Line | Count | Source (jump to first uncovered line) |
1 | | // lsh.h - written and placed in the public domain by Jeffrey Walton |
2 | | // Based on the specification and source code provided by |
3 | | // Korea Internet & Security Agency (KISA) website. Also |
4 | | // see https://seed.kisa.or.kr/kisa/algorithm/EgovLSHInfo.do |
5 | | // and https://seed.kisa.or.kr/kisa/Board/22/detailView.do. |
6 | | |
7 | | // We are hitting some sort of GCC bug in the LSH AVX2 code path. |
8 | | // Clang is OK on the AVX2 code path. We believe it is GCC Issue |
9 | | // 82735, https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82735. It |
10 | | // makes using zeroupper a little tricky. |
11 | | |
12 | | /// \file lsh.h |
13 | | /// \brief Classes for the LSH hash functions |
14 | | /// \since Crypto++ 8.6 |
15 | | /// \sa <A HREF="https://seed.kisa.or.kr/kisa/algorithm/EgovLSHInfo.do">LSH</A> |
16 | | /// on the Korea Internet & Security Agency (KISA) website. |
17 | | #ifndef CRYPTOPP_LSH_H |
18 | | #define CRYPTOPP_LSH_H |
19 | | |
20 | | #include "cryptlib.h" |
21 | | #include "secblock.h" |
22 | | |
23 | | // Enable SSE2 and AVX2 for 64-bit machines. |
24 | | // 32-bit machines slow down with SSE2. |
25 | | #if (CRYPTOPP_BOOL_X32) || (CRYPTOPP_BOOL_X64) |
26 | | # define CRYPTOPP_ENABLE_64BIT_SSE 1 |
27 | | #endif |
28 | | |
29 | | NAMESPACE_BEGIN(CryptoPP) |
30 | | |
31 | | /// \brief LSH-224 and LSH-256 hash base class |
32 | | /// \details LSH256_Base is the base class for both LSH-224 and LSH-256 |
33 | | /// \since Crypto++ 8.6 |
34 | | class LSH256_Base : public HashTransformation |
35 | | { |
36 | | public: |
37 | | /// \brief Block size, in bytes |
38 | | /// \details LSH_256 uses LSH256_MSG_BLK_BYTE_LEN for block size, which is 128 |
39 | | CRYPTOPP_CONSTANT(BLOCKSIZE = 128); |
40 | | |
41 | 339 | virtual ~LSH256_Base() {} |
42 | | |
43 | 52.3k | unsigned int BlockSize() const { return BLOCKSIZE; } |
44 | 52.3k | unsigned int DigestSize() const { return m_digestSize; } |
45 | 0 | unsigned int OptimalDataAlignment() const { return GetAlignmentOf<word32>(); } |
46 | | |
47 | | void Restart(); |
48 | | void Update(const byte *input, size_t size); |
49 | | void TruncatedFinal(byte *hash, size_t size); |
50 | | |
51 | | std::string AlgorithmProvider() const; |
52 | | |
53 | | protected: |
54 | | LSH256_Base(unsigned int algType, unsigned int digestSize) |
55 | 339 | : m_digestSize(digestSize) { m_state[80] = algType; } |
56 | | |
57 | | protected: |
58 | | // Working state is: |
59 | | // * cv_l = 8 32-bit words |
60 | | // * cv_r = 8 32-bit words |
61 | | // * submsg_e_l = 8 32-bit words |
62 | | // * submsg_e_r = 8 32-bit words |
63 | | // * submsg_o_l = 8 32-bit words |
64 | | // * submsg_o_r = 8 32-bit words |
65 | | // * last_block = 32 32-bit words (128 bytes) |
66 | | // * algType |
67 | | // * remainingBitLength |
68 | | FixedSizeSecBlock<word32, 80+2> m_state; |
69 | | // word32 m_algType, m_remainingBitLength; |
70 | | word32 m_digestSize; |
71 | | }; |
72 | | |
73 | | /// \brief LSH-224 hash function |
