1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15
16 #include "hitls_build.h"
17 #ifdef HITLS_CRYPTO_SM3
18
19 #include <stdint.h>
20 #include "crypt_utils.h"
21 #include "bsl_sal.h"
22 #include "crypt_sm3.h"
23
24 #define K0 0x79cc4519U
25 #define K1 0xf3988a32U
26 #define K2 0xe7311465U
27 #define K3 0xce6228cbU
28 #define K4 0x9cc45197U
29 #define K5 0x3988a32fU
30 #define K6 0x7311465eU
31 #define K7 0xe6228cbcU
32 #define K8 0xcc451979U
33 #define K9 0x988a32f3U
34 #define K10 0x311465e7U
35 #define K11 0x6228cbceU
36 #define K12 0xc451979cU
37 #define K13 0x88a32f39U
38 #define K14 0x11465e73U
39 #define K15 0x228cbce6U
40 #define K16 0x9d8a7a87U
41 #define K17 0x3b14f50fU
42 #define K18 0x7629ea1eU
43 #define K19 0xec53d43cU
44 #define K20 0xd8a7a879U
45 #define K21 0xb14f50f3U
46 #define K22 0x629ea1e7U
47 #define K23 0xc53d43ceU
48 #define K24 0x8a7a879dU
49 #define K25 0x14f50f3bU
50 #define K26 0x29ea1e76U
51 #define K27 0x53d43cecU
52 #define K28 0xa7a879d8U
53 #define K29 0x4f50f3b1U
54 #define K30 0x9ea1e762U
55 #define K31 0x3d43cec5U
56 #define K32 0x7a879d8aU
57 #define K33 0xf50f3b14U
58 #define K34 0xea1e7629U
59 #define K35 0xd43cec53U
60 #define K36 0xa879d8a7U
61 #define K37 0x50f3b14fU
62 #define K38 0xa1e7629eU
63 #define K39 0x43cec53dU
64 #define K40 0x879d8a7aU
65 #define K41 0x0f3b14f5U
66 #define K42 0x1e7629eaU
67 #define K43 0x3cec53d4U
68 #define K44 0x79d8a7a8U
69 #define K45 0xf3b14f50U
70 #define K46 0xe7629ea1U
71 #define K47 0xcec53d43U
72 #define K48 0x9d8a7a87U
73 #define K49 0x3b14f50fU
74 #define K50 0x7629ea1eU
75 #define K51 0xec53d43cU
76 #define K52 0xd8a7a879U
77 #define K53 0xb14f50f3U
78 #define K54 0x629ea1e7U
79 #define K55 0xc53d43ceU
80 #define K56 0x8a7a879dU
81 #define K57 0x14f50f3bU
82 #define K58 0x29ea1e76U
83 #define K59 0x53d43cecU
84 #define K60 0xa7a879d8U
85 #define K61 0x4f50f3b1U
86 #define K62 0x9ea1e762U
87 #define K63 0x3d43cec5U
88
89 #define P0(x) ((x) ^ ROTL32((x), 9) ^ ROTL32((x), 17))
90 #define P1(x) ((x) ^ ROTL32((x), 15) ^ ROTL32((x), 23))
91
92 #define FF0(x, y, z) ((x) ^ (y) ^ (z))
93 #define FF1(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
94 #define GG0(x, y, z) ((x) ^ (y) ^ (z))
95 #define GG1(x, y, z) (((x) & (y)) | (~(x) & (z)))
96
97 #define ROUND(A, B, C, D, E, F, G, H, K, FF, GG, Wj, Wi) do { \
98 uint32_t a12 = ROTL32((A), 12); \
99 uint32_t ss1 = ROTL32(a12 + (E) + (K), 7); \
100 uint32_t ss2 = ss1 ^ a12; \
101 uint32_t tt1 = FF((A), (B), (C)) + (D) + ss2 + (Wi); \
102 uint32_t tt2 = GG((E), (F), (G)) + (H) + ss1 + (Wj); \
103 (H) = tt1; (D) = P0(tt2); \
104 (B) = ROTL32((B), 9); (F) = ROTL32((F), 19); \
105 } while (0)
106
107 #define ROUND00_15(A, B, C, D, E, F, G, H, K, Wj, Wi) \
108 ROUND(A, B, C, D, E, F, G, H, K, FF0, GG0, Wj, Wi)
109
110 #define ROUND16_63(A, B, C, D, E, F, G, H, K, Wj, Wi) \
