tweaked Edon-R implementation for SUPERCOP, based on NIST API.
25 25 *
26 26 */
27 27 /*
28 28 * Portions copyright (c) 2013, Saso Kiselkov, All rights reserved
29 29 * Copyright 2016 Gary Mills
30 30 */
31 31
32 32 /* determine where we can get bcopy/bzero declarations */
33 -#ifdef _KERNEL
33 +#if defined(_KERNEL) || defined(_STANDALONE)
34 34 #include <sys/systm.h>
35 35 #else
36 36 #include <strings.h>
37 37 #endif
38 38 #include <sys/edonr.h>
39 39 #include <sys/debug.h>
40 40
41 41 /* big endian support, provides no-op's if run on little endian hosts */
42 42 #include "edonr_byteorder.h"
43 43
44 44 #define hashState224(x) ((x)->pipe->p256)
45 45 #define hashState256(x) ((x)->pipe->p256)
46 46 #define hashState384(x) ((x)->pipe->p512)
47 47 #define hashState512(x) ((x)->pipe->p512)
48 48
49 49 /* shift and rotate shortcuts */
50 50 #define shl(x, n) ((x) << n)
51 51 #define shr(x, n) ((x) >> n)
52 52
53 53 #define rotl32(x, n) (((x) << (n)) | ((x) >> (32 - (n))))
54 54 #define rotr32(x, n) (((x) >> (n)) | ((x) << (32 - (n))))
55 55
56 56 #define rotl64(x, n) (((x) << (n)) | ((x) >> (64 - (n))))
57 57 #define rotr64(x, n) (((x) >> (n)) | ((x) << (64 - (n))))
58 58
59 59 #if !defined(__C99_RESTRICT)
60 60 #define restrict /* restrict */
61 61 #endif
62 62
63 63 #define EDONR_VALID_HASHBITLEN(x) \
64 64 ((x) == 512 || (x) == 384 || (x) == 256 || (x) == 224)
65 65
66 66 /* EdonR224 initial double chaining pipe */
67 67 static const uint32_t i224p2[16] = {
68 68 0x00010203ul, 0x04050607ul, 0x08090a0bul, 0x0c0d0e0ful,
69 69 0x10111213ul, 0x14151617ul, 0x18191a1bul, 0x1c1d1e1ful,
70 70 0x20212223ul, 0x24252627ul, 0x28292a2bul, 0x2c2d2e2ful,
71 71 0x30313233ul, 0x34353637ul, 0x38393a3bul, 0x3c3d3e3ful,
72 72 };
73 73
74 74 /* EdonR256 initial double chaining pipe */
75 75 static const uint32_t i256p2[16] = {
76 76 0x40414243ul, 0x44454647ul, 0x48494a4bul, 0x4c4d4e4ful,
77 77 0x50515253ul, 0x54555657ul, 0x58595a5bul, 0x5c5d5e5ful,
78 78 0x60616263ul, 0x64656667ul, 0x68696a6bul, 0x6c6d6e6ful,
79 79 0x70717273ul, 0x74757677ul, 0x78797a7bul, 0x7c7d7e7ful,
80 80 };
81 81
82 82 /* EdonR384 initial double chaining pipe */
83 83 static const uint64_t i384p2[16] = {
84 84 0x0001020304050607ull, 0x08090a0b0c0d0e0full,
85 85 0x1011121314151617ull, 0x18191a1b1c1d1e1full,
86 86 0x2021222324252627ull, 0x28292a2b2c2d2e2full,
87 87 0x3031323334353637ull, 0x38393a3b3c3d3e3full,
88 88 0x4041424344454647ull, 0x48494a4b4c4d4e4full,
89 89 0x5051525354555657ull, 0x58595a5b5c5d5e5full,
90 90 0x6061626364656667ull, 0x68696a6b6c6d6e6full,
91 91 0x7071727374757677ull, 0x78797a7b7c7d7e7full
92 92 };
93 93
94 94 /* EdonR512 initial double chaining pipe */
95 95 static const uint64_t i512p2[16] = {
96 96 0x8081828384858687ull, 0x88898a8b8c8d8e8full,
97 97 0x9091929394959697ull, 0x98999a9b9c9d9e9full,
98 98 0xa0a1a2a3a4a5a6a7ull, 0xa8a9aaabacadaeafull,
99 99 0xb0b1b2b3b4b5b6b7ull, 0xb8b9babbbcbdbebfull,
100 100 0xc0c1c2c3c4c5c6c7ull, 0xc8c9cacbcccdcecfull,
