Botan 3.8.1
Crypto and TLS for C&
sha2_32.cpp
Go to the documentation of this file.
1/*
2* SHA-{224,256}
3* (C) 1999-2010,2017 Jack Lloyd
4* 2007 FlexSecure GmbH
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#include <botan/internal/sha2_32.h>
10
11#include <botan/internal/bit_ops.h>
12#include <botan/internal/loadstor.h>
13#include <botan/internal/rotate.h>
14#include <botan/internal/sha2_32_f.h>
15#include <botan/internal/stl_util.h>
16
17#if defined(BOTAN_HAS_CPUID)
18 #include <botan/internal/cpuid.h>
19#endif
20
21namespace Botan {
22
23namespace {
24
25std::string sha256_provider() {
26#if defined(BOTAN_HAS_SHA2_32_ARMV8)
27 if(auto feat = CPUID::check(CPUID::Feature::SHA2)) {
28 return *feat;
29 }
30#endif
31
32#if defined(BOTAN_HAS_SHA2_32_X86)
33 if(auto feat = CPUID::check(CPUID::Feature::SHA)) {
34 return *feat;
35 }
36#endif
37
38#if defined(BOTAN_HAS_SHA2_32_X86_AVX2)
39 if(auto feat = CPUID::check(CPUID::Feature::AVX2, CPUID::Feature::BMI)) {
40 return *feat;
41 }
42#endif
43
44#if defined(BOTAN_HAS_SHA2_32_SIMD)
45 if(auto feat = CPUID::check(CPUID::Feature::SIMD_4X32)) {
46 return *feat;
47 }
48#endif
49
50 return "base";
51}
52
53} // namespace
54
55/*
56* SHA-224 / SHA-256 compression function
57*/
58void SHA_256::compress_digest(digest_type& digest, std::span<const uint8_t> input, size_t blocks) {
59#if defined(BOTAN_HAS_SHA2_32_X86)
60 if(CPUID::has(CPUID::Feature::SHA)) {
61 return SHA_256::compress_digest_x86(digest, input, blocks);
62 }
63#endif
64
65#if defined(BOTAN_HAS_SHA2_32_ARMV8)
66 if(CPUID::has(CPUID::Feature::SHA2)) {
67 return SHA_256::compress_digest_armv8(digest, input, blocks);
68 }
69#endif
70
71#if defined(BOTAN_HAS_SHA2_32_X86_AVX2)
72 if(CPUID::has(CPUID::Feature::AVX2, CPUID::Feature::BMI)) {
73 return SHA_256::compress_digest_x86_avx2(digest, input, blocks);
74 }
75#endif
76
77#if defined(BOTAN_HAS_SHA2_32_SIMD)
78 if(CPUID::has(CPUID::Feature::SIMD_4X32)) {
79 return SHA_256::compress_digest_x86_simd(digest, input, blocks);
80 }
81#endif
82
83 uint32_t A = digest[0], B = digest[1], C = digest[2], D = digest[3], E = digest[4], F = digest[5], G = digest[6],
84 H = digest[7];
85
86 std::array<uint32_t, 16> W;
87
88 BufferSlicer in(input);
89
90 for(size_t i = 0; i != blocks; ++i) {
91 load_be(W, in.take<block_bytes>());
92
93 // clang-format off
94
95 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x428A2F98);
96 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x71374491);
97 SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0xB5C0FBCF);
98 SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0xE9B5DBA5);
99 SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x3956C25B);
100 SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x59F111F1);
101 SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x923F82A4);
102 SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0xAB1C5ED5);
103 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0xD807AA98);
104 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0x12835B01);
105 SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0x243185BE);
106 SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0x550C7DC3);
107 SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0x72BE5D74);
108 SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0x80DEB1FE);
109 SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0x9BDC06A7);
110 SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0xC19BF174);
111
112 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0xE49B69C1);
113 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0xEFBE4786);
114 SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x0FC19DC6);
115 SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x240CA1CC);
116 SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x2DE92C6F);
117 SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x4A7484AA);
118 SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x5CB0A9DC);
119 SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x76F988DA);
120 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0x983E5152);
121 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0xA831C66D);
122 SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0xB00327C8);
123 SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0xBF597FC7);
124 SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0xC6E00BF3);
125 SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xD5A79147);
126 SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0x06CA6351);
127 SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0x14292967);
128
129 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x27B70A85);
130 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x2E1B2138);
131 SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x4D2C6DFC);
132 SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x53380D13);
133 SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x650A7354);
134 SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x766A0ABB);
135 SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x81C2C92E);
136 SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x92722C85);
137 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0xA2BFE8A1);
138 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0xA81A664B);
139 SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0xC24B8B70);
140 SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0xC76C51A3);
141 SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0xD192E819);
142 SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xD6990624);
143 SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0xF40E3585);
