00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019 #include "pch.h"
00020 #include "haval.h"
00021
00022 NAMESPACE_BEGIN(CryptoPP)
00023
00024 HAVAL::HAVAL(unsigned int digestSize, unsigned int pass)
00025 : IteratedHash<word32, false, 128>(DIGESTSIZE)
00026 , digestSize(digestSize), pass(pass)
00027 {
00028 assert(digestSize >= 16 && digestSize <= 32 && digestSize%4==0);
00029 assert(pass >= 3 && pass <= 5);
00030
00031 Init();
00032 }
00033
00034 void HAVAL::Init()
00035 {
00036 digest[0] = 0x243F6A88;
00037 digest[1] = 0x85A308D3;
00038 digest[2] = 0x13198A2E;
00039 digest[3] = 0x03707344;
00040 digest[4] = 0xA4093822;
00041 digest[5] = 0x299F31D0;
00042 digest[6] = 0x082EFA98;
00043 digest[7] = 0xEC4E6C89;
00044 }
00045
00046 inline void HAVAL::vTransform(const word32 *in)
00047 {
00048 if (pass==3)
00049 HAVAL3::Transform(digest, in);
00050 else if (pass==4)
00051 HAVAL4::Transform(digest, in);
00052 else
00053 HAVAL5::Transform(digest, in);
00054 }
00055
00056 void HAVAL::Final (byte *hash)
00057 {
00058 PadLastBlock(118, 1);
00059 CorrectEndianess(data, data, 120);
00060
00061 data[29] &= 0xffff;
00062 data[29] |= ((word32)digestSize<<25) | ((word32)pass<<19) | ((word32)VERSION<<16);
00063 data[30] = countLo;
00064 data[31] = countHi;
00065
00066 vTransform(data);
00067 Tailor(digestSize*8);
00068 CorrectEndianess(digest, digest, digestSize);
00069 memcpy(hash, digest, digestSize);
00070
00071 Reinit();
00072 }
00073
00074
00075 void HAVAL::Tailor(unsigned int FPTLEN)
00076 {
00077 word32 temp;
00078
00079 switch (FPTLEN)
00080 {
00081 case 128:
00082 temp = (digest[7] & 0x000000FF) |
00083 (digest[6] & 0xFF000000) |
00084 (digest[5] & 0x00FF0000) |
00085 (digest[4] & 0x0000FF00);
00086 digest[0] += rotrFixed(temp, 8U);
00087
00088 temp = (digest[7] & 0x0000FF00) |
00089 (digest[6] & 0x000000FF) |
00090 (digest[5] & 0xFF000000) |
00091 (digest[4] & 0x00FF0000);
00092 digest[1] += rotrFixed(temp, 16U);
00093
00094 temp = (digest[7] & 0x00FF0000) |
00095 (digest[6] & 0x0000FF00) |
00096 (digest[5] & 0x000000FF) |
00097 (digest[4] & 0xFF000000);
00098 digest[2] += rotrFixed(temp, 24U);
00099
00100 temp = (digest[7] & 0xFF000000) |
00101 (digest[6] & 0x00FF0000) |
00102 (digest[5] & 0x0000FF00) |
00103 (digest[4] & 0x000000FF);
00104 digest[3] += temp;
00105 break;
00106
00107 case 160:
