/*
* Tiger Compression Function
*/
void Tiger::compress_n(const byte input[], size_t blocks)
{
u64bit A = digest[0], B = digest[1], C = digest[2];
for(size_t i = 0; i != blocks; ++i)
{
load_le(&X[0], input, X.size());
pass(A, B, C, X, 5); mix(X);
pass(C, A, B, X, 7); mix(X);
pass(B, C, A, X, 9);
for(size_t j = 3; j != passes; ++j)
{
mix(X);
pass(A, B, C, X, 9);
u64bit T = A; A = C; C = B; B = T;
}
A = (digest[0] ^= A);
B = digest[1] = B - digest[1];
C = (digest[2] += C);
input += hash_block_size();
}
}
/*
* MD5 Compression Function
*/
void MD5_X86_32::compress_n(const byte input[], size_t blocks)
{
for(size_t i = 0; i != blocks; ++i)
{
botan_md5_x86_32_compress(digest, input, M);
input += hash_block_size();
}
}
/*
* SHA-160 Compression Function
*/
void SHA_160_X86_64::compress_n(const byte input[], size_t blocks)
{
for(size_t i = 0; i != blocks; ++i)
{
botan_sha160_x86_64_compress(digest.data(), input, W.data());
input += hash_block_size();
}
}
/**
* Hash additional inputs
*/
void GOST_34_11::add_data(const uint8_t input[], size_t length)
{
m_count += length;
if(m_position)
{
buffer_insert(m_buffer, m_position, input, length);
if(m_position + length >= hash_block_size())
{
compress_n(m_buffer.data(), 1);
input += (hash_block_size() - m_position);
length -= (hash_block_size() - m_position);
m_position = 0;
}
}
const size_t full_blocks = length / hash_block_size();
const size_t remaining = length % hash_block_size();
if(full_blocks)
compress_n(input, full_blocks);
buffer_insert(m_buffer, m_position, input + full_blocks * hash_block_size(), remaining);
m_position += remaining;
}
/*
* MD5 Compression Function
*/
void MD5::compress_n(const byte input[], size_t blocks)
{
u32bit A = digest[0], B = digest[1], C = digest[2], D = digest[3];
for(size_t i = 0; i != blocks; ++i)
{
load_le(&M[0], input, M.size());
FF(A,B,C,D,M[ 0], 7,0xD76AA478); FF(D,A,B,C,M[ 1],12,0xE8C7B756);
FF(C,D,A,B,M[ 2],17,0x242070DB); FF(B,C,D,A,M[ 3],22,0xC1BDCEEE);
FF(A,B,C,D,M[ 4], 7,0xF57C0FAF); FF(D,A,B,C,M[ 5],12,0x4787C62A);
FF(C,D,A,B,M[ 6],17,0xA8304613); FF(B,C,D,A,M[ 7],22,0xFD469501);
FF(A,B,C,D,M[ 8], 7,0x698098D8); FF(D,A,B,C,M[ 9],12,0x8B44F7AF);
FF(C,D,A,B,M[10],17,0xFFFF5BB1); FF(B,C,D,A,M[11],22,0x895CD7BE);
FF(A,B,C,D,M[12], 7,0x6B901122); FF(D,A,B,C,M[13],12,0xFD987193);
FF(C,D,A,B,M[14],17,0xA679438E); FF(B,C,D,A,M[15],22,0x49B40821);
GG(A,B,C,D,M[ 1], 5,0xF61E2562); GG(D,A,B,C,M[ 6], 9,0xC040B340);
GG(C,D,A,B,M[11],14,0x265E5A51); GG(B,C,D,A,M[ 0],20,0xE9B6C7AA);
GG(A,B,C,D,M[ 5], 5,0xD62F105D); GG(D,A,B,C,M[10], 9,0x02441453);
GG(C,D,A,B,M[15],14,0xD8A1E681); GG(B,C,D,A,M[ 4],20,0xE7D3FBC8);
GG(A,B,C,D,M[ 9], 5,0x21E1CDE6); GG(D,A,B,C,M[14], 9,0xC33707D6);
GG(C,D,A,B,M[ 3],14,0xF4D50D87); GG(B,C,D,A,M[ 8],20,0x455A14ED);
GG(A,B,C,D,M[13], 5,0xA9E3E905); GG(D,A,B,C,M[ 2], 9,0xFCEFA3F8);
GG(C,D,A,B,M[ 7],14,0x676F02D9); GG(B,C,D,A,M[12],20,0x8D2A4C8A);
