Botan 2.19.3
Crypto and TLS for C&
sha2_32.cpp
Go to the documentation of this file.
1/*
2* SHA-{224,256}
3* (C) 1999-2010,2017 Jack Lloyd
4* 2007 FlexSecure GmbH
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#include <botan/sha2_32.h>
10#include <botan/loadstor.h>
11#include <botan/rotate.h>
12#include <botan/cpuid.h>
13
14namespace Botan {
15
16namespace {
17
18std::string sha256_provider()
19 {
20#if defined(BOTAN_HAS_SHA2_32_X86)
21 if(CPUID::has_intel_sha())
22 {
23 return "shani";
24 }
25#endif
26
27#if defined(BOTAN_HAS_SHA2_32_X86_BMI2)
28 if(CPUID::has_bmi2())
29 {
30 return "bmi2";
31 }
32#endif
33
34#if defined(BOTAN_HAS_SHA2_32_ARMV8)
35 if(CPUID::has_arm_sha2())
36 {
37 return "armv8";
38 }
39#endif
40
41 return "base";
42 }
43
44}
45
46std::unique_ptr<HashFunction> SHA_224::copy_state() const
47 {
48 return std::unique_ptr<HashFunction>(new SHA_224(*this));
49 }
50
51std::unique_ptr<HashFunction> SHA_256::copy_state() const
52 {
53 return std::unique_ptr<HashFunction>(new SHA_256(*this));
54 }
55
56/*
57* SHA-256 F1 Function
58*
59* Use a macro as many compilers won't inline a function this big,
60* even though it is much faster if inlined.
61*/
62#define SHA2_32_F(A, B, C, D, E, F, G, H, M1, M2, M3, M4, magic) do { \
63 uint32_t A_rho = rotr<2>(A) ^ rotr<13>(A) ^ rotr<22>(A); \
64 uint32_t E_rho = rotr<6>(E) ^ rotr<11>(E) ^ rotr<25>(E); \
65 uint32_t M2_sigma = rotr<17>(M2) ^ rotr<19>(M2) ^ (M2 >> 10); \
66 uint32_t M4_sigma = rotr<7>(M4) ^ rotr<18>(M4) ^ (M4 >> 3); \
67 H += magic + E_rho + ((E & F) ^ (~E & G)) + M1; \
68 D += H; \
69 H += A_rho + ((A & B) | ((A | B) & C)); \
70 M1 += M2_sigma + M3 + M4_sigma; \
71 } while(0);
72
73/*
74* SHA-224 / SHA-256 compression function
75*/
77 const uint8_t input[], size_t blocks)
78 {
79#if defined(BOTAN_HAS_SHA2_32_X86)
80 if(CPUID::has_intel_sha())
81 {
82 return SHA_256::compress_digest_x86(digest, input, blocks);
83 }
84#endif
85
86#if defined(BOTAN_HAS_SHA2_32_X86_BMI2)
87 if(CPUID::has_bmi2())
88 {
89 return SHA_256::compress_digest_x86_bmi2(digest, input, blocks);
90 }
91#endif
92
93#if defined(BOTAN_HAS_SHA2_32_ARMV8)
94 if(CPUID::has_arm_sha2())
95 {
96 return SHA_256::compress_digest_armv8(digest, input, blocks);
97 }
98#endif
99
100 uint32_t A = digest[0], B = digest[1], C = digest[2],
101 D = digest[3], E = digest[4], F = digest[5],
102 G = digest[6], H = digest[7];
103
104 for(size_t i = 0; i != blocks; ++i)
105 {
106 uint32_t W00 = load_be<uint32_t>(input, 0);
107 uint32_t W01 = load_be<uint32_t>(input, 1);
108 uint32_t W02 = load_be<uint32_t>(input, 2);
109 uint32_t W03 = load_be<uint32_t>(input, 3);
