Coverage Report

Created: 2024-11-21 07:03

/src/cryptopp/lsh.h
Line
Count
Source (jump to first uncovered line)
1
// lsh.h - written and placed in the public domain by Jeffrey Walton
2
//         Based on the specification and source code provided by
3
//         Korea Internet & Security Agency (KISA) website. Also
4
//         see https://seed.kisa.or.kr/kisa/algorithm/EgovLSHInfo.do
5
//         and https://seed.kisa.or.kr/kisa/Board/22/detailView.do.
6
7
// We are hitting some sort of GCC bug in the LSH AVX2 code path.
8
// Clang is OK on the AVX2 code path. We believe it is GCC Issue
9
// 82735, https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82735. It
10
// makes using zeroupper a little tricky.
11
12
/// \file lsh.h
13
/// \brief Classes for the LSH hash functions
14
/// \since Crypto++ 8.6
15
/// \sa <A HREF="https://seed.kisa.or.kr/kisa/algorithm/EgovLSHInfo.do">LSH</A>
16
///  on the Korea Internet & Security Agency (KISA) website.
17
#ifndef CRYPTOPP_LSH_H
18
#define CRYPTOPP_LSH_H
19
20
#include "cryptlib.h"
21
#include "secblock.h"
22
23
// Enable SSE2 and AVX2 for 64-bit machines.
24
// 32-bit machines slow down with SSE2.
25
#if (CRYPTOPP_BOOL_X32) || (CRYPTOPP_BOOL_X64)
26
# define CRYPTOPP_ENABLE_64BIT_SSE 1
27
#endif
28
29
NAMESPACE_BEGIN(CryptoPP)
30
31
/// \brief LSH-224 and LSH-256 hash base class
32
/// \details LSH256_Base is the base class for both LSH-224 and LSH-256
33
/// \since Crypto++ 8.6
34
class LSH256_Base : public HashTransformation
35
{
36
public:
37
  /// \brief Block size, in bytes
38
  /// \details LSH_256 uses LSH256_MSG_BLK_BYTE_LEN for block size, which is 128
39
  CRYPTOPP_CONSTANT(BLOCKSIZE = 128);
40
41
339
  virtual ~LSH256_Base() {}
42
43
52.3k
  unsigned int BlockSize() const { return BLOCKSIZE; }
44
52.3k
  unsigned int DigestSize() const { return m_digestSize; }
45
0
  unsigned int OptimalDataAlignment() const { return GetAlignmentOf<word32>(); }
46
47
  void Restart();
48
  void Update(const byte *input, size_t size);
49
  void TruncatedFinal(byte *hash, size_t size);
50
51
  std::string AlgorithmProvider() const;
52
53
protected:
54
  LSH256_Base(unsigned int algType, unsigned int digestSize)
55
339
    : m_digestSize(digestSize) { m_state[80] = algType; }
56
57
protected:
58
  // Working state is:
59
  //   * cv_l = 8 32-bit words
60
  //   * cv_r = 8 32-bit words
61
  //   * submsg_e_l = 8 32-bit words
62
  //   * submsg_e_r = 8 32-bit words
63
  //   * submsg_o_l = 8 32-bit words
64
  //   * submsg_o_r = 8 32-bit words
65
  //   * last_block = 32 32-bit words (128 bytes)
66
  //   * algType
67
  //   * remainingBitLength
68
  FixedSizeSecBlock<word32, 80+2> m_state;
69
  // word32 m_algType, m_remainingBitLength;
70
  word32 m_digestSize;
71
};
72
73
/// \brief LSH-224 hash function
74
/// \sa <A HREF="https://seed.kisa.or.kr/kisa/algorithm/EgovLSHInfo.do">LSH</A>
75
///  on the Korea Internet & Security Agency (KISA) website.
76
/// \since Crypto++ 8.6
77
class LSH224 : public LSH256_Base
78
{
79
public:
80
  /// \brief Digest size, in bytes
81
  /// \details LSH_256 uses LSH_GET_HASHBYTE(algType) for digest size, which is 28
82
  CRYPTOPP_CONSTANT(DIGESTSIZE = 28);
83
  /// \brief Block size, in bytes
84
  /// \details LSH_256 uses LSH256_MSG_BLK_BYTE_LEN for block size, which is 128
85
  CRYPTOPP_CONSTANT(BLOCKSIZE = LSH256_Base::BLOCKSIZE);
86
87
  /// \brief The algorithm's name
88
  /// \return the standard algorithm name
89
  /// \details The standard algorithm name can be a name like <tt>AES</tt> or <tt>AES/GCM</tt>.
90
  ///  Some algorithms do not have standard names yet. For example, there is no standard
91
  ///  algorithm name for Shoup's ECIES.
