1 /*
2 * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License").
5 * You may not use this file except in compliance with the License.
6 * A copy of the License is located at
7 *
8 * http://aws.amazon.com/apache2.0
9 *
10 * or in the "license" file accompanying this file. This file is distributed
11 * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
12 * express or implied. See the License for the specific language governing
13 * permissions and limitations under the License.
14 * The license is detailed in the file LICENSE.md, and applies to this file.
15 *
16 * Written by Nir Drucker and Shay Gueron
17 * AWS Cryptographic Algorithms Group.
18 * (ndrucker@amazon.com, gueron@amazon.com)
19 */
20
21 #include "parallel_hash.h"
22 #include "utilities.h"
23 #include <assert.h>
24 #include <string.h>
25
26 #define MAX_REM_LEN (MAX_MB_SLICES * HASH_BLOCK_SIZE)
27
28 // We must ensure that the compiler does not add padding between x and y, because
29 // the entire structore goes into the hash function.
30 #pragma pack(push, 1)
31
32 // The struct below is a concatination of eight slices and Y.
33 typedef struct yx_s
34 {
35 sha_hash_t x[MAX_MB_SLICES];
36 // We define MAX_REM_LEN rather than lrem, in order to be consistent with the
37 // standard of C.
38 uint8_t y[MAX_REM_LEN];
39 } yx_t;
40
41 #pragma pack(pop)
42
43 _INLINE_ uint64_t
compute_slice_len(IN const uint64_t la)44 compute_slice_len(IN const uint64_t la)
45 {
46 assert((la / MAX_MB_SLICES) >= SLICE_REM);
47
48 // alpha is the number of full blocks
49 const uint64_t alpha = (((la / MAX_MB_SLICES) - SLICE_REM) / HASH_BLOCK_SIZE);
50 return ((alpha * HASH_BLOCK_SIZE) + SLICE_REM);
51 }
52
53 // This function assumes that m is of N_BITS length.
54 void
parallel_hash(OUT sha_hash_t * out_hash,IN const uint8_t * m,IN const uint32_t la)55 parallel_hash(OUT sha_hash_t *out_hash, IN const uint8_t *m, IN const uint32_t la)
56 {
57 DMSG(" Enter parallel_hash.\n");
58
59 // Calculating how many bytes will go to "parallel" hashing
60 // and how many will remind as a tail for later on
61 const uint32_t ls = compute_slice_len(la);
62 const uint32_t lrem = (uint32_t)(la - (ls * MAX_MB_SLICES));
63 yx_t yx = {0};
64
65 #ifdef WIN32
66 DMSG(" Len=%u splits into %I64u logical streams (A1..A8) of length %u "
67 "bytes. ",
68 la, MAX_MB_SLICES, ls);
69 DMSG("Append the logically remaining buffer (Y) of %u - %I64u*%u = %u "
70 "bytes\n\n",
71 la, MAX_MB_SLICES, ls, lrem);
72 #else
73 DMSG(" Len=%u splits into %llu logical streams (A1..A8) of length %u "
74 "bytes. ",
75 la, MAX_MB_SLICES, ls);
76 DMSG("Append the logically remaining buffer (Y) of %u - %llu*%u = %u "
77 "bytes\n\n",
78 la, MAX_MB_SLICES, ls, lrem);
79 #endif
80
81 print(" The (original) buffer is:\n ", (const uint64_t *)m, la * 8);
82 DMSG("\n");
83 EDMSG(" The 8 SHA digests:\n");
84
85 // Use optimized API for 4 blocks.
86 const uint64_t partial_len = (NUM_OF_BLOCKS_IN_MB * ls);
87 sha_mb(&yx.x[0], m, partial_len, NUM_OF_BLOCKS_IN_MB);
88 #if NUM_OF_BLOCKS_IN_MB != MAX_MB_SLICES
89 sha_mb(&yx.x[NUM_OF_BLOCKS_IN_MB], &m[partial_len], partial_len,
90 NUM_OF_BLOCKS_IN_MB);
91 #endif
92
93 for(uint32_t i = 0; i < MAX_MB_SLICES; i++)
94 {
95 print("X[i]:", (uint64_t *)&yx.x[i], SIZEOF_BITS(yx.x[i]));
96 }
97
98 // Copy the reminder (Y)
99 memcpy(yx.y, &m[MAX_MB_SLICES * ls], lrem);
100
101 // Compute the final hash (on YX). We explicitly use lrem instead of
102 // sizeof(yx.y) because yx.y is padded with zeros.
103 sha(out_hash, sizeof(yx.x) + lrem, (uint8_t *)&yx);
104
105 print("\nY: ", (uint64_t *)yx.y, lrem * 8);
106
107 // yx might contain secrets
108 secure_clean((uint8_t *)&yx, sizeof(yx));
109
110 DMSG(" Exit parallel_hash.\n");
111 }
112