From a14dc6ed89ec2debea3d531d3c5526f5a8287853 Mon Sep 17 00:00:00 2001 From: Michael Scire Date: Mon, 25 Oct 2021 23:15:50 -0700 Subject: [PATCH] crypto: implement md5, which now used by sprof --- .../include/vapours/ams/ams_target_firmware.h | 4 +- .../libvapours/include/vapours/crypto.hpp | 1 + .../vapours/crypto/crypto_md5_generator.hpp | 63 +++++ .../vapours/crypto/impl/crypto_md5_impl.hpp | 61 +++++ .../include/vapours/svc/svc_tick.hpp | 2 +- .../include/vapours/util/util_bitutil.hpp | 18 +- .../include/vapours/util/util_endian.hpp | 4 +- .../source/crypto/crypto_md5_generator.cpp | 28 ++ .../source/crypto/impl/crypto_md5_impl.cpp | 255 ++++++++++++++++++ 9 files changed, 431 insertions(+), 5 deletions(-) create mode 100644 libraries/libvapours/include/vapours/crypto/crypto_md5_generator.hpp create mode 100644 libraries/libvapours/include/vapours/crypto/impl/crypto_md5_impl.hpp create mode 100644 libraries/libvapours/source/crypto/crypto_md5_generator.cpp create mode 100644 libraries/libvapours/source/crypto/impl/crypto_md5_impl.cpp diff --git a/libraries/libvapours/include/vapours/ams/ams_target_firmware.h b/libraries/libvapours/include/vapours/ams/ams_target_firmware.h index 42aa0283c..043235adc 100644 --- a/libraries/libvapours/include/vapours/ams/ams_target_firmware.h +++ b/libraries/libvapours/include/vapours/ams/ams_target_firmware.h @@ -64,8 +64,9 @@ #define ATMOSPHERE_TARGET_FIRMWARE_12_0_3 ATMOSPHERE_TARGET_FIRMWARE(12, 0, 3) #define ATMOSPHERE_TARGET_FIRMWARE_12_1_0 ATMOSPHERE_TARGET_FIRMWARE(12, 1, 0) #define ATMOSPHERE_TARGET_FIRMWARE_13_0_0 ATMOSPHERE_TARGET_FIRMWARE(13, 0, 0) +#define ATMOSPHERE_TARGET_FIRMWARE_13_1_0 ATMOSPHERE_TARGET_FIRMWARE(13, 1, 0) -#define ATMOSPHERE_TARGET_FIRMWARE_CURRENT ATMOSPHERE_TARGET_FIRMWARE_13_0_0 +#define ATMOSPHERE_TARGET_FIRMWARE_CURRENT ATMOSPHERE_TARGET_FIRMWARE_13_1_0 #define ATMOSPHERE_TARGET_FIRMWARE_MIN ATMOSPHERE_TARGET_FIRMWARE(0, 0, 0) #define ATMOSPHERE_TARGET_FIRMWARE_MAX ATMOSPHERE_TARGET_FIRMWARE_CURRENT @@ -122,6 +123,7 @@ namespace ams { TargetFirmware_12_0_3 = ATMOSPHERE_TARGET_FIRMWARE_12_0_3, TargetFirmware_12_1_0 = ATMOSPHERE_TARGET_FIRMWARE_12_1_0, TargetFirmware_13_0_0 = ATMOSPHERE_TARGET_FIRMWARE_13_0_0, + TargetFirmware_13_1_0 = ATMOSPHERE_TARGET_FIRMWARE_13_1_0, TargetFirmware_Current = ATMOSPHERE_TARGET_FIRMWARE_CURRENT, diff --git a/libraries/libvapours/include/vapours/crypto.hpp b/libraries/libvapours/include/vapours/crypto.hpp index 1295d46d6..ffc5a5ac7 100644 --- a/libraries/libvapours/include/vapours/crypto.hpp +++ b/libraries/libvapours/include/vapours/crypto.hpp @@ -19,6 +19,7 @@ #include #include +#include #include #include #include diff --git a/libraries/libvapours/include/vapours/crypto/crypto_md5_generator.hpp b/libraries/libvapours/include/vapours/crypto/crypto_md5_generator.hpp new file mode 100644 index 000000000..a6f56eb13 --- /dev/null +++ b/libraries/libvapours/include/vapours/crypto/crypto_md5_generator.hpp @@ -0,0 +1,63 @@ +/* + * Copyright (c) Atmosphère-NX + * + * This program is free software; you can redistribute it and/or modify it + * under the terms and conditions of the GNU General Public License, + * version 2, as published by the Free Software Foundation. + * + * This program is distributed in the hope it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#pragma once +#include +#include +#include +#include + +namespace