相关文章:
最近陆续造了一批哈希算法的轮子,包括MD家族(包括MD2/MD4/MD5), SHA1, SHA2家族(SHA256/SHA384/SHA512),SHA3家族以及国密SM3算法。
原来打算将每一个算法都详细分析并实现,现在看来,这个工作短时间可能无法完成,所以先将源码发上来。
这部分实现的源码完全参考官方文档的算法描述,连变量名也尽可能和官方文档中的变量保持一致,方便学习。
另外, 代码封装的SM3哈希调用接口参考了openssl官方的接口,完全兼容,无缝对接。会使用这里的接口,就会使用openssl的库函数接口,甚至连代码都不需要修改。
除了实现的源码外,还另外附带了一个测试例子,这个测试例子不仅仅是用于测试哈希算法的实现是否正确,还可以提供了"-f"/"-s"等选项用于对任意文件和字符串进行哈希,因此作为一个工具使用,类似系统内置的md5sum/sha1sum。
SM3实现源码
1. 头文件sm3.c
/*
* @ file: sm3.h
* @ description: header file for sm3.c
* @ author: Gu Yongqiang
* @ blog: https://blog.csdn.net/guyongqiangx
*/
#ifndef __ROCKY_SM3__H
#define __ROCKY_SM3__H
#define ERR_OK 0
#define ERR_ERR -1 /* generic error */
#define ERR_INV_PARAM -2 /* invalid parameter */
#define ERR_TOO_LONG -3 /* too long */
#define ERR_STATE_ERR -4 /* state error */
typedef unsigned char uint8_t;
typedef unsigned short uint16_t;
typedef unsigned int uint32_t;
typedef unsigned long long uint64_t;
typedef struct sm3_context {
/* message total length in bytes */
uint64_t total;
/* intermedia hash value for each block */
struct {
uint32_t a;
uint32_t b;
uint32_t c;
uint32_t d;
uint32_t e;
uint32_t f;
uint32_t g;
uint32_t h;
}hash;
/* last block */
struct {
uint32_t used; /* used bytes */
uint8_t buf[64]; /* block data buffer */
}last;
}SM3_CTX;
/* https://www.openssl.org/docs/man1.1.1/man3/SHA256_Final.html */
int SM3_Init(SM3_CTX *c);
int SM3_Update(SM3_CTX *c, const void *data, size_t len);
int SM3_Final(unsigned char *md, SM3_CTX *c);
unsigned char *SM3(const unsigned char *d, size_t n, unsigned char *md);
#endif
2. 代码文件sm3.c
/*
* @ file: sm3.c
* @ description: implementation for the SM3 Cryptographic Hash Algorithm
* @ author: Gu Yongqiang
* @ blog: https://blog.csdn.net/guyongqiangx
*/
#include <stdio.h>
#include <string.h>
#include "utils.h"
#include "sm3.h"
// #define DEBUG
#ifdef DEBUG
#define DBG(...) printf(__VA_ARGS__)
#define DUMP_SCHED_DATA 1
#define DUMP_BLOCK_DATA 1
#define DUMP_BLOCK_HASH 1
#define DUMP_ROUND_DATA 1
#else
#define DBG(...)
