/src/nettle-with-libgmp/sm3.c

Line	Count	Source
1		/* sm3.c
2
3		The SM3 hash function.
4
5		Copyright (C) 2017 Jia Zhang
6		Copyright (C) 2021 Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
7
8		This file is part of GNU Nettle.
9
10		GNU Nettle is free software: you can redistribute it and/or
11		modify it under the terms of either:
12
13		* the GNU Lesser General Public License as published by the Free
14		Software Foundation; either version 3 of the License, or (at your
15		option) any later version.
16
17		or
18
19		* the GNU General Public License as published by the Free
20		Software Foundation; either version 2 of the License, or (at your
21		option) any later version.
22
23		or both in parallel, as here.
24
25		GNU Nettle is distributed in the hope that it will be useful,
26		but WITHOUT ANY WARRANTY; without even the implied warranty of
27		MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
28		General Public License for more details.
29
30		You should have received copies of the GNU General Public License and
31		the GNU Lesser General Public License along with this program. If
32		not, see http://www.gnu.org/licenses/.
33		*/
34
35		#if HAVE_CONFIG_H
36		# include "config.h"
37		#endif
38
39		#include <assert.h>
40		#include <string.h>
41
42		#include "sm3.h"
43
44		#include "macros.h"
45		#include "nettle-write.h"
46
47		static const uint32_t K[64] =
48		{
49		0x79cc4519UL, 0xf3988a32UL, 0xe7311465UL, 0xce6228cbUL,
50		0x9cc45197UL, 0x3988a32fUL, 0x7311465eUL, 0xe6228cbcUL,
51		0xcc451979UL, 0x988a32f3UL, 0x311465e7UL, 0x6228cbceUL,
52		0xc451979cUL, 0x88a32f39UL, 0x11465e73UL, 0x228cbce6UL,
53		0x9d8a7a87UL, 0x3b14f50fUL, 0x7629ea1eUL, 0xec53d43cUL,
54		0xd8a7a879UL, 0xb14f50f3UL, 0x629ea1e7UL, 0xc53d43ceUL,
55		0x8a7a879dUL, 0x14f50f3bUL, 0x29ea1e76UL, 0x53d43cecUL,
56		0xa7a879d8UL, 0x4f50f3b1UL, 0x9ea1e762UL, 0x3d43cec5UL,
57		0x7a879d8aUL, 0xf50f3b14UL, 0xea1e7629UL, 0xd43cec53UL,
58		0xa879d8a7UL, 0x50f3b14fUL, 0xa1e7629eUL, 0x43cec53dUL,
59		0x879d8a7aUL, 0x0f3b14f5UL, 0x1e7629eaUL, 0x3cec53d4UL,
60		0x79d8a7a8UL, 0xf3b14f50UL, 0xe7629ea1UL, 0xcec53d43UL,
61		0x9d8a7a87UL, 0x3b14f50fUL, 0x7629ea1eUL, 0xec53d43cUL,
62		0xd8a7a879UL, 0xb14f50f3UL, 0x629ea1e7UL, 0xc53d43ceUL,
63		0x8a7a879dUL, 0x14f50f3bUL, 0x29ea1e76UL, 0x53d43cecUL,
64		0xa7a879d8UL, 0x4f50f3b1UL, 0x9ea1e762UL, 0x3d43cec5UL
65		};
66
67		/*
68		Transform the message X which consists of 16 32-bit-words. See
69		GM/T 004-2012 for details. */
70		#define R(i, a, b, c, d, e, f, g, h, t, w1, w2) \
71	7.17M	do { \
72	7.17M	ss1 = ROTL32(7, (ROTL32(12, (a)) + (e) + (t))); \
73	7.17M	ss2 = ss1 ^ ROTL32(12, (a)); \
74	7.17M	d += FF ## i(a, b, c) + ss2 + ((w1) ^ (w2)); \
75	7.17M	h += GG ## i(e, f, g) + ss1 + (w1); \
76	7.17M	b = ROTL32(9, (b)); \
77	7.17M	f = ROTL32(19, (f)); \
78	7.17M	h = P0((h)); \
79	7.17M	} while (0)
80
81	1.79M	#define R1(a,b,c,d,e,f,g,h,t,w1,w2) R(1,a,b,c,d,e,f,g,h,t,w1,w2)
82	5.38M	#define R2(a,b,c,d,e,f,g,h,t,w1,w2) R(2,a,b,c,d,e,f,g,h,t,w1,w2)
83
84	1.79M	#define FF1(x, y, z) (x ^ y ^ z)
85	5.38M	#define FF2(x, y, z) ((x & y) \| (x & z) \| (y & z))
86
87	1.79M	#define GG1(x, y, z) (x ^ y ^ z)
88	5.38M	#define GG2(x, y, z) ((x & y) \| ( ~x & z))
89
