/**
* Implementation of hash function «ГОСТ Р 34.11—2012».
* RFC: 6986 https://tools.ietf.org/html/rfc6986
* GOST: http://protect.gost.ru/document.aspx?control=7&id=180209
*
* @param hash Output buffer for 256/512-bit hash.
* @param msg Entire message.
* @param length Message length in bits.
* @param is_512 true for 512-bit hash, false for 256-bit hash.
* @return 0 — on success, 1 — on error.
*/
int streebog(WORD *hash, const unsigned char *msg, uint64_t length, bool is_512)
{
WORD h[WORDS_IN_CHUNK];
WORD N[WORDS_IN_CHUNK];
WORD uint512[WORDS_IN_CHUNK]; /* 512-bit unsigned integer. Little endian. */
WORD Sigma[WORDS_IN_CHUNK];
WORD padding[WORDS_IN_CHUNK];
WORD zero[WORDS_IN_CHUNK];
WORD *m;
uint64_t len = length;
for(int i = 0; i < 12; ++i) init_chunk(C[i], C_STR[i]);
chunk_set(N, 0);
chunk_set(Sigma, 0);
chunk_set(zero, 0);
set_uint512(uint512, 512);
m = (WORD *)msg;
if(is_512) chunk_set(h, 0);
else chunk_set(h, WADDING);
/* stage 2 */
while(len >= CHUNK_BITS)
{
gN(h, m, N);
add512(N, uint512);
add512(Sigma, m);
len -= CHUNK_BITS;
m += WORDS_IN_CHUNK;
}
/* stage 3 */
/* 3.1. */
pad(padding, msg + length / CHUNK_BITS * CHUNK_SIZE, len);
/* 3.2. */
gN(h, padding, N);
/* 3.3. */
set_uint512(uint512, len);
add512(N, uint512);
/* 3.4. */
add512(Sigma, padding);
/* 3.5. */
gN(h, N, zero);
/* 3.6. */
gN(h, Sigma, zero);
/* 3.7. */
chunk_cpy(hash, h, is_512);
return 0;
}
void *doit(void *id) {
gasnett_threadkey_set(mythread,id);
if ((uintptr_t)id != 0) { /* additional threads polling, to encourage handler concurrency */
while (!done) {
gasnet_AMPoll();
gasnett_sched_yield();
}
return 0;
}
MSG0("Running %sAM%s%s%s%s correctness test %s%swith %i iterations, max_payload=%i, depth=%i...",
#if GASNET_PAR
(domultith?"multi-threaded ":"single-threaded "),
#else
"",
#endif
(amopt?(domed?" Medium":""):""),(amopt?(dolong?" Long":""):""),(amopt?(dolongasync?" LongAsync":""):""),
((doinseg^dooutseg)?(doinseg?" in-segment":" out-of-segment"):""),
(dosizesync?"":"loosely-synced "),
(doprime?"with priming ":""),
iters,max_payload,depth);
BARRIER();
if (doprime) { /* issue some initial puts that cover the Long regions, to try and trigger dynamic pinning */
int chunkidx;
for (chunkidx = 0; chunkidx < depth; chunkidx++) {
/* AMRequestLong primer */
gasnet_put(peerproc, peerreqseg+chunkidx*max_payload, privateseg+chunkidx*max_payload, max_payload);
gasnet_put(peerproc, peerreqseg+chunkidx*max_payload, localseg+chunkidx*max_payload, max_payload);
/* AMRequestLongAsync primer */
gasnet_put(peerproc, peerreqseg+(depth+chunkidx)*max_payload, privateseg+chunkidx*max_payload, max_payload);
gasnet_put(peerproc, peerreqseg+(depth+chunkidx)*max_payload, localseg+chunkidx*max_payload, max_payload);
/* AMReplyLong primer */
gasnet_put(peerproc, peerrepseg+chunkidx*max_payload, myseg+chunkidx*max_payload, max_payload);
gasnet_put(peerproc, peerrepseg+chunkidx*max_payload, longreplysrc+chunkidx*max_payload, max_payload);
/* AMReplyLongAsync primer */
gasnet_put(peerproc, peerrepseg+(depth+chunkidx)*max_payload, myseg+(depth+chunkidx)*max_payload, max_payload);
gasnet_put(peerproc, peerrepseg+(depth+chunkidx)*max_payload, alongreplysrc+chunkidx*max_payload, max_payload);
}
BARRIER();
}
{ int sz,iter,savesz = 1;
int max1 = gasnet_AMMaxMedium(), max2 = maxlong;
if (maxlong < gasnet_AMMaxMedium()) { max1 = maxlong; max2 = gasnet_AMMaxMedium(); }
assert_always(max1 <= max2);
for (sz = 1; sz <= max_payload; ) {
if (dosizesync) BARRIER(); /* optional barrier, to synchronize tests at each payload size across nodes */
MSG0("payload = %i",sz);
for (iter = 0; iter < iters; iter++) {
int chunkidx;
uint8_t *srcseg = ITERSEG(iter);
/* initialize local seg to known values */
for (chunkidx = 0; chunkidx < depth; chunkidx++) {
init_chunk(srcseg,sz,iter,chunkidx);
}
if (domed && sz <= gasnet_AMMaxMedium()) { /* test Medium AMs */
gasnett_atomic_set(&pong_recvd,0,0);
for (chunkidx = 0; chunkidx < depth; chunkidx++) {
GASNET_Safe(gasnet_AMRequestMedium2(peerproc, hidx_ping_medhandler, srcseg+chunkidx*sz, sz,
iter, chunkidx));
}
/* wait for completion */
GASNET_BLOCKUNTIL(gasnett_atomic_read(&pong_recvd,0) == depth);
}
if (sz <= maxlong) {
if (dolong) { /* test Long AMs */
gasnett_atomic_set(&pong_recvd,0,0);
for (chunkidx = 0; chunkidx < depth; chunkidx++) {
GASNET_Safe(gasnet_AMRequestLong2(peerproc, hidx_ping_longhandler, srcseg+chunkidx*sz, sz,
peerreqseg+chunkidx*sz, iter, chunkidx));
}
/* wait for completion */
GASNET_BLOCKUNTIL(gasnett_atomic_read(&pong_recvd,0) == depth);
}
if (dolongasync) { /* test AsyncLong AMs */
gasnett_atomic_set(&pong_recvd,0,0);
for (chunkidx = 0; chunkidx < depth; chunkidx++) {
GASNET_Safe(gasnet_AMRequestLongAsync2(peerproc, hidx_ping_alonghandler, srcseg+chunkidx*sz, sz,
peerreqseg+(depth+chunkidx)*sz, iter, chunkidx));
}
/* wait for completion */
GASNET_BLOCKUNTIL(gasnett_atomic_read(&pong_recvd,0) == depth);
}
}
}
/* double sz each time, but make sure to also exactly hit MaxMedium, MaxLong and max payload */
if (sz < max1 && savesz * 2 > max1) sz = max1;
else if (sz < max2 && savesz * 2 > max2) sz = max2;
else if (sz < max_payload && savesz * 2 > max_payload) sz = max_payload;
else { sz = savesz * 2; savesz = sz; }
}
}
BARRIER();
done = 1;
return(0);
}