hash_whirlpool.c 16 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453
  1. /*
  2. +----------------------------------------------------------------------+
  3. | PHP Version 5 |
  4. +----------------------------------------------------------------------+
  5. | Copyright (c) 1997-2016 The PHP Group |
  6. +----------------------------------------------------------------------+
  7. | This source file is subject to version 3.01 of the PHP license, |
  8. | that is bundled with this package in the file LICENSE, and is |
  9. | available through the world-wide-web at the following url: |
  10. | http://www.php.net/license/3_01.txt |
  11. | If you did not receive a copy of the PHP license and are unable to |
  12. | obtain it through the world-wide-web, please send a note to |
  13. | license@php.net so we can mail you a copy immediately. |
  14. +----------------------------------------------------------------------+
  15. | Authors: Michael Wallner <mike@php.net> |
  16. | Sara Golemon <pollita@php.net> |
  17. +----------------------------------------------------------------------+
  18. */
  19. /* $Id$ */
  20. #include "php_hash.h"
  21. /*
  22. * TODO: simplify Update and Final, those look ridiculously complex
  23. * Mike, 2005-11-23
  24. */
  25. #include "php_hash_whirlpool.h"
  26. #include "php_hash_whirlpool_tables.h"
  27. #define DIGESTBYTES 64
  28. #define DIGESTBITS (8*DIGESTBYTES) /* 512 */
  29. #define WBLOCKBYTES 64
  30. #define WBLOCKBITS (8*WBLOCKBYTES) /* 512 */
  31. #define LENGTHBYTES 32
  32. #define LENGTHBITS (8*LENGTHBYTES) /* 256 */
  33. static void WhirlpoolTransform(PHP_WHIRLPOOL_CTX *context)
  34. {
  35. int i, r;
  36. php_hash_uint64 K[8]; /* the round key */
  37. php_hash_uint64 block[8]; /* mu(buffer) */
  38. php_hash_uint64 state[8]; /* the cipher state */
  39. php_hash_uint64 L[8];
  40. unsigned char *buffer = context->buffer.data;
  41. /*
  42. * map the buffer to a block:
  43. */
  44. for (i = 0; i < 8; i++, buffer += 8) {
  45. block[i] =
  46. (((php_hash_uint64)buffer[0] ) << 56) ^
  47. (((php_hash_uint64)buffer[1] & 0xffL) << 48) ^
  48. (((php_hash_uint64)buffer[2] & 0xffL) << 40) ^
  49. (((php_hash_uint64)buffer[3] & 0xffL) << 32) ^
  50. (((php_hash_uint64)buffer[4] & 0xffL) << 24) ^
  51. (((php_hash_uint64)buffer[5] & 0xffL) << 16) ^
  52. (((php_hash_uint64)buffer[6] & 0xffL) << 8) ^
  53. (((php_hash_uint64)buffer[7] & 0xffL) );
  54. }
  55. /*
  56. * compute and apply K^0 to the cipher state:
  57. */
  58. state[0] = block[0] ^ (K[0] = context->state[0]);
  59. state[1] = block[1] ^ (K[1] = context->state[1]);
  60. state[2] = block[2] ^ (K[2] = context->state[2]);
  61. state[3] = block[3] ^ (K[3] = context->state[3]);
  62. state[4] = block[4] ^ (K[4] = context->state[4]);
  63. state[5] = block[5] ^ (K[5] = context->state[5]);
  64. state[6] = block[6] ^ (K[6] = context->state[6]);
  65. state[7] = block[7] ^ (K[7] = context->state[7]);
  66. /*
  67. * iterate over all rounds:
