Botan  2.4.0
Crypto and TLS for C++11
whirlpool.cpp
Go to the documentation of this file.
1 /*
2 * Whirlpool
3 * (C) 1999-2007 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/whrlpool.h>
9 
10 namespace Botan {
11 
12 std::unique_ptr<HashFunction> Whirlpool::copy_state() const
13  {
14  return std::unique_ptr<HashFunction>(new Whirlpool(*this));
15  }
16 
17 /*
18 * Whirlpool Compression Function
19 */
20 void Whirlpool::compress_n(const uint8_t in[], size_t blocks)
21  {
22  static const uint64_t RC[10] = {
23  0x1823C6E887B8014F, 0x36A6D2F5796F9152,
24  0x60BC9B8EA30C7B35, 0x1DE0D7C22E4BFE57,
25  0x157737E59FF04ADA, 0x58C9290AB1A06B85,
26  0xBD5D10F4CB3E0567, 0xE427418BA77D95D8,
27  0xFBEE7C66DD17479E, 0xCA2DBF07AD5A8333
28  };
29 
30  for(size_t i = 0; i != blocks; ++i)
31  {
32  load_be(m_M.data(), in, m_M.size());
33 
34  uint64_t K0, K1, K2, K3, K4, K5, K6, K7;
35  K0 = m_digest[0]; K1 = m_digest[1]; K2 = m_digest[2]; K3 = m_digest[3];
36  K4 = m_digest[4]; K5 = m_digest[5]; K6 = m_digest[6]; K7 = m_digest[7];
37 
38  uint64_t B0, B1, B2, B3, B4, B5, B6, B7;
39  B0 = K0 ^ m_M[0]; B1 = K1 ^ m_M[1]; B2 = K2 ^ m_M[2]; B3 = K3 ^ m_M[3];
40  B4 = K4 ^ m_M[4]; B5 = K5 ^ m_M[5]; B6 = K6 ^ m_M[6]; B7 = K7 ^ m_M[7];
41 
42  for(size_t j = 0; j != 10; ++j)
43  {
44  uint64_t T0, T1, T2, T3, T4, T5, T6, T7;
45  T0 = C0[get_byte(0, K0)] ^ C1[get_byte(1, K7)] ^
46  C2[get_byte(2, K6)] ^ C3[get_byte(3, K5)] ^
47  C4[get_byte(4, K4)] ^ C5[get_byte(5, K3)] ^
48  C6[get_byte(6, K2)] ^ C7[get_byte(7, K1)] ^ RC[j];
49  T1 = C0[get_byte(0, K1)] ^ C1[get_byte(1, K0)] ^
50  C2[get_byte(2, K7)] ^ C3[get_byte(3, K6)] ^
51  C4[get_byte(4, K5)] ^ C5[get_byte(5, K4)] ^
52  C6[get_byte(6, K3)] ^ C7[get_byte(7, K2)];
53  T2 = C0[get_byte(0, K2)] ^ C1[get_byte(1, K1)] ^
54  C2[get_byte(2, K0)] ^ C3[get_byte(3, K7)] ^
55  C4[get_byte(4, K6)] ^ C5[get_byte(5, K5)] ^
56  C6[get_byte(6, K4)] ^ C7[get_byte(7, K3)];
57  T3 = C0[get_byte(0, K3)] ^ C1[get_byte(1, K2)] ^
58  C2[get_byte(2, K1)] ^ C3[get_byte(3, K0)] ^
59  C4[get_byte(4, K7)] ^ C5[get_byte(5, K6)] ^
60  C6[get_byte(6, K5)] ^ C7[get_byte(7, K4)];
61  T4 = C0[get_byte(0, K4)] ^ C1[get_byte(1, K3)] ^
62  C2[get_byte(2, K2)] ^ C3[get_byte(3, K1)] ^
63  C4[get_byte(4, K0)] ^ C5[get_byte(5, K7)] ^
64  C6[get_byte(6, K6)] ^ C7[get_byte(7, K5)];
65  T5 = C0[get_byte(0, K5)] ^ C1[get_byte(1, K4)] ^
66  C2[get_byte(2, K3)] ^ C3[get_byte(3, K2)] ^
67  C4[get_byte(4, K1)] ^ C5[get_byte(5, K0)] ^
68  C6[get_byte(6, K7)] ^ C7[get_byte(7, K6)];
69  T6 = C0[get_byte(0, K6)] ^ C1[get_byte(1, K5)] ^
70  C2[get_byte(2, K4)] ^ C3[get_byte(3, K3)] ^
71  C4[get_byte(4, K2)] ^ C5[get_byte(5, K1)] ^
72  C6[get_byte(6, K0)] ^ C7[get_byte(7, K7)];
73  T7 = C0[get_byte(0, K7)] ^ C1[get_byte(1, K6)] ^
74  C2[get_byte(2, K5)] ^ C3[get_byte(3, K4)] ^
75  C4[get_byte(4, K3)] ^ C5[get_byte(5, K2)] ^
76  C6[get_byte(6, K1)] ^ C7[get_byte(7, K0)];
77 
78  K0 = T0; K1 = T1; K2 = T2; K3 = T3;
79  K4 = T4; K5 = T5; K6 = T6; K7 = T7;
