search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix O_APPEND for Linux 3.15 and older kernels
[zfs.git] / module / icp / algs / edonr / edonr.c
blob6f3a43e263be5c329f85efc6b84a839adb3a4059
1 /*
2 * IDI,NTNU
3 *
4 * CDDL HEADER START
5 *
6 * The contents of this file are subject to the terms of the
7 * Common Development and Distribution License (the "License").
8 * You may not use this file except in compliance with the License.
9 *
10 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
11 * or http://opensource.org/licenses/CDDL-1.0.
12 * See the License for the specific language governing permissions
13 * and limitations under the License.
14 *
15 * When distributing Covered Code, include this CDDL HEADER in each
16 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
17 * If applicable, add the following below this CDDL HEADER, with the
18 * fields enclosed by brackets "[]" replaced with your own identifying
19 * information: Portions Copyright [yyyy] [name of copyright owner]
20 *
21 * CDDL HEADER END
22 *
23 * Copyright (C) 2009, 2010, Jorn Amundsen <jorn.amundsen@ntnu.no>
24 * Tweaked Edon-R implementation for SUPERCOP, based on NIST API.
25 *
26 * $Id: edonr.c 517 2013-02-17 20:34:39Z joern $
27 */
28 /*
29 * Portions copyright (c) 2013, Saso Kiselkov, All rights reserved
30 */
31
32 /*
33 * Unlike sha2 or skein, we won't expose edonr via the Kernel Cryptographic
34 * Framework (KCF), because Edon-R is *NOT* suitable for general-purpose
35 * cryptographic use. Users of Edon-R must interface directly to this module.
36 */
37
38 #include <sys/string.h>
39 #include <sys/edonr.h>
40 #include <sys/debug.h>
41
42 /* big endian support, provides no-op's if run on little endian hosts */
43 #include "edonr_byteorder.h"
44
45 #define hashState224(x) ((x)->pipe->p256)
46 #define hashState256(x) ((x)->pipe->p256)
47 #define hashState384(x) ((x)->pipe->p512)
48 #define hashState512(x) ((x)->pipe->p512)
49
50 /* shift and rotate shortcuts */
51 #define shl(x, n) ((x) << n)
52 #define shr(x, n) ((x) >> n)
53
54 #define rotl32(x, n) (((x) << (n)) | ((x) >> (32 - (n))))
55 #define rotr32(x, n) (((x) >> (n)) | ((x) << (32 - (n))))
56
57 #define rotl64(x, n) (((x) << (n)) | ((x) >> (64 - (n))))
58 #define rotr64(x, n) (((x) >> (n)) | ((x) << (64 - (n))))
59
60 #if !defined(__C99_RESTRICT)
61 #define restrict /* restrict */
62 #endif
63
64 #define EDONR_VALID_HASHBITLEN(x) \
65 ((x) == 512 || (x) == 384 || (x) == 256 || (x) == 224)
66
67 /* EdonR224 initial double chaining pipe */
68 static const uint32_t i224p2[16] = {
69 0x00010203ul, 0x04050607ul, 0x08090a0bul, 0x0c0d0e0ful,
70 0x10111213ul, 0x14151617ul, 0x18191a1bul, 0x1c1d1e1ful,
71 0x20212223ul, 0x24252627ul, 0x28292a2bul, 0x2c2d2e2ful,