#define DUMP_SCHED_DATA 0
#define DUMP_BLOCK_DATA 0
#define DUMP_BLOCK_HASH 0
#define DUMP_ROUND_DATA 0
#endif
#define HASH_BLOCK_SIZE 64 /* 512 bits = 64 Bytes */
#define HASH_LEN_SIZE 8 /* 64 bits = 8 bytes */
#define HASH_LEN_OFFSET (HASH_BLOCK_SIZE - HASH_LEN_SIZE)
#define HASH_DIGEST_SIZE 32 /* 256 bits = 32 bytes */
#define HASH_PADDING_PATTERN 0x80
#define HASH_ROUND_NUM 64
/* SM3 Constants */
static uint32_t T[2] =
{
0x79CC4519, 0x7A879D8A
};
/* ROTate Left (circular left shift) */
static uint32_t ROTL(uint32_t x, uint8_t shift)
{
shift %= 32;
return (x << shift) | (x >> (32 - shift));
}
static uint32_t FF(uint32_t x, uint32_t y, uint32_t z, uint32_t j)
{
if (j<16) /* 0 <= j <= 15 */
{
return x ^ y ^ z;
}
else /* 16 <= j <= 63 */
{
return (x & y) | (x & z) | (y & z);
}
}
static uint32_t GG(uint32_t x, uint32_t y, uint32_t z, uint32_t j)
{
if (j<16) /* 0 <= j <= 15 */
{
return x ^ y ^ z;
}
else /* 16 <= j <= 63 */
{
return (x & y) | (~x & z);
}
}
/* P0, Permutation 0 */
static uint32_t P0(uint32_t x)
{
return x ^ ROTL(x, 9) ^ ROTL(x, 17);
}
/* P1, Permutation 1 */
static uint32_t P1(uint32_t x)
{
return x ^ ROTL(x, 15) ^ ROTL(x, 23);
}
int SM3_Init(SM3_CTX *c)
{
if (NULL == c)
{
return ERR_INV_PARAM;
}
memset(c, 0, sizeof(SM3_CTX));
/* Initial Value for SM3 */
c->hash.a = 0x7380166f;
c->hash.b = 0x4914b2b9;
c->hash.c = 0x172442d7;
c->hash.d = 0xda8a0600;
c->hash.e = 0xa96f30bc;
c->hash.f = 0x163138aa;
c->hash.g = 0xe38dee4d;
c->hash.h = 0xb0fb0e4e;
return ERR_OK;
}
static int SM3_PrepareScheduleWord(const uint32_t *block, uint32_t *W, uint32_t *Wp)
{
uint32_t j;
if ((NULL == block) || (NULL == W) || (NULL == Wp))
{
return ERR_INV_PARAM;
}
/* Array W */
for (j=0; j<(HASH_ROUND_NUM+4); j++)
{
if (j<=15) /* 0 <= j <= 15 */
W[j] = be32toh(block[j]);
else /* 16 <= j <= 67 */
W[j] = P1(W[j-16] ^ W[j-9] ^ ROTL(W[j-3],15)) ^ ROTL(W[j-13],7) ^ W[j-6];
}
/* Array W Prime */
for (j=0; j<HASH_ROUND_NUM; j++)
{
Wp[j] = W[j] ^ W[j+4];
}
#if (DUMP_SCHED_DATA == 1)
printf(" W1...W67:\n");
for (j=0; j<(HASH_ROUND_NUM+4); j++)
{
if (j%8 == 0) /* line indent */
{
printf(" ");
}
printf("%08x ", W[j]);
if (j%8 == 7)
{
printf("\n");
}
else if (j == (HASH_ROUND_NUM+4-1))
{
printf("\n"); /* last one */
}
}
printf(" W'1...W'63:\n");
for (j=0; j<HASH_ROUND_NUM; j++)
{
if (j%8 == 0) /* line indent */
{
printf(" ");
}
printf("%08x ", Wp[j]);
if (j%8 == 7)
{
printf("\n");
}
else if (j == HASH_ROUND_NUM-1)
{
printf("\n"); /* last one */
}
}
#endif
return ERR_OK;
}
static int SM3_ProcessBlock(SM3_CTX *ctx, const void *block)
{
uint32_t j;
uint32_t W[HASH_ROUND_NUM+4], Wp[HASH_ROUND_NUM];
