Add LSH-256 and LSH-512 hash functions (GH weidai11#1025, PR weidai11#1026)

Add South Korea's LSH-256 and LSH-512 families of hash functions.

Author: noloader

Filelist.txt

@@ -204,6 +204,9 @@ lubyrack.h
 lea.cpp
 lea_simd.cpp
 lea.h
+lsh256.cpp
+lsh512.cpp
+lsh.h
 luc.cpp
 luc.h
 mars.cpp
@@ -525,6 +528,10 @@ TestVectors/hmac.txt
 TestVectors/kalyna.txt
 TestVectors/keccak.txt
 TestVectors/lea.txt
+TestVectors/lsh.txt
+TestVectors/lsh256.txt
+TestVectors/lsh512.txt
+TestVectors/lsh512_256.txt
 TestVectors/mars.txt
 TestVectors/nr.txt
 TestVectors/panama.txt

Readme.txt

@@ -28,9 +28,9 @@ Currently the library contains the following algorithms:
                                    Poly1305, Poly1305 (IETF), SipHash, Two-Track-MAC,
                                    VMAC
 
-                                   BLAKE2s, BLAKE2b, Keccack (F1600), SHA-1,
-                   hash functions  SHA-2 (224/256/384/512), SHA-3 (224/256/384/512),
-                                   SHAKE (128/256), SipHash, SM3, Tiger,
+                                   BLAKE2s, BLAKE2b, Keccack (F1600), LSH (256/512),
+                   hash functions  SHA-1, SHA-2 (224/256/384/512), SHA-3 (224/256),
+                                   SHA-3 (384/512), SHAKE (128/256), SipHash, SM3, Tiger,
                                    RIPEMD (128/160/256/320), WHIRLPOOL
 
                                    RSA, DSA, Deterministic DSA, ElGamal,
@@ -76,8 +76,8 @@ Other features include:
   * A high level interface for most of the above, using a filter/pipeline
     metaphor
   * benchmarks and validation testing
-  * x86, x64 (x86-64), x32 (ILP32), ARM-32, Aarch32, Aarch64 and Power8 in-core code
-    for the commonly used algorithms
+  * x86, x64 (x86-64), x32 (ILP32), ARM-32, Aarch32, Aarch64 and Power8
+    in-core code for the commonly used algorithms
       + run-time CPU feature detection and code selection
       + supports GCC-style and MSVC-style inline assembly, and MASM for x64
       + x86, x64 (x86-64), x32 provides MMX, SSE2, and SSE4 implementations

TestVectors/all.txt

@@ -27,6 +27,8 @@ Test: TestVectors/hmac.txt
 Test: TestVectors/kalyna.txt
 Test: TestVectors/keccak.txt
 Test: TestVectors/lea.txt
+Test: TestVectors/lsh256.txt
+Test: TestVectors/lsh512.txt
 Test: TestVectors/mars.txt
 Test: TestVectors/nr.txt
 Test: TestVectors/panama.txt
@@ -61,4 +63,3 @@ Test: TestVectors/vmac.txt
 Test: TestVectors/wake.txt
 Test: TestVectors/whrlpool.txt
 Test: TestVectors/xts.txt
-

TestVectors/lsh.txt

@@ -0,0 +1,5 @@
+AlgorithmType: FileList
+Name: LSH test vectors
+Test: TestVectors/lsh256.txt
+Test: TestVectors/lsh512.txt
+Test: TestVectors/lsh512_256.txt

TestVectors/lsh256.txt

@@ -0,0 +1,12 @@
+AlgorithmType: MessageDigest
+Name: LSH-224
+Source: https://en.wikipedia.org/wiki/LSH_(hash_function)
+Message: "abc"
+Digest: F7 C5 3B A4 03 4E 70 8E 74 FB A4 2E 55 99 7C A5 12 6B B7 62 36 88 F8 53 42 F7 37 32
+Test: Verify
+#
+Name: LSH-256
+Source: https://en.wikipedia.org/wiki/LSH_(hash_function)
+Message: "abc"
+Digest: 5F BF 36 5D AE A5 44 6A 70 53 C5 2B 57 40 4D 77 A0 7A 5F 48 A1 F7 C1 96 3A 08 98 BA 1B 71 47 41
+Test: Verify

