Botan  2.1.0
Crypto and TLS for C++11
tiger.cpp
Go to the documentation of this file.
1 /*
2 * Tiger
3 * (C) 1999-2007 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/tiger.h>
9 #include <botan/exceptn.h>
10 #include <botan/parsing.h>
11 
12 namespace Botan {
13 
14 namespace {
15 
16 /*
17 * Tiger Mixing Function
18 */
19 inline void mix(secure_vector<uint64_t>& X)
20  {
21  X[0] -= X[7] ^ 0xA5A5A5A5A5A5A5A5;
22  X[1] ^= X[0];
23  X[2] += X[1];
24  X[3] -= X[2] ^ ((~X[1]) << 19);
25  X[4] ^= X[3];
26  X[5] += X[4];
27  X[6] -= X[5] ^ ((~X[4]) >> 23);
28  X[7] ^= X[6];
29 
30  X[0] += X[7];
31  X[1] -= X[0] ^ ((~X[7]) << 19);
32  X[2] ^= X[1];
33  X[3] += X[2];
34  X[4] -= X[3] ^ ((~X[2]) >> 23);
35  X[5] ^= X[4];
36  X[6] += X[5];
37  X[7] -= X[6] ^ 0x0123456789ABCDEF;
38  }
39 
40 }
41 
42 /*
43 * Tiger Compression Function
44 */
45 void Tiger::compress_n(const uint8_t input[], size_t blocks)
46  {
47  uint64_t A = m_digest[0], B = m_digest[1], C = m_digest[2];
48 
49  for(size_t i = 0; i != blocks; ++i)
50  {
51  load_le(m_X.data(), input, m_X.size());
52 
53  pass(A, B, C, m_X, 5); mix(m_X);
54  pass(C, A, B, m_X, 7); mix(m_X);
55  pass(B, C, A, m_X, 9);
56 
57  for(size_t j = 3; j != m_passes; ++j)
58  {
59  mix(m_X);
60  pass(A, B, C, m_X, 9);
61  uint64_t T = A; A = C; C = B; B = T;
62  }
63 
64  A = (m_digest[0] ^= A);
65  B = m_digest[1] = B - m_digest[1];
66  C = (m_digest[2] += C);
67 
68  input += hash_block_size();
69  }
70  }
71 
72 /*
73 * Copy out the digest
74 */
75 void Tiger::copy_out(uint8_t output[])
76  {
77  copy_out_vec_le(output, output_length(), m_digest);
78  }
79 
80 /*
81 * Tiger Pass
82 */
83 void Tiger::pass(uint64_t& A, uint64_t& B, uint64_t& C,
84  const secure_vector<uint64_t>& X,
85  uint8_t mul)
86  {
87  C ^= X[0];
88  A -= SBOX1[get_byte(7, C)] ^ SBOX2[get_byte(5, C)] ^
89  SBOX3[get_byte(3, C)] ^ SBOX4[get_byte(1, C)];
90  B += SBOX1[get_byte(0, C)] ^ SBOX2[get_byte(2, C)] ^
91  SBOX3[get_byte(4, C)] ^ SBOX4[get_byte(6, C)];
92  B *= mul;
93 
94  A ^= X[1];
95  B -= SBOX1[get_byte(7, A)] ^ SBOX2[get_byte(5, A)] ^
96  SBOX3[get_byte(3, A)] ^ SBOX4[get_byte(1, A)];
97  C += SBOX1[get_byte(0, A)] ^ SBOX2[get_byte(2, A)] ^
98  SBOX3[get_byte(4, A)] ^ SBOX4[get_byte(6, A)];
99  C *= mul;
100 
101  B ^= X[2];
102  C -= SBOX1[get_byte(7, B)] ^ SBOX2[get_byte(5, B)] ^
103  SBOX3[get_byte(3, B)] ^ SBOX4[get_byte(1, B)];
104  A += SBOX1[get_byte(0, B)] ^ SBOX2[get_byte(2, B)] ^
105  SBOX3[get_byte(4, B)] ^ SBOX4[get_byte(6, B)];
106  A *= mul;
107 
108  C ^= X[3];
109  A -= SBOX1[get_byte(7, C)] ^ SBOX2[get_byte(5, C)] ^
110  SBOX3[get_byte(3, C)] ^ SBOX4[get_byte(1, C)];
111  B += SBOX1[get_byte(0, C)] ^ SBOX2[get_byte(2, C)] ^
112  SBOX3[get_byte(4, C)] ^ SBOX4[get_byte(6, C)];