74 | | /// \sa <A HREF="https://seed.kisa.or.kr/kisa/algorithm/EgovLSHInfo.do">LSH</A> |
75 | | /// on the Korea Internet & Security Agency (KISA) website. |
76 | | /// \since Crypto++ 8.6 |
77 | | class LSH224 : public LSH256_Base |
78 | | { |
79 | | public: |
80 | | /// \brief Digest size, in bytes |
81 | | /// \details LSH_256 uses LSH_GET_HASHBYTE(algType) for digest size, which is 28 |
82 | | CRYPTOPP_CONSTANT(DIGESTSIZE = 28); |
83 | | /// \brief Block size, in bytes |
84 | | /// \details LSH_256 uses LSH256_MSG_BLK_BYTE_LEN for block size, which is 128 |
85 | | CRYPTOPP_CONSTANT(BLOCKSIZE = LSH256_Base::BLOCKSIZE); |
86 | | |
87 | | /// \brief The algorithm's name |
88 | | /// \return the standard algorithm name |
89 | | /// \details The standard algorithm name can be a name like <tt>AES</tt> or <tt>AES/GCM</tt>. |
90 | | /// Some algorithms do not have standard names yet. For example, there is no standard |
91 | | /// algorithm name for Shoup's ECIES. |
92 | | /// \note StaticAlgorithmName is not universally implemented yet. |
93 | 4 | static std::string StaticAlgorithmName() { return "LSH-224"; } |
94 | | |
95 | | /// \brief Construct a LSH-224 |
96 | | /// \details LSH_TYPE_224 is the magic value 0x000001C defined in lsh.cpp. |
97 | 158 | LSH224() : LSH256_Base(0x000001C, DIGESTSIZE) { Restart(); } |
98 | | |
99 | 0 | std::string AlgorithmName() const { return StaticAlgorithmName(); } |
100 | | }; |
101 | | |
102 | | /// \brief LSH-256 hash function |
103 | | /// \sa <A HREF="https://seed.kisa.or.kr/kisa/algorithm/EgovLSHInfo.do">LSH</A> |
104 | | /// on the Korea Internet & Security Agency (KISA) website. |
105 | | /// \since Crypto++ 8.6 |
106 | | class LSH256 : public LSH256_Base |
107 | | { |
108 | | public: |
109 | | /// \brief Digest size, in bytes |
110 | | /// \details LSH_256 uses LSH_GET_HASHBYTE(algType) for digest size, which is 32 |
111 | | CRYPTOPP_CONSTANT(DIGESTSIZE = 32); |
112 | | /// \brief Block size, in bytes |
113 | | /// \details LSH_256 uses LSH256_MSG_BLK_BYTE_LEN for block size, which is 128 |
114 | | CRYPTOPP_CONSTANT(BLOCKSIZE = LSH256_Base::BLOCKSIZE); |
115 | | |
116 | | /// \brief The algorithm's name |
117 | | /// \return the standard algorithm name |
118 | | /// \details The standard algorithm name can be a name like <tt>AES</tt> or <tt>AES/GCM</tt>. |
119 | | /// Some algorithms do not have standard names yet. For example, there is no standard |
120 | | /// algorithm name for Shoup's ECIES. |
121 | | /// \note StaticAlgorithmName is not universally implemented yet. |
122 | 4 | static std::string StaticAlgorithmName() { return "LSH-256"; } |
123 | | |
124 | | /// \brief Construct a LSH-256 |
125 | | /// \details LSH_TYPE_256 is the magic value 0x0000020 defined in lsh.cpp. |
126 | 181 | LSH256() : LSH256_Base(0x0000020, DIGESTSIZE) { Restart(); } |
127 | | |
128 | 0 | std::string AlgorithmName() const { return StaticAlgorithmName(); } |
129 | | }; |
130 | | |
131 | | /// \brief LSH-384 and LSH-512 hash base class |
132 | | /// \details LSH512_Base is the base class for both LSH-384 and LSH-512 |