TestVectors/lsh512.txt

@@ -0,0 +1,12 @@
+AlgorithmType: MessageDigest
+Name: LSH-384
+Source: https://en.wikipedia.org/wiki/LSH_(hash_function)
+Message: "abc"
+Digest: 5F 34 4E FA A0 E4 3C CD 2E 5E 19 4D 60 39 79 4B 4F B4 31 F1 0F B4 B6 5F D4 5E 9D A4 EC DE 0F 27 B6 6E 8D BD FA 47 25 2E 0D 0B 74 1B FD 91 F9 FE
+Test: Verify
+#
+Name: LSH-512
+Source: https://en.wikipedia.org/wiki/LSH_(hash_function)
+Message: "abc"
+Digest: A3 D9 3C FE 60 DC 1A AC DD 3B D4 BE F0 A6 98 53 81 A3 96 C7 D4 9D 9F D1 77 79 56 97 C3 53 52 08 B5 C5 72 24 BE F2 10 84 D4 20 83 E9 5A 4B D8 EB 33 E8 69 81 2B 65 03 1C 42 88 19 A1 E7 CE 59 6D
+Test: Verify

TestVectors/lsh512_256.txt

@@ -0,0 +1,6 @@
+AlgorithmType: MessageDigest
+Name: LSH-512-256
+Source: https://en.wikipedia.org/wiki/LSH_(hash_function)
+Message: "abc"
+Digest: CD 89 23 10 53 26 02 33 2B 61 3F 1E C1 1A 69 62 FC A6 1E A0 9E CF FC D4 BC F7 58 58 D8 02 ED EC
+Test: Verify

bench1.cpp

@@ -509,6 +509,8 @@ void BenchmarkUnkeyedAlgorithms(double t, double hertz)
 		BenchMarkByNameKeyLess<HashTransformation>("SM3");
 		BenchMarkByNameKeyLess<HashTransformation>("BLAKE2s");
 		BenchMarkByNameKeyLess<HashTransformation>("BLAKE2b");
+		BenchMarkByNameKeyLess<HashTransformation>("LSH-256");
+		BenchMarkByNameKeyLess<HashTransformation>("LSH-512");
 	}
 
 	std::cout << "\n</TABLE>" << std::endl;

