/src/gnutls/lib/accelerated/x86/sha-x86-ssse3.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright (C) 2011-2012 Free Software Foundation, Inc. |
3 | | * |
4 | | * Author: Nikos Mavrogiannopoulos |
5 | | * |
6 | | * This file is part of GnuTLS. |
7 | | * |
8 | | * The GnuTLS is free software; you can redistribute it and/or |
9 | | * modify it under the terms of the GNU Lesser General Public License |
10 | | * as published by the Free Software Foundation; either version 2.1 of |
11 | | * the License, or (at your option) any later version. |
12 | | * |
13 | | * This library is distributed in the hope that it will be useful, but |
14 | | * WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
16 | | * Lesser General Public License for more details. |
17 | | * |
18 | | * You should have received a copy of the GNU Lesser General Public License |
19 | | * along with this program. If not, see <https://www.gnu.org/licenses/> |
20 | | * |
21 | | */ |
22 | | |
23 | | #include "errors.h" |
24 | | #include "gnutls_int.h" |
25 | | #include <gnutls/crypto.h> |
26 | | #include "errors.h" |
27 | | #include "aes-x86.h" |
28 | | #include <nettle/sha1.h> |
29 | | #include <nettle/sha2.h> |
30 | | #include <nettle/macros.h> |
31 | | #include <nettle/nettle-meta.h> |
32 | | #include <nettle/version.h> |
33 | | #include "sha-x86.h" |
34 | | #include "x86-common.h" |
35 | | |
36 | | void sha1_block_data_order(void *c, const void *p, size_t len); |
37 | | void sha256_block_data_order(void *c, const void *p, size_t len); |
38 | | void sha512_block_data_order(void *c, const void *p, size_t len); |
39 | | |
40 | | /* Can't use nettle_set_key_func as it doesn't have the second argument */ |
41 | | typedef void (*set_key_func)(void *, size_t, const uint8_t *); |
42 | | |
43 | | struct x86_hash_ctx { |
44 | | union { |
45 | | struct sha1_ctx sha1; |
46 | | struct sha224_ctx sha224; |
47 | | struct sha256_ctx sha256; |
48 | | struct sha384_ctx sha384; |
49 | | struct sha512_ctx sha512; |
50 | | } ctx; |
51 | | void *ctx_ptr; |
52 | | gnutls_digest_algorithm_t algo; |
53 | | size_t length; |
54 | | nettle_hash_update_func *update; |
55 | | nettle_hash_digest_func *digest; |
56 | | nettle_hash_init_func *init; |
57 | | }; |
58 | | |
59 | | static int wrap_x86_hash_update(void *_ctx, const void *text, size_t textsize) |
60 | 96.2k | { |
61 | 96.2k | struct x86_hash_ctx *ctx = _ctx; |
62 | | |
63 | 96.2k | ctx->update(ctx->ctx_ptr, textsize, text); |
64 | | |
65 | 96.2k | return GNUTLS_E_SUCCESS; |
66 | 96.2k | } |
67 | | |
68 | | static void wrap_x86_hash_deinit(void *hd) |
69 | 81.9k | { |
70 | 81.9k | gnutls_free(hd); |
71 | 81.9k | } |
72 | | |
73 | | void x86_sha1_update(struct sha1_ctx *ctx, size_t length, const uint8_t *data) |
