From 12be745f4a86ef73340ef88b7156fae262f70b84 Mon Sep 17 00:00:00 2001
From: Jia Zhang
Date: Sat, 7 Oct 2017 04:31:27 -0400
Subject: [PATCH 1/4] New module: crypto/sm3
This new module can be used to compute SM3 message digest of files or
memory blocks according to the specification GM/T 004-2012
Cryptographic Hash Algorithm SM3, published by State Cryptography
Administration, China.
The official SM3 cryptographic hash algorithm specification is
available at
http://www.sca.gov.cn/sca/xwdt/2010-12/17/content_1002389.shtml
* modules/crypto/sm3: Define sm3 module.
* lib/sm3.c: Implement SM3 hash algorithm.
* lib/sm3.h: Declear the APIs of sm3 module.
* lib/gc-gnulib.c: Support sm3 in internal functions.
* lib/gc-libgcrypt.c: Support sm3 with libgcrypt.
* lib/gc.h: Declear SM3-related stuffs.
* m4/sm3.m4: m4 file for sm3 module.
* m4/gc-sm3.m4: m4 file for gc-sm3 module.
* modules/crypto/sm3: Define sm3 module.
* modules/crypto/sm3-tests: Define sm3 test module.
* modules/crypto/gc-sm3: Define gc-sm3 module.
* modules/crypto/gc-sm3-tests: Define gc-sm3 test module.
* tests/test-sm3.c: Implement SM3 test case.
* tests/test-gc-sm3.c: Implement SM3 test case with libgcrypt.
* MODULES.html.sh: List sm3 modules.
---
MODULES.html.sh | 2 +
lib/gc-gnulib.c | 44 ++++
lib/gc-libgcrypt.c | 46 +++++
lib/gc.h | 5 +-
lib/sm3.c | 491 ++++++++++++++++++++++++++++++++++++++++++++
lib/sm3.h | 93 +++++++++
m4/gc-sm3.m4 | 10 +
m4/sm3.m4 | 15 ++
modules/crypto/gc-sm3 | 24 +++
modules/crypto/gc-sm3-tests | 11 +
modules/crypto/sm3 | 30 +++
modules/crypto/sm3-tests | 11 +
tests/test-gc-sm3.c | 129 ++++++++++++
tests/test-sm3.c | 72 +++++++
14 files changed, 982 insertions(+), 1 deletion(-)
create mode 100644 lib/sm3.c
create mode 100644 lib/sm3.h
create mode 100644 m4/gc-sm3.m4
create mode 100644 m4/sm3.m4
create mode 100644 modules/crypto/gc-sm3
create mode 100644 modules/crypto/gc-sm3-tests
create mode 100644 modules/crypto/sm3
create mode 100644 modules/crypto/sm3-tests
create mode 100644 tests/test-gc-sm3.c
create mode 100644 tests/test-sm3.c
diff --git a/MODULES.html.sh b/MODULES.html.sh
index 3e8e92b5b..2cf7594a1 100755
--- a/MODULES.html.sh
+++ b/MODULES.html.sh
@@ -1964,6 +1964,7 @@ func_all_modules ()
func_module crypto/sha1
func_module crypto/sha256
func_module crypto/sha512
+ func_module crypto/sm3
func_end_table
element="Cryptographic computations (high-level)"
@@ -1987,6 +1988,7 @@ func_all_modules ()
func_module crypto/gc-random
func_module crypto/gc-rijndael
func_module crypto/gc-sha1
+ func_module crypto/gc-sm3
func_end_table
element="Compiler warning management"
diff --git a/lib/gc-gnulib.c b/lib/gc-gnulib.c
index 61d5d980a..f888cf597 100644
--- a/lib/gc-gnulib.c
+++ b/lib/gc-gnulib.c
@@ -48,6 +48,9 @@
#ifdef GNULIB_GC_SHA1
# include "sha1.h"
#endif
+#ifdef GNULIB_GC_SM3
+# include "sm3.h"
+#endif
#if defined(GNULIB_GC_HMAC_MD5) || defined(GNULIB_GC_HMAC_SHA1) || defined(GNULIB_GC_HMAC_SHA256) || defined(GNULIB_GC_HMAC_SHA512)
# include "hmac.h"
#endif
@@ -618,6 +621,9 @@ typedef struct _gc_hash_ctx
#ifdef GNULIB_GC_SHA1
struct sha1_ctx sha1Context;
#endif
+#ifdef GNULIB_GC_SM3
+ struct sm3_ctx sm3Context;
+#endif
} _gc_hash_ctx;
Gc_rc
@@ -662,6 +668,12 @@ gc_hash_open (Gc_hash hash, Gc_hash_mode mode, gc_hash_handle * outhandle)
break;
#endif
+#ifdef GNULIB_GC_SM3
+ case GC_SM3:
+ sm3_init_ctx (&ctx->sm3Context);
+ break;
+#endif
+
default:
rc = GC_INVALID_HASH;
break;
@@ -717,6 +729,10 @@ gc_hash_digest_length (Gc_hash hash)
len = GC_SHA1_DIGEST_SIZE;
break;
+ case GC_SM3:
+ len = GC_SM3_DIGEST_SIZE;
+ break;
+
default:
return 0;
}
@@ -755,6 +771,12 @@ gc_hash_write (gc_hash_handle handle, size_t len, const char *data)
break;
#endif
