/src/botan/src/lib/hash/tiger/tiger.cpp

Source (jump to first uncovered line)
/*
* Tiger
* (C) 1999-2007 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/tiger.h>
#include <botan/loadstor.h>
#include <botan/exceptn.h>

namespace Botan {

std::unique_ptr<HashFunction> Tiger::copy_state() const
   {
   return std::unique_ptr<HashFunction>(new Tiger(*this));
   }

namespace {

/*
* Tiger Mixing Function
*/
inline void mix(secure_vector<uint64_t>& X)
   {
   X[0] -= X[7] ^ 0xA5A5A5A5A5A5A5A5;
   X[1] ^= X[0];
   X[2] += X[1];
   X[3] -= X[2] ^ ((~X[1]) << 19);
   X[4] ^= X[3];
   X[5] += X[4];
   X[6] -= X[5] ^ ((~X[4]) >> 23);
   X[7] ^= X[6];

   X[0] += X[7];
   X[1] -= X[0] ^ ((~X[7]) << 19);
   X[2] ^= X[1];
   X[3] += X[2];
   X[4] -= X[3] ^ ((~X[2]) >> 23);
   X[5] ^= X[4];
   X[6] += X[5];
   X[7] -= X[6] ^ 0x0123456789ABCDEF;
   }

}

/*
* Tiger Compression Function
*/
void Tiger::compress_n(const uint8_t input[], size_t blocks)
   {
   uint64_t A = m_digest[0], B = m_digest[1], C = m_digest[2];

   for(size_t i = 0; i != blocks; ++i)
      {
      load_le(m_X.data(), input, m_X.size());

      pass(A, B, C, m_X, 5); mix(m_X);
      pass(C, A, B, m_X, 7); mix(m_X);
      pass(B, C, A, m_X, 9);

      for(size_t j = 3; j != m_passes; ++j)
         {
         mix(m_X);
         pass(A, B, C, m_X, 9);
         uint64_t T = A; A = C; C = B; B = T;
         }

      A = (m_digest[0] ^= A);
      B = m_digest[1] = B - m_digest[1];
      C = (m_digest[2] += C);

      input += hash_block_size();
      }
   }

/*
* Copy out the digest
*/
void Tiger::copy_out(uint8_t output[])
   {
   copy_out_vec_le(output, output_length(), m_digest);
   }

/*
* Tiger Pass
*/
void Tiger::pass(uint64_t& A, uint64_t& B, uint64_t& C,
                 const secure_vector<uint64_t>& X,
                 uint8_t mul)
   {
   C ^= X[0];
   A -= SBOX1[get_byte(7, C)] ^ SBOX2[get_byte(5, C)] ^
        SBOX3[get_byte(3, C)] ^ SBOX4[get_byte(1, C)];
   B += SBOX1[get_byte(0, C)] ^ SBOX2[get_byte(2, C)] ^
        SBOX3[get_byte(4, C)] ^ SBOX4[get_byte(6, C)];
   B *= mul;

   A ^= X[1];
   B -= SBOX1[get_byte(7, A)] ^ SBOX2[get_byte(5, A)] ^
        SBOX3[get_byte(3, A)] ^ SBOX4[get_byte(1, A)];
   C += SBOX1[get_byte(0, A)] ^ SBOX2[get_byte(2, A)] ^
        SBOX3[get_byte(4, A)] ^ SBOX4[get_byte(6, A)];
   C *= mul;

   B ^= X[2];
   C -= SBOX1[get_byte(7, B)] ^ SBOX2[get_byte(5, B)] ^
        SBOX3[get_byte(3, B)] ^ SBOX4[get_byte(1, B)];
   A += SBOX1[get_byte(0, B)] ^ SBOX2[get_byte(2, B)] ^
        SBOX3[get_byte(4, B)] ^ SBOX4[get_byte(6, B)];
   A *= mul;

