1 /* |
|
2 * This product includes cryptographic software developed by the OpenSSL |
|
3 * Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This |
|
4 * product includes cryptographic software written by Eric Young |
|
5 * ([email protected]). |
|
6 */ |
|
7 |
|
8 /* |
|
9 * ==================================================================== |
|
10 * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. |
|
11 * |
|
12 * Redistribution and use in source and binary forms, with or without |
|
13 * modification, are permitted provided that the following conditions |
|
14 * are met: |
|
15 * |
|
16 * 1. Redistributions of source code must retain the above copyright |
|
17 * notice, this list of conditions and the following disclaimer. |
|
18 * |
|
19 * 2. Redistributions in binary form must reproduce the above copyright |
|
20 * notice, this list of conditions and the following disclaimer in |
|
21 * the documentation and/or other materials provided with the |
|
22 * distribution. |
|
23 * |
|
24 * 3. All advertising materials mentioning features or use of this |
|
25 * software must display the following acknowledgment: |
|
26 * "This product includes software developed by the OpenSSL Project |
|
27 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" |
|
28 * |
|
29 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|
30 * endorse or promote products derived from this software without |
|
31 * prior written permission. For written permission, please contact |
|
32 * [email protected]. |
|
33 * |
|
34 * 5. Products derived from this software may not be called "OpenSSL" |
|
35 * nor may "OpenSSL" appear in their names without prior written |
|
36 * permission of the OpenSSL Project. |
|
37 * |
|
38 * 6. Redistributions of any form whatsoever must retain the following |
|
39 * acknowledgment: |
|
40 * "This product includes software developed by the OpenSSL Project |
|
41 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" |
|
42 * |
|
43 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|
44 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
45 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
46 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|
47 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
48 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|
49 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|
50 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|
51 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|
52 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|
53 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|
54 * OF THE POSSIBILITY OF SUCH DAMAGE. |
|
55 * ==================================================================== |
|
56 */ |
|
57 |
|
58 /* |
|
59 * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. |
|
60 */ |
|
61 |
|
62 /* |
|
63 * This engine supports SPARC microprocessors that provide AES and other |
|
64 * cipher and hash instructions, such as the T4 microprocessor. |
|
65 * |
|
66 * This file implements the SHA-256 message digest operations. |
|
67 */ |
|
68 |
|
69 #include <openssl/opensslconf.h> |
|
70 |
|
71 #if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_MD_T4) |
|
72 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) |
|
73 #include <sys/types.h> |
|
74 #include <stdlib.h> |
