1 // SPDX-License-Identifier: GPL-2.0-only <<
2 /* 1 /*
3 * SM3 secure hash, as specified by OSCCA GM/T 2 * SM3 secure hash, as specified by OSCCA GM/T 0004-2012 SM3 and
4 * described at https://tools.ietf.org/html/dr 3 * described at https://tools.ietf.org/html/draft-shen-sm3-hash-01
5 * 4 *
6 * Copyright (C) 2017 ARM Limited or its affil 5 * Copyright (C) 2017 ARM Limited or its affiliates.
7 * Written by Gilad Ben-Yossef <gilad@benyosse 6 * Written by Gilad Ben-Yossef <gilad@benyossef.com>
8 * Copyright (C) 2021 Tianjia Zhang <tianjia.z !! 7 *
>> 8 * This program is free software; you can redistribute it and/or modify
>> 9 * it under the terms of the GNU General Public License version 2 as
>> 10 * published by the Free Software Foundation.
>> 11 *
>> 12 * This program is distributed in the hope that it will be useful,
>> 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
>> 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
>> 15 * GNU General Public License for more details.
>> 16 *
>> 17 * You should have received a copy of the GNU General Public License
>> 18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
9 */ 19 */
10 20
11 #include <crypto/internal/hash.h> 21 #include <crypto/internal/hash.h>
12 #include <linux/init.h> 22 #include <linux/init.h>
13 #include <linux/module.h> 23 #include <linux/module.h>
14 #include <linux/mm.h> 24 #include <linux/mm.h>
15 #include <linux/types.h> 25 #include <linux/types.h>
16 #include <crypto/sm3.h> 26 #include <crypto/sm3.h>
17 #include <crypto/sm3_base.h> 27 #include <crypto/sm3_base.h>
18 #include <linux/bitops.h> 28 #include <linux/bitops.h>
19 #include <asm/byteorder.h> 29 #include <asm/byteorder.h>
20 #include <asm/unaligned.h> 30 #include <asm/unaligned.h>
21 31
22 const u8 sm3_zero_message_hash[SM3_DIGEST_SIZE 32 const u8 sm3_zero_message_hash[SM3_DIGEST_SIZE] = {
23 0x1A, 0xB2, 0x1D, 0x83, 0x55, 0xCF, 0x 33 0x1A, 0xB2, 0x1D, 0x83, 0x55, 0xCF, 0xA1, 0x7F,
24 0x8e, 0x61, 0x19, 0x48, 0x31, 0xE8, 0x 34 0x8e, 0x61, 0x19, 0x48, 0x31, 0xE8, 0x1A, 0x8F,
25 0x22, 0xBE, 0xC8, 0xC7, 0x28, 0xFE, 0x 35 0x22, 0xBE, 0xC8, 0xC7, 0x28, 0xFE, 0xFB, 0x74,
26 0x7E, 0xD0, 0x35, 0xEB, 0x50, 0x82, 0x 36 0x7E, 0xD0, 0x35, 0xEB, 0x50, 0x82, 0xAA, 0x2B
27 }; 37 };
28 EXPORT_SYMBOL_GPL(sm3_zero_message_hash); 38 EXPORT_SYMBOL_GPL(sm3_zero_message_hash);
29 39
30 static int crypto_sm3_update(struct shash_desc !! 40 static inline u32 p0(u32 x)
>> 41 {
>> 42 return x ^ rol32(x, 9) ^ rol32(x, 17);
>> 43 }
>> 44
>> 45 static inline u32 p1(u32 x)
>> 46 {
>> 47 return x ^ rol32(x, 15) ^ rol32(x, 23);
>> 48 }
>> 49
