Botan  2.17.2
Crypto and TLS for C++11
sha2_32.cpp
Go to the documentation of this file.
1 /*
2 * SHA-{224,256}
3 * (C) 1999-2010,2017 Jack Lloyd
4 * 2007 FlexSecure GmbH
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #include <botan/sha2_32.h>
10 #include <botan/loadstor.h>
11 #include <botan/rotate.h>
12 #include <botan/cpuid.h>
13 
14 namespace Botan {
15 
16 namespace {
17 
18 std::string sha256_provider()
19  {
20 #if defined(BOTAN_HAS_SHA2_32_X86)
21  if(CPUID::has_intel_sha())
22  {
23  return "shani";
24  }
25 #endif
26 
27 #if defined(BOTAN_HAS_SHA2_32_X86_BMI2)
28  if(CPUID::has_bmi2())
29  {
30  return "bmi2";
31  }
32 #endif
33 
34 #if defined(BOTAN_HAS_SHA2_32_ARMV8)
35  if(CPUID::has_arm_sha2())
36  {
37  return "armv8";
38  }
39 #endif
40 
41  return "base";
42  }
43 
44 }
45 
46 std::unique_ptr<HashFunction> SHA_224::copy_state() const
47  {
48  return std::unique_ptr<HashFunction>(new SHA_224(*this));
49  }
50 
51 std::unique_ptr<HashFunction> SHA_256::copy_state() const
52  {
53  return std::unique_ptr<HashFunction>(new SHA_256(*this));
54  }
55 
56 /*
57 * SHA-256 F1 Function
58 *
59 * Use a macro as many compilers won't inline a function this big,
60 * even though it is much faster if inlined.
61 */
62 #define SHA2_32_F(A, B, C, D, E, F, G, H, M1, M2, M3, M4, magic) do { \
63  uint32_t A_rho = rotr<2>(A) ^ rotr<13>(A) ^ rotr<22>(A); \
64  uint32_t E_rho = rotr<6>(E) ^ rotr<11>(E) ^ rotr<25>(E); \
65  uint32_t M2_sigma = rotr<17>(M2) ^ rotr<19>(M2) ^ (M2 >> 10); \
66  uint32_t M4_sigma = rotr<7>(M4) ^ rotr<18>(M4) ^ (M4 >> 3); \
67  H += magic + E_rho + ((E & F) ^ (~E & G)) + M1; \
68  D += H; \
69  H += A_rho + ((A & B) | ((A | B) & C)); \
70  M1 += M2_sigma + M3 + M4_sigma; \
71  } while(0);
72 
73 /*
74 * SHA-224 / SHA-256 compression function
75 */
77  const uint8_t input[], size_t blocks)
78  {
79 #if defined(BOTAN_HAS_SHA2_32_X86)
80  if(CPUID::has_intel_sha())
81  {
82  return SHA_256::compress_digest_x86(digest, input, blocks);
83  }
84 #endif
85 
86 #if defined(BOTAN_HAS_SHA2_32_X86_BMI2)
87  if(CPUID::has_bmi2())
88  {
89  return SHA_256::compress_digest_x86_bmi2(digest, input, blocks);
90  }
91 #endif
92 
93 #if defined(BOTAN_HAS_SHA2_32_ARMV8)
94  if(CPUID::has_arm_sha2())
95  {
96  return SHA_256::compress_digest_armv8(digest, input, blocks);
97  }
98 #endif
99 
100  uint32_t A = digest[0], B = digest[1], C = digest[2],
101  D = digest[3], E = digest[4], F = digest[5],
102  G = digest[6], H = digest[7];
103 
104  for(size_t i = 0; i != blocks; ++i)
105  {
106  uint32_t W00 = load_be<uint32_t>(input, 0);
107  uint32_t W01 = load_be<uint32_t>(input, 1);
108  uint32_t W02 = load_be<uint32_t>(input, 2);
