|
1 /* |
|
2 * This product includes cryptographic software developed by the OpenSSL |
|
3 * Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This |
|
4 * product includes cryptographic software written by Eric Young |
|
5 * ([email protected]). |
|
6 */ |
|
7 |
|
8 /* |
|
9 * ==================================================================== |
|
10 * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. |
|
11 * |
|
12 * Redistribution and use in source and binary forms, with or without |
|
13 * modification, are permitted provided that the following conditions |
|
14 * are met: |
|
15 * |
|
16 * 1. Redistributions of source code must retain the above copyright |
|
17 * notice, this list of conditions and the following disclaimer. |
|
18 * |
|
19 * 2. Redistributions in binary form must reproduce the above copyright |
|
20 * notice, this list of conditions and the following disclaimer in |
|
21 * the documentation and/or other materials provided with the |
|
22 * distribution. |
|
23 * |
|
24 * 3. All advertising materials mentioning features or use of this |
|
25 * software must display the following acknowledgment: |
|
26 * "This product includes software developed by the OpenSSL Project |
|
27 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" |
|
28 * |
|
29 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|
30 * endorse or promote products derived from this software without |
|
31 * prior written permission. For written permission, please contact |
|
32 * [email protected]. |
|
33 * |
|
34 * 5. Products derived from this software may not be called "OpenSSL" |
|
35 * nor may "OpenSSL" appear in their names without prior written |
|
36 * permission of the OpenSSL Project. |
|
37 * |
|
38 * 6. Redistributions of any form whatsoever must retain the following |
|
39 * acknowledgment: |
|
40 * "This product includes software developed by the OpenSSL Project |
|
41 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" |
|
42 * |
|
43 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|
44 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
45 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
46 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|
47 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
48 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|
49 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|
50 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|
51 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|
52 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|
53 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|
54 * OF THE POSSIBILITY OF SUCH DAMAGE. |
|
55 * ==================================================================== |
|
56 */ |
|
57 |
|
58 /* |
|
59 * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. |
|
60 */ |
|
61 |
|
62 /* |
|
63 * This engine supports SPARC microprocessors that provide AES and other |
|
64 * cipher and hash instructions, such as the T4 microprocessor. |
|
65 * |
|
66 * This file implements the SHA-512 message digest operations. |
|
67 */ |
|
68 |
|
69 #include <openssl/opensslconf.h> |
|
70 |
|
71 #if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_MD_T4) |
|
72 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) |
|
73 #include <sys/types.h> |
|
74 #include <stdlib.h> |
|
75 #include <string.h> |
|
76 #include <errno.h> |
|
77 #include <openssl/engine.h> |
|
78 /* |
|
79 * Solaris sys/sha2.h and OpenSSL openssl/sha.h both define |
|
80 * SHA512_CTX, SHA512_CTX, SHA512, SHA384, and SHA512. |
|
81 * For SHA2, OpenSSL SHA512_CTX has extra num and md_len fields at |
|
82 * the end and Solaris SHA2_CTX has an extra algotype field at the beginning. |
|
83 */ |
|
84 #include "eng_t4_sha2_asm.h" |
|
85 |
|
86 #if (defined(sun4v) || defined(__sparcv9) || defined(__sparcv8plus) || \ |
|
87 defined(__sparcv8)) && !defined(OPENSSL_NO_ASM) |