  68. */
  69. for (r = 1; r <= R; r++) {
  70. /*
  71. * compute K^r from K^{r-1}:
  72. */
  73. L[0] =
  74. C0[(int)(K[0] >> 56) ] ^
  75. C1[(int)(K[7] >> 48) & 0xff] ^
  76. C2[(int)(K[6] >> 40) & 0xff] ^
  77. C3[(int)(K[5] >> 32) & 0xff] ^
  78. C4[(int)(K[4] >> 24) & 0xff] ^
  79. C5[(int)(K[3] >> 16) & 0xff] ^
  80. C6[(int)(K[2] >> 8) & 0xff] ^
  81. C7[(int)(K[1] ) & 0xff] ^
  82. rc[r];
  83. L[1] =
  84. C0[(int)(K[1] >> 56) ] ^
  85. C1[(int)(K[0] >> 48) & 0xff] ^
  86. C2[(int)(K[7] >> 40) & 0xff] ^
  87. C3[(int)(K[6] >> 32) & 0xff] ^
  88. C4[(int)(K[5] >> 24) & 0xff] ^
  89. C5[(int)(K[4] >> 16) & 0xff] ^
  90. C6[(int)(K[3] >> 8) & 0xff] ^
  91. C7[(int)(K[2] ) & 0xff];
  92. L[2] =
  93. C0[(int)(K[2] >> 56) ] ^
  94. C1[(int)(K[1] >> 48) & 0xff] ^
  95. C2[(int)(K[0] >> 40) & 0xff] ^
  96. C3[(int)(K[7] >> 32) & 0xff] ^
  97. C4[(int)(K[6] >> 24) & 0xff] ^
  98. C5[(int)(K[5] >> 16) & 0xff] ^
  99. C6[(int)(K[4] >> 8) & 0xff] ^
  100. C7[(int)(K[3] ) & 0xff];
  101. L[3] =
  102. C0[(int)(K[3] >> 56) ] ^
  103. C1[(int)(K[2] >> 48) & 0xff] ^
  104. C2[(int)(K[1] >> 40) & 0xff] ^
  105. C3[(int)(K[0] >> 32) & 0xff] ^
  106. C4[(int)(K[7] >> 24) & 0xff] ^
  107. C5[(int)(K[6] >> 16) & 0xff] ^
  108. C6[(int)(K[5] >> 8) & 0xff] ^
  109. C7[(int)(K[4] ) & 0xff];
  110. L[4] =
  111. C0[(int)(K[4] >> 56) ] ^
  112. C1[(int)(K[3] >> 48) & 0xff] ^
  113. C2[(int)(K[2] >> 40) & 0xff] ^
  114. C3[(int)(K[1] >> 32) & 0xff] ^
  115. C4[(int)(K[0] >> 24) & 0xff] ^
  116. C5[(int)(K[7] >> 16) & 0xff] ^
  117. C6[(int)(K[6] >> 8) & 0xff] ^
  118. C7[(int)(K[5] ) & 0xff];
  119. L[5] =
  120. C0[(int)(K[5] >> 56) ] ^
  121. C1[(int)(K[4] >> 48) & 0xff] ^
  122. C2[(int)(K[3] >> 40) & 0xff] ^
  123. C3[(int)(K[2] >> 32) & 0xff] ^
  124. C4[(int)(K[1] >> 24) & 0xff] ^
  125. C5[(int)(K[0] >> 16) & 0xff] ^
  126. C6[(int)(K[7] >> 8) & 0xff] ^
  127. C7[(int)(K[6] ) & 0xff];
  128. L[6] =
  129. C0[(int)(K[6] >> 56) ] ^
  130. C1[(int)(K[5] >> 48) & 0xff] ^
  131. C2[(int)(K[4] >> 40) & 0xff] ^
  132. C3[(int)(K[3] >> 32) & 0xff] ^
  133. C4[(int)(K[2] >> 24) & 0xff] ^
  134. C5[(int)(K[1] >> 16) & 0xff] ^
  135. C6[(int)(K[0] >> 8) & 0xff] ^
  136. C7[(int)(K[7] ) & 0xff];
  137. L[7] =
  138. C0[(int)(K[7] >> 56) ] ^
  139. C1[(int)(K[6] >> 48) & 0xff] ^
  140. C2[(int)(K[5] >> 40) & 0xff] ^
  141. C3[(int)(K[4] >> 32) & 0xff] ^
  142. C4[(int)(K[3] >> 24) & 0xff] ^
  143. C5[(int)(K[2] >> 16) & 0xff] ^
  144. C6[(int)(K[1] >> 8) & 0xff] ^
  145. C7[(int)(K[0] ) & 0xff];
  146. K[0] = L[0];
  147. K[1] = L[1];
  148. K[2] = L[2];
  149. K[3] = L[3];
  150. K[4] = L[4];
  151. K[5] = L[5];
  152. K[6] = L[6];
  153. K[7] = L[7];
  154. /*
  155. * apply the r-th round transformation:
  156. */
  157. L[0] =
  158. C0[(int)(state[0] >> 56) ] ^
  159. C1[(int)(state[7] >> 48) & 0xff] ^
  160. C2[(int)(state[6] >> 40) & 0xff] ^
  161. C3[(int)(state[5] >> 32) & 0xff] ^
  162. C4[(int)(state[4] >> 24) & 0xff] ^
  163. C5[(int)(state[3] >> 16) & 0xff] ^