+#ifdef GNULIB_GC_SM3
+ case GC_SM3:
+ sm3_process_bytes (data, len, &ctx->sm3Context);
+ break;
+#endif
+
default:
break;
}
@@ -796,6 +818,13 @@ gc_hash_read (gc_hash_handle handle)
break;
#endif
+#ifdef GNULIB_GC_SM3
+ case GC_SM3:
+ sm3_finish_ctx (&ctx->sm3Context, ctx->hash);
+ ret = ctx->hash;
+ break;
+#endif
+
default:
return NULL;
}
@@ -840,6 +869,12 @@ gc_hash_buffer (Gc_hash hash, const void *in, size_t inlen, char *resbuf)
break;
#endif
+#ifdef GNULIB_GC_SM3
+ case GC_SM3:
+ sm3_buffer (in, inlen, resbuf);
+ break;
+#endif
+
default:
return GC_INVALID_HASH;
}
@@ -883,6 +918,15 @@ gc_sha1 (const void *in, size_t inlen, void *resbuf)
}
#endif
+#ifdef GNULIB_GC_SM3
+Gc_rc
+gc_sm3 (const void *in, size_t inlen, void *resbuf)
+{
+ sm3_buffer (in, inlen, resbuf);
+ return GC_OK;
+}
+#endif
+
#ifdef GNULIB_GC_HMAC_MD5
Gc_rc
gc_hmac_md5 (const void *key, size_t keylen,
diff --git a/lib/gc-libgcrypt.c b/lib/gc-libgcrypt.c
index 56150c4f6..c2f806f90 100644
--- a/lib/gc-libgcrypt.c
+++ b/lib/gc-libgcrypt.c
@@ -304,6 +304,10 @@ gc_hash_open (Gc_hash hash, Gc_hash_mode mode, gc_hash_handle * outhandle)
gcryalg = GCRY_MD_RMD160;
break;
+ case GC_SM3:
+ gcryalg = GCRY_MD_SM3;
+ break;
+
default:
rc = GC_INVALID_HASH;
}
@@ -403,6 +407,10 @@ gc_hash_digest_length (Gc_hash hash)
len = GC_SHA224_DIGEST_SIZE;
break;
+ case GC_SM3:
+ len = GC_SM3_DIGEST_SIZE;
+ break;
+
default:
return 0;
}
@@ -530,6 +538,12 @@ gc_hash_buffer (Gc_hash hash, const void *in, size_t inlen, char *resbuf)
break;
#endif
+#ifdef GNULIB_GC_SM3
+ case GC_SM3:
+ gcryalg = GCRY_MD_SM3;
+ break;
+#endif
+
default:
return GC_INVALID_HASH;
}
@@ -646,6 +660,38 @@ gc_sha1 (const void *in, size_t inlen, void *resbuf)
}
#endif
+#ifdef GNULIB_GC_SM3
+Gc_rc
+gc_sm3 (const void *in, size_t inlen, void *resbuf)
+{
+ size_t outlen = gcry_md_get_algo_dlen (GCRY_MD_SM3);
+ gcry_md_hd_t hd;
+ gpg_error_t err;
+ unsigned char *p;
+
+ assert (outlen == GC_SM3_DIGEST_SIZE);
+
+ err = gcry_md_open (&hd, GCRY_MD_SM3, 0);
+ if (err != GPG_ERR_NO_ERROR)
+ return GC_INVALID_HASH;
+
+ gcry_md_write (hd, in, inlen);
+
+ p = gcry_md_read (hd, GCRY_MD_SM3);
+ if (p == NULL)
+ {
+ gcry_md_close (hd);
+ return GC_INVALID_HASH;
+ }
+
+ memcpy (resbuf, p, outlen);
+
+ gcry_md_close (hd);
+
+ return GC_OK;
+}
+#endif
+
#ifdef GNULIB_GC_HMAC_MD5
Gc_rc
gc_hmac_md5 (const void *key, size_t keylen,
diff --git a/lib/gc.h b/lib/gc.h
index 14f3e3c09..ebda3b992 100644
--- a/lib/gc.h
+++ b/lib/gc.h
@@ -47,7 +47,8 @@ enum Gc_hash
GC_SHA256,
GC_SHA384,
GC_SHA512,
- GC_SHA224
+ GC_SHA224,
+ GC_SM3
};
typedef enum Gc_hash Gc_hash;
@@ -68,6 +69,7 @@ typedef void *gc_hash_handle;
#define GC_SHA384_DIGEST_SIZE 48
#define GC_SHA512_DIGEST_SIZE 64
#define GC_SHA224_DIGEST_SIZE 24
+#define GC_SM3_DIGEST_SIZE 32
/* Cipher types. */
enum Gc_cipher
@@ -155,6 +157,7 @@ extern Gc_rc gc_md2 (const void *in, size_t inlen, void *resbuf);
extern Gc_rc gc_md4 (const void *in, size_t inlen, void *resbuf);
extern Gc_rc gc_md5 (const void *in, size_t inlen, void *resbuf);
extern Gc_rc gc_sha1 (const void *in, size_t inlen, void *resbuf);
+extern Gc_rc gc_sm3 (const void *in, size_t inlen, void *resbuf);
extern Gc_rc gc_hmac_md5 (const void *key, size_t keylen,
const void *in, size_t inlen, char *resbuf);
extern Gc_rc gc_hmac_sha1 (const void *key, size_t keylen,
diff --git a/lib/sm3.c b/lib/sm3.c
new file mode 100644
index 000000000..6a6a11c8f
--- /dev/null
+++ b/lib/sm3.c
@@ -0,0 +1,491 @@
+/* sm3.c - Functions to compute SM3 message digest of files or memory blocks
+ according to the specification GM/T 004-2012 Cryptographic Hash Algorithm
+ SM3, published by State Encryption Management Bureau, China.
+
+ SM3 cryptographic hash algorithm.