HH(A,B,C,D,M[ 5], 4,0xFFFA3942); HH(D,A,B,C,M[ 8],11,0x8771F681);
HH(C,D,A,B,M[11],16,0x6D9D6122); HH(B,C,D,A,M[14],23,0xFDE5380C);
HH(A,B,C,D,M[ 1], 4,0xA4BEEA44); HH(D,A,B,C,M[ 4],11,0x4BDECFA9);
HH(C,D,A,B,M[ 7],16,0xF6BB4B60); HH(B,C,D,A,M[10],23,0xBEBFBC70);
HH(A,B,C,D,M[13], 4,0x289B7EC6); HH(D,A,B,C,M[ 0],11,0xEAA127FA);
HH(C,D,A,B,M[ 3],16,0xD4EF3085); HH(B,C,D,A,M[ 6],23,0x04881D05);
HH(A,B,C,D,M[ 9], 4,0xD9D4D039); HH(D,A,B,C,M[12],11,0xE6DB99E5);
HH(C,D,A,B,M[15],16,0x1FA27CF8); HH(B,C,D,A,M[ 2],23,0xC4AC5665);
II(A,B,C,D,M[ 0], 6,0xF4292244); II(D,A,B,C,M[ 7],10,0x432AFF97);
II(C,D,A,B,M[14],15,0xAB9423A7); II(B,C,D,A,M[ 5],21,0xFC93A039);
II(A,B,C,D,M[12], 6,0x655B59C3); II(D,A,B,C,M[ 3],10,0x8F0CCC92);
II(C,D,A,B,M[10],15,0xFFEFF47D); II(B,C,D,A,M[ 1],21,0x85845DD1);
II(A,B,C,D,M[ 8], 6,0x6FA87E4F); II(D,A,B,C,M[15],10,0xFE2CE6E0);
II(C,D,A,B,M[ 6],15,0xA3014314); II(B,C,D,A,M[13],21,0x4E0811A1);
II(A,B,C,D,M[ 4], 6,0xF7537E82); II(D,A,B,C,M[11],10,0xBD3AF235);
II(C,D,A,B,M[ 2],15,0x2AD7D2BB); II(B,C,D,A,M[ 9],21,0xEB86D391);
A = (digest[0] += A);
B = (digest[1] += B);
C = (digest[2] += C);
D = (digest[3] += D);
input += hash_block_size();
}
}
/*
* Write the count bits to the buffer
*/
void MDx_HashFunction::write_count(uint8_t out[])
{
if(COUNT_SIZE < 8)
throw Invalid_State("MDx_HashFunction::write_count: COUNT_SIZE < 8");
if(COUNT_SIZE >= output_length() || COUNT_SIZE >= hash_block_size())
throw Invalid_Argument("MDx_HashFunction: COUNT_SIZE is too big");
const uint64_t bit_count = m_count * 8;
if(BIG_BYTE_ENDIAN)
store_be(bit_count, out + COUNT_SIZE - 8);
else
store_le(bit_count, out + COUNT_SIZE - 8);
}
/*
* Whirlpool Compression Function
*/
void Whirlpool::compress_n(const byte in[], size_t blocks)
{
static const u64bit RC[10] = {
0x1823C6E887B8014F, 0x36A6D2F5796F9152,
0x60BC9B8EA30C7B35, 0x1DE0D7C22E4BFE57,
0x157737E59FF04ADA, 0x58C9290AB1A06B85,
0xBD5D10F4CB3E0567, 0xE427418BA77D95D8,
0xFBEE7C66DD17479E, 0xCA2DBF07AD5A8333
};
for(size_t i = 0; i != blocks; ++i)
{
load_be(&M[0], in, M.size());
u64bit K0, K1, K2, K3, K4, K5, K6, K7;
K0 = digest[0]; K1 = digest[1]; K2 = digest[2]; K3 = digest[3];
K4 = digest[4]; K5 = digest[5]; K6 = digest[6]; K7 = digest[7];
u64bit B0, B1, B2, B3, B4, B5, B6, B7;
B0 = K0 ^ M[0]; B1 = K1 ^ M[1]; B2 = K2 ^ M[2]; B3 = K3 ^ M[3];
B4 = K4 ^ M[4]; B5 = K5 ^ M[5]; B6 = K6 ^ M[6]; B7 = K7 ^ M[7];
for(size_t j = 0; j != 10; ++j)
{
u64bit T0, T1, T2, T3, T4, T5, T6, T7;
T0 = C0[get_byte(0, K0)] ^ C1[get_byte(1, K7)] ^
C2[get_byte(2, K6)] ^ C3[get_byte(3, K5)] ^
C4[get_byte(4, K4)] ^ C5[get_byte(5, K3)] ^
C6[get_byte(6, K2)] ^ C7[get_byte(7, K1)] ^ RC[j];
T1 = C0[get_byte(0, K1)] ^ C1[get_byte(1, K0)] ^
C2[get_byte(2, K7)] ^ C3[get_byte(3, K6)] ^
C4[get_byte(4, K5)] ^ C5[get_byte(5, K4)] ^
C6[get_byte(6, K3)] ^ C7[get_byte(7, K2)];
T2 = C0[get_byte(0, K2)] ^ C1[get_byte(1, K1)] ^
