From 79b1835a2bd85a520b19419653671307b67884b7 Mon Sep 17 00:00:00 2001 From: Michael Scire Date: Thu, 10 Mar 2022 01:49:05 -0800 Subject: [PATCH] crypto: add ability to hash data at compile time, for future diag use --- .../crypto/crypto_sha256_generator.hpp | 13 + .../impl/crypto_sha256_impl_constexpr.hpp | 283 ++++++++++++++++++ 2 files changed, 296 insertions(+) create mode 100644 libraries/libvapours/include/vapours/crypto/impl/crypto_sha256_impl_constexpr.hpp diff --git a/libraries/libvapours/include/vapours/crypto/crypto_sha256_generator.hpp b/libraries/libvapours/include/vapours/crypto/crypto_sha256_generator.hpp index f4cfc7f7d..fe658bfcc 100644 --- a/libraries/libvapours/include/vapours/crypto/crypto_sha256_generator.hpp +++ b/libraries/libvapours/include/vapours/crypto/crypto_sha256_generator.hpp @@ -19,6 +19,7 @@ #include #include #include +#include namespace ams::crypto { @@ -85,4 +86,16 @@ namespace ams::crypto { return GenerateSha256(dst, dst_size, src, src_size); } + template || std::same_as || std::same_as || std::same_as>::type> + constexpr ALWAYS_INLINE void GenerateSha256(u8 *dst, size_t dst_size, const T *src, size_t src_size) { + if (std::is_constant_evaluated()) { + impl::Sha256CompileTimeImpl sha; + sha.Initialize(); + sha.Update(src, src_size); + sha.GetHash(dst, dst_size); + } else { + return GenerateSha256(static_cast(dst), dst_size, static_cast(src), src_size); + } + } + } diff --git a/libraries/libvapours/include/vapours/crypto/impl/crypto_sha256_impl_constexpr.hpp b/libraries/libvapours/include/vapours/crypto/impl/crypto_sha256_impl_constexpr.hpp new file mode 100644 index 000000000..54ee0f9f1 --- /dev/null +++ b/libraries/libvapours/include/vapours/crypto/impl/crypto_sha256_impl_constexpr.hpp @@ -0,0 +1,283 @@ +/* + * Copyright (c) Atmosphère-NX + * + * This program is free software; you can redistribute it and/or modify it + * under the terms and conditions of the GNU General Public License, + * version 2, as published by the Free Software Foundation. + * + * This program is distributed in the hope it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#pragma once +#include +#include +#include + +namespace ams::crypto::impl { + + class Sha256CompileTimeImpl { + public: + static constexpr size_t HashSize = 0x20; + static constexpr size_t BlockSize = 0x40; + private: + enum State { + State_None, + State_Initialized, + State_Done, + }; + private: + u32 m_intermediate_hash[HashSize / sizeof(u32)]; + u8 m_buffer[BlockSize]; + size_t m_buffered_bytes; + u64 m_bits_consumed; + State m_state; + public: + constexpr Sha256CompileTimeImpl() : m_intermediate_hash(), m_buffer(), m_buffered_bytes(), m_bits_consumed(), m_state(State_None) { + /* ... */ + } + + constexpr void Initialize() { + /* Reset buffered bytes/bits. */ + m_buffered_bytes = 0; + m_bits_consumed = 0; + + /* Set intermediate hash. */ + m_intermediate_hash[0] = 0x6A09E667; + m_intermediate_hash[1] = 0xBB67AE85; + m_intermediate_hash[2] = 0x3C6EF372; + m_intermediate_hash[3] = 0xA54FF53A; + m_intermediate_hash[4] = 0x510E527F; + m_intermediate_hash[5] = 0x9B05688C; + m_intermediate_hash[6] = 0x1F83D9AB; + m_intermediate_hash[7] = 0x5BE0CD19; + + /* Set state. */ + m_state = State_Initialized; + } + + template || std::same_as || std::same_as || std::same_as>::type> + constexpr void