Botan  2.9.0
Crypto and TLS for C++11
sm3.cpp
Go to the documentation of this file.
1 /*
2 * SM3
3 * (C) 2017 Ribose Inc.
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/sm3.h>
9 #include <botan/rotate.h>
10 
11 namespace Botan {
12 
13 std::unique_ptr<HashFunction> SM3::copy_state() const
14  {
15  return std::unique_ptr<HashFunction>(new SM3(*this));
16  }
17 
18 namespace {
19 
20 const uint32_t SM3_IV[] = {
21  0x7380166fUL, 0x4914b2b9UL, 0x172442d7UL, 0xda8a0600UL,
22  0xa96f30bcUL, 0x163138aaUL, 0xe38dee4dUL, 0xb0fb0e4eUL
23 };
24 
25 inline uint32_t P0(uint32_t X)
26  {
27  return X ^ rotl<9>(X) ^ rotl<17>(X);
28  }
29 
30 inline uint32_t FF1(uint32_t X, uint32_t Y, uint32_t Z)
31  {
32  return (X & Y) | ((X | Y) & Z);
33  //return (X & Y) | (X & Z) | (Y & Z);
34  }
35 
36 inline uint32_t GG1(uint32_t X, uint32_t Y, uint32_t Z)
37  {
38  //return (X & Y) | (~X & Z);
39  return ((Z ^ (X & (Y ^ Z))));
40  }
41 
42 inline void R1(uint32_t A, uint32_t& B, uint32_t C, uint32_t& D,
43  uint32_t E, uint32_t& F, uint32_t G, uint32_t& H,
44  uint32_t TJ, uint32_t Wi, uint32_t Wj)
45  {
46  const uint32_t A12 = rotl<12>(A);
47  const uint32_t SS1 = rotl<7>(A12 + E + TJ);
48  const uint32_t TT1 = (A ^ B ^ C) + D + (SS1 ^ A12) + Wj;
49  const uint32_t TT2 = (E ^ F ^ G) + H + SS1 + Wi;
50 
51  B = rotl<9>(B);
52  D = TT1;
53  F = rotl<19>(F);
54  H = P0(TT2);
55  }
56 
57 inline void R2(uint32_t A, uint32_t& B, uint32_t C, uint32_t& D,
58  uint32_t E, uint32_t& F, uint32_t G, uint32_t& H,
59  uint32_t TJ, uint32_t Wi, uint32_t Wj)
60  {
61  const uint32_t A12 = rotl<12>(A);
62  const uint32_t SS1 = rotl<7>(A12 + E + TJ);
63  const uint32_t TT1 = FF1(A, B, C) + D + (SS1 ^ A12) + Wj;
64  const uint32_t TT2 = GG1(E, F, G) + H + SS1 + Wi;
65 
66  B = rotl<9>(B);
67  D = TT1;
68  F = rotl<19>(F);
69  H = P0(TT2);
70  }
71 
72 inline uint32_t P1(uint32_t X)
73  {
74  return X ^ rotl<15>(X) ^ rotl<23>(X);
75  }
76 
77 inline uint32_t SM3_E(uint32_t W0, uint32_t W7, uint32_t W13, uint32_t W3, uint32_t W10)
78  {
79  return P1(W0 ^ W7 ^ rotl<15>(W13)) ^ rotl<7>(W3) ^ W10;
80  }
81 
82 }
83 
84 /*
85 * SM3 Compression Function
86 */
87 void SM3::compress_n(const uint8_t input[], size_t blocks)
88  {
89  uint32_t A = m_digest[0], B = m_digest[1], C = m_digest[2], D = m_digest[3],
90  E = m_digest[4], F = m_digest[5], G = m_digest[6], H = m_digest[7];
91 
92  for(size_t i = 0; i != blocks; ++i)
93  {
94  uint32_t W00 = load_be<uint32_t>(input, 0);
95  uint32_t W01 = load_be<uint32_t>(input, 1);
96  uint32_t W02 = load_be<uint32_t>(input, 2);
97  uint32_t W03 = load_be<uint32_t>(input, 3);
98  uint32_t W04 = load_be<uint32_t>(input, 4);
99  uint32_t W05 = load_be<uint32_t>(input, 5);
100  uint32_t W06 = load_be<uint32_t>(input, 6);
101  uint32_t W07 = load_be<uint32_t>(input, 7);
102  uint32_t W08 = load_be<uint32_t>(input, 8);
103  uint32_t W09 = load_be<uint32_t>(input, 9);
104  uint32_t W10 = load_be<uint32_t>(input, 10);
105  uint32_t W11 = load_be<uint32_t>(input, 11);
106  uint32_t W12 = load_be<uint32_t>(input, 12);
107  uint32_t W13 = load_be<uint32_t>(input, 13);
108  uint32_t W14 = load_be<uint32_t>(input, 14);
109  uint32_t W15 = load_be<uint32_t>(input, 15);
110 
111  R1(A, B, C, D, E, F, G, H, 0x79CC4519, W00, W00 ^ W04);
112  W00 = SM3_E(W00, W07, W13, W03, W10);
113  R1(D, A, B, C, H, E, F, G, 0xF3988A32, W01, W01 ^ W05);
114  W01 = SM3_E(W01, W08, W14, W04, W11);
115  R1(C, D, A, B, G, H, E, F, 0xE7311465, W02, W02 ^ W06);
116  W02 = SM3_E(W02, W09, W15, W05, W12);
117  R1(B, C, D, A, F, G, H, E, 0xCE6228CB, W03, W03 ^ W07);
118  W03 = SM3_E(W03, W10, W00, W06, W13);
119  R1(A, B, C, D, E, F, G, H, 0x9CC45197, W04, W04 ^ W08);
120  W04 = SM3_E(W04, W11, W01, W07, W14);
121  R1(D, A, B, C, H, E, F, G, 0x3988A32F, W05, W05 ^ W09);