90		/* Message expansion */
91	7.17M	#define P0(x) ((x) ^ ROTL32(9, (x)) ^ ROTL32(17, (x)))
92		#define P1(x) ((x) ^ ROTL32(15, (x)) ^ ROTL32(23, (x)))
93		#define I(i) (w[i] = READ_UINT32(input + i * 4))
94		#define W1(i) (w[i & 0x0f])
95		#define W2(i) (w[i & 0x0f] = \
96		P1(w[i & 0x0f] ^ w[(i-9) & 0x0f] ^ ROTL32(15, w[(i-3) & 0x0f])) \
97		^ ROTL32(7, w[(i-13) & 0x0f]) \
98		^ w[(i-6) & 0x0f])
99
100
101		static void
102		sm3_compress(uint32_t state, const uint8_t input)
103	112k	{
104	112k	uint32_t a, b, c, d, e, f, g, h, ss1, ss2;
105	112k	uint32_t w[16];
106
107	112k	a = state[0];
108	112k	b = state[1];
109	112k	c = state[2];
110	112k	d = state[3];
111	112k	e = state[4];
112	112k	f = state[5];
113	112k	g = state[6];
114	112k	h = state[7];
115
116	112k	R1(a, b, c, d, e, f, g, h, K[0], I(0), I(4));
117	112k	R1(d, a, b, c, h, e, f, g, K[1], I(1), I(5));
118	112k	R1(c, d, a, b, g, h, e, f, K[2], I(2), I(6));
119	112k	R1(b, c, d, a, f, g, h, e, K[3], I(3), I(7));
120	112k	R1(a, b, c, d, e, f, g, h, K[4], W1(4), I(8));
121	112k	R1(d, a, b, c, h, e, f, g, K[5], W1(5), I(9));
122	112k	R1(c, d, a, b, g, h, e, f, K[6], W1(6), I(10));
123	112k	R1(b, c, d, a, f, g, h, e, K[7], W1(7), I(11));
124	112k	R1(a, b, c, d, e, f, g, h, K[8], W1(8), I(12));
125	112k	R1(d, a, b, c, h, e, f, g, K[9], W1(9), I(13));
126	112k	R1(c, d, a, b, g, h, e, f, K[10], W1(10), I(14));
127	112k	R1(b, c, d, a, f, g, h, e, K[11], W1(11), I(15));
128	112k	R1(a, b, c, d, e, f, g, h, K[12], W1(12), W2(16));
129	112k	R1(d, a, b, c, h, e, f, g, K[13], W1(13), W2(17));
130	112k	R1(c, d, a, b, g, h, e, f, K[14], W1(14), W2(18));
131	112k	R1(b, c, d, a, f, g, h, e, K[15], W1(15), W2(19));
132
133	112k	R2(a, b, c, d, e, f, g, h, K[16], W1(16), W2(20));
134	112k	R2(d, a, b, c, h, e, f, g, K[17], W1(17), W2(21));
135	112k	R2(c, d, a, b, g, h, e, f, K[18], W1(18), W2(22));
136	112k	R2(b, c, d, a, f, g, h, e, K[19], W1(19), W2(23));
137	112k	R2(a, b, c, d, e, f, g, h, K[20], W1(20), W2(24));
138	112k	R2(d, a, b, c, h, e, f, g, K[21], W1(21), W2(25));
139	112k	R2(c, d, a, b, g, h, e, f, K[22], W1(22), W2(26));
140	112k	R2(b, c, d, a, f, g, h, e, K[23], W1(23), W2(27));
141	112k	R2(a, b, c, d, e, f, g, h, K[24], W1(24), W2(28));
142	112k	R2(d, a, b, c, h, e, f, g, K[25], W1(25), W2(29));
143	112k	R2(c, d, a, b, g, h, e, f, K[26], W1(26), W2(30));
144	112k	R2(b, c, d, a, f, g, h, e, K[27], W1(27), W2(31));
145	112k	R2(a, b, c, d, e, f, g, h, K[28], W1(28), W2(32));
146	112k	R2(d, a, b, c, h, e, f, g, K[29], W1(29), W2(33));
147	112k	R2(c, d, a, b, g, h, e, f, K[30], W1(30), W2(34));
148	112k	R2(b, c, d, a, f, g, h, e, K[31], W1(31), W2(35));
149
150	112k	R2(a, b, c, d, e, f, g, h, K[32], W1(32), W2(36));
151	112k	R2(d, a, b, c, h, e, f, g, K[33], W1(33), W2(37));
152	112k	R2(c, d, a, b, g, h, e, f, K[34], W1(34), W2(38));
153	112k	R2(b, c, d, a, f, g, h, e, K[35], W1(35), W2(39));
154	112k	R2(a, b, c, d, e, f, g, h, K[36], W1(36), W2(40));
155	112k	R2(d, a, b, c, h, e, f, g, K[37], W1(37), W2(41));
156	112k	R2(c, d, a, b, g, h, e, f, K[38], W1(38), W2(42));
157	112k	R2(b, c, d, a, f, g, h, e, K[39], W1(39), W2(43));
158	112k	R2(a, b, c, d, e, f, g, h, K[40], W1(40), W2(44));
159	112k	R2(d, a, b, c, h, e, f, g, K[41], W1(41), W2(45));