72 0x30313233ul, 0x34353637ul, 0x38393a3bul, 0x3c3d3e3ful,
73 };
74
75 /* EdonR256 initial double chaining pipe */
76 static const uint32_t i256p2[16] = {
77 0x40414243ul, 0x44454647ul, 0x48494a4bul, 0x4c4d4e4ful,
78 0x50515253ul, 0x54555657ul, 0x58595a5bul, 0x5c5d5e5ful,
79 0x60616263ul, 0x64656667ul, 0x68696a6bul, 0x6c6d6e6ful,
80 0x70717273ul, 0x74757677ul, 0x78797a7bul, 0x7c7d7e7ful,
81 };
82
83 /* EdonR384 initial double chaining pipe */
84 static const uint64_t i384p2[16] = {
85 0x0001020304050607ull, 0x08090a0b0c0d0e0full,
86 0x1011121314151617ull, 0x18191a1b1c1d1e1full,
87 0x2021222324252627ull, 0x28292a2b2c2d2e2full,
88 0x3031323334353637ull, 0x38393a3b3c3d3e3full,
89 0x4041424344454647ull, 0x48494a4b4c4d4e4full,
90 0x5051525354555657ull, 0x58595a5b5c5d5e5full,
91 0x6061626364656667ull, 0x68696a6b6c6d6e6full,
92 0x7071727374757677ull, 0x78797a7b7c7d7e7full
93 };
94
95 /* EdonR512 initial double chaining pipe */
96 static const uint64_t i512p2[16] = {
97 0x8081828384858687ull, 0x88898a8b8c8d8e8full,
98 0x9091929394959697ull, 0x98999a9b9c9d9e9full,
99 0xa0a1a2a3a4a5a6a7ull, 0xa8a9aaabacadaeafull,
100 0xb0b1b2b3b4b5b6b7ull, 0xb8b9babbbcbdbebfull,
101 0xc0c1c2c3c4c5c6c7ull, 0xc8c9cacbcccdcecfull,
102 0xd0d1d2d3d4d5d6d7ull, 0xd8d9dadbdcdddedfull,
103 0xe0e1e2e3e4e5e6e7ull, 0xe8e9eaebecedeeefull,
104 0xf0f1f2f3f4f5f6f7ull, 0xf8f9fafbfcfdfeffull
105 };
106
107 /*
108 * First Latin Square
109 * 0 7 1 3 2 4 6 5
110 * 4 1 7 6 3 0 5 2
111 * 7 0 4 2 5 3 1 6
112 * 1 4 0 5 6 2 7 3
113 * 2 3 6 7 1 5 0 4
114 * 5 2 3 1 7 6 4 0
115 * 3 6 5 0 4 7 2 1
116 * 6 5 2 4 0 1 3 7
117 */
118 #define LS1_256(c, x0, x1, x2, x3, x4, x5, x6, x7) \
119 { \
120 uint32_t x04, x17, x23, x56, x07, x26; \
121 x04 = x0+x4, x17 = x1+x7, x07 = x04+x17; \
122 s0 = c + x07 + x2; \
123 s1 = rotl32(x07 + x3, 4); \
124 s2 = rotl32(x07 + x6, 8); \
125 x23 = x2 + x3; \
126 s5 = rotl32(x04 + x23 + x5, 22); \
127 x56 = x5 + x6; \
128 s6 = rotl32(x17 + x56 + x0, 24); \
129 x26 = x23+x56; \
130 s3 = rotl32(x26 + x7, 13); \
131 s4 = rotl32(x26 + x1, 17); \
132 s7 = rotl32(x26 + x4, 29); \
133 }
134
135 #define LS1_512(c, x0, x1, x2, x3, x4, x5, x6, x7) \
136 { \
137 uint64_t x04, x17, x23, x56, x07, x26; \
138 x04 = x0+x4, x17 = x1+x7, x07 = x04+x17; \
139 s0 = c + x07 + x2; \
140 s1 = rotl64(x07 + x3, 5); \
141 s2 = rotl64(x07 + x6, 15); \
142 x23 = x2 + x3; \
143 s5 = rotl64(x04 + x23 + x5, 40); \
144 x56 = x5 + x6; \
145 s6 = rotl64(x17 + x56 + x0, 50); \
146 x26 = x23+x56; \
147 s3 = rotl64(x26 + x7, 22); \
148 s4 = rotl64(x26 + x1, 31); \
149 s7 = rotl64(x26 + x4, 59); \
150 }
151
152 /*
153 * Second Orthogonal Latin Square
154 * 0 4 2 3 1 6 5 7
155 * 7 6 3 2 5 4 1 0
156 * 5 3 1 6 0 2 7 4
157 * 1 0 5 4 3 7 2 6
158 * 2 1 0 7 4 5 6 3
