Botan 2.19.3
Crypto and TLS for C&
sha2_64.cpp
Go to the documentation of this file.
1/*
2* SHA-{384,512}
3* (C) 1999-2011,2015 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/sha2_64.h>
9#include <botan/loadstor.h>
10#include <botan/rotate.h>
11#include <botan/cpuid.h>
12
13namespace Botan {
14
15namespace {
16
17std::string sha512_provider()
18 {
19#if defined(BOTAN_HAS_SHA2_64_BMI2)
20 if(CPUID::has_bmi2())
21 {
22 return "bmi2";
23 }
24#endif
25
26 return "base";
27 }
28
29}
30
31std::unique_ptr<HashFunction> SHA_384::copy_state() const
32 {
33 return std::unique_ptr<HashFunction>(new SHA_384(*this));
34 }
35
36std::unique_ptr<HashFunction> SHA_512::copy_state() const
37 {
38 return std::unique_ptr<HashFunction>(new SHA_512(*this));
39 }
40
41std::unique_ptr<HashFunction> SHA_512_256::copy_state() const
42 {
43 return std::unique_ptr<HashFunction>(new SHA_512_256(*this));
44 }
45
46/*
47* SHA-512 F1 Function
48*
49* Use a macro as many compilers won't inline a function this big,
50* even though it is much faster if inlined.
51*/
52#define SHA2_64_F(A, B, C, D, E, F, G, H, M1, M2, M3, M4, magic) \
53 do { \
54 const uint64_t E_rho = rotr<14>(E) ^ rotr<18>(E) ^ rotr<41>(E); \
55 const uint64_t A_rho = rotr<28>(A) ^ rotr<34>(A) ^ rotr<39>(A); \
56 const uint64_t M2_sigma = rotr<19>(M2) ^ rotr<61>(M2) ^ (M2 >> 6); \
57 const uint64_t M4_sigma = rotr<1>(M4) ^ rotr<8>(M4) ^ (M4 >> 7); \
58 H += magic + E_rho + ((E & F) ^ (~E & G)) + M1; \
59 D += H; \
60 H += A_rho + ((A & B) | ((A | B) & C)); \
61 M1 += M2_sigma + M3 + M4_sigma; \
62 } while(0);
63
64/*
65* SHA-{384,512} Compression Function
66*/
67//static
69 const uint8_t input[], size_t blocks)
70 {
71#if defined(BOTAN_HAS_SHA2_64_BMI2)
72 if(CPUID::has_bmi2())
73 {
74 return compress_digest_bmi2(digest, input, blocks);
75 }
76#endif
77
78 uint64_t A = digest[0], B = digest[1], C = digest[2],
79 D = digest[3], E = digest[4], F = digest[5],
80 G = digest[6], H = digest[7];
81
82 for(size_t i = 0; i != blocks; ++i)
83 {
84 uint64_t W00 = load_be<uint64_t>(input, 0);
85 uint64_t W01 = load_be<uint64_t>(input, 1);
86 uint64_t W02 = load_be<uint64_t>(input, 2);
87 uint64_t W03 = load_be<uint64_t>(input, 3);
88 uint64_t W04 = load_be<uint64_t>(input, 4);
89 uint64_t W05 = load_be<uint64_t>(input, 5);
90 uint64_t W06 = load_be<uint64_t>(input, 6);
91 uint64_t W07 = load_be<uint64_t>(input, 7);
92 uint64_t W08 = load_be<uint64_t>(input, 8);
93 uint64_t W09 = load_be<uint64_t>(input, 9);
94 uint64_t W10 = load_be<uint64_t>(input, 10);