uint32_t SS1, SS2;
uint32_t TT1, TT2;
uint32_t A, B, C, D, E, F, G, H;
if ((NULL == ctx) || (NULL == block))
{
return ERR_INV_PARAM;
}
#if (DUMP_BLOCK_DATA == 1)
DBG("---------------------------------------------------------\n");
DBG(" BLOCK: %llu\n", ctx->total/HASH_BLOCK_SIZE);
DBG(" DATA:\n");
print_buffer(block, HASH_BLOCK_SIZE, " ");
#endif
/* prepare schedule word */
SM3_PrepareScheduleWord(block, W, Wp);
A = ctx->hash.a;
B = ctx->hash.b;
C = ctx->hash.c;
D = ctx->hash.d;
E = ctx->hash.e;
F = ctx->hash.f;
G = ctx->hash.g;
H = ctx->hash.h;
#if (DUMP_BLOCK_HASH == 1)
DBG(" IV: %08x %08x %08x %08x %08x %08x %08x %08x\n",
ctx->hash.a, ctx->hash.b, ctx->hash.c, ctx->hash.d, ctx->hash.e, ctx->hash.f, ctx->hash.g, ctx->hash.h);
#endif
for (j=0; j<HASH_ROUND_NUM; j++)
{
SS1 = ROTL(ROTL(A, 12) + E + ROTL(T[j<16?0:1], j), 7);
SS2 = SS1 ^ ROTL(A, 12);
TT1 = FF(A, B, C, j) + D + SS2 + Wp[j];
TT2 = GG(E, F, G, j) + H + SS1 + W[j];
D = C;
C = ROTL(B, 9);
B = A;
A = TT1;
H = G;
G = ROTL(F, 19);
F = E;
E = P0(TT2);
#if (DUMP_ROUND_DATA == 1)
#if 1 /* Don't show temp variables: SS1/SS2/TT1/TT2/W/W' */
DBG(" %02d: A=0x%08x, B=0x%08x, C=0x%08x, D=0x%08x, E=0x%08x, F=0x%08x, G=0x%08x, H=0x%08x\n", \
j, A, B, C, D, E, F, G, H);
#else
DBG(" %02d: SS1=0x%08x, SS2=0x%08x, TT1=0x%08x, TT2=0x%08x, W=0x%08x, Wp=0x%08x\n"\
" A=0x%08x, B=0x%08x, C=0x%08x, D=0x%08x, E=0x%08x, F=0x%08x, G=0x%08x, H=0x%08x\n", \
j, SS1, SS2, TT1, TT2, W[j], Wp[j], A, B, C, D, E, F, G, H);
#endif
#endif
}
ctx->hash.a ^= A;
ctx->hash.b ^= B;
ctx->hash.c ^= C;
ctx->hash.d ^= D;
ctx->hash.e ^= E;
ctx->hash.f ^= F;
ctx->hash.g ^= G;
ctx->hash.h ^= H;
#if (DUMP_BLOCK_HASH == 1)
DBG(" HASH: %08x %08x %08x %08x %08x %08x %08x %08x\n",
ctx->hash.a, ctx->hash.b, ctx->hash.c, ctx->hash.d, ctx->hash.e, ctx->hash.f, ctx->hash.g, ctx->hash.h);
#endif
return ERR_OK;
}
int SM3_Update(SM3_CTX *c, const void *data, size_t len)
{
uint32_t copy_len = 0;
if ((NULL == c) || (NULL == data))
{
return ERR_INV_PARAM;
}
/* has used data */
if (c->last.used != 0)
{
/* less than 1 block in total, combine data */
if (c->last.used + len < HASH_BLOCK_SIZE)
{
memcpy(&c->last.buf[c->last.used], data, len);
c->last.used += len;
return ERR_OK;
}
else /* more than 1 block */
{
/* process the block in context buffer */
copy_len = HASH_BLOCK_SIZE - c->last.used;
memcpy(&c->last.buf[c->last.used], data, copy_len);
SM3_ProcessBlock(c, &c->last.buf);
c->total += HASH_BLOCK_SIZE;
data = (uint8_t *)data + copy_len;
len -= copy_len;
/* reset context buffer */
memset(&c->last.buf[0], 0, HASH_BLOCK_SIZE);
c->last.used = 0;
}
}
/* less than 1 block, copy to context buffer */
