/src/libgcrypt/cipher/sm3.c

Source (jump to first uncovered line)
/* sm3.c - SM3 hash function
 * Copyright (C) 2017 Jia Zhang
 *
 * This file is part of Libgcrypt.
 *
 * Libgcrypt is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * Libgcrypt is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this program; if not, see <http://www.gnu.org/licenses/>.
 */


/*  Test vectors:

    "abc"
    SM3: 66c7f0f4 62eeedd9 d1f2d46b dc10e4e2 4167c487 5cf2f7a2 297da02b 8f4ba8e0

    "abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd"
    SM3: debe9ff9 2275b8a1 38604889 c18e5a4d 6fdb70e5 387e5765 293dcba3 9c0c5732

    "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
    SM3: 639b6cc5 e64d9e37 a390b192 df4fa1ea 0720ab74 7ff692b9 f38c4e66 ad7b8c05

    "a" one million times
    SM3: c8aaf894 29554029 e231941a 2acc0ad6 1ff2a5ac d8fadd25 847a3a73 2b3b02c3

 */


#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include "g10lib.h"
#include "bithelp.h"
#include "bufhelp.h"
#include "cipher.h"
#include "hash-common.h"


/* USE_AVX_BMI2 indicates whether to compile with Intel AVX/BMI2 code. */
#undef USE_AVX_BMI2
#if defined(__x86_64__) && defined(HAVE_GCC_INLINE_ASM_AVX) && \
    defined(HAVE_GCC_INLINE_ASM_BMI2) && \
    (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
     defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS))
# define USE_AVX_BMI2 1
#endif

/* USE_AARCH64_SIMD indicates whether to enable ARMv8 SIMD assembly
 * code. */
#undef USE_AARCH64_SIMD
#ifdef ENABLE_NEON_SUPPORT
# if defined(__AARCH64EL__) \
       && defined(HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS) \
       && defined(HAVE_GCC_INLINE_ASM_AARCH64_NEON)
#  define USE_AARCH64_SIMD 1
# endif
#endif

/* USE_ARM_CE indicates whether to enable ARMv8 Crypto Extension code. */
#undef USE_ARM_CE
#ifdef ENABLE_ARM_CRYPTO_SUPPORT
# if defined(__AARCH64EL__) && \
     defined(HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS) && \
     defined(HAVE_GCC_INLINE_ASM_AARCH64_CRYPTO)
#   define USE_ARM_CE 1
# endif
#endif


typedef struct {
  gcry_md_block_ctx_t bctx;
  u32 h[8];
} SM3_CONTEXT;


/* AMD64 assembly implementations use SystemV ABI, ABI conversion and additional
 * stack to store XMM6-XMM15 needed on Win64. */
#undef ASM_FUNC_ABI
#undef ASM_EXTRA_STACK
#if defined(USE_AVX_BMI2)
# ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS
#  define ASM_FUNC_ABI __attribute__((sysv_abi))
#  define ASM_EXTRA_STACK (10 * 16 + 4 * sizeof(void *))
# else
#  define ASM_FUNC_ABI
#  define ASM_EXTRA_STACK 0
# endif
#endif


#ifdef USE_AVX_BMI2
unsigned int _gcry_sm3_transform_amd64_avx_bmi2(void *state,
                                                const void *input_data,
                                                size_t num_blks) ASM_FUNC_ABI;

static unsigned int
do_sm3_transform_amd64_avx_bmi2(void *context, const unsigned char *data,
                                size_t nblks)
{
  SM3_CONTEXT *hd = context;
  unsigned int nburn = _gcry_sm3_transform_amd64_avx_bmi2 (hd->h, data, nblks);
  nburn += nburn ? ASM_EXTRA_STACK : 0;
  return nburn;
}
#endif /* USE_AVX_BMI2 */

#ifdef USE_AARCH64_SIMD
unsigned int _gcry_sm3_transform_aarch64(void *state, const void *input_data,
                                         size_t num_blks);

static unsigned int
do_sm3_transform_aarch64(void *context, const unsigned char *data, size_t nblks)
{
  SM3_CONTEXT *hd = context;
  return _gcry_sm3_transform_aarch64 (hd->h, data, nblks);
}
#endif /* USE_AARCH64_SIMD */

#ifdef USE_ARM_CE
void _gcry_sm3_transform_armv8_ce(void *state, const void *input_data,
                                    size_t num_blks);

static unsigned int
do_sm3_transform_armv8_ce(void *context, const unsigned char *data,
                            size_t nblks)
{
  SM3_CONTEXT *hd = context;
  _gcry_sm3_transform_armv8_ce (hd->h, data, nblks);
  return 0;
}
#endif /* USE_ARM_CE */


static unsigned int
transform (void *c, const unsigned char *data, size_t nblks);


static void
sm3_init (void *context, unsigned int flags)
{
  SM3_CONTEXT *hd = context;
  unsigned int features = _gcry_get_hw_features ();

  (void)flags;

  hd->h[0] = 0x7380166f;
  hd->h[1] = 0x4914b2b9;
  hd->h[2] = 0x172442d7;
  hd->h[3] = 0xda8a0600;
  hd->h[4] = 0xa96f30bc;
  hd->h[5] = 0x163138aa;
  hd->h[6] = 0xe38dee4d;
  hd->h[7] = 0xb0fb0e4e;

  hd->bctx.nblocks = 0;
  hd->bctx.nblocks_high = 0;
  hd->bctx.count = 0;
  hd->bctx.blocksize_shift = _gcry_ctz(64);
  hd->bctx.bwrite = transform;

#ifdef USE_AVX_BMI2
  if ((features & HWF_INTEL_AVX2) && (features & HWF_INTEL_BMI2))
    hd->bctx.bwrite = do_sm3_transform_amd64_avx_bmi2;
#endif
#ifdef USE_AARCH64_SIMD
  if (features & HWF_ARM_NEON)
    hd->bctx.bwrite = do_sm3_transform_aarch64;
#endif
#ifdef USE_ARM_CE
  if (features & HWF_ARM_SM3)
    hd->bctx.bwrite = do_sm3_transform_armv8_ce;
#endif