110 uint32_t W04 = load_be<uint32_t>(input, 4);
111 uint32_t W05 = load_be<uint32_t>(input, 5);
112 uint32_t W06 = load_be<uint32_t>(input, 6);
113 uint32_t W07 = load_be<uint32_t>(input, 7);
114 uint32_t W08 = load_be<uint32_t>(input, 8);
115 uint32_t W09 = load_be<uint32_t>(input, 9);
116 uint32_t W10 = load_be<uint32_t>(input, 10);
117 uint32_t W11 = load_be<uint32_t>(input, 11);
118 uint32_t W12 = load_be<uint32_t>(input, 12);
119 uint32_t W13 = load_be<uint32_t>(input, 13);
120 uint32_t W14 = load_be<uint32_t>(input, 14);
121 uint32_t W15 = load_be<uint32_t>(input, 15);
122
123 SHA2_32_F(A, B, C, D, E, F, G, H, W00, W14, W09, W01, 0x428A2F98);
124 SHA2_32_F(H, A, B, C, D, E, F, G, W01, W15, W10, W02, 0x71374491);
125 SHA2_32_F(G, H, A, B, C, D, E, F, W02, W00, W11, W03, 0xB5C0FBCF);
126 SHA2_32_F(F, G, H, A, B, C, D, E, W03, W01, W12, W04, 0xE9B5DBA5);
127 SHA2_32_F(E, F, G, H, A, B, C, D, W04, W02, W13, W05, 0x3956C25B);
128 SHA2_32_F(D, E, F, G, H, A, B, C, W05, W03, W14, W06, 0x59F111F1);
129 SHA2_32_F(C, D, E, F, G, H, A, B, W06, W04, W15, W07, 0x923F82A4);
130 SHA2_32_F(B, C, D, E, F, G, H, A, W07, W05, W00, W08, 0xAB1C5ED5);
131 SHA2_32_F(A, B, C, D, E, F, G, H, W08, W06, W01, W09, 0xD807AA98);
132 SHA2_32_F(H, A, B, C, D, E, F, G, W09, W07, W02, W10, 0x12835B01);
133 SHA2_32_F(G, H, A, B, C, D, E, F, W10, W08, W03, W11, 0x243185BE);
134 SHA2_32_F(F, G, H, A, B, C, D, E, W11, W09, W04, W12, 0x550C7DC3);
135 SHA2_32_F(E, F, G, H, A, B, C, D, W12, W10, W05, W13, 0x72BE5D74);
136 SHA2_32_F(D, E, F, G, H, A, B, C, W13, W11, W06, W14, 0x80DEB1FE);
137 SHA2_32_F(C, D, E, F, G, H, A, B, W14, W12, W07, W15, 0x9BDC06A7);
138 SHA2_32_F(B, C, D, E, F, G, H, A, W15, W13, W08, W00, 0xC19BF174);
139
140 SHA2_32_F(A, B, C, D, E, F, G, H, W00, W14, W09, W01, 0xE49B69C1);
141 SHA2_32_F(H, A, B, C, D, E, F, G, W01, W15, W10, W02, 0xEFBE4786);
142 SHA2_32_F(G, H, A, B, C, D, E, F, W02, W00, W11, W03, 0x0FC19DC6);
143 SHA2_32_F(F, G, H, A, B, C, D, E, W03, W01, W12, W04, 0x240CA1CC);
144 SHA2_32_F(E, F, G, H, A, B, C, D, W04, W02, W13, W05, 0x2DE92C6F);
145 SHA2_32_F(D, E, F, G, H, A, B, C, W05, W03, W14, W06, 0x4A7484AA);
146 SHA2_32_F(C, D, E, F, G, H, A, B, W06, W04, W15, W07, 0x5CB0A9DC);
147 SHA2_32_F(B, C, D, E, F, G, H, A, W07, W05, W00, W08, 0x76F988DA);
148 SHA2_32_F(A, B, C, D, E, F, G, H, W08, W06, W01, W09, 0x983E5152);
149 SHA2_32_F(H, A, B, C, D, E, F, G, W09, W07, W02, W10, 0xA831C66D);
150 SHA2_32_F(G, H, A, B, C, D, E, F, W10, W08, W03, W11, 0xB00327C8);
151 SHA2_32_F(F, G, H, A, B, C, D, E, W11, W09, W04, W12, 0xBF597FC7);
152 SHA2_32_F(E, F, G, H, A, B, C, D, W12, W10, W05, W13, 0xC6E00BF3);