|
88 #define COMPILE_HW_T4 |
|
89 #endif |
|
90 |
|
91 #ifdef COMPILE_HW_T4 |
|
92 |
|
93 /* Formal declaration for functions in EVP_MD structure */ |
|
94 static int t4_digest_init_sha384(EVP_MD_CTX *ctx); |
|
95 static int t4_digest_init_sha512(EVP_MD_CTX *ctx); |
|
96 static int t4_digest_update_sha512(EVP_MD_CTX *ctx, const void *data, |
|
97 size_t len); |
|
98 static int t4_digest_final_sha512(EVP_MD_CTX *ctx, unsigned char *md); |
|
99 static int t4_digest_copy_sha512(EVP_MD_CTX *to, const EVP_MD_CTX *from); |
|
100 |
|
101 |
|
102 /* |
|
103 * OpenSSL's libcrypto EVP stuff. This is how this engine gets wired to EVP. |
|
104 * EVP_MD is defined in evp.h. To maintain binary compatibility the |
|
105 * definition cannot be modified. |
|
106 * Stuff specific to the t4 engine is kept in t4_cipher_ctx_t, which is |
|
107 * pointed to by the last field, app_data. |
|
108 * |
|
109 * Fields: type, pkey_type, md_size, flags, |
|
110 * init(), update(), final(), |
|
111 * copy(), cleanup(), sign(), verify(), |
|
112 * required_pkey_type, block_size, ctx_size, md5_ctrl() |
|
113 */ |
|
114 |
|
115 const EVP_MD t4_sha512 = { |
|
116 NID_sha512, NID_sha512WithRSAEncryption, SHA512_DIGEST_LENGTH, |
|
117 EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, |
|
118 t4_digest_init_sha512, t4_digest_update_sha512, t4_digest_final_sha512, |
|
119 t4_digest_copy_sha512, NULL, |
|
120 EVP_PKEY_RSA_method, SHA512_CBLOCK, |
|
121 sizeof (T4_SHA512_CTX), NULL |
|
122 }; |
|
123 /* SHA-384 uses the same context, cblock size, & update function as SHA-512: */ |
|
124 const EVP_MD t4_sha384 = { |
|
125 NID_sha384, NID_sha384WithRSAEncryption, SHA384_DIGEST_LENGTH, |
|
126 EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, |
|
127 t4_digest_init_sha384, t4_digest_update_sha512, t4_digest_final_sha512, |
|
128 t4_digest_copy_sha512, NULL, |
|
129 EVP_PKEY_RSA_method, SHA512_CBLOCK, |
|
130 sizeof (T4_SHA512_CTX), NULL |
|
131 }; |
|
132 |
|
133 |
|
134 /* |
|
135 * SHA512 functions (part of FIPS 180-2 Secure Hash Standard) |
|
136 */ |
|
137 |
|
138 static int |
|
139 t4_digest_init_sha512(EVP_MD_CTX *ctx) |
|
140 { |
|
141 T4_SHA512_CTX *c = (T4_SHA512_CTX *)ctx->md_data; |
|
142 |
|
143 c->Nl = c->Nh = c->num = 0; |
|
144 c->h[0] = 0x6a09e667f3bcc908ULL; |
|
145 c->h[1] = 0xbb67ae8584caa73bULL; |
|
146 c->h[2] = 0x3c6ef372fe94f82bULL; |
|
147 c->h[3] = 0xa54ff53a5f1d36f1ULL; |
|
148 c->h[4] = 0x510e527fade682d1ULL; |
|
149 c->h[5] = 0x9b05688c2b3e6c1fULL; |
|
150 c->h[6] = 0x1f83d9abfb41bd6bULL; |
|
151 c->h[7] = 0x5be0cd19137e2179ULL; |
|
152 c->md_len = SHA512_DIGEST_LENGTH; |
|
153 |
|
154 return (1); |
|
155 } |
|
156 |
|
157 |
|
158 static int |
|
159 t4_digest_init_sha384(EVP_MD_CTX *ctx) |
|
160 { |
|
161 T4_SHA512_CTX *c = (T4_SHA512_CTX *)ctx->md_data; |
|
162 |
|
163 c->Nl = c->Nh = c->num = 0; |
|
164 c->h[0] = 0xcbbb9d5dc1059ed8ULL; |
|
165 c->h[1] = 0x629a292a367cd507ULL; |
|
166 c->h[2] = 0x9159015a3070dd17ULL; |
|
167 c->h[3] = 0x152fecd8f70e5939ULL; |
|
168 c->h[4] = 0x67332667ffc00b31ULL; |
|
169 c->h[5] = 0x8eb44a8768581511ULL; |
|
170 c->h[6] = 0xdb0c2e0d64f98fa7ULL; |
|
171 c->h[7] = 0x47b5481dbefa4fa4ULL; |
|
172 c->md_len = SHA384_DIGEST_LENGTH; |
|
173 |
|
174 return (1); |
|
175 } |
|
176 |
|
177 |
|
178 /* |
|
179 * Continue SHA512 or SHA384 digest operation, using the message block to |
|
180 * update context. |
|
181 * Modified from SHA512_Update() in OpenSSL crypto/sha/sha512.c. |
|
182 */ |
|
183 static int |
|
184 t4_digest_update_sha512(EVP_MD_CTX *ctx, const void *_data, size_t len) |
|
185 { |
|
186 T4_SHA512_CTX *c = (T4_SHA512_CTX *)ctx->md_data; |
|
187 SHA_LONG64 l; |
|
188 unsigned char *p = c->u.p; |
|
189 const unsigned char *data = (const unsigned char *)_data; |
|
190 |
|
191 if (len == 0) |
|
192 return (1); |
|
193 |
|