+
+
+ Copyright (C) 2017 Free Software Foundation, Inc.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see . */
+
+/* Written by Jia Zhang , 2017,
+ considerably copypasting from David Madore's sha256.c */
+
+#ifndef DEBUG_SM3
+# define DEBUG_SM3 0
+#endif
+
+#include
+
+#if HAVE_OPENSSL_SM3
+# define GL_OPENSSL_INLINE _GL_EXTERN_INLINE
+#endif
+#include "sm3.h"
+
+#include
+#include
+#include
+#include
+
+#if USE_UNLOCKED_IO
+# include "unlocked-io.h"
+#endif
+
+#if ! DEBUG_SM3
+# define dbg_printf(fmt, ...) do { } while (0)
+#else
+# define dbg_printf printf
+#endif
+
+#ifdef WORDS_BIGENDIAN
+# define SWAP(n) (n)
+#else
+# define SWAP(n) \
+ (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24))
+#endif
+
+#define BLOCKSIZE 32768
+#if BLOCKSIZE % 64 != 0
+# error "invalid BLOCKSIZE"
+#endif
+
+#if ! HAVE_OPENSSL_SM3
+/* This array contains the bytes used to pad the buffer to the next
+ 64-byte boundary. */
+static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ };
+
+
+/*
+ Takes a pointer to a 256 bit block of data (eight 32 bit ints) and
+ initializes it to the start constants of the SM3 algorithm. This
+ must be called before using hash in the call to sm3_hash
+*/
+void
+sm3_init_ctx (struct sm3_ctx *ctx)
+{
+ ctx->state[0] = 0x7380166fUL;
+ ctx->state[1] = 0x4914b2b9UL;
+ ctx->state[2] = 0x172442d7UL;
+ ctx->state[3] = 0xda8a0600UL;
+ ctx->state[4] = 0xa96f30bcUL;
+ ctx->state[5] = 0x163138aaUL;
+ ctx->state[6] = 0xe38dee4dUL;
+ ctx->state[7] = 0xb0fb0e4eUL;
+
+ ctx->total[0] = ctx->total[1] = 0;
+ ctx->buflen = 0;
+}
+
+/* Copy the value from v into the memory location pointed to by *cp,
+ If your architecture allows unaligned access this is equivalent to
+ * (uint32_t *) cp = v */
+static void
+set_uint32 (char *cp, uint32_t v)
+{
+ memcpy (cp, &v, sizeof v);
+}
+
+/* Put result from CTX in first 32 bytes following RESBUF. The result
+ must be in little endian byte order. */
+void *
+sm3_read_ctx (const struct sm3_ctx *ctx, void *resbuf)
+{
+ int i;
+ char *r = resbuf;
+
+ for (i = 0; i < 8; i++)
+ set_uint32 (r + i * sizeof ctx->state[0], SWAP (ctx->state[i]));
+
+ return resbuf;
+}
+
+/* Process the remaining bytes in the internal buffer and the usual
+ prolog according to the standard and write the result to RESBUF. */
+static void
+sm3_conclude_ctx (struct sm3_ctx *ctx)
+{
+ /* Take yet unprocessed bytes into account. */
+ size_t bytes = ctx->buflen;
+ size_t size = (bytes < 56) ? 64 / 4 : 64 * 2 / 4;
+
+ /* Now count remaining bytes. */
+ ctx->total[0] += bytes;
+ if (ctx->total[0] < bytes)
+ ++ctx->total[1];
+
+ /* Put the 64-bit file length in *bits* at the end of the buffer.
+ Use set_uint32 rather than a simple assignment, to avoid risk of
+ unaligned access. */
+ set_uint32 ((char *) &ctx->buffer[size - 2],
+ SWAP ((ctx->total[1] << 3) | (ctx->total[0] >> 29)));
+ set_uint32 ((char *) &ctx->buffer[size - 1],
+ SWAP (ctx->total[0] << 3));
+
+ memcpy (&((char *) ctx->buffer)[bytes], fillbuf, (size - 2) * 4 - bytes);
+
+ /* Process last bytes. */
+ sm3_process_block (ctx->buffer, size * 4, ctx);
+}
+
+void *
+sm3_finish_ctx (struct sm3_ctx *ctx, void *resbuf)
+{
+ sm3_conclude_ctx (ctx);
+ return sm3_read_ctx (ctx, resbuf);
+}
+#endif
+
+/* Compute SM3 message digest for bytes read from STREAM. The
+ resulting message digest number will be written into the 32 bytes
+ beginning at RESBLOCK. */
+int
+sm3_stream (FILE *stream, void *resblock)
+{
+ struct sm3_ctx ctx;
+ size_t sum;
+
+ char *buffer = malloc (BLOCKSIZE + 72);
+ if (!buffer)
+ return 1;
+
+ /* Initialize the computation context. */
+ sm3_init_ctx (&ctx);
+
+ /* Iterate over full file contents. */
+ while (1)
+ {
+ /* We read the file in blocks of BLOCKSIZE bytes. One call of the
+ computation function processes the whole buffer so that with the
+ next round of the loop another block can be read. */
+ size_t n;
+ sum = 0;
+
+ /* Read block. Take care for partial reads. */
+ while (1)
+ {
+ n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream);
+
+ sum += n;
+
+ if (sum == BLOCKSIZE)
+ break;
+
+ if (n == 0)
+ {
+ /* Check for the error flag IFF N == 0, so that we don't
+ exit the loop after a partial read due to e.g., EAGAIN
+ or EWOULDBLOCK. */
+ if (ferror (stream))
+ {
+ free (buffer);
+ return 1;
+ }
+ goto process_partial_block;
+ }
+
+ /* We've read at least one byte, so ignore errors. But always
+ check for EOF, since feof may be true even though N > 0.