95 uint64_t W11 = load_be<uint64_t>(input, 11);
96 uint64_t W12 = load_be<uint64_t>(input, 12);
97 uint64_t W13 = load_be<uint64_t>(input, 13);
98 uint64_t W14 = load_be<uint64_t>(input, 14);
99 uint64_t W15 = load_be<uint64_t>(input, 15);
100
101 SHA2_64_F(A, B, C, D, E, F, G, H, W00, W14, W09, W01, 0x428A2F98D728AE22);
102 SHA2_64_F(H, A, B, C, D, E, F, G, W01, W15, W10, W02, 0x7137449123EF65CD);
103 SHA2_64_F(G, H, A, B, C, D, E, F, W02, W00, W11, W03, 0xB5C0FBCFEC4D3B2F);
104 SHA2_64_F(F, G, H, A, B, C, D, E, W03, W01, W12, W04, 0xE9B5DBA58189DBBC);
105 SHA2_64_F(E, F, G, H, A, B, C, D, W04, W02, W13, W05, 0x3956C25BF348B538);
106 SHA2_64_F(D, E, F, G, H, A, B, C, W05, W03, W14, W06, 0x59F111F1B605D019);
107 SHA2_64_F(C, D, E, F, G, H, A, B, W06, W04, W15, W07, 0x923F82A4AF194F9B);
108 SHA2_64_F(B, C, D, E, F, G, H, A, W07, W05, W00, W08, 0xAB1C5ED5DA6D8118);
109 SHA2_64_F(A, B, C, D, E, F, G, H, W08, W06, W01, W09, 0xD807AA98A3030242);
110 SHA2_64_F(H, A, B, C, D, E, F, G, W09, W07, W02, W10, 0x12835B0145706FBE);
111 SHA2_64_F(G, H, A, B, C, D, E, F, W10, W08, W03, W11, 0x243185BE4EE4B28C);
112 SHA2_64_F(F, G, H, A, B, C, D, E, W11, W09, W04, W12, 0x550C7DC3D5FFB4E2);
113 SHA2_64_F(E, F, G, H, A, B, C, D, W12, W10, W05, W13, 0x72BE5D74F27B896F);
114 SHA2_64_F(D, E, F, G, H, A, B, C, W13, W11, W06, W14, 0x80DEB1FE3B1696B1);
115 SHA2_64_F(C, D, E, F, G, H, A, B, W14, W12, W07, W15, 0x9BDC06A725C71235);
116 SHA2_64_F(B, C, D, E, F, G, H, A, W15, W13, W08, W00, 0xC19BF174CF692694);
117 SHA2_64_F(A, B, C, D, E, F, G, H, W00, W14, W09, W01, 0xE49B69C19EF14AD2);
118 SHA2_64_F(H, A, B, C, D, E, F, G, W01, W15, W10, W02, 0xEFBE4786384F25E3);
119 SHA2_64_F(G, H, A, B, C, D, E, F, W02, W00, W11, W03, 0x0FC19DC68B8CD5B5);
120 SHA2_64_F(F, G, H, A, B, C, D, E, W03, W01, W12, W04, 0x240CA1CC77AC9C65);
121 SHA2_64_F(E, F, G, H, A, B, C, D, W04, W02, W13, W05, 0x2DE92C6F592B0275);
122 SHA2_64_F(D, E, F, G, H, A, B, C, W05, W03, W14, W06, 0x4A7484AA6EA6E483);
123 SHA2_64_F(C, D, E, F, G, H, A, B, W06, W04, W15, W07, 0x5CB0A9DCBD41FBD4);
124 SHA2_64_F(B, C, D, E, F, G, H, A, W07, W05, W00, W08, 0x76F988DA831153B5);
125 SHA2_64_F(A, B, C, D, E, F, G, H, W08, W06, W01, W09, 0x983E5152EE66DFAB);
126 SHA2_64_F(H, A, B, C, D, E, F, G, W09, W07, W02, W10, 0xA831C66D2DB43210);
127 SHA2_64_F(G, H, A, B, C, D, E, F, W10, W08, W03, W11, 0xB00327C898FB213F);
128 SHA2_64_F(F, G, H, A, B, C, D, E, W11, W09, W04, W12, 0xBF597FC7BEEF0EE4);
129 SHA2_64_F(E, F, G, H, A, B, C, D, W12, W10, W05, W13, 0xC6E00BF33DA88FC2);
