16df3ef80SGreg Tucker /**********************************************************************
26df3ef80SGreg Tucker Copyright(c) 2011-2016 Intel Corporation All rights reserved.
36df3ef80SGreg Tucker
46df3ef80SGreg Tucker Redistribution and use in source and binary forms, with or without
56df3ef80SGreg Tucker modification, are permitted provided that the following conditions
66df3ef80SGreg Tucker are met:
76df3ef80SGreg Tucker * Redistributions of source code must retain the above copyright
86df3ef80SGreg Tucker notice, this list of conditions and the following disclaimer.
96df3ef80SGreg Tucker * Redistributions in binary form must reproduce the above copyright
106df3ef80SGreg Tucker notice, this list of conditions and the following disclaimer in
116df3ef80SGreg Tucker the documentation and/or other materials provided with the
126df3ef80SGreg Tucker distribution.
136df3ef80SGreg Tucker * Neither the name of Intel Corporation nor the names of its
146df3ef80SGreg Tucker contributors may be used to endorse or promote products derived
156df3ef80SGreg Tucker from this software without specific prior written permission.
166df3ef80SGreg Tucker
176df3ef80SGreg Tucker THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
186df3ef80SGreg Tucker "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
196df3ef80SGreg Tucker LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
206df3ef80SGreg Tucker A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
216df3ef80SGreg Tucker OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
226df3ef80SGreg Tucker SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
236df3ef80SGreg Tucker LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
246df3ef80SGreg Tucker DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
256df3ef80SGreg Tucker THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
266df3ef80SGreg Tucker (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
276df3ef80SGreg Tucker OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
286df3ef80SGreg Tucker **********************************************************************/
296df3ef80SGreg Tucker
306df3ef80SGreg Tucker #include <string.h>
316df3ef80SGreg Tucker #include "sha1_mb.h"
3292aa5aa4SGreg Tucker #include "endian_helper.h"
336df3ef80SGreg Tucker
346df3ef80SGreg Tucker ////////////////////////////////////////////////////////////////////////
356df3ef80SGreg Tucker ////////////////////////////////////////////////////////////////////////
366df3ef80SGreg Tucker // Reference SHA1 Functions
376df3ef80SGreg Tucker ////////////////////////////////////////////////////////////////////////
386df3ef80SGreg Tucker ////////////////////////////////////////////////////////////////////////
396df3ef80SGreg Tucker
4095100776SGreg Tucker #if (__GNUC__ >= 11)
4195100776SGreg Tucker #define OPT_FIX __attribute__((noipa))
4295100776SGreg Tucker #else
4395100776SGreg Tucker #define OPT_FIX
4495100776SGreg Tucker #endif
4595100776SGreg Tucker
466df3ef80SGreg Tucker #define H0 0x67452301