133 | | /// \since Crypto++ 8.6 |
134 | | class LSH512_Base : public HashTransformation |
135 | | { |
136 | | public: |
137 | | /// \brief Block size, in bytes |
138 | | /// \details LSH_512 uses LSH512_MSG_BLK_BYTE_LEN for block size, which is 256 |
139 | | CRYPTOPP_CONSTANT(BLOCKSIZE = 256); |
140 | | |
141 | 467 | virtual ~LSH512_Base() {} |
142 | | |
143 | 111k | unsigned int BlockSize() const { return BLOCKSIZE; } |
144 | 68.7k | unsigned int DigestSize() const { return m_digestSize; } |
145 | 0 | unsigned int OptimalDataAlignment() const { return GetAlignmentOf<word64>(); } |
146 | | |
147 | | void Restart(); |
148 | | void Update(const byte *input, size_t size); |
149 | | void TruncatedFinal(byte *hash, size_t size); |
150 | | |
151 | | std::string AlgorithmProvider() const; |
152 | | |
153 | | protected: |
154 | | LSH512_Base(unsigned int algType, unsigned int digestSize) |
155 | 467 | : m_digestSize(digestSize) { m_state[80] = algType; } |
156 | | |
157 | | protected: |
158 | | // Working state is: |
159 | | // * cv_l = 8 64-bit words |
160 | | // * cv_r = 8 64-bit words |
161 | | // * submsg_e_l = 8 64-bit words |
162 | | // * submsg_e_r = 8 64-bit words |
163 | | // * submsg_o_l = 8 64-bit words |
164 | | // * submsg_o_r = 8 64-bit words |
165 | | // * last_block = 32 64-bit words (256 bytes) |
166 | | // * algType |
167 | | // * remainingBitLength |
168 | | FixedSizeSecBlock<word64, 80+2> m_state; |
169 | | // word32 m_algType, m_remainingBitLength; |
170 | | word32 m_digestSize; |
171 | | }; |
172 | | |
173 | | /// \brief LSH-384 hash function |
174 | | /// \sa <A HREF="https://seed.kisa.or.kr/kisa/algorithm/EgovLSHInfo.do">LSH</A> |
175 | | /// on the Korea Internet & Security Agency (KISA) website. |
176 | | /// \since Crypto++ 8.6 |
177 | | class LSH384 : public LSH512_Base |
178 | | { |
179 | | public: |
180 | | /// \brief Digest size, in bytes |
181 | | /// \details LSH_512 uses LSH_GET_HASHBYTE(algType) for digest size, which is 48 |
182 | | CRYPTOPP_CONSTANT(DIGESTSIZE = 48); |
183 | | /// \brief Block size, in bytes |
184 | | /// \details LSH_512 uses LSH512_MSG_BLK_BYTE_LEN for block size, which is 256 |
185 | | CRYPTOPP_CONSTANT(BLOCKSIZE = LSH512_Base::BLOCKSIZE); |
186 | | |
187 | | /// \brief The algorithm's name |
188 | | /// \return the standard algorithm name |
189 | | /// \details The standard algorithm name can be a name like <tt>AES</tt> or <tt>AES/GCM</tt>. |
190 | | /// Some algorithms do not have standard names yet. For example, there is no standard |
191 | | /// algorithm name for Shoup's ECIES. |
192 | | /// \note StaticAlgorithmName is not universally implemented yet. |
193 | 5 | static std::string StaticAlgorithmName() { return "LSH-384"; } |
194 | | |
195 | | /// \brief Construct a LSH-384 |
196 | | /// \details LSH_TYPE_384 is the magic value 0x0010030 defined in lsh.cpp. |
197 | 164 | LSH384() : LSH512_Base(0x0010030, DIGESTSIZE) { Restart(); } |
198 | | |
199 | 0 | std::string AlgorithmName() const { return StaticAlgorithmName(); } |
200 | | }; |
201 | | |
202 | | /// \brief LSH-512 hash function |
