v3.11.7

algo/sha/hmac-sha256-hash.c

@@ -0,0 +1,174 @@
+/*-
+ * Copyright 2005,2007,2009 Colin Percival
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/types.h>
+
+#include <stdint.h>
+#include <string.h>
+#include "simd-utils.h"
+#include "hmac-sha256-hash.h"
+#include "compat.h"
+
+/**
+ * SHA256_Buf(in, len, digest):
+ * Compute the SHA256 hash of ${len} bytes from ${in} and write it to ${digest}.
+ */
+void
+SHA256_Buf( const void * in, size_t len, uint8_t digest[32] )
+{
+	SHA256_CTX ctx;
+   SHA256_Init( &ctx );
+   SHA256_Update( &ctx, in, len );
+   SHA256_Final( digest, &ctx );
+}
+
+/**
+ * HMAC_SHA256_Buf(K, Klen, in, len, digest):
+ * Compute the HMAC-SHA256 of ${len} bytes from ${in} using the key ${K} of
+ * length ${Klen}, and write the result to ${digest}.
+ */
+void
+HMAC_SHA256_Buf( const void *K, size_t Klen, const void *in, size_t len,
+                 uint8_t digest[32])
+{
+   HMAC_SHA256_CTX ctx;
+   HMAC_SHA256_Init( &ctx, K, Klen );
+   HMAC_SHA256_Update( &ctx, in, len );
+   HMAC_SHA256_Final( digest, &ctx );
+}
+
+/* Initialize an HMAC-SHA256 operation with the given key. */
+void
+HMAC_SHA256_Init( HMAC_SHA256_CTX *ctx, const void *_K, size_t Klen )
+{
+	unsigned char pad[64];
+	unsigned char khash[32];
+	const unsigned char * K = _K;
+	size_t i;
+
+	/* If Klen > 64, the key is really SHA256(K). */
+	if ( Klen > 64 )
+   {
+		SHA256_Init( &ctx->ictx );
+		SHA256_Update( &ctx->ictx, K, Klen );
+		SHA256_Final( khash, &ctx->ictx );
+		K = khash;
+		Klen = 32;
+	}
+
+	/* Inner SHA256 operation is SHA256(K xor [block of 0x36] || data). */
+   SHA256_Init( &ctx->ictx );
+	memset( pad, 0x36, 64 );
+	for ( i = 0; i < Klen; i++ )
+		pad[i] ^= K[i];
+	SHA256_Update( &ctx->ictx, pad, 64 );
+
+	/* Outer SHA256 operation is SHA256(K xor [block of 0x5c] || hash). */
+	SHA256_Init( &ctx->octx );
+	memset(pad, 0x5c, 64);
+	for ( i = 0; i < Klen; i++ )
+		pad[i] ^= K[i];
+	SHA256_Update( &ctx->octx, pad, 64 );
+}
+
+/* Add bytes to the HMAC-SHA256 operation. */
+void
+HMAC_SHA256_Update( HMAC_SHA256_CTX *ctx, const void *in, size_t len )
+{
+	/* Feed data to the inner SHA256 operation. */
+	SHA256_Update( &ctx->ictx, in, len );
+}
+
+/* Finish an HMAC-SHA256 operation. */
+void
+HMAC_SHA256_Final( unsigned char digest[32], HMAC_SHA256_CTX *ctx )
+{
+	unsigned char ihash[32];
+
+	/* Finish the inner SHA256 operation. */
+	SHA256_Final( ihash, &ctx->ictx );
+
+	/* Feed the inner hash to the outer SHA256 operation. */
+	SHA256_Update( &ctx->octx, ihash, 32 );
+
+	/* Finish the outer SHA256 operation. */
+	SHA256_Final( digest, &ctx->octx );
+}
+
+/**
+ * PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen):
+ * Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and
+ * write the output to buf.  The value dkLen must be at most 32 * (2^32 - 1).
+ */
+void
+PBKDF2_SHA256( const uint8_t *passwd, size_t passwdlen, const uint8_t *salt,
+               size_t saltlen, uint64_t c, uint8_t *buf, size_t dkLen )
+{
+	HMAC_SHA256_CTX PShctx, hctx;
+	uint8_t _ALIGN(128) T[32];
+	uint8_t _ALIGN(128) U[32];
+   uint32_t ivec;
+	size_t i, clen;
+	uint64_t j;
+	int k;
+
+	/* Compute HMAC state after processing P and S. */
+	HMAC_SHA256_Init( &PShctx, passwd, passwdlen );
+	HMAC_SHA256_Update( &PShctx, salt, saltlen );
+
+	/* Iterate through the blocks. */
+	for ( i = 0; i * 32 < dkLen; i++ )
+   {
+		/* Generate INT(i + 1). */
+      ivec = bswap_32( i+1 );
+
+		/* Compute U_1 = PRF(P, S || INT(i)). */
+		memcpy( &hctx, &PShctx, sizeof(HMAC_SHA256_CTX) );
+		HMAC_SHA256_Update( &hctx, &ivec, 4 );
+		HMAC_SHA256_Final( U, &hctx );
+
+		/* T_i = U_1 ... */
+		memcpy( T, U, 32 );
+
+		for ( j = 2; j <= c; j++ )
+      {
+			/* Compute U_j. */
+			HMAC_SHA256_Init( &hctx, passwd, passwdlen );
+			HMAC_SHA256_Update( &hctx, U, 32 );
+			HMAC_SHA256_Final( U, &hctx );
+
+			/* ... xor U_j ... */
+			for ( k = 0; k < 32; k++ )
+				T[k] ^= U[k];
+		}
+
+		/* Copy as many bytes as necessary into buf. */
+		clen = dkLen - i * 32;
+		if ( clen > 32 )
+			clen = 32;
+		memcpy( &buf[i * 32], T, clen );
+	}
+}