160	112k	R2(c, d, a, b, g, h, e, f, K[42], W1(42), W2(46));
161	112k	R2(b, c, d, a, f, g, h, e, K[43], W1(43), W2(47));
162	112k	R2(a, b, c, d, e, f, g, h, K[44], W1(44), W2(48));
163	112k	R2(d, a, b, c, h, e, f, g, K[45], W1(45), W2(49));
164	112k	R2(c, d, a, b, g, h, e, f, K[46], W1(46), W2(50));
165	112k	R2(b, c, d, a, f, g, h, e, K[47], W1(47), W2(51));
166
167	112k	R2(a, b, c, d, e, f, g, h, K[48], W1(48), W2(52));
168	112k	R2(d, a, b, c, h, e, f, g, K[49], W1(49), W2(53));
169	112k	R2(c, d, a, b, g, h, e, f, K[50], W1(50), W2(54));
170	112k	R2(b, c, d, a, f, g, h, e, K[51], W1(51), W2(55));
171	112k	R2(a, b, c, d, e, f, g, h, K[52], W1(52), W2(56));
172	112k	R2(d, a, b, c, h, e, f, g, K[53], W1(53), W2(57));
173	112k	R2(c, d, a, b, g, h, e, f, K[54], W1(54), W2(58));
174	112k	R2(b, c, d, a, f, g, h, e, K[55], W1(55), W2(59));
175	112k	R2(a, b, c, d, e, f, g, h, K[56], W1(56), W2(60));
176	112k	R2(d, a, b, c, h, e, f, g, K[57], W1(57), W2(61));
177	112k	R2(c, d, a, b, g, h, e, f, K[58], W1(58), W2(62));
178	112k	R2(b, c, d, a, f, g, h, e, K[59], W1(59), W2(63));
179	112k	R2(a, b, c, d, e, f, g, h, K[60], W1(60), W2(64));
180	112k	R2(d, a, b, c, h, e, f, g, K[61], W1(61), W2(65));
181	112k	R2(c, d, a, b, g, h, e, f, K[62], W1(62), W2(66));
182	112k	R2(b, c, d, a, f, g, h, e, K[63], W1(63), W2(67));
183
184	112k	state[0] ^= a;
185	112k	state[1] ^= b;
186	112k	state[2] ^= c;
187	112k	state[3] ^= d;
188	112k	state[4] ^= e;
189	112k	state[5] ^= f;
190	112k	state[6] ^= g;
191	112k	state[7] ^= h;
192	112k	}
193
194		void
195		sm3_init(struct sm3_ctx *ctx)
196	40.7k	{
197	40.7k	static const uint32_t H0[_SM3_DIGEST_LENGTH] =
198	40.7k	{
199	40.7k	0x7380166fUL, 0x4914b2b9UL, 0x172442d7UL, 0xda8a0600UL,
200	40.7k	0xa96f30bcUL, 0x163138aaUL, 0xe38dee4dUL, 0xb0fb0e4eUL
201	40.7k	};
202
203	40.7k	memcpy(ctx->state, H0, sizeof(H0));
204
205		/* Initialize bit count */
206	40.7k	ctx->count = 0;
207
208		/* Initialize buffer */
209	40.7k	ctx->index = 0;
210	40.7k	}
211
212	112k	#define COMPRESS(ctx, data) (sm3_compress((ctx)->state, (data)))
213
214		void
215		sm3_update(struct sm3_ctx *ctx,
216		size_t length, const uint8_t *data)
217	93.1k	{
218	93.1k	MD_UPDATE(ctx, length, data, COMPRESS, ctx->count++);
219	93.1k	}
220
221		static void
222		sm3_write_digest(struct sm3_ctx *ctx,
223		size_t length,
224		uint8_t *digest)
225	40.0k	{
226	40.0k	uint64_t bit_count;
227
228	40.0k	assert(length <= SM3_DIGEST_SIZE);
229
230	40.0k	MD_PAD(ctx, 8, COMPRESS);
231
232		/* There are 512 = 2^9 bits in one block */
233	40.0k	bit_count = (ctx->count << 9) \| (ctx->index << 3);
234
235		/* This is slightly inefficient, as the numbers are converted to
236		big-endian format, and will be converted back by the compression
237		function. It's probably not worth the effort to fix this. */
238	40.0k	WRITE_UINT64(ctx->block + (SM3_BLOCK_SIZE - 8), bit_count);
239	40.0k	COMPRESS(ctx, ctx->block);
240
241	40.0k	_nettle_write_be32(length, digest, ctx->state);
242	40.0k	}
243
244		void
245		sm3_digest(struct sm3_ctx *ctx,
246		size_t length,
247		uint8_t *digest)
248	40.0k	{
249	40.0k	sm3_write_digest(ctx, length, digest);
250	40.0k	sm3_init(ctx);
251	40.0k	}

Coverage Report

Created: 2024-11-21 07:00