+ Otherwise, we could end up calling fread after EOF. */
+ if (feof (stream))
+ goto process_partial_block;
+ }
+
+ /* Process buffer with BLOCKSIZE bytes. Note that
+ BLOCKSIZE % 64 == 0
+ */
+ sm3_process_block (buffer, BLOCKSIZE, &ctx);
+ }
+
+ process_partial_block:;
+
+ /* Process any remaining bytes. */
+ if (sum > 0)
+ sm3_process_bytes (buffer, sum, &ctx);
+
+ /* Construct result in desired memory. */
+ sm3_finish_ctx (&ctx, resblock);
+ free (buffer);
+ return 0;
+}
+
+#if ! HAVE_OPENSSL_SM3
+/* Compute SM3 message digest for LEN bytes beginning at BUFFER. The
+ result is always in little endian byte order, so that a byte-wise
+ output yields to the wanted ASCII representation of the message
+ digest. */
+void *
+sm3_buffer (const char *buffer, size_t len, void *resblock)
+{
+ struct sm3_ctx ctx;
+
+ /* Initialize the computation context. */
+ sm3_init_ctx (&ctx);
+
+ /* Process whole buffer but last len % 64 bytes. */
+ sm3_process_bytes (buffer, len, &ctx);
+
+ /* Put result in desired memory area. */
+ return sm3_finish_ctx (&ctx, resblock);
+}
+
+void
+sm3_process_bytes (const void *buffer, size_t len, struct sm3_ctx *ctx)
+{
+ /* When we already have some bits in our internal buffer concatenate
+ both inputs first. */
+ if (ctx->buflen != 0)
+ {
+ size_t left_over = ctx->buflen;
+ size_t add = 128 - left_over > len ? len : 128 - left_over;
+
+ memcpy (&((char *) ctx->buffer)[left_over], buffer, add);
+ ctx->buflen += add;
+
+ if (ctx->buflen > 64)
+ {
+ sm3_process_block (ctx->buffer, ctx->buflen & ~63, ctx);
+
+ ctx->buflen &= 63;
+ /* The regions in the following copy operation cannot overlap,
+ because ctx->buflen < 64 ≤ (left_over + add) & ~63. */
+ memcpy (ctx->buffer,
+ &((char *) ctx->buffer)[(left_over + add) & ~63],
+ ctx->buflen);
+ }
+
+ buffer = (const char *) buffer + add;
+ len -= add;
+ }
+
+ /* Process available complete blocks. */
+ if (len >= 64)
+ {
+#if !(_STRING_ARCH_unaligned || _STRING_INLINE_unaligned)
+# define UNALIGNED_P(p) ((uintptr_t) (p) % alignof (uint32_t) != 0)
+ if (UNALIGNED_P (buffer))
+ while (len > 64)
+ {
+ sm3_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx);
+ buffer = (const char *) buffer + 64;
+ len -= 64;
+ }
+ else
+#endif
+ {
+ sm3_process_block (buffer, len & ~63, ctx);
+ buffer = (const char *) buffer + (len & ~63);
+ len &= 63;
+ }
+ }
+
+ /* Move remaining bytes in internal buffer. */
+ if (len > 0)
+ {
+ size_t left_over = ctx->buflen;
+
+ memcpy (&((char *) ctx->buffer)[left_over], buffer, len);
+ left_over += len;
+ if (left_over >= 64)
+ {
+ sm3_process_block (ctx->buffer, 64, ctx);
+ left_over -= 64;
+ /* The regions in the following copy operation cannot overlap,
+ because left_over ≤ 64. */
+ memcpy (ctx->buffer, &ctx->buffer[16], left_over);
+ }
+ ctx->buflen = left_over;
+ }
+}
+
+/* --- Code below is the primary difference between sha256.c and sm3.c --- */
+
+/* SM3 round constants */
+#define T(j) sm3_round_constants[j]
+static const uint32_t sm3_round_constants[64] = {
+ 0x79cc4519UL, 0xf3988a32UL, 0xe7311465UL, 0xce6228cbUL,
+ 0x9cc45197UL, 0x3988a32fUL, 0x7311465eUL, 0xe6228cbcUL,
+ 0xcc451979UL, 0x988a32f3UL, 0x311465e7UL, 0x6228cbceUL,
+ 0xc451979cUL, 0x88a32f39UL, 0x11465e73UL, 0x228cbce6UL,
+ 0x9d8a7a87UL, 0x3b14f50fUL, 0x7629ea1eUL, 0xec53d43cUL,
+ 0xd8a7a879UL, 0xb14f50f3UL, 0x629ea1e7UL, 0xc53d43ceUL,
+ 0x8a7a879dUL, 0x14f50f3bUL, 0x29ea1e76UL, 0x53d43cecUL,
+ 0xa7a879d8UL, 0x4f50f3b1UL, 0x9ea1e762UL, 0x3d43cec5UL,
+ 0x7a879d8aUL, 0xf50f3b14UL, 0xea1e7629UL, 0xd43cec53UL,
+ 0xa879d8a7UL, 0x50f3b14fUL, 0xa1e7629eUL, 0x43cec53dUL,
+ 0x879d8a7aUL, 0x0f3b14f5UL, 0x1e7629eaUL, 0x3cec53d4UL,
+ 0x79d8a7a8UL, 0xf3b14f50UL, 0xe7629ea1UL, 0xcec53d43UL,
+ 0x9d8a7a87UL, 0x3b14f50fUL, 0x7629ea1eUL, 0xec53d43cUL,
+ 0xd8a7a879UL, 0xb14f50f3UL, 0x629ea1e7UL, 0xc53d43ceUL,
+ 0x8a7a879dUL, 0x14f50f3bUL, 0x29ea1e76UL, 0x53d43cecUL,
+ 0xa7a879d8UL, 0x4f50f3b1UL, 0x9ea1e762UL, 0x3d43cec5UL,
+};
+
+/* Round functions. */
+#define FF1(X,Y,Z) ( X ^ Y ^ Z )
+#define FF2(X,Y,Z) ( ( X & Y ) | ( X & Z ) | ( Y & Z ) )
+#define GG1(X,Y,Z) ( X ^ Y ^ Z )
+#define GG2(X,Y,Z) ( ( X & Y ) | ( ~X & Z ) )
+
+/* Process LEN bytes of BUFFER, accumulating context into CTX.