algo/sha/hmac-sha256-hash.h

@@ -0,0 +1,57 @@
+/*-
+ * Copyright 2005,2007,2009 Colin Percival
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD: src/lib/libmd/sha256_Y.h,v 1.2 2006/01/17 15:35:56 phk Exp $
+ */
+
+#ifndef HMAC_SHA256_H__
+#define HMAC_SHA256_H__
+
+#include <sys/types.h>
+#include <stdint.h>
+#include <openssl/sha.h>
+
+typedef struct HMAC_SHA256Context
+{
+     SHA256_CTX ictx;
+     SHA256_CTX octx;
+} HMAC_SHA256_CTX;
+
+void SHA256_Buf( const void *, size_t len, uint8_t digest[32] );
+void HMAC_SHA256_Init( HMAC_SHA256_CTX *, const void *, size_t );
+void HMAC_SHA256_Update( HMAC_SHA256_CTX *, const void *, size_t );
+void HMAC_SHA256_Final( unsigned char [32], HMAC_SHA256_CTX * );
+void HMAC_SHA256_Buf( const void *, size_t Klen, const void *,
+                      size_t len, uint8_t digest[32] );
+
+/**
+ * PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen):
+ * Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and
+ * write the output to buf.  The value dkLen must be at most 32 * (2^32 - 1).
+ */
+void PBKDF2_SHA256( const uint8_t *, size_t, const uint8_t *, size_t,
+                    uint64_t, uint8_t *, size_t);
+
+#endif // HMAC_SHA256_H__

algo/sha/sha256-hash-4way.c

@@ -94,6 +94,37 @@ static const uint32_t K256[64] =
    _mm_xor_si128( _mm_xor_si128( \
         mm128_ror_32(x, 17), mm128_ror_32(x, 19) ), _mm_srli_epi32(x, 10) )
 
