| blob | 816c71cc7a1d0a363080e7f638082a55865c883d |
1 /* sm3.c - Functions to compute SM3 message digest of files or memory blocks
2 according to the specification GM/T 004-2012 Cryptographic Hash Algorithm
3 SM3, published by State Encryption Management Bureau, China.
5 SM3 cryptographic hash algorithm.
6 <http://www.sca.gov.cn/sca/xwdt/2010-12/17/content_1002389.shtml>
8 Copyright (C) 2017-2024 Free Software Foundation, Inc.
10 This file is free software: you can redistribute it and/or modify
11 it under the terms of the GNU Lesser General Public License as
12 published by the Free Software Foundation; either version 2.1 of the
13 License, or (at your option) any later version.
15 This file is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public License
21 along with this program. If not, see <https://www.gnu.org/licenses/>. */
23 /* Written by Jia Zhang <qianyue.zj@alibaba-inc.com>, 2017,
24 considerably copypasting from David Madore's sha256.c */
26 #include <config.h>
28 /* Specification. */
29 #if HAVE_OPENSSL_SM3
30 # define GL_OPENSSL_INLINE _GL_EXTERN_INLINE
31 #endif
34 #include <stdint.h>
35 #include <string.h>
37 #include <byteswap.h>
38 #ifdef WORDS_BIGENDIAN
39 # define SWAP(n) (n)
40 #else
41 # define SWAP(n) bswap_32 (n)
42 #endif
44 #ifndef DEBUG_SM3
45 # define DEBUG_SM3 0
46 #endif
48 #if ! DEBUG_SM3
49 # define dbg_printf(fmt, ...) do { } while (0)
50 #else
51 # define dbg_printf printf
52 #endif
54 #if ! HAVE_OPENSSL_SM3
56 /* This array contains the bytes used to pad the buffer to the next
57 64-byte boundary. */
61 /*
62 Takes a pointer to a 256 bit block of data (eight 32 bit ints) and
63 initializes it to the start constants of the SM3 algorithm. This
64 must be called before using hash in the call to sm3_hash
65 */
66 void
68 {
80 }
82 /* Copy the value from v into the memory location pointed to by *cp,
83 If your architecture allows unaligned access this is equivalent to
84 * (uint32_t *) cp = v */
85 static void
87 {
89 }
91 /* Put result from CTX in first 32 bytes following RESBUF. The result
92 must be in little endian byte order. */
95 {
103 }
105 /* Process the remaining bytes in the internal buffer and the usual
106 prolog according to the standard and write the result to RESBUF. */
107 static void
109 {
110 /* Take yet unprocessed bytes into account. */
114 /* Now count remaining bytes. */
119 /* Put the 64-bit file length in *bits* at the end of the buffer.
120 Use set_uint32 rather than a simple assignment, to avoid risk of
121 unaligned access. */
129 /* Process last bytes. */
131 }
135 {
138 }
140 /* Compute SM3 message digest for LEN bytes beginning at BUFFER. The
141 result is always in little endian byte order, so that a byte-wise
142 output yields to the wanted ASCII representation of the message
143 digest. */
146 {
149 /* Initialize the computation context. */
152 /* Process whole buffer but last len % 64 bytes. */
155 /* Put result in desired memory area. */
157 }
159 void
161 {
162 /* When we already have some bits in our internal buffer concatenate
163 both inputs first. */
165 {
173 {
177 /* The regions in the following copy operation cannot overlap,
178 because ctx->buflen < 64 ≤ (left_over + add) & ~63. */
182 }
186 }
188 /* Process available complete blocks. */
190 {
191 #if !(_STRING_ARCH_unaligned || _STRING_INLINE_unaligned)
192 # define UNALIGNED_P(p) ((uintptr_t) (p) % alignof (uint32_t) != 0)
195 {
199 }
200 else
201 #endif
202 {
206 }
207 }
209 /* Move remaining bytes in internal buffer. */
211 {
217 {
220 /* The regions in the following copy operation cannot overlap,
221 because left_over ≤ 64. */
223 }
225 }
226 }
228 /* --- Code below is the primary difference between sha256.c and sm3.c --- */
230 /* SM3 round constants */
231 #define T(j) sm3_round_constants[j]
249 };
251 /* Round functions. */
252 #define FF1(X,Y,Z) ( X ^ Y ^ Z )
253 #define FF2(X,Y,Z) ( ( X & Y ) | ( X & Z ) | ( Y & Z ) )
254 #define GG1(X,Y,Z) ( X ^ Y ^ Z )
255 #define GG2(X,Y,Z) ( ( X & Y ) | ( ~X & Z ) )
257 /* Process LEN bytes of BUFFER, accumulating context into CTX.
258 It is assumed that LEN % 64 == 0.
259 Most of this code comes from David Madore's sha256.c. */
261 void
263 {
278 /* First increment the byte count. GM/T 004-2012 specifies the possible
279 length of the file up to 2^64 bits. Here we only compute the
280 number of bytes. Do a double word increment. */
284 #define rol(x, n) (((x) << ((n) & 31)) | ((x) >> ((32 - (n)) & 31)))
285 #define P0(x) ((x)^rol(x,9)^rol(x,17))
286 #define P1(x) ((x)^rol(x,15)^rol(x,23))
288 #define W1(I) ( x[I&0x0f] )
289 #define W2(I) ( tw = P1(x[I&0x0f]^x[(I-9)&0x0f]^rol(x[(I-3)&0x0f],15)) \
290 ^ rol(x[(I-13)&0x0f],7) ^ x[(I-6)&0x0f] \
291 , x[I&0x0f] = tw )
293 #define R(i,A,B,C,D,E,F,G,H,T,W1,W2) \
294 do { \
295 if (++j) \
297 j-1, A, B, C, D, E, F, G, H); \
298 ss1 = rol(rol(A,12) + E + T,7); \
299 ss2 = ss1 ^ rol(A,12); \
300 D += FF##i(A,B,C) + ss2 + (W1 ^ W2); \
301 H += GG##i(E,F,G) + ss1 + W1; \
302 B = rol(B,9); \
303 F = rol(F,19); \
304 H = P0(H); \
305 } while(0)
307 #define R1(A,B,C,D,E,F,G,H,T,W1,W2) R(1,A,B,C,D,E,F,G,H,T,W1,W2)
308 #define R2(A,B,C,D,E,F,G,H,T,W1,W2) R(2,A,B,C,D,E,F,G,H,T,W1,W2)
311 {
317 {
319 words++;
320 }
405 }
406 }
408 #endif
410 /*
411 * Hey Emacs!
412 * Local Variables:
413 * coding: utf-8
414 * End:
415 */