101 101 0xd0d1d2d3d4d5d6d7ull, 0xd8d9dadbdcdddedfull,
102 102 0xe0e1e2e3e4e5e6e7ull, 0xe8e9eaebecedeeefull,
103 103 0xf0f1f2f3f4f5f6f7ull, 0xf8f9fafbfcfdfeffull
104 104 };
105 105
106 106 /*
107 107 * First Latin Square
108 108 * 0 7 1 3 2 4 6 5
109 109 * 4 1 7 6 3 0 5 2
110 110 * 7 0 4 2 5 3 1 6
111 111 * 1 4 0 5 6 2 7 3
112 112 * 2 3 6 7 1 5 0 4
113 113 * 5 2 3 1 7 6 4 0
114 114 * 3 6 5 0 4 7 2 1
115 115 * 6 5 2 4 0 1 3 7
116 116 */
117 117 #define LS1_256(c, x0, x1, x2, x3, x4, x5, x6, x7) \
118 118 { \
119 119 uint32_t x04, x17, x23, x56, x07, x26; \
120 120 x04 = x0+x4, x17 = x1+x7, x07 = x04+x17; \
121 121 s0 = c + x07 + x2; \
122 122 s1 = rotl32(x07 + x3, 4); \
123 123 s2 = rotl32(x07 + x6, 8); \
124 124 x23 = x2 + x3; \
125 125 s5 = rotl32(x04 + x23 + x5, 22); \
126 126 x56 = x5 + x6; \
127 127 s6 = rotl32(x17 + x56 + x0, 24); \
128 128 x26 = x23+x56; \
129 129 s3 = rotl32(x26 + x7, 13); \
130 130 s4 = rotl32(x26 + x1, 17); \
131 131 s7 = rotl32(x26 + x4, 29); \
132 132 }
133 133
134 134 #define LS1_512(c, x0, x1, x2, x3, x4, x5, x6, x7) \
135 135 { \
136 136 uint64_t x04, x17, x23, x56, x07, x26; \
137 137 x04 = x0+x4, x17 = x1+x7, x07 = x04+x17; \
138 138 s0 = c + x07 + x2; \
139 139 s1 = rotl64(x07 + x3, 5); \
140 140 s2 = rotl64(x07 + x6, 15); \
141 141 x23 = x2 + x3; \
142 142 s5 = rotl64(x04 + x23 + x5, 40); \
143 143 x56 = x5 + x6; \
144 144 s6 = rotl64(x17 + x56 + x0, 50); \
145 145 x26 = x23+x56; \
146 146 s3 = rotl64(x26 + x7, 22); \
147 147 s4 = rotl64(x26 + x1, 31); \
148 148 s7 = rotl64(x26 + x4, 59); \
149 149 }
150 150
151 151 /*
152 152 * Second Orthogonal Latin Square
153 153 * 0 4 2 3 1 6 5 7
154 154 * 7 6 3 2 5 4 1 0
155 155 * 5 3 1 6 0 2 7 4
156 156 * 1 0 5 4 3 7 2 6
157 157 * 2 1 0 7 4 5 6 3
158 158 * 3 5 7 0 6 1 4 2
159 159 * 4 7 6 1 2 0 3 5
160 160 * 6 2 4 5 7 3 0 1
161 161 */
162 162 #define LS2_256(c, y0, y1, y2, y3, y4, y5, y6, y7) \
163 163 { \
164 164 uint32_t y01, y25, y34, y67, y04, y05, y27, y37; \
165 165 y01 = y0+y1, y25 = y2+y5, y05 = y01+y25; \
166 166 t0 = ~c + y05 + y7; \
167 167 t2 = rotl32(y05 + y3, 9); \
168 168 y34 = y3+y4, y04 = y01+y34; \
169 169 t1 = rotl32(y04 + y6, 5); \
170 170 t4 = rotl32(y04 + y5, 15); \
171 171 y67 = y6+y7, y37 = y34+y67; \
172 172 t3 = rotl32(y37 + y2, 11); \
173 173 t7 = rotl32(y37 + y0, 27); \
174 174 y27 = y25+y67; \
175 175 t5 = rotl32(y27 + y4, 20); \
176 176 t6 = rotl32(y27 + y1, 25); \
177 177 }
178 178
179 179 #define LS2_512(c, y0, y1, y2, y3, y4, y5, y6, y7) \
180 180 { \
181 181 uint64_t y01, y25, y34, y67, y04, y05, y27, y37; \
182 182 y01 = y0+y1, y25 = y2+y5, y05 = y01+y25; \
183 183 t0 = ~c + y05 + y7; \
184 184 t2 = rotl64(y05 + y3, 19); \
185 185 y34 = y3+y4, y04 = y01+y34; \
186 186 t1 = rotl64(y04 + y6, 10); \
187 187 t4 = rotl64(y04 + y5, 36); \
188 188 y67 = y6+y7, y37 = y34+y67; \
189 189 t3 = rotl64(y37 + y2, 29); \
190 190 t7 = rotl64(y37 + y0, 55); \
191 191 y27 = y25+y67; \
192 192 t5 = rotl64(y27 + y4, 44); \
193 193 t6 = rotl64(y27 + y1, 48); \
194 194 }
195 195
