xref: /isa-l_crypto/sha256_mb/sha256_ref.c (revision 0a437795c8360736f38dfa5934aa03a1861d784c) 
16df3ef80SGreg Tucker /**********************************************************************
26df3ef80SGreg Tucker   Copyright(c) 2011-2016 Intel Corporation All rights reserved.
36df3ef80SGreg Tucker 
46df3ef80SGreg Tucker   Redistribution and use in source and binary forms, with or without
56df3ef80SGreg Tucker   modification, are permitted provided that the following conditions
66df3ef80SGreg Tucker   are met:
76df3ef80SGreg Tucker     * Redistributions of source code must retain the above copyright
86df3ef80SGreg Tucker       notice, this list of conditions and the following disclaimer.
96df3ef80SGreg Tucker     * Redistributions in binary form must reproduce the above copyright
106df3ef80SGreg Tucker       notice, this list of conditions and the following disclaimer in
116df3ef80SGreg Tucker       the documentation and/or other materials provided with the
126df3ef80SGreg Tucker       distribution.
136df3ef80SGreg Tucker     * Neither the name of Intel Corporation nor the names of its
146df3ef80SGreg Tucker       contributors may be used to endorse or promote products derived
156df3ef80SGreg Tucker       from this software without specific prior written permission.
166df3ef80SGreg Tucker 
176df3ef80SGreg Tucker   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
186df3ef80SGreg Tucker   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
196df3ef80SGreg Tucker   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
206df3ef80SGreg Tucker   A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
216df3ef80SGreg Tucker   OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
226df3ef80SGreg Tucker   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
236df3ef80SGreg Tucker   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
246df3ef80SGreg Tucker   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
256df3ef80SGreg Tucker   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
266df3ef80SGreg Tucker   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
276df3ef80SGreg Tucker   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
286df3ef80SGreg Tucker **********************************************************************/
296df3ef80SGreg Tucker 
306df3ef80SGreg Tucker #include <string.h>
316df3ef80SGreg Tucker #include "sha256_mb.h"
3292aa5aa4SGreg Tucker #include "endian_helper.h"
336df3ef80SGreg Tucker 
346df3ef80SGreg Tucker ////////////////////////////////////////////////////////////////////////
356df3ef80SGreg Tucker ////////////////////////////////////////////////////////////////////////
366df3ef80SGreg Tucker // Reference SHA256 Functions
376df3ef80SGreg Tucker ////////////////////////////////////////////////////////////////////////
386df3ef80SGreg Tucker ////////////////////////////////////////////////////////////////////////
396df3ef80SGreg Tucker 
4095100776SGreg Tucker #if (__GNUC__ >= 11)
4195100776SGreg Tucker #define OPT_FIX __attribute__((noipa))
4295100776SGreg Tucker #else
4395100776SGreg Tucker #define OPT_FIX
4495100776SGreg Tucker #endif
4595100776SGreg Tucker 
466df3ef80SGreg Tucker #define H0 0x6a09e667
476df3ef80SGreg Tucker #define H1 0xbb67ae85
486df3ef80SGreg Tucker #define H2 0x3c6ef372
496df3ef80SGreg Tucker #define H3 0xa54ff53a
506df3ef80SGreg Tucker #define H4 0x510e527f
516df3ef80SGreg Tucker #define H5 0x9b05688c
526df3ef80SGreg Tucker #define H6 0x1f83d9ab
