xref: /isa-l_crypto/sha256_mb/sha256_ref.c (revision dabcf5870f52bef92fcd58f5d75ba7f356301b41) 
1 /**********************************************************************
2   Copyright(c) 2011-2016 Intel Corporation All rights reserved.
3 
4   Redistribution and use in source and binary forms, with or without
5   modification, are permitted provided that the following conditions
6   are met:
7     * Redistributions of source code must retain the above copyright
8       notice, this list of conditions and the following disclaimer.
9     * Redistributions in binary form must reproduce the above copyright
10       notice, this list of conditions and the following disclaimer in
11       the documentation and/or other materials provided with the
12       distribution.
13     * Neither the name of Intel Corporation nor the names of its
14       contributors may be used to endorse or promote products derived
15       from this software without specific prior written permission.
16 
17   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
18   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
19   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
20   A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
21   OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
22   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
23   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
27   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 **********************************************************************/
29 
30 #include <string.h>
31 #include "sha256_mb.h"
32 #include "endian_helper.h"
33 
34 ////////////////////////////////////////////////////////////////////////
35 ////////////////////////////////////////////////////////////////////////
36 // Reference SHA256 Functions
37 ////////////////////////////////////////////////////////////////////////
38 ////////////////////////////////////////////////////////////////////////
39 
40 #if (__GNUC__ >= 11)
41 # define OPT_FIX __attribute__ ((noipa))
42 #else
43 # define OPT_FIX
44 #endif
45 
46 #define H0 0x6a09e667
47 #define H1 0xbb67ae85
48 #define H2 0x3c6ef372
49 #define H3 0xa54ff53a
50 #define H4 0x510e527f
51 #define H5 0x9b05688c
52 #define H6 0x1f83d9ab
53 #define H7 0x5be0cd19
54 
55 #define ror32(x, r) (((x)>>(r)) ^ ((x)<<(32-(r))))
56 
57 #define W(x) w[(x) & 15]
58 
59 #define S0(w) (ror32(w,7) ^ ror32(w,18) ^ (w >> 3))
60 #define S1(w) (ror32(w,17) ^ ror32(w,19) ^ (w >> 10))
61 
62 #define s0(a) (ror32(a,2) ^ ror32(a,13) ^ ror32(a,22))
63 #define s1(e) (ror32(e,6) ^ ror32(e,11) ^ ror32(e,25))
64 #define maj(a,b,c) ((a & b) ^ (a & c) ^ (b & c))
65 #define ch(e,f,g) ((e & f) ^ (g & ~e))
66 
67 #define step(i,a,b,c,d,e,f,g,h,k) \
68 	if (i<16) W(i) = to_be32(ww[i]); \
69 	else \
70 	W(i) = W(i-16) + S0(W(i-15)) + W(i-7) + S1(W(i-2)); \
71 	t2 = s0(a) + maj(a,b,c); \
72 	t1 = h + s1(e) + ch(e,f,g) + k + W(i); \
73 	d += t1; \
74 	h = t1 + t2;
75 
76 static void OPT_FIX sha256_single(const uint8_t * data, uint32_t digest[]);
77 
78 void sha256_ref(const uint8_t * input_data, uint32_t * digest, const uint32_t len)
79 {
80 	uint32_t i, j;
81 	uint8_t buf[2 * SHA256_BLOCK_SIZE];
82 
83 	digest[0] = H0;
84 	digest[1] = H1;
85 	digest[2] = H2;
86 	digest[3] = H3;
87 	digest[4] = H4;
88 	digest[5] = H5;
89 	digest[6] = H6;
90 	digest[7] = H7;
91 
92 	i = len;
93 	while (i >= SHA256_BLOCK_SIZE) {
94 		sha256_single(input_data, digest);
95 		input_data += SHA256_BLOCK_SIZE;
96 		i -= SHA256_BLOCK_SIZE;
97 	}
98 
99 	memcpy(buf, input_data, i);
100 	buf[i++] = 0x80;
101 	for (j = i; j < ((2 * SHA256_BLOCK_SIZE) - SHA256_PADLENGTHFIELD_SIZE); j++)
102 		buf[j] = 0;
103 
104 	if (i > SHA256_BLOCK_SIZE - SHA256_PADLENGTHFIELD_SIZE)
105 		i = 2 * SHA256_BLOCK_SIZE;
106 	else
107 		i = SHA256_BLOCK_SIZE;
108 
109 	*(uint64_t *) (buf + i - 8) = to_be64((uint64_t) len * 8);
110 
