/src/nettle-with-libgmp/sm3.c

Line	Count	Source
1		/* sm3.c
2
3		The SM3 hash function.
4
5		Copyright (C) 2017 Jia Zhang
6		Copyright (C) 2021 Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
7
8		This file is part of GNU Nettle.
9
10		GNU Nettle is free software: you can redistribute it and/or
11		modify it under the terms of either:
12
13		* the GNU Lesser General Public License as published by the Free
14		Software Foundation; either version 3 of the License, or (at your
15		option) any later version.
16
17		or
18
19		* the GNU General Public License as published by the Free
20		Software Foundation; either version 2 of the License, or (at your
21		option) any later version.
22
23		or both in parallel, as here.
24
25		GNU Nettle is distributed in the hope that it will be useful,
26		but WITHOUT ANY WARRANTY; without even the implied warranty of
27		MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
28		General Public License for more details.
29
30		You should have received copies of the GNU General Public License and
31		the GNU Lesser General Public License along with this program. If
32		not, see http://www.gnu.org/licenses/.
33		*/
34
35		#if HAVE_CONFIG_H
36		# include "config.h"
37		#endif
38
39		#include <assert.h>
40		#include <string.h>
41
42		#include "sm3.h"
43
44		#include "macros.h"
45		#include "nettle-write.h"
46
47		static const uint32_t K[64] =
48		{
49		0x79cc4519UL, 0xf3988a32UL, 0xe7311465UL, 0xce6228cbUL,
50		0x9cc45197UL, 0x3988a32fUL, 0x7311465eUL, 0xe6228cbcUL,
51		0xcc451979UL, 0x988a32f3UL, 0x311465e7UL, 0x6228cbceUL,
52		0xc451979cUL, 0x88a32f39UL, 0x11465e73UL, 0x228cbce6UL,
53		0x9d8a7a87UL, 0x3b14f50fUL, 0x7629ea1eUL, 0xec53d43cUL,
54		0xd8a7a879UL, 0xb14f50f3UL, 0x629ea1e7UL, 0xc53d43ceUL,
55		0x8a7a879dUL, 0x14f50f3bUL, 0x29ea1e76UL, 0x53d43cecUL,
56		0xa7a879d8UL, 0x4f50f3b1UL, 0x9ea1e762UL, 0x3d43cec5UL,
57		0x7a879d8aUL, 0xf50f3b14UL, 0xea1e7629UL, 0xd43cec53UL,
58		0xa879d8a7UL, 0x50f3b14fUL, 0xa1e7629eUL, 0x43cec53dUL,
59		0x879d8a7aUL, 0x0f3b14f5UL, 0x1e7629eaUL, 0x3cec53d4UL,
60		0x79d8a7a8UL, 0xf3b14f50UL, 0xe7629ea1UL, 0xcec53d43UL,
61		0x9d8a7a87UL, 0x3b14f50fUL, 0x7629ea1eUL, 0xec53d43cUL,
62		0xd8a7a879UL, 0xb14f50f3UL, 0x629ea1e7UL, 0xc53d43ceUL,
63		0x8a7a879dUL, 0x14f50f3bUL, 0x29ea1e76UL, 0x53d43cecUL,
64		0xa7a879d8UL, 0x4f50f3b1UL, 0x9ea1e762UL, 0x3d43cec5UL
65		};
66
67		/*
68		Transform the message X which consists of 16 32-bit-words. See
69		GM/T 004-2012 for details. */
70		#define R(i, a, b, c, d, e, f, g, h, t, w1, w2) \
71	7.37M	do { \
72	7.37M	ss1 = ROTL32(7, (ROTL32(12, (a)) + (e) + (t))); \
73	7.37M	ss2 = ss1 ^ ROTL32(12, (a)); \
74	7.37M	d += FF ## i(a, b, c) + ss2 + ((w1) ^ (w2)); \
75	7.37M	h += GG ## i(e, f, g) + ss1 + (w1); \
76	7.37M	b = ROTL32(9, (b)); \
77	7.37M	f = ROTL32(19, (f)); \
78	7.37M	h = P0((h)); \
79	7.37M	} while (0)
80
81	1.84M	#define R1(a,b,c,d,e,f,g,h,t,w1,w2) R(1,a,b,c,d,e,f,g,h,t,w1,w2)
82	5.53M	#define R2(a,b,c,d,e,f,g,h,t,w1,w2) R(2,a,b,c,d,e,f,g,h,t,w1,w2)
83
84	1.84M	#define FF1(x, y, z) (x ^ y ^ z)
85	5.53M	#define FF2(x, y, z) ((x & y) \| (x & z) \| (y & z))
86
87	1.84M	#define GG1(x, y, z) (x ^ y ^ z)
88	5.53M	#define GG2(x, y, z) ((x & y) \| ( ~x & z))
89
