root/maint/gnulib/lib/sm3.c

/* [previous][next][first][last][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. sm3_init_ctx
  2. set_uint32
  3. sm3_read_ctx
  4. sm3_conclude_ctx
  5. sm3_finish_ctx
  6. sm3_buffer
  7. sm3_process_bytes
  8. sm3_process_block
   1 /* sm3.c - Functions to compute SM3 message digest of files or memory blocks
   2    according to the specification GM/T 004-2012 Cryptographic Hash Algorithm
   3    SM3, published by State Encryption Management Bureau, China.
   4 
   5    SM3 cryptographic hash algorithm.
   6    <http://www.sca.gov.cn/sca/xwdt/2010-12/17/content_1002389.shtml>
   7 
   8    Copyright (C) 2017-2021 Free Software Foundation, Inc.
   9 
  10    This file is free software: you can redistribute it and/or modify
  11    it under the terms of the GNU Lesser General Public License as
  12    published by the Free Software Foundation; either version 2.1 of the
  13    License, or (at your option) any later version.
  14 
  15    This file is distributed in the hope that it will be useful,
  16    but WITHOUT ANY WARRANTY; without even the implied warranty of
  17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18    GNU Lesser General Public License for more details.
  19 
  20    You should have received a copy of the GNU Lesser General Public License
  21    along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
  22 
  23 /* Written by Jia Zhang <qianyue.zj@alibaba-inc.com>, 2017,
  24    considerably copypasting from David Madore's sha256.c */
  25 
  26 #include <config.h>
  27 
  28 /* Specification.  */
  29 #if HAVE_OPENSSL_SM3
  30 # define GL_OPENSSL_INLINE _GL_EXTERN_INLINE
  31 #endif
  32 #include "sm3.h"
  33 
  34 #include <stdalign.h>
  35 #include <stdint.h>
  36 #include <string.h>
  37 
  38 #include <byteswap.h>
  39 #ifdef WORDS_BIGENDIAN
  40 # define SWAP(n) (n)
  41 #else
  42 # define SWAP(n) bswap_32 (n)
  43 #endif
  44 
  45 #ifndef DEBUG_SM3
  46 # define DEBUG_SM3 0
  47 #endif
  48 
  49 #if ! DEBUG_SM3
  50 # define dbg_printf(fmt, ...) do { } while (0)
  51 #else
  52 # define dbg_printf printf
  53 #endif
  54 
  55 #if ! HAVE_OPENSSL_SM3
  56 
  57 /* This array contains the bytes used to pad the buffer to the next
  58    64-byte boundary.  */
  59 static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ...  */ };
  60 
  61 
  62 /*
  63   Takes a pointer to a 256 bit block of data (eight 32 bit ints) and
  64   initializes it to the start constants of the SM3 algorithm.  This
  65   must be called before using hash in the call to sm3_hash
  66 */
  67 void
  68 sm3_init_ctx (struct sm3_ctx *ctx)
     /* [previous][next][first][last][top][bottom][index][help] */
  69 {
  70   ctx->state[0] = 0x7380166fUL;
  71   ctx->state[1] = 0x4914b2b9UL;
  72   ctx->state[2] = 0x172442d7UL;
  73   ctx->state[3] = 0xda8a0600UL;
  74   ctx->state[4] = 0xa96f30bcUL;
  75   ctx->state[5] = 0x163138aaUL;
  76   ctx->state[6] = 0xe38dee4dUL;
  77   ctx->state[7] = 0xb0fb0e4eUL;
  78 
  79   ctx->total[0] = ctx->total[1] = 0;
  80   ctx->buflen = 0;
  81 }
  82 
  83 /* Copy the value from v into the memory location pointed to by *cp,
  84    If your architecture allows unaligned access this is equivalent to
  85    * (uint32_t *) cp = v  */
  86 static void
  87 set_uint32 (char *cp, uint32_t v)
     /* [previous][next][first][last][top][bottom][index][help] */
  88 {
  89   memcpy (cp, &v, sizeof v);
  90 }
  91 
  92 /* Put result from CTX in first 32 bytes following RESBUF.  The result
  93    must be in little endian byte order.  */
  94 void *
  95 sm3_read_ctx (const struct sm3_ctx *ctx, void *resbuf)
     /* [previous][next][first][last][top][bottom][index][help] */
  96 {
  97   int i;
  98   char *r = resbuf;
  99 
 100   for (i = 0; i < 8; i++)
 101     set_uint32 (r + i * sizeof ctx->state[0], SWAP (ctx->state[i]));
 102 
 103   return resbuf;
 104 }
 105 
 106 /* Process the remaining bytes in the internal buffer and the usual
 107    prolog according to the standard and write the result to RESBUF.  */
 108 static void
 109 sm3_conclude_ctx (struct sm3_ctx *ctx)
     /* [previous][next][first][last][top][bottom][index][help] */
 110 {
 111   /* Take yet unprocessed bytes into account.  */
 112   size_t bytes = ctx->buflen;
 113   size_t size = (bytes < 56) ? 64 / 4 : 64 * 2 / 4;
 114 
 115   /* Now count remaining bytes.  */
 116   ctx->total[0] += bytes;
 117   if (ctx->total[0] < bytes)
 118     ++ctx->total[1];
 119 
 120   /* Put the 64-bit file length in *bits* at the end of the buffer.