   C ^= X[3];
   A -= SBOX1[get_byte(7, C)] ^ SBOX2[get_byte(5, C)] ^
        SBOX3[get_byte(3, C)] ^ SBOX4[get_byte(1, C)];
   B += SBOX1[get_byte(0, C)] ^ SBOX2[get_byte(2, C)] ^
        SBOX3[get_byte(4, C)] ^ SBOX4[get_byte(6, C)];
   B *= mul;

   A ^= X[4];
   B -= SBOX1[get_byte(7, A)] ^ SBOX2[get_byte(5, A)] ^
        SBOX3[get_byte(3, A)] ^ SBOX4[get_byte(1, A)];
   C += SBOX1[get_byte(0, A)] ^ SBOX2[get_byte(2, A)] ^
        SBOX3[get_byte(4, A)] ^ SBOX4[get_byte(6, A)];
   C *= mul;

   B ^= X[5];
   C -= SBOX1[get_byte(7, B)] ^ SBOX2[get_byte(5, B)] ^
        SBOX3[get_byte(3, B)] ^ SBOX4[get_byte(1, B)];
   A += SBOX1[get_byte(0, B)] ^ SBOX2[get_byte(2, B)] ^
        SBOX3[get_byte(4, B)] ^ SBOX4[get_byte(6, B)];
   A *= mul;

   C ^= X[6];
   A -= SBOX1[get_byte(7, C)] ^ SBOX2[get_byte(5, C)] ^
        SBOX3[get_byte(3, C)] ^ SBOX4[get_byte(1, C)];
   B += SBOX1[get_byte(0, C)] ^ SBOX2[get_byte(2, C)] ^
        SBOX3[get_byte(4, C)] ^ SBOX4[get_byte(6, C)];
   B *= mul;

   A ^= X[7];
   B -= SBOX1[get_byte(7, A)] ^ SBOX2[get_byte(5, A)] ^
        SBOX3[get_byte(3, A)] ^ SBOX4[get_byte(1, A)];
   C += SBOX1[get_byte(0, A)] ^ SBOX2[get_byte(2, A)] ^
        SBOX3[get_byte(4, A)] ^ SBOX4[get_byte(6, A)];
   C *= mul;
   }

/*
* Clear memory of sensitive data
*/
void Tiger::clear()
   {
   MDx_HashFunction::clear();
   zeroise(m_X);
   m_digest[0] = 0x0123456789ABCDEF;
   m_digest[1] = 0xFEDCBA9876543210;
   m_digest[2] = 0xF096A5B4C3B2E187;
   }

/*
* Return the name of this type
*/
std::string Tiger::name() const
   {
   return "Tiger(" + std::to_string(output_length()) + "," +
                     std::to_string(m_passes) + ")";
   }

/*
* Tiger Constructor
*/
Tiger::Tiger(size_t hash_len, size_t passes) :
   MDx_HashFunction(64, false, false),
   m_X(8),
   m_digest(3),
   m_hash_len(hash_len),
   m_passes(passes)
   {
   if(output_length() != 16 && output_length() != 20 && output_length() != 24)
      throw Invalid_Argument("Tiger: Illegal hash output size: " +
                             std::to_string(output_length()));

   if(passes < 3)
      throw Invalid_Argument("Tiger: Invalid number of passes: "
                             + std::to_string(passes));
   clear();
   }