  164. C6[(int)(state[2] >> 8) & 0xff] ^
  165. C7[(int)(state[1] ) & 0xff] ^
  166. K[0];
  167. L[1] =
  168. C0[(int)(state[1] >> 56) ] ^
  169. C1[(int)(state[0] >> 48) & 0xff] ^
  170. C2[(int)(state[7] >> 40) & 0xff] ^
  171. C3[(int)(state[6] >> 32) & 0xff] ^
  172. C4[(int)(state[5] >> 24) & 0xff] ^
  173. C5[(int)(state[4] >> 16) & 0xff] ^
  174. C6[(int)(state[3] >> 8) & 0xff] ^
  175. C7[(int)(state[2] ) & 0xff] ^
  176. K[1];
  177. L[2] =
  178. C0[(int)(state[2] >> 56) ] ^
  179. C1[(int)(state[1] >> 48) & 0xff] ^
  180. C2[(int)(state[0] >> 40) & 0xff] ^
  181. C3[(int)(state[7] >> 32) & 0xff] ^
  182. C4[(int)(state[6] >> 24) & 0xff] ^
  183. C5[(int)(state[5] >> 16) & 0xff] ^
  184. C6[(int)(state[4] >> 8) & 0xff] ^
  185. C7[(int)(state[3] ) & 0xff] ^
  186. K[2];
  187. L[3] =
  188. C0[(int)(state[3] >> 56) ] ^
  189. C1[(int)(state[2] >> 48) & 0xff] ^
  190. C2[(int)(state[1] >> 40) & 0xff] ^
  191. C3[(int)(state[0] >> 32) & 0xff] ^
  192. C4[(int)(state[7] >> 24) & 0xff] ^
  193. C5[(int)(state[6] >> 16) & 0xff] ^
  194. C6[(int)(state[5] >> 8) & 0xff] ^
  195. C7[(int)(state[4] ) & 0xff] ^
  196. K[3];
  197. L[4] =
  198. C0[(int)(state[4] >> 56) ] ^
  199. C1[(int)(state[3] >> 48) & 0xff] ^
  200. C2[(int)(state[2] >> 40) & 0xff] ^
  201. C3[(int)(state[1] >> 32) & 0xff] ^
  202. C4[(int)(state[0] >> 24) & 0xff] ^
  203. C5[(int)(state[7] >> 16) & 0xff] ^
  204. C6[(int)(state[6] >> 8) & 0xff] ^
  205. C7[(int)(state[5] ) & 0xff] ^
  206. K[4];
  207. L[5] =
  208. C0[(int)(state[5] >> 56) ] ^
  209. C1[(int)(state[4] >> 48) & 0xff] ^
  210. C2[(int)(state[3] >> 40) & 0xff] ^
  211. C3[(int)(state[2] >> 32) & 0xff] ^
  212. C4[(int)(state[1] >> 24) & 0xff] ^
  213. C5[(int)(state[0] >> 16) & 0xff] ^
  214. C6[(int)(state[7] >> 8) & 0xff] ^
  215. C7[(int)(state[6] ) & 0xff] ^
  216. K[5];
  217. L[6] =
  218. C0[(int)(state[6] >> 56) ] ^
  219. C1[(int)(state[5] >> 48) & 0xff] ^
  220. C2[(int)(state[4] >> 40) & 0xff] ^
  221. C3[(int)(state[3] >> 32) & 0xff] ^
  222. C4[(int)(state[2] >> 24) & 0xff] ^
  223. C5[(int)(state[1] >> 16) & 0xff] ^
  224. C6[(int)(state[0] >> 8) & 0xff] ^
  225. C7[(int)(state[7] ) & 0xff] ^
  226. K[6];
  227. L[7] =
  228. C0[(int)(state[7] >> 56) ] ^
  229. C1[(int)(state[6] >> 48) & 0xff] ^
  230. C2[(int)(state[5] >> 40) & 0xff] ^
  231. C3[(int)(state[4] >> 32) & 0xff] ^
  232. C4[(int)(state[3] >> 24) & 0xff] ^
  233. C5[(int)(state[2] >> 16) & 0xff] ^
  234. C6[(int)(state[1] >> 8) & 0xff] ^
  235. C7[(int)(state[0] ) & 0xff] ^
  236. K[7];
  237. state[0] = L[0];
  238. state[1] = L[1];
  239. state[2] = L[2];
  240. state[3] = L[3];
  241. state[4] = L[4];
  242. state[5] = L[5];
  243. state[6] = L[6];
  244. state[7] = L[7];
  245. }
  246. /*
  247. * apply the Miyaguchi-Preneel compression function:
  248. */
  249. context->state[0] ^= state[0] ^ block[0];
  250. context->state[1] ^= state[1] ^ block[1];
  251. context->state[2] ^= state[2] ^ block[2];
  252. context->state[3] ^= state[3] ^ block[3];
