diff options
Diffstat (limited to 'lib/libmd')
35 files changed, 4058 insertions, 3569 deletions
diff --git a/lib/libmd/Makefile b/lib/libmd/Makefile index c98c33bae3f5..c4ab767c8b2f 100644 --- a/lib/libmd/Makefile +++ b/lib/libmd/Makefile @@ -1,5 +1,3 @@ -# $FreeBSD$ - SHLIBDIR?= /lib .include <src.opts.mk> @@ -7,13 +5,13 @@ SHLIBDIR?= /lib PACKAGE= runtime LIB= md -SHLIB_MAJOR= 6 +SHLIB_MAJOR= 7 SRCS= md4c.c md5c.c md4hl.c md5hl.c \ rmd160c.c rmd160hl.c \ sha0c.c sha0hl.c sha1c.c sha1hl.c \ sha224hl.c sha256c.c sha256hl.c \ sha384hl.c \ - sha512c.c sha512hl.c sha512thl.c \ + sha512c.c sha512hl.c sha512t224hl.c sha512t256hl.c \ skein.c skein_block.c \ skein256hl.c skein512hl.c skein1024hl.c INCS= md4.h md5.h ripemd.h sha.h sha224.h sha256.h sha384.h sha512.h \ @@ -21,6 +19,9 @@ INCS= md4.h md5.h ripemd.h sha.h sha224.h sha256.h sha384.h sha512.h \ WARNS?= 0 +VERSION_DEF= ${SRCTOP}/lib/libc/Versions.def +SYMBOL_MAPS= ${.CURDIR}/Symbol.map + MAN+= md4.3 md5.3 ripemd.3 sha.3 sha256.3 sha512.3 skein.3 MLINKS+=md4.3 MD4Init.3 md4.3 MD4Update.3 md4.3 MD4Final.3 MLINKS+=md4.3 MD4End.3 md4.3 MD4File.3 md4.3 MD4FileChunk.3 @@ -54,6 +55,10 @@ MLINKS+=sha512.3 SHA512_Init.3 sha512.3 SHA512_Update.3 MLINKS+=sha512.3 SHA512_Final.3 sha512.3 SHA512_End.3 MLINKS+=sha512.3 SHA512_File.3 sha512.3 SHA512_FileChunk.3 MLINKS+=sha512.3 SHA512_Data.3 +MLINKS+=sha512.3 SHA512_224_Init.3 sha512.3 SHA512_224_Update.3 +MLINKS+=sha512.3 SHA512_224_Final.3 sha512.3 SHA512_224_End.3 +MLINKS+=sha512.3 SHA512_224_File.3 sha512.3 SHA512_224_FileChunk.3 +MLINKS+=sha512.3 SHA512_224_Data.3 MLINKS+=sha512.3 SHA512_256_Init.3 sha512.3 SHA512_256_Update.3 MLINKS+=sha512.3 SHA512_256_Final.3 sha512.3 SHA512_256_End.3 MLINKS+=sha512.3 SHA512_256_File.3 sha512.3 SHA512_256_FileChunk.3 @@ -76,7 +81,9 @@ CLEANFILES+= md[245]hl.c md[245].ref md[245].3 mddriver \ sha0.ref sha0hl.c sha1.ref sha1hl.c shadriver \ sha224.ref sha256.ref sha224hl.c sha256hl.c \ sha384hl.c sha384.ref \ - sha512.ref sha512hl.c sha512t256.ref sha512thl.c \ + sha512.ref sha512hl.c \ + sha512t224.ref sha512t224hl.c \ + sha512t256.ref sha512t256hl.c \ skein256hl.c skein512hl.c skein1024hl.c \ skein256.ref skein512.ref skein1024.ref \ skeindriver @@ -101,17 +108,28 @@ CFLAGS+= -DWEAK_REFS CFLAGS.skein_block.c+= -DSKEIN_LOOP=995 .PATH: ${.CURDIR}/${MACHINE_ARCH} ${SRCTOP}/sys/crypto/sha2 .PATH: ${SRCTOP}/sys/crypto/skein ${SRCTOP}/sys/crypto/skein/${MACHINE_ARCH} +.PATH: ${SRCTOP}/sys/crypto USE_ASM_SOURCES?=1 -.if defined(BOOTSTRAPPING) +.if defined(BOOTSTRAPPING) || ${MK_MACHDEP_OPTIMIZATIONS} == no # Don't build ASM sources when bootstrapping to avoid toolchain dependencies USE_ASM_SOURCES:=0 .endif .if ${USE_ASM_SOURCES} != 0 -.if exists(${MACHINE_ARCH}/sha.S) -SRCS+= sha.S +.if exists(${MACHINE_ARCH}/md5block.S) +SRCS+= md5block.S +CFLAGS+= -DMD5_ASM +.if exists(${MACHINE_ARCH}/md5dispatch.c) +SRCS+= md5dispatch.c +.endif +.endif +.if exists(${MACHINE_ARCH}/sha1block.S) +SRCS+= sha1block.S CFLAGS+= -DSHA1_ASM +.if exists(${MACHINE_ARCH}/sha1dispatch.c) +SRCS+= sha1dispatch.c +.endif .endif .if exists(${MACHINE_ARCH}/rmd160.S) SRCS+= rmd160.S @@ -127,7 +145,7 @@ CFLAGS+= -DSKEIN_ASM -DSKEIN_USE_ASM=1792 # list of block functions to replace w # the assembly vs C versions, and skein_block needs to be rebuilt if it changes. skein_block.o skein_block.pico: Makefile .endif -.if exists(${MACHINE_ARCH}/sha.S) || exists(${MACHINE_ARCH}/rmd160.S) || exists(${MACHINE_ARCH}/skein_block_asm.S) +.if exists(${MACHINE_ARCH}/rmd160.S) || exists(${MACHINE_ARCH}/skein_block_asm.S) ACFLAGS+= -DELF -Wa,--noexecstack .endif .if ${MACHINE_CPUARCH} == "aarch64" @@ -184,7 +202,14 @@ sha512hl.c: mdXhl.c -e 's/SHA512__/SHA512_/g' \ ${.ALLSRC}) > ${.TARGET} -sha512thl.c: mdXhl.c +sha512t224hl.c: mdXhl.c + (echo '#define LENGTH 28'; \ + sed -e 's/mdX/sha512t/g' -e 's/MDX/SHA512_224_/g' \ + -e 's/SHA512_224__/SHA512_224_/g' \ + -e 's/SHA512_224_CTX/SHA512_CTX/g' \ + ${.ALLSRC}) > ${.TARGET} + +sha512t256hl.c: mdXhl.c (echo '#define LENGTH 32'; \ sed -e 's/mdX/sha512t/g' -e 's/MDX/SHA512_256_/g' \ -e 's/SHA512_256__/SHA512_256_/g' \ @@ -222,229 +247,7 @@ md${i}.3: ${.CURDIR}/mdX.3 cat ${.CURDIR}/md${i}.copyright >> ${.TARGET} .endfor -md4.ref: - echo 'MD4 test suite:' > ${.TARGET} - @echo 'MD4 ("") = 31d6cfe0d16ae931b73c59d7e0c089c0' >> ${.TARGET} - @echo 'MD4 ("a") = bde52cb31de33e46245e05fbdbd6fb24' >> ${.TARGET} - @echo 'MD4 ("abc") = a448017aaf21d8525fc10ae87aa6729d' >> ${.TARGET} - @echo 'MD4 ("message digest") = d9130a8164549fe818874806e1c7014b' >> ${.TARGET} - @echo 'MD4 ("abcdefghijklmnopqrstuvwxyz") = d79e1c308aa5bbcdeea8ed63df412da9' >> ${.TARGET} - @echo 'MD4 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ - '043f8582f241db351ce627e153e7f0e4' >> ${.TARGET} - @echo 'MD4 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ - 'e33b4ddc9c38f2199c3e7b164fcc0536' >> ${.TARGET} - -md5.ref: - echo 'MD5 test suite:' > ${.TARGET} - @echo 'MD5 ("") = d41d8cd98f00b204e9800998ecf8427e' >> ${.TARGET} - @echo 'MD5 ("a") = 0cc175b9c0f1b6a831c399e269772661' >> ${.TARGET} - @echo 'MD5 ("abc") = 900150983cd24fb0d6963f7d28e17f72' >> ${.TARGET} - @echo 'MD5 ("message digest") = f96b697d7cb7938d525a2f31aaf161d0' >> ${.TARGET} - @echo 'MD5 ("abcdefghijklmnopqrstuvwxyz") = c3fcd3d76192e4007dfb496cca67e13b' >> ${.TARGET} - @echo 'MD5 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = d174ab98d277d9f5a5611c2c9f419d9f' >> ${.TARGET} - @echo 'MD5 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") = 57edf4a22be3c955ac49da2e2107b67a' >> ${.TARGET} - -sha0.ref: - echo 'SHA-0 test suite:' > ${.TARGET} - @echo 'SHA-0 ("") = f96cea198ad1dd5617ac084a3d92c6107708c0ef' >> ${.TARGET} - @echo 'SHA-0 ("abc") = 0164b8a914cd2a5e74c4f7ff082c4d97f1edf880' >> ${.TARGET} - @echo 'SHA-0 ("message digest") =' \ - 'c1b0f222d150ebb9aa36a40cafdc8bcbed830b14' >> ${.TARGET} - @echo 'SHA-0 ("abcdefghijklmnopqrstuvwxyz") =' \ - 'b40ce07a430cfd3c033039b9fe9afec95dc1bdcd' >> ${.TARGET} - @echo 'SHA-0 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ - '79e966f7a3a990df33e40e3d7f8f18d2caebadfa' >> ${.TARGET} - @echo 'SHA-0 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ - '4aa29d14d171522ece47bee8957e35a41f3e9cff' >> ${.TARGET} - -sha1.ref: - echo 'SHA-1 test suite:' > ${.TARGET} - @echo 'SHA-1 ("") = da39a3ee5e6b4b0d3255bfef95601890afd80709' >> ${.TARGET} - @echo 'SHA-1 ("abc") = a9993e364706816aba3e25717850c26c9cd0d89d' >> ${.TARGET} - @echo 'SHA-1 ("message digest") =' \ - 'c12252ceda8be8994d5fa0290a47231c1d16aae3' >> ${.TARGET} - @echo 'SHA-1 ("abcdefghijklmnopqrstuvwxyz") =' \ - '32d10c7b8cf96570ca04ce37f2a19d84240d3a89' >> ${.TARGET} - @echo 'SHA-1 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ - '761c457bf73b14d27e9e9265c46f4b4dda11f940' >> ${.TARGET} - @echo 'SHA-1 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ - '50abf5706a150990a08b2c5ea40fa0e585554732' >> ${.TARGET} - -sha224.ref: - echo 'SHA-224 test suite:' > ${.TARGET} - @echo 'SHA-224 ("") = d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f' >> ${.TARGET} - @echo 'SHA-224 ("abc") =' \ - '23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7' >> ${.TARGET} - @echo 'SHA-224 ("message digest") =' \ - '2cb21c83ae2f004de7e81c3c7019cbcb65b71ab656b22d6d0c39b8eb' >> ${.TARGET} - @echo 'SHA-224 ("abcdefghijklmnopqrstuvwxyz") =' \ - '45a5f72c39c5cff2522eb3429799e49e5f44b356ef926bcf390dccc2' >> ${.TARGET} - @echo 'SHA-224 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ - 'bff72b4fcb7d75e5632900ac5f90d219e05e97a7bde72e740db393d9' >> ${.TARGET} - @echo 'SHA-224 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ - 'b50aecbe4e9bb0b57bc5f3ae760a8e01db24f203fb3cdcd13148046e' >> ${.TARGET} - -sha256.ref: - echo 'SHA-256 test suite:' > ${.TARGET} - @echo 'SHA-256 ("") = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855' >> ${.TARGET} - @echo 'SHA-256 ("abc") =' \ - 'ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad' >> ${.TARGET} - @echo 'SHA-256 ("message digest") =' \ - 'f7846f55cf23e14eebeab5b4e1550cad5b509e3348fbc4efa3a1413d393cb650' >> ${.TARGET} - @echo 'SHA-256 ("abcdefghijklmnopqrstuvwxyz") =' \ - '71c480df93d6ae2f1efad1447c66c9525e316218cf51fc8d9ed832f2daf18b73' >> ${.TARGET} - @echo 'SHA-256 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ - 'db4bfcbd4da0cd85a60c3c37d3fbd8805c77f15fc6b1fdfe614ee0a7c8fdb4c0' >> ${.TARGET} - @echo 'SHA-256 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ - 'f371bc4a311f2b009eef952dd83ca80e2b60026c8e935592d0f9c308453c813e' >> ${.TARGET} - -sha384.ref: - echo 'SHA-384 test suite:' > ${.TARGET} - @echo 'SHA-384 ("") =' \ - '38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b' >> ${.TARGET} - @echo 'SHA-384 ("abc") =' \ - 'cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7' >> ${.TARGET} - @echo 'SHA-384 ("message digest") =' \ - '473ed35167ec1f5d8e550368a3db39be54639f828868e9454c239fc8b52e3c61dbd0d8b4de1390c256dcbb5d5fd99cd5' >> ${.TARGET} - @echo 'SHA-384 ("abcdefghijklmnopqrstuvwxyz") =' \ - 'feb67349df3db6f5924815d6c3dc133f091809213731fe5c7b5f4999e463479ff2877f5f2936fa63bb43784b12f3ebb4' >> ${.TARGET} - @echo 'SHA-384 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ - '1761336e3f7cbfe51deb137f026f89e01a448e3b1fafa64039c1464ee8732f11a5341a6f41e0c202294736ed64db1a84' >> ${.TARGET} - @echo 'SHA-384 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ - 'b12932b0627d1c060942f5447764155655bd4da0c9afa6dd9b9ef53129af1b8fb0195996d2de9ca0df9d821ffee67026' >> ${.TARGET} - -sha512.ref: - echo 'SHA-512 test suite:' > ${.TARGET} - @echo 'SHA-512 ("") =' \ - 'cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e' >> ${.TARGET} - @echo 'SHA-512 ("abc") =' \ - 'ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f' >> ${.TARGET} - @echo 'SHA-512 ("message digest") =' \ - '107dbf389d9e9f71a3a95f6c055b9251bc5268c2be16d6c13492ea45b0199f3309e16455ab1e96118e8a905d5597b72038ddb372a89826046de66687bb420e7c' >> ${.TARGET} - @echo 'SHA-512 ("abcdefghijklmnopqrstuvwxyz") =' \ - '4dbff86cc2ca1bae1e16468a05cb9881c97f1753bce3619034898faa1aabe429955a1bf8ec483d7421fe3c1646613a59ed5441fb0f321389f77f48a879c7b1f1' >> ${.TARGET} - @echo 'SHA-512 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ - '1e07be23c26a86ea37ea810c8ec7809352515a970e9253c26f536cfc7a9996c45c8370583e0a78fa4a90041d71a4ceab7423f19c71b9d5a3e01249f0bebd5894' >> ${.TARGET} - @echo 'SHA-512 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ - '72ec1ef1124a45b047e8b7c75a932195135bb61de24ec0d1914042246e0aec3a2354e093d76f3048b456764346900cb130d2a4fd5dd16abb5e30bcb850dee843' >> ${.TARGET} - -sha512t256.ref: - echo 'SHA-512256 test suite:' > ${.TARGET} - @echo 'SHA-512256 ("") =' \ - 'c672b8d1ef56ed28ab87c3622c5114069bdd3ad7b8f9737498d0c01ecef0967a' >> ${.TARGET} - @echo 'SHA-512256 ("abc") =' \ - '53048e2681941ef99b2e29b76b4c7dabe4c2d0c634fc6d46e0e2f13107e7af23' >> ${.TARGET} - @echo 'SHA-512256 ("message digest") =' \ - '0cf471fd17ed69d990daf3433c89b16d63dec1bb9cb42a6094604ee5d7b4e9fb' >> ${.TARGET} - @echo 'SHA-512256 ("abcdefghijklmnopqrstuvwxyz") =' \ - 'fc3189443f9c268f626aea08a756abe7b726b05f701cb08222312ccfd6710a26' >> ${.TARGET} - @echo 'SHA-512256 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ - 'cdf1cc0effe26ecc0c13758f7b4a48e000615df241284185c39eb05d355bb9c8' >> ${.TARGET} - @echo 'SHA-512256 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ - '2c9fdbc0c90bdd87612ee8455474f9044850241dc105b1e8b94b8ddf5fac9148' >> ${.TARGET} - -rmd160.ref: - echo 'RIPEMD160 test suite:' > ${.TARGET} - @echo 'RIPEMD160 ("") = 9c1185a5c5e9fc54612808977ee8f548b2258d31' >> ${.TARGET} - @echo 'RIPEMD160 ("abc") = 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc' >> ${.TARGET} - @echo 'RIPEMD160 ("message digest") =' \ - '5d0689ef49d2fae572b881b123a85ffa21595f36' >> ${.TARGET} - @echo 'RIPEMD160 ("abcdefghijklmnopqrstuvwxyz") =' \ - 'f71c27109c692c1b56bbdceb5b9d2865b3708dbc' >> ${.TARGET} - @echo 'RIPEMD160 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ - 'b0e20b6e3116640286ed3a87a5713079b21f5189' >> ${.TARGET} - @echo 'RIPEMD160 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ - '9b752e45573d4b39f4dbd3323cab82bf63326bfb' >> ${.TARGET} - -skein256.ref: - echo 'SKEIN256 test suite:' > ${.TARGET} - @echo 'SKEIN256 ("") = c8877087da56e072870daa843f176e9453115929094c3a40c463a196c29bf7ba' >> ${.TARGET} - @echo 'SKEIN256 ("abc") = 258bdec343b9fde1639221a5ae0144a96e552e5288753c5fec76c05fc2fc1870' >> ${.TARGET} - @echo 'SKEIN256 ("message digest") =' \ - '4d2ce0062b5eb3a4db95bc1117dd8aa014f6cd50fdc8e64f31f7d41f9231e488' >> ${.TARGET} - @echo 'SKEIN256 ("abcdefghijklmnopqrstuvwxyz") =' \ - '46d8440685461b00e3ddb891b2ecc6855287d2bd8834a95fb1c1708b00ea5e82' >> ${.TARGET} - @echo 'SKEIN256 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ - '7c5eb606389556b33d34eb2536459528dc0af97adbcd0ce273aeb650f598d4b2' >> ${.TARGET} - @echo 'SKEIN256 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ - '4def7a7e5464a140ae9c3a80279fbebce4bd00f9faad819ab7e001512f67a10d' >> ${.TARGET} - -skein512.ref: - echo 'SKEIN512 test suite:' > ${.TARGET} - @echo 'SKEIN512 ("") =' \ - 'bc5b4c50925519c290cc634277ae3d6257212395cba733bbad37a4af0fa06af41fca7903d06564fea7a2d3730dbdb80c1f85562dfcc070334ea4d1d9e72cba7a' >> ${.TARGET} - @echo 'SKEIN512 ("abc") =' \ - '8f5dd9ec798152668e35129496b029a960c9a9b88662f7f9482f110b31f9f93893ecfb25c009baad9e46737197d5630379816a886aa05526d3a70df272d96e75' >> ${.TARGET} - @echo 'SKEIN512 ("message digest") =' \ - '15b73c158ffb875fed4d72801ded0794c720b121c0c78edf45f900937e6933d9e21a3a984206933d504b5dbb2368000411477ee1b204c986068df77886542fcc' >> ${.TARGET} - @echo 'SKEIN512 ("abcdefghijklmnopqrstuvwxyz") =' \ - '23793ad900ef12f9165c8080da6fdfd2c8354a2929b8aadf83aa82a3c6470342f57cf8c035ec0d97429b626c4d94f28632c8f5134fd367dca5cf293d2ec13f8c' >> ${.TARGET} - @echo 'SKEIN512 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ - '0c6bed927e022f5ddcf81877d42e5f75798a9f8fd3ede3d83baac0a2f364b082e036c11af35fe478745459dd8f5c0b73efe3c56ba5bb2009208d5a29cc6e469c' >> ${.TARGET} - @echo 'SKEIN512 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ - '2ca9fcffb3456f297d1b5f407014ecb856f0baac8eb540f534b1f187196f21e88f31103128c2f03fcc9857d7a58eb66f9525e2302d88833ee069295537a434ce' >> ${.TARGET} - -skein1024.ref: - echo 'SKEIN1024 test suite:' > ${.TARGET} - @echo 'SKEIN1024 ("") =' \ - '0fff9563bb3279289227ac77d319b6fff8d7e9f09da1247b72a0a265cd6d2a62645ad547ed8193db48cff847c06494a03f55666d3b47eb4c20456c9373c86297d630d5578ebd34cb40991578f9f52b18003efa35d3da6553ff35db91b81ab890bec1b189b7f52cb2a783ebb7d823d725b0b4a71f6824e88f68f982eefc6d19c6' >> ${.TARGET} - @echo 'SKEIN1024 ("abc") =' \ - '35a599a0f91abcdb4cb73c19b8cb8d947742d82c309137a7caed29e8e0a2ca7a9ff9a90c34c1908cc7e7fd99bb15032fb86e76df21b72628399b5f7c3cc209d7bb31c99cd4e19465622a049afbb87c03b5ce3888d17e6e667279ec0aa9b3e2712624c01b5f5bbe1a564220bdcf6990af0c2539019f313fdd7406cca3892a1f1f' >> ${.TARGET} - @echo 'SKEIN1024 ("message digest") =' \ - 'ea891f5268acd0fac97467fc1aa89d1ce8681a9992a42540e53babee861483110c2d16f49e73bac27653ff173003e40cfb08516cd34262e6af95a5d8645c9c1abb3e813604d508b8511b30f9a5c1b352aa0791c7d2f27b2706dccea54bc7de6555b5202351751c3299f97c09cf89c40f67187e2521c0fad82b30edbb224f0458' >> ${.TARGET} - @echo 'SKEIN1024 ("abcdefghijklmnopqrstuvwxyz") =' \ - 'f23d95c2a25fbcd0e797cd058fec39d3c52d2b5afd7a9af1df934e63257d1d3dcf3246e7329c0f1104c1e51e3d22e300507b0c3b9f985bb1f645ef49835080536becf83788e17fed09c9982ba65c3cb7ffe6a5f745b911c506962adf226e435c42f6f6bc08d288f9c810e807e3216ef444f3db22744441deefa4900982a1371f' >> ${.TARGET} - @echo 'SKEIN1024 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ - 'cf3889e8a8d11bfd3938055d7d061437962bc5eac8ae83b1b71c94be201b8cf657fdbfc38674997a008c0c903f56a23feb3ae30e012377f1cfa080a9ca7fe8b96138662653fb3335c7d06595bf8baf65e215307532094cfdfa056bd8052ab792a3944a2adaa47b30335b8badb8fe9eb94fe329cdca04e58bbc530f0af709f469' >> ${.TARGET} - @echo 'SKEIN1024 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ - 'cf21a613620e6c119eca31fdfaad449a8e02f95ca256c21d2a105f8e4157048f9fe1e897893ea18b64e0e37cb07d5ac947f27ba544caf7cbc1ad094e675aed77a366270f7eb7f46543bccfa61c526fd628408058ed00ed566ac35a9761d002e629c4fb0d430b2f4ad016fcc49c44d2981c4002da0eecc42144160e2eaea4855a' >> ${.TARGET} - -test: md4.ref md5.ref sha0.ref rmd160.ref sha1.ref sha224.ref sha256.ref sha384.ref \ - sha512.ref sha512t256.ref skein256.ref skein512.ref skein1024.ref - @${ECHO} if any of these test fail, the code produces wrong results - @${ECHO} and should NOT be used. - ${CC} ${CFLAGS} ${LDFLAGS} -DMD=4 -o mddriver ${.CURDIR}/mddriver.c libmd.a - ./mddriver | cmp md4.ref - - @${ECHO} MD4 passed test - ${CC} ${CFLAGS} ${LDFLAGS} -DMD=5 -o mddriver ${.CURDIR}/mddriver.c libmd.a - ./mddriver | cmp md5.ref - - @${ECHO} MD5 passed test - -rm -f mddriver - ${CC} ${CFLAGS} ${LDFLAGS} -o rmddriver ${.CURDIR}/rmddriver.c libmd.a - ./rmddriver | cmp rmd160.ref - - @${ECHO} RIPEMD160 passed test - -rm -f rmddriver - ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=0 -o shadriver ${.CURDIR}/shadriver.c libmd.a - ./shadriver | cmp sha0.ref - - @${ECHO} SHA-0 passed test - ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=1 -o shadriver ${.CURDIR}/shadriver.c libmd.a - ./shadriver | cmp sha1.ref - - @${ECHO} SHA-1 passed test - ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=224 -o shadriver ${.CURDIR}/shadriver.c libmd.a - ./shadriver | cmp sha224.ref - - @${ECHO} SHA-224 passed test - ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=256 -o shadriver ${.CURDIR}/shadriver.c libmd.a - ./shadriver | cmp sha256.ref - - @${ECHO} SHA-256 passed test - ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=384 -o shadriver ${.CURDIR}/shadriver.c libmd.a - ./shadriver | cmp sha384.ref - - @${ECHO} SHA-384 passed test - ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=512 -o shadriver ${.CURDIR}/shadriver.c libmd.a - ./shadriver | cmp sha512.ref - - @${ECHO} SHA-512 passed test - ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=512256 -o shadriver ${.CURDIR}/shadriver.c libmd.a - ./shadriver | cmp sha512t256.ref - - @${ECHO} SHA-512t256 passed test - -rm -f shadriver - ${CC} ${CFLAGS} ${LDFLAGS} -DSKEIN=256 -o skeindriver ${.CURDIR}/skeindriver.c libmd.a - ./skeindriver | cmp skein256.ref - - @${ECHO} SKEIN256 passed test - ${CC} ${CFLAGS} ${LDFLAGS} -DSKEIN=512 -o skeindriver ${.CURDIR}/skeindriver.c libmd.a - ./skeindriver | cmp skein512.ref - - @${ECHO} SKEIN512 passed test - ${CC} ${CFLAGS} ${LDFLAGS} -DSKEIN=1024 -o skeindriver ${.CURDIR}/skeindriver.c libmd.a - ./skeindriver | cmp skein1024.ref - - @${ECHO} SKEIN1024 passed test - -rm -f skeindriver +HAS_TESTS= +SUBDIR.${MK_TESTS}+= tests .include <bsd.lib.mk> diff --git a/lib/libmd/Makefile.depend b/lib/libmd/Makefile.depend index 8d409f5263ac..6ef78fac5cbf 100644 --- a/lib/libmd/Makefile.depend +++ b/lib/libmd/Makefile.depend @@ -1,4 +1,3 @@ -# $FreeBSD$ # Autogenerated - do NOT edit! DIRDEPS = \ diff --git a/lib/libmd/Symbol.map b/lib/libmd/Symbol.map new file mode 100644 index 000000000000..c3ea3a43968f --- /dev/null +++ b/lib/libmd/Symbol.map @@ -0,0 +1,256 @@ +FBSD_1.8 { + MD4Data; + MD4End; + MD4Fd; + MD4FdChunk; + MD4File; + MD4FileChunk; + MD4Final; + MD4Init; + MD4Pad; + MD4Update; + MD5Data; + MD5End; + MD5Fd; + MD5FdChunk; + MD5File; + MD5FileChunk; + MD5Final; + MD5Init; + MD5Update; + RIPEMD160_Data; + RIPEMD160_End; + RIPEMD160_Fd; + RIPEMD160_FdChunk; + RIPEMD160_File; + RIPEMD160_FileChunk; + RIPEMD160_Final; + RIPEMD160_Init; + RIPEMD160_Update; + SHA1_Data; + SHA1_End; + SHA1_Fd; + SHA1_FdChunk; + SHA1_File; + SHA1_FileChunk; + SHA1_Final; + SHA1_Init; + SHA1_Update; + SHA224_Data; + SHA224_End; + SHA224_Fd; + SHA224_FdChunk; + SHA224_File; + SHA224_FileChunk; + SHA224_Final; + SHA224_Init; + SHA224_Update; + SHA256_Data; + SHA256_End; + SHA256_Fd; + SHA256_FdChunk; + SHA256_File; + SHA256_FileChunk; + SHA256_Final; + SHA256_Init; + SHA256_Update; + SHA384_Data; + SHA384_End; + SHA384_Fd; + SHA384_FdChunk; + SHA384_File; + SHA384_FileChunk; + SHA384_Final; + SHA384_Init; + SHA384_Update; + SHA512_224_Data; + SHA512_224_End; + SHA512_224_Fd; + SHA512_224_FdChunk; + SHA512_224_File; + SHA512_224_FileChunk; + SHA512_224_Final; + SHA512_224_Init; + SHA512_224_Update; + SHA512_256_Data; + SHA512_256_End; + SHA512_256_Fd; + SHA512_256_FdChunk; + SHA512_256_File; + SHA512_256_FileChunk; + SHA512_256_Final; + SHA512_256_Init; + SHA512_256_Update; + SHA512_Data; + SHA512_End; + SHA512_Fd; + SHA512_FdChunk; + SHA512_File; + SHA512_FileChunk; + SHA512_Final; + SHA512_Init; + SHA512_Update; + SHA_Data; + SHA_End; + SHA_Fd; + SHA_FdChunk; + SHA_File; + SHA_FileChunk; + SKEIN1024_Data; + SKEIN1024_End; + SKEIN1024_Fd; + SKEIN1024_FdChunk; + SKEIN1024_File; + SKEIN1024_FileChunk; + SKEIN1024_Final; + SKEIN1024_Init; + SKEIN1024_Update; + SKEIN256_Data; + SKEIN256_End; + SKEIN256_Fd; + SKEIN256_FdChunk; + SKEIN256_File; + SKEIN256_FileChunk; + SKEIN256_Final; + SKEIN256_Init; + SKEIN256_Update; + SKEIN512_Data; + SKEIN512_End; + SKEIN512_Fd; + SKEIN512_FdChunk; + SKEIN512_File; + SKEIN512_FileChunk; + SKEIN512_Final; + SKEIN512_Init; + SKEIN512_Update; +}; + +FBSDprivate_1.0 { + _libmd_MD4Data; + _libmd_MD4End; + _libmd_MD4Fd; + _libmd_MD4FdChunk; + _libmd_MD4File; + _libmd_MD4FileChunk; + _libmd_MD4Final; + _libmd_MD4Init; + _libmd_MD4Pad; + _libmd_MD4Update; + _libmd_MD5Data; + _libmd_MD5End; + _libmd_MD5Fd; + _libmd_MD5FdChunk; + _libmd_MD5File; + _libmd_MD5FileChunk; + _libmd_MD5Final; + _libmd_MD5Init; + _libmd_MD5Update; + _libmd_RIPEMD160_Data; + _libmd_RIPEMD160_End; + _libmd_RIPEMD160_Fd; + _libmd_RIPEMD160_FdChunk; + _libmd_RIPEMD160_File; + _libmd_RIPEMD160_FileChunk; + _libmd_RIPEMD160_Final; + _libmd_RIPEMD160_Init; + _libmd_RIPEMD160_Update; + _libmd_SHA1_Data; + _libmd_SHA1_End; + _libmd_SHA1_Fd; + _libmd_SHA1_FdChunk; + _libmd_SHA1_File; + _libmd_SHA1_FileChunk; + _libmd_SHA1_Final; + _libmd_SHA1_Init; + _libmd_SHA1_Update; + _libmd_SHA224_Data; + _libmd_SHA224_End; + _libmd_SHA224_Fd; + _libmd_SHA224_FdChunk; + _libmd_SHA224_File; + _libmd_SHA224_FileChunk; + _libmd_SHA224_Final; + _libmd_SHA224_Init; + _libmd_SHA224_Update; + _libmd_SHA256_Data; + _libmd_SHA256_End; + _libmd_SHA256_Fd; + _libmd_SHA256_FdChunk; + _libmd_SHA256_File; + _libmd_SHA256_FileChunk; + _libmd_SHA256_Final; + _libmd_SHA256_Init; + _libmd_SHA256_Update; + _libmd_SHA384_Data; + _libmd_SHA384_End; + _libmd_SHA384_Fd; + _libmd_SHA384_FdChunk; + _libmd_SHA384_File; + _libmd_SHA384_FileChunk; + _libmd_SHA384_Final; + _libmd_SHA384_Init; + _libmd_SHA384_Update; + _libmd_SHA512_224_Data; + _libmd_SHA512_224_End; + _libmd_SHA512_224_Fd; + _libmd_SHA512_224_FdChunk; + _libmd_SHA512_224_File; + _libmd_SHA512_224_FileChunk; + _libmd_SHA512_224_Final; + _libmd_SHA512_224_Init; + _libmd_SHA512_224_Update; + _libmd_SHA512_256_Data; + _libmd_SHA512_256_End; + _libmd_SHA512_256_Fd; + _libmd_SHA512_256_FdChunk; + _libmd_SHA512_256_File; + _libmd_SHA512_256_FileChunk; + _libmd_SHA512_256_Final; + _libmd_SHA512_256_Init; + _libmd_SHA512_256_Update; + _libmd_SHA512_Data; + _libmd_SHA512_End; + _libmd_SHA512_Fd; + _libmd_SHA512_FdChunk; + _libmd_SHA512_File; + _libmd_SHA512_FileChunk; + _libmd_SHA512_Final; + _libmd_SHA512_Init; + _libmd_SHA512_Update; + _libmd_SHA_Data; + _libmd_SHA_End; + _libmd_SHA_Fd; + _libmd_SHA_FdChunk; + _libmd_SHA_File; + _libmd_SHA_FileChunk; + _libmd_SHA_Final; + _libmd_SHA_Init; + _libmd_SHA_Update; + _libmd_SKEIN1024_Data; + _libmd_SKEIN1024_End; + _libmd_SKEIN1024_Fd; + _libmd_SKEIN1024_FdChunk; + _libmd_SKEIN1024_File; + _libmd_SKEIN1024_FileChunk; + _libmd_SKEIN1024_Final; + _libmd_SKEIN1024_Init; + _libmd_SKEIN1024_Update; + _libmd_SKEIN256_Data; + _libmd_SKEIN256_End; + _libmd_SKEIN256_Fd; + _libmd_SKEIN256_FdChunk; + _libmd_SKEIN256_File; + _libmd_SKEIN256_FileChunk; + _libmd_SKEIN256_Final; + _libmd_SKEIN256_Init; + _libmd_SKEIN256_Update; + _libmd_SKEIN512_Data; + _libmd_SKEIN512_End; + _libmd_SKEIN512_Fd; + _libmd_SKEIN512_FdChunk; + _libmd_SKEIN512_File; + _libmd_SKEIN512_FileChunk; + _libmd_SKEIN512_Final; + _libmd_SKEIN512_Init; + _libmd_SKEIN512_Update; +}; diff --git a/lib/libmd/aarch64/md5block.S b/lib/libmd/aarch64/md5block.S new file mode 100644 index 000000000000..b928c8dd795a --- /dev/null +++ b/lib/libmd/aarch64/md5block.S @@ -0,0 +1,206 @@ +/*- + * Copyright (c) 2024 Robert Clausecker <fuz@FreeBSD.org> + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include <sys/elf_common.h> +#include <machine/asm.h> + +# optimal instruction sequence for k = \key + \m +.macro addkm key, m +.if 0x100000000 - \key > 0x00ffffff + movz k, #\key & 0xffff + movk k, #\key >> 16, lsl #16 + add k, k, \m +.elseif 0x100000000 - \key > 0x0000ffff + sub k, \m, #(0x100000000 - \key) & 0xfff000 + sub k, k, #(0x100000000 - \key) & 0xfff +.else + movz k, #0x100000000 - \key + sub k, \m, k +.endif +.endm + +.macro round a, b, c, d, f, key, m, s + \f f, \b, \c, \d + addkm \key, \m // k[i] + m[g] + add \a, \a, k // k[i] + m[g] + a + add \a, \a, f // k[i] + m[g] + a + f + ror \a, \a, #32-\s + add \a, \a, \b +.endm + + /* f = b ? c : d */ +.macro f0 f, b, c, d + eor \f, \c, \d + and \f, \f, \b + eor \f, \f, \d +.endm + + /* + * special cased round 1 function + * f1 = d ? b : c = (d & b) + (~d & c) + */ +.macro round1 a, b, c, d, key, m, s + bic tmp, \c, \d // ~d & c + addkm \key, \m // k[i] + m[g] + add \a, \a, k // k[i] + m[g] + a + and f, \b, \d // d & b + add \a, \a, tmp // k[i] + m[g] + a + (~d & c) + add \a, \a, f // k[i] + m[g] + a + (~d & c) + (d & b) + ror \a, \a, #32-\s + add \a, \a, \b +.endm + + /* f = b ^ c ^ d */ +.macro f2 f, b, c, d + eor \f, \c, \d + eor \f, \f, \b +.endm + + /* f = c ^ (b | ~d) */ +.macro f3 f, b, c, d + orn \f, \b, \d + eor \f, \f, \c +.endm + + /* do 4 rounds */ +.macro rounds f, m0, m1, m2, m3, s0, s1, s2, s3, k0, k1, k2, k3 + round a, b, c, d, \f, \k0, \m0, \s0 + round d, a, b, c, \f, \k1, \m1, \s1 + round c, d, a, b, \f, \k2, \m2, \s2 + round b, c, d, a, \f, \k3, \m3, \s3 +.endm + + /* do 4 rounds with f0, f1, f2, f3 */ +.macro rounds0 m0, m1, m2, m3, k0, k1, k2, k3 + rounds f0, \m0, \m1, \m2, \m3, 7, 12, 17, 22, \k0, \k1, \k2, \k3 +.endm + +.macro rounds1 m0, m1, m2, m3, k0, k1, k2, k3 + round1 a, b, c, d, \k0, \m0, 5 + round1 d, a, b, c, \k1, \m1, 9 + round1 c, d, a, b, \k2, \m2, 14 + round1 b, c, d, a, \k3, \m3, 20 +.endm + +.macro rounds2 m0, m1, m2, m3, k0, k1, k2, k3 + rounds f2, \m0, \m1, \m2, \m3, 4, 11, 16, 23, \k0, \k1, \k2, \k3 +.endm + +.macro rounds3 m0, m1, m2, m3, k0, k1, k2, k3 + rounds f3, \m0, \m1, \m2, \m3, 6, 10, 15, 21, \k0, \k1, \k2, \k3 +.endm + + /* md5block(MD5_CTX, buf, len) */ +ENTRY(_libmd_md5block) +ctx .req x0 +buf .req x1 +len .req x2 +end .req x2 // aliases len +a .req w3 +b .req w4 +c .req w5 +d .req w6 +f .req w7 +tmp .req w8 +k .req w9 +m0 .req w10 +m1 .req w11 +m2 .req w12 +m3 .req w13 +m4 .req w14 +m5 .req w15 +m6 .req w16 +m7 .req w17 + // x18 is the platform register +m8 .req w19 +m9 .req w20 +m10 .req w21 +m11 .req w22 +m12 .req w23 +m13 .req w24 +m14 .req w25 +m15 .req w26 + +a_ .req m0 +b_ .req m7 +c_ .req m14 +d_ .req m5 + + stp x19, x20, [sp, #-0x40]! + stp x21, x22, [sp, #0x10] + stp x23, x24, [sp, #0x20] + stp x25, x26, [sp, #0x30] + + bics len, len, #63 // length in blocks + add end, buf, len // end pointer + + beq .Lend // was len == 0 after BICS? + + ldp a, b, [ctx, #0] + ldp c, d, [ctx, #8] + + /* first eight rounds interleaved with data loads */ +.Lloop: ldp m0, m1, [buf, #0] + round a, b, c, d, f0, 0xd76aa478, m0, 7 + ldp m2, m3, [buf, #8] + round d, a, b, c, f0, 0xe8c7b756, m1, 12 + ldp m4, m5, [buf, #16] + round c, d, a, b, f0, 0x242070db, m2, 17 + ldp m6, m7, [buf, #24] + round b, c, d, a, f0, 0xc1bdceee, m3, 22 + + ldp m8, m9, [buf, #32] + round a, b, c, d, f0, 0xf57c0faf, m4, 7 + ldp m10, m11, [buf, #40] + round d, a, b, c, f0, 0x4787c62a, m5, 12 + ldp m12, m13, [buf, #48] + round c, d, a, b, f0, 0xa8304613, m6, 17 + ldp m14, m15, [buf, #56] + round b, c, d, a, f0, 0xfd469501, m7, 22 + + /* remaining rounds use the roundsX macros */ + rounds0 m8, m9, m10, m11, 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be + rounds0 m12, m13, m14, m15, 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821 + + rounds1 m1, m6, m11, m0, 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa + rounds1 m5, m10, m15, m4, 0xd62f105d, 0x02441453, 0xd8a1e681, 0xe7d3fbc8 + rounds1 m9, m14, m3, m8, 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed + rounds1 m13, m2, m7, m12, 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a + + rounds2 m5, m8, m11, m14, 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c + rounds2 m1, m4, m7, m10, 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70 + rounds2 m13, m0, m3, m6, 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x04881d05 + rounds2 m9, m12, m15, m2, 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665 + + rounds3 m0, m7, m14, m5, 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039 + rounds3 m12, m3, m10, m1, 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1 + rounds3 m8, m15, m6, m13, 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1 + rounds3 m4, m11, m2, m9, 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391 + + ldp a_, b_, [ctx, #0] + ldp c_, d_, [ctx, #8] + add a, a, a_ + add b, b, b_ + add c, c, c_ + add d, d, d_ + stp a, b, [ctx, #0] + stp c, d, [ctx, #8] + + add buf, buf, #64 + cmp buf, end + bne .Lloop + +.Lend: ldp x25, x26, [sp, #0x30] + ldp x23, x24, [sp, #0x20] + ldp x21, x22, [sp, #0x10] + ldp x19, x20, [sp], #0x40 + + ret +END(_libmd_md5block) + +GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(GNU_PROPERTY_AARCH64_FEATURE_1_VAL) + + .section .note.GNU-stack,"",%progbits diff --git a/lib/libmd/aarch64/sha1block.S b/lib/libmd/aarch64/sha1block.S new file mode 100644 index 000000000000..e16fb36342fd --- /dev/null +++ b/lib/libmd/aarch64/sha1block.S @@ -0,0 +1,490 @@ +/*- + * Copyright (c) 2024 Robert Clausecker <fuz@FreeBSD.org> + * + * SPDX-License-Identifier: BSD-2-Clause + * + * sha1block_sha1 implementation based on sha1-arm.c, + * written and placed in public domain by Jeffrey Walton + * based on code from ARM, and by Johannes Schneiders, Skip + * Hovsmith and Barry O'Rourke for the mbedTLS project. + */ + +#include <machine/asm.h> + +/* + * Scalar SHA1 implementation. + * + * Due to the ample register file available on AArch64, the w array is + * kept entirely in registers. The saved a-e variables are instead kept + * in memory as we don't have that much memory. + */ + + // sha1block(SHA1_CTX, buf, len) +ENTRY(_libmd_sha1block_scalar) +ctx .req x0 +buf .req x1 +len .req x2 +w .req sp +a .req w3 +b .req w4 +c .req w5 +d .req w6 +e .req w7 +k .req w8 +f .req w9 +tmp .req w10 +w_0 .req w11 +w_1 .req w12 +w_2 .req w13 +w_3 .req w14 +w_4 .req w15 +w_5 .req w16 +w_6 .req w17 +// w18 is the platform register +w_7 .req w19 +w_8 .req w20 +w_9 .req w21 +w_10 .req w22 +w_11 .req w23 +w_12 .req w24 +w_13 .req w25 +w_14 .req w26 +w_15 .req w27 + +.macro shuffle w_i, w_i3, w_i8, w_i14 + eor \w_i, \w_i, \w_i3 + eor tmp, \w_i8, \w_i14 + eor \w_i, \w_i, tmp // w[i-16] ^ w[i-14] ^ w[i-8] ^ w[i-3] + ror \w_i, \w_i, #31 // w[i] = ... ror #31 +.endm + +.macro func1 a, b, c, d, e + and f, \c, \b + bic tmp, \d, \b + orr f, f, tmp +.endm + +.macro func2 a, b, c, d, e + eor f, \b, \c + eor f, f, \d +.endm + +.macro func3 a, b, c, d, e + eor tmp, \b, \c + and f, \b, \c + and tmp, tmp, \d + orr f, f, tmp +.endm + +.macro func4 a, b, c, d, e + func2 \a, \b, \c, \d, \e +.endm + +.macro mix a, b, c, d, e, w_i + ror \b, \b, #2 + ror tmp, \a, #27 + add \e, \e, \w_i + add tmp, tmp, k + add \e, \e, f + add \e, \e, tmp // (a ror 27) + e + f + k + w[i] +.endm + +.macro round1 a, b, c, d, e, w_i + func1 \a, \b, \c, \d, \e + rev \w_i, \w_i + mix \a, \b, \c, \d, \e, \w_i +.endm + +.macro round func, a, b, c, d, e, w_i, w_i3, w_i8, w_i14 + shuffle \w_i, \w_i3, \w_i8, \w_i14 + \func \a, \b, \c, \d, \e + mix \a, \b, \c, \d, \e, \w_i +.endm + +.macro round1x a, b, c, d, e, w_i, w_i3, w_i8, w_i14 + round func1, \a, \b, \c, \d, \e, \w_i, \w_i3, \w_i8, \w_i14 +.endm + +.macro round2 a, b, c, d, e, w_i, w_i3, w_i8, w_i14 + round func2, \a, \b, \c, \d, \e, \w_i, \w_i3, \w_i8, \w_i14 +.endm + +.macro round3 a, b, c, d, e, w_i, w_i3, w_i8, w_i14 + round func3, \a, \b, \c, \d, \e, \w_i, \w_i3, \w_i8, \w_i14 +.endm + +.macro round4 a, b, c, d, e, w_i, w_i3, w_i8, w_i14 + round func4, \a, \b, \c, \d, \e, \w_i, \w_i3, \w_i8, \w_i14 +.endm + + ands len, len, #~63 // take length in multiples of block length + beq 1f // bail out if input empty + + sub sp, sp, #24+9*8 // allocate stack space + str x19, [sp, #24+0*8] + stp x20, x21, [sp, #24+1*8] + stp x22, x23, [sp, #24+3*8] + stp x24, x25, [sp, #24+5*8] + stp x26, x27, [sp, #24+7*8] + + ldp a, b, [ctx, #0] // load SHA1 state from context + ldp c, d, [ctx, #8] + ldr e, [ctx, #16] + +0: stp a, b, [sp, #0] // save old SHA1 state + stp c, d, [sp, #8] + str e, [sp, #16] + + movz k, #0x7999 // round constant 1 + movk k, #0x5a82, lsl #16 + + ldp w_0, w_1, [buf, #0*4] + round1 a, b, c, d, e, w_0 + round1 e, a, b, c, d, w_1 + + ldp w_2, w_3, [buf, #2*4] + round1 d, e, a, b, c, w_2 + round1 c, d, e, a, b, w_3 + + ldp w_4, w_5, [buf, #4*4] + round1 b, c, d, e, a, w_4 + round1 a, b, c, d, e, w_5 + + ldp w_6, w_7, [buf, #6*4] + round1 e, a, b, c, d, w_6 + round1 d, e, a, b, c, w_7 + + ldp w_8, w_9, [buf, #8*4] + round1 c, d, e, a, b, w_8 + round1 b, c, d, e, a, w_9 + + ldp w_10, w_11, [buf, #10*4] + round1 a, b, c, d, e, w_10 + round1 e, a, b, c, d, w_11 + + ldp w_12, w_13, [buf, #12*4] + round1 d, e, a, b, c, w_12 + round1 c, d, e, a, b, w_13 + + ldp w_14, w_15, [buf, #14*4] + round1 b, c, d, e, a, w_14 + round1 a, b, c, d, e, w_15 + + round1x e, a, b, c, d, w_0, w_13, w_8, w_2 + round1x d, e, a, b, c, w_1, w_14, w_9, w_3 + round1x c, d, e, a, b, w_2, w_15, w_10, w_4 + round1x b, c, d, e, a, w_3, w_0, w_11, w_5 + + movz k, #0xeba1 // round constant 2 + movk k, #0x6ed9, lsl #16 + + round2 a, b, c, d, e, w_4, w_1, w_12, w_6 + round2 e, a, b, c, d, w_5, w_2, w_13, w_7 + round2 d, e, a, b, c, w_6, w_3, w_14, w_8 + round2 c, d, e, a, b, w_7, w_4, w_15, w_9 + round2 b, c, d, e, a, w_8, w_5, w_0, w_10 + + round2 a, b, c, d, e, w_9, w_6, w_1, w_11 + round2 e, a, b, c, d, w_10, w_7, w_2, w_12 + round2 d, e, a, b, c, w_11, w_8, w_3, w_13 + round2 c, d, e, a, b, w_12, w_9, w_4, w_14 + round2 b, c, d, e, a, w_13, w_10, w_5, w_15 + + round2 a, b, c, d, e, w_14, w_11, w_6, w_0 + round2 e, a, b, c, d, w_15, w_12, w_7, w_1 + round2 d, e, a, b, c, w_0, w_13, w_8, w_2 + round2 c, d, e, a, b, w_1, w_14, w_9, w_3 + round2 b, c, d, e, a, w_2, w_15, w_10, w_4 + + round2 a, b, c, d, e, w_3, w_0, w_11, w_5 + round2 e, a, b, c, d, w_4, w_1, w_12, w_6 + round2 d, e, a, b, c, w_5, w_2, w_13, w_7 + round2 c, d, e, a, b, w_6, w_3, w_14, w_8 + round2 b, c, d, e, a, w_7, w_4, w_15, w_9 + + movz k, #0xbcdc // round constant 3 + movk k, #0x8f1b, lsl #16 + + round3 a, b, c, d, e, w_8, w_5, w_0, w_10 + round3 e, a, b, c, d, w_9, w_6, w_1, w_11 + round3 d, e, a, b, c, w_10, w_7, w_2, w_12 + round3 c, d, e, a, b, w_11, w_8, w_3, w_13 + round3 b, c, d, e, a, w_12, w_9, w_4, w_14 + + round3 a, b, c, d, e, w_13, w_10, w_5, w_15 + round3 e, a, b, c, d, w_14, w_11, w_6, w_0 + round3 d, e, a, b, c, w_15, w_12, w_7, w_1 + round3 c, d, e, a, b, w_0, w_13, w_8, w_2 + round3 b, c, d, e, a, w_1, w_14, w_9, w_3 + + round3 a, b, c, d, e, w_2, w_15, w_10, w_4 + round3 e, a, b, c, d, w_3, w_0, w_11, w_5 + round3 d, e, a, b, c, w_4, w_1, w_12, w_6 + round3 c, d, e, a, b, w_5, w_2, w_13, w_7 + round3 b, c, d, e, a, w_6, w_3, w_14, w_8 + + round3 a, b, c, d, e, w_7, w_4, w_15, w_9 + round3 e, a, b, c, d, w_8, w_5, w_0, w_10 + round3 d, e, a, b, c, w_9, w_6, w_1, w_11 + round3 c, d, e, a, b, w_10, w_7, w_2, w_12 + round3 b, c, d, e, a, w_11, w_8, w_3, w_13 + + movz k, #0xc1d6 // round constant 4 + movk k, #0xca62, lsl #16 + + round4 a, b, c, d, e, w_12, w_9, w_4, w_14 + round4 e, a, b, c, d, w_13, w_10, w_5, w_15 + round4 d, e, a, b, c, w_14, w_11, w_6, w_0 + round4 c, d, e, a, b, w_15, w_12, w_7, w_1 + round4 b, c, d, e, a, w_0, w_13, w_8, w_2 + + round4 a, b, c, d, e, w_1, w_14, w_9, w_3 + round4 e, a, b, c, d, w_2, w_15, w_10, w_4 + round4 d, e, a, b, c, w_3, w_0, w_11, w_5 + round4 c, d, e, a, b, w_4, w_1, w_12, w_6 + round4 b, c, d, e, a, w_5, w_2, w_13, w_7 + + round4 a, b, c, d, e, w_6, w_3, w_14, w_8 + round4 e, a, b, c, d, w_7, w_4, w_15, w_9 + round4 d, e, a, b, c, w_8, w_5, w_0, w_10 + round4 c, d, e, a, b, w_9, w_6, w_1, w_11 + round4 b, c, d, e, a, w_10, w_7, w_2, w_12 + + round4 a, b, c, d, e, w_11, w_8, w_3, w_13 + round4 e, a, b, c, d, w_12, w_9, w_4, w_14 + round4 d, e, a, b, c, w_13, w_10, w_5, w_15 + round4 c, d, e, a, b, w_14, w_11, w_6, w_0 + round4 b, c, d, e, a, w_15, w_12, w_7, w_1 + + ldp w_0, w_1, [sp, #0] // reload saved SHA1 state + ldp w_2, w_3, [sp, #8] + ldr w_4, [sp, #16] + + add a, a, w_0 + add b, b, w_1 + add c, c, w_2 + add d, d, w_3 + add e, e, w_4 + + add buf, buf, #64 + subs len, len, #64 + bhi 0b + + stp a, b, [ctx, #0] // write updated SHA1 state + stp c, d, [ctx, #8] + str e, [ctx, #16] + + ldr x19, [sp, #24+0*8] + ldp x20, x21, [sp, #24+1*8] + ldp x22, x23, [sp, #24+3*8] + ldp x24, x25, [sp, #24+5*8] + ldp x26, x27, [sp, #24+7*8] + add sp, sp, #24+9*8 + +1: ret +END(_libmd_sha1block_scalar) + +/* + * SHA1 implementation using the SHA1 instruction set extension. + */ + + .arch_extension sha2 + + // sha1block(SHA1_CTX, buf, len) +ENTRY(_libmd_sha1block_sha1) + /* ctx, buf, len: same as for sha1block_scalar */ +kaddr .req x3 +abcd .req v0 +abcd_q .req q0 // alias for use with scalar instructions +abcd_s .req s0 +e0 .req s1 +e0_v .req v1 +e1 .req s2 +abcd_saved .req v3 +e0_saved .req v4 +tmp0 .req v5 +tmp1 .req v6 +msg0 .req v16 +msg1 .req v17 +msg2 .req v18 +msg3 .req v19 +k0 .req v20 +k1 .req v21 +k2 .req v22 +k3 .req v23 + + ands len, len, #~63 // take length in multiples of block length + beq 1f // bail out if input empty + + ldr abcd_q, [ctx, #0] + ldr e0, [ctx, #16] + + adrp kaddr, k1234 + add kaddr, kaddr, #:lo12:k1234 + ld4r {k0.4s, k1.4s, k2.4s, k3.4s}, [kaddr] + +0: mov abcd_saved.16b, abcd.16b + mov e0_saved.16b, e0_v.16b + + ld1 {msg0.4s, msg1.4s, msg2.4s, msg3.4s}, [buf], #64 + rev32 msg0.16b, msg0.16b + rev32 msg1.16b, msg1.16b + rev32 msg2.16b, msg2.16b + rev32 msg3.16b, msg3.16b + + add tmp0.4s, msg0.4s, k0.4s + add tmp1.4s, msg1.4s, k0.4s + + /* rounds 0--3 */ + sha1h e1, abcd_s + sha1c abcd_q, e0, tmp0.4s + add tmp0.4s, msg2.4s, k0.4s + sha1su0 msg0.4s, msg1.4s, msg2.4s + + /* rounds 4--7 */ + sha1h e0, abcd_s + sha1c abcd_q, e1, tmp1.4s + add tmp1.4s, msg3.4s, k0.4s + sha1su1 msg0.4s, msg3.4s + sha1su0 msg1.4s, msg2.4s, msg3.4s + + /* rounds 8--11 */ + sha1h e1, abcd_s + sha1c abcd_q, e0, tmp0.4s + add tmp0.4s, msg0.4s, k0.4s + sha1su1 msg1.4s, msg0.4s + sha1su0 msg2.4s, msg3.4s, msg0.4s + + /* rounds 12--15 */ + sha1h e0, abcd_s + sha1c abcd_q, e1, tmp1.4s + add tmp1.4s, msg1.4s, k1.4s + sha1su1 msg2.4s, msg1.4s + sha1su0 msg3.4s, msg0.4s, msg1.4s + + /* rounds 16--19 */ + sha1h e1, abcd_s + sha1c abcd_q, e0, tmp0.4s + add tmp0.4s, msg2.4s, k1.4s + sha1su1 msg3.4s, msg2.4s + sha1su0 msg0.4s, msg1.4s, msg2.4s + + /* rounds 20--23 */ + sha1h e0, abcd_s + sha1p abcd_q, e1, tmp1.4s + add tmp1.4s, msg3.4s, k1.4s + sha1su1 msg0.4s, msg3.4s + sha1su0 msg1.4s, msg2.4s, msg3.4s + + /* rounds 24--27 */ + sha1h e1, abcd_s + sha1p abcd_q, e0, tmp0.4s + add tmp0.4s, msg0.4s, k1.4s + sha1su1 msg1.4s, msg0.4s + sha1su0 msg2.4s, msg3.4s, msg0.4s + + /* rounds 28--31 */ + sha1h e0, abcd_s + sha1p abcd_q, e1, tmp1.4s + add tmp1.4s, msg1.4s, k1.4s + sha1su1 msg2.4s, msg1.4s + sha1su0 msg3.4s, msg0.4s, msg1.4s + + /* rounds 32--35 */ + sha1h e1, abcd_s + sha1p abcd_q, e0, tmp0.4s + add tmp0.4s, msg2.4s, k2.4s + sha1su1 msg3.4s, msg2.4s + sha1su0 msg0.4s, msg1.4s, msg2.4s + + /* rounds 36--39 */ + sha1h e0, abcd_s + sha1p abcd_q, e1, tmp1.4s + add tmp1.4s, msg3.4s, k2.4s + sha1su1 msg0.4s, msg3.4s + sha1su0 msg1.4s, msg2.4s, msg3.4s + + /* rounds 40--43 */ + sha1h e1, abcd_s + sha1m abcd_q, e0, tmp0.4s + add tmp0.4s, msg0.4s, k2.4s + sha1su1 msg1.4s, msg0.4s + sha1su0 msg2.4s, msg3.4s, msg0.4s + + /* rounds 44--47 */ + sha1h e0, abcd_s + sha1m abcd_q, e1, tmp1.4s + add tmp1.4s, msg1.4s, k2.4s + sha1su1 msg2.4s, msg1.4s + sha1su0 msg3.4s, msg0.4s, msg1.4s + + /* rounds 48--51 */ + sha1h e1, abcd_s + sha1m abcd_q, e0, tmp0.4s + add tmp0.4s, msg2.4s, k2.4s + sha1su1 msg3.4s, msg2.4s + sha1su0 msg0.4s, msg1.4s, msg2.4s + + /* rounds 52--55 */ + sha1h e0, abcd_s + sha1m abcd_q, e1, tmp1.4s + add tmp1.4s, msg3.4s, k3.4s + sha1su1 msg0.4s, msg3.4s + sha1su0 msg1.4s, msg2.4s, msg3.4s + + /* rounds 56--59 */ + sha1h e1, abcd_s + sha1m abcd_q, e0, tmp0.4s + add tmp0.4s, msg0.4s, k3.4s + sha1su1 msg1.4s, msg0.4s + sha1su0 msg2.4s, msg3.4s, msg0.4s + + /* rounds 60--63 */ + sha1h e0, abcd_s + sha1p abcd_q, e1, tmp1.4s + add tmp1.4s, msg1.4s, k3.4s + sha1su1 msg2.4s, msg1.4s + sha1su0 msg3.4s, msg0.4s, msg1.4s + + /* rounds 64--67 */ + sha1h e1, abcd_s + sha1p abcd_q, e0, tmp0.4s + add tmp0.4s, msg2.4s, k3.4s + sha1su1 msg3.4s, msg2.4s + sha1su0 msg0.4s, msg1.4s, msg2.4s + + /* rounds 68--71 */ + sha1h e0, abcd_s + sha1p abcd_q, e1, tmp1.4s + add tmp1.4s, msg3.4s, k3.4s + sha1su1 msg0.4s, msg3.4s + + /* rounds 72--75 */ + sha1h e1, abcd_s + sha1p abcd_q, e0, tmp0.4s + + /* rounds 76--79 */ + sha1h e0, abcd_s + sha1p abcd_q, e1, tmp1.4s + + add e0_v.4s, e0_v.4s, e0_saved.4s + add abcd.4s, abcd.4s, abcd_saved.4s + + subs len, len, #64 + bhi 0b + + str abcd_q, [ctx, #0] + str e0, [ctx, #16] + +1: ret +END(_libmd_sha1block_sha1) + + .section .rodata + .balign 16 +k1234: .4byte 0x5a827999 + .4byte 0x6ed9eba1 + .4byte 0x8f1bbcdc + .4byte 0xca62c1d6 + .size k1234, .-k1234 + + .section .note.GNU-stack,"",%progbits diff --git a/lib/libmd/aarch64/sha1dispatch.c b/lib/libmd/aarch64/sha1dispatch.c new file mode 100644 index 000000000000..045527044320 --- /dev/null +++ b/lib/libmd/aarch64/sha1dispatch.c @@ -0,0 +1,24 @@ +/*- + * Copyright (c) 2024 Robert Clausecker <fuz@FreeBSD.org> + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include <machine/ifunc.h> +#include <sha.h> +#include <sys/auxv.h> + +extern void _libmd_sha1block_scalar(SHA1_CTX *, const void *, size_t); +extern void _libmd_sha1block_sha1(SHA1_CTX *, const void *, size_t); + +DEFINE_IFUNC(, void, sha1_block, (SHA1_CTX *, const void *, size_t)) +{ + unsigned long hwcap = 0; + + elf_aux_info(AT_HWCAP, &hwcap, sizeof(hwcap)); + + if (hwcap & HWCAP_SHA1) + return (_libmd_sha1block_sha1); + else + return (_libmd_sha1block_scalar); +} diff --git a/lib/libmd/amd64/md5block.S b/lib/libmd/amd64/md5block.S new file mode 100644 index 000000000000..0dd594dd5dc2 --- /dev/null +++ b/lib/libmd/amd64/md5block.S @@ -0,0 +1,363 @@ +/*- + * Copyright (c) 2024, 2025 Robert Clausecker <fuz@FreeBSD.org> + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include <machine/asm.h> + +/* apply the round keys to the four round functions */ +.macro allrounds rfn0, rfn1, rfn2, rfn3 + \rfn0 0, 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee + \rfn0 4, 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501 + \rfn0 8, 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be + \rfn0 12, 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821 + + \rfn1 16, 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa + \rfn1 20, 0xd62f105d, 0x02441453, 0xd8a1e681, 0xe7d3fbc8 + \rfn1 24, 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed + \rfn1 28, 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a + + \rfn2 32, 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c + \rfn2 36, 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70 + \rfn2 40, 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x04881d05 + \rfn2 44, 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665 + + \rfn3 48, 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039 + \rfn3 52, 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1 + \rfn3 56, 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1 + \rfn3 60, 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391 +.endm + + // md5block(MD5_CTX, buf, len) +ENTRY(_libmd_md5block_baseline) +.macro round a, b, c, d, f, k, m, s + \f %ebp, \b, \c, \d + add $\k, \a // a + k[i] + add ((\m)%16*4)(%rsi), \a // a + k[i] + m[g] + add %ebp, \a // a + k[i] + m[g] + f + rol $\s, \a + add \b, \a +.endm + + // f = b ? c : d +.macro f0 f, b, c, d + mov \c, \f + xor \d, \f + and \b, \f + xor \d, \f +.endm + + // f = d ? b : c +.macro f1 f, b, c, d + mov \c, \f + xor \b, \f + and \d, \f + xor \c, \f +.endm + + // f = b ^ c ^ d +.macro f2 f, b, c, d + mov \c, \f + xor \d, \f + xor \b, \f +.endm + + // f = c ^ (b | ~d) +.macro f3 f, b, c, d + mov $-1, \f + xor \d, \f + or \b, \f + xor \c, \f +.endm + + // do 4 rounds +.macro rounds f, p, q, s0, s1, s2, s3, k0, k1, k2, k3 + round %eax, %ebx, %ecx, %edx, \f, \k0, \p*0+\q, \s0 + round %edx, %eax, %ebx, %ecx, \f, \k1, \p*1+\q, \s1 + round %ecx, %edx, %eax, %ebx, \f, \k2, \p*2+\q, \s2 + round %ebx, %ecx, %edx, %eax, \f, \k3, \p*3+\q, \s3 +.endm + + // do 4 rounds with f0, f1, f2, f3 +.macro rounds0 i, k0, k1, k2, k3 + rounds f0, 1, \i, 7, 12, 17, 22, \k0, \k1, \k2, \k3 +.endm + +.macro rounds1 i, k0, k1, k2, k3 + rounds f1, 5, 5*\i+1, 5, 9, 14, 20, \k0, \k1, \k2, \k3 +.endm + +.macro rounds2 i, k0, k1, k2, k3 + rounds f2, 3, 3*\i+5, 4, 11, 16, 23, \k0, \k1, \k2, \k3 +.endm + +.macro rounds3 i, k0, k1, k2, k3 + rounds f3, 7, 7*\i, 6, 10, 15, 21, \k0, \k1, \k2, \k3 +.endm + + push %rbx + push %rbp + push %r12 + + and $~63, %rdx // length in blocks + lea (%rsi, %rdx, 1), %r12 // end pointer + + mov (%rdi), %eax // a + mov 4(%rdi), %ebx // b + mov 8(%rdi), %ecx // c + mov 12(%rdi), %edx // d + + cmp %rsi, %r12 // any data to process? + je .Lend + + .balign 16 +.Lloop: mov %eax, %r8d + mov %ebx, %r9d + mov %ecx, %r10d + mov %edx, %r11d + + allrounds rounds0, rounds1, rounds2, rounds3 + + add %r8d, %eax + add %r9d, %ebx + add %r10d, %ecx + add %r11d, %edx + + add $64, %rsi + cmp %rsi, %r12 + jne .Lloop + + mov %eax, (%rdi) + mov %ebx, 4(%rdi) + mov %ecx, 8(%rdi) + mov %edx, 12(%rdi) + +.Lend: pop %r12 + pop %rbp + pop %rbx + ret +END(_libmd_md5block_baseline) + + /* + * An implementation leveraging the ANDN instruction + * from BMI1 to shorten some dependency chains. + */ +ENTRY(_libmd_md5block_bmi1) + // special-cased round 1 + // f1 = d ? b : c = (d & b) + (~d & c) +.macro round1 a, b, c, d, k, m, s + andn \c, \d, %edi // ~d & c + add $\k, \a // a + k[i] + mov \d, %ebp + add ((\m)%16*4)(%rsi), \a // a + k[i] + m[g] + and \b, %ebp // d & b + add %edi, \a // a + k[i] + m[g] + (~d & c) + add %ebp, \a // a + k[i] + m[g] + (~d & c) + (d & b) + rol $\s, \a + add \b, \a +.endm + + // special-cased round 3 + // f3 = c ^ (b | ~d) = ~(c ^ ~b & d) = -1 - (c ^ ~b & d) +.macro round3 a, b, c, d, k, m, s + andn \d, \b, %ebp + add $\k - 1, \a // a + k[i] - 1 + add ((\m)%16*4)(%rsi), \a // a + k[i] + m[g] + xor \c, %ebp + sub %ebp, \a // a + k[i] + m[g] + f + rol $\s, \a + add \b, \a +.endm + + .purgem rounds1 +.macro rounds1 i, k0, k1, k2, k3 + round1 %eax, %ebx, %ecx, %edx, \k0, 5*\i+ 1, 5 + round1 %edx, %eax, %ebx, %ecx, \k1, 5*\i+ 6, 9 + round1 %ecx, %edx, %eax, %ebx, \k2, 5*\i+11, 14 + round1 %ebx, %ecx, %edx, %eax, \k3, 5*\i+16, 20 +.endm + + .purgem rounds3 +.macro rounds3 i, k0, k1, k2, k3 + round3 %eax, %ebx, %ecx, %edx, \k0, 7*\i+ 0, 6 + round3 %edx, %eax, %ebx, %ecx, \k1, 7*\i+ 7, 10 + round3 %ecx, %edx, %eax, %ebx, \k2, 7*\i+14, 15 + round3 %ebx, %ecx, %edx, %eax, \k3, 7*\i+21, 21 +.endm + + push %rbx + push %rbp + push %r12 + + and $~63, %rdx // length in blocks + lea (%rsi, %rdx, 1), %r12 // end pointer + + mov (%rdi), %eax // a + mov 4(%rdi), %ebx // b + mov 8(%rdi), %ecx // c + mov 12(%rdi), %edx // d + + cmp %rsi, %r12 // any data to process? + je 0f + + push %rdi + + .balign 16 +1: mov %eax, %r8d + mov %ebx, %r9d + mov %ecx, %r10d + mov %edx, %r11d + + allrounds rounds0, rounds1, rounds2, rounds3 + + add %r8d, %eax + add %r9d, %ebx + add %r10d, %ecx + add %r11d, %edx + + add $64, %rsi + cmp %rsi, %r12 + jne 1b + + pop %rdi + mov %eax, (%rdi) + mov %ebx, 4(%rdi) + mov %ecx, 8(%rdi) + mov %edx, 12(%rdi) + +0: pop %r12 + pop %rbp + pop %rbx + ret +END(_libmd_md5block_bmi1) + +#ifndef _KERNEL + /* + * An implementation leveraging AVX-512 for its VPTERNLOGD + * instruction. We're using only XMM registers here, + * avoiding costly thermal licensing. + */ +ENTRY(_libmd_md5block_avx512) +.macro vround a, b, c, d, f, i, m, mi, s + vmovdqa \b, %xmm4 + vpternlogd $\f, \d, \c, %xmm4 + vpaddd 4*(\i)(%rax){1to4}, \m, %xmm5 // m[g] + k[i] +.if \mi != 0 + vpshufd $0x55 * \mi, %xmm5, %xmm5 // broadcast to each dword +.endif + vpaddd %xmm5, \a, \a // a + k[i] + m[g] + vpaddd %xmm4, \a, \a // a + k[i] + m[g] + f + vprold $\s, \a, \a + vpaddd \b, \a, \a +.endm + +.macro vrounds f, i, m0, i0, m1, i1, m2, i2, m3, i3, s0, s1, s2, s3 + vround %xmm0, %xmm1, %xmm2, %xmm3, \f, \i+0, \m0, \i0, \s0 + vround %xmm3, %xmm0, %xmm1, %xmm2, \f, \i+1, \m1, \i1, \s1 + vround %xmm2, %xmm3, %xmm0, %xmm1, \f, \i+2, \m2, \i2, \s2 + vround %xmm1, %xmm2, %xmm3, %xmm0, \f, \i+3, \m3, \i3, \s3 +.endm + +/* + * d c b f0 f1 f2 f3 + * 0 0 0 0 0 0 1 + * 1 0 0 1 0 1 0 + * 0 1 0 0 1 1 0 + * 1 1 0 1 0 0 1 + * 0 0 1 0 0 1 1 + * 1 0 1 0 1 0 1 + * 0 1 1 1 1 0 0 + * 1 1 1 1 1 1 0 + */ + +.macro vrounds0 i, m + vrounds 0xca, \i, \m, 0, \m, 1, \m, 2, \m, 3, 7, 12, 17, 22 +.endm + +.macro vrounds1 i, m0, i0, m1, i1, m2, i2, m3, i3 + vrounds 0xe4, \i, \m0, \i0, \m1, \i1, \m2, \i2, \m3, \i3, 5, 9, 14, 20 +.endm + +.macro vrounds2 i, m0, i0, m1, i1, m2, i2, m3, i3 + vrounds 0x96, \i, \m0, \i0, \m1, \i1, \m2, \i2, \m3, \i3, 4, 11, 16, 23 +.endm + +.macro vrounds3 i, m0, i0, m1, i1, m2, i2, m3, i3 + vrounds 0x39, \i, \m0, \i0, \m1, \i1, \m2, \i2, \m3, \i3, 6, 10, 15, 21 +.endm + + and $~63, %rdx // length in blocks + add %rsi, %rdx // end pointer + + vmovd (%rdi), %xmm0 // a + vmovd 4(%rdi), %xmm1 // b + vmovd 8(%rdi), %xmm2 // c + vmovd 12(%rdi), %xmm3 // d + + lea keys(%rip), %rax + + cmp %rsi, %rdx // any data to process? + je 0f + + .balign 16 +1: vmovdqu 0*4(%rsi), %xmm8 // message words + vmovdqu 4*4(%rsi), %xmm9 + vmovdqu 8*4(%rsi), %xmm10 + vmovdqu 12*4(%rsi), %xmm11 + + vmovdqa %xmm0, %xmm12 // stash old state variables + vmovdqa %xmm1, %xmm13 + vmovdqa %xmm2, %xmm14 + vmovdqa %xmm3, %xmm15 + + vrounds0 0, %xmm8 + vrounds0 4, %xmm9 + vrounds0 8, %xmm10 + vrounds0 12, %xmm11 + + vrounds1 16, %xmm8, 1, %xmm9, 2, %xmm10, 3, %xmm8, 0 + vrounds1 20, %xmm9, 1, %xmm10, 2, %xmm11, 3, %xmm9, 0 + vrounds1 24, %xmm10, 1, %xmm11, 2, %xmm8, 3, %xmm10, 0 + vrounds1 28, %xmm11, 1, %xmm8, 2, %xmm9, 3, %xmm11, 0 + + vrounds2 32, %xmm9, 1, %xmm10, 0, %xmm10, 3, %xmm11, 2 + vrounds2 36, %xmm8, 1, %xmm9, 0, %xmm9, 3, %xmm10, 2 + vrounds2 40, %xmm11, 1, %xmm8, 0, %xmm8, 3, %xmm9, 2 + vrounds2 44 %xmm10, 1, %xmm11, 0, %xmm11, 3, %xmm8, 2 + + vrounds3 48, %xmm8, 0, %xmm9, 3, %xmm11, 2, %xmm9, 1 + vrounds3 52, %xmm11, 0, %xmm8, 3, %xmm10, 2, %xmm8, 1 + vrounds3 56, %xmm10, 0, %xmm11, 3, %xmm9, 2, %xmm11, 1 + vrounds3 60, %xmm9, 0, %xmm10, 3, %xmm8, 2, %xmm10, 1 + + vpaddd %xmm12, %xmm0, %xmm0 + vpaddd %xmm13, %xmm1, %xmm1 + vpaddd %xmm14, %xmm2, %xmm2 + vpaddd %xmm15, %xmm3, %xmm3 + + add $64, %rsi + cmp %rsi, %rdx + jne 1b + + vmovd %xmm0, (%rdi) + vmovd %xmm1, 4(%rdi) + vmovd %xmm2, 8(%rdi) + vmovd %xmm3, 12(%rdi) + +0: ret +END(_libmd_md5block_avx512) + + // round keys, for use in md5block_avx512 + .section .rodata + .balign 16 + +.macro putkeys i, a, b, c, d + .4byte \a, \b, \c, \d +.endm + +keys: allrounds putkeys, putkeys, putkeys, putkeys + .size keys, .-keys +#endif /* !defined(_KERNEL) */ + + .section .note.GNU-stack,"",%progbits diff --git a/lib/libmd/amd64/md5dispatch.c b/lib/libmd/amd64/md5dispatch.c new file mode 100644 index 000000000000..dd2131c5a57c --- /dev/null +++ b/lib/libmd/amd64/md5dispatch.c @@ -0,0 +1,41 @@ +/*- + * Copyright (c) 2024 Robert Clausecker <fuz@FreeBSD.org> + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include <sys/types.h> +#include <sys/md5.h> + +#include <machine/cpufunc.h> +#include <machine/specialreg.h> +#include <stdint.h> +#include <string.h> +#include <x86/ifunc.h> + +extern void _libmd_md5block_baseline(MD5_CTX *, const void *, size_t); +extern void _libmd_md5block_bmi1(MD5_CTX *, const void *, size_t); +extern void _libmd_md5block_avx512(MD5_CTX *, const void *, size_t); + +DEFINE_UIFUNC(, void, _libmd_md5block, (MD5_CTX *, const void *, size_t)) +{ + if ((cpu_stdext_feature & (CPUID_STDEXT_AVX512F | CPUID_STDEXT_AVX512VL)) + == (CPUID_STDEXT_AVX512F | CPUID_STDEXT_AVX512VL)) { + u_int regs[4]; + char cpu_vendor[12]; + + do_cpuid(0, regs); + ((u_int *)&cpu_vendor)[0] = regs[1]; + ((u_int *)&cpu_vendor)[1] = regs[3]; + ((u_int *)&cpu_vendor)[2] = regs[2]; + + /* the AVX-512 kernel performs poorly on AMD */ + if (memcmp(cpu_vendor, AMD_VENDOR_ID, sizeof(cpu_vendor)) != 0) + return (_libmd_md5block_avx512); + } + + if (cpu_stdext_feature & CPUID_STDEXT_BMI1) + return (_libmd_md5block_bmi1); + else + return (_libmd_md5block_baseline); +} diff --git a/lib/libmd/amd64/sha1block.S b/lib/libmd/amd64/sha1block.S new file mode 100644 index 000000000000..6ef083178abc --- /dev/null +++ b/lib/libmd/amd64/sha1block.S @@ -0,0 +1,1851 @@ +/*- + * Copyright (c) 2013 The Go Authors. All rights reserved. + * Copyright (c) 2024 Robert Clausecker <fuz@FreeBSD.org> + * + * Adapted from Go's crypto/sha1/sha1block_amd64.s. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <machine/asm.h> + +/* + * SHA-1 block routine. See sha1c.c for C equivalent. + * + * There are 80 rounds of 4 types: + * - rounds 0-15 are type 1 and load data (round1 macro). + * - rounds 16-19 are type 1 and do not load data (round1x macro). + * - rounds 20-39 are type 2 and do not load data (round2 macro). + * - rounds 40-59 are type 3 and do not load data (round3 macro). + * - rounds 60-79 are type 4 and do not load data (round4 macro). + * + * Each round loads or shuffles the data, then computes a per-round + * function of b, c, d, and then mixes the result into and rotates the + * five registers a, b, c, d, e holding the intermediate results. + * + * The register rotation is implemented by rotating the arguments to + * the round macros instead of by explicit move instructions. + */ +.macro load index + mov (\index)*4(%rsi), %r10d + bswap %r10d + mov %r10d, (\index)*4(%rsp) +.endm + +.macro shuffle index + mov ((\index )&0xf)*4(%rsp), %r10d + xor ((\index- 3)&0xf)*4(%rsp), %r10d + xor ((\index- 8)&0xf)*4(%rsp), %r10d + xor ((\index-14)&0xf)*4(%rsp), %r10d + rol $1, %r10d + mov %r10d, ((\index)&0xf)*4(%rsp) +.endm + +.macro func1 a, b, c, d, e + mov \d, %r9d + xor \c, %r9d + and \b, %r9d + xor \d, %r9d +.endm + +.macro func2 a, b, c, d, e + mov \b, %r9d + xor \c, %r9d + xor \d, %r9d +.endm + +.macro func3 a, b, c, d, e + mov \b, %r8d + or \c, %r8d + and \d, %r8d + mov \b, %r9d + and \c, %r9d + or %r8d, %r9d +.endm + +.macro func4 a, b, c, d, e + func2 \a, \b, \c, \d, \e +.endm + +.macro mix a, b, c, d, e, const + rol $30, \b + add %r9d, \e + mov \a, %r8d + rol $5, %r8d + lea \const(\e, %r10d, 1), \e + add %r8d, \e +.endm + +.macro round1 a, b, c, d, e, index + load \index + func1 \a, \b, \c, \d, \e + mix \a, \b, \c, \d, \e, 0x5a827999 +.endm + +.macro round1x a, b, c, d, e, index + shuffle \index + func1 \a, \b, \c, \d, \e + mix \a, \b, \c, \d, \e, 0x5a827999 +.endm + +.macro round2 a, b, c, d, e, index + shuffle \index + func2 \a, \b, \c, \d, \e + mix \a, \b, \c, \d, \e, 0x6ed9eba1 +.endm + +.macro round3 a, b, c, d, e, index + shuffle \index + func3 \a, \b, \c, \d, \e + mix \a, \b, \c, \d, \e, 0x8f1bbcdc +.endm + +.macro round4 a, b, c, d, e, index + shuffle \index + func4 \a, \b, \c, \d, \e + mix \a, \b, \c, \d, \e, 0xca62c1d6 +.endm + + // sha1block(SHA1_CTX, buf, len) +ENTRY(_libmd_sha1block_scalar) + push %rbp + push %rbx + push %r12 + push %r13 + push %r14 + push %r15 + push %rdi // rdi: SHA1_CTX + sub $64+8, %rsp // 64 bytes for round keys + // plus alignment + + mov %rdi, %rbp + // rsi: buf + and $~63, %rdx // rdx: length in blocks + lea (%rsi, %rdx, 1), %rdi // rdi: end pointer + mov (%rbp), %eax // c->h0 + mov 4(%rbp), %ebx // c->h1 + mov 8(%rbp), %ecx // c->h2 + mov 12(%rbp), %edx // c->h3 + mov 16(%rbp), %ebp // c->h4 + + cmp %rsi, %rdi // any data to process? + je .Lend + +.Lloop: mov %eax, %r11d + mov %ebx, %r12d + mov %ecx, %r13d + mov %edx, %r14d + mov %ebp, %r15d + + round1 %eax, %ebx, %ecx, %edx, %ebp, 0 + round1 %ebp, %eax, %ebx, %ecx, %edx, 1 + round1 %edx, %ebp, %eax, %ebx, %ecx, 2 + round1 %ecx, %edx, %ebp, %eax, %ebx, 3 + round1 %ebx, %ecx, %edx, %ebp, %eax, 4 + + round1 %eax, %ebx, %ecx, %edx, %ebp, 5 + round1 %ebp, %eax, %ebx, %ecx, %edx, 6 + round1 %edx, %ebp, %eax, %ebx, %ecx, 7 + round1 %ecx, %edx, %ebp, %eax, %ebx, 8 + round1 %ebx, %ecx, %edx, %ebp, %eax, 9 + + round1 %eax, %ebx, %ecx, %edx, %ebp, 10 + round1 %ebp, %eax, %ebx, %ecx, %edx, 11 + round1 %edx, %ebp, %eax, %ebx, %ecx, 12 + round1 %ecx, %edx, %ebp, %eax, %ebx, 13 + round1 %ebx, %ecx, %edx, %ebp, %eax, 14 + + round1 %eax, %ebx, %ecx, %edx, %ebp, 15 + round1x %ebp, %eax, %ebx, %ecx, %edx, 16 + round1x %edx, %ebp, %eax, %ebx, %ecx, 17 + round1x %ecx, %edx, %ebp, %eax, %ebx, 18 + round1x %ebx, %ecx, %edx, %ebp, %eax, 19 + + round2 %eax, %ebx, %ecx, %edx, %ebp, 20 + round2 %ebp, %eax, %ebx, %ecx, %edx, 21 + round2 %edx, %ebp, %eax, %ebx, %ecx, 22 + round2 %ecx, %edx, %ebp, %eax, %ebx, 23 + round2 %ebx, %ecx, %edx, %ebp, %eax, 24 + + round2 %eax, %ebx, %ecx, %edx, %ebp, 25 + round2 %ebp, %eax, %ebx, %ecx, %edx, 26 + round2 %edx, %ebp, %eax, %ebx, %ecx, 27 + round2 %ecx, %edx, %ebp, %eax, %ebx, 28 + round2 %ebx, %ecx, %edx, %ebp, %eax, 29 + + round2 %eax, %ebx, %ecx, %edx, %ebp, 30 + round2 %ebp, %eax, %ebx, %ecx, %edx, 31 + round2 %edx, %ebp, %eax, %ebx, %ecx, 32 + round2 %ecx, %edx, %ebp, %eax, %ebx, 33 + round2 %ebx, %ecx, %edx, %ebp, %eax, 34 + + round2 %eax, %ebx, %ecx, %edx, %ebp, 35 + round2 %ebp, %eax, %ebx, %ecx, %edx, 36 + round2 %edx, %ebp, %eax, %ebx, %ecx, 37 + round2 %ecx, %edx, %ebp, %eax, %ebx, 38 + round2 %ebx, %ecx, %edx, %ebp, %eax, 39 + + round3 %eax, %ebx, %ecx, %edx, %ebp, 40 + round3 %ebp, %eax, %ebx, %ecx, %edx, 41 + round3 %edx, %ebp, %eax, %ebx, %ecx, 42 + round3 %ecx, %edx, %ebp, %eax, %ebx, 43 + round3 %ebx, %ecx, %edx, %ebp, %eax, 44 + + round3 %eax, %ebx, %ecx, %edx, %ebp, 45 + round3 %ebp, %eax, %ebx, %ecx, %edx, 46 + round3 %edx, %ebp, %eax, %ebx, %ecx, 47 + round3 %ecx, %edx, %ebp, %eax, %ebx, 48 + round3 %ebx, %ecx, %edx, %ebp, %eax, 49 + + round3 %eax, %ebx, %ecx, %edx, %ebp, 50 + round3 %ebp, %eax, %ebx, %ecx, %edx, 51 + round3 %edx, %ebp, %eax, %ebx, %ecx, 52 + round3 %ecx, %edx, %ebp, %eax, %ebx, 53 + round3 %ebx, %ecx, %edx, %ebp, %eax, 54 + + round3 %eax, %ebx, %ecx, %edx, %ebp, 55 + round3 %ebp, %eax, %ebx, %ecx, %edx, 56 + round3 %edx, %ebp, %eax, %ebx, %ecx, 57 + round3 %ecx, %edx, %ebp, %eax, %ebx, 58 + round3 %ebx, %ecx, %edx, %ebp, %eax, 59 + + round4 %eax, %ebx, %ecx, %edx, %ebp, 60 + round4 %ebp, %eax, %ebx, %ecx, %edx, 61 + round4 %edx, %ebp, %eax, %ebx, %ecx, 62 + round4 %ecx, %edx, %ebp, %eax, %ebx, 63 + round4 %ebx, %ecx, %edx, %ebp, %eax, 64 + + round4 %eax, %ebx, %ecx, %edx, %ebp, 65 + round4 %ebp, %eax, %ebx, %ecx, %edx, 66 + round4 %edx, %ebp, %eax, %ebx, %ecx, 67 + round4 %ecx, %edx, %ebp, %eax, %ebx, 68 + round4 %ebx, %ecx, %edx, %ebp, %eax, 69 + + round4 %eax, %ebx, %ecx, %edx, %ebp, 70 + round4 %ebp, %eax, %ebx, %ecx, %edx, 71 + round4 %edx, %ebp, %eax, %ebx, %ecx, 72 + round4 %ecx, %edx, %ebp, %eax, %ebx, 73 + round4 %ebx, %ecx, %edx, %ebp, %eax, 74 + + round4 %eax, %ebx, %ecx, %edx, %ebp, 75 + round4 %ebp, %eax, %ebx, %ecx, %edx, 76 + round4 %edx, %ebp, %eax, %ebx, %ecx, 77 + round4 %ecx, %edx, %ebp, %eax, %ebx, 78 + round4 %ebx, %ecx, %edx, %ebp, %eax, 79 + + add %r11d, %eax + add %r12d, %ebx + add %r13d, %ecx + add %r14d, %edx + add %r15d, %ebp + + add $64, %rsi + cmp %rdi, %rsi + jb .Lloop + +.Lend: add $64+8, %rsp + pop %rdi // SHA1_CTX + mov %eax, (%rdi) + mov %ebx, 4(%rdi) + mov %ecx, 8(%rdi) + mov %edx, 12(%rdi) + mov %ebp, 16(%rdi) + + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbx + pop %rbp + ret +END(_libmd_sha1block_scalar) + +/* + * This is the implementation using AVX2, BMI1 and BMI2. It is based on: + * "SHA-1 implementation with Intel(R) AVX2 instruction set extensions" + * From http://software.intel.com/en-us/articles + * (look for improving-the-performance-of-the-secure-hash-algorithm-1) + * This implementation is 2x unrolled, and interleaves vector instructions, + * used to precompute W, with scalar computation of current round + * for optimal scheduling. + */ + + /* trivial helper macros */ +.macro update_hash a, tb, c, d, e + add (%r9), \a + mov \a, (%r9) + add 4(%r9), \tb + mov \tb, 4(%r9) + add 8(%r9), \c + mov \c, 8(%r9) + add 12(%r9), \d + mov \d, 12(%r9) + add 16(%r9), \e + mov \e, 16(%r9) +.endm + + /* help macros for recalc, which does precomputations */ +.macro precalc0 offset + vmovdqu \offset(%r10), %xmm0 +.endm + +.macro precalc1 offset + vinserti128 $1, \offset(%r13), %ymm0, %ymm0 +.endm + +.macro precalc2 yreg + vpshufb %ymm10, %ymm0, \yreg +.endm + +.macro precalc4 yreg, k_offset + vpaddd \k_offset(%r8), \yreg, %ymm0 +.endm + +.macro precalc7 offset + vmovdqu %ymm0, (\offset)*2(%r14) +.endm + +/* + * Message scheduling pre-compute for rounds 0-15 + * r13 is a pointer to the even 64-byte block + * r10 is a pointer to the odd 64-byte block + * r14 is a pointer to the temp buffer + * xmm0 is used as a temp register + * yreg is clobbered as part of the computation + * offset chooses a 16 byte chunk within a block + * r8 is a pointer to the constants block + * k_offset chooses K constants relevant to this round + * xmm10 holds the swap mask + */ +.macro precalc00_15 offset, yreg + precalc0 \offset + precalc1 \offset + precalc2 \yreg + precalc4 \yreg, 0 + precalc7 \offset +.endm + + /* helper macros for precalc16_31 */ +.macro precalc16 reg_sub16, reg_sub12, reg_sub4, reg + vpalignr $8, \reg_sub16, \reg_sub12, \reg // w[i - 14] + vpsrldq $4, \reg_sub4, %ymm0 // w[i - 3] +.endm + +.macro precalc17 reg_sub16, reg_sub8, reg + vpxor \reg_sub8, \reg, \reg + vpxor \reg_sub16, %ymm0, %ymm0 +.endm + +.macro precalc18 reg + vpxor %ymm0, \reg, \reg + vpslldq $12, \reg, %ymm9 +.endm + +.macro precalc19 reg + vpslld $1, \reg, %ymm0 + vpsrld $31, \reg, \reg + .endm + +.macro precalc20 reg + vpor \reg, %ymm0, %ymm0 + vpslld $2, %ymm9, \reg +.endm + +.macro precalc21 reg + vpsrld $30, %ymm9, %ymm9 + vpxor \reg, %ymm0, %ymm0 +.endm + +.macro precalc23 reg, k_offset, offset + vpxor %ymm9, %ymm0, \reg + vpaddd \k_offset(%r8), \reg, %ymm0 + vmovdqu %ymm0, (\offset)(%r14) +.endm + +/* + * Message scheduling pre-compute for rounds 16-31 + * calculating last 32 w[i] values in 8 XMM registers + * pre-calculate K+w[i] values and store to mem + * for later load by ALU add instruction. + * "brute force" vectorization for rounds 16-31 only + * due to w[i]->w[i-3] dependency. + + clobbers 5 input ymm registers REG_SUB* + * uses xmm0 and xmm9 as temp registers + * As always, r8 is a pointer to constants block + * and r14 is a pointer to temp buffer + */ +.macro precalc16_31 reg, reg_sub4, reg_sub8, reg_sub12, reg_sub16, k_offset, offset + precalc16 \reg_sub16, \reg_sub12, \reg_sub4, \reg + precalc17 \reg_sub16, \reg_sub8, \reg + precalc18 \reg + precalc19 \reg + precalc20 \reg + precalc21 \reg + precalc23 \reg, \k_offset, \offset +.endm + + /* helper macros for precalc_32_79 */ +.macro precalc32 reg_sub8, reg_sub4 + vpalignr $8, \reg_sub8, \reg_sub4, %ymm0 +.endm + +.macro precalc33 reg_sub28, reg + vpxor \reg_sub28, \reg, \reg +.endm + +.macro precalc34 reg_sub16 + vpxor \reg_sub16, %ymm0, %ymm0 +.endm + +.macro precalc35 reg + vpxor %ymm0, \reg, \reg +.endm + +.macro precalc36 reg + vpslld $2, \reg, %ymm0 +.endm + +.macro precalc37 reg + vpsrld $30, \reg, \reg + vpor \reg, %ymm0, \reg +.endm + +.macro precalc39 reg, k_offset, offset + vpaddd \k_offset(%r8), \reg, %ymm0 + vmovdqu %ymm0, \offset(%r14) +.endm + +.macro precalc32_79 reg, reg_sub4, reg_sub8, reg_sub16, reg_sub28, k_offset, offset + precalc32 \reg_sub8, \reg_sub4 + precalc33 \reg_sub28, \reg + precalc34 \reg_sub16 + precalc35 \reg + precalc36 \reg + precalc37 \reg + precalc39 \reg, \k_offset, \offset +.endm + +.macro precalc + precalc00_15 0x00, %ymm15 + precalc00_15 0x10, %ymm14 + precalc00_15 0x20, %ymm13 + precalc00_15 0x30, %ymm12 + precalc16_31 %ymm8, %ymm12, %ymm13, %ymm14, %ymm15, 0x00, 0x080 + precalc16_31 %ymm7, %ymm8, %ymm12, %ymm13, %ymm14, 0x20, 0x0a0 + precalc16_31 %ymm5, %ymm7, %ymm8, %ymm12, %ymm13, 0x20, 0x0c0 + precalc16_31 %ymm3, %ymm5, %ymm7, %ymm8, %ymm12, 0x20, 0x0e0 + precalc32_79 %ymm15, %ymm3, %ymm5, %ymm8, %ymm14, 0x20, 0x100 + precalc32_79 %ymm14, %ymm15, %ymm3, %ymm7, %ymm13, 0x20, 0x120 + precalc32_79 %ymm13, %ymm14, %ymm15, %ymm5, %ymm12, 0x40, 0x140 + precalc32_79 %ymm12, %ymm13, %ymm14, %ymm3, %ymm8, 0x40, 0x160 + precalc32_79 %ymm8, %ymm12, %ymm13, %ymm15, %ymm7, 0x40, 0x180 + precalc32_79 %ymm7, %ymm8, %ymm12, %ymm14, %ymm5, 0x40, 0x1a0 + precalc32_79 %ymm5, %ymm7, %ymm8, %ymm13, %ymm3, 0x40, 0x1c0 + precalc32_79 %ymm3, %ymm5, %ymm7, %ymm12, %ymm15, 0x60, 0x1e0 + precalc32_79 %ymm15, %ymm3, %ymm5, %ymm8, %ymm14, 0x60, 0x200 + precalc32_79 %ymm14, %ymm15, %ymm3, %ymm7, %ymm13, 0x60, 0x220 + precalc32_79 %ymm13, %ymm14, %ymm15, %ymm5, %ymm12, 0x60, 0x240 + precalc32_79 %ymm12, %ymm13, %ymm14, %ymm3, %ymm8, 0x60, 0x260 +.endm + +/* + * Macros calculating individual rounds have general form + * calc_round_pre + precalc_round + calc_round_post + * calc_round_{pre,post} macros follow + */ +.macro calc_f1_pre offset, reg_a, reg_b, reg_c, reg_e + add \offset(%r15), \reg_e + andn \reg_c, \reg_a, %ebp + add \reg_b, \reg_e // add F from the previous round + rorx $0x1b, \reg_a, %r12d + rorx $2, \reg_a, \reg_b // for the next round +.endm + +/* + * Calculate F for the next round + */ +.macro calc_f1_post reg_a, reg_b, reg_e + and \reg_b, \reg_a // b & c + xor %ebp, \reg_a // F1 = (b&c) ^ (~b&d) + add %r12d, \reg_e +.endm + +/* + * Registers are cyclically rotated: + * edx -> eax -> edi -> esi -> ebx -> ecx + */ +.macro calc0 + mov %esi, %ebx // precalculate first round + rorx $2, %esi, %esi + andn %eax, %ebx, %ebp + and %edi, %ebx + xor %ebp, %ebx + calc_f1_pre 0x0, %ecx, %ebx, %edi, %edx + precalc0 0x80 + calc_f1_post %ecx, %esi, %edx +.endm + +.macro calc1 + calc_f1_pre 0x4, %edx, %ecx, %esi, %eax + precalc1 0x80 + calc_f1_post %edx, %ebx, %eax +.endm + +.macro calc2 + calc_f1_pre 0x8, %eax, %edx, %ebx, %edi + precalc2 %ymm15 + calc_f1_post %eax, %ecx, %edi +.endm + +.macro calc3 + calc_f1_pre 0xc, %edi, %eax, %ecx, %esi + calc_f1_post %edi, %edx, %esi +.endm + +.macro calc4 + calc_f1_pre 0x20, %esi, %edi, %edx, %ebx + precalc4 %ymm15, 0x0 + calc_f1_post %esi, %eax, %ebx +.endm + +.macro calc5 + calc_f1_pre 0x24, %ebx, %esi, %eax, %ecx + calc_f1_post %ebx, %edi, %ecx +.endm + +.macro calc6 + calc_f1_pre 0x28, %ecx, %ebx, %edi, %edx + calc_f1_post %ecx, %esi, %edx +.endm + +.macro calc7 + calc_f1_pre 0x2c, %edx, %ecx, %esi, %eax + precalc7 0x0 + calc_f1_post %edx, %ebx, %eax +.endm + +.macro calc8 + calc_f1_pre 0x40, %eax, %edx, %ebx, %edi + precalc0 0x90 + calc_f1_post %eax, %ecx, %edi +.endm + +.macro calc9 + calc_f1_pre 0x44, %edi, %eax, %ecx, %esi + precalc1 0x90 + calc_f1_post %edi, %edx, %esi +.endm + +.macro calc10 + calc_f1_pre 0x48, %esi, %edi, %edx, %ebx + precalc2 %ymm14 + calc_f1_post %esi, %eax, %ebx +.endm + +.macro calc11 + calc_f1_pre 0x4c, %ebx, %esi, %eax, %ecx + calc_f1_post %ebx, %edi, %ecx +.endm + +.macro calc12 + calc_f1_pre 0x60, %ecx, %ebx, %edi, %edx + precalc4 %ymm14, 0 + calc_f1_post %ecx, %esi, %edx +.endm + +.macro calc13 + calc_f1_pre 0x64, %edx, %ecx, %esi, %eax + calc_f1_post %edx, %ebx, %eax +.endm + +.macro calc14 + calc_f1_pre 0x68, %eax, %edx, %ebx, %edi + calc_f1_post %eax, %ecx, %edi +.endm + +.macro calc15 + calc_f1_pre 0x6c, %edi, %eax, %ecx, %esi + precalc7 0x10 + calc_f1_post %edi, %edx, %esi +.endm + +.macro calc16 + calc_f1_pre 0x80, %esi, %edi, %edx, %ebx + precalc0 0xa0 + calc_f1_post %esi, %eax, %ebx +.endm + +.macro calc17 + calc_f1_pre 0x84, %ebx, %esi, %eax, %ecx + precalc1 0xa0 + calc_f1_post %ebx, %edi, %ecx +.endm + +.macro calc18 + calc_f1_pre 0x88, %ecx, %ebx, %edi, %edx + precalc2 %ymm13 + calc_f1_post %ecx, %esi, %edx +.endm + +.macro calc_f2_pre offset, reg_a, reg_b, reg_e + add \offset(%r15), \reg_e + add \reg_b, \reg_e // add F from the previous round + rorx $0x1b, \reg_a, %r12d + rorx $2, \reg_a, \reg_b // for next round +.endm + +.macro calc_f2_post reg_a, reg_b, reg_c, reg_e + xor \reg_b, \reg_a + add %r12d, \reg_e + xor \reg_c, \reg_a +.endm + +.macro calc19 + calc_f2_pre 0x8c, %edx, %ecx, %eax + calc_f2_post %edx, %ebx, %esi, %eax +.endm + +.macro calc20 + calc_f2_pre 0xa0, %eax, %edx, %edi + precalc4 %ymm13, 0x0 + calc_f2_post %eax, %ecx, %ebx, %edi +.endm + +.macro calc21 + calc_f2_pre 0xa4, %edi, %eax, %esi + calc_f2_post %edi, %edx, %ecx, %esi +.endm + +.macro calc22 + calc_f2_pre 0xa8, %esi, %edi, %ebx + calc_f2_post %esi, %eax, %edx, %ebx +.endm + +.macro calc23 + calc_f2_pre 0xac, %ebx, %esi, %ecx + precalc7 0x20 + calc_f2_post %ebx, %edi, %eax, %ecx +.endm + +.macro calc24 + calc_f2_pre 0xc0, %ecx, %ebx, %edx + precalc0 0xb0 + calc_f2_post %ecx, %esi, %edi, %edx +.endm + +.macro calc25 + calc_f2_pre 0xc4, %edx, %ecx, %eax + precalc1 0xb0 + calc_f2_post %edx, %ebx, %esi, %eax +.endm + +.macro calc26 + calc_f2_pre 0xc8, %eax, %edx, %edi + precalc2 %ymm12 + calc_f2_post %eax, %ecx, %ebx, %edi +.endm + +.macro calc27 + calc_f2_pre 0xcc, %edi, %eax, %esi + calc_f2_post %edi, %edx, %ecx, %esi +.endm + +.macro calc28 + calc_f2_pre 0xe0, %esi, %edi, %ebx + precalc4 %ymm12, 0x0 + calc_f2_post %esi, %eax, %edx, %ebx +.endm + +.macro calc29 + calc_f2_pre 0xe4, %ebx, %esi, %ecx + calc_f2_post %ebx, %edi, %eax, %ecx +.endm + +.macro calc30 + calc_f2_pre 0xe8, %ecx, %ebx, %edx + calc_f2_post %ecx, %esi, %edi, %edx +.endm + +.macro calc31 + calc_f2_pre 0xec, %edx, %ecx, %eax + precalc7 0x30 + calc_f2_post %edx, %ebx, %esi, %eax +.endm + +.macro calc32 + calc_f2_pre 0x100, %eax, %edx, %edi + precalc16 %ymm15, %ymm14, %ymm12, %ymm8 + calc_f2_post %eax, %ecx, %ebx, %edi +.endm + +.macro calc33 + calc_f2_pre 0x104, %edi, %eax, %esi + precalc17 %ymm15, %ymm13, %ymm8 + calc_f2_post %edi, %edx, %ecx, %esi +.endm + +.macro calc34 + calc_f2_pre 0x108, %esi, %edi, %ebx + precalc18 %ymm8 + calc_f2_post %esi, %eax, %edx, %ebx +.endm + +.macro calc35 + calc_f2_pre 0x10c, %ebx, %esi, %ecx + precalc19 %ymm8 + calc_f2_post %ebx, %edi, %eax, %ecx +.endm + +.macro calc36 + calc_f2_pre 0x120, %ecx, %ebx, %edx + precalc20 %ymm8 + calc_f2_post %ecx, %esi, %edi, %edx +.endm + +.macro calc37 + calc_f2_pre 0x124, %edx, %ecx, %eax + precalc21 %ymm8 + calc_f2_post %edx, %ebx, %esi, %eax +.endm + +.macro calc38 + calc_f2_pre 0x128, %eax, %edx, %edi + calc_f2_post %eax, %ecx, %ebx, %edi +.endm + +.macro calc_f3_pre offset, reg_e + add \offset(%r15), \reg_e +.endm + +.macro calc_f3_post reg_a, reg_b, reg_c, reg_e, reg_tb + add \reg_tb, \reg_e // add F from the previous round + mov \reg_b, %ebp + or \reg_a, %ebp + rorx $0x1b, \reg_a, %r12d + rorx $2, \reg_a, \reg_tb + and \reg_c, %ebp // calculate F for the next round + and \reg_b, \reg_a + or %ebp, \reg_a + add %r12d, \reg_e +.endm + +.macro calc39 + calc_f3_pre 0x12c, %esi + precalc23 %ymm8, 0x0, 0x80 + calc_f3_post %edi, %edx, %ecx, %esi, %eax +.endm + +.macro calc40 + calc_f3_pre 0x140, %ebx + precalc16 %ymm14, %ymm13, %ymm8, %ymm7 + calc_f3_post %esi, %eax, %edx, %ebx, %edi +.endm + +.macro calc41 + calc_f3_pre 0x144, %ecx + precalc17 %ymm14, %ymm12, %ymm7 + calc_f3_post %ebx, %edi, %eax, %ecx, %esi +.endm + +.macro calc42 + calc_f3_pre 0x148, %edx + precalc18 %ymm7 + calc_f3_post %ecx, %esi, %edi, %edx, %ebx +.endm + +.macro calc43 + calc_f3_pre 0x14c, %eax + precalc19 %ymm7 + calc_f3_post %edx, %ebx, %esi, %eax, %ecx +.endm + +.macro calc44 + calc_f3_pre 0x160, %edi + precalc20 %ymm7 + calc_f3_post %eax, %ecx, %ebx, %edi, %edx +.endm + +.macro calc45 + calc_f3_pre 0x164, %esi + precalc21 %ymm7 + calc_f3_post %edi, %edx, %ecx, %esi, %eax +.endm + +.macro calc46 + calc_f3_pre 0x168, %ebx + calc_f3_post %esi, %eax, %edx, %ebx, %edi +.endm + +.macro calc47 + calc_f3_pre 0x16c, %ecx + vpxor %ymm9, %ymm0, %ymm7 + vpaddd 0x20(%r8), %ymm7, %ymm0 + vmovdqu %ymm0, 0xa0(%r14) + calc_f3_post %ebx, %edi, %eax, %ecx, %esi +.endm + +.macro calc48 + calc_f3_pre 0x180, %edx + precalc16 %ymm13, %ymm12, %ymm7, %ymm5 + calc_f3_post %ecx, %esi, %edi, %edx, %ebx +.endm + +.macro calc49 + calc_f3_pre 0x184, %eax + precalc17 %ymm13, %ymm8, %ymm5 + calc_f3_post %edx, %ebx, %esi, %eax, %ecx +.endm + +.macro calc50 + calc_f3_pre 0x188, %edi + precalc18 %ymm5 + calc_f3_post %eax, %ecx, %ebx, %edi, %edx +.endm + +.macro calc51 + calc_f3_pre 0x18c, %esi + precalc19 %ymm5 + calc_f3_post %edi, %edx, %ecx, %esi, %eax +.endm + +.macro calc52 + calc_f3_pre 0x1a0, %ebx + precalc20 %ymm5 + calc_f3_post %esi, %eax, %edx, %ebx, %edi +.endm + +.macro calc53 + calc_f3_pre 0x1a4, %ecx + precalc21 %ymm5 + calc_f3_post %ebx, %edi, %eax, %ecx, %esi +.endm + +.macro calc54 + calc_f3_pre 0x1a8, %edx + calc_f3_post %ecx, %esi, %edi, %edx, %ebx +.endm + +.macro calc55 + calc_f3_pre 0x1ac, %eax + precalc23 %ymm5, 0x20, 0xc0 + calc_f3_post %edx, %ebx, %esi, %eax, %ecx +.endm + +.macro calc56 + calc_f3_pre 0x1c0, %edi + precalc16 %ymm12, %ymm8, %ymm5, %ymm3 + calc_f3_post %eax, %ecx, %ebx, %edi, %edx +.endm + +.macro calc57 + calc_f3_pre 0x1c4, %esi + precalc17 %ymm12, %ymm7, %ymm3 + calc_f3_post %edi, %edx, %ecx, %esi, %eax +.endm + +.macro calc58 + calc_f3_pre 0x1c8, %ebx + precalc18 %ymm3 + calc_f3_post %esi, %eax, %edx, %ebx, %edi +.endm + +.macro calc59 + calc_f2_pre 0x1cc, %ebx, %esi, %ecx + precalc19 %ymm3 + calc_f2_post %ebx, %edi, %eax, %ecx +.endm + +.macro calc60 + calc_f2_pre 0x1e0, %ecx, %ebx, %edx + precalc20 %ymm3 + calc_f2_post %ecx, %esi, %edi, %edx +.endm + +.macro calc61 + calc_f2_pre 0x1e4, %edx, %ecx, %eax + precalc21 %ymm3 + calc_f2_post %edx, %ebx, %esi, %eax +.endm + +.macro calc62 + calc_f2_pre 0x1e8, %eax, %edx, %edi + calc_f2_post %eax, %ecx, %ebx, %edi +.endm + +.macro calc63 + calc_f2_pre 0x1ec, %edi, %eax, %esi + precalc23 %ymm3, 0x20, 0xe0 + calc_f2_post %edi, %edx, %ecx, %esi +.endm + +.macro calc64 + calc_f2_pre 0x200, %esi, %edi, %ebx + precalc32 %ymm5, %ymm3 + calc_f2_post %esi, %eax, %edx, %ebx +.endm + +.macro calc65 + calc_f2_pre 0x204, %ebx, %esi, %ecx + precalc33 %ymm14, %ymm15 + calc_f2_post %ebx, %edi, %eax, %ecx +.endm + +.macro calc66 + calc_f2_pre 0x208, %ecx, %ebx, %edx + precalc34 %ymm8 + calc_f2_post %ecx, %esi, %edi, %edx +.endm + +.macro calc67 + calc_f2_pre 0x20c, %edx, %ecx, %eax + precalc35 %ymm15 + calc_f2_post %edx, %ebx, %esi, %eax +.endm + +.macro calc68 + calc_f2_pre 0x220, %eax, %edx, %edi + precalc36 %ymm15 + calc_f2_post %eax, %ecx, %ebx, %edi +.endm + +.macro calc69 + calc_f2_pre 0x224, %edi, %eax, %esi + precalc37 %ymm15 + calc_f2_post %edi, %edx, %ecx, %esi +.endm + +.macro calc70 + calc_f2_pre 0x228, %esi, %edi, %ebx + calc_f2_post %esi, %eax, %edx, %ebx +.endm + +.macro calc71 + calc_f2_pre 0x22c, %ebx, %esi, %ecx + precalc39 %ymm15, 0x20, 0x100 + calc_f2_post %ebx, %edi, %eax, %ecx +.endm + +.macro calc72 + calc_f2_pre 0x240, %ecx, %ebx, %edx + precalc32 %ymm3, %ymm15 + calc_f2_post %ecx, %esi, %edi, %edx +.endm + +.macro calc73 + calc_f2_pre 0x244, %edx, %ecx, %eax + precalc33 %ymm13, %ymm14 + calc_f2_post %edx, %ebx, %esi, %eax +.endm + +.macro calc74 + calc_f2_pre 0x248, %eax, %edx, %edi + precalc34 %ymm7 + calc_f2_post %eax, %ecx, %ebx, %edi +.endm + +.macro calc75 + calc_f2_pre 0x24c, %edi, %eax, %esi + precalc35 %ymm14 + calc_f2_post %edi, %edx, %ecx, %esi +.endm + +.macro calc76 + calc_f2_pre 0x260, %esi, %edi, %ebx + precalc36 %ymm14 + calc_f2_post %esi, %eax, %edx, %ebx +.endm + +.macro calc77 + calc_f2_pre 0x264, %ebx, %esi, %ecx + precalc37 %ymm14 + calc_f2_post %ebx, %edi, %eax, %ecx +.endm + +.macro calc78 + calc_f2_pre 0x268, %ecx, %ebx, %edx + calc_f2_post %ecx, %esi, %edi, %edx +.endm + +.macro calc79 + add 0x26c(%r15), %eax + add %ecx, %eax + rorx $0x1b, %edx, %r12d + precalc39 %ymm14, 0x20, 0x120 + add %r12d, %eax +.endm + +/* + * Similar to calc0 + */ +.macro calc80 + mov %ecx, %edx // precalculate first round + rorx $2, %ecx, %ecx + andn %esi, %edx, %ebp + and %ebx, %edx + xor %ebp, %edx + calc_f1_pre 0x10, %eax, %edx, %ebx, %edi + precalc32 %ymm15, %ymm14 + calc_f1_post %eax, %ecx, %edi +.endm + +.macro calc81 + calc_f1_pre 0x14, %edi, %eax, %ecx, %esi + precalc33 %ymm12, %ymm13 + calc_f1_post %edi, %edx, %esi +.endm + +.macro calc82 + calc_f1_pre 0x18, %esi, %edi, %edx, %ebx + precalc34 %ymm5 + calc_f1_post %esi, %eax, %ebx +.endm + +.macro calc83 + calc_f1_pre 0x1c, %ebx, %esi, %eax, %ecx + precalc35 %ymm13 + calc_f1_post %ebx, %edi, %ecx +.endm + +.macro calc84 + calc_f1_pre 0x30, %ecx, %ebx, %edi, %edx + precalc36 %ymm13 + calc_f1_post %ecx, %esi, %edx +.endm + +.macro calc85 + calc_f1_pre 0x34, %edx, %ecx, %esi, %eax + precalc37 %ymm13 + calc_f1_post %edx, %ebx, %eax +.endm + +.macro calc86 + calc_f1_pre 0x38, %eax, %edx, %ebx, %edi + calc_f1_post %eax, %ecx, %edi +.endm + +.macro calc87 + calc_f1_pre 0x3c, %edi, %eax, %ecx, %esi + precalc39 %ymm13, 0x40, 0x140 + calc_f1_post %edi, %edx, %esi +.endm + +.macro calc88 + calc_f1_pre 0x50, %esi, %edi, %edx, %ebx + precalc32 %ymm14, %ymm13 + calc_f1_post %esi, %eax, %ebx +.endm + +.macro calc89 + calc_f1_pre 0x54, %ebx, %esi, %eax, %ecx + precalc33 %ymm8, %ymm12 + calc_f1_post %ebx, %edi, %ecx +.endm + +.macro calc90 + calc_f1_pre 0x58, %ecx, %ebx, %edi, %edx + precalc34 %ymm3 + calc_f1_post %ecx, %esi, %edx +.endm + +.macro calc91 + calc_f1_pre 0x5c, %edx, %ecx, %esi, %eax + precalc35 %ymm12 + calc_f1_post %edx, %ebx, %eax +.endm + +.macro calc92 + calc_f1_pre 0x70, %eax, %edx, %ebx, %edi + precalc36 %ymm12 + calc_f1_post %eax, %ecx, %edi +.endm + +.macro calc93 + calc_f1_pre 0x74, %edi, %eax, %ecx, %esi + precalc37 %ymm12 + calc_f1_post %edi, %edx, %esi +.endm + +.macro calc94 + calc_f1_pre 0x78, %esi, %edi, %edx, %ebx + calc_f1_post %esi, %eax, %ebx +.endm + +.macro calc95 + calc_f1_pre 0x7c, %ebx, %esi, %eax, %ecx + precalc39 %ymm12, 0x40, 0x160 + calc_f1_post %ebx, %edi, %ecx +.endm + +.macro calc96 + calc_f1_pre 0x90, %ecx, %ebx, %edi, %edx + precalc32 %ymm13, %ymm12 + calc_f1_post %ecx, %esi, %edx +.endm + +.macro calc97 + calc_f1_pre 0x94, %edx, %ecx, %esi, %eax + precalc33 %ymm7, %ymm8 + calc_f1_post %edx, %ebx, %eax +.endm + +.macro calc98 + calc_f1_pre 0x98, %eax, %edx, %ebx, %edi + precalc34 %ymm15 + calc_f1_post %eax, %ecx, %edi +.endm + +.macro calc99 + calc_f2_pre 0x9c, %edi, %eax, %esi + precalc35 %ymm8 + calc_f2_post %edi, %edx, %ecx, %esi +.endm + +.macro calc100 + calc_f2_pre 0xb0, %esi, %edi, %ebx + precalc36 %ymm8 + calc_f2_post %esi, %eax, %edx, %ebx +.endm + +.macro calc101 + calc_f2_pre 0xb4, %ebx, %esi, %ecx + precalc37 %ymm8 + calc_f2_post %ebx, %edi, %eax, %ecx +.endm + +.macro calc102 + calc_f2_pre 0xb8, %ecx, %ebx, %edx + calc_f2_post %ecx, %esi, %edi, %edx +.endm + +.macro calc103 + calc_f2_pre 0xbc, %edx, %ecx, %eax + precalc39 %ymm8, 0x40, 0x180 + calc_f2_post %edx, %ebx, %esi, %eax +.endm + +.macro calc104 + calc_f2_pre 0xd0, %eax, %edx, %edi + precalc32 %ymm12, %ymm8 + calc_f2_post %eax, %ecx, %ebx, %edi +.endm + +.macro calc105 + calc_f2_pre 0xd4, %edi, %eax, %esi + precalc33 %ymm5, %ymm7 + calc_f2_post %edi, %edx, %ecx, %esi +.endm + +.macro calc106 + calc_f2_pre 0xd8, %esi, %edi, %ebx + precalc34 %ymm14 + calc_f2_post %esi, %eax, %edx, %ebx +.endm + +.macro calc107 + calc_f2_pre 0xdc, %ebx, %esi, %ecx + precalc35 %ymm7 + calc_f2_post %ebx, %edi, %eax, %ecx +.endm + +.macro calc108 + calc_f2_pre 0xf0, %ecx, %ebx, %edx + precalc36 %ymm7 + calc_f2_post %ecx, %esi, %edi, %edx +.endm + +.macro calc109 + calc_f2_pre 0xf4, %edx, %ecx, %eax + precalc37 %ymm7 + calc_f2_post %edx, %ebx, %esi, %eax +.endm + +.macro calc110 + calc_f2_pre 0xf8, %eax, %edx, %edi + calc_f2_post %eax, %ecx, %ebx, %edi +.endm + +.macro calc111 + calc_f2_pre 0xfc, %edi, %eax, %esi + precalc39 %ymm7, 0x40, 0x1a0 + calc_f2_post %edi, %edx, %ecx, %esi +.endm + +.macro calc112 + calc_f2_pre 0x110, %esi, %edi, %ebx + precalc32 %ymm8, %ymm7 + calc_f2_post %esi, %eax, %edx, %ebx +.endm + +.macro calc113 + calc_f2_pre 0x114, %ebx, %esi, %ecx + precalc33 %ymm3, %ymm5 + calc_f2_post %ebx, %edi, %eax, %ecx +.endm + +.macro calc114 + calc_f2_pre 0x118, %ecx, %ebx, %edx + precalc34 %ymm13 + calc_f2_post %ecx, %esi, %edi, %edx +.endm + +.macro calc115 + calc_f2_pre 0x11c, %edx, %ecx, %eax + precalc35 %ymm5 + calc_f2_post %edx, %ebx, %esi, %eax +.endm + +.macro calc116 + calc_f2_pre 0x130, %eax, %edx, %edi + precalc36 %ymm5 + calc_f2_post %eax, %ecx, %ebx, %edi +.endm + +.macro calc117 + calc_f2_pre 0x134, %edi, %eax, %esi + precalc37 %ymm5 + calc_f2_post %edi, %edx, %ecx, %esi +.endm + +.macro calc118 + calc_f2_pre 0x138, %esi, %edi, %ebx + calc_f2_post %esi, %eax, %edx, %ebx +.endm + +.macro calc119 + calc_f3_pre 0x13c, %ecx + precalc39 %ymm5, 0x40, 0x1c0 + calc_f3_post %ebx, %edi, %eax, %ecx, %esi +.endm + +.macro calc120 + calc_f3_pre 0x150, %edx + precalc32 %ymm7, %ymm5 + calc_f3_post %ecx, %esi, %edi, %edx, %ebx +.endm + +.macro calc121 + calc_f3_pre 0x154, %eax + precalc33 %ymm15, %ymm3 + calc_f3_post %edx, %ebx, %esi, %eax, %ecx +.endm + +.macro calc122 + calc_f3_pre 0x158, %edi + precalc34 %ymm12 + calc_f3_post %eax, %ecx, %ebx, %edi, %edx +.endm + +.macro calc123 + calc_f3_pre 0x15c, %esi + precalc35 %ymm3 + calc_f3_post %edi, %edx, %ecx, %esi, %eax +.endm + +.macro calc124 + calc_f3_pre 0x170, %ebx + precalc36 %ymm3 + calc_f3_post %esi, %eax, %edx, %ebx, %edi +.endm + +.macro calc125 + calc_f3_pre 0x174, %ecx + precalc37 %ymm3 + calc_f3_post %ebx, %edi, %eax, %ecx, %esi +.endm + +.macro calc126 + calc_f3_pre 0x178, %edx + calc_f3_post %ecx, %esi, %edi, %edx, %ebx +.endm + +.macro calc127 + calc_f3_pre 0x17c, %eax + precalc39 %ymm3, 0x60, 0x1e0 + calc_f3_post %edx, %ebx, %esi, %eax, %ecx +.endm + +.macro calc128 + calc_f3_pre 0x190, %edi + precalc32 %ymm5, %ymm3 + calc_f3_post %eax, %ecx, %ebx, %edi, %edx +.endm + +.macro calc129 + calc_f3_pre 0x194, %esi + precalc33 %ymm14, %ymm15 + calc_f3_post %edi, %edx, %ecx, %esi, %eax +.endm + +.macro calc130 + calc_f3_pre 0x198, %ebx + precalc34 %ymm8 + calc_f3_post %esi, %eax, %edx, %ebx, %edi +.endm + +.macro calc131 + calc_f3_pre 0x19c, %ecx + precalc35 %ymm15 + calc_f3_post %ebx, %edi, %eax, %ecx, %esi +.endm + +.macro calc132 + calc_f3_pre 0x1b0, %edx + precalc36 %ymm15 + calc_f3_post %ecx, %esi, %edi, %edx, %ebx +.endm + +.macro calc133 + calc_f3_pre 0x1b4, %eax + precalc37 %ymm15 + calc_f3_post %edx, %ebx, %esi, %eax, %ecx +.endm + +.macro calc134 + calc_f3_pre 0x1b8, %edi + calc_f3_post %eax, %ecx, %ebx, %edi, %edx +.endm + +.macro calc135 + calc_f3_pre 0x1bc, %esi + precalc39 %ymm15, 0x60, 0x200 + calc_f3_post %edi, %edx, %ecx, %esi, %eax +.endm + +.macro calc136 + calc_f3_pre 0x1d0, %ebx + precalc32 %ymm3, %ymm15 + calc_f3_post %esi, %eax, %edx, %ebx, %edi +.endm + +.macro calc137 + calc_f3_pre 0x1d4, %ecx + precalc33 %ymm13, %ymm14 + calc_f3_post %ebx, %edi, %eax, %ecx, %esi +.endm + +.macro calc138 + calc_f3_pre 0x1d8, %edx + precalc34 %ymm7 + calc_f3_post %ecx, %esi, %edi, %edx, %ebx +.endm + +.macro calc139 + calc_f2_pre 0x1dc, %edx, %ecx, %eax + precalc35 %ymm14 + calc_f2_post %edx, %ebx, %esi, %eax +.endm + +.macro calc140 + calc_f2_pre 0x1f0, %eax, %edx, %edi + precalc36 %ymm14 + calc_f2_post %eax, %ecx, %ebx, %edi +.endm + +.macro calc141 + calc_f2_pre 0x1f4, %edi, %eax, %esi + precalc37 %ymm14 + calc_f2_post %edi, %edx, %ecx, %esi +.endm + +.macro calc142 + calc_f2_pre 0x1f8, %esi, %edi, %ebx + calc_f2_post %esi, %eax, %edx, %ebx +.endm + +.macro calc143 + calc_f2_pre 0x1fc, %ebx, %esi, %ecx + precalc39 %ymm14, 0x60, 0x220 + calc_f2_post %ebx, %edi, %eax, %ecx +.endm + +.macro calc144 + calc_f2_pre 0x210, %ecx, %ebx, %edx + precalc32 %ymm15, %ymm14 + calc_f2_post %ecx, %esi, %edi, %edx +.endm + +.macro calc145 + calc_f2_pre 0x214, %edx, %ecx, %eax + precalc33 %ymm12, %ymm13 + calc_f2_post %edx, %ebx, %esi, %eax +.endm + +.macro calc146 + calc_f2_pre 0x218, %eax, %edx, %edi + precalc34 %ymm5 + calc_f2_post %eax, %ecx, %ebx, %edi +.endm + +.macro calc147 + calc_f2_pre 0x21c, %edi, %eax, %esi + precalc35 %ymm13 + calc_f2_post %edi, %edx, %ecx, %esi +.endm + +.macro calc148 + calc_f2_pre 0x230, %esi, %edi, %ebx + precalc36 %ymm13 + calc_f2_post %esi, %eax, %edx, %ebx +.endm + +.macro calc149 + calc_f2_pre 0x234, %ebx, %esi, %ecx + precalc37 %ymm13 + calc_f2_post %ebx, %edi, %eax, %ecx +.endm + +.macro calc150 + calc_f2_pre 0x238, %ecx, %ebx, %edx + calc_f2_post %ecx, %esi, %edi, %edx +.endm + +.macro calc151 + calc_f2_pre 0x23c, %edx, %ecx, %eax + precalc39 %ymm13, 0x60, 0x240 + calc_f2_post %edx, %ebx, %esi, %eax +.endm + +.macro calc152 + calc_f2_pre 0x250, %eax, %edx, %edi + precalc32 %ymm14, %ymm13 + calc_f2_post %eax, %ecx, %ebx, %edi +.endm + +.macro calc153 + calc_f2_pre 0x254, %edi, %eax, %esi + precalc33 %ymm8, %ymm12 + calc_f2_post %edi, %edx, %ecx, %esi +.endm + +.macro calc154 + calc_f2_pre 0x258, %esi, %edi, %ebx + precalc34 %ymm3 + calc_f2_post %esi, %eax, %edx, %ebx +.endm + +.macro calc155 + calc_f2_pre 0x25c, %ebx, %esi, %ecx + precalc35 %ymm12 + calc_f2_post %ebx, %edi, %eax, %ecx +.endm + +.macro calc156 + calc_f2_pre 0x270, %ecx, %ebx, %edx + precalc36 %ymm12 + calc_f2_post %ecx, %esi, %edi, %edx +.endm + +.macro calc157 + calc_f2_pre 0x274, %edx, %ecx, %eax + precalc37 %ymm12 + calc_f2_post %edx, %ebx, %esi, %eax +.endm + +.macro calc158 + calc_f2_pre 0x278, %eax, %edx, %edi + calc_f2_post %eax, %ecx, %ebx, %edi +.endm + +.macro calc159 + add 0x27c(%r15), %esi + add %eax, %esi + rorx $0x1b, %edi, %r12d + precalc39 %ymm12, 0x60, 0x260 + add %r12d, %esi +.endm + + // sha1block(SHA1_CTX, buf, len) +ENTRY(_libmd_sha1block_avx2) + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + sub $1408+8, %rsp + + and $~63, %rdx + lea k_xmm_ar(%rip), %r8 + mov %rdi, %r9 + mov %rsi, %r10 + lea 64(%rsi), %r13 + lea 64(%rsi, %rdx), %r11 + cmp %r11, %r13 + cmovae %r8, %r13 + vmovdqu bswap_shufb_ctl(%rip), %ymm10 + + mov (%r9), %ecx + mov 4(%r9), %esi + mov 8(%r9), %edi + mov 12(%r9), %eax + mov 16(%r9), %edx + mov %rsp, %r14 + lea 2*4*80+32(%rsp), %r15 + precalc // precalc WK for first 2 blocks + xchg %r14, %r15 + + // this is unrolled +.Loop: cmp %r8, %r10 // we use the value of R8 (set below) + // as a signal of the last block + jne .Lbegin + add $1408+8, %rsp + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx + vzeroupper + ret + +.Lbegin: + calc0 + calc1 + calc2 + calc3 + calc4 + calc5 + calc6 + calc7 + calc8 + calc9 + calc10 + calc11 + calc12 + calc13 + calc14 + calc15 + calc16 + calc17 + calc18 + calc19 + calc20 + calc21 + calc22 + calc23 + calc24 + calc25 + calc26 + calc27 + calc28 + calc29 + calc30 + calc31 + calc32 + calc33 + calc34 + calc35 + calc36 + calc37 + calc38 + calc39 + calc40 + calc41 + calc42 + calc43 + calc44 + calc45 + calc46 + calc47 + calc48 + calc49 + calc50 + calc51 + calc52 + calc53 + calc54 + calc55 + calc56 + calc57 + calc58 + calc59 + + add $128, %r10 // move to the next even-64-byte block + cmp %r11, %r10 // is the current block the last one? + cmovae %r8, %r10 // signal the last iteration smartly + + calc60 + calc61 + calc62 + calc63 + calc64 + calc65 + calc66 + calc67 + calc68 + calc69 + calc70 + calc71 + calc72 + calc73 + calc74 + calc75 + calc76 + calc77 + calc78 + calc79 + + update_hash %eax, %edx, %ebx, %esi, %edi + cmp %r8, %r10 // is the current block the last one? + je .Loop + mov %edx, %ecx + + calc80 + calc81 + calc82 + calc83 + calc84 + calc85 + calc86 + calc87 + calc88 + calc89 + calc90 + calc91 + calc92 + calc93 + calc94 + calc95 + calc96 + calc97 + calc98 + calc99 + calc100 + calc101 + calc102 + calc103 + calc104 + calc105 + calc106 + calc107 + calc108 + calc109 + calc110 + calc111 + calc112 + calc113 + calc114 + calc115 + calc116 + calc117 + calc118 + calc119 + calc120 + calc121 + calc122 + calc123 + calc124 + calc125 + calc126 + calc127 + calc128 + calc129 + calc130 + calc131 + calc132 + calc133 + calc134 + calc135 + calc136 + calc137 + calc138 + calc139 + + add $128, %r13 // move to the next even-64-byte block + cmp %r11, %r13 // is the current block the last one? + cmovae %r8, %r10 + + calc140 + calc141 + calc142 + calc143 + calc144 + calc145 + calc146 + calc147 + calc148 + calc149 + calc150 + calc151 + calc152 + calc153 + calc154 + calc155 + calc156 + calc157 + calc158 + calc159 + + update_hash %esi, %edi, %edx, %ecx, %ebx + mov %esi, %r12d // reset state for AVX2 reg permutation + mov %edi, %esi + mov %edx, %edi + mov %ebx, %edx + mov %ecx, %eax + mov %r12d, %ecx + xchg %r14, %r15 + jmp .Loop +END(_libmd_sha1block_avx2) + + .section .rodata + .balign 32 +k_xmm_ar: + .fill 8, 4, 0x5a827999 + .fill 8, 4, 0x6ed9eba1 + .fill 8, 4, 0x8f1bbcdc + .fill 8, 4, 0xca62c1d6 + .size k_xmm_ar, .-k_xmm_ar + +bswap_shufb_ctl: + .4byte 0x00010203 + .4byte 0x04050607 + .4byte 0x08090a0b + .4byte 0x0c0d0e0f + .4byte 0x00010203 + .4byte 0x04050607 + .4byte 0x08090a0b + .4byte 0x0c0d0e0f + .size bswap_shufb_ctl, .-bswap_shufb_ctl + + /* + * SHA1 implementation using the Intel SHA extensions (SHANI). + * + * Imlemented according to the Intel white paper + * + * S. Gulley, V. Gopal, K. Yap, W. Feghali, J. Guilford, + * G. Wolrich: "Intel SHA Extensions: new instruction supporting + * the Secure Hash Algorithm on Intel® architecture processors", + * July 2013. + */ + // sha1block(SHA1_CTX, buf, len) +ENTRY(_libmd_sha1block_shani) + and $~63, %rdx // round length to block-size multiple + lea (%rsi, %rdx, 1), %rcx // end pointer + test %rdx, %rdx // nothing to do? + je 1f // if so, terminate immediately + + movdqu (%rdi), %xmm6 // h0, h1, h2, h3 + pxor %xmm7, %xmm7 + pshufd $0x1b, %xmm6, %xmm6 // h3, h2, h1, h0 + pinsrd $3, 16(%rdi), %xmm7 // h4 in the highest word of xmm7 + movdqu shuf_mask(%rip), %xmm4 + + // main loop +0: movdqa %xmm6, %xmm8 // stash ABCD + movdqa %xmm7, %xmm9 // stash E + + // rounds 0--3 + movdqu 0*16(%rsi), %xmm0 // load first message block + pshufb %xmm4, %xmm0 // and byte-swap + paddd %xmm0, %xmm7 // E += w[0] + movdqa %xmm6, %xmm5 // E' = A + sha1rnds4 $0, %xmm7, %xmm6 // perform rounds 0--3 + + // rounds 4--7 + movdqu 1*16(%rsi), %xmm1 + pshufb %xmm4, %xmm1 + sha1nexte %xmm1, %xmm5 + movdqa %xmm6, %xmm7 + sha1rnds4 $0, %xmm5, %xmm6 + sha1msg1 %xmm1, %xmm0 + + // rounds 8--11 + movdqu 2*16(%rsi), %xmm2 + pshufb %xmm4, %xmm2 + sha1nexte %xmm2, %xmm7 + movdqa %xmm6, %xmm5 + sha1rnds4 $0, %xmm7, %xmm6 + sha1msg1 %xmm2, %xmm1 + pxor %xmm2, %xmm0 + +.macro midround msg3, msg0, msg1, msg2, e1, e0, k + sha1nexte \msg3, \e1 + movdqa %xmm6, \e0 + sha1msg2 \msg3, \msg0 + sha1rnds4 $\k, \e1, %xmm6 + sha1msg1 \msg3, \msg2 + pxor \msg3, \msg1 +.endm + + movdqu 3*16(%rsi), %xmm3 // load third message block + pshufb %xmm4, %xmm3 + + add $4*16, %rsi + + midround %xmm3, %xmm0, %xmm1, %xmm2, %xmm5, %xmm7, 0 // 12--15 + midround %xmm0, %xmm1, %xmm2, %xmm3, %xmm7, %xmm5, 0 // 16--19 + midround %xmm1, %xmm2, %xmm3, %xmm0, %xmm5, %xmm7, 1 // 20--23 + midround %xmm2, %xmm3, %xmm0, %xmm1, %xmm7, %xmm5, 1 // 24--27 + midround %xmm3, %xmm0, %xmm1, %xmm2, %xmm5, %xmm7, 1 // 28--31 + midround %xmm0, %xmm1, %xmm2, %xmm3, %xmm7, %xmm5, 1 // 32--35 + midround %xmm1, %xmm2, %xmm3, %xmm0, %xmm5, %xmm7, 1 // 36--39 + midround %xmm2, %xmm3, %xmm0, %xmm1, %xmm7, %xmm5, 2 // 40--43 + midround %xmm3, %xmm0, %xmm1, %xmm2, %xmm5, %xmm7, 2 // 44--47 + midround %xmm0, %xmm1, %xmm2, %xmm3, %xmm7, %xmm5, 2 // 48--51 + midround %xmm1, %xmm2, %xmm3, %xmm0, %xmm5, %xmm7, 2 // 52--55 + midround %xmm2, %xmm3, %xmm0, %xmm1, %xmm7, %xmm5, 2 // 56--59 + midround %xmm3, %xmm0, %xmm1, %xmm2, %xmm5, %xmm7, 3 // 60--63 + midround %xmm0, %xmm1, %xmm2, %xmm3, %xmm7, %xmm5, 3 // 64--67 + + // rounds 68--71 + sha1nexte %xmm1, %xmm5 + movdqa %xmm6, %xmm7 + sha1msg2 %xmm1, %xmm2 + sha1rnds4 $3, %xmm5, %xmm6 + pxor %xmm1, %xmm3 + + // rounds 72--75 + sha1nexte %xmm2, %xmm7 + movdqa %xmm6, %xmm5 + sha1msg2 %xmm2, %xmm3 + sha1rnds4 $3, %xmm7, %xmm6 + + // rounds 76--79 + sha1nexte %xmm3, %xmm5 + movdqa %xmm6, %xmm7 + sha1rnds4 $3, %xmm5, %xmm6 + + sha1nexte %xmm9, %xmm7 // add saved E + paddd %xmm8, %xmm6 // add saved ABCD + + cmp %rsi, %rcx // end reached? + jne 0b + + pshufd $0x1b, %xmm6, %xmm6 // restore order of h0--h3 + movdqu %xmm6, (%rdi) // write h0--h3 + pextrd $3, %xmm7, 16(%rdi) // write h4 +1: ret +END(_libmd_sha1block_shani) + + .section .rodata + .balign 16 +shuf_mask: + .8byte 0x08090a0b0c0d0e0f + .8byte 0x0001020304050607 + .size shuf_mask, .-shuf_mask + + .section .note.GNU-stack,"",%progbits diff --git a/lib/libmd/amd64/sha1dispatch.c b/lib/libmd/amd64/sha1dispatch.c new file mode 100644 index 000000000000..c82a60334739 --- /dev/null +++ b/lib/libmd/amd64/sha1dispatch.c @@ -0,0 +1,77 @@ +/*- + * Copyright (c) 2016 The Go Authors. All rights reserved. + * Copyright (c) 2024 Robert Clausecker <fuz@FreeBSD.org> + * + * Adapted from Go's crypto/sha1/sha1block_amd64.go. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <machine/specialreg.h> +#include <sha.h> +#include <x86/ifunc.h> + +extern void _libmd_sha1block_scalar(SHA1_CTX *, const void *, size_t); +extern void _libmd_sha1block_avx2(SHA1_CTX *, const void *, size_t); +extern void _libmd_sha1block_shani(SHA1_CTX *, const void *, size_t); +static void sha1block_avx2_wrapper(SHA1_CTX *, const void *, size_t); + +#define AVX2_STDEXT_NEEDED \ + (CPUID_STDEXT_BMI1 | CPUID_STDEXT_AVX2 | CPUID_STDEXT_BMI2) + +DEFINE_UIFUNC(, void, sha1_block, (SHA1_CTX *, const void *, size_t)) +{ + if (cpu_stdext_feature & CPUID_STDEXT_SHA) + return (_libmd_sha1block_shani); + if ((cpu_stdext_feature & AVX2_STDEXT_NEEDED) == AVX2_STDEXT_NEEDED) + return (sha1block_avx2_wrapper); + else + return (_libmd_sha1block_scalar); +} + +static void +sha1block_avx2_wrapper(SHA1_CTX *c, const void *data, size_t len) +{ + if (len >= 256) { + /* + * sha1block_avx2 calculates sha1 for 2 block per iteration. + * It also interleaves the precalculation for next the block. + * So it may read up-to 192 bytes past the end of p. + * We may add checks inside sha1block_avx2, but this will + * just turn it into a copy of sha1block_scalar, + * so call it directly, instead. + */ + size_t safe_len = len - 128; + + if (safe_len % 128 != 0) + safe_len -= 64; + + _libmd_sha1block_avx2(c, data, safe_len); + _libmd_sha1block_scalar(c, data + safe_len, len - safe_len); + } else + _libmd_sha1block_scalar(c, data, len); +} diff --git a/lib/libmd/i386/rmd160.S b/lib/libmd/i386/rmd160.S index 7ccfb22daf12..57da14f83a7c 100644 --- a/lib/libmd/i386/rmd160.S +++ b/lib/libmd/i386/rmd160.S @@ -1,4 +1,3 @@ -/* $FreeBSD$ */ /* Run the C pre-processor over this file with one of the following defined * ELF - elf object files, * OUT - a.out object files, diff --git a/lib/libmd/i386/sha.S b/lib/libmd/i386/sha.S deleted file mode 100644 index 1e5201f5cb89..000000000000 --- a/lib/libmd/i386/sha.S +++ /dev/null @@ -1,1952 +0,0 @@ -/* $FreeBSD$ */ -/* -*- Fundamental -*- Emacs' assembler mode hoses this file */ -#ifndef PIC -/* Run the C pre-processor over this file with one of the following defined - * ELF - elf object files, - * OUT - a.out object files, - * BSDI - BSDI style a.out object files - * SOL - Solaris style elf - */ - -#define TYPE(a,b) .type a,b -#define SIZE(a,b) .size a,b - -#if defined(OUT) || defined(BSDI) -#define sha1_block_x86 _sha1_block_x86 - -#endif - -#ifdef OUT -#define OK 1 -#define ALIGN 4 -#endif - -#ifdef BSDI -#define OK 1 -#define ALIGN 4 -#undef SIZE -#undef TYPE -#define SIZE(a,b) -#define TYPE(a,b) -#endif - -#if defined(ELF) || defined(SOL) -#define OK 1 -#define ALIGN 4 -#endif - -#ifndef OK -You need to define one of -ELF - elf systems - linux-elf, NetBSD and DG-UX -OUT - a.out systems - linux-a.out and FreeBSD -SOL - solaris systems, which are elf with strange comment lines -BSDI - a.out with a very primative version of as. -#endif - -/* Let the Assembler begin :-) */ - /* Don't even think of reading this code */ - /* It was automatically generated by sha1-586.pl */ - /* Which is a perl program used to generate the x86 assember for */ - /* any of elf, a.out, BSDI,Win32, or Solaris */ - /* eric <eay@cryptsoft.com> */ - - .file "sha1-586.s" - .version "01.01" -gcc2_compiled.: -.text - .p2align ALIGN -.globl sha1_block_x86 - TYPE(sha1_block_x86,@function) -sha1_block_x86: - pushl %esi - pushl %ebp - movl 20(%esp), %eax - movl 16(%esp), %esi - addl %esi, %eax - movl 12(%esp), %ebp - pushl %ebx - subl $64, %eax - pushl %edi - movl 4(%ebp), %ebx - subl $72, %esp - movl 12(%ebp), %edx - movl 16(%ebp), %edi - movl 8(%ebp), %ecx - movl %eax, 68(%esp) - /* First we need to setup the X array */ - movl (%esi), %eax -.L000start: - /* First, load the words onto the stack in network byte order */ -.byte 15 -.byte 200 /* bswapl %eax */ - movl %eax, (%esp) - movl 4(%esi), %eax -.byte 15 -.byte 200 /* bswapl %eax */ - movl %eax, 4(%esp) - movl 8(%esi), %eax -.byte 15 -.byte 200 /* bswapl %eax */ - movl %eax, 8(%esp) - movl 12(%esi), %eax -.byte 15 -.byte 200 /* bswapl %eax */ - movl %eax, 12(%esp) - movl 16(%esi), %eax -.byte 15 -.byte 200 /* bswapl %eax */ - movl %eax, 16(%esp) - movl 20(%esi), %eax -.byte 15 -.byte 200 /* bswapl %eax */ - movl %eax, 20(%esp) - movl 24(%esi), %eax -.byte 15 -.byte 200 /* bswapl %eax */ - movl %eax, 24(%esp) - movl 28(%esi), %eax -.byte 15 -.byte 200 /* bswapl %eax */ - movl %eax, 28(%esp) - movl 32(%esi), %eax -.byte 15 -.byte 200 /* bswapl %eax */ - movl %eax, 32(%esp) - movl 36(%esi), %eax -.byte 15 -.byte 200 /* bswapl %eax */ - movl %eax, 36(%esp) - movl 40(%esi), %eax -.byte 15 -.byte 200 /* bswapl %eax */ - movl %eax, 40(%esp) - movl 44(%esi), %eax -.byte 15 -.byte 200 /* bswapl %eax */ - movl %eax, 44(%esp) - movl 48(%esi), %eax -.byte 15 -.byte 200 /* bswapl %eax */ - movl %eax, 48(%esp) - movl 52(%esi), %eax -.byte 15 -.byte 200 /* bswapl %eax */ - movl %eax, 52(%esp) - movl 56(%esi), %eax -.byte 15 -.byte 200 /* bswapl %eax */ - movl %eax, 56(%esp) - movl 60(%esi), %eax -.byte 15 -.byte 200 /* bswapl %eax */ - movl %eax, 60(%esp) - /* We now have the X array on the stack */ - /* starting at sp-4 */ - movl %esi, 64(%esp) - - /* Start processing */ - movl (%ebp), %eax - /* 00_15 0 */ - movl %ecx, %esi - movl %eax, %ebp - xorl %edx, %esi - roll $5, %ebp - andl %ebx, %esi - addl %edi, %ebp -.byte 209 -.byte 203 /* rorl $1 %ebx */ - movl (%esp), %edi -.byte 209 -.byte 203 /* rorl $1 %ebx */ - xorl %edx, %esi - leal 1518500249(%ebp,%edi,1),%ebp - movl %ebx, %edi - addl %ebp, %esi - xorl %ecx, %edi - movl %esi, %ebp - andl %eax, %edi - roll $5, %ebp - addl %edx, %ebp - movl 4(%esp), %edx -.byte 209 -.byte 200 /* rorl $1 %eax */ - xorl %ecx, %edi -.byte 209 -.byte 200 /* rorl $1 %eax */ - leal 1518500249(%ebp,%edx,1),%ebp - addl %ebp, %edi - /* 00_15 2 */ - movl %eax, %edx - movl %edi, %ebp - xorl %ebx, %edx - roll $5, %ebp - andl %esi, %edx - addl %ecx, %ebp -.byte 209 -.byte 206 /* rorl $1 %esi */ - movl 8(%esp), %ecx -.byte 209 -.byte 206 /* rorl $1 %esi */ - xorl %ebx, %edx - leal 1518500249(%ebp,%ecx,1),%ebp - movl %esi, %ecx - addl %ebp, %edx - xorl %eax, %ecx - movl %edx, %ebp - andl %edi, %ecx - roll $5, %ebp - addl %ebx, %ebp - movl 12(%esp), %ebx -.byte 209 -.byte 207 /* rorl $1 %edi */ - xorl %eax, %ecx -.byte 209 -.byte 207 /* rorl $1 %edi */ - leal 1518500249(%ebp,%ebx,1),%ebp - addl %ebp, %ecx - /* 00_15 4 */ - movl %edi, %ebx - movl %ecx, %ebp - xorl %esi, %ebx - roll $5, %ebp - andl %edx, %ebx - addl %eax, %ebp -.byte 209 -.byte 202 /* rorl $1 %edx */ - movl 16(%esp), %eax -.byte 209 -.byte 202 /* rorl $1 %edx */ - xorl %esi, %ebx - leal 1518500249(%ebp,%eax,1),%ebp - movl %edx, %eax - addl %ebp, %ebx - xorl %edi, %eax - movl %ebx, %ebp - andl %ecx, %eax - roll $5, %ebp - addl %esi, %ebp - movl 20(%esp), %esi -.byte 209 -.byte 201 /* rorl $1 %ecx */ - xorl %edi, %eax -.byte 209 -.byte 201 /* rorl $1 %ecx */ - leal 1518500249(%ebp,%esi,1),%ebp - addl %ebp, %eax - /* 00_15 6 */ - movl %ecx, %esi - movl %eax, %ebp - xorl %edx, %esi - roll $5, %ebp - andl %ebx, %esi - addl %edi, %ebp -.byte 209 -.byte 203 /* rorl $1 %ebx */ - movl 24(%esp), %edi -.byte 209 -.byte 203 /* rorl $1 %ebx */ - xorl %edx, %esi - leal 1518500249(%ebp,%edi,1),%ebp - movl %ebx, %edi - addl %ebp, %esi - xorl %ecx, %edi - movl %esi, %ebp - andl %eax, %edi - roll $5, %ebp - addl %edx, %ebp - movl 28(%esp), %edx -.byte 209 -.byte 200 /* rorl $1 %eax */ - xorl %ecx, %edi -.byte 209 -.byte 200 /* rorl $1 %eax */ - leal 1518500249(%ebp,%edx,1),%ebp - addl %ebp, %edi - /* 00_15 8 */ - movl %eax, %edx - movl %edi, %ebp - xorl %ebx, %edx - roll $5, %ebp - andl %esi, %edx - addl %ecx, %ebp -.byte 209 -.byte 206 /* rorl $1 %esi */ - movl 32(%esp), %ecx -.byte 209 -.byte 206 /* rorl $1 %esi */ - xorl %ebx, %edx - leal 1518500249(%ebp,%ecx,1),%ebp - movl %esi, %ecx - addl %ebp, %edx - xorl %eax, %ecx - movl %edx, %ebp - andl %edi, %ecx - roll $5, %ebp - addl %ebx, %ebp - movl 36(%esp), %ebx -.byte 209 -.byte 207 /* rorl $1 %edi */ - xorl %eax, %ecx -.byte 209 -.byte 207 /* rorl $1 %edi */ - leal 1518500249(%ebp,%ebx,1),%ebp - addl %ebp, %ecx - /* 00_15 10 */ - movl %edi, %ebx - movl %ecx, %ebp - xorl %esi, %ebx - roll $5, %ebp - andl %edx, %ebx - addl %eax, %ebp -.byte 209 -.byte 202 /* rorl $1 %edx */ - movl 40(%esp), %eax -.byte 209 -.byte 202 /* rorl $1 %edx */ - xorl %esi, %ebx - leal 1518500249(%ebp,%eax,1),%ebp - movl %edx, %eax - addl %ebp, %ebx - xorl %edi, %eax - movl %ebx, %ebp - andl %ecx, %eax - roll $5, %ebp - addl %esi, %ebp - movl 44(%esp), %esi -.byte 209 -.byte 201 /* rorl $1 %ecx */ - xorl %edi, %eax -.byte 209 -.byte 201 /* rorl $1 %ecx */ - leal 1518500249(%ebp,%esi,1),%ebp - addl %ebp, %eax - /* 00_15 12 */ - movl %ecx, %esi - movl %eax, %ebp - xorl %edx, %esi - roll $5, %ebp - andl %ebx, %esi - addl %edi, %ebp -.byte 209 -.byte 203 /* rorl $1 %ebx */ - movl 48(%esp), %edi -.byte 209 -.byte 203 /* rorl $1 %ebx */ - xorl %edx, %esi - leal 1518500249(%ebp,%edi,1),%ebp - movl %ebx, %edi - addl %ebp, %esi - xorl %ecx, %edi - movl %esi, %ebp - andl %eax, %edi - roll $5, %ebp - addl %edx, %ebp - movl 52(%esp), %edx -.byte 209 -.byte 200 /* rorl $1 %eax */ - xorl %ecx, %edi -.byte 209 -.byte 200 /* rorl $1 %eax */ - leal 1518500249(%ebp,%edx,1),%ebp - addl %ebp, %edi - /* 00_15 14 */ - movl %eax, %edx - movl %edi, %ebp - xorl %ebx, %edx - roll $5, %ebp - andl %esi, %edx - addl %ecx, %ebp -.byte 209 -.byte 206 /* rorl $1 %esi */ - movl 56(%esp), %ecx -.byte 209 -.byte 206 /* rorl $1 %esi */ - xorl %ebx, %edx - leal 1518500249(%ebp,%ecx,1),%ebp - movl %esi, %ecx - addl %ebp, %edx - xorl %eax, %ecx - movl %edx, %ebp - andl %edi, %ecx - roll $5, %ebp - addl %ebx, %ebp - movl 60(%esp), %ebx -.byte 209 -.byte 207 /* rorl $1 %edi */ - xorl %eax, %ecx -.byte 209 -.byte 207 /* rorl $1 %edi */ - leal 1518500249(%ebp,%ebx,1),%ebp - addl %ebp, %ecx - /* 16_19 16 */ - nop - movl (%esp), %ebp - movl 8(%esp), %ebx - xorl %ebp, %ebx - movl 32(%esp), %ebp - xorl %ebp, %ebx - movl 52(%esp), %ebp - xorl %ebp, %ebx - movl %edi, %ebp -.byte 209 -.byte 195 /* roll $1 %ebx */ - xorl %esi, %ebp - movl %ebx, (%esp) - andl %edx, %ebp - leal 1518500249(%ebx,%eax,1),%ebx - xorl %esi, %ebp - movl %ecx, %eax - addl %ebp, %ebx - roll $5, %eax -.byte 209 -.byte 202 /* rorl $1 %edx */ - addl %eax, %ebx - movl 4(%esp), %eax - movl 12(%esp), %ebp - xorl %ebp, %eax - movl 36(%esp), %ebp - xorl %ebp, %eax - movl 56(%esp), %ebp -.byte 209 -.byte 202 /* rorl $1 %edx */ - xorl %ebp, %eax -.byte 209 -.byte 192 /* roll $1 %eax */ - movl %edx, %ebp - xorl %edi, %ebp - movl %eax, 4(%esp) - andl %ecx, %ebp - leal 1518500249(%eax,%esi,1),%eax - xorl %edi, %ebp - movl %ebx, %esi - roll $5, %esi -.byte 209 -.byte 201 /* rorl $1 %ecx */ - addl %esi, %eax -.byte 209 -.byte 201 /* rorl $1 %ecx */ - addl %ebp, %eax - /* 16_19 18 */ - movl 8(%esp), %ebp - movl 16(%esp), %esi - xorl %ebp, %esi - movl 40(%esp), %ebp - xorl %ebp, %esi - movl 60(%esp), %ebp - xorl %ebp, %esi - movl %ecx, %ebp -.byte 209 -.byte 198 /* roll $1 %esi */ - xorl %edx, %ebp - movl %esi, 8(%esp) - andl %ebx, %ebp - leal 1518500249(%esi,%edi,1),%esi - xorl %edx, %ebp - movl %eax, %edi - addl %ebp, %esi - roll $5, %edi -.byte 209 -.byte 203 /* rorl $1 %ebx */ - addl %edi, %esi - movl 12(%esp), %edi - movl 20(%esp), %ebp - xorl %ebp, %edi - movl 44(%esp), %ebp - xorl %ebp, %edi - movl (%esp), %ebp -.byte 209 -.byte 203 /* rorl $1 %ebx */ - xorl %ebp, %edi -.byte 209 -.byte 199 /* roll $1 %edi */ - movl %ebx, %ebp - xorl %ecx, %ebp - movl %edi, 12(%esp) - andl %eax, %ebp - leal 1518500249(%edi,%edx,1),%edi - xorl %ecx, %ebp - movl %esi, %edx - roll $5, %edx -.byte 209 -.byte 200 /* rorl $1 %eax */ - addl %edx, %edi -.byte 209 -.byte 200 /* rorl $1 %eax */ - addl %ebp, %edi - /* 20_39 20 */ - movl 16(%esp), %edx - movl 24(%esp), %ebp - xorl %ebp, %edx - movl 48(%esp), %ebp - xorl %ebp, %edx - movl 4(%esp), %ebp - xorl %ebp, %edx - movl %esi, %ebp -.byte 209 -.byte 194 /* roll $1 %edx */ - xorl %eax, %ebp - movl %edx, 16(%esp) - xorl %ebx, %ebp - leal 1859775393(%edx,%ecx,1),%edx - movl %edi, %ecx - roll $5, %ecx -.byte 209 -.byte 206 /* rorl $1 %esi */ - addl %ebp, %ecx -.byte 209 -.byte 206 /* rorl $1 %esi */ - addl %ecx, %edx - /* 20_39 21 */ - movl 20(%esp), %ecx - movl 28(%esp), %ebp - xorl %ebp, %ecx - movl 52(%esp), %ebp - xorl %ebp, %ecx - movl 8(%esp), %ebp - xorl %ebp, %ecx - movl %edi, %ebp -.byte 209 -.byte 193 /* roll $1 %ecx */ - xorl %esi, %ebp - movl %ecx, 20(%esp) - xorl %eax, %ebp - leal 1859775393(%ecx,%ebx,1),%ecx - movl %edx, %ebx - roll $5, %ebx -.byte 209 -.byte 207 /* rorl $1 %edi */ - addl %ebp, %ebx -.byte 209 -.byte 207 /* rorl $1 %edi */ - addl %ebx, %ecx - /* 20_39 22 */ - movl 24(%esp), %ebx - movl 32(%esp), %ebp - xorl %ebp, %ebx - movl 56(%esp), %ebp - xorl %ebp, %ebx - movl 12(%esp), %ebp - xorl %ebp, %ebx - movl %edx, %ebp -.byte 209 -.byte 195 /* roll $1 %ebx */ - xorl %edi, %ebp - movl %ebx, 24(%esp) - xorl %esi, %ebp - leal 1859775393(%ebx,%eax,1),%ebx - movl %ecx, %eax - roll $5, %eax -.byte 209 -.byte 202 /* rorl $1 %edx */ - addl %ebp, %eax -.byte 209 -.byte 202 /* rorl $1 %edx */ - addl %eax, %ebx - /* 20_39 23 */ - movl 28(%esp), %eax - movl 36(%esp), %ebp - xorl %ebp, %eax - movl 60(%esp), %ebp - xorl %ebp, %eax - movl 16(%esp), %ebp - xorl %ebp, %eax - movl %ecx, %ebp -.byte 209 -.byte 192 /* roll $1 %eax */ - xorl %edx, %ebp - movl %eax, 28(%esp) - xorl %edi, %ebp - leal 1859775393(%eax,%esi,1),%eax - movl %ebx, %esi - roll $5, %esi -.byte 209 -.byte 201 /* rorl $1 %ecx */ - addl %ebp, %esi -.byte 209 -.byte 201 /* rorl $1 %ecx */ - addl %esi, %eax - /* 20_39 24 */ - movl 32(%esp), %esi - movl 40(%esp), %ebp - xorl %ebp, %esi - movl (%esp), %ebp - xorl %ebp, %esi - movl 20(%esp), %ebp - xorl %ebp, %esi - movl %ebx, %ebp -.byte 209 -.byte 198 /* roll $1 %esi */ - xorl %ecx, %ebp - movl %esi, 32(%esp) - xorl %edx, %ebp - leal 1859775393(%esi,%edi,1),%esi - movl %eax, %edi - roll $5, %edi -.byte 209 -.byte 203 /* rorl $1 %ebx */ - addl %ebp, %edi -.byte 209 -.byte 203 /* rorl $1 %ebx */ - addl %edi, %esi - /* 20_39 25 */ - movl 36(%esp), %edi - movl 44(%esp), %ebp - xorl %ebp, %edi - movl 4(%esp), %ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - xorl %ebp, %edi - movl %eax, %ebp -.byte 209 -.byte 199 /* roll $1 %edi */ - xorl %ebx, %ebp - movl %edi, 36(%esp) - xorl %ecx, %ebp - leal 1859775393(%edi,%edx,1),%edi - movl %esi, %edx - roll $5, %edx -.byte 209 -.byte 200 /* rorl $1 %eax */ - addl %ebp, %edx -.byte 209 -.byte 200 /* rorl $1 %eax */ - addl %edx, %edi - /* 20_39 26 */ - movl 40(%esp), %edx - movl 48(%esp), %ebp - xorl %ebp, %edx - movl 8(%esp), %ebp - xorl %ebp, %edx - movl 28(%esp), %ebp - xorl %ebp, %edx - movl %esi, %ebp -.byte 209 -.byte 194 /* roll $1 %edx */ - xorl %eax, %ebp - movl %edx, 40(%esp) - xorl %ebx, %ebp - leal 1859775393(%edx,%ecx,1),%edx - movl %edi, %ecx - roll $5, %ecx -.byte 209 -.byte 206 /* rorl $1 %esi */ - addl %ebp, %ecx -.byte 209 -.byte 206 /* rorl $1 %esi */ - addl %ecx, %edx - /* 20_39 27 */ - movl 44(%esp), %ecx - movl 52(%esp), %ebp - xorl %ebp, %ecx - movl 12(%esp), %ebp - xorl %ebp, %ecx - movl 32(%esp), %ebp - xorl %ebp, %ecx - movl %edi, %ebp -.byte 209 -.byte 193 /* roll $1 %ecx */ - xorl %esi, %ebp - movl %ecx, 44(%esp) - xorl %eax, %ebp - leal 1859775393(%ecx,%ebx,1),%ecx - movl %edx, %ebx - roll $5, %ebx -.byte 209 -.byte 207 /* rorl $1 %edi */ - addl %ebp, %ebx -.byte 209 -.byte 207 /* rorl $1 %edi */ - addl %ebx, %ecx - /* 20_39 28 */ - movl 48(%esp), %ebx - movl 56(%esp), %ebp - xorl %ebp, %ebx - movl 16(%esp), %ebp - xorl %ebp, %ebx - movl 36(%esp), %ebp - xorl %ebp, %ebx - movl %edx, %ebp -.byte 209 -.byte 195 /* roll $1 %ebx */ - xorl %edi, %ebp - movl %ebx, 48(%esp) - xorl %esi, %ebp - leal 1859775393(%ebx,%eax,1),%ebx - movl %ecx, %eax - roll $5, %eax -.byte 209 -.byte 202 /* rorl $1 %edx */ - addl %ebp, %eax -.byte 209 -.byte 202 /* rorl $1 %edx */ - addl %eax, %ebx - /* 20_39 29 */ - movl 52(%esp), %eax - movl 60(%esp), %ebp - xorl %ebp, %eax - movl 20(%esp), %ebp - xorl %ebp, %eax - movl 40(%esp), %ebp - xorl %ebp, %eax - movl %ecx, %ebp -.byte 209 -.byte 192 /* roll $1 %eax */ - xorl %edx, %ebp - movl %eax, 52(%esp) - xorl %edi, %ebp - leal 1859775393(%eax,%esi,1),%eax - movl %ebx, %esi - roll $5, %esi -.byte 209 -.byte 201 /* rorl $1 %ecx */ - addl %ebp, %esi -.byte 209 -.byte 201 /* rorl $1 %ecx */ - addl %esi, %eax - /* 20_39 30 */ - movl 56(%esp), %esi - movl (%esp), %ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - xorl %ebp, %esi - movl 44(%esp), %ebp - xorl %ebp, %esi - movl %ebx, %ebp -.byte 209 -.byte 198 /* roll $1 %esi */ - xorl %ecx, %ebp - movl %esi, 56(%esp) - xorl %edx, %ebp - leal 1859775393(%esi,%edi,1),%esi - movl %eax, %edi - roll $5, %edi -.byte 209 -.byte 203 /* rorl $1 %ebx */ - addl %ebp, %edi -.byte 209 -.byte 203 /* rorl $1 %ebx */ - addl %edi, %esi - /* 20_39 31 */ - movl 60(%esp), %edi - movl 4(%esp), %ebp - xorl %ebp, %edi - movl 28(%esp), %ebp - xorl %ebp, %edi - movl 48(%esp), %ebp - xorl %ebp, %edi - movl %eax, %ebp -.byte 209 -.byte 199 /* roll $1 %edi */ - xorl %ebx, %ebp - movl %edi, 60(%esp) - xorl %ecx, %ebp - leal 1859775393(%edi,%edx,1),%edi - movl %esi, %edx - roll $5, %edx -.byte 209 -.byte 200 /* rorl $1 %eax */ - addl %ebp, %edx -.byte 209 -.byte 200 /* rorl $1 %eax */ - addl %edx, %edi - /* 20_39 32 */ - movl (%esp), %edx - movl 8(%esp), %ebp - xorl %ebp, %edx - movl 32(%esp), %ebp - xorl %ebp, %edx - movl 52(%esp), %ebp - xorl %ebp, %edx - movl %esi, %ebp -.byte 209 -.byte 194 /* roll $1 %edx */ - xorl %eax, %ebp - movl %edx, (%esp) - xorl %ebx, %ebp - leal 1859775393(%edx,%ecx,1),%edx - movl %edi, %ecx - roll $5, %ecx -.byte 209 -.byte 206 /* rorl $1 %esi */ - addl %ebp, %ecx -.byte 209 -.byte 206 /* rorl $1 %esi */ - addl %ecx, %edx - /* 20_39 33 */ - movl 4(%esp), %ecx - movl 12(%esp), %ebp - xorl %ebp, %ecx - movl 36(%esp), %ebp - xorl %ebp, %ecx - movl 56(%esp), %ebp - xorl %ebp, %ecx - movl %edi, %ebp -.byte 209 -.byte 193 /* roll $1 %ecx */ - xorl %esi, %ebp - movl %ecx, 4(%esp) - xorl %eax, %ebp - leal 1859775393(%ecx,%ebx,1),%ecx - movl %edx, %ebx - roll $5, %ebx -.byte 209 -.byte 207 /* rorl $1 %edi */ - addl %ebp, %ebx -.byte 209 -.byte 207 /* rorl $1 %edi */ - addl %ebx, %ecx - /* 20_39 34 */ - movl 8(%esp), %ebx - movl 16(%esp), %ebp - xorl %ebp, %ebx - movl 40(%esp), %ebp - xorl %ebp, %ebx - movl 60(%esp), %ebp - xorl %ebp, %ebx - movl %edx, %ebp -.byte 209 -.byte 195 /* roll $1 %ebx */ - xorl %edi, %ebp - movl %ebx, 8(%esp) - xorl %esi, %ebp - leal 1859775393(%ebx,%eax,1),%ebx - movl %ecx, %eax - roll $5, %eax -.byte 209 -.byte 202 /* rorl $1 %edx */ - addl %ebp, %eax -.byte 209 -.byte 202 /* rorl $1 %edx */ - addl %eax, %ebx - /* 20_39 35 */ - movl 12(%esp), %eax - movl 20(%esp), %ebp - xorl %ebp, %eax - movl 44(%esp), %ebp - xorl %ebp, %eax - movl (%esp), %ebp - xorl %ebp, %eax - movl %ecx, %ebp -.byte 209 -.byte 192 /* roll $1 %eax */ - xorl %edx, %ebp - movl %eax, 12(%esp) - xorl %edi, %ebp - leal 1859775393(%eax,%esi,1),%eax - movl %ebx, %esi - roll $5, %esi -.byte 209 -.byte 201 /* rorl $1 %ecx */ - addl %ebp, %esi -.byte 209 -.byte 201 /* rorl $1 %ecx */ - addl %esi, %eax - /* 20_39 36 */ - movl 16(%esp), %esi - movl 24(%esp), %ebp - xorl %ebp, %esi - movl 48(%esp), %ebp - xorl %ebp, %esi - movl 4(%esp), %ebp - xorl %ebp, %esi - movl %ebx, %ebp -.byte 209 -.byte 198 /* roll $1 %esi */ - xorl %ecx, %ebp - movl %esi, 16(%esp) - xorl %edx, %ebp - leal 1859775393(%esi,%edi,1),%esi - movl %eax, %edi - roll $5, %edi -.byte 209 -.byte 203 /* rorl $1 %ebx */ - addl %ebp, %edi -.byte 209 -.byte 203 /* rorl $1 %ebx */ - addl %edi, %esi - /* 20_39 37 */ - movl 20(%esp), %edi - movl 28(%esp), %ebp - xorl %ebp, %edi - movl 52(%esp), %ebp - xorl %ebp, %edi - movl 8(%esp), %ebp - xorl %ebp, %edi - movl %eax, %ebp -.byte 209 -.byte 199 /* roll $1 %edi */ - xorl %ebx, %ebp - movl %edi, 20(%esp) - xorl %ecx, %ebp - leal 1859775393(%edi,%edx,1),%edi - movl %esi, %edx - roll $5, %edx -.byte 209 -.byte 200 /* rorl $1 %eax */ - addl %ebp, %edx -.byte 209 -.byte 200 /* rorl $1 %eax */ - addl %edx, %edi - /* 20_39 38 */ - movl 24(%esp), %edx - movl 32(%esp), %ebp - xorl %ebp, %edx - movl 56(%esp), %ebp - xorl %ebp, %edx - movl 12(%esp), %ebp - xorl %ebp, %edx - movl %esi, %ebp -.byte 209 -.byte 194 /* roll $1 %edx */ - xorl %eax, %ebp - movl %edx, 24(%esp) - xorl %ebx, %ebp - leal 1859775393(%edx,%ecx,1),%edx - movl %edi, %ecx - roll $5, %ecx -.byte 209 -.byte 206 /* rorl $1 %esi */ - addl %ebp, %ecx -.byte 209 -.byte 206 /* rorl $1 %esi */ - addl %ecx, %edx - /* 20_39 39 */ - movl 28(%esp), %ecx - movl 36(%esp), %ebp - xorl %ebp, %ecx - movl 60(%esp), %ebp - xorl %ebp, %ecx - movl 16(%esp), %ebp - xorl %ebp, %ecx - movl %edi, %ebp -.byte 209 -.byte 193 /* roll $1 %ecx */ - xorl %esi, %ebp - movl %ecx, 28(%esp) - xorl %eax, %ebp - leal 1859775393(%ecx,%ebx,1),%ecx - movl %edx, %ebx - roll $5, %ebx -.byte 209 -.byte 207 /* rorl $1 %edi */ - addl %ebp, %ebx -.byte 209 -.byte 207 /* rorl $1 %edi */ - addl %ebx, %ecx - /* 40_59 40 */ - movl 32(%esp), %ebx - movl 40(%esp), %ebp - xorl %ebp, %ebx - movl (%esp), %ebp - xorl %ebp, %ebx - movl 20(%esp), %ebp - xorl %ebp, %ebx - movl %edx, %ebp -.byte 209 -.byte 195 /* roll $1 %ebx */ - orl %edi, %ebp - movl %ebx, 32(%esp) - andl %esi, %ebp - leal 2400959708(%ebx,%eax,1),%ebx - movl %edx, %eax -.byte 209 -.byte 202 /* rorl $1 %edx */ - andl %edi, %eax - orl %eax, %ebp - movl %ecx, %eax - roll $5, %eax - addl %eax, %ebp - movl 36(%esp), %eax - addl %ebp, %ebx - movl 44(%esp), %ebp - xorl %ebp, %eax - movl 4(%esp), %ebp - xorl %ebp, %eax - movl 24(%esp), %ebp -.byte 209 -.byte 202 /* rorl $1 %edx */ - xorl %ebp, %eax -.byte 209 -.byte 192 /* roll $1 %eax */ - movl %ecx, %ebp - movl %eax, 36(%esp) - orl %edx, %ebp - leal 2400959708(%eax,%esi,1),%eax - movl %ecx, %esi - andl %edi, %ebp - andl %edx, %esi - orl %esi, %ebp - movl %ebx, %esi - roll $5, %esi -.byte 209 -.byte 201 /* rorl $1 %ecx */ - addl %esi, %ebp -.byte 209 -.byte 201 /* rorl $1 %ecx */ - addl %ebp, %eax - /* 40_59 41 */ - /* 40_59 42 */ - movl 40(%esp), %esi - movl 48(%esp), %ebp - xorl %ebp, %esi - movl 8(%esp), %ebp - xorl %ebp, %esi - movl 28(%esp), %ebp - xorl %ebp, %esi - movl %ebx, %ebp -.byte 209 -.byte 198 /* roll $1 %esi */ - orl %ecx, %ebp - movl %esi, 40(%esp) - andl %edx, %ebp - leal 2400959708(%esi,%edi,1),%esi - movl %ebx, %edi -.byte 209 -.byte 203 /* rorl $1 %ebx */ - andl %ecx, %edi - orl %edi, %ebp - movl %eax, %edi - roll $5, %edi - addl %edi, %ebp - movl 44(%esp), %edi - addl %ebp, %esi - movl 52(%esp), %ebp - xorl %ebp, %edi - movl 12(%esp), %ebp - xorl %ebp, %edi - movl 32(%esp), %ebp -.byte 209 -.byte 203 /* rorl $1 %ebx */ - xorl %ebp, %edi -.byte 209 -.byte 199 /* roll $1 %edi */ - movl %eax, %ebp - movl %edi, 44(%esp) - orl %ebx, %ebp - leal 2400959708(%edi,%edx,1),%edi - movl %eax, %edx - andl %ecx, %ebp - andl %ebx, %edx - orl %edx, %ebp - movl %esi, %edx - roll $5, %edx -.byte 209 -.byte 200 /* rorl $1 %eax */ - addl %edx, %ebp -.byte 209 -.byte 200 /* rorl $1 %eax */ - addl %ebp, %edi - /* 40_59 43 */ - /* 40_59 44 */ - movl 48(%esp), %edx - movl 56(%esp), %ebp - xorl %ebp, %edx - movl 16(%esp), %ebp - xorl %ebp, %edx - movl 36(%esp), %ebp - xorl %ebp, %edx - movl %esi, %ebp -.byte 209 -.byte 194 /* roll $1 %edx */ - orl %eax, %ebp - movl %edx, 48(%esp) - andl %ebx, %ebp - leal 2400959708(%edx,%ecx,1),%edx - movl %esi, %ecx -.byte 209 -.byte 206 /* rorl $1 %esi */ - andl %eax, %ecx - orl %ecx, %ebp - movl %edi, %ecx - roll $5, %ecx - addl %ecx, %ebp - movl 52(%esp), %ecx - addl %ebp, %edx - movl 60(%esp), %ebp - xorl %ebp, %ecx - movl 20(%esp), %ebp - xorl %ebp, %ecx - movl 40(%esp), %ebp -.byte 209 -.byte 206 /* rorl $1 %esi */ - xorl %ebp, %ecx -.byte 209 -.byte 193 /* roll $1 %ecx */ - movl %edi, %ebp - movl %ecx, 52(%esp) - orl %esi, %ebp - leal 2400959708(%ecx,%ebx,1),%ecx - movl %edi, %ebx - andl %eax, %ebp - andl %esi, %ebx - orl %ebx, %ebp - movl %edx, %ebx - roll $5, %ebx -.byte 209 -.byte 207 /* rorl $1 %edi */ - addl %ebx, %ebp -.byte 209 -.byte 207 /* rorl $1 %edi */ - addl %ebp, %ecx - /* 40_59 45 */ - /* 40_59 46 */ - movl 56(%esp), %ebx - movl (%esp), %ebp - xorl %ebp, %ebx - movl 24(%esp), %ebp - xorl %ebp, %ebx - movl 44(%esp), %ebp - xorl %ebp, %ebx - movl %edx, %ebp -.byte 209 -.byte 195 /* roll $1 %ebx */ - orl %edi, %ebp - movl %ebx, 56(%esp) - andl %esi, %ebp - leal 2400959708(%ebx,%eax,1),%ebx - movl %edx, %eax -.byte 209 -.byte 202 /* rorl $1 %edx */ - andl %edi, %eax - orl %eax, %ebp - movl %ecx, %eax - roll $5, %eax - addl %eax, %ebp - movl 60(%esp), %eax - addl %ebp, %ebx - movl 4(%esp), %ebp - xorl %ebp, %eax - movl 28(%esp), %ebp - xorl %ebp, %eax - movl 48(%esp), %ebp -.byte 209 -.byte 202 /* rorl $1 %edx */ - xorl %ebp, %eax -.byte 209 -.byte 192 /* roll $1 %eax */ - movl %ecx, %ebp - movl %eax, 60(%esp) - orl %edx, %ebp - leal 2400959708(%eax,%esi,1),%eax - movl %ecx, %esi - andl %edi, %ebp - andl %edx, %esi - orl %esi, %ebp - movl %ebx, %esi - roll $5, %esi -.byte 209 -.byte 201 /* rorl $1 %ecx */ - addl %esi, %ebp -.byte 209 -.byte 201 /* rorl $1 %ecx */ - addl %ebp, %eax - /* 40_59 47 */ - /* 40_59 48 */ - movl (%esp), %esi - movl 8(%esp), %ebp - xorl %ebp, %esi - movl 32(%esp), %ebp - xorl %ebp, %esi - movl 52(%esp), %ebp - xorl %ebp, %esi - movl %ebx, %ebp -.byte 209 -.byte 198 /* roll $1 %esi */ - orl %ecx, %ebp - movl %esi, (%esp) - andl %edx, %ebp - leal 2400959708(%esi,%edi,1),%esi - movl %ebx, %edi -.byte 209 -.byte 203 /* rorl $1 %ebx */ - andl %ecx, %edi - orl %edi, %ebp - movl %eax, %edi - roll $5, %edi - addl %edi, %ebp - movl 4(%esp), %edi - addl %ebp, %esi - movl 12(%esp), %ebp - xorl %ebp, %edi - movl 36(%esp), %ebp - xorl %ebp, %edi - movl 56(%esp), %ebp -.byte 209 -.byte 203 /* rorl $1 %ebx */ - xorl %ebp, %edi -.byte 209 -.byte 199 /* roll $1 %edi */ - movl %eax, %ebp - movl %edi, 4(%esp) - orl %ebx, %ebp - leal 2400959708(%edi,%edx,1),%edi - movl %eax, %edx - andl %ecx, %ebp - andl %ebx, %edx - orl %edx, %ebp - movl %esi, %edx - roll $5, %edx -.byte 209 -.byte 200 /* rorl $1 %eax */ - addl %edx, %ebp -.byte 209 -.byte 200 /* rorl $1 %eax */ - addl %ebp, %edi - /* 40_59 49 */ - /* 40_59 50 */ - movl 8(%esp), %edx - movl 16(%esp), %ebp - xorl %ebp, %edx - movl 40(%esp), %ebp - xorl %ebp, %edx - movl 60(%esp), %ebp - xorl %ebp, %edx - movl %esi, %ebp -.byte 209 -.byte 194 /* roll $1 %edx */ - orl %eax, %ebp - movl %edx, 8(%esp) - andl %ebx, %ebp - leal 2400959708(%edx,%ecx,1),%edx - movl %esi, %ecx -.byte 209 -.byte 206 /* rorl $1 %esi */ - andl %eax, %ecx - orl %ecx, %ebp - movl %edi, %ecx - roll $5, %ecx - addl %ecx, %ebp - movl 12(%esp), %ecx - addl %ebp, %edx - movl 20(%esp), %ebp - xorl %ebp, %ecx - movl 44(%esp), %ebp - xorl %ebp, %ecx - movl (%esp), %ebp -.byte 209 -.byte 206 /* rorl $1 %esi */ - xorl %ebp, %ecx -.byte 209 -.byte 193 /* roll $1 %ecx */ - movl %edi, %ebp - movl %ecx, 12(%esp) - orl %esi, %ebp - leal 2400959708(%ecx,%ebx,1),%ecx - movl %edi, %ebx - andl %eax, %ebp - andl %esi, %ebx - orl %ebx, %ebp - movl %edx, %ebx - roll $5, %ebx -.byte 209 -.byte 207 /* rorl $1 %edi */ - addl %ebx, %ebp -.byte 209 -.byte 207 /* rorl $1 %edi */ - addl %ebp, %ecx - /* 40_59 51 */ - /* 40_59 52 */ - movl 16(%esp), %ebx - movl 24(%esp), %ebp - xorl %ebp, %ebx - movl 48(%esp), %ebp - xorl %ebp, %ebx - movl 4(%esp), %ebp - xorl %ebp, %ebx - movl %edx, %ebp -.byte 209 -.byte 195 /* roll $1 %ebx */ - orl %edi, %ebp - movl %ebx, 16(%esp) - andl %esi, %ebp - leal 2400959708(%ebx,%eax,1),%ebx - movl %edx, %eax -.byte 209 -.byte 202 /* rorl $1 %edx */ - andl %edi, %eax - orl %eax, %ebp - movl %ecx, %eax - roll $5, %eax - addl %eax, %ebp - movl 20(%esp), %eax - addl %ebp, %ebx - movl 28(%esp), %ebp - xorl %ebp, %eax - movl 52(%esp), %ebp - xorl %ebp, %eax - movl 8(%esp), %ebp -.byte 209 -.byte 202 /* rorl $1 %edx */ - xorl %ebp, %eax -.byte 209 -.byte 192 /* roll $1 %eax */ - movl %ecx, %ebp - movl %eax, 20(%esp) - orl %edx, %ebp - leal 2400959708(%eax,%esi,1),%eax - movl %ecx, %esi - andl %edi, %ebp - andl %edx, %esi - orl %esi, %ebp - movl %ebx, %esi - roll $5, %esi -.byte 209 -.byte 201 /* rorl $1 %ecx */ - addl %esi, %ebp -.byte 209 -.byte 201 /* rorl $1 %ecx */ - addl %ebp, %eax - /* 40_59 53 */ - /* 40_59 54 */ - movl 24(%esp), %esi - movl 32(%esp), %ebp - xorl %ebp, %esi - movl 56(%esp), %ebp - xorl %ebp, %esi - movl 12(%esp), %ebp - xorl %ebp, %esi - movl %ebx, %ebp -.byte 209 -.byte 198 /* roll $1 %esi */ - orl %ecx, %ebp - movl %esi, 24(%esp) - andl %edx, %ebp - leal 2400959708(%esi,%edi,1),%esi - movl %ebx, %edi -.byte 209 -.byte 203 /* rorl $1 %ebx */ - andl %ecx, %edi - orl %edi, %ebp - movl %eax, %edi - roll $5, %edi - addl %edi, %ebp - movl 28(%esp), %edi - addl %ebp, %esi - movl 36(%esp), %ebp - xorl %ebp, %edi - movl 60(%esp), %ebp - xorl %ebp, %edi - movl 16(%esp), %ebp -.byte 209 -.byte 203 /* rorl $1 %ebx */ - xorl %ebp, %edi -.byte 209 -.byte 199 /* roll $1 %edi */ - movl %eax, %ebp - movl %edi, 28(%esp) - orl %ebx, %ebp - leal 2400959708(%edi,%edx,1),%edi - movl %eax, %edx - andl %ecx, %ebp - andl %ebx, %edx - orl %edx, %ebp - movl %esi, %edx - roll $5, %edx -.byte 209 -.byte 200 /* rorl $1 %eax */ - addl %edx, %ebp -.byte 209 -.byte 200 /* rorl $1 %eax */ - addl %ebp, %edi - /* 40_59 55 */ - /* 40_59 56 */ - movl 32(%esp), %edx - movl 40(%esp), %ebp - xorl %ebp, %edx - movl (%esp), %ebp - xorl %ebp, %edx - movl 20(%esp), %ebp - xorl %ebp, %edx - movl %esi, %ebp -.byte 209 -.byte 194 /* roll $1 %edx */ - orl %eax, %ebp - movl %edx, 32(%esp) - andl %ebx, %ebp - leal 2400959708(%edx,%ecx,1),%edx - movl %esi, %ecx -.byte 209 -.byte 206 /* rorl $1 %esi */ - andl %eax, %ecx - orl %ecx, %ebp - movl %edi, %ecx - roll $5, %ecx - addl %ecx, %ebp - movl 36(%esp), %ecx - addl %ebp, %edx - movl 44(%esp), %ebp - xorl %ebp, %ecx - movl 4(%esp), %ebp - xorl %ebp, %ecx - movl 24(%esp), %ebp -.byte 209 -.byte 206 /* rorl $1 %esi */ - xorl %ebp, %ecx -.byte 209 -.byte 193 /* roll $1 %ecx */ - movl %edi, %ebp - movl %ecx, 36(%esp) - orl %esi, %ebp - leal 2400959708(%ecx,%ebx,1),%ecx - movl %edi, %ebx - andl %eax, %ebp - andl %esi, %ebx - orl %ebx, %ebp - movl %edx, %ebx - roll $5, %ebx -.byte 209 -.byte 207 /* rorl $1 %edi */ - addl %ebx, %ebp -.byte 209 -.byte 207 /* rorl $1 %edi */ - addl %ebp, %ecx - /* 40_59 57 */ - /* 40_59 58 */ - movl 40(%esp), %ebx - movl 48(%esp), %ebp - xorl %ebp, %ebx - movl 8(%esp), %ebp - xorl %ebp, %ebx - movl 28(%esp), %ebp - xorl %ebp, %ebx - movl %edx, %ebp -.byte 209 -.byte 195 /* roll $1 %ebx */ - orl %edi, %ebp - movl %ebx, 40(%esp) - andl %esi, %ebp - leal 2400959708(%ebx,%eax,1),%ebx - movl %edx, %eax -.byte 209 -.byte 202 /* rorl $1 %edx */ - andl %edi, %eax - orl %eax, %ebp - movl %ecx, %eax - roll $5, %eax - addl %eax, %ebp - movl 44(%esp), %eax - addl %ebp, %ebx - movl 52(%esp), %ebp - xorl %ebp, %eax - movl 12(%esp), %ebp - xorl %ebp, %eax - movl 32(%esp), %ebp -.byte 209 -.byte 202 /* rorl $1 %edx */ - xorl %ebp, %eax -.byte 209 -.byte 192 /* roll $1 %eax */ - movl %ecx, %ebp - movl %eax, 44(%esp) - orl %edx, %ebp - leal 2400959708(%eax,%esi,1),%eax - movl %ecx, %esi - andl %edi, %ebp - andl %edx, %esi - orl %esi, %ebp - movl %ebx, %esi - roll $5, %esi -.byte 209 -.byte 201 /* rorl $1 %ecx */ - addl %esi, %ebp -.byte 209 -.byte 201 /* rorl $1 %ecx */ - addl %ebp, %eax - /* 40_59 59 */ - /* 20_39 60 */ - movl 48(%esp), %esi - movl 56(%esp), %ebp - xorl %ebp, %esi - movl 16(%esp), %ebp - xorl %ebp, %esi - movl 36(%esp), %ebp - xorl %ebp, %esi - movl %ebx, %ebp -.byte 209 -.byte 198 /* roll $1 %esi */ - xorl %ecx, %ebp - movl %esi, 48(%esp) - xorl %edx, %ebp - leal 3395469782(%esi,%edi,1),%esi - movl %eax, %edi - roll $5, %edi -.byte 209 -.byte 203 /* rorl $1 %ebx */ - addl %ebp, %edi -.byte 209 -.byte 203 /* rorl $1 %ebx */ - addl %edi, %esi - /* 20_39 61 */ - movl 52(%esp), %edi - movl 60(%esp), %ebp - xorl %ebp, %edi - movl 20(%esp), %ebp - xorl %ebp, %edi - movl 40(%esp), %ebp - xorl %ebp, %edi - movl %eax, %ebp -.byte 209 -.byte 199 /* roll $1 %edi */ - xorl %ebx, %ebp - movl %edi, 52(%esp) - xorl %ecx, %ebp - leal 3395469782(%edi,%edx,1),%edi - movl %esi, %edx - roll $5, %edx -.byte 209 -.byte 200 /* rorl $1 %eax */ - addl %ebp, %edx -.byte 209 -.byte 200 /* rorl $1 %eax */ - addl %edx, %edi - /* 20_39 62 */ - movl 56(%esp), %edx - movl (%esp), %ebp - xorl %ebp, %edx - movl 24(%esp), %ebp - xorl %ebp, %edx - movl 44(%esp), %ebp - xorl %ebp, %edx - movl %esi, %ebp -.byte 209 -.byte 194 /* roll $1 %edx */ - xorl %eax, %ebp - movl %edx, 56(%esp) - xorl %ebx, %ebp - leal 3395469782(%edx,%ecx,1),%edx - movl %edi, %ecx - roll $5, %ecx -.byte 209 -.byte 206 /* rorl $1 %esi */ - addl %ebp, %ecx -.byte 209 -.byte 206 /* rorl $1 %esi */ - addl %ecx, %edx - /* 20_39 63 */ - movl 60(%esp), %ecx - movl 4(%esp), %ebp - xorl %ebp, %ecx - movl 28(%esp), %ebp - xorl %ebp, %ecx - movl 48(%esp), %ebp - xorl %ebp, %ecx - movl %edi, %ebp -.byte 209 -.byte 193 /* roll $1 %ecx */ - xorl %esi, %ebp - movl %ecx, 60(%esp) - xorl %eax, %ebp - leal 3395469782(%ecx,%ebx,1),%ecx - movl %edx, %ebx - roll $5, %ebx -.byte 209 -.byte 207 /* rorl $1 %edi */ - addl %ebp, %ebx -.byte 209 -.byte 207 /* rorl $1 %edi */ - addl %ebx, %ecx - /* 20_39 64 */ - movl (%esp), %ebx - movl 8(%esp), %ebp - xorl %ebp, %ebx - movl 32(%esp), %ebp - xorl %ebp, %ebx - movl 52(%esp), %ebp - xorl %ebp, %ebx - movl %edx, %ebp -.byte 209 -.byte 195 /* roll $1 %ebx */ - xorl %edi, %ebp - movl %ebx, (%esp) - xorl %esi, %ebp - leal 3395469782(%ebx,%eax,1),%ebx - movl %ecx, %eax - roll $5, %eax -.byte 209 -.byte 202 /* rorl $1 %edx */ - addl %ebp, %eax -.byte 209 -.byte 202 /* rorl $1 %edx */ - addl %eax, %ebx - /* 20_39 65 */ - movl 4(%esp), %eax - movl 12(%esp), %ebp - xorl %ebp, %eax - movl 36(%esp), %ebp - xorl %ebp, %eax - movl 56(%esp), %ebp - xorl %ebp, %eax - movl %ecx, %ebp -.byte 209 -.byte 192 /* roll $1 %eax */ - xorl %edx, %ebp - movl %eax, 4(%esp) - xorl %edi, %ebp - leal 3395469782(%eax,%esi,1),%eax - movl %ebx, %esi - roll $5, %esi -.byte 209 -.byte 201 /* rorl $1 %ecx */ - addl %ebp, %esi -.byte 209 -.byte 201 /* rorl $1 %ecx */ - addl %esi, %eax - /* 20_39 66 */ - movl 8(%esp), %esi - movl 16(%esp), %ebp - xorl %ebp, %esi - movl 40(%esp), %ebp - xorl %ebp, %esi - movl 60(%esp), %ebp - xorl %ebp, %esi - movl %ebx, %ebp -.byte 209 -.byte 198 /* roll $1 %esi */ - xorl %ecx, %ebp - movl %esi, 8(%esp) - xorl %edx, %ebp - leal 3395469782(%esi,%edi,1),%esi - movl %eax, %edi - roll $5, %edi -.byte 209 -.byte 203 /* rorl $1 %ebx */ - addl %ebp, %edi -.byte 209 -.byte 203 /* rorl $1 %ebx */ - addl %edi, %esi - /* 20_39 67 */ - movl 12(%esp), %edi - movl 20(%esp), %ebp - xorl %ebp, %edi - movl 44(%esp), %ebp - xorl %ebp, %edi - movl (%esp), %ebp - xorl %ebp, %edi - movl %eax, %ebp -.byte 209 -.byte 199 /* roll $1 %edi */ - xorl %ebx, %ebp - movl %edi, 12(%esp) - xorl %ecx, %ebp - leal 3395469782(%edi,%edx,1),%edi - movl %esi, %edx - roll $5, %edx -.byte 209 -.byte 200 /* rorl $1 %eax */ - addl %ebp, %edx -.byte 209 -.byte 200 /* rorl $1 %eax */ - addl %edx, %edi - /* 20_39 68 */ - movl 16(%esp), %edx - movl 24(%esp), %ebp - xorl %ebp, %edx - movl 48(%esp), %ebp - xorl %ebp, %edx - movl 4(%esp), %ebp - xorl %ebp, %edx - movl %esi, %ebp -.byte 209 -.byte 194 /* roll $1 %edx */ - xorl %eax, %ebp - movl %edx, 16(%esp) - xorl %ebx, %ebp - leal 3395469782(%edx,%ecx,1),%edx - movl %edi, %ecx - roll $5, %ecx -.byte 209 -.byte 206 /* rorl $1 %esi */ - addl %ebp, %ecx -.byte 209 -.byte 206 /* rorl $1 %esi */ - addl %ecx, %edx - /* 20_39 69 */ - movl 20(%esp), %ecx - movl 28(%esp), %ebp - xorl %ebp, %ecx - movl 52(%esp), %ebp - xorl %ebp, %ecx - movl 8(%esp), %ebp - xorl %ebp, %ecx - movl %edi, %ebp -.byte 209 -.byte 193 /* roll $1 %ecx */ - xorl %esi, %ebp - movl %ecx, 20(%esp) - xorl %eax, %ebp - leal 3395469782(%ecx,%ebx,1),%ecx - movl %edx, %ebx - roll $5, %ebx -.byte 209 -.byte 207 /* rorl $1 %edi */ - addl %ebp, %ebx -.byte 209 -.byte 207 /* rorl $1 %edi */ - addl %ebx, %ecx - /* 20_39 70 */ - movl 24(%esp), %ebx - movl 32(%esp), %ebp - xorl %ebp, %ebx - movl 56(%esp), %ebp - xorl %ebp, %ebx - movl 12(%esp), %ebp - xorl %ebp, %ebx - movl %edx, %ebp -.byte 209 -.byte 195 /* roll $1 %ebx */ - xorl %edi, %ebp - movl %ebx, 24(%esp) - xorl %esi, %ebp - leal 3395469782(%ebx,%eax,1),%ebx - movl %ecx, %eax - roll $5, %eax -.byte 209 -.byte 202 /* rorl $1 %edx */ - addl %ebp, %eax -.byte 209 -.byte 202 /* rorl $1 %edx */ - addl %eax, %ebx - /* 20_39 71 */ - movl 28(%esp), %eax - movl 36(%esp), %ebp - xorl %ebp, %eax - movl 60(%esp), %ebp - xorl %ebp, %eax - movl 16(%esp), %ebp - xorl %ebp, %eax - movl %ecx, %ebp -.byte 209 -.byte 192 /* roll $1 %eax */ - xorl %edx, %ebp - movl %eax, 28(%esp) - xorl %edi, %ebp - leal 3395469782(%eax,%esi,1),%eax - movl %ebx, %esi - roll $5, %esi -.byte 209 -.byte 201 /* rorl $1 %ecx */ - addl %ebp, %esi -.byte 209 -.byte 201 /* rorl $1 %ecx */ - addl %esi, %eax - /* 20_39 72 */ - movl 32(%esp), %esi - movl 40(%esp), %ebp - xorl %ebp, %esi - movl (%esp), %ebp - xorl %ebp, %esi - movl 20(%esp), %ebp - xorl %ebp, %esi - movl %ebx, %ebp -.byte 209 -.byte 198 /* roll $1 %esi */ - xorl %ecx, %ebp - movl %esi, 32(%esp) - xorl %edx, %ebp - leal 3395469782(%esi,%edi,1),%esi - movl %eax, %edi - roll $5, %edi -.byte 209 -.byte 203 /* rorl $1 %ebx */ - addl %ebp, %edi -.byte 209 -.byte 203 /* rorl $1 %ebx */ - addl %edi, %esi - /* 20_39 73 */ - movl 36(%esp), %edi - movl 44(%esp), %ebp - xorl %ebp, %edi - movl 4(%esp), %ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - xorl %ebp, %edi - movl %eax, %ebp -.byte 209 -.byte 199 /* roll $1 %edi */ - xorl %ebx, %ebp - movl %edi, 36(%esp) - xorl %ecx, %ebp - leal 3395469782(%edi,%edx,1),%edi - movl %esi, %edx - roll $5, %edx -.byte 209 -.byte 200 /* rorl $1 %eax */ - addl %ebp, %edx -.byte 209 -.byte 200 /* rorl $1 %eax */ - addl %edx, %edi - /* 20_39 74 */ - movl 40(%esp), %edx - movl 48(%esp), %ebp - xorl %ebp, %edx - movl 8(%esp), %ebp - xorl %ebp, %edx - movl 28(%esp), %ebp - xorl %ebp, %edx - movl %esi, %ebp -.byte 209 -.byte 194 /* roll $1 %edx */ - xorl %eax, %ebp - movl %edx, 40(%esp) - xorl %ebx, %ebp - leal 3395469782(%edx,%ecx,1),%edx - movl %edi, %ecx - roll $5, %ecx -.byte 209 -.byte 206 /* rorl $1 %esi */ - addl %ebp, %ecx -.byte 209 -.byte 206 /* rorl $1 %esi */ - addl %ecx, %edx - /* 20_39 75 */ - movl 44(%esp), %ecx - movl 52(%esp), %ebp - xorl %ebp, %ecx - movl 12(%esp), %ebp - xorl %ebp, %ecx - movl 32(%esp), %ebp - xorl %ebp, %ecx - movl %edi, %ebp -.byte 209 -.byte 193 /* roll $1 %ecx */ - xorl %esi, %ebp - movl %ecx, 44(%esp) - xorl %eax, %ebp - leal 3395469782(%ecx,%ebx,1),%ecx - movl %edx, %ebx - roll $5, %ebx -.byte 209 -.byte 207 /* rorl $1 %edi */ - addl %ebp, %ebx -.byte 209 -.byte 207 /* rorl $1 %edi */ - addl %ebx, %ecx - /* 20_39 76 */ - movl 48(%esp), %ebx - movl 56(%esp), %ebp - xorl %ebp, %ebx - movl 16(%esp), %ebp - xorl %ebp, %ebx - movl 36(%esp), %ebp - xorl %ebp, %ebx - movl %edx, %ebp -.byte 209 -.byte 195 /* roll $1 %ebx */ - xorl %edi, %ebp - movl %ebx, 48(%esp) - xorl %esi, %ebp - leal 3395469782(%ebx,%eax,1),%ebx - movl %ecx, %eax - roll $5, %eax -.byte 209 -.byte 202 /* rorl $1 %edx */ - addl %ebp, %eax -.byte 209 -.byte 202 /* rorl $1 %edx */ - addl %eax, %ebx - /* 20_39 77 */ - movl 52(%esp), %eax - movl 60(%esp), %ebp - xorl %ebp, %eax - movl 20(%esp), %ebp - xorl %ebp, %eax - movl 40(%esp), %ebp - xorl %ebp, %eax - movl %ecx, %ebp -.byte 209 -.byte 192 /* roll $1 %eax */ - xorl %edx, %ebp - movl %eax, 52(%esp) - xorl %edi, %ebp - leal 3395469782(%eax,%esi,1),%eax - movl %ebx, %esi - roll $5, %esi -.byte 209 -.byte 201 /* rorl $1 %ecx */ - addl %ebp, %esi -.byte 209 -.byte 201 /* rorl $1 %ecx */ - addl %esi, %eax - /* 20_39 78 */ - movl 56(%esp), %esi - movl (%esp), %ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - xorl %ebp, %esi - movl 44(%esp), %ebp - xorl %ebp, %esi - movl %ebx, %ebp -.byte 209 -.byte 198 /* roll $1 %esi */ - xorl %ecx, %ebp - movl %esi, 56(%esp) - xorl %edx, %ebp - leal 3395469782(%esi,%edi,1),%esi - movl %eax, %edi - roll $5, %edi -.byte 209 -.byte 203 /* rorl $1 %ebx */ - addl %ebp, %edi -.byte 209 -.byte 203 /* rorl $1 %ebx */ - addl %edi, %esi - /* 20_39 79 */ - movl 60(%esp), %edi - movl 4(%esp), %ebp - xorl %ebp, %edi - movl 28(%esp), %ebp - xorl %ebp, %edi - movl 48(%esp), %ebp - xorl %ebp, %edi - movl %eax, %ebp -.byte 209 -.byte 199 /* roll $1 %edi */ - xorl %ebx, %ebp - movl %edi, 60(%esp) - xorl %ecx, %ebp - leal 3395469782(%edi,%edx,1),%edi - movl %esi, %edx - roll $5, %edx - addl %ebp, %edx - movl 92(%esp), %ebp -.byte 209 -.byte 200 /* rorl $1 %eax */ - addl %edx, %edi -.byte 209 -.byte 200 /* rorl $1 %eax */ - /* End processing */ - - movl 12(%ebp), %edx - addl %ebx, %edx - movl 4(%ebp), %ebx - addl %esi, %ebx - movl %eax, %esi - movl (%ebp), %eax - movl %edx, 12(%ebp) - addl %edi, %eax - movl 16(%ebp), %edi - addl %ecx, %edi - movl 8(%ebp), %ecx - addl %esi, %ecx - movl %eax, (%ebp) - movl 64(%esp), %esi - movl %ecx, 8(%ebp) - addl $64, %esi - movl 68(%esp), %eax - movl %edi, 16(%ebp) - cmpl %esi, %eax - movl %ebx, 4(%ebp) - jb .L001end - movl (%esi), %eax - jmp .L000start -.L001end: - addl $72, %esp - popl %edi - popl %ebx - popl %ebp - popl %esi - ret -.sha1_block_x86_end: - SIZE(sha1_block_x86,.sha1_block_x86_end-sha1_block_x86) -.ident "desasm.pl" -#endif diff --git a/lib/libmd/md4.copyright b/lib/libmd/md4.copyright index e4502073a1ce..7c7af2efb887 100644 --- a/lib/libmd/md4.copyright +++ b/lib/libmd/md4.copyright @@ -1,4 +1,3 @@ -.