| Line 1... |
Line 1... |
| 1 |
; libcrash -- cryptographic hash functions |
1 |
; libcrash -- cryptographic hash functions |
| 2 |
; |
2 |
; |
| 3 |
; Copyright (C) 2013 Ivan Baravy (dunkaist) |
3 |
; Copyright (C) 2013,2016 Ivan Baravy (dunkaist) |
| 4 |
; |
4 |
; |
| 5 |
; This program is free software: you can redistribute it and/or modify |
5 |
; This program is free software: you can redistribute it and/or modify |
| 6 |
; it under the terms of the GNU General Public License as published by |
6 |
; it under the terms of the GNU General Public License as published by |
| 7 |
; the Free Software Foundation, either version 3 of the License, or |
7 |
; the Free Software Foundation, either version 3 of the License, or |
| 8 |
; (at your option) any later version. |
8 |
; (at your option) any later version. |
| Line 13... |
Line 13... |
| 13 |
; GNU General Public License for more details. |
13 |
; GNU General Public License for more details. |
| 14 |
; |
14 |
; |
| 15 |
; You should have received a copy of the GNU General Public License |
15 |
; You should have received a copy of the GNU General Public License |
| 16 |
; along with this program. If not, see . |
16 |
; along with this program. If not, see . |
| Line -... |
Line 17... |
| - |
|
17 |
|
| - |
|
18 |
|
| - |
|
19 |
SHA3224_BLOCK_SIZE = 144 |
| - |
|
20 |
SHA3256_BLOCK_SIZE = 136 |
| - |
|
21 |
SHA3384_BLOCK_SIZE = 104 |
| - |
|
22 |
SHA3512_BLOCK_SIZE = 72 |
| - |
|
23 |
SHA3MAX_BLOCK_SIZE = SHA3224_BLOCK_SIZE |
| - |
|
24 |
|
| - |
|
25 |
SHA3_INIT_SIZE = 200 |
| - |
|
26 |
|
| - |
|
27 |
SHA3224_HASH_SIZE = 28 |
| - |
|
28 |
SHA3256_HASH_SIZE = 32 |
| - |
|
29 |
SHA3384_HASH_SIZE = 48 |
| - |
|
30 |
SHA3512_HASH_SIZE = 64 |
| - |
|
31 |
|
| - |
|
32 |
SHA3_ALIGN = 16 |
| - |
|
33 |
SHA3_ALIGN_MASK = SHA3_ALIGN-1 |
| - |
|
34 |
|
| - |
|
35 |
struct ctx_sha3 |
| - |
|
36 |
hash rb SHA3_INIT_SIZE |
| - |
|
37 |
rb SHA3_ALIGN - (SHA3_INIT_SIZE mod SHA3_ALIGN) |
| - |
|
38 |
block rb SHA3MAX_BLOCK_SIZE |
| - |
|
39 |
rb SHA3_ALIGN - (SHA3MAX_BLOCK_SIZE mod SHA3_ALIGN) |
| - |
|
40 |
index rd 1 |
| - |
|
41 |
block_size rd 1 |
| - |
|
42 |
rounds_cnt rd 1 |
| - |
|
43 |
rd 1 ; align |
| - |
|
44 |
; tmp vars |
| - |
|
45 |
C rq 5 |
| - |
|
46 |
D rq 5 |
| - |
|
47 |
ends |
| - |
|
48 |
|
| 17 |
|
49 |
|
| 18 |