 121      Use set_uint32 rather than a simple assignment, to avoid risk of
 122      unaligned access.  */
 123   set_uint32 ((char *) &ctx->buffer[size - 2],
 124               SWAP ((ctx->total[1] << 3) | (ctx->total[0] >> 29)));
 125   set_uint32 ((char *) &ctx->buffer[size - 1],
 126               SWAP (ctx->total[0] << 3));
 127 
 128   memcpy (&((char *) ctx->buffer)[bytes], fillbuf, (size - 2) * 4 - bytes);
 129 
 130   /* Process last bytes.  */
 131   sm3_process_block (ctx->buffer, size * 4, ctx);
 132 }
 133 
 134 void *
 135 sm3_finish_ctx (struct sm3_ctx *ctx, void *resbuf)
     /* [previous][next][first][last][top][bottom][index][help] */
 136 {
 137   sm3_conclude_ctx (ctx);
 138   return sm3_read_ctx (ctx, resbuf);
 139 }
 140 
 141 /* Compute SM3 message digest for LEN bytes beginning at BUFFER.  The
 142    result is always in little endian byte order, so that a byte-wise
 143    output yields to the wanted ASCII representation of the message
 144    digest.  */
 145 void *
 146 sm3_buffer (const char *buffer, size_t len, void *resblock)
     /* [previous][next][first][last][top][bottom][index][help] */
 147 {
 148   struct sm3_ctx ctx;
 149 
 150   /* Initialize the computation context.  */
 151   sm3_init_ctx (&ctx);
 152 
 153   /* Process whole buffer but last len % 64 bytes.  */
 154   sm3_process_bytes (buffer, len, &ctx);
 155 
 156   /* Put result in desired memory area.  */
 157   return sm3_finish_ctx (&ctx, resblock);
 158 }
 159 
 160 void
 161 sm3_process_bytes (const void *buffer, size_t len, struct sm3_ctx *ctx)
     /* [previous][next][first][last][top][bottom][index][help] */
 162 {
 163   /* When we already have some bits in our internal buffer concatenate
 164      both inputs first.  */
 165   if (ctx->buflen != 0)
 166     {
 167       size_t left_over = ctx->buflen;
 168       size_t add = 128 - left_over > len ? len : 128 - left_over;
 169 
 170       memcpy (&((char *) ctx->buffer)[left_over], buffer, add);
 171       ctx->buflen += add;
 172 
 173       if (ctx->buflen > 64)
 174         {
 175           sm3_process_block (ctx->buffer, ctx->buflen & ~63, ctx);
 176 
 177           ctx->buflen &= 63;
 178           /* The regions in the following copy operation cannot overlap,
 179              because ctx->buflen < 64 ≤ (left_over + add) & ~63.  */
 180           memcpy (ctx->buffer,
 181                   &((char *) ctx->buffer)[(left_over + add) & ~63],
 182                   ctx->buflen);
 183         }
 184 
 185       buffer = (const char *) buffer + add;
 186       len -= add;
 187     }
 188 
 189   /* Process available complete blocks.  */
 190   if (len >= 64)
 191     {
 192 #if !(_STRING_ARCH_unaligned || _STRING_INLINE_unaligned)
