Skip to main content

bao1x_api/sce/
combohash.rs

1use bitbybit::bitfield;
2
3#[repr(u8)]
4pub enum HashFunction {
5    Sha256 = 0,
6    Sha512 = 1,
7    RipeMd = 2,
8    Blake2s = 3,
9    Blake2b = 4,
10    Blake3 = 5,
11    Sha3 = 6,
12    Hmac256KeyHash = 0x40,
13    Hmac256Pass1 = 0x50,
14    Hmac256Pass2 = 0x60,
15    Hmac512KeyHash = 0x41,
16    Hmac512Pass1 = 0x51,
17    Hmac512Pass2 = 0x61,
18    Init = 0xff,
19}
20
21// Endianness swap is implemented in the DMA engine by setting a flag.
22// See https://github.com/baochip/baochip-1x/blob/96ba390759ba361e50e57bd21f02c806ddafc4ff/rtl/modules/crypto_top/rtl/sce_dmachnl.sv#L198-L201
23// for the "pointy end of the stick". The bitfields themselves are passed through various interfaces to get to
24// the above line of code.
25#[bitfield(u32, default = 0)]
26pub struct Opt3SwapEndian {
27    #[bit(0, rw)]
28    seg_lkey: bool,
29    #[bit(1, rw)]
30    seg_key: bool,
31    #[bit(2, rw)]
32    seg_skey: bool,
33    #[bit(3, rw)]
34    seg_scrt: bool,
35    #[bit(4, rw)]
36    seg_msg: bool,
37    #[bit(5, rw)]
38    seg_hout: bool,
39    #[bit(6, rw)]
40    seg_sob: bool,
41    #[bit(7, rw)]
42    seg_result: bool,
43}
44
45#[repr(u32)]
46pub enum HashWait {
47    InputDone = 1 << 3,
48    OutputDone = 1 << 2,
49    ComputeDone = 1 << 1,
50    MfsmDone = 1 << 0,
51}
52
53// All the hash constants. These are loaded into the 'combohash' engine's configuration
54// RAM exactly once on boot.
55//   - Modifying these with a glitch attack likely leads to nonsense
56//   - The bad scenario is these are somehow zero-ized - unlikely with e.g. fault injection of some type since
57//     the constants are large.
58//   - The more profitable version of zero-izing the constants comes from an attacker gaining access to the
59//     initialization mechanism for the combohash and simply re-initializing them from the register interface.
60//     In this case, resetting the values periodically doesn't help because an attacker with that level of
61//     control could presumably invoke an interrupt context and choose when they want the constants to be
62//     zero-ized.
63//
64// Thus, these are loaded by the bootloader, and then efforts are made to restrict access
65// to the registers required to re-initialize the combohash unit.
66
67pub const SHA256_H: [u32; 8] =
68    [0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19];
69
70pub const SHA256_K: [u32; 64] = [
71    0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
72    0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
73    0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
74    0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
75    0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
76    0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
