Botan 3.10.0
Crypto and TLS for C&
sha1.cpp
Go to the documentation of this file.
1/*
2* SHA-1
3* (C) 1999-2008,2011 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/internal/sha1.h>
9
10#include <botan/internal/loadstor.h>
11#include <botan/internal/rotate.h>
12#include <botan/internal/sha1_f.h>
13#include <array>
14
15#if defined(BOTAN_HAS_CPUID)
16 #include <botan/internal/cpuid.h>
17#endif
18
19namespace Botan {
20
21/*
22* SHA-1 Compression Function
23*/
24void SHA_1::compress_n(digest_type& digest, std::span<const uint8_t> input, size_t blocks) {
25 using namespace SHA1_F;
26
27#if defined(BOTAN_HAS_SHA1_X86_SHA_NI)
28 if(CPUID::has(CPUID::Feature::SHA)) {
29 return sha1_compress_x86(digest, input, blocks);
30 }
31#endif
32
33#if defined(BOTAN_HAS_SHA1_ARMV8)
34 if(CPUID::has(CPUID::Feature::SHA1)) {
35 return sha1_armv8_compress_n(digest, input, blocks);
36 }
37#endif
38
39#if defined(BOTAN_HAS_SHA1_AVX2)
40 if(CPUID::has(CPUID::Feature::AVX2, CPUID::Feature::BMI)) {
41 return avx2_compress_n(digest, input, blocks);
42 }
43#endif
44
45#if defined(BOTAN_HAS_SHA1_SIMD_4X32)
46 if(CPUID::has(CPUID::Feature::SIMD_4X32)) {
47 return simd_compress_n(digest, input, blocks);
48 }
49#endif
50
51 uint32_t A = digest[0];
52 uint32_t B = digest[1];
53 uint32_t C = digest[2];
54 uint32_t D = digest[3];
55 uint32_t E = digest[4];
56 std::array<uint32_t, 80> W{};
57 auto W_in = std::span{W}.first<block_bytes / sizeof(uint32_t)>();
58
59 BufferSlicer in(input);
60
61 for(size_t i = 0; i != blocks; ++i) {
62 load_be(W_in, in.take<block_bytes>());
63
64 // clang-format off
65
66 for(size_t j = 16; j != 80; j += 8) {
67 W[j + 0] = rotl<1>(W[j - 3] ^ W[j - 8] ^ W[j - 14] ^ W[j - 16]);
68 W[j + 1] = rotl<1>(W[j - 2] ^ W[j - 7] ^ W[j - 13] ^ W[j - 15]);
69 W[j + 2] = rotl<1>(W[j - 1] ^ W[j - 6] ^ W[j - 12] ^ W[j - 14]);
70 W[j + 3] = rotl<1>(W[j ] ^ W[j - 5] ^ W[j - 11] ^ W[j - 13]);
71 W[j + 4] = rotl<1>(W[j + 1] ^ W[j - 4] ^ W[j - 10] ^ W[j - 12]);
72 W[j + 5] = rotl<1>(W[j + 2] ^ W[j - 3] ^ W[j - 9] ^ W[j - 11]);
73 W[j + 6] = rotl<1>(W[j + 3] ^ W[j - 2] ^ W[j - 8] ^ W[j - 10]);
74 W[j + 7] = rotl<1>(W[j + 4] ^ W[j - 1] ^ W[j - 7] ^ W[j - 9]);
75 }
76
77 // clang-format on
78
79 F1(A, B, C, D, E, W[0] + K1);
80 F1(E, A, B, C, D, W[1] + K1);
81 F1(D, E, A, B, C, W[2] + K1);
82 F1(C, D, E, A, B, W[3] + K1);
83 F1(B, C, D, E, A, W[4] + K1);
84 F1(A, B, C, D, E, W[5] + K1);
85 F1(E, A, B, C, D, W[6] + K1);
86 F1(D, E, A, B, C, W[7] + K1);
87 F1(C, D, E, A, B, W[8] + K1);
88 F1(B, C, D, E, A, W[9] + K1);
89 F1(A, B, C, D, E, W[10] + K1);
90 F1(E, A, B, C, D, W[11] + K1);
91 F1(D, E, A, B, C, W[12] + K1);