lsh.h

@@ -0,0 +1,189 @@
+// lsh.h - written and placed in the public domain by Jeffrey Walton
+//         Based on the specification and source code provided by
+//         Korea Internet & Security Agency (KISA) website. Also
+//         see https://seed.kisa.or.kr/kisa/algorithm/EgovLSHInfo.do
+//         and https://seed.kisa.or.kr/kisa/Board/22/detailView.do.
+
+/// \file lsh.h
+/// \brief Classes for the LSH hash functions
+/// \since Crypto++ 8.6
+/// \sa <A HREF="https://seed.kisa.or.kr/kisa/algorithm/EgovLSHInfo.do">LSH</A>
+///  on the Korea Internet & Security Agency (KISA) website.
+#ifndef CRYPTOPP_LSH_H
+#define CRYPTOPP_LSH_H
+
+#include "cryptlib.h"
+#include "secblock.h"
+
+NAMESPACE_BEGIN(CryptoPP)
+
+/// \brief LSH-224 and LSH-256 hash base class
+/// \details LSH256_Base is the base class for both LSH-224 and LSH-256
+/// \since Crypto++ 8.6
+class LSH256_Base : public HashTransformation
+{
+public:
+	virtual ~LSH256_Base() {}
+
+	unsigned int BlockSize() const { return m_blockSize; }
+	unsigned int DigestSize() const { return m_digestSize; }
+	unsigned int OptimalDataAlignment() const { return GetAlignmentOf<word32>(); }
+
+	void Restart();
+	void Update(const byte *input, size_t length);
+	void TruncatedFinal(byte *hash, size_t size);
+
+	std::string AlgorithmProvider() const;
+
+protected:
+	LSH256_Base(unsigned int algType, unsigned int digestSize, unsigned int blockSize)
+		: m_algType(algType), m_digestSize(digestSize), m_blockSize(blockSize) {}
+
+protected:
+	// Working state is:
+	//   * cv_l = 8 32-bit words
+	//   * cv_r = 8 32-bit words
+	//   * submsg_e_l = 8 32-bit words
+	//   * submsg_e_r = 8 32-bit words
+	//   * submsg_o_l = 8 32-bit words
+	//   * submsg_o_r = 8 32-bit words
+	//   * last_block = 32 32-bit words (128 bytes)
+	FixedSizeSecBlock<word32, 80> m_state;
+	word32 m_algType, m_remainingBitLength;
+	word32 m_digestSize, m_blockSize;
+};
+
+/// \brief LSH-224 hash function
+/// \sa <A HREF="https://seed.kisa.or.kr/kisa/algorithm/EgovLSHInfo.do">LSH</A>
+///  on the Korea Internet & Security Agency (KISA) website.
+/// \since Crypto++ 8.6
+class LSH224 : public LSH256_Base
+{
+public:
+	CRYPTOPP_CONSTANT(DIGESTSIZE = 28);
+	CRYPTOPP_CONSTANT(BLOCKSIZE = 64);
+
+	static std::string StaticAlgorithmName() { return "LSH-224"; }
+
+	/// \brief Construct a LSH-224
+	/// \details LSH_TYPE_224 is the magic value 0x000001C defined in lsh.cpp.
+	LSH224() : LSH256_Base(0x000001C, DIGESTSIZE, BLOCKSIZE) { Restart(); }
+
+	std::string AlgorithmName() const { return StaticAlgorithmName(); }
+};
+
+/// \brief LSH-256 hash function
+/// \sa <A HREF="https://seed.kisa.or.kr/kisa/algorithm/EgovLSHInfo.do">LSH</A>
+///  on the Korea Internet & Security Agency (KISA) website.
+/// \since Crypto++ 8.6
+class LSH256 : public LSH256_Base
+{
+public:
+	CRYPTOPP_CONSTANT(DIGESTSIZE = 32);
+	CRYPTOPP_CONSTANT(BLOCKSIZE = 64);
+
+	static std::string StaticAlgorithmName() { return "LSH-256"; }
+
+	/// \brief Construct a LSH-256
+	/// \details LSH_TYPE_256 is the magic value 0x0000020 defined in lsh.cpp.
+	LSH256() : LSH256_Base(0x0000020, DIGESTSIZE, BLOCKSIZE) { Restart(); }
+
+	std::string AlgorithmName() const { return StaticAlgorithmName(); }
+};
+
+/// \brief LSH-384 and LSH-512 hash base class
+/// \details LSH512_Base is the base class for both LSH-384 and LSH-512
+/// \since Crypto++ 8.6
+class LSH512_Base : public HashTransformation
+{
+public:
+	virtual ~LSH512_Base() {}
+
+	unsigned int BlockSize() const { return m_blockSize; }
+	unsigned int DigestSize() const { return m_digestSize; }
+	unsigned int OptimalDataAlignment() const { return GetAlignmentOf<word64>(); }
+
+	void Restart();
+	void Update(const byte *input, size_t length);
+	void TruncatedFinal(byte *hash, size_t size);
+
+	std::string AlgorithmProvider() const;
+
+protected:
+	LSH512_Base(unsigned int algType, unsigned int digestSize, unsigned int blockSize)
+		: m_algType(algType), m_digestSize(digestSize), m_blockSize(blockSize) {}
+
+protected:
+	// Working state is:
+	//   * cv_l = 8 64-bit words
+	//   * cv_r = 8 64-bit words
+	//   * submsg_e_l = 8 64-bit words
+	//   * submsg_e_r = 8 64-bit words
+	//   * submsg_o_l = 8 64-bit words
+	//   * submsg_o_r = 8 64-bit words
+	//   * last_block = 32 64-bit words (256 bytes)
+	FixedSizeSecBlock<word64, 80> m_state;
+	word32 m_algType, m_remainingBitLength;
+	word32 m_digestSize, m_blockSize;
+};
+
+/// \brief LSH-384 hash function
+/// \sa <A HREF="https://seed.kisa.or.kr/kisa/algorithm/EgovLSHInfo.do">LSH</A>
+///  on the Korea Internet & Security Agency (KISA) website.
+/// \since Crypto++ 8.6
+class LSH384 : public LSH512_Base
+{
+public:
+	CRYPTOPP_CONSTANT(DIGESTSIZE = 48);
+	CRYPTOPP_CONSTANT(BLOCKSIZE = 128);
+
+	static std::string StaticAlgorithmName() { return "LSH-384"; }
+
+	/// \brief Construct a LSH-384
+	/// \details LSH_TYPE_384 is the magic value 0x0010030 defined in lsh.cpp.
+	LSH384() : LSH512_Base(0x0010030, DIGESTSIZE, BLOCKSIZE) { Restart(); }
+
+	std::string AlgorithmName() const { return StaticAlgorithmName(); }
+};
+
+/// \brief LSH-512 hash function
+/// \sa <A HREF="https://seed.kisa.or.kr/kisa/algorithm/EgovLSHInfo.do">LSH</A>
+///  on the Korea Internet & Security Agency (KISA) website.
+/// \since Crypto++ 8.6
+class LSH512 : public LSH512_Base
+{
+public:
+	CRYPTOPP_CONSTANT(DIGESTSIZE = 64);
+	CRYPTOPP_CONSTANT(BLOCKSIZE = 128);
+
+	static std::string StaticAlgorithmName() { return "LSH-512"; }
+
+	/// \brief Construct a LSH-512
+	/// \details LSH_TYPE_512 is the magic value 0x0010040 defined in lsh.cpp.
+	LSH512() : LSH512_Base(0x0010040, DIGESTSIZE, BLOCKSIZE) { Restart(); }
+
+	std::string AlgorithmName() const { return StaticAlgorithmName(); }
+};
+
+/// \brief LSH-512-256 hash function
+/// \sa <A HREF="https://seed.kisa.or.kr/kisa/algorithm/EgovLSHInfo.do">LSH</A>
+///  on the Korea Internet & Security Agency (KISA) website.
+/// \since Crypto++ 8.6
+class LSH512_256 : public LSH512_Base
+{
+public:
+	CRYPTOPP_CONSTANT(DIGESTSIZE = 32);
+	CRYPTOPP_CONSTANT(BLOCKSIZE = 128);
+
+	static std::string StaticAlgorithmName() { return "LSH-512-256"; }
+
+	/// \brief Construct a LSH-512-256
+	/// \details LSH_TYPE_512_256 is the magic value 0x0010020 defined in lsh.cpp.
+	LSH512_256() : LSH512_Base(0x0010020, DIGESTSIZE, BLOCKSIZE) { Restart(); }
+
+	std::string AlgorithmName() const { return StaticAlgorithmName(); }
+};
+
+NAMESPACE_END
+
+#endif  // CRYPTOPP_LSH_H