}

Coverage Report

Created: 2019-09-11 14:12

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Tiger
3		* (C) 1999-2007 Jack Lloyd
4		*
5		* Botan is released under the Simplified BSD License (see license.txt)
6		*/
7
8		#include <botan/tiger.h>
9		#include <botan/loadstor.h>
10		#include <botan/exceptn.h>
11
12		namespace Botan {
13
14		std::unique_ptr<HashFunction> Tiger::copy_state() const
15	0	{
16	0	return std::unique_ptr<HashFunction>(new Tiger(*this));
17	0	}
18
19		namespace {
20
21		/*
22		* Tiger Mixing Function
23		*/
24		inline void mix(secure_vector<uint64_t>& X)
25	0	{
26	0	X[0] -= X[7] ^ 0xA5A5A5A5A5A5A5A5;
27	0	X[1] ^= X[0];
28	0	X[2] += X[1];
29	0	X[3] -= X[2] ^ ((~X[1]) << 19);
30	0	X[4] ^= X[3];
31	0	X[5] += X[4];
32	0	X[6] -= X[5] ^ ((~X[4]) >> 23);
33	0	X[7] ^= X[6];
34	0
35	0	X[0] += X[7];
36	0	X[1] -= X[0] ^ ((~X[7]) << 19);
37	0	X[2] ^= X[1];
38	0	X[3] += X[2];
39	0	X[4] -= X[3] ^ ((~X[2]) >> 23);
40	0	X[5] ^= X[4];
41	0	X[6] += X[5];
42	0	X[7] -= X[6] ^ 0x0123456789ABCDEF;
43	0	}
44
45		}
46
47		/*
48		* Tiger Compression Function
49		*/
50		void Tiger::compress_n(const uint8_t input[], size_t blocks)
51	0	{
52	0	uint64_t A = m_digest[0], B = m_digest[1], C = m_digest[2];
53	0
54	0	for(size_t i = 0; i != blocks; ++i)
55	0	{
56	0	load_le(m_X.data(), input, m_X.size());
57	0
58	0	pass(A, B, C, m_X, 5); mix(m_X);
59	0	pass(C, A, B, m_X, 7); mix(m_X);
60	0	pass(B, C, A, m_X, 9);
61	0
62	0	for(size_t j = 3; j != m_passes; ++j)
63	0	{
64	0	mix(m_X);
65	0	pass(A, B, C, m_X, 9);
66	0	uint64_t T = A; A = C; C = B; B = T;
67	0	}
68	0
69	0	A = (m_digest[0] ^= A);
70	0	B = m_digest[1] = B - m_digest[1];
71	0	C = (m_digest[2] += C);
72	0
73	0	input += hash_block_size();
74	0	}
75	0	}
76
77		/*
78		* Copy out the digest
79		*/
80		void Tiger::copy_out(uint8_t output[])
81	0	{
82	0	copy_out_vec_le(output, output_length(), m_digest);
83	0	}
84
85		/*
86		* Tiger Pass
87		*/
88		void Tiger::pass(uint64_t& A, uint64_t& B, uint64_t& C,
89		const secure_vector<uint64_t>& X,
90		uint8_t mul)
91	0	{
92	0	C ^= X[0];
93	0	A -= SBOX1[get_byte(7, C)] ^ SBOX2[get_byte(5, C)] ^
94	0	SBOX3[get_byte(3, C)] ^ SBOX4[get_byte(1, C)];
95	0	B += SBOX1[get_byte(0, C)] ^ SBOX2[get_byte(2, C)] ^
96	0	SBOX3[get_byte(4, C)] ^ SBOX4[get_byte(6, C)];
97	0	B *= mul;
98	0
99	0	A ^= X[1];
100	0	B -= SBOX1[get_byte(7, A)] ^ SBOX2[get_byte(5, A)] ^
101	0	SBOX3[get_byte(3, A)] ^ SBOX4[get_byte(1, A)];
102	0	C += SBOX1[get_byte(0, A)] ^ SBOX2[get_byte(2, A)] ^
103	0	SBOX3[get_byte(4, A)] ^ SBOX4[get_byte(6, A)];
104	0	C *= mul;
105	0
106	0	B ^= X[2];