\" $FreeBSD$ Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved. .Pp diff --git a/lib/libmd/md4.h b/lib/libmd/md4.h index c05c690f80e1..f251fa4821cf 100644 --- a/lib/libmd/md4.h +++ b/lib/libmd/md4.h @@ -1,5 +1,4 @@ /* MD4.H - header file for MD4C.C - * $FreeBSD$ */ /*- @@ -28,60 +27,7 @@ #ifndef _MD4_H_ #define _MD4_H_ -/* MD4 context. */ -typedef struct MD4Context { - u_int32_t state[4]; /* state (ABCD) */ - u_int32_t count[2]; /* number of bits, modulo 2^64 (lsb first) */ - unsigned char buffer[64]; /* input buffer */ -} MD4_CTX; -#include <sys/cdefs.h> - -__BEGIN_DECLS - -/* Ensure libmd symbols do not clash with libcrypto */ - -#ifndef MD4Init -#define MD4Init _libmd_MD4Init -#endif -#ifndef MD4Update -#define MD4Update _libmd_MD4Update -#endif -#ifndef MD4Pad -#define MD4Pad _libmd_MD4Pad -#endif -#ifndef MD4Final -#define MD4Final _libmd_MD4Final -#endif -#ifndef MD4End -#define MD4End _libmd_MD4End -#endif -#ifndef MD4Fd -#define MD4Fd _libmd_MD4Fd -#endif -#ifndef MD4FdChunk -#define MD4FdChunk _libmd_MD4FdChunk -#endif -#ifndef MD4File -#define MD4File _libmd_MD4File -#endif -#ifndef MD4FileChunk -#define MD4FileChunk _libmd_MD4FileChunk -#endif -#ifndef MD4Data -#define MD4Data _libmd_MD4Data -#endif - -void MD4Init(MD4_CTX *); -void MD4Update(MD4_CTX *, const void *, unsigned int); -void MD4Pad(MD4_CTX *); -void MD4Final(unsigned char [16], MD4_CTX *); -char * MD4End(MD4_CTX *, char *); -char * MD4Fd(int, char *); -char * MD4FdChunk(int, char *, off_t, off_t); -char * MD4File(const char *, char *); -char * MD4FileChunk(const char *, char *, off_t, off_t); -char * MD4Data(const void *, unsigned int, char *); -__END_DECLS +#include <sys/md4.h> #endif /* _MD4_H_ */ diff --git a/lib/libmd/md4c.c b/lib/libmd/md4c.c deleted file mode 100644 index 66d3652465a9..000000000000 --- a/lib/libmd/md4c.c +++ /dev/null @@ -1,301 +0,0 @@ -/* MD4C.C - RSA Data Security, Inc., MD4 message-digest algorithm - */ - -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - -/*- - SPDX-License-Identifier: RSA-MD - - Copyright (C) 1990-2, RSA Data Security, Inc. All rights reserved. - - License to copy and use this software is granted provided that it - is identified as the "RSA Data Security, Inc. MD4 Message-Digest - Algorithm" in all material mentioning or referencing this software - or this function. - - License is also granted to make and use derivative works provided - that such works are identified as "derived from the RSA Data - Security, Inc. MD4 Message-Digest Algorithm" in all material - mentioning or referencing the derived work. - - RSA Data Security, Inc. makes no representations concerning either - the merchantability of this software or the suitability of this - software for any particular purpose. It is provided "as is" - without express or implied warranty of any kind. - - These notices must be retained in any copies of any part of this - documentation and/or software. - */ - -#include <sys/types.h> -#include <string.h> -#include "md4.h" - -typedef unsigned char *POINTER; -typedef const unsigned char *CONST_POINTER; -typedef u_int16_t UINT2; -typedef u_int32_t UINT4; - -#define PROTO_LIST(list) list - -/* Constants for MD4Transform routine. - */ -#define S11 3 -#define S12 7 -#define S13 11 -#define S14 19 -#define S21 3 -#define S22 5 -#define S23 9 -#define S24 13 -#define S31 3 -#define S32 9 -#define S33 11 -#define S34 15 - -static void MD4Transform PROTO_LIST ((UINT4 [4], const unsigned char [64])); -static void Encode PROTO_LIST - ((unsigned char *, UINT4 *, unsigned int)); -static void Decode PROTO_LIST - ((UINT4 *, const unsigned char *, unsigned int)); - -static unsigned char PADDING[64] = { - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -/* F, G and H are basic MD4 functions. - */ -#define F(x, y, z) (((x) & (y)) | ((~x) & (z))) -#define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z))) -#define H(x, y, z) ((x) ^ (y) ^ (z)) - -/* ROTATE_LEFT rotates x left n bits. - */ -#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) - -/* FF, GG and HH are transformations for rounds 1, 2 and 3 */ -/* Rotation is separate from addition to prevent recomputation */ -#define FF(a, b, c, d, x, s) { \ - (a) += F ((b), (c), (d)) + (x); \ - (a) = ROTATE_LEFT ((a), (s)); \ - } -#define GG(a, b, c, d, x, s) { \ - (a) += G ((b), (c), (d)) + (x) + (UINT4)0x5a827999; \ - (a) = ROTATE_LEFT ((a), (s)); \ - } -#define HH(a, b, c, d, x, s) { \ - (a) += H ((b), (c), (d)) + (x) + (UINT4)0x6ed9eba1; \ - (a) = ROTATE_LEFT ((a), (s)); \ - } - -/* MD4 initialization. Begins an MD4 operation, writing a new context. - */ -void -MD4Init(MD4_CTX *context) -{ - context->count[0] = context->count[1] = 0; - - /* Load magic initialization constants. - */ - context->state[0] = 0x67452301; - context->state[1] = 0xefcdab89; - context->state[2] = 0x98badcfe; - context->state[3] = 0x10325476; -} - -/* MD4 block update operation. Continues an MD4 message-digest - operation, processing another message block, and updating the - context. - */ -void -MD4Update(MD4_CTX *context, const void *in, unsigned int inputLen) -{ - unsigned int i, idx, partLen; - const unsigned char *input = in; - - /* Compute number of bytes mod 64 */ - idx = (unsigned int)((context->count[0] >> 3) & 0x3F); - /* Update number of bits */ - if ((context->count[0] += ((UINT4)inputLen << 3)) - < ((UINT4)inputLen << 3)) - context->count[1]++; - context->count[1] += ((UINT4)inputLen >> 29); - - partLen = 64 - idx; - /* Transform as many times as possible. - */ - if (inputLen >= partLen) { - memcpy - ((POINTER)&context->buffer[idx], (CONST_POINTER)input, partLen); - MD4Transform (context->state, context->buffer); - - for (i = partLen; i + 63 < inputLen; i += 64) - MD4Transform (context->state, &input[i]); - - idx = 0; - } - else - i = 0; - - /* Buffer remaining input */ - memcpy - ((POINTER)&context->buffer[idx], (CONST_POINTER)&input[i], - inputLen-i); -} - -/* MD4 padding. */ -void -MD4Pad(MD4_CTX *context) -{ - unsigned char bits[8]; - unsigned int idx, padLen; - - /* Save number of bits */ - Encode (bits, context->count, 8); - - /* Pad out to 56 mod 64. - */ - idx = (unsigned int)((context->count[0] >> 3) & 0x3f); - padLen = (idx < 56) ? (56 - idx) : (120 - idx); - MD4Update (context, PADDING, padLen); - - /* Append length (before padding) */ - MD4Update (context, bits, 8); -} - -/* MD4 finalization. Ends an MD4 message-digest operation, writing the - the message digest and zeroizing the context. - */ -void -MD4Final(unsigned char digest[16], MD4_CTX *context) -{ - /* Do padding */ - MD4Pad (context); - - /* Store state in digest */ - Encode (digest, context->state, 16); - - /* Zeroize sensitive information. - */ - explicit_bzero(context, sizeof(*context)); -} - -/* MD4 basic transformation. Transforms state based on block. - */ -static void -MD4Transform(UINT4 state[4], const unsigned char block[64]) -{ - UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16]; - - Decode (x, block, 64); - - /* Round 1 */ - FF (a, b, c, d, x[ 0], S11); /* 1 */ - FF (d, a, b, c, x[ 1], S12); /* 2 */ - FF (c, d, a, b, x[ 2], S13); /* 3 */ - FF (b, c, d, a, x[ 3], S14); /* 4 */ - FF (a, b, c, d, x[ 4], S11); /* 5 */ - FF (d, a, b, c, x[ 5], S12); /* 6 */ - FF (c, d, a, b, x[ 6], S13); /* 7 */ - FF (b, c, d, a, x[ 7], S14); /* 8 */ - FF (a, b, c, d, x[ 8], S11); /* 9 */ - FF (d, a, b, c, x[ 9], S12); /* 10 */ - FF (c, d, a, b, x[10], S13); /* 11 */ - FF (b, c, d, a, x[11], S14); /* 12 */ - FF (a, b, c, d, x[12], S11); /* 13 */ - FF (d, a, b, c, x[13], S12); /* 14 */ - FF (c, d, a, b, x[14], S13); /* 15 */ - FF (b, c, d, a, x[15], S14); /* 16 */ - - /* Round 2 */ - GG (a, b, c, d, x[ 0], S21); /* 17 */ - GG (d, a, b, c, x[ 4], S22); /* 18 */ - GG (c, d, a, b, x[ 8], S23); /* 19 */ - GG (b, c, d, a, x[12], S24); /* 20 */ - GG (a, b, c, d, x[ 1], S21); /* 21 */ - GG (d, a, b, c, x[ 5], S22); /* 22 */ - GG (c, d, a, b, x[ 9], S23); /* 23 */ - GG (b, c, d, a, x[13], S24); /* 24 */ - GG (a, b, c, d, x[ 2], S21); /* 25 */ - GG (d, a, b, c, x[ 6], S22); /* 26 */ - GG (c, d, a, b, x[10], S23); /* 27 */ - GG (b, c, d, a, x[14], S24); /* 28 */ - GG (a, b, c, d, x[ 3], S21); /* 29 */ - GG (d, a, b, c, x[ 7], S22); /* 30 */ - GG (c, d, a, b, x[11], S23); /* 31 */ - GG (b, c, d, a, x[15], S24); /* 32 */ - - /* Round 3 */ - HH (a, b, c, d, x[ 0], S31); /* 33 */ - HH (d, a, b, c, x[ 8], S32); /* 34 */ - HH (c, d, a, b, x[ 4], S33); /* 35 */ - HH (b, c, d, a, x[12], S34); /* 36 */ - HH (a, b, c, d, x[ 2], S31); /* 37 */ - HH (d, a, b, c, x[10], S32); /* 38 */ - HH (c, d, a, b, x[ 6], S33); /* 39 */ - HH (b, c, d, a, x[14], S34); /* 40 */ - HH (a, b, c, d, x[ 1], S31); /* 41 */ - HH (d, a, b, c, x[ 9], S32); /* 42 */ - HH (c, d, a, b, x[ 5], S33); /* 43 */ - HH (b, c, d, a, x[13], S34); /* 44 */ - HH (a, b, c, d, x[ 3], S31); /* 45 */ - HH (d, a, b, c, x[11], S32); /* 46 */ - HH (c, d, a, b, x[ 7], S33); /* 47 */ - HH (b, c, d, a, x[15], S34); /* 48 */ - - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - - /* Zeroize sensitive information. - */ - memset ((POINTER)x, 0, sizeof (x)); -} - -/* Encodes input (UINT4) into output (unsigned char). Assumes len is - a multiple of 4. - */ -static void -Encode(unsigned char *output, UINT4 *input, unsigned int len) -{ - unsigned int i, j; - - for (i = 0, j = 0; j < len; i++, j += 4) { - output[j] = (unsigned char)(input[i] & 0xff); - output[j+1] = (unsigned char)((input[i] >> 8) & 0xff); - output[j+2] = (unsigned char)((input[i] >> 16) & 0xff); - output[j+3] = (unsigned char)((input[i] >> 24) & 0xff); - } -} - -/* Decodes input (unsigned char) into output (UINT4). Assumes len is - a multiple of 4. - */ -static void -Decode(UINT4 *output, const unsigned char *input, unsigned int len) -{ - unsigned int i, j; - - for (i = 0, j = 0; j < len; i++, j += 4) - output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) | - (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24); -} - -#ifdef WEAK_REFS -/* When building libmd, provide weak references. Note: this is not - activated in the context of compiling these sources for internal - use in libcrypt. - */ -#undef MD4Init -__weak_reference(_libmd_MD4Init, MD4Init); -#undef MD4Update -__weak_reference(_libmd_MD4Update, MD4Update); -#undef MD4Pad -__weak_reference(_libmd_MD4Pad, MD4Pad); -#undef MD4Final -__weak_reference(_libmd_MD4Final, MD4Final); -#endif diff --git a/lib/libmd/md5.copyright b/lib/libmd/md5.copyright index b718bf8b5ebe..08bb01166590 100644 --- a/lib/libmd/md5.copyright +++ b/lib/libmd/md5.copyright @@ -1,4 +1,3 @@ -.\" $FreeBSD$ Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved. .Pp diff --git a/lib/libmd/md5.h b/lib/libmd/md5.h index 631dec819e79..fca9d5f6ee6e 100644 --- a/lib/libmd/md5.h +++ b/lib/libmd/md5.h @@ -1,47 +1,6 @@ -/* $FreeBSD$ */ #ifndef _MD5_H_ #define _MD5_H_ -#ifndef _KERNEL - -/* Ensure libmd symbols do not clash with libcrypto */ - -#ifndef MD5Init -#define MD5Init _libmd_MD5Init -#endif -#ifndef MD5Update -#define MD5Update _libmd_MD5Update -#endif -#ifndef MD5Pad -#define MD5Pad _libmd_MD5Pad -#endif -#ifndef MD5Final -#define MD5Final _libmd_MD5Final -#endif -#ifndef MD5Transform -#define MD5Transform _libmd_MD5Transform -#endif -#ifndef MD5End -#define MD5End _libmd_MD5End -#endif -#ifndef MD5Fd -#define MD5Fd _libmd_MD5Fd -#endif -#ifndef MD5FdChunk -#define MD5FdChunk _libmd_MD5FdChunk -#endif -#ifndef MD5File -#define MD5File _libmd_MD5File -#endif -#ifndef MD5FileChunk -#define MD5FileChunk _libmd_MD5FileChunk -#endif -#ifndef MD5Data -#define MD5Data _libmd_MD5Data -#endif - -#endif - #include <sys/md5.h> #endif /* _MD5_H_ */ diff --git a/lib/libmd/md5c.c b/lib/libmd/md5c.c deleted file mode 100644 index fc852b913464..000000000000 --- a/lib/libmd/md5c.c +++ /dev/null @@ -1,347 +0,0 @@ -/*- - * SPDX-License-Identifier: RSA-MD - * - * MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm - * - * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All - * rights reserved. - * - * License to copy and use this software is granted provided that it - * is identified as the "RSA Data Security, Inc. MD5 Message-Digest - * Algorithm" in all material mentioning or referencing this software - * or this function. - * - * License is also granted to make and use derivative works provided - * that such works are identified as "derived from the RSA Data - * Security, Inc. MD5 Message-Digest Algorithm" in all material - * mentioning or referencing the derived work. - * - * RSA Data Security, Inc. makes no representations concerning either - * the merchantability of this software or the suitability of this - * software for any particular purpose. It is provided "as is" - * without express or implied warranty of any kind. - * - * These notices must be retained in any copies of any part of this - * documentation and/or software. - * - * This code is the same as the code published by RSA Inc. It has been - * edited for clarity and style only. - */ - -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - -#include <sys/types.h> - -#ifdef _KERNEL -#include <sys/systm.h> -#else -#include <string.h> -#endif - -#include <machine/endian.h> -#include <sys/endian.h> -#include "md5.h" - -static void MD5Transform(u_int32_t [4], const unsigned char [64]); - -#ifdef _KERNEL -#define memset(x,y,z) bzero(x,z); -#define memcpy(x,y,z) bcopy(y, x, z) -#endif - -#if (BYTE_ORDER == LITTLE_ENDIAN) -#define Encode memcpy -#define Decode memcpy -#else - -/* - * Encodes input (u_int32_t) into output (unsigned char). Assumes len is - * a multiple of 4. - */ - -static void -Encode (unsigned char *output, u_int32_t *input, unsigned int len) -{ - unsigned int i; - u_int32_t *op = (u_int32_t *)output; - - for (i = 0; i < len / 4; i++) - op[i] = htole32(input[i]); -} - -/* - * Decodes input (unsigned char) into output (u_int32_t). Assumes len is - * a multiple of 4. - */ - -static void -Decode (u_int32_t *output, const unsigned char *input, unsigned int len) -{ - unsigned int i; - const u_int32_t *ip = (const u_int32_t *)input; - - for (i = 0; i < len / 4; i++) - output[i] = le32toh(ip[i]); -} -#endif - -static unsigned char PADDING[64] = { - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -/* F, G, H and I are basic MD5 functions. */ -#define F(x, y, z) (((x) & (y)) | ((~x) & (z))) -#define G(x, y, z) (((x) & (z)) | ((y) & (~z))) -#define H(x, y, z) ((x) ^ (y) ^ (z)) -#define I(x, y, z) ((y) ^ ((x) | (~z))) - -/* ROTATE_LEFT rotates x left n bits. */ -#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) - -/* - * FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. - * Rotation is separate from addition to prevent recomputation. - */ -#define FF(a, b, c, d, x, s, ac) { \ - (a) += F ((b), (c), (d)) + (x) + (u_int32_t)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } -#define GG(a, b, c, d, x, s, ac) { \ - (a) += G ((b), (c), (d)) + (x) + (u_int32_t)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } -#define HH(a, b, c, d, x, s, ac) { \ - (a) += H ((b), (c), (d)) + (x) + (u_int32_t)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } -#define II(a, b, c, d, x, s, ac) { \ - (a) += I ((b), (c), (d)) + (x) + (u_int32_t)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } - -/* MD5 initialization. Begins an MD5 operation, writing a new context. */ - -void -MD5Init (MD5_CTX *context) -{ - - context->count[0] = context->count[1] = 0; - - /* Load magic initialization constants. */ - context->state[0] = 0x67452301; - context->state[1] = 0xefcdab89; - context->state[2] = 0x98badcfe; - context->state[3] = 0x10325476; -} - -/* - * MD5 block update operation. Continues an MD5 message-digest - * operation, processing another message block, and updating the - * context. - */ - -void -MD5Update (MD5_CTX *context, const void *in, unsigned int inputLen) -{ - unsigned int i, idx, partLen; - const unsigned char *input = in; - - /* Compute number of bytes mod 64 */ - idx = (unsigned int)((context->count[0] >> 3) & 0x3F); - - /* Update number of bits */ - if ((context->count[0] += ((u_int32_t)inputLen << 3)) - < ((u_int32_t)inputLen << 3)) - context->count[1]++; - context->count[1] += ((u_int32_t)inputLen >> 29); - - partLen = 64 - idx; - - /* Transform as many times as possible. */ - if (inputLen >= partLen) { - memcpy((void *)&context->buffer[idx], (const void *)input, - partLen); - MD5Transform (context->state, context->buffer); - - for (i = partLen; i + 63 < inputLen; i += 64) - MD5Transform (context->state, &input[i]); - - idx = 0; - } - else - i = 0; - - /* Buffer remaining input */ - memcpy ((void *)&context->buffer[idx], (const void *)&input[i], - inputLen-i); -} - -/* - * MD5 padding. Adds padding followed by original length. - */ - -void -MD5Pad (MD5_CTX *context) -{ - unsigned char bits[8]; - unsigned int idx, padLen; - - /* Save number of bits */ - Encode (bits, context->count, 8); - - /* Pad out to 56 mod 64. */ - idx = (unsigned int)((context->count[0] >> 3) & 0x3f); - padLen = (idx < 56) ? (56 - idx) : (120 - idx); - MD5Update (context, PADDING, padLen); - - /* Append length (before padding) */ - MD5Update (context, bits, 8); -} - -/* - * MD5 finalization. Ends an MD5 message-digest operation, writing the - * the message digest and zeroizing the context. - */ - -void -MD5Final (unsigned char digest[16], MD5_CTX *context) -{ - /* Do padding. */ - MD5Pad (context); - - /* Store state in digest */ - Encode (digest, context->state, 16); - - /* Zeroize sensitive information. */ - explicit_bzero(context, sizeof(*context)); -} - -/* MD5 basic transformation. Transforms state based on block. */ - -static void -MD5Transform (u_int32_t state[4], const unsigned char block[64]) -{ - u_int32_t a = state[0], b = state[1], c = state[2], d = state[3], x[16]; - - Decode (x, block, 64); - - /* Round 1 */ -#define S11 7 -#define S12 12 -#define S13 17 -#define S14 22 - FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */ - FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */ - FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */ - FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */ - FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */ - FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */ - FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */ - FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */ - FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */ - FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */ - FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ - FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ - FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ - FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ - FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ - FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ - - /* Round 2 */ -#define S21 5 -#define S22 9 -#define S23 14 -#define S24 20 - GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */ - GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */ - GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ - GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */ - GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */ - GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */ - GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ - GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */ - GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */ - GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ - GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */ - GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ - GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ - GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ - GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ - GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ - - /* Round 3 */ -#define S31 4 -#define S32 11 -#define S33 16 -#define S34 23 - HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */ - HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */ - HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ - HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ - HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */ - HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */ - HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */ - HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ - HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ - HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */ - HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */ - HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */ - HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */ - HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ - HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ - HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */ - - /* Round 4 */ -#define S41 6 -#define S42 10 -#define S43 15 -#define S44 21 - II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */ - II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */ - II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ - II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */ - II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ - II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */ - II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ - II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */ - II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */ - II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ - II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */ - II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ - II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */ - II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ - II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */ - II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */ - - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - - /* Zeroize sensitive information. */ - memset ((void *)x, 0, sizeof (x)); -} - -#ifdef WEAK_REFS -/* When building libmd, provide weak references. Note: this is not - activated in the context of compiling these sources for internal - use in libcrypt. - */ -#undef MD5Init -__weak_reference(_libmd_MD5Init, MD5Init); -#undef MD5Update -__weak_reference(_libmd_MD5Update, MD5Update); -#undef MD5Pad -__weak_reference(_libmd_MD5Pad, MD5Pad); -#undef MD5Final -__weak_reference(_libmd_MD5Final, MD5Final); -#undef MD5Transform -__weak_reference(_libmd_MD5Transform, MD5Transform); -#endif diff --git a/lib/libmd/mdX.3 b/lib/libmd/mdX.3 index 30e6f367c662..7c86f28ad628 100644 --- a/lib/libmd/mdX.3 +++ b/lib/libmd/mdX.3 @@ -6,9 +6,7 @@ .\" this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp .\" ---------------------------------------------------------------------------- .\" -.\" $FreeBSD$ -.\" -.Dd May 21, 2019 +.Dd March 8, 2022 .Dt MDX 3 .Os .Sh NAME @@ -17,6 +15,8 @@ .Nm MDXPad , .Nm MDXFinal , .Nm MDXEnd , +.Nm MDXFd , +.Nm MDXFdChunk , .Nm MDXFile , .Nm MDXFileChunk , .Nm MDXData @@ -37,6 +37,10 @@ .Ft "char *" .Fn MDXEnd "MDX_CTX *context" "char *buf" .Ft "char *" +.Fn MDXFd "int fd" "char *buf" +.Ft "char *" +.Fn MDXFdChunk "int fd" "char *buf" "off_t offset" "off_t length" +.Ft "char *" .Fn MDXFile "const char *filename" "char *buf" .Ft "char *" .Fn MDXFileChunk "const char *filename" "char *buf" "off_t offset" "off_t length" @@ -95,8 +99,7 @@ function is a wrapper for .Fn MDXFinal which converts the return value to a 33-character (including the terminating '\e0') -.Tn ASCII -string which represents the 128 bits in hexadecimal. +ASCII string which represents the 128 bits in hexadecimal. .Pp The .Fn MDXFile @@ -128,6 +131,19 @@ function calculates the digest of a chunk of data in memory, and uses .Fn MDXEnd to return the result. .Pp +The +.Fn MDXFd +and +.Fn MDXFdChunk +functions are identical to their +.Fn MDXFile +and +.Fn MDXFileChunk +counterparts, with the exception that the first argument is an +.Fa fd +instead of a +.Fa filename . +.Pp When using .Fn MDXEnd , .Fn MDXFile , @@ -162,7 +178,7 @@ may return NULL when underlying .Xr fstat 2 , .Xr lseek 2 , or -.Xr MDXEnd 2 +.Xr MDXEnd 3 fail. .Sh SEE ALSO .Xr md4 3 , @@ -201,15 +217,12 @@ These functions appeared in .Fx 2.0 . .Sh AUTHORS The original MDX routines were developed by -.Tn RSA -Data Security, Inc., and published in the above references. +RSA Data Security, Inc., and published in the above references. This code is derived directly from these implementations by .An Poul-Henning Kamp Aq Mt phk@FreeBSD.org . .Pp Phk ristede runen. .Sh BUGS -The -.Tn MD5 -algorithm has been proven to be vulnerable to practical collision +The MD5 algorithm has been proven to be vulnerable to practical collision attacks and should not be relied upon to produce unique outputs, .Em nor should they be used as part of a cryptographic signature scheme. diff --git a/lib/libmd/mdXhl.c b/lib/libmd/mdXhl.c index 983ea8add989..68598f192056 100644 --- a/lib/libmd/mdXhl.c +++ b/lib/libmd/mdXhl.c @@ -9,9 +9,6 @@ * ---------------------------------------------------------------------------- */ -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> @@ -133,6 +130,10 @@ __weak_reference(_libmd_MDXEnd, MDXEnd); __weak_reference(_libmd_MDXFile, MDXFile); #undef MDXFileChunk __weak_reference(_libmd_MDXFileChunk, MDXFileChunk); +#undef MDXFd +__weak_reference(_libmd_MDXFd, MDXFd); +#undef MDXFdChunk +__weak_reference(_libmd_MDXFdChunk, MDXFdChunk); #undef MDXData __weak_reference(_libmd_MDXData, MDXData); #endif diff --git a/lib/libmd/ripemd.3 b/lib/libmd/ripemd.3 index d868ae12827b..cad07aac8007 100644 --- a/lib/libmd/ripemd.3 +++ b/lib/libmd/ripemd.3 @@ -7,9 +7,8 @@ .\" ---------------------------------------------------------------------------- .\" .\" From: Id: mdX.3,v 1.14 1999/02/11 20:31:49 wollman Exp -.\" $FreeBSD$ .