Botan 3.4.0
Crypto and TLS for C&
sha1.cpp
Go to the documentation of this file.
1/*
2* SHA-1
3* (C) 1999-2008,2011 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/internal/sha1.h>
9
10#include <botan/internal/bit_ops.h>
11#include <botan/internal/cpuid.h>
12#include <botan/internal/loadstor.h>
13#include <botan/internal/rotate.h>
14#include <botan/internal/stl_util.h>
15
16#include <array>
17
18namespace Botan {
19
20namespace SHA1_F {
21
22namespace {
23
24/*
25* SHA-1 F1 Function
26*/
27inline void F1(uint32_t A, uint32_t& B, uint32_t C, uint32_t D, uint32_t& E, uint32_t msg) {
28 E += choose(B, C, D) + msg + 0x5A827999 + rotl<5>(A);
29 B = rotl<30>(B);
30}
31
32/*
33* SHA-1 F2 Function
34*/
35inline void F2(uint32_t A, uint32_t& B, uint32_t C, uint32_t D, uint32_t& E, uint32_t msg) {
36 E += (B ^ C ^ D) + msg + 0x6ED9EBA1 + rotl<5>(A);
37 B = rotl<30>(B);
38}
39
40/*
41* SHA-1 F3 Function
42*/
43inline void F3(uint32_t A, uint32_t& B, uint32_t C, uint32_t D, uint32_t& E, uint32_t msg) {
44 E += majority(B, C, D) + msg + 0x8F1BBCDC + rotl<5>(A);
45 B = rotl<30>(B);
46}
47
48/*
49* SHA-1 F4 Function
50*/
51inline void F4(uint32_t A, uint32_t& B, uint32_t C, uint32_t D, uint32_t& E, uint32_t msg) {
52 E += (B ^ C ^ D) + msg + 0xCA62C1D6 + rotl<5>(A);
53 B = rotl<30>(B);
54}
55
56} // namespace
57
58} // namespace SHA1_F
59
60/*
61* SHA-1 Compression Function
62*/
63void SHA_1::compress_n(digest_type& digest, std::span<const uint8_t> input, size_t blocks) {
64 using namespace SHA1_F;
65
66#if defined(BOTAN_HAS_SHA1_X86_SHA_NI)
67 if(CPUID::has_intel_sha()) {
68 return sha1_compress_x86(digest, input, blocks);
69 }
70#endif
71
72#if defined(BOTAN_HAS_SHA1_ARMV8)
73 if(CPUID::has_arm_sha1()) {
74 return sha1_armv8_compress_n(digest, input, blocks);
75 }
76#endif
77
78#if defined(BOTAN_HAS_SHA1_SSE2)
79 if(CPUID::has_sse2()) {
80 return sse2_compress_n(digest, input, blocks);
81 }
82
83#endif
84
85 uint32_t A = digest[0], B = digest[1], C = digest[2], D = digest[3], E = digest[4];
86 std::array<uint32_t, 80> W;
87
88 BufferSlicer in(input);
89
90 for(size_t i = 0; i != blocks; ++i) {
91 load_be(W.data(), in.take(block_bytes).data(), 16);
92
93 for(size_t j = 16; j != 80; j += 8) {
94 W[j] = rotl<1>(W[j - 3] ^ W[j - 8] ^ W[j - 14] ^ W[j - 16]);
95 W[j + 1] = rotl<1>(W[j - 2] ^ W[j - 7] ^ W[j - 13] ^ W[j - 15]);
96 W[j + 2] = rotl<1>(W[j - 1] ^ W[j - 6] ^ W[j - 12] ^ W[j - 14]);
97 W[j + 3] = rotl<1>(W[j] ^ W[j - 5] ^ W[j - 11] ^ W[j - 13]);
98 W[j + 4] = rotl<1>(W[j + 1] ^ W[j - 4] ^ W[j - 10] ^ W[j - 12]);
99 W[j + 5] = rotl<1>(W[j + 2] ^ W[j - 3] ^ W[j - 9] ^ W[j - 11]);