107	0	C -= SBOX1[get_byte(7, B)] ^ SBOX2[get_byte(5, B)] ^
108	0	SBOX3[get_byte(3, B)] ^ SBOX4[get_byte(1, B)];
109	0	A += SBOX1[get_byte(0, B)] ^ SBOX2[get_byte(2, B)] ^
110	0	SBOX3[get_byte(4, B)] ^ SBOX4[get_byte(6, B)];
111	0	A *= mul;
112	0
113	0	C ^= X[3];
114	0	A -= SBOX1[get_byte(7, C)] ^ SBOX2[get_byte(5, C)] ^
115	0	SBOX3[get_byte(3, C)] ^ SBOX4[get_byte(1, C)];
116	0	B += SBOX1[get_byte(0, C)] ^ SBOX2[get_byte(2, C)] ^
117	0	SBOX3[get_byte(4, C)] ^ SBOX4[get_byte(6, C)];
118	0	B *= mul;
119	0
120	0	A ^= X[4];
121	0	B -= SBOX1[get_byte(7, A)] ^ SBOX2[get_byte(5, A)] ^
122	0	SBOX3[get_byte(3, A)] ^ SBOX4[get_byte(1, A)];
123	0	C += SBOX1[get_byte(0, A)] ^ SBOX2[get_byte(2, A)] ^
124	0	SBOX3[get_byte(4, A)] ^ SBOX4[get_byte(6, A)];
125	0	C *= mul;
126	0
127	0	B ^= X[5];
128	0	C -= SBOX1[get_byte(7, B)] ^ SBOX2[get_byte(5, B)] ^
129	0	SBOX3[get_byte(3, B)] ^ SBOX4[get_byte(1, B)];
130	0	A += SBOX1[get_byte(0, B)] ^ SBOX2[get_byte(2, B)] ^
131	0	SBOX3[get_byte(4, B)] ^ SBOX4[get_byte(6, B)];
132	0	A *= mul;
133	0
134	0	C ^= X[6];
135	0	A -= SBOX1[get_byte(7, C)] ^ SBOX2[get_byte(5, C)] ^
136	0	SBOX3[get_byte(3, C)] ^ SBOX4[get_byte(1, C)];
137	0	B += SBOX1[get_byte(0, C)] ^ SBOX2[get_byte(2, C)] ^
138	0	SBOX3[get_byte(4, C)] ^ SBOX4[get_byte(6, C)];
139	0	B *= mul;
140	0
141	0	A ^= X[7];
142	0	B -= SBOX1[get_byte(7, A)] ^ SBOX2[get_byte(5, A)] ^
143	0	SBOX3[get_byte(3, A)] ^ SBOX4[get_byte(1, A)];
144	0	C += SBOX1[get_byte(0, A)] ^ SBOX2[get_byte(2, A)] ^
145	0	SBOX3[get_byte(4, A)] ^ SBOX4[get_byte(6, A)];
146	0	C *= mul;
147	0	}
148
149		/*
150		* Clear memory of sensitive data
151		*/
152		void Tiger::clear()
153	0	{
154	0	MDx_HashFunction::clear();
155	0	zeroise(m_X);
156	0	m_digest[0] = 0x0123456789ABCDEF;
157	0	m_digest[1] = 0xFEDCBA9876543210;
158	0	m_digest[2] = 0xF096A5B4C3B2E187;
159	0	}
160
161		/*
162		* Return the name of this type
163		*/
164		std::string Tiger::name() const
165	0	{
166	0	return "Tiger(" + std::to_string(output_length()) + "," +
167	0	std::to_string(m_passes) + ")";
168	0	}
169
170		/*
171		* Tiger Constructor
172		*/
173		Tiger::Tiger(size_t hash_len, size_t passes) :
174		MDx_HashFunction(64, false, false),
175		m_X(8),
176		m_digest(3),
177		m_hash_len(hash_len),
178		m_passes(passes)
179	0	{
180	0	if(output_length() != 16 && output_length() != 20 && output_length() != 24)
181	0	throw Invalid_Argument("Tiger: Illegal hash output size: " +
182	0	std::to_string(output_length()));
183	0
184	0	if(passes < 3)
185	0	throw Invalid_Argument("Tiger: Invalid number of passes: "
186	0	+ std::to_string(passes));
187	0	clear();
188	0	}
189
190		}