ams::crypto { + + class Md5Generator { + NON_COPYABLE(Md5Generator); + NON_MOVEABLE(Md5Generator); + private: + using Impl = impl::Md5Impl; + public: + static constexpr size_t HashSize = Impl::HashSize; + static constexpr size_t BlockSize = Impl::BlockSize; + + static constexpr inline const u8 Asn1Identifier[] = { + 0x30, 0x20, /* Sequence, size 0x20 */ + 0x30, 0x0C, /* Sequence, size 0x0C */ + 0x06, 0x08, /* Object Identifier */ + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, /* MD5 */ + 0x05, 0x00, /* Null */ + 0x04, 0x10, /* Octet string, size 0x10 */ + }; + static constexpr size_t Asn1IdentifierSize = util::size(Asn1Identifier); + private: + Impl m_impl; + public: + Md5Generator() { /* ... */ } + + void Initialize() { + m_impl.Initialize(); + } + + void Update(const void *data, size_t size) { + m_impl.Update(data, size); + } + + void GetHash(void *dst, size_t size) { + m_impl.GetHash(dst, size); + } + }; + + void GenerateMd5Hash(void *dst, size_t dst_size, const void *src, size_t src_size); + +} diff --git a/libraries/libvapours/include/vapours/crypto/impl/crypto_md5_impl.hpp b/libraries/libvapours/include/vapours/crypto/impl/crypto_md5_impl.hpp new file mode 100644 index 000000000..4705f42e6 --- /dev/null +++ b/libraries/libvapours/include/vapours/crypto/impl/crypto_md5_impl.hpp @@ -0,0 +1,61 @@ +/* + * Copyright (c) Atmosphère-NX + * + * This program is free software; you can redistribute it and/or modify it + * under the terms and conditions of the GNU General Public License, + * version 2, as published by the Free Software Foundation. + * + * This program is distributed in the hope it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#pragma once +#include +#include +#include +#include +#include + + +namespace ams::crypto::impl { + + class Md5Impl { + public: + static constexpr size_t HashSize = 0x10; + static constexpr size_t BlockSize = 0x40; + private: + enum State { + State_None = 0, + State_Initialized = 1, + State_Done = 2, + }; + private: + union { + struct { + u32 a, b, c, d; + } p; + u32 state[4]; + } m_x; + alignas(8) u8 m_y[BlockSize]; + size_t m_size; + State m_state; + public: + Md5Impl() : m_state(State_None) { /* ... */ } + ~Md5Impl() { ClearMemory(this, sizeof(*this)); } + + void Initialize(); + void Update(const void *data, size_t size); + void GetHash(void *dst, size_t size); + private: + void ProcessBlock(); + void ProcessLastBlock(); + }; + + /* static_assert(HashFunction); */ + +} diff --git a/libraries/libvapours/include/vapours/svc/svc_tick.hpp b/libraries/libvapours/include/vapours/svc/svc_tick.hpp index 3eba22e65..fcf944fbd 100644 --- a/libraries/libvapours/include/vapours/svc/svc_tick.hpp +++ b/libraries/libvapours/include/vapours/svc/svc_tick.hpp @@ -70,7 +70,7 @@ namespace ams::svc { } } - return util::ScaleByConstantFactor(ns); + return util::ScaleByConstantFactorUp(ns); } public: constexpr ALWAYS_INLINE explicit Tick(s64 t = 0) : m_tick(t) { /* ... */ } diff --git a/libraries/libvapours/include/vapours/util/util_bitutil.hpp b/libraries/libvapours/include/vapours/util/util_bitutil.hpp index 113890ad9..2d5185197 100644 --- a/libraries/libvapours/include/vapours/util/util_bitutil.hpp +++ b/libraries/libvapours/include/vapours/util/util_bitutil.hpp @@ -256,7 +256,7 @@ namespace ams::util { } template - constexpr ALWAYS_INLINE T ScaleByConstantFactor(const T V) { + constexpr ALWAYS_INLINE