144 SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0x106AA070);
145
146 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x19A4C116);
147 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x1E376C08);
148 SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x2748774C);
149 SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x34B0BCB5);
150 SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x391C0CB3);
151 SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x4ED8AA4A);
152 SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x5B9CCA4F);
153 SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x682E6FF3);
154 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0x748F82EE);
155 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0x78A5636F);
156 SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0x84C87814);
157 SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0x8CC70208);
158 SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0x90BEFFFA);
159 SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xA4506CEB);
160 SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0xBEF9A3F7);
161 SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0xC67178F2);
162
163 // clang-format on
164
165 A = (digest[0] += A);
166 B = (digest[1] += B);
167 C = (digest[2] += C);
168 D = (digest[3] += D);
169 E = (digest[4] += E);
170 F = (digest[5] += F);
171 G = (digest[6] += G);
172 H = (digest[7] += H);
173 }
174}
175
176std::string SHA_224::provider() const {
177 return sha256_provider();
178}
179
180void SHA_224::compress_n(digest_type& digest, std::span<const uint8_t> input, size_t blocks) {
181 SHA_256::compress_digest(digest, input, blocks);
182}
183
184void SHA_224::init(digest_type& digest) {
185 digest.assign({0xC1059ED8, 0x367CD507, 0x3070DD17, 0xF70E5939, 0xFFC00B31, 0x68581511, 0x64F98FA7, 0xBEFA4FA4});
186}
187
188std::unique_ptr<HashFunction> SHA_224::new_object() const {
189 return std::make_unique<SHA_224>();
190}
191
192std::unique_ptr<HashFunction> SHA_224::copy_state() const {
193 return std::make_unique<SHA_224>(*this);
194}
195
196void SHA_224::add_data(std::span<const uint8_t> input) {
197 m_md.update(input);
198}
199
200void SHA_224::final_result(std::span<uint8_t> output) {
201 m_md.final(output);
202}
203
204std::string SHA_256::provider() const {
205 return sha256_provider();
206}
207
208void SHA_256::compress_n(digest_type& digest, std::span<const uint8_t> input, size_t blocks) {
209 SHA_256::compress_digest(digest, input, blocks);
210}
211
212void SHA_256::init(digest_type& digest) {
213 digest.assign({0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19});
214}
215
216std::unique_ptr<HashFunction> SHA_256::new_object() const {
217 return std::make_unique<SHA_256>();
218}
219
220std::unique_ptr<HashFunction> SHA_256::copy_state() const {
221 return std::make_unique<SHA_256>(*this);
222}
223
224void SHA_256::add_data(std::span<const uint8_t> input) {
225 m_md.update(input);
226}
227
228void SHA_256::final_result(std::span<uint8_t> output) {
229 m_md.final(output);
230}
231
232} // namespace Botan
Botan::BufferSlicer::take
std::span< const uint8_t > take(const size_t count)
Definition stl_util.h:99
Botan::CPUID::check
static std::optional< std::string > check(CPUID::Feature feat)
Definition cpuid.h:67
Botan::CPUID::has
static bool has(CPUID::Feature feat)
Definition cpuid.h:94
Botan::SHA_224::compress_n
static void compress_n(digest_type &digest, std::span< const uint8_t > input, size_t blocks)
Definition sha2_32.cpp:180
Botan::SHA_224::provider
std::string provider() const override
Definition sha2_32.cpp:176
Botan::SHA_224::init
static void init(digest_type &digest)
Definition sha2_32.cpp:184
Botan::SHA_224::digest_type
secure_vector< uint32_t > digest_type
Definition sha2_32.h:21
Botan::SHA_224::new_object
std::unique_ptr< HashFunction > new_object() const override
Definition sha2_32.cpp:188
Botan::SHA_224::copy_state
std::unique_ptr< HashFunction > copy_state() const override
Definition sha2_32.cpp:192
Botan::SHA_256::compress_digest_x86
static void compress_digest_x86(digest_type &digest, std::span< const uint8_t > input, size_t blocks)
Definition sha2_32_x86.cpp:47
Botan::SHA_256::digest_type
secure_vector< uint32_t > digest_type
Definition sha2_32.h:61
Botan::SHA_256::compress_digest_armv8
static void compress_digest_armv8(digest_type &digest, std::span< const uint8_t > input, size_t blocks)
Definition sha2_32_armv8.cpp:23
Botan::SHA_256::compress_n
static void compress_n(digest_type &digest, std::span< const uint8_t > input, size_t blocks)
Definition sha2_32.cpp:208
Botan::SHA_256::new_object
std::unique_ptr< HashFunction > new_object() const override
Definition sha2_32.cpp:216
Botan::SHA_256::copy_state
std::unique_ptr< HashFunction > copy_state() const override
Definition sha2_32.cpp:220
Botan::SHA_256::provider
std::string provider() const override
Definition sha2_32.cpp:204
Botan::SHA_256::init
static void init(digest_type &digest)
Definition sha2_32.cpp:212
Botan::SHA_256::block_bytes
static constexpr size_t block_bytes
Definition sha2_32.h:65
Botan::SHA_256::compress_digest
static void compress_digest(digest_type &digest, std::span< const uint8_t > input, size_t blocks)
Definition sha2_32.cpp:58
Botan::SHA2_32_F
BOTAN_FORCE_INLINE void SHA2_32_F(uint32_t A, uint32_t B, uint32_t C, uint32_t &D, uint32_t E, uint32_t F, uint32_t G, uint32_t &H, uint32_t &M1, uint32_t M2, uint32_t M3, uint32_t M4, uint32_t magic)
Definition sha2_32_f.h:19
Botan::load_be
constexpr auto load_be(ParamTs &&... params)
Definition loadstor.h:504
Generated by doxygen 1.13.2