74 | 25.6M | { |
75 | 25.6M | struct { |
76 | 25.6M | uint32_t h0, h1, h2, h3, h4; |
77 | 25.6M | uint32_t Nl, Nh; |
78 | 25.6M | uint32_t data[16]; |
79 | 25.6M | unsigned int num; |
80 | 25.6M | } octx; |
81 | 25.6M | size_t res; |
82 | 25.6M | unsigned t2, i; |
83 | | |
84 | 25.6M | if ((res = ctx->index)) { |
85 | 1.69k | res = SHA1_BLOCK_SIZE - res; |
86 | 1.69k | if (length < res) |
87 | 1.61k | res = length; |
88 | 1.69k | sha1_update(ctx, res, data); |
89 | 1.69k | data += res; |
90 | 1.69k | length -= res; |
91 | 1.69k | } |
92 | | |
93 | 25.6M | octx.h0 = ctx->state[0]; |
94 | 25.6M | octx.h1 = ctx->state[1]; |
95 | 25.6M | octx.h2 = ctx->state[2]; |
96 | 25.6M | octx.h3 = ctx->state[3]; |
97 | 25.6M | octx.h4 = ctx->state[4]; |
98 | | |
99 | 25.6M | memcpy(octx.data, ctx->block, SHA1_BLOCK_SIZE); |
100 | 25.6M | octx.num = ctx->index; |
101 | | |
102 | 25.6M | res = length % SHA1_BLOCK_SIZE; |
103 | 25.6M | length -= res; |
104 | | |
105 | 25.6M | if (length > 0) { |
106 | 45.3k | t2 = length / SHA1_BLOCK_SIZE; |
107 | | |
108 | 45.3k | sha1_block_data_order(&octx, data, t2); |
109 | | |
110 | 211k | for (i = 0; i < t2; i++) |
111 | 165k | ctx->count++; |
112 | 45.3k | data += length; |
113 | 45.3k | } |
114 | | |
115 | 25.6M | ctx->state[0] = octx.h0; |
116 | 25.6M | ctx->state[1] = octx.h1; |
117 | 25.6M | ctx->state[2] = octx.h2; |
118 | 25.6M | ctx->state[3] = octx.h3; |
119 | 25.6M | ctx->state[4] = octx.h4; |
120 | | |
121 | 25.6M | memcpy(ctx->block, octx.data, octx.num); |
122 | 25.6M | ctx->index = octx.num; |
123 | | |
124 | 25.6M | if (res > 0) { |
125 | 25.6M | sha1_update(ctx, res, data); |
126 | 25.6M | } |
127 | 25.6M | } |
128 | | |
129 | | void x86_sha256_update(struct sha256_ctx *ctx, size_t length, |
130 | | const uint8_t *data) |
131 | 5.11M | { |
132 | 5.11M | struct { |
133 | 5.11M | uint32_t h[8]; |
134 | 5.11M | uint32_t Nl, Nh; |
135 | 5.11M | uint32_t data[16]; |
136 | 5.11M | unsigned int num; |
137 | 5.11M | unsigned md_len; |
138 | 5.11M | } octx; |
139 | 5.11M | size_t res; |
140 | 5.11M | unsigned t2, i; |
141 | | |
142 | 5.11M | if ((res = ctx->index)) { |
143 | 0 | res = SHA256_BLOCK_SIZE - res; |
144 | 0 | if (length < res) |
145 | 0 | res = length; |
146 | 0 | sha256_update(ctx, res, data); |
147 | 0 | data += res; |
148 | 0 | length -= res; |
149 | 0 | } |
150 | | |
151 | 5.11M | memcpy(octx.h, ctx->state, sizeof(octx.h)); |
152 | 5.11M | memcpy(octx.data, ctx->block, SHA256_BLOCK_SIZE); |
153 | 5.11M | octx.num = ctx->index; |
154 | | |
155 | 5.11M | res = length % SHA256_BLOCK_SIZE; |
156 | 5.11M | length -= res; |
157 | | |
158 | 5.11M | if (length > 0) { |
159 | 148k | t2 = length / SHA1_BLOCK_SIZE; |