C2[get_byte(2, K0)] ^ C3[get_byte(3, K7)] ^
C4[get_byte(4, K6)] ^ C5[get_byte(5, K5)] ^
C6[get_byte(6, K4)] ^ C7[get_byte(7, K3)];
T3 = C0[get_byte(0, K3)] ^ C1[get_byte(1, K2)] ^
C2[get_byte(2, K1)] ^ C3[get_byte(3, K0)] ^
C4[get_byte(4, K7)] ^ C5[get_byte(5, K6)] ^
C6[get_byte(6, K5)] ^ C7[get_byte(7, K4)];
T4 = C0[get_byte(0, K4)] ^ C1[get_byte(1, K3)] ^
C2[get_byte(2, K2)] ^ C3[get_byte(3, K1)] ^
C4[get_byte(4, K0)] ^ C5[get_byte(5, K7)] ^
C6[get_byte(6, K6)] ^ C7[get_byte(7, K5)];
T5 = C0[get_byte(0, K5)] ^ C1[get_byte(1, K4)] ^
C2[get_byte(2, K3)] ^ C3[get_byte(3, K2)] ^
C4[get_byte(4, K1)] ^ C5[get_byte(5, K0)] ^
C6[get_byte(6, K7)] ^ C7[get_byte(7, K6)];
T6 = C0[get_byte(0, K6)] ^ C1[get_byte(1, K5)] ^
C2[get_byte(2, K4)] ^ C3[get_byte(3, K3)] ^
C4[get_byte(4, K2)] ^ C5[get_byte(5, K1)] ^
C6[get_byte(6, K0)] ^ C7[get_byte(7, K7)];
T7 = C0[get_byte(0, K7)] ^ C1[get_byte(1, K6)] ^
C2[get_byte(2, K5)] ^ C3[get_byte(3, K4)] ^
C4[get_byte(4, K3)] ^ C5[get_byte(5, K2)] ^
C6[get_byte(6, K1)] ^ C7[get_byte(7, K0)];
K0 = T0; K1 = T1; K2 = T2; K3 = T3;
K4 = T4; K5 = T5; K6 = T6; K7 = T7;
T0 = C0[get_byte(0, B0)] ^ C1[get_byte(1, B7)] ^
C2[get_byte(2, B6)] ^ C3[get_byte(3, B5)] ^
C4[get_byte(4, B4)] ^ C5[get_byte(5, B3)] ^
C6[get_byte(6, B2)] ^ C7[get_byte(7, B1)] ^ K0;
T1 = C0[get_byte(0, B1)] ^ C1[get_byte(1, B0)] ^
C2[get_byte(2, B7)] ^ C3[get_byte(3, B6)] ^
C4[get_byte(4, B5)] ^ C5[get_byte(5, B4)] ^
C6[get_byte(6, B3)] ^ C7[get_byte(7, B2)] ^ K1;
T2 = C0[get_byte(0, B2)] ^ C1[get_byte(1, B1)] ^
C2[get_byte(2, B0)] ^ C3[get_byte(3, B7)] ^
C4[get_byte(4, B6)] ^ C5[get_byte(5, B5)] ^
C6[get_byte(6, B4)] ^ C7[get_byte(7, B3)] ^ K2;
T3 = C0[get_byte(0, B3)] ^ C1[get_byte(1, B2)] ^
C2[get_byte(2, B1)] ^ C3[get_byte(3, B0)] ^
C4[get_byte(4, B7)] ^ C5[get_byte(5, B6)] ^
C6[get_byte(6, B5)] ^ C7[get_byte(7, B4)] ^ K3;
T4 = C0[get_byte(0, B4)] ^ C1[get_byte(1, B3)] ^
C2[get_byte(2, B2)] ^ C3[get_byte(3, B1)] ^
C4[get_byte(4, B0)] ^ C5[get_byte(5, B7)] ^
C6[get_byte(6, B6)] ^ C7[get_byte(7, B5)] ^ K4;
T5 = C0[get_byte(0, B5)] ^ C1[get_byte(1, B4)] ^
C2[get_byte(2, B3)] ^ C3[get_byte(3, B2)] ^
C4[get_byte(4, B1)] ^ C5[get_byte(5, B0)] ^
C6[get_byte(6, B7)] ^ C7[get_byte(7, B6)] ^ K5;
T6 = C0[get_byte(0, B6)] ^ C1[get_byte(1, B5)] ^
C2[get_byte(2, B4)] ^ C3[get_byte(3, B3)] ^
C4[get_byte(4, B2)] ^ C5[get_byte(5, B1)] ^
C6[get_byte(6, B0)] ^ C7[get_byte(7, B7)] ^ K6;
T7 = C0[get_byte(0, B7)] ^ C1[get_byte(1, B6)] ^
C2[get_byte(2, B5)] ^ C3[get_byte(3, B4)] ^
C4[get_byte(4, B3)] ^ C5[get_byte(5, B2)] ^
C6[get_byte(6, B1)] ^ C7[get_byte(7, B0)] ^ K7;
B0 = T0; B1 = T1; B2 = T2; B3 = T3;
B4 = T4; B5 = T5; B6 = T6; B7 = T7;
}
digest[0] ^= B0 ^ M[0];
digest[1] ^= B1 ^ M[1];
digest[2] ^= B2 ^ M[2];
digest[3] ^= B3 ^ M[3];
digest[4] ^= B4 ^ M[4];
digest[5] ^= B5 ^ M[5];
digest[6] ^= B6 ^ M[6];
digest[7] ^= B7 ^ M[7];
in += hash_block_size();
}
}
/*
