1 : /*
2 : +----------------------------------------------------------------------+
3 : | PHP Version 5 |
4 : +----------------------------------------------------------------------+
5 : | Copyright (c) 1997-2009 The PHP Group |
6 : +----------------------------------------------------------------------+
7 : | This source file is subject to version 3.01 of the PHP license, |
8 : | that is bundled with this package in the file LICENSE, and is |
9 : | available through the world-wide-web at the following url: |
10 : | http://www.php.net/license/3_01.txt |
11 : | If you did not receive a copy of the PHP license and are unable to |
12 : | obtain it through the world-wide-web, please send a note to |
13 : | license@php.net so we can mail you a copy immediately. |
14 : +----------------------------------------------------------------------+
15 : | Authors: Michael Wallner <mike@php.net> |
16 : | Sara Golemon <pollita@php.net> |
17 : +----------------------------------------------------------------------+
18 : */
19 :
20 : /* $Id: hash_whirlpool.c 272370 2008-12-31 11:15:49Z sebastian $ */
21 :
22 : #include "php_hash.h"
23 :
24 : /*
25 : * TODO: simplify Update and Final, those look ridiculously complex
26 : * Mike, 2005-11-23
27 : */
28 :
29 : #include "php_hash_whirlpool.h"
30 : #include "php_hash_whirlpool_tables.h"
31 :
32 : #define DIGESTBYTES 64
33 : #define DIGESTBITS (8*DIGESTBYTES) /* 512 */
34 :
35 : #define WBLOCKBYTES 64
36 : #define WBLOCKBITS (8*WBLOCKBYTES) /* 512 */
37 :
38 : #define LENGTHBYTES 32
39 : #define LENGTHBITS (8*LENGTHBYTES) /* 256 */
40 :
41 : static void WhirlpoolTransform(PHP_WHIRLPOOL_CTX *context)
42 1040 : {
43 : int i, r;
44 : php_hash_uint64 K[8]; /* the round key */
45 : php_hash_uint64 block[8]; /* mu(buffer) */
46 : php_hash_uint64 state[8]; /* the cipher state */
47 : php_hash_uint64 L[8];
48 1040 : unsigned char *buffer = context->buffer.data;
49 :
50 : /*
51 : * map the buffer to a block:
52 : */
53 9360 : for (i = 0; i < 8; i++, buffer += 8) {
54 8320 : block[i] =
55 : (((php_hash_uint64)buffer[0] ) << 56) ^
56 : (((php_hash_uint64)buffer[1] & 0xffL) << 48) ^
57 : (((php_hash_uint64)buffer[2] & 0xffL) << 40) ^
58 : (((php_hash_uint64)buffer[3] & 0xffL) << 32) ^
59 : (((php_hash_uint64)buffer[4] & 0xffL) << 24) ^
60 : (((php_hash_uint64)buffer[5] & 0xffL) << 16) ^
61 : (((php_hash_uint64)buffer[6] & 0xffL) << 8) ^
62 : (((php_hash_uint64)buffer[7] & 0xffL) );
63 : }
64 : /*
65 : * compute and apply K^0 to the cipher state:
66 : */
67 1040 : state[0] = block[0] ^ (K[0] = context->state[0]);
68 1040 : state[1] = block[1] ^ (K[1] = context->state[1]);
69 1040 : state[2] = block[2] ^ (K[2] = context->state[2]);
70 1040 : state[3] = block[3] ^ (K[3] = context->state[3]);
71 1040 : state[4] = block[4] ^ (K[4] = context->state[4]);
72 1040 : state[5] = block[5] ^ (K[5] = context->state[5]);
73 1040 : state[6] = block[6] ^ (K[6] = context->state[6]);
74 1040 : state[7] = block[7] ^ (K[7] = context->state[7]);
75 : /*
76 : * iterate over all rounds:
77 : */
