sm3.c
Go to the documentation of this file.
1 /**
2  * @file sm3.c
3  * @brief SM3 hash function
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2025 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.5.0
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
33 
34 //Dependencies
35 #include "core/crypto.h"
36 #include "hash/sm3.h"
37 
38 //Check crypto library configuration
39 #if (SM3_SUPPORT == ENABLED)
40 
41 //Macro to access the workspace as a circular buffer
42 #define W(n) w[(n) & 0x0F]
43 
44 //SM3 auxiliary functions
45 #define FF1(x, y, z) ((x) ^ (y) ^ (z))
46 #define FF2(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
47 #define GG1(x, y, z) ((x) ^ (y) ^ (z))
48 #define GG2(x, y, z) (((x) & (y)) | ((~x) & (z)))
49 #define P0(x) ((x) ^ ROL32(x, 9) ^ ROL32(x, 17))
50 #define P1(x) ((x) ^ ROL32(x, 15) ^ ROL32(x, 23))
51 
52 //Constants T_j
53 #define TJ1 0x79CC4519
54 #define TJ2 0x7A879D8A
55 
56 //SM3 padding
57 static const uint8_t padding[64] =
58 {
59  0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
60  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
61  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
62  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
63 };
64 
65 //SM3 object identifier (1.0.10118.3.0.65)
66 const uint8_t SM3_OID[6] = {0x28, 0xCF, 0x06, 0x03, 0x00, 0x41};
67 
68 //Common interface for hash algorithms
70 {
71  "SM3",
72  SM3_OID,
73  sizeof(SM3_OID),
74  sizeof(Sm3Context),
78  TRUE,
83  NULL
84 };
85 
86 
87 /**
88  * @brief Digest a message using SM3
89  * @param[in] data Pointer to the message being hashed
90  * @param[in] length Length of the message
91  * @param[out] digest Pointer to the calculated digest
92  * @return Error code
93  **/
94 
95 error_t sm3Compute(const void *data, size_t length, uint8_t *digest)
96 {
97 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
98  Sm3Context *context;
99 #else
100  Sm3Context context[1];
101 #endif
102 
103  //Check parameters
104  if(data == NULL && length != 0)
106 
107  if(digest == NULL)
109 
110 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
111  //Allocate a memory buffer to hold the SM3 context
112  context = cryptoAllocMem(sizeof(Sm3Context));
113  //Failed to allocate memory?
114  if(context == NULL)
115  return ERROR_OUT_OF_MEMORY;
116 #endif
117 
118  //Initialize the SM3 context
119  sm3Init(context);
120  //Digest the message
121  sm3Update(context, data, length);
122  //Finalize the SM3 message digest
123  sm3Final(context, digest);
124 
125 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
126  //Free previously allocated memory
127  cryptoFreeMem(context);
128 #endif
129 
130  //Successful processing
131  return NO_ERROR;
132 }
133 
134 
135 /**
136  * @brief Initialize SM3 message digest context
137  * @param[in] context Pointer to the SM3 context to initialize
138  **/
139 
140 void sm3Init(Sm3Context *context)
141 {
142  //Set initial hash value
143  context->h[0] = 0x7380166F;
144  context->h[1] = 0x4914B2B9;
145  context->h[2] = 0x172442D7;
146  context->h[3] = 0xDA8A0600;
147  context->h[4] = 0xA96F30BC;
148  context->h[5] = 0x163138AA;
149  context->h[6] = 0xE38DEE4D;
150  context->h[7] = 0xB0FB0E4E;
151 
152  //Number of bytes in the buffer
153  context->size = 0;
154  //Total length of the message
155  context->totalSize = 0;
156 }
157 
158 
159 /**
160  * @brief Update the SM3 context with a portion of the message being hashed
161  * @param[in] context Pointer to the SM3 context
162  * @param[in] data Pointer to the buffer being hashed
163  * @param[in] length Length of the buffer
164  **/
165 
166 __weak_func void sm3Update(Sm3Context *context, const void *data, size_t length)
167 {
168  size_t n;
169 
170  //Process the incoming data
171  while(length > 0)
172  {
173  //The buffer can hold at most 64 bytes