* RIPEMD-160 Compression Function
*/
void RIPEMD_160::compress_n(const uint8_t input[], size_t blocks)
{
const uint32_t MAGIC2 = 0x5A827999, MAGIC3 = 0x6ED9EBA1,
MAGIC4 = 0x8F1BBCDC, MAGIC5 = 0xA953FD4E,
MAGIC6 = 0x50A28BE6, MAGIC7 = 0x5C4DD124,
MAGIC8 = 0x6D703EF3, MAGIC9 = 0x7A6D76E9;
for(size_t i = 0; i != blocks; ++i)
{
load_le(m_M.data(), input, m_M.size());
uint32_t A1 = m_digest[0], A2 = A1, B1 = m_digest[1], B2 = B1,
C1 = m_digest[2], C2 = C1, D1 = m_digest[3], D2 = D1,
E1 = m_digest[4], E2 = E1;
F1(A1,B1,C1,D1,E1,m_M[ 0],11 ); F5(A2,B2,C2,D2,E2,m_M[ 5], 8,MAGIC6);
F1(E1,A1,B1,C1,D1,m_M[ 1],14 ); F5(E2,A2,B2,C2,D2,m_M[14], 9,MAGIC6);
F1(D1,E1,A1,B1,C1,m_M[ 2],15 ); F5(D2,E2,A2,B2,C2,m_M[ 7], 9,MAGIC6);
F1(C1,D1,E1,A1,B1,m_M[ 3],12 ); F5(C2,D2,E2,A2,B2,m_M[ 0],11,MAGIC6);
F1(B1,C1,D1,E1,A1,m_M[ 4], 5 ); F5(B2,C2,D2,E2,A2,m_M[ 9],13,MAGIC6);
F1(A1,B1,C1,D1,E1,m_M[ 5], 8 ); F5(A2,B2,C2,D2,E2,m_M[ 2],15,MAGIC6);
F1(E1,A1,B1,C1,D1,m_M[ 6], 7 ); F5(E2,A2,B2,C2,D2,m_M[11],15,MAGIC6);
F1(D1,E1,A1,B1,C1,m_M[ 7], 9 ); F5(D2,E2,A2,B2,C2,m_M[ 4], 5,MAGIC6);
F1(C1,D1,E1,A1,B1,m_M[ 8],11 ); F5(C2,D2,E2,A2,B2,m_M[13], 7,MAGIC6);
F1(B1,C1,D1,E1,A1,m_M[ 9],13 ); F5(B2,C2,D2,E2,A2,m_M[ 6], 7,MAGIC6);
F1(A1,B1,C1,D1,E1,m_M[10],14 ); F5(A2,B2,C2,D2,E2,m_M[15], 8,MAGIC6);
F1(E1,A1,B1,C1,D1,m_M[11],15 ); F5(E2,A2,B2,C2,D2,m_M[ 8],11,MAGIC6);
F1(D1,E1,A1,B1,C1,m_M[12], 6 ); F5(D2,E2,A2,B2,C2,m_M[ 1],14,MAGIC6);
F1(C1,D1,E1,A1,B1,m_M[13], 7 ); F5(C2,D2,E2,A2,B2,m_M[10],14,MAGIC6);
F1(B1,C1,D1,E1,A1,m_M[14], 9 ); F5(B2,C2,D2,E2,A2,m_M[ 3],12,MAGIC6);
F1(A1,B1,C1,D1,E1,m_M[15], 8 ); F5(A2,B2,C2,D2,E2,m_M[12], 6,MAGIC6);
F2(E1,A1,B1,C1,D1,m_M[ 7], 7,MAGIC2); F4(E2,A2,B2,C2,D2,m_M[ 6], 9,MAGIC7);
F2(D1,E1,A1,B1,C1,m_M[ 4], 6,MAGIC2); F4(D2,E2,A2,B2,C2,m_M[11],13,MAGIC7);
F2(C1,D1,E1,A1,B1,m_M[13], 8,MAGIC2); F4(C2,D2,E2,A2,B2,m_M[ 3],15,MAGIC7);
F2(B1,C1,D1,E1,A1,m_M[ 1],13,MAGIC2); F4(B2,C2,D2,E2,A2,m_M[ 7], 7,MAGIC7);
F2(A1,B1,C1,D1,E1,m_M[10],11,MAGIC2); F4(A2,B2,C2,D2,E2,m_M[ 0],12,MAGIC7);
F2(E1,A1,B1,C1,D1,m_M[ 6], 9,MAGIC2); F4(E2,A2,B2,C2,D2,m_M[13], 8,MAGIC7);
F2(D1,E1,A1,B1,C1,m_M[15], 7,MAGIC2); F4(D2,E2,A2,B2,C2,m_M[ 5], 9,MAGIC7);
F2(C1,D1,E1,A1,B1,m_M[ 3],15,MAGIC2); F4(C2,D2,E2,A2,B2,m_M[10],11,MAGIC7);
F2(B1,C1,D1,E1,A1,m_M[12], 7,MAGIC2); F4(B2,C2,D2,E2,A2,m_M[14], 7,MAGIC7);
F2(A1,B1,C1,D1,E1,m_M[ 0],12,MAGIC2); F4(A2,B2,C2,D2,E2,m_M[15], 7,MAGIC7);
F2(E1,A1,B1,C1,D1,m_M[ 9],15,MAGIC2); F4(E2,A2,B2,C2,D2,m_M[ 8],12,MAGIC7);
F2(D1,E1,A1,B1,C1,m_M[ 5], 9,MAGIC2); F4(D2,E2,A2,B2,C2,m_M[12], 7,MAGIC7);
F2(C1,D1,E1,A1,B1,m_M[ 2],11,MAGIC2); F4(C2,D2,E2,A2,B2,m_M[ 4], 6,MAGIC7);
F2(B1,C1,D1,E1,A1,m_M[14], 7,MAGIC2); F4(B2,C2,D2,E2,A2,m_M[ 9],15,MAGIC7);
F2(A1,B1,C1,D1,E1,m_M[11],13,MAGIC2); F4(A2,B2,C2,D2,E2,m_M[ 1],13,MAGIC7);
F2(E1,A1,B1,C1,D1,m_M[ 8],12,MAGIC2); F4(E2,A2,B2,C2,D2,m_M[ 2],11,MAGIC7);
F3(D1,E1,A1,B1,C1,m_M[ 3],11,MAGIC3); F3(D2,E2,A2,B2,C2,m_M[15], 9,MAGIC8);
