Botan 3.6.1
Crypto and TLS for C&
sha2_32.cpp
Go to the documentation of this file.
1/*
2* SHA-{224,256}
3* (C) 1999-2010,2017 Jack Lloyd
4* 2007 FlexSecure GmbH
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#include <botan/internal/sha2_32.h>
10
11#include <botan/internal/bit_ops.h>
12#include <botan/internal/cpuid.h>
13#include <botan/internal/loadstor.h>
14#include <botan/internal/rotate.h>
15#include <botan/internal/sha2_32_f.h>
16#include <botan/internal/stl_util.h>
17
18namespace Botan {
19
20namespace {
21
22std::string sha256_provider() {
23#if defined(BOTAN_HAS_SHA2_32_X86)
24 if(CPUID::has_intel_sha()) {
25 return "shani";
26 }
27#endif
28
29#if defined(BOTAN_HAS_SHA2_32_X86_BMI2)
30 if(CPUID::has_bmi2()) {
31 return "bmi2";
32 }
33#endif
34
35#if defined(BOTAN_HAS_SHA2_32_ARMV8)
36 if(CPUID::has_arm_sha2()) {
37 return "armv8";
38 }
39#endif
40
41 return "base";
42}
43
44} // namespace
45
46/*
47* SHA-224 / SHA-256 compression function
48*/
49void SHA_256::compress_digest(digest_type& digest, std::span<const uint8_t> input, size_t blocks) {
50#if defined(BOTAN_HAS_SHA2_32_X86)
51 if(CPUID::has_intel_sha()) {
52 return SHA_256::compress_digest_x86(digest, input, blocks);
53 }
54#endif
55
56#if defined(BOTAN_HAS_SHA2_32_X86_BMI2)
57 if(CPUID::has_bmi2()) {
58 return SHA_256::compress_digest_x86_bmi2(digest, input, blocks);
59 }
60#endif
61
62#if defined(BOTAN_HAS_SHA2_32_ARMV8)
63 if(CPUID::has_arm_sha2()) {
64 return SHA_256::compress_digest_armv8(digest, input, blocks);
65 }
66#endif
67
68 uint32_t A = digest[0], B = digest[1], C = digest[2], D = digest[3], E = digest[4], F = digest[5], G = digest[6],
69 H = digest[7];
70
71 std::array<uint32_t, 16> W;
72
73 BufferSlicer in(input);
74
75 for(size_t i = 0; i != blocks; ++i) {
76 load_be(W, in.take<block_bytes>());
77
78 // clang-format off
79
80 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x428A2F98);
81 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x71374491);
82 SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0xB5C0FBCF);
83 SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0xE9B5DBA5);
84 SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x3956C25B);
85 SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x59F111F1);
86 SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x923F82A4);
87 SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0xAB1C5ED5);
88 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0xD807AA98);
89 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0x12835B01);
90 SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0x243185BE);
91 SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0x550C7DC3);
92 SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0x72BE5D74);
93 SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0x80DEB1FE);
94 SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0x9BDC06A7);
95 SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0xC19BF174);
96
97 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0xE49B69C1);
98 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0xEFBE4786);
99 SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x0FC19DC6);
100 SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x240CA1CC);
101 SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x2DE92C6F);
102 SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x4A7484AA);
103 SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x5CB0A9DC);
104 SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x76F988DA);
105 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0x983E5152);
106 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0xA831C66D);
107 SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0xB00327C8);
108 SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0xBF597FC7);
109 SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0xC6E00BF3);
110 SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xD5A79147);
111 SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0x06CA6351);
112 SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0x14292967);
113
114 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x27B70A85);
115 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x2E1B2138);
116 SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x4D2C6DFC);
117 SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x53380D13);
118 SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x650A7354);
119 SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x766A0ABB);
120 SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x81C2C92E);
121 SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x92722C85);
122 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0xA2BFE8A1);
123 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0xA81A664B);
124 SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0xC24B8B70);
125 SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0xC76C51A3);
126 SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0xD192E819);
127 SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xD6990624);
128 SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0xF40E3585);
129 SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0x106AA070);
130
131 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x19A4C116);
132 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x1E376C08);
