diff options
author | Patrick Steuer <patrick.steuer@de.ibm.com> | 2018-04-03 19:24:18 +0200 |
---|---|---|
committer | Andy Polyakov <appro@openssl.org> | 2018-08-06 12:04:52 +0200 |
commit | f38edcab594b4934bd9625ef889934b2dfb5d1f0 (patch) | |
tree | 19a9d9fa9a548eddad4bef3b27672a4ce720850f /crypto | |
parent | Fix some undefined behaviour in the Curve448 code (2nd attempt) (diff) | |
download | openssl-f38edcab594b4934bd9625ef889934b2dfb5d1f0.tar.xz openssl-f38edcab594b4934bd9625ef889934b2dfb5d1f0.zip |
s390x assembly pack: add KIMD/KLMD code path for sha3/shake
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5935)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/evp/build.info | 1 | ||||
-rw-r--r-- | crypto/evp/m_sha3.c | 235 | ||||
-rw-r--r-- | crypto/s390x_arch.h | 4 | ||||
-rwxr-xr-x | crypto/s390xcpuid.pl | 42 |
4 files changed, 275 insertions, 7 deletions
diff --git a/crypto/evp/build.info b/crypto/evp/build.info index 0305738011..cc33ac3c49 100644 --- a/crypto/evp/build.info +++ b/crypto/evp/build.info @@ -22,3 +22,4 @@ INCLUDE[e_camellia.o]=.. ../modes INCLUDE[e_sm4.o]=.. ../modes INCLUDE[e_des.o]=.. INCLUDE[e_des3.o]=.. +INCLUDE[m_sha3.o]=.. diff --git a/crypto/evp/m_sha3.c b/crypto/evp/m_sha3.c index bfc65b22e4..729622b814 100644 --- a/crypto/evp/m_sha3.c +++ b/crypto/evp/m_sha3.c @@ -137,7 +137,227 @@ static int shake_ctrl(EVP_MD_CTX *evp_ctx, int cmd, int p1, void *p2) } } -#define EVP_MD_SHA3(bitlen) \ +#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && defined(KECCAK1600_ASM) +/* + * IBM S390X support + */ +# include "s390x_arch.h" + +# define S390X_SHA3_FC(ctx) ((ctx)->pad) + +# define S390X_sha3_224_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] & \ + S390X_CAPBIT(S390X_SHA3_224)) && \ + (OPENSSL_s390xcap_P.klmd[0] & \ + S390X_CAPBIT(S390X_SHA3_224))) +# define S390X_sha3_256_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] & \ + S390X_CAPBIT(S390X_SHA3_256)) && \ + (OPENSSL_s390xcap_P.klmd[0] & \ + S390X_CAPBIT(S390X_SHA3_256))) +# define S390X_sha3_384_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] & \ + S390X_CAPBIT(S390X_SHA3_384)) && \ + (OPENSSL_s390xcap_P.klmd[0] & \ + S390X_CAPBIT(S390X_SHA3_384))) +# define S390X_sha3_512_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] & \ + S390X_CAPBIT(S390X_SHA3_512)) && \ + (OPENSSL_s390xcap_P.klmd[0] & \ + S390X_CAPBIT(S390X_SHA3_512))) +# define S390X_shake128_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] & \ + S390X_CAPBIT(S390X_SHAKE_128)) && \ + (OPENSSL_s390xcap_P.klmd[0] & \ + S390X_CAPBIT(S390X_SHAKE_128))) +# define S390X_shake256_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] & \ + S390X_CAPBIT(S390X_SHAKE_256)) && \ + (OPENSSL_s390xcap_P.klmd[0] & \ + S390X_CAPBIT(S390X_SHAKE_256))) + +/* Convert md-size to block-size. */ +# define S390X_KECCAK1600_BSZ(n) ((KECCAK1600_WIDTH - ((n) << 1)) >> 3) + +static int s390x_sha3_init(EVP_MD_CTX *evp_ctx) +{ + KECCAK1600_CTX *ctx = evp_ctx->md_data; + const size_t bsz = evp_ctx->digest->block_size; + + /*- + * KECCAK1600_CTX structure's pad field is used to store the KIMD/KLMD + * function code. + */ + switch (bsz) { + case S390X_KECCAK1600_BSZ(224): + ctx->pad = S390X_SHA3_224; + break; + case S390X_KECCAK1600_BSZ(256): + ctx->pad = S390X_SHA3_256; + break; + case S390X_KECCAK1600_BSZ(384): + ctx->pad = S390X_SHA3_384; + break; + case S390X_KECCAK1600_BSZ(512): + ctx->pad = S390X_SHA3_512; + break; + default: + return 0; + } + + memset(ctx->A, 0, sizeof(ctx->A)); + ctx->num = 0; + ctx->block_size = bsz; + ctx->md_size = evp_ctx->digest->md_size; + return 1; +} + +static int s390x_shake_init(EVP_MD_CTX *evp_ctx) +{ + KECCAK1600_CTX *ctx = evp_ctx->md_data; + const size_t bsz = evp_ctx->digest->block_size; + + /*- + * KECCAK1600_CTX structure's pad field is used to store the KIMD/KLMD + * function code. + */ + switch (bsz) { + case S390X_KECCAK1600_BSZ(128): + ctx->pad = S390X_SHAKE_128; + break; + case S390X_KECCAK1600_BSZ(256): + ctx->pad = S390X_SHAKE_256; + break; + default: + return 0; + } + + memset(ctx->A, 0, sizeof(ctx->A)); + ctx->num = 0; + ctx->block_size = bsz; + ctx->md_size = evp_ctx->digest->md_size; + return 1; +} + +static int s390x_sha3_update(EVP_MD_CTX *evp_ctx, const void *_inp, size_t len) +{ + KECCAK1600_CTX *ctx = evp_ctx->md_data; + const unsigned char *inp = _inp; + const size_t bsz = ctx->block_size; + size_t num, rem; + + if (len == 0) + return 1; + + if ((num = ctx->num) != 0) { + rem = bsz - num; + + if (len < rem) { + memcpy(ctx->buf + num, inp, len); + ctx->num += len; + return 1; + } + memcpy(ctx->buf + num, inp, rem); + inp += rem; + len -= rem; + s390x_kimd(ctx->buf, bsz, ctx->pad, ctx->A); + ctx->num = 0; + } + rem = len % bsz; + + s390x_kimd(inp, len - rem, ctx->pad, ctx->A); + + if (rem) { + memcpy(ctx->buf, inp + len - rem, rem); + ctx->num = rem; + } + return 1; +} + +static int s390x_sha3_final(EVP_MD_CTX *evp_ctx, unsigned char *md) +{ + KECCAK1600_CTX *ctx = evp_ctx->md_data; + + s390x_klmd(ctx->buf, ctx->num, NULL, 0, ctx->pad, ctx->A); + memcpy(md, ctx->A, ctx->md_size); + return 1; +} + +static int s390x_shake_final(EVP_MD_CTX *evp_ctx, unsigned char *md) +{ + KECCAK1600_CTX *ctx = evp_ctx->md_data; + + s390x_klmd(ctx->buf, ctx->num, md, ctx->md_size, ctx->pad, ctx->A); + return 1; +} + +# define EVP_MD_SHA3(bitlen) \ +const EVP_MD *EVP_sha3_##bitlen(void) \ +{ \ + static const EVP_MD s390x_sha3_##bitlen##_md = { \ + NID_sha3_##bitlen, \ + NID_RSA_SHA3_##bitlen, \ + bitlen / 8, \ + EVP_MD_FLAG_DIGALGID_ABSENT, \ + s390x_sha3_init, \ + s390x_sha3_update, \ + s390x_sha3_final, \ + NULL, \ + NULL, \ + (KECCAK1600_WIDTH - bitlen * 2) / 8, \ + sizeof(KECCAK1600_CTX), \ + }; \ + static const EVP_MD sha3_##bitlen##_md = { \ + NID_sha3_##bitlen, \ + NID_RSA_SHA3_##bitlen, \ + bitlen / 8, \ + EVP_MD_FLAG_DIGALGID_ABSENT, \ + sha3_init, \ + sha3_update, \ + sha3_final, \ + NULL, \ + NULL, \ + (KECCAK1600_WIDTH - bitlen * 2) / 8, \ + sizeof(KECCAK1600_CTX), \ + }; \ + return S390X_sha3_##bitlen##_CAPABLE ? \ + &s390x_sha3_##bitlen##_md : \ + &sha3_##bitlen##_md; \ +} + +# define EVP_MD_SHAKE(bitlen) \ +const EVP_MD *EVP_shake##bitlen(void) \ +{ \ + static const EVP_MD s390x_shake##bitlen##_md = { \ + NID_shake##bitlen, \ + 0, \ + bitlen / 8, \ + EVP_MD_FLAG_XOF, \ + s390x_shake_init, \ + s390x_sha3_update, \ + s390x_shake_final, \ + NULL, \ + NULL, \ + (KECCAK1600_WIDTH - bitlen * 2) / 8, \ + sizeof(KECCAK1600_CTX), \ + shake_ctrl \ + }; \ + static const EVP_MD shake##bitlen##_md = { \ + NID_shake##bitlen, \ + 0, \ + bitlen / 8, \ + EVP_MD_FLAG_XOF, \ + shake_init, \ + sha3_update, \ + sha3_final, \ + NULL, \ + NULL, \ + (KECCAK1600_WIDTH - bitlen * 2) / 8, \ + sizeof(KECCAK1600_CTX), \ + shake_ctrl \ + }; \ + return S390X_shake##bitlen##_CAPABLE ? \ + &s390x_shake##bitlen##_md : \ + &shake##bitlen##_md; \ +} + +#else + +# define EVP_MD_SHA3(bitlen) \ const EVP_MD *EVP_sha3_##bitlen(void) \ { \ static const EVP_MD sha3_##bitlen##_md = { \ @@ -156,12 +376,7 @@ const EVP_MD *EVP_sha3_##bitlen(void) \ return &sha3_##bitlen##_md; \ } -EVP_MD_SHA3(224) -EVP_MD_SHA3(256) -EVP_MD_SHA3(384) -EVP_MD_SHA3(512) - -#define EVP_MD_SHAKE(bitlen) \ +# define EVP_MD_SHAKE(bitlen) \ const EVP_MD *EVP_shake##bitlen(void) \ { \ static const EVP_MD shake##bitlen##_md = { \ @@ -180,6 +395,12 @@ const EVP_MD *EVP_shake##bitlen(void) \ }; \ return &shake##bitlen##_md; \ } +#endif + +EVP_MD_SHA3(224) +EVP_MD_SHA3(256) +EVP_MD_SHA3(384) +EVP_MD_SHA3(512) EVP_MD_SHAKE(128) EVP_MD_SHAKE(256) diff --git a/crypto/s390x_arch.h b/crypto/s390x_arch.h index 5042154470..4a775a927d 100644 --- a/crypto/s390x_arch.h +++ b/crypto/s390x_arch.h @@ -12,6 +12,10 @@ # ifndef __ASSEMBLER__ +void s390x_kimd(const unsigned char *in, size_t len, unsigned int fc, + void *param); +void s390x_klmd(const unsigned char *in, size_t inlen, unsigned char *out, + size_t outlen, unsigned int fc, void *param); void s390x_km(const unsigned char *in, size_t len, unsigned char *out, unsigned int fc, void *param); void s390x_kmac(const unsigned char *in, size_t len, unsigned int fc, diff --git a/crypto/s390xcpuid.pl b/crypto/s390xcpuid.pl index e7afb8dcf5..ec700a47d9 100755 --- a/crypto/s390xcpuid.pl +++ b/crypto/s390xcpuid.pl @@ -262,6 +262,48 @@ OPENSSL_vx_probe: .size OPENSSL_vx_probe,.-OPENSSL_vx_probe ___ +{ +################ +# void s390x_kimd(const unsigned char *in, size_t len, unsigned int fc, +# void *param) +my ($in,$len,$fc,$param) = map("%r$_",(2..5)); +$code.=<<___; +.globl s390x_kimd +.type s390x_kimd,\@function +.align 16 +s390x_kimd: + llgfr %r0,$fc + lgr %r1,$param + + .long 0xb93e0002 # kimd %r0,%r2 + brc 1,.-4 # pay attention to "partial completion" + + br $ra +.size s390x_kimd,.-s390x_kimd +___ +} + +{ +################ +# void s390x_klmd(const unsigned char *in, size_t inlen, unsigned char *out, +# size_t outlen, unsigned int fc, void *param) +my ($in,$inlen,$out,$outlen,$fc) = map("%r$_",(2..6)); +$code.=<<___; +.globl s390x_klmd +.type s390x_klmd,\@function +.align 32 +s390x_klmd: + llgfr %r0,$fc + l${g} %r1,$stdframe($sp) + + .long 0xb93f0042 # klmd %r4,%r2 + brc 1,.-4 # pay attention to "partial completion" + + br $ra +.size s390x_klmd,.-s390x_klmd +___ +} + ################ # void s390x_km(const unsigned char *in, size_t len, unsigned char *out, # unsigned int fc, void *param) |