F3(C1,D1,E1,A1,B1,m_M[10],13,MAGIC3); F3(C2,D2,E2,A2,B2,m_M[ 5], 7,MAGIC8);
F3(B1,C1,D1,E1,A1,m_M[14], 6,MAGIC3); F3(B2,C2,D2,E2,A2,m_M[ 1],15,MAGIC8);
F3(A1,B1,C1,D1,E1,m_M[ 4], 7,MAGIC3); F3(A2,B2,C2,D2,E2,m_M[ 3],11,MAGIC8);
F3(E1,A1,B1,C1,D1,m_M[ 9],14,MAGIC3); F3(E2,A2,B2,C2,D2,m_M[ 7], 8,MAGIC8);
F3(D1,E1,A1,B1,C1,m_M[15], 9,MAGIC3); F3(D2,E2,A2,B2,C2,m_M[14], 6,MAGIC8);
F3(C1,D1,E1,A1,B1,m_M[ 8],13,MAGIC3); F3(C2,D2,E2,A2,B2,m_M[ 6], 6,MAGIC8);
F3(B1,C1,D1,E1,A1,m_M[ 1],15,MAGIC3); F3(B2,C2,D2,E2,A2,m_M[ 9],14,MAGIC8);
F3(A1,B1,C1,D1,E1,m_M[ 2],14,MAGIC3); F3(A2,B2,C2,D2,E2,m_M[11],12,MAGIC8);
F3(E1,A1,B1,C1,D1,m_M[ 7], 8,MAGIC3); F3(E2,A2,B2,C2,D2,m_M[ 8],13,MAGIC8);
F3(D1,E1,A1,B1,C1,m_M[ 0],13,MAGIC3); F3(D2,E2,A2,B2,C2,m_M[12], 5,MAGIC8);
F3(C1,D1,E1,A1,B1,m_M[ 6], 6,MAGIC3); F3(C2,D2,E2,A2,B2,m_M[ 2],14,MAGIC8);
F3(B1,C1,D1,E1,A1,m_M[13], 5,MAGIC3); F3(B2,C2,D2,E2,A2,m_M[10],13,MAGIC8);
F3(A1,B1,C1,D1,E1,m_M[11],12,MAGIC3); F3(A2,B2,C2,D2,E2,m_M[ 0],13,MAGIC8);
F3(E1,A1,B1,C1,D1,m_M[ 5], 7,MAGIC3); F3(E2,A2,B2,C2,D2,m_M[ 4], 7,MAGIC8);
F3(D1,E1,A1,B1,C1,m_M[12], 5,MAGIC3); F3(D2,E2,A2,B2,C2,m_M[13], 5,MAGIC8);
F4(C1,D1,E1,A1,B1,m_M[ 1],11,MAGIC4); F2(C2,D2,E2,A2,B2,m_M[ 8],15,MAGIC9);
F4(B1,C1,D1,E1,A1,m_M[ 9],12,MAGIC4); F2(B2,C2,D2,E2,A2,m_M[ 6], 5,MAGIC9);
F4(A1,B1,C1,D1,E1,m_M[11],14,MAGIC4); F2(A2,B2,C2,D2,E2,m_M[ 4], 8,MAGIC9);
F4(E1,A1,B1,C1,D1,m_M[10],15,MAGIC4); F2(E2,A2,B2,C2,D2,m_M[ 1],11,MAGIC9);
F4(D1,E1,A1,B1,C1,m_M[ 0],14,MAGIC4); F2(D2,E2,A2,B2,C2,m_M[ 3],14,MAGIC9);
F4(C1,D1,E1,A1,B1,m_M[ 8],15,MAGIC4); F2(C2,D2,E2,A2,B2,m_M[11],14,MAGIC9);
F4(B1,C1,D1,E1,A1,m_M[12], 9,MAGIC4); F2(B2,C2,D2,E2,A2,m_M[15], 6,MAGIC9);
F4(A1,B1,C1,D1,E1,m_M[ 4], 8,MAGIC4); F2(A2,B2,C2,D2,E2,m_M[ 0],14,MAGIC9);
F4(E1,A1,B1,C1,D1,m_M[13], 9,MAGIC4); F2(E2,A2,B2,C2,D2,m_M[ 5], 6,MAGIC9);
F4(D1,E1,A1,B1,C1,m_M[ 3],14,MAGIC4); F2(D2,E2,A2,B2,C2,m_M[12], 9,MAGIC9);
F4(C1,D1,E1,A1,B1,m_M[ 7], 5,MAGIC4); F2(C2,D2,E2,A2,B2,m_M[ 2],12,MAGIC9);
F4(B1,C1,D1,E1,A1,m_M[15], 6,MAGIC4); F2(B2,C2,D2,E2,A2,m_M[13], 9,MAGIC9);
F4(A1,B1,C1,D1,E1,m_M[14], 8,MAGIC4); F2(A2,B2,C2,D2,E2,m_M[ 9],12,MAGIC9);
F4(E1,A1,B1,C1,D1,m_M[ 5], 6,MAGIC4); F2(E2,A2,B2,C2,D2,m_M[ 7], 5,MAGIC9);
F4(D1,E1,A1,B1,C1,m_M[ 6], 5,MAGIC4); F2(D2,E2,A2,B2,C2,m_M[10],15,MAGIC9);
F4(C1,D1,E1,A1,B1,m_M[ 2],12,MAGIC4); F2(C2,D2,E2,A2,B2,m_M[14], 8,MAGIC9);
F5(B1,C1,D1,E1,A1,m_M[ 4], 9,MAGIC5); F1(B2,C2,D2,E2,A2,m_M[12], 8 );
F5(A1,B1,C1,D1,E1,m_M[ 0],15,MAGIC5); F1(A2,B2,C2,D2,E2,m_M[15], 5 );
F5(E1,A1,B1,C1,D1,m_M[ 5], 5,MAGIC5); F1(E2,A2,B2,C2,D2,m_M[10],12 );
F5(D1,E1,A1,B1,C1,m_M[ 9],11,MAGIC5); F1(D2,E2,A2,B2,C2,m_M[ 4], 9 );
F5(C1,D1,E1,A1,B1,m_M[ 7], 6,MAGIC5); F1(C2,D2,E2,A2,B2,m_M[ 1],12 );
F5(B1,C1,D1,E1,A1,m_M[12], 8,MAGIC5); F1(B2,C2,D2,E2,A2,m_M[ 5], 5 );
F5(A1,B1,C1,D1,E1,m_M[ 2],13,MAGIC5); F1(A2,B2,C2,D2,E2,m_M[ 8],14 );
