Botan  2.1.0
Crypto and TLS for C++11
whirlpool.cpp
Go to the documentation of this file.
1 /*
2 * Whirlpool
3 * (C) 1999-2007 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/whrlpool.h>
9 
10 namespace Botan {
11 
12 /*
13 * Whirlpool Compression Function
14 */
15 void Whirlpool::compress_n(const uint8_t in[], size_t blocks)
16  {
17  static const uint64_t RC[10] = {
18  0x1823C6E887B8014F, 0x36A6D2F5796F9152,
19  0x60BC9B8EA30C7B35, 0x1DE0D7C22E4BFE57,
20  0x157737E59FF04ADA, 0x58C9290AB1A06B85,
21  0xBD5D10F4CB3E0567, 0xE427418BA77D95D8,
22  0xFBEE7C66DD17479E, 0xCA2DBF07AD5A8333
23  };
24 
25  for(size_t i = 0; i != blocks; ++i)
26  {
27  load_be(m_M.data(), in, m_M.size());
28 
29  uint64_t K0, K1, K2, K3, K4, K5, K6, K7;
30  K0 = m_digest[0]; K1 = m_digest[1]; K2 = m_digest[2]; K3 = m_digest[3];
31  K4 = m_digest[4]; K5 = m_digest[5]; K6 = m_digest[6]; K7 = m_digest[7];
32 
33  uint64_t B0, B1, B2, B3, B4, B5, B6, B7;
34  B0 = K0 ^ m_M[0]; B1 = K1 ^ m_M[1]; B2 = K2 ^ m_M[2]; B3 = K3 ^ m_M[3];
35  B4 = K4 ^ m_M[4]; B5 = K5 ^ m_M[5]; B6 = K6 ^ m_M[6]; B7 = K7 ^ m_M[7];
36 
37  for(size_t j = 0; j != 10; ++j)
38  {
39  uint64_t T0, T1, T2, T3, T4, T5, T6, T7;
40  T0 = C0[get_byte(0, K0)] ^ C1[get_byte(1, K7)] ^
41  C2[get_byte(2, K6)] ^ C3[get_byte(3, K5)] ^
42  C4[get_byte(4, K4)] ^ C5[get_byte(5, K3)] ^
43  C6[get_byte(6, K2)] ^ C7[get_byte(7, K1)] ^ RC[j];
44  T1 = C0[get_byte(0, K1)] ^ C1[get_byte(1, K0)] ^
45  C2[get_byte(2, K7)] ^ C3[get_byte(3, K6)] ^
46  C4[get_byte(4, K5)] ^ C5[get_byte(5, K4)] ^
47  C6[get_byte(6, K3)] ^ C7[get_byte(7, K2)];
48  T2 = C0[get_byte(0, K2)] ^ C1[get_byte(1, K1)] ^
49  C2[get_byte(2, K0)] ^ C3[get_byte(3, K7)] ^
50  C4[get_byte(4, K6)] ^ C5[get_byte(5, K5)] ^
51  C6[get_byte(6, K4)] ^ C7[get_byte(7, K3)];
52  T3 = C0[get_byte(0, K3)] ^ C1[get_byte(1, K2)] ^
53  C2[get_byte(2, K1)] ^ C3[get_byte(3, K0)] ^
54  C4[get_byte(4, K7)] ^ C5[get_byte(5, K6)] ^
55  C6[get_byte(6, K5)] ^ C7[get_byte(7, K4)];
56  T4 = C0[get_byte(0, K4)] ^ C1[get_byte(1, K3)] ^
57  C2[get_byte(2, K2)] ^ C3[get_byte(3, K1)] ^
58  C4[get_byte(4, K0)] ^ C5[get_byte(5, K7)] ^
59  C6[get_byte(6, K6)] ^ C7[get_byte(7, K5)];
60  T5 = C0[get_byte(0, K5)] ^ C1[get_byte(1, K4)] ^
61  C2[get_byte(2, K3)] ^ C3[get_byte(3, K2)] ^
62  C4[get_byte(4, K1)] ^ C5[get_byte(5, K0)] ^
63  C6[get_byte(6, K7)] ^ C7[get_byte(7, K6)];
64  T6 = C0[get_byte(0, K6)] ^ C1[get_byte(1, K5)] ^
65  C2[get_byte(2, K4)] ^ C3[get_byte(3, K3)] ^
66  C4[get_byte(4, K2)] ^ C5[get_byte(5, K1)] ^
67  C6[get_byte(6, K0)] ^ C7[get_byte(7, K7)];
68  T7 = C0[get_byte(0, K7)] ^ C1[get_byte(1, K6)] ^
69  C2[get_byte(2, K5)] ^ C3[get_byte(3, K4)] ^
70  C4[get_byte(4, K3)] ^ C5[get_byte(5, K2)] ^
71  C6[get_byte(6, K1)] ^ C7[get_byte(7, K0)];
72 
73  K0 = T0; K1 = T1; K2 = T2; K3 = T3;
74  K4 = T4; K5 = T5; K6 = T6; K7 = T7;
75 
