Botan  2.8.0
Crypto and TLS for C++11
sm3.cpp
Go to the documentation of this file.
1 /*
2 * SM3
3 * (C) 2017 Ribose Inc.
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/sm3.h>
9 
10 namespace Botan {
11 
12 std::unique_ptr<HashFunction> SM3::copy_state() const
13  {
14  return std::unique_ptr<HashFunction>(new SM3(*this));
15  }
16 
17 namespace {
18 
19 const uint32_t SM3_IV[] = {
20  0x7380166fUL, 0x4914b2b9UL, 0x172442d7UL, 0xda8a0600UL,
21  0xa96f30bcUL, 0x163138aaUL, 0xe38dee4dUL, 0xb0fb0e4eUL
22 };
23 
24 inline uint32_t P0(uint32_t X)
25  {
26  return X ^ rotl<9>(X) ^ rotl<17>(X);
27  }
28 
29 inline uint32_t FF1(uint32_t X, uint32_t Y, uint32_t Z)
30  {
31  return (X & Y) | ((X | Y) & Z);
32  //return (X & Y) | (X & Z) | (Y & Z);
33  }
34 
35 inline uint32_t GG1(uint32_t X, uint32_t Y, uint32_t Z)
36  {
37  //return (X & Y) | (~X & Z);
38  return ((Z ^ (X & (Y ^ Z))));
39  }
40 
41 inline void R1(uint32_t A, uint32_t& B, uint32_t C, uint32_t& D,
42  uint32_t E, uint32_t& F, uint32_t G, uint32_t& H,
43  uint32_t TJ, uint32_t Wi, uint32_t Wj)
44  {
45  const uint32_t A12 = rotl<12>(A);
46  const uint32_t SS1 = rotl<7>(A12 + E + TJ);
47  const uint32_t TT1 = (A ^ B ^ C) + D + (SS1 ^ A12) + Wj;
48  const uint32_t TT2 = (E ^ F ^ G) + H + SS1 + Wi;
49 
50  B = rotl<9>(B);
51  D = TT1;
52  F = rotl<19>(F);
53  H = P0(TT2);
54  }
55 
56 inline void R2(uint32_t A, uint32_t& B, uint32_t C, uint32_t& D,
57  uint32_t E, uint32_t& F, uint32_t G, uint32_t& H,
58  uint32_t TJ, uint32_t Wi, uint32_t Wj)
59  {
60  const uint32_t A12 = rotl<12>(A);
61  const uint32_t SS1 = rotl<7>(A12 + E + TJ);
62  const uint32_t TT1 = FF1(A, B, C) + D + (SS1 ^ A12) + Wj;
63  const uint32_t TT2 = GG1(E, F, G) + H + SS1 + Wi;
64 
65  B = rotl<9>(B);
66  D = TT1;
67  F = rotl<19>(F);
68  H = P0(TT2);
69  }
70 
71 inline uint32_t P1(uint32_t X)
72  {
73  return X ^ rotl<15>(X) ^ rotl<23>(X);
74  }
75 
76 inline uint32_t SM3_E(uint32_t W0, uint32_t W7, uint32_t W13, uint32_t W3, uint32_t W10)
77  {
78  return P1(W0 ^ W7 ^ rotl<15>(W13)) ^ rotl<7>(W3) ^ W10;
79  }
80 
81 }
82 
83 /*
84 * SM3 Compression Function
85 */
86 void SM3::compress_n(const uint8_t input[], size_t blocks)
87  {
88  uint32_t A = m_digest[0], B = m_digest[1], C = m_digest[2], D = m_digest[3],
89  E = m_digest[4], F = m_digest[5], G = m_digest[6], H = m_digest[7];
90 
91  for(size_t i = 0; i != blocks; ++i)
92  {
93  uint32_t W00 = load_be<uint32_t>(input, 0);
94  uint32_t W01 = load_be<uint32_t>(input, 1);
95  uint32_t W02 = load_be<uint32_t>(input, 2);
96  uint32_t W03 = load_be<uint32_t>(input, 3);
97  uint32_t W04 = load_be<uint32_t>(input, 4);
98  uint32_t W05 = load_be<uint32_t>(input, 5);
99  uint32_t W06 = load_be<uint32_t>(input, 6);
100  uint32_t W07 = load_be<uint32_t>(input, 7);
101  uint32_t W08 = load_be<uint32_t>(input, 8);
102  uint32_t W09 = load_be<uint32_t>(input, 9);
103  uint32_t W10 = load_be<uint32_t>(input, 10);
104  uint32_t W11 = load_be<uint32_t>(input, 11);
105  uint32_t W12 = load_be<uint32_t>(input, 12);
106  uint32_t W13 = load_be<uint32_t>(input, 13);
107  uint32_t W14 = load_be<uint32_t>(input, 14);
108  uint32_t W15 = load_be<uint32_t>(input, 15);
109 
110  R1(A, B, C, D, E, F, G, H, 0x79CC4519, W00, W00 ^ W04);
111  W00 = SM3_E(W00, W07, W13, W03, W10);
112  R1(D, A, B, C, H, E, F, G, 0xF3988A32, W01, W01 ^ W05);
113  W01 = SM3_E(W01, W08, W14, W04, W11);
114  R1(C, D, A, B, G, H, E, F, 0xE7311465, W02, W02 ^ W06);
115  W02 = SM3_E(W02, W09, W15, W05, W12);
116  R1(B, C, D, A, F, G, H, E, 0xCE6228CB, W03, W03 ^ W07);
117  W03 = SM3_E(W03, W10, W00, W06, W13);
118  R1(A, B, C, D, E, F, G, H, 0x9CC45197, W04, W04 ^ W08);
119  W04 = SM3_E(W04, W11, W01, W07, W14);
120  R1(D, A, B, C, H, E, F, G, 0x3988A32F, W05, W05 ^ W09);