00108 temp = (digest[7] & (word32)0x3F) |
00109 (digest[6] & ((word32)0x7F << 25)) |
00110 (digest[5] & ((word32)0x3F << 19));
00111 digest[0] += rotrFixed(temp, 19U);
00112
00113 temp = (digest[7] & ((word32)0x3F << 6)) |
00114 (digest[6] & (word32)0x3F) |
00115 (digest[5] & ((word32)0x7F << 25));
00116 digest[1] += rotrFixed(temp, 25U);
00117
00118 temp = (digest[7] & ((word32)0x7F << 12)) |
00119 (digest[6] & ((word32)0x3F << 6)) |
00120 (digest[5] & (word32)0x3F);
00121 digest[2] += temp;
00122
00123 temp = (digest[7] & ((word32)0x3F << 19)) |
00124 (digest[6] & ((word32)0x7F << 12)) |
00125 (digest[5] & ((word32)0x3F << 6));
00126 digest[3] += temp >> 6;
00127
00128 temp = (digest[7] & ((word32)0x7F << 25)) |
00129 (digest[6] & ((word32)0x3F << 19)) |
00130 (digest[5] & ((word32)0x7F << 12));
00131 digest[4] += temp >> 12;
00132 break;
00133
00134 case 192:
00135 temp = (digest[7] & (word32)0x1F) |
00136 (digest[6] & ((word32)0x3F << 26));
00137 digest[0] += rotrFixed(temp, 26U);
00138
00139 temp = (digest[7] & ((word32)0x1F << 5)) |
00140 (digest[6] & (word32)0x1F);
00141 digest[1] += temp;
00142
00143 temp = (digest[7] & ((word32)0x3F << 10)) |
00144 (digest[6] & ((word32)0x1F << 5));
00145 digest[2] += temp >> 5;
00146
00147 temp = (digest[7] & ((word32)0x1F << 16)) |
00148 (digest[6] & ((word32)0x3F << 10));
00149 digest[3] += temp >> 10;
00150
00151 temp = (digest[7] & ((word32)0x1F << 21)) |
00152 (digest[6] & ((word32)0x1F << 16));
00153 digest[4] += temp >> 16;
00154
00155 temp = (digest[7] & ((word32)0x3F << 26)) |
00156 (digest[6] & ((word32)0x1F << 21));
00157 digest[5] += temp >> 21;
00158 break;
00159
00160 case 224:
00161 digest[0] += (digest[7] >> 27) & 0x1F;
00162 digest[1] += (digest[7] >> 22) & 0x1F;
00163 digest[2] += (digest[7] >> 18) & 0x0F;
00164 digest[3] += (digest[7] >> 13) & 0x1F;
00165 digest[4] += (digest[7] >> 9) & 0x0F;
00166 digest[5] += (digest[7] >> 4) & 0x1F;
00167 digest[6] += digest[7] & 0x0F;
00168 break;
00169
00170 case 256:
00171 break;
00172
00173 default:
00174 assert(false);
00175 }
00176 }
00177
00178
00179
00180
00181
00182
00183
00184 #define f_1(x6, x5, x4, x3, x2, x1, x0) \
00185 ((x1&(x0^x4)) ^ (x2&x5) ^ (x3&x6) ^ x0)
00186
00187
00188
00189
00190
00191
00192
00193 #define f_2(x6, x5, x4, x3, x2, x1, x0) \
00194 (((x4&x5)|x2) ^ (x0|x2) ^ (x2&((x1&~x3)^x6)) ^ (x3&x5) ^ (x1&x4))