111 ROUND(A, B, C, D, E, F, G, H, K, FF1, GG1, Wj, Wi)
112
113 #define EXPAND(W1, W2, W3, W4, W5) \
114 (P1((W1) ^ (W2) ^ ROTL32((W3), 15)) ^ ROTL32((W4), 7) ^ (W5))
115
116 /* see the GM standard document GM/T 0004-2012 chapter 5.3.3 */
SM3_Compress(uint32_t state[8],const uint8_t * data,uint32_t blockCnt)117 void SM3_Compress(uint32_t state[8], const uint8_t *data, uint32_t blockCnt)
118 {
119 uint32_t w[16] = {0};
120 const uint8_t *input = data;
121 uint32_t count = blockCnt;
122
123 while (count > 0) {
124 /* converts data to 32 bits for calculation */
125 w[0] = GET_UINT32_BE(input, 0);
126 w[1] = GET_UINT32_BE(input, 4);
127 w[2] = GET_UINT32_BE(input, 8);
128 w[3] = GET_UINT32_BE(input, 12);
129 w[4] = GET_UINT32_BE(input, 16);
130 w[5] = GET_UINT32_BE(input, 20);
131 w[6] = GET_UINT32_BE(input, 24);
132 w[7] = GET_UINT32_BE(input, 28);
133 w[8] = GET_UINT32_BE(input, 32);
134 w[9] = GET_UINT32_BE(input, 36);
135 w[10] = GET_UINT32_BE(input, 40);
136 w[11] = GET_UINT32_BE(input, 44);
137 w[12] = GET_UINT32_BE(input, 48);
138 w[13] = GET_UINT32_BE(input, 52);
139 w[14] = GET_UINT32_BE(input, 56);
140 w[15] = GET_UINT32_BE(input, 60);
141
142 uint32_t a = state[0];
143 uint32_t b = state[1];
144 uint32_t c = state[2];
145 uint32_t d = state[3];
146 uint32_t e = state[4];
147 uint32_t f = state[5];
148 uint32_t g = state[6];
149 uint32_t h = state[7];
150
151 // 0 ~ 15 round
152 ROUND00_15(a, b, c, d, e, f, g, h, K0, w[0], w[0] ^ w[4]);
153 ROUND00_15(h, a, b, c, d, e, f, g, K1, w[1], w[1] ^ w[5]);
154 ROUND00_15(g, h, a, b, c, d, e, f, K2, w[2], w[2] ^ w[6]);
155 ROUND00_15(f, g, h, a, b, c, d, e, K3, w[3], w[3] ^ w[7]);
156 ROUND00_15(e, f, g, h, a, b, c, d, K4, w[4], w[4] ^ w[8]);
157 ROUND00_15(d, e, f, g, h, a, b, c, K5, w[5], w[5] ^ w[9]);
158 ROUND00_15(c, d, e, f, g, h, a, b, K6, w[6], w[6] ^ w[10]);
159 ROUND00_15(b, c, d, e, f, g, h, a, K7, w[7], w[7] ^ w[11]);
160 ROUND00_15(a, b, c, d, e, f, g, h, K8, w[8], w[8] ^ w[12]);
161 ROUND00_15(h, a, b, c, d, e, f, g, K9, w[9], w[9] ^ w[13]);
162 ROUND00_15(g, h, a, b, c, d, e, f, K10, w[10], w[10] ^ w[14]);
163 ROUND00_15(f, g, h, a, b, c, d, e, K11, w[11], w[11] ^ w[15]);
164 w[0] = EXPAND(w[0], w[7], w[13], w[3], w[10]);
165 ROUND00_15(e, f, g, h, a, b, c, d, K12, w[12], w[12] ^ w[0]);
166 w[1] = EXPAND(w[1], w[8], w[14], w[4], w[11]);
167 ROUND00_15(d, e, f, g, h, a, b, c, K13, w[13], w[13] ^ w[1]);
168 w[2] = EXPAND(w[2], w[9], w[15], w[5], w[12]);
169 ROUND00_15(c, d, e, f, g, h, a, b, K14, w[14], w[14] ^ w[2]);
170 w[3] = EXPAND(w[3], w[10], w[0], w[6], w[13]);
171 ROUND00_15(b, c, d, e, f, g, h, a, K15, w[15], w[15] ^ w[3]);
172
173 // 16 ~ 63 round
174 w[4] = EXPAND(w[4], w[11], w[1], w[7], w[14]);
175 ROUND16_63(a, b, c, d, e, f, g, h, K16, w[0], w[0] ^ w[4]);
176 w[5] = EXPAND(w[5], w[12], w[2], w[8], w[15]);