113  B *= mul;
114 
115  A ^= X[4];
116  B -= SBOX1[get_byte(7, A)] ^ SBOX2[get_byte(5, A)] ^
117  SBOX3[get_byte(3, A)] ^ SBOX4[get_byte(1, A)];
118  C += SBOX1[get_byte(0, A)] ^ SBOX2[get_byte(2, A)] ^
119  SBOX3[get_byte(4, A)] ^ SBOX4[get_byte(6, A)];
120  C *= mul;
121 
122  B ^= X[5];
123  C -= SBOX1[get_byte(7, B)] ^ SBOX2[get_byte(5, B)] ^
124  SBOX3[get_byte(3, B)] ^ SBOX4[get_byte(1, B)];
125  A += SBOX1[get_byte(0, B)] ^ SBOX2[get_byte(2, B)] ^
126  SBOX3[get_byte(4, B)] ^ SBOX4[get_byte(6, B)];
127  A *= mul;
128 
129  C ^= X[6];
130  A -= SBOX1[get_byte(7, C)] ^ SBOX2[get_byte(5, C)] ^
131  SBOX3[get_byte(3, C)] ^ SBOX4[get_byte(1, C)];
132  B += SBOX1[get_byte(0, C)] ^ SBOX2[get_byte(2, C)] ^
133  SBOX3[get_byte(4, C)] ^ SBOX4[get_byte(6, C)];
134  B *= mul;
135 
136  A ^= X[7];
137  B -= SBOX1[get_byte(7, A)] ^ SBOX2[get_byte(5, A)] ^
138  SBOX3[get_byte(3, A)] ^ SBOX4[get_byte(1, A)];
139  C += SBOX1[get_byte(0, A)] ^ SBOX2[get_byte(2, A)] ^
140  SBOX3[get_byte(4, A)] ^ SBOX4[get_byte(6, A)];
141  C *= mul;
142  }
143 
144 /*
145 * Clear memory of sensitive data
146 */
148  {
150  zeroise(m_X);
151  m_digest[0] = 0x0123456789ABCDEF;
152  m_digest[1] = 0xFEDCBA9876543210;
153  m_digest[2] = 0xF096A5B4C3B2E187;
154  }
155 
156 /*
157 * Return the name of this type
158 */
159 std::string Tiger::name() const
160  {
161  return "Tiger(" + std::to_string(output_length()) + "," +
162  std::to_string(m_passes) + ")";
163  }
164 
165 /*
166 * Tiger Constructor
167 */
168 Tiger::Tiger(size_t hash_len, size_t passes) :
169  MDx_HashFunction(64, false, false),
170  m_X(8),
171  m_digest(3),
172  m_hash_len(hash_len),
173  m_passes(passes)
174  {
175  if(output_length() != 16 && output_length() != 20 && output_length() != 24)
176  throw Invalid_Argument("Tiger: Illegal hash output size: " +
178 
179  if(passes < 3)
180  throw Invalid_Argument("Tiger: Invalid number of passes: "
181  + std::to_string(passes));
182  clear();
183  }
184 
185 }
void clear() override
Definition: mdx_hash.cpp:32
std::string name() const override
Definition: tiger.cpp:159
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:47
size_t hash_block_size() const override
Definition: mdx_hash.h:32
Tiger(size_t out_size=24, size_t passes=3)
Definition: tiger.cpp:168
void clear() override
Definition: tiger.cpp:147
T load_le(const uint8_t in[], size_t off)
Definition: loadstor.h:129
Definition: alg_id.cpp:13
size_t output_length() const override
Definition: tiger.h:22
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:47
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:211
void copy_out_vec_le(uint8_t out[], size_t out_bytes, const std::vector< T, Alloc > &in)
Definition: loadstor.h:697