00195
00196
00197
00198
00199
00200
00201
00202 #define f_3(x6, x5, x4, x3, x2, x1, x0) \
00203 ((x3 & ((x1&x2) ^ x6 ^ x0)) ^ (x1&x4) ^ (x2&x5) ^ x0)
00204
00205
00206
00207
00208
00209
00210
00211
00212 #define f_4(x6, x5, x4, x3, x2, x1, x0) \
00213 ((((~x2&x5)^(x3|x6)^x1^x0)&x4) ^ (((x1&x2)^x5^x6)&x3) ^ (x2&x6) ^ x0)
00214
00215
00216
00217
00218
00219
00220
00221
00222 #define f_5(x6, x5, x4, x3, x2, x1, x0) \
00223 ((((x0&x2&x3)^x4)&x1) ^ ((x0^x2)&x5) ^ (x3&x6) ^ x0)
00224
00225
00226
00227
00228
00229
00230
00231
00232
00233
00234
00235
00236
00237
00238
00239
00240
00241
00242
00243
00244
00245
00246
00247
00248
00249
00250
00251
00252
00253 #define Fphi_31(x6, x5, x4, x3, x2, x1, x0) \
00254 f_1(x1, x0, x3, x5, x6, x2, x4)
00255
00256 #define Fphi_41(x6, x5, x4, x3, x2, x1, x0) \
00257 f_1(x2, x6, x1, x4, x5, x3, x0)
00258
00259 #define Fphi_51(x6, x5, x4, x3, x2, x1, x0) \
00260 f_1(x3, x4, x1, x0, x5, x2, x6)
00261
00262 #define Fphi_32(x6, x5, x4, x3, x2, x1, x0) \
00263 f_2(x4, x2, x1, x0, x5, x3, x6)
00264
00265 #define Fphi_42(x6, x5, x4, x3, x2, x1, x0) \
00266 f_2(x3, x5, x2, x0, x1, x6, x4)
00267
00268 #define Fphi_52(x6, x5, x4, x3, x2, x1, x0) \
00269 f_2(x6, x2, x1, x0, x3, x4, x5)
00270
00271 #define Fphi_33(x6, x5, x4, x3, x2, x1, x0) \
00272 f_3(x6, x1, x2, x3, x4, x5, x0)
00273
00274 #define Fphi_43(x6, x5, x4, x3, x2, x1, x0) \
00275 f_3(x1, x4, x3, x6, x0, x2, x5)
00276
00277 #define Fphi_53(x6, x5, x4, x3, x2, x1, x0) \
00278 f_3(x2, x6, x0, x4, x3, x1, x5)
00279
00280 #define Fphi_44(x6, x5, x4, x3, x2, x1, x0) \
00281 f_4(x6, x4, x0, x5, x2, x1, x3)
00282
00283 #define Fphi_54(x6, x5, x4, x3, x2, x1, x0) \
00284 f_4(x1, x5, x3, x2, x0, x4, x6)
00285
00286 #define Fphi_55(x6, x5, x4, x3, x2, x1, x0) \
00287 f_5(x2, x5, x0, x6, x4, x3, x1)
00288
00289 #define FF(Fphi, x7, x6, x5, x4, x3, x2, x1, x0, w, c) \
00290 x7 = rotrFixed(Fphi(x6, x5, x4, x3, x2, x1, x0), 7U) + rotrFixed(x7, 11U) + w + c;
00291
00292 #define Round1(Fphi) \
00293 for (i=0; i<4; i++) \
00294 { \
00295 FF(Fphi, t7, t6, t5, t4, t3, t2, t1, t0, w[8*i+0], 0); \
00296 FF(Fphi, t6, t5, t4, t3, t2, t1, t0, t7, w[8*i+1], 0); \
00297 FF(Fphi, t5, t4, t3, t2, t1, t0, t7, t6, w[8*i+2], 0); \
00298 FF(Fphi, t4, t3, t2, t1, t0, t7, t6, t5, w[8*i+3], 0); \
00299 FF(Fphi, t3, t2, t1, t0, t7, t6, t5, t4, w[8*i+4], 0); \