+ It is assumed that LEN % 64 == 0.
+ Most of this code comes from David Madore's sha256.c. */
+
+void
+sm3_process_block (const void *buffer, size_t len, struct sm3_ctx *ctx)
+{
+ const uint32_t *words = buffer;
+ size_t nwords = len / sizeof (uint32_t);
+ const uint32_t *endp = words + nwords;
+ uint32_t x[16];
+ uint32_t a = ctx->state[0];
+ uint32_t b = ctx->state[1];
+ uint32_t c = ctx->state[2];
+ uint32_t d = ctx->state[3];
+ uint32_t e = ctx->state[4];
+ uint32_t f = ctx->state[5];
+ uint32_t g = ctx->state[6];
+ uint32_t h = ctx->state[7];
+ uint32_t lolen = len;
+
+ /* First increment the byte count. GM/T 004-2012 specifies the possible
+ length of the file up to 2^64 bits. Here we only compute the
+ number of bytes. Do a double word increment. */
+ ctx->total[0] += lolen;
+ ctx->total[1] += (len >> 31 >> 1) + (ctx->total[0] < lolen);
+
+#define rol(x, n) (((x) << ((n) & 31)) | ((x) >> ((32 - (n)) & 31)))
+#define P0(x) ((x)^rol(x,9)^rol(x,17))
+#define P1(x) ((x)^rol(x,15)^rol(x,23))
+
+#define W1(I) ( x[I&0x0f] )
+#define W2(I) ( tw = P1(x[I&0x0f]^x[(I-9)&0x0f]^rol(x[(I-3)&0x0f],15)) \
+ ^ rol(x[(I-13)&0x0f],7) ^ x[(I-6)&0x0f] \
+ , x[I&0x0f] = tw )
+
+#define R(i,A,B,C,D,E,F,G,H,T,W1,W2) \
+ do { \
+ if (++j) \
+ dbg_printf("%2d %08x %08x %08x %08x %08x %08x %08x %08x\n", \
+ j-1, A, B, C, D, E, F, G, H); \
+ ss1 = rol(rol(A,12) + E + T,7); \
+ ss2 = ss1 ^ rol(A,12); \
+ D += FF##i(A,B,C) + ss2 + (W1 ^ W2); \
+ H += GG##i(E,F,G) + ss1 + W1; \
+ B = rol(B,9); \
+ F = rol(F,19); \
+ H = P0(H); \
+ } while(0)
+
+#define R1(A,B,C,D,E,F,G,H,T,W1,W2) R(1,A,B,C,D,E,F,G,H,T,W1,W2)
+#define R2(A,B,C,D,E,F,G,H,T,W1,W2) R(2,A,B,C,D,E,F,G,H,T,W1,W2)
+
+ while (words < endp)
+ {
+ uint32_t tw;
+ uint32_t ss1, ss2;
+ int j;
+
+ for (j = 0; j < 16; j++)
+ {
+ x[j] = SWAP (*words);
+ words++;
+ }
+
+ j = -1;
+
+ dbg_printf (" j A B C D E "
+ " F G H\n");
+ dbg_printf (" %08x %08x %08x %08x %08x %08x %08x %08x\n",
+ a, b, c, d, e, f, g, h);
+
+ R1( a, b, c, d, e, f, g, h, T( 0), W1( 0), W1( 4) );
+ R1( d, a, b, c, h, e, f, g, T( 1), W1( 1), W1( 5) );
+ R1( c, d, a, b, g, h, e, f, T( 2), W1( 2), W1( 6) );
+ R1( b, c, d, a, f, g, h, e, T( 3), W1( 3), W1( 7) );
+ R1( a, b, c, d, e, f, g, h, T( 4), W1( 4), W1( 8) );
+ R1( d, a, b, c, h, e, f, g, T( 5), W1( 5), W1( 9) );
+ R1( c, d, a, b, g, h, e, f, T( 6), W1( 6), W1(10) );
+ R1( b, c, d, a, f, g, h, e, T( 7), W1( 7), W1(11) );
+ R1( a, b, c, d, e, f, g, h, T( 8), W1( 8), W1(12) );
+ R1( d, a, b, c, h, e, f, g, T( 9), W1( 9), W1(13) );
+ R1( c, d, a, b, g, h, e, f, T(10), W1(10), W1(14) );
+ R1( b, c, d, a, f, g, h, e, T(11), W1(11), W1(15) );
+ R1( a, b, c, d, e, f, g, h, T(12), W1(12), W2(16) );
+ R1( d, a, b, c, h, e, f, g, T(13), W1(13), W2(17) );
+ R1( c, d, a, b, g, h, e, f, T(14), W1(14), W2(18) );
+ R1( b, c, d, a, f, g, h, e, T(15), W1(15), W2(19) );
+ R2( a, b, c, d, e, f, g, h, T(16), W1(16), W2(20) );
+ R2( d, a, b, c, h, e, f, g, T(17), W1(17), W2(21) );
+ R2( c, d, a, b, g, h, e, f, T(18), W1(18), W2(22) );
+ R2( b, c, d, a, f, g, h, e, T(19), W1(19), W2(23) );
+ R2( a, b, c, d, e, f, g, h, T(20), W1(20), W2(24) );
+ R2( d, a, b, c, h, e, f, g, T(21), W1(21), W2(25) );
+ R2( c, d, a, b, g, h, e, f, T(22), W1(22), W2(26) );
+ R2( b, c, d, a, f, g, h, e, T(23), W1(23), W2(27) );
+ R2( a, b, c, d, e, f, g, h, T(24), W1(24), W2(28) );
+ R2( d, a, b, c, h, e, f, g, T(25), W1(25), W2(29) );
+ R2( c, d, a, b, g, h, e, f, T(26), W1(26), W2(30) );
