Botan 3.9.0
Crypto and TLS for C&
sha2_32.cpp
Go to the documentation of this file.
1/*
2* SHA-{224,256}
3* (C) 1999-2010,2017 Jack Lloyd
4* 2007 FlexSecure GmbH
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#include <botan/internal/sha2_32.h>
10
11#include <botan/internal/bit_ops.h>
12#include <botan/internal/loadstor.h>
13#include <botan/internal/rotate.h>
14#include <botan/internal/sha2_32_f.h>
15#include <botan/internal/stack_scrubbing.h>
16#include <botan/internal/stl_util.h>
17
18#if defined(BOTAN_HAS_CPUID)
19 #include <botan/internal/cpuid.h>
20#endif
21
22namespace Botan {
23
24namespace {
25
26std::string sha256_provider() {
27#if defined(BOTAN_HAS_SHA2_32_ARMV8)
28 if(auto feat = CPUID::check(CPUID::Feature::SHA2)) {
29 return *feat;
30 }
31#endif
32
33#if defined(BOTAN_HAS_SHA2_32_X86)
34 if(auto feat = CPUID::check(CPUID::Feature::SHA)) {
35 return *feat;
36 }
37#endif
38
39#if defined(BOTAN_HAS_SHA2_32_X86_AVX2)
40 if(auto feat = CPUID::check(CPUID::Feature::AVX2, CPUID::Feature::BMI)) {
41 return *feat;
42 }
43#endif
44
45#if defined(BOTAN_HAS_SHA2_32_SIMD)
46 if(auto feat = CPUID::check(CPUID::Feature::SIMD_4X32)) {
47 return *feat;
48 }
49#endif
50
51 return "base";
52}
53
54} // namespace
55
56/*
57* SHA-224 / SHA-256 compression function
58*/
59void BOTAN_SCRUB_STACK_AFTER_RETURN SHA_256::compress_digest(digest_type& digest,
60 std::span<const uint8_t> input,
61 size_t blocks) {
62#if defined(BOTAN_HAS_SHA2_32_X86)
63 if(CPUID::has(CPUID::Feature::SHA)) {
64 return SHA_256::compress_digest_x86(digest, input, blocks);
65 }
66#endif
67
68#if defined(BOTAN_HAS_SHA2_32_ARMV8)
69 if(CPUID::has(CPUID::Feature::SHA2)) {
70 return SHA_256::compress_digest_armv8(digest, input, blocks);
71 }
72#endif
73
74#if defined(BOTAN_HAS_SHA2_32_X86_AVX2)
75 if(CPUID::has(CPUID::Feature::AVX2, CPUID::Feature::BMI)) {
76 return SHA_256::compress_digest_x86_avx2(digest, input, blocks);
77 }
78#endif
79
80#if defined(BOTAN_HAS_SHA2_32_SIMD)
81 if(CPUID::has(CPUID::Feature::SIMD_4X32)) {
82 return SHA_256::compress_digest_x86_simd(digest, input, blocks);
83 }
84#endif
85
86 uint32_t A = digest[0];
87 uint32_t B = digest[1];
88 uint32_t C = digest[2];
89 uint32_t D = digest[3];
90 uint32_t E = digest[4];
91 uint32_t F = digest[5];
92 uint32_t G = digest[6];
93 uint32_t H = digest[7];
94
95 std::array<uint32_t, 16> W{};
96
97 BufferSlicer in(input);
98
99 for(size_t i = 0; i != blocks; ++i) {
100 load_be(W, in.take<block_bytes>());
101
102 // clang-format off
103
104 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x428A2F98);
105 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x71374491);
106 SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0xB5C0FBCF);
107 SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0xE9B5DBA5);
108 SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x3956C25B);
109 SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x59F111F1);
110 SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x923F82A4);
111 SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0xAB1C5ED5);
112 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0xD807AA98);
113 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0x12835B01);
114 SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0x243185BE);
115 SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0x550C7DC3);
116 SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0x72BE5D74);
117 SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0x80DEB1FE);
118 SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0x9BDC06A7);
119 SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0xC19BF174);
120
121 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0xE49B69C1);
122 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0xEFBE4786);
123 SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x0FC19DC6);
124 SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x240CA1CC);
125 SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x2DE92C6F);
126 SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x4A7484AA);
127 SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x5CB0A9DC);
128 SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x76F988DA);
129 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0x983E5152);
130 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0xA831C66D);
131 SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0xB00327C8);
132 SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0xBF597FC7);
133 SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0xC6E00BF3);
134 SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xD5A79147);
135 SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0x06CA6351);
136 SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0x14292967);
137
138 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x27B70A85);
139 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x2E1B2138);
140 SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x4D2C6DFC);
141 SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x53380D13);
142 SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x650A7354);
143 SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x766A0ABB);
144 SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x81C2C92E);
145 SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x92722C85);
146 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0xA2BFE8A1);
147 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0xA81A664B);
148 SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0xC24B8B70);
149 SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0xC76C51A3);
150 SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0xD192E819);
151 SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xD6990624);