77    0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
78    0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2,
79];
80
81pub const SHA512_H: [u32; 16] = [
82    0x6a09e667, 0xf3bcc908, 0xbb67ae85, 0x84caa73b, 0x3c6ef372, 0xfe94f82b, 0xa54ff53a, 0x5f1d36f1,
83    0x510e527f, 0xade682d1, 0x9b05688c, 0x2b3e6c1f, 0x1f83d9ab, 0xfb41bd6b, 0x5be0cd19, 0x137e2179,
84];
85
86pub const SHA512_K: [u32; 160] = [
87    0x428A2F98, 0xD728AE22, 0x71374491, 0x23EF65CD, 0xB5C0FBCF, 0xEC4D3B2F, 0xE9B5DBA5, 0x8189DBBC,
88    0x3956C25B, 0xF348B538, 0x59F111F1, 0xB605D019, 0x923F82A4, 0xAF194F9B, 0xAB1C5ED5, 0xDA6D8118,
89    0xD807AA98, 0xA3030242, 0x12835B01, 0x45706FBE, 0x243185BE, 0x4EE4B28C, 0x550C7DC3, 0xD5FFB4E2,
90    0x72BE5D74, 0xF27B896F, 0x80DEB1FE, 0x3B1696B1, 0x9BDC06A7, 0x25C71235, 0xC19BF174, 0xCF692694,
91    0xE49B69C1, 0x9EF14AD2, 0xEFBE4786, 0x384F25E3, 0x0FC19DC6, 0x8B8CD5B5, 0x240CA1CC, 0x77AC9C65,
92    0x2DE92C6F, 0x592B0275, 0x4A7484AA, 0x6EA6E483, 0x5CB0A9DC, 0xBD41FBD4, 0x76F988DA, 0x831153B5,
93    0x983E5152, 0xEE66DFAB, 0xA831C66D, 0x2DB43210, 0xB00327C8, 0x98FB213F, 0xBF597FC7, 0xBEEF0EE4,
94    0xC6E00BF3, 0x3DA88FC2, 0xD5A79147, 0x930AA725, 0x06CA6351, 0xE003826F, 0x14292967, 0x0A0E6E70,
95    0x27B70A85, 0x46D22FFC, 0x2E1B2138, 0x5C26C926, 0x4D2C6DFC, 0x5AC42AED, 0x53380D13, 0x9D95B3DF,
96    0x650A7354, 0x8BAF63DE, 0x766A0ABB, 0x3C77B2A8, 0x81C2C92E, 0x47EDAEE6, 0x92722C85, 0x1482353B,
97    0xA2BFE8A1, 0x4CF10364, 0xA81A664B, 0xBC423001, 0xC24B8B70, 0xD0F89791, 0xC76C51A3, 0x0654BE30,
98    0xD192E819, 0xD6EF5218, 0xD6990624, 0x5565A910, 0xF40E3585, 0x5771202A, 0x106AA070, 0x32BBD1B8,
99    0x19A4C116, 0xB8D2D0C8, 0x1E376C08, 0x5141AB53, 0x2748774C, 0xDF8EEB99, 0x34B0BCB5, 0xE19B48A8,
100    0x391C0CB3, 0xC5C95A63, 0x4ED8AA4A, 0xE3418ACB, 0x5B9CCA4F, 0x7763E373, 0x682E6FF3, 0xD6B2B8A3,
101    0x748F82EE, 0x5DEFB2FC, 0x78A5636F, 0x43172F60, 0x84C87814, 0xA1F0AB72, 0x8CC70208, 0x1A6439EC,
102    0x90BEFFFA, 0x23631E28, 0xA4506CEB, 0xDE82BDE9, 0xBEF9A3F7, 0xB2C67915, 0xC67178F2, 0xE372532B,
103    0xCA273ECE, 0xEA26619C, 0xD186B8C7, 0x21C0C207, 0xEADA7DD6, 0xCDE0EB1E, 0xF57D4F7F, 0xEE6ED178,
104    0x06F067AA, 0x72176FBA, 0x0A637DC5, 0xA2C898A6, 0x113F9804, 0xBEF90DAE, 0x1B710B35, 0x131C471B,
105    0x28DB77F5, 0x23047D84, 0x32CAAB7B, 0x40C72493, 0x3C9EBE0A, 0x15C9BEBC, 0x431D67C4, 0x9C100D4C,
106    0x4CC5D4BE, 0xCB3E42B6, 0x597F299C, 0xFC657E2A, 0x5FCB6FAB, 0x3AD6FAEC, 0x6C44198C, 0x4A475817,
107];
108
109pub const BLK2S_H: [u32; 8] =
110    [0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19];
111
112// 0x6B08E647 = 0x6A09E667 ^ 0x01010020  -- 01(depth)  01(fanout)  00(keyLen) 20(digest_length)
113pub const BLK2S_EX: [u32; 8] = [
114    0x6B08E647, /* 0x6A09E667 */
115    0xBB67AE85, 0x3C6EF372, 0xA54FF53A, 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19,
