123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258 |
- /*
- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
- /**
- * The Whirlpool hashing function.
- *
- * See
- * P.S.L.M. Barreto, V. Rijmen,
- * ``The Whirlpool hashing function,''
- * NESSIE submission, 2000 (tweaked version, 2001),
- * <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip>
- *
- * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and
- * Vincent Rijmen. Lookup "reference implementations" on
- * <http://planeta.terra.com.br/informatica/paulobarreto/>
- *
- * =============================================================================
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
- * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
- * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
- * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
- /*
- * OpenSSL-specific implementation notes.
- *
- * WHIRLPOOL_Update as well as one-stroke WHIRLPOOL both expect
- * number of *bytes* as input length argument. Bit-oriented routine
- * as specified by authors is called WHIRLPOOL_BitUpdate[!] and
- * does not have one-stroke counterpart.
- *
- * WHIRLPOOL_BitUpdate implements byte-oriented loop, essentially
- * to serve WHIRLPOOL_Update. This is done for performance.
- *
- * Unlike authors' reference implementation, block processing
- * routine whirlpool_block is designed to operate on multi-block
- * input. This is done for performance.
- */
- #include <openssl/crypto.h>
- #include "wp_locl.h"
- #include <string.h>
- int WHIRLPOOL_Init(WHIRLPOOL_CTX *c)
- {
- memset(c, 0, sizeof(*c));
- return 1;
- }
- int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *_inp, size_t bytes)
- {
- /*
- * Well, largest suitable chunk size actually is
- * (1<<(sizeof(size_t)*8-3))-64, but below number is large enough for not
- * to care about excessive calls to WHIRLPOOL_BitUpdate...
- */
- size_t chunk = ((size_t)1) << (sizeof(size_t) * 8 - 4);
- const unsigned char *inp = _inp;
- while (bytes >= chunk) {
- WHIRLPOOL_BitUpdate(c, inp, chunk * 8);
- bytes -= chunk;
- inp += chunk;
- }
- if (bytes)
- WHIRLPOOL_BitUpdate(c, inp, bytes * 8);
- return 1;
- }
- void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits)
- {
- size_t n;
- unsigned int bitoff = c->bitoff,
- bitrem = bitoff % 8, inpgap = (8 - (unsigned int)bits % 8) & 7;
- const unsigned char *inp = _inp;
- /*
- * This 256-bit increment procedure relies on the size_t being natural
- * size of CPU register, so that we don't have to mask the value in order
- * to detect overflows.
- */
- c->bitlen[0] += bits;
- if (c->bitlen[0] < bits) { /* overflow */
- n = 1;
- do {
- c->bitlen[n]++;
- } while (c->bitlen[n] == 0
- && ++n < (WHIRLPOOL_COUNTER / sizeof(size_t)));
- }
- #ifndef OPENSSL_SMALL_FOOTPRINT
- reconsider:
- if (inpgap == 0 && bitrem == 0) { /* byte-oriented loop */
- while (bits) {
- if (bitoff == 0 && (n = bits / WHIRLPOOL_BBLOCK)) {
- whirlpool_block(c, inp, n);
- inp += n * WHIRLPOOL_BBLOCK / 8;
- bits %= WHIRLPOOL_BBLOCK;
- } else {
- unsigned int byteoff = bitoff / 8;
- bitrem = WHIRLPOOL_BBLOCK - bitoff; /* re-use bitrem */
- if (bits >= bitrem) {
- bits -= bitrem;