109  uint32_t W03 = load_be<uint32_t>(input, 3);
110  uint32_t W04 = load_be<uint32_t>(input, 4);
111  uint32_t W05 = load_be<uint32_t>(input, 5);
112  uint32_t W06 = load_be<uint32_t>(input, 6);
113  uint32_t W07 = load_be<uint32_t>(input, 7);
114  uint32_t W08 = load_be<uint32_t>(input, 8);
115  uint32_t W09 = load_be<uint32_t>(input, 9);
116  uint32_t W10 = load_be<uint32_t>(input, 10);
117  uint32_t W11 = load_be<uint32_t>(input, 11);
118  uint32_t W12 = load_be<uint32_t>(input, 12);
119  uint32_t W13 = load_be<uint32_t>(input, 13);
120  uint32_t W14 = load_be<uint32_t>(input, 14);
121  uint32_t W15 = load_be<uint32_t>(input, 15);
122 
123  SHA2_32_F(A, B, C, D, E, F, G, H, W00, W14, W09, W01, 0x428A2F98);
124  SHA2_32_F(H, A, B, C, D, E, F, G, W01, W15, W10, W02, 0x71374491);
125  SHA2_32_F(G, H, A, B, C, D, E, F, W02, W00, W11, W03, 0xB5C0FBCF);
126  SHA2_32_F(F, G, H, A, B, C, D, E, W03, W01, W12, W04, 0xE9B5DBA5);
127  SHA2_32_F(E, F, G, H, A, B, C, D, W04, W02, W13, W05, 0x3956C25B);
128  SHA2_32_F(D, E, F, G, H, A, B, C, W05, W03, W14, W06, 0x59F111F1);
129  SHA2_32_F(C, D, E, F, G, H, A, B, W06, W04, W15, W07, 0x923F82A4);
130  SHA2_32_F(B, C, D, E, F, G, H, A, W07, W05, W00, W08, 0xAB1C5ED5);
131  SHA2_32_F(A, B, C, D, E, F, G, H, W08, W06, W01, W09, 0xD807AA98);
132  SHA2_32_F(H, A, B, C, D, E, F, G, W09, W07, W02, W10, 0x12835B01);
133  SHA2_32_F(G, H, A, B, C, D, E, F, W10, W08, W03, W11, 0x243185BE);
134  SHA2_32_F(F, G, H, A, B, C, D, E, W11, W09, W04, W12, 0x550C7DC3);
135  SHA2_32_F(E, F, G, H, A, B, C, D, W12, W10, W05, W13, 0x72BE5D74);
136  SHA2_32_F(D, E, F, G, H, A, B, C, W13, W11, W06, W14, 0x80DEB1FE);
137  SHA2_32_F(C, D, E, F, G, H, A, B, W14, W12, W07, W15, 0x9BDC06A7);
138  SHA2_32_F(B, C, D, E, F, G, H, A, W15, W13, W08, W00, 0xC19BF174);
139 
140  SHA2_32_F(A, B, C, D, E, F, G, H, W00, W14, W09, W01, 0xE49B69C1);
141  SHA2_32_F(H, A, B, C, D, E, F, G, W01, W15, W10, W02, 0xEFBE4786);
142  SHA2_32_F(G, H, A, B, C, D, E, F, W02, W00, W11, W03, 0x0FC19DC6);
143  SHA2_32_F(F, G, H, A, B, C, D, E, W03, W01, W12, W04, 0x240CA1CC);
144  SHA2_32_F(E, F, G, H, A, B, C, D, W04, W02, W13, W05, 0x2DE92C6F);
145  SHA2_32_F(D, E, F, G, H, A, B, C, W05, W03, W14, W06, 0x4A7484AA);
146  SHA2_32_F(C, D, E, F, G, H, A, B, W06, W04, W15, W07, 0x5CB0A9DC);
147  SHA2_32_F(B, C, D, E, F, G, H, A, W07, W05, W00, W08, 0x76F988DA);
148  SHA2_32_F(A, B, C, D, E, F, G, H, W08, W06, W01, W09, 0x983E5152);
149  SHA2_32_F(H, A, B, C, D, E, F, G, W09, W07, W02, W10, 0xA831C66D);
150  SHA2_32_F(G, H, A, B, C, D, E, F, W10, W08, W03, W11, 0xB00327C8);
151  SHA2_32_F(F, G, H, A, B, C, D, E, W11, W09, W04, W12, 0xBF597FC7);
152  SHA2_32_F(E, F, G, H, A, B, C, D, W12, W10, W05, W13, 0xC6E00BF3);