+#define SHA2s_4WAY_STEP(A, B, C, D, E, F, G, H, i, j) \
+do { \
+  __m128i K = _mm_set1_epi32( K256[( (j)+(i) )] ); \
+  __m128i T1 = mm128_ror_32( E, 14 ); \
+  __m128i T2 = mm128_ror_32( A,  9 ); \
+  __m128i T3 = _mm_xor_si128( F, G ); \
+  __m128i T4 = _mm_or_si128( A, B ); \
+  __m128i T5 = _mm_and_si128( A, B ); \
+  K  = _mm_add_epi32( K, W[i] ); \
+  T1 = _mm_xor_si128( T1, E ); \
+  T2 = _mm_xor_si128( T2, A ); \
+  T3 = _mm_and_si128( T3, E ); \
+  T4 = _mm_and_si128( T4, C ); \
+  K  = _mm_add_epi32( H, K ); \
+  T1 = mm128_ror_32( T1,  5 ); \
+  T2 = mm128_ror_32( T2, 11 ); \
+  T3 = _mm_xor_si128( T3, G ); \
+  T4 = _mm_or_si128( T4, T5 ); \
+  T1 = _mm_xor_si128( T1, E ); \
+  T2 = _mm_xor_si128( T2, A ); \
+  T1 = mm128_ror_32( T1,  6 ); \
+  T2 = mm128_ror_32( T2,  2 ); \
+  T1 = _mm_add_epi32( T1, T3 ); \
+  T2 = _mm_add_epi32( T2, T4 ); \
+  T1 = _mm_add_epi32( T1, K ); \
+  H  = _mm_add_epi32( T1, T2 ); \
+  D  = _mm_add_epi32( D, T1 ); \
+} while (0)
+
+
+/*
 #define SHA2s_4WAY_STEP(A, B, C, D, E, F, G, H, i, j) \
 do { \
   __m128i T1, T2; \
@@ -104,6 +135,8 @@ do { \
   D  = _mm_add_epi32( D,  T1 ); \
   H  = _mm_add_epi32( T1, T2 ); \
 } while (0)
+*/
+
 
 static void
 sha256_4way_round( sha256_4way_context *ctx, __m128i *in, __m128i r[8] )

algo/sha/sha512-hash-4way.c

@@ -319,7 +319,7 @@ void sha512_8way_close( sha512_8way_context *sc, void *dst )
 
 // SHA-512 4 way 64 bit
 
-
+/*
 #define CH(X, Y, Z) \
    _mm256_xor_si256( _mm256_and_si256( _mm256_xor_si256( Y, Z ), X ), Z ) 
 
@@ -327,6 +327,15 @@ void sha512_8way_close( sha512_8way_context *sc, void *dst )
    _mm256_or_si256( _mm256_and_si256( X, Y ), \
                     _mm256_and_si256( _mm256_or_si256( X, Y ), Z ) )
 
+#define BSG5_0(x) \
+  mm256_ror_64( _mm256_xor_si256( mm256_ror_64( \
+                   _mm256_xor_si256( mm256_ror_64( x,  5 ), x ), 6 ), x ), 28 )
+
+#define BSG5_1(x) \
+  mm256_ror_64( _mm256_xor_si256( mm256_ror_64( \
+                   _mm256_xor_si256( mm256_ror_64( x, 23 ), x ), 4 ), x ), 14 )
+*/
+/*
 #define BSG5_0(x) \
    _mm256_xor_si256( _mm256_xor_si256( \
         mm256_ror_64(x, 28), mm256_ror_64(x, 34) ), mm256_ror_64(x, 39) )
@@ -334,7 +343,8 @@ void sha512_8way_close( sha512_8way_context *sc, void *dst )
 #define BSG5_1(x) \
    _mm256_xor_si256( _mm256_xor_si256( \
         mm256_ror_64(x, 14), mm256_ror_64(x, 18) ), mm256_ror_64(x, 41) )
-
+*/
+/*
 #define SSG5_0(x) \
    _mm256_xor_si256( _mm256_xor_si256( \
         mm256_ror_64(x,  1), mm256_ror_64(x,  8) ), _mm256_srli_epi64(x, 7) ) 
@@ -342,7 +352,7 @@ void sha512_8way_close( sha512_8way_context *sc, void *dst )
 #define SSG5_1(x) \
    _mm256_xor_si256( _mm256_xor_si256( \
         mm256_ror_64(x, 19), mm256_ror_64(x, 61) ), _mm256_srli_epi64(x, 6) )
-
+*/
 // Interleave SSG0 & SSG1 for better throughput.
 // return ssg0(w0) + ssg1(w1)
 static inline __m256i ssg512_add( __m256i w0, __m256i w1 )
@@ -361,7 +371,7 @@ static inline __m256i ssg512_add( __m256i w0, __m256i w1 )
    return _mm256_add_epi64( w0a, w1a );
 }
 