536df3ef80SGreg Tucker #define H7 0x5be0cd19
546df3ef80SGreg Tucker 
556df3ef80SGreg Tucker #define ror32(x, r) (((x) >> (r)) ^ ((x) << (32 - (r))))
566df3ef80SGreg Tucker 
576df3ef80SGreg Tucker #define W(x) w[(x) & 15]
586df3ef80SGreg Tucker 
596df3ef80SGreg Tucker #define S0(w) (ror32(w, 7) ^ ror32(w, 18) ^ (w >> 3))
606df3ef80SGreg Tucker #define S1(w) (ror32(w, 17) ^ ror32(w, 19) ^ (w >> 10))
616df3ef80SGreg Tucker 
626df3ef80SGreg Tucker #define s0(a)        (ror32(a, 2) ^ ror32(a, 13) ^ ror32(a, 22))
636df3ef80SGreg Tucker #define s1(e)        (ror32(e, 6) ^ ror32(e, 11) ^ ror32(e, 25))
646df3ef80SGreg Tucker #define maj(a, b, c) ((a & b) ^ (a & c) ^ (b & c))
656df3ef80SGreg Tucker #define ch(e, f, g)  ((e & f) ^ (g & ~e))
666df3ef80SGreg Tucker 
676df3ef80SGreg Tucker #define step(i, a, b, c, d, e, f, g, h, k)                                                         \
689ba6f238SMarcel Cornu         if (i < 16)                                                                                \
699ba6f238SMarcel Cornu                 W(i) = to_be32(ww[i]);                                                             \
706df3ef80SGreg Tucker         else                                                                                       \
716df3ef80SGreg Tucker                 W(i) = W(i - 16) + S0(W(i - 15)) + W(i - 7) + S1(W(i - 2));                        \
726df3ef80SGreg Tucker         t2 = s0(a) + maj(a, b, c);                                                                 \
736df3ef80SGreg Tucker         t1 = h + s1(e) + ch(e, f, g) + k + W(i);                                                   \
746df3ef80SGreg Tucker         d += t1;                                                                                   \
756df3ef80SGreg Tucker         h = t1 + t2;
766df3ef80SGreg Tucker 
779ba6f238SMarcel Cornu static void OPT_FIX
789ba6f238SMarcel Cornu sha256_single(const uint8_t *data, uint32_t digest[]);
796df3ef80SGreg Tucker 
809ba6f238SMarcel Cornu void
sha256_ref(const uint8_t * input_data,uint32_t * digest,const uint32_t len)819ba6f238SMarcel Cornu sha256_ref(const uint8_t *input_data, uint32_t *digest, const uint32_t len)
826df3ef80SGreg Tucker {
836df3ef80SGreg Tucker         uint32_t i, j;
84*0a437795SPablo de Lara         uint8_t buf[2 * ISAL_SHA256_BLOCK_SIZE];
856df3ef80SGreg Tucker 
866df3ef80SGreg Tucker         digest[0] = H0;
876df3ef80SGreg Tucker         digest[1] = H1;
886df3ef80SGreg Tucker         digest[2] = H2;
896df3ef80SGreg Tucker         digest[3] = H3;
906df3ef80SGreg Tucker         digest[4] = H4;
916df3ef80SGreg Tucker         digest[5] = H5;
926df3ef80SGreg Tucker         digest[6] = H6;
936df3ef80SGreg Tucker         digest[7] = H7;
946df3ef80SGreg Tucker 
956df3ef80SGreg Tucker         i = len;
96*0a437795SPablo de Lara         while (i >= ISAL_SHA256_BLOCK_SIZE) {
976df3ef80SGreg Tucker                 sha256_single(input_data, digest);
98*0a437795SPablo de Lara                 input_data += ISAL_SHA256_BLOCK_SIZE;
99*0a437795SPablo de Lara                 i -= ISAL_SHA256_BLOCK_SIZE;
1006df3ef80SGreg Tucker         }
1016df3ef80SGreg Tucker 
1026df3ef80SGreg Tucker         memcpy(buf, input_data, i);
1036df3ef80SGreg Tucker         buf[i++] = 0x80;
104*0a437795SPablo de Lara         for (j = i; j < ((2 * ISAL_SHA256_BLOCK_SIZE) - ISAL_SHA256_PADLENGTHFIELD_SIZE); j++)
1056df3ef80SGreg Tucker                 buf[j] = 0;
1066df3ef80SGreg Tucker 