\" -.Dd July 20, 2018 +.Dd March 8, 2022 .Dt RIPEMD 3 .Os .Sh NAME @@ -17,6 +16,8 @@ .Nm RIPEMD160_Update , .Nm RIPEMD160_Final , .Nm RIPEMD160_End , +.Nm RIPEMD160_Fd , +.Nm RIPEMD160_FdChunk , .Nm RIPEMD160_File , .Nm RIPEMD160_FileChunk , .Nm RIPEMD160_Data @@ -35,6 +36,10 @@ .Ft "char *" .Fn RIPEMD160_End "RIPEMD160_CTX *context" "char *buf" .Ft "char *" +.Fn RIPEMD160_Fd "int fd" "char *buf" +.Ft "char *" +.Fn RIPEMD160_FdChunk "int fd" "char *buf" "off_t offset" "off_t length" +.Ft "char *" .Fn RIPEMD160_File "const char *filename" "char *buf" .Ft "char *" .Fn RIPEMD160_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length" @@ -75,8 +80,7 @@ function is a wrapper for .Fn RIPEMD160_Final which converts the return value to a 41-character (including the terminating '\e0') -.Tn ASCII -string which represents the 160 bits in hexadecimal. +ASCII string which represents the 160 bits in hexadecimal. .Pp The .Fn RIPEMD160_File @@ -108,6 +112,19 @@ function calculates the digest of a chunk of data in memory, and uses .Fn RIPEMD160_End to return the result. .Pp +The +.Fn RIPEMD160_Fd +and +.Fn RIPEMD160_FdChunk +functions are identical to their +.Fn RIPEMD160_File +and +.Fn RIPEMD160_FileChunk +counterparts, with the exception that the first argument is an +.Fa fd +instead of a +.Fa filename . +.Pp When using .Fn RIPEMD160_End , .Fn RIPEMD160_File , @@ -142,7 +159,7 @@ may return NULL when underlying .Xr fstat 2 , .Xr lseek 2 , or -.Xr RIPEMD160_End 2 +.Xr RIPEMD160_End 3 fail. .Sh SEE ALSO .Xr md4 3 , @@ -156,9 +173,7 @@ These functions appeared in .Fx 4.0 . .Sh AUTHORS The core hash routines were implemented by Eric Young based on the -published -.Tn RIPEMD160 -specification. +published RIPEMD160 specification. .Sh BUGS No method is known to exist which finds two files having the same hash value, nor to find a file with a specific hash value. diff --git a/lib/libmd/ripemd.h b/lib/libmd/ripemd.h index 8f202a53ed84..252483be0a17 100644 --- a/lib/libmd/ripemd.h +++ b/lib/libmd/ripemd.h @@ -57,13 +57,11 @@ */ /* - * $FreeBSD$ */ #ifndef HEADER_RIPEMD_H #define HEADER_RIPEMD_H -#include <sys/cdefs.h> #include <sys/types.h> /* XXX switch to machine/ansi.h and __ types */ #define RIPEMD160_CBLOCK 64 @@ -111,13 +109,10 @@ __BEGIN_DECLS #ifndef RIPEMD160_Data #define RIPEMD160_Data _libmd_RIPEMD160_Data #endif - #ifndef RIPEMD160_Transform -#define RIPEMD160_Transform _libmd_RIPEMD160_Transform -#endif -#ifndef RMD160_version -#define RMD160_version _libmd_RMD160_version +#define RIPEMD160_Transform _libmd_RIPEMD160_Transform #endif + #ifndef ripemd160_block #define ripemd160_block _libmd_ripemd160_block #endif diff --git a/lib/libmd/rmd160c.c b/lib/libmd/rmd160c.c index fa58b7b8735f..92d6524b25b4 100644 --- a/lib/libmd/rmd160c.c +++ b/lib/libmd/rmd160c.c @@ -56,9 +56,6 @@ * [including the GNU Public Licence.] */ -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - #include <sys/types.h> #include <stdio.h> @@ -79,7 +76,7 @@ __FBSDID("$FreeBSD$"); #undef RMD160_ASM #endif -char *RMD160_version="RIPEMD160 part of SSLeay 0.9.0b 11-Oct-1998"; +static char *RMD160_version="RIPEMD160 part of SSLeay 0.9.0b 11-Oct-1998"; #ifdef RMD160_ASM void ripemd160_block_x86(RIPEMD160_CTX *c, const u_int32_t *p,int num); @@ -88,8 +85,7 @@ void ripemd160_block_x86(RIPEMD160_CTX *c, const u_int32_t *p,int num); void ripemd160_block(RIPEMD160_CTX *c, const u_int32_t *p,int num); #endif -void RIPEMD160_Init(c) -RIPEMD160_CTX *c; +void RIPEMD160_Init(RIPEMD160_CTX *c) { c->A=RIPEMD160_A; c->B=RIPEMD160_B; @@ -101,10 +97,7 @@ RIPEMD160_CTX *c; c->num=0; } -void RIPEMD160_Update(c, in, len) -RIPEMD160_CTX *c; -const void *in; -size_t len; +void RIPEMD160_Update(RIPEMD160_CTX *c, const void *in, size_t len) { u_int32_t *p; int sw,sc; @@ -233,9 +226,7 @@ size_t len; } } -void RIPEMD160_Transform(c,b) -RIPEMD160_CTX *c; -unsigned char *b; +static void RIPEMD160_Transform(RIPEMD160_CTX *c, unsigned char *b) { u_int32_t p[16]; #if BYTE_ORDER != LITTLE_ENDIAN @@ -272,10 +263,7 @@ unsigned char *b; #ifndef RMD160_ASM -void ripemd160_block(ctx, X, num) -RIPEMD160_CTX *ctx; -const u_int32_t *X; -int num; +void ripemd160_block(RIPEMD160_CTX *ctx, const u_int32_t *X, int num) { u_int32_t A,B,C,D,E; u_int32_t a,b,c,d,e; @@ -472,9 +460,7 @@ int num; } #endif -void RIPEMD160_Final(md, c) -unsigned char *md; -RIPEMD160_CTX *c; +void RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c) { int i,j; u_int32_t l; @@ -528,8 +514,7 @@ RIPEMD160_CTX *c; } #ifdef undef -int printit(l) -unsigned long *l; +int printit(unsigned long *l) { int i,ii; @@ -555,10 +540,4 @@ __weak_reference(_libmd_RIPEMD160_Init, RIPEMD160_Init); __weak_reference(_libmd_RIPEMD160_Update, RIPEMD160_Update); #undef RIPEMD160_Final __weak_reference(_libmd_RIPEMD160_Final, RIPEMD160_Final); -#undef RIPEMD160_Transform -__weak_reference(_libmd_RIPEMD160_Transform, RIPEMD160_Transform); -#undef RMD160_version -__weak_reference(_libmd_RMD160_version, RMD160_version); -#undef ripemd160_block -__weak_reference(_libmd_ripemd160_block, ripemd160_block); #endif diff --git a/lib/libmd/sha.3 b/lib/libmd/sha.3 index 20a1e5639dde..e2475f981738 100644 --- a/lib/libmd/sha.3 +++ b/lib/libmd/sha.3 @@ -7,9 +7,8 @@ .\" ---------------------------------------------------------------------------- .\" .\" From: Id: mdX.3,v 1.14 1999/02/11 20:31:49 wollman Exp -.\" $FreeBSD$ .\" -.Dd May 21, 2019 +.Dd February 12, 2023 .Dt SHA 3 .Os .Sh NAME @@ -17,6 +16,8 @@ .Nm SHA_Update , .Nm SHA_Final , .Nm SHA_End , +.Nm SHA_Fd , +.Nm SHA_FdChunk , .Nm SHA_File , .Nm SHA_FileChunk , .Nm SHA_Data , @@ -24,6 +25,8 @@ .Nm SHA1_Update , .Nm SHA1_Final , .Nm SHA1_End , +.Nm SHA1_Fd , +.Nm SHA1_FdChunk , .Nm SHA1_File , .Nm SHA1_FileChunk , .Nm SHA1_Data @@ -42,6 +45,10 @@ .Ft "char *" .Fn SHA_End "SHA_CTX *context" "char *buf" .Ft "char *" +.Fn SHA_Fd "int fd" "char *buf" +.Ft "char *" +.Fn SHA_FdChunk "int fd" "char *buf" "off_t offset" "off_t length" +.Ft "char *" .Fn SHA_File "const char *filename" "char *buf" .Ft "char *" .Fn SHA_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length" @@ -56,6 +63,10 @@ .Ft "char *" .Fn SHA1_End "SHA_CTX *context" "char *buf" .Ft "char *" +.Fn SHA1_Fd "int fd" "char *buf" +.Ft "char *" +.Fn SHA1_FdChunk "int fd" "char *buf" "off_t offset" "off_t length" +.Ft "char *" .Fn SHA1_File "const char *filename" "char *buf" .Ft "char *" .Fn SHA1_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length" @@ -76,16 +87,9 @@ a .Dq fingerprint of the input-data, which does not disclose the actual input. .Pp -.Tn SHA -(or -.Tn SHA-0 ) -is the original Secure Hash Algorithm specified in -.Tn FIPS -160. -It was quickly proven insecure, and has been superseded by -.Tn SHA-1 . -.Tn SHA-0 -is included for compatibility purposes only. +SHA (or SHA-0) is the original Secure Hash Algorithm specified in FIPS 160. +It was quickly proven insecure, and has been superseded by SHA-1. +SHA-0 is included for compatibility purposes only. .Pp The .Fn SHA1_Init , @@ -109,8 +113,7 @@ is a wrapper for .Fn SHA1_Final which converts the return value to a 41-character (including the terminating '\e0') -.Tn ASCII -string which represents the 160 bits in hexadecimal. +ASCII string which represents the 160 bits in hexadecimal. .Pp .Fn SHA1_File calculates the digest of a file, and uses @@ -139,6 +142,19 @@ calculates the digest of a chunk of data in memory, and uses .Fn SHA1_End to return the result. .Pp +The +.Fn SHA1_Fd +and +.Fn SHA1_FdChunk +functions are identical to their +.Fn SHA1_File +and +.Fn SHA1_FileChunk +counterparts, with the exception that the first argument is an +.Fa fd +instead of a +.Fa filename . +.Pp When using .Fn SHA1_End , .Fn SHA1_File , @@ -173,7 +189,7 @@ may return NULL when underlying .Xr fstat 2 , .Xr lseek 2 , or -.Xr SHA1_End 2 +.Xr SHA1_End 3 fail. .Sh SEE ALSO .Xr md4 3 , @@ -188,23 +204,8 @@ These functions appeared in .Sh AUTHORS The core hash routines were implemented by Eric Young based on the published -.Tn FIPS -standards. +FIPS standards. .Sh BUGS -The -.Tn SHA1 -algorithm has been proven to be vulnerable to practical collision +The SHA1 algorithm has been proven to be vulnerable to practical collision attacks and should not be relied upon to produce unique outputs, .Em nor should it be used as part of a new cryptographic signature scheme. -.Pp -The -.Tn IA32 -(Intel) implementation of -.Tn SHA-1 -makes heavy use of the -.Ql bswapl -instruction, which is not present on the original 80386. -Attempts to use -.Tn SHA-1 -on those processors will cause an illegal instruction trap. -(Arguably, the kernel should simply emulate this instruction.) diff --git a/lib/libmd/sha.h b/lib/libmd/sha.h index af32f56bfb5b..3d1cd8da3ae2 100644 --- a/lib/libmd/sha.h +++ b/lib/libmd/sha.h @@ -53,14 +53,11 @@ * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * - * $FreeBSD$ */ #ifndef _SHA_H_ #define _SHA_H_ 1 -#include <sys/cdefs.h> #include <sys/types.h> /* XXX switch to machine/ansi.h and __ types */ #define SHA_CBLOCK 64 @@ -110,12 +107,6 @@ __BEGIN_DECLS #define SHA_Data _libmd_SHA_Data #endif -#ifndef SHA_Transform -#define SHA_Transform _libmd_SHA_Transform -#endif -#ifndef SHA_version -#define SHA_version _libmd_SHA_version -#endif #ifndef sha_block #define sha_block _libmd_sha_block #endif @@ -147,13 +138,10 @@ __BEGIN_DECLS #ifndef SHA1_Data #define SHA1_Data _libmd_SHA1_Data #endif - #ifndef SHA1_Transform #define SHA1_Transform _libmd_SHA1_Transform #endif -#ifndef SHA1_version -#define SHA1_version _libmd_SHA1_version -#endif + #ifndef sha1_block #define sha1_block _libmd_sha1_block #endif diff --git a/lib/libmd/sha0c.c b/lib/libmd/sha0c.c index 438c3a4852ff..a36617b6ca60 100644 --- a/lib/libmd/sha0c.c +++ b/lib/libmd/sha0c.c @@ -56,9 +56,6 @@ * [including the GNU Public Licence.] */ -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - #include <sys/types.h> #include <stdio.h> @@ -102,8 +99,7 @@ char *SHA_version="SHA part of SSLeay 0.9.0b 11-Oct-1998"; #define M_p_c2nl_p p_c2nl_p #define M_nl2c nl2c -void SHA_Init(c) -SHA_CTX *c; +void SHA_Init(SHA_CTX *c) { c->h0=INIT_DATA_h0; c->h1=INIT_DATA_h1; @@ -115,10 +111,7 @@ SHA_CTX *c; c->num=0; } -void SHA_Update(c, in, len) -SHA_CTX *c; -const void *in; -size_t len; +void SHA_Update(SHA_CTX *c, const void *in, size_t len) { u_int32_t *p; int ew,ec,sw,sc; @@ -249,9 +242,7 @@ size_t len; p[sw]=l; } -void SHA_Transform(c,b) -SHA_CTX *c; -unsigned char *b; +static void SHA_Transform(SHA_CTX *c, unsigned char *b) { u_int32_t p[16]; #if BYTE_ORDER == LITTLE_ENDIAN @@ -286,10 +277,7 @@ unsigned char *b; sha_block(c,p,64); } -void sha_block(c, W, num) -SHA_CTX *c; -const u_int32_t *W; -int num; +void sha_block(SHA_CTX *c, const u_int32_t *W, int num) { u_int32_t A,B,C,D,E,T; u_int32_t X[16]; @@ -405,9 +393,7 @@ int num; } } -void SHA_Final(md, c) -unsigned char *md; -SHA_CTX *c; +void SHA_Final(unsigned char *md, SHA_CTX *c) { int i,j; u_int32_t l; diff --git a/lib/libmd/sha1c.c b/lib/libmd/sha1c.c index 870af2ab1556..02132d720dac 100644 --- a/lib/libmd/sha1c.c +++ b/lib/libmd/sha1c.c @@ -1,490 +1,244 @@ -/* crypto/sha/sha1dgst.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/*- + * Copyright (c) 2009 The Go Authors. All rights reserved. + * Copyright (c) 2024 Robert Clausecker <fuz@FreeBSD.org> + * + * Adapted from Go's crypto/sha1/sha1.go. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the routines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following disclaimer + * in the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google Inc. nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - -#include <sys/types.h> - -#include <stdio.h> +#include <assert.h> +#include <sha.h> +#include <stdint.h> #include <string.h> +#include <strings.h> +#include <sys/endian.h> -#if 0 -#include <machine/ansi.h> /* we use the __ variants of bit-sized types */ +#ifdef SHA1_ASM +extern void sha1_block(SHA1_CTX *, const void *, size_t); +#else +static void sha1_block(SHA1_CTX *, const void *, size_t); #endif -#include <machine/endian.h> -#undef SHA_0 -#define SHA_1 -#include "sha.h" -#include "sha_locl.h" +#define INIT0 0x67452301 +#define INIT1 0xEFCDAB89 +#define INIT2 0x98BADCFE +#define INIT3 0x10325476 +#define INIT4 0xC3D2E1F0 -/* - * The assembly-language code is not position-independent, so don't - * try to use it in a shared library. - */ -#ifdef PIC -#undef SHA1_ASM -#endif +#define K0 0x5A827999 +#define K1 0x6ED9EBA1 +#define K2 0x8F1BBCDC +#define K3 0xCA62C1D6 -char *SHA1_version="SHA1 part of SSLeay 0.9.0b 11-Oct-1998"; +void +SHA1_Init(SHA1_CTX *c) +{ + c->h0 = INIT0; + c->h1 = INIT1; + c->h2 = INIT2; + c->h3 = INIT3; + c->h4 = INIT4; + c->Nl = 0; + c->Nh = 0; + c->num = 0; +} -/* Implemented from SHA-1 document - The Secure Hash Algorithm - */ +void +SHA1_Update(SHA1_CTX *c, const void *data, size_t len) +{ + uint64_t nn; + const char *p = data; -#define INIT_DATA_h0 (unsigned long)0x67452301L -#define INIT_DATA_h1 (unsigned long)0xefcdab89L -#define INIT_DATA_h2 (unsigned long)0x98badcfeL -#define INIT_DATA_h3 (unsigned long)0x10325476L -#define INIT_DATA_h4 (unsigned long)0xc3d2e1f0L - -#define K_00_19 0x5a827999L -#define K_20_39 0x6ed9eba1L -#define K_40_59 0x8f1bbcdcL -#define K_60_79 0xca62c1d6L - -#ifndef NOPROTO -# ifdef SHA1_ASM - void sha1_block_x86(SHA_CTX *c, const u_int32_t *p, int num); -# define sha1_block sha1_block_x86 -# else - void sha1_block(SHA_CTX *c, const u_int32_t *p, int num); -# endif -#else -# ifdef SHA1_ASM - void sha1_block_x86(); -# define sha1_block sha1_block_x86 -# else - void sha1_block(); -# endif -#endif + nn = (uint64_t)c->Nl | (uint64_t)c->Nh << 32; + nn += len; + c->Nl = (uint32_t)nn; + c->Nh = (uint32_t)(nn >> 32); + if (c->num > 0) { + size_t n = SHA_CBLOCK - c->num; -#if BYTE_ORDER == LITTLE_ENDIAN && defined(SHA1_ASM) -# define M_c2nl c2l -# define M_p_c2nl p_c2l -# define M_c2nl_p c2l_p -# define M_p_c2nl_p p_c2l_p -# define M_nl2c l2c -#else -# define M_c2nl c2nl -# define M_p_c2nl p_c2nl -# define M_c2nl_p c2nl_p -# define M_p_c2nl_p p_c2nl_p -# define M_nl2c nl2c -#endif + if (n > len) + n = len; + + memcpy((char *)c->data + c->num, p, n); + c->num += n; + if (c->num == SHA_CBLOCK) { + sha1_block(c, (void *)c->data, SHA_CBLOCK); + c->num = 0; + } + + p += n; + len -= n; + } + + if (len >= SHA_CBLOCK) { + size_t n = len & ~(size_t)(SHA_CBLOCK - 1); + + sha1_block(c, p, n); + p += n; + len -= n; + } -void SHA1_Init(c) -SHA_CTX *c; - { - c->h0=INIT_DATA_h0; - c->h1=INIT_DATA_h1; - c->h2=INIT_DATA_h2; - c->h3=INIT_DATA_h3; - c->h4=INIT_DATA_h4; - c->Nl=0; - c->Nh=0; - c->num=0; + if (len > 0) { + memcpy(c->data, p, len); + c->num = len; } +} void -SHA1_Update(c, in, len) - SHA_CTX *c; - const void *in; - size_t len; +SHA1_Final(unsigned char *md, SHA1_CTX *c) { - u_int32_t *p; - int ew,ec,sw,sc; - u_int32_t l; - const unsigned char *data = in; - - if (len == 0) return; - - l=(c->Nl+(len<<3))&0xffffffffL; - if (l < c->Nl) /* overflow */ - c->Nh++; - c->Nh+=(len>>29); - c->Nl=l; - - if (c->num != 0) - { - p=c->data; - sw=c->num>>2; - sc=c->num&0x03; - - if ((c->num+len) >= SHA_CBLOCK) - { - l= p[sw]; - M_p_c2nl(data,l,sc); - p[sw++]=l; - for (; sw<SHA_LBLOCK; sw++) - { - M_c2nl(data,l); - p[sw]=l; - } - len-=(SHA_CBLOCK-c->num); - - sha1_block(c,p,64); - c->num=0; - /* drop through and do the rest */ - } - else - { - c->num+=(int)len; - if ((sc+len) < 4) /* ugly, add char's to a word */ - { - l= p[sw]; - M_p_c2nl_p(data,l,sc,len); - p[sw]=l; - } - else - { - ew=(c->num>>2); - ec=(c->num&0x03); - l= p[sw]; - M_p_c2nl(data,l,sc); - p[sw++]=l; - for (; sw < ew; sw++) - { M_c2nl(data,l); p[sw]=l; } - if (ec) - { - M_c2nl_p(data,l,ec); - p[sw]=l; - } - } - return; - } + uint64_t len; + size_t t; + unsigned char tmp[SHA_CBLOCK + sizeof(uint64_t)] = {0x80, 0}; + + len = (uint64_t)c->Nl | (uint64_t)c->Nh << 32; + t = 64 + 56 - c->Nl % 64; + if (t > 64) + t -= 64; + + /* length in bits */ + len <<= 3; + be64enc(tmp + t, len); + SHA1_Update(c, tmp, t + 8); + assert(c->num == 0); + + be32enc(md + 0, c->h0); + be32enc(md + 4, c->h1); + be32enc(md + 8, c->h2); + be32enc(md + 12, c->h3); + be32enc(md + 16, c->h4); + + explicit_bzero(c, sizeof(*c)); +} + +#ifndef SHA1_ASM +static void +/* invariant: len is a multiple of SHA_CBLOCK */ +sha1_block(SHA1_CTX *c, const void *data, size_t len) +{ + uint32_t w[16]; + uint32_t h0 = c->h0, h1 = c->h1, h2 = c->h2, h3 = c->h3, h4 = c->h4; + const char *p = data; + + while (len >= SHA_CBLOCK) { + size_t i; + uint32_t a = h0, b = h1, c = h2, d = h3, e = h4; + uint32_t f, t, tmp; + +# pragma unroll + for (i = 0; i < 16; i++) + w[i] = be32dec(p + 4*i); + +# pragma unroll + for (i = 0; i < 16; i++) { + f = b & c | ~b & d; + t = (a << 5 | a >> 32 - 5) + f + e + w[i & 0xf] + K0; + e = d; + d = c; + c = b << 30 | b >> 32 - 30; + b = a; + a = t; } - /* We can only do the following code for assember, the reason - * being that the sha1_block 'C' version changes the values - * in the 'data' array. The assember code avoids this and - * copies it to a local array. I should be able to do this for - * the C version as well.... - */ -#if 1 -#if BYTE_ORDER == BIG_ENDIAN || defined(SHA1_ASM) - if ((((unsigned int)data)%sizeof(u_int32_t)) == 0) - { - sw=len/SHA_CBLOCK; - if (sw) - { - sw*=SHA_CBLOCK; - sha1_block(c,(u_int32_t *)data,sw); - data+=sw; - len-=sw; - } + +# pragma unroll + for (; i < 20; i++) { + tmp = w[i - 3 & 0xf] ^ w[i - 8 & 0xf] ^ w[i - 14 & 0xf] ^ w[i & 0xf]; + w[i & 0xf] = tmp << 1 | tmp >> 32 - 1; + + f = b & c | ~b & d; + t = (a << 5 | a >> 32 - 5) + f + e + w[i & 0xf] + K0; + e = d; + d = c; + c = b << 30 | b >> 32 - 30; + b = a; + a = t; } -#endif -#endif - /* we now can process the input data in blocks of SHA_CBLOCK - * chars and save the leftovers to c->data. */ - p=c->data; - while (len >= SHA_CBLOCK) - { -#if BYTE_ORDER == BIG_ENDIAN || BYTE_ORDER == LITTLE_ENDIAN - if (p != (u_int32_t *)data) - memcpy(p,data,SHA_CBLOCK); - data+=SHA_CBLOCK; -# if BYTE_ORDER == LITTLE_ENDIAN -# ifndef SHA1_ASM /* Will not happen */ - for (sw=(SHA_LBLOCK/4); sw; sw--) - { - Endian_Reverse32(p[0]); - Endian_Reverse32(p[1]); - Endian_Reverse32(p[2]); - Endian_Reverse32(p[3]); - p+=4; - } - p=c->data; -# endif -# endif -#else - for (sw=(SHA_BLOCK/4); sw; sw--) - { - M_c2nl(data,l); *(p++)=l; - M_c2nl(data,l); *(p++)=l; - M_c2nl(data,l); *(p++)=l; - M_c2nl(data,l); *(p++)=l; - } - p=c->data; -#endif - sha1_block(c,p,64); - len-=SHA_CBLOCK; + +# pragma unroll + for (; i < 40; i++) { + tmp = w[i - 3 & 0xf] ^ w[i - 8 & 0xf] ^ w[i - 14 & 0xf] ^ w[i & 0xf]; + w[i & 0xf] = tmp << 1 | tmp >> 32 - 1; + + f = b ^ c ^ d; + t = (a << 5 | a >> 32 - 5) + f + e + w[i & 0xf] + K1; + e = d; + d = c; + c = b << 30 | b >> 32 - 30; + b = a; + a = t; } - ec=(int)len; - c->num=ec; - ew=(ec>>2); - ec&=0x03; - - for (sw=0; sw < ew; sw++) - { M_c2nl(data,l); p[sw]=l; } - M_c2nl_p(data,l,ec); - p[sw]=l; - } -void SHA1_Transform(c,b) -SHA_CTX *c; -unsigned char *b; - { - u_int32_t p[16]; -#if BYTE_ORDER != BIG_ENDIAN - u_int32_t *q; - int i; -#endif +# pragma unroll + for (; i < 60; i++) { + tmp = w[i - 3 & 0xf] ^ w[i - 8 & 0xf] ^ w[i - 14 & 0xf] ^ w[i & 0xf]; + w[i & 0xf] = tmp << 1 | tmp >> 32 - 1; + + f = (b | c) & d | b & c; + t = (a << 5 | a >> 32 - 5) + f + e + w[i & 0xf] + K2; + e = d; + d = c; + c = b << 30 | b >> 32 - 30; + b = a; + a = t; + } -#if BYTE_ORDER == BIG_ENDIAN || BYTE_ORDER == LITTLE_ENDIAN - memcpy(p,b,64); -#if BYTE_ORDER == LITTLE_ENDIAN - q=p; - for (i=(SHA_LBLOCK/4); i; i--) - { - Endian_Reverse32(q[0]); - Endian_Reverse32(q[1]); - Endian_Reverse32(q[2]); - Endian_Reverse32(q[3]); - q+=4; +# pragma unroll + for (; i < 80; i++) { + tmp = w[i - 3 & 0xf] ^ w[i - 8 & 0xf] ^ w[i - 14 & 0xf] ^ w[i & 0xf]; + w[i & 0xf] = tmp << 1 | tmp >> 32 - 1; + + f = b ^ c ^ d; + t = (a << 5 | a >> 32 - 5) + f + e + w[i & 0xf] + K3; + e = d; + d = c; + c = b << 30 | b >> 32 - 30; + b = a; + a = t; } -#endif -#else - q=p; - for (i=(SHA_LBLOCK/4); i; i--) - { - u_int32_t l; - c2nl(b,l); *(q++)=l; - c2nl(b,l); *(q++)=l; - c2nl(b,l); *(q++)=l; - c2nl(b,l); *(q++)=l; - } -#endif - sha1_block(c,p,64); - } -#ifndef SHA1_ASM + h0 += a; + h1 += b; + h2 += c; + h3 += d; + h4 += e; -void -sha1_block(c, W, num) - SHA_CTX *c; - const u_int32_t *W; - int num; -{ - u_int32_t A,B,C,D,E,T; - u_int32_t X[16]; - - A=c->h0; - B=c->h1; - C=c->h2; - D=c->h3; - E=c->h4; - - for (;;) - { - BODY_00_15( 0,A,B,C,D,E,T,W); - BODY_00_15( 1,T,A,B,C,D,E,W); - BODY_00_15( 2,E,T,A,B,C,D,W); - BODY_00_15( 3,D,E,T,A,B,C,W); - BODY_00_15( 4,C,D,E,T,A,B,W); - BODY_00_15( 5,B,C,D,E,T,A,W); - BODY_00_15( 6,A,B,C,D,E,T,W); - BODY_00_15( 7,T,A,B,C,D,E,W); - BODY_00_15( 8,E,T,A,B,C,D,W); - BODY_00_15( 9,D,E,T,A,B,C,W); - BODY_00_15(10,C,D,E,T,A,B,W); - BODY_00_15(11,B,C,D,E,T,A,W); - BODY_00_15(12,A,B,C,D,E,T,W); - BODY_00_15(13,T,A,B,C,D,E,W); - BODY_00_15(14,E,T,A,B,C,D,W); - BODY_00_15(15,D,E,T,A,B,C,W); - BODY_16_19(16,C,D,E,T,A,B,W,W,W,W); - BODY_16_19(17,B,C,D,E,T,A,W,W,W,W); - BODY_16_19(18,A,B,C,D,E,T,W,W,W,W); - BODY_16_19(19,T,A,B,C,D,E,W,W,W,X); - - BODY_20_31(20,E,T,A,B,C,D,W,W,W,X); - BODY_20_31(21,D,E,T,A,B,C,W,W,W,X); - BODY_20_31(22,C,D,E,T,A,B,W,W,W,X); - BODY_20_31(23,B,C,D,E,T,A,W,W,W,X); - BODY_20_31(24,A,B,C,D,E,T,W,W,X,X); - BODY_20_31(25,T,A,B,C,D,E,W,W,X,X); - BODY_20_31(26,E,T,A,B,C,D,W,W,X,X); - BODY_20_31(27,D,E,T,A,B,C,W,W,X,X); - BODY_20_31(28,C,D,E,T,A,B,W,W,X,X); - BODY_20_31(29,B,C,D,E,T,A,W,W,X,X); - BODY_20_31(30,A,B,C,D,E,T,W,X,X,X); - BODY_20_31(31,T,A,B,C,D,E,W,X,X,X); - BODY_32_39(32,E,T,A,B,C,D,X); - BODY_32_39(33,D,E,T,A,B,C,X); - BODY_32_39(34,C,D,E,T,A,B,X); - BODY_32_39(35,B,C,D,E,T,A,X); - BODY_32_39(36,A,B,C,D,E,T,X); - BODY_32_39(37,T,A,B,C,D,E,X); - BODY_32_39(38,E,T,A,B,C,D,X); - BODY_32_39(39,D,E,T,A,B,C,X); - - BODY_40_59(40,C,D,E,T,A,B,X); - BODY_40_59(41,B,C,D,E,T,A,X); - BODY_40_59(42,A,B,C,D,E,T,X); - BODY_40_59(43,T,A,B,C,D,E,X); - BODY_40_59(44,E,T,A,B,C,D,X); - BODY_40_59(45,D,E,T,A,B,C,X); - BODY_40_59(46,C,D,E,T,A,B,X); - BODY_40_59(47,B,C,D,E,T,A,X); - BODY_40_59(48,A,B,C,D,E,T,X); - BODY_40_59(49,T,A,B,C,D,E,X); - BODY_40_59(50,E,T,A,B,C,D,X); - BODY_40_59(51,D,E,T,A,B,C,X); - BODY_40_59(52,C,D,E,T,A,B,X); - BODY_40_59(53,B,C,D,E,T,A,X); - BODY_40_59(54,A,B,C,D,E,T,X); - BODY_40_59(55,T,A,B,C,D,E,X); - BODY_40_59(56,E,T,A,B,C,D,X); - BODY_40_59(57,D,E,T,A,B,C,X); - BODY_40_59(58,C,D,E,T,A,B,X); - BODY_40_59(59,B,C,D,E,T,A,X); - - BODY_60_79(60,A,B,C,D,E,T,X); - BODY_60_79(61,T,A,B,C,D,E,X); - BODY_60_79(62,E,T,A,B,C,D,X); - BODY_60_79(63,D,E,T,A,B,C,X); - BODY_60_79(64,C,D,E,T,A,B,X); - BODY_60_79(65,B,C,D,E,T,A,X); - BODY_60_79(66,A,B,C,D,E,T,X); - BODY_60_79(67,T,A,B,C,D,E,X); - BODY_60_79(68,E,T,A,B,C,D,X); - BODY_60_79(69,D,E,T,A,B,C,X); - BODY_60_79(70,C,D,E,T,A,B,X); - BODY_60_79(71,B,C,D,E,T,A,X); - BODY_60_79(72,A,B,C,D,E,T,X); - BODY_60_79(73,T,A,B,C,D,E,X); - BODY_60_79(74,E,T,A,B,C,D,X); - BODY_60_79(75,D,E,T,A,B,C,X); - BODY_60_79(76,C,D,E,T,A,B,X); - BODY_60_79(77,B,C,D,E,T,A,X); - BODY_60_79(78,A,B,C,D,E,T,X); - BODY_60_79(79,T,A,B,C,D,E,X); - - c->h0=(c->h0+E)&0xffffffffL; - c->h1=(c->h1+T)&0xffffffffL; - c->h2=(c->h2+A)&0xffffffffL; - c->h3=(c->h3+B)&0xffffffffL; - c->h4=(c->h4+C)&0xffffffffL; - - num-=64; - if (num <= 0) break; - - A=c->h0; - B=c->h1; - C=c->h2; - D=c->h3; - E=c->h4; - - W+=16; - } + p += SHA_CBLOCK; + len -= SHA_CBLOCK; } -#endif -void SHA1_Final(md, c) -unsigned char *md; -SHA_CTX *c; - { - int i,j; - u_int32_t l; - u_int32_t *p; - static unsigned char end[4]={0x80,0x00,0x00,0x00}; - unsigned char *cp=end; - - /* c->num should definitly have room for at least one more byte. */ - p=c->data; - j=c->num; - i=j>>2; -#ifdef PURIFY - if ((j&0x03) == 0) p[i]=0; + c->h0 = h0; + c->h1 = h1; + c->h2 = h2; + c->h3 = h3; + c->h4 = h4; +} #endif - l=p[i]; - M_p_c2nl(cp,l,j&0x03); - p[i]=l; - i++; - /* i is the next 'undefined word' */ - if (c->num >= SHA_LAST_BLOCK) - { - for (; i<SHA_LBLOCK; i++) - p[i]=0; - sha1_block(c,p,64); - i=0; - } - for (; i<(SHA_LBLOCK-2); i++) - p[i]=0; - p[SHA_LBLOCK-2]=c->Nh; - p[SHA_LBLOCK-1]=c->Nl; -#if BYTE_ORDER == LITTLE_ENDIAN && defined(SHA1_ASM) - Endian_Reverse32(p[SHA_LBLOCK-2]); - Endian_Reverse32(p[SHA_LBLOCK-1]); -#endif - sha1_block(c,p,64); - cp=md; - l=c->h0; nl2c(l,cp); - l=c->h1; nl2c(l,cp); - l=c->h2; nl2c(l,cp); - l=c->h3; nl2c(l,cp); - l=c->h4; nl2c(l,cp); - - /* Clear the context state */ - explicit_bzero(&c, sizeof(c)); - } #ifdef WEAK_REFS /* When building libmd, provide weak references. Note: this is not @@ -497,22 +251,10 @@ __weak_reference(_libmd_SHA_Init, SHA_Init); __weak_reference(_libmd_SHA_Update, SHA_Update); #undef SHA_Final __weak_reference(_libmd_SHA_Final, SHA_Final); -#undef SHA_Transform -__weak_reference(_libmd_SHA_Transform, SHA_Transform); -#undef SHA_version -__weak_reference(_libmd_SHA_version, SHA_version); -#undef sha_block -__weak_reference(_libmd_sha_block, sha_block); #undef SHA1_Init __weak_reference(_libmd_SHA1_Init, SHA1_Init); #undef SHA1_Update __weak_reference(_libmd_SHA1_Update, SHA1_Update); #undef SHA1_Final __weak_reference(_libmd_SHA1_Final, SHA1_Final); -#undef SHA1_Transform -__weak_reference(_libmd_SHA1_Transform, SHA1_Transform); -#undef SHA1_version -__weak_reference(_libmd_SHA1_version, SHA1_version); -#undef sha1_block -__weak_reference(_libmd_sha1_block, sha1_block); #endif diff --git a/lib/libmd/sha256.3 b/lib/libmd/sha256.3 index d11f2f783557..406dfd1b357d 100644 --- a/lib/libmd/sha256.3 +++ b/lib/libmd/sha256.3 @@ -7,9 +7,8 @@ .\" ---------------------------------------------------------------------------- .\" .\" From: Id: mdX.3,v 1.14 1999/02/11 20:31:49 wollman Exp -.\" $FreeBSD$ .\" -.Dd July 20, 2018 +.Dd March 8, 2022 .Dt SHA256 3 .Os .Sh NAME @@ -17,6 +16,8 @@ .Nm SHA224_Update , .Nm SHA224_Final , .Nm SHA224_End , +.Nm SHA224_Fd , +.Nm SHA224_FdChunk , .Nm SHA224_File , .Nm SHA224_FileChunk , .Nm SHA224_Data , @@ -24,6 +25,8 @@ .Nm SHA256_Update , .Nm SHA256_Final , .Nm SHA256_End , +.Nm SHA256_Fd , +.Nm SHA256_FdChunk , .Nm SHA256_File , .Nm SHA256_FileChunk , .Nm SHA256_Data @@ -42,6 +45,10 @@ .Ft "char *" .Fn SHA224_End "SHA224_CTX *context" "char *buf" .Ft "char *" +.Fn SHA224_Fd "int fd" "char *buf" +.Ft "char *" +.Fn SHA224_FdChunk "int fd" "char *buf" "off_t offset" "off_t length" +.Ft "char *" .Fn SHA224_File "const char *filename" "char *buf" .Ft "char *" .Fn SHA224_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length" @@ -57,6 +64,10 @@ .Ft "char *" .Fn SHA256_End "SHA256_CTX *context" "char *buf" .Ft "char *" +.Fn SHA256_Fd "int fd" "char *buf" +.Ft "char *" +.Fn SHA256_FdChunk "int fd" "char *buf" "off_t offset" "off_t length" +.Ft "char *" .Fn SHA256_File "const char *filename" "char *buf" .Ft "char *" .Fn SHA256_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length" @@ -97,8 +108,7 @@ is a wrapper for .Fn SHA256_Final which converts the return value to a 65-character (including the terminating '\e0') -.Tn ASCII -string which represents the 256 bits in hexadecimal. +ASCII string which represents the 256 bits in hexadecimal. .Pp .Fn SHA256_File calculates the digest of a file, and uses @@ -127,6 +137,19 @@ calculates the digest of a chunk of data in memory, and uses .Fn SHA256_End to return the result. .Pp +The +.Fn SHA256_Fd +and +.Fn SHA256_FdChunk +functions are identical to their +.Fn SHA256_File +and +.Fn SHA256_FileChunk +counterparts, with the exception that the first argument is an +.Fa fd +instead of a +.Fa filename . +.Pp When using .Fn SHA256_End , .Fn SHA256_File , @@ -164,7 +187,7 @@ may return NULL when underlying .Xr fstat 2 , .Xr lseek 2 , or -.Xr SHA256_End 2 +.Xr SHA256_End 3 fail. .Sh SEE ALSO .Xr md4 3 , @@ -178,9 +201,7 @@ These functions appeared in .Fx 6.0 . .Sh AUTHORS The core hash routines were implemented by Colin Percival based on -the published -.Tn FIPS 180-2 -standard. +the published FIPS 180-2 standard. .Sh BUGS No method is known to exist which finds two files having the same hash value, nor to find a file with a specific hash value. diff --git a/lib/libmd/sha512.3 b/lib/libmd/sha512.3 index 6a5ed6f887d9..17d0d0988350 100644 --- a/lib/libmd/sha512.3 +++ b/lib/libmd/sha512.3 @@ -7,9 +7,8 @@ .