+ R2( b, c, d, a, f, g, h, e, T(27), W1(27), W2(31) );
+ R2( a, b, c, d, e, f, g, h, T(28), W1(28), W2(32) );
+ R2( d, a, b, c, h, e, f, g, T(29), W1(29), W2(33) );
+ R2( c, d, a, b, g, h, e, f, T(30), W1(30), W2(34) );
+ R2( b, c, d, a, f, g, h, e, T(31), W1(31), W2(35) );
+ R2( a, b, c, d, e, f, g, h, T(32), W1(32), W2(36) );
+ R2( d, a, b, c, h, e, f, g, T(33), W1(33), W2(37) );
+ R2( c, d, a, b, g, h, e, f, T(34), W1(34), W2(38) );
+ R2( b, c, d, a, f, g, h, e, T(35), W1(35), W2(39) );
+ R2( a, b, c, d, e, f, g, h, T(36), W1(36), W2(40) );
+ R2( d, a, b, c, h, e, f, g, T(37), W1(37), W2(41) );
+ R2( c, d, a, b, g, h, e, f, T(38), W1(38), W2(42) );
+ R2( b, c, d, a, f, g, h, e, T(39), W1(39), W2(43) );
+ R2( a, b, c, d, e, f, g, h, T(40), W1(40), W2(44) );
+ R2( d, a, b, c, h, e, f, g, T(41), W1(41), W2(45) );
+ R2( c, d, a, b, g, h, e, f, T(42), W1(42), W2(46) );
+ R2( b, c, d, a, f, g, h, e, T(43), W1(43), W2(47) );
+ R2( a, b, c, d, e, f, g, h, T(44), W1(44), W2(48) );
+ R2( d, a, b, c, h, e, f, g, T(45), W1(45), W2(49) );
+ R2( c, d, a, b, g, h, e, f, T(46), W1(46), W2(50) );
+ R2( b, c, d, a, f, g, h, e, T(47), W1(47), W2(51) );
+ R2( a, b, c, d, e, f, g, h, T(48), W1(48), W2(52) );
+ R2( d, a, b, c, h, e, f, g, T(49), W1(49), W2(53) );
+ R2( c, d, a, b, g, h, e, f, T(50), W1(50), W2(54) );
+ R2( b, c, d, a, f, g, h, e, T(51), W1(51), W2(55) );
+ R2( a, b, c, d, e, f, g, h, T(52), W1(52), W2(56) );
+ R2( d, a, b, c, h, e, f, g, T(53), W1(53), W2(57) );
+ R2( c, d, a, b, g, h, e, f, T(54), W1(54), W2(58) );
+ R2( b, c, d, a, f, g, h, e, T(55), W1(55), W2(59) );
+ R2( a, b, c, d, e, f, g, h, T(56), W1(56), W2(60) );
+ R2( d, a, b, c, h, e, f, g, T(57), W1(57), W2(61) );
+ R2( c, d, a, b, g, h, e, f, T(58), W1(58), W2(62) );
+ R2( b, c, d, a, f, g, h, e, T(59), W1(59), W2(63) );
+ R2( a, b, c, d, e, f, g, h, T(60), W1(60), W2(64) );
+ R2( d, a, b, c, h, e, f, g, T(61), W1(61), W2(65) );
+ R2( c, d, a, b, g, h, e, f, T(62), W1(62), W2(66) );
+ R2( b, c, d, a, f, g, h, e, T(63), W1(63), W2(67) );
+
+ dbg_printf("%2d %08x %08x %08x %08x %08x %08x %08x %08x\n",
+ j, a, b, c, d, e, f, g, h);
+
+ a = ctx->state[0] ^= a;
+ b = ctx->state[1] ^= b;
+ c = ctx->state[2] ^= c;
+ d = ctx->state[3] ^= d;
+ e = ctx->state[4] ^= e;
+ f = ctx->state[5] ^= f;
+ g = ctx->state[6] ^= g;
+ h = ctx->state[7] ^= h;
+ }
+}
+#endif
diff --git a/lib/sm3.h b/lib/sm3.h
new file mode 100644
index 000000000..ae0755486
--- /dev/null
+++ b/lib/sm3.h
@@ -0,0 +1,93 @@
+/* Declarations of functions and data types used for SM3 sum library
+ function.
+ Copyright (C) 2017 Free Software Foundation, Inc.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see . */
+
+#ifndef SM3_H
+# define SM3_H 1
+
+# include
+# include
+
+# if HAVE_OPENSSL_SM3
+# include
+# endif
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+enum { SM3_DIGEST_SIZE = 256 / 8 };
+
+# if HAVE_OPENSSL_SM3
+# define GL_OPENSSL_NAME 3
+# include "gl_openssl.h"
+# else
+/* Structure to save state of computation between the single steps. */
+struct sm3_ctx
+{
+ uint32_t state[8];
+
+ uint32_t total[2];
+ size_t buflen; /* ≥ 0, ≤ 128 */
+ uint32_t buffer[32]; /* 128 bytes; the first buflen bytes are in use */
+};
+
+/* Initialize structure containing state of computation. */
+extern void sm3_init_ctx (struct sm3_ctx *ctx);
+
+/* Starting with the result of former calls of this function (or the
+ initialization function update the context for the next LEN bytes
+ starting at BUFFER.