476df3ef80SGreg Tucker #define H1 0xefcdab89
486df3ef80SGreg Tucker #define H2 0x98badcfe
496df3ef80SGreg Tucker #define H3 0x10325476
506df3ef80SGreg Tucker #define H4 0xc3d2e1f0
516df3ef80SGreg Tucker
526df3ef80SGreg Tucker #define F1(b, c, d) (d ^ (b & (c ^ d)))
536df3ef80SGreg Tucker #define F2(b, c, d) (b ^ c ^ d)
546df3ef80SGreg Tucker #define F3(b, c, d) ((b & c) | (d & (b | c)))
556df3ef80SGreg Tucker #define F4(b, c, d) (b ^ c ^ d)
566df3ef80SGreg Tucker
576df3ef80SGreg Tucker #define rol32(x, r) (((x) << (r)) ^ ((x) >> (32 - (r))))
586df3ef80SGreg Tucker
596df3ef80SGreg Tucker #define W(x) w[(x) & 15]
606df3ef80SGreg Tucker
616df3ef80SGreg Tucker #define step00_19(i, a, b, c, d, e) \
62868f05eaSMarcel Cornu if (i > 15) \
63868f05eaSMarcel Cornu W(i) = rol32(W(i - 3) ^ W(i - 8) ^ W(i - 14) ^ W(i - 16), 1); \
64868f05eaSMarcel Cornu else \
65868f05eaSMarcel Cornu W(i) = to_be32(ww[i]); \
666df3ef80SGreg Tucker e += rol32(a, 5) + F1(b, c, d) + 0x5A827999 + W(i); \
676df3ef80SGreg Tucker b = rol32(b, 30)
686df3ef80SGreg Tucker
696df3ef80SGreg Tucker #define step20_39(i, a, b, c, d, e) \
706df3ef80SGreg Tucker W(i) = rol32(W(i - 3) ^ W(i - 8) ^ W(i - 14) ^ W(i - 16), 1); \
716df3ef80SGreg Tucker e += rol32(a, 5) + F2(b, c, d) + 0x6ED9EBA1 + W(i); \
726df3ef80SGreg Tucker b = rol32(b, 30)
736df3ef80SGreg Tucker
746df3ef80SGreg Tucker #define step40_59(i, a, b, c, d, e) \
756df3ef80SGreg Tucker W(i) = rol32(W(i - 3) ^ W(i - 8) ^ W(i - 14) ^ W(i - 16), 1); \
766df3ef80SGreg Tucker e += rol32(a, 5) + F3(b, c, d) + 0x8F1BBCDC + W(i); \
776df3ef80SGreg Tucker b = rol32(b, 30)
786df3ef80SGreg Tucker
796df3ef80SGreg Tucker #define step60_79(i, a, b, c, d, e) \
806df3ef80SGreg Tucker W(i) = rol32(W(i - 3) ^ W(i - 8) ^ W(i - 14) ^ W(i - 16), 1); \
816df3ef80SGreg Tucker e += rol32(a, 5) + F4(b, c, d) + 0xCA62C1D6 + W(i); \
826df3ef80SGreg Tucker b = rol32(b, 30)
836df3ef80SGreg Tucker
84868f05eaSMarcel Cornu static void OPT_FIX
85868f05eaSMarcel Cornu sha1_single(const uint8_t *data, uint32_t digest[]);
866df3ef80SGreg Tucker
87868f05eaSMarcel Cornu void
sha1_ref(const uint8_t * input_data,uint32_t * digest,const uint32_t len)88868f05eaSMarcel Cornu sha1_ref(const uint8_t *input_data, uint32_t *digest, const uint32_t len)
896df3ef80SGreg Tucker {
906df3ef80SGreg Tucker uint32_t i, j;
91*0106da91SPablo de Lara uint8_t buf[2 * ISAL_SHA1_BLOCK_SIZE];
926df3ef80SGreg Tucker
936df3ef80SGreg Tucker digest[0] = H0;
946df3ef80SGreg Tucker digest[1] = H1;
956df3ef80SGreg Tucker digest[2] = H2;
966df3ef80SGreg Tucker digest[3] = H3;
976df3ef80SGreg Tucker digest[4] = H4;
986df3ef80SGreg Tucker
996df3ef80SGreg Tucker i = len;
100*0106da91SPablo de Lara while (i >= ISAL_SHA1_BLOCK_SIZE) {
1016df3ef80SGreg Tucker sha1_single(input_data, digest);
102*0106da91SPablo de Lara input_data += ISAL_SHA1_BLOCK_SIZE;
103*0106da91SPablo de Lara i -= ISAL_SHA1_BLOCK_SIZE;
1046df3ef80SGreg Tucker }
1056df3ef80SGreg Tucker
1066df3ef80SGreg Tucker memcpy(buf, input_data, i);