196 196 #define quasi_exform256(r0, r1, r2, r3, r4, r5, r6, r7) \
197 197 { \
198 198 uint32_t s04, s17, s23, s56, t01, t25, t34, t67; \
199 199 s04 = s0 ^ s4, t01 = t0 ^ t1; \
200 200 r0 = (s04 ^ s1) + (t01 ^ t5); \
201 201 t67 = t6 ^ t7; \
202 202 r1 = (s04 ^ s7) + (t2 ^ t67); \
203 203 s23 = s2 ^ s3; \
204 204 r7 = (s23 ^ s5) + (t4 ^ t67); \
205 205 t34 = t3 ^ t4; \
206 206 r3 = (s23 ^ s4) + (t0 ^ t34); \
207 207 s56 = s5 ^ s6; \
208 208 r5 = (s3 ^ s56) + (t34 ^ t6); \
209 209 t25 = t2 ^ t5; \
210 210 r6 = (s2 ^ s56) + (t25 ^ t7); \
211 211 s17 = s1 ^ s7; \
212 212 r4 = (s0 ^ s17) + (t1 ^ t25); \
213 213 r2 = (s17 ^ s6) + (t01 ^ t3); \
214 214 }
215 215
216 216 #define quasi_exform512(r0, r1, r2, r3, r4, r5, r6, r7) \
217 217 { \
218 218 uint64_t s04, s17, s23, s56, t01, t25, t34, t67; \
219 219 s04 = s0 ^ s4, t01 = t0 ^ t1; \
220 220 r0 = (s04 ^ s1) + (t01 ^ t5); \
221 221 t67 = t6 ^ t7; \
222 222 r1 = (s04 ^ s7) + (t2 ^ t67); \
223 223 s23 = s2 ^ s3; \
224 224 r7 = (s23 ^ s5) + (t4 ^ t67); \
225 225 t34 = t3 ^ t4; \
226 226 r3 = (s23 ^ s4) + (t0 ^ t34); \
227 227 s56 = s5 ^ s6; \
228 228 r5 = (s3 ^ s56) + (t34 ^ t6); \
229 229 t25 = t2 ^ t5; \
230 230 r6 = (s2 ^ s56) + (t25 ^ t7); \
231 231 s17 = s1 ^ s7; \
232 232 r4 = (s0 ^ s17) + (t1 ^ t25); \
233 233 r2 = (s17 ^ s6) + (t01 ^ t3); \
234 234 }
235 235
236 236 static size_t
237 237 Q256(size_t bitlen, const uint32_t *data, uint32_t *restrict p)
238 238 {
239 239 size_t bl;
240 240
241 241 for (bl = bitlen; bl >= EdonR256_BLOCK_BITSIZE;
242 242 bl -= EdonR256_BLOCK_BITSIZE, data += 16) {
243 243 uint32_t s0, s1, s2, s3, s4, s5, s6, s7, t0, t1, t2, t3, t4,
244 244 t5, t6, t7;
245 245 uint32_t p0, p1, p2, p3, p4, p5, p6, p7, q0, q1, q2, q3, q4,
246 246 q5, q6, q7;
247 247 const uint32_t defix = 0xaaaaaaaa;
248 248 #if defined(MACHINE_IS_BIG_ENDIAN)
249 249 uint32_t swp0, swp1, swp2, swp3, swp4, swp5, swp6, swp7, swp8,
250 250 swp9, swp10, swp11, swp12, swp13, swp14, swp15;
251 251 #define d(j) swp ## j
252 252 #define s32(j) ld_swap32((uint32_t *)data + j, swp ## j)
253 253 #else
254 254 #define d(j) data[j]
255 255 #endif
256 256
257 257 /* First row of quasigroup e-transformations */
258 258 #if defined(MACHINE_IS_BIG_ENDIAN)
259 259 s32(8);
260 260 s32(9);
261 261 s32(10);
262 262 s32(11);
263 263 s32(12);
264 264 s32(13);
265 265 s32(14);
266 266 s32(15);
267 267 #endif
268 268 LS1_256(defix, d(15), d(14), d(13), d(12), d(11), d(10), d(9),
269 269 d(8));
270 270 #if defined(MACHINE_IS_BIG_ENDIAN)
271 271 s32(0);
272 272 s32(1);
273 273 s32(2);
274 274 s32(3);
275 275 s32(4);
276 276 s32(5);
277 277 s32(6);
278 278 s32(7);
279 279 #undef s32
280 280 #endif
281 281 LS2_256(defix, d(0), d(1), d(2), d(3), d(4), d(5), d(6), d(7));
282 282 quasi_exform256(p0, p1, p2, p3, p4, p5, p6, p7);
283 283
284 284 LS1_256(defix, p0, p1, p2, p3, p4, p5, p6, p7);
285 285 LS2_256(defix, d(8), d(9), d(10), d(11), d(12), d(13), d(14),
286 286 d(15));
287 287 quasi_exform256(q0, q1, q2, q3, q4, q5, q6, q7);
288 288