92 F1(C, D, E, A, B, W[13] + K1);
93 F1(B, C, D, E, A, W[14] + K1);
94 F1(A, B, C, D, E, W[15] + K1);
95 F1(E, A, B, C, D, W[16] + K1);
96 F1(D, E, A, B, C, W[17] + K1);
97 F1(C, D, E, A, B, W[18] + K1);
98 F1(B, C, D, E, A, W[19] + K1);
99
100 F2(A, B, C, D, E, W[20] + K2);
101 F2(E, A, B, C, D, W[21] + K2);
102 F2(D, E, A, B, C, W[22] + K2);
103 F2(C, D, E, A, B, W[23] + K2);
104 F2(B, C, D, E, A, W[24] + K2);
105 F2(A, B, C, D, E, W[25] + K2);
106 F2(E, A, B, C, D, W[26] + K2);
107 F2(D, E, A, B, C, W[27] + K2);
108 F2(C, D, E, A, B, W[28] + K2);
109 F2(B, C, D, E, A, W[29] + K2);
110 F2(A, B, C, D, E, W[30] + K2);
111 F2(E, A, B, C, D, W[31] + K2);
112 F2(D, E, A, B, C, W[32] + K2);
113 F2(C, D, E, A, B, W[33] + K2);
114 F2(B, C, D, E, A, W[34] + K2);
115 F2(A, B, C, D, E, W[35] + K2);
116 F2(E, A, B, C, D, W[36] + K2);
117 F2(D, E, A, B, C, W[37] + K2);
118 F2(C, D, E, A, B, W[38] + K2);
119 F2(B, C, D, E, A, W[39] + K2);
120
121 F3(A, B, C, D, E, W[40] + K3);
122 F3(E, A, B, C, D, W[41] + K3);
123 F3(D, E, A, B, C, W[42] + K3);
124 F3(C, D, E, A, B, W[43] + K3);
125 F3(B, C, D, E, A, W[44] + K3);
126 F3(A, B, C, D, E, W[45] + K3);
127 F3(E, A, B, C, D, W[46] + K3);
128 F3(D, E, A, B, C, W[47] + K3);
129 F3(C, D, E, A, B, W[48] + K3);
130 F3(B, C, D, E, A, W[49] + K3);
131 F3(A, B, C, D, E, W[50] + K3);
132 F3(E, A, B, C, D, W[51] + K3);
133 F3(D, E, A, B, C, W[52] + K3);
134 F3(C, D, E, A, B, W[53] + K3);
135 F3(B, C, D, E, A, W[54] + K3);
136 F3(A, B, C, D, E, W[55] + K3);
137 F3(E, A, B, C, D, W[56] + K3);
138 F3(D, E, A, B, C, W[57] + K3);
139 F3(C, D, E, A, B, W[58] + K3);
140 F3(B, C, D, E, A, W[59] + K3);
141
142 F4(A, B, C, D, E, W[60] + K4);
143 F4(E, A, B, C, D, W[61] + K4);
144 F4(D, E, A, B, C, W[62] + K4);
145 F4(C, D, E, A, B, W[63] + K4);
146 F4(B, C, D, E, A, W[64] + K4);
147 F4(A, B, C, D, E, W[65] + K4);
148 F4(E, A, B, C, D, W[66] + K4);
149 F4(D, E, A, B, C, W[67] + K4);
150 F4(C, D, E, A, B, W[68] + K4);
151 F4(B, C, D, E, A, W[69] + K4);
152 F4(A, B, C, D, E, W[70] + K4);
153 F4(E, A, B, C, D, W[71] + K4);
154 F4(D, E, A, B, C, W[72] + K4);
155 F4(C, D, E, A, B, W[73] + K4);
156 F4(B, C, D, E, A, W[74] + K4);
157 F4(A, B, C, D, E, W[75] + K4);
158 F4(E, A, B, C, D, W[76] + K4);
159 F4(D, E, A, B, C, W[77] + K4);
160 F4(C, D, E, A, B, W[78] + K4);
161 F4(B, C, D, E, A, W[79] + K4);
162
163 A = (digest[0] += A);
164 B = (digest[1] += B);
165 C = (digest[2] += C);
166 D = (digest[3] += D);
167 E = (digest[4] += E);
168 }
169}
170
171/*
172* Clear memory of sensitive data
173*/
174void SHA_1::init(digest_type& digest) {
175 digest.assign({0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0});