1076df3ef80SGreg Tucker buf[i++] = 0x80;
108*0106da91SPablo de Lara for (j = i; j < ((2 * ISAL_SHA1_BLOCK_SIZE) - ISAL_SHA1_PADLENGTHFIELD_SIZE); j++)
1096df3ef80SGreg Tucker buf[j] = 0;
1106df3ef80SGreg Tucker
111*0106da91SPablo de Lara if (i > ISAL_SHA1_BLOCK_SIZE - ISAL_SHA1_PADLENGTHFIELD_SIZE)
112*0106da91SPablo de Lara i = 2 * ISAL_SHA1_BLOCK_SIZE;
1136df3ef80SGreg Tucker else
114*0106da91SPablo de Lara i = ISAL_SHA1_BLOCK_SIZE;
1156df3ef80SGreg Tucker
116e3f7d4fbSUlrich Weigand *(uint64_t *) (buf + i - 8) = to_be64((uint64_t) len * 8);
1176df3ef80SGreg Tucker
1186df3ef80SGreg Tucker sha1_single(buf, digest);
119*0106da91SPablo de Lara if (i == (2 * ISAL_SHA1_BLOCK_SIZE))
120*0106da91SPablo de Lara sha1_single(buf + ISAL_SHA1_BLOCK_SIZE, digest);
1216df3ef80SGreg Tucker }
1226df3ef80SGreg Tucker
123868f05eaSMarcel Cornu void
sha1_single(const uint8_t * data,uint32_t digest[])124868f05eaSMarcel Cornu sha1_single(const uint8_t *data, uint32_t digest[])
1256df3ef80SGreg Tucker {
1266df3ef80SGreg Tucker uint32_t a, b, c, d, e;
1276df3ef80SGreg Tucker uint32_t w[16] = { 0 };
1286df3ef80SGreg Tucker uint32_t *ww = (uint32_t *) data;
1296df3ef80SGreg Tucker
1306df3ef80SGreg Tucker a = digest[0];
1316df3ef80SGreg Tucker b = digest[1];
1326df3ef80SGreg Tucker c = digest[2];
1336df3ef80SGreg Tucker d = digest[3];
1346df3ef80SGreg Tucker e = digest[4];
1356df3ef80SGreg Tucker
1366df3ef80SGreg Tucker step00_19(0, a, b, c, d, e);
1376df3ef80SGreg Tucker step00_19(1, e, a, b, c, d);
1386df3ef80SGreg Tucker step00_19(2, d, e, a, b, c);
1396df3ef80SGreg Tucker step00_19(3, c, d, e, a, b);
1406df3ef80SGreg Tucker step00_19(4, b, c, d, e, a);
1416df3ef80SGreg Tucker step00_19(5, a, b, c, d, e);
1426df3ef80SGreg Tucker step00_19(6, e, a, b, c, d);
1436df3ef80SGreg Tucker step00_19(7, d, e, a, b, c);
1446df3ef80SGreg Tucker step00_19(8, c, d, e, a, b);
1456df3ef80SGreg Tucker step00_19(9, b, c, d, e, a);
1466df3ef80SGreg Tucker step00_19(10, a, b, c, d, e);
1476df3ef80SGreg Tucker step00_19(11, e, a, b, c, d);
1486df3ef80SGreg Tucker step00_19(12, d, e, a, b, c);
1496df3ef80SGreg Tucker step00_19(13, c, d, e, a, b);
1506df3ef80SGreg Tucker step00_19(14, b, c, d, e, a);
1516df3ef80SGreg Tucker step00_19(15, a, b, c, d, e);
1526df3ef80SGreg Tucker step00_19(16, e, a, b, c, d);
1536df3ef80SGreg Tucker step00_19(17, d, e, a, b, c);
1546df3ef80SGreg Tucker step00_19(18, c, d, e, a, b);
1556df3ef80SGreg Tucker step00_19(19, b, c, d, e, a);
1566df3ef80SGreg Tucker
1576df3ef80SGreg Tucker step20_39(20, a, b, c, d, e);
1586df3ef80SGreg Tucker step20_39(21, e, a, b, c, d);
1596df3ef80SGreg Tucker step20_39(22, d, e, a, b, c);
1606df3ef80SGreg Tucker step20_39(23, c, d, e, a, b);
1616df3ef80SGreg Tucker step20_39(24, b, c, d, e, a);
1626df3ef80SGreg Tucker step20_39(25, a, b, c, d, e);
1636df3ef80SGreg Tucker step20_39(26, e, a, b, c, d);
1646df3ef80SGreg Tucker step20_39(27, d, e, a, b, c);
1656df3ef80SGreg Tucker step20_39(28, c, d, e, a, b);
1666df3ef80SGreg Tucker step20_39(29, b, c, d, e, a);