76  T0 = C0[get_byte(0, B0)] ^ C1[get_byte(1, B7)] ^
77  C2[get_byte(2, B6)] ^ C3[get_byte(3, B5)] ^
78  C4[get_byte(4, B4)] ^ C5[get_byte(5, B3)] ^
79  C6[get_byte(6, B2)] ^ C7[get_byte(7, B1)] ^ K0;
80  T1 = C0[get_byte(0, B1)] ^ C1[get_byte(1, B0)] ^
81  C2[get_byte(2, B7)] ^ C3[get_byte(3, B6)] ^
82  C4[get_byte(4, B5)] ^ C5[get_byte(5, B4)] ^
83  C6[get_byte(6, B3)] ^ C7[get_byte(7, B2)] ^ K1;
84  T2 = C0[get_byte(0, B2)] ^ C1[get_byte(1, B1)] ^
85  C2[get_byte(2, B0)] ^ C3[get_byte(3, B7)] ^
86  C4[get_byte(4, B6)] ^ C5[get_byte(5, B5)] ^
87  C6[get_byte(6, B4)] ^ C7[get_byte(7, B3)] ^ K2;
88  T3 = C0[get_byte(0, B3)] ^ C1[get_byte(1, B2)] ^
89  C2[get_byte(2, B1)] ^ C3[get_byte(3, B0)] ^
90  C4[get_byte(4, B7)] ^ C5[get_byte(5, B6)] ^
91  C6[get_byte(6, B5)] ^ C7[get_byte(7, B4)] ^ K3;
92  T4 = C0[get_byte(0, B4)] ^ C1[get_byte(1, B3)] ^
93  C2[get_byte(2, B2)] ^ C3[get_byte(3, B1)] ^
94  C4[get_byte(4, B0)] ^ C5[get_byte(5, B7)] ^
95  C6[get_byte(6, B6)] ^ C7[get_byte(7, B5)] ^ K4;
96  T5 = C0[get_byte(0, B5)] ^ C1[get_byte(1, B4)] ^
97  C2[get_byte(2, B3)] ^ C3[get_byte(3, B2)] ^
98  C4[get_byte(4, B1)] ^ C5[get_byte(5, B0)] ^
99  C6[get_byte(6, B7)] ^ C7[get_byte(7, B6)] ^ K5;
100  T6 = C0[get_byte(0, B6)] ^ C1[get_byte(1, B5)] ^
101  C2[get_byte(2, B4)] ^ C3[get_byte(3, B3)] ^
102  C4[get_byte(4, B2)] ^ C5[get_byte(5, B1)] ^
103  C6[get_byte(6, B0)] ^ C7[get_byte(7, B7)] ^ K6;
104  T7 = C0[get_byte(0, B7)] ^ C1[get_byte(1, B6)] ^
105  C2[get_byte(2, B5)] ^ C3[get_byte(3, B4)] ^
106  C4[get_byte(4, B3)] ^ C5[get_byte(5, B2)] ^
107  C6[get_byte(6, B1)] ^ C7[get_byte(7, B0)] ^ K7;
108 
109  B0 = T0; B1 = T1; B2 = T2; B3 = T3;
110  B4 = T4; B5 = T5; B6 = T6; B7 = T7;
111  }
112 
113  m_digest[0] ^= B0 ^ m_M[0];
114  m_digest[1] ^= B1 ^ m_M[1];
115  m_digest[2] ^= B2 ^ m_M[2];
116  m_digest[3] ^= B3 ^ m_M[3];
117  m_digest[4] ^= B4 ^ m_M[4];
118  m_digest[5] ^= B5 ^ m_M[5];
119  m_digest[6] ^= B6 ^ m_M[6];
120  m_digest[7] ^= B7 ^ m_M[7];
121 
122  in += hash_block_size();
123  }
124  }
125 
126 /*
127 * Copy out the digest
128 */
129 void Whirlpool::copy_out(uint8_t output[])
130  {
131  copy_out_vec_be(output, output_length(), m_digest);
132  }
133 
134 /*
135 * Clear memory of sensitive data
136 */
138  {
140  zeroise(m_M);
141  zeroise(m_digest);
142  }
143 
144 }
void copy_out_vec_be(uint8_t out[], size_t out_bytes, const std::vector< T, Alloc > &in)
Definition: loadstor.h:676
void clear() override
Definition: mdx_hash.cpp:32
size_t hash_block_size() const override
Definition: mdx_hash.h:32
size_t output_length() const override
Definition: whrlpool.h:22
T load_be(const uint8_t in[], size_t off)
Definition: loadstor.h:113
Definition: alg_id.cpp:13
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:47
void clear() override
Definition: whirlpool.cpp:137
void zeroise(std::vector< T, Alloc > &vec)
Definition: secmem.h:211