  (void)features;
}


/*
  Transform the message X which consists of 16 32-bit-words. See
  GM/T 004-2012 for details.  */
#define R(i,a,b,c,d,e,f,g,h,t,w1,w2) do                               \
          {                                                           \
            ss1 = rol ((rol ((a), 12) + (e) + (t)), 7);               \
            ss2 = ss1 ^ rol ((a), 12);                                \
            d += FF##i(a,b,c) + ss2 + ((w1) ^ (w2));                  \
            h += GG##i(e,f,g) + ss1 + (w1);                           \
            b = rol ((b), 9);                                         \
            f = rol ((f), 19);                                        \
            h = P0 ((h));                                             \
          } while (0)

#define R1(a,b,c,d,e,f,g,h,t,w1,w2) R(1,a,b,c,d,e,f,g,h,t,w1,w2)
#define R2(a,b,c,d,e,f,g,h,t,w1,w2) R(2,a,b,c,d,e,f,g,h,t,w1,w2)

#define FF1(x, y, z)  (x ^ y ^ z)

#define FF2(x, y, z)  ((x & y) | (x & z) | (y & z))

#define GG1(x, y, z)  (x ^ y ^ z)

#define GG2(x, y, z)  ((x & y) | ( ~x & z))

/* Message expansion */
#define P0(x) ((x) ^ rol ((x), 9) ^ rol ((x), 17))
#define P1(x) ((x) ^ rol ((x), 15) ^ rol ((x), 23))
#define I(i)  ( w[i] = buf_get_be32(data + i * 4) )
#define W1(i) ( w[i&0x0f] )
#define W2(i) ( w[i&0x0f] =   P1(w[i    &0x0f] \
                               ^ w[(i-9)&0x0f] \
                               ^ rol (w[(i-3)&0x0f], 15)) \
                            ^ rol (w[(i-13)&0x0f], 7) \
                            ^ w[(i-6)&0x0f] )

static unsigned int
transform_blk (void *ctx, const unsigned char *data)
{
  SM3_CONTEXT *hd = ctx;
  static const u32 K[64] = {
    0x79cc4519, 0xf3988a32, 0xe7311465, 0xce6228cb,
    0x9cc45197, 0x3988a32f, 0x7311465e, 0xe6228cbc,
    0xcc451979, 0x988a32f3, 0x311465e7, 0x6228cbce,
    0xc451979c, 0x88a32f39, 0x11465e73, 0x228cbce6,
    0x9d8a7a87, 0x3b14f50f, 0x7629ea1e, 0xec53d43c,
    0xd8a7a879, 0xb14f50f3, 0x629ea1e7, 0xc53d43ce,
    0x8a7a879d, 0x14f50f3b, 0x29ea1e76, 0x53d43cec,
    0xa7a879d8, 0x4f50f3b1, 0x9ea1e762, 0x3d43cec5,
    0x7a879d8a, 0xf50f3b14, 0xea1e7629, 0xd43cec53,
    0xa879d8a7, 0x50f3b14f, 0xa1e7629e, 0x43cec53d,
    0x879d8a7a, 0x0f3b14f5, 0x1e7629ea, 0x3cec53d4,
    0x79d8a7a8, 0xf3b14f50, 0xe7629ea1, 0xcec53d43,
    0x9d8a7a87, 0x3b14f50f, 0x7629ea1e, 0xec53d43c,
    0xd8a7a879, 0xb14f50f3, 0x629ea1e7, 0xc53d43ce,
    0x8a7a879d, 0x14f50f3b, 0x29ea1e76, 0x53d43cec,
    0xa7a879d8, 0x4f50f3b1, 0x9ea1e762, 0x3d43cec5
  };

  u32 a,b,c,d,e,f,g,h,ss1,ss2;
  u32 w[16];

  a = hd->h[0];
  b = hd->h[1];
  c = hd->h[2];
  d = hd->h[3];
  e = hd->h[4];
  f = hd->h[5];
  g = hd->h[6];
  h = hd->h[7];

  R1(a, b, c, d, e, f, g, h, K[0], I(0), I(4));
  R1(d, a, b, c, h, e, f, g, K[1], I(1), I(5));
  R1(c, d, a, b, g, h, e, f, K[2], I(2), I(6));
  R1(b, c, d, a, f, g, h, e, K[3], I(3), I(7));
  R1(a, b, c, d, e, f, g, h, K[4], W1(4), I(8));
  R1(d, a, b, c, h, e, f, g, K[5], W1(5), I(9));
  R1(c, d, a, b, g, h, e, f, K[6], W1(6), I(10));
  R1(b, c, d, a, f, g, h, e, K[7], W1(7), I(11));
  R1(a, b, c, d, e, f, g, h, K[8], W1(8), I(12));
  R1(d, a, b, c, h, e, f, g, K[9], W1(9), I(13));
  R1(c, d, a, b, g, h, e, f, K[10], W1(10), I(14));
  R1(b, c, d, a, f, g, h, e, K[11], W1(11), I(15));
  R1(a, b, c, d, e, f, g, h, K[12], W1(12), W2(16));
  R1(d, a, b, c, h, e, f, g, K[13], W1(13), W2(17));
  R1(c, d, a, b, g, h, e, f, K[14], W1(14), W2(18));
  R1(b, c, d, a, f, g, h, e, K[15], W1(15), W2(19));

  R2(a, b, c, d, e, f, g, h, K[16], W1(16), W2(20));
  R2(d, a, b, c, h, e, f, g, K[17], W1(17), W2(21));
  R2(c, d, a, b, g, h, e, f, K[18], W1(18), W2(22));
  R2(b, c, d, a, f, g, h, e, K[19], W1(19), W2(23));
  R2(a, b, c, d, e, f, g, h, K[20], W1(20), W2(24));
  R2(d, a, b, c, h, e, f, g, K[21], W1(21), W2(25));
  R2(c, d, a, b, g, h, e, f, K[22], W1(22), W2(26));
  R2(b, c, d, a, f, g, h, e, K[23], W1(23), W2(27));
  R2(a, b, c, d, e, f, g, h, K[24], W1(24), W2(28));
  R2(d, a, b, c, h, e, f, g, K[25], W1(25), W2(29));
  R2(c, d, a, b, g, h, e, f, K[26], W1(26), W2(30));
  R2(b, c, d, a, f, g, h, e, K[27], W1(27), W2(31));
  R2(a, b, c, d, e, f, g, h, K[28], W1(28), W2(32));
  R2(d, a, b, c, h, e, f, g, K[29], W1(29), W2(33));
  R2(c, d, a, b, g, h, e, f, K[30], W1(30), W2(34));
  R2(b, c, d, a, f, g, h, e, K[31], W1(31), W2(35));

