search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
OpenSSL: update to 1.0.1m
[tomato.git] / release / src / router / openssl / crypto / whrlpool / wp_dgst.c
blobe33bb4f833b5941da6c8c723273ae4bbf0fe1811
1 /**
2 * The Whirlpool hashing function.
3 *
4 * <P>
5 * <b>References</b>
6 *
7 * <P>
8 * The Whirlpool algorithm was developed by
9 * <a href="mailto:pbarreto@scopus.com.br">Paulo S. L. M. Barreto</a> and
10 * <a href="mailto:vincent.rijmen@cryptomathic.com">Vincent Rijmen</a>.
11 *
12 * See
13 * P.S.L.M. Barreto, V. Rijmen,
14 * ``The Whirlpool hashing function,''
15 * NESSIE submission, 2000 (tweaked version, 2001),
16 * <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip>
17 *
18 * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and
19 * Vincent Rijmen. Lookup "reference implementations" on
20 * <http://planeta.terra.com.br/informatica/paulobarreto/>
21 *
22 * =============================================================================
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
25 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
26 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
31 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
32 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
33 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
34 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 *
36 */
37
38 /*
39 * OpenSSL-specific implementation notes.
40 *
41 * WHIRLPOOL_Update as well as one-stroke WHIRLPOOL both expect
42 * number of *bytes* as input length argument. Bit-oriented routine
43 * as specified by authors is called WHIRLPOOL_BitUpdate[!] and
44 * does not have one-stroke counterpart.
45 *
46 * WHIRLPOOL_BitUpdate implements byte-oriented loop, essentially
47 * to serve WHIRLPOOL_Update. This is done for performance.
48 *
49 * Unlike authors' reference implementation, block processing
50 * routine whirlpool_block is designed to operate on multi-block
51 * input. This is done for perfomance.
52 */
53
54 #include "wp_locl.h"
55 #include <openssl/crypto.h>
56 #include <string.h>
57
58 fips_md_init(WHIRLPOOL)
59 {
60 memset(c, 0, sizeof(*c));
61 return (1);
62 }
63
64 int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *_inp, size_t bytes)
65 {
66 /*
67 * Well, largest suitable chunk size actually is
68 * (1<<(sizeof(size_t)*8-3))-64, but below number is large enough for not
69 * to care about excessive calls to WHIRLPOOL_BitUpdate...
70 */
71 size_t chunk = ((size_t)1) << (sizeof(size_t) * 8 - 4);
72 const unsigned char *inp = _inp;
73
74 while (bytes >= chunk) {
75 WHIRLPOOL_BitUpdate(c, inp, chunk * 8);
76 bytes -= chunk;
77 inp += chunk;
78 }
79 if (bytes)
80 WHIRLPOOL_BitUpdate(c, inp, bytes * 8);
81
82 return (1);
83 }
84
85 void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits)
86 {
87 size_t n;
88 unsigned int bitoff = c->bitoff,
89 bitrem = bitoff % 8, inpgap = (8 - (unsigned int)bits % 8) & 7;
90 const unsigned char *inp = _inp;
91
92 /*
93 * This 256-bit increment procedure relies on the size_t being natural
94 * size of CPU register, so that we don't have to mask the value in order
95 * to detect overflows.
96 */
97 c->bitlen[0] += bits;
98 if (c->bitlen[0] < bits) { /* overflow */
99 n = 1;
100 do {
101 c->bitlen[n]++;
102 } while (c->bitlen[n] == 0
103 && ++n < (WHIRLPOOL_COUNTER / sizeof(size_t)));
104 }
105 #ifndef OPENSSL_SMALL_FOOTPRINT
106 reconsider:
107 if (inpgap == 0 && bitrem == 0) { /* byte-oriented loop */
108 while (bits) {
109 if (bitoff == 0 && (n = bits / WHIRLPOOL_BBLOCK)) {
110 whirlpool_block(c, inp, n);
111 inp += n * WHIRLPOOL_BBLOCK / 8;
112 bits %= WHIRLPOOL_BBLOCK;
113 } else {