159 * 3 5 7 0 6 1 4 2
160 * 4 7 6 1 2 0 3 5
161 * 6 2 4 5 7 3 0 1
162 */
163 #define LS2_256(c, y0, y1, y2, y3, y4, y5, y6, y7) \
164 { \
165 uint32_t y01, y25, y34, y67, y04, y05, y27, y37; \
166 y01 = y0+y1, y25 = y2+y5, y05 = y01+y25; \
167 t0 = ~c + y05 + y7; \
168 t2 = rotl32(y05 + y3, 9); \
169 y34 = y3+y4, y04 = y01+y34; \
170 t1 = rotl32(y04 + y6, 5); \
171 t4 = rotl32(y04 + y5, 15); \
172 y67 = y6+y7, y37 = y34+y67; \
173 t3 = rotl32(y37 + y2, 11); \
174 t7 = rotl32(y37 + y0, 27); \
175 y27 = y25+y67; \
176 t5 = rotl32(y27 + y4, 20); \
177 t6 = rotl32(y27 + y1, 25); \
178 }
179
180 #define LS2_512(c, y0, y1, y2, y3, y4, y5, y6, y7) \
181 { \
182 uint64_t y01, y25, y34, y67, y04, y05, y27, y37; \
183 y01 = y0+y1, y25 = y2+y5, y05 = y01+y25; \
184 t0 = ~c + y05 + y7; \
185 t2 = rotl64(y05 + y3, 19); \
186 y34 = y3+y4, y04 = y01+y34; \
187 t1 = rotl64(y04 + y6, 10); \
188 t4 = rotl64(y04 + y5, 36); \
189 y67 = y6+y7, y37 = y34+y67; \
190 t3 = rotl64(y37 + y2, 29); \
191 t7 = rotl64(y37 + y0, 55); \
192 y27 = y25+y67; \
193 t5 = rotl64(y27 + y4, 44); \
194 t6 = rotl64(y27 + y1, 48); \
195 }
196
197 #define quasi_exform256(r0, r1, r2, r3, r4, r5, r6, r7) \
198 { \
199 uint32_t s04, s17, s23, s56, t01, t25, t34, t67; \
200 s04 = s0 ^ s4, t01 = t0 ^ t1; \
201 r0 = (s04 ^ s1) + (t01 ^ t5); \
202 t67 = t6 ^ t7; \
203 r1 = (s04 ^ s7) + (t2 ^ t67); \
204 s23 = s2 ^ s3; \
205 r7 = (s23 ^ s5) + (t4 ^ t67); \
206 t34 = t3 ^ t4; \
207 r3 = (s23 ^ s4) + (t0 ^ t34); \
208 s56 = s5 ^ s6; \
209 r5 = (s3 ^ s56) + (t34 ^ t6); \
210 t25 = t2 ^ t5; \
211 r6 = (s2 ^ s56) + (t25 ^ t7); \
212 s17 = s1 ^ s7; \
213 r4 = (s0 ^ s17) + (t1 ^ t25); \
214 r2 = (s17 ^ s6) + (t01 ^ t3); \
215 }
216
217 #define quasi_exform512(r0, r1, r2, r3, r4, r5, r6, r7) \
218 { \
219 uint64_t s04, s17, s23, s56, t01, t25, t34, t67; \
220 s04 = s0 ^ s4, t01 = t0 ^ t1; \
221 r0 = (s04 ^ s1) + (t01 ^ t5); \
222 t67 = t6 ^ t7; \
223 r1 = (s04 ^ s7) + (t2 ^ t67); \
224 s23 = s2 ^ s3; \
225 r7 = (s23 ^ s5) + (t4 ^ t67); \
226 t34 = t3 ^ t4; \
227 r3 = (s23 ^ s4) + (t0 ^ t34); \
228 s56 = s5 ^ s6; \
229 r5 = (s3 ^ s56) + (t34 ^ t6); \
230 t25 = t2 ^ t5; \
231 r6 = (s2 ^ s56) + (t25 ^ t7); \
232 s17 = s1 ^ s7; \
233 r4 = (s0 ^ s17) + (t1 ^ t25); \
234 r2 = (s17 ^ s6) + (t01 ^ t3); \
235 }
236
237 static size_t
238 Q256(size_t bitlen, const uint32_t *data, uint32_t *restrict p)
239 {
240 size_t bl;
241
242 for (bl = bitlen; bl >= EdonR256_BLOCK_BITSIZE;
243 bl -= EdonR256_BLOCK_BITSIZE, data += 16) {
244 uint32_t s0, s1, s2, s3, s4, s5, s6, s7, t0, t1, t2, t3, t4,
245 t5, t6, t7;
246 uint32_t p0, p1, p2, p3, p4, p5, p6, p7, q0, q1, q2, q3, q4,
247 q5, q6, q7;
248 const uint32_t defix = 0xaaaaaaaa;
249 #if defined(MACHINE_IS_BIG_ENDIAN)