00300 FF(Fphi, t2, t1, t0, t7, t6, t5, t4, t3, w[8*i+5], 0); \
00301 FF(Fphi, t1, t0, t7, t6, t5, t4, t3, t2, w[8*i+6], 0); \
00302 FF(Fphi, t0, t7, t6, t5, t4, t3, t2, t1, w[8*i+7], 0); \
00303 }
00304
00305 #define Round2(Fphi) \
00306 for (i=0; i<4; i++) \
00307 { \
00308 FF(Fphi, t7, t6, t5, t4, t3, t2, t1, t0, w[wi2[8*i+0]], mc2[8*i+0]); \
00309 FF(Fphi, t6, t5, t4, t3, t2, t1, t0, t7, w[wi2[8*i+1]], mc2[8*i+1]); \
00310 FF(Fphi, t5, t4, t3, t2, t1, t0, t7, t6, w[wi2[8*i+2]], mc2[8*i+2]); \
00311 FF(Fphi, t4, t3, t2, t1, t0, t7, t6, t5, w[wi2[8*i+3]], mc2[8*i+3]); \
00312 FF(Fphi, t3, t2, t1, t0, t7, t6, t5, t4, w[wi2[8*i+4]], mc2[8*i+4]); \
00313 FF(Fphi, t2, t1, t0, t7, t6, t5, t4, t3, w[wi2[8*i+5]], mc2[8*i+5]); \
00314 FF(Fphi, t1, t0, t7, t6, t5, t4, t3, t2, w[wi2[8*i+6]], mc2[8*i+6]); \
00315 FF(Fphi, t0, t7, t6, t5, t4, t3, t2, t1, w[wi2[8*i+7]], mc2[8*i+7]); \
00316 }
00317
00318 #define Round3(Fphi) \
00319 for (i=0; i<4; i++) \
00320 { \
00321 FF(Fphi, t7, t6, t5, t4, t3, t2, t1, t0, w[wi3[8*i+0]], mc3[8*i+0]); \
00322 FF(Fphi, t6, t5, t4, t3, t2, t1, t0, t7, w[wi3[8*i+1]], mc3[8*i+1]); \
00323 FF(Fphi, t5, t4, t3, t2, t1, t0, t7, t6, w[wi3[8*i+2]], mc3[8*i+2]); \
00324 FF(Fphi, t4, t3, t2, t1, t0, t7, t6, t5, w[wi3[8*i+3]], mc3[8*i+3]); \
00325 FF(Fphi, t3, t2, t1, t0, t7, t6, t5, t4, w[wi3[8*i+4]], mc3[8*i+4]); \
00326 FF(Fphi, t2, t1, t0, t7, t6, t5, t4, t3, w[wi3[8*i+5]], mc3[8*i+5]); \
00327 FF(Fphi, t1, t0, t7, t6, t5, t4, t3, t2, w[wi3[8*i+6]], mc3[8*i+6]); \
00328 FF(Fphi, t0, t7, t6, t5, t4, t3, t2, t1, w[wi3[8*i+7]], mc3[8*i+7]); \
00329 }
00330
00331 #define Round4(Fphi) \
00332 for (i=0; i<4; i++) \
00333 { \
00334 FF(Fphi, t7, t6, t5, t4, t3, t2, t1, t0, w[wi4[8*i+0]], mc4[8*i+0]); \
00335 FF(Fphi, t6, t5, t4, t3, t2, t1, t0, t7, w[wi4[8*i+1]], mc4[8*i+1]); \
00336 FF(Fphi, t5, t4, t3, t2, t1, t0, t7, t6, w[wi4[8*i+2]], mc4[8*i+2]); \
00337 FF(Fphi, t4, t3, t2, t1, t0, t7, t6, t5, w[wi4[8*i+3]], mc4[8*i+3]); \
00338 FF(Fphi, t3, t2, t1, t0, t7, t6, t5, t4, w[wi4[8*i+4]], mc4[8*i+4]); \
00339 FF(Fphi, t2, t1, t0, t7, t6, t5, t4, t3, w[wi4[8*i+5]], mc4[8*i+5]); \
00340 FF(Fphi, t1, t0, t7, t6, t5, t4, t3, t2, w[wi4[8*i+6]], mc4[8*i+6]); \
00341 FF(Fphi, t0, t7, t6, t5, t4, t3, t2, t1, w[wi4[8*i+7]], mc4[8*i+7]); \
00342 }
00343
00344 #define Round5(Fphi) \
00345 for (i=0; i<4; i++) \