90		/* Message expansion */
91	7.37M	#define P0(x) ((x) ^ ROTL32(9, (x)) ^ ROTL32(17, (x)))
92		#define P1(x) ((x) ^ ROTL32(15, (x)) ^ ROTL32(23, (x)))
93		#define I(i) (w[i] = READ_UINT32(input + i * 4))
94		#define W1(i) (w[i & 0x0f])
95		#define W2(i) (w[i & 0x0f] = \
96		P1(w[i & 0x0f] ^ w[(i-9) & 0x0f] ^ ROTL32(15, w[(i-3) & 0x0f])) \
97		^ ROTL32(7, w[(i-13) & 0x0f]) \
98		^ w[(i-6) & 0x0f])
99
100
101		static void
102		sm3_compress(uint32_t state, const uint8_t input)
103	115k	{
104	115k	uint32_t a, b, c, d, e, f, g, h, ss1, ss2;
105	115k	uint32_t w[16];
106
107	115k	a = state[0];
108	115k	b = state[1];
109	115k	c = state[2];
110	115k	d = state[3];
111	115k	e = state[4];
112	115k	f = state[5];
113	115k	g = state[6];
114	115k	h = state[7];
115
116	115k	R1(a, b, c, d, e, f, g, h, K[0], I(0), I(4));
117	115k	R1(d, a, b, c, h, e, f, g, K[1], I(1), I(5));
118	115k	R1(c, d, a, b, g, h, e, f, K[2], I(2), I(6));
119	115k	R1(b, c, d, a, f, g, h, e, K[3], I(3), I(7));
120	115k	R1(a, b, c, d, e, f, g, h, K[4], W1(4), I(8));
121	115k	R1(d, a, b, c, h, e, f, g, K[5], W1(5), I(9));
122	115k	R1(c, d, a, b, g, h, e, f, K[6], W1(6), I(10));
123	115k	R1(b, c, d, a, f, g, h, e, K[7], W1(7), I(11));
124	115k	R1(a, b, c, d, e, f, g, h, K[8], W1(8), I(12));
125	115k	R1(d, a, b, c, h, e, f, g, K[9], W1(9), I(13));
126	115k	R1(c, d, a, b, g, h, e, f, K[10], W1(10), I(14));
127	115k	R1(b, c, d, a, f, g, h, e, K[11], W1(11), I(15));
128	115k	R1(a, b, c, d, e, f, g, h, K[12], W1(12), W2(16));
129	115k	R1(d, a, b, c, h, e, f, g, K[13], W1(13), W2(17));
130	115k	R1(c, d, a, b, g, h, e, f, K[14], W1(14), W2(18));
131	115k	R1(b, c, d, a, f, g, h, e, K[15], W1(15), W2(19));
132
133	115k	R2(a, b, c, d, e, f, g, h, K[16], W1(16), W2(20));
134	115k	R2(d, a, b, c, h, e, f, g, K[17], W1(17), W2(21));
135	115k	R2(c, d, a, b, g, h, e, f, K[18], W1(18), W2(22));
136	115k	R2(b, c, d, a, f, g, h, e, K[19], W1(19), W2(23));
137	115k	R2(a, b, c, d, e, f, g, h, K[20], W1(20), W2(24));
138	115k	R2(d, a, b, c, h, e, f, g, K[21], W1(21), W2(25));
139	115k	R2(c, d, a, b, g, h, e, f, K[22], W1(22), W2(26));
140	115k	R2(b, c, d, a, f, g, h, e, K[23], W1(23), W2(27));
141	115k	R2(a, b, c, d, e, f, g, h, K[24], W1(24), W2(28));
142	115k	R2(d, a, b, c, h, e, f, g, K[25], W1(25), W2(29));
143	115k	R2(c, d, a, b, g, h, e, f, K[26], W1(26), W2(30));
144	115k	R2(b, c, d, a, f, g, h, e, K[27], W1(27), W2(31));
145	115k	R2(a, b, c, d, e, f, g, h, K[28], W1(28), W2(32));
146	115k	R2(d, a, b, c, h, e, f, g, K[29], W1(29), W2(33));
147	115k	R2(c, d, a, b, g, h, e, f, K[30], W1(30), W2(34));
148	115k	R2(b, c, d, a, f, g, h, e, K[31], W1(31), W2(35));
149
150	115k	R2(a, b, c, d, e, f, g, h, K[32], W1(32), W2(36));
151	115k	R2(d, a, b, c, h, e, f, g, K[33], W1(33), W2(37));
152	115k	R2(c, d, a, b, g, h, e, f, K[34], W1(34), W2(38));
153	115k	R2(b, c, d, a, f, g, h, e, K[35], W1(35), W2(39));
154	115k	R2(a, b, c, d, e, f, g, h, K[36], W1(36), W2(40));
155	115k	R2(d, a, b, c, h, e, f, g, K[37], W1(37), W2(41));
156	115k	R2(c, d, a, b, g, h, e, f, K[38], W1(38), W2(42));
157	115k	R2(b, c, d, a, f, g, h, e, K[39], W1(39), W2(43));
158	115k	R2(a, b, c, d, e, f, g, h, K[40], W1(40), W2(44));
159	115k	R2(d, a, b, c, h, e, f, g, K[41], W1(41), W2(45));