250 uint32_t swp0, swp1, swp2, swp3, swp4, swp5, swp6, swp7, swp8,
251 swp9, swp10, swp11, swp12, swp13, swp14, swp15;
252 #define d(j) swp ## j
253 #define s32(j) ld_swap32((uint32_t *)data + j, swp ## j)
254 #else
255 #define d(j) data[j]
256 #endif
257
258 /* First row of quasigroup e-transformations */
259 #if defined(MACHINE_IS_BIG_ENDIAN)
260 s32(8);
261 s32(9);
262 s32(10);
263 s32(11);
264 s32(12);
265 s32(13);
266 s32(14);
267 s32(15);
268 #endif
269 LS1_256(defix, d(15), d(14), d(13), d(12), d(11), d(10), d(9),
270 d(8));
271 #if defined(MACHINE_IS_BIG_ENDIAN)
272 s32(0);
273 s32(1);
274 s32(2);
275 s32(3);
276 s32(4);
277 s32(5);
278 s32(6);
279 s32(7);
280 #undef s32
281 #endif
282 LS2_256(defix, d(0), d(1), d(2), d(3), d(4), d(5), d(6), d(7));
283 quasi_exform256(p0, p1, p2, p3, p4, p5, p6, p7);
284
285 LS1_256(defix, p0, p1, p2, p3, p4, p5, p6, p7);
286 LS2_256(defix, d(8), d(9), d(10), d(11), d(12), d(13), d(14),
287 d(15));
288 quasi_exform256(q0, q1, q2, q3, q4, q5, q6, q7);
289
290 /* Second row of quasigroup e-transformations */
291 LS1_256(defix, p[8], p[9], p[10], p[11], p[12], p[13], p[14],
292 p[15]);
293 LS2_256(defix, p0, p1, p2, p3, p4, p5, p6, p7);
294 quasi_exform256(p0, p1, p2, p3, p4, p5, p6, p7);
295
296 LS1_256(defix, p0, p1, p2, p3, p4, p5, p6, p7);
297 LS2_256(defix, q0, q1, q2, q3, q4, q5, q6, q7);
298 quasi_exform256(q0, q1, q2, q3, q4, q5, q6, q7);
299
300 /* Third row of quasigroup e-transformations */
301 LS1_256(defix, p0, p1, p2, p3, p4, p5, p6, p7);
302 LS2_256(defix, p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]);
303 quasi_exform256(p0, p1, p2, p3, p4, p5, p6, p7);
304
305 LS1_256(defix, q0, q1, q2, q3, q4, q5, q6, q7);
306 LS2_256(defix, p0, p1, p2, p3, p4, p5, p6, p7);
307 quasi_exform256(q0, q1, q2, q3, q4, q5, q6, q7);
308
309 /* Fourth row of quasigroup e-transformations */
310 LS1_256(defix, d(7), d(6), d(5), d(4), d(3), d(2), d(1), d(0));
311 LS2_256(defix, p0, p1, p2, p3, p4, p5, p6, p7);
312 quasi_exform256(p0, p1, p2, p3, p4, p5, p6, p7);
313
314 LS1_256(defix, p0, p1, p2, p3, p4, p5, p6, p7);
315 LS2_256(defix, q0, q1, q2, q3, q4, q5, q6, q7);
316 quasi_exform256(q0, q1, q2, q3, q4, q5, q6, q7);
317
318 /* Edon-R tweak on the original SHA-3 Edon-R submission. */
319 p[0] ^= d(8) ^ p0;
320 p[1] ^= d(9) ^ p1;
321 p[2] ^= d(10) ^ p2;
322 p[3] ^= d(11) ^ p3;
323 p[4] ^= d(12) ^ p4;
324 p[5] ^= d(13) ^ p5;
325 p[6] ^= d(14) ^ p6;
326 p[7] ^= d(15) ^ p7;
327 p[8] ^= d(0) ^ q0;
328 p[9] ^= d(1) ^ q1;
329 p[10] ^= d(2) ^ q2;
330 p[11] ^= d(3) ^ q3;
331 p[12] ^= d(4) ^ q4;
332 p[13] ^= d(5) ^ q5;
333 p[14] ^= d(6) ^ q6;
334 p[15] ^= d(7) ^ q7;
335 }
336
337 #undef d
338 return (bitlen - bl);
339 }
340
341 /*
342 * Why is this #pragma here?
