Botan 3.10.0
Crypto and TLS for C&
sha2_32.cpp
Go to the documentation of this file.
1/*
2* SHA-{224,256}
3* (C) 1999-2010,2017 Jack Lloyd
4* 2007 FlexSecure GmbH
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#include <botan/internal/sha2_32.h>
10
11#include <botan/internal/loadstor.h>
12#include <botan/internal/sha2_32_f.h>
13#include <botan/internal/stack_scrubbing.h>
14#include <botan/internal/stl_util.h>
15
16#if defined(BOTAN_HAS_CPUID)
17 #include <botan/internal/cpuid.h>
18#endif
19
20namespace Botan {
21
22namespace {
23
24std::string sha256_provider() {
25#if defined(BOTAN_HAS_SHA2_32_ARMV8)
26 if(auto feat = CPUID::check(CPUID::Feature::SHA2)) {
27 return *feat;
28 }
29#endif
30
31#if defined(BOTAN_HAS_SHA2_32_X86)
32 if(auto feat = CPUID::check(CPUID::Feature::SHA)) {
33 return *feat;
34 }
35#endif
36
37#if defined(BOTAN_HAS_SHA2_32_X86_AVX2)
38 if(auto feat = CPUID::check(CPUID::Feature::AVX2, CPUID::Feature::BMI)) {
39 return *feat;
40 }
41#endif
42
43#if defined(BOTAN_HAS_SHA2_32_SIMD)
44 if(auto feat = CPUID::check(CPUID::Feature::SIMD_4X32)) {
45 return *feat;
46 }
47#endif
48
49 return "base";
50}
51
52} // namespace
53
54/*
55* SHA-224 / SHA-256 compression function
56*/
57void BOTAN_SCRUB_STACK_AFTER_RETURN SHA_256::compress_digest(digest_type& digest,
58 std::span<const uint8_t> input,
59 size_t blocks) {
60#if defined(BOTAN_HAS_SHA2_32_X86)
61 if(CPUID::has(CPUID::Feature::SHA)) {
62 return SHA_256::compress_digest_x86(digest, input, blocks);
63 }
64#endif
65
66#if defined(BOTAN_HAS_SHA2_32_ARMV8)
67 if(CPUID::has(CPUID::Feature::SHA2)) {
68 return SHA_256::compress_digest_armv8(digest, input, blocks);
69 }
70#endif
71
72#if defined(BOTAN_HAS_SHA2_32_X86_AVX2)
73 if(CPUID::has(CPUID::Feature::AVX2, CPUID::Feature::BMI)) {
74 return SHA_256::compress_digest_x86_avx2(digest, input, blocks);
75 }
76#endif
77
78#if defined(BOTAN_HAS_SHA2_32_SIMD)
79 if(CPUID::has(CPUID::Feature::SIMD_4X32)) {
80 return SHA_256::compress_digest_x86_simd(digest, input, blocks);
81 }
82#endif
83
84 uint32_t A = digest[0];
85 uint32_t B = digest[1];
86 uint32_t C = digest[2];
87 uint32_t D = digest[3];
88 uint32_t E = digest[4];
89 uint32_t F = digest[5];
90 uint32_t G = digest[6];
91 uint32_t H = digest[7];
92
93 std::array<uint32_t, 16> W{};
94
95 BufferSlicer in(input);
96
97 for(size_t i = 0; i != blocks; ++i) {
98 load_be(W, in.take<block_bytes>());
99
100 // clang-format off
101
102 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x428A2F98);
103 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x71374491);
104 SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0xB5C0FBCF);
105 SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0xE9B5DBA5);
106 SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x3956C25B);
107 SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x59F111F1);
108 SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x923F82A4);
109 SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0xAB1C5ED5);
110 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0xD807AA98);
111 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0x12835B01);
112 SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0x243185BE);
113 SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0x550C7DC3);
114 SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0x72BE5D74);
115 SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0x80DEB1FE);
116 SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0x9BDC06A7);
117 SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0xC19BF174);
118
119 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0xE49B69C1);
120 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0xEFBE4786);
121 SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x0FC19DC6);
122 SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x240CA1CC);
123 SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x2DE92C6F);
124 SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x4A7484AA);
125 SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x5CB0A9DC);
126 SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x76F988DA);
127 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0x983E5152);
128 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0xA831C66D);
129 SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0xB00327C8);
130 SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0xBF597FC7);
131 SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0xC6E00BF3);
132 SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xD5A79147);
133 SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0x06CA6351);
134 SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0x14292967);
135
136 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x27B70A85);
137 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x2E1B2138);
138 SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x4D2C6DFC);
139 SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x53380D13);
140 SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x650A7354);
141 SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x766A0ABB);
142 SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x81C2C92E);
143 SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x92722C85);
144 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0xA2BFE8A1);
145 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0xA81A664B);
146 SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0xC24B8B70);
147 SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0xC76C51A3);
148 SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0xD192E819);
149 SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xD6990624);
150 SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0xF40E3585);