203 | | /// \sa <A HREF="https://seed.kisa.or.kr/kisa/algorithm/EgovLSHInfo.do">LSH</A> |
204 | | /// on the Korea Internet & Security Agency (KISA) website. |
205 | | /// \since Crypto++ 8.6 |
206 | | class LSH512 : public LSH512_Base |
207 | | { |
208 | | public: |
209 | | /// \brief Digest size, in bytes |
210 | | /// \details LSH_512 uses LSH_GET_HASHBYTE(algType) for digest size, which is 64 |
211 | | CRYPTOPP_CONSTANT(DIGESTSIZE = 64); |
212 | | /// \brief Block size, in bytes |
213 | | /// \details LSH_512 uses LSH512_MSG_BLK_BYTE_LEN for block size, which is 256 |
214 | | CRYPTOPP_CONSTANT(BLOCKSIZE = LSH512_Base::BLOCKSIZE); |
215 | | |
216 | | /// \brief The algorithm's name |
217 | | /// \return the standard algorithm name |
218 | | /// \details The standard algorithm name can be a name like <tt>AES</tt> or <tt>AES/GCM</tt>. |
219 | | /// Some algorithms do not have standard names yet. For example, there is no standard |
220 | | /// algorithm name for Shoup's ECIES. |
221 | | /// \note StaticAlgorithmName is not universally implemented yet. |
222 | 1 | static std::string StaticAlgorithmName() { return "LSH-512"; } |
223 | | |
224 | | /// \brief Construct a LSH-512 |
225 | | /// \details LSH_TYPE_512 is the magic value 0x0010040 defined in lsh.cpp. |
226 | 156 | LSH512() : LSH512_Base(0x0010040, DIGESTSIZE) { Restart(); } |
227 | | |
228 | 0 | std::string AlgorithmName() const { return StaticAlgorithmName(); } |
229 | | }; |
230 | | |
231 | | /// \brief LSH-512-256 hash function |
232 | | /// \sa <A HREF="https://seed.kisa.or.kr/kisa/algorithm/EgovLSHInfo.do">LSH</A> |
233 | | /// on the Korea Internet & Security Agency (KISA) website. |
234 | | /// \since Crypto++ 8.6 |
235 | | class LSH512_256 : public LSH512_Base |
236 | | { |
237 | | public: |
238 | | /// \brief Digest size, in bytes |
239 | | /// \details LSH_512 uses LSH_GET_HASHBYTE(algType) for digest size, which is 32 |
240 | | CRYPTOPP_CONSTANT(DIGESTSIZE = 32); |
241 | | /// \brief Block size, in bytes |
242 | | /// \details LSH_512 uses LSH512_MSG_BLK_BYTE_LEN for block size, which is 256 |
243 | | CRYPTOPP_CONSTANT(BLOCKSIZE = LSH512_Base::BLOCKSIZE); |
244 | | |
245 | | /// \brief The algorithm's name |
246 | | /// \return the standard algorithm name |
247 | | /// \details The standard algorithm name can be a name like <tt>AES</tt> or <tt>AES/GCM</tt>. |
248 | | /// Some algorithms do not have standard names yet. For example, there is no standard |
249 | | /// algorithm name for Shoup's ECIES. |
250 | | /// \note StaticAlgorithmName is not universally implemented yet. |
251 | 4 | static std::string StaticAlgorithmName() { return "LSH-512-256"; } |
252 | | |
253 | | /// \brief Construct a LSH-512-256 |
254 | | /// \details LSH_TYPE_512_256 is the magic value 0x0010020 defined in lsh.cpp. |
255 | 147 | LSH512_256() : LSH512_Base(0x0010020, DIGESTSIZE) { Restart(); } |
256 | | |
257 | 0 | std::string AlgorithmName() const { return StaticAlgorithmName(); } |
258 | | }; |
259 | | |
260 | | NAMESPACE_END |
261 | | |
262 | | #endif // CRYPTOPP_LSH_H |