111 	sha256_single(buf, digest);
112 	if (i == 2 * SHA256_BLOCK_SIZE)
113 		sha256_single(buf + SHA256_BLOCK_SIZE, digest);
114 }
115 
116 void sha256_single(const uint8_t * data, uint32_t digest[])
117 {
118 	uint32_t a, b, c, d, e, f, g, h, t1, t2;
119 	uint32_t w[16];
120 	uint32_t *ww = (uint32_t *) data;
121 
122 	a = digest[0];
123 	b = digest[1];
124 	c = digest[2];
125 	d = digest[3];
126 	e = digest[4];
127 	f = digest[5];
128 	g = digest[6];
129 	h = digest[7];
130 
131 	step(0, a, b, c, d, e, f, g, h, 0x428a2f98);
132 	step(1, h, a, b, c, d, e, f, g, 0x71374491);
133 	step(2, g, h, a, b, c, d, e, f, 0xb5c0fbcf);
134 	step(3, f, g, h, a, b, c, d, e, 0xe9b5dba5);
135 	step(4, e, f, g, h, a, b, c, d, 0x3956c25b);
136 	step(5, d, e, f, g, h, a, b, c, 0x59f111f1);
137 	step(6, c, d, e, f, g, h, a, b, 0x923f82a4);
138 	step(7, b, c, d, e, f, g, h, a, 0xab1c5ed5);
139 	step(8, a, b, c, d, e, f, g, h, 0xd807aa98);
140 	step(9, h, a, b, c, d, e, f, g, 0x12835b01);
141 	step(10, g, h, a, b, c, d, e, f, 0x243185be);
142 	step(11, f, g, h, a, b, c, d, e, 0x550c7dc3);
143 	step(12, e, f, g, h, a, b, c, d, 0x72be5d74);
144 	step(13, d, e, f, g, h, a, b, c, 0x80deb1fe);
145 	step(14, c, d, e, f, g, h, a, b, 0x9bdc06a7);
146 	step(15, b, c, d, e, f, g, h, a, 0xc19bf174);
147 	step(16, a, b, c, d, e, f, g, h, 0xe49b69c1);
148 	step(17, h, a, b, c, d, e, f, g, 0xefbe4786);
149 	step(18, g, h, a, b, c, d, e, f, 0x0fc19dc6);
150 	step(19, f, g, h, a, b, c, d, e, 0x240ca1cc);
151 	step(20, e, f, g, h, a, b, c, d, 0x2de92c6f);
152 	step(21, d, e, f, g, h, a, b, c, 0x4a7484aa);
153 	step(22, c, d, e, f, g, h, a, b, 0x5cb0a9dc);
154 	step(23, b, c, d, e, f, g, h, a, 0x76f988da);
155 	step(24, a, b, c, d, e, f, g, h, 0x983e5152);
156 	step(25, h, a, b, c, d, e, f, g, 0xa831c66d);
157 	step(26, g, h, a, b, c, d, e, f, 0xb00327c8);
158 	step(27, f, g, h, a, b, c, d, e, 0xbf597fc7);
159 	step(28, e, f, g, h, a, b, c, d, 0xc6e00bf3);
160 	step(29, d, e, f, g, h, a, b, c, 0xd5a79147);
161 	step(30, c, d, e, f, g, h, a, b, 0x06ca6351);
162 	step(31, b, c, d, e, f, g, h, a, 0x14292967);
163 	step(32, a, b, c, d, e, f, g, h, 0x27b70a85);
164 	step(33, h, a, b, c, d, e, f, g, 0x2e1b2138);
165 	step(34, g, h, a, b, c, d, e, f, 0x4d2c6dfc);
166 	step(35, f, g, h, a, b, c, d, e, 0x53380d13);
167 	step(36, e, f, g, h, a, b, c, d, 0x650a7354);
168 	step(37, d, e, f, g, h, a, b, c, 0x766a0abb);
169 	step(38, c, d, e, f, g, h, a, b, 0x81c2c92e);
170 	step(39, b, c, d, e, f, g, h, a, 0x92722c85);
171 	step(40, a, b, c, d, e, f, g, h, 0xa2bfe8a1);
172 	step(41, h, a, b, c, d, e, f, g, 0xa81a664b);
173 	step(42, g, h, a, b, c, d, e, f, 0xc24b8b70);
174 	step(43, f, g, h, a, b, c, d, e, 0xc76c51a3);
175 	step(44, e, f, g, h, a, b, c, d, 0xd192e819);
176 	step(45, d, e, f, g, h, a, b, c, 0xd6990624);
177 	step(46, c, d, e, f, g, h, a, b, 0xf40e3585);
178 	step(47, b, c, d, e, f, g, h, a, 0x106aa070);
179 	step(48, a, b, c, d, e, f, g, h, 0x19a4c116);
180 	step(49, h, a, b, c, d, e, f, g, 0x1e376c08);
181 	step(50, g, h, a, b, c, d, e, f, 0x2748774c);
182 	step(51, f, g, h, a, b, c, d, e, 0x34b0bcb5);
183 	step(52, e, f, g, h, a, b, c, d, 0x391c0cb3);
184 	step(53, d, e, f, g, h, a, b, c, 0x4ed8aa4a);
185 	step(54, c, d, e, f, g, h, a, b, 0x5b9cca4f);
186 	step(55, b, c, d, e, f, g, h, a, 0x682e6ff3);
187 	step(56, a, b, c, d, e, f, g, h, 0x748f82ee);
188 	step(57, h, a, b, c, d, e, f, g, 0x78a5636f);
189 	step(58, g, h, a, b, c, d, e, f, 0x84c87814);
190 	step(59, f, g, h, a, b, c, d, e, 0x8cc70208);
191 	step(60, e, f, g, h, a, b, c, d, 0x90befffa);
192 	step(61, d, e, f, g, h, a, b, c, 0xa4506ceb);
193 	step(62, c, d, e, f, g, h, a, b, 0xbef9a3f7);
194 	step(63, b, c, d, e, f, g, h, a, 0xc67178f2);
195 
196 	digest[0] += a;
197 	digest[1] += b;
198 	digest[2] += c;
199 	digest[3] += d;
200 	digest[4] += e;
201 	digest[5] += f;
202 	digest[6] += g;
203 	digest[7] += h;
204 }
205