F5(E1,A1,B1,C1,D1,m_M[10],12,MAGIC5); F1(E2,A2,B2,C2,D2,m_M[ 7], 6 );
F5(D1,E1,A1,B1,C1,m_M[14], 5,MAGIC5); F1(D2,E2,A2,B2,C2,m_M[ 6], 8 );
F5(C1,D1,E1,A1,B1,m_M[ 1],12,MAGIC5); F1(C2,D2,E2,A2,B2,m_M[ 2],13 );
F5(B1,C1,D1,E1,A1,m_M[ 3],13,MAGIC5); F1(B2,C2,D2,E2,A2,m_M[13], 6 );
F5(A1,B1,C1,D1,E1,m_M[ 8],14,MAGIC5); F1(A2,B2,C2,D2,E2,m_M[14], 5 );
F5(E1,A1,B1,C1,D1,m_M[11],11,MAGIC5); F1(E2,A2,B2,C2,D2,m_M[ 0],15 );
F5(D1,E1,A1,B1,C1,m_M[ 6], 8,MAGIC5); F1(D2,E2,A2,B2,C2,m_M[ 3],13 );
F5(C1,D1,E1,A1,B1,m_M[15], 5,MAGIC5); F1(C2,D2,E2,A2,B2,m_M[ 9],11 );
F5(B1,C1,D1,E1,A1,m_M[13], 6,MAGIC5); F1(B2,C2,D2,E2,A2,m_M[11],11 );
C1 = m_digest[1] + C1 + D2;
m_digest[1] = m_digest[2] + D1 + E2;
m_digest[2] = m_digest[3] + E1 + A2;
m_digest[3] = m_digest[4] + A1 + B2;
m_digest[4] = m_digest[0] + B1 + C2;
m_digest[0] = C1;
input += hash_block_size();
}
}
/*
* SM3 Compression Function
*/
void SM3::compress_n(const uint8_t input[], size_t blocks)
{
uint32_t A = m_digest[0], B = m_digest[1], C = m_digest[2], D = m_digest[3],
E = m_digest[4], F = m_digest[5], G = m_digest[6], H = m_digest[7];
uint32_t W[68], W1[64];
uint32_t SS1, SS2, TT1, TT2, T[64];
for(size_t i = 0; i != blocks; ++i)
{
// Message Extension (a)
W[ 0] = load_be<uint32_t>(input, 0);
W[ 1] = load_be<uint32_t>(input, 1);
W[ 2] = load_be<uint32_t>(input, 2);
W[ 3] = load_be<uint32_t>(input, 3);
W[ 4] = load_be<uint32_t>(input, 4);
W[ 5] = load_be<uint32_t>(input, 5);
W[ 6] = load_be<uint32_t>(input, 6);
W[ 7] = load_be<uint32_t>(input, 7);
W[ 8] = load_be<uint32_t>(input, 8);
W[ 9] = load_be<uint32_t>(input, 9);
W[10] = load_be<uint32_t>(input, 10);
W[11] = load_be<uint32_t>(input, 11);
W[12] = load_be<uint32_t>(input, 12);
W[13] = load_be<uint32_t>(input, 13);
W[14] = load_be<uint32_t>(input, 14);
W[15] = load_be<uint32_t>(input, 15);
// Message Extension (b)
W[16] = P1(W[ 0] ^ W[ 7] ^ rotate_left(W[13], 15)) ^ rotate_left(W[ 3], 7) ^ W[10];
W[17] = P1(W[ 1] ^ W[ 8] ^ rotate_left(W[14], 15)) ^ rotate_left(W[ 4], 7) ^ W[11];
W[18] = P1(W[ 2] ^ W[ 9] ^ rotate_left(W[15], 15)) ^ rotate_left(W[ 5], 7) ^ W[12];
W[19] = P1(W[ 3] ^ W[10] ^ rotate_left(W[16], 15)) ^ rotate_left(W[ 6], 7) ^ W[13];
W[20] = P1(W[ 4] ^ W[11] ^ rotate_left(W[17], 15)) ^ rotate_left(W[ 7], 7) ^ W[14];
W[21] = P1(W[ 5] ^ W[12] ^ rotate_left(W[18], 15)) ^ rotate_left(W[ 8], 7) ^ W[15];
W[22] = P1(W[ 6] ^ W[13] ^ rotate_left(W[19], 15)) ^ rotate_left(W[ 9], 7) ^ W[16];
W[23] = P1(W[ 7] ^ W[14] ^ rotate_left(W[20], 15)) ^ rotate_left(W[10], 7) ^ W[17];
W[24] = P1(W[ 8] ^ W[15] ^ rotate_left(W[21], 15)) ^ rotate_left(W[11], 7) ^ W[18];
W[25] = P1(W[ 9] ^ W[16] ^ rotate_left(W[22], 15)) ^ rotate_left(W[12], 7) ^ W[19];
W[26] = P1(W[10] ^ W[17] ^ rotate_left(W[23], 15)) ^ rotate_left(W[13], 7) ^ W[20];
W[27] = P1(W[11] ^ W[18] ^ rotate_left(W[24], 15)) ^ rotate_left(W[14], 7) ^ W[21];
