Ivan Baravy 553742f877 libcrash: sync with upstream.
* Implement new algorithms:
  - MACs: Poly1305, HMAC (SHA2_256, SHA2_512),
  - ciphers: ChaCha20, AES256CTR, AES256CBC.
* Remove MD4 hash.
* Change API (it happens).
* Update crashtest example.


git-svn-id: svn://kolibrios.org@9216 a494cfbc-eb01-0410-851d-a64ba20cac60
2021-10-15 00:52:46 +00:00

563 lines
18 KiB
NASM

; libcrash -- cryptographic hash (and other) functions
;
; Copyright (C) <2012-2013,2016,2019,2021> Ivan Baravy
;
; SPDX-License-Identifier: GPL-2.0-or-later
;
; This program is free software: you can redistribute it and/or modify it under
; the terms of the GNU General Public License as published by the Free Software
; Foundation, either version 2 of the License, or (at your option) any later
; version.
;
; This program is distributed in the hope that it will be useful, but WITHOUT
; ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
; FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License along with
; this program. If not, see <http://www.gnu.org/licenses/>.
SHA2_384512_BLOCK_SIZE = 128
SHA2_384_BLOCK_SIZE = SHA2_384512_BLOCK_SIZE
SHA2_512_BLOCK_SIZE = SHA2_384512_BLOCK_SIZE
SHA2_384512_INIT_SIZE = 64
SHA2_384512_ALIGN = 16
SHA2_384512_ALIGN_MASK = SHA2_384512_ALIGN - 1
struct ctx_sha2_384512
hash rb SHA2_384512_INIT_SIZE
block rb SHA2_384512_BLOCK_SIZE
index rd 1
msglen_0 rd 1
msglen_1 rd 1
msglen_2 rd 1
msglen_3 rd 1
rd 3 ; align
; tmp vars
w rq 80
A rq 1
B rq 1
C rq 1
D rq 1
E rq 1
F rq 1
G rq 1
H rq 1
temp rq 1
ends
assert sizeof.ctx_sha2_384512 <= LIBCRASH_CTX_LEN
macro sha2_384512._.chn x, y, z
{
movq mm0, [y]
pxor mm0, [z]
pand mm0, [x]
pxor mm0, [z]
}
macro sha2_384512._.maj x, y, z
{
movq mm0, [x]
pxor mm0, [y]
pand mm0, [z]
movq mm2, [x]
pand mm2, [y]
pxor mm0, mm2
}
macro sha2_384512._.Sigma0 x
{
movq mm0, x
movq mm2, mm0
movq mm7, mm2
psrlq mm2, 28
psllq mm7, 36
por mm2, mm7
movq mm7, mm0
psrlq mm0, 34
psllq mm7, 30
por mm0, mm7
pxor mm0, mm2
movq mm2, x
movq mm7, mm2
psrlq mm2, 39
psllq mm7, 25
por mm2, mm7
pxor mm0, mm2
}
macro sha2_384512._.Sigma1 x
{
movq mm0, x
movq mm2, mm0
movq mm7, mm2
psrlq mm2, 14
psllq mm7, 50
por mm2, mm7
movq mm7, mm0
psrlq mm0, 18
psllq mm7, 46
por mm0, mm7
pxor mm0, mm2
movq mm2, x
movq mm7, mm2
psrlq mm2, 41
psllq mm7, 23
por mm2, mm7
pxor mm0, mm2
}
macro sha2_384512._.sigma0 x
{
movq mm0, x
movq mm2, mm0
movq mm7, mm2
psrlq mm2, 1
psllq mm7, 63
por mm2, mm7
movq mm7, mm0
psrlq mm0, 8
psllq mm7, 56
por mm0, mm7
pxor mm0, mm2
movq mm2, x
psrlq mm2, 7
pxor mm0, mm2
}
macro sha2_384512._.sigma1 x
{
movq mm0, x
movq mm2, mm0
movq mm7, mm2
psrlq mm2, 19
psllq mm7, 45
por mm2, mm7
movq mm7, mm0
psrlq mm0, 61
psllq mm7, 3
por mm0, mm7