177 ROUND16_63(h, a, b, c, d, e, f, g, K17, w[1], w[1] ^ w[5]);
178 w[6] = EXPAND(w[6], w[13], w[3], w[9], w[0]);
179 ROUND16_63(g, h, a, b, c, d, e, f, K18, w[2], w[2] ^ w[6]);
180 w[7] = EXPAND(w[7], w[14], w[4], w[10], w[1]);
181 ROUND16_63(f, g, h, a, b, c, d, e, K19, w[3], w[3] ^ w[7]);
182 w[8] = EXPAND(w[8], w[15], w[5], w[11], w[2]);
183 ROUND16_63(e, f, g, h, a, b, c, d, K20, w[4], w[4] ^ w[8]);
184 w[9] = EXPAND(w[9], w[0], w[6], w[12], w[3]);
185 ROUND16_63(d, e, f, g, h, a, b, c, K21, w[5], w[5] ^ w[9]);
186 w[10] = EXPAND(w[10], w[1], w[7], w[13], w[4]);
187 ROUND16_63(c, d, e, f, g, h, a, b, K22, w[6], w[6] ^ w[10]);
188 w[11] = EXPAND(w[11], w[2], w[8], w[14], w[5]);
189 ROUND16_63(b, c, d, e, f, g, h, a, K23, w[7], w[7] ^ w[11]);
190 w[12] = EXPAND(w[12], w[3], w[9], w[15], w[6]);
191 ROUND16_63(a, b, c, d, e, f, g, h, K24, w[8], w[8] ^ w[12]);
192 w[13] = EXPAND(w[13], w[4], w[10], w[0], w[7]);
193 ROUND16_63(h, a, b, c, d, e, f, g, K25, w[9], w[9] ^ w[13]);
194 w[14] = EXPAND(w[14], w[5], w[11], w[1], w[8]);
195 ROUND16_63(g, h, a, b, c, d, e, f, K26, w[10], w[10] ^ w[14]);
196 w[15] = EXPAND(w[15], w[6], w[12], w[2], w[9]);
197 ROUND16_63(f, g, h, a, b, c, d, e, K27, w[11], w[11] ^ w[15]);
198 w[0] = EXPAND(w[0], w[7], w[13], w[3], w[10]);
199 ROUND16_63(e, f, g, h, a, b, c, d, K28, w[12], w[12] ^ w[0]);
200 w[1] = EXPAND(w[1], w[8], w[14], w[4], w[11]);
201 ROUND16_63(d, e, f, g, h, a, b, c, K29, w[13], w[13] ^ w[1]);
202 w[2] = EXPAND(w[2], w[9], w[15], w[5], w[12]);
203 ROUND16_63(c, d, e, f, g, h, a, b, K30, w[14], w[14] ^ w[2]);
204 w[3] = EXPAND(w[3], w[10], w[0], w[6], w[13]);
205 ROUND16_63(b, c, d, e, f, g, h, a, K31, w[15], w[15] ^ w[3]);
206
207 w[4] = EXPAND(w[4], w[11], w[1], w[7], w[14]);
208 ROUND16_63(a, b, c, d, e, f, g, h, K32, w[0], w[0] ^ w[4]);
209 w[5] = EXPAND(w[5], w[12], w[2], w[8], w[15]);
210 ROUND16_63(h, a, b, c, d, e, f, g, K33, w[1], w[1] ^ w[5]);
211 w[6] = EXPAND(w[6], w[13], w[3], w[9], w[0]);
212 ROUND16_63(g, h, a, b, c, d, e, f, K34, w[2], w[2] ^ w[6]);
213 w[7] = EXPAND(w[7], w[14], w[4], w[10], w[1]);
214 ROUND16_63(f, g, h, a, b, c, d, e, K35, w[3], w[3] ^ w[7]);
215 w[8] = EXPAND(w[8], w[15], w[5], w[11], w[2]);
216 ROUND16_63(e, f, g, h, a, b, c, d, K36, w[4], w[4] ^ w[8]);
217 w[9] = EXPAND(w[9], w[0], w[6], w[12], w[3]);
218 ROUND16_63(d, e, f, g, h, a, b, c, K37, w[5], w[5] ^ w[9]);
219 w[10] = EXPAND(w[10], w[1], w[7], w[13], w[4]);
220 ROUND16_63(c, d, e, f, g, h, a, b, K38, w[6], w[6] ^ w[10]);
221 w[11] = EXPAND(w[11], w[2], w[8], w[14], w[5]);
222 ROUND16_63(b, c, d, e, f, g, h, a, K39, w[7], w[7] ^ w[11]);
223 w[12] = EXPAND(w[12], w[3], w[9], w[15], w[6]);
224 ROUND16_63(a, b, c, d, e, f, g, h, K40, w[8], w[8] ^ w[12]);
225 w[13] = EXPAND(w[13], w[4], w[10], w[0], w[7]);
226 ROUND16_63(h, a, b, c, d, e, f, g, K41, w[9], w[9] ^ w[13]);