T ScaleByConstantFactorUp(const T V) { /* Multiplying and dividing by large numerator/denominator can cause error to be introduced. */ /* This algorithm multiples/divides in stages, so as to mitigate this (particularly with large denominator). */ @@ -279,4 +279,20 @@ namespace ams::util { return (D * Quot_N * Quot_V) + (Quot_V * Rem_N) + (Rem_V * Quot_N) + rem_mult; } + template + constexpr ALWAYS_INLINE T RotateLeft(T v, int n) { + using Unsigned = typename std::make_unsigned::type; + static_assert(sizeof(Unsigned) == sizeof(T)); + + return static_cast(std::rotl(static_cast(v), n)); + } + + template + constexpr ALWAYS_INLINE T RotateRight(T v, int n) { + using Unsigned = typename std::make_unsigned::type; + static_assert(sizeof(Unsigned) == sizeof(T)); + + return static_cast(std::rotr(static_cast(v), n)); + } + } diff --git a/libraries/libvapours/include/vapours/util/util_endian.hpp b/libraries/libvapours/include/vapours/util/util_endian.hpp index 002b46785..8ce31338c 100644 --- a/libraries/libvapours/include/vapours/util/util_endian.hpp +++ b/libraries/libvapours/include/vapours/util/util_endian.hpp @@ -20,11 +20,11 @@ namespace ams::util { - constexpr bool IsLittleEndian() { + consteval bool IsLittleEndian() { return std::endian::native == std::endian::little; } - constexpr bool IsBigEndian() { + consteval bool IsBigEndian() { return std::endian::native == std::endian::big; } diff --git a/libraries/libvapours/source/crypto/crypto_md5_generator.cpp b/libraries/libvapours/source/crypto/crypto_md5_generator.cpp new file mode 100644 index 000000000..a04aa5709 --- /dev/null +++ b/libraries/libvapours/source/crypto/crypto_md5_generator.cpp @@ -0,0 +1,28 @@ +/* + * Copyright (c) Atmosphère-NX + * + * This program is free software; you can redistribute it and/or modify it + * under the terms and conditions of the GNU General Public License, + * version 2, as published by the Free Software Foundation. + * + * This program is distributed in the hope it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ +#include + +namespace ams::crypto { + + void GenerateMd5Hash(void *dst, size_t dst_size, const void *src, size_t src_size) { + Md5Generator gen; + + gen.Initialize(); + gen.Update(src, src_size); + gen.GetHash(dst, dst_size); + } + +} diff --git a/libraries/libvapours/source/crypto/impl/crypto_md5_impl.cpp b/libraries/libvapours/source/crypto/impl/crypto_md5_impl.cpp new file mode 100644 index 000000000..5289a3581 --- /dev/null +++ b/libraries/libvapours/source/crypto/impl/crypto_md5_impl.cpp @@ -0,0 +1,255 @@ +/* + * Copyright (c) Atmosphère-NX + * + * This program is free software; you can redistribute it and/or modify it + * under the terms and conditions of the GNU General Public License, + * version 2, as published by the Free Software Foundation. + * + * This program is distributed in the hope it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ +#include + +namespace ams::crypto::impl { + + namespace { + + struct Md5Constants { + static constexpr const u32 A = 0x67452301; + static constexpr const u32 B = 0xEFCDAB89; + static constexpr const u32 C = 0x98BADCFE; + static constexpr const u32 D = 0x10325476; + + static constexpr const u32 T[] = { + 0xD76AA478, 0xE8C7B756, 0x242070DB, 0xC1BDCEEE, + 0xF57C0FAF, 0x4787C62A, 0xA8304613, 0xFD469501, + 0x698098D8, 0x8B44F7AF, 0xFFFF5BB1, 0x895CD7BE, + 0x6B901122, 0xFD987193, 