macro keccak_rol_xor nd, ncl, ncr |
50 |
macro sha3._.rol_xor nd, ncl, ncr |
| 19 |
{ |
51 |
{ |
| 20 |
movq mm0, [C + 8*(ncl)] |
52 |
movq mm0, [C + 8*(ncl)] |
| 21 |
movq mm1, mm0 |
53 |
movq mm1, mm0 |
| 22 |
psllq mm0, 1 |
54 |
psllq mm0, 1 |
| 23 |
psrlq mm1, 63 |
55 |
psrlq mm1, 63 |
| 24 |
por mm0, mm1 |
56 |
por mm0, mm1 |
| 25 |
pxor mm0, [C + 8*(ncr)] |
57 |
pxor mm0, [C + 8*(ncr)] |
| 26 |
movq [D + 8*(nd)], mm0 |
58 |
movq [D + 8*(nd)], mm0 |
| Line 27... |
Line 59... |
| 27 |
} |
59 |
} |
| 28 |
|
60 |
|
| 29 |
proc keccak_theta |
61 |
proc sha3._.theta |
| 30 |
locals |
62 |
;locals |
| 31 |
C rq 5 |
63 |
; C rq 5 |
| - |
|
64 |
; D rq 5 |
| - |
|
65 |
;endl |
| Line 32... |
Line 66... |
| 32 |
D rq 5 |
66 |
C equ ebx + ctx_sha3.C |
| 33 |
endl |
67 |
D equ ebx + ctx_sha3.D |
| 34 |
|
68 |
|
| 35 |
repeat 5 |
69 |
repeat 5 |
| 36 |
movq mm0, [edi + 8*(%-1 + 0)] |
70 |
movq mm0, [edi + 8*(%-1 + 0)] |
| 37 |
pxor mm0, [edi + 8*(%-1 + 5)] |
71 |
pxor mm0, [edi + 8*(%-1 + 5)] |
| 38 |
pxor mm0, [edi + 8*(%-1 + 10)] |
72 |
pxor mm0, [edi + 8*(%-1 + 10)] |
| 39 |
pxor mm0, [edi + 8*(%-1 + 15)] |
73 |
pxor mm0, [edi + 8*(%-1 + 15)] |
| Line 40... |
Line 74... |
| 40 |
pxor mm0, [edi + 8*(%-1 + 20)] |
74 |
pxor mm0, [edi + 8*(%-1 + 20)] |
| 41 |
movq [C + 8*(%-1)], mm0 |
75 |
movq [C + 8*(%-1)], mm0 |
| 42 |
end repeat |
76 |
end repeat |
| 43 |
|
77 |
|
| 44 |
keccak_rol_xor 0, 1, 4 |
78 |
sha3._.rol_xor 0, 1, 4 |
| Line 45... |
Line 79... |
| 45 |
keccak_rol_xor 1, 2, 0 |
79 |
sha3._.rol_xor 1, 2, 0 |
| 46 |
keccak_rol_xor 2, 3, 1 |
80 |
sha3._.rol_xor 2, 3, 1 |
| 47 |
keccak_rol_xor 3, 4, 2 |
81 |
sha3._.rol_xor 3, 4, 2 |
| 48 |
keccak_rol_xor 4, 0, 3 |
82 |
sha3._.rol_xor 4, 0, 3 |
| Line 64... |
Line 98... |
| 64 |
movq mm0, mm1 |
98 |
movq mm0, mm1 |
| 65 |
pxor mm0, [edi + 8*(%-1 + 20)] |
99 |
pxor mm0, [edi + 8*(%-1 + 20)] |
| 66 |
movq [edi + 8*(%-1 + 20)], mm0 |
100 |
movq [edi + 8*(%-1 + 20)], mm0 |
| 67 |
end repeat |
101 |
end repeat |
| Line -... |
Line 102... |
| - |
|
102 |
|
| 68 |
|
103 |
restore C,D |
| 69 |
ret |
104 |
ret |
| Line 70... |
Line 105... |
| 70 |
endp |
105 |
endp |
| 71 |
|
106 |
|
| 72 |
|
107 |
|
| 73 |
proc keccak_pi |
108 |
proc sha3._.pi |
| 74 |
movq mm1, [edi + 8*1] |
109 |
movq mm1, [edi + 8*1] |
| 75 |
movq mm0, [edi + 8*6] |
110 |
