doxygen/streebog_8cpp_source.html

/*

* Streebog

* (C) 2017 Ribose Inc.

* (C) 2018 Jack Lloyd

*

* Botan is released under the Simplified BSD License (see license.txt)

*/


#include <botan/internal/streebog.h>


#include <botan/exceptn.h>

#include <botan/internal/bswap.h>

#include <botan/internal/fmt.h>

#include <botan/internal/loadstor.h>

#include <botan/internal/stl_util.h>


namespace Botan {


extern const uint64_t STREEBOG_Ax[8][256];

extern const uint64_t STREEBOG_C[12][8];


std::unique_ptr<HashFunction> Streebog::copy_state() const {

   return std::make_unique<Streebog>(*this);

}


Streebog::Streebog(size_t output_bits) : m_output_bits(output_bits), m_count(0), m_h(8), m_S(8) {

   if(output_bits != 256 && output_bits != 512) {

      throw Invalid_Argument(fmt("Streebog: Invalid output length {}", output_bits));

   }


   clear();

}


std::string Streebog::name() const {

   return fmt("Streebog-{}", m_output_bits);

}


/*

* Clear memory of sensitive data

*/


void Streebog::clear() {

   m_count = 0;

   m_buffer.clear();

   zeroise(m_S);


   const uint64_t fill = (m_output_bits == 512) ? 0 : 0x0101010101010101;

   std::fill(m_h.begin(), m_h.end(), fill);

}


/*

* Update the hash

*/


void Streebog::add_data(std::span<const uint8_t> input) {

   BufferSlicer in(input);


   while(!in.empty()) {

      if(const auto one_block = m_buffer.handle_unaligned_data(in)) {

         compress(one_block->data());

         m_count += 512;

      }


      if(m_buffer.in_alignment()) {

         while(const auto aligned_block = m_buffer.next_aligned_block_to_process(in)) {

            compress(aligned_block->data());

            m_count += 512;

         }

      }

   }

}


/*

* Finalize a hash

*/


void Streebog::final_result(std::span<uint8_t> output) {

   const auto pos = m_buffer.elements_in_buffer();


   const uint8_t padding = 0x01;

   m_buffer.append({&padding, 1});

   m_buffer.fill_up_with_zeros();


   compress(m_buffer.consume().data());

   m_count += pos * 8;


   m_buffer.fill_up_with_zeros();

   store_le(m_count, m_buffer.directly_modify_first(sizeof(m_count)).data());

   compress(m_buffer.consume().data(), true);


   compress_64(m_S.data(), true);

   // FIXME

   std::memcpy(output.data(), &m_h[8 - output_length() / 8], output_length());

   clear();

}


namespace {


inline uint64_t force_le(uint64_t x) {

#if defined(BOTAN_TARGET_CPU_IS_LITTLE_ENDIAN)

   return x;

#elif defined(BOTAN_TARGET_CPU_IS_BIG_ENDIAN)

   return reverse_bytes(x);

#else

   store_le(x, reinterpret_cast<uint8_t*>(&x));

   return x;

#endif

}


inline void lps(uint64_t block[8]) {

   uint8_t r[64];

   // FIXME

   std::memcpy(r, block, 64);


   for(int i = 0; i < 8; ++i) {

      block[i] = force_le(STREEBOG_Ax[0][r[i + 0 * 8]]) ^ force_le(STREEBOG_Ax[1][r[i + 1 * 8]]) ^

                 force_le(STREEBOG_Ax[2][r[i + 2 * 8]]) ^ force_le(STREEBOG_Ax[3][r[i + 3 * 8]]) ^

                 force_le(STREEBOG_Ax[4][r[i + 4 * 8]]) ^ force_le(STREEBOG_Ax[5][r[i + 5 * 8]]) ^

                 force_le(STREEBOG_Ax[6][r[i + 6 * 8]]) ^ force_le(STREEBOG_Ax[7][r[i + 7 * 8]]);

   }

}


}  //namespace


void Streebog::compress(const uint8_t input[], bool last_block) {

   uint64_t M[8];

   std::memcpy(M, input, 64);


   compress_64(M, last_block);