W[28] = P1(W[12] ^ W[19] ^ rotate_left(W[25], 15)) ^ rotate_left(W[15], 7) ^ W[22];
W[29] = P1(W[13] ^ W[20] ^ rotate_left(W[26], 15)) ^ rotate_left(W[16], 7) ^ W[23];
W[30] = P1(W[14] ^ W[21] ^ rotate_left(W[27], 15)) ^ rotate_left(W[17], 7) ^ W[24];
W[31] = P1(W[15] ^ W[22] ^ rotate_left(W[28], 15)) ^ rotate_left(W[18], 7) ^ W[25];
W[32] = P1(W[16] ^ W[23] ^ rotate_left(W[29], 15)) ^ rotate_left(W[19], 7) ^ W[26];
W[33] = P1(W[17] ^ W[24] ^ rotate_left(W[30], 15)) ^ rotate_left(W[20], 7) ^ W[27];
W[34] = P1(W[18] ^ W[25] ^ rotate_left(W[31], 15)) ^ rotate_left(W[21], 7) ^ W[28];
W[35] = P1(W[19] ^ W[26] ^ rotate_left(W[32], 15)) ^ rotate_left(W[22], 7) ^ W[29];
W[36] = P1(W[20] ^ W[27] ^ rotate_left(W[33], 15)) ^ rotate_left(W[23], 7) ^ W[30];
W[37] = P1(W[21] ^ W[28] ^ rotate_left(W[34], 15)) ^ rotate_left(W[24], 7) ^ W[31];
W[38] = P1(W[22] ^ W[29] ^ rotate_left(W[35], 15)) ^ rotate_left(W[25], 7) ^ W[32];
W[39] = P1(W[23] ^ W[30] ^ rotate_left(W[36], 15)) ^ rotate_left(W[26], 7) ^ W[33];
W[40] = P1(W[24] ^ W[31] ^ rotate_left(W[37], 15)) ^ rotate_left(W[27], 7) ^ W[34];
W[41] = P1(W[25] ^ W[32] ^ rotate_left(W[38], 15)) ^ rotate_left(W[28], 7) ^ W[35];
W[42] = P1(W[26] ^ W[33] ^ rotate_left(W[39], 15)) ^ rotate_left(W[29], 7) ^ W[36];
W[43] = P1(W[27] ^ W[34] ^ rotate_left(W[40], 15)) ^ rotate_left(W[30], 7) ^ W[37];
W[44] = P1(W[28] ^ W[35] ^ rotate_left(W[41], 15)) ^ rotate_left(W[31], 7) ^ W[38];
W[45] = P1(W[29] ^ W[36] ^ rotate_left(W[42], 15)) ^ rotate_left(W[32], 7) ^ W[39];
W[46] = P1(W[30] ^ W[37] ^ rotate_left(W[43], 15)) ^ rotate_left(W[33], 7) ^ W[40];
W[47] = P1(W[31] ^ W[38] ^ rotate_left(W[44], 15)) ^ rotate_left(W[34], 7) ^ W[41];
W[48] = P1(W[32] ^ W[39] ^ rotate_left(W[45], 15)) ^ rotate_left(W[35], 7) ^ W[42];
W[49] = P1(W[33] ^ W[40] ^ rotate_left(W[46], 15)) ^ rotate_left(W[36], 7) ^ W[43];
W[50] = P1(W[34] ^ W[41] ^ rotate_left(W[47], 15)) ^ rotate_left(W[37], 7) ^ W[44];
W[51] = P1(W[35] ^ W[42] ^ rotate_left(W[48], 15)) ^ rotate_left(W[38], 7) ^ W[45];
W[52] = P1(W[36] ^ W[43] ^ rotate_left(W[49], 15)) ^ rotate_left(W[39], 7) ^ W[46];
W[53] = P1(W[37] ^ W[44] ^ rotate_left(W[50], 15)) ^ rotate_left(W[40], 7) ^ W[47];
W[54] = P1(W[38] ^ W[45] ^ rotate_left(W[51], 15)) ^ rotate_left(W[41], 7) ^ W[48];
W[55] = P1(W[39] ^ W[46] ^ rotate_left(W[52], 15)) ^ rotate_left(W[42], 7) ^ W[49];
W[56] = P1(W[40] ^ W[47] ^ rotate_left(W[53], 15)) ^ rotate_left(W[43], 7) ^ W[50];
W[57] = P1(W[41] ^ W[48] ^ rotate_left(W[54], 15)) ^ rotate_left(W[44], 7) ^ W[51];
W[58] = P1(W[42] ^ W[49] ^ rotate_left(W[55], 15)) ^ rotate_left(W[45], 7) ^ W[52];
W[59] = P1(W[43] ^ W[50] ^ rotate_left(W[56], 15)) ^ rotate_left(W[46], 7) ^ W[53];
W[60] = P1(W[44] ^ W[51] ^ rotate_left(W[57], 15)) ^ rotate_left(W[47], 7) ^ W[54];
W[61] = P1(W[45] ^ W[52] ^ rotate_left(W[58], 15)) ^ rotate_left(W[48], 7) ^ W[55];
W[62] = P1(W[46] ^ W[53] ^ rotate_left(W[59], 15)) ^ rotate_left(W[49], 7) ^ W[56];