movq mm0, [edi + 8*6] |
| Line 122... |
Line 157... |
| 122 |
|
157 |
|
| 123 |
ret |
158 |
ret |
| Line 124... |
Line 159... |
| 124 |
endp |
159 |
endp |
| Line 125... |
Line 160... |
| 125 |
|
160 |
|
| 126 |
|
161 |
|
| 127 |
proc keccak_chi |
162 |
proc sha3._.chi |
| 128 |
|
163 |
|
| Line 172... |
Line 207... |
| 172 |
end repeat |
207 |
end repeat |
| 173 |
ret |
208 |
ret |
| 174 |
endp |
209 |
endp |
| Line 175... |
Line 210... |
| 175 |
|
210 |
|
| 176 |
|
211 |
|
| 177 |
macro keccak_rol_mov n, c |
212 |
macro sha3._.rol_mov n, c |
| 178 |
{ |
213 |
{ |
| 179 |
movq mm0, [edi + 8*(n)] |
214 |
movq mm0, [edi + 8*(n)] |
| 180 |
movq mm1, mm0 |
215 |
movq mm1, mm0 |
| 181 |
psllq mm0, (c) |
216 |
psllq mm0, (c) |
| 182 |
psrlq mm1, (64-(c)) |
217 |
psrlq mm1, (64-(c)) |
| 183 |
por mm0, mm1 |
218 |
por mm0, mm1 |
| Line 184... |
Line 219... |
| 184 |
movq [edi + 8*(n)], mm0 |
219 |
movq [edi + 8*(n)], mm0 |
| Line 185... |
Line 220... |
| 185 |
} |
220 |
} |
| 186 |
|
221 |
|
| Line 187... |
Line 222... |
| 187 |
proc keccak_permutation |
222 |
proc sha3._.permutation |
| 188 |
|
223 |
|
| 189 |
repeat 24 |
224 |
repeat 24 |
| 190 |
stdcall keccak_theta |
225 |
stdcall sha3._.theta |
| 191 |
|
226 |
|
| 192 |
keccak_rol_mov 1, 1 |
227 |
sha3._.rol_mov 1, 1 |
| 193 |
keccak_rol_mov 2, 62 |
228 |
sha3._.rol_mov 2, 62 |
| 194 |
keccak_rol_mov 3, 28 |
229 |
sha3._.rol_mov 3, 28 |
| 195 |
keccak_rol_mov 4, 27 |
230 |
sha3._.rol_mov 4, 27 |
| 196 |
keccak_rol_mov 5, 36 |
231 |
sha3._.rol_mov 5, 36 |
| 197 |
keccak_rol_mov 6, 44 |
232 |
sha3._.rol_mov 6, 44 |
| 198 |
keccak_rol_mov 7, 6 |
233 |
sha3._.rol_mov 7, 6 |
| 199 |
keccak_rol_mov 8, 55 |
234 |
sha3._.rol_mov 8, 55 |
| 200 |
keccak_rol_mov 9, 20 |
235 |
sha3._.rol_mov 9, 20 |
| 201 |
keccak_rol_mov 10, 3 |
236 |
sha3._.rol_mov 10, 3 |
| 202 |
keccak_rol_mov 11, 10 |
237 |
sha3._.rol_mov 11, 10 |
| 203 |
keccak_rol_mov 12, 43 |
238 |
sha3._.rol_mov 12, 43 |
| 204 |
keccak_rol_mov 13, 25 |
239 |
sha3._.rol_mov 13, 25 |
| 205 |
keccak_rol_mov 14, 39 |
240 |
sha3._.rol_mov 14, 39 |
| 206 |
keccak_rol_mov 15, 41 |
241 |
sha3._.rol_mov 15, 41 |
| 207 |
keccak_rol_mov 16, 45 |
242 |
sha3._.rol_mov 16, 45 |
| 208 |
keccak_rol_mov 17, 15 |
243 |
sha3._.rol_mov 17, 15 |
| 209 |
keccak_rol_mov 18, 21 |
244 |
sha3._.rol_mov 18, 21 |
| 210 |