160	115k	R2(c, d, a, b, g, h, e, f, K[42], W1(42), W2(46));
161	115k	R2(b, c, d, a, f, g, h, e, K[43], W1(43), W2(47));
162	115k	R2(a, b, c, d, e, f, g, h, K[44], W1(44), W2(48));
163	115k	R2(d, a, b, c, h, e, f, g, K[45], W1(45), W2(49));
164	115k	R2(c, d, a, b, g, h, e, f, K[46], W1(46), W2(50));
165	115k	R2(b, c, d, a, f, g, h, e, K[47], W1(47), W2(51));
166
167	115k	R2(a, b, c, d, e, f, g, h, K[48], W1(48), W2(52));
168	115k	R2(d, a, b, c, h, e, f, g, K[49], W1(49), W2(53));
169	115k	R2(c, d, a, b, g, h, e, f, K[50], W1(50), W2(54));
170	115k	R2(b, c, d, a, f, g, h, e, K[51], W1(51), W2(55));
171	115k	R2(a, b, c, d, e, f, g, h, K[52], W1(52), W2(56));
172	115k	R2(d, a, b, c, h, e, f, g, K[53], W1(53), W2(57));
173	115k	R2(c, d, a, b, g, h, e, f, K[54], W1(54), W2(58));
174	115k	R2(b, c, d, a, f, g, h, e, K[55], W1(55), W2(59));
175	115k	R2(a, b, c, d, e, f, g, h, K[56], W1(56), W2(60));
176	115k	R2(d, a, b, c, h, e, f, g, K[57], W1(57), W2(61));
177	115k	R2(c, d, a, b, g, h, e, f, K[58], W1(58), W2(62));
178	115k	R2(b, c, d, a, f, g, h, e, K[59], W1(59), W2(63));
179	115k	R2(a, b, c, d, e, f, g, h, K[60], W1(60), W2(64));
180	115k	R2(d, a, b, c, h, e, f, g, K[61], W1(61), W2(65));
181	115k	R2(c, d, a, b, g, h, e, f, K[62], W1(62), W2(66));
182	115k	R2(b, c, d, a, f, g, h, e, K[63], W1(63), W2(67));
183
184	115k	state[0] ^= a;
185	115k	state[1] ^= b;
186	115k	state[2] ^= c;
187	115k	state[3] ^= d;
188	115k	state[4] ^= e;
189	115k	state[5] ^= f;
190	115k	state[6] ^= g;
191	115k	state[7] ^= h;
192	115k	}
193
194		void
195		sm3_init(struct sm3_ctx *ctx)
196	41.2k	{
197	41.2k	static const uint32_t H0[_SM3_DIGEST_LENGTH] =
198	41.2k	{
199	41.2k	0x7380166fUL, 0x4914b2b9UL, 0x172442d7UL, 0xda8a0600UL,
200	41.2k	0xa96f30bcUL, 0x163138aaUL, 0xe38dee4dUL, 0xb0fb0e4eUL
201	41.2k	};
202
203	41.2k	memcpy(ctx->state, H0, sizeof(H0));
204
205		/* Initialize bit count */
206	41.2k	ctx->count = 0;
207
208		/* Initialize buffer */
209	41.2k	ctx->index = 0;
210	41.2k	}
211
212	115k	#define COMPRESS(ctx, data) (sm3_compress((ctx)->state, (data)))
213
214		void
215		sm3_update(struct sm3_ctx *ctx,
216		size_t length, const uint8_t *data)
217	90.6k	{
218	90.6k	MD_UPDATE(ctx, length, data, COMPRESS, ctx->count++);
219	90.6k	}
220
221		static void
222		sm3_write_digest(struct sm3_ctx *ctx,
223		size_t length,
224		uint8_t *digest)
225	39.7k	{
226	39.7k	uint64_t bit_count;
227
228	39.7k	assert(length <= SM3_DIGEST_SIZE);
229
230	39.7k	MD_PAD(ctx, 8, COMPRESS);
231
232		/* There are 512 = 2^9 bits in one block */
233	39.7k	bit_count = (ctx->count << 9) \| (ctx->index << 3);
234
235		/* This is slightly inefficient, as the numbers are converted to
236		big-endian format, and will be converted back by the compression
237		function. It's probably not worth the effort to fix this. */
238	39.7k	WRITE_UINT64(ctx->block + (SM3_BLOCK_SIZE - 8), bit_count);
239	39.7k	COMPRESS(ctx, ctx->block);
240
241	39.7k	_nettle_write_be32(length, digest, ctx->state);
242	39.7k	}
243
244		void
245		sm3_digest(struct sm3_ctx *ctx,
246		size_t length,
247		uint8_t *digest)
248	39.7k	{
249	39.7k	sm3_write_digest(ctx, length, digest);
250	39.7k	sm3_init(ctx);
251	39.7k	}

Coverage Report

Created: 2024-02-25 06:16