  R2(a, b, c, d, e, f, g, h, K[32], W1(32), W2(36));
  R2(d, a, b, c, h, e, f, g, K[33], W1(33), W2(37));
  R2(c, d, a, b, g, h, e, f, K[34], W1(34), W2(38));
  R2(b, c, d, a, f, g, h, e, K[35], W1(35), W2(39));
  R2(a, b, c, d, e, f, g, h, K[36], W1(36), W2(40));
  R2(d, a, b, c, h, e, f, g, K[37], W1(37), W2(41));
  R2(c, d, a, b, g, h, e, f, K[38], W1(38), W2(42));
  R2(b, c, d, a, f, g, h, e, K[39], W1(39), W2(43));
  R2(a, b, c, d, e, f, g, h, K[40], W1(40), W2(44));
  R2(d, a, b, c, h, e, f, g, K[41], W1(41), W2(45));
  R2(c, d, a, b, g, h, e, f, K[42], W1(42), W2(46));
  R2(b, c, d, a, f, g, h, e, K[43], W1(43), W2(47));
  R2(a, b, c, d, e, f, g, h, K[44], W1(44), W2(48));
  R2(d, a, b, c, h, e, f, g, K[45], W1(45), W2(49));
  R2(c, d, a, b, g, h, e, f, K[46], W1(46), W2(50));
  R2(b, c, d, a, f, g, h, e, K[47], W1(47), W2(51));

  R2(a, b, c, d, e, f, g, h, K[48], W1(48), W2(52));
  R2(d, a, b, c, h, e, f, g, K[49], W1(49), W2(53));
  R2(c, d, a, b, g, h, e, f, K[50], W1(50), W2(54));
  R2(b, c, d, a, f, g, h, e, K[51], W1(51), W2(55));
  R2(a, b, c, d, e, f, g, h, K[52], W1(52), W2(56));
  R2(d, a, b, c, h, e, f, g, K[53], W1(53), W2(57));
  R2(c, d, a, b, g, h, e, f, K[54], W1(54), W2(58));
  R2(b, c, d, a, f, g, h, e, K[55], W1(55), W2(59));
  R2(a, b, c, d, e, f, g, h, K[56], W1(56), W2(60));
  R2(d, a, b, c, h, e, f, g, K[57], W1(57), W2(61));
  R2(c, d, a, b, g, h, e, f, K[58], W1(58), W2(62));
  R2(b, c, d, a, f, g, h, e, K[59], W1(59), W2(63));
  R2(a, b, c, d, e, f, g, h, K[60], W1(60), W2(64));
  R2(d, a, b, c, h, e, f, g, K[61], W1(61), W2(65));
  R2(c, d, a, b, g, h, e, f, K[62], W1(62), W2(66));
  R2(b, c, d, a, f, g, h, e, K[63], W1(63), W2(67));

  hd->h[0] ^= a;
  hd->h[1] ^= b;
  hd->h[2] ^= c;
  hd->h[3] ^= d;
  hd->h[4] ^= e;
  hd->h[5] ^= f;
  hd->h[6] ^= g;
  hd->h[7] ^= h;

  return /*burn_stack*/ 26*4+32;
}
#undef P0
#undef P1
#undef R
#undef R1
#undef R2

static unsigned int
transform (void *ctx, const unsigned char *data, size_t nblks)
{
  SM3_CONTEXT *hd = ctx;
  unsigned int burn;

  do
    {
      burn = transform_blk (hd, data);
      data += 64;
    }
  while (--nblks);

  return burn;
}


/*
   The routine finally terminates the computation and returns the
   digest.  The handle is prepared for a new cycle, but adding bytes
   to the handle will the destroy the returned buffer.  Returns: 32
   bytes with the message the digest.  */
static void
sm3_final(void *context)
{
  SM3_CONTEXT *hd = context;
  u32 t, th, msb, lsb;
  byte *p;
  unsigned int burn;

  t = hd->bctx.nblocks;
  if (sizeof t == sizeof hd->bctx.nblocks)
    th = hd->bctx.nblocks_high;
  else
    th = hd->bctx.nblocks >> 32;

  /* multiply by 64 to make a byte count */
  lsb = t << 6;
  msb = (th << 6) | (t >> 26);
  /* add the count */
  t = lsb;
  if ((lsb += hd->bctx.count) < t)
    msb++;
  /* multiply by 8 to make a bit count */
  t = lsb;
  lsb <<= 3;
  msb <<= 3;
  msb |= t >> 29;

  if (hd->bctx.count < 56)  /* enough room */
    {
      hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad */
      if (hd->bctx.count < 56)
  memset (&hd->bctx.buf[hd->bctx.count], 0, 56 - hd->bctx.count);

      /* append the 64 bit count */
      buf_put_be32(hd->bctx.buf + 56, msb);
      buf_put_be32(hd->bctx.buf + 60, lsb);
      burn = (*hd->bctx.bwrite) ( hd, hd->bctx.buf, 1 );
    }
  else  /* need one extra block */
    {
      hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad character */
      /* fill pad and next block with zeroes */
      memset (&hd->bctx.buf[hd->bctx.count], 0, 64 - hd->bctx.count + 56);

      /* append the 64 bit count */
      buf_put_be32(hd->bctx.buf + 64 + 56, msb);
      buf_put_be32(hd->bctx.buf + 64 + 60, lsb);
      burn = (*hd->bctx.bwrite) ( hd, hd->bctx.buf, 2 );
    }

  p = hd->bctx.buf;
#define X(a) do { buf_put_be32(p, hd->h[a]); p += 4; } while(0)
  X(0);
  X(1);
  X(2);
  X(3);
  X(4);
  X(5);
  X(6);
  X(7);
#undef X

  hd->bctx.count = 0;

  _gcry_burn_stack (burn);
}

static byte *
sm3_read (void *context)
{
  SM3_CONTEXT *hd = context;

  return hd->bctx.buf;
}


/* Shortcut functions which puts the hash value of the supplied buffer iov
 * into outbuf which must have a size of 32 bytes.  */
static void
_gcry_sm3_hash_buffers (void *outbuf, size_t nbytes,
      const gcry_buffer_t *iov, int iovcnt)
{
  SM3_CONTEXT hd;