if (len < HASH_BLOCK_SIZE)
{
memcpy(&c->last.buf[c->last.used], data, len);
c->last.used += len;
return ERR_OK;
}
else
{
/* process data blocks */
while (len >= HASH_BLOCK_SIZE)
{
SM3_ProcessBlock(c, data);
c->total += HASH_BLOCK_SIZE;
data = (uint8_t *)data + HASH_BLOCK_SIZE;
len -= HASH_BLOCK_SIZE;
}
/* copy rest data to context buffer */
memcpy(&c->last.buf[0], data, len);
c->last.used = len;
}
return ERR_OK;
}
int SM3_Final(unsigned char *md, SM3_CTX *c)
{
uint32_t *temp;
//uint64_t *buf;
if ((NULL == c) || (NULL == md))
{
return ERR_INV_PARAM;
}
/* Last block should be less thant HASH_BLOCK_SIZE - HASH_LEN_SIZE */
if (c->last.used >= (HASH_BLOCK_SIZE - HASH_LEN_SIZE))
{
c->total += c->last.used;
/* one more block */
c->last.buf[c->last.used] = HASH_PADDING_PATTERN;
c->last.used++;
memset(&c->last.buf[c->last.used], 0, HASH_BLOCK_SIZE - c->last.used);
SM3_ProcessBlock(c, &c->last.buf);
memset(&c->last.buf[0], 0, HASH_BLOCK_SIZE - HASH_LEN_SIZE);
c->last.used = 0;
/* save length */
//buf = (uint64_t *)&(c->last.buf[HASH_LEN_OFFSET]);
//*buf = htobe64(c->total << 3);
temp = (uint32_t *)&(c->last.buf[HASH_LEN_OFFSET]);
temp[0] = htobe32((c->total << 3) >> 32 & 0xFFFFFFFF);
temp[1] = htobe32((c->total << 3) & 0xFFFFFFFF);
SM3_ProcessBlock(c, &c->last.buf);
}
else /* 0 <= last.used < HASH_BLOCK_SIZE - HASH_LEN_SIZE */
{
c->total += c->last.used;
/* one more block */
c->last.buf[c->last.used] = HASH_PADDING_PATTERN;
c->last.used++;
/* padding 0s */
memset(&c->last.buf[c->last.used], 0, HASH_BLOCK_SIZE - HASH_LEN_SIZE - c->last.used);
/* save length */
//buf = (uint64_t *)&(c->last.buf[HASH_LEN_OFFSET]);
//*buf = htobe64(c->total << 3);
temp = (uint32_t *)&(c->last.buf[HASH_LEN_OFFSET]);
temp[0] = htobe32((c->total << 3) >> 32 & 0xFFFFFFFF);
temp[1] = htobe32((c->total << 3) & 0xFFFFFFFF);
SM3_ProcessBlock(c, &c->last.buf);
}
temp = (uint32_t *)md;
temp[0] = htobe32(c->hash.a);
temp[1] = htobe32(c->hash.b);
temp[2] = htobe32(c->hash.c);
temp[3] = htobe32(c->hash.d);
temp[4] = htobe32(c->hash.e);
temp[5] = htobe32(c->hash.f);
temp[6] = htobe32(c->hash.g);
temp[7] = htobe32(c->hash.h);
return ERR_OK;
}
unsigned char *SM3(const unsigned char *d, size_t n, unsigned char *md)
{
SM3_CTX c;
if ((NULL == d) || (NULL == md))
{
return NULL;
}
SM3_Init(&c);
SM3_Update(&c, d, n);
SM3_Final(md, &c);
return md;
}
SM3源码的编译和测试
我直接在Makefile中内置了一个test伪目标,编译时除了编译生成名为sm3的哈希工具外,还会直接调用内置的哈希测试。
编译和运行如下:
$ make
gcc -Wall -g -O2 -c utils.c -o utils.o
gcc -Wall -g -O2 -c sm3.c -o sm3.o
gcc -Wall -g -O2 -c sm3test.c -o sm3test.o
gcc -Wall -g -O2 utils.o sm3.o sm3test.o -o sm3
Run Test...