92
  /// \note StaticAlgorithmName is not universally implemented yet.
93
4
  static std::string StaticAlgorithmName() { return "LSH-224"; }
94
95
  /// \brief Construct a LSH-224
96
  /// \details LSH_TYPE_224 is the magic value 0x000001C defined in lsh.cpp.
97
158
  LSH224() : LSH256_Base(0x000001C, DIGESTSIZE) { Restart(); }
98
99
0
  std::string AlgorithmName() const { return StaticAlgorithmName(); }
100
};
101
102
/// \brief LSH-256 hash function
103
/// \sa <A HREF="https://seed.kisa.or.kr/kisa/algorithm/EgovLSHInfo.do">LSH</A>
104
///  on the Korea Internet & Security Agency (KISA) website.
105
/// \since Crypto++ 8.6
106
class LSH256 : public LSH256_Base
107
{
108
public:
109
  /// \brief Digest size, in bytes
110
  /// \details LSH_256 uses LSH_GET_HASHBYTE(algType) for digest size, which is 32
111
  CRYPTOPP_CONSTANT(DIGESTSIZE = 32);
112
  /// \brief Block size, in bytes
113
  /// \details LSH_256 uses LSH256_MSG_BLK_BYTE_LEN for block size, which is 128
114
  CRYPTOPP_CONSTANT(BLOCKSIZE = LSH256_Base::BLOCKSIZE);
115
116
  /// \brief The algorithm's name
117
  /// \return the standard algorithm name
118
  /// \details The standard algorithm name can be a name like <tt>AES</tt> or <tt>AES/GCM</tt>.
119
  ///  Some algorithms do not have standard names yet. For example, there is no standard
120
  ///  algorithm name for Shoup's ECIES.
121
  /// \note StaticAlgorithmName is not universally implemented yet.
122
4
  static std::string StaticAlgorithmName() { return "LSH-256"; }
123
124
  /// \brief Construct a LSH-256
125
  /// \details LSH_TYPE_256 is the magic value 0x0000020 defined in lsh.cpp.
126
181
  LSH256() : LSH256_Base(0x0000020, DIGESTSIZE) { Restart(); }
127
128
0
  std::string AlgorithmName() const { return StaticAlgorithmName(); }
129
};
130
131
/// \brief LSH-384 and LSH-512 hash base class
132
/// \details LSH512_Base is the base class for both LSH-384 and LSH-512
133
/// \since Crypto++ 8.6
134
class LSH512_Base : public HashTransformation
135
{
136
public:
137
  /// \brief Block size, in bytes
138
  /// \details LSH_512 uses LSH512_MSG_BLK_BYTE_LEN for block size, which is 256
139
  CRYPTOPP_CONSTANT(BLOCKSIZE = 256);
140
141
467
  virtual ~LSH512_Base() {}
142
143
111k
  unsigned int BlockSize() const { return BLOCKSIZE; }
144
68.7k
  unsigned int DigestSize() const { return m_digestSize; }
145
0
  unsigned int OptimalDataAlignment() const { return GetAlignmentOf<word64>(); }
146
147
  void Restart();
148
  void Update(const byte *input, size_t size);
149
  void TruncatedFinal(byte *hash, size_t size);
150
151
  std::string AlgorithmProvider() const;
152
153
protected:
154
  LSH512_Base(unsigned int algType, unsigned int digestSize)
155
467
    : m_digestSize(digestSize) { m_state[80] = algType; }
156
157
protected:
158
  // Working state is:
159
  //   * cv_l = 8 64-bit words
160
  //   * cv_r = 8 64-bit words
161
  //   * submsg_e_l = 8 64-bit words
162
  //   * submsg_e_r = 8 64-bit words
163
  //   * submsg_o_l = 8 64-bit words
164
  //   * submsg_o_r = 8 64-bit words
165
  //   * last_block = 32 64-bit words (256 bytes)
166
  //   * algType
167
  //   * remainingBitLength
168
  FixedSizeSecBlock<word64, 80+2> m_state;
169
  // word32 m_algType, m_remainingBitLength;
170
  word32 m_digestSize;
171
};
172
173
/// \brief LSH-384 hash function
174
/// \sa <A HREF="https://seed.kisa.or.kr/kisa/algorithm/EgovLSHInfo.do">LSH</A>
175
///  on the Korea Internet & Security Agency (KISA) website.