>> 50 static inline u32 ff(unsigned int n, u32 a, u32 b, u32 c)
>> 51 {
>> 52 return (n < 16) ? (a ^ b ^ c) : ((a & b) | (a & c) | (b & c));
>> 53 }
>> 54
>> 55 static inline u32 gg(unsigned int n, u32 e, u32 f, u32 g)
>> 56 {
>> 57 return (n < 16) ? (e ^ f ^ g) : ((e & f) | ((~e) & g));
>> 58 }
>> 59
>> 60 static inline u32 t(unsigned int n)
>> 61 {
>> 62 return (n < 16) ? SM3_T1 : SM3_T2;
>> 63 }
>> 64
>> 65 static void sm3_expand(u32 *t, u32 *w, u32 *wt)
>> 66 {
>> 67 int i;
>> 68 unsigned int tmp;
>> 69
>> 70 /* load the input */
>> 71 for (i = 0; i <= 15; i++)
>> 72 w[i] = get_unaligned_be32((__u32 *)t + i);
>> 73
>> 74 for (i = 16; i <= 67; i++) {
>> 75 tmp = w[i - 16] ^ w[i - 9] ^ rol32(w[i - 3], 15);
>> 76 w[i] = p1(tmp) ^ (rol32(w[i - 13], 7)) ^ w[i - 6];
>> 77 }
>> 78
>> 79 for (i = 0; i <= 63; i++)
>> 80 wt[i] = w[i] ^ w[i + 4];
>> 81 }
>> 82
>> 83 static void sm3_compress(u32 *w, u32 *wt, u32 *m)
>> 84 {
>> 85 u32 ss1;
>> 86 u32 ss2;
>> 87 u32 tt1;
>> 88 u32 tt2;
>> 89 u32 a, b, c, d, e, f, g, h;
>> 90 int i;
>> 91
>> 92 a = m[0];
>> 93 b = m[1];
>> 94 c = m[2];
>> 95 d = m[3];
>> 96 e = m[4];
>> 97 f = m[5];
>> 98 g = m[6];
>> 99 h = m[7];
>> 100
>> 101 for (i = 0; i <= 63; i++) {
>> 102
>> 103 ss1 = rol32((rol32(a, 12) + e + rol32(t(i), i & 31)), 7);
>> 104
>> 105 ss2 = ss1 ^ rol32(a, 12);
>> 106
>> 107 tt1 = ff(i, a, b, c) + d + ss2 + *wt;
>> 108 wt++;
>> 109
>> 110 tt2 = gg(i, e, f, g) + h + ss1 + *w;
>> 111 w++;
>> 112
>> 113 d = c;
>> 114 c = rol32(b, 9);
>> 115 b = a;
>> 116 a = tt1;
>> 117 h = g;
>> 118 g = rol32(f, 19);
>> 119 f = e;
>> 120 e = p0(tt2);
>> 121 }
>> 122
>> 123 m[0] = a ^ m[0];
>> 124 m[1] = b ^ m[1];
>> 125 m[2] = c ^ m[2];
>> 126 m[3] = d ^ m[3];
>> 127 m[4] = e ^ m[4];
>> 128 m[5] = f ^ m[5];
>> 129 m[6] = g ^ m[6];
>> 130 m[7] = h ^ m[7];
>> 131
>> 132 a = b = c = d = e = f = g = h = ss1 = ss2 = tt1 = tt2 = 0;
>> 133 }
>> 134
>> 135 static void sm3_transform(struct sm3_state *sst, u8 const *src)
>> 136 {
>> 137 unsigned int w[68];
>> 138 unsigned int wt[64];
>> 139
>> 140 sm3_expand((u32 *)src, w, wt);
>> 141 sm3_compress(w, wt, sst->state);
>> 142
>> 143 memzero_explicit(w, sizeof(w));
>> 144 memzero_explicit(wt, sizeof(wt));
>> 145 }
>> 146
>> 147 static void sm3_generic_block_fn(struct sm3_state *sst, u8 const *src,
>> 148 int blocks)
>> 149 {
>> 150 while (blocks--) {
>> 151 sm3_transform(sst, src);
>> 152 src += SM3_BLOCK_SIZE;
>> 153 }
>> 154 }
>> 155
>> 156 int crypto_sm3_update(struct shash_desc *desc, const u8 *data,
31 unsigned int len) 157 unsigned int len)
32 { 158 {
33 sm3_update(shash_desc_ctx(desc), data, !! 159 return sm3_base_do_update(desc, data, len, sm3_generic_block_fn);