00346 { \
00347 FF(Fphi, t7, t6, t5, t4, t3, t2, t1, t0, w[wi5[8*i+0]], mc5[8*i+0]); \
00348 FF(Fphi, t6, t5, t4, t3, t2, t1, t0, t7, w[wi5[8*i+1]], mc5[8*i+1]); \
00349 FF(Fphi, t5, t4, t3, t2, t1, t0, t7, t6, w[wi5[8*i+2]], mc5[8*i+2]); \
00350 FF(Fphi, t4, t3, t2, t1, t0, t7, t6, t5, w[wi5[8*i+3]], mc5[8*i+3]); \
00351 FF(Fphi, t3, t2, t1, t0, t7, t6, t5, t4, w[wi5[8*i+4]], mc5[8*i+4]); \
00352 FF(Fphi, t2, t1, t0, t7, t6, t5, t4, t3, w[wi5[8*i+5]], mc5[8*i+5]); \
00353 FF(Fphi, t1, t0, t7, t6, t5, t4, t3, t2, w[wi5[8*i+6]], mc5[8*i+6]); \
00354 FF(Fphi, t0, t7, t6, t5, t4, t3, t2, t1, w[wi5[8*i+7]], mc5[8*i+7]); \
00355 }
00356
00357 const unsigned int HAVAL::wi2[32] = { 5,14,26,18,11,28, 7,16, 0,23,20,22, 1,10, 4, 8,30, 3,21, 9,17,24,29, 6,19,12,15,13, 2,25,31,27};
00358 const unsigned int HAVAL::wi3[32] = {19, 9, 4,20,28,17, 8,22,29,14,25,12,24,30,16,26,31,15, 7, 3, 1, 0,18,27,13, 6,21,10,23,11, 5, 2};
00359 const unsigned int HAVAL::wi4[32] = {24, 4, 0,14, 2, 7,28,23,26, 6,30,20,18,25,19, 3,22,11,31,21, 8,27,12, 9, 1,29, 5,15,17,10,16,13};
00360 const unsigned int HAVAL::wi5[32] = {27, 3,21,26,17,11,20,29,19, 0,12, 7,13, 8,31,10, 5, 9,14,30,18, 6,28,24, 2,23,16,22, 4, 1,25,15};
00361
00362 const word32 HAVAL::mc2[32] = {
00363 0x452821E6, 0x38D01377, 0xBE5466CF, 0x34E90C6C, 0xC0AC29B7, 0xC97C50DD, 0x3F84D5B5, 0xB5470917
00364 , 0x9216D5D9, 0x8979FB1B, 0xD1310BA6, 0x98DFB5AC, 0x2FFD72DB, 0xD01ADFB7, 0xB8E1AFED, 0x6A267E96
00365 , 0xBA7C9045, 0xF12C7F99, 0x24A19947, 0xB3916CF7, 0x0801F2E2, 0x858EFC16, 0x636920D8, 0x71574E69
00366 , 0xA458FEA3, 0xF4933D7E, 0x0D95748F, 0x728EB658, 0x718BCD58, 0x82154AEE, 0x7B54A41D, 0xC25A59B5};
00367
00368 const word32 HAVAL::mc3[32] = {
00369 0x9C30D539,0x2AF26013,0xC5D1B023,0x286085F0,0xCA417918,0xB8DB38EF,0x8E79DCB0,0x603A180E,
00370 0x6C9E0E8B,0xB01E8A3E,0xD71577C1,0xBD314B27,0x78AF2FDA,0x55605C60,0xE65525F3,0xAA55AB94,
00371 0x57489862,0x63E81440,0x55CA396A,0x2AAB10B6,0xB4CC5C34,0x1141E8CE,0xA15486AF,0x7C72E993,
00372 0xB3EE1411,0x636FBC2A,0x2BA9C55D,0x741831F6,0xCE5C3E16,0x9B87931E,0xAFD6BA33,0x6C24CF5C};
00373
00374 const word32 HAVAL::mc4[32] = {
00375 0x7A325381,0x28958677,0x3B8F4898,0x6B4BB9AF,0xC4BFE81B,0x66282193,0x61D809CC,0xFB21A991,
00376 0x487CAC60,0x5DEC8032,0xEF845D5D,0xE98575B1,0xDC262302,0xEB651B88,0x23893E81,0xD396ACC5,