343 *
344 * Checksum functions like this one can go over the stack frame size check
345 * Linux imposes on 32-bit platforms (-Wframe-larger-than=1024). We can
346 * safely ignore the compiler error since we know that in OpenZFS, that
347 * the function will be called from a worker thread that won't be using
348 * much stack. The only function that goes over the 1k limit is Q512(),
349 * which only goes over it by a hair (1248 bytes on ARM32).
350 */
351 #include <sys/isa_defs.h> /* for _ILP32 */
352 #ifdef _ILP32 /* We're 32-bit, assume small stack frames */
353 #pragma GCC diagnostic ignored "-Wframe-larger-than="
354 #endif
355
356 #if defined(__IBMC__) && defined(_AIX) && defined(__64BIT__)
357 static inline size_t
358 #else
359 static size_t
360 #endif
361 Q512(size_t bitlen, const uint64_t *data, uint64_t *restrict p)
362 {
363 size_t bl;
364
365 for (bl = bitlen; bl >= EdonR512_BLOCK_BITSIZE;
366 bl -= EdonR512_BLOCK_BITSIZE, data += 16) {
367 uint64_t s0, s1, s2, s3, s4, s5, s6, s7, t0, t1, t2, t3, t4,
368 t5, t6, t7;
369 uint64_t p0, p1, p2, p3, p4, p5, p6, p7, q0, q1, q2, q3, q4,
370 q5, q6, q7;
371 const uint64_t defix = 0xaaaaaaaaaaaaaaaaull;
372 #if defined(MACHINE_IS_BIG_ENDIAN)
373 uint64_t swp0, swp1, swp2, swp3, swp4, swp5, swp6, swp7, swp8,
374 swp9, swp10, swp11, swp12, swp13, swp14, swp15;
375 #define d(j) swp##j
376 #define s64(j) ld_swap64((uint64_t *)data+j, swp##j)
377 #else
378 #define d(j) data[j]
379 #endif
380
381 /* First row of quasigroup e-transformations */
382 #if defined(MACHINE_IS_BIG_ENDIAN)
383 s64(8);
384 s64(9);
385 s64(10);
386 s64(11);
387 s64(12);
388 s64(13);
389 s64(14);
390 s64(15);
391 #endif
392 LS1_512(defix, d(15), d(14), d(13), d(12), d(11), d(10), d(9),
393 d(8));
394 #if defined(MACHINE_IS_BIG_ENDIAN)
395 s64(0);
396 s64(1);
397 s64(2);
398 s64(3);
399 s64(4);
400 s64(5);
401 s64(6);
402 s64(7);
403 #undef s64
404 #endif
405 LS2_512(defix, d(0), d(1), d(2), d(3), d(4), d(5), d(6), d(7));
406 quasi_exform512(p0, p1, p2, p3, p4, p5, p6, p7);
407
408 LS1_512(defix, p0, p1, p2, p3, p4, p5, p6, p7);
409 LS2_512(defix, d(8), d(9), d(10), d(11), d(12), d(13), d(14),
410 d(15));
411 quasi_exform512(q0, q1, q2, q3, q4, q5, q6, q7);
412
413 /* Second row of quasigroup e-transformations */
414 LS1_512(defix, p[8], p[9], p[10], p[11], p[12], p[13], p[14],
415 p[15]);
416 LS2_512(defix, p0, p1, p2, p3, p4, p5, p6, p7);
417 quasi_exform512(p0, p1, p2, p3, p4, p5, p6, p7);
418
419 LS1_512(defix, p0, p1, p2, p3, p4, p5, p6, p7);
420 LS2_512(defix, q0, q1, q2, q3, q4, q5, q6, q7);
421 quasi_exform512(q0, q1, q2, q3, q4, q5, q6, q7);
422
423 /* Third row of quasigroup e-transformations */
424 LS1_512(defix, p0, p1, p2, p3, p4, p5, p6, p7);
425 LS2_512(defix, p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]);
426 quasi_exform512(p0, p1, p2, p3, p4, p5, p6, p7);
427
428 LS1_512(defix, q0, q1, q2, q3, q4, q5, q6, q7);
429 LS2_512(defix, p0, p1, p2, p3, p4, p5, p6, p7);
430 quasi_exform512(q0, q1, q2, q3, q4, q5, q6, q7);
431