289 289 /* Second row of quasigroup e-transformations */
290 290 LS1_256(defix, p[8], p[9], p[10], p[11], p[12], p[13], p[14],
291 291 p[15]);
292 292 LS2_256(defix, p0, p1, p2, p3, p4, p5, p6, p7);
293 293 quasi_exform256(p0, p1, p2, p3, p4, p5, p6, p7);
294 294
295 295 LS1_256(defix, p0, p1, p2, p3, p4, p5, p6, p7);
296 296 LS2_256(defix, q0, q1, q2, q3, q4, q5, q6, q7);
297 297 quasi_exform256(q0, q1, q2, q3, q4, q5, q6, q7);
298 298
299 299 /* Third row of quasigroup e-transformations */
300 300 LS1_256(defix, p0, p1, p2, p3, p4, p5, p6, p7);
301 301 LS2_256(defix, p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]);
302 302 quasi_exform256(p0, p1, p2, p3, p4, p5, p6, p7);
303 303
304 304 LS1_256(defix, q0, q1, q2, q3, q4, q5, q6, q7);
305 305 LS2_256(defix, p0, p1, p2, p3, p4, p5, p6, p7);
306 306 quasi_exform256(q0, q1, q2, q3, q4, q5, q6, q7);
307 307
308 308 /* Fourth row of quasigroup e-transformations */
309 309 LS1_256(defix, d(7), d(6), d(5), d(4), d(3), d(2), d(1), d(0));
310 310 LS2_256(defix, p0, p1, p2, p3, p4, p5, p6, p7);
311 311 quasi_exform256(p0, p1, p2, p3, p4, p5, p6, p7);
312 312
313 313 LS1_256(defix, p0, p1, p2, p3, p4, p5, p6, p7);
314 314 LS2_256(defix, q0, q1, q2, q3, q4, q5, q6, q7);
315 315 quasi_exform256(q0, q1, q2, q3, q4, q5, q6, q7);
316 316
317 317 /* Edon-R tweak on the original SHA-3 Edon-R submission. */
318 318 p[0] ^= d(8) ^ p0;
319 319 p[1] ^= d(9) ^ p1;
320 320 p[2] ^= d(10) ^ p2;
321 321 p[3] ^= d(11) ^ p3;
322 322 p[4] ^= d(12) ^ p4;
323 323 p[5] ^= d(13) ^ p5;
324 324 p[6] ^= d(14) ^ p6;
325 325 p[7] ^= d(15) ^ p7;
326 326 p[8] ^= d(0) ^ q0;
327 327 p[9] ^= d(1) ^ q1;
328 328 p[10] ^= d(2) ^ q2;
329 329 p[11] ^= d(3) ^ q3;
330 330 p[12] ^= d(4) ^ q4;
331 331 p[13] ^= d(5) ^ q5;
332 332 p[14] ^= d(6) ^ q6;
333 333 p[15] ^= d(7) ^ q7;
334 334 }
335 335
336 336 #undef d
337 337 return (bitlen - bl);
338 338 }
339 339
340 340 #if defined(__IBMC__) && defined(_AIX) && defined(__64BIT__)
341 341 static inline size_t
342 342 #else
343 343 static size_t
344 344 #endif
345 345 Q512(size_t bitlen, const uint64_t *data, uint64_t *restrict p)
346 346 {
347 347 size_t bl;
348 348
349 349 for (bl = bitlen; bl >= EdonR512_BLOCK_BITSIZE;
350 350 bl -= EdonR512_BLOCK_BITSIZE, data += 16) {
351 351 uint64_t s0, s1, s2, s3, s4, s5, s6, s7, t0, t1, t2, t3, t4,
352 352 t5, t6, t7;
353 353 uint64_t p0, p1, p2, p3, p4, p5, p6, p7, q0, q1, q2, q3, q4,
354 354 q5, q6, q7;
355 355 const uint64_t defix = 0xaaaaaaaaaaaaaaaaull;
356 356 #if defined(MACHINE_IS_BIG_ENDIAN)
357 357 uint64_t swp0, swp1, swp2, swp3, swp4, swp5, swp6, swp7, swp8,
358 358 swp9, swp10, swp11, swp12, swp13, swp14, swp15;
359 359 #define d(j) swp##j
360 360 #define s64(j) ld_swap64((uint64_t *)data+j, swp##j)
361 361 #else
362 362 #define d(j) data[j]
363 363 #endif
364 364
365 365 /* First row of quasigroup e-transformations */
366 366 #if defined(MACHINE_IS_BIG_ENDIAN)
367 367 s64(8);
368 368 s64(9);
369 369 s64(10);
370 370 s64(11);
371 371 s64(12);
372 372 s64(13);