174  n = MIN(length, 64 - context->size);
175 
176  //Copy the data to the buffer
177  osMemcpy(context->buffer + context->size, data, n);
178 
179  //Update the SM3 context
180  context->size += n;
181  context->totalSize += n;
182  //Advance the data pointer
183  data = (uint8_t *) data + n;
184  //Remaining bytes to process
185  length -= n;
186 
187  //Process message in 16-word blocks
188  if(context->size == 64)
189  {
190  //Transform the 16-word block
191  sm3ProcessBlock(context);
192  //Empty the buffer
193  context->size = 0;
194  }
195  }
196 }
197 
198 
199 /**
200  * @brief Finish the SM3 message digest
201  * @param[in] context Pointer to the SM3 context
202  * @param[out] digest Calculated digest
203  **/
204 
205 void sm3Final(Sm3Context *context, uint8_t *digest)
206 {
207  uint_t i;
208  size_t paddingSize;
209  uint64_t totalSize;
210 
211  //Length of the original message (before padding)
212  totalSize = context->totalSize * 8;
213 
214  //Pad the message so that its length is congruent to 56 modulo 64
215  if(context->size < 56)
216  {
217  paddingSize = 56 - context->size;
218  }
219  else
220  {
221  paddingSize = 64 + 56 - context->size;
222  }
223 
224  //Append padding
225  sm3Update(context, padding, paddingSize);
226 
227  //Append the length of the original message
228  for(i = 0; i < 8; i++)
229  {
230  context->buffer[63 - i] = totalSize & 0xFF;
231  totalSize >>= 8;
232  }
233 
234  //Calculate the message digest
235  sm3ProcessBlock(context);
236 
237  //Copy the resulting digest
238  for(i = 0; i < (SM3_DIGEST_SIZE / 4); i++)
239  {
240  STORE32BE(context->h[i], digest + i * 4);
241  }
242 }
243 
244 
245 /**
246  * @brief Process message in 16-word blocks
247  * @param[in] context Pointer to the SM3 context
248  **/
249 
250 __weak_func void sm3ProcessBlock(Sm3Context *context)
251 {
252  uint_t i;
253  uint32_t ss1;
254  uint32_t ss2;
255  uint32_t tt1;
256  uint32_t tt2;
257  uint32_t temp;
258 
259  //Initialize the 8 working registers
260  uint32_t a = context->h[0];
261  uint32_t b = context->h[1];
262  uint32_t c = context->h[2];
263  uint32_t d = context->h[3];
264  uint32_t e = context->h[4];
265  uint32_t f = context->h[5];
266  uint32_t g = context->h[6];
267  uint32_t h = context->h[7];
268 
269  //Process message in 16-word blocks
270  uint32_t *w = context->w;
271 
272  //Convert from big-endian byte order to host byte order
273  for(i = 0; i < 16; i++)
274  {
275  w[i] = LOAD32BE(context->buffer + i * 4);
276  }
277 
278  //SM3 compression function
279  for(i = 0; i < 64; i++)
280  {
281  //Message expansion
282  if(i >= 12)
283  {
284  temp = W(i + 4) ^ W(i + 11) ^ ROL32(W(i + 1), 15);
285  W(i + 4) = P1(temp) ^ ROL32(W(i + 7), 7) ^ W(i + 14);
286  }
287 
288  //Calculate TT1 and TT2
289  if(i < 16)
290  {
291  temp = ROL32(a, 12) + e + ROL32(TJ1, i);
292  ss1 = ROL32(temp, 7);
293  ss2 = ss1 ^ ROL32(a, 12);
294  tt1 = FF1(a, b, c) + d + ss2 + (W(i) ^ W(i + 4));
295  tt2 = GG1(e, f, g) + h + ss1 + W(i);
296  }
297  else
298  {
299  temp = ROL32(a, 12) + e + ROL32(TJ2, i % 32);
300  ss1 = ROL32(temp, 7);
301  ss2 = ss1 ^ ROL32(a, 12);
302  tt1 = FF2(a, b, c) + d + ss2 + (W(i) ^ W(i + 4));
303  tt2 = GG2(e, f, g) + h + ss1 + W(i);
304  }
305 
306  //Update working registers
307  d = c;
308  c = ROL32(b, 9);
309  b = a;
310  a = tt1;
311  h = g;
312  g = ROL32(f, 19);
313  f = e;
314  e = P0(tt2);
315  }
316 
317  //Update the hash value
318  context->h[0] ^= a;
319  context->h[1] ^= b;
320  context->h[2] ^= c;
321  context->h[3] ^= d;
322  context->h[4] ^= e;
323  context->h[5] ^= f;
324  context->h[6] ^= g;
325  context->h[7] ^= h;
326 }
327 
328 #endif
uint8_t b
Definition: nbns_common.h:104
void(* HashAlgoInit)(void *context)
Definition: crypto.h:1027
void sm3Final(Sm3Context *context, uint8_t *digest)
Finish the SM3 message digest.
