1 /**********************************************************************
2 Copyright(c) 2011-2016 Intel Corporation All rights reserved.
3
4 Redistribution and use in source and binary forms, with or without
5 modification, are permitted provided that the following conditions
6 are met:
7 * Redistributions of source code must retain the above copyright
8 notice, this list of conditions and the following disclaimer.
9 * Redistributions in binary form must reproduce the above copyright
10 notice, this list of conditions and the following disclaimer in
11 the documentation and/or other materials provided with the
12 distribution.
13 * Neither the name of Intel Corporation nor the names of its
14 contributors may be used to endorse or promote products derived
15 from this software without specific prior written permission.
16
17 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
18 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
19 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
20 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
21 OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
22 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
23 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
27 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 **********************************************************************/
29
30 #include <string.h>
31 #include "sha1_mb.h"
32 #include "endian_helper.h"
33
34 ////////////////////////////////////////////////////////////////////////
35 ////////////////////////////////////////////////////////////////////////
36 // Reference SHA1 Functions
37 ////////////////////////////////////////////////////////////////////////
38 ////////////////////////////////////////////////////////////////////////
39
40 #if (__GNUC__ >= 11)
41 #define OPT_FIX __attribute__((noipa))
42 #else
43 #define OPT_FIX
44 #endif
45
46 #define H0 0x67452301
47 #define H1 0xefcdab89
48 #define H2 0x98badcfe
49 #define H3 0x10325476
50 #define H4 0xc3d2e1f0
51
52 #define F1(b, c, d) (d ^ (b & (c ^ d)))
53 #define F2(b, c, d) (b ^ c ^ d)
54 #define F3(b, c, d) ((b & c) | (d & (b | c)))
55 #define F4(b, c, d) (b ^ c ^ d)
56
57 #define rol32(x, r) (((x) << (r)) ^ ((x) >> (32 - (r))))
58
59 #define W(x) w[(x) & 15]
60
61 #define step00_19(i, a, b, c, d, e) \
62 if (i > 15) \
63 W(i) = rol32(W(i - 3) ^ W(i - 8) ^ W(i - 14) ^ W(i - 16), 1); \
64 else \
65 W(i) = to_be32(ww[i]); \
66 e += rol32(a, 5) + F1(b, c, d) + 0x5A827999 + W(i); \
67 b = rol32(b, 30)
68
69 #define step20_39(i, a, b, c, d, e) \
70 W(i) = rol32(W(i - 3) ^ W(i - 8) ^ W(i - 14) ^ W(i - 16), 1); \
71 e += rol32(a, 5) + F2(b, c, d) + 0x6ED9EBA1 + W(i); \
72 b = rol32(b, 30)
73
74 #define step40_59(i, a, b, c, d, e) \
75 W(i) = rol32(W(i - 3) ^ W(i - 8) ^ W(i - 14) ^ W(i - 16), 1); \
76 e += rol32(a, 5) + F3(b, c, d) + 0x8F1BBCDC + W(i); \
77 b = rol32(b, 30)
78
79 #define step60_79(i, a, b, c, d, e) \
80 W(i) = rol32(W(i - 3) ^ W(i - 8) ^ W(i - 14) ^ W(i - 16), 1); \
81 e += rol32(a, 5) + F4(b, c, d) + 0xCA62C1D6 + W(i); \
82 b = rol32(b, 30)
83
84 static void OPT_FIX
85 sha1_single(const uint8_t *data, uint32_t digest[]);
86
87 void
sha1_ref(const uint8_t * input_data,uint32_t * digest,const uint32_t len)88 sha1_ref(const uint8_t *input_data, uint32_t *digest, const uint32_t len)
89 {
90 uint32_t i, j;
91 uint8_t buf[2 * ISAL_SHA1_BLOCK_SIZE];
92
93 digest[0] = H0;
94 digest[1] = H1;
95 digest[2] = H2;
96 digest[3] = H3;
97 digest[4] = H4;
98
99 i = len;
100 while (i >= ISAL_SHA1_BLOCK_SIZE) {
101 sha1_single(input_data, digest);
102 input_data += ISAL_SHA1_BLOCK_SIZE;
103 i -= ISAL_SHA1_BLOCK_SIZE;
104 }