34 return 0; <<
35 } 160 }
>> 161 EXPORT_SYMBOL(crypto_sm3_update);
36 162
37 static int crypto_sm3_final(struct shash_desc !! 163 static int sm3_final(struct shash_desc *desc, u8 *out)
38 { 164 {
39 sm3_final(shash_desc_ctx(desc), out); !! 165 sm3_base_do_finalize(desc, sm3_generic_block_fn);
40 return 0; !! 166 return sm3_base_finish(desc, out);
41 } 167 }
42 168
43 static int crypto_sm3_finup(struct shash_desc !! 169 int crypto_sm3_finup(struct shash_desc *desc, const u8 *data,
44 unsigned int len, u8 * 170 unsigned int len, u8 *hash)
45 { 171 {
46 struct sm3_state *sctx = shash_desc_ct !! 172 sm3_base_do_update(desc, data, len, sm3_generic_block_fn);
47 !! 173 return sm3_final(desc, hash);
48 if (len) <<
49 sm3_update(sctx, data, len); <<
50 sm3_final(sctx, hash); <<
51 return 0; <<
52 } 174 }
>> 175 EXPORT_SYMBOL(crypto_sm3_finup);
53 176
54 static struct shash_alg sm3_alg = { 177 static struct shash_alg sm3_alg = {
55 .digestsize = SM3_DIGEST_SIZ 178 .digestsize = SM3_DIGEST_SIZE,
56 .init = sm3_base_init, 179 .init = sm3_base_init,
57 .update = crypto_sm3_upd 180 .update = crypto_sm3_update,
58 .final = crypto_sm3_fin !! 181 .final = sm3_final,
59 .finup = crypto_sm3_fin 182 .finup = crypto_sm3_finup,
60 .descsize = sizeof(struct 183 .descsize = sizeof(struct sm3_state),
61 .base = { 184 .base = {
62 .cra_name = "sm3", 185 .cra_name = "sm3",
63 .cra_driver_name = "sm3-g 186 .cra_driver_name = "sm3-generic",
64 .cra_priority = 100, <<
65 .cra_blocksize = SM3_BL 187 .cra_blocksize = SM3_BLOCK_SIZE,
66 .cra_module = THIS_M 188 .cra_module = THIS_MODULE,
67 } 189 }
68 }; 190 };
69 191
70 static int __init sm3_generic_mod_init(void) 192 static int __init sm3_generic_mod_init(void)
71 { 193 {
72 return crypto_register_shash(&sm3_alg) 194 return crypto_register_shash(&sm3_alg);
73 } 195 }
74 196
75 static void __exit sm3_generic_mod_fini(void) 197 static void __exit sm3_generic_mod_fini(void)
76 { 198 {
77 crypto_unregister_shash(&sm3_alg); 199 crypto_unregister_shash(&sm3_alg);
78 } 200 }
79 201
80 subsys_initcall(sm3_generic_mod_init); !! 202 module_init(sm3_generic_mod_init);
81 module_exit(sm3_generic_mod_fini); 203 module_exit(sm3_generic_mod_fini);
82 204
83 MODULE_LICENSE("GPL v2"); 205 MODULE_LICENSE("GPL v2");
84 MODULE_DESCRIPTION("SM3 Secure Hash Algorithm" 206 MODULE_DESCRIPTION("SM3 Secure Hash Algorithm");
85 207
86 MODULE_ALIAS_CRYPTO("sm3"); 208 MODULE_ALIAS_CRYPTO("sm3");
87 MODULE_ALIAS_CRYPTO("sm3-generic"); 209 MODULE_ALIAS_CRYPTO("sm3-generic");
88 210
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.