 193 # define UNALIGNED_P(p) ((uintptr_t) (p) % alignof (uint32_t) != 0)
 194       if (UNALIGNED_P (buffer))
 195         while (len > 64)
 196           {
 197             sm3_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx);
 198             buffer = (const char *) buffer + 64;
 199             len -= 64;
 200           }
 201       else
 202 #endif
 203         {
 204           sm3_process_block (buffer, len & ~63, ctx);
 205           buffer = (const char *) buffer + (len & ~63);
 206           len &= 63;
 207         }
 208     }
 209 
 210   /* Move remaining bytes in internal buffer.  */
 211   if (len > 0)
 212     {
 213       size_t left_over = ctx->buflen;
 214 
 215       memcpy (&((char *) ctx->buffer)[left_over], buffer, len);
 216       left_over += len;
 217       if (left_over >= 64)
 218         {
 219           sm3_process_block (ctx->buffer, 64, ctx);
 220           left_over -= 64;
 221           /* The regions in the following copy operation cannot overlap,
 222              because left_over ≤ 64.  */
 223           memcpy (ctx->buffer, &ctx->buffer[16], left_over);
 224         }
 225       ctx->buflen = left_over;
 226     }
 227 }
 228 
 229 /* --- Code below is the primary difference between sha256.c and sm3.c --- */
 230 
 231 /* SM3 round constants */
 232 #define T(j) sm3_round_constants[j]
 233 static const uint32_t sm3_round_constants[64] = {
 234   0x79cc4519UL, 0xf3988a32UL, 0xe7311465UL, 0xce6228cbUL,
 235   0x9cc45197UL, 0x3988a32fUL, 0x7311465eUL, 0xe6228cbcUL,
 236   0xcc451979UL, 0x988a32f3UL, 0x311465e7UL, 0x6228cbceUL,
 237   0xc451979cUL, 0x88a32f39UL, 0x11465e73UL, 0x228cbce6UL,
 238   0x9d8a7a87UL, 0x3b14f50fUL, 0x7629ea1eUL, 0xec53d43cUL,
 239   0xd8a7a879UL, 0xb14f50f3UL, 0x629ea1e7UL, 0xc53d43ceUL,
 240   0x8a7a879dUL, 0x14f50f3bUL, 0x29ea1e76UL, 0x53d43cecUL,
 241   0xa7a879d8UL, 0x4f50f3b1UL, 0x9ea1e762UL, 0x3d43cec5UL,
 242   0x7a879d8aUL, 0xf50f3b14UL, 0xea1e7629UL, 0xd43cec53UL,
 243   0xa879d8a7UL, 0x50f3b14fUL, 0xa1e7629eUL, 0x43cec53dUL,
 244   0x879d8a7aUL, 0x0f3b14f5UL, 0x1e7629eaUL, 0x3cec53d4UL,
 245   0x79d8a7a8UL, 0xf3b14f50UL, 0xe7629ea1UL, 0xcec53d43UL,
 246   0x9d8a7a87UL, 0x3b14f50fUL, 0x7629ea1eUL, 0xec53d43cUL,
 247   0xd8a7a879UL, 0xb14f50f3UL, 0x629ea1e7UL, 0xc53d43ceUL,
 248   0x8a7a879dUL, 0x14f50f3bUL, 0x29ea1e76UL, 0x53d43cecUL,
 249   0xa7a879d8UL, 0x4f50f3b1UL, 0x9ea1e762UL, 0x3d43cec5UL,
 250 };
 251 
 252 /* Round functions.  */
 253 #define FF1(X,Y,Z) ( X ^ Y ^ Z )
 254 #define FF2(X,Y,Z) ( ( X & Y ) | ( X & Z ) | ( Y & Z ) )
 255 #define GG1(X,Y,Z) ( X ^ Y ^ Z )
 256 #define GG2(X,Y,Z) ( ( X & Y ) | ( ~X & Z ) )
 257 
 258 /* Process LEN bytes of BUFFER, accumulating context into CTX.