133 SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x2748774C);
134 SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x34B0BCB5);
135 SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x391C0CB3);
136 SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x4ED8AA4A);
137 SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x5B9CCA4F);
138 SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x682E6FF3);
139 SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0x748F82EE);
140 SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0x78A5636F);
141 SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0x84C87814);
142 SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0x8CC70208);
143 SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0x90BEFFFA);
144 SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xA4506CEB);
145 SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0xBEF9A3F7);
146 SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0xC67178F2);
147
148 // clang-format on
149
150 A = (digest[0] += A);
151 B = (digest[1] += B);
152 C = (digest[2] += C);
153 D = (digest[3] += D);
154 E = (digest[4] += E);
155 F = (digest[5] += F);
156 G = (digest[6] += G);
157 H = (digest[7] += H);
158 }
159}
160
161std::string SHA_224::provider() const {
162 return sha256_provider();
163}
164
165void SHA_224::compress_n(digest_type& digest, std::span<const uint8_t> input, size_t blocks) {
166 SHA_256::compress_digest(digest, input, blocks);
167}
168
169void SHA_224::init(digest_type& digest) {
170 digest.assign({0xC1059ED8, 0x367CD507, 0x3070DD17, 0xF70E5939, 0xFFC00B31, 0x68581511, 0x64F98FA7, 0xBEFA4FA4});
171}
172
173std::unique_ptr<HashFunction> SHA_224::new_object() const {
174 return std::make_unique<SHA_224>();
175}
176
177std::unique_ptr<HashFunction> SHA_224::copy_state() const {
178 return std::make_unique<SHA_224>(*this);
179}
180
181void SHA_224::add_data(std::span<const uint8_t> input) {
182 m_md.update(input);
183}
184
185void SHA_224::final_result(std::span<uint8_t> output) {
186 m_md.final(output);
187}
188
189std::string SHA_256::provider() const {
190 return sha256_provider();
191}
192
193void SHA_256::compress_n(digest_type& digest, std::span<const uint8_t> input, size_t blocks) {
194 SHA_256::compress_digest(digest, input, blocks);
195}
196
197void SHA_256::init(digest_type& digest) {
198 digest.assign({0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19});
199}
200
201std::unique_ptr<HashFunction> SHA_256::new_object() const {
202 return std::make_unique<SHA_256>();
203}
204
205std::unique_ptr<HashFunction> SHA_256::copy_state() const {
206 return std::make_unique<SHA_256>(*this);
207}
208
209void SHA_256::add_data(std::span<const uint8_t> input) {
210 m_md.update(input);
211}
212
213void SHA_256::final_result(std::span<uint8_t> output) {
214 m_md.final(output);
215}
216
217} // namespace Botan
Botan::BufferSlicer::take
std::span< const uint8_t > take(const size_t count)
Definition stl_util.h:98
Botan::SHA_224::compress_n
static void compress_n(digest_type &digest, std::span< const uint8_t > input, size_t blocks)
Definition sha2_32.cpp:165
Botan::SHA_224::provider
std::string provider() const override
Definition sha2_32.cpp:161
Botan::SHA_224::init
static void init(digest_type &digest)
Definition sha2_32.cpp:169
Botan::SHA_224::digest_type
secure_vector< uint32_t > digest_type
Definition sha2_32.h:21
Botan::SHA_224::new_object
std::unique_ptr< HashFunction > new_object() const override
Definition sha2_32.cpp:173
Botan::SHA_224::copy_state
std::unique_ptr< HashFunction > copy_state() const override
Definition sha2_32.cpp:177
Botan::SHA_256::compress_digest_x86
static void compress_digest_x86(digest_type &digest, std::span< const uint8_t > input, size_t blocks)
Definition sha2_32_x86.cpp:16
Botan::SHA_256::digest_type
secure_vector< uint32_t > digest_type
Definition sha2_32.h:61
Botan::SHA_256::compress_digest_armv8
static void compress_digest_armv8(digest_type &digest, std::span< const uint8_t > input, size_t blocks)
Definition sha2_32_armv8.cpp:22
Botan::SHA_256::compress_n
static void compress_n(digest_type &digest, std::span< const uint8_t > input, size_t blocks)
Definition sha2_32.cpp:193
Botan::SHA_256::new_object
std::unique_ptr< HashFunction > new_object() const override
Definition sha2_32.cpp:201
Botan::SHA_256::copy_state
std::unique_ptr< HashFunction > copy_state() const override
Definition sha2_32.cpp:205
Botan::SHA_256::provider
std::string provider() const override
Definition sha2_32.cpp:189
Botan::SHA_256::compress_digest_x86_bmi2
static void compress_digest_x86_bmi2(digest_type &digest, std::span< const uint8_t > input, size_t blocks)
Definition sha2_32_bmi2.cpp:24
Botan::SHA_256::init
static void init(digest_type &digest)
Definition sha2_32.cpp:197
Botan::SHA_256::block_bytes
static constexpr size_t block_bytes
Definition sha2_32.h:65
Botan::SHA_256::compress_digest
static void compress_digest(digest_type &digest, std::span< const uint8_t > input, size_t blocks)
Definition sha2_32.cpp:49
Botan::SHA2_32_F
BOTAN_FORCE_INLINE void SHA2_32_F(uint32_t A, uint32_t B, uint32_t C, uint32_t &D, uint32_t E, uint32_t F, uint32_t G, uint32_t &H, uint32_t &M1, uint32_t M2, uint32_t M3, uint32_t M4, uint32_t magic)
Definition sha2_32_f.h:19
Botan::load_be
constexpr auto load_be(ParamTs &&... params)
Definition loadstor.h:530
Generated by doxygen 1.12.0