}


void Streebog::compress_64(const uint64_t M[], bool last_block) {

   const uint64_t N = last_block ? 0 : force_le(m_count);


   uint64_t hN[8];

   uint64_t A[8];


   copy_mem(hN, m_h.data(), 8);

   hN[0] ^= N;

   lps(hN);


   copy_mem(A, hN, 8);


   for(size_t i = 0; i != 8; ++i) {

      hN[i] ^= M[i];

   }


   for(size_t i = 0; i < 12; ++i) {

      for(size_t j = 0; j != 8; ++j) {

         A[j] ^= force_le(STREEBOG_C[i][j]);

      }

      lps(A);


      lps(hN);

      for(size_t j = 0; j != 8; ++j) {

         hN[j] ^= A[j];

      }

   }


   for(size_t i = 0; i != 8; ++i) {

      m_h[i] ^= hN[i] ^ M[i];

   }


   if(!last_block) {

      uint64_t carry = 0;

      for(int i = 0; i < 8; i++) {

         const uint64_t m = force_le(M[i]);

         const uint64_t hi = force_le(m_S[i]);

         const uint64_t t = hi + m + carry;


         m_S[i] = force_le(t);

         if(t != m) {

            carry = (t < m);

         }

      }

   }

}


}  // namespace Botan

Botan::AlignmentBuffer::clear
void clear()
Definition alignment_buffer.h:72

Botan::AlignmentBuffer::directly_modify_first
std::span< T > directly_modify_first(size_t elements)
Definition alignment_buffer.h:103

Botan::AlignmentBuffer::elements_in_buffer
size_t elements_in_buffer() const
Definition alignment_buffer.h:220

Botan::AlignmentBuffer::next_aligned_block_to_process
std::optional< std::span< const uint8_t > > next_aligned_block_to_process(BufferSlicer &slicer) const
Definition alignment_buffer.h:144

Botan::AlignmentBuffer::append
void append(std::span< const T > elements)
Definition alignment_buffer.h:91

Botan::AlignmentBuffer::handle_unaligned_data
std::optional< std::span< const T > > handle_unaligned_data(BufferSlicer &slicer)
Definition alignment_buffer.h:167

Botan::AlignmentBuffer::consume
std::span< const T > consume()
Definition alignment_buffer.h:201

Botan::AlignmentBuffer::fill_up_with_zeros
void fill_up_with_zeros()
Definition alignment_buffer.h:80

Botan::AlignmentBuffer::in_alignment
bool in_alignment() const
Definition alignment_buffer.h:227

Botan::BufferSlicer
Definition stl_util.h:84

Botan::BufferSlicer::empty
bool empty() const
Definition stl_util.h:129

Botan::Invalid_Argument
Definition exceptn.h:131

Botan::Streebog::compress
void compress(const uint8_t input[], bool lastblock=false)
Definition streebog.cpp:122

Botan::Streebog::add_data
void add_data(std::span< const uint8_t > input) override
Definition streebog.cpp:53

Botan::Streebog::output_length
size_t output_length() const override
Definition streebog.h:23

Botan::Streebog::compress_64
void compress_64(const uint64_t input[], bool lastblock=false)
Definition streebog.cpp:129

Botan::Streebog::copy_state
std::unique_ptr< HashFunction > copy_state() const override
Definition streebog.cpp:22

Botan::Streebog::final_result
void final_result(std::span< uint8_t > out) override
Definition streebog.cpp:74

Botan::Streebog::Streebog
Streebog(size_t output_bits)
Definition streebog.cpp:26

Botan::Streebog::clear
void clear() override
Definition streebog.cpp:41

Botan::Streebog::name
std::string name() const override
Definition streebog.cpp:34

Botan
Definition alg_id.cpp:13

Botan::zeroise
void zeroise(std::vector< T, Alloc > &vec)
Definition secmem.h:108

Botan::fmt
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53

Botan::STREEBOG_C
const uint64_t STREEBOG_C[12][8]
Definition streebog_precalc.cpp:452

Botan::reverse_bytes
constexpr T reverse_bytes(T x)
Definition bswap.h:24

Botan::store_le
constexpr auto store_le(ParamTs &&... params)
Definition loadstor.h:764

Botan::carry
void carry(int64_t &h0, int64_t &h1)
Definition ed25519_internal.h:28

Botan::STREEBOG_Ax
const uint64_t STREEBOG_Ax[8][256]
Definition streebog_precalc.cpp:34

Botan::copy_mem
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:146