373 373 s64(14);
374 374 s64(15);
375 375 #endif
376 376 LS1_512(defix, d(15), d(14), d(13), d(12), d(11), d(10), d(9),
377 377 d(8));
378 378 #if defined(MACHINE_IS_BIG_ENDIAN)
379 379 s64(0);
380 380 s64(1);
381 381 s64(2);
382 382 s64(3);
383 383 s64(4);
384 384 s64(5);
385 385 s64(6);
386 386 s64(7);
387 387 #undef s64
388 388 #endif
389 389 LS2_512(defix, d(0), d(1), d(2), d(3), d(4), d(5), d(6), d(7));
390 390 quasi_exform512(p0, p1, p2, p3, p4, p5, p6, p7);
391 391
392 392 LS1_512(defix, p0, p1, p2, p3, p4, p5, p6, p7);
393 393 LS2_512(defix, d(8), d(9), d(10), d(11), d(12), d(13), d(14),
394 394 d(15));
395 395 quasi_exform512(q0, q1, q2, q3, q4, q5, q6, q7);
396 396
397 397 /* Second row of quasigroup e-transformations */
398 398 LS1_512(defix, p[8], p[9], p[10], p[11], p[12], p[13], p[14],
399 399 p[15]);
400 400 LS2_512(defix, p0, p1, p2, p3, p4, p5, p6, p7);
401 401 quasi_exform512(p0, p1, p2, p3, p4, p5, p6, p7);
402 402
403 403 LS1_512(defix, p0, p1, p2, p3, p4, p5, p6, p7);
404 404 LS2_512(defix, q0, q1, q2, q3, q4, q5, q6, q7);
405 405 quasi_exform512(q0, q1, q2, q3, q4, q5, q6, q7);
406 406
407 407 /* Third row of quasigroup e-transformations */
408 408 LS1_512(defix, p0, p1, p2, p3, p4, p5, p6, p7);
409 409 LS2_512(defix, p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]);
410 410 quasi_exform512(p0, p1, p2, p3, p4, p5, p6, p7);
411 411
412 412 LS1_512(defix, q0, q1, q2, q3, q4, q5, q6, q7);
413 413 LS2_512(defix, p0, p1, p2, p3, p4, p5, p6, p7);
414 414 quasi_exform512(q0, q1, q2, q3, q4, q5, q6, q7);
415 415
416 416 /* Fourth row of quasigroup e-transformations */
417 417 LS1_512(defix, d(7), d(6), d(5), d(4), d(3), d(2), d(1), d(0));
418 418 LS2_512(defix, p0, p1, p2, p3, p4, p5, p6, p7);
419 419 quasi_exform512(p0, p1, p2, p3, p4, p5, p6, p7);
420 420
421 421 LS1_512(defix, p0, p1, p2, p3, p4, p5, p6, p7);
422 422 LS2_512(defix, q0, q1, q2, q3, q4, q5, q6, q7);
423 423 quasi_exform512(q0, q1, q2, q3, q4, q5, q6, q7);
424 424
425 425 /* Edon-R tweak on the original SHA-3 Edon-R submission. */
426 426 p[0] ^= d(8) ^ p0;
427 427 p[1] ^= d(9) ^ p1;
428 428 p[2] ^= d(10) ^ p2;
429 429 p[3] ^= d(11) ^ p3;
430 430 p[4] ^= d(12) ^ p4;
431 431 p[5] ^= d(13) ^ p5;
432 432 p[6] ^= d(14) ^ p6;
433 433 p[7] ^= d(15) ^ p7;
434 434 p[8] ^= d(0) ^ q0;
435 435 p[9] ^= d(1) ^ q1;
436 436 p[10] ^= d(2) ^ q2;
437 437 p[11] ^= d(3) ^ q3;
438 438 p[12] ^= d(4) ^ q4;
439 439 p[13] ^= d(5) ^ q5;
440 440 p[14] ^= d(6) ^ q6;
441 441 p[15] ^= d(7) ^ q7;
442 442 }
443 443
444 444 #undef d
445 445 return (bitlen - bl);
446 446 }
447 447
448 448 void
449 449 EdonRInit(EdonRState *state, size_t hashbitlen)
450 450 {
451 451 ASSERT(EDONR_VALID_HASHBITLEN(hashbitlen));
452 452 switch (hashbitlen) {
453 453 case 224:
454 454 state->hashbitlen = 224;
455 455 state->bits_processed = 0;
456 456 state->unprocessed_bits = 0;
457 457 bcopy(i224p2, hashState224(state)->DoublePipe,
458 458 16 * sizeof (uint32_t));
459 459 break;
460 460
461 461 case 256:
