diff options
| author | lloyd <[email protected]> | 2009-09-15 14:30:25 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2009-09-15 14:30:25 +0000 |
| commit | 34f9ef45565ed4052b3a50026827c5171a8dad2f (patch) | |
| tree | b5bec60e8d72a1470facbde72b3aaedacdf5a7cf /src/hash | |
| parent | 7f6a017a61fc6ef97d9d7b37236df52d6170e7d6 (diff) | |
In BMW-512, don't use the stack, instead use class SecureBuffers to reduce
info leakage.
Diffstat (limited to 'src/hash')
| -rw-r--r-- | src/hash/bmw/bmw_512.cpp | 137 | ||||
| -rw-r--r-- | src/hash/bmw/bmw_512.h | 3 |
2 files changed, 70 insertions, 70 deletions
diff --git a/src/hash/bmw/bmw_512.cpp b/src/hash/bmw/bmw_512.cpp index 42389beea..4019c0ff2 100644 --- a/src/hash/bmw/bmw_512.cpp +++ b/src/hash/bmw/bmw_512.cpp @@ -45,96 +45,93 @@ void BMW_512::compress_n(const byte input[], u32bit blocks) { for(u32bit i = 0; i != blocks; ++i) { - u64bit Q[32] = { 0 }; - u64bit M[16] = { 0 }; - for(u32bit j = 0; j != 16; ++j) H[j] ^= M[j] = load_le<u64bit>(input, j); input += HASH_BLOCK_SIZE; - Q[ 0] = H[ 5] - H[ 7] + H[10] + H[13] + H[14]; - Q[ 1] = H[ 6] - H[ 8] + H[11] + H[14] - H[15]; - Q[ 2] = H[ 0] + H[ 7] + H[ 9] - H[12] + H[15]; - Q[ 3] = H[ 0] - H[ 1] + H[ 8] - H[10] + H[13]; - Q[ 4] = H[ 1] + H[ 2] + H[ 9] - H[11] - H[14]; - Q[ 5] = H[ 3] - H[ 2] + H[10] - H[12] + H[15]; - Q[ 6] = H[ 4] - H[ 0] - H[ 3] - H[11] + H[13]; - Q[ 7] = H[ 1] - H[ 4] - H[ 5] - H[12] - H[14]; - Q[ 8] = H[ 2] - H[ 5] - H[ 6] + H[13] - H[15]; - Q[ 9] = H[ 0] - H[ 3] + H[ 6] - H[ 7] + H[14]; - Q[10] = H[ 8] - H[ 1] - H[ 4] - H[ 7] + H[15]; - Q[11] = H[ 8] - H[ 0] - H[ 2] - H[ 5] + H[ 9]; - Q[12] = H[ 1] + H[ 3] - H[ 6] - H[ 9] + H[10]; - Q[13] = H[ 2] + H[ 4] + H[ 7] + H[10] + H[11]; - Q[14] = H[ 3] - H[ 5] + H[ 8] - H[11] - H[12]; - Q[15] = H[12] - H[ 4] - H[ 6] - H[ 9] + H[13]; - - Q[ 0] = S0(Q[ 0]); - Q[ 1] = S1(Q[ 1]); - Q[ 2] = S2(Q[ 2]); - Q[ 3] = S3(Q[ 3]); - Q[ 4] = S4(Q[ 4]); - Q[ 5] = S0(Q[ 5]); - Q[ 6] = S1(Q[ 6]); - Q[ 7] = S2(Q[ 7]); - Q[ 8] = S3(Q[ 8]); - Q[ 9] = S4(Q[ 9]); - Q[10] = S0(Q[10]); - Q[11] = S1(Q[11]); - Q[12] = S2(Q[12]); - Q[13] = S3(Q[13]); - Q[14] = S4(Q[14]); - Q[15] = S0(Q[15]); + H[16] = H[ 5] - H[ 7] + H[10] + H[13] + H[14]; + H[17] = H[ 6] - H[ 8] + H[11] + H[14] - H[15]; + H[18] = H[ 0] + H[ 7] + H[ 9] - H[12] + H[15]; + H[19] = H[ 0] - H[ 1] + H[ 8] - H[10] + H[13]; + H[20] = H[ 1] + H[ 2] + H[ 9] - H[11] - H[14]; + H[21] = H[ 3] - H[ 2] + H[10] - H[12] + H[15]; + H[22] = H[ 4] - H[ 0] - H[ 3] - H[11] + H[13]; + H[23] = H[ 1] - H[ 4] - H[ 5] - H[12] - H[14]; + H[24] = H[ 2] - H[ 5] - H[ 6] + H[13] - H[15]; + H[25] = H[ 0] - H[ 3] + H[ 6] - H[ 7] + H[14]; + H[26] = H[ 