432 /* Fourth row of quasigroup e-transformations */
433 LS1_512(defix, d(7), d(6), d(5), d(4), d(3), d(2), d(1), d(0));
434 LS2_512(defix, p0, p1, p2, p3, p4, p5, p6, p7);
435 quasi_exform512(p0, p1, p2, p3, p4, p5, p6, p7);
436
437 LS1_512(defix, p0, p1, p2, p3, p4, p5, p6, p7);
438 LS2_512(defix, q0, q1, q2, q3, q4, q5, q6, q7);
439 quasi_exform512(q0, q1, q2, q3, q4, q5, q6, q7);
440
441 /* Edon-R tweak on the original SHA-3 Edon-R submission. */
442 p[0] ^= d(8) ^ p0;
443 p[1] ^= d(9) ^ p1;
444 p[2] ^= d(10) ^ p2;
445 p[3] ^= d(11) ^ p3;
446 p[4] ^= d(12) ^ p4;
447 p[5] ^= d(13) ^ p5;
448 p[6] ^= d(14) ^ p6;
449 p[7] ^= d(15) ^ p7;
450 p[8] ^= d(0) ^ q0;
451 p[9] ^= d(1) ^ q1;
452 p[10] ^= d(2) ^ q2;
453 p[11] ^= d(3) ^ q3;
454 p[12] ^= d(4) ^ q4;
455 p[13] ^= d(5) ^ q5;
456 p[14] ^= d(6) ^ q6;
457 p[15] ^= d(7) ^ q7;
458 }
459
460 #undef d
461 return (bitlen - bl);
462 }
463
464 void
465 EdonRInit(EdonRState *state, size_t hashbitlen)
466 {
467 ASSERT(EDONR_VALID_HASHBITLEN(hashbitlen));
468 switch (hashbitlen) {
469 case 224:
470 state->hashbitlen = 224;
471 state->bits_processed = 0;
472 state->unprocessed_bits = 0;
473 memcpy(hashState224(state)->DoublePipe, i224p2,
474 sizeof (i224p2));
475 break;
476
477 case 256:
478 state->hashbitlen = 256;
479 state->bits_processed = 0;
480 state->unprocessed_bits = 0;
481 memcpy(hashState256(state)->DoublePipe, i256p2,
482 sizeof (i256p2));
483 break;
484
485 case 384:
486 state->hashbitlen = 384;
487 state->bits_processed = 0;
488 state->unprocessed_bits = 0;
489 memcpy(hashState384(state)->DoublePipe, i384p2,
490 sizeof (i384p2));
491 break;
492
493 case 512:
494 state->hashbitlen = 512;
495 state->bits_processed = 0;
496 state->unprocessed_bits = 0;
497 memcpy(hashState224(state)->DoublePipe, i512p2,
498 sizeof (i512p2));
499 break;
500 }
501 }
502
503
504 void
505 EdonRUpdate(EdonRState *state, const uint8_t *data, size_t databitlen)
506 {
507 uint32_t *data32;
508 uint64_t *data64;
509
510 size_t bits_processed;
511
512 ASSERT(EDONR_VALID_HASHBITLEN(state->hashbitlen));
513 switch (state->hashbitlen) {
514 case 224:
515 case 256:
516 if (state->unprocessed_bits > 0) {
517 /* LastBytes = databitlen / 8 */
518 int LastBytes = (int)databitlen >> 3;
519
520 ASSERT(state->unprocessed_bits + databitlen <=
521 EdonR256_BLOCK_SIZE * 8);
522
523 memcpy(hashState256(state)->LastPart
524 + (state->unprocessed_bits >> 3),
525 data, LastBytes);
526 state->unprocessed_bits += (int)databitlen;
527 databitlen = state->unprocessed_bits;
528 /* LINTED E_BAD_PTR_CAST_ALIGN */
529 data32 = (uint32_t *)hashState256(state)->LastPart;
530 } else
531 /* LINTED E_BAD_PTR_CAST_ALIGN */
532 data32 = (uint32_t *)data;
533
534 bits_processed = Q256(databitlen, data32,
535 hashState256(state)->DoublePipe);
536 state->bits_processed += bits_processed;
537 databitlen -= bits_processed;
538 state->unprocessed_bits = (int)databitlen;
539 if (databitlen > 0) {
540 /* LastBytes = Ceil(databitlen / 8) */
541 int LastBytes =