151 SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0x106AA070);
152
153 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x19A4C116);
154 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x1E376C08);
155 SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x2748774C);
156 SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x34B0BCB5);
157 SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x391C0CB3);
158 SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x4ED8AA4A);
159 SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x5B9CCA4F);
160 SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x682E6FF3);
161 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0x748F82EE);
162 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0x78A5636F);
163 SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0x84C87814);
164 SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0x8CC70208);
165 SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0x90BEFFFA);
166 SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xA4506CEB);
167 SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0xBEF9A3F7);
168 SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0xC67178F2);
169
170 // clang-format on
171
172 A = (digest[0] += A);
173 B = (digest[1] += B);
174 C = (digest[2] += C);
175 D = (digest[3] += D);
176 E = (digest[4] += E);
177 F = (digest[5] += F);
178 G = (digest[6] += G);
179 H = (digest[7] += H);
180 }
181}
182
183std::string SHA_224::provider() const {
184 return sha256_provider();
185}
186
187void SHA_224::compress_n(digest_type& digest, std::span<const uint8_t> input, size_t blocks) {
188 SHA_256::compress_digest(digest, input, blocks);
189}
190
191void SHA_224::init(digest_type& digest) {
192 digest.assign({0xC1059ED8, 0x367CD507, 0x3070DD17, 0xF70E5939, 0xFFC00B31, 0x68581511, 0x64F98FA7, 0xBEFA4FA4});
193}
194
195std::unique_ptr<HashFunction> SHA_224::new_object() const {
196 return std::make_unique<SHA_224>();
197}
198
199std::unique_ptr<HashFunction> SHA_224::copy_state() const {
200 return std::make_unique<SHA_224>(*this);
201}
202
203void SHA_224::add_data(std::span<const uint8_t> input) {
204 m_md.update(input);
205}
206
207void SHA_224::final_result(std::span<uint8_t> output) {
208 m_md.final(output);
209}
210
211std::string SHA_256::provider() const {
212 return sha256_provider();
213}
214
215void SHA_256::compress_n(digest_type& digest, std::span<const uint8_t> input, size_t blocks) {
216 SHA_256::compress_digest(digest, input, blocks);
217}
218
219void SHA_256::init(digest_type& digest) {
220 digest.assign({0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19});
221}
222
223std::unique_ptr<HashFunction> SHA_256::new_object() const {
224 return std::make_unique<SHA_256>();
225}
226
227std::unique_ptr<HashFunction> SHA_256::copy_state() const {
228 return std::make_unique<SHA_256>(*this);
229}
230
231void SHA_256::add_data(std::span<const uint8_t> input) {
232 m_md.update(input);
233}
234
235void SHA_256::final_result(std::span<uint8_t> output) {
236 m_md.final(output);
237}
238
239} // namespace Botan
Botan::BufferSlicer::take
std::span< const uint8_t > take(const size_t count)
Definition stl_util.h:89
Botan::CPUID::check
static std::optional< std::string > check(CPUID::Feature feat)
Definition cpuid.h:67
Botan::CPUID::has
static bool has(CPUID::Feature feat)
Definition cpuid.h:94
Botan::SHA_224::compress_n
static void compress_n(digest_type &digest, std::span< const uint8_t > input, size_t blocks)
Definition sha2_32.cpp:187
Botan::SHA_224::provider
std::string provider() const override
Definition sha2_32.cpp:183
Botan::SHA_224::init
static void init(digest_type &digest)
Definition sha2_32.cpp:191
Botan::SHA_224::digest_type
secure_vector< uint32_t > digest_type
Definition sha2_32.h:21
Botan::SHA_224::new_object
std::unique_ptr< HashFunction > new_object() const override
Definition sha2_32.cpp:195
Botan::SHA_224::copy_state
std::unique_ptr< HashFunction > copy_state() const override
Definition sha2_32.cpp:199
Botan::SHA_256::digest_type
secure_vector< uint32_t > digest_type
Definition sha2_32.h:61
Botan::SHA_256::compress_n
static void compress_n(digest_type &digest, std::span< const uint8_t > input, size_t blocks)
Definition sha2_32.cpp:215
Botan::SHA_256::compress_digest_x86
static void compress_digest_x86(digest_type &digest, std::span< const uint8_t > input, size_t blocks)
Definition sha2_32_x86.cpp:52
Botan::SHA_256::compress_digest_armv8
static void compress_digest_armv8(digest_type &digest, std::span< const uint8_t > input, size_t blocks)
Definition sha2_32_armv8.cpp:46
Botan::SHA_256::compress_digest
static void compress_digest(digest_type &digest, std::span< const uint8_t > input, size_t blocks)
Definition sha2_32.cpp:57
Botan::SHA_256::new_object
std::unique_ptr< HashFunction > new_object() const override
Definition sha2_32.cpp:223
Botan::SHA_256::copy_state
std::unique_ptr< HashFunction > copy_state() const override
Definition sha2_32.cpp:227
Botan::SHA_256::provider
std::string provider() const override
Definition sha2_32.cpp:211
Botan::SHA_256::init
static void init(digest_type &digest)
Definition sha2_32.cpp:219
Botan::SHA_256::block_bytes
static constexpr size_t block_bytes
Definition sha2_32.h:65
Botan::SHA2_32_F
BOTAN_FORCE_INLINE void SHA2_32_F(uint32_t A, uint32_t B, uint32_t C, uint32_t &D, uint32_t E, uint32_t F, uint32_t G, uint32_t &H, uint32_t &M1, uint32_t M2, uint32_t M3, uint32_t M4, uint32_t magic)
Definition sha2_32_f.h:19
Botan::load_be
constexpr auto load_be(ParamTs &&... params)
Definition loadstor.h:504
BOTAN_SCRUB_STACK_AFTER_RETURN
#define BOTAN_SCRUB_STACK_AFTER_RETURN
Definition stack_scrubbing.h:33
Generated by doxygen 1.15.0