  253. context->state[4] ^= state[4] ^ block[4];
  254. context->state[5] ^= state[5] ^ block[5];
  255. context->state[6] ^= state[6] ^ block[6];
  256. context->state[7] ^= state[7] ^ block[7];
  257. memset(state, 0, sizeof(state));
  258. }
  259. PHP_HASH_API void PHP_WHIRLPOOLInit(PHP_WHIRLPOOL_CTX *context)
  260. {
  261. memset(context, 0, sizeof(*context));
  262. }
  263. PHP_HASH_API void PHP_WHIRLPOOLUpdate(PHP_WHIRLPOOL_CTX *context, const unsigned char *input, size_t len)
  264. {
  265. php_hash_uint64 sourceBits = len * 8;
  266. int sourcePos = 0; /* index of leftmost source unsigned char containing data (1 to 8 bits). */
  267. int sourceGap = (8 - ((int)sourceBits & 7)) & 7; /* space on source[sourcePos]. */
  268. int bufferRem = context->buffer.bits & 7; /* occupied bits on buffer[bufferPos]. */
  269. const unsigned char *source = input;
  270. unsigned char *buffer = context->buffer.data;
  271. unsigned char *bitLength = context->bitlength;
  272. int bufferBits = context->buffer.bits;
  273. int bufferPos = context->buffer.pos;
  274. php_hash_uint32 b, carry;
  275. int i;
  276. /*
  277. * tally the length of the added data:
  278. */
  279. php_hash_uint64 value = sourceBits;
  280. for (i = 31, carry = 0; i >= 0 && (carry != 0 || value != L64(0)); i--) {
  281. carry += bitLength[i] + ((php_hash_uint32)value & 0xff);
  282. bitLength[i] = (unsigned char)carry;
  283. carry >>= 8;
  284. value >>= 8;
  285. }
  286. /*
  287. * process data in chunks of 8 bits (a more efficient approach would be to take whole-word chunks):
  288. */
  289. while (sourceBits > 8) {
  290. /* N.B. at least source[sourcePos] and source[sourcePos+1] contain data. */
  291. /*
  292. * take a byte from the source:
  293. */
  294. b = ((source[sourcePos] << sourceGap) & 0xff) |
  295. ((source[sourcePos + 1] & 0xff) >> (8 - sourceGap));
  296. /*
  297. * process this byte:
  298. */
  299. buffer[bufferPos++] |= (unsigned char)(b >> bufferRem);
  300. bufferBits += 8 - bufferRem; /* bufferBits = 8*bufferPos; */
  301. if (bufferBits == DIGESTBITS) {
  302. /*
  303. * process data block:
  304. */
  305. WhirlpoolTransform(context);
  306. /*
  307. * reset buffer:
  308. */
  309. bufferBits = bufferPos = 0;
  310. }
  311. buffer[bufferPos] = (unsigned char) (b << (8 - bufferRem));
  312. bufferBits += bufferRem;
  313. /*
  314. * proceed to remaining data:
  315. */
  316. sourceBits -= 8;
  317. sourcePos++;
  318. }
  319. /* now 0 <= sourceBits <= 8;
  320. * furthermore, all data (if any is left) is in source[sourcePos].
  321. */
  322. if (sourceBits > 0) {
  323. b = (source[sourcePos] << sourceGap) & 0xff; /* bits are left-justified on b. */
  324. /*
  325. * process the remaining bits:
  326. */
  327. buffer[bufferPos] |= b >> bufferRem;
  328. } else {
  329. b = 0;
  330. }
  331. if (bufferRem + sourceBits < 8) {
  332. /*
  333. * all remaining data fits on buffer[bufferPos],
  334. * and there still remains some space.