78 11440 : for (r = 1; r <= R; r++) {
79 : /*
80 : * compute K^r from K^{r-1}:
81 : */
82 10400 : L[0] =
83 : C0[(int)(K[0] >> 56) ] ^
84 : C1[(int)(K[7] >> 48) & 0xff] ^
85 : C2[(int)(K[6] >> 40) & 0xff] ^
86 : C3[(int)(K[5] >> 32) & 0xff] ^
87 : C4[(int)(K[4] >> 24) & 0xff] ^
88 : C5[(int)(K[3] >> 16) & 0xff] ^
89 : C6[(int)(K[2] >> 8) & 0xff] ^
90 : C7[(int)(K[1] ) & 0xff] ^
91 : rc[r];
92 10400 : L[1] =
93 : C0[(int)(K[1] >> 56) ] ^
94 : C1[(int)(K[0] >> 48) & 0xff] ^
95 : C2[(int)(K[7] >> 40) & 0xff] ^
96 : C3[(int)(K[6] >> 32) & 0xff] ^
97 : C4[(int)(K[5] >> 24) & 0xff] ^
98 : C5[(int)(K[4] >> 16) & 0xff] ^
99 : C6[(int)(K[3] >> 8) & 0xff] ^
100 : C7[(int)(K[2] ) & 0xff];
101 10400 : L[2] =
102 : C0[(int)(K[2] >> 56) ] ^
103 : C1[(int)(K[1] >> 48) & 0xff] ^
104 : C2[(int)(K[0] >> 40) & 0xff] ^
105 : C3[(int)(K[7] >> 32) & 0xff] ^
106 : C4[(int)(K[6] >> 24) & 0xff] ^
107 : C5[(int)(K[5] >> 16) & 0xff] ^
108 : C6[(int)(K[4] >> 8) & 0xff] ^
109 : C7[(int)(K[3] ) & 0xff];
110 10400 : L[3] =
111 : C0[(int)(K[3] >> 56) ] ^
112 : C1[(int)(K[2] >> 48) & 0xff] ^
113 : C2[(int)(K[1] >> 40) & 0xff] ^
114 : C3[(int)(K[0] >> 32) & 0xff] ^
115 : C4[(int)(K[7] >> 24) & 0xff] ^
116 : C5[(int)(K[6] >> 16) & 0xff] ^
117 : C6[(int)(K[5] >> 8) & 0xff] ^
118 : C7[(int)(K[4] ) & 0xff];
119 10400 : L[4] =
120 : C0[(int)(K[4] >> 56) ] ^
121 : C1[(int)(K[3] >> 48) & 0xff] ^
122 : C2[(int)(K[2] >> 40) & 0xff] ^
123 : C3[(int)(K[1] >> 32) & 0xff] ^
124 : C4[(int)(K[0] >> 24) & 0xff] ^
125 : C5[(int)(K[7] >> 16) & 0xff] ^
126 : C6[(int)(K[6] >> 8) & 0xff] ^
127 : C7[(int)(K[5] ) & 0xff];
128 10400 : L[5] =
129 : C0[(int)(K[5] >> 56) ] ^
130 : C1[(int)(K[4] >> 48) & 0xff] ^
131 : C2[(int)(K[3] >> 40) & 0xff] ^
132 : C3[(int)(K[2] >> 32) & 0xff] ^
133 : C4[(int)(K[1] >> 24) & 0xff] ^
134 : C5[(int)(K[0] >> 16) & 0xff] ^
135 : C6[(int)(K[7] >> 8) & 0xff] ^
136 : C7[(int)(K[6] ) & 0xff];
137 10400 : L[6] =
138 : C0[(int)(K[6] >> 56) ] ^
139 : C1[(int)(K[5] >> 48) & 0xff] ^
140 : C2[(int)(K[4] >> 40) & 0xff] ^
141 : C3[(int)(K[3] >> 32) & 0xff] ^
142 : C4[(int)(K[2] >> 24) & 0xff] ^
143 : C5[(int)(K[1] >> 16) & 0xff] ^
144 : C6[(int)(K[0] >> 8) & 0xff] ^
145 : C7[(int)(K[7] ) & 0xff];
146 10400 : L[7] =
147 : C0[(int)(K[7] >> 56) ] ^
148 : C1[(int)(K[6] >> 48) & 0xff] ^
149 : C2[(int)(K[5] >> 40) & 0xff] ^
150 : C3[(int)(K[4] >> 32) & 0xff] ^
151 : C4[(int)(K[3] >> 24) & 0xff] ^
152 : C5[(int)(K[2] >> 16) & 0xff] ^
153 : C6[(int)(K[1] >> 8) & 0xff] ^
154 : C7[(int)(K[0] ) & 0xff];
155 10400 : K[0] = L[0];
156 10400 : K[1] = L[1];
157 10400 : K[2] = L[2];
158 10400 : K[3] = L[3];
159 10400 : K[4] = L[4];
160 10400 : K[5] = L[5];
161 10400 : K[6] = L[6];
162 10400 : K[7] = L[7];
163 : /*
164 : * apply the r-th round transformation:
165 : */
166 10400 : L[0] =
167 : C0[(int)(state[0] >> 56) ] ^
168 : C1[(int)(state[7] >> 48) & 0xff] ^
169 : C2[(int)(state[6] >> 40) & 0xff] ^
170 : C3[(int)(state[5] >> 32) & 0xff] ^
171 : C4[(int)(state[4] >> 24) & 0xff] ^
172 : C5[(int)(state[3] >> 16) & 0xff] ^
173 : C6[(int)(state[2] >> 8) & 0xff] ^