114 unsigned int byteoff = bitoff / 8;
115
116 bitrem = WHIRLPOOL_BBLOCK - bitoff; /* re-use bitrem */
117 if (bits >= bitrem) {
118 bits -= bitrem;
119 bitrem /= 8;
120 memcpy(c->data + byteoff, inp, bitrem);
121 inp += bitrem;
122 whirlpool_block(c, c->data, 1);
123 bitoff = 0;
124 } else {
125 memcpy(c->data + byteoff, inp, bits / 8);
126 bitoff += (unsigned int)bits;
127 bits = 0;
128 }
129 c->bitoff = bitoff;
130 }
131 }
132 } else /* bit-oriented loop */
133 #endif
134 {
135 /*-
136 inp
137 |
138 +-------+-------+-------
139 |||||||||||||||||||||
140 +-------+-------+-------
141 +-------+-------+-------+-------+-------
142 |||||||||||||| c->data
143 +-------+-------+-------+-------+-------
144 |
145 c->bitoff/8
146 */
147 while (bits) {
148 unsigned int byteoff = bitoff / 8;
149 unsigned char b;
150
151 #ifndef OPENSSL_SMALL_FOOTPRINT
152 if (bitrem == inpgap) {
153 c->data[byteoff++] |= inp[0] & (0xff >> inpgap);
154 inpgap = 8 - inpgap;
155 bitoff += inpgap;
156 bitrem = 0; /* bitoff%8 */
157 bits -= inpgap;
158 inpgap = 0; /* bits%8 */
159 inp++;
160 if (bitoff == WHIRLPOOL_BBLOCK) {
161 whirlpool_block(c, c->data, 1);
162 bitoff = 0;
163 }
164 c->bitoff = bitoff;
165 goto reconsider;
166 } else
167 #endif
168 if (bits >= 8) {
169 b = ((inp[0] << inpgap) | (inp[1] >> (8 - inpgap)));
170 b &= 0xff;
171 if (bitrem)
172 c->data[byteoff++] |= b >> bitrem;
173 else
174 c->data[byteoff++] = b;
175 bitoff += 8;
176 bits -= 8;
177 inp++;
178 if (bitoff >= WHIRLPOOL_BBLOCK) {
179 whirlpool_block(c, c->data, 1);
180 byteoff = 0;
181 bitoff %= WHIRLPOOL_BBLOCK;
182 }
183 if (bitrem)
184 c->data[byteoff] = b << (8 - bitrem);
185 } else { /* remaining less than 8 bits */
186
187 b = (inp[0] << inpgap) & 0xff;
188 if (bitrem)
189 c->data[byteoff++] |= b >> bitrem;
190 else
191 c->data[byteoff++] = b;
192 bitoff += (unsigned int)bits;
193 if (bitoff == WHIRLPOOL_BBLOCK) {
194 whirlpool_block(c, c->data, 1);
195 byteoff = 0;
196 bitoff %= WHIRLPOOL_BBLOCK;
197 }
198 if (bitrem)
199 c->data[byteoff] = b << (8 - bitrem);
200 bits = 0;
201 }
202 c->bitoff = bitoff;
203 }
204 }
205 }
206
207 int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c)
208 {
209 unsigned int bitoff = c->bitoff, byteoff = bitoff / 8;
210 size_t i, j, v;
211 unsigned char *p;
212
213 bitoff %= 8;
214 if (bitoff)
215 c->data[byteoff] |= 0x80 >> bitoff;
216 else
217 c->data[byteoff] = 0x80;
218 byteoff++;
219
220 /* pad with zeros */
221 if (byteoff > (WHIRLPOOL_BBLOCK / 8 - WHIRLPOOL_COUNTER)) {
222 if (byteoff < WHIRLPOOL_BBLOCK / 8)
223 memset(&c->data[byteoff], 0, WHIRLPOOL_BBLOCK / 8 - byteoff);
224 whirlpool_block(c, c->data, 1);
225 byteoff = 0;
226 }
227 if (byteoff < (WHIRLPOOL_BBLOCK / 8 - WHIRLPOOL_COUNTER))
228 memset(&c->data[byteoff], 0,
229 (WHIRLPOOL_BBLOCK / 8 - WHIRLPOOL_COUNTER) - byteoff);
230 /* smash 256-bit c->bitlen in big-endian order */
231 p = &c->data[WHIRLPOOL_BBLOCK / 8 - 1]; /* last byte in c->data */
232 for (i = 0; i < WHIRLPOOL_COUNTER / sizeof(size_t); i++)
233 for (v = c->bitlen[i], j = 0; j < sizeof(size_t); j++, v >>= 8)
234 *p-- = (unsigned char)(v & 0xff);
235
236 whirlpool_block(c, c->data, 1);
237
238 if (md) {
239 memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
240 memset(c, 0, sizeof(*c));
241 return (1);
242 }
243 return (0);
244 }
245
246 unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md)
247 {
248 WHIRLPOOL_CTX ctx;
249 static unsigned char m[WHIRLPOOL_DIGEST_LENGTH];
250
251 if (md == NULL)
252 md = m;
253 WHIRLPOOL_Init(&ctx);
254 WHIRLPOOL_Update(&ctx, inp, bytes);
255 WHIRLPOOL_Final(md, &ctx);
256 return (md);
257 }
Tomato firmware and modifications.