160 | 148k | sha256_block_data_order(&octx, data, t2); |
161 | | |
162 | 1.18M | for (i = 0; i < t2; i++) |
163 | 1.03M | ctx->count++; |
164 | 148k | data += length; |
165 | 148k | } |
166 | | |
167 | 5.11M | memcpy(ctx->state, octx.h, sizeof(octx.h)); |
168 | | |
169 | 5.11M | memcpy(ctx->block, octx.data, octx.num); |
170 | 5.11M | ctx->index = octx.num; |
171 | | |
172 | 5.11M | if (res > 0) { |
173 | 5.01M | sha256_update(ctx, res, data); |
174 | 5.01M | } |
175 | 5.11M | } |
176 | | |
177 | | void x86_sha512_update(struct sha512_ctx *ctx, size_t length, |
178 | | const uint8_t *data) |
179 | 1.71M | { |
180 | 1.71M | struct { |
181 | 1.71M | uint64_t h[8]; |
182 | 1.71M | uint64_t Nl, Nh; |
183 | 1.71M | union { |
184 | 1.71M | uint64_t d[16]; |
185 | 1.71M | uint8_t p[16 * 8]; |
186 | 1.71M | } u; |
187 | 1.71M | unsigned int num; |
188 | 1.71M | unsigned md_len; |
189 | 1.71M | } octx; |
190 | 1.71M | size_t res; |
191 | 1.71M | unsigned t2, i; |
192 | | |
193 | 1.71M | if ((res = ctx->index)) { |
194 | 0 | res = SHA512_BLOCK_SIZE - res; |
195 | 0 | if (length < res) |
196 | 0 | res = length; |
197 | 0 | sha512_update(ctx, res, data); |
198 | 0 | data += res; |
199 | 0 | length -= res; |
200 | 0 | } |
201 | | |
202 | 1.71M | memcpy(octx.h, ctx->state, sizeof(octx.h)); |
203 | 1.71M | memcpy(octx.u.p, ctx->block, SHA512_BLOCK_SIZE); |
204 | 1.71M | octx.num = ctx->index; |
205 | | |
206 | 1.71M | res = length % SHA512_BLOCK_SIZE; |
207 | 1.71M | length -= res; |
208 | | |
209 | 1.71M | if (length > 0) { |
210 | 46.4k | t2 = length / SHA512_BLOCK_SIZE; |
211 | 46.4k | sha512_block_data_order(&octx, data, t2); |
212 | | |
213 | 232k | for (i = 0; i < t2; i++) |
214 | 186k | MD_INCR(ctx); |
215 | 46.4k | data += length; |
216 | 46.4k | } |
217 | | |
218 | 1.71M | memcpy(ctx->state, octx.h, sizeof(octx.h)); |
219 | | |
220 | 1.71M | memcpy(ctx->block, octx.u.p, octx.num); |
221 | 1.71M | ctx->index = octx.num; |
222 | | |
223 | 1.71M | if (res > 0) { |
224 | 1.68M | sha512_update(ctx, res, data); |
225 | 1.68M | } |
226 | 1.71M | } |
227 | | |
228 | | static int _ctx_init(gnutls_digest_algorithm_t algo, struct x86_hash_ctx *ctx) |
229 | 32.2M | { |
230 | 32.2M | switch (algo) { |
231 | 25.6M | case GNUTLS_DIG_SHA1: |
232 | 25.6M | sha1_init(&ctx->ctx.sha1); |
233 | 25.6M | ctx->update = (nettle_hash_update_func *)x86_sha1_update; |
234 | 25.6M | ctx->digest = (nettle_hash_digest_func *)sha1_digest; |
235 | 25.6M | ctx->init = (nettle_hash_init_func *)sha1_init; |
236 | 25.6M | ctx->ctx_ptr = &ctx->ctx.sha1; |
237 | 25.6M | ctx->length = SHA1_DIGEST_SIZE; |
238 | 25.6M | break; |
239 | 68.0k | case GNUTLS_DIG_SHA224: |
240 | 68.0k | sha224_init(&ctx->ctx.sha224); |