153  SHA2_32_F(D, E, F, G, H, A, B, C, W13, W11, W06, W14, 0xD5A79147);
154  SHA2_32_F(C, D, E, F, G, H, A, B, W14, W12, W07, W15, 0x06CA6351);
155  SHA2_32_F(B, C, D, E, F, G, H, A, W15, W13, W08, W00, 0x14292967);
156 
157  SHA2_32_F(A, B, C, D, E, F, G, H, W00, W14, W09, W01, 0x27B70A85);
158  SHA2_32_F(H, A, B, C, D, E, F, G, W01, W15, W10, W02, 0x2E1B2138);
159  SHA2_32_F(G, H, A, B, C, D, E, F, W02, W00, W11, W03, 0x4D2C6DFC);
160  SHA2_32_F(F, G, H, A, B, C, D, E, W03, W01, W12, W04, 0x53380D13);
161  SHA2_32_F(E, F, G, H, A, B, C, D, W04, W02, W13, W05, 0x650A7354);
162  SHA2_32_F(D, E, F, G, H, A, B, C, W05, W03, W14, W06, 0x766A0ABB);
163  SHA2_32_F(C, D, E, F, G, H, A, B, W06, W04, W15, W07, 0x81C2C92E);
164  SHA2_32_F(B, C, D, E, F, G, H, A, W07, W05, W00, W08, 0x92722C85);
165  SHA2_32_F(A, B, C, D, E, F, G, H, W08, W06, W01, W09, 0xA2BFE8A1);
166  SHA2_32_F(H, A, B, C, D, E, F, G, W09, W07, W02, W10, 0xA81A664B);
167  SHA2_32_F(G, H, A, B, C, D, E, F, W10, W08, W03, W11, 0xC24B8B70);
168  SHA2_32_F(F, G, H, A, B, C, D, E, W11, W09, W04, W12, 0xC76C51A3);
169  SHA2_32_F(E, F, G, H, A, B, C, D, W12, W10, W05, W13, 0xD192E819);
170  SHA2_32_F(D, E, F, G, H, A, B, C, W13, W11, W06, W14, 0xD6990624);
171  SHA2_32_F(C, D, E, F, G, H, A, B, W14, W12, W07, W15, 0xF40E3585);
172  SHA2_32_F(B, C, D, E, F, G, H, A, W15, W13, W08, W00, 0x106AA070);
173 
174  SHA2_32_F(A, B, C, D, E, F, G, H, W00, W14, W09, W01, 0x19A4C116);
175  SHA2_32_F(H, A, B, C, D, E, F, G, W01, W15, W10, W02, 0x1E376C08);
176  SHA2_32_F(G, H, A, B, C, D, E, F, W02, W00, W11, W03, 0x2748774C);
177  SHA2_32_F(F, G, H, A, B, C, D, E, W03, W01, W12, W04, 0x34B0BCB5);
178  SHA2_32_F(E, F, G, H, A, B, C, D, W04, W02, W13, W05, 0x391C0CB3);
179  SHA2_32_F(D, E, F, G, H, A, B, C, W05, W03, W14, W06, 0x4ED8AA4A);
180  SHA2_32_F(C, D, E, F, G, H, A, B, W06, W04, W15, W07, 0x5B9CCA4F);
181  SHA2_32_F(B, C, D, E, F, G, H, A, W07, W05, W00, W08, 0x682E6FF3);
182  SHA2_32_F(A, B, C, D, E, F, G, H, W08, W06, W01, W09, 0x748F82EE);
183  SHA2_32_F(H, A, B, C, D, E, F, G, W09, W07, W02, W10, 0x78A5636F);
184  SHA2_32_F(G, H, A, B, C, D, E, F, W10, W08, W03, W11, 0x84C87814);
185  SHA2_32_F(F, G, H, A, B, C, D, E, W11, W09, W04, W12, 0x8CC70208);
186  SHA2_32_F(E, F, G, H, A, B, C, D, W12, W10, W05, W13, 0x90BEFFFA);
187  SHA2_32_F(D, E, F, G, H, A, B, C, W13, W11, W06, W14, 0xA4506CEB);
188  SHA2_32_F(C, D, E, F, G, H, A, B, W14, W12, W07, W15, 0xBEF9A3F7);
189  SHA2_32_F(B, C, D, E, F, G, H, A, W15, W13, W08, W00, 0xC67178F2);
190 
191  A = (digest[0] += A);
192  B = (digest[1] += B);
193  C = (digest[2] += C);
194  D = (digest[3] += D);
195  E = (digest[4] += E);
196  F = (digest[5] += F);