194 l = (c->Nl + (((SHA_LONG64)len) << 3)) & 0xffffffffffffffffULL; |
|
195 if (l < c->Nl) |
|
196 c->Nh++; |
|
197 if (sizeof (len) >= 8) { |
|
198 c->Nh += (((SHA_LONG64)len) >> 61); |
|
199 } |
|
200 c->Nl = l; |
|
201 |
|
202 if (c->num != 0) { |
|
203 size_t n = sizeof (c->u) - c->num; |
|
204 |
|
205 if (len < n) { |
|
206 memcpy(p + c->num, data, len); |
|
207 c->num += (unsigned int)len; |
|
208 return (1); |
|
209 } else { |
|
210 memcpy(p + c->num, data, n); |
|
211 c->num = 0; |
|
212 len -= n; |
|
213 data += n; |
|
214 t4_sha512_multiblock(c, p, 1); |
|
215 } |
|
216 } |
|
217 |
|
218 if (len >= sizeof (c->u)) { |
|
219 if ((size_t)data % sizeof (c->u.d[0]) != 0) { |
|
220 /* Align unaligned data one block-at-a-time */ |
|
221 while (len >= sizeof (c->u)) { |
|
222 memcpy(p, data, sizeof (c->u)); |
|
223 t4_sha512_multiblock(c, p, 1); |
|
224 len -= sizeof (c->u); |
|
225 data += sizeof (c->u); |
|
226 } |
|
227 } else { |
|
228 t4_sha512_multiblock(c, data, len / sizeof (c->u)); |
|
229 data += len; |
|
230 len %= sizeof (c->u); |
|
231 data -= len; |
|
232 } |
|
233 } |
|
234 |
|
235 if (len != 0) { |
|
236 memcpy(p, data, len); |
|
237 c->num = (int)len; |
|
238 } |
|
239 |
|
240 return (1); |
|
241 } |
|
242 |
|
243 |
|
244 /* |
|
245 * End SHA-512 or SHA-384 digest operation, finalizing message digest and |
|
246 * zeroing context. |
|
247 * Modified from SHA512_Final() in OpenSSL crypto/sha/sha512.c. |
|
248 */ |
|
249 static int |
|
250 t4_digest_final_sha512(EVP_MD_CTX *ctx, unsigned char *md) |
|
251 { |
|
252 T4_SHA512_CTX *c = (T4_SHA512_CTX *)ctx->md_data; |
|
253 unsigned char *p = (unsigned char *)c->u.p; |
|
254 size_t n = c->num; |
|
255 |
|
256 p[n] = 0x80; /* There always is a room for one */ |
|
257 n++; |
|
258 if (n > (sizeof (c->u) - 16)) { |
|
259 memset(p + n, 0, sizeof (c->u) - n); |
|
260 n = 0; |
|
261 t4_sha512_multiblock(c, p, 1); |
|
262 } |
|
263 |
|
264 memset(p+n, 0, sizeof (c->u) - 16 - n); |
|
265 c->u.d[SHA_LBLOCK - 2] = c->Nh; |
|
266 c->u.d[SHA_LBLOCK - 1] = c->Nl; |
|
267 |
|
268 t4_sha512_multiblock(c, p, 1); |
|
269 |
|
270 if (md == 0) |
|
271 return (0); |
|
272 |
|
273 switch (c->md_len) { |
|
274 /* Let compiler decide if it's appropriate to unroll... */ |
|
275 case SHA384_DIGEST_LENGTH: |
|
276 for (n = 0; n < SHA384_DIGEST_LENGTH / 8; n++) { |
|
277 SHA_LONG64 t = c->h[n]; |
|
278 |
|
279 *(md++) = (unsigned char)(t >> 56); |
|
280 *(md++) = (unsigned char)(t >> 48); |
|
281 *(md++) = (unsigned char)(t >> 40); |
|
282 *(md++) = (unsigned char)(t >> 32); |
|
283 *(md++) = (unsigned char)(t >> 24); |
|
284 *(md++) = (unsigned char)(t >> 16); |
|
285 *(md++) = (unsigned char)(t >> 8); |
|
286 *(md++) = (unsigned char)(t); |
|
287 } |
|
288 break; |
|
289 case SHA512_DIGEST_LENGTH: |
|
290 for (n = 0; n < SHA512_DIGEST_LENGTH / 8; n++) { |
|
291 SHA_LONG64 t = c->h[n]; |
|
292 |
|
293 *(md++) = (unsigned char)(t >> 56); |
|
294 *(md++) = (unsigned char)(t >> 48); |
|
295 *(md++) = (unsigned char)(t >> 40); |
|
296 *(md++) = (unsigned char)(t >> 32); |
|
297 *(md++) = (unsigned char)(t >> 24); |
|
298 *(md++) = (unsigned char)(t >> 16); |
|
299 *(md++) = (unsigned char)(t >> 8); |
|
300 *(md++) = (unsigned char)(t); |
|
301 } |
|
302 break; |
|
303 /* ... as well as make sure md_len is not abused. */ |
|
304 default: |
|
305 return (0); |
|
306 } |
|
307 |
|
308 return (1); |
|
309 } |
|
310 |
|
311 |
|
312 /* Required for Engine API */ |
|
313 static int |
|
314 t4_digest_copy_sha512(EVP_MD_CTX *to, const EVP_MD_CTX *from) |
|
315 { |
|
316 if ((to->md_data != NULL) && (from->md_data != NULL)) { |
|
317 (void) memcpy(to->md_data, from->md_data, |
|
318 sizeof (T4_SHA512_CTX)); |
|
319 } |
|
320 return (1); |
|
321 } |
|
322 |
|
323 #endif /* COMPILE_HW_T4 */ |
|
324 #endif /* !OPENSSL_NO_SHA && !OPENSSL_NO_SHA512 */ |
|
325 #endif /* !OPENSSL_NO_HW && !OPENSSL_NO_HW_MD_T4 */ |