iPXE
sha512.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2015 Michael Brown <mbrown@fensystems.co.uk>.
3  *
4  * This program is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU General Public License as
6  * published by the Free Software Foundation; either version 2 of the
7  * License, or any later version.
8  *
9  * This program is distributed in the hope that it will be useful, but
10  * WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17  * 02110-1301, USA.
18  *
19  * You can also choose to distribute this program under the terms of
20  * the Unmodified Binary Distribution Licence (as given in the file
21  * COPYING.UBDL), provided that you have satisfied its requirements.
22  */
23 
24 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
25 
26 /** @file
27  *
28  * SHA-512 algorithm
29  *
30  */
31 
32 #include <stdint.h>
33 #include <string.h>
34 #include <byteswap.h>
35 #include <assert.h>
36 #include <ipxe/rotate.h>
37 #include <ipxe/crypto.h>
38 #include <ipxe/sha512.h>
39 
40 /** SHA-512 variables */
42  /* This layout matches that of struct sha512_digest_data,
43  * allowing for efficient endianness-conversion,
44  */
54 } __attribute__ (( packed ));
55 
56 /** SHA-512 constants */
57 static const uint64_t k[SHA512_ROUNDS] = {
58  0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL,
59  0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
60  0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL,
61  0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
62  0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL,
63  0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
64  0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL,
65  0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
66  0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL,
67  0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
68  0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL,
69  0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
70  0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL,
71  0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
72  0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL,
73  0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
74  0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL,
75  0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
76  0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL,
77  0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
78  0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL,
79  0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
80  0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL,
81  0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
82  0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL,
83  0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
84  0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
85 };
86 
87 /** SHA-512 initial digest values */
88 static const struct sha512_digest sha512_init_digest = {
89  .h = {
90  cpu_to_be64 ( 0x6a09e667f3bcc908ULL ),
91  cpu_to_be64 ( 0xbb67ae8584caa73bULL ),
92  cpu_to_be64 ( 0x3c6ef372fe94f82bULL ),
93  cpu_to_be64 ( 0xa54ff53a5f1d36f1ULL ),
94  cpu_to_be64 ( 0x510e527fade682d1ULL ),
95  cpu_to_be64 ( 0x9b05688c2b3e6c1fULL ),
96  cpu_to_be64 ( 0x1f83d9abfb41bd6bULL ),
97  cpu_to_be64 ( 0x5be0cd19137e2179ULL ),
98  },
99 };
100 
101 /**
102  * Initialise SHA-512 family algorithm
103  *
104  * @v context SHA-512 context
105  * @v init Initial digest values
106  * @v digestsize Digest size
107  */
108 void sha512_family_init ( struct sha512_context *context,
109  const struct sha512_digest *init,
110  size_t digestsize ) {
111 
112  context->len = 0;
113  context->digestsize = digestsize;
114  memcpy ( &context->ddq.dd.digest, init,
115  sizeof ( context->ddq.dd.digest ) );
116 }
117 
118 /**
119  * Initialise SHA-512 algorithm
120  *
121  * @v ctx SHA-512 context
122  */
123 static void sha512_init ( void *ctx ) {
124  struct sha512_context *context = ctx;
125 
127  sizeof ( struct sha512_digest ) );
128 }
129 
130 /**
131  * Calculate SHA-512 digest of accumulated data
132  *
133  * @v context SHA-512 context
134  */
135 static void sha512_digest ( struct sha512_context *context ) {
136  union {
138  struct sha512_variables v;
139  } u;
140  uint64_t *a = &u.v.a;
141  uint64_t *b = &u.v.b;
142  uint64_t *c = &u.v.c;
143  uint64_t *d = &u.v.d;
144  uint64_t *e = &u.v.e;
145  uint64_t *f = &u.v.f;
146  uint64_t *g = &u.v.g;
147  uint64_t *h = &u.v.h;
148  uint64_t *w = u.v.w;
149  uint64_t s0;
150  uint64_t s1;
151  uint64_t maj;
152  uint64_t t1;
153  uint64_t t2;
154  uint64_t ch;