  (void)nbytes;

  sm3_init (&hd, 0);
  for (;iovcnt > 0; iov++, iovcnt--)
    _gcry_md_block_write (&hd,
                          (const char*)iov[0].data + iov[0].off, iov[0].len);
  sm3_final (&hd);
  memcpy (outbuf, hd.bctx.buf, 32);
}



/*
     Self-test section.
 */


static gpg_err_code_t
selftests_sm3 (int extended, selftest_report_func_t report)
{
  const char *what;
  const char *errtxt;

  what = "short string (spec example 1)";
  errtxt = _gcry_hash_selftest_check_one
    (GCRY_MD_SM3, 0,
     "abc", 3,
     "\x66\xc7\xf0\xf4\x62\xee\xed\xd9\xd1\xf2\xd4\x6b\xdc\x10\xe4\xe2"
     "\x41\x67\xc4\x87\x5c\xf2\xf7\xa2\x29\x7d\xa0\x2b\x8f\x4b\xa8\xe0", 32);
  if (errtxt)
    goto failed;

  if (extended)
    {
      what = "long string (spec example 2)";
      errtxt = _gcry_hash_selftest_check_one
        (GCRY_MD_SM3, 0,
         "abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd", 64,
         "\xde\xbe\x9f\xf9\x22\x75\xb8\xa1\x38\x60\x48\x89\xc1\x8e\x5a\x4d"
         "\x6f\xdb\x70\xe5\x38\x7e\x57\x65\x29\x3d\xcb\xa3\x9c\x0c\x57\x32",
         32);
      if (errtxt)
        goto failed;

      what = "long string";
      errtxt = _gcry_hash_selftest_check_one
        (GCRY_MD_SM3, 0,
         "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56,
         "\x63\x9b\x6c\xc5\xe6\x4d\x9e\x37\xa3\x90\xb1\x92\xdf\x4f\xa1\xea"
         "\x07\x20\xab\x74\x7f\xf6\x92\xb9\xf3\x8c\x4e\x66\xad\x7b\x8c\x05",
         32);
      if (errtxt)
        goto failed;

      what = "one million \"a\"";
      errtxt = _gcry_hash_selftest_check_one
        (GCRY_MD_SM3, 1,
         NULL, 0,
         "\xc8\xaa\xf8\x94\x29\x55\x40\x29\xe2\x31\x94\x1a\x2a\xcc\x0a\xd6"
         "\x1f\xf2\xa5\xac\xd8\xfa\xdd\x25\x84\x7a\x3a\x73\x2b\x3b\x02\xc3",
         32);
      if (errtxt)
        goto failed;
    }

  return 0; /* Succeeded. */

 failed:
  if (report)
    report ("digest", GCRY_MD_SM3, what, errtxt);
  return GPG_ERR_SELFTEST_FAILED;
}


/* Run a full self-test for ALGO and return 0 on success.  */
static gpg_err_code_t
run_selftests (int algo, int extended, selftest_report_func_t report)
{
  gpg_err_code_t ec;

  switch (algo)
    {
    case GCRY_MD_SM3:
      ec = selftests_sm3 (extended, report);
      break;
    default:
      ec = GPG_ERR_DIGEST_ALGO;
      break;

    }
  return ec;
}

static const byte asn_sm3[] = /* Object ID is 1.2.156.10197.401 */
  { 0x30, 0x2F, 0x30, 0x0B, 0x06, 0x07, 0x2A, 0x81,
    0x1C, 0xCF, 0x55, 0x83, 0x11, 0x05, 0x00, 0x04,
    0x20 };

static const gcry_md_oid_spec_t oid_spec_sm3[] =
  {
    /* China Electronics Standardization Instutute,
       OID White paper (2015), Table 6 */
    { "1.2.156.10197.401" },
    { NULL },
  };

const gcry_md_spec_t _gcry_digest_spec_sm3 =
  {
    GCRY_MD_SM3, {0, 0},
    "SM3", asn_sm3, DIM (asn_sm3), oid_spec_sm3, 32,
    sm3_init, _gcry_md_block_write, sm3_final, sm3_read, NULL,
    _gcry_sm3_hash_buffers,
    sizeof (SM3_CONTEXT),
    run_selftests
  };