121  W05 = SM3_E(W05, W12, W02, W08, W15);
122  R1(C, D, A, B, G, H, E, F, 0x7311465E, W06, W06 ^ W10);
123  W06 = SM3_E(W06, W13, W03, W09, W00);
124  R1(B, C, D, A, F, G, H, E, 0xE6228CBC, W07, W07 ^ W11);
125  W07 = SM3_E(W07, W14, W04, W10, W01);
126  R1(A, B, C, D, E, F, G, H, 0xCC451979, W08, W08 ^ W12);
127  W08 = SM3_E(W08, W15, W05, W11, W02);
128  R1(D, A, B, C, H, E, F, G, 0x988A32F3, W09, W09 ^ W13);
129  W09 = SM3_E(W09, W00, W06, W12, W03);
130  R1(C, D, A, B, G, H, E, F, 0x311465E7, W10, W10 ^ W14);
131  W10 = SM3_E(W10, W01, W07, W13, W04);
132  R1(B, C, D, A, F, G, H, E, 0x6228CBCE, W11, W11 ^ W15);
133  W11 = SM3_E(W11, W02, W08, W14, W05);
134  R1(A, B, C, D, E, F, G, H, 0xC451979C, W12, W12 ^ W00);
135  W12 = SM3_E(W12, W03, W09, W15, W06);
136  R1(D, A, B, C, H, E, F, G, 0x88A32F39, W13, W13 ^ W01);
137  W13 = SM3_E(W13, W04, W10, W00, W07);
138  R1(C, D, A, B, G, H, E, F, 0x11465E73, W14, W14 ^ W02);
139  W14 = SM3_E(W14, W05, W11, W01, W08);
140  R1(B, C, D, A, F, G, H, E, 0x228CBCE6, W15, W15 ^ W03);
141  W15 = SM3_E(W15, W06, W12, W02, W09);
142  R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W00, W00 ^ W04);
143  W00 = SM3_E(W00, W07, W13, W03, W10);
144  R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W01, W01 ^ W05);
145  W01 = SM3_E(W01, W08, W14, W04, W11);
146  R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W02, W02 ^ W06);
147  W02 = SM3_E(W02, W09, W15, W05, W12);
148  R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W03, W03 ^ W07);
149  W03 = SM3_E(W03, W10, W00, W06, W13);
150  R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W04, W04 ^ W08);
151  W04 = SM3_E(W04, W11, W01, W07, W14);
152  R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W05, W05 ^ W09);
153  W05 = SM3_E(W05, W12, W02, W08, W15);
154  R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W06, W06 ^ W10);
155  W06 = SM3_E(W06, W13, W03, W09, W00);
156  R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W07, W07 ^ W11);
157  W07 = SM3_E(W07, W14, W04, W10, W01);
158  R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W08, W08 ^ W12);
159  W08 = SM3_E(W08, W15, W05, W11, W02);
160  R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W09, W09 ^ W13);
161  W09 = SM3_E(W09, W00, W06, W12, W03);
162  R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W10, W10 ^ W14);
163  W10 = SM3_E(W10, W01, W07, W13, W04);
164  R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W11, W11 ^ W15);
165  W11 = SM3_E(W11, W02, W08, W14, W05);
166  R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W12, W12 ^ W00);
167  W12 = SM3_E(W12, W03, W09, W15, W06);
168  R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W13, W13 ^ W01);
169  W13 = SM3_E(W13, W04, W10, W00, W07);
170  R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W14, W14 ^ W02);
171  W14 = SM3_E(W14, W05, W11, W01, W08);
172  R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W15, W15 ^ W03);
173  W15 = SM3_E(W15, W06, W12, W02, W09);
174  R2(A, B, C, D, E, F, G, H, 0x7A879D8A, W00, W00 ^ W04);
175  W00 = SM3_E(W00, W07, W13, W03, W10);
176  R2(D, A, B, C, H, E, F, G, 0xF50F3B14, W01, W01 ^ W05);
177  W01 = SM3_E(W01, W08, W14, W04, W11);
178  R2(C, D, A, B, G, H, E, F, 0xEA1E7629, W02, W02 ^ W06);
179  W02 = SM3_E(W02, W09, W15, W05, W12);
180  R2(B, C, D, A, F, G, H, E, 0xD43CEC53, W03, W03 ^ W07);
181  W03 = SM3_E(W03, W10, W00, W06, W13);
182  R2(A, B, C, D, E, F, G, H, 0xA879D8A7, W04, W04 ^ W08);
183  W04 = SM3_E(W04, W11, W01, W07, W14);
184  R2(D, A, B, C, H, E, F, G, 0x50F3B14F, W05, W05 ^ W09);
185  W05 = SM3_E(W05, W12, W02, W08, W15);
186  R2(C, D, A, B, G, H, E, F, 0xA1E7629E, W06, W06 ^ W10);
187  W06 = SM3_E(W06, W13, W03, W09, W00);
188  R2(B, C, D, A, F, G, H, E, 0x43CEC53D, W07, W07 ^ W11);