|
75 #include <string.h> |
|
76 #include <errno.h> |
|
77 #include <openssl/engine.h> |
|
78 /* |
|
79 * Solaris sys/sha2.h and OpenSSL openssl/sha.h both define |
|
80 * SHA256_CTX, SHA512_CTX, SHA256, SHA384, and SHA512. |
|
81 * For SHA2, OpenSSL SHA256_CTX has extra num and md_len fields at |
|
82 * the end and Solaris SHA2_CTX has an extra algotype field at the beginning. |
|
83 */ |
|
84 #include "eng_t4_sha2_asm.h" |
|
85 |
|
86 #if (defined(sun4v) || defined(__sparcv9) || defined(__sparcv8plus) || \ |
|
87 defined(__sparcv8)) && !defined(OPENSSL_NO_ASM) |
|
88 #define COMPILE_HW_T4 |
|
89 #endif |
|
90 |
|
91 #ifdef COMPILE_HW_T4 |
|
92 |
|
93 /* Formal declaration for functions in EVP_MD structure */ |
|
94 static int t4_digest_init_sha256(EVP_MD_CTX *ctx); |
|
95 static int t4_digest_init_sha224(EVP_MD_CTX *ctx); |
|
96 static int t4_digest_update_sha256(EVP_MD_CTX *ctx, const void *data, |
|
97 size_t len); |
|
98 static int t4_digest_final_sha256(EVP_MD_CTX *ctx, unsigned char *md); |
|
99 static int t4_digest_copy_sha256(EVP_MD_CTX *to, const EVP_MD_CTX *from); |
|
100 |
|
101 |
|
102 /* |
|
103 * OpenSSL's libcrypto EVP stuff. This is how this engine gets wired to EVP. |
|
104 * EVP_MD is defined in evp.h. To maintain binary compatibility the |
|
105 * definition cannot be modified. |
|
106 * Stuff specific to the t4 engine is kept in t4_cipher_ctx_t, which is |
|
107 * pointed to by the last field, app_data. |
|
108 * |
|
109 * Fields: type, pkey_type, md_size, flags, |
|
110 * init(), update(), final(), |
|
111 * copy(), cleanup(), sign(), verify(), |
|
112 * required_pkey_type, block_size, ctx_size, md5_ctrl() |
|
113 */ |
|
114 const EVP_MD t4_sha256 = { |
|
115 NID_sha256, NID_sha256WithRSAEncryption, SHA256_DIGEST_LENGTH, |
|
116 EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, |
|
117 t4_digest_init_sha256, t4_digest_update_sha256, t4_digest_final_sha256, |
|
118 t4_digest_copy_sha256, NULL, |
|
119 EVP_PKEY_RSA_method, SHA256_CBLOCK, |
|
120 sizeof (T4_SHA256_CTX), NULL |
|
121 }; |
|
122 /* SHA-224 uses the same context, cblock size, & update function as SHA-256: */ |
|
123 const EVP_MD t4_sha224 = { |
|
124 NID_sha224, NID_sha224WithRSAEncryption, SHA224_DIGEST_LENGTH, |
|
125 EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, |
|
126 t4_digest_init_sha224, t4_digest_update_sha256, t4_digest_final_sha256, |
|
127 t4_digest_copy_sha256, NULL, |
|
128 EVP_PKEY_RSA_method, SHA256_CBLOCK, |
|
129 sizeof (T4_SHA256_CTX), NULL |
|
130 }; |
|
131 |
|
132 /* These functions are defined in md32_common.h: */ |
|
133 static int t4_sha256_update(T4_SHA256_CTX *c, const void *data_, size_t len); |
|
134 static void t4_sha256_transform(T4_SHA256_CTX *c, const unsigned char *data); |
|
135 static int t4_sha256_final(unsigned char *md, T4_SHA256_CTX *c); |
|
136 #pragma inline(t4_sha256_update, t4_sha256_transform, t4_sha256_final) |
|
137 |
|
138 #define DATA_ORDER_IS_BIG_ENDIAN |
|
139 /* HASH_LONG/SHA_LONG is unsigned int (32 bits): */ |
|
140 #define HASH_LONG SHA_LONG |
|
141 #define HASH_CTX T4_SHA256_CTX |
|
142 #define HASH_CBLOCK SHA_CBLOCK |
|
143 #define HASH_UPDATE t4_sha256_update |
|
144 #define HASH_TRANSFORM t4_sha256_transform |
|
145 #define HASH_FINAL t4_sha256_final |
|
146 #define HASH_BLOCK_DATA_ORDER t4_sha256_multiblock |
