1/** 2 * The Whirlpool hashing function. 3 * 4 * <P> 5 * <b>References</b> 6 * 7 * <P> 8 * The Whirlpool algorithm was developed by 9 * <a href="mailto:pbarreto@scopus.com.br">Paulo S. L. M. Barreto</a> and 10 * <a href="mailto:vincent.rijmen@cryptomathic.com">Vincent Rijmen</a>. 11 * 12 * See 13 * P.S.L.M. Barreto, V. Rijmen, 14 * ``The Whirlpool hashing function,'' 15 * NESSIE submission, 2000 (tweaked version, 2001), 16 * <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip> 17 * 18 * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and 19 * Vincent Rijmen. Lookup "reference implementations" on 20 * <http://planeta.terra.com.br/informatica/paulobarreto/> 21 * 22 * ============================================================================= 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS 25 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 26 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE 28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 31 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 32 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE 33 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, 34 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35 * 36 */ 37 38/* 39 * OpenSSL-specific implementation notes. 40 * 41 * WHIRLPOOL_Update as well as one-stroke WHIRLPOOL both expect 42 * number of *bytes* as input length argument. Bit-oriented routine 43 * as specified by authors is called WHIRLPOOL_BitUpdate[!] and 44 * does not have one-stroke counterpart. 45 * 46 * WHIRLPOOL_BitUpdate implements byte-oriented loop, essentially 47 * to serve WHIRLPOOL_Update. This is done for performance. 48 * 49 * Unlike authors' reference implementation, block processing 50 * routine whirlpool_block is designed to operate on multi-block 51 * input. This is done for perfomance. 52 */ 53 54#include "wp_locl.h" 55#include <openssl/crypto.h> 56#include <string.h> 57 58fips_md_init(WHIRLPOOL) 59 { 60 memset (c,0,sizeof(*c)); 61 return(1); 62 } 63 64int WHIRLPOOL_Update (WHIRLPOOL_CTX *c,const void *_inp,size_t bytes) 65 { 66 /* Well, largest suitable chunk size actually is 67 * (1<<(sizeof(size_t)*8-3))-64, but below number 68 * is large enough for not to care about excessive 69 * calls to WHIRLPOOL_BitUpdate... */ 70 size_t chunk = ((size_t)1)<<(sizeof(size_t)*8-4); 71 const unsigned char *inp = _inp; 72 73 while (bytes>=chunk) 74 { 75 WHIRLPOOL_BitUpdate(c,inp,chunk*8); 76 bytes -= chunk; 77 inp += chunk; 78 } 79 if (bytes) 80 WHIRLPOOL_BitUpdate(c,inp,bytes*8); 81 82 return(1); 83 } 84 85void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *_inp,size_t bits) 86 { 87 size_t n; 88 unsigned int bitoff = c->bitoff, 89 bitrem = bitoff%8, 90 inpgap = (8-(unsigned int)bits%8)&7; 91 const unsigned char *inp=_inp; 92 93 /* This 256-bit increment procedure relies on the size_t 94 * being natural size of CPU register, so that we don't 95 * have to mask the value in order to detect overflows. */ 96 c->bitlen[0] += bits; 97 if (c->bitlen[0] < bits) /* overflow */ 98 { 99 n = 1; 100 do { c->bitlen[n]++; 101 } while(c->bitlen[n]==0 102 && ++n<(WHIRLPOOL_COUNTER/sizeof(size_t))); 103 } 104 105#ifndef OPENSSL_SMALL_FOOTPRINT 106 reconsider: 107 if (inpgap==0 && bitrem==0) /* byte-oriented loop */ 108 { 109 while (bits) 110 { 111 if (bitoff==0 && (n=bits/WHIRLPOOL_BBLOCK)) 112 { 113 whirlpool_block(c,inp,n); 114 inp += n*WHIRLPOOL_BBLOCK/8; 115 bits %= WHIRLPOOL_BBLOCK; 116 } 117 else 118 { 119 unsigned