122  W05 = SM3_E(W05, W12, W02, W08, W15);
123  R1(C, D, A, B, G, H, E, F, 0x7311465E, W06, W06 ^ W10);
124  W06 = SM3_E(W06, W13, W03, W09, W00);
125  R1(B, C, D, A, F, G, H, E, 0xE6228CBC, W07, W07 ^ W11);
126  W07 = SM3_E(W07, W14, W04, W10, W01);
127  R1(A, B, C, D, E, F, G, H, 0xCC451979, W08, W08 ^ W12);
128  W08 = SM3_E(W08, W15, W05, W11, W02);
129  R1(D, A, B, C, H, E, F, G, 0x988A32F3, W09, W09 ^ W13);
130  W09 = SM3_E(W09, W00, W06, W12, W03);
131  R1(C, D, A, B, G, H, E, F, 0x311465E7, W10, W10 ^ W14);
132  W10 = SM3_E(W10, W01, W07, W13, W04);
133  R1(B, C, D, A, F, G, H, E, 0x6228CBCE, W11, W11 ^ W15);
134  W11 = SM3_E(W11, W02, W08, W14, W05);
135  R1(A, B, C, D, E, F, G, H, 0xC451979C, W12, W12 ^ W00);
136  W12 = SM3_E(W12, W03, W09, W15, W06);
137  R1(D, A, B, C, H, E, F, G, 0x88A32F39, W13, W13 ^ W01);
138  W13 = SM3_E(W13, W04, W10, W00, W07);
139  R1(C, D, A, B, G, H, E, F, 0x11465E73, W14, W14 ^ W02);
140  W14 = SM3_E(W14, W05, W11, W01, W08);
141  R1(B, C, D, A, F, G, H, E, 0x228CBCE6, W15, W15 ^ W03);
142  W15 = SM3_E(W15, W06, W12, W02, W09);
143  R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W00, W00 ^ W04);
144  W00 = SM3_E(W00, W07, W13, W03, W10);
145  R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W01, W01 ^ W05);
146  W01 = SM3_E(W01, W08, W14, W04, W11);
147  R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W02, W02 ^ W06);
148  W02 = SM3_E(W02, W09, W15, W05, W12);
149  R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W03, W03 ^ W07);
150  W03 = SM3_E(W03, W10, W00, W06, W13);
151  R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W04, W04 ^ W08);
152  W04 = SM3_E(W04, W11, W01, W07, W14);
153  R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W05, W05 ^ W09);
154  W05 = SM3_E(W05, W12, W02, W08, W15);
155  R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W06, W06 ^ W10);
156  W06 = SM3_E(W06, W13, W03, W09, W00);
157  R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W07, W07 ^ W11);
158  W07 = SM3_E(W07, W14, W04, W10, W01);
159  R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W08, W08 ^ W12);
160  W08 = SM3_E(W08, W15, W05, W11, W02);
161  R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W09, W09 ^ W13);
162  W09 = SM3_E(W09, W00, W06, W12, W03);
163  R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W10, W10 ^ W14);
164  W10 = SM3_E(W10, W01, W07, W13, W04);
165  R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W11, W11 ^ W15);
166  W11 = SM3_E(W11, W02, W08, W14, W05);
167  R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W12, W12 ^ W00);
168  W12 = SM3_E(W12, W03, W09, W15, W06);
169  R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W13, W13 ^ W01);
170  W13 = SM3_E(W13, W04, W10, W00, W07);
171  R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W14, W14 ^ W02);
172  W14 = SM3_E(W14, W05, W11, W01, W08);
173  R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W15, W15 ^ W03);
174  W15 = SM3_E(W15, W06, W12, W02, W09);
175  R2(A, B, C, D, E, F, G, H, 0x7A879D8A, W00, W00 ^ W04);
176  W00 = SM3_E(W00, W07, W13, W03, W10);
177  R2(D, A, B, C, H, E, F, G, 0xF50F3B14, W01, W01 ^ W05);
178  W01 = SM3_E(W01, W08, W14, W04, W11);
179  R2(C, D, A, B, G, H, E, F, 0xEA1E7629, W02, W02 ^ W06);
180  W02 = SM3_E(W02, W09, W15, W05, W12);
181  R2(B, C, D, A, F, G, H, E, 0xD43CEC53, W03, W03 ^ W07);
182  W03 = SM3_E(W03, W10, W00, W06, W13);
183  R2(A, B, C, D, E, F, G, H, 0xA879D8A7, W04, W04 ^ W08);
184  W04 = SM3_E(W04, W11, W01, W07, W14);
185  R2(D, A, B, C, H, E, F, G, 0x50F3B14F, W05, W05 ^ W09);
186  W05 = SM3_E(W05, W12, W02, W08, W15);
187  R2(C, D, A, B, G, H, E, F, 0xA1E7629E, W06, W06 ^ W10);
188  W06 = SM3_E(W06, W13, W03, W09, W00);
189  R2(B, C, D, A, F, G, H, E, 0x43CEC53D, W07, W07 ^ W11);