\" ---------------------------------------------------------------------------- .\" .\" From: Id: mdX.3,v 1.14 1999/02/11 20:31:49 wollman Exp -.\" $FreeBSD$ .\" -.Dd May 21, 2019 +.Dd February 12, 2023 .Dt SHA512 3 .Os .Sh NAME @@ -17,6 +16,8 @@ .Nm SHA512_Update , .Nm SHA512_Final , .Nm SHA512_End , +.Nm SHA512_Fd , +.Nm SHA512_FdChunk , .Nm SHA512_File , .Nm SHA512_FileChunk , .Nm SHA512_Data , @@ -24,13 +25,24 @@ .Nm SHA384_Update , .Nm SHA384_Final , .Nm SHA384_End , +.Nm SHA384_Fd , +.Nm SHA384_FdChunk , .Nm SHA384_File , .Nm SHA384_FileChunk , .Nm SHA384_Data , +.Nm SHA512_224_Init , +.Nm SHA512_224_Update , +.Nm SHA512_224_Final , +.Nm SHA512_224_End , +.Nm SHA512_224_File , +.Nm SHA512_224_FileChunk , +.Nm SHA512_224_Data .Nm SHA512_256_Init , .Nm SHA512_256_Update , .Nm SHA512_256_Final , .Nm SHA512_256_End , +.Nm SHA512_256_Fd , +.Nm SHA512_256_FdChunk , .Nm SHA512_256_File , .Nm SHA512_256_FileChunk , .Nm SHA512_256_Data @@ -49,6 +61,10 @@ .Ft "char *" .Fn SHA512_End "SHA512_CTX *context" "char *buf" .Ft "char *" +.Fn SHA512_Fd "int fd" "char *buf" +.Ft "char *" +.Fn SHA512_FdChunk "int fd" "char *buf" "off_t offset" "off_t length" +.Ft "char *" .Fn SHA512_File "const char *filename" "char *buf" .Ft "char *" .Fn SHA512_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length" @@ -64,6 +80,10 @@ .Ft "char *" .Fn SHA384_End "SHA384_CTX *context" "char *buf" .Ft "char *" +.Fn SHA384_Fd "int fd" "char *buf" +.Ft "char *" +.Fn SHA384_FdChunk "int fd" "char *buf" "off_t offset" "off_t length" +.Ft "char *" .Fn SHA384_File "const char *filename" "char *buf" .Ft "char *" .Fn SHA384_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length" @@ -71,6 +91,20 @@ .Fn SHA384_Data "const unsigned char *data" "unsigned int len" "char *buf" .In sha512t.h .Ft void +.Fn SHA512_224_Init "SHA512_CTX *context" +.Ft void +.Fn SHA512_224_Update "SHA512_CTX *context" "const unsigned char *data" "size_t len" +.Ft void +.Fn SHA512_224_Final "unsigned char digest[32]" "SHA512_CTX *context" +.Ft "char *" +.Fn SHA512_224_End "SHA512_CTX *context" "char *buf" +.Ft "char *" +.Fn SHA512_224_File "const char *filename" "char *buf" +.Ft "char *" +.Fn SHA512_224_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length" +.Ft "char *" +.Fn SHA512_224_Data "const unsigned char *data" "unsigned int len" "char *buf" +.Ft void .Fn SHA512_256_Init "SHA512_CTX *context" .Ft void .Fn SHA512_256_Update "SHA512_CTX *context" "const unsigned char *data" "size_t len" @@ -79,6 +113,10 @@ .Ft "char *" .Fn SHA512_256_End "SHA512_CTX *context" "char *buf" .Ft "char *" +.Fn SHA512_256_Fd "int fd" "char *buf" +.Ft "char *" +.Fn SHA512_256_FdChunk "int fd" "char *buf" "off_t offset" "off_t length" +.Ft "char *" .Fn SHA512_256_File "const char *filename" "char *buf" .Ft "char *" .Fn SHA512_256_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length" @@ -119,8 +157,7 @@ is a wrapper for .Fn SHA512_Final which converts the return value to a 129-character (including the terminating '\e0') -.Tn ASCII -string which represents the 512 bits in hexadecimal. +ASCII string which represents the 512 bits in hexadecimal. .Pp .Fn SHA512_File calculates the digest of a file, and uses @@ -149,6 +186,19 @@ calculates the digest of a chunk of data in memory, and uses .Fn SHA512_End to return the result. .Pp +The +.Fn SHA512_Fd +and +.Fn SHA512_FdChunk +functions are identical to their +.Fn SHA512_File +and +.Fn SHA512_FileChunk +counterparts, with the exception that the first argument is an +.Fa fd +instead of a +.Fa filename . +.Pp When using .Fn SHA512_End , .Fn SHA512_File , @@ -167,29 +217,43 @@ If the argument is non-null it must point to at least 129 characters of buffer space. .Pp The -.Li SHA384_ +.Li SHA384_ , +.Li SHA512_224 , and .Li SHA512_256_ functions are identical to the .Li SHA512_ functions except they use a different initial hash value and the output is -truncated to 384 bits and 256 bits respectively. +truncated to 384, 224, and 256 bits respectively. .Pp .Fn SHA384_End is a wrapper for .Fn SHA384_Final which converts the return value to a 97-character (including the terminating '\e0') +ASCII string which represents the 384 bits in hexadecimal. +.Pp +.Fn SHA512_224_End +is a wrapper for +.Fn SHA512_Final +which converts the return value to a 57-character +(including the terminating '\e0') +ASCII string which represents the 224 bits in hexadecimal. +.Pp +.Fn SHA512_224_End +is a wrapper for +.Fn SHA512_Final +which converts the return value to a 57-character +(including the terminating '\e0') .Tn ASCII -string which represents the 384 bits in hexadecimal. +string which represents the 224 bits in hexadecimal. .Pp .Fn SHA512_256_End is a wrapper for .Fn SHA512_Final which converts the return value to a 65-character (including the terminating '\e0') -.Tn ASCII -string which represents the 256 bits in hexadecimal. +ASCII string which represents the 256 bits in hexadecimal. .Sh ERRORS The .Fn SHA512_End @@ -208,7 +272,7 @@ may return NULL when underlying .Xr fstat 2 , .Xr lseek 2 , or -.Xr SHA512_End 2 +.Xr SHA512_End 3 fail. .Sh SEE ALSO .Xr md4 3 , @@ -223,9 +287,7 @@ These functions appeared in .Fx 9.0 . .Sh AUTHORS The core hash routines were implemented by Colin Percival based on -the published -.Tn FIPS 180-2 -standard. +the published FIPS 180-2 standard. .Sh BUGS No method is known to exist which finds two files having the same hash value, nor to find a file with a specific hash value. diff --git a/lib/libmd/skein.3 b/lib/libmd/skein.3 index 325a1ab4874b..8fe79a4ad0bf 100644 --- a/lib/libmd/skein.3 +++ b/lib/libmd/skein.3 @@ -23,9 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD$ -.\" -.Dd May 21, 2019 +.Dd March 8, 2022 .Dt SKEIN 3 .Os .Sh NAME @@ -33,6 +31,8 @@ .Nm SKEIN256_Update , .Nm SKEIN256_Final , .Nm SKEIN256_End , +.Nm SKEIN256_Fd , +.Nm SKEIN256_FdChunk , .Nm SKEIN256_File , .Nm SKEIN256_FileChunk , .Nm SKEIN256_Data , @@ -40,6 +40,8 @@ .Nm SKEIN512_Update , .Nm SKEIN512_Final , .Nm SKEIN512_End , +.Nm SKEIN512_Fd , +.Nm SKEIN512_FdChunk , .Nm SKEIN512_File , .Nm SKEIN512_FileChunk , .Nm SKEIN512_Data , @@ -47,6 +49,8 @@ .Nm SKEIN1024_Update , .Nm SKEIN1024_Final , .Nm SKEIN1024_End , +.Nm SKEIN1024_Fd , +.Nm SKEIN1024_FdChunk , .Nm SKEIN1024_File , .Nm SKEIN1024_FileChunk , .Nm SKEIN1024_Data @@ -65,6 +69,10 @@ .Ft "char *" .Fn SKEIN256_End "SKEIN256_CTX *context" "char *buf" .Ft "char *" +.Fn SKEIN256_Fd "int fd" "char *buf" +.Ft "char *" +.Fn SKEIN256_FdChunk "int fd" "char *buf" "off_t offset" "off_t length" +.Ft "char *" .Fn SKEIN256_File "const char *filename" "char *buf" .Ft "char *" .Fn SKEIN256_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length" @@ -79,6 +87,10 @@ .Ft "char *" .Fn SKEIN512_End "SKEIN512_CTX *context" "char *buf" .Ft "char *" +.Fn SKEIN512_Fd "int fd" "char *buf" +.Ft "char *" +.Fn SKEIN512_FdChunk "int fd" "char *buf" "off_t offset" "off_t length" +.Ft "char *" .Fn SKEIN512_File "const char *filename" "char *buf" .Ft "char *" .Fn SKEIN512_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length" @@ -93,6 +105,10 @@ .Ft "char *" .Fn SKEIN1024_End "SKEIN1024_CTX *context" "char *buf" .Ft "char *" +.Fn SKEIN1024_Fd "int fd" "char *buf" +.Ft "char *" +.Fn SKEIN1024_FdChunk "int fd" "char *buf" "off_t offset" "off_t length" +.Ft "char *" .Fn SKEIN1024_File "const char *filename" "char *buf" .Ft "char *" .Fn SKEIN1024_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length" @@ -133,8 +149,7 @@ is a wrapper for .Fn SKEIN256_Final which converts the return value to a 33-character (including the terminating '\e0') -.Tn ASCII -string which represents the 256 bits in hexadecimal. +ASCII string which represents the 256 bits in hexadecimal. .Pp .Fn SKEIN256_File calculates the digest of a file, and uses @@ -163,6 +178,19 @@ calculates the digest of a chunk of data in memory, and uses .Fn SKEIN256_End to return the result. .Pp +The +.Fn SKEIN256_Fd +and +.Fn SKEIN256_FdChunk +functions are identical to their +.Fn SKEIN256_File +and +.Fn SKEIN256_FileChunk +counterparts, with the exception that the first argument is an +.Fa fd +instead of a +.Fa filename . +.Pp When using .Fn SKEIN256_End , .Fn SKEIN256_File , @@ -206,7 +234,7 @@ may return NULL when underlying .Xr fstat 2 , .Xr lseek 2 , or -.Xr SKEIN256_End 2 +.Xr SKEIN256_End 3 fail. .Sh SEE ALSO .Xr md4 3 , diff --git a/lib/libmd/tests/Makefile b/lib/libmd/tests/Makefile new file mode 100644 index 000000000000..e11e8e1bf154 --- /dev/null +++ b/lib/libmd/tests/Makefile @@ -0,0 +1,255 @@ +# $FreeBSD$ + +PACKAGE= tests + +ATF_TESTS_SH= libmd_test + +MDTESTS= md rmd sha skein + +MDTESTS_md= md4 md5 +MDTESTS_rmd= rmd160 +MDTESTS_sha= sha0 sha1 sha224 sha256 sha384 sha512 sha512t224 sha512t256 +MDTESTS_skein= skein256 skein512 skein1024 + +LIBADD= md + +.for mdt in ${MDTESTS} +REFS_${mdt}= ${MDTESTS_${mdt}:C/$/.ref/} +${PACKAGE}FILES+= ${REFS_${mdt}} +CLEANFILES+= ${REFS_${mdt}} + +# This target is simply convenient for auditing, letting you build all of one +# digest suite with `make <family>driver`. +.PHONY: ${mdt}driver + +. for mdtc in ${MDTESTS_${mdt}} +PROGS+= ${mdtc}driver +DIGESTS+= ${mdtc} + +# Avoid obj collision, we'll build the same driver.c multiple times. +${mdtc}driver.c: ${mdt}driver.c + ${CP} ${.CURDIR}/${mdt}driver.c ${.TARGET} + +SRCS_${mdtc}driver= ${mdtc}driver.c +BINDIR_${mdtc}driver= ${TESTSDIR} +.if ${mdt} == "sha" +CFLAGS_${mdtc}driver= -DSHA=${mdtc:C/sha//:C/t//} +.else +CFLAGS_${mdtc}driver= -D${mdt:tu}=${mdtc:C/${mdt}//} +.endif + +${mdt}driver: ${mdtc}driver + +. endfor +.endfor + +CLEANFILES+= libmd_test.sh +libmd_test.sh: Makefile + :> ${.TARGET} +.for _digest in ${DIGESTS} + @echo "atf_test_case ${_digest}" >> ${.TARGET} + @echo "${_digest}_body() {" >> ${.TARGET} + @echo " atf_check -o file:\$$(atf_get_srcdir)/${_digest}.ref \\" >> \ + ${.TARGET} + @echo " \$$(atf_get_srcdir)/${_digest}driver" >> ${.TARGET} + @echo "}" >> ${.TARGET} +.endfor + @echo "atf_init_test_cases() {" >> ${.TARGET} +.for _digest in ${DIGESTS} + @echo " atf_add_test_case ${_digest}" >> ${.TARGET} +.endfor + @echo "}" >> ${.TARGET} + +md4.ref: + echo 'MD4 test suite:' > ${.TARGET} + @echo 'MD4 ("") = 31d6cfe0d16ae931b73c59d7e0c089c0' >> ${.TARGET} + @echo 'MD4 ("a") = bde52cb31de33e46245e05fbdbd6fb24' >> ${.TARGET} + @echo 'MD4 ("abc") = a448017aaf21d8525fc10ae87aa6729d' >> ${.TARGET} + @echo 'MD4 ("message digest") = d9130a8164549fe818874806e1c7014b' >> ${.TARGET} + @echo 'MD4 ("abcdefghijklmnopqrstuvwxyz") = d79e1c308aa5bbcdeea8ed63df412da9' >> ${.TARGET} + @echo 'MD4 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ + '043f8582f241db351ce627e153e7f0e4' >> ${.TARGET} + @echo 'MD4 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ + 'e33b4ddc9c38f2199c3e7b164fcc0536' >> ${.TARGET} + +md5.ref: + echo 'MD5 test suite:' > ${.TARGET} + @echo 'MD5 ("") = d41d8cd98f00b204e9800998ecf8427e' >> ${.TARGET} + @echo 'MD5 ("a") = 0cc175b9c0f1b6a831c399e269772661' >> ${.TARGET} + @echo 'MD5 ("abc") = 900150983cd24fb0d6963f7d28e17f72' >> ${.TARGET} + @echo 'MD5 ("message digest") = f96b697d7cb7938d525a2f31aaf161d0' >> ${.TARGET} + @echo 'MD5 ("abcdefghijklmnopqrstuvwxyz") = c3fcd3d76192e4007dfb496cca67e13b' >> ${.TARGET} + @echo 'MD5 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = d174ab98d277d9f5a5611c2c9f419d9f' >> ${.TARGET} + @echo 'MD5 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") = 57edf4a22be3c955ac49da2e2107b67a' >> ${.TARGET} + +sha0.ref: + echo 'SHA-0 test suite:' > ${.TARGET} + @echo 'SHA-0 ("") = f96cea198ad1dd5617ac084a3d92c6107708c0ef' >> ${.TARGET} + @echo 'SHA-0 ("abc") = 0164b8a914cd2a5e74c4f7ff082c4d97f1edf880' >> ${.TARGET} + @echo 'SHA-0 ("message digest") =' \ + 'c1b0f222d150ebb9aa36a40cafdc8bcbed830b14' >> ${.TARGET} + @echo 'SHA-0 ("abcdefghijklmnopqrstuvwxyz") =' \ + 'b40ce07a430cfd3c033039b9fe9afec95dc1bdcd' >> ${.TARGET} + @echo 'SHA-0 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ + '79e966f7a3a990df33e40e3d7f8f18d2caebadfa' >> ${.TARGET} + @echo 'SHA-0 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ + '4aa29d14d171522ece47bee8957e35a41f3e9cff' >> ${.TARGET} + +sha1.ref: + echo 'SHA-1 test suite:' > ${.TARGET} + @echo 'SHA-1 ("") = da39a3ee5e6b4b0d3255bfef95601890afd80709' >> ${.TARGET} + @echo 'SHA-1 ("abc") = a9993e364706816aba3e25717850c26c9cd0d89d' >> ${.TARGET} + @echo 'SHA-1 ("message digest") =' \ + 'c12252ceda8be8994d5fa0290a47231c1d16aae3' >> ${.TARGET} + @echo 'SHA-1 ("abcdefghijklmnopqrstuvwxyz") =' \ + '32d10c7b8cf96570ca04ce37f2a19d84240d3a89' >> ${.TARGET} + @echo 'SHA-1 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ + '761c457bf73b14d27e9e9265c46f4b4dda11f940' >> ${.TARGET} + @echo 'SHA-1 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ + '50abf5706a150990a08b2c5ea40fa0e585554732' >> ${.TARGET} + +sha224.ref: + echo 'SHA-224 test suite:' > ${.TARGET} + @echo 'SHA-224 ("") = d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f' >> ${.TARGET} + @echo 'SHA-224 ("abc") =' \ + '23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7' >> ${.TARGET} + @echo 'SHA-224 ("message digest") =' \ + '2cb21c83ae2f004de7e81c3c7019cbcb65b71ab656b22d6d0c39b8eb' >> ${.TARGET} + @echo 'SHA-224 ("abcdefghijklmnopqrstuvwxyz") =' \ + '45a5f72c39c5cff2522eb3429799e49e5f44b356ef926bcf390dccc2' >> ${.TARGET} + @echo 'SHA-224 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ + 'bff72b4fcb7d75e5632900ac5f90d219e05e97a7bde72e740db393d9' >> ${.TARGET} + @echo 'SHA-224 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ + 'b50aecbe4e9bb0b57bc5f3ae760a8e01db24f203fb3cdcd13148046e' >> ${.TARGET} + +sha256.ref: + echo 'SHA-256 test suite:' > ${.TARGET} + @echo 'SHA-256 ("") = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855' >> ${.TARGET} + @echo 'SHA-256 ("abc") =' \ + 'ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad' >> ${.TARGET} + @echo 'SHA-256 ("message digest") =' \ + 'f7846f55cf23e14eebeab5b4e1550cad5b509e3348fbc4efa3a1413d393cb650' >> ${.TARGET} + @echo 'SHA-256 ("abcdefghijklmnopqrstuvwxyz") =' \ + '71c480df93d6ae2f1efad1447c66c9525e316218cf51fc8d9ed832f2daf18b73' >> ${.TARGET} + @echo 'SHA-256 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ + 'db4bfcbd4da0cd85a60c3c37d3fbd8805c77f15fc6b1fdfe614ee0a7c8fdb4c0' >> ${.TARGET} + @echo 'SHA-256 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ + 'f371bc4a311f2b009eef952dd83ca80e2b60026c8e935592d0f9c308453c813e' >> ${.TARGET} + +sha384.ref: + echo 'SHA-384 test suite:' > ${.TARGET} + @echo 'SHA-384 ("") =' \ + '38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b' >> ${.TARGET} + @echo 'SHA-384 ("abc") =' \ + 'cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7' >> ${.TARGET} + @echo 'SHA-384 ("message digest") =' \ + '473ed35167ec1f5d8e550368a3db39be54639f828868e9454c239fc8b52e3c61dbd0d8b4de1390c256dcbb5d5fd99cd5' >> ${.TARGET} + @echo 'SHA-384 ("abcdefghijklmnopqrstuvwxyz") =' \ + 'feb67349df3db6f5924815d6c3dc133f091809213731fe5c7b5f4999e463479ff2877f5f2936fa63bb43784b12f3ebb4' >> ${.TARGET} + @echo 'SHA-384 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ + '1761336e3f7cbfe51deb137f026f89e01a448e3b1fafa64039c1464ee8732f11a5341a6f41e0c202294736ed64db1a84' >> ${.TARGET} + @echo 'SHA-384 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ + 'b12932b0627d1c060942f5447764155655bd4da0c9afa6dd9b9ef53129af1b8fb0195996d2de9ca0df9d821ffee67026' >> ${.TARGET} + +sha512.ref: + echo 'SHA-512 test suite:' > ${.TARGET} + @echo 'SHA-512 ("") =' \ + 'cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e' >> ${.TARGET} + @echo 'SHA-512 ("abc") =' \ + 'ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f' >> ${.TARGET} + @echo 'SHA-512 ("message digest") =' \ + '107dbf389d9e9f71a3a95f6c055b9251bc5268c2be16d6c13492ea45b0199f3309e16455ab1e96118e8a905d5597b72038ddb372a89826046de66687bb420e7c' >> ${.TARGET} + @echo 'SHA-512 ("abcdefghijklmnopqrstuvwxyz") =' \ + '4dbff86cc2ca1bae1e16468a05cb9881c97f1753bce3619034898faa1aabe429955a1bf8ec483d7421fe3c1646613a59ed5441fb0f321389f77f48a879c7b1f1' >> ${.TARGET} + @echo 'SHA-512 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ + '1e07be23c26a86ea37ea810c8ec7809352515a970e9253c26f536cfc7a9996c45c8370583e0a78fa4a90041d71a4ceab7423f19c71b9d5a3e01249f0bebd5894' >> ${.TARGET} + @echo 'SHA-512 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ + '72ec1ef1124a45b047e8b7c75a932195135bb61de24ec0d1914042246e0aec3a2354e093d76f3048b456764346900cb130d2a4fd5dd16abb5e30bcb850dee843' >> ${.TARGET} + +sha512t224.ref: + echo 'SHA-512224 test suite:' > ${.TARGET} + @echo 'SHA-512224 ("") =' \ + '6ed0dd02806fa89e25de060c19d3ac86cabb87d6a0ddd05c333b84f4' >> ${.TARGET} + @echo 'SHA-512224 ("abc") =' \ + '4634270f707b6a54daae7530460842e20e37ed265ceee9a43e8924aa' >> ${.TARGET} + @echo 'SHA-512224 ("message digest") =' \ + 'ad1a4db188fe57064f4f24609d2a83cd0afb9b398eb2fcaeaae2c564' >> ${.TARGET} + @echo 'SHA-512224 ("abcdefghijklmnopqrstuvwxyz") =' \ + 'ff83148aa07ec30655c1b40aff86141c0215fe2a54f767d3f38743d8' >> ${.TARGET} + @echo 'SHA-512224 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ + 'a8b4b9174b99ffc67d6f49be9981587b96441051e16e6dd036b140d3' >> ${.TARGET} + @echo 'SHA-512224 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ + 'ae988faaa47e401a45f704d1272d99702458fea2ddc6582827556dd2' >> ${.TARGET} + +sha512t256.ref: + echo 'SHA-512256 test suite:' > ${.TARGET} + @echo 'SHA-512256 ("") =' \ + 'c672b8d1ef56ed28ab87c3622c5114069bdd3ad7b8f9737498d0c01ecef0967a' >> ${.TARGET} + @echo 'SHA-512256 ("abc") =' \ + '53048e2681941ef99b2e29b76b4c7dabe4c2d0c634fc6d46e0e2f13107e7af23' >> ${.TARGET} + @echo 'SHA-512256 ("message digest") =' \ + '0cf471fd17ed69d990daf3433c89b16d63dec1bb9cb42a6094604ee5d7b4e9fb' >> ${.TARGET} + @echo 'SHA-512256 ("abcdefghijklmnopqrstuvwxyz") =' \ + 'fc3189443f9c268f626aea08a756abe7b726b05f701cb08222312ccfd6710a26' >> ${.TARGET} + @echo 'SHA-512256 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ + 'cdf1cc0effe26ecc0c13758f7b4a48e000615df241284185c39eb05d355bb9c8' >> ${.TARGET} + @echo 'SHA-512256 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ + '2c9fdbc0c90bdd87612ee8455474f9044850241dc105b1e8b94b8ddf5fac9148' >> ${.TARGET} + +rmd160.ref: + echo 'RIPEMD160 test suite:' > ${.TARGET} + @echo 'RIPEMD160 ("") = 9c1185a5c5e9fc54612808977ee8f548b2258d31' >> ${.TARGET} + @echo 'RIPEMD160 ("abc") = 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc' >> ${.TARGET} + @echo 'RIPEMD160 ("message digest") =' \ + '5d0689ef49d2fae572b881b123a85ffa21595f36' >> ${.TARGET} + @echo 'RIPEMD160 ("abcdefghijklmnopqrstuvwxyz") =' \ + 'f71c27109c692c1b56bbdceb5b9d2865b3708dbc' >> ${.TARGET} + @echo 'RIPEMD160 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ + 'b0e20b6e3116640286ed3a87a5713079b21f5189' >> ${.TARGET} + @echo 'RIPEMD160 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ + '9b752e45573d4b39f4dbd3323cab82bf63326bfb' >> ${.TARGET} + +skein256.ref: + echo 'SKEIN256 test suite:' > ${.TARGET} + @echo 'SKEIN256 ("") = c8877087da56e072870daa843f176e9453115929094c3a40c463a196c29bf7ba' >> ${.TARGET} + @echo 'SKEIN256 ("abc") = 258bdec343b9fde1639221a5ae0144a96e552e5288753c5fec76c05fc2fc1870' >> ${.TARGET} + @echo 'SKEIN256 ("message digest") =' \ + '4d2ce0062b5eb3a4db95bc1117dd8aa014f6cd50fdc8e64f31f7d41f9231e488' >> ${.TARGET} + @echo 'SKEIN256 ("abcdefghijklmnopqrstuvwxyz") =' \ + '46d8440685461b00e3ddb891b2ecc6855287d2bd8834a95fb1c1708b00ea5e82' >> ${.TARGET} + @echo 'SKEIN256 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ + '7c5eb606389556b33d34eb2536459528dc0af97adbcd0ce273aeb650f598d4b2' >> ${.TARGET} + @echo 'SKEIN256 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ + '4def7a7e5464a140ae9c3a80279fbebce4bd00f9faad819ab7e001512f67a10d' >> ${.TARGET} + +skein512.ref: + echo 'SKEIN512 test suite:' > ${.TARGET} + @echo 'SKEIN512 ("") =' \ + 'bc5b4c50925519c290cc634277ae3d6257212395cba733bbad37a4af0fa06af41fca7903d06564fea7a2d3730dbdb80c1f85562dfcc070334ea4d1d9e72cba7a' >> ${.TARGET} + @echo 'SKEIN512 ("abc") =' \ + '8f5dd9ec798152668e35129496b029a960c9a9b88662f7f9482f110b31f9f93893ecfb25c009baad9e46737197d5630379816a886aa05526d3a70df272d96e75' >> ${.TARGET} + @echo 'SKEIN512 ("message digest") =' \ + '15b73c158ffb875fed4d72801ded0794c720b121c0c78edf45f900937e6933d9e21a3a984206933d504b5dbb2368000411477ee1b204c986068df77886542fcc' >> ${.TARGET} + @echo 'SKEIN512 ("abcdefghijklmnopqrstuvwxyz") =' \ + '23793ad900ef12f9165c8080da6fdfd2c8354a2929b8aadf83aa82a3c6470342f57cf8c035ec0d97429b626c4d94f28632c8f5134fd367dca5cf293d2ec13f8c' >> ${.TARGET} + @echo 'SKEIN512 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ + '0c6bed927e022f5ddcf81877d42e5f75798a9f8fd3ede3d83baac0a2f364b082e036c11af35fe478745459dd8f5c0b73efe3c56ba5bb2009208d5a29cc6e469c' >> ${.TARGET} + @echo 'SKEIN512 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ + '2ca9fcffb3456f297d1b5f407014ecb856f0baac8eb540f534b1f187196f21e88f31103128c2f03fcc9857d7a58eb66f9525e2302d88833ee069295537a434ce' >> ${.TARGET} + +skein1024.ref: + echo 'SKEIN1024 test suite:' > ${.TARGET} + @echo 'SKEIN1024 ("") =' \ + '0fff9563bb3279289227ac77d319b6fff8d7e9f09da1247b72a0a265cd6d2a62645ad547ed8193db48cff847c06494a03f55666d3b47eb4c20456c9373c86297d630d5578ebd34cb40991578f9f52b18003efa35d3da6553ff35db91b81ab890bec1b189b7f52cb2a783ebb7d823d725b0b4a71f6824e88f68f982eefc6d19c6' >> ${.TARGET} + @echo 'SKEIN1024 ("abc") =' \ + '35a599a0f91abcdb4cb73c19b8cb8d947742d82c309137a7caed29e8e0a2ca7a9ff9a90c34c1908cc7e7fd99bb15032fb86e76df21b72628399b5f7c3cc209d7bb31c99cd4e19465622a049afbb87c03b5ce3888d17e6e667279ec0aa9b3e2712624c01b5f5bbe1a564220bdcf6990af0c2539019f313fdd7406cca3892a1f1f' >> ${.TARGET} + @echo 'SKEIN1024 ("message digest") =' \ + 'ea891f5268acd0fac97467fc1aa89d1ce8681a9992a42540e53babee861483110c2d16f49e73bac27653ff173003e40cfb08516cd34262e6af95a5d8645c9c1abb3e813604d508b8511b30f9a5c1b352aa0791c7d2f27b2706dccea54bc7de6555b5202351751c3299f97c09cf89c40f67187e2521c0fad82b30edbb224f0458' >> ${.TARGET} + @echo 'SKEIN1024 ("abcdefghijklmnopqrstuvwxyz") =' \ + 'f23d95c2a25fbcd0e797cd058fec39d3c52d2b5afd7a9af1df934e63257d1d3dcf3246e7329c0f1104c1e51e3d22e300507b0c3b9f985bb1f645ef49835080536becf83788e17fed09c9982ba65c3cb7ffe6a5f745b911c506962adf226e435c42f6f6bc08d288f9c810e807e3216ef444f3db22744441deefa4900982a1371f' >> ${.TARGET} + @echo 'SKEIN1024 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ + 'cf3889e8a8d11bfd3938055d7d061437962bc5eac8ae83b1b71c94be201b8cf657fdbfc38674997a008c0c903f56a23feb3ae30e012377f1cfa080a9ca7fe8b96138662653fb3335c7d06595bf8baf65e215307532094cfdfa056bd8052ab792a3944a2adaa47b30335b8badb8fe9eb94fe329cdca04e58bbc530f0af709f469' >> ${.TARGET} + @echo 'SKEIN1024 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ + 'cf21a613620e6c119eca31fdfaad449a8e02f95ca256c21d2a105f8e4157048f9fe1e897893ea18b64e0e37cb07d5ac947f27ba544caf7cbc1ad094e675aed77a366270f7eb7f46543bccfa61c526fd628408058ed00ed566ac35a9761d002e629c4fb0d430b2f4ad016fcc49c44d2981c4002da0eecc42144160e2eaea4855a' >> ${.TARGET} + +.include <bsd.test.mk> diff --git a/lib/libmd/mddriver.c b/lib/libmd/tests/mddriver.c index 6c543974668d..1229a4e2929f 100644 --- a/lib/libmd/mddriver.c +++ b/lib/libmd/tests/mddriver.c @@ -11,9 +11,6 @@ * These notices must be retained in any copies of any part of this * documentation and/or software. */ -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - #include <sys/types.h> #include <stdio.h> @@ -40,8 +37,8 @@ __FBSDID("$FreeBSD$"); #endif /* Digests a string and prints the result. */ -static void -MDString(char *string) +static void +MDString(const char *string) { char buf[33]; diff --git a/lib/libmd/rmddriver.c b/lib/libmd/tests/rmddriver.c index 1c03b79b76be..50227dcffb5d 100644 --- a/lib/libmd/rmddriver.c +++ b/lib/libmd/tests/rmddriver.c @@ -11,9 +11,6 @@ * These notices must be retained in any copies of any part of this * documentation and/or software. */ -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - #include <sys/types.h> #include <stdio.h> @@ -23,8 +20,8 @@ __FBSDID("$FreeBSD$"); #include "ripemd.h" /* Digests a string and prints the result. */ -static void -RIPEMD160String(char *string) +static void +RIPEMD160String(const char *string) { char buf[2*20 + 1]; diff --git a/lib/libmd/shadriver.c b/lib/libmd/tests/shadriver.c index f5026eb3cc5d..85cb21185bc8 100644 --- a/lib/libmd/shadriver.c +++ b/lib/libmd/tests/shadriver.c @@ -14,9 +14,6 @@ * These notices must be retained in any copies of any part of this * documentation and/or software. */ -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - #include <sys/types.h> #include <stdio.h> @@ -51,6 +48,9 @@ __FBSDID("$FreeBSD$"); #elif SHA == 512 #undef SHA_Data #define SHA_Data SHA512_Data +#elif SHA == 512224 +#undef SHA_Data +#define SHA_Data SHA512_224_Data #elif SHA == 512256 #undef SHA_Data #define SHA_Data SHA512_256_Data @@ -58,7 +58,7 @@ __FBSDID("$FreeBSD$"); /* Digests a string and prints the result. */ static void -SHAString(char *string) +SHAString(const char *string) { char buf[2*64 + 1]; diff --git a/lib/libmd/skeindriver.c b/lib/libmd/tests/skeindriver.c index ee70ef7cd7dc..a28ac8fc2c2a 100644 --- a/lib/libmd/skeindriver.c +++ b/lib/libmd/tests/skeindriver.c @@ -14,9 +14,6 @@ * These notices must be retained in any copies of any part of this * documentation and/or software. */ -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - #include <sys/types.h> #include <stdio.h> @@ -44,7 +41,7 @@ __FBSDID("$FreeBSD$"); /* Digests a string and prints the result. */ static void -SKEINString(char *string) +SKEINString(const char *string) { char buf[2*128 + 1]; |