105
106 memcpy(buf, input_data, i);
107 buf[i++] = 0x80;
108 for (j = i; j < ((2 * ISAL_SHA1_BLOCK_SIZE) - ISAL_SHA1_PADLENGTHFIELD_SIZE); j++)
109 buf[j] = 0;
110
111 if (i > ISAL_SHA1_BLOCK_SIZE - ISAL_SHA1_PADLENGTHFIELD_SIZE)
112 i = 2 * ISAL_SHA1_BLOCK_SIZE;
113 else
114 i = ISAL_SHA1_BLOCK_SIZE;
115
116 *(uint64_t *) (buf + i - 8) = to_be64((uint64_t) len * 8);
117
118 sha1_single(buf, digest);
119 if (i == (2 * ISAL_SHA1_BLOCK_SIZE))
120 sha1_single(buf + ISAL_SHA1_BLOCK_SIZE, digest);
121 }
122
123 void
sha1_single(const uint8_t * data,uint32_t digest[])124 sha1_single(const uint8_t *data, uint32_t digest[])
125 {
126 uint32_t a, b, c, d, e;
127 uint32_t w[16] = { 0 };
128 uint32_t *ww = (uint32_t *) data;
129
130 a = digest[0];
131 b = digest[1];
132 c = digest[2];
133 d = digest[3];
134 e = digest[4];
135
136 step00_19(0, a, b, c, d, e);
137 step00_19(1, e, a, b, c, d);
138 step00_19(2, d, e, a, b, c);
139 step00_19(3, c, d, e, a, b);
140 step00_19(4, b, c, d, e, a);
141 step00_19(5, a, b, c, d, e);
142 step00_19(6, e, a, b, c, d);
143 step00_19(7, d, e, a, b, c);
144 step00_19(8, c, d, e, a, b);
145 step00_19(9, b, c, d, e, a);
146 step00_19(10, a, b, c, d, e);
147 step00_19(11, e, a, b, c, d);
148 step00_19(12, d, e, a, b, c);
149 step00_19(13, c, d, e, a, b);
150 step00_19(14, b, c, d, e, a);
151 step00_19(15, a, b, c, d, e);
152 step00_19(16, e, a, b, c, d);
153 step00_19(17, d, e, a, b, c);
154 step00_19(18, c, d, e, a, b);
155 step00_19(19, b, c, d, e, a);
156
157 step20_39(20, a, b, c, d, e);
158 step20_39(21, e, a, b, c, d);
159 step20_39(22, d, e, a, b, c);
160 step20_39(23, c, d, e, a, b);
161 step20_39(24, b, c, d, e, a);
162 step20_39(25, a, b, c, d, e);
163 step20_39(26, e, a, b, c, d);
164 step20_39(27, d, e, a, b, c);
165 step20_39(28, c, d, e, a, b);
166 step20_39(29, b, c, d, e, a);
167 step20_39(30, a, b, c, d, e);
168 step20_39(31, e, a, b, c, d);
169 step20_39(32, d, e, a, b, c);
170 step20_39(33, c, d, e, a, b);
171 step20_39(34, b, c, d, e, a);
172 step20_39(35, a, b, c, d, e);
173 step20_39(36, e, a, b, c, d);
174 step20_39(37, d, e, a, b, c);
175 step20_39(38, c, d, e, a, b);
176 step20_39(39, b, c, d, e, a);
177
178 step40_59(40, a, b, c, d, e);
179 step40_59(41, e, a, b, c, d);
180 step40_59(42, d, e, a, b, c);
181 step40_59(43, c, d, e, a, b);
182 step40_59(44, b, c, d, e, a);
183 step40_59(45, a, b, c, d, e);
184 step40_59(46, e, a, b, c, d);
185 step40_59(47, d, e, a, b, c);
186 step40_59(48, c, d, e, a, b);
187 step40_59(49, b, c, d, e, a);
188 step40_59(50, a, b, c, d, e);
189 step40_59(51, e, a, b, c, d);
190 step40_59(52, d, e, a, b, c);
191 step40_59(53, c, d, e, a, b);
192 step40_59(54, b, c, d, e, a);
193 step40_59(55, a, b, c, d, e);
194 step40_59(56, e, a, b, c, d);
195 step40_59(57, d, e, a, b, c);
196 step40_59(58, c, d, e, a, b);
197 step40_59(59, b, c, d, e, a);
198
199 step60_79(60, a, b, c, d, e);
200 step60_79(61, e, a, b, c, d);
201 step60_79(62, d, e, a, b, c);
202 step60_79(63, c, d, e, a, b);
203 step60_79(64, b, c, d, e, a);
204 step60_79(65, a, b, c, d, e);
205 step60_79(66, e, a, b, c, d);
206 step60_79(67, d, e, a, b, c);
207 step60_79(68, c, d, e, a, b);
208 step60_79(69, b, c, d, e, a);
209 step60_79(70, a, b, c, d, e);
210 step60_79(71, e, a, b, c, d);
211 step60_79(72, d, e, a, b, c);
212 step60_79(73, c, d, e, a, b);
213 step60_79(74, b, c, d, e, a);
214 step60_79(75, a, b, c, d, e);
215 step60_79(76, e, a, b, c, d);
216 step60_79(77, d, e, a, b, c);
217 step60_79(78, c, d, e, a, b);
218 step60_79(79, b, c, d, e, a);
219
220 digest[0] += a;
221 digest[1] += b;
222 digest[2] += c;
223 digest[3] += d;
224 digest[4] += e;
225 }
226