0xA679438E, 0x49B40821, + 0xF61E2562, 0xC040B340, 0x265E5A51, 0xE9B6C7AA, + 0xD62F105D, 0x02441453, 0xD8A1E681, 0xE7D3FBC8, + 0x21E1CDE6, 0xC33707D6, 0xF4D50D87, 0x455A14ED, + 0xA9E3E905, 0xFCEFA3F8, 0x676F02D9, 0x8D2A4C8A, + 0xFFFA3942, 0x8771F681, 0x6D9D6122, 0xFDE5380C, + 0xA4BEEA44, 0x4BDECFA9, 0xF6BB4B60, 0xBEBFBC70, + 0x289B7EC6, 0xEAA127FA, 0xD4EF3085, 0x04881D05, + 0xD9D4D039, 0xE6DB99E5, 0x1FA27CF8, 0xC4AC5665, + 0xF4292244, 0x432AFF97, 0xAB9423A7, 0xFC93A039, + 0x655B59C3, 0x8F0CCC92, 0xFFEFF47D, 0x85845DD1, + 0x6FA87E4F, 0xFE2CE6E0, 0xA3014314, 0x4E0811A1, + 0xF7537E82, 0xBD3AF235, 0x2AD7D2BB, 0xEB86D391, + }; + + static constexpr u32 K[] = { + 0x1, 0x6, 0xB, 0x0, + 0x5, 0xA, 0xF, 0x4, + 0x9, 0xE, 0x3, 0x8, + 0xD, 0x2, 0x7, 0xC, + 0x5, 0x8, 0xB, 0xE, + 0x1, 0x4, 0x7, 0xA, + 0xD, 0x0, 0x3, 0x6, + 0x9, 0xC, 0xF, 0x2, + 0x0, 0x7, 0xE, 0x5, + 0xC, 0x3, 0xA, 0x1, + 0x8, 0xF, 0x6, 0xD, + 0x4, 0xB, 0x2, 0x9, + }; + + static constexpr u8 Padding[] = { + 0x80 + }; + }; + + constexpr ALWAYS_INLINE u32 F(u32 x, u32 y, u32 z) { return (x & y) | ((~x) & z); } + constexpr ALWAYS_INLINE u32 G(u32 x, u32 y, u32 z) { return (x & z) | (y & (~z)); } + constexpr ALWAYS_INLINE u32 H(u32 x, u32 y, u32 z) { return x ^ y ^ z; } + constexpr ALWAYS_INLINE u32 I(u32 x, u32 y, u32 z) { return y ^ (x | (~z)); } + + constexpr ALWAYS_INLINE u32 CalculateRound1(u32 a, u32 b, u32 c, u32 d, u32 x, u32 s, u32 t) { return b + util::RotateLeft(a + F(b, c, d) + x + t, s); } + constexpr ALWAYS_INLINE u32 CalculateRound2(u32 a, u32 b, u32 c, u32 d, u32 x, u32 s, u32 t) { return b + util::RotateLeft(a + G(b, c, d) + x + t, s); } + constexpr ALWAYS_INLINE u32 CalculateRound3(u32 a, u32 b, u32 c, u32 d, u32 x, u32 s, u32 t) { return b + util::RotateLeft(a + H(b, c, d) + x + t, s); } + constexpr ALWAYS_INLINE u32 CalculateRound4(u32 a, u32 b, u32 c, u32 d, u32 x, u32 s, u32 t) { return b + util::RotateLeft(a + I(b, c, d) + x + t, s); } + + void Encode(u32 *dst, const u32 *src, size_t size) { + if constexpr (util::IsBigEndian()) { + for (size_t i = 0; i < size; i += sizeof(u32)) { + util::StoreLittleEndian(dst + i, src[i]); + } + } else { + std::memcpy(dst, src, size); + } + } + + void Decode(u32 *dst, const u32 *src, size_t size) { + if constexpr (util::IsBigEndian()) { + for (size_t i = 0; i < size; i += sizeof(u32)) { + dst[i] = util::LoadLittleEndian(src + i); + } + } else { + std::memcpy(dst, src, size); + } + } + + } + + void Md5Impl::Initialize() { + /* Set constants. */ + m_x.p.a = Md5Constants::A; + m_x.p.b = Md5Constants::B; + m_x.p.c = Md5Constants::C; + m_x.p.d = Md5Constants::D; + + /* Set size. */ + m_size = 0; + + /* Set initialized. */ + m_state = State_Initialized; + } + + void Md5Impl::Update(const void *data, size_t size) { + /* Check pre-conditions. */ + AMS_ASSERT(m_state == State_Initialized); + + /* Determine how much we can process. */ + const size_t work_idx = m_size % BlockSize; + const size_t work_remaining = BlockSize - work_idx; + + /* Increment our size. */ + m_size += size; + + /* Copy in the data to our buffer, if we don't have a full block. */ + if (work_remaining > size) { + if (size > 0) { + std::memcpy(m_y + work_idx, data, size); + } + return; + } + + /* Copy what we can to complete our block. */ + std::memcpy(m_y + work_idx, data, work_remaining); + + /* Process the block. */ + this->ProcessBlock(); + + /* Adjust size to account