462 462 state->hashbitlen = 256;
463 463 state->bits_processed = 0;
464 464 state->unprocessed_bits = 0;
465 465 bcopy(i256p2, hashState256(state)->DoublePipe,
466 466 16 * sizeof (uint32_t));
467 467 break;
468 468
469 469 case 384:
470 470 state->hashbitlen = 384;
471 471 state->bits_processed = 0;
472 472 state->unprocessed_bits = 0;
473 473 bcopy(i384p2, hashState384(state)->DoublePipe,
474 474 16 * sizeof (uint64_t));
475 475 break;
476 476
477 477 case 512:
478 478 state->hashbitlen = 512;
479 479 state->bits_processed = 0;
480 480 state->unprocessed_bits = 0;
481 481 bcopy(i512p2, hashState224(state)->DoublePipe,
482 482 16 * sizeof (uint64_t));
483 483 break;
484 484 }
485 485 }
486 486
487 487
488 488 void
489 489 EdonRUpdate(EdonRState *state, const uint8_t *data, size_t databitlen)
490 490 {
491 491 uint32_t *data32;
492 492 uint64_t *data64;
493 493
494 494 size_t bits_processed;
495 495
496 496 ASSERT(EDONR_VALID_HASHBITLEN(state->hashbitlen));
497 497 switch (state->hashbitlen) {
498 498 case 224:
499 499 case 256:
500 500 if (state->unprocessed_bits > 0) {
501 501 /* LastBytes = databitlen / 8 */
502 502 int LastBytes = (int)databitlen >> 3;
503 503
504 504 ASSERT(state->unprocessed_bits + databitlen <=
505 505 EdonR256_BLOCK_SIZE * 8);
506 506
507 507 bcopy(data, hashState256(state)->LastPart
508 508 + (state->unprocessed_bits >> 3), LastBytes);
509 509 state->unprocessed_bits += (int)databitlen;
510 510 databitlen = state->unprocessed_bits;
511 511 /* LINTED E_BAD_PTR_CAST_ALIGN */
512 512 data32 = (uint32_t *)hashState256(state)->LastPart;
513 513 } else
514 514 /* LINTED E_BAD_PTR_CAST_ALIGN */
515 515 data32 = (uint32_t *)data;
516 516
517 517 bits_processed = Q256(databitlen, data32,
518 518 hashState256(state)->DoublePipe);
519 519 state->bits_processed += bits_processed;
520 520 databitlen -= bits_processed;
521 521 state->unprocessed_bits = (int)databitlen;
522 522 if (databitlen > 0) {
523 523 /* LastBytes = Ceil(databitlen / 8) */
524 524 int LastBytes =
525 525 ((~(((-(int)databitlen) >> 3) & 0x01ff)) +
526 526 1) & 0x01ff;
527 527
528 528 data32 += bits_processed >> 5; /* byte size update */
529 529 bcopy(data32, hashState256(state)->LastPart, LastBytes);
530 530 }
531 531 break;
532 532
533 533 case 384:
534 534 case 512:
535 535 if (state->unprocessed_bits > 0) {
536 536 /* LastBytes = databitlen / 8 */
537 537 int LastBytes = (int)databitlen >> 3;
538 538
539 539 ASSERT(state->unprocessed_bits + databitlen <=
540 540 EdonR512_BLOCK_SIZE * 8);
541 541
542 542 bcopy(data, hashState512(state)->LastPart
543 543 + (state->unprocessed_bits >> 3), LastBytes);
544 544 state->unprocessed_bits += (int)databitlen;
545 545 databitlen = state->unprocessed_bits;
546 546 /* LINTED E_BAD_PTR_CAST_ALIGN */
547 547 data64 = (uint64_t *)hashState512(state)->LastPart;
548 548 } else
549 549 /* LINTED E_BAD_PTR_CAST_ALIGN */
550 550 data64 = (uint64_t *)data;
551 551
552 552 bits_processed = Q512(databitlen, data64,
553 553 hashState512(state)->DoublePipe);