+ It is necessary that LEN is a multiple of 64!!! */
+extern void sm3_process_block (const void *buffer, size_t len,
+ struct sm3_ctx *ctx);
+
+/* Starting with the result of former calls of this function (or the
+ initialization function update the context for the next LEN bytes
+ starting at BUFFER.
+ It is NOT required that LEN is a multiple of 64. */
+extern void sm3_process_bytes (const void *buffer, size_t len,
+ struct sm3_ctx *ctx);
+
+/* Process the remaining bytes in the buffer and put result from CTX
+ in first 32 bytes following RESBUF. The result is always in little
+ endian byte order, so that a byte-wise output yields to the wanted
+ ASCII representation of the message digest. */
+extern void *sm3_finish_ctx (struct sm3_ctx *ctx, void *resbuf);
+
+/* Put result from CTX in first 32 bytes following RESBUF. The result is
+ always in little endian byte order, so that a byte-wise output yields
+ to the wanted ASCII representation of the message digest. */
+extern void *sm3_read_ctx (const struct sm3_ctx *ctx, void *resbuf);
+
+/* Compute SM3 message digest for LEN bytes beginning at BUFFER. The
+ result is always in little endian byte order, so that a byte-wise
+ output yields to the wanted ASCII representation of the message
+ digest. */
+extern void *sm3_buffer (const char *buffer, size_t len, void *resblock);
+
+# endif
+/* Compute SM3 message digest for bytes read from STREAM. The
+ resulting message digest number will be written into the 32 bytes
+ beginning at RESBLOCK. */
+extern int sm3_stream (FILE *stream, void *resblock);
+
+
+# ifdef __cplusplus
+}
+# endif
+
+#endif
diff --git a/m4/gc-sm3.m4 b/m4/gc-sm3.m4
new file mode 100644
index 000000000..3d0eb4710
--- /dev/null
+++ b/m4/gc-sm3.m4
@@ -0,0 +1,10 @@
+# gc-sm3.m4 serial 1
+dnl Copyright (C) 2017 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_GC_SM3],
+[
+ AC_REQUIRE([gl_GC])
+])
diff --git a/m4/sm3.m4 b/m4/sm3.m4
new file mode 100644
index 000000000..fdce45c22
--- /dev/null
+++ b/m4/sm3.m4
@@ -0,0 +1,15 @@
+# sm3.m4 serial 1
+dnl Copyright (C) 2017 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_SM3],
+[
+ dnl Prerequisites of lib/sm3.c.
+ AC_REQUIRE([gl_BIGENDIAN])
+
+ dnl Currently openssl still doesn't support sm3.
+ m4_divert_once([DEFAULTS], [LIB_CRYPTO=])
+ AC_SUBST([LIB_CRYPTO])
+])
diff --git a/modules/crypto/gc-sm3 b/modules/crypto/gc-sm3
new file mode 100644
index 000000000..de52e0454
--- /dev/null
+++ b/modules/crypto/gc-sm3
@@ -0,0 +1,24 @@
+Description:
+Generic crypto wrappers for SM3 functions.
+
+Files:
+m4/gc-sm3.m4
+
+Depends-on:
+crypto/gc
+crypto/sm3 [test "$ac_cv_libgcrypt" != yes]
+
+configure.ac:
+gl_GC_SM3
+gl_MODULE_INDICATOR([gc-sm3])
+
+Makefile.am:
+
+Include:
+"gc.h"
+
+License:
+LGPLv2+
+
+Maintainer:
+Jia Zhang
diff --git a/modules/crypto/gc-sm3-tests b/modules/crypto/gc-sm3-tests
new file mode 100644
index 000000000..21488df1c
--- /dev/null
+++ b/modules/crypto/gc-sm3-tests
@@ -0,0 +1,11 @@
+Files:
+tests/test-gc-sm3.c
+
+Depends-on:
+
+configure.ac:
+
+Makefile.am:
+TESTS += test-gc-sm3
+check_PROGRAMS += test-gc-sm3
+test_gc_sm3_LDADD = $(LDADD) @LIB_CRYPTO@ $(LIBGCRYPT_LIBS)
diff --git a/modules/crypto/sm3 b/modules/crypto/sm3
new file mode 100644
index 000000000..b62062444
--- /dev/null
+++ b/modules/crypto/sm3
@@ -0,0 +1,30 @@
+Description:
+Compute SM3 checksums.
+
+Files:
+lib/sm3.h
+lib/sm3.c
+m4/sm3.m4
+
+Depends-on:
+extern-inline
+stdalign
+stdint
+
+configure.ac:
+gl_SM3
+
+Makefile.am:
+lib_SOURCES += sm3.c
+
+Include:
+"sm3.h"
+
+Link:
+$(LIB_CRYPTO)
+
+License:
+LGPLv2+
+
+Maintainer:
+Jia Zhang
diff --git a/modules/crypto/sm3-tests b/modules/crypto/sm3-tests
new file mode 100644
index 000000000..fac6ca6c2
--- /dev/null
+++ b/modules/crypto/sm3-tests
@@ -0,0 +1,11 @@
+Files:
+tests/test-sm3.c
+
+Depends-on:
+
+configure.ac:
+
+Makefile.am:
+TESTS += test-sm3
+check_PROGRAMS += test-sm3
+test_sm3_LDADD = $(LDADD) @LIB_CRYPTO@
diff --git a/tests/test-gc-sm3.c b/tests/test-gc-sm3.c
new file mode 100644
index 000000000..3e412c851
--- /dev/null
+++ b/tests/test-gc-sm3.c
@@ -0,0 +1,129 @@
+/*
+ * Copyright (C) 2017 Free Software Foundation, Inc.