241 | 68.0k | ctx->update = (nettle_hash_update_func *)x86_sha256_update; |
242 | 68.0k | ctx->digest = (nettle_hash_digest_func *)sha224_digest; |
243 | 68.0k | ctx->init = (nettle_hash_init_func *)sha224_init; |
244 | 68.0k | ctx->ctx_ptr = &ctx->ctx.sha224; |
245 | 68.0k | ctx->length = SHA224_DIGEST_SIZE; |
246 | 68.0k | break; |
247 | 4.87M | case GNUTLS_DIG_SHA256: |
248 | 4.87M | sha256_init(&ctx->ctx.sha256); |
249 | 4.87M | ctx->update = (nettle_hash_update_func *)x86_sha256_update; |
250 | 4.87M | ctx->digest = (nettle_hash_digest_func *)sha256_digest; |
251 | 4.87M | ctx->init = (nettle_hash_init_func *)sha256_init; |
252 | 4.87M | ctx->ctx_ptr = &ctx->ctx.sha256; |
253 | 4.87M | ctx->length = SHA256_DIGEST_SIZE; |
254 | 4.87M | break; |
255 | 1.22M | case GNUTLS_DIG_SHA384: |
256 | 1.22M | sha384_init(&ctx->ctx.sha384); |
257 | 1.22M | ctx->update = (nettle_hash_update_func *)x86_sha512_update; |
258 | 1.22M | ctx->digest = (nettle_hash_digest_func *)sha384_digest; |
259 | 1.22M | ctx->init = (nettle_hash_init_func *)sha384_init; |
260 | 1.22M | ctx->ctx_ptr = &ctx->ctx.sha384; |
261 | 1.22M | ctx->length = SHA384_DIGEST_SIZE; |
262 | 1.22M | break; |
263 | 438k | case GNUTLS_DIG_SHA512: |
264 | 438k | sha512_init(&ctx->ctx.sha512); |
265 | 438k | ctx->update = (nettle_hash_update_func *)x86_sha512_update; |
266 | 438k | ctx->digest = (nettle_hash_digest_func *)sha512_digest; |
267 | 438k | ctx->init = (nettle_hash_init_func *)sha512_init; |
268 | 438k | ctx->ctx_ptr = &ctx->ctx.sha512; |
269 | 438k | ctx->length = SHA512_DIGEST_SIZE; |
270 | 438k | break; |
271 | 0 | default: |
272 | 0 | gnutls_assert(); |
273 | 0 | return GNUTLS_E_INVALID_REQUEST; |
274 | 32.2M | } |
275 | | |
276 | 32.2M | return 0; |
277 | 32.2M | } |
278 | | |
279 | | static int wrap_x86_hash_init(gnutls_digest_algorithm_t algo, void **_ctx) |
280 | 81.9k | { |
281 | 81.9k | struct x86_hash_ctx *ctx; |
282 | 81.9k | int ret; |
283 | | |
284 | 81.9k | ctx = gnutls_malloc(sizeof(struct x86_hash_ctx)); |
285 | 81.9k | if (ctx == NULL) { |
286 | 0 | gnutls_assert(); |
287 | 0 | return GNUTLS_E_MEMORY_ERROR; |
288 | 0 | } |
289 | | |
290 | 81.9k | ctx->algo = algo; |
291 | | |
292 | 81.9k | if ((ret = _ctx_init(algo, ctx)) < 0) { |
293 | 0 | gnutls_free(ctx); |
294 | 0 | gnutls_assert(); |
295 | 0 | return ret; |
296 | 0 | } |
297 | | |
298 | 81.9k | *_ctx = ctx; |
299 | | |
300 | 81.9k | return 0; |
301 | 81.9k | } |
302 | | |
303 | | static void *wrap_x86_hash_copy(const void *_ctx) |
304 | 0 | { |
305 | 0 | struct x86_hash_ctx *new_ctx; |
306 | 0 | const struct x86_hash_ctx *ctx = _ctx; |
307 | 0 | ptrdiff_t off = (uint8_t *)ctx->ctx_ptr - (uint8_t *)(&ctx->ctx); |
308 | |
|
309 | 0 | new_ctx = gnutls_malloc(sizeof(struct x86_hash_ctx)); |