554 554 state->bits_processed += bits_processed;
555 555 databitlen -= bits_processed;
556 556 state->unprocessed_bits = (int)databitlen;
557 557 if (databitlen > 0) {
558 558 /* LastBytes = Ceil(databitlen / 8) */
559 559 int LastBytes =
560 560 ((~(((-(int)databitlen) >> 3) & 0x03ff)) +
561 561 1) & 0x03ff;
562 562
563 563 data64 += bits_processed >> 6; /* byte size update */
564 564 bcopy(data64, hashState512(state)->LastPart, LastBytes);
565 565 }
566 566 break;
567 567 }
568 568 }
569 569
570 570 void
571 571 EdonRFinal(EdonRState *state, uint8_t *hashval)
572 572 {
573 573 uint32_t *data32;
574 574 uint64_t *data64, num_bits;
575 575
576 576 size_t databitlen;
577 577 int LastByte, PadOnePosition;
578 578
579 579 num_bits = state->bits_processed + state->unprocessed_bits;
580 580 ASSERT(EDONR_VALID_HASHBITLEN(state->hashbitlen));
581 581 switch (state->hashbitlen) {
582 582 case 224:
583 583 case 256:
584 584 LastByte = (int)state->unprocessed_bits >> 3;
585 585 PadOnePosition = 7 - (state->unprocessed_bits & 0x07);
586 586 hashState256(state)->LastPart[LastByte] =
587 587 (hashState256(state)->LastPart[LastByte]
588 588 & (0xff << (PadOnePosition + 1))) ^
589 589 (0x01 << PadOnePosition);
590 590 /* LINTED E_BAD_PTR_CAST_ALIGN */
591 591 data64 = (uint64_t *)hashState256(state)->LastPart;
592 592
593 593 if (state->unprocessed_bits < 448) {
594 594 (void) memset((hashState256(state)->LastPart) +
595 595 LastByte + 1, 0x00,
596 596 EdonR256_BLOCK_SIZE - LastByte - 9);
597 597 databitlen = EdonR256_BLOCK_SIZE * 8;
598 598 #if defined(MACHINE_IS_BIG_ENDIAN)
599 599 st_swap64(num_bits, data64 + 7);
600 600 #else
601 601 data64[7] = num_bits;
602 602 #endif
603 603 } else {
604 604 (void) memset((hashState256(state)->LastPart) +
605 605 LastByte + 1, 0x00,
606 606 EdonR256_BLOCK_SIZE * 2 - LastByte - 9);
607 607 databitlen = EdonR256_BLOCK_SIZE * 16;
608 608 #if defined(MACHINE_IS_BIG_ENDIAN)
609 609 st_swap64(num_bits, data64 + 15);
610 610 #else
611 611 data64[15] = num_bits;
612 612 #endif
613 613 }
614 614
615 615 /* LINTED E_BAD_PTR_CAST_ALIGN */
616 616 data32 = (uint32_t *)hashState256(state)->LastPart;
617 617 state->bits_processed += Q256(databitlen, data32,
618 618 hashState256(state)->DoublePipe);
619 619 break;
620 620
621 621 case 384:
622 622 case 512:
623 623 LastByte = (int)state->unprocessed_bits >> 3;
624 624 PadOnePosition = 7 - (state->unprocessed_bits & 0x07);
625 625 hashState512(state)->LastPart[LastByte] =
626 626 (hashState512(state)->LastPart[LastByte]
627 627 & (0xff << (PadOnePosition + 1))) ^
628 628 (0x01 << PadOnePosition);
629 629 /* LINTED E_BAD_PTR_CAST_ALIGN */
630 630 data64 = (uint64_t *)hashState512(state)->LastPart;
631 631
632 632 if (state->unprocessed_bits < 960) {
633 633 (void) memset((hashState512(state)->LastPart) +
634 634 LastByte + 1, 0x00,
635 635 EdonR512_BLOCK_SIZE - LastByte - 9);
636 636 databitlen = EdonR512_BLOCK_SIZE * 8;
637 637 #if defined(MACHINE_IS_BIG_ENDIAN)
638 638 st_swap64(num_bits, data64 + 15);