153 SHA2_32_F(D, E, F, G, H, A, B, C, W13, W11, W06, W14, 0xD5A79147);
154 SHA2_32_F(C, D, E, F, G, H, A, B, W14, W12, W07, W15, 0x06CA6351);
155 SHA2_32_F(B, C, D, E, F, G, H, A, W15, W13, W08, W00, 0x14292967);
156
157 SHA2_32_F(A, B, C, D, E, F, G, H, W00, W14, W09, W01, 0x27B70A85);
158 SHA2_32_F(H, A, B, C, D, E, F, G, W01, W15, W10, W02, 0x2E1B2138);
159 SHA2_32_F(G, H, A, B, C, D, E, F, W02, W00, W11, W03, 0x4D2C6DFC);
160 SHA2_32_F(F, G, H, A, B, C, D, E, W03, W01, W12, W04, 0x53380D13);
161 SHA2_32_F(E, F, G, H, A, B, C, D, W04, W02, W13, W05, 0x650A7354);
162 SHA2_32_F(D, E, F, G, H, A, B, C, W05, W03, W14, W06, 0x766A0ABB);
163 SHA2_32_F(C, D, E, F, G, H, A, B, W06, W04, W15, W07, 0x81C2C92E);
164 SHA2_32_F(B, C, D, E, F, G, H, A, W07, W05, W00, W08, 0x92722C85);
165 SHA2_32_F(A, B, C, D, E, F, G, H, W08, W06, W01, W09, 0xA2BFE8A1);
166 SHA2_32_F(H, A, B, C, D, E, F, G, W09, W07, W02, W10, 0xA81A664B);
167 SHA2_32_F(G, H, A, B, C, D, E, F, W10, W08, W03, W11, 0xC24B8B70);
168 SHA2_32_F(F, G, H, A, B, C, D, E, W11, W09, W04, W12, 0xC76C51A3);
169 SHA2_32_F(E, F, G, H, A, B, C, D, W12, W10, W05, W13, 0xD192E819);
170 SHA2_32_F(D, E, F, G, H, A, B, C, W13, W11, W06, W14, 0xD6990624);
171 SHA2_32_F(C, D, E, F, G, H, A, B, W14, W12, W07, W15, 0xF40E3585);
172 SHA2_32_F(B, C, D, E, F, G, H, A, W15, W13, W08, W00, 0x106AA070);
173
174 SHA2_32_F(A, B, C, D, E, F, G, H, W00, W14, W09, W01, 0x19A4C116);
175 SHA2_32_F(H, A, B, C, D, E, F, G, W01, W15, W10, W02, 0x1E376C08);
176 SHA2_32_F(G, H, A, B, C, D, E, F, W02, W00, W11, W03, 0x2748774C);
177 SHA2_32_F(F, G, H, A, B, C, D, E, W03, W01, W12, W04, 0x34B0BCB5);
178 SHA2_32_F(E, F, G, H, A, B, C, D, W04, W02, W13, W05, 0x391C0CB3);
179 SHA2_32_F(D, E, F, G, H, A, B, C, W05, W03, W14, W06, 0x4ED8AA4A);
180 SHA2_32_F(C, D, E, F, G, H, A, B, W06, W04, W15, W07, 0x5B9CCA4F);
181 SHA2_32_F(B, C, D, E, F, G, H, A, W07, W05, W00, W08, 0x682E6FF3);
182 SHA2_32_F(A, B, C, D, E, F, G, H, W08, W06, W01, W09, 0x748F82EE);
183 SHA2_32_F(H, A, B, C, D, E, F, G, W09, W07, W02, W10, 0x78A5636F);
184 SHA2_32_F(G, H, A, B, C, D, E, F, W10, W08, W03, W11, 0x84C87814);
185 SHA2_32_F(F, G, H, A, B, C, D, E, W11, W09, W04, W12, 0x8CC70208);
186 SHA2_32_F(E, F, G, H, A, B, C, D, W12, W10, W05, W13, 0x90BEFFFA);
187 SHA2_32_F(D, E, F, G, H, A, B, C, W13, W11, W06, W14, 0xA4506CEB);
188 SHA2_32_F(C, D, E, F, G, H, A, B, W14, W12, W07, W15, 0xBEF9A3F7);
189 SHA2_32_F(B, C, D, E, F, G, H, A, W15, W13, W08, W00, 0xC67178F2);
190
191 A = (digest[0] += A);
192 B = (digest[1] += B);
193 C = (digest[2] += C);
194 D = (digest[3] += D);
195 E = (digest[4] += E);