keccak_rol_mov 19, 8 |
245 |
sha3._.rol_mov 19, 8 |
| Line 211... |
Line 246... |
| 211 |
keccak_rol_mov 20, 18 |
246 |
sha3._.rol_mov 20, 18 |
| 212 |
keccak_rol_mov 21, 2 |
247 |
sha3._.rol_mov 21, 2 |
| Line 213... |
Line 248... |
| 213 |
keccak_rol_mov 22, 61 |
248 |
sha3._.rol_mov 22, 61 |
| 214 |
keccak_rol_mov 23, 56 |
249 |
sha3._.rol_mov 23, 56 |
| 215 |
keccak_rol_mov 24, 14 |
250 |
sha3._.rol_mov 24, 14 |
| 216 |
|
251 |
|
| Line 217... |
Line 252... |
| 217 |
stdcall keccak_pi |
252 |
stdcall sha3._.pi |
| 218 |
stdcall keccak_chi |
253 |
stdcall sha3._.chi |
| Line 219... |
Line 254... |
| 219 |
|
254 |
|
| - |
|
255 |
movq mm0, [edi + 8*(0)] |
| - |
|
256 |
pxor mm0, [sha3._.round + 8*(%-1)] |
| 220 |
movq mm0, [edi + 8*(0)] |
257 |
movq [edi + 8*(0)], mm0 |
| 221 |
pxor mm0, [crash._.sha3_round + 8*(%-1)] |
- |
|
| - |
|
258 |
end repeat |
| 222 |
movq [edi + 8*(0)], mm0 |
259 |
|
| 223 |
end repeat |
260 |
ret |
| - |
|
261 |
endp |
| 224 |
|
262 |
|
| 225 |
ret |
263 |
|
| - |
|
264 |
proc sha3._.init _ctx |
| 226 |
endp |
265 |
mov [ebx + ctx_sha3.block_size], eax |
| Line 227... |
Line -... |
| 227 |
|
- |
|
| Line 228... |
Line 266... |
| 228 |
|
266 |
shr eax, 3 |
| - |
|
267 |
dec eax |
| - |
|
268 |
mov [ebx + ctx_sha3.rounds_cnt], eax |
| - |
|
269 |
xor eax, eax |
| 229 |
proc crash.sha3_224 _hash, _data |
270 |
lea edi, [ebx + ctx_sha3.hash] |
| 230 |
mov edi, [_hash] |
271 |
mov ecx, SHA3_INIT_SIZE/4 |
| Line 231... |
Line 272... |
| 231 |
|
272 |
rep stosd |
| 232 |
repeat 18 |
273 |
mov [ebx + ctx_sha3.index], eax |
| - |
|
274 |
ret |
| - |
|
275 |
endp |
| - |
|
276 |
|
| - |
|
277 |
|
| Line 233... |
Line -... |
| 233 |
movq mm0, [esi + 8*(%-1)] |
- |
|
| 234 |
pxor mm0, [edi + 8*(%-1)] |
- |
|
| 235 |
movq [edi + 8*(%-1)], mm0 |
- |
|
| 236 |
end repeat |
- |
|
| 237 |
|
- |
|
| Line -... |
Line 278... |
| - |
|
278 |
proc sha3224.init _ctx |
| - |
|
279 |
mov ebx, [_ctx] |
| - |
|
280 |
mov eax, SHA3224_BLOCK_SIZE |
| 238 |
stdcall keccak_permutation |
281 |
stdcall sha3._.init |
| - |
|
282 |
ret |
| - |
|
283 |
endp |
| Line -... |
Line 284... |
| - |
|
284 |
|
| 239 |
|
285 |
|
| - |
|
286 |
proc sha3256.init _ctx |
| - |
|
287 |
mov ebx, [_ctx] |
| - |
|
288 |
mov eax, SHA3256_BLOCK_SIZE |
| 240 |
add esi, 144 |
289 |
stdcall sha3._.init |
| 241 |