+ * Written by Jia Zhang
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see . */
+
+#include
+
+#include
+#include
+#include
+#include "gc.h"
+
+int
+main (int argc, char *argv[])
+{
+ Gc_rc rc;
+ gc_hash_handle h;
+
+ rc = gc_init ();
+ if (rc != GC_OK)
+ {
+ printf ("gc_init() failed\n");
+ return 1;
+ }
+
+ /* Test vector from GM/T 004-2012. */
+
+ {
+ const char *in = "abc";
+ size_t inlen = strlen (in);
+ const char *expect = "\x66\xc7\xf0\xf4\x62\xee\xed\xd9\xd1"
+ "\xf2\xd4\x6b\xdc\x10\xe4\xe2\x41\x67\xc4\x87\x5c"
+ "\xf2\xf7\xa2\x29\x7d\xa0\x2b\x8f\x4b\xa8\xe0";
+ char out[32];
+ const char *p;
+
+ if (gc_sm3 (in, inlen, out) != 0)
+ {
+ printf ("gc_sm3 call failed\n");
+ return 1;
+ }
+
+ if (memcmp (out, expect, 32) != 0)
+ {
+ size_t i;
+ printf ("sm3 mismatch. expected:\n");
+ for (i = 0; i < 32; i++)
+ printf ("%02x ", (unsigned int) expect[i] & 0xFF);
+ printf ("\ncomputed:\n");
+ for (i = 0; i < 32; i++)
+ printf ("%02x ", (unsigned int) out[i] & 0xFF);
+ printf ("\n");
+ return 1;
+ }
+
+ rc = gc_hash_buffer (GC_SM3, "abc", 3, out);
+ if (rc != GC_OK)
+ {
+ printf ("gc_hash_buffer(sm3) call failed: %u\n", rc);
+ return 1;
+ }
+
+ if (memcmp (out, expect, 32) != 0)
+ {
+ size_t i;
+ printf ("sm3' mismatch. expected:\n");
+ for (i = 0; i < 32; i++)
+ printf ("%02x ", (unsigned int) expect[i] & 0xFF);
+ printf ("\ncomputed:\n");
+ for (i = 0; i < 32; i++)
+ printf ("%02x ", (unsigned int) out[i] & 0xFF);
+ printf ("\n");
+ return 1;
+ }
+
+ if (gc_hash_digest_length (GC_SM3) != 32)
+ {
+ printf ("gc_hash_digest_length (GC_SM3) failed\n");
+ return 1;
+ }
+
+ if ((rc = gc_hash_open (GC_SM3, 0, &h)) != GC_OK)
+ {
+ printf ("gc_hash_open(GC_SM3) failed (%u)\n", rc);
+ return 1;
+ }
+
+ gc_hash_write (h, inlen, in);
+
+ p = gc_hash_read (h);
+
+ if (!p)
+ {
+ printf ("gc_hash_read failed\n");
+ return 1;
+ }
+
+ if (memcmp (p, expect, 32) != 0)
+ {
+ size_t i;
+ printf ("sm3 mismatch. expected:\n");
+ for (i = 0; i < 32; i++)
+ printf ("%02x ", (unsigned int) expect[i] & 0xFF);
+ printf ("\ncomputed:\n");
+ for (i = 0; i < 32; i++)
+ printf ("%02x ", (unsigned int) p[i] & 0xFF);
+ printf ("\n");
+ return 1;
+ }
+
+ gc_hash_close (h);
+ }
+
+ gc_done ();
+
+ return 0;
+}
diff --git a/tests/test-sm3.c b/tests/test-sm3.c
new file mode 100644
index 000000000..99c19452b
--- /dev/null
+++ b/tests/test-sm3.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright (C) 2017 Free Software Foundation, Inc.
+ * Written by Jia Zhang
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see . */
+
+#include
+
+#include
+#include
+
+#include "sm3.h"
+
+static int
+test (const char *in, const char *out)
+{
+ char buf[SM3_DIGEST_SIZE];
+
+ if (memcmp (sm3_buffer (in, strlen (in), buf),
+ out, SM3_DIGEST_SIZE) != 0)
+ {
+ size_t i;
+ printf ("expected:\n");
+ for (i = 0; i < SM3_DIGEST_SIZE; i++)
+ printf ("%02x ", out[i] & 0xFFu);
+ printf ("\ncomputed:\n");
+ for (i = 0; i < SM3_DIGEST_SIZE; i++)
+ printf ("%02x ", buf[i] & 0xFFu);
+ printf ("\n");
+ return 1;
+ }
+
+ return 0;
+}
+
+int
+main (void)
+{
+ /* Test vectors from GM/T 004-2012 */
+ const char *in[] =
+ {
+ "abc",
+ "abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd",
+ };
+ const char *out[] =
+ {
+ "\x66\xc7\xf0\xf4\x62\xee\xed\xd9\xd1\xf2\xd4\x6b\xdc\x10\xe4\xe2"
+ "\x41\x67\xc4\x87\x5c\xf2\xf7\xa2\x29\x7d\xa0\x2b\x8f\x4b\xa8\xe0",
+ "\xde\xbe\x9f\xf9\x22\x75\xb8\xa1\x38\x60\x48\x89\xc1\x8e\x5a\x4d"
+ "\x6f\xdb\x70\xe5\x38\x7e\x57\x65\x29\x3d\xcb\xa3\x9c\x0c\x57\x32",
+ };
+ size_t i;
+
+ for (i = 0; i < sizeof (in) / sizeof (in[0]); i++)
+ {
+ if (test (in[i], out[i]))
+ return 1;
+ }
+
+ return 0;
+}
--
2.14.1