xref: /isa-l_crypto/sha256_mb/sha256_ref.c (revision e3f7d4fb1bd3dcbfb75b87e0c61870e751d613aa) 
1  /**********************************************************************
2    Copyright(c) 2011-2016 Intel Corporation All rights reserved.
3  
4    Redistribution and use in source and binary forms, with or without
5    modification, are permitted provided that the following conditions
6    are met:
7      * Redistributions of source code must retain the above copyright
8        notice, this list of conditions and the following disclaimer.
9      * Redistributions in binary form must reproduce the above copyright
10        notice, this list of conditions and the following disclaimer in
11        the documentation and/or other materials provided with the
12        distribution.
13      * Neither the name of Intel Corporation nor the names of its
14        contributors may be used to endorse or promote products derived
15        from this software without specific prior written permission.
16  
17    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
18    "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
19    LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
20    A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
21    OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
22    SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
23    LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24    DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25    THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26    (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
27    OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28  **********************************************************************/
29  
30  #include <string.h>
31  #include "sha256_mb.h"
32  
33  ////////////////////////////////////////////////////////////////////////
34  ////////////////////////////////////////////////////////////////////////
35  // Reference SHA256 Functions
36  ////////////////////////////////////////////////////////////////////////
37  ////////////////////////////////////////////////////////////////////////
38  
39  #define H0 0x6a09e667
40  #define H1 0xbb67ae85
41  #define H2 0x3c6ef372
42  #define H3 0xa54ff53a
43  #define H4 0x510e527f
44  #define H5 0x9b05688c
45  #define H6 0x1f83d9ab
46  #define H7 0x5be0cd19
47  
48  #define ror32(x, r) (((x)>>(r)) ^ ((x)<<(32-(r))))
49  
50  #define W(x) w[(x) & 15]
51  
52  #define S0(w) (ror32(w,7) ^ ror32(w,18) ^ (w >> 3))
53  #define S1(w) (ror32(w,17) ^ ror32(w,19) ^ (w >> 10))
54  
55  #define s0(a) (ror32(a,2) ^ ror32(a,13) ^ ror32(a,22))
56  #define s1(e) (ror32(e,6) ^ ror32(e,11) ^ ror32(e,25))
57  #define maj(a,b,c) ((a & b) ^ (a & c) ^ (b & c))
58  #define ch(e,f,g) ((e & f) ^ (g & ~e))
59  
60  #define step(i,a,b,c,d,e,f,g,h,k) \
61  	if (i<16) W(i) = to_be32(ww[i]); \
62  	else \
63  	W(i) = W(i-16) + S0(W(i-15)) + W(i-7) + S1(W(i-2)); \
64  	t2 = s0(a) + maj(a,b,c); \
65  	t1 = h + s1(e) + ch(e,f,g) + k + W(i); \
66  	d += t1; \
67  	h = t1 + t2;
68  
69  void sha256_single(const uint8_t * data, uint32_t digest[]);
70  
71  void sha256_ref(const uint8_t * input_data, uint32_t * digest, const uint32_t len)
72  {
73  	uint32_t i, j;
74  	uint8_t buf[2 * SHA256_BLOCK_SIZE];
75  
76  	digest[0] = H0;
77  	digest[1] = H1;
78  	digest[2] = H2;
79  	digest[3] = H3;
80  	digest[4] = H4;
81  	digest[5] = H5;
82  	digest[6] = H6;
83  	digest[7] = H7;
84  
85  	i = len;
86  	while (i >= SHA256_BLOCK_SIZE) {
87  		sha256_single(input_data, digest);
88  		input_data += SHA256_BLOCK_SIZE;
89  		i -= SHA256_BLOCK_SIZE;
90  	}
91  
92  	memcpy(buf, input_data, i);
93  	buf[i++] = 0x80;
94  	for (j = i; j < ((2 * SHA256_BLOCK_SIZE) - SHA256_PADLENGTHFIELD_SIZE); j++)
95  		buf[j] = 0;
96  
97  	if (i > SHA256_BLOCK_SIZE - SHA256_PADLENGTHFIELD_SIZE)
98  		i = 2 * SHA256_BLOCK_SIZE;
99  	else
100  		i = SHA256_BLOCK_SIZE;
101  
102  	*(uint64_t *) (buf + i - 8) = to_be64((uint64_t) len * 8);
103  