for what we've processed. */ + size -= work_remaining; + + /* Process as many full blocks as we can. */ + const u8 *cur_block = static_cast(data) + work_remaining; + for (size_t i = 0; i < size / BlockSize; ++i) { + std::memcpy(m_y, cur_block, BlockSize); + cur_block += BlockSize; + + this->ProcessBlock(); + } + + /* Copy in any leftover data. */ + if (const auto left = size % BlockSize; left > 0) { + std::memcpy(m_y, cur_block, size); + } + + } + + void Md5Impl::GetHash(void *dst, size_t size) { + /* Check pre-conditions. */ + AMS_ASSERT(m_state == State_Initialized || m_state == State_Done); + AMS_ASSERT(size >= HashSize); + AMS_UNUSED(size); + + /* If we need to, finish processing. */ + if (m_state == State_Initialized) { + this->ProcessLastBlock(); + m_state = State_Done; + } + + /* Encode the result. */ + Encode(static_cast(dst), m_x.state, HashSize); + } + + void Md5Impl::ProcessBlock() { + /* Declare tracking pointers for rounds. */ + u32 x[BlockSize / sizeof(u32)]; + const u32 *p_t = Md5Constants::T; + const u32 *p_k = Md5Constants::K; + const u32 *p_x = x; + + /* Extract current state. */ + u32 a = m_x.p.a; + u32 b = m_x.p.b; + u32 c = m_x.p.c; + u32 d = m_x.p.d; + + /* Decode the block into native endian. */ + Decode(x, reinterpret_cast(m_y), BlockSize); + + /* Perform round 1. */ + for (size_t i = 0; i < 4; ++i) { + a = CalculateRound1(a, b, c, d, *p_x++, 7, *p_t++); + d = CalculateRound1(d, a, b, c, *p_x++, 12, *p_t++); + c = CalculateRound1(c, d, a, b, *p_x++, 17, *p_t++); + b = CalculateRound1(b, c, d, a, *p_x++, 22, *p_t++); + } + + /* Perform round 2. */ + for (size_t i = 0; i < 4; ++i) { + a = CalculateRound2(a, b, c, d, x[*p_k++], 5, *p_t++); + d = CalculateRound2(d, a, b, c, x[*p_k++], 9, *p_t++); + c = CalculateRound2(c, d, a, b, x[*p_k++], 14, *p_t++); + b = CalculateRound2(b, c, d, a, x[*p_k++], 20, *p_t++); + } + + /* Perform round 3. */ + for (size_t i = 0; i < 4; ++i) { + a = CalculateRound3(a, b, c, d, x[*p_k++], 4, *p_t++); + d = CalculateRound3(d, a, b, c, x[*p_k++], 11, *p_t++); + c = CalculateRound3(c, d, a, b, x[*p_k++], 16, *p_t++); + b = CalculateRound3(b, c, d, a, x[*p_k++], 23, *p_t++); + } + + /* Perform round 4. */ + for (size_t i = 0; i < 4; ++i) { + a = CalculateRound4(a, b, c, d, x[*p_k++], 6, *p_t++); + d = CalculateRound4(d, a, b, c, x[*p_k++], 10, *p_t++); + c = CalculateRound4(c, d, a, b, x[*p_k++], 15, *p_t++); + b = CalculateRound4(b, c, d, a, x[*p_k++], 21, *p_t++); + } + + /* Mix the result back into our state. */ + m_x.p.a += a; + m_x.p.b += b; + m_x.p.c += c; + m_x.p.d += d; + } + + void Md5Impl::ProcessLastBlock() { + /* Get bit count. */ + const u64 bit_count = m_size * BITSIZEOF(u8); + + /* Add padding byte unconditionally. */ + this->Update(Md5Constants::Padding, sizeof(Md5Constants::Padding)); + + /* Determine remaining. */ + size_t work_idx = m_size % BlockSize; + size_t work_remaining = BlockSize - work_idx; + + /* We want to process 8000.....{bit count}. */ + if (work_remaining < sizeof(u64)) { + std::memset(m_y + work_idx, 0, work_remaining); + this->ProcessBlock(); + work_idx = 0; + work_remaining = BlockSize; + } + if (work_remaining > sizeof(u64)) { + std::memset(m_y + work_idx, 0, work_remaining - sizeof(u64)); + } + + util::StoreLittleEndian(reinterpret_cast(m_y + BlockSize - sizeof(u64)), bit_count); + + this->ProcessBlock(); + } + +} \ No newline at end of file