lsh256.cpp

@@ -25,6 +25,7 @@
 #include "ripemd.h"
 #include "panama.h"
 #include "whrlpool.h"
+#include "lsh.h"
 
 #include "osrng.h"
 #include "drbg.h"
@@ -115,6 +116,11 @@ void RegisterFactories1()
 	RegisterDefaultFactoryFor<HashTransformation, SM3>();
 	RegisterDefaultFactoryFor<HashTransformation, BLAKE2s>();
 	RegisterDefaultFactoryFor<HashTransformation, BLAKE2b>();
+	RegisterDefaultFactoryFor<HashTransformation, LSH224>();
+	RegisterDefaultFactoryFor<HashTransformation, LSH256>();
+	RegisterDefaultFactoryFor<HashTransformation, LSH384>();
+	RegisterDefaultFactoryFor<HashTransformation, LSH512>();
+	RegisterDefaultFactoryFor<HashTransformation, LSH512_256>();
 
 #ifdef BLOCKING_RNG_AVAILABLE
 	RegisterDefaultFactoryFor<RandomNumberGenerator, BlockingRng>();

lsh512.cpp

@@ -1009,7 +1009,8 @@ bool Validate(int alg, bool thorough)
 	case 65: result = ValidateARIA(); break;
 	case 66: result = ValidateCamellia(); break;
 	case 67: result = ValidateWhirlpool(); break;
-	case 68: result = ValidateTTMAC(); break;
+	case 68: result = ValidateLSH(); break;
+	case 69: result = ValidateTTMAC(); break;
 	case 70: result = ValidateSalsa(); break;
 	case 71: result = ValidateChaCha(); break;
 	case 72: result = ValidateChaChaTLS(); break;

regtest1.cpp

@@ -107,6 +107,8 @@ bool ValidateAll(bool thorough)
 	pass=ValidateSHAKE() && pass;
 	pass=ValidateSHAKE_XOF() && pass;
 
+	pass=ValidateLSH() && pass;
+
 	pass=ValidateHashDRBG() && pass;
 	pass=ValidateHmacDRBG() && pass;
 

test.cpp

@@ -28,6 +28,7 @@
 #include "siphash.h"
 #include "poly1305.h"
 #include "whrlpool.h"
+#include "lsh.h"
 
 #include "pssr.h"
 #include "hkdf.h"
@@ -514,14 +515,22 @@ bool ValidateHAVAL()
 
 bool ValidatePanama()
 {
+	std::cout << "\nPanama validation suite running...\n";
 	return RunTestDataFile("TestVectors/panama.txt");
 }
 
 bool ValidateWhirlpool()
 {
+	std::cout << "\nWhirlpool validation suite running...\n";
 	return RunTestDataFile("TestVectors/whrlpool.txt");
 }
 
+bool ValidateLSH()
+{
+	std::cout << "\nLSH validation suite running...\n";
+	return RunTestDataFile("TestVectors/lsh.txt");
+}
+
 #ifdef CRYPTOPP_REMOVED
 bool ValidateMD5MAC()
 {

validat3.cpp

@@ -60,6 +60,7 @@ bool ValidateTiger();
 bool ValidateRIPEMD();
 bool ValidatePanama();
 bool ValidateWhirlpool();
+bool ValidateLSH();
 
 bool ValidateSM3();
 bool ValidateBLAKE2s();