1 /********************************************************************** 2 Copyright(c) 2011-2016 Intel Corporation All rights reserved. 3 4 Redistribution and use in source and binary forms, with or without 5 modification, are permitted provided that the following conditions 6 are met: 7 * Redistributions of source code must retain the above copyright 8 notice, this list of conditions and the following disclaimer. 9 * Redistributions in binary form must reproduce the above copyright 10 notice, this list of conditions and the following disclaimer in 11 the documentation and/or other materials provided with the 12 distribution. 13 * Neither the name of Intel Corporation nor the names of its 14 contributors may be used to endorse or promote products derived 15 from this software without specific prior written permission. 16 17 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 20 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 21 OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 23 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 **********************************************************************/ 29 30 #include <string.h> 31 #include "sha256_mb.h" 32 #include "endian_helper.h" 33 34 //////////////////////////////////////////////////////////////////////// 35 //////////////////////////////////////////////////////////////////////// 36 // Reference SHA256 Functions 37 //////////////////////////////////////////////////////////////////////// 38 //////////////////////////////////////////////////////////////////////// 39 40 #if (__GNUC__ >= 11) 41 #define OPT_FIX __attribute__((noipa)) 42 #else 43 #define OPT_FIX 44 #endif 45 46 #define H0 0x6a09e667 47 #define H1 0xbb67ae85 48 #define H2 0x3c6ef372 49 #define H3 0xa54ff53a 50 #define H4 0x510e527f 51 #define H5 0x9b05688c 52 #define H6 0x1f83d9ab 53 #define H7 0x5be0cd19 54 55 #define ror32(x, r) (((x) >> (r)) ^ ((x) << (32 - (r)))) 56 57 #define W(x) w[(x) & 15] 58 59 #define S0(w) (ror32(w, 7) ^ ror32(w, 18) ^ (w >> 3)) 60 #define S1(w) (ror32(w, 17) ^ ror32(w, 19) ^ (w >> 10)) 61 62 #define s0(a) (ror32(a, 2) ^ ror32(a, 13) ^ ror32(a, 22)) 63 #define s1(e) (ror32(e, 6) ^ ror32(e, 11) ^ ror32(e, 25)) 64 #define maj(a, b, c) ((a & b) ^ (a & c) ^ (b & c)) 65 #define ch(e, f, g) ((e & f) ^ (g & ~e)) 66 67 #define step(i, a, b, c, d, e, f, g, h, k) \ 68 if (i < 16) \ 69 W(i) = to_be32(ww[i]); \ 70 else \ 71 W(i) = W(i - 16) + S0(W(i - 15)) + W(i - 7) + S1(W(i - 2)); \ 72 t2 = s0(a) + maj(a, b, c); \ 73 t1 = h + s1(e) + ch(e, f, g) + k + W(i); \ 74 d += t1; \ 75 h = t1 + t2; 76 77 static void OPT_FIX 78 sha256_single(const uint8_t *data, uint32_t digest[]); 79 80 void 81 sha256_ref(const uint8_t *input_data, uint32_t *digest, const uint32_t len) 82 { 83 uint32_t i, j; 84 uint8_t buf[2 * SHA256_BLOCK_SIZE]; 85 86 digest[0] = H0; 87 digest[1] = H1; 88 digest[2] = H2; 89 digest[3] = H3; 90 digest[4] = H4; 91 digest[5] = H5; 92 digest[6] = H6; 93 digest[7] = H7; 94 95 i = len; 96 while (i >= SHA256_BLOCK_SIZE) { 97 sha256_single(input_data, digest); 98 input_data += SHA256_BLOCK_SIZE; 99 i -= SHA256_BLOCK_SIZE; 100 } 101 102 memcpy(buf, input_data, i); 103 buf[i++] = 0x80; 104 for (j = i; j < ((2 * SHA256_BLOCK_SIZE) - SHA256_PADLENGTHFIELD_SIZE); j++) 105 buf[j] = 0; 106 107 if (i > SHA256_BLOCK_SIZE - SHA256_PADLENGTHFIELD_SIZE) 108 i = 2 * SHA256_BLOCK_SIZE; 109 else 110 i = SHA256_BLOCK_SIZE; 111 112 *(uint64_t *) (buf + i - 8) = to_be64((uint64_t) len * 8); 113 114 sha256_single(buf, digest); 115 if (i == 2 * SHA256_BLOCK_SIZE) 116 sha256_single(buf + SHA256_BLOCK_SIZE, digest); 117 } 118 119 void 120 sha256_single(const uint8_t *data, uint32_t digest[]) 121 { 122 uint32_t a, b, c, d, e, f, g, h, t1, t2; 123 uint32_t w[16]; 124 uint32_t *ww = (uint32_t *) data; 125 126 a = digest[0]; 127 b = digest[1]; 128 c = digest[2]; 129 d = digest[3]; 130 e = digest[4]; 131 f = digest[5]; 132 g = digest[6]; 133 h = digest[7]; 134 135 step(0, a, b, c, d, e, f, g, h, 0x428a2f98); 136 step(1, h, a, b, c, d, e, f, g, 0x71374491); 137 step(2, g, h, a, b, c, d, e, f, 0xb5c0fbcf); 138 step(3, f, g, h, a, b, c, d, e, 0xe9b5dba5); 139 step(4, e, f, g, h, a, b, c, d, 0x3956c25b); 140 step(5, d, e, f, g, h, a, b, c, 0x59f111f1); 141 step(6, c, d, e, f, g, h, a, b, 0x923f82a4); 142 step(7, b, c, d, e, f, g, h, a, 0xab1c5ed5); 143 step(8, a, b, c, d, e, f, g, h, 0xd807aa98); 144 step(9, h, a, b, c, d, e, f, g, 0x12835b01); 145 step(10, g, h, a, b, c, d, e, f, 0x243185be); 146 step(11, f, g, h, a, b, c, d, e, 0x550c7dc3); 147 step(12, e, f, g, h, a, b, c, d, 0x72be5d74); 148 step(13, d, e, f, g, h, a, b, c, 0x80deb1fe); 149 step(14, c, d, e, f, g, h, a, b, 0x9bdc06a7); 150 step(15, b, c, d, e, f, g, h, a, 0xc19bf174); 151 step(16, a, b, c, d, e, f, g, h, 0xe49b69c1); 152 step(17, h, a, b, c, d, e, f, g, 0xefbe4786); 153 step(18, g, h, a, b, c, d, e, f, 0x0fc19dc6); 154 step(19, f, g, h, a, b, c, d, e, 0x240ca1cc); 155 step(20, e, f, g, h, a, b, c, d, 0x2de92c6f); 156 step(21, d, e, f, g, h, a, b, c, 0x4a7484aa); 157 step(22, c, d, e, f, g, h, a, b, 0x5cb0a9dc); 158 step(23, b, c, d, e, f, g, h, a, 0x76f988da); 159 step(24, a, b, c, d, e, f, g, h, 0x983e5152); 160 step(25, h, a, b, c, d, e, f, g, 0xa831c66d); 161 step(26, g, h, a, b, c, d, e, f, 0xb00327c8); 162 step(27, f, g, h, a, b, c, d, e, 0xbf597fc7); 163 step(28, e, f, g, h, a, b, c, d, 0xc6e00bf3); 164 step(29, d, e, f, g, h, a, b, c, 0xd5a79147); 165 step(30, c, d, e, f, g, h, a, b, 0x06ca6351); 166 step(31, b, c, d, e, f, g, h, a, 0x14292967); 167 step(32, a, b, c, d, e, f, g, h, 0x27b70a85); 168 step(33, h, a, b, c, d, e, f, g, 0x2e1b2138); 169 step(34, g, h, a, b, c, d, e, f, 0x4d2c6dfc); 170 step(35, f, g, h, a, b, c, d, e, 0x53380d13); 171 step(36, e, f, g, h, a, b, c, d, 0x650a7354); 172 step(37, d, e, f, g, h, a, b, c, 0x766a0abb); 173 step(38, c, d, e, f, g, h, a, b, 0x81c2c92e); 174 step(39, b, c, d, e, f, g, h, a, 0x92722c85); 175 step(40, a, b, c, d, e, f, g, h, 0xa2bfe8a1); 176 step(41, h, a, b, c, d, e, f, g, 0xa81a664b); 177 step(42, g, h, a, b, c, d, e, f, 0xc24b8b70); 178 step(43, f, g, h, a, b, c, d, e, 0xc76c51a3); 179 step(44, e, f, g, h, a, b, c, d, 0xd192e819); 180 step(45, d, e, f, g, h, a, b, c, 0xd6990624); 181 step(46, c, d, e, f, g, h, a, b, 0xf40e3585); 182 step(47, b, c, d, e, f, g, h, a, 0x106aa070); 183 step(48, a, b, c, d, e, f, g, h, 0x19a4c116); 184 step(49, h, a, b, c, d, e, f, g, 0x1e376c08); 185 step(50, g, h, a, b, c, d, e, f, 0x2748774c); 186 step(51, f, g, h, a, b, c, d, e, 0x34b0bcb5); 187 step(52, e, f, g, h, a, b, c, d, 0x391c0cb3); 188 step(53, d, e, f, g, h, a, b, c, 0x4ed8aa4a); 189 step(54, c, d, e, f, g, h, a, b, 0x5b9cca4f); 190 step(55, b, c, d, e, f, g, h, a, 0x682e6ff3); 191 step(56, a, b, c, d, e, f, g, h, 0x748f82ee); 192 step(57, h, a, b, c, d, e, f, g, 0x78a5636f); 193 step(58, g, h, a, b, c, d, e, f, 0x84c87814); 194 step(59, f, g, h, a, b, c, d, e, 0x8cc70208); 195 step(60, e, f, g, h, a, b, c, d, 0x90befffa); 196 step(61, d, e, f, g, h, a, b, c, 0xa4506ceb); 197 step(62, c, d, e, f, g, h, a, b, 0xbef9a3f7); 198 step(63, b, c, d, e, f, g, h, a, 0xc67178f2); 199 200 digest[0] += a; 201 digest[1] += b; 202 digest[2] += c; 203 digest[3] += d; 204 digest[4] += e; 205 digest[5] += f; 206 digest[6] += g; 207 digest[7] += h; 208 } 209