174 : C7[(int)(state[1] ) & 0xff] ^
175 : K[0];
176 10400 : L[1] =
177 : C0[(int)(state[1] >> 56) ] ^
178 : C1[(int)(state[0] >> 48) & 0xff] ^
179 : C2[(int)(state[7] >> 40) & 0xff] ^
180 : C3[(int)(state[6] >> 32) & 0xff] ^
181 : C4[(int)(state[5] >> 24) & 0xff] ^
182 : C5[(int)(state[4] >> 16) & 0xff] ^
183 : C6[(int)(state[3] >> 8) & 0xff] ^
184 : C7[(int)(state[2] ) & 0xff] ^
185 : K[1];
186 10400 : L[2] =
187 : C0[(int)(state[2] >> 56) ] ^
188 : C1[(int)(state[1] >> 48) & 0xff] ^
189 : C2[(int)(state[0] >> 40) & 0xff] ^
190 : C3[(int)(state[7] >> 32) & 0xff] ^
191 : C4[(int)(state[6] >> 24) & 0xff] ^
192 : C5[(int)(state[5] >> 16) & 0xff] ^
193 : C6[(int)(state[4] >> 8) & 0xff] ^
194 : C7[(int)(state[3] ) & 0xff] ^
195 : K[2];
196 10400 : L[3] =
197 : C0[(int)(state[3] >> 56) ] ^
198 : C1[(int)(state[2] >> 48) & 0xff] ^
199 : C2[(int)(state[1] >> 40) & 0xff] ^
200 : C3[(int)(state[0] >> 32) & 0xff] ^
201 : C4[(int)(state[7] >> 24) & 0xff] ^
202 : C5[(int)(state[6] >> 16) & 0xff] ^
203 : C6[(int)(state[5] >> 8) & 0xff] ^
204 : C7[(int)(state[4] ) & 0xff] ^
205 : K[3];
206 10400 : L[4] =
207 : C0[(int)(state[4] >> 56) ] ^
208 : C1[(int)(state[3] >> 48) & 0xff] ^
209 : C2[(int)(state[2] >> 40) & 0xff] ^
210 : C3[(int)(state[1] >> 32) & 0xff] ^
211 : C4[(int)(state[0] >> 24) & 0xff] ^
212 : C5[(int)(state[7] >> 16) & 0xff] ^
213 : C6[(int)(state[6] >> 8) & 0xff] ^
214 : C7[(int)(state[5] ) & 0xff] ^
215 : K[4];
216 10400 : L[5] =
217 : C0[(int)(state[5] >> 56) ] ^
218 : C1[(int)(state[4] >> 48) & 0xff] ^
219 : C2[(int)(state[3] >> 40) & 0xff] ^
220 : C3[(int)(state[2] >> 32) & 0xff] ^
221 : C4[(int)(state[1] >> 24) & 0xff] ^
222 : C5[(int)(state[0] >> 16) & 0xff] ^
223 : C6[(int)(state[7] >> 8) & 0xff] ^
224 : C7[(int)(state[6] ) & 0xff] ^
225 : K[5];
226 10400 : L[6] =
227 : C0[(int)(state[6] >> 56) ] ^
228 : C1[(int)(state[5] >> 48) & 0xff] ^
229 : C2[(int)(state[4] >> 40) & 0xff] ^
230 : C3[(int)(state[3] >> 32) & 0xff] ^
231 : C4[(int)(state[2] >> 24) & 0xff] ^
232 : C5[(int)(state[1] >> 16) & 0xff] ^
233 : C6[(int)(state[0] >> 8) & 0xff] ^
234 : C7[(int)(state[7] ) & 0xff] ^
235 : K[6];
236 10400 : L[7] =
237 : C0[(int)(state[7] >> 56) ] ^
238 : C1[(int)(state[6] >> 48) & 0xff] ^
239 : C2[(int)(state[5] >> 40) & 0xff] ^
240 : C3[(int)(state[4] >> 32) & 0xff] ^
241 : C4[(int)(state[3] >> 24) & 0xff] ^
242 : C5[(int)(state[2] >> 16) & 0xff] ^
243 : C6[(int)(state[1] >> 8) & 0xff] ^
244 : C7[(int)(state[0] ) & 0xff] ^
245 : K[7];
246 10400 : state[0] = L[0];
247 10400 : state[1] = L[1];
248 10400 : state[2] = L[2];
249 10400 : state[3] = L[3];
250 10400 : state[4] = L[4];
251 10400 : state[5] = L[5];
252 10400 : state[6] = L[6];
253 10400 : state[7] = L[7];
254 : }
255 : /*
256 : * apply the Miyaguchi-Preneel compression function:
257 : */
258 1040 : context->state[0] ^= state[0] ^ block[0];
259 1040 : context->state[1] ^= state[1] ^ block[1];
260 1040 : context->state[2] ^= state[2] ^ block[2];
261 1040 : context->state[3] ^= state[3] ^ block[3];
262 1040 : context->state[4] ^= state[4] ^ block[4];