130 SHA2_64_F(D, E, F, G, H, A, B, C, W13, W11, W06, W14, 0xD5A79147930AA725);
131 SHA2_64_F(C, D, E, F, G, H, A, B, W14, W12, W07, W15, 0x06CA6351E003826F);
132 SHA2_64_F(B, C, D, E, F, G, H, A, W15, W13, W08, W00, 0x142929670A0E6E70);
133 SHA2_64_F(A, B, C, D, E, F, G, H, W00, W14, W09, W01, 0x27B70A8546D22FFC);
134 SHA2_64_F(H, A, B, C, D, E, F, G, W01, W15, W10, W02, 0x2E1B21385C26C926);
135 SHA2_64_F(G, H, A, B, C, D, E, F, W02, W00, W11, W03, 0x4D2C6DFC5AC42AED);
136 SHA2_64_F(F, G, H, A, B, C, D, E, W03, W01, W12, W04, 0x53380D139D95B3DF);
137 SHA2_64_F(E, F, G, H, A, B, C, D, W04, W02, W13, W05, 0x650A73548BAF63DE);
138 SHA2_64_F(D, E, F, G, H, A, B, C, W05, W03, W14, W06, 0x766A0ABB3C77B2A8);
139 SHA2_64_F(C, D, E, F, G, H, A, B, W06, W04, W15, W07, 0x81C2C92E47EDAEE6);
140 SHA2_64_F(B, C, D, E, F, G, H, A, W07, W05, W00, W08, 0x92722C851482353B);
141 SHA2_64_F(A, B, C, D, E, F, G, H, W08, W06, W01, W09, 0xA2BFE8A14CF10364);
142 SHA2_64_F(H, A, B, C, D, E, F, G, W09, W07, W02, W10, 0xA81A664BBC423001);
143 SHA2_64_F(G, H, A, B, C, D, E, F, W10, W08, W03, W11, 0xC24B8B70D0F89791);
144 SHA2_64_F(F, G, H, A, B, C, D, E, W11, W09, W04, W12, 0xC76C51A30654BE30);
145 SHA2_64_F(E, F, G, H, A, B, C, D, W12, W10, W05, W13, 0xD192E819D6EF5218);
146 SHA2_64_F(D, E, F, G, H, A, B, C, W13, W11, W06, W14, 0xD69906245565A910);
147 SHA2_64_F(C, D, E, F, G, H, A, B, W14, W12, W07, W15, 0xF40E35855771202A);
148 SHA2_64_F(B, C, D, E, F, G, H, A, W15, W13, W08, W00, 0x106AA07032BBD1B8);
149 SHA2_64_F(A, B, C, D, E, F, G, H, W00, W14, W09, W01, 0x19A4C116B8D2D0C8);
150 SHA2_64_F(H, A, B, C, D, E, F, G, W01, W15, W10, W02, 0x1E376C085141AB53);
151 SHA2_64_F(G, H, A, B, C, D, E, F, W02, W00, W11, W03, 0x2748774CDF8EEB99);
152 SHA2_64_F(F, G, H, A, B, C, D, E, W03, W01, W12, W04, 0x34B0BCB5E19B48A8);
153 SHA2_64_F(E, F, G, H, A, B, C, D, W04, W02, W13, W05, 0x391C0CB3C5C95A63);
154 SHA2_64_F(D, E, F, G, H, A, B, C, W05, W03, W14, W06, 0x4ED8AA4AE3418ACB);
155 SHA2_64_F(C, D, E, F, G, H, A, B, W06, W04, W15, W07, 0x5B9CCA4F7763E373);
156 SHA2_64_F(B, C, D, E, F, G, H, A, W07, W05, W00, W08, 0x682E6FF3D6B2B8A3);
157 SHA2_64_F(A, B, C, D, E, F, G, H, W08, W06, W01, W09, 0x748F82EE5DEFB2FC);
158 SHA2_64_F(H, A, B, C, D, E, F, G, W09, W07, W02, W10, 0x78A5636F43172F60);
159 SHA2_64_F(G, H, A, B, C, D, E, F, W10, W08, W03, W11, 0x84C87814A1F0AB72);
160 SHA2_64_F(F, G, H, A, B, C, D, E, W11, W09, W04, W12, 0x8CC702081A6439EC);
161 SHA2_64_F(E, F, G, H, A, B, C, D, W12, W10, W05, W13, 0x90BEFFFA23631E28);