int byteoff = bitoff/8; 120 121 bitrem = WHIRLPOOL_BBLOCK - bitoff;/* re-use bitrem */ 122 if (bits >= bitrem) 123 { 124 bits -= bitrem; 125 bitrem /= 8; 126 memcpy(c->data+byteoff,inp,bitrem); 127 inp += bitrem; 128 whirlpool_block(c,c->data,1); 129 bitoff = 0; 130 } 131 else 132 { 133 memcpy(c->data+byteoff,inp,bits/8); 134 bitoff += (unsigned int)bits; 135 bits = 0; 136 } 137 c->bitoff = bitoff; 138 } 139 } 140 } 141 else /* bit-oriented loop */ 142#endif 143 { 144 /* 145 inp 146 | 147 +-------+-------+------- 148 ||||||||||||||||||||| 149 +-------+-------+------- 150 +-------+-------+-------+-------+------- 151 |||||||||||||| c->data 152 +-------+-------+-------+-------+------- 153 | 154 c->bitoff/8 155 */ 156 while (bits) 157 { 158 unsigned int byteoff = bitoff/8; 159 unsigned char b; 160 161#ifndef OPENSSL_SMALL_FOOTPRINT 162 if (bitrem==inpgap) 163 { 164 c->data[byteoff++] |= inp[0] & (0xff>>inpgap); 165 inpgap = 8-inpgap; 166 bitoff += inpgap; bitrem = 0; /* bitoff%8 */ 167 bits -= inpgap; inpgap = 0; /* bits%8 */ 168 inp++; 169 if (bitoff==WHIRLPOOL_BBLOCK) 170 { 171 whirlpool_block(c,c->data,1); 172 bitoff = 0; 173 } 174 c->bitoff = bitoff; 175 goto reconsider; 176 } 177 else 178#endif 179 if (bits>=8) 180 { 181 b = ((inp[0]<<inpgap) | (inp[1]>>(8-inpgap))); 182 b &= 0xff; 183 if (bitrem) c->data[byteoff++] |= b>>bitrem; 184 else c->data[byteoff++] = b; 185 bitoff += 8; 186 bits -= 8; 187 inp++; 188 if (bitoff>=WHIRLPOOL_BBLOCK) 189 { 190 whirlpool_block(c,c->data,1); 191 byteoff = 0; 192 bitoff %= WHIRLPOOL_BBLOCK; 193 } 194 if (bitrem) c->data[byteoff] = b<<(8-bitrem); 195 } 196 else /* remaining less than 8 bits */ 197 { 198 b = (inp[0]<<inpgap)&0xff; 199 if (bitrem) c->data[byteoff++] |= b>>bitrem; 200 else c->data[byteoff++] = b; 201 bitoff += (unsigned int)bits; 202 if (bitoff==WHIRLPOOL_BBLOCK) 203 { 204 whirlpool_block(c,c->data,1); 205 byteoff = 0; 206 bitoff %= WHIRLPOOL_BBLOCK; 207 } 208 if (bitrem) c->data[byteoff] = b<<(8-bitrem); 209 bits = 0; 210 } 211 c->bitoff = bitoff; 212 } 213 } 214 } 215 216int WHIRLPOOL_Final (unsigned char *md,WHIRLPOOL_CTX *c) 217 { 218 unsigned int bitoff = c->bitoff, 219 byteoff = bitoff/8; 220 size_t i,j,v; 221 unsigned char *p; 222 223 bitoff %= 8; 224 if (bitoff) c->data[byteoff] |= 0x80>>bitoff; 225 else c->data[byteoff] = 0x80; 226 byteoff++; 227 228 /* pad with zeros */ 229 if (byteoff > (WHIRLPOOL_BBLOCK/8-WHIRLPOOL_COUNTER)) 230 { 231 if (byteoff<WHIRLPOOL_BBLOCK/8) 232 memset(&c->data[byteoff],0,WHIRLPOOL_BBLOCK/8-byteoff); 233 whirlpool_block(c,c->data,1); 234 byteoff = 0; 235 } 236 if (byteoff < (WHIRLPOOL_BBLOCK/8-WHIRLPOOL_COUNTER)) 237 memset(&c->data[byteoff],0, 238 (WHIRLPOOL_BBLOCK/8-WHIRLPOOL_COUNTER)-byteoff); 239 /* smash 256-bit c->bitlen in big-endian order */ 240 p = &c->data[WHIRLPOOL_BBLOCK/8-1]; /* last byte in c->data */ 241 for(i=0;i<WHIRLPOOL_COUNTER/sizeof(size_t);i++) 242 for(v=c->bitlen[i],j=0;j<sizeof(size_t);j++,v>>=8) 243 *p-- = (unsigned char)(v&0xff); 244 245 whirlpool_block(c,c->data,1); 246 247 if (md) { 248 memcpy(md,c->H.c,WHIRLPOOL_DIGEST_LENGTH); 249 memset(c,0,sizeof(*c)); 250 return(1); 251 } 252 return(0); 253 } 254 255unsigned char *WHIRLPOOL(const void *inp, size_t bytes,unsigned char *md) 256 { 257 WHIRLPOOL_CTX ctx; 258 static unsigned char m[WHIRLPOOL_DIGEST_LENGTH]; 259 260 if (md == NULL) md=m; 261 WHIRLPOOL_Init(&ctx); 262 WHIRLPOOL_Update(&ctx,inp,bytes); 263 WHIRLPOOL_Final(md,&ctx); 264 return(md); 265 } 266