00377 0x0F6D6FF3,0x83F44239,0x2E0B4482,0xA4842004,0x69C8F04A,0x9E1F9B5E,0x21C66842,0xF6E96C9A,
00378 0x670C9C61,0xABD388F0,0x6A51A0D2,0xD8542F68,0x960FA728,0xAB5133A3,0x6EEF0B6C,0x137A3BE4};
00379
00380 const word32 HAVAL::mc5[32] = {
00381 0xBA3BF050,0x7EFB2A98,0xA1F1651D,0x39AF0176,0x66CA593E,0x82430E88,0x8CEE8619,0x456F9FB4,
00382 0x7D84A5C3,0x3B8B5EBE,0xE06F75D8,0x85C12073,0x401A449F,0x56C16AA6,0x4ED3AA62,0x363F7706,
00383 0x1BFEDF72,0x429B023D,0x37D0D724,0xD00A1248,0xDB0FEAD3,0x49F1C09B,0x075372C9,0x80991B7B,
00384 0x25D479D8,0xF6E8DEF7,0xE3FE501A,0xB6794C3B,0x976CE0BD,0x04C006BA,0xC1A94FB6,0x409F60C4};
00385
00386 void HAVAL3::Transform (word32 *digest, const word32 *w)
00387 {
00388 register word32 t0 = digest[0],
00389 t1 = digest[1],
00390 t2 = digest[2],
00391 t3 = digest[3],
00392 t4 = digest[4],
00393 t5 = digest[5],
00394 t6 = digest[6],
00395 t7 = digest[7];
00396 unsigned i;
00397
00398 Round1(Fphi_31);
00399 Round2(Fphi_32);
00400 Round3(Fphi_33);
00401
00402 digest[0] += t0;
00403 digest[1] += t1;
00404 digest[2] += t2;
00405 digest[3] += t3;
00406 digest[4] += t4;
00407 digest[5] += t5;
00408 digest[6] += t6;
00409 digest[7] += t7;
00410 }
00411
00412 void HAVAL4::Transform (word32 *digest, const word32 *w)
00413 {
00414 register word32 t0 = digest[0],
00415 t1 = digest[1],
00416 t2 = digest[2],
00417 t3 = digest[3],
00418 t4 = digest[4],
00419 t5 = digest[5],
00420 t6 = digest[6],
00421 t7 = digest[7];
00422 unsigned i;
00423
00424 Round1(Fphi_41);
00425 Round2(Fphi_42);
00426 Round3(Fphi_43);
00427 Round4(Fphi_44);
00428
00429 digest[0] += t0;
00430 digest[1] += t1;
00431 digest[2] += t2;
00432 digest[3] += t3;
00433 digest[4] += t4;
00434 digest[5] += t5;
00435 digest[6] += t6;
00436 digest[7] += t7;
00437 }
00438
00439 void HAVAL5::Transform (word32 *digest, const word32 *w)
00440 {
00441 register word32 t0 = digest[0],
00442 t1 = digest[1],
00443 t2 = digest[2],
00444 t3 = digest[3],
00445 t4 = digest[4],
00446 t5 = digest[5],
00447 t6 = digest[6],
00448 t7 = digest[7];
00449 unsigned i;
00450
00451 Round1(Fphi_51);
00452 Round2(Fphi_52);
00453 Round3(Fphi_53);
00454 Round4(Fphi_54);
00455 Round5(Fphi_55);
00456
00457 digest[0] += t0;
00458 digest[1] += t1;
00459 digest[2] += t2;
00460 digest[3] += t3;
00461 digest[4] += t4;
00462 digest[5] += t5;
00463 digest[6] += t6;
00464 digest[7] += t7;
00465 }
00466
00467 NAMESPACE_END