189  W07 = SM3_E(W07, W14, W04, W10, W01);
190  R2(A, B, C, D, E, F, G, H, 0x879D8A7A, W08, W08 ^ W12);
191  W08 = SM3_E(W08, W15, W05, W11, W02);
192  R2(D, A, B, C, H, E, F, G, 0x0F3B14F5, W09, W09 ^ W13);
193  W09 = SM3_E(W09, W00, W06, W12, W03);
194  R2(C, D, A, B, G, H, E, F, 0x1E7629EA, W10, W10 ^ W14);
195  W10 = SM3_E(W10, W01, W07, W13, W04);
196  R2(B, C, D, A, F, G, H, E, 0x3CEC53D4, W11, W11 ^ W15);
197  W11 = SM3_E(W11, W02, W08, W14, W05);
198  R2(A, B, C, D, E, F, G, H, 0x79D8A7A8, W12, W12 ^ W00);
199  W12 = SM3_E(W12, W03, W09, W15, W06);
200  R2(D, A, B, C, H, E, F, G, 0xF3B14F50, W13, W13 ^ W01);
201  W13 = SM3_E(W13, W04, W10, W00, W07);
202  R2(C, D, A, B, G, H, E, F, 0xE7629EA1, W14, W14 ^ W02);
203  W14 = SM3_E(W14, W05, W11, W01, W08);
204  R2(B, C, D, A, F, G, H, E, 0xCEC53D43, W15, W15 ^ W03);
205  W15 = SM3_E(W15, W06, W12, W02, W09);
206  R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W00, W00 ^ W04);
207  W00 = SM3_E(W00, W07, W13, W03, W10);
208  R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W01, W01 ^ W05);
209  W01 = SM3_E(W01, W08, W14, W04, W11);
210  R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W02, W02 ^ W06);
211  W02 = SM3_E(W02, W09, W15, W05, W12);
212  R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W03, W03 ^ W07);
213  W03 = SM3_E(W03, W10, W00, W06, W13);
214  R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W04, W04 ^ W08);
215  R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W05, W05 ^ W09);
216  R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W06, W06 ^ W10);
217  R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W07, W07 ^ W11);
218  R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W08, W08 ^ W12);
219  R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W09, W09 ^ W13);
220  R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W10, W10 ^ W14);
221  R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W11, W11 ^ W15);
222  R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W12, W12 ^ W00);
223  R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W13, W13 ^ W01);
224  R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W14, W14 ^ W02);
225  R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W15, W15 ^ W03);
226 
227  A = (m_digest[0] ^= A);
228  B = (m_digest[1] ^= B);
229  C = (m_digest[2] ^= C);
230  D = (m_digest[3] ^= D);
231  E = (m_digest[4] ^= E);
232  F = (m_digest[5] ^= F);
233  G = (m_digest[6] ^= G);
234  H = (m_digest[7] ^= H);
235 
236  input += hash_block_size();
237  }
238  }
239 
240 /*
241 * Copy out the digest
242 */
243 void SM3::copy_out(uint8_t output[])
244  {
245  copy_out_vec_be(output, output_length(), m_digest);
246  }
247 
248 /*
249 * Clear memory of sensitive data
250 */
251 void SM3::clear()
252  {
253  MDx_HashFunction::clear();
254  std::copy(std::begin(SM3_IV), std::end(SM3_IV), m_digest.begin());
255  }
256 
257 }
Botan::SM3::output_length
size_t output_length() const override
Definition: sm3.h:27
X
fe X
Definition: ge.cpp:27
Botan::copy_out_vec_be
void copy_out_vec_be(uint8_t out[], size_t out_bytes, const std::vector< T, Alloc > &in)
Definition: loadstor.h:669
Botan::MDx_HashFunction::clear
void clear() override
Definition: mdx_hash.cpp:33
Botan::load_be< uint32_t >
uint32_t load_be< uint32_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:177
Y
fe Y
Definition: ge.cpp:28
Botan::MDx_HashFunction::hash_block_size
size_t hash_block_size() const override final
Definition: mdx_hash.h:32
Botan::SM3::copy_state
std::unique_ptr< HashFunction > copy_state() const override
Definition: sm3.cpp:12
Botan
Definition: alg_id.cpp:13
Botan::SM3::clear
void clear() override
Definition: sm3.cpp:251
Z
fe Z
Definition: ge.cpp:29
Botan::SM3::SM3
SM3()
Definition: sm3.h:33
Generated by   doxygen 1.8.14