310 | 0 | if (new_ctx == NULL) { |
311 | 0 | gnutls_assert(); |
312 | 0 | return NULL; |
313 | 0 | } |
314 | | |
315 | 0 | memcpy(new_ctx, ctx, sizeof(*new_ctx)); |
316 | 0 | new_ctx->ctx_ptr = (uint8_t *)&new_ctx->ctx + off; |
317 | |
|
318 | 0 | return new_ctx; |
319 | 0 | } |
320 | | |
321 | | static int wrap_x86_hash_output(void *src_ctx, void *digest, size_t digestsize) |
322 | 81.9k | { |
323 | 81.9k | struct x86_hash_ctx *ctx; |
324 | 81.9k | ctx = src_ctx; |
325 | | |
326 | 81.9k | if (digest == NULL) { |
327 | 0 | ctx->init(ctx->ctx_ptr); |
328 | 0 | return 0; |
329 | 0 | } |
330 | | |
331 | 81.9k | if (digestsize < ctx->length) |
332 | 0 | return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); |
333 | | |
334 | | #if NETTLE_VERSION_MAJOR >= 4 |
335 | | if (digestsize != ctx->length) { |
336 | | gnutls_assert(); |
337 | | return GNUTLS_E_INVALID_REQUEST; |
338 | | } |
339 | | ctx->digest(ctx->ctx_ptr, digest); |
340 | | #else |
341 | 81.9k | ctx->digest(ctx->ctx_ptr, digestsize, digest); |
342 | 81.9k | #endif |
343 | | |
344 | 81.9k | return 0; |
345 | 81.9k | } |
346 | | |
347 | | static int wrap_x86_hash_fast(gnutls_digest_algorithm_t algo, const void *text, |
348 | | size_t text_size, void *digest) |
349 | 32.1M | { |
350 | 32.1M | struct x86_hash_ctx ctx; |
351 | 32.1M | int ret; |
352 | | |
353 | 32.1M | ret = _ctx_init(algo, &ctx); |
354 | 32.1M | if (ret < 0) |
355 | 0 | return gnutls_assert_val(ret); |
356 | | |
357 | 32.1M | ctx.update(&ctx, text_size, text); |
358 | | #if NETTLE_VERSION_MAJOR >= 4 |
359 | | ctx.digest(&ctx, digest); |
360 | | #else |
361 | 32.1M | ctx.digest(&ctx, ctx.length, digest); |
362 | 32.1M | #endif |
363 | 32.1M | zeroize_key(&ctx, sizeof(ctx)); |
364 | | |
365 | 32.1M | return 0; |
366 | 32.1M | } |
367 | | |
368 | | const struct nettle_hash x86_sha1 = |
369 | | NN_HASH(sha1, x86_sha1_update, sha1_digest, SHA1); |
370 | | const struct nettle_hash x86_sha224 = |
371 | | NN_HASH(sha224, x86_sha256_update, sha224_digest, SHA224); |
372 | | const struct nettle_hash x86_sha256 = |
373 | | NN_HASH(sha256, x86_sha256_update, sha256_digest, SHA256); |
374 | | |
375 | | const struct nettle_hash x86_sha384 = |
376 | | NN_HASH(sha384, x86_sha512_update, sha384_digest, SHA384); |
377 | | const struct nettle_hash x86_sha512 = |
378 | | NN_HASH(sha512, x86_sha512_update, sha512_digest, SHA512); |
379 | | |
380 | | const gnutls_crypto_digest_st _gnutls_sha_x86_ssse3 = { |
381 | | .init = wrap_x86_hash_init, |
382 | | .hash = wrap_x86_hash_update, |
383 | | .output = wrap_x86_hash_output, |
384 | | .copy = wrap_x86_hash_copy, |
385 | | .deinit = wrap_x86_hash_deinit, |
386 | | .fast = wrap_x86_hash_fast, |
387 | | }; |