100 W[j + 6] = rotl<1>(W[j + 3] ^ W[j - 2] ^ W[j - 8] ^ W[j - 10]);
101 W[j + 7] = rotl<1>(W[j + 4] ^ W[j - 1] ^ W[j - 7] ^ W[j - 9]);
102 }
103
104 F1(A, B, C, D, E, W[0]);
105 F1(E, A, B, C, D, W[1]);
106 F1(D, E, A, B, C, W[2]);
107 F1(C, D, E, A, B, W[3]);
108 F1(B, C, D, E, A, W[4]);
109 F1(A, B, C, D, E, W[5]);
110 F1(E, A, B, C, D, W[6]);
111 F1(D, E, A, B, C, W[7]);
112 F1(C, D, E, A, B, W[8]);
113 F1(B, C, D, E, A, W[9]);
114 F1(A, B, C, D, E, W[10]);
115 F1(E, A, B, C, D, W[11]);
116 F1(D, E, A, B, C, W[12]);
117 F1(C, D, E, A, B, W[13]);
118 F1(B, C, D, E, A, W[14]);
119 F1(A, B, C, D, E, W[15]);
120 F1(E, A, B, C, D, W[16]);
121 F1(D, E, A, B, C, W[17]);
122 F1(C, D, E, A, B, W[18]);
123 F1(B, C, D, E, A, W[19]);
124
125 F2(A, B, C, D, E, W[20]);
126 F2(E, A, B, C, D, W[21]);
127 F2(D, E, A, B, C, W[22]);
128 F2(C, D, E, A, B, W[23]);
129 F2(B, C, D, E, A, W[24]);
130 F2(A, B, C, D, E, W[25]);
131 F2(E, A, B, C, D, W[26]);
132 F2(D, E, A, B, C, W[27]);
133 F2(C, D, E, A, B, W[28]);
134 F2(B, C, D, E, A, W[29]);
135 F2(A, B, C, D, E, W[30]);
136 F2(E, A, B, C, D, W[31]);
137 F2(D, E, A, B, C, W[32]);
138 F2(C, D, E, A, B, W[33]);
139 F2(B, C, D, E, A, W[34]);
140 F2(A, B, C, D, E, W[35]);
141 F2(E, A, B, C, D, W[36]);
142 F2(D, E, A, B, C, W[37]);
143 F2(C, D, E, A, B, W[38]);
144 F2(B, C, D, E, A, W[39]);
145
146 F3(A, B, C, D, E, W[40]);
147 F3(E, A, B, C, D, W[41]);
148 F3(D, E, A, B, C, W[42]);
149 F3(C, D, E, A, B, W[43]);
150 F3(B, C, D, E, A, W[44]);
151 F3(A, B, C, D, E, W[45]);
152 F3(E, A, B, C, D, W[46]);
153 F3(D, E, A, B, C, W[47]);
154 F3(C, D, E, A, B, W[48]);
155 F3(B, C, D, E, A, W[49]);
156 F3(A, B, C, D, E, W[50]);
157 F3(E, A, B, C, D, W[51]);
158 F3(D, E, A, B, C, W[52]);
159 F3(C, D, E, A, B, W[53]);
160 F3(B, C, D, E, A, W[54]);
161 F3(A, B, C, D, E, W[55]);
162 F3(E, A, B, C, D, W[56]);
163 F3(D, E, A, B, C, W[57]);
164 F3(C, D, E, A, B, W[58]);
165 F3(B, C, D, E, A, W[59]);
166
167 F4(A, B, C, D, E, W[60]);
168 F4(E, A, B, C, D, W[61]);
169 F4(D, E, A, B, C, W[62]);
170 F4(C, D, E, A, B, W[63]);
171 F4(B, C, D, E, A, W[64]);
172 F4(A, B, C, D, E, W[65]);
173 F4(E, A, B, C, D, W[66]);
174 F4(D, E, A, B, C, W[67]);
175 F4(C, D, E, A, B, W[68]);
176 F4(B, C, D, E, A, W[69]);
177 F4(A, B, C, D, E, W[70]);
178 F4(E, A, B, C, D, W[71]);
179 F4(D, E, A, B, C, W[72]);
180 F4(C, D, E, A, B, W[73]);
181 F4(B, C, D, E, A, W[74]);
182 F4(A, B, C, D, E, W[75]);
183 F4(E, A, B, C, D, W[76]);
184 F4(D, E, A, B, C, W[77]);
185 F4(C, D, E, A, B, W[78]);
186 F4(B, C, D, E, A, W[79]);
187
188 A = (digest[0] += A);
189 B = (digest[1] += B);
190 C = (digest[2] += C);