Coverage Report

Created: 2022-12-08 06:09

Line	Count	Source (jump to first uncovered line)
1		/* sm3.c - SM3 hash function
2		* Copyright (C) 2017 Jia Zhang
3		*
4		* This file is part of Libgcrypt.
5		*
6		* Libgcrypt is free software; you can redistribute it and/or modify
7		* it under the terms of the GNU Lesser General Public License as
8		* published by the Free Software Foundation; either version 2.1 of
9		* the License, or (at your option) any later version.
10		*
11		* Libgcrypt is distributed in the hope that it will be useful,
12		* but WITHOUT ANY WARRANTY; without even the implied warranty of
13		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14		* GNU Lesser General Public License for more details.
15		*
16		* You should have received a copy of the GNU Lesser General Public
17		* License along with this program; if not, see <http://www.gnu.org/licenses/>.
18		*/
19
20
21		/* Test vectors:
22
23		"abc"
24		SM3: 66c7f0f4 62eeedd9 d1f2d46b dc10e4e2 4167c487 5cf2f7a2 297da02b 8f4ba8e0
25
26		"abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd"
27		SM3: debe9ff9 2275b8a1 38604889 c18e5a4d 6fdb70e5 387e5765 293dcba3 9c0c5732
28
29		"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
30		SM3: 639b6cc5 e64d9e37 a390b192 df4fa1ea 0720ab74 7ff692b9 f38c4e66 ad7b8c05
31
32		"a" one million times
33		SM3: c8aaf894 29554029 e231941a 2acc0ad6 1ff2a5ac d8fadd25 847a3a73 2b3b02c3
34
35		*/
36
37
38		#include <config.h>
39		#include <stdio.h>
40		#include <stdlib.h>
41		#include <string.h>
42
43		#include "g10lib.h"
44		#include "bithelp.h"
45		#include "bufhelp.h"
46		#include "cipher.h"
47		#include "hash-common.h"
48
49
50		/* USE_AVX_BMI2 indicates whether to compile with Intel AVX/BMI2 code. */
51		#undef USE_AVX_BMI2
52		#if defined(__x86_64__) && defined(HAVE_GCC_INLINE_ASM_AVX) && \
53		defined(HAVE_GCC_INLINE_ASM_BMI2) && \
54		(defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) \|\| \
55		defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS))
56		# define USE_AVX_BMI2 1
57		#endif
58
59		/* USE_AARCH64_SIMD indicates whether to enable ARMv8 SIMD assembly
60		* code. */
61		#undef USE_AARCH64_SIMD
62		#ifdef ENABLE_NEON_SUPPORT
63		# if defined(__AARCH64EL__) \
64		&& defined(HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS) \
65		&& defined(HAVE_GCC_INLINE_ASM_AARCH64_NEON)
66		# define USE_AARCH64_SIMD 1
67		# endif
68		#endif
69
70		/* USE_ARM_CE indicates whether to enable ARMv8 Crypto Extension code. */
71		#undef USE_ARM_CE
72		#ifdef ENABLE_ARM_CRYPTO_SUPPORT
73		# if defined(__AARCH64EL__) && \
74		defined(HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS) && \
75		defined(HAVE_GCC_INLINE_ASM_AARCH64_CRYPTO)
76		# define USE_ARM_CE 1
77		# endif
78		#endif
79
80
81		typedef struct {
82		gcry_md_block_ctx_t bctx;
83		u32 h[8];
84		} SM3_CONTEXT;
85
86
87		/* AMD64 assembly implementations use SystemV ABI, ABI conversion and additional
88		* stack to store XMM6-XMM15 needed on Win64. */
89		#undef ASM_FUNC_ABI
90		#undef ASM_EXTRA_STACK
91		#if defined(USE_AVX_BMI2)
92		# ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS
93		# define ASM_FUNC_ABI __attribute__((sysv_abi))
94		# define ASM_EXTRA_STACK (10 * 16 + 4 * sizeof(void *))
95		# else
96		# define ASM_FUNC_ABI
97	0	# define ASM_EXTRA_STACK 0
98		# endif
99		#endif
100
101
102		#ifdef USE_AVX_BMI2
103		unsigned int _gcry_sm3_transform_amd64_avx_bmi2(void *state,
104		const void *input_data,
105		size_t num_blks) ASM_FUNC_ABI;
106
107		static unsigned int
108		do_sm3_transform_amd64_avx_bmi2(void context, const unsigned char data,
109		size_t nblks)
110	0	{
111	0	SM3_CONTEXT *hd = context;
112	0	unsigned int nburn = _gcry_sm3_transform_amd64_avx_bmi2 (hd->h, data, nblks);
113	0	nburn += nburn ? ASM_EXTRA_STACK : 0;
114	0	return nburn;
115	0	}
116		#endif /* USE_AVX_BMI2 */
117
118		#ifdef USE_AARCH64_SIMD
119		unsigned int _gcry_sm3_transform_aarch64(void state, const void input_data,
120		size_t num_blks);
121
122		static unsigned int
123		do_sm3_transform_aarch64(void context, const unsigned char data, size_t nblks)
124		{
125		SM3_CONTEXT *hd = context;
126		return _gcry_sm3_transform_aarch64 (hd->h, data, nblks);
127		}
128		#endif /* USE_AARCH64_SIMD */
129
130		#ifdef USE_ARM_CE
131		void _gcry_sm3_transform_armv8_ce(void state, const void input_data,
132		size_t num_blks);
133
134		static unsigned int
135		do_sm3_transform_armv8_ce(void context, const unsigned char data,
136		size_t nblks)
137		{
138		SM3_CONTEXT *hd = context;