155  unsigned int i;
156 
157  /* Sanity checks */
158  assert ( ( context->len % sizeof ( context->ddq.dd.data ) ) == 0 );
159  build_assert ( &u.ddq.dd.digest.h[0] == a );
160  build_assert ( &u.ddq.dd.digest.h[1] == b );
161  build_assert ( &u.ddq.dd.digest.h[2] == c );
162  build_assert ( &u.ddq.dd.digest.h[3] == d );
163  build_assert ( &u.ddq.dd.digest.h[4] == e );
164  build_assert ( &u.ddq.dd.digest.h[5] == f );
165  build_assert ( &u.ddq.dd.digest.h[6] == g );
166  build_assert ( &u.ddq.dd.digest.h[7] == h );
167  build_assert ( &u.ddq.dd.data.qword[0] == w );
168 
169  DBGC ( context, "SHA512 digesting:\n" );
170  DBGC_HDA ( context, 0, &context->ddq.dd.digest,
171  sizeof ( context->ddq.dd.digest ) );
172  DBGC_HDA ( context, context->len, &context->ddq.dd.data,
173  sizeof ( context->ddq.dd.data ) );
174 
175  /* Convert h[0..7] to host-endian, and initialise a, b, c, d,
176  * e, f, g, h, and w[0..15]
177  */
178  for ( i = 0 ; i < ( sizeof ( u.ddq.qword ) /
179  sizeof ( u.ddq.qword[0] ) ) ; i++ ) {
180  be64_to_cpus ( &context->ddq.qword[i] );
181  u.ddq.qword[i] = context->ddq.qword[i];
182  }
183 
184  /* Initialise w[16..79] */
185  for ( i = 16 ; i < SHA512_ROUNDS ; i++ ) {
186  s0 = ( ror64 ( w[i-15], 1 ) ^ ror64 ( w[i-15], 8 ) ^
187  ( w[i-15] >> 7 ) );
188  s1 = ( ror64 ( w[i-2], 19 ) ^ ror64 ( w[i-2], 61 ) ^
189  ( w[i-2] >> 6 ) );
190  w[i] = ( w[i-16] + s0 + w[i-7] + s1 );
191  }
192 
193  /* Main loop */
194  for ( i = 0 ; i < SHA512_ROUNDS ; i++ ) {
195  s0 = ( ror64 ( *a, 28 ) ^ ror64 ( *a, 34 ) ^ ror64 ( *a, 39 ) );
196  maj = ( ( *a & *b ) ^ ( *a & *c ) ^ ( *b & *c ) );
197  t2 = ( s0 + maj );
198  s1 = ( ror64 ( *e, 14 ) ^ ror64 ( *e, 18 ) ^ ror64 ( *e, 41 ) );
199  ch = ( ( *e & *f ) ^ ( (~*e) & *g ) );
200  t1 = ( *h + s1 + ch + k[i] + w[i] );
201  *h = *g;
202  *g = *f;
203  *f = *e;
204  *e = ( *d + t1 );
205  *d = *c;
206  *c = *b;
207  *b = *a;
208  *a = ( t1 + t2 );
209  DBGC2 ( context, "%2d : %016llx %016llx %016llx %016llx "
210  "%016llx %016llx %016llx %016llx\n",
211  i, *a, *b, *c, *d, *e, *f, *g, *h );
212  }
213 
214  /* Add chunk to hash and convert back to big-endian */
215  for ( i = 0 ; i < 8 ; i++ ) {
216  context->ddq.dd.digest.h[i] =
217  cpu_to_be64 ( context->ddq.dd.digest.h[i] +
218  u.ddq.dd.digest.h[i] );
219  }
220 
221  DBGC ( context, "SHA512 digested:\n" );
222  DBGC_HDA ( context, 0, &context->ddq.dd.digest,
223  sizeof ( context->ddq.dd.digest ) );
224 }
225 
226 /**
227  * Accumulate data with SHA-512 algorithm
228  *
229  * @v ctx SHA-512 context
230  * @v data Data
231  * @v len Length of data
232  */
233 void sha512_update ( void *ctx, const void *data, size_t len ) {
234  struct sha512_context *context = ctx;
235  const uint8_t *byte = data;
236  size_t offset;
237 
238  /* Accumulate data a byte at a time, performing the digest
239  * whenever we fill the data buffer
240  */
241  while ( len-- ) {
242  offset = ( context->len % sizeof ( context->ddq.dd.data ) );
243  context->ddq.dd.data.byte[offset] = *(byte++);
244  context->len++;
245  if ( ( context->len % sizeof ( context->ddq.dd.data ) ) == 0 )
246  sha512_digest ( context );
247  }
248 }
249 
250 /**
251  * Generate SHA-512 digest
252  *
253  * @v ctx SHA-512 context
254  * @v out Output buffer
255  */
256 void sha512_final ( void *ctx, void *out ) {
257  struct sha512_context *context = ctx;
258  uint64_t len_bits_hi;
259  uint64_t len_bits_lo;
260  uint8_t pad;
261 
262  /* Record length before pre-processing */
263  len_bits_hi = 0;
264  len_bits_lo = cpu_to_be64 ( ( ( uint64_t ) context->len ) * 8 );
265 
266  /* Pad with a single "1" bit followed by as many "0" bits as required */
267  pad = 0x80;
268  do {
269  sha512_update ( ctx, &pad, sizeof ( pad ) );
270  pad = 0x00;
271  } while ( ( context->len % sizeof ( context->ddq.dd.data ) ) !=
272  offsetof ( typeof ( context->ddq.dd.data ), final.len_hi ) );
273 
274  /* Append length (in bits) */
275  sha512_update ( ctx, &len_bits_hi, sizeof ( len_bits_hi ) );
276  sha512_update ( ctx, &len_bits_lo, sizeof ( len_bits_lo ) );
277  assert ( ( context->len % sizeof ( context->ddq.dd.data ) ) == 0 );
278 
279  /* Copy out final digest */
280  memcpy ( out, &context->ddq.dd.digest, context->digestsize );
281 }
282 
283 /** SHA-512 algorithm */
285  .name = "sha512",
286  .ctxsize = sizeof ( struct sha512_context ),
287  .blocksize = sizeof ( union sha512_block ),
288  .digestsize = sizeof ( struct sha512_digest ),
289  .init = sha512_init,
290  .update = sha512_update,
291  .final = sha512_final,
292 };
void sha512_update(void *ctx, const void *data, size_t len)
Accumulate data with SHA-512 algorithm.