107*0a437795SPablo de Lara         if (i > ISAL_SHA256_BLOCK_SIZE - ISAL_SHA256_PADLENGTHFIELD_SIZE)
108*0a437795SPablo de Lara                 i = 2 * ISAL_SHA256_BLOCK_SIZE;
1096df3ef80SGreg Tucker         else
110*0a437795SPablo de Lara                 i = ISAL_SHA256_BLOCK_SIZE;
1116df3ef80SGreg Tucker 
112e3f7d4fbSUlrich Weigand         *(uint64_t *) (buf + i - 8) = to_be64((uint64_t) len * 8);
1136df3ef80SGreg Tucker 
1146df3ef80SGreg Tucker         sha256_single(buf, digest);
115*0a437795SPablo de Lara         if (i == 2 * ISAL_SHA256_BLOCK_SIZE)
116*0a437795SPablo de Lara                 sha256_single(buf + ISAL_SHA256_BLOCK_SIZE, digest);
1176df3ef80SGreg Tucker }
1186df3ef80SGreg Tucker 
1199ba6f238SMarcel Cornu void
sha256_single(const uint8_t * data,uint32_t digest[])1209ba6f238SMarcel Cornu sha256_single(const uint8_t *data, uint32_t digest[])
1216df3ef80SGreg Tucker {
1226df3ef80SGreg Tucker         uint32_t a, b, c, d, e, f, g, h, t1, t2;
1236df3ef80SGreg Tucker         uint32_t w[16];
1246df3ef80SGreg Tucker         uint32_t *ww = (uint32_t *) data;
1256df3ef80SGreg Tucker 
1266df3ef80SGreg Tucker         a = digest[0];
1276df3ef80SGreg Tucker         b = digest[1];
1286df3ef80SGreg Tucker         c = digest[2];
1296df3ef80SGreg Tucker         d = digest[3];
1306df3ef80SGreg Tucker         e = digest[4];
1316df3ef80SGreg Tucker         f = digest[5];
1326df3ef80SGreg Tucker         g = digest[6];
1336df3ef80SGreg Tucker         h = digest[7];
1346df3ef80SGreg Tucker 
1356df3ef80SGreg Tucker         step(0, a, b, c, d, e, f, g, h, 0x428a2f98);
1366df3ef80SGreg Tucker         step(1, h, a, b, c, d, e, f, g, 0x71374491);
1376df3ef80SGreg Tucker         step(2, g, h, a, b, c, d, e, f, 0xb5c0fbcf);
1386df3ef80SGreg Tucker         step(3, f, g, h, a, b, c, d, e, 0xe9b5dba5);
1396df3ef80SGreg Tucker         step(4, e, f, g, h, a, b, c, d, 0x3956c25b);
1406df3ef80SGreg Tucker         step(5, d, e, f, g, h, a, b, c, 0x59f111f1);
1416df3ef80SGreg Tucker         step(6, c, d, e, f, g, h, a, b, 0x923f82a4);
1426df3ef80SGreg Tucker         step(7, b, c, d, e, f, g, h, a, 0xab1c5ed5);
1436df3ef80SGreg Tucker         step(8, a, b, c, d, e, f, g, h, 0xd807aa98);
1446df3ef80SGreg Tucker         step(9, h, a, b, c, d, e, f, g, 0x12835b01);
1456df3ef80SGreg Tucker         step(10, g, h, a, b, c, d, e, f, 0x243185be);
1466df3ef80SGreg Tucker         step(11, f, g, h, a, b, c, d, e, 0x550c7dc3);
1476df3ef80SGreg Tucker         step(12, e, f, g, h, a, b, c, d, 0x72be5d74);
1486df3ef80SGreg Tucker         step(13, d, e, f, g, h, a, b, c, 0x80deb1fe);
1496df3ef80SGreg Tucker         step(14, c, d, e, f, g, h, a, b, 0x9bdc06a7);
1506df3ef80SGreg Tucker         step(15, b, c, d, e, f, g, h, a, 0xc19bf174);
1516df3ef80SGreg Tucker         step(16, a, b, c, d, e, f, g, h, 0xe49b69c1);
1526df3ef80SGreg Tucker         step(17, h, a, b, c, d, e, f, g, 0xefbe4786);
1536df3ef80SGreg Tucker         step(18, g, h, a, b, c, d, e, f, 0x0fc19dc6);
1546df3ef80SGreg Tucker         step(19, f, g, h, a, b, c, d, e, 0x240ca1cc);
1556df3ef80SGreg Tucker         step(20, e, f, g, h, a, b, c, d, 0x2de92c6f);
1566df3ef80SGreg Tucker         step(21, d, e, f, g, h, a, b, c, 0x4a7484aa);
1576df3ef80SGreg Tucker         step(22, c, d, e, f, g, h, a, b, 0x5cb0a9dc);
1586df3ef80SGreg Tucker         step(23, b, c, d, e, f, g, h, a, 0x76f988da);
1596df3ef80SGreg Tucker         step(24, a, b, c, d, e, f, g, h, 0x983e5152);
1606df3ef80SGreg Tucker         step(25, h, a, b, c, d, e, f, g, 0xa831c66d);
1616df3ef80SGreg Tucker         step(26, g, h, a, b, c, d, e, f, 0xb00327c8);
1626df3ef80SGreg Tucker         step(27, f, g, h, a, b, c, d, e, 0xbf597fc7);
1636df3ef80SGreg Tucker         step(28, e, f, g, h, a, b, c, d, 0xc6e00bf3);
1646df3ef80SGreg Tucker         step(29, d, e, f, g, h, a, b, c, 0xd5a79147);
1656df3ef80SGreg Tucker         step(30, c, d, e, f, g, h, a, b, 0x06ca6351);
1666df3ef80SGreg Tucker         step(31, b, c, d, e, f, g, h, a, 0x14292967);
1676df3ef80SGreg Tucker         step(32, a, b, c, d, e, f, g, h, 0x27b70a85);
1686df3ef80SGreg Tucker         step(33, h, a, b, c, d, e, f, g, 0x2e1b2138);
1696df3ef80SGreg Tucker         step(34, g, h, a, b, c, d, e, f, 0x4d2c6dfc);
1706df3ef80SGreg Tucker         step(35, f, g, h, a, b, c, d, e, 0x53380d13);
1716df3ef80SGreg Tucker         step(36, e, f, g, h, a, b, c, d, 0x650a7354);
1726df3ef80SGreg Tucker         step(37, d, e, f, g, h, a, b, c, 0x766a0abb);
1736df3ef80SGreg Tucker         step(38, c, d, e, f, g, h, a, b, 0x81c2c92e);
1746df3ef80SGreg Tucker         step(39, b, c, d, e, f, g, h, a, 0x92722c85);
1756df3ef80SGreg Tucker         step(40, a, b, c, d, e, f, g, h, 0xa2bfe8a1);
1766df3ef80SGreg Tucker         step(41, h, a, b, c, d, e, f, g, 0xa81a664b);
1776df3ef80SGreg Tucker         step(42, g, h, a, b, c, d, e, f, 0xc24b8b70);
1786df3ef80SGreg Tucker         step(43, f, g, h, a, b, c, d, e, 0xc76c51a3);
1796df3ef80SGreg Tucker         step(44, e, f, g, h, a, b, c, d, 0xd192e819);
1806df3ef80SGreg Tucker         step(45, d, e, f, g, h, a, b, c, 0xd6990624);
1816df3ef80SGreg Tucker         step(46, c, d, e, f, g, h, a, b, 0xf40e3585);
1826df3ef80SGreg Tucker         step(47, b, c, d, e, f, g, h, a, 0x106aa070);
1836df3ef80SGreg Tucker         step(48, a, b, c, d, e, f, g, h, 0x19a4c116);
1846df3ef80SGreg Tucker         step(49, h, a, b, c, d, e, f, g, 0x1e376c08);
1856df3ef80SGreg Tucker         step(50, g, h, a, b, c, d, e, f, 0x2748774c);
1866df3ef80SGreg Tucker         step(51, f, g, h, a, b, c, d, e, 0x34b0bcb5);
1876df3ef80SGreg Tucker         step(52, e, f, g, h, a, b, c, d, 0x391c0cb3);
1886df3ef80SGreg Tucker         step(53, d, e, f, g, h, a, b, c, 0x4ed8aa4a);
1896df3ef80SGreg Tucker         step(54, c, d, e, f, g, h, a, b, 0x5b9cca4f);
1906df3ef80SGreg Tucker         step(55, b, c, d, e, f, g, h, a, 0x682e6ff3);
1916df3ef80SGreg Tucker         step(56, a, b, c, d, e, f, g, h, 0x748f82ee);
1926df3ef80SGreg Tucker         step(57, h, a, b, c, d, e, f, g, 0x78a5636f);
1936df3ef80SGreg Tucker         step(58, g, h, a, b, c, d, e, f, 0x84c87814);
1946df3ef80SGreg Tucker         step(59, f, g, h, a, b, c, d, e, 0x8cc70208);
1956df3ef80SGreg Tucker         step(60, e, f, g, h, a, b, c, d, 0x90befffa);
1966df3ef80SGreg Tucker         step(61, d, e, f, g, h, a, b, c, 0xa4506ceb);
1976df3ef80SGreg Tucker         step(62, c, d, e, f, g, h, a, b, 0xbef9a3f7);
1986df3ef80SGreg Tucker         step(63, b, c, d, e, f, g, h, a, 0xc67178f2);
1996df3ef80SGreg Tucker 
2006df3ef80SGreg Tucker         digest[0] += a;
2016df3ef80SGreg Tucker         digest[1] += b;
2026df3ef80SGreg Tucker         digest[2] += c;
2036df3ef80SGreg Tucker         digest[3] += d;
2046df3ef80SGreg Tucker         digest[4] += e;
2056df3ef80SGreg Tucker         digest[5] += f;
2066df3ef80SGreg Tucker         digest[6] += g;
2076df3ef80SGreg Tucker         digest[7] += h;
2086df3ef80SGreg Tucker }
209