176}
177
178std::string SHA_1::provider() const {
179#if defined(BOTAN_HAS_SHA1_X86_SHA_NI)
180 if(auto feat = CPUID::check(CPUID::Feature::SHA)) {
181 return *feat;
182 }
183#endif
184
185#if defined(BOTAN_HAS_SHA1_ARMV8)
186 if(auto feat = CPUID::check(CPUID::Feature::SHA1)) {
187 return *feat;
188 }
189#endif
190
191#if defined(BOTAN_HAS_SHA1_AVX2)
192 if(auto feat = CPUID::check(CPUID::Feature::AVX2, CPUID::Feature::BMI)) {
193 return *feat;
194 }
195#endif
196
197#if defined(BOTAN_HAS_SHA1_SIMD_4X32)
198 if(auto feat = CPUID::check(CPUID::Feature::SIMD_4X32)) {
199 return *feat;
200 }
201#endif
202
203 return "base";
204}
205
206std::unique_ptr<HashFunction> SHA_1::new_object() const {
207 return std::make_unique<SHA_1>();
208}
209
210std::unique_ptr<HashFunction> SHA_1::copy_state() const {
211 return std::make_unique<SHA_1>(*this);
212}
213
214void SHA_1::add_data(std::span<const uint8_t> input) {
215 m_md.update(input);
216}
217
218void SHA_1::final_result(std::span<uint8_t> output) {
219 m_md.final(output);
220}
221
222} // namespace Botan
Botan::BufferSlicer::take
std::span< const uint8_t > take(const size_t count)
Definition stl_util.h:89
Botan::CPUID::check
static std::optional< std::string > check(CPUID::Feature feat)
Definition cpuid.h:67
Botan::CPUID::has
static bool has(CPUID::Feature feat)
Definition cpuid.h:94
Botan::SHA_1::new_object
std::unique_ptr< HashFunction > new_object() const override
Definition sha1.cpp:206
Botan::SHA_1::copy_state
std::unique_ptr< HashFunction > copy_state() const override
Definition sha1.cpp:210
Botan::SHA_1::sha1_compress_x86
static void sha1_compress_x86(digest_type &digest, std::span< const uint8_t > blocks, size_t block_count)
Definition sha1_x86.cpp:74
Botan::SHA_1::provider
std::string provider() const override
Definition sha1.cpp:178
Botan::SHA_1::sha1_armv8_compress_n
static void sha1_armv8_compress_n(digest_type &digest, std::span< const uint8_t > blocks, size_t block_count)
Definition sha1_armv8.cpp:21
Botan::SHA_1::block_bytes
static constexpr size_t block_bytes
Definition sha1.h:24
Botan::SHA_1::compress_n
static void compress_n(digest_type &digest, std::span< const uint8_t > input, size_t blocks)
Definition sha1.cpp:24
Botan::SHA_1::init
static void init(digest_type &digest)
Definition sha1.cpp:174
Botan::SHA_1::digest_type
secure_vector< uint32_t > digest_type
Definition sha1.h:20
Botan::SHA1_F
Definition sha1_f.h:14
Botan::rotl
BOTAN_FORCE_INLINE constexpr T rotl(T input)
Definition rotate.h:23
Botan::load_be
constexpr auto load_be(ParamTs &&... params)
Definition loadstor.h:504
Generated by doxygen 1.15.0