 259    It is assumed that LEN % 64 == 0.
 260    Most of this code comes from David Madore's sha256.c.  */
 261 
 262 void
 263 sm3_process_block (const void *buffer, size_t len, struct sm3_ctx *ctx)
     /* [previous][next][first][last][top][bottom][index][help] */
 264 {
 265   const uint32_t *words = buffer;
 266   size_t nwords = len / sizeof (uint32_t);
 267   const uint32_t *endp = words + nwords;
 268   uint32_t x[16];
 269   uint32_t a = ctx->state[0];
 270   uint32_t b = ctx->state[1];
 271   uint32_t c = ctx->state[2];
 272   uint32_t d = ctx->state[3];
 273   uint32_t e = ctx->state[4];
 274   uint32_t f = ctx->state[5];
 275   uint32_t g = ctx->state[6];
 276   uint32_t h = ctx->state[7];
 277   uint32_t lolen = len;
 278 
 279   /* First increment the byte count.  GM/T 004-2012 specifies the possible
 280      length of the file up to 2^64 bits.  Here we only compute the
 281      number of bytes.  Do a double word increment.  */
 282   ctx->total[0] += lolen;
 283   ctx->total[1] += (len >> 31 >> 1) + (ctx->total[0] < lolen);
 284 
 285 #define rol(x, n) (((x) << ((n) & 31)) | ((x) >> ((32 - (n)) & 31)))
 286 #define P0(x) ((x)^rol(x,9)^rol(x,17))
 287 #define P1(x) ((x)^rol(x,15)^rol(x,23))
 288 
 289 #define W1(I) ( x[I&0x0f] )
 290 #define W2(I) ( tw =   P1(x[I&0x0f]^x[(I-9)&0x0f]^rol(x[(I-3)&0x0f],15)) \
 291                      ^ rol(x[(I-13)&0x0f],7) ^ x[(I-6)&0x0f] \
 292                 , x[I&0x0f] = tw )
 293 
 294 #define R(i,A,B,C,D,E,F,G,H,T,W1,W2) \
 295   do { \
 296        if (++j) \
 297          dbg_printf("%2d %08x %08x %08x %08x %08x %08x %08x %08x\n", \
 298                     j-1, A, B, C, D, E, F, G, H); \
 299        ss1 = rol(rol(A,12) + E + T,7); \
 300        ss2 = ss1 ^ rol(A,12); \
 301        D += FF##i(A,B,C) + ss2 + (W1 ^ W2); \
 302        H += GG##i(E,F,G) + ss1 + W1; \
 303        B = rol(B,9); \
 304        F = rol(F,19); \
 305        H = P0(H); \
 306      } while(0)
 307 
 308 #define R1(A,B,C,D,E,F,G,H,T,W1,W2) R(1,A,B,C,D,E,F,G,H,T,W1,W2)
 309 #define R2(A,B,C,D,E,F,G,H,T,W1,W2) R(2,A,B,C,D,E,F,G,H,T,W1,W2)
 310 
 311   while (words < endp)
 312     {
 313       uint32_t tw;
 314       uint32_t ss1, ss2;
 315       int j;
 316 
 317       for (j = 0; j < 16; j++)
 318         {
 319           x[j] = SWAP (*words);
 320           words++;
 321         }
 322 
 323       j = -1;
 324 
 325       dbg_printf (" j    A        B        C        D        E  "
 326                   "      F        G        H\n");
 327       dbg_printf ("   %08x %08x %08x %08x %08x %08x %08x %08x\n",
 328                   a, b, c, d, e, f, g, h);
 329 
 330       R1( a, b, c, d, e, f, g, h, T( 0), W1( 0), W1( 4) );
 331       R1( d, a, b, c, h, e, f, g, T( 1), W1( 1), W1( 5) );
 332       R1( c, d, a, b, g, h, e, f, T( 2), W1( 2), W1( 6) );
 333       R1( b, c, d, a, f, g, h, e, T( 3), W1( 3), W1( 7) );
 334       R1( a, b, c, d, e, f, g, h, T( 4), W1( 4), W1( 8) );
 335       R1( d, a, b, c, h, e, f, g, T( 5), W1( 5), W1( 9) );
 336       R1( c, d, a, b, g, h, e, f, T( 6), W1( 6), W1(10) );
 337       R1( b, c, d, a, f, g, h, e, T( 7), W1( 7), W1(11) );
 338       R1( a, b, c, d, e, f, g, h, T( 8), W1( 8), W1(12) );
 339       R1( d, a, b, c, h, e, f, g, T( 9), W1( 9), W1(13) );
 340       R1( c, d, a, b, g, h, e, f, T(10), W1(10), W1(14) );
 341       R1( b, c, d, a, f, g, h, e, T(11), W1(11), W1(15) );
 342       R1( a, b, c, d, e, f, g, h, T(12), W1(12), W2(16) );
 343       R1( d, a, b, c, h, e, f, g, T(13), W1(13), W2(17) );
 344       R1( c, d, a, b, g, h, e, f, T(14), W1(14), W2(18) );
 345       R1( b, c, d, a, f, g, h, e, T(15), W1(15), W2(19) );