80 
81  T0 = C0[get_byte(0, B0)] ^ C1[get_byte(1, B7)] ^
82  C2[get_byte(2, B6)] ^ C3[get_byte(3, B5)] ^
83  C4[get_byte(4, B4)] ^ C5[get_byte(5, B3)] ^
84  C6[get_byte(6, B2)] ^ C7[get_byte(7, B1)] ^ K0;
85  T1 = C0[get_byte(0, B1)] ^ C1[get_byte(1, B0)] ^
86  C2[get_byte(2, B7)] ^ C3[get_byte(3, B6)] ^
87  C4[get_byte(4, B5)] ^ C5[get_byte(5, B4)] ^
88  C6[get_byte(6, B3)] ^ C7[get_byte(7, B2)] ^ K1;
89  T2 = C0[get_byte(0, B2)] ^ C1[get_byte(1, B1)] ^
90  C2[get_byte(2, B0)] ^ C3[get_byte(3, B7)] ^
91  C4[get_byte(4, B6)] ^ C5[get_byte(5, B5)] ^
92  C6[get_byte(6, B4)] ^ C7[get_byte(7, B3)] ^ K2;
93  T3 = C0[get_byte(0, B3)] ^ C1[get_byte(1, B2)] ^
94  C2[get_byte(2, B1)] ^ C3[get_byte(3, B0)] ^
95  C4[get_byte(4, B7)] ^ C5[get_byte(5, B6)] ^
96  C6[get_byte(6, B5)] ^ C7[get_byte(7, B4)] ^ K3;
97  T4 = C0[get_byte(0, B4)] ^ C1[get_byte(1, B3)] ^
98  C2[get_byte(2, B2)] ^ C3[get_byte(3, B1)] ^
99  C4[get_byte(4, B0)] ^ C5[get_byte(5, B7)] ^
100  C6[get_byte(6, B6)] ^ C7[get_byte(7, B5)] ^ K4;
101  T5 = C0[get_byte(0, B5)] ^ C1[get_byte(1, B4)] ^
102  C2[get_byte(2, B3)] ^ C3[get_byte(3, B2)] ^
103  C4[get_byte(4, B1)] ^ C5[get_byte(5, B0)] ^
104  C6[get_byte(6, B7)] ^ C7[get_byte(7, B6)] ^ K5;
105  T6 = C0[get_byte(0, B6)] ^ C1[get_byte(1, B5)] ^
106  C2[get_byte(2, B4)] ^ C3[get_byte(3, B3)] ^
107  C4[get_byte(4, B2)] ^ C5[get_byte(5, B1)] ^
108  C6[get_byte(6, B0)] ^ C7[get_byte(7, B7)] ^ K6;
109  T7 = C0[get_byte(0, B7)] ^ C1[get_byte(1, B6)] ^
110  C2[get_byte(2, B5)] ^ C3[get_byte(3, B4)] ^
111  C4[get_byte(4, B3)] ^ C5[get_byte(5, B2)] ^
112  C6[get_byte(6, B1)] ^ C7[get_byte(7, B0)] ^ K7;
113 
114  B0 = T0; B1 = T1; B2 = T2; B3 = T3;
115  B4 = T4; B5 = T5; B6 = T6; B7 = T7;
116  }
117 
118  m_digest[0] ^= B0 ^ m_M[0];
119  m_digest[1] ^= B1 ^ m_M[1];
120  m_digest[2] ^= B2 ^ m_M[2];
121  m_digest[3] ^= B3 ^ m_M[3];
122  m_digest[4] ^= B4 ^ m_M[4];
123  m_digest[5] ^= B5 ^ m_M[5];
124  m_digest[6] ^= B6 ^ m_M[6];
125  m_digest[7] ^= B7 ^ m_M[7];
126 
127  in += hash_block_size();
128  }
129  }
130 
131 /*
132 * Copy out the digest
133 */
134 void Whirlpool::copy_out(uint8_t output[])
135  {
136  copy_out_vec_be(output, output_length(), m_digest);
137  }
138 
139 /*
140 * Clear memory of sensitive data
141 */
143  {
145  zeroise(m_M);
146  zeroise(m_digest);
147  }
148 
149 }
void copy_out_vec_be(uint8_t out[], size_t out_bytes, const std::vector< T, Alloc > &in)
Definition: loadstor.h:669
void clear() override
Definition: mdx_hash.cpp:33
size_t hash_block_size() const override final
Definition: mdx_hash.h:32
size_t output_length() const override
Definition: whrlpool.h:22
T load_be(const uint8_t in[], size_t off)
Definition: loadstor.h:105
Definition: alg_id.cpp:13
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:39
void clear() override
Definition: whirlpool.cpp:142
std::unique_ptr< HashFunction > copy_state() const override
Definition: whirlpool.cpp:12
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:181