ret |
290 |
ret |
| Line 242... |
Line 291... |
| 242 |
endp |
291 |
endp |
| - |
|
292 |
|
| 243 |
|
293 |
|
| Line 244... |
Line 294... |
| 244 |
|
294 |
proc sha3384.init _ctx |
| 245 |
proc crash.sha3_256 _hash, _data |
295 |
mov ebx, [_ctx] |
| 246 |
mov edi, [_hash] |
296 |
mov eax, SHA3384_BLOCK_SIZE |
| 247 |
|
297 |
stdcall sha3._.init |
| 248 |
repeat 17 |
298 |
ret |
| - |
|
299 |
endp |
| Line 249... |
Line 300... |
| 249 |
movq mm0, [esi + 8*(%-1)] |
300 |
|
| Line 250... |
Line -... |
| 250 |
pxor mm0, [edi + 8*(%-1)] |
- |
|
| 251 |
movq [edi + 8*(%-1)], mm0 |
301 |
|
| 252 |
end repeat |
302 |
proc sha3512.init _ctx |
| Line 253... |
Line 303... |
| 253 |
|
303 |
mov ebx, [_ctx] |
| - |
|
304 |
mov eax, SHA3512_BLOCK_SIZE |
| - |
|
305 |
stdcall sha3._.init |
| 254 |
stdcall keccak_permutation |
306 |
ret |
| - |
|
307 |
endp |
| - |
|
308 |
|
| - |
|
309 |
|
| - |
|
310 |
proc sha3._.block _hash |
| - |
|
311 |
mov ecx, [ebx + ctx_sha3.rounds_cnt] |
| - |
|
312 |
mov edi, [_hash] |
| - |
|
313 |
|
| - |
|
314 |
@@: |
| - |
|
315 |
movq mm0, [esi + 8*ecx] |
| - |
|
316 |
pxor mm0, [edi + 8*ecx] |
| - |
|
317 |
movq [edi + 8*ecx], mm0 |
| - |
|
318 |
dec ecx |
| - |
|
319 |
jns @b |
| - |
|
320 |
|
| - |
|
321 |
stdcall sha3._.permutation |
| - |
|
322 |
|
| - |
|
323 |
ret |
| - |
|
324 |
endp |
| - |
|
325 |
|
| - |
|
326 |
|
| - |
|
327 |
proc sha3.update _ctx, _msg, _size |
| - |
|
328 |
.next_block: |
| - |
|
329 |
mov ebx, [_ctx] |
| - |
|
330 |
mov esi, [_msg] |
| - |
|
331 |
mov eax, [ebx + ctx_sha3.index] |
| - |
|
332 |
test eax, eax |
| - |
|
333 |
jnz .copy_to_buf |
| - |
|
334 |
test esi, SHA3_ALIGN_MASK |
| - |
|
335 |
jnz .copy_to_buf |
| - |
|
336 |
.no_copy: |
| - |
|
337 |
; data is aligned, hash it in place without copying |
| - |
|
338 |
mov ebx, [_ctx] |
| - |
|
339 |
mov eax, [ebx + ctx_sha3.block_size] |
| - |
|
340 |
cmp [_size], eax |
| - |
|
341 |
jb .copy_quit |
| - |
|
342 |
lea eax, [ebx + ctx_sha3.hash] |
| - |
|
343 |
push ebx esi |
| - |
|
344 |
stdcall sha3._.block, eax |
| - |
|
345 |
pop esi ebx |
| - |
|
346 |
mov eax, [ebx + ctx_sha3.block_size] |
| - |
|
347 |
sub [_size], eax |
| - |
|
348 |
add esi, [ebx + ctx_sha3.block_size] |
| - |
|
349 |
jmp .no_copy |
| - |
|
350 |
|
| - |
|
351 |
.copy_to_buf: |
| - |
|
352 |