104  	sha256_single(buf, digest);
105  	if (i == 2 * SHA256_BLOCK_SIZE)
106  		sha256_single(buf + SHA256_BLOCK_SIZE, digest);
107  }
108  
109  void sha256_single(const uint8_t * data, uint32_t digest[])
110  {
111  	uint32_t a, b, c, d, e, f, g, h, t1, t2;
112  	uint32_t w[16];
113  	uint32_t *ww = (uint32_t *) data;
114  
115  	a = digest[0];
116  	b = digest[1];
117  	c = digest[2];
118  	d = digest[3];
119  	e = digest[4];
120  	f = digest[5];
121  	g = digest[6];
122  	h = digest[7];
123  
124  	step(0, a, b, c, d, e, f, g, h, 0x428a2f98);
125  	step(1, h, a, b, c, d, e, f, g, 0x71374491);
126  	step(2, g, h, a, b, c, d, e, f, 0xb5c0fbcf);
127  	step(3, f, g, h, a, b, c, d, e, 0xe9b5dba5);
128  	step(4, e, f, g, h, a, b, c, d, 0x3956c25b);
129  	step(5, d, e, f, g, h, a, b, c, 0x59f111f1);
130  	step(6, c, d, e, f, g, h, a, b, 0x923f82a4);
131  	step(7, b, c, d, e, f, g, h, a, 0xab1c5ed5);
132  	step(8, a, b, c, d, e, f, g, h, 0xd807aa98);
133  	step(9, h, a, b, c, d, e, f, g, 0x12835b01);
134  	step(10, g, h, a, b, c, d, e, f, 0x243185be);
135  	step(11, f, g, h, a, b, c, d, e, 0x550c7dc3);
136  	step(12, e, f, g, h, a, b, c, d, 0x72be5d74);
137  	step(13, d, e, f, g, h, a, b, c, 0x80deb1fe);
138  	step(14, c, d, e, f, g, h, a, b, 0x9bdc06a7);
139  	step(15, b, c, d, e, f, g, h, a, 0xc19bf174);
140  	step(16, a, b, c, d, e, f, g, h, 0xe49b69c1);
141  	step(17, h, a, b, c, d, e, f, g, 0xefbe4786);
142  	step(18, g, h, a, b, c, d, e, f, 0x0fc19dc6);
143  	step(19, f, g, h, a, b, c, d, e, 0x240ca1cc);
144  	step(20, e, f, g, h, a, b, c, d, 0x2de92c6f);
145  	step(21, d, e, f, g, h, a, b, c, 0x4a7484aa);
146  	step(22, c, d, e, f, g, h, a, b, 0x5cb0a9dc);
147  	step(23, b, c, d, e, f, g, h, a, 0x76f988da);
148  	step(24, a, b, c, d, e, f, g, h, 0x983e5152);
149  	step(25, h, a, b, c, d, e, f, g, 0xa831c66d);
150  	step(26, g, h, a, b, c, d, e, f, 0xb00327c8);
151  	step(27, f, g, h, a, b, c, d, e, 0xbf597fc7);
152  	step(28, e, f, g, h, a, b, c, d, 0xc6e00bf3);
153  	step(29, d, e, f, g, h, a, b, c, 0xd5a79147);
154  	step(30, c, d, e, f, g, h, a, b, 0x06ca6351);
155  	step(31, b, c, d, e, f, g, h, a, 0x14292967);
156  	step(32, a, b, c, d, e, f, g, h, 0x27b70a85);
157  	step(33, h, a, b, c, d, e, f, g, 0x2e1b2138);
158  	step(34, g, h, a, b, c, d, e, f, 0x4d2c6dfc);
159  	step(35, f, g, h, a, b, c, d, e, 0x53380d13);
160  	step(36, e, f, g, h, a, b, c, d, 0x650a7354);
161  	step(37, d, e, f, g, h, a, b, c, 0x766a0abb);
162  	step(38, c, d, e, f, g, h, a, b, 0x81c2c92e);
163  	step(39, b, c, d, e, f, g, h, a, 0x92722c85);
164  	step(40, a, b, c, d, e, f, g, h, 0xa2bfe8a1);
165  	step(41, h, a, b, c, d, e, f, g, 0xa81a664b);
166  	step(42, g, h, a, b, c, d, e, f, 0xc24b8b70);
167  	step(43, f, g, h, a, b, c, d, e, 0xc76c51a3);
168  	step(44, e, f, g, h, a, b, c, d, 0xd192e819);
169  	step(45, d, e, f, g, h, a, b, c, 0xd6990624);
170  	step(46, c, d, e, f, g, h, a, b, 0xf40e3585);
171  	step(47, b, c, d, e, f, g, h, a, 0x106aa070);
172  	step(48, a, b, c, d, e, f, g, h, 0x19a4c116);
173  	step(49, h, a, b, c, d, e, f, g, 0x1e376c08);
174  	step(50, g, h, a, b, c, d, e, f, 0x2748774c);
175  	step(51, f, g, h, a, b, c, d, e, 0x34b0bcb5);
176  	step(52, e, f, g, h, a, b, c, d, 0x391c0cb3);
177  	step(53, d, e, f, g, h, a, b, c, 0x4ed8aa4a);
178  	step(54, c, d, e, f, g, h, a, b, 0x5b9cca4f);
179  	step(55, b, c, d, e, f, g, h, a, 0x682e6ff3);
180  	step(56, a, b, c, d, e, f, g, h, 0x748f82ee);
181  	step(57, h, a, b, c, d, e, f, g, 0x78a5636f);
182  	step(58, g, h, a, b, c, d, e, f, 0x84c87814);
183  	step(59, f, g, h, a, b, c, d, e, 0x8cc70208);
184  	step(60, e, f, g, h, a, b, c, d, 0x90befffa);
185  	step(61, d, e, f, g, h, a, b, c, 0xa4506ceb);
186  	step(62, c, d, e, f, g, h, a, b, 0xbef9a3f7);
187  	step(63, b, c, d, e, f, g, h, a, 0xc67178f2);
188  
189  	digest[0] += a;
190  	digest[1] += b;
191  	digest[2] += c;
192  	digest[3] += d;
193  	digest[4] += e;
194  	digest[5] += f;
195  	digest[6] += g;
196  	digest[7] += h;
197  }
198