pxor mm0, mm2
movq mm2, x
psrlq mm2, 6
pxor mm0, mm2
}
macro sha2_384512._.recalculate_w n
{
movq mm3, [w + ((n-2) and 15)*8]
sha2_384512._.sigma1 mm3
paddq mm0, [w + ((n-7) and 15)*8]
movq mm6, mm0
movq mm3, [w + ((n-15) and 15)*8]
sha2_384512._.sigma0 mm3
movq mm2, mm6
paddq mm0, mm2
movq mm7, [w + (n)*8]
paddq mm7, mm0
movq [w + (n)*8], mm7
}
macro sha2_384512._.round a, b, c, d, e, f, g, h, k
{
movq mm1, [h]
movq mm3, [e]
sha2_384512._.Sigma1 mm3
paddq mm1, mm0
sha2_384512._.chn e, f, g
paddq mm1, mm0
paddq mm1, [k]
paddq mm1, mm5
movq mm7, [d]
paddq mm7, mm1
movq [d], mm7
movq mm3, [a]
sha2_384512._.Sigma0 mm3
paddq mm1, mm0
sha2_384512._.maj a, b, c
paddq mm0, mm1
movq [h], mm0
}
macro sha2_384512._.round_1_16 a, b, c, d, e, f, g, h, n
{
movq mm0, [esi + (n)*8]
movq [temp], mm0
mov eax, dword[temp]
bswap eax
push eax
mov eax, dword[temp + 4]
bswap eax
mov dword[temp], eax
pop eax
mov dword[temp + 4], eax
movq mm0, [temp]
movq [w + (n)*8], mm0
movq mm5, mm0
sha2_384512._.round a, b, c, d, e, f, g, h, (sha2_384512._.table + (n)*8)
}
macro sha2_384512._.round_17_64 a, b, c, d, e, f, g, h, n, rep_num
{
sha2_384512._.recalculate_w n
movq mm5, [w + (n)*8]
sha2_384512._.round a, b, c, d, e, f, g, h, (sha2_384512._.table + (n+16*rep_num)*8)
}
proc sha2_384.init uses ebx esi edi, _ctx
mov ebx, [_ctx]
lea edi, [ebx + ctx_sha2_384512.hash]
mov esi, sha2_384._.hash_init
mov ecx, SHA2_384512_INIT_SIZE/4
rep movsd
xor eax, eax
mov [ebx + ctx_sha2_384512.index], eax
mov [ebx + ctx_sha2_384512.msglen_0], eax
mov [ebx + ctx_sha2_384512.msglen_1], eax
mov [ebx + ctx_sha2_384512.msglen_2], eax
mov [ebx + ctx_sha2_384512.msglen_3], eax
ret
endp
proc sha2_512.init uses ebx esi edi, _ctx
mov ebx, [_ctx]
lea edi, [ebx + ctx_sha2_384512.hash]
mov esi, sha2_512._.hash_init
mov ecx, SHA2_384512_INIT_SIZE/4
rep movsd
xor eax, eax
mov [ebx + ctx_sha2_384512.index], eax
mov [ebx + ctx_sha2_384512.msglen_0], eax
mov [ebx + ctx_sha2_384512.msglen_1], eax
mov [ebx + ctx_sha2_384512.msglen_2], eax
mov [ebx + ctx_sha2_384512.msglen_3], eax
ret
endp
proc sha2_384512._.block _hash
;locals
; w rq 80
; A rq 1
; B rq 1
; C rq 1
; D rq 1
; E rq 1
; F rq 1
; G rq 1
; H rq 1
; temp rq 1
;endl
w equ ebx + ctx_sha2_384512.w
A equ ebx + ctx_sha2_384512.A
B equ ebx + ctx_sha2_384512.B
C equ ebx + ctx_sha2_384512.C
D equ ebx + ctx_sha2_384512.D
E equ ebx + ctx_sha2_384512.E
F equ ebx + ctx_sha2_384512.F
G equ ebx + ctx_sha2_384512.G
H equ ebx + ctx_sha2_384512.H
temp equ ebx + ctx_sha2_384512.temp
mov edi, [_hash]
movq mm0, [edi + 0x00]
movq [A], mm0
movq mm0, [edi + 0x08]
movq [B], mm0
movq mm0, [edi + 0x10]
movq [C], mm0
movq mm0, [edi + 0x18]
movq [D], mm0
movq mm0, [edi + 0x20]