162 SHA2_64_F(D, E, F, G, H, A, B, C, W13, W11, W06, W14, 0xA4506CEBDE82BDE9);
163 SHA2_64_F(C, D, E, F, G, H, A, B, W14, W12, W07, W15, 0xBEF9A3F7B2C67915);
164 SHA2_64_F(B, C, D, E, F, G, H, A, W15, W13, W08, W00, 0xC67178F2E372532B);
165 SHA2_64_F(A, B, C, D, E, F, G, H, W00, W14, W09, W01, 0xCA273ECEEA26619C);
166 SHA2_64_F(H, A, B, C, D, E, F, G, W01, W15, W10, W02, 0xD186B8C721C0C207);
167 SHA2_64_F(G, H, A, B, C, D, E, F, W02, W00, W11, W03, 0xEADA7DD6CDE0EB1E);
168 SHA2_64_F(F, G, H, A, B, C, D, E, W03, W01, W12, W04, 0xF57D4F7FEE6ED178);
169 SHA2_64_F(E, F, G, H, A, B, C, D, W04, W02, W13, W05, 0x06F067AA72176FBA);
170 SHA2_64_F(D, E, F, G, H, A, B, C, W05, W03, W14, W06, 0x0A637DC5A2C898A6);
171 SHA2_64_F(C, D, E, F, G, H, A, B, W06, W04, W15, W07, 0x113F9804BEF90DAE);
172 SHA2_64_F(B, C, D, E, F, G, H, A, W07, W05, W00, W08, 0x1B710B35131C471B);
173 SHA2_64_F(A, B, C, D, E, F, G, H, W08, W06, W01, W09, 0x28DB77F523047D84);
174 SHA2_64_F(H, A, B, C, D, E, F, G, W09, W07, W02, W10, 0x32CAAB7B40C72493);
175 SHA2_64_F(G, H, A, B, C, D, E, F, W10, W08, W03, W11, 0x3C9EBE0A15C9BEBC);
176 SHA2_64_F(F, G, H, A, B, C, D, E, W11, W09, W04, W12, 0x431D67C49C100D4C);
177 SHA2_64_F(E, F, G, H, A, B, C, D, W12, W10, W05, W13, 0x4CC5D4BECB3E42B6);
178 SHA2_64_F(D, E, F, G, H, A, B, C, W13, W11, W06, W14, 0x597F299CFC657E2A);
179 SHA2_64_F(C, D, E, F, G, H, A, B, W14, W12, W07, W15, 0x5FCB6FAB3AD6FAEC);
180 SHA2_64_F(B, C, D, E, F, G, H, A, W15, W13, W08, W00, 0x6C44198C4A475817);
181
182 A = (digest[0] += A);
183 B = (digest[1] += B);
184 C = (digest[2] += C);
185 D = (digest[3] += D);
186 E = (digest[4] += E);
187 F = (digest[5] += F);
188 G = (digest[6] += G);
189 H = (digest[7] += H);
190
191 input += 128;
192 }
193 }
194
195#undef SHA2_64_F
196
197std::string SHA_512_256::provider() const
198 {
199 return sha512_provider();
200 }
201
202std::string SHA_384::provider() const
203 {
204 return sha512_provider();
205 }
206
207std::string SHA_512::provider() const
208 {
209 return sha512_provider();
210 }
211
212void SHA_512_256::compress_n(const uint8_t input[], size_t blocks)
213 {
214 SHA_512::compress_digest(m_digest, input, blocks);
215 }
216
217void SHA_384::compress_n(const uint8_t input[], size_t blocks)
218 {
219 SHA_512::compress_digest(m_digest, input, blocks);
220 }
221
222void SHA_512::compress_n(const uint8_t input[], size_t blocks)
223 {
224 SHA_512::compress_digest(m_digest, input, blocks);
225 }
226
227void SHA_512_256::copy_out(uint8_t output[])
228 {
229 copy_out_vec_be(output, output_length(), m_digest);