116];
117
118pub const BLK2B_H: [u32; 16] = [
119    0x6A09E667, 0xF3BCC908, 0xBB67AE85, 0x84CAA73B, 0x3C6EF372, 0xFE94F82B, 0xA54FF53A, 0x5F1D36F1,
120    0x510E527F, 0xADE682D1, 0x9B05688C, 0x2B3E6C1F, 0x1F83D9AB, 0xFB41BD6B, 0x5BE0CD19, 0x137E2179,
121];
122
123pub const BLK2B_EX: [u32; 16] = [
124    0xF2bDC948, 0x6A09E667, 0x84CAA73B, 0xBB67AE85, 0xFE94F82B, 0x3C6EF372, 0x5F1D36F1, 0xA54FF53A,
125    0xADE682D1, 0x510E527F, 0x2B3E6C1F, 0x9B05688C, 0xFB41BD6B, 0x1F83D9AB, 0x137E2179, 0x5BE0CD19,
126];
127
128pub const BLK2_X: [u32; 20] = [
129    0x01234567, 0x89ABCDEF, 0xEA489FD6, 0x1C02B753, 0xB8C052FD, 0xAE367194, 0x7931DCBE, 0x265A40F8,
130    0x905724AF, 0xE1BC683D, 0x2C6A0B83, 0x4D75FE19, 0xC51FED4A, 0x0763928B, 0xDB7EC139, 0x50F4862A,
131    0x6FE9B308, 0xC2D714A5, 0xA2847615, 0xFB9E3CD0,
132];
133
134pub const BLK3_H: [u32; 8] =
135    [0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19];
136
137pub const BLK3_X: [u32; 14] = [
138    0x01234567, 0x89ABCDEF, 0x263A704D, 0x1BC59EF8, 0x34ACD27E, 0x6590BF81, 0xA7C9E3DF, 0x40B25816,
139    0xCD9BFAE8, 0x72530164, 0x9EB58CF1, 0xD30A2647, 0xBF501986, 0xEA2C347D,
140];
141
142pub const RIPMD_H: [u32; 6] = [0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0, 0x00000000];
143
144pub const RIPMD_K: [u32; 10] = [
145    0x00000000, 0x50A28BE6, 0x5A827999, 0x5C4DD124, 0x6ED9EBA1, 0x6D703EF3, 0x8F1BBCDC, 0x7A6D76E9,
146    0xA953FD4E, 0x00000000,
147];
148
149pub const RIPMD_X: [u32; 40] = [
150    0xBEFC5879, 0xBDEF6798, 0x01234567, 0x89ABCDEF, 0x899BDFF5, 0x778BEEC6, 0x5E7092B4, 0xD6F81A3C,
151    0x768DB97F, 0x7CF9B7DC, 0x74D1A6F3, 0xC0952EB8, 0x9DF7C89B, 0x77C76FDB, 0x6B370D5A, 0xEF8C4912,
152    0xBD67E9DF, 0xE8D65C75, 0x3AE49F81, 0x2706DB5C, 0x97FB866E, 0xCD5EDD75, 0xF5137E69, 0xB8C2A04D,
153    0xBCEFEF98, 0x9E56865C, 0x19BA08C4, 0xD37FE562, 0xF58BEE6E, 0x69C9C5F8, 0x86413BF0, 0x5C2D97AE,
154    0x9F5B68DC, 0x5CDEB856, 0x40597C2A, 0xE138B6FD, 0x85C9C5E6, 0x8D65FDBB, 0xCFA41587, 0x62DE039B,
155];
156
157pub const RAMSEG_SHA3: [u32; 58] = [
158    0x00082d35, 0x80903a52, 0x00853506, 0x01b0ab42, 0x01072925, 0x7e1ab3fd, 0x004930f5, 0xdcdd9578,
159    0x00c63915, 0x1b52720e, 0x00000000, 0x00000001, 0x00000000, 0x00008082, 0x80000000, 0x0000808a,
160    0x80000000, 0x80008000, 0x00000000, 0x0000808b, 0x00000000, 0x80000001, 0x80000000, 0x80008081,
161    0x80000000, 0x00008009, 0x00000000, 0x0000008a, 0x00000000, 0x00000088, 0x00000000, 0x80008009,
162    0x00000000, 0x8000000a, 0x00000000, 0x8000808b, 0x80000000, 0x0000008b, 0x80000000, 0x00008089,
163    0x80000000, 0x00008003, 0x80000000, 0x00008002, 0x80000000, 0x00000080, 0x00000000, 0x0000800a,
164    0x80000000, 0x8000000a, 0x80000000, 0x80008081, 0x80000000, 0x00008080, 0x00000000, 0x80000001,
165    0x80000000, 0x80008008,
166];