176
/// \since Crypto++ 8.6
177
class LSH384 : public LSH512_Base
178
{
179
public:
180
  /// \brief Digest size, in bytes
181
  /// \details LSH_512 uses LSH_GET_HASHBYTE(algType) for digest size, which is 48
182
  CRYPTOPP_CONSTANT(DIGESTSIZE = 48);
183
  /// \brief Block size, in bytes
184
  /// \details LSH_512 uses LSH512_MSG_BLK_BYTE_LEN for block size, which is 256
185
  CRYPTOPP_CONSTANT(BLOCKSIZE = LSH512_Base::BLOCKSIZE);
186
187
  /// \brief The algorithm's name
188
  /// \return the standard algorithm name
189
  /// \details The standard algorithm name can be a name like <tt>AES</tt> or <tt>AES/GCM</tt>.
190
  ///  Some algorithms do not have standard names yet. For example, there is no standard
191
  ///  algorithm name for Shoup's ECIES.
192
  /// \note StaticAlgorithmName is not universally implemented yet.
193
5
  static std::string StaticAlgorithmName() { return "LSH-384"; }
194
195
  /// \brief Construct a LSH-384
196
  /// \details LSH_TYPE_384 is the magic value 0x0010030 defined in lsh.cpp.
197
164
  LSH384() : LSH512_Base(0x0010030, DIGESTSIZE) { Restart(); }
198
199
0
  std::string AlgorithmName() const { return StaticAlgorithmName(); }
200
};
201
202
/// \brief LSH-512 hash function
203
/// \sa <A HREF="https://seed.kisa.or.kr/kisa/algorithm/EgovLSHInfo.do">LSH</A>
204
///  on the Korea Internet & Security Agency (KISA) website.
205
/// \since Crypto++ 8.6
206
class LSH512 : public LSH512_Base
207
{
208
public:
209
  /// \brief Digest size, in bytes
210
  /// \details LSH_512 uses LSH_GET_HASHBYTE(algType) for digest size, which is 64
211
  CRYPTOPP_CONSTANT(DIGESTSIZE = 64);
212
  /// \brief Block size, in bytes
213
  /// \details LSH_512 uses LSH512_MSG_BLK_BYTE_LEN for block size, which is 256
214
  CRYPTOPP_CONSTANT(BLOCKSIZE = LSH512_Base::BLOCKSIZE);
215
216
  /// \brief The algorithm's name
217
  /// \return the standard algorithm name
218
  /// \details The standard algorithm name can be a name like <tt>AES</tt> or <tt>AES/GCM</tt>.
219
  ///  Some algorithms do not have standard names yet. For example, there is no standard
220
  ///  algorithm name for Shoup's ECIES.
221
  /// \note StaticAlgorithmName is not universally implemented yet.
222
1
  static std::string StaticAlgorithmName() { return "LSH-512"; }
223
224
  /// \brief Construct a LSH-512
225
  /// \details LSH_TYPE_512 is the magic value 0x0010040 defined in lsh.cpp.
226
156
  LSH512() : LSH512_Base(0x0010040, DIGESTSIZE) { Restart(); }
227
228
0
  std::string AlgorithmName() const { return StaticAlgorithmName(); }
229
};
230
231
/// \brief LSH-512-256 hash function
232
/// \sa <A HREF="https://seed.kisa.or.kr/kisa/algorithm/EgovLSHInfo.do">LSH</A>
233
///  on the Korea Internet & Security Agency (KISA) website.
234
/// \since Crypto++ 8.6
235
class LSH512_256 : public LSH512_Base
236
{
237
public:
238
  /// \brief Digest size, in bytes
239
  /// \details LSH_512 uses LSH_GET_HASHBYTE(algType) for digest size, which is 32
240
  CRYPTOPP_CONSTANT(DIGESTSIZE = 32);
241
  /// \brief Block size, in bytes
242
  /// \details LSH_512 uses LSH512_MSG_BLK_BYTE_LEN for block size, which is 256
243
  CRYPTOPP_CONSTANT(BLOCKSIZE = LSH512_Base::BLOCKSIZE);
244
245
  /// \brief The algorithm's name
246
  /// \return the standard algorithm name
247
  /// \details The standard algorithm name can be a name like <tt>AES</tt> or <tt>AES/GCM</tt>.
248
  ///  Some algorithms do not have standard names yet. For example, there is no standard
249
  ///  algorithm name for Shoup's ECIES.
250
  /// \note StaticAlgorithmName is not universally implemented yet.
251
4
  static std::string StaticAlgorithmName() { return "LSH-512-256"; }
252
253
  /// \brief Construct a LSH-512-256
254
  /// \details LSH_TYPE_512_256 is the magic value 0x0010020 defined in lsh.cpp.
255
147
  LSH512_256() : LSH512_Base(0x0010020, DIGESTSIZE) { Restart(); }
256
257
0
  std::string AlgorithmName() const { return StaticAlgorithmName(); }
258
};
259
260
NAMESPACE_END
261
262
#endif  // CRYPTOPP_LSH_H