542 ((~(((-(int)databitlen) >> 3) & 0x01ff)) +
543 1) & 0x01ff;
544
545 data32 += bits_processed >> 5; /* byte size update */
546 memmove(hashState256(state)->LastPart,
547 data32, LastBytes);
548 }
549 break;
550
551 case 384:
552 case 512:
553 if (state->unprocessed_bits > 0) {
554 /* LastBytes = databitlen / 8 */
555 int LastBytes = (int)databitlen >> 3;
556
557 ASSERT(state->unprocessed_bits + databitlen <=
558 EdonR512_BLOCK_SIZE * 8);
559
560 memcpy(hashState512(state)->LastPart
561 + (state->unprocessed_bits >> 3),
562 data, LastBytes);
563 state->unprocessed_bits += (int)databitlen;
564 databitlen = state->unprocessed_bits;
565 /* LINTED E_BAD_PTR_CAST_ALIGN */
566 data64 = (uint64_t *)hashState512(state)->LastPart;
567 } else
568 /* LINTED E_BAD_PTR_CAST_ALIGN */
569 data64 = (uint64_t *)data;
570
571 bits_processed = Q512(databitlen, data64,
572 hashState512(state)->DoublePipe);
573 state->bits_processed += bits_processed;
574 databitlen -= bits_processed;
575 state->unprocessed_bits = (int)databitlen;
576 if (databitlen > 0) {
577 /* LastBytes = Ceil(databitlen / 8) */
578 int LastBytes =
579 ((~(((-(int)databitlen) >> 3) & 0x03ff)) +
580 1) & 0x03ff;
581
582 data64 += bits_processed >> 6; /* byte size update */
583 memmove(hashState512(state)->LastPart,
584 data64, LastBytes);
585 }
586 break;
587 }
588 }
589
590 void
591 EdonRFinal(EdonRState *state, uint8_t *hashval)
592 {
593 uint32_t *data32;
594 uint64_t *data64, num_bits;
595
596 size_t databitlen;
597 int LastByte, PadOnePosition;
598
599 num_bits = state->bits_processed + state->unprocessed_bits;
600 ASSERT(EDONR_VALID_HASHBITLEN(state->hashbitlen));
601 switch (state->hashbitlen) {
602 case 224:
603 case 256:
604 LastByte = (int)state->unprocessed_bits >> 3;
605 PadOnePosition = 7 - (state->unprocessed_bits & 0x07);
606 hashState256(state)->LastPart[LastByte] =
607 (hashState256(state)->LastPart[LastByte]
608 & (0xff << (PadOnePosition + 1))) ^
609 (0x01 << PadOnePosition);
610 /* LINTED E_BAD_PTR_CAST_ALIGN */
611 data64 = (uint64_t *)hashState256(state)->LastPart;
612
613 if (state->unprocessed_bits < 448) {
614 (void) memset((hashState256(state)->LastPart) +
615 LastByte + 1, 0x00,
616 EdonR256_BLOCK_SIZE - LastByte - 9);
617 databitlen = EdonR256_BLOCK_SIZE * 8;
618 #if defined(MACHINE_IS_BIG_ENDIAN)
619 st_swap64(num_bits, data64 + 7);
620 #else
621 data64[7] = num_bits;
622 #endif
623 } else {
624 (void) memset((hashState256(state)->LastPart) +
625 LastByte + 1, 0x00,
626 EdonR256_BLOCK_SIZE * 2 - LastByte - 9);
627 databitlen = EdonR256_BLOCK_SIZE * 16;
628 #if defined(MACHINE_IS_BIG_ENDIAN)
629 st_swap64(num_bits, data64 + 15);
630 #else
631 data64[15] = num_bits;
632 #endif
633 }
634
635 /* LINTED E_BAD_PTR_CAST_ALIGN */
636 data32 = (uint32_t *)hashState256(state)->LastPart;
637 state->bits_processed += Q256(databitlen, data32,
638 hashState256(state)->DoublePipe);
639 break;
640
641 case 384:
642 case 512:
643 LastByte = (int)state->unprocessed_bits >> 3;
644 PadOnePosition = 7 - (state->unprocessed_bits & 0x07);