lea edi, [ebx + ctx_sha3.block] |
| - |
|
353 |
add edi, eax |
| - |
|
354 |
mov ecx, [ebx + ctx_sha3.block_size] |
| - |
|
355 |
sub ecx, eax |
| - |
|
356 |
cmp [_size], ecx |
| - |
|
357 |
jb .copy_quit |
| - |
|
358 |
sub [_size], ecx |
| Line 255... |
Line -... |
| 255 |
|
- |
|
| 256 |
add esi, 136 |
- |
|
| 257 |
ret |
- |
|
| 258 |
endp |
- |
|
| 259 |
|
- |
|
| Line -... |
Line 359... |
| - |
|
359 |
add [_msg], ecx |
| - |
|
360 |
add [ebx + ctx_sha3.index], ecx |
| - |
|
361 |
mov eax, [ebx + ctx_sha3.block_size] |
| - |
|
362 |
cmp [ebx + ctx_sha3.index], eax |
| - |
|
363 |
jb @f |
| - |
|
364 |
sub [ebx + ctx_sha3.index], eax |
| - |
|
365 |
@@: |
| - |
|
366 |
rep movsb |
| - |
|
367 |
lea eax, [ebx + ctx_sha3.hash] |
| - |
|
368 |
lea esi, [ebx + ctx_sha3.block] |
| - |
|
369 |
stdcall sha3._.block, eax |
| - |
|
370 |
jmp .next_block |
| - |
|
371 |
|
| - |
|
372 |
.copy_quit: |
| - |
|
373 |
mov ebx, [_ctx] |
| - |
|
374 |
lea edi, [ebx + ctx_sha3.block] |
| - |
|
375 |
mov eax, [ebx + ctx_sha3.index] |
| - |
|
376 |
add edi, eax |
| - |
|
377 |
mov ecx, [_size] |
| - |
|
378 |
add [ebx + ctx_sha3.index], ecx |
| - |
|
379 |
rep movsb |
| - |
|
380 |
.quit: |
| - |
|
381 |
ret |
| - |
|
382 |
endp |
| - |
|
383 |
|
| - |
|
384 |
|
| - |
|
385 |
proc sha3.final _ctx |
| - |
|
386 |
pushad |
| 260 |
|
387 |
mov ebx, [_ctx] |
| - |
|
388 |
mov eax, [ebx + ctx_sha3.index] |
| - |
|
389 |
xor edx, edx |
| - |
|
390 |
mov ecx, [ebx + ctx_sha3.block_size] |
| - |
|
391 |
div ecx |
| Line 261... |
Line 392... |
| 261 |
proc crash.sha3_384 _hash, _data |
392 |
sub ecx, edx |
| 262 |
mov edi, [_hash] |
393 |
ja @f |
| 263 |
|
394 |
add ecx, [ebx + ctx_sha3.block_size] |
| Line -... |
Line 395... |
| - |
|
395 |
@@: |
| - |
|
396 |
add [ebx + ctx_sha3.index], ecx |
| - |
|
397 |
mov eax, [ebx + ctx_sha3.block_size] |
| - |
|
398 |
cmp [ebx + ctx_sha3.index], eax |
| - |
|
399 |
jb @f |
| - |
|
400 |
sub [ebx + ctx_sha3.index], eax |
| - |
|
401 |
@@: |
| - |
|
402 |
|
| - |
|
403 |
mov byte[edi], 0x06 |
| - |
|
404 |
inc edi |
| - |
|
405 |
dec ecx |
| - |
|
406 |
xor eax, eax |
| - |
|
407 |
rep stosb |
| - |
|
408 |
or byte[edi - 1], 0x80 |
| - |
|
409 |
|
| - |
|
410 |
mov ebx, [_ctx] |
| - |
|
411 |
lea esi, [ebx + ctx_sha3.block] |
| - |
|
412 |
lea eax, [ebx + ctx_sha3.hash] |