639 639 #else
640 640 data64[15] = num_bits;
641 641 #endif
642 642 } else {
643 643 (void) memset((hashState512(state)->LastPart) +
644 644 LastByte + 1, 0x00,
645 645 EdonR512_BLOCK_SIZE * 2 - LastByte - 9);
646 646 databitlen = EdonR512_BLOCK_SIZE * 16;
647 647 #if defined(MACHINE_IS_BIG_ENDIAN)
648 648 st_swap64(num_bits, data64 + 31);
649 649 #else
650 650 data64[31] = num_bits;
651 651 #endif
652 652 }
653 653
654 654 state->bits_processed += Q512(databitlen, data64,
655 655 hashState512(state)->DoublePipe);
656 656 break;
657 657 }
658 658
659 659 switch (state->hashbitlen) {
660 660 case 224: {
661 661 #if defined(MACHINE_IS_BIG_ENDIAN)
662 662 /* LINTED: pointer cast may result in improper alignment */
663 663 uint32_t *d32 = (uint32_t *)hashval;
664 664 uint32_t *s32 = hashState224(state)->DoublePipe + 9;
665 665 int j;
666 666
667 667 for (j = 0; j < EdonR224_DIGEST_SIZE >> 2; j++)
668 668 st_swap32(s32[j], d32 + j);
669 669 #else
670 670 bcopy(hashState256(state)->DoublePipe + 9, hashval,
671 671 EdonR224_DIGEST_SIZE);
672 672 #endif
673 673 break;
674 674 }
675 675 case 256: {
676 676 #if defined(MACHINE_IS_BIG_ENDIAN)
677 677 /* LINTED: pointer cast may result in improper alignment */
678 678 uint32_t *d32 = (uint32_t *)hashval;
679 679 uint32_t *s32 = hashState224(state)->DoublePipe + 8;
680 680 int j;
681 681
682 682 for (j = 0; j < EdonR256_DIGEST_SIZE >> 2; j++)
683 683 st_swap32(s32[j], d32 + j);
684 684 #else
685 685 bcopy(hashState256(state)->DoublePipe + 8, hashval,
686 686 EdonR256_DIGEST_SIZE);
687 687 #endif
688 688 break;
689 689 }
690 690 case 384: {
691 691 #if defined(MACHINE_IS_BIG_ENDIAN)
692 692 /* LINTED: pointer cast may result in improper alignment */
693 693 uint64_t *d64 = (uint64_t *)hashval;
694 694 uint64_t *s64 = hashState384(state)->DoublePipe + 10;
695 695 int j;
696 696
697 697 for (j = 0; j < EdonR384_DIGEST_SIZE >> 3; j++)
698 698 st_swap64(s64[j], d64 + j);
699 699 #else
700 700 bcopy(hashState384(state)->DoublePipe + 10, hashval,
701 701 EdonR384_DIGEST_SIZE);
702 702 #endif
703 703 break;
704 704 }
705 705 case 512: {
706 706 #if defined(MACHINE_IS_BIG_ENDIAN)
707 707 /* LINTED: pointer cast may result in improper alignment */
708 708 uint64_t *d64 = (uint64_t *)hashval;
709 709 uint64_t *s64 = hashState512(state)->DoublePipe + 8;
710 710 int j;
711 711
712 712 for (j = 0; j < EdonR512_DIGEST_SIZE >> 3; j++)
713 713 st_swap64(s64[j], d64 + j);
714 714 #else
715 715 bcopy(hashState512(state)->DoublePipe + 8, hashval,
716 716 EdonR512_DIGEST_SIZE);
717 717 #endif
718 718 break;
719 719 }
720 720 }
721 721 }
722 722
723 723
724 724 void
725 725 EdonRHash(size_t hashbitlen, const uint8_t *data, size_t databitlen,
726 726 uint8_t *hashval)
727 727 {
728 728 EdonRState state;
729 729
730 730 EdonRInit(&state, hashbitlen);
731 731 EdonRUpdate(&state, data, databitlen);
732 732 EdonRFinal(&state, hashval);
733 733 }
|
↓ open down ↓ |
690 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX