|
|
// sha.cpp - modified by Wei Dai from Steve Reid's public domain sha1.c
// Steve Reid implemented SHA-1. Wei Dai implemented SHA-2.
// Both are in the public domain.
// use "cl /EP /P /DCRYPTOPP_GENERATE_X64_MASM sha.cpp" to generate MASM code
#include "pch.h"
#ifndef CRYPTOPP_IMPORTS
#ifndef CRYPTOPP_GENERATE_X64_MASM
#include "sha.h"
#include "misc.h"
#include "cpu.h"
NAMESPACE_BEGIN(CryptoPP)
// start of Steve Reid's code
#define blk0(i) (W[i] = data[i])
#define blk1(i) (W[i&15] = rotlFixed(W[(i+13)&15]^W[(i+8)&15]^W[(i+2)&15]^W[i&15],1))
void SHA1::InitState(HashWordType *state){ state[0] = 0x67452301L; state[1] = 0xEFCDAB89L; state[2] = 0x98BADCFEL; state[3] = 0x10325476L; state[4] = 0xC3D2E1F0L;}
#define f1(x,y,z) (z^(x&(y^z)))
#define f2(x,y,z) (x^y^z)
#define f3(x,y,z) ((x&y)|(z&(x|y)))
#define f4(x,y,z) (x^y^z)
/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */#define R0(v,w,x,y,z,i) z+=f1(w,x,y)+blk0(i)+0x5A827999+rotlFixed(v,5);w=rotlFixed(w,30);
#define R1(v,w,x,y,z,i) z+=f1(w,x,y)+blk1(i)+0x5A827999+rotlFixed(v,5);w=rotlFixed(w,30);
#define R2(v,w,x,y,z,i) z+=f2(w,x,y)+blk1(i)+0x6ED9EBA1+rotlFixed(v,5);w=rotlFixed(w,30);
#define R3(v,w,x,y,z,i) z+=f3(w,x,y)+blk1(i)+0x8F1BBCDC+rotlFixed(v,5);w=rotlFixed(w,30);
#define R4(v,w,x,y,z,i) z+=f4(w,x,y)+blk1(i)+0xCA62C1D6+rotlFixed(v,5);w=rotlFixed(w,30);
void SHA1::Transform(word32 *state, const word32 *data){ word32 W[16]; /* Copy context->state[] to working vars */ word32 a = state[0]; word32 b = state[1]; word32 c = state[2]; word32 d = state[3]; word32 e = state[4]; /* 4 rounds of 20 operations each. Loop unrolled. */ R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); /* Add the working vars back into context.state[] */ state[0] += a; state[1] += b; state[2] += c; state[3] += d; state[4] += e;}
// end of Steve Reid's code
// *************************************************************
void SHA224::InitState(HashWordType *state){ static const word32 s[8] = {0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939, 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4}; memcpy(state, s, sizeof(s));}
void SHA256::InitState(HashWordType *state){ static const word32 s[8] = {0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19}; memcpy(state, s, sizeof(s));}
#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
CRYPTOPP_ALIGN_DATA(16) extern const word32 SHA256_K[64] CRYPTOPP_SECTION_ALIGN16 = {#else
extern const word32 SHA256_K[64] = {#endif
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2};
#endif // #ifndef CRYPTOPP_GENERATE_X64_MASM
#if defined(CRYPTOPP_X86_ASM_AVAILABLE) || defined(CRYPTOPP_GENERATE_X64_MASM)
#pragma warning(disable: 4731) // frame pointer register 'ebp' modified by inline assembly code
static void CRYPTOPP_FASTCALL X86_SHA256_HashBlocks(word32 *state, const word32 *data, size_t len#if defined(_MSC_VER) && (_MSC_VER == 1200)
, ... // VC60 workaround: prevent VC 6 from inlining this function
#endif
){#if defined(_MSC_VER) && (_MSC_VER == 1200)
AS2(mov ecx, [state]) AS2(mov edx, [data])#endif
#define LOCALS_SIZE 8*4 + 16*4 + 4*WORD_SZ
#define H(i) [BASE+ASM_MOD(1024+7-(i),8)*4]
#define G(i) H(i+1)
#define F(i) H(i+2)
#define E(i) H(i+3)
#define D(i) H(i+4)
#define C(i) H(i+5)
#define B(i) H(i+6)
#define A(i) H(i+7)
#define Wt(i) BASE+8*4+ASM_MOD(1024+15-(i),16)*4
#define Wt_2(i) Wt((i)-2)
#define Wt_15(i) Wt((i)-15)
#define Wt_7(i) Wt((i)-7)
#define K_END [BASE+8*4+16*4+0*WORD_SZ]
#define STATE_SAVE [BASE+8*4+16*4+1*WORD_SZ]
#define DATA_SAVE [BASE+8*4+16*4+2*WORD_SZ]
#define DATA_END [BASE+8*4+16*4+3*WORD_SZ]
#define Kt(i) WORD_REG(si)+(i)*4
#if CRYPTOPP_BOOL_X86
#define BASE esp+4
#elif defined(__GNUC__)
#define BASE r8
#else
#define BASE rsp
#endif
#define RA0(i, edx, edi) \
AS2( add edx, [Kt(i)] )\ AS2( add edx, [Wt(i)] )\ AS2( add edx, H(i) )\
#define RA1(i, edx, edi)
#define RB0(i, edx, edi)
#define RB1(i, edx, edi) \
AS2( mov AS_REG_7d, [Wt_2(i)] )\ AS2( mov edi, [Wt_15(i)])\ AS2( mov ebx, AS_REG_7d )\ AS2( shr AS_REG_7d, 10 )\ AS2( ror ebx, 17 )\ AS2( xor AS_REG_7d, ebx )\ AS2( ror ebx, 2 )\ AS2( xor ebx, AS_REG_7d )/* s1(W_t-2) */\ AS2( add ebx, [Wt_7(i)])\ AS2( mov AS_REG_7d, edi )\ AS2( shr AS_REG_7d, 3 )\ AS2( ror edi, 7 )\ AS2( add ebx, [Wt(i)])/* s1(W_t-2) + W_t-7 + W_t-16 */\ AS2( xor AS_REG_7d, edi )\ AS2( add edx, [Kt(i)])\ AS2( ror edi, 11 )\ AS2( add edx, H(i) )\ AS2( xor AS_REG_7d, edi )/* s0(W_t-15) */\ AS2( add AS_REG_7d, ebx )/* W_t = s1(W_t-2) + W_t-7 + s0(W_t-15) W_t-16*/\ AS2( mov [Wt(i)], AS_REG_7d)\ AS2( add edx, AS_REG_7d )\
#define ROUND(i, r, eax, ecx, edi, edx)\
/* in: edi = E */\ /* unused: eax, ecx, temp: ebx, AS_REG_7d, out: edx = T1 */\ AS2( mov edx, F(i) )\ AS2( xor edx, G(i) )\ AS2( and edx, edi )\ AS2( xor edx, G(i) )/* Ch(E,F,G) = (G^(E&(F^G))) */\ AS2( mov AS_REG_7d, edi )\ AS2( ror edi, 6 )\ AS2( ror AS_REG_7d, 25 )\ RA##r(i, edx, edi )/* H + Wt + Kt + Ch(E,F,G) */\ AS2( xor AS_REG_7d, edi )\ AS2( ror edi, 5 )\ AS2( xor AS_REG_7d, edi )/* S1(E) */\ AS2( add edx, AS_REG_7d )/* T1 = S1(E) + Ch(E,F,G) + H + Wt + Kt */\ RB##r(i, edx, edi )/* H + Wt + Kt + Ch(E,F,G) */\ /* in: ecx = A, eax = B^C, edx = T1 */\ /* unused: edx, temp: ebx, AS_REG_7d, out: eax = A, ecx = B^C, edx = E */\ AS2( mov ebx, ecx )\ AS2( xor ecx, B(i) )/* A^B */\ AS2( and eax, ecx )\ AS2( xor eax, B(i) )/* Maj(A,B,C) = B^((A^B)&(B^C) */\ AS2( mov AS_REG_7d, ebx )\ AS2( ror ebx, 2 )\ AS2( add eax, edx )/* T1 + Maj(A,B,C) */\ AS2( add edx, D(i) )\ AS2( mov D(i), edx )\ AS2( ror AS_REG_7d, 22 )\ AS2( xor AS_REG_7d, ebx )\ AS2( ror ebx, 11 )\ AS2( xor AS_REG_7d, ebx )\ AS2( add eax, AS_REG_7d )/* T1 + S0(A) + Maj(A,B,C) */\ AS2( mov H(i), eax )\
#define SWAP_COPY(i) \
AS2( mov WORD_REG(bx), [WORD_REG(dx)+i*WORD_SZ])\ AS1( bswap WORD_REG(bx))\ AS2( mov [Wt(i*(1+CRYPTOPP_BOOL_X64)+CRYPTOPP_BOOL_X64)], WORD_REG(bx))
#if defined(__GNUC__)
#if CRYPTOPP_BOOL_X64
FixedSizeAlignedSecBlock<byte, LOCALS_SIZE> workspace; #endif
__asm__ __volatile__ ( #if CRYPTOPP_BOOL_X64
"lea %4, %%r8;" #endif
".intel_syntax noprefix;"#elif defined(CRYPTOPP_GENERATE_X64_MASM)
ALIGN 8 X86_SHA256_HashBlocks PROC FRAME rex_push_reg rsi push_reg rdi push_reg rbx push_reg rbp alloc_stack(LOCALS_SIZE+8) .endprolog mov rdi, r8 lea rsi, [?SHA256_K@CryptoPP@@3QBIB + 48*4]#endif
#if CRYPTOPP_BOOL_X86
#ifndef __GNUC__
AS2( mov edi, [len]) AS2( lea WORD_REG(si), [SHA256_K+48*4]) #endif
#if !defined(_MSC_VER) || (_MSC_VER < 1400)
AS_PUSH_IF86(bx) #endif
AS_PUSH_IF86(bp) AS2( mov ebx, esp) AS2( and esp, -16) AS2( sub WORD_REG(sp), LOCALS_SIZE) AS_PUSH_IF86(bx)#endif
AS2( mov STATE_SAVE, WORD_REG(cx)) AS2( mov DATA_SAVE, WORD_REG(dx)) AS2( lea WORD_REG(ax), [WORD_REG(di) + WORD_REG(dx)]) AS2( mov DATA_END, WORD_REG(ax)) AS2( mov K_END, WORD_REG(si))
#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
#if CRYPTOPP_BOOL_X86
AS2( test edi, 1) ASJ( jnz, 2, f) AS1( dec DWORD PTR K_END)#endif
AS2( movdqa xmm0, XMMWORD_PTR [WORD_REG(cx)+0*16]) AS2( movdqa xmm1, XMMWORD_PTR [WORD_REG(cx)+1*16])#endif
#if CRYPTOPP_BOOL_X86
#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
ASJ( jmp, 0, f)#endif
ASL(2) // non-SSE2
AS2( mov esi, ecx) AS2( lea edi, A(0)) AS2( mov ecx, 8) AS1( rep movsd) AS2( mov esi, K_END) ASJ( jmp, 3, f)#endif
#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
ASL(0) AS2( movdqa E(0), xmm1) AS2( movdqa A(0), xmm0)#endif
#if CRYPTOPP_BOOL_X86
ASL(3)#endif
AS2( sub WORD_REG(si), 48*4) SWAP_COPY(0) SWAP_COPY(1) SWAP_COPY(2) SWAP_COPY(3) SWAP_COPY(4) SWAP_COPY(5) SWAP_COPY(6) SWAP_COPY(7)#if CRYPTOPP_BOOL_X86
SWAP_COPY(8) SWAP_COPY(9) SWAP_COPY(10) SWAP_COPY(11) SWAP_COPY(12) SWAP_COPY(13) SWAP_COPY(14) SWAP_COPY(15)#endif
AS2( mov edi, E(0)) // E
AS2( mov eax, B(0)) // B
AS2( xor eax, C(0)) // B^C
AS2( mov ecx, A(0)) // A
ROUND(0, 0, eax, ecx, edi, edx) ROUND(1, 0, ecx, eax, edx, edi) ROUND(2, 0, eax, ecx, edi, edx) ROUND(3, 0, ecx, eax, edx, edi) ROUND(4, 0, eax, ecx, edi, edx) ROUND(5, 0, ecx, eax, edx, edi) ROUND(6, 0, eax, ecx, edi, edx) ROUND(7, 0, ecx, eax, edx, edi) ROUND(8, 0, eax, ecx, edi, edx) ROUND(9, 0, ecx, eax, edx, edi) ROUND(10, 0, eax, ecx, edi, edx) ROUND(11, 0, ecx, eax, edx, edi) ROUND(12, 0, eax, ecx, edi, edx) ROUND(13, 0, ecx, eax, edx, edi) ROUND(14, 0, eax, ecx, edi, edx) ROUND(15, 0, ecx, eax, edx, edi)
ASL(1) AS2(add WORD_REG(si), 4*16) ROUND(0, 1, eax, ecx, edi, edx) ROUND(1, 1, ecx, eax, edx, edi) ROUND(2, 1, eax, ecx, edi, edx) ROUND(3, 1, ecx, eax, edx, edi) ROUND(4, 1, eax, ecx, edi, edx) ROUND(5, 1, ecx, eax, edx, edi) ROUND(6, 1, eax, ecx, edi, edx) ROUND(7, 1, ecx, eax, edx, edi) ROUND(8, 1, eax, ecx, edi, edx) ROUND(9, 1, ecx, eax, edx, edi) ROUND(10, 1, eax, ecx, edi, edx) ROUND(11, 1, ecx, eax, edx, edi) ROUND(12, 1, eax, ecx, edi, edx) ROUND(13, 1, ecx, eax, edx, edi) ROUND(14, 1, eax, ecx, edi, edx) ROUND(15, 1, ecx, eax, edx, edi) AS2( cmp WORD_REG(si), K_END) ASJ( jb, 1, b)
AS2( mov WORD_REG(dx), DATA_SAVE) AS2( add WORD_REG(dx), 64) AS2( mov AS_REG_7, STATE_SAVE) AS2( mov DATA_SAVE, WORD_REG(dx))
#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
#if CRYPTOPP_BOOL_X86
AS2( test DWORD PTR K_END, 1) ASJ( jz, 4, f)#endif
AS2( movdqa xmm1, XMMWORD_PTR [AS_REG_7+1*16]) AS2( movdqa xmm0, XMMWORD_PTR [AS_REG_7+0*16]) AS2( paddd xmm1, E(0)) AS2( paddd xmm0, A(0)) AS2( movdqa [AS_REG_7+1*16], xmm1) AS2( movdqa [AS_REG_7+0*16], xmm0) AS2( cmp WORD_REG(dx), DATA_END) ASJ( jb, 0, b)#endif
#if CRYPTOPP_BOOL_X86
#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
ASJ( jmp, 5, f) ASL(4) // non-SSE2
#endif
AS2( add [AS_REG_7+0*4], ecx) // A
AS2( add [AS_REG_7+4*4], edi) // E
AS2( mov eax, B(0)) AS2( mov ebx, C(0)) AS2( mov ecx, D(0)) AS2( add [AS_REG_7+1*4], eax) AS2( add [AS_REG_7+2*4], ebx) AS2( add [AS_REG_7+3*4], ecx) AS2( mov eax, F(0)) AS2( mov ebx, G(0)) AS2( mov ecx, H(0)) AS2( add [AS_REG_7+5*4], eax) AS2( add [AS_REG_7+6*4], ebx) AS2( add [AS_REG_7+7*4], ecx) AS2( mov ecx, AS_REG_7d) AS2( cmp WORD_REG(dx), DATA_END) ASJ( jb, 2, b)#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
ASL(5)#endif
#endif
AS_POP_IF86(sp) AS_POP_IF86(bp) #if !defined(_MSC_VER) || (_MSC_VER < 1400)
AS_POP_IF86(bx) #endif
#ifdef CRYPTOPP_GENERATE_X64_MASM
add rsp, LOCALS_SIZE+8 pop rbp pop rbx pop rdi pop rsi ret X86_SHA256_HashBlocks ENDP#endif
#ifdef __GNUC__
".att_syntax prefix;" : : "c" (state), "d" (data), "S" (SHA256_K+48), "D" (len) #if CRYPTOPP_BOOL_X64
, "m" (workspace[0]) #endif
: "memory", "cc", "%eax" #if CRYPTOPP_BOOL_X64
, "%rbx", "%r8", "%r10" #endif
);#endif
}
#endif // #if defined(CRYPTOPP_X86_ASM_AVAILABLE) || defined(CRYPTOPP_GENERATE_X64_MASM)
#ifndef CRYPTOPP_GENERATE_X64_MASM
#ifdef CRYPTOPP_X64_MASM_AVAILABLE
extern "C" {void CRYPTOPP_FASTCALL X86_SHA256_HashBlocks(word32 *state, const word32 *data, size_t len);}#endif
#if defined(CRYPTOPP_X86_ASM_AVAILABLE) || defined(CRYPTOPP_X64_MASM_AVAILABLE)
size_t SHA256::HashMultipleBlocks(const word32 *input, size_t length){ X86_SHA256_HashBlocks(m_state, input, (length&(size_t(0)-BLOCKSIZE)) - !HasSSE2()); return length % BLOCKSIZE;}
size_t SHA224::HashMultipleBlocks(const word32 *input, size_t length){ X86_SHA256_HashBlocks(m_state, input, (length&(size_t(0)-BLOCKSIZE)) - !HasSSE2()); return length % BLOCKSIZE;}
#endif
#define blk2(i) (W[i&15]+=s1(W[(i-2)&15])+W[(i-7)&15]+s0(W[(i-15)&15]))
#define Ch(x,y,z) (z^(x&(y^z)))
#define Maj(x,y,z) (y^((x^y)&(y^z)))
#define a(i) T[(0-i)&7]
#define b(i) T[(1-i)&7]
#define c(i) T[(2-i)&7]
#define d(i) T[(3-i)&7]
#define e(i) T[(4-i)&7]
#define f(i) T[(5-i)&7]
#define g(i) T[(6-i)&7]
#define h(i) T[(7-i)&7]
#define R(i) h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA256_K[i+j]+(j?blk2(i):blk0(i));\
d(i)+=h(i);h(i)+=S0(a(i))+Maj(a(i),b(i),c(i))
// for SHA256
#define S0(x) (rotrFixed(x,2)^rotrFixed(x,13)^rotrFixed(x,22))
#define S1(x) (rotrFixed(x,6)^rotrFixed(x,11)^rotrFixed(x,25))
#define s0(x) (rotrFixed(x,7)^rotrFixed(x,18)^(x>>3))
#define s1(x) (rotrFixed(x,17)^rotrFixed(x,19)^(x>>10))
void SHA256::Transform(word32 *state, const word32 *data){ word32 W[16];#if defined(CRYPTOPP_X86_ASM_AVAILABLE) || defined(CRYPTOPP_X64_MASM_AVAILABLE)
// this byte reverse is a waste of time, but this function is only called by MDC
ByteReverse(W, data, BLOCKSIZE); X86_SHA256_HashBlocks(state, W, BLOCKSIZE - !HasSSE2());#else
word32 T[8]; /* Copy context->state[] to working vars */ memcpy(T, state, sizeof(T)); /* 64 operations, partially loop unrolled */ for (unsigned int j=0; j<64; j+=16) { R( 0); R( 1); R( 2); R( 3); R( 4); R( 5); R( 6); R( 7); R( 8); R( 9); R(10); R(11); R(12); R(13); R(14); R(15); } /* Add the working vars back into context.state[] */ state[0] += a(0); state[1] += b(0); state[2] += c(0); state[3] += d(0); state[4] += e(0); state[5] += f(0); state[6] += g(0); state[7] += h(0);#endif
}
/*
// smaller but slower
void SHA256::Transform(word32 *state, const word32 *data){ word32 T[20]; word32 W[32]; unsigned int i = 0, j = 0; word32 *t = T+8;
memcpy(t, state, 8*4); word32 e = t[4], a = t[0];
do { word32 w = data[j]; W[j] = w; w += SHA256_K[j]; w += t[7]; w += S1(e); w += Ch(e, t[5], t[6]); e = t[3] + w; t[3] = t[3+8] = e; w += S0(t[0]); a = w + Maj(a, t[1], t[2]); t[-1] = t[7] = a; --t; ++j; if (j%8 == 0) t += 8; } while (j<16);
do { i = j&0xf; word32 w = s1(W[i+16-2]) + s0(W[i+16-15]) + W[i] + W[i+16-7]; W[i+16] = W[i] = w; w += SHA256_K[j]; w += t[7]; w += S1(e); w += Ch(e, t[5], t[6]); e = t[3] + w; t[3] = t[3+8] = e; w += S0(t[0]); a = w + Maj(a, t[1], t[2]); t[-1] = t[7] = a;
w = s1(W[(i+1)+16-2]) + s0(W[(i+1)+16-15]) + W[(i+1)] + W[(i+1)+16-7]; W[(i+1)+16] = W[(i+1)] = w; w += SHA256_K[j+1]; w += (t-1)[7]; w += S1(e); w += Ch(e, (t-1)[5], (t-1)[6]); e = (t-1)[3] + w; (t-1)[3] = (t-1)[3+8] = e; w += S0((t-1)[0]); a = w + Maj(a, (t-1)[1], (t-1)[2]); (t-1)[-1] = (t-1)[7] = a;
t-=2; j+=2; if (j%8 == 0) t += 8; } while (j<64);
state[0] += a; state[1] += t[1]; state[2] += t[2]; state[3] += t[3]; state[4] += e; state[5] += t[5]; state[6] += t[6]; state[7] += t[7];}*/
#undef S0
#undef S1
#undef s0
#undef s1
#undef R
// *************************************************************
void SHA384::InitState(HashWordType *state){ static const word64 s[8] = { W64LIT(0xcbbb9d5dc1059ed8), W64LIT(0x629a292a367cd507), W64LIT(0x9159015a3070dd17), W64LIT(0x152fecd8f70e5939), W64LIT(0x67332667ffc00b31), W64LIT(0x8eb44a8768581511), W64LIT(0xdb0c2e0d64f98fa7), W64LIT(0x47b5481dbefa4fa4)}; memcpy(state, s, sizeof(s));}
void SHA512::InitState(HashWordType *state){ static const word64 s[8] = { W64LIT(0x6a09e667f3bcc908), W64LIT(0xbb67ae8584caa73b), W64LIT(0x3c6ef372fe94f82b), W64LIT(0xa54ff53a5f1d36f1), W64LIT(0x510e527fade682d1), W64LIT(0x9b05688c2b3e6c1f), W64LIT(0x1f83d9abfb41bd6b), W64LIT(0x5be0cd19137e2179)}; memcpy(state, s, sizeof(s));}
#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE && CRYPTOPP_BOOL_X86
CRYPTOPP_ALIGN_DATA(16) static const word64 SHA512_K[80] CRYPTOPP_SECTION_ALIGN16 = {#else
static const word64 SHA512_K[80] = {#endif
W64LIT(0x428a2f98d728ae22), W64LIT(0x7137449123ef65cd), W64LIT(0xb5c0fbcfec4d3b2f), W64LIT(0xe9b5dba58189dbbc), W64LIT(0x3956c25bf348b538), W64LIT(0x59f111f1b605d019), W64LIT(0x923f82a4af194f9b), W64LIT(0xab1c5ed5da6d8118), W64LIT(0xd807aa98a3030242), W64LIT(0x12835b0145706fbe), W64LIT(0x243185be4ee4b28c), W64LIT(0x550c7dc3d5ffb4e2), W64LIT(0x72be5d74f27b896f), W64LIT(0x80deb1fe3b1696b1), W64LIT(0x9bdc06a725c71235), W64LIT(0xc19bf174cf692694), W64LIT(0xe49b69c19ef14ad2), W64LIT(0xefbe4786384f25e3), W64LIT(0x0fc19dc68b8cd5b5), W64LIT(0x240ca1cc77ac9c65), W64LIT(0x2de92c6f592b0275), W64LIT(0x4a7484aa6ea6e483), W64LIT(0x5cb0a9dcbd41fbd4), W64LIT(0x76f988da831153b5), W64LIT(0x983e5152ee66dfab), W64LIT(0xa831c66d2db43210), W64LIT(0xb00327c898fb213f), W64LIT(0xbf597fc7beef0ee4), W64LIT(0xc6e00bf33da88fc2), W64LIT(0xd5a79147930aa725), W64LIT(0x06ca6351e003826f), W64LIT(0x142929670a0e6e70), W64LIT(0x27b70a8546d22ffc), W64LIT(0x2e1b21385c26c926), W64LIT(0x4d2c6dfc5ac42aed), W64LIT(0x53380d139d95b3df), W64LIT(0x650a73548baf63de), W64LIT(0x766a0abb3c77b2a8), W64LIT(0x81c2c92e47edaee6), W64LIT(0x92722c851482353b), W64LIT(0xa2bfe8a14cf10364), W64LIT(0xa81a664bbc423001), W64LIT(0xc24b8b70d0f89791), W64LIT(0xc76c51a30654be30), W64LIT(0xd192e819d6ef5218), W64LIT(0xd69906245565a910), W64LIT(0xf40e35855771202a), W64LIT(0x106aa07032bbd1b8), W64LIT(0x19a4c116b8d2d0c8), W64LIT(0x1e376c085141ab53), W64LIT(0x2748774cdf8eeb99), W64LIT(0x34b0bcb5e19b48a8), W64LIT(0x391c0cb3c5c95a63), W64LIT(0x4ed8aa4ae3418acb), W64LIT(0x5b9cca4f7763e373), W64LIT(0x682e6ff3d6b2b8a3), W64LIT(0x748f82ee5defb2fc), W64LIT(0x78a5636f43172f60), W64LIT(0x84c87814a1f0ab72), W64LIT(0x8cc702081a6439ec), W64LIT(0x90befffa23631e28), W64LIT(0xa4506cebde82bde9), W64LIT(0xbef9a3f7b2c67915), W64LIT(0xc67178f2e372532b), W64LIT(0xca273eceea26619c), W64LIT(0xd186b8c721c0c207), W64LIT(0xeada7dd6cde0eb1e), W64LIT(0xf57d4f7fee6ed178), W64LIT(0x06f067aa72176fba), W64LIT(0x0a637dc5a2c898a6), W64LIT(0x113f9804bef90dae), W64LIT(0x1b710b35131c471b), W64LIT(0x28db77f523047d84), W64LIT(0x32caab7b40c72493), W64LIT(0x3c9ebe0a15c9bebc), W64LIT(0x431d67c49c100d4c), W64LIT(0x4cc5d4becb3e42b6), W64LIT(0x597f299cfc657e2a), W64LIT(0x5fcb6fab3ad6faec), W64LIT(0x6c44198c4a475817)};
#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE && CRYPTOPP_BOOL_X86
// put assembly version in separate function, otherwise MSVC 2005 SP1 doesn't generate correct code for the non-assembly version
CRYPTOPP_NAKED static void CRYPTOPP_FASTCALL SHA512_SSE2_Transform(word64 *state, const word64 *data){#ifdef __GNUC__
__asm__ __volatile__ ( ".intel_syntax noprefix;" AS1( push ebx) AS2( mov ebx, eax)#else
AS1( push ebx) AS1( push esi) AS1( push edi) AS2( lea ebx, SHA512_K)#endif
AS2( mov eax, esp) AS2( and esp, 0xfffffff0) AS2( sub esp, 27*16) // 17*16 for expanded data, 20*8 for state
AS1( push eax) AS2( xor eax, eax) AS2( lea edi, [esp+4+8*8]) // start at middle of state buffer. will decrement pointer each round to avoid copying
AS2( lea esi, [esp+4+20*8+8]) // 16-byte alignment, then add 8
AS2( movdqa xmm0, [ecx+0*16]) AS2( movdq2q mm4, xmm0) AS2( movdqa [edi+0*16], xmm0) AS2( movdqa xmm0, [ecx+1*16]) AS2( movdqa [edi+1*16], xmm0) AS2( movdqa xmm0, [ecx+2*16]) AS2( movdq2q mm5, xmm0) AS2( movdqa [edi+2*16], xmm0) AS2( movdqa xmm0, [ecx+3*16]) AS2( movdqa [edi+3*16], xmm0) ASJ( jmp, 0, f)
#define SSE2_S0_S1(r, a, b, c) \
AS2( movq mm6, r)\ AS2( psrlq r, a)\ AS2( movq mm7, r)\ AS2( psllq mm6, 64-c)\ AS2( pxor mm7, mm6)\ AS2( psrlq r, b-a)\ AS2( pxor mm7, r)\ AS2( psllq mm6, c-b)\ AS2( pxor mm7, mm6)\ AS2( psrlq r, c-b)\ AS2( pxor r, mm7)\ AS2( psllq mm6, b-a)\ AS2( pxor r, mm6)
#define SSE2_s0(r, a, b, c) \
AS2( movdqa xmm6, r)\ AS2( psrlq r, a)\ AS2( movdqa xmm7, r)\ AS2( psllq xmm6, 64-c)\ AS2( pxor xmm7, xmm6)\ AS2( psrlq r, b-a)\ AS2( pxor xmm7, r)\ AS2( psrlq r, c-b)\ AS2( pxor r, xmm7)\ AS2( psllq xmm6, c-a)\ AS2( pxor r, xmm6)
#define SSE2_s1(r, a, b, c) \
AS2( movdqa xmm6, r)\ AS2( psrlq r, a)\ AS2( movdqa xmm7, r)\ AS2( psllq xmm6, 64-c)\ AS2( pxor xmm7, xmm6)\ AS2( psrlq r, b-a)\ AS2( pxor xmm7, r)\ AS2( psllq xmm6, c-b)\ AS2( pxor xmm7, xmm6)\ AS2( psrlq r, c-b)\ AS2( pxor r, xmm7)
ASL(SHA512_Round) // k + w is in mm0, a is in mm4, e is in mm5
AS2( paddq mm0, [edi+7*8]) // h
AS2( movq mm2, [edi+5*8]) // f
AS2( movq mm3, [edi+6*8]) // g
AS2( pxor mm2, mm3) AS2( pand mm2, mm5) SSE2_S0_S1(mm5,14,18,41) AS2( pxor mm2, mm3) AS2( paddq mm0, mm2) // h += Ch(e,f,g)
AS2( paddq mm5, mm0) // h += S1(e)
AS2( movq mm2, [edi+1*8]) // b
AS2( movq mm1, mm2) AS2( por mm2, mm4) AS2( pand mm2, [edi+2*8]) // c
AS2( pand mm1, mm4) AS2( por mm1, mm2) AS2( paddq mm1, mm5) // temp = h + Maj(a,b,c)
AS2( paddq mm5, [edi+3*8]) // e = d + h
AS2( movq [edi+3*8], mm5) AS2( movq [edi+11*8], mm5) SSE2_S0_S1(mm4,28,34,39) // S0(a)
AS2( paddq mm4, mm1) // a = temp + S0(a)
AS2( movq [edi-8], mm4) AS2( movq [edi+7*8], mm4) AS1( ret)
// first 16 rounds
ASL(0) AS2( movq mm0, [edx+eax*8]) AS2( movq [esi+eax*8], mm0) AS2( movq [esi+eax*8+16*8], mm0) AS2( paddq mm0, [ebx+eax*8]) ASC( call, SHA512_Round) AS1( inc eax) AS2( sub edi, 8) AS2( test eax, 7) ASJ( jnz, 0, b) AS2( add edi, 8*8) AS2( cmp eax, 16) ASJ( jne, 0, b)
// rest of the rounds
AS2( movdqu xmm0, [esi+(16-2)*8]) ASL(1) // data expansion, W[i-2] already in xmm0
AS2( movdqu xmm3, [esi]) AS2( paddq xmm3, [esi+(16-7)*8]) AS2( movdqa xmm2, [esi+(16-15)*8]) SSE2_s1(xmm0, 6, 19, 61) AS2( paddq xmm0, xmm3) SSE2_s0(xmm2, 1, 7, 8) AS2( paddq xmm0, xmm2) AS2( movdq2q mm0, xmm0) AS2( movhlps xmm1, xmm0) AS2( paddq mm0, [ebx+eax*8]) AS2( movlps [esi], xmm0) AS2( movlps [esi+8], xmm1) AS2( movlps [esi+8*16], xmm0) AS2( movlps [esi+8*17], xmm1) // 2 rounds
ASC( call, SHA512_Round) AS2( sub edi, 8) AS2( movdq2q mm0, xmm1) AS2( paddq mm0, [ebx+eax*8+8]) ASC( call, SHA512_Round) // update indices and loop
AS2( add esi, 16) AS2( add eax, 2) AS2( sub edi, 8) AS2( test eax, 7) ASJ( jnz, 1, b) // do housekeeping every 8 rounds
AS2( mov esi, 0xf) AS2( and esi, eax) AS2( lea esi, [esp+4+20*8+8+esi*8]) AS2( add edi, 8*8) AS2( cmp eax, 80) ASJ( jne, 1, b)
#define SSE2_CombineState(i) \
AS2( movdqa xmm0, [edi+i*16])\ AS2( paddq xmm0, [ecx+i*16])\ AS2( movdqa [ecx+i*16], xmm0)
SSE2_CombineState(0) SSE2_CombineState(1) SSE2_CombineState(2) SSE2_CombineState(3)
AS1( pop esp) AS1( emms)
#if defined(__GNUC__)
AS1( pop ebx) ".att_syntax prefix;" : : "a" (SHA512_K), "c" (state), "d" (data) : "%esi", "%edi", "memory", "cc" );#else
AS1( pop edi) AS1( pop esi) AS1( pop ebx) AS1( ret)#endif
}#endif // #if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
void SHA512::Transform(word64 *state, const word64 *data){#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE && CRYPTOPP_BOOL_X86
if (HasSSE2()) { SHA512_SSE2_Transform(state, data); return; }#endif
#define S0(x) (rotrFixed(x,28)^rotrFixed(x,34)^rotrFixed(x,39))
#define S1(x) (rotrFixed(x,14)^rotrFixed(x,18)^rotrFixed(x,41))
#define s0(x) (rotrFixed(x,1)^rotrFixed(x,8)^(x>>7))
#define s1(x) (rotrFixed(x,19)^rotrFixed(x,61)^(x>>6))
#define R(i) h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA512_K[i+j]+(j?blk2(i):blk0(i));\
d(i)+=h(i);h(i)+=S0(a(i))+Maj(a(i),b(i),c(i))
word64 W[16]; word64 T[8]; /* Copy context->state[] to working vars */ memcpy(T, state, sizeof(T)); /* 80 operations, partially loop unrolled */ for (unsigned int j=0; j<80; j+=16) { R( 0); R( 1); R( 2); R( 3); R( 4); R( 5); R( 6); R( 7); R( 8); R( 9); R(10); R(11); R(12); R(13); R(14); R(15); } /* Add the working vars back into context.state[] */ state[0] += a(0); state[1] += b(0); state[2] += c(0); state[3] += d(0); state[4] += e(0); state[5] += f(0); state[6] += g(0); state[7] += h(0);}
NAMESPACE_END
#endif // #ifndef CRYPTOPP_GENERATE_X64_MASM
#endif // #ifndef CRYPTOPP_IMPORTS
|