Update(const T *data, size_t size) { + static_assert(sizeof(T) == 1); + + /* Verify we're in a state to update. */ + AMS_ASSERT(m_state == State_Initialized); + + /* Advance our input bit count. */ + m_bits_consumed += BITSIZEOF(u8) * (((m_buffered_bytes + size) / BlockSize) * BlockSize); + + /* Process anything we have buffered. */ + size_t remaining = size; + + if (m_buffered_bytes > 0) { + const size_t copy_size = std::min(BlockSize - m_buffered_bytes, remaining); + for (size_t i = 0; i < copy_size; ++i) { + m_buffer[m_buffered_bytes + i] = static_cast(data[i]); + } + + data += copy_size; + remaining -= copy_size; + m_buffered_bytes += copy_size; + + /* Process a block, if we filled one. */ + if (m_buffered_bytes == BlockSize) { + this->ProcessBlock(m_buffer); + m_buffered_bytes = 0; + } + } + + /* Process blocks, if we have any. */ + while (remaining >= BlockSize) { + u8 block[BlockSize] = {}; + for (size_t i = 0; i < BlockSize; ++i) { + block[i] = static_cast(data[i]); + } + this->ProcessBlock(block); + + data += BlockSize; + remaining -= BlockSize; + } + + /* Copy any leftover data to our buffer. */ + if (remaining > 0) { + m_buffered_bytes = remaining; + for (size_t i = 0; i < remaining; ++i) { + m_buffer[i] = static_cast(data[i]); + } + } + } + + constexpr void GetHash(u8 *dst, size_t size) { + /* Verify we're in a state to get hash. */ + AMS_ASSERT(m_state == State_Initialized || m_state == State_Done); + AMS_ASSERT(size >= HashSize); + AMS_UNUSED(size); + + /* If we need to, process the last block. */ + if (m_state == State_Initialized) { + this->ProcessLastBlock(); + m_state = State_Done; + } + + /* Copy the output hash. */ + for (size_t i = 0; i < HashSize / sizeof(u32); ++i) { + const u32 v = m_intermediate_hash[i]; + + dst[sizeof(u32) * i + 3] = static_cast(v >> (BITSIZEOF(u8) * 0)); + dst[sizeof(u32) * i + 2] = static_cast(v >> (BITSIZEOF(u8) * 1)); + dst[sizeof(u32) * i + 1] = static_cast(v >> (BITSIZEOF(u8) * 2)); + dst[sizeof(u32) * i + 0] = static_cast(v >> (BITSIZEOF(u8) * 3)); + } + } + + constexpr size_t GetBufferedDataSize() const { return m_buffered_bytes; } + + constexpr void GetBufferedData(u8 *dst, size_t dst_size) const { + AMS_ASSERT(dst_size >= this->GetBufferedDataSize()); + AMS_UNUSED(dst_size); + + for (size_t i = 0; i < m_buffered_bytes; ++i) { + dst[i] = m_buffer[i]; + } + } + private: + static constexpr ALWAYS_INLINE u32 Choose(u32 x, u32 y, u32 z) { + return (x & y) ^ ((~x) & z); + } + + static constexpr ALWAYS_INLINE u32 Majority(u32 x, u32 y, u32 z) { + return (x & y) ^ (x & z) ^ (y & z); + } + + static constexpr ALWAYS_INLINE u32 LargeSigma0(u32 x) { + return util::RotateRight(x, 2) ^ util::RotateRight(x, 13) ^ util::RotateRight(x, 22); + } + + static constexpr ALWAYS_INLINE u32 LargeSigma1(u32 x) { + return util::RotateRight(x, 6) ^ util::RotateRight(x, 11) ^ util::RotateRight(x, 25); + } + + static constexpr ALWAYS_INLINE u32 SmallSigma0(u32 x) { + return util::RotateRight(x, 7) ^ util::RotateRight(x, 18) ^ (x >> 3); + } + + static constexpr ALWAYS_INLINE u32 SmallSigma1(u32 x) { + return util::RotateRight(x, 17) ^ util::RotateRight(x, 19) ^ (x >> 10); + } + + constexpr void ProcessBlock(const u8 *data) { + /* Load work variables. */ + u32 a = m_intermediate_hash[0]; + u32 b = m_intermediate_hash[1]; + u32 c = m_intermediate_hash[2]; + u32 