227 w[14] = EXPAND(w[14], w[5], w[11], w[1], w[8]);
228 ROUND16_63(g, h, a, b, c, d, e, f, K42, w[10], w[10] ^ w[14]);
229 w[15] = EXPAND(w[15], w[6], w[12], w[2], w[9]);
230 ROUND16_63(f, g, h, a, b, c, d, e, K43, w[11], w[11] ^ w[15]);
231 w[0] = EXPAND(w[0], w[7], w[13], w[3], w[10]);
232 ROUND16_63(e, f, g, h, a, b, c, d, K44, w[12], w[12] ^ w[0]);
233 w[1] = EXPAND(w[1], w[8], w[14], w[4], w[11]);
234 ROUND16_63(d, e, f, g, h, a, b, c, K45, w[13], w[13] ^ w[1]);
235 w[2] = EXPAND(w[2], w[9], w[15], w[5], w[12]);
236 ROUND16_63(c, d, e, f, g, h, a, b, K46, w[14], w[14] ^ w[2]);
237 w[3] = EXPAND(w[3], w[10], w[0], w[6], w[13]);
238 ROUND16_63(b, c, d, e, f, g, h, a, K47, w[15], w[15] ^ w[3]);
239
240 w[4] = EXPAND(w[4], w[11], w[1], w[7], w[14]);
241 ROUND16_63(a, b, c, d, e, f, g, h, K48, w[0], w[0] ^ w[4]);
242 w[5] = EXPAND(w[5], w[12], w[2], w[8], w[15]);
243 ROUND16_63(h, a, b, c, d, e, f, g, K49, w[1], w[1] ^ w[5]);
244 w[6] = EXPAND(w[6], w[13], w[3], w[9], w[0]);
245 ROUND16_63(g, h, a, b, c, d, e, f, K50, w[2], w[2] ^ w[6]);
246 w[7] = EXPAND(w[7], w[14], w[4], w[10], w[1]);
247 ROUND16_63(f, g, h, a, b, c, d, e, K51, w[3], w[3] ^ w[7]);
248 w[8] = EXPAND(w[8], w[15], w[5], w[11], w[2]);
249 ROUND16_63(e, f, g, h, a, b, c, d, K52, w[4], w[4] ^ w[8]);
250 w[9] = EXPAND(w[9], w[0], w[6], w[12], w[3]);
251 ROUND16_63(d, e, f, g, h, a, b, c, K53, w[5], w[5] ^ w[9]);
252 w[10] = EXPAND(w[10], w[1], w[7], w[13], w[4]);
253 ROUND16_63(c, d, e, f, g, h, a, b, K54, w[6], w[6] ^ w[10]);
254 w[11] = EXPAND(w[11], w[2], w[8], w[14], w[5]);
255 ROUND16_63(b, c, d, e, f, g, h, a, K55, w[7], w[7] ^ w[11]);
256 w[12] = EXPAND(w[12], w[3], w[9], w[15], w[6]);
257 ROUND16_63(a, b, c, d, e, f, g, h, K56, w[8], w[8] ^ w[12]);
258 w[13] = EXPAND(w[13], w[4], w[10], w[0], w[7]);
259 ROUND16_63(h, a, b, c, d, e, f, g, K57, w[9], w[9] ^ w[13]);
260 w[14] = EXPAND(w[14], w[5], w[11], w[1], w[8]);
261 ROUND16_63(g, h, a, b, c, d, e, f, K58, w[10], w[10] ^ w[14]);
262 w[15] = EXPAND(w[15], w[6], w[12], w[2], w[9]);
263 ROUND16_63(f, g, h, a, b, c, d, e, K59, w[11], w[11] ^ w[15]);
264 w[0] = EXPAND(w[0], w[7], w[13], w[3], w[10]);
265 ROUND16_63(e, f, g, h, a, b, c, d, K60, w[12], w[12] ^ w[0]);
266 w[1] = EXPAND(w[1], w[8], w[14], w[4], w[11]);
267 ROUND16_63(d, e, f, g, h, a, b, c, K61, w[13], w[13] ^ w[1]);
268 w[2] = EXPAND(w[2], w[9], w[15], w[5], w[12]);
269 ROUND16_63(c, d, e, f, g, h, a, b, K62, w[14], w[14] ^ w[2]);
270 w[3] = EXPAND(w[3], w[10], w[0], w[6], w[13]);
271 ROUND16_63(b, c, d, e, f, g, h, a, K63, w[15], w[15] ^ w[3]);
272
273 state[0] ^= a;
274 state[1] ^= b;
275 state[2] ^= c;
276 state[3] ^= d;
277 state[4] ^= e;
278 state[5] ^= f;
279 state[6] ^= g;
280 state[7] ^= h;
281
282 input += CRYPT_SM3_BLOCKSIZE;
283 count--;
284 }
285 }
286 #endif // HITLS_CRYPTO_SM3
287