movq [E], mm0
movq mm0, [edi + 0x28]
movq [F], mm0
movq mm0, [edi + 0x30]
movq [G], mm0
movq mm0, [edi + 0x38]
movq [H], mm0
sha2_384512._.round_1_16 A, B, C, D, E, F, G, H, 0
sha2_384512._.round_1_16 H, A, B, C, D, E, F, G, 1
sha2_384512._.round_1_16 G, H, A, B, C, D, E, F, 2
sha2_384512._.round_1_16 F, G, H, A, B, C, D, E, 3
sha2_384512._.round_1_16 E, F, G, H, A, B, C, D, 4
sha2_384512._.round_1_16 D, E, F, G, H, A, B, C, 5
sha2_384512._.round_1_16 C, D, E, F, G, H, A, B, 6
sha2_384512._.round_1_16 B, C, D, E, F, G, H, A, 7
sha2_384512._.round_1_16 A, B, C, D, E, F, G, H, 8
sha2_384512._.round_1_16 H, A, B, C, D, E, F, G, 9
sha2_384512._.round_1_16 G, H, A, B, C, D, E, F, 10
sha2_384512._.round_1_16 F, G, H, A, B, C, D, E, 11
sha2_384512._.round_1_16 E, F, G, H, A, B, C, D, 12
sha2_384512._.round_1_16 D, E, F, G, H, A, B, C, 13
sha2_384512._.round_1_16 C, D, E, F, G, H, A, B, 14
sha2_384512._.round_1_16 B, C, D, E, F, G, H, A, 15
repeat 4
sha2_384512._.round_17_64 A, B, C, D, E, F, G, H, 0, %
sha2_384512._.round_17_64 H, A, B, C, D, E, F, G, 1, %
sha2_384512._.round_17_64 G, H, A, B, C, D, E, F, 2, %
sha2_384512._.round_17_64 F, G, H, A, B, C, D, E, 3, %
sha2_384512._.round_17_64 E, F, G, H, A, B, C, D, 4, %
sha2_384512._.round_17_64 D, E, F, G, H, A, B, C, 5, %
sha2_384512._.round_17_64 C, D, E, F, G, H, A, B, 6, %
sha2_384512._.round_17_64 B, C, D, E, F, G, H, A, 7, %
sha2_384512._.round_17_64 A, B, C, D, E, F, G, H, 8, %
sha2_384512._.round_17_64 H, A, B, C, D, E, F, G, 9, %
sha2_384512._.round_17_64 G, H, A, B, C, D, E, F, 10, %
sha2_384512._.round_17_64 F, G, H, A, B, C, D, E, 11, %
sha2_384512._.round_17_64 E, F, G, H, A, B, C, D, 12, %
sha2_384512._.round_17_64 D, E, F, G, H, A, B, C, 13, %
sha2_384512._.round_17_64 C, D, E, F, G, H, A, B, 14, %
sha2_384512._.round_17_64 B, C, D, E, F, G, H, A, 15, %
end repeat
mov edi, [_hash]
movq mm0, [A]
paddq mm0, [edi + 0x00]
movq [edi + 0x00], mm0
movq mm0, [B]
paddq mm0, [edi + 0x08]
movq [edi + 0x08], mm0
movq mm0, [C]
paddq mm0, [edi + 0x10]
movq [edi + 0x10], mm0
movq mm0, [D]
paddq mm0, [edi + 0x18]
movq [edi + 0x18], mm0
movq mm0, [E]
paddq mm0, [edi + 0x20]
movq [edi + 0x20], mm0
movq mm0, [F]
paddq mm0, [edi + 0x28]
movq [edi + 0x28], mm0
movq mm0, [G]
paddq mm0, [edi + 0x30]
movq [edi + 0x30], mm0
movq mm0, [H]
paddq mm0, [edi + 0x38]
movq [edi + 0x38], mm0
ret
restore w,A,B,C,D,E,F,G,H,temp
endp
sha2_384.update = sha2_384512.update
sha2_512.update = sha2_384512.update
proc sha2_384512.update uses ebx esi edi, _ctx, _msg, _size
mov ebx, [_ctx]
mov ecx, [_size]
add [ebx + ctx_sha2_384512.msglen_0], ecx
adc [ebx + ctx_sha2_384512.msglen_1], 0
adc [ebx + ctx_sha2_384512.msglen_2], 0