139		_gcry_sm3_transform_armv8_ce (hd->h, data, nblks);
140		return 0;
141		}
142		#endif /* USE_ARM_CE */
143
144
145		static unsigned int
146		transform (void c, const unsigned char data, size_t nblks);
147
148
149		static void
150		sm3_init (void *context, unsigned int flags)
151	0	{
152	0	SM3_CONTEXT *hd = context;
153	0	unsigned int features = _gcry_get_hw_features ();
154
155	0	(void)flags;
156
157	0	hd->h[0] = 0x7380166f;
158	0	hd->h[1] = 0x4914b2b9;
159	0	hd->h[2] = 0x172442d7;
160	0	hd->h[3] = 0xda8a0600;
161	0	hd->h[4] = 0xa96f30bc;
162	0	hd->h[5] = 0x163138aa;
163	0	hd->h[6] = 0xe38dee4d;
164	0	hd->h[7] = 0xb0fb0e4e;
165
166	0	hd->bctx.nblocks = 0;
167	0	hd->bctx.nblocks_high = 0;
168	0	hd->bctx.count = 0;
169	0	hd->bctx.blocksize_shift = _gcry_ctz(64);
170	0	hd->bctx.bwrite = transform;
171
172	0	#ifdef USE_AVX_BMI2
173	0	if ((features & HWF_INTEL_AVX2) && (features & HWF_INTEL_BMI2))
174	0	hd->bctx.bwrite = do_sm3_transform_amd64_avx_bmi2;
175	0	#endif
176		#ifdef USE_AARCH64_SIMD
177		if (features & HWF_ARM_NEON)
178		hd->bctx.bwrite = do_sm3_transform_aarch64;
179		#endif
180		#ifdef USE_ARM_CE
181		if (features & HWF_ARM_SM3)
182		hd->bctx.bwrite = do_sm3_transform_armv8_ce;
183		#endif
184
185	0	(void)features;
186	0	}
187
188
189		/*
190		Transform the message X which consists of 16 32-bit-words. See
191		GM/T 004-2012 for details. */
192	0	#define R(i,a,b,c,d,e,f,g,h,t,w1,w2) do \
193	0	{ \
194	0	ss1 = rol ((rol ((a), 12) + (e) + (t)), 7); \
195	0	ss2 = ss1 ^ rol ((a), 12); \
196	0	d += FF##i(a,b,c) + ss2 + ((w1) ^ (w2)); \
197	0	h += GG##i(e,f,g) + ss1 + (w1); \
198	0	b = rol ((b), 9); \
199	0	f = rol ((f), 19); \
200	0	h = P0 ((h)); \
201	0	} while (0)
202
203	0	#define R1(a,b,c,d,e,f,g,h,t,w1,w2) R(1,a,b,c,d,e,f,g,h,t,w1,w2)
204	0	#define R2(a,b,c,d,e,f,g,h,t,w1,w2) R(2,a,b,c,d,e,f,g,h,t,w1,w2)
205
206	0	#define FF1(x, y, z) (x ^ y ^ z)
207
208	0	#define FF2(x, y, z) ((x & y) \| (x & z) \| (y & z))
209
210	0	#define GG1(x, y, z) (x ^ y ^ z)
211
212	0	#define GG2(x, y, z) ((x & y) \| ( ~x & z))
213
214		/* Message expansion */
215	0	#define P0(x) ((x) ^ rol ((x), 9) ^ rol ((x), 17))
216		#define P1(x) ((x) ^ rol ((x), 15) ^ rol ((x), 23))
217		#define I(i) ( w[i] = buf_get_be32(data + i * 4) )
218		#define W1(i) ( w[i&0x0f] )
219		#define W2(i) ( w[i&0x0f] = P1(w[i &0x0f] \
220		^ w[(i-9)&0x0f] \
221		^ rol (w[(i-3)&0x0f], 15)) \
222		^ rol (w[(i-13)&0x0f], 7) \
223		^ w[(i-6)&0x0f] )
224
225		static unsigned int
226		transform_blk (void ctx, const unsigned char data)
227	0	{
228	0	SM3_CONTEXT *hd = ctx;
229	0	static const u32 K[64] = {
230	0	0x79cc4519, 0xf3988a32, 0xe7311465, 0xce6228cb,
231	0	0x9cc45197, 0x3988a32f, 0x7311465e, 0xe6228cbc,
232	0	0xcc451979, 0x988a32f3, 0x311465e7, 0x6228cbce,
233	0	0xc451979c, 0x88a32f39, 0x11465e73, 0x228cbce6,
234	0	0x9d8a7a87, 0x3b14f50f, 0x7629ea1e, 0xec53d43c,
235	0	0xd8a7a879, 0xb14f50f3, 0x629ea1e7, 0xc53d43ce,
236	0	0x8a7a879d, 0x14f50f3b, 0x29ea1e76, 0x53d43cec,
237	0	0xa7a879d8, 0x4f50f3b1, 0x9ea1e762, 0x3d43cec5,
238	0	0x7a879d8a, 0xf50f3b14, 0xea1e7629, 0xd43cec53,
239	0	0xa879d8a7, 0x50f3b14f, 0xa1e7629e, 0x43cec53d,
240	0	0x879d8a7a, 0x0f3b14f5, 0x1e7629ea, 0x3cec53d4,
241	0	0x79d8a7a8, 0xf3b14f50, 0xe7629ea1, 0xcec53d43,
242	0	0x9d8a7a87, 0x3b14f50f, 0x7629ea1e, 0xec53d43c,
243	0	0xd8a7a879, 0xb14f50f3, 0x629ea1e7, 0xc53d43ce,
244	0	0x8a7a879d, 0x14f50f3b, 0x29ea1e76, 0x53d43cec,
245	0	0xa7a879d8, 0x4f50f3b1, 0x9ea1e762, 0x3d43cec5
246	0	};
247
248	0	u32 a,b,c,d,e,f,g,h,ss1,ss2;
249	0	u32 w[16];
250
251	0	a = hd->h[0];
252	0	b = hd->h[1];
253	0	c = hd->h[2];
254	0	d = hd->h[3];
255	0	e = hd->h[4];
256	0	f = hd->h[5];
257	0	g = hd->h[6];
258	0	h = hd->h[7];
259
260	0	R1(a, b, c, d, e, f, g, h, K[0], I(0), I(4));
261	0	R1(d, a, b, c, h, e, f, g, K[1], I(1), I(5));
262	0	R1(c, d, a, b, g, h, e, f, K[2], I(2), I(6));
263	0	R1(b, c, d, a, f, g, h, e, K[3], I(3), I(7));
264	0	R1(a, b, c, d, e, f, g, h, K[4], W1(4), I(8));
265	0	R1(d, a, b, c, h, e, f, g, K[5], W1(5), I(9));
266	0	R1(c, d, a, b, g, h, e, f, K[6], W1(6), I(10));
267	0	R1(b, c, d, a, f, g, h, e, K[7], W1(7), I(11));
268	0	R1(a, b, c, d, e, f, g, h, K[8], W1(8), I(12));
269	0	R1(d, a, b, c, h, e, f, g, K[9], W1(9), I(13));
270	0	R1(c, d, a, b, g, h, e, f, K[10], W1(10), I(14));
271	0	R1(b, c, d, a, f, g, h, e, K[11], W1(11), I(15));
272	0	R1(a, b, c, d, e, f, g, h, K[12], W1(12), W2(16));
273	0	R1(d, a, b, c, h, e, f, g, K[13], W1(13), W2(17));
274	0	R1(c, d, a, b, g, h, e, f, K[14], W1(14), W2(18));