190  W07 = SM3_E(W07, W14, W04, W10, W01);
191  R2(A, B, C, D, E, F, G, H, 0x879D8A7A, W08, W08 ^ W12);
192  W08 = SM3_E(W08, W15, W05, W11, W02);
193  R2(D, A, B, C, H, E, F, G, 0x0F3B14F5, W09, W09 ^ W13);
194  W09 = SM3_E(W09, W00, W06, W12, W03);
195  R2(C, D, A, B, G, H, E, F, 0x1E7629EA, W10, W10 ^ W14);
196  W10 = SM3_E(W10, W01, W07, W13, W04);
197  R2(B, C, D, A, F, G, H, E, 0x3CEC53D4, W11, W11 ^ W15);
198  W11 = SM3_E(W11, W02, W08, W14, W05);
199  R2(A, B, C, D, E, F, G, H, 0x79D8A7A8, W12, W12 ^ W00);
200  W12 = SM3_E(W12, W03, W09, W15, W06);
201  R2(D, A, B, C, H, E, F, G, 0xF3B14F50, W13, W13 ^ W01);
202  W13 = SM3_E(W13, W04, W10, W00, W07);
203  R2(C, D, A, B, G, H, E, F, 0xE7629EA1, W14, W14 ^ W02);
204  W14 = SM3_E(W14, W05, W11, W01, W08);
205  R2(B, C, D, A, F, G, H, E, 0xCEC53D43, W15, W15 ^ W03);
206  W15 = SM3_E(W15, W06, W12, W02, W09);
207  R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W00, W00 ^ W04);
208  W00 = SM3_E(W00, W07, W13, W03, W10);
209  R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W01, W01 ^ W05);
210  W01 = SM3_E(W01, W08, W14, W04, W11);
211  R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W02, W02 ^ W06);
212  W02 = SM3_E(W02, W09, W15, W05, W12);
213  R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W03, W03 ^ W07);
214  W03 = SM3_E(W03, W10, W00, W06, W13);
215  R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W04, W04 ^ W08);
216  R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W05, W05 ^ W09);
217  R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W06, W06 ^ W10);
218  R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W07, W07 ^ W11);
219  R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W08, W08 ^ W12);
220  R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W09, W09 ^ W13);
221  R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W10, W10 ^ W14);
222  R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W11, W11 ^ W15);
223  R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W12, W12 ^ W00);
224  R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W13, W13 ^ W01);
225  R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W14, W14 ^ W02);
226  R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W15, W15 ^ W03);
227 
228  A = (m_digest[0] ^= A);
229  B = (m_digest[1] ^= B);
230  C = (m_digest[2] ^= C);
231  D = (m_digest[3] ^= D);
232  E = (m_digest[4] ^= E);
233  F = (m_digest[5] ^= F);
234  G = (m_digest[6] ^= G);
235  H = (m_digest[7] ^= H);
236 
237  input += hash_block_size();
238  }
239  }
240 
241 /*
242 * Copy out the digest
243 */
244 void SM3::copy_out(uint8_t output[])
245  {
246  copy_out_vec_be(output, output_length(), m_digest);
247  }
248 
249 /*
250 * Clear memory of sensitive data
251 */
252 void SM3::clear()
253  {
254  MDx_HashFunction::clear();
255  std::copy(std::begin(SM3_IV), std::end(SM3_IV), m_digest.begin());
256  }
257 
258 }
Botan::SM3::output_length
size_t output_length() const override
Definition: sm3.h:27
X
fe X
Definition: ge.cpp:27
Botan::copy_out_vec_be
void copy_out_vec_be(uint8_t out[], size_t out_bytes, const std::vector< T, Alloc > &in)
Definition: loadstor.h:671
Botan::MDx_HashFunction::clear
void clear() override
Definition: mdx_hash.cpp:41
Botan::load_be< uint32_t >
uint32_t load_be< uint32_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:177
Y
fe Y
Definition: ge.cpp:28
Botan::MDx_HashFunction::hash_block_size
size_t hash_block_size() const override final
Definition: mdx_hash.h:33
Botan::SM3::copy_state
std::unique_ptr< HashFunction > copy_state() const override
Definition: sm3.cpp:13
Botan
Definition: alg_id.cpp:13
Botan::SM3::clear
void clear() override
Definition: sm3.cpp:252
Z
fe Z
Definition: ge.cpp:29
Botan::SM3::SM3
SM3()
Definition: sm3.h:33
Generated by   doxygen 1.8.14