- bitrem /= 8;
- memcpy(c->data + byteoff, inp, bitrem);
- inp += bitrem;
- whirlpool_block(c, c->data, 1);
- bitoff = 0;
- } else {
- memcpy(c->data + byteoff, inp, bits / 8);
- bitoff += (unsigned int)bits;
- bits = 0;
- }
- c->bitoff = bitoff;
- }
- }
- } else /* bit-oriented loop */
- #endif
- {
- /*-
- inp
- |
- +-------+-------+-------
- |||||||||||||||||||||
- +-------+-------+-------
- +-------+-------+-------+-------+-------
- |||||||||||||| c->data
- +-------+-------+-------+-------+-------
- |
- c->bitoff/8
- */
- while (bits) {
- unsigned int byteoff = bitoff / 8;
- unsigned char b;
- #ifndef OPENSSL_SMALL_FOOTPRINT
- if (bitrem == inpgap) {
- c->data[byteoff++] |= inp[0] & (0xff >> inpgap);
- inpgap = 8 - inpgap;
- bitoff += inpgap;
- bitrem = 0; /* bitoff%8 */
- bits -= inpgap;
- inpgap = 0; /* bits%8 */
- inp++;
- if (bitoff == WHIRLPOOL_BBLOCK) {
- whirlpool_block(c, c->data, 1);
- bitoff = 0;
- }
- c->bitoff = bitoff;
- goto reconsider;
- } else
- #endif
- if (bits > 8) {
- b = ((inp[0] << inpgap) | (inp[1] >> (8 - inpgap)));
- b &= 0xff;
- if (bitrem)
- c->data[byteoff++] |= b >> bitrem;
- else
- c->data[byteoff++] = b;
- bitoff += 8;
- bits -= 8;
- inp++;
- if (bitoff >= WHIRLPOOL_BBLOCK) {
- whirlpool_block(c, c->data, 1);
- byteoff = 0;
- bitoff %= WHIRLPOOL_BBLOCK;
- }
- if (bitrem)
- c->data[byteoff] = b << (8 - bitrem);
- } else { /* remaining less than or equal to 8 bits */
- b = (inp[0] << inpgap) & 0xff;
- if (bitrem)
- c->data[byteoff++] |= b >> bitrem;
- else
- c->data[byteoff++] = b;
- bitoff += (unsigned int)bits;
- if (bitoff == WHIRLPOOL_BBLOCK) {
- whirlpool_block(c, c->data, 1);
- byteoff = 0;
- bitoff %= WHIRLPOOL_BBLOCK;
- }
- if (bitrem)
- c->data[byteoff] = b << (8 - bitrem);
- bits = 0;
- }
- c->bitoff = bitoff;
- }
- }
- }
- int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c)
- {
- unsigned int bitoff = c->bitoff, byteoff = bitoff / 8;
- size_t i, j, v;
- unsigned char *p;
- bitoff %= 8;
- if (bitoff)
- c->data[byteoff] |= 0x80 >> bitoff;
- else
- c->data[byteoff] = 0x80;
- byteoff++;
- /* pad with zeros */
- if (byteoff > (WHIRLPOOL_BBLOCK / 8 - WHIRLPOOL_COUNTER)) {
- if (byteoff < WHIRLPOOL_BBLOCK / 8)
- memset(&c->data[byteoff], 0, WHIRLPOOL_BBLOCK / 8 - byteoff);
- whirlpool_block(c, c->data, 1);
- byteoff = 0;
- }
- if (byteoff < (WHIRLPOOL_BBLOCK / 8 - WHIRLPOOL_COUNTER))
- memset(&c->data[byteoff], 0,
- (WHIRLPOOL_BBLOCK / 8 - WHIRLPOOL_COUNTER) - byteoff);
- /* smash 256-bit c->bitlen in big-endian order */
- p = &c->data[WHIRLPOOL_BBLOCK / 8 - 1]; /* last byte in c->data */
- for (i = 0; i < WHIRLPOOL_COUNTER / sizeof(size_t); i++)
- for (v = c->bitlen[i], j = 0; j < sizeof(size_t); j++, v >>= 8)
- *p-- = (unsigned char)(v & 0xff);
- whirlpool_block(c, c->data, 1);
- if (md) {
- memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
- OPENSSL_cleanse(c, sizeof(*c));
- return 1;
- }
- return 0;
- }
- unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md)
- {
- WHIRLPOOL_CTX ctx;
- static unsigned char m[WHIRLPOOL_DIGEST_LENGTH];
- if (md == NULL)
- md = m;
- WHIRLPOOL_Init(&ctx);
- WHIRLPOOL_Update(&ctx, inp, bytes);
- WHIRLPOOL_Final(md, &ctx);
- return md;
- }
|