Definition: sha512.c:233
void sha512_final(void *ctx, void *out)
Generate SHA-512 digest.
Definition: sha512.c:256
struct sha512_digest digest
Digest of data already processed.
Definition: sha512.h:48
uint64_t w[SHA512_ROUNDS]
Definition: sha512.c:53
SHA-512 digest and data block.
Definition: sha512.h:54
SHA-512 variables.
Definition: sha512.c:41
struct digest_algorithm sha512_algorithm
SHA-512 algorithm.
Definition: sha512.c:284
uint64_t w[SHA512_ROUNDS]
Definition: sha512.c:36
uint64_t h
Definition: sha512.c:52
#define DBGC(...)
Definition: compiler.h:505
unsigned long long uint64_t
Definition: stdint.h:13
Cryptographic API.
uint64_t c
Definition: sha512.c:47
#define offsetof(type, field)
Get offset of a field within a structure.
Definition: stddef.h:24
u32 pad[9]
Padding.
Definition: ar9003_mac.h:90
uint64_t d
Definition: sha512.c:31
__be32 out[4]
Definition: CIB_PRM.h:36
uint64_t a
Definition: sha512.c:45
uint8_t ch
Definition: registers.h:83
void * memcpy(void *dest, const void *src, size_t len) __nonnull
struct sha512_digest_data dd
Digest and data block.
Definition: sha512.h:56
Assertions.
assert((readw(&hdr->flags) &(GTF_reading|GTF_writing))==0)
#define DBGC_HDA(...)
Definition: compiler.h:506
#define build_assert(condition)
Assert a condition at build time (after dead code elimination)
Definition: assert.h:76
static userptr_t size_t offset
Offset of the first segment within the content.
Definition: deflate.h:259
uint64_t qword[sizeof(struct sha512_digest_data)/sizeof(uint64_t)]
Raw qwords.
Definition: sha512.h:59
An SHA-512 context.
Definition: sha512.h:63
uint64_t g
Definition: sha512.c:34
An SHA-512 digest.
Definition: sha512.h:19
uint64_t b
Definition: sha512.c:29
struct golan_eq_context ctx
Definition: CIB_PRM.h:28
unsigned char uint8_t
Definition: stdint.h:10
uint64_t c
Definition: sha512.c:30
An SHA-512 data block.
Definition: sha512.h:25
union sha512_digest_data_qwords ddq
Digest and accumulated data.
Definition: sha512.h:69
uint64_t h
Definition: sha512.c:35
uint64_t d
Definition: sha512.c:48
static const struct sha512_digest sha512_init_digest
SHA-512 initial digest values.
Definition: sha512.c:88
uint64_t h[8]
Hash output.
Definition: sha512.h:21
size_t len
Amount of accumulated data.
Definition: sha512.h:65
union sha512_block data
Accumulated data.
Definition: sha512.h:50
uint64_t e
Definition: sha512.c:32
uint32_t len
Length.
Definition: ena.h:14
#define DBGC2(...)
Definition: compiler.h:522
static void sha512_init(void *ctx)
Initialise SHA-512 algorithm.
Definition: sha512.c:123
const char * name
Algorithm name.
Definition: crypto.h:19
uint64_t f
Definition: sha512.c:33
uint64_t f
Definition: sha512.c:50
SHA-512 algorithm.
A message digest algorithm.
Definition: crypto.h:17
union @17 u
uint8_t data[48]
Additional event data.
Definition: ena.h:22
#define cpu_to_be64(value)
Definition: byteswap.h:111
struct sha512_variables __attribute__((packed))
static void sha512_digest(struct sha512_context *context)
Calculate SHA-512 digest of accumulated data.
Definition: sha512.c:135
static const uint64_t k[SHA512_ROUNDS]
SHA-512 constants.
Definition: sha512.c:57
#define SHA512_ROUNDS
SHA-512 number of rounds.
Definition: sha512.h:16
uint64_t a
Definition: sha512.c:28
typeof(acpi_finder=acpi_find)
ACPI table finder.
Definition: acpi.c:45
uint32_t digestsize
Digest size (i.e.
Definition: pccrr.h:14
uint64_t g
Definition: sha512.c:51
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
uint64_t e
Definition: sha512.c:49
String functions.
uint8_t byte[128]
Raw bytes.
Definition: sha512.h:27
size_t digestsize
Digest size.
Definition: sha512.h:67
void sha512_family_init(struct sha512_context *context, const struct sha512_digest *init, size_t digestsize)
Initialise SHA-512 family algorithm.
Definition: sha512.c:108
#define be64_to_cpus(ptr)
Definition: byteswap.h:129
Bit operations.
uint64_t b
Definition: sha512.c:46