196 F = (digest[5] += F);
197 G = (digest[6] += G);
198 H = (digest[7] += H);
199
200 input += 64;
201 }
202 }
203
204std::string SHA_224::provider() const
205 {
206 return sha256_provider();
207 }
208
209std::string SHA_256::provider() const
210 {
211 return sha256_provider();
212 }
213
214/*
215* SHA-224 compression function
216*/
217void SHA_224::compress_n(const uint8_t input[], size_t blocks)
218 {
219 SHA_256::compress_digest(m_digest, input, blocks);
220 }
221
222/*
223* Copy out the digest
224*/
225void SHA_224::copy_out(uint8_t output[])
226 {
227 copy_out_vec_be(output, output_length(), m_digest);
228 }
229
230/*
231* Clear memory of sensitive data
232*/
234 {
236 m_digest[0] = 0xC1059ED8;
237 m_digest[1] = 0x367CD507;
238 m_digest[2] = 0x3070DD17;
239 m_digest[3] = 0xF70E5939;
240 m_digest[4] = 0xFFC00B31;
241 m_digest[5] = 0x68581511;
242 m_digest[6] = 0x64F98FA7;
243 m_digest[7] = 0xBEFA4FA4;
244 }
245
246/*
247* SHA-256 compression function
248*/
249void SHA_256::compress_n(const uint8_t input[], size_t blocks)
250 {
251 SHA_256::compress_digest(m_digest, input, blocks);
252 }
253
254/*
255* Copy out the digest
256*/
257void SHA_256::copy_out(uint8_t output[])
258 {
259 copy_out_vec_be(output, output_length(), m_digest);
260 }
261
262/*
263* Clear memory of sensitive data
264*/
266 {
268 m_digest[0] = 0x6A09E667;
269 m_digest[1] = 0xBB67AE85;
270 m_digest[2] = 0x3C6EF372;
271 m_digest[3] = 0xA54FF53A;
272 m_digest[4] = 0x510E527F;
273 m_digest[5] = 0x9B05688C;
274 m_digest[6] = 0x1F83D9AB;
275 m_digest[7] = 0x5BE0CD19;
276 }
277
278}
void clear() override
Definition mdx_hash.cpp:41
size_t output_length() const override
Definition sha2_32.h:25
std::string provider() const override
Definition sha2_32.cpp:204
void clear() override
Definition sha2_32.cpp:233
std::unique_ptr< HashFunction > copy_state() const override
Definition sha2_32.cpp:46
size_t output_length() const override
Definition sha2_32.h:49
static void compress_digest(secure_vector< uint32_t > &digest, const uint8_t input[], size_t blocks)
Definition sha2_32.cpp:76
void clear() override
Definition sha2_32.cpp:265
std::unique_ptr< HashFunction > copy_state() const override
Definition sha2_32.cpp:51
std::string provider() const override
Definition sha2_32.cpp:209
uint32_t load_be< uint32_t >(const uint8_t in[], size_t off)
Definition loadstor.h:179
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:65
void copy_out_vec_be(uint8_t out[], size_t out_bytes, const std::vector< T, Alloc > &in)
Definition loadstor.h:673
#define SHA2_32_F(A, B, C, D, E, F, G, H, M1, M2, M3, M4, magic)
Definition sha2_32.cpp:62