197  G = (digest[6] += G);
198  H = (digest[7] += H);
199 
200  input += 64;
201  }
202  }
203 
204 std::string SHA_224::provider() const
205  {
206  return sha256_provider();
207  }
208 
209 std::string SHA_256::provider() const
210  {
211  return sha256_provider();
212  }
213 
214 /*
215 * SHA-224 compression function
216 */
217 void SHA_224::compress_n(const uint8_t input[], size_t blocks)
218  {
219  SHA_256::compress_digest(m_digest, input, blocks);
220  }
221 
222 /*
223 * Copy out the digest
224 */
225 void SHA_224::copy_out(uint8_t output[])
226  {
227  copy_out_vec_be(output, output_length(), m_digest);
228  }
229 
230 /*
231 * Clear memory of sensitive data
232 */
234  {
236  m_digest[0] = 0xC1059ED8;
237  m_digest[1] = 0x367CD507;
238  m_digest[2] = 0x3070DD17;
239  m_digest[3] = 0xF70E5939;
240  m_digest[4] = 0xFFC00B31;
241  m_digest[5] = 0x68581511;
242  m_digest[6] = 0x64F98FA7;
243  m_digest[7] = 0xBEFA4FA4;
244  }
245 
246 /*
247 * SHA-256 compression function
248 */
249 void SHA_256::compress_n(const uint8_t input[], size_t blocks)
250  {
251  SHA_256::compress_digest(m_digest, input, blocks);
252  }
253 
254 /*
255 * Copy out the digest
256 */
257 void SHA_256::copy_out(uint8_t output[])
258  {
259  copy_out_vec_be(output, output_length(), m_digest);
260  }
261 
262 /*
263 * Clear memory of sensitive data
264 */
266  {
268  m_digest[0] = 0x6A09E667;
269  m_digest[1] = 0xBB67AE85;
270  m_digest[2] = 0x3C6EF372;
271  m_digest[3] = 0xA54FF53A;
272  m_digest[4] = 0x510E527F;
273  m_digest[5] = 0x9B05688C;
274  m_digest[6] = 0x1F83D9AB;
275  m_digest[7] = 0x5BE0CD19;
276  }
277 
278 }
std::string provider() const override
Definition: sha2_32.cpp:209
void copy_out_vec_be(uint8_t out[], size_t out_bytes, const std::vector< T, Alloc > &in)
Definition: loadstor.h:673
std::unique_ptr< HashFunction > copy_state() const override
Definition: sha2_32.cpp:46
void clear() override
Definition: mdx_hash.cpp:41
uint32_t load_be< uint32_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:179
void clear() override
Definition: sha2_32.cpp:265
size_t output_length() const override
Definition: sha2_32.h:25
Definition: alg_id.cpp:13
std::unique_ptr< HashFunction > copy_state() const override
Definition: sha2_32.cpp:51
std::string provider() const override
Definition: sha2_32.cpp:204
static void compress_digest(secure_vector< uint32_t > &digest, const uint8_t input[], size_t blocks)
Definition: sha2_32.cpp:76
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65
size_t output_length() const override
Definition: sha2_32.h:49
#define SHA2_32_F(A, B, C, D, E, F, G, H, M1, M2, M3, M4, magic)
Definition: sha2_32.cpp:62
void clear() override
Definition: sha2_32.cpp:233