275	0	R1(b, c, d, a, f, g, h, e, K[15], W1(15), W2(19));
276
277	0	R2(a, b, c, d, e, f, g, h, K[16], W1(16), W2(20));
278	0	R2(d, a, b, c, h, e, f, g, K[17], W1(17), W2(21));
279	0	R2(c, d, a, b, g, h, e, f, K[18], W1(18), W2(22));
280	0	R2(b, c, d, a, f, g, h, e, K[19], W1(19), W2(23));
281	0	R2(a, b, c, d, e, f, g, h, K[20], W1(20), W2(24));
282	0	R2(d, a, b, c, h, e, f, g, K[21], W1(21), W2(25));
283	0	R2(c, d, a, b, g, h, e, f, K[22], W1(22), W2(26));
284	0	R2(b, c, d, a, f, g, h, e, K[23], W1(23), W2(27));
285	0	R2(a, b, c, d, e, f, g, h, K[24], W1(24), W2(28));
286	0	R2(d, a, b, c, h, e, f, g, K[25], W1(25), W2(29));
287	0	R2(c, d, a, b, g, h, e, f, K[26], W1(26), W2(30));
288	0	R2(b, c, d, a, f, g, h, e, K[27], W1(27), W2(31));
289	0	R2(a, b, c, d, e, f, g, h, K[28], W1(28), W2(32));
290	0	R2(d, a, b, c, h, e, f, g, K[29], W1(29), W2(33));
291	0	R2(c, d, a, b, g, h, e, f, K[30], W1(30), W2(34));
292	0	R2(b, c, d, a, f, g, h, e, K[31], W1(31), W2(35));
293
294	0	R2(a, b, c, d, e, f, g, h, K[32], W1(32), W2(36));
295	0	R2(d, a, b, c, h, e, f, g, K[33], W1(33), W2(37));
296	0	R2(c, d, a, b, g, h, e, f, K[34], W1(34), W2(38));
297	0	R2(b, c, d, a, f, g, h, e, K[35], W1(35), W2(39));
298	0	R2(a, b, c, d, e, f, g, h, K[36], W1(36), W2(40));
299	0	R2(d, a, b, c, h, e, f, g, K[37], W1(37), W2(41));
300	0	R2(c, d, a, b, g, h, e, f, K[38], W1(38), W2(42));
301	0	R2(b, c, d, a, f, g, h, e, K[39], W1(39), W2(43));
302	0	R2(a, b, c, d, e, f, g, h, K[40], W1(40), W2(44));
303	0	R2(d, a, b, c, h, e, f, g, K[41], W1(41), W2(45));
304	0	R2(c, d, a, b, g, h, e, f, K[42], W1(42), W2(46));
305	0	R2(b, c, d, a, f, g, h, e, K[43], W1(43), W2(47));
306	0	R2(a, b, c, d, e, f, g, h, K[44], W1(44), W2(48));
307	0	R2(d, a, b, c, h, e, f, g, K[45], W1(45), W2(49));
308	0	R2(c, d, a, b, g, h, e, f, K[46], W1(46), W2(50));
309	0	R2(b, c, d, a, f, g, h, e, K[47], W1(47), W2(51));
310
311	0	R2(a, b, c, d, e, f, g, h, K[48], W1(48), W2(52));
312	0	R2(d, a, b, c, h, e, f, g, K[49], W1(49), W2(53));
313	0	R2(c, d, a, b, g, h, e, f, K[50], W1(50), W2(54));
314	0	R2(b, c, d, a, f, g, h, e, K[51], W1(51), W2(55));
315	0	R2(a, b, c, d, e, f, g, h, K[52], W1(52), W2(56));
316	0	R2(d, a, b, c, h, e, f, g, K[53], W1(53), W2(57));
317	0	R2(c, d, a, b, g, h, e, f, K[54], W1(54), W2(58));
318	0	R2(b, c, d, a, f, g, h, e, K[55], W1(55), W2(59));
319	0	R2(a, b, c, d, e, f, g, h, K[56], W1(56), W2(60));
320	0	R2(d, a, b, c, h, e, f, g, K[57], W1(57), W2(61));
321	0	R2(c, d, a, b, g, h, e, f, K[58], W1(58), W2(62));
322	0	R2(b, c, d, a, f, g, h, e, K[59], W1(59), W2(63));
323	0	R2(a, b, c, d, e, f, g, h, K[60], W1(60), W2(64));
324	0	R2(d, a, b, c, h, e, f, g, K[61], W1(61), W2(65));
325	0	R2(c, d, a, b, g, h, e, f, K[62], W1(62), W2(66));
326	0	R2(b, c, d, a, f, g, h, e, K[63], W1(63), W2(67));
327
328	0	hd->h[0] ^= a;
329	0	hd->h[1] ^= b;
330	0	hd->h[2] ^= c;
331	0	hd->h[3] ^= d;
332	0	hd->h[4] ^= e;
333	0	hd->h[5] ^= f;
334	0	hd->h[6] ^= g;
335	0	hd->h[7] ^= h;
336
337	0	return /burn_stack/ 26*4+32;
338	0	}
339		#undef P0
340		#undef P1
341		#undef R
342		#undef R1
343		#undef R2
344
345		static unsigned int
346		transform (void ctx, const unsigned char data, size_t nblks)
347	0	{
348	0	SM3_CONTEXT *hd = ctx;
349	0	unsigned int burn;
350
351	0	do
352	0	{
353	0	burn = transform_blk (hd, data);
354	0	data += 64;
355	0	}
356	0	while (--nblks);
357
358	0	return burn;
359	0	}
360
361
362		/*
363		The routine finally terminates the computation and returns the
364		digest. The handle is prepared for a new cycle, but adding bytes
365		to the handle will the destroy the returned buffer. Returns: 32
366		bytes with the message the digest. */
367		static void
368		sm3_final(void *context)
369	0	{
370	0	SM3_CONTEXT *hd = context;
371	0	u32 t, th, msb, lsb;
372	0	byte *p;
373	0	unsigned int burn;
374
375	0	t = hd->bctx.nblocks;
376	0	if (sizeof t == sizeof hd->bctx.nblocks)
377	0	th = hd->bctx.nblocks_high;
378	0	else
379	0	th = hd->bctx.nblocks >> 32;
380
381		/* multiply by 64 to make a byte count */
382	0	lsb = t << 6;
383	0	msb = (th << 6) \| (t >> 26);
384		/* add the count */
385	0	t = lsb;
386	0	if ((lsb += hd->bctx.count) < t)
387	0	msb++;
388		/* multiply by 8 to make a bit count */
389	0	t = lsb;
390	0	lsb <<= 3;
391	0	msb <<= 3;
392	0	msb \|= t >> 29;
393
394	0	if (hd->bctx.count < 56) /* enough room */
395	0	{
396	0	hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad */
397	0	if (hd->bctx.count < 56)
398	0	memset (&hd->bctx.buf[hd->bctx.count], 0, 56 - hd->bctx.count);