./sm3 -x
Internal hash tests for ./sm3:
./sm3("")
Expect: 1ab21d8355cfa17f8e61194831e81a8f22bec8c728fefb747ed035eb5082aa2b
Result: 1ab21d8355cfa17f8e61194831e81a8f22bec8c728fefb747ed035eb5082aa2b
./sm3("a")
Expect: 623476ac18f65a2909e43c7fec61b49c7e764a91a18ccb82f1917a29c86c5e88
Result: 623476ac18f65a2909e43c7fec61b49c7e764a91a18ccb82f1917a29c86c5e88
./sm3("abc")
Expect: 66c7f0f462eeedd9d1f2d46bdc10e4e24167c4875cf2f7a2297da02b8f4ba8e0
Result: 66c7f0f462eeedd9d1f2d46bdc10e4e24167c4875cf2f7a2297da02b8f4ba8e0
./sm3("message digest")
Expect: c522a942e89bd80d97dd666e7a5531b36188c9817149e9b258dfe51ece98ed77
Result: c522a942e89bd80d97dd666e7a5531b36188c9817149e9b258dfe51ece98ed77
./sm3("abcdefghijklmnopqrstuvwxyz")
Expect: b80fe97a4da24afc277564f66a359ef440462ad28dcc6d63adb24d5c20a61595
Result: b80fe97a4da24afc277564f66a359ef440462ad28dcc6d63adb24d5c20a61595
./sm3("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789")
Expect: 2971d10c8842b70c979e55063480c50bacffd90e98e2e60d2512ab8abfdfcec5
Result: 2971d10c8842b70c979e55063480c50bacffd90e98e2e60d2512ab8abfdfcec5
./sm3("12345678901234567890123456789012345678901234567890123456789012345678901234567890")
Expect: ad81805321f3e69d251235bf886a564844873b56dd7dde400f055b7dde39307a
Result: ad81805321f3e69d251235bf886a564844873b56dd7dde400f055b7dde39307a
./sm3("abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd")
Expect: debe9ff92275b8a138604889c18e5a4d6fdb70e5387e5765293dcba39c0c5732
Result: debe9ff92275b8a138604889c18e5a4d6fdb70e5387e5765293dcba39c0c5732
最新版本的openssl工具已经支持sm3哈希算法,因此可以将sm3工具和openssl执行dgst计算的结果进行比较:
$ sm3 -h
Usage:
Common options: [-x|-f file|-s string|-h]
Hash a string:
sm3 -s string
Hash a file:
sm3 -f file [-k key]
-x Internal string hash test
-h Display this message
# 使用"-f"和"-s"选项分别对文件和字符串计算sm3哈希值
$ sm3 -f sm3.o
sm3(sm3.o) = 347d091d1269da1e00166b3dec34885b55b011ddd06d989f092f73c9488fcac7
$ sm3 -s "I Love China!"
sm3("I Love China!") = c661494fb7e8f3c7fe9c1926d69961fb1a3ccdc2a1c8cdd817fe0b7f777cea5a
# 使用开源的openssl工具计算相应的哈希进行对比
$ openssl dgst -sm3 sm3.o
SHA1(sha1.o)= 347d091d1269da1e00166b3dec34885b55b011ddd06d989f092f73c9488fcac7
$ echo -n "I Love China!" | openssl dgst -sm3
(stdin)= c661494fb7e8f3c7fe9c1926d69961fb1a3ccdc2a1c8cdd817fe0b7f777cea5a
完整代码
完整的代码文件列表如下:
sm3$ ls -lh
total 140K
-rwxr--r-- 1 rocky rocky 592 Jun 19 23:14 Makefile
-rwxrwxr-x 1 rocky rocky 11K Jun 20 00:04 sm3.c
-rwxrwxr-x 1 rocky rocky 1.4K Jun 19 23:19 sm3.h
-rwxr--r-- 1 rocky rocky 6.0K Jun 19 23:35 sm3test.c
-rwxr--r-- 1 rocky rocky 578 Jun 17 21:46 utils.c
-rwxr--r-- 1 rocky rocky 1.7K Jun 17 21:46 utils.h
-rwxr--r-- 1 rocky rocky 102K Jun 19 23:30 国密-SM3密码杂凑算法.pdf
需要代码请访问:
- https://github.com/guyongqiangx/cryptography/
其它
洛奇工作中常常会遇到自己不熟悉的问题,这些问题可能并不难,但因为不了解,找不到人帮忙而瞎折腾,往往导致浪费几天甚至更久的时间。
所以我组建了几个微信讨论群(记得微信我说加哪个群,如何加微信见后面),欢迎一起讨论:
- 一个密码编码学讨论组,主要讨论各种加解密,签名校验等算法,请说明加密码学讨论群。
- 一个Android OTA的讨论组,请说明加Android OTA群。
- 一个git和repo的讨论组,请说明加git和repo群。
在工作之余,洛奇尽量写一些对大家有用的东西,如果洛奇的这篇文章让您有所收获,解决了您一直以来未能解决的问题,不妨赞赏一下洛奇,这也是对洛奇付出的最大鼓励。扫下面的二维码赞赏洛奇,金额随意:
洛奇自己维护了一个公众号“洛奇看世界”,一个很佛系的公众号,不定期瞎逼逼。公号也提供个人联系方式,一些资源,说不定会有意外的收获,详细内容见公号提示。扫下方二维码关注公众号:
扫一扫
1059
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