Definition: sm3.c:205
uint8_t a
Definition: ndp.h:411
#define LOAD32BE(p)
Definition: cpu_endian.h:210
#define TRUE
Definition: os_port.h:50
uint8_t data[]
Definition: ethernet.h:222
#define FF1(x, y, z)
Definition: sm3.c:45
SM3 algorithm context.
Definition: sm3.h:62
@ ERROR_OUT_OF_MEMORY
Definition: error.h:63
uint8_t buffer[64]
Definition: sm3.h:67
#define TJ2
Definition: sm3.c:54
#define GG1(x, y, z)
Definition: sm3.c:47
uint64_t totalSize
Definition: sm3.h:70
void(* HashAlgoUpdate)(void *context, const void *data, size_t length)
Definition: crypto.h:1029
__weak_func void sm3ProcessBlock(Sm3Context *context)
Process message in 16-word blocks.
Definition: sm3.c:250
#define SM3_MIN_PAD_SIZE
Definition: sm3.h:47
uint8_t h
Definition: ndp.h:302
@ ERROR_INVALID_PARAMETER
Invalid parameter.
Definition: error.h:47
#define osMemcpy(dest, src, length)
Definition: os_port.h:144
error_t
Error codes.
Definition: error.h:43
#define W(n)
Definition: sm3.c:42
#define FF2(x, y, z)
Definition: sm3.c:46
uint32_t w[16]
Definition: sm3.h:66
uint32_t h[8]
Definition: sm3.h:63
General definitions for cryptographic algorithms.
error_t sm3Compute(const void *data, size_t length, uint8_t *digest)
Digest a message using SM3.
Definition: sm3.c:95
#define P0(x)
Definition: sm3.c:49
uint8_t length
Definition: tcp.h:375
#define MIN(a, b)
Definition: os_port.h:63
SM3 hash function.
#define P1(x)
Definition: sm3.c:50
void(* HashAlgoFinal)(void *context, uint8_t *digest)
Definition: crypto.h:1031
#define ROL32(a, n)
Definition: crypto.h:832
#define TJ1
Definition: sm3.c:53
#define SM3_BLOCK_SIZE
Definition: sm3.h:43
uint8_t n
#define cryptoFreeMem(p)
Definition: crypto.h:826
const HashAlgo sm3HashAlgo
Definition: sm3.c:69
#define cryptoAllocMem(size)
Definition: crypto.h:821
Common interface for hash algorithms.
Definition: crypto.h:1082
__weak_func void sm3Update(Sm3Context *context, const void *data, size_t length)
Update the SM3 context with a portion of the message being hashed.
Definition: sm3.c:166
unsigned int uint_t
Definition: compiler_port.h:57
error_t(* HashAlgoCompute)(const void *data, size_t length, uint8_t *digest)
Definition: crypto.h:1024
const uint8_t SM3_OID[6]
Definition: sm3.c:66
size_t size
Definition: sm3.h:69
void sm3Init(Sm3Context *context)
Initialize SM3 message digest context.
Definition: sm3.c:140
#define STORE32BE(a, p)
Definition: cpu_endian.h:286
@ NO_ERROR
Success.
Definition: error.h:44
uint8_t c
Definition: ndp.h:514
#define GG2(x, y, z)
Definition: sm3.c:48
#define SM3_DIGEST_SIZE
Definition: sm3.h:45