8] - H[ 1] - H[ 4] - H[ 7] + H[15]; + H[27] = H[ 8] - H[ 0] - H[ 2] - H[ 5] + H[ 9]; + H[28] = H[ 1] + H[ 3] - H[ 6] - H[ 9] + H[10]; + H[29] = H[ 2] + H[ 4] + H[ 7] + H[10] + H[11]; + H[30] = H[ 3] - H[ 5] + H[ 8] - H[11] - H[12]; + H[31] = H[12] - H[ 4] - H[ 6] - H[ 9] + H[13]; + + H[ 0] = S0(H[16]); + H[ 1] = S1(H[17]); + H[ 2] = S2(H[18]); + H[ 3] = S3(H[19]); + H[ 4] = S4(H[20]); + H[ 5] = S0(H[21]); + H[ 6] = S1(H[22]); + H[ 7] = S2(H[23]); + H[ 8] = S3(H[24]); + H[ 9] = S4(H[25]); + H[10] = S0(H[26]); + H[11] = S1(H[27]); + H[12] = S2(H[28]); + H[13] = S3(H[29]); + H[14] = S4(H[30]); + H[15] = S0(H[31]); for(u32bit j = 16; j != 18; ++j) { - Q[j] = S1(Q[j-16]) + S2(Q[j-15]) + S3(Q[j-14]) + S0(Q[j-13]) + - S1(Q[j-12]) + S2(Q[j-11]) + S3(Q[j-10]) + S0(Q[j- 9]) + - S1(Q[j- 8]) + S2(Q[j- 7]) + S3(Q[j- 6]) + S0(Q[j- 5]) + - S1(Q[j- 4]) + S2(Q[j- 3]) + S3(Q[j- 2]) + S0(Q[j- 1]) + + H[j] = S1(H[j-16]) + S2(H[j-15]) + S3(H[j-14]) + S0(H[j-13]) + + S1(H[j-12]) + S2(H[j-11]) + S3(H[j-10]) + S0(H[j- 9]) + + S1(H[j- 8]) + S2(H[j- 7]) + S3(H[j- 6]) + S0(H[j- 5]) + + S1(H[j- 4]) + S2(H[j- 3]) + S3(H[j- 2]) + S0(H[j- 1]) + M[j-16] + M[j-13] - M[j-6] + (0x0555555555555555 * j); } for(u32bit j = 18; j != 32; ++j) { - Q[j] = Q[j-16] + rotate_left(Q[j-15], 5) + - Q[j-14] + rotate_left(Q[j-13], 11) + - Q[j-12] + rotate_left(Q[j-11], 27) + - Q[j-10] + rotate_left(Q[j- 9], 32) + - Q[j- 8] + rotate_left(Q[j- 7], 37) + - Q[j- 6] + rotate_left(Q[j- 5], 43) + - Q[j- 4] + rotate_left(Q[j- 3], 53) + - (Q[j- 2] >> 2 ^ Q[j- 2]) + S4(Q[j- 1]) + + H[j] = H[j-16] + rotate_left(H[j-15], 5) + + H[j-14] + rotate_left(H[j-13], 11) + + H[j-12] + rotate_left(H[j-11], 27) + + H[j-10] + rotate_left(H[j- 9], 32) + + H[j- 8] + rotate_left(H[j- 7], 37) + + H[j- 6] + rotate_left(H[j- 5], 43) + + H[j- 4] + rotate_left(H[j- 3], 53) + + (H[j- 2] >> 2 ^ H[j- 2]) + S4(H[j- 1]) + M[j-16] + M[(j-13) % 16] - M[(j-6) % 16] + (0x0555555555555555 * j); } - u64bit XL = Q[16] ^ Q[17] ^ Q[18] ^ Q[19] ^ - Q[20] ^ Q[21] ^ Q[22] ^ Q[23]; + u64bit XL = H[16] ^ H[17] ^ H[18] ^ H[19] ^ + H[20] ^ H[21] ^ H[22] ^ H[23]; - u64bit XH = Q[24] ^ Q[25] ^ Q[26] ^ Q[27] ^ - Q[28] ^ Q[29] ^ Q[30] ^ Q[31]; + u64bit XH = H[24] ^ H[25] ^ H[26] ^ H[27] ^ + H[28] ^ H[29] ^ H[30] ^ H[31]; XH ^= XL; - H[ 0] = ((XH << 5) ^ (Q[16] >> 5) ^ M[0]) + (XL ^ Q[24] ^ Q[0]); - H[ 1] = ((XH >> 7) ^ (Q[17] << 8) ^ M[1]) + (XL ^ Q[25] ^ Q[1]); - H[ 2] = ((XH >> 5) ^ (Q[18] << 5) ^ M[2]) + (XL ^ Q[26] ^ Q[2]); - H[ 3] = ((XH >> 1) ^ (Q[19] << 5) ^ M[3]) + (XL ^ Q[27] ^ Q[3]); - H[ 4] = ((XH >> 3) ^ (Q[20] ) ^ M[4]) + (XL ^ Q[28] ^ Q[4]); - H[ 5] = ((XH << 6) ^ (Q[21] >> 6) ^ M[5]) + (XL ^ Q[29] ^ Q[5]); - H[ 6] = ((XH >> 4) ^ (Q[22] << 6) ^ M[6]) + (XL ^ Q[30] ^ Q[6]); - H[ 7] = ((XH >> 11) ^ (Q[23] << 2) ^ M[7]) + (XL ^ Q[31] ^ Q[7]); - - H[ 8] = rotate_left(H[4], 9) + (XH ^ Q[24] ^ M[ 8]) + ((XL << 8) ^ Q[23] ^ Q[ 8]); - H[ 9] = rotate_left(H[5], 10) + (XH ^ Q[25] ^ M[ 9]) + ((XL >> 6) ^ Q[16] ^ Q[ 9]); - H[10] = rotate_left(H[6], 11) + (XH ^ Q[26] ^ M[10]) + ((XL << 6) ^ Q[17] ^ Q[10]); - H[11] = rotate_left(H[7], 12) + (XH ^ Q[27] ^ M[11]) + ((XL << 4) ^ Q[18] ^ Q[11]); - H[12] = rotate_left(H[0], 13) + (XH ^ Q[28] ^ M[12]) + ((XL >> 3) ^ Q[19] ^ Q[12]); - H[13] = rotate_left(H[1], 14) + (XH ^ Q[29] ^ M[13]) + ((XL >> 4) ^ Q[20] ^ Q[13]); - H[14] = rotate_left(H[2], 15) + (XH ^ Q[30] ^ M[14]) + ((XL >> 7) ^ Q[21] ^ Q[14]); - H[15] = rotate_left(H[3], 16) + (XH ^ Q[31] ^ M[15]) + ((XL >> 2) ^ Q[22] ^ Q[15]); + H[ 0] = ((XH << 5) ^ (H[16] >> 5) ^ M[0]) + (XL ^ H[24] ^ H[0]); + H[ 1] = ((XH >> 7) ^ (H[17] << 8) ^ M[1]) + (XL ^ H[25] ^ H[1]); + H[ 2] = ((XH >> 5) ^ (H[18] << 5) ^ M[2]) + (XL ^ H[26] ^ H[2]); + H[ 3] = ((XH >> 1) ^ (H[19] << 5) ^ M[3]) + (XL ^ H[27] ^ H[3]); + H[ 4] = ((XH >> 3) ^ (H[20] ) ^ M[4]) + (XL ^ H[28] ^ H[4]); + H[ 5] = ((XH << 6) ^ (H[21] >> 6) ^ M[5]) + (XL ^ H[29] ^ H[5]); + H[ 6] = ((XH >> 4) ^ (H[22] << 6) ^ M[6]) + (XL ^ H[30] ^ H[6]); + H[ 7] = ((XH >> 11) ^ (H[23] << 2) ^ M[7]) + (XL ^ H[31] ^ H[7]); + + H[ 8] = rotate_left(H[4], 9) + (XH ^ H[24] ^ M[ 8]) + ((XL << 8) ^ H[23] ^ H[ 8]); + H[ 9] = rotate_left(H[5], 10) + (XH ^ H[25] ^ M[ 9]) + ((XL >> 6) ^ H[16] ^ H[ 9]); + H[10] = rotate_left(H[6], 11) + (XH ^ H[26] ^ M[10]) + ((XL << 6) ^ H[17] ^ H[10]); + H[11] = rotate_left(H[7], 12) + (XH ^ H[27] ^ M[11]) + ((XL << 4) ^ H[18] ^ H[11]); + H[12] = rotate_left(H[0], 13) + (XH ^ H[28] ^ M[12]) + ((XL >> 3) ^ H[19] ^ H[12]); + H[13] = rotate_left(H[1], 14) + (XH ^ H[29] ^ M[13]) + ((XL >> 4) ^ H[20] ^ H[13]); + H[14] = rotate_left(H[2], 15) + (XH ^ H[30] ^ M[14]) + ((XL >> 7) ^ H[21] ^ H[14]); + H[15] = rotate_left(H[3], 16) + (XH ^ H[31] ^ M[15]) + ((XL >> 2) ^ H[22] ^ H[15]); } } @@ -153,6 +150,8 @@ void BMW_512::copy_out(byte output[]) void BMW_512::clear() throw() { MDx_HashFunction::clear(); + M.clear(); + H[ 0] = 0x8081828384858687; H[ 1] = 0x88898A8B8C8D8E8F; H[ 2] = 0x9091929394959697; diff --git a/src/hash/bmw/bmw_512.h b/src/hash/bmw/bmw_512.h index da4b42598..4be6afd04 100644 --- a/src/hash/bmw/bmw_512.h +++ b/src/hash/bmw/bmw_512.h @@ -23,7 +23,8 @@ class BMW_512 : public MDx_HashFunction void compress_n(const byte input[], u32bit blocks); void copy_out(byte output[]); - SecureBuffer<u64bit, 16> H; + SecureBuffer<u64bit, 32> H; + SecureBuffer<u64bit, 16> M; }; } |