263 1040 : context->state[5] ^= state[5] ^ block[5];
264 1040 : context->state[6] ^= state[6] ^ block[6];
265 1040 : context->state[7] ^= state[7] ^ block[7];
266 :
267 1040 : memset(state, 0, sizeof(state));
268 1040 : }
269 :
270 : PHP_HASH_API void PHP_WHIRLPOOLInit(PHP_WHIRLPOOL_CTX *context)
271 12 : {
272 12 : memset(context, 0, sizeof(*context));
273 12 : }
274 :
275 : PHP_HASH_API void PHP_WHIRLPOOLUpdate(PHP_WHIRLPOOL_CTX *context, const unsigned char *input, size_t len)
276 15 : {
277 15 : php_hash_uint64 sourceBits = len * 8;
278 15 : int sourcePos = 0; /* index of leftmost source unsigned char containing data (1 to 8 bits). */
279 15 : int sourceGap = (8 - ((int)sourceBits & 7)) & 7; /* space on source[sourcePos]. */
280 15 : int bufferRem = context->buffer.bits & 7; /* occupied bits on buffer[bufferPos]. */
281 15 : const unsigned char *source = input;
282 15 : unsigned char *buffer = context->buffer.data;
283 15 : unsigned char *bitLength = context->bitlength;
284 15 : int bufferBits = context->buffer.bits;
285 15 : int bufferPos = context->buffer.pos;
286 : php_hash_uint32 b, carry;
287 : int i;
288 :
289 : /*
290 : * tally the length of the added data:
291 : */
292 15 : php_hash_uint64 value = sourceBits;
293 42 : for (i = 31, carry = 0; i >= 0 && (carry != 0 || value != L64(0)); i--) {
294 27 : carry += bitLength[i] + ((php_hash_uint32)value & 0xff);
295 27 : bitLength[i] = (unsigned char)carry;
296 27 : carry >>= 8;
297 27 : value >>= 8;
298 : }
299 : /*
300 : * process data in chunks of 8 bits (a more efficient approach would be to take whole-word chunks):
301 : */
302 65829 : while (sourceBits > 8) {
303 : /* N.B. at least source[sourcePos] and source[sourcePos+1] contain data. */
304 : /*
305 : * take a byte from the source:
306 : */
307 65799 : b = ((source[sourcePos] << sourceGap) & 0xff) |
308 : ((source[sourcePos + 1] & 0xff) >> (8 - sourceGap));
309 : /*
310 : * process this byte:
311 : */
312 65799 : buffer[bufferPos++] |= (unsigned char)(b >> bufferRem);
313 65799 : bufferBits += 8 - bufferRem; /* bufferBits = 8*bufferPos; */
314 65799 : if (bufferBits == DIGESTBITS) {
315 : /*
316 : * process data block:
317 : */
318 1018 : WhirlpoolTransform(context);
319 : /*
320 : * reset buffer:
321 : */
322 1018 : bufferBits = bufferPos = 0;
323 : }
324 65799 : buffer[bufferPos] = (unsigned char) (b << (8 - bufferRem));
325 65799 : bufferBits += bufferRem;
326 : /*
327 : * proceed to remaining data:
328 : */
329 65799 : sourceBits -= 8;
330 65799 : sourcePos++;
331 : }
332 : /* now 0 <= sourceBits <= 8;
333 : * furthermore, all data (if any is left) is in source[sourcePos].
334 : */
335 15 : if (sourceBits > 0) {
336 14 : b = (source[sourcePos] << sourceGap) & 0xff; /* bits are left-justified on b. */
337 : /*
338 : * process the remaining bits:
339 : */
340 14 : buffer[bufferPos] |= b >> bufferRem;
341 : } else {
342 1 : b = 0;
343 : }
344 15 : if (bufferRem + sourceBits < 8) {
345 : /*
346 : * all remaining data fits on buffer[bufferPos],
347 : * and there still remains some space.