adc [ebx + ctx_sha2_384512.msglen_3], 0
.next_block:
mov ebx, [_ctx]
mov esi, [_msg]
mov eax, [ebx + ctx_sha2_384512.index]
and eax, SHA2_384512_BLOCK_SIZE-1
jnz .copy_to_buf
test esi, SHA2_384512_ALIGN_MASK
jnz .copy_to_buf
.no_copy:
; data is aligned, hash it in place without copying
mov ebx, [_ctx]
cmp [_size], SHA2_384512_BLOCK_SIZE
jb .copy_quit
lea eax, [ebx + ctx_sha2_384512.hash]
stdcall sha2_384512._.block, eax
sub [_size], SHA2_384512_BLOCK_SIZE
add esi, SHA2_384512_BLOCK_SIZE ; FIXME
jmp .no_copy
.copy_to_buf:
lea edi, [ebx + ctx_sha2_384512.block]
add edi, eax
mov ecx, SHA2_384512_BLOCK_SIZE
sub ecx, eax
cmp [_size], ecx
jb .copy_quit
sub [_size], ecx
add [_msg], ecx
add [ebx + ctx_sha2_384512.index], ecx
rep movsb
lea eax, [ebx + ctx_sha2_384512.hash]
lea esi, [ebx + ctx_sha2_384512.block]
stdcall sha2_384512._.block, eax
jmp .next_block
.copy_quit:
mov ebx, [_ctx]
lea edi, [ebx + ctx_sha2_384512.block]
mov eax, [ebx + ctx_sha2_384512.index]
and eax, SHA2_384512_BLOCK_SIZE-1
add edi, eax
mov ecx, [_size]
add [ebx + ctx_sha2_384512.index], ecx
rep movsb
.quit:
ret
endp
sha2_384.finish = sha2_384512.finish
sha2_512.finish = sha2_384512.finish
proc sha2_384512.finish uses ebx esi edi, _ctx
mov ebx, [_ctx]
lea edi, [ebx + ctx_sha2_384512.block]
mov ecx, [ebx + ctx_sha2_384512.msglen_0]
and ecx, SHA2_384512_BLOCK_SIZE-1
add edi, ecx
mov byte[edi], 0x80
inc edi
neg ecx
add ecx, SHA2_384512_BLOCK_SIZE
cmp ecx, 16
ja .last
dec ecx
xor eax, eax
rep stosb
lea esi, [ebx + ctx_sha2_384512.block]
lea eax, [ebx + ctx_sha2_384512.hash]
stdcall sha2_384512._.block, eax
mov ebx, [_ctx]
lea edi, [ebx + ctx_sha2_384512.block]
mov ecx, SHA2_384512_BLOCK_SIZE+1
.last:
dec ecx
sub ecx, 16
xor eax, eax
rep stosb
mov eax, [ebx + ctx_sha2_384512.msglen_1]
shld [ebx + ctx_sha2_384512.msglen_0], eax, 3
mov eax, [ebx + ctx_sha2_384512.msglen_2]
shld [ebx + ctx_sha2_384512.msglen_1], eax, 3
mov eax, [ebx + ctx_sha2_384512.msglen_3]
shld [ebx + ctx_sha2_384512.msglen_2], eax, 3
shl eax, 3
bswap eax
mov dword[edi + 0], eax
mov eax, [ebx + ctx_sha2_384512.msglen_2]
bswap eax
mov dword[edi + 4], eax
mov eax, [ebx + ctx_sha2_384512.msglen_1]
bswap eax
mov dword[edi + 8], eax
mov eax, [ebx + ctx_sha2_384512.msglen_0]
bswap eax
mov dword[edi + 12], eax
mov ebx, [_ctx]
lea esi, [ebx + ctx_sha2_384512.block]
lea eax, [ebx + ctx_sha2_384512.hash]
stdcall sha2_384512._.block, eax
mov ebx, [_ctx]
lea eax, [ebx + ctx_sha2_384512.hash]
stdcall sha2_384512._.postprocess, ebx, eax
ret
endp
proc sha2_384512._.postprocess _ctx, _hash
mov ecx, 8
mov esi, [_hash]
mov edi, esi
@@:
lodsd
mov ebx, eax
lodsd
bswap eax
bswap ebx
stosd
mov eax, ebx
stosd
dec ecx ; FIXME: what should I fix here?