399
400		/* append the 64 bit count */
401	0	buf_put_be32(hd->bctx.buf + 56, msb);
402	0	buf_put_be32(hd->bctx.buf + 60, lsb);
403	0	burn = (*hd->bctx.bwrite) ( hd, hd->bctx.buf, 1 );
404	0	}
405	0	else /* need one extra block */
406	0	{
407	0	hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad character */
408		/* fill pad and next block with zeroes */
409	0	memset (&hd->bctx.buf[hd->bctx.count], 0, 64 - hd->bctx.count + 56);
410
411		/* append the 64 bit count */
412	0	buf_put_be32(hd->bctx.buf + 64 + 56, msb);
413	0	buf_put_be32(hd->bctx.buf + 64 + 60, lsb);
414	0	burn = (*hd->bctx.bwrite) ( hd, hd->bctx.buf, 2 );
415	0	}
416
417	0	p = hd->bctx.buf;
418	0	#define X(a) do { buf_put_be32(p, hd->h[a]); p += 4; } while(0)
419	0	X(0);
420	0	X(1);
421	0	X(2);
422	0	X(3);
423	0	X(4);
424	0	X(5);
425	0	X(6);
426	0	X(7);
427	0	#undef X
428
429	0	hd->bctx.count = 0;
430
431	0	_gcry_burn_stack (burn);
432	0	}
433
434		static byte *
435		sm3_read (void *context)
436	0	{
437	0	SM3_CONTEXT *hd = context;
438
439	0	return hd->bctx.buf;
440	0	}
441
442
443		/* Shortcut functions which puts the hash value of the supplied buffer iov
444		* into outbuf which must have a size of 32 bytes. */
445		static void
446		_gcry_sm3_hash_buffers (void *outbuf, size_t nbytes,
447		const gcry_buffer_t *iov, int iovcnt)
448	0	{
449	0	SM3_CONTEXT hd;
450
451	0	(void)nbytes;
452
453	0	sm3_init (&hd, 0);
454	0	for (;iovcnt > 0; iov++, iovcnt--)
455	0	_gcry_md_block_write (&hd,
456	0	(const char*)iov[0].data + iov[0].off, iov[0].len);
457	0	sm3_final (&hd);
458	0	memcpy (outbuf, hd.bctx.buf, 32);
459	0	}
460
461
462
463		/*
464		Self-test section.
465		*/
466
467
468		static gpg_err_code_t
469		selftests_sm3 (int extended, selftest_report_func_t report)
470	0	{
471	0	const char *what;
472	0	const char *errtxt;
473
474	0	what = "short string (spec example 1)";
475	0	errtxt = _gcry_hash_selftest_check_one
476	0	(GCRY_MD_SM3, 0,
477	0	"abc", 3,
478	0	"\x66\xc7\xf0\xf4\x62\xee\xed\xd9\xd1\xf2\xd4\x6b\xdc\x10\xe4\xe2"
479	0	"\x41\x67\xc4\x87\x5c\xf2\xf7\xa2\x29\x7d\xa0\x2b\x8f\x4b\xa8\xe0", 32);
480	0	if (errtxt)
481	0	goto failed;
482
483	0	if (extended)
484	0	{
485	0	what = "long string (spec example 2)";
486	0	errtxt = _gcry_hash_selftest_check_one
487	0	(GCRY_MD_SM3, 0,
488	0	"abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd", 64,
489	0	"\xde\xbe\x9f\xf9\x22\x75\xb8\xa1\x38\x60\x48\x89\xc1\x8e\x5a\x4d"
490	0	"\x6f\xdb\x70\xe5\x38\x7e\x57\x65\x29\x3d\xcb\xa3\x9c\x0c\x57\x32",
491	0	32);
492	0	if (errtxt)
493	0	goto failed;
494
495	0	what = "long string";
496	0	errtxt = _gcry_hash_selftest_check_one
497	0	(GCRY_MD_SM3, 0,
498	0	"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56,
499	0	"\x63\x9b\x6c\xc5\xe6\x4d\x9e\x37\xa3\x90\xb1\x92\xdf\x4f\xa1\xea"
500	0	"\x07\x20\xab\x74\x7f\xf6\x92\xb9\xf3\x8c\x4e\x66\xad\x7b\x8c\x05",
501	0	32);
502	0	if (errtxt)
503	0	goto failed;
504
505	0	what = "one million \"a\"";
506	0	errtxt = _gcry_hash_selftest_check_one
507	0	(GCRY_MD_SM3, 1,
508	0	NULL, 0,
509	0	"\xc8\xaa\xf8\x94\x29\x55\x40\x29\xe2\x31\x94\x1a\x2a\xcc\x0a\xd6"
510	0	"\x1f\xf2\xa5\xac\xd8\xfa\xdd\x25\x84\x7a\x3a\x73\x2b\x3b\x02\xc3",
511	0	32);
512	0	if (errtxt)
513	0	goto failed;
514	0	}
515
516	0	return 0; /* Succeeded. */
517
518	0	failed:
519	0	if (report)
520	0	report ("digest", GCRY_MD_SM3, what, errtxt);
521	0	return GPG_ERR_SELFTEST_FAILED;
522	0	}
523
524
525		/* Run a full self-test for ALGO and return 0 on success. */
526		static gpg_err_code_t
527		run_selftests (int algo, int extended, selftest_report_func_t report)
528	0	{
529	0	gpg_err_code_t ec;
530
531	0	switch (algo)
532	0	{
533	0	case GCRY_MD_SM3:
534	0	ec = selftests_sm3 (extended, report);
535	0	break;
536	0	default:
537	0	ec = GPG_ERR_DIGEST_ALGO;
538	0	break;
539
540	0	}
541	0	return ec;
542	0	}
543
544		static const byte asn_sm3[] = /* Object ID is 1.2.156.10197.401 */
545		{ 0x30, 0x2F, 0x30, 0x0B, 0x06, 0x07, 0x2A, 0x81,
546		0x1C, 0xCF, 0x55, 0x83, 0x11, 0x05, 0x00, 0x04,
547		0x20 };
548
549		static const gcry_md_oid_spec_t oid_spec_sm3[] =
550		{
551		/* China Electronics Standardization Instutute,
552		OID White paper (2015), Table 6 */
553		{ "1.2.156.10197.401" },
554		{ NULL },
555		};
556
557		const gcry_md_spec_t _gcry_digest_spec_sm3 =
558		{
559		GCRY_MD_SM3, {0, 0},
560		"SM3", asn_sm3, DIM (asn_sm3), oid_spec_sm3, 32,
561		sm3_init, _gcry_md_block_write, sm3_final, sm3_read, NULL,
562		_gcry_sm3_hash_buffers,
563		sizeof (SM3_CONTEXT),
564		run_selftests
565		};