W[63] = P1(W[47] ^ W[54] ^ rotate_left(W[60], 15)) ^ rotate_left(W[50], 7) ^ W[57];
W[64] = P1(W[48] ^ W[55] ^ rotate_left(W[61], 15)) ^ rotate_left(W[51], 7) ^ W[58];
W[65] = P1(W[49] ^ W[56] ^ rotate_left(W[62], 15)) ^ rotate_left(W[52], 7) ^ W[59];
W[66] = P1(W[50] ^ W[57] ^ rotate_left(W[63], 15)) ^ rotate_left(W[53], 7) ^ W[60];
W[67] = P1(W[51] ^ W[58] ^ rotate_left(W[64], 15)) ^ rotate_left(W[54], 7) ^ W[61];
// Message Extension (c)
W1[ 0] = W[ 0] ^ W[ 4];
W1[ 1] = W[ 1] ^ W[ 5];
W1[ 2] = W[ 2] ^ W[ 6];
W1[ 3] = W[ 3] ^ W[ 7];
W1[ 4] = W[ 4] ^ W[ 8];
W1[ 5] = W[ 5] ^ W[ 9];
W1[ 6] = W[ 6] ^ W[10];
W1[ 7] = W[ 7] ^ W[11];
W1[ 8] = W[ 8] ^ W[12];
W1[ 9] = W[ 9] ^ W[13];
W1[10] = W[10] ^ W[14];
W1[11] = W[11] ^ W[15];
W1[12] = W[12] ^ W[16];
W1[13] = W[13] ^ W[17];
W1[14] = W[14] ^ W[18];
W1[15] = W[15] ^ W[19];
W1[16] = W[16] ^ W[20];
W1[17] = W[17] ^ W[21];
W1[18] = W[18] ^ W[22];
W1[19] = W[19] ^ W[23];
W1[20] = W[20] ^ W[24];
W1[21] = W[21] ^ W[25];
W1[22] = W[22] ^ W[26];
W1[23] = W[23] ^ W[27];
W1[24] = W[24] ^ W[28];
W1[25] = W[25] ^ W[29];
W1[26] = W[26] ^ W[30];
W1[27] = W[27] ^ W[31];
W1[28] = W[28] ^ W[32];
W1[29] = W[29] ^ W[33];
W1[30] = W[30] ^ W[34];
W1[31] = W[31] ^ W[35];
W1[32] = W[32] ^ W[36];
W1[33] = W[33] ^ W[37];
W1[34] = W[34] ^ W[38];
W1[35] = W[35] ^ W[39];
W1[36] = W[36] ^ W[40];
W1[37] = W[37] ^ W[41];
W1[38] = W[38] ^ W[42];
W1[39] = W[39] ^ W[43];
W1[40] = W[40] ^ W[44];
W1[41] = W[41] ^ W[45];
W1[42] = W[42] ^ W[46];
W1[43] = W[43] ^ W[47];
W1[44] = W[44] ^ W[48];
W1[45] = W[45] ^ W[49];
W1[46] = W[46] ^ W[50];
W1[47] = W[47] ^ W[51];
W1[48] = W[48] ^ W[52];
W1[49] = W[49] ^ W[53];
W1[50] = W[50] ^ W[54];
W1[51] = W[51] ^ W[55];
W1[52] = W[52] ^ W[56];
W1[53] = W[53] ^ W[57];
W1[54] = W[54] ^ W[58];
W1[55] = W[55] ^ W[59];
W1[56] = W[56] ^ W[60];
W1[57] = W[57] ^ W[61];
W1[58] = W[58] ^ W[62];
W1[59] = W[59] ^ W[63];
W1[60] = W[60] ^ W[64];
W1[61] = W[61] ^ W[65];
W1[62] = W[62] ^ W[66];
W1[63] = W[63] ^ W[67];
for (size_t j = 0; j < 16; j++)
{
T[j] = SM3_TJ_0_15;
SS1 = rotate_left(rotate_left(A, 12) + E + rotate_left(T[j], j), 7);
SS2 = SS1 ^ rotate_left(A, 12);
TT1 = FF0(A, B, C) + D + SS2 + W1[j];
TT2 = GG0(E, F, G) + H + SS1 + W[j];
D = C;
C = rotate_left(B, 9);
B = A;
A = TT1;
H = G;
G = rotate_left(F, 19);
F = E;
E = P0(TT2);
}
for (size_t j = 16; j < 64; j++)
{
T[j] = SM3_TJ_16_63;
SS1 = rotate_left(rotate_left(A, 12) + E + rotate_left(T[j], j), 7);
SS2 = SS1 ^ rotate_left(A, 12);
TT1 = FF1(A, B, C) + D + SS2 + W1[j];
TT2 = GG1(E, F, G) + H + SS1 + W[j];
D = C;
C = rotate_left(B, 9);
B = A;
A = TT1;
H = G;
G = rotate_left(F, 19);
F = E;
E = P0(TT2);
}
A = (m_digest[0] ^= A);
B = (m_digest[1] ^= B);
C = (m_digest[2] ^= C);
D = (m_digest[3] ^= D);
E = (m_digest[4] ^= E);
F = (m_digest[5] ^= F);
G = (m_digest[6] ^= G);
H = (m_digest[7] ^= H);
input += hash_block_size();
}
}