jnz @b
emms
ret
endp
proc sha2_384.oneshot _ctx, _data, _len
stdcall sha2_384.init, [_ctx]
stdcall sha2_384.update, [_ctx], [_data], [_len]
stdcall sha2_384.finish, [_ctx]
ret
endp
proc sha2_512.oneshot _ctx, _data, _len
stdcall sha2_512.init, [_ctx]
stdcall sha2_512.update, [_ctx], [_data], [_len]
stdcall sha2_512.finish, [_ctx]
ret
endp
iglobal
align SHA2_384512_ALIGN
sha2_384._.hash_init dq 0xcbbb9d5dc1059ed8, 0x629a292a367cd507,\
0x9159015a3070dd17, 0x152fecd8f70e5939,\
0x67332667ffc00b31, 0x8eb44a8768581511,\
0xdb0c2e0d64f98fa7, 0x47b5481dbefa4fa4
sha2_512._.hash_init dq 0x6a09e667f3bcc908, 0xbb67ae8584caa73b,\
0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1,\
0x510e527fade682d1, 0x9b05688c2b3e6c1f,\
0x1f83d9abfb41bd6b, 0x5be0cd19137e2179
sha2_384512._.table dq 0x428a2f98d728ae22, 0x7137449123ef65cd,\
0xb5c0fbcfec4d3b2f, 0xe9b5dba58189dbbc,\
0x3956c25bf348b538, 0x59f111f1b605d019,\
0x923f82a4af194f9b, 0xab1c5ed5da6d8118,\
0xd807aa98a3030242, 0x12835b0145706fbe,\
0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2,\
0x72be5d74f27b896f, 0x80deb1fe3b1696b1,\
0x9bdc06a725c71235, 0xc19bf174cf692694,\
0xe49b69c19ef14ad2, 0xefbe4786384f25e3,\
0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65,\
0x2de92c6f592b0275, 0x4a7484aa6ea6e483,\
0x5cb0a9dcbd41fbd4, 0x76f988da831153b5,\
0x983e5152ee66dfab, 0xa831c66d2db43210,\
0xb00327c898fb213f, 0xbf597fc7beef0ee4,\
0xc6e00bf33da88fc2, 0xd5a79147930aa725,\
0x06ca6351e003826f, 0x142929670a0e6e70,\
0x27b70a8546d22ffc, 0x2e1b21385c26c926,\
0x4d2c6dfc5ac42aed, 0x53380d139d95b3df,\
0x650a73548baf63de, 0x766a0abb3c77b2a8,\
0x81c2c92e47edaee6, 0x92722c851482353b,\
0xa2bfe8a14cf10364, 0xa81a664bbc423001,\
0xc24b8b70d0f89791, 0xc76c51a30654be30,\
0xd192e819d6ef5218, 0xd69906245565a910,\
0xf40e35855771202a, 0x106aa07032bbd1b8,\
0x19a4c116b8d2d0c8, 0x1e376c085141ab53,\
0x2748774cdf8eeb99, 0x34b0bcb5e19b48a8,\
0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb,\
0x5b9cca4f7763e373, 0x682e6ff3d6b2b8a3,\
0x748f82ee5defb2fc, 0x78a5636f43172f60,\
0x84c87814a1f0ab72, 0x8cc702081a6439ec,\
0x90befffa23631e28, 0xa4506cebde82bde9,\
0xbef9a3f7b2c67915, 0xc67178f2e372532b,\
0xca273eceea26619c, 0xd186b8c721c0c207,\
0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178,\
0x06f067aa72176fba, 0x0a637dc5a2c898a6,\
0x113f9804bef90dae, 0x1b710b35131c471b,\
0x28db77f523047d84, 0x32caab7b40c72493,\
0x3c9ebe0a15c9bebc, 0x431d67c49c100d4c,\
0x4cc5d4becb3e42b6, 0x597f299cfc657e2a,\
0x5fcb6fab3ad6faec, 0x6c44198c4a475817
endg