  335. */
  336. bufferBits += (int) sourceBits;
  337. } else {
  338. /*
  339. * buffer[bufferPos] is full:
  340. */
  341. bufferPos++;
  342. bufferBits += 8 - bufferRem; /* bufferBits = 8*bufferPos; */
  343. sourceBits -= 8 - bufferRem;
  344. /* now 0 <= sourceBits < 8;
  345. * furthermore, all data (if any is left) is in source[sourcePos].
  346. */
  347. if (bufferBits == DIGESTBITS) {
  348. /*
  349. * process data block:
  350. */
  351. WhirlpoolTransform(context);
  352. /*
  353. * reset buffer:
  354. */
  355. bufferBits = bufferPos = 0;
  356. }
  357. buffer[bufferPos] = (unsigned char) (b << (8 - bufferRem));
  358. bufferBits += (int)sourceBits;
  359. }
  360. context->buffer.bits = bufferBits;
  361. context->buffer.pos = bufferPos;
  362. }
  363. PHP_HASH_API void PHP_WHIRLPOOLFinal(unsigned char digest[64], PHP_WHIRLPOOL_CTX *context)
  364. {
  365. int i;
  366. unsigned char *buffer = context->buffer.data;
  367. unsigned char *bitLength = context->bitlength;
  368. int bufferBits = context->buffer.bits;
  369. int bufferPos = context->buffer.pos;
  370. /*
  371. * append a '1'-bit:
  372. */
  373. buffer[bufferPos] |= 0x80U >> (bufferBits & 7);
  374. bufferPos++; /* all remaining bits on the current unsigned char are set to zero. */
  375. /*
  376. * pad with zero bits to complete (N*WBLOCKBITS - LENGTHBITS) bits:
  377. */
  378. if (bufferPos > WBLOCKBYTES - LENGTHBYTES) {
  379. if (bufferPos < WBLOCKBYTES) {
  380. memset(&buffer[bufferPos], 0, WBLOCKBYTES - bufferPos);
  381. }
  382. /*
  383. * process data block:
  384. */
  385. WhirlpoolTransform(context);
  386. /*
  387. * reset buffer:
  388. */
  389. bufferPos = 0;
  390. }
  391. if (bufferPos < WBLOCKBYTES - LENGTHBYTES) {
  392. memset(&buffer[bufferPos], 0, (WBLOCKBYTES - LENGTHBYTES) - bufferPos);
  393. }
  394. bufferPos = WBLOCKBYTES - LENGTHBYTES;
  395. /*
  396. * append bit length of hashed data:
  397. */
  398. memcpy(&buffer[WBLOCKBYTES - LENGTHBYTES], bitLength, LENGTHBYTES);
  399. /*
  400. * process data block:
  401. */
  402. WhirlpoolTransform(context);
  403. /*
  404. * return the completed message digest:
  405. */
  406. for (i = 0; i < DIGESTBYTES/8; i++) {
  407. digest[0] = (unsigned char)(context->state[i] >> 56);
  408. digest[1] = (unsigned char)(context->state[i] >> 48);
  409. digest[2] = (unsigned char)(context->state[i] >> 40);
  410. digest[3] = (unsigned char)(context->state[i] >> 32);
  411. digest[4] = (unsigned char)(context->state[i] >> 24);
  412. digest[5] = (unsigned char)(context->state[i] >> 16);
  413. digest[6] = (unsigned char)(context->state[i] >> 8);
  414. digest[7] = (unsigned char)(context->state[i] );
  415. digest += 8;
  416. }
  417. memset(context, 0, sizeof(*context));
  418. }
  419. const php_hash_ops php_hash_whirlpool_ops = {
  420. (php_hash_init_func_t) PHP_WHIRLPOOLInit,
  421. (php_hash_update_func_t) PHP_WHIRLPOOLUpdate,
  422. (php_hash_final_func_t) PHP_WHIRLPOOLFinal,
  423. (php_hash_copy_func_t) php_hash_copy,
  424. 64,
  425. 64,
  426. sizeof(PHP_WHIRLPOOL_CTX)
  427. };
  428. /*
  429. * Local variables:
  430. * tab-width: 4
  431. * c-basic-offset: 4
  432. * End:
  433. * vim600: sw=4 ts=4 fdm=marker
  434. * vim<600: sw=4 ts=4
  435. */