-
+/*
 #define SSG512x2_0( w0, w1, i ) do \
 { \
    __m256i X0a, X1a, X0b, X1b; \
@@ -391,7 +401,51 @@ static inline __m256i ssg512_add( __m256i w0, __m256i w1 )
   w0  = _mm256_xor_si256( X0a, X0b ); \
   w1  = _mm256_xor_si256( X1a, X1b ); \
 } while(0)
+*/
 
+#define SHA3_4WAY_STEP(A, B, C, D, E, F, G, H, i) \
+do { \
+  __m256i K = _mm256_set1_epi64x( K512[ i ] ); \
+  __m256i T1 = mm256_ror_64( E, 23 ); \
+  __m256i T2 = mm256_ror_64( A,  5 ); \
+  __m256i T3 = _mm256_xor_si256( F, G ); \
+  __m256i T4 = _mm256_or_si256( A, B ); \
+  __m256i T5 = _mm256_and_si256( A, B ); \
+  K = _mm256_add_epi64( K, W[i] ); \
+  T1 = _mm256_xor_si256( T1, E ); \
+  T2 = _mm256_xor_si256( T2, A ); \
+  T3 = _mm256_and_si256( T3, E ); \
+  T4 = _mm256_and_si256( T4, C ); \
+  K = _mm256_add_epi64( H, K ); \
+  T1 = mm256_ror_64( T1, 4 ); \
+  T2 = mm256_ror_64( T2, 6 ); \
+  T3 = _mm256_xor_si256( T3, G ); \
+  T4 = _mm256_or_si256( T4, T5 ); \
+  T1 = _mm256_xor_si256( T1, E ); \
+  T2 = _mm256_xor_si256( T2, A ); \
+  T1 = mm256_ror_64( T1, 14 ); \
+  T2 = mm256_ror_64( T2, 28 ); \
+  T1 = _mm256_add_epi64( T1, T3 ); \
+  T2 = _mm256_add_epi64( T2, T4 ); \
+  T1 = _mm256_add_epi64( T1, K ); \
+  H  = _mm256_add_epi64( T1, T2 ); \
+  D  = _mm256_add_epi64( D, T1 ); \
+} while (0)
+
+/*
+#define SHA3_4WAY_STEP(A, B, C, D, E, F, G, H, i) \
+do { \
+  __m256i K = _mm256_add_epi64( W[i], _mm256_set1_epi64x( K512[ i ] ) ); \
+  __m256i T1 = BSG5_1(E); \
+  __m256i T2 = BSG5_0(A); \
+  T1 = mm256_add4_64( T1, H, CH(E, F, G), K ); \
+  T2 = _mm256_add_epi64( T2, MAJ(A, B, C) ); \
+  D  = _mm256_add_epi64( D, T1 ); \
+  H  = _mm256_add_epi64( T1, T2 ); \
+} while (0)
+*/
+
+/*
 #define SHA3_4WAY_STEP(A, B, C, D, E, F, G, H, i) \
 do { \
   __m256i T1, T2; \
@@ -402,7 +456,7 @@ do { \
   D  = _mm256_add_epi64( D, T1 ); \
   H  = _mm256_add_epi64( T1, T2 ); \
 } while (0)
-
+*/
 
 static void
 sha512_4way_round( sha512_4way_context *ctx,  __m256i *in, __m256i r[8] )