348 : */
349 1 : bufferBits += (int) sourceBits;
350 : } else {
351 : /*
352 : * buffer[bufferPos] is full:
353 : */
354 14 : bufferPos++;
355 14 : bufferBits += 8 - bufferRem; /* bufferBits = 8*bufferPos; */
356 14 : sourceBits -= 8 - bufferRem;
357 : /* now 0 <= sourceBits < 8;
358 : * furthermore, all data (if any is left) is in source[sourcePos].
359 : */
360 14 : if (bufferBits == DIGESTBITS) {
361 : /*
362 : * process data block:
363 : */
364 7 : WhirlpoolTransform(context);
365 : /*
366 : * reset buffer:
367 : */
368 7 : bufferBits = bufferPos = 0;
369 : }
370 14 : buffer[bufferPos] = (unsigned char) (b << (8 - bufferRem));
371 14 : bufferBits += (int)sourceBits;
372 : }
373 15 : context->buffer.bits = bufferBits;
374 15 : context->buffer.pos = bufferPos;
375 15 : }
376 :
377 : PHP_HASH_API void PHP_WHIRLPOOLFinal(unsigned char digest[64], PHP_WHIRLPOOL_CTX *context)
378 12 : {
379 : int i;
380 12 : unsigned char *buffer = context->buffer.data;
381 12 : unsigned char *bitLength = context->bitlength;
382 12 : int bufferBits = context->buffer.bits;
383 12 : int bufferPos = context->buffer.pos;
384 :
385 : /*
386 : * append a '1'-bit:
387 : */
388 12 : buffer[bufferPos] |= 0x80U >> (bufferBits & 7);
389 12 : bufferPos++; /* all remaining bits on the current unsigned char are set to zero. */
390 : /*
391 : * pad with zero bits to complete (N*WBLOCKBITS - LENGTHBITS) bits:
392 : */
393 12 : if (bufferPos > WBLOCKBYTES - LENGTHBYTES) {
394 3 : if (bufferPos < WBLOCKBYTES) {
395 3 : memset(&buffer[bufferPos], 0, WBLOCKBYTES - bufferPos);
396 : }
397 : /*
398 : * process data block:
399 : */
400 3 : WhirlpoolTransform(context);
401 : /*
402 : * reset buffer:
403 : */
404 3 : bufferPos = 0;
405 : }
406 12 : if (bufferPos < WBLOCKBYTES - LENGTHBYTES) {
407 12 : memset(&buffer[bufferPos], 0, (WBLOCKBYTES - LENGTHBYTES) - bufferPos);
408 : }
409 12 : bufferPos = WBLOCKBYTES - LENGTHBYTES;
410 : /*
411 : * append bit length of hashed data:
412 : */
413 12 : memcpy(&buffer[WBLOCKBYTES - LENGTHBYTES], bitLength, LENGTHBYTES);
414 : /*
415 : * process data block:
416 : */
417 12 : WhirlpoolTransform(context);
418 : /*
419 : * return the completed message digest:
420 : */
421 108 : for (i = 0; i < DIGESTBYTES/8; i++) {
422 96 : digest[0] = (unsigned char)(context->state[i] >> 56);
423 96 : digest[1] = (unsigned char)(context->state[i] >> 48);
424 96 : digest[2] = (unsigned char)(context->state[i] >> 40);
425 96 : digest[3] = (unsigned char)(context->state[i] >> 32);
426 96 : digest[4] = (unsigned char)(context->state[i] >> 24);
427 96 : digest[5] = (unsigned char)(context->state[i] >> 16);
428 96 : digest[6] = (unsigned char)(context->state[i] >> 8);
429 96 : digest[7] = (unsigned char)(context->state[i] );
430 96 : digest += 8;
431 : }
432 :
433 12 : memset(context, 0, sizeof(*context));
434 12 : }
435 :
436 : const php_hash_ops php_hash_whirlpool_ops = {
437 : (php_hash_init_func_t) PHP_WHIRLPOOLInit,
438 : (php_hash_update_func_t) PHP_WHIRLPOOLUpdate,
439 : (php_hash_final_func_t) PHP_WHIRLPOOLFinal,
440 : (php_hash_copy_func_t) php_hash_copy,
441 : 64,
442 : 64,
443 : sizeof(PHP_WHIRLPOOL_CTX)
444 : };
445 :
446 : /*
447 : * Local variables:
448 : * tab-width: 4
449 : * c-basic-offset: 4
450 : * End:
451 : * vim600: sw=4 ts=4 fdm=marker
452 : * vim<600: sw=4 ts=4
453 : */
|