1676df3ef80SGreg Tucker step20_39(30, a, b, c, d, e);
1686df3ef80SGreg Tucker step20_39(31, e, a, b, c, d);
1696df3ef80SGreg Tucker step20_39(32, d, e, a, b, c);
1706df3ef80SGreg Tucker step20_39(33, c, d, e, a, b);
1716df3ef80SGreg Tucker step20_39(34, b, c, d, e, a);
1726df3ef80SGreg Tucker step20_39(35, a, b, c, d, e);
1736df3ef80SGreg Tucker step20_39(36, e, a, b, c, d);
1746df3ef80SGreg Tucker step20_39(37, d, e, a, b, c);
1756df3ef80SGreg Tucker step20_39(38, c, d, e, a, b);
1766df3ef80SGreg Tucker step20_39(39, b, c, d, e, a);
1776df3ef80SGreg Tucker
1786df3ef80SGreg Tucker step40_59(40, a, b, c, d, e);
1796df3ef80SGreg Tucker step40_59(41, e, a, b, c, d);
1806df3ef80SGreg Tucker step40_59(42, d, e, a, b, c);
1816df3ef80SGreg Tucker step40_59(43, c, d, e, a, b);
1826df3ef80SGreg Tucker step40_59(44, b, c, d, e, a);
1836df3ef80SGreg Tucker step40_59(45, a, b, c, d, e);
1846df3ef80SGreg Tucker step40_59(46, e, a, b, c, d);
1856df3ef80SGreg Tucker step40_59(47, d, e, a, b, c);
1866df3ef80SGreg Tucker step40_59(48, c, d, e, a, b);
1876df3ef80SGreg Tucker step40_59(49, b, c, d, e, a);
1886df3ef80SGreg Tucker step40_59(50, a, b, c, d, e);
1896df3ef80SGreg Tucker step40_59(51, e, a, b, c, d);
1906df3ef80SGreg Tucker step40_59(52, d, e, a, b, c);
1916df3ef80SGreg Tucker step40_59(53, c, d, e, a, b);
1926df3ef80SGreg Tucker step40_59(54, b, c, d, e, a);
1936df3ef80SGreg Tucker step40_59(55, a, b, c, d, e);
1946df3ef80SGreg Tucker step40_59(56, e, a, b, c, d);
1956df3ef80SGreg Tucker step40_59(57, d, e, a, b, c);
1966df3ef80SGreg Tucker step40_59(58, c, d, e, a, b);
1976df3ef80SGreg Tucker step40_59(59, b, c, d, e, a);
1986df3ef80SGreg Tucker
1996df3ef80SGreg Tucker step60_79(60, a, b, c, d, e);
2006df3ef80SGreg Tucker step60_79(61, e, a, b, c, d);
2016df3ef80SGreg Tucker step60_79(62, d, e, a, b, c);
2026df3ef80SGreg Tucker step60_79(63, c, d, e, a, b);
2036df3ef80SGreg Tucker step60_79(64, b, c, d, e, a);
2046df3ef80SGreg Tucker step60_79(65, a, b, c, d, e);
2056df3ef80SGreg Tucker step60_79(66, e, a, b, c, d);
2066df3ef80SGreg Tucker step60_79(67, d, e, a, b, c);
2076df3ef80SGreg Tucker step60_79(68, c, d, e, a, b);
2086df3ef80SGreg Tucker step60_79(69, b, c, d, e, a);
2096df3ef80SGreg Tucker step60_79(70, a, b, c, d, e);
2106df3ef80SGreg Tucker step60_79(71, e, a, b, c, d);
2116df3ef80SGreg Tucker step60_79(72, d, e, a, b, c);
2126df3ef80SGreg Tucker step60_79(73, c, d, e, a, b);
2136df3ef80SGreg Tucker step60_79(74, b, c, d, e, a);
2146df3ef80SGreg Tucker step60_79(75, a, b, c, d, e);
2156df3ef80SGreg Tucker step60_79(76, e, a, b, c, d);
2166df3ef80SGreg Tucker step60_79(77, d, e, a, b, c);
2176df3ef80SGreg Tucker step60_79(78, c, d, e, a, b);
2186df3ef80SGreg Tucker step60_79(79, b, c, d, e, a);
2196df3ef80SGreg Tucker
2206df3ef80SGreg Tucker digest[0] += a;
2216df3ef80SGreg Tucker digest[1] += b;
2226df3ef80SGreg Tucker digest[2] += c;
2236df3ef80SGreg Tucker digest[3] += d;
2246df3ef80SGreg Tucker digest[4] += e;
2256df3ef80SGreg Tucker }
226