 346       R2( a, b, c, d, e, f, g, h, T(16), W1(16), W2(20) );
 347       R2( d, a, b, c, h, e, f, g, T(17), W1(17), W2(21) );
 348       R2( c, d, a, b, g, h, e, f, T(18), W1(18), W2(22) );
 349       R2( b, c, d, a, f, g, h, e, T(19), W1(19), W2(23) );
 350       R2( a, b, c, d, e, f, g, h, T(20), W1(20), W2(24) );
 351       R2( d, a, b, c, h, e, f, g, T(21), W1(21), W2(25) );
 352       R2( c, d, a, b, g, h, e, f, T(22), W1(22), W2(26) );
 353       R2( b, c, d, a, f, g, h, e, T(23), W1(23), W2(27) );
 354       R2( a, b, c, d, e, f, g, h, T(24), W1(24), W2(28) );
 355       R2( d, a, b, c, h, e, f, g, T(25), W1(25), W2(29) );
 356       R2( c, d, a, b, g, h, e, f, T(26), W1(26), W2(30) );
 357       R2( b, c, d, a, f, g, h, e, T(27), W1(27), W2(31) );
 358       R2( a, b, c, d, e, f, g, h, T(28), W1(28), W2(32) );
 359       R2( d, a, b, c, h, e, f, g, T(29), W1(29), W2(33) );
 360       R2( c, d, a, b, g, h, e, f, T(30), W1(30), W2(34) );
 361       R2( b, c, d, a, f, g, h, e, T(31), W1(31), W2(35) );
 362       R2( a, b, c, d, e, f, g, h, T(32), W1(32), W2(36) );
 363       R2( d, a, b, c, h, e, f, g, T(33), W1(33), W2(37) );
 364       R2( c, d, a, b, g, h, e, f, T(34), W1(34), W2(38) );
 365       R2( b, c, d, a, f, g, h, e, T(35), W1(35), W2(39) );
 366       R2( a, b, c, d, e, f, g, h, T(36), W1(36), W2(40) );
 367       R2( d, a, b, c, h, e, f, g, T(37), W1(37), W2(41) );
 368       R2( c, d, a, b, g, h, e, f, T(38), W1(38), W2(42) );
 369       R2( b, c, d, a, f, g, h, e, T(39), W1(39), W2(43) );
 370       R2( a, b, c, d, e, f, g, h, T(40), W1(40), W2(44) );
 371       R2( d, a, b, c, h, e, f, g, T(41), W1(41), W2(45) );
 372       R2( c, d, a, b, g, h, e, f, T(42), W1(42), W2(46) );
 373       R2( b, c, d, a, f, g, h, e, T(43), W1(43), W2(47) );
 374       R2( a, b, c, d, e, f, g, h, T(44), W1(44), W2(48) );
 375       R2( d, a, b, c, h, e, f, g, T(45), W1(45), W2(49) );
 376       R2( c, d, a, b, g, h, e, f, T(46), W1(46), W2(50) );
 377       R2( b, c, d, a, f, g, h, e, T(47), W1(47), W2(51) );
 378       R2( a, b, c, d, e, f, g, h, T(48), W1(48), W2(52) );
 379       R2( d, a, b, c, h, e, f, g, T(49), W1(49), W2(53) );
 380       R2( c, d, a, b, g, h, e, f, T(50), W1(50), W2(54) );
 381       R2( b, c, d, a, f, g, h, e, T(51), W1(51), W2(55) );
 382       R2( a, b, c, d, e, f, g, h, T(52), W1(52), W2(56) );
 383       R2( d, a, b, c, h, e, f, g, T(53), W1(53), W2(57) );
 384       R2( c, d, a, b, g, h, e, f, T(54), W1(54), W2(58) );
 385       R2( b, c, d, a, f, g, h, e, T(55), W1(55), W2(59) );
 386       R2( a, b, c, d, e, f, g, h, T(56), W1(56), W2(60) );
 387       R2( d, a, b, c, h, e, f, g, T(57), W1(57), W2(61) );
 388       R2( c, d, a, b, g, h, e, f, T(58), W1(58), W2(62) );
 389       R2( b, c, d, a, f, g, h, e, T(59), W1(59), W2(63) );
 390       R2( a, b, c, d, e, f, g, h, T(60), W1(60), W2(64) );
 391       R2( d, a, b, c, h, e, f, g, T(61), W1(61), W2(65) );
 392       R2( c, d, a, b, g, h, e, f, T(62), W1(62), W2(66) );
 393       R2( b, c, d, a, f, g, h, e, T(63), W1(63), W2(67) );
 394 
 395       dbg_printf("%2d %08x %08x %08x %08x %08x %08x %08x %08x\n",
 396                  j, a, b, c, d, e, f, g, h);
 397 
 398       a = ctx->state[0] ^= a;
 399       b = ctx->state[1] ^= b;
 400       c = ctx->state[2] ^= c;
 401       d = ctx->state[3] ^= d;
 402       e = ctx->state[4] ^= e;
 403       f = ctx->state[5] ^= f;
 404       g = ctx->state[6] ^= g;
 405       h = ctx->state[7] ^= h;
 406     }
 407 }
 408 
 409 #endif
 410 
 411 /*
 412  * Hey Emacs!
 413  * Local Variables:
 414  * coding: utf-8
 415  * End:
 416  */
/* [previous][next][first][last][top][bottom][index][help] */