191 D = (digest[3] += D);
192 E = (digest[4] += E);
193 }
194}
195
196/*
197* Clear memory of sensitive data
198*/
199void SHA_1::init(digest_type& digest) {
200 digest.assign({0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0});
201}
202
203std::string SHA_1::provider() const {
204#if defined(BOTAN_HAS_SHA1_X86_SHA_NI)
205 if(CPUID::has_intel_sha()) {
206 return "intel_sha";
207 }
208#endif
209
210#if defined(BOTAN_HAS_SHA1_ARMV8)
211 if(CPUID::has_arm_sha1()) {
212 return "armv8_sha";
213 }
214#endif
215
216#if defined(BOTAN_HAS_SHA1_SSE2)
217 if(CPUID::has_sse2()) {
218 return "sse2";
219 }
220#endif
221
222 return "base";
223}
224
225std::unique_ptr<HashFunction> SHA_1::new_object() const {
226 return std::make_unique<SHA_1>();
227}
228
229std::unique_ptr<HashFunction> SHA_1::copy_state() const {
230 return std::make_unique<SHA_1>(*this);
231}
232
233void SHA_1::add_data(std::span<const uint8_t> input) {
234 m_md.update(input);
235}
236
237void SHA_1::final_result(std::span<uint8_t> output) {
238 m_md.final(output);
239}
240
241} // namespace Botan
Botan::BufferSlicer::take
std::span< const uint8_t > take(const size_t count)
Definition stl_util.h:156
Botan::SHA_1::new_object
std::unique_ptr< HashFunction > new_object() const override
Definition sha1.cpp:225
Botan::SHA_1::copy_state
std::unique_ptr< HashFunction > copy_state() const override
Definition sha1.cpp:229
Botan::SHA_1::provider
std::string provider() const override
Definition sha1.cpp:203
Botan::SHA_1::sha1_compress_x86
static void sha1_compress_x86(digest_type &digest, std::span< const uint8_t > blocks, size_t block_count)
Definition sha1_x86.cpp:21
Botan::SHA_1::block_bytes
static constexpr size_t block_bytes
Definition sha1.h:24
Botan::SHA_1::compress_n
static void compress_n(digest_type &digest, std::span< const uint8_t > input, size_t blocks)
Definition sha1.cpp:63
Botan::SHA_1::init
static void init(digest_type &digest)
Definition sha1.cpp:199
Botan::SHA_1::digest_type
secure_vector< uint32_t > digest_type
Definition sha1.h:20
Botan::SHA_1::sse2_compress_n
static void sse2_compress_n(digest_type &digest, std::span< const uint8_t > blocks, size_t block_count)
Botan::SHA_1::sha1_armv8_compress_n
static void sha1_armv8_compress_n(digest_type &digest, std::span< const uint8_t > blocks, size_t block_count)
Definition sha1_armv8.cpp:20
Botan::choose
constexpr T choose(T mask, T a, T b)
Definition bit_ops.h:180
Botan::majority
constexpr T majority(T a, T b, T c)
Definition bit_ops.h:186
Botan::load_be
constexpr auto load_be(ParamTs &&... params)
Definition loadstor.h:471
Generated by doxygen 1.10.0