230 }
231
232void SHA_384::copy_out(uint8_t output[])
233 {
234 copy_out_vec_be(output, output_length(), m_digest);
235 }
236
237void SHA_512::copy_out(uint8_t output[])
238 {
239 copy_out_vec_be(output, output_length(), m_digest);
240 }
241
243 {
245 m_digest[0] = 0x22312194FC2BF72C;
246 m_digest[1] = 0x9F555FA3C84C64C2;
247 m_digest[2] = 0x2393B86B6F53B151;
248 m_digest[3] = 0x963877195940EABD;
249 m_digest[4] = 0x96283EE2A88EFFE3;
250 m_digest[5] = 0xBE5E1E2553863992;
251 m_digest[6] = 0x2B0199FC2C85B8AA;
252 m_digest[7] = 0x0EB72DDC81C52CA2;
253 }
254
256 {
258 m_digest[0] = 0xCBBB9D5DC1059ED8;
259 m_digest[1] = 0x629A292A367CD507;
260 m_digest[2] = 0x9159015A3070DD17;
261 m_digest[3] = 0x152FECD8F70E5939;
262 m_digest[4] = 0x67332667FFC00B31;
263 m_digest[5] = 0x8EB44A8768581511;
264 m_digest[6] = 0xDB0C2E0D64F98FA7;
265 m_digest[7] = 0x47B5481DBEFA4FA4;
266 }
267
269 {
271 m_digest[0] = 0x6A09E667F3BCC908;
272 m_digest[1] = 0xBB67AE8584CAA73B;
273 m_digest[2] = 0x3C6EF372FE94F82B;
274 m_digest[3] = 0xA54FF53A5F1D36F1;
275 m_digest[4] = 0x510E527FADE682D1;
276 m_digest[5] = 0x9B05688C2B3E6C1F;
277 m_digest[6] = 0x1F83D9ABFB41BD6B;
278 m_digest[7] = 0x5BE0CD19137E2179;
279 }
280
281}
void clear() override
Definition mdx_hash.cpp:41
std::unique_ptr< HashFunction > copy_state() const override
Definition sha2_64.cpp:31
std::string provider() const override
Definition sha2_64.cpp:202
void clear() override
Definition sha2_64.cpp:255
size_t output_length() const override
Definition sha2_64.h:24
size_t output_length() const override
Definition sha2_64.h:85
std::string provider() const override
Definition sha2_64.cpp:197
std::unique_ptr< HashFunction > copy_state() const override
Definition sha2_64.cpp:41
void clear() override
Definition sha2_64.cpp:242
void clear() override
Definition sha2_64.cpp:268
size_t output_length() const override
Definition sha2_64.h:47
std::string provider() const override
Definition sha2_64.cpp:207
static void compress_digest(secure_vector< uint64_t > &digest, const uint8_t input[], size_t blocks)
Definition sha2_64.cpp:68
std::unique_ptr< HashFunction > copy_state() const override
Definition sha2_64.cpp:36
uint64_t load_be< uint64_t >(const uint8_t in[], size_t off)
Definition loadstor.h:217
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:65
void copy_out_vec_be(uint8_t out[], size_t out_bytes, const std::vector< T, Alloc > &in)
Definition loadstor.h:673
#define SHA2_64_F(A, B, C, D, E, F, G, H, M1, M2, M3, M4, magic)
Definition sha2_64.cpp:52