|
147 #define HASH_MAKE_STRING(c, s) \ |
|
148 do { \ |
|
149 unsigned int ll, nn; \ |
|
150 switch ((c)->md_len) { \ |
|
151 case SHA256_DIGEST_LENGTH: \ |
|
152 for (nn = 0; nn < SHA256_DIGEST_LENGTH / 4; nn++) { \ |
|
153 ll = (c)->h[nn]; HOST_l2c(ll, (s)); } \ |
|
154 break; \ |
|
155 case SHA224_DIGEST_LENGTH: \ |
|
156 for (nn = 0; nn < SHA224_DIGEST_LENGTH / 4; nn++) { \ |
|
157 ll = (c)->h[nn]; HOST_l2c(ll, (s)); } \ |
|
158 break; \ |
|
159 default: \ |
|
160 if ((c)->md_len > SHA256_DIGEST_LENGTH) \ |
|
161 return (0); \ |
|
162 for (nn = 0; nn < (c)->md_len / 4; nn++) { \ |
|
163 ll = (c)->h[nn]; HOST_l2c(ll, (s)); } \ |
|
164 break; \ |
|
165 } \ |
|
166 } while (0) |
|
167 |
|
168 /* This defines HASH_UPDATE, HASH_TRANSFORM, HASH_FINAL functions: */ |
|
169 #include "md32_common.h" |
|
170 |
|
171 |
|
172 /* |
|
173 * SHA256 functions (part of FIPS 180-2 Secure Hash Standard) |
|
174 */ |
|
175 |
|
176 static int |
|
177 t4_digest_init_sha256(EVP_MD_CTX *ctx) |
|
178 { |
|
179 T4_SHA256_CTX *c = (T4_SHA256_CTX *)ctx->md_data; |
|
180 |
|
181 /* Optimization: don't call memset(c, 0,...) or initialize c->data[] */ |
|
182 c->Nl = c->Nh = c->num = 0; |
|
183 c->h[0] = 0x6a09e667U; |
|
184 c->h[1] = 0xbb67ae85U; |
|
185 c->h[2] = 0x3c6ef372U; |
|
186 c->h[3] = 0xa54ff53aU; |
|
187 c->h[4] = 0x510e527fU; |
|
188 c->h[5] = 0x9b05688cU; |
|
189 c->h[6] = 0x1f83d9abU; |
|
190 c->h[7] = 0x5be0cd19U; |
|
191 c->md_len = SHA256_DIGEST_LENGTH; |
|
192 return (1); |
|
193 } |
|
194 |
|
195 |
|
196 static int |
|
197 t4_digest_init_sha224(EVP_MD_CTX *ctx) |
|
198 { |
|
199 T4_SHA256_CTX *c = (T4_SHA256_CTX *)ctx->md_data; |
|
200 |
|
201 /* Optimization: don't call memset(c, 0,...) or initialize c->data[] */ |
|
202 c->Nl = c->Nh = c->num = 0; |
|
203 c->h[0] = 0xc1059ed8UL; |
|
204 c->h[1] = 0x367cd507UL; |
|
205 c->h[2] = 0x3070dd17UL; |
|
206 c->h[3] = 0xf70e5939UL; |
|
207 c->h[4] = 0xffc00b31UL; |
|
208 c->h[5] = 0x68581511UL; |
|
209 c->h[6] = 0x64f98fa7UL; |
|
210 c->h[7] = 0xbefa4fa4UL; |
|
211 c->md_len = SHA224_DIGEST_LENGTH; |
|
212 return (1); |
|
213 } |
|
214 |
|
215 /* Continue SHA256 digest operation, using message block to update context. */ |
|
216 static int |
|
217 t4_digest_update_sha256(EVP_MD_CTX *ctx, const void *data, size_t len) |
|
218 { |
|
219 T4_SHA256_CTX *sha256_ctx = (T4_SHA256_CTX *)ctx->md_data; |
|
220 |
|
221 return (t4_sha256_update((T4_SHA256_CTX *)ctx->md_data, data, len)); |
|
222 } |
|
223 |
|
224 /* End SHA256 digest operation, finalizing message digest and zeroing context */ |
|
225 static int |
|
226 t4_digest_final_sha256(EVP_MD_CTX *ctx, unsigned char *md) |
|
227 { |
|
228 T4_SHA256_CTX *sha256_ctx = (T4_SHA256_CTX *)ctx->md_data; |
|
229 |
|
230 return (t4_sha256_final(md, (T4_SHA256_CTX *)ctx->md_data)); |
|
231 } |
|
232 |
|
233 /* Required for Engine API */ |
|
234 static int |
|
235 t4_digest_copy_sha256(EVP_MD_CTX *to, const EVP_MD_CTX *from) |
|
236 { |
|
237 if ((to->md_data != NULL) && (from->md_data != NULL)) { |
|
238 (void) memcpy(to->md_data, from->md_data, |
|
239 sizeof (T4_SHA256_CTX)); |
|
240 } |
|
241 return (1); |
|
242 } |
|
243 |
|
244 #endif /* COMPILE_HW_T4 */ |
|
245 #endif /* !OPENSSL_NO_SHA && !OPENSSL_NO_SHA256 */ |
|
246 #endif /* !OPENSSL_NO_HW && !OPENSSL_NO_HW_MD_T4 */ |
|