645 hashState512(state)->LastPart[LastByte] =
646 (hashState512(state)->LastPart[LastByte]
647 & (0xff << (PadOnePosition + 1))) ^
648 (0x01 << PadOnePosition);
649 /* LINTED E_BAD_PTR_CAST_ALIGN */
650 data64 = (uint64_t *)hashState512(state)->LastPart;
651
652 if (state->unprocessed_bits < 960) {
653 (void) memset((hashState512(state)->LastPart) +
654 LastByte + 1, 0x00,
655 EdonR512_BLOCK_SIZE - LastByte - 9);
656 databitlen = EdonR512_BLOCK_SIZE * 8;
657 #if defined(MACHINE_IS_BIG_ENDIAN)
658 st_swap64(num_bits, data64 + 15);
659 #else
660 data64[15] = num_bits;
661 #endif
662 } else {
663 (void) memset((hashState512(state)->LastPart) +
664 LastByte + 1, 0x00,
665 EdonR512_BLOCK_SIZE * 2 - LastByte - 9);
666 databitlen = EdonR512_BLOCK_SIZE * 16;
667 #if defined(MACHINE_IS_BIG_ENDIAN)
668 st_swap64(num_bits, data64 + 31);
669 #else
670 data64[31] = num_bits;
671 #endif
672 }
673
674 state->bits_processed += Q512(databitlen, data64,
675 hashState512(state)->DoublePipe);
676 break;
677 }
678
679 switch (state->hashbitlen) {
680 case 224: {
681 #if defined(MACHINE_IS_BIG_ENDIAN)
682 uint32_t *d32 = (uint32_t *)hashval;
683 uint32_t *s32 = hashState224(state)->DoublePipe + 9;
684 int j;
685
686 for (j = 0; j < EdonR224_DIGEST_SIZE >> 2; j++)
687 st_swap32(s32[j], d32 + j);
688 #else
689 memcpy(hashval, hashState256(state)->DoublePipe + 9,
690 EdonR224_DIGEST_SIZE);
691 #endif
692 break;
693 }
694 case 256: {
695 #if defined(MACHINE_IS_BIG_ENDIAN)
696 uint32_t *d32 = (uint32_t *)hashval;
697 uint32_t *s32 = hashState224(state)->DoublePipe + 8;
698 int j;
699
700 for (j = 0; j < EdonR256_DIGEST_SIZE >> 2; j++)
701 st_swap32(s32[j], d32 + j);
702 #else
703 memcpy(hashval, hashState256(state)->DoublePipe + 8,
704 EdonR256_DIGEST_SIZE);
705 #endif
706 break;
707 }
708 case 384: {
709 #if defined(MACHINE_IS_BIG_ENDIAN)
710 uint64_t *d64 = (uint64_t *)hashval;
711 uint64_t *s64 = hashState384(state)->DoublePipe + 10;
712 int j;
713
714 for (j = 0; j < EdonR384_DIGEST_SIZE >> 3; j++)
715 st_swap64(s64[j], d64 + j);
716 #else
717 memcpy(hashval, hashState384(state)->DoublePipe + 10,
718 EdonR384_DIGEST_SIZE);
719 #endif
720 break;
721 }
722 case 512: {
723 #if defined(MACHINE_IS_BIG_ENDIAN)
724 uint64_t *d64 = (uint64_t *)hashval;
725 uint64_t *s64 = hashState512(state)->DoublePipe + 8;
726 int j;
727
728 for (j = 0; j < EdonR512_DIGEST_SIZE >> 3; j++)
729 st_swap64(s64[j], d64 + j);
730 #else
731 memcpy(hashval, hashState512(state)->DoublePipe + 8,
732 EdonR512_DIGEST_SIZE);
733 #endif
734 break;
735 }
736 }
737 }
738
739
740 void
741 EdonRHash(size_t hashbitlen, const uint8_t *data, size_t databitlen,
742 uint8_t *hashval)
743 {
744 EdonRState state;
745
746 EdonRInit(&state, hashbitlen);
747 EdonRUpdate(&state, data, databitlen);
748 EdonRFinal(&state, hashval);
749 }
750
751 #ifdef _KERNEL
752 EXPORT_SYMBOL(EdonRInit);
753 EXPORT_SYMBOL(EdonRUpdate);
754 EXPORT_SYMBOL(EdonRHash);
755 EXPORT_SYMBOL(EdonRFinal);
756 #endif
OpenZFS on Linux and FreeBSD