d = m_intermediate_hash[3]; + u32 e = m_intermediate_hash[4]; + u32 f = m_intermediate_hash[5]; + u32 g = m_intermediate_hash[6]; + u32 h = m_intermediate_hash[7]; + u32 tmp[2]{}; + size_t i = 0; + + /* Copy the input. */ + u32 w[64]{}; + for (size_t i = 0; i < BlockSize / sizeof(u32); ++i) { + u32 v = 0; + v |= static_cast(data[sizeof(u32) * i + 0]) << (BITSIZEOF(u8) * 3); + v |= static_cast(data[sizeof(u32) * i + 1]) << (BITSIZEOF(u8) * 2); + v |= static_cast(data[sizeof(u32) * i + 2]) << (BITSIZEOF(u8) * 1); + v |= static_cast(data[sizeof(u32) * i + 3]) << (BITSIZEOF(u8) * 0); + + w[i] = v; + } + + /* Initialize the rest of w. */ + for (i = BlockSize / sizeof(u32); i < util::size(w); ++i) { + const u32 *prev = w + (i - BlockSize / sizeof(u32)); + w[i] = prev[0] + SmallSigma0(prev[1]) + prev[9] + SmallSigma1(prev[14]); + } + + /* Perform rounds. */ + { + const u32 RoundConstants[0x40] = { + 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5, + 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5, + 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3, + 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174, + 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC, + 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA, + 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7, + 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967, + 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13, + 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85, + 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3, + 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070, + 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5, + 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3, + 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208, + 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2, + }; + + for (i = 0; i < 64; ++i) { + tmp[0] = h + LargeSigma1(e) + Choose(e, f, g) + RoundConstants[i] + w[i]; + tmp[1] = LargeSigma0(a) + Majority(a, b, c); + + h = g; + g = f; + f = e; + e = d + tmp[0]; + d = c; + c = b; + b = a; + a = tmp[0] + tmp[1]; + } + } + + /* Update intermediate hash. */ + m_intermediate_hash[0] += a; + m_intermediate_hash[1] += b; + m_intermediate_hash[2] += c; + m_intermediate_hash[3] += d; + m_intermediate_hash[4] += e; + m_intermediate_hash[5] += f; + m_intermediate_hash[6] += g; + m_intermediate_hash[7] += h; + } + + constexpr void ProcessLastBlock() { + /* Setup the final block. */ + constexpr const auto BlockSizeWithoutSizeField = BlockSize - sizeof(u64); + + /* Increment our bits consumed. */ + m_bits_consumed += BITSIZEOF(u8) * m_buffered_bytes; + + /* Add 0x80 terminator. */ + m_buffer[m_buffered_bytes++] = 0x80; + + /* If we can process the size field directly, do so, otherwise set up to process it. */ + if (m_buffered_bytes <= BlockSizeWithoutSizeField) { + /* Clear up to size field. */ + for (size_t i = 0; i < BlockSizeWithoutSizeField - m_buffered_bytes; ++i) { + m_buffer[m_buffered_bytes + i] = 0; + } + } else { + /* Consume full block */ + for (size_t i = 0; i < BlockSize - m_buffered_bytes; ++i) { + m_buffer[m_buffered_bytes + i] = 0; + } + + this->ProcessBlock(m_buffer); + + /* Clear up to size field. */ + for (size_t i = 0; i < BlockSizeWithoutSizeField; ++i) { + m_buffer[i] = 0; + } + } + } + }; + +}