152 SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0xF40E3585);
153 SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0x106AA070);
154
155 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x19A4C116);
156 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x1E376C08);
157 SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x2748774C);
158 SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x34B0BCB5);
159 SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x391C0CB3);
160 SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x4ED8AA4A);
161 SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x5B9CCA4F);
162 SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x682E6FF3);
163 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0x748F82EE);
164 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0x78A5636F);
165 SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0x84C87814);
166 SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0x8CC70208);
167 SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0x90BEFFFA);
168 SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xA4506CEB);
169 SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0xBEF9A3F7);
170 SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0xC67178F2);
171
172 // clang-format on
173
174 A = (digest[0] += A);
175 B = (digest[1] += B);
176 C = (digest[2] += C);
177 D = (digest[3] += D);
178 E = (digest[4] += E);
179 F = (digest[5] += F);
180 G = (digest[6] += G);
181 H = (digest[7] += H);
182 }
183}
184
185std::string SHA_224::provider() const {
186 return sha256_provider();
187}
188
189void SHA_224::compress_n(digest_type& digest, std::span<const uint8_t> input, size_t blocks) {
190 SHA_256::compress_digest(digest, input, blocks);
191}
192
193void SHA_224::init(digest_type& digest) {
194 digest.assign({0xC1059ED8, 0x367CD507, 0x3070DD17, 0xF70E5939, 0xFFC00B31, 0x68581511, 0x64F98FA7, 0xBEFA4FA4});
195}
196
197std::unique_ptr<HashFunction> SHA_224::new_object() const {
198 return std::make_unique<SHA_224>();
199}
200
201std::unique_ptr<HashFunction> SHA_224::copy_state() const {
202 return std::make_unique<SHA_224>(*this);
203}
204
205void SHA_224::add_data(std::span<const uint8_t> input) {
206 m_md.update(input);
207}
208
209void SHA_224::final_result(std::span<uint8_t> output) {
210 m_md.final(output);
211}
212
213std::string SHA_256::provider() const {
214 return sha256_provider();
215}
216
217void SHA_256::compress_n(digest_type& digest, std::span<const uint8_t> input, size_t blocks) {
218 SHA_256::compress_digest(digest, input, blocks);
219}
220
221void SHA_256::init(digest_type& digest) {
222 digest.assign({0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19});
223}
224
225std::unique_ptr<HashFunction> SHA_256::new_object() const {
226 return std::make_unique<SHA_256>();
227}
228
229std::unique_ptr<HashFunction> SHA_256::copy_state() const {
230 return std::make_unique<SHA_256>(*this);
231}
232
233void SHA_256::add_data(std::span<const uint8_t> input) {
234 m_md.update(input);
235}
236
237void SHA_256::final_result(std::span<uint8_t> output) {
238 m_md.final(output);
239}
240
241} // namespace Botan
Botan::BufferSlicer::take
std::span< const uint8_t > take(const size_t count)
Definition stl_util.h:90
Botan::CPUID::check
static std::optional< std::string > check(CPUID::Feature feat)
Definition cpuid.h:67
Botan::CPUID::has
static bool has(CPUID::Feature feat)
Definition cpuid.h:94
Botan::SHA_224::compress_n
static void compress_n(digest_type &digest, std::span< const uint8_t > input, size_t blocks)
Definition sha2_32.cpp:189
Botan::SHA_224::provider
std::string provider() const override
Definition sha2_32.cpp:185
Botan::SHA_224::init
static void init(digest_type &digest)
Definition sha2_32.cpp:193
Botan::SHA_224::digest_type
secure_vector< uint32_t > digest_type
Definition sha2_32.h:21
Botan::SHA_224::new_object
std::unique_ptr< HashFunction > new_object() const override
Definition sha2_32.cpp:197
Botan::SHA_224::copy_state
std::unique_ptr< HashFunction > copy_state() const override
Definition sha2_32.cpp:201
Botan::SHA_256::digest_type
secure_vector< uint32_t > digest_type
Definition sha2_32.h:61
Botan::SHA_256::compress_n
static void compress_n(digest_type &digest, std::span< const uint8_t > input, size_t blocks)
Definition sha2_32.cpp:217
Botan::SHA_256::compress_digest_x86
static void compress_digest_x86(digest_type &digest, std::span< const uint8_t > input, size_t blocks)
Definition sha2_32_x86.cpp:48
Botan::SHA_256::compress_digest_armv8
static void compress_digest_armv8(digest_type &digest, std::span< const uint8_t > input, size_t blocks)
Definition sha2_32_armv8.cpp:24
Botan::SHA_256::compress_digest
static void compress_digest(digest_type &digest, std::span< const uint8_t > input, size_t blocks)
Definition sha2_32.cpp:59
Botan::SHA_256::new_object
std::unique_ptr< HashFunction > new_object() const override
Definition sha2_32.cpp:225
Botan::SHA_256::copy_state
std::unique_ptr< HashFunction > copy_state() const override
Definition sha2_32.cpp:229
Botan::SHA_256::provider
std::string provider() const override
Definition sha2_32.cpp:213
Botan::SHA_256::init
static void init(digest_type &digest)
Definition sha2_32.cpp:221
Botan::SHA_256::block_bytes
static constexpr size_t block_bytes
Definition sha2_32.h:65
Botan::SHA2_32_F
BOTAN_FORCE_INLINE void SHA2_32_F(uint32_t A, uint32_t B, uint32_t C, uint32_t &D, uint32_t E, uint32_t F, uint32_t G, uint32_t &H, uint32_t &M1, uint32_t M2, uint32_t M3, uint32_t M4, uint32_t magic)
Definition sha2_32_f.h:19
Botan::load_be
constexpr auto load_be(ParamTs &&... params)
Definition loadstor.h:504
BOTAN_SCRUB_STACK_AFTER_RETURN
#define BOTAN_SCRUB_STACK_AFTER_RETURN
Definition stack_scrubbing.h:33
Generated by doxygen 1.14.0