mirror of
https://github.com/hashcat/hashcat.git
synced 2025-01-25 23:21:05 +00:00
1267 lines
29 KiB
Common Lisp
1267 lines
29 KiB
Common Lisp
/**
|
|
* Author......: See docs/credits.txt
|
|
* License.....: MIT
|
|
*/
|
|
|
|
#include "inc_vendor.h"
|
|
#include "inc_types.h"
|
|
#include "inc_common.h"
|
|
#include "inc_hash_streebog512.h"
|
|
|
|
DECLSPEC void streebog512_init (streebog512_ctx_t *ctx, SHM_TYPE u64a (*s_sbob_sl64)[256])
|
|
{
|
|
ctx->h[0] = 0;
|
|
ctx->h[1] = 0;
|
|
ctx->h[2] = 0;
|
|
ctx->h[3] = 0;
|
|
ctx->h[4] = 0;
|
|
ctx->h[5] = 0;
|
|
ctx->h[6] = 0;
|
|
ctx->h[7] = 0;
|
|
|
|
ctx->s[0] = 0;
|
|
ctx->s[1] = 0;
|
|
ctx->s[2] = 0;
|
|
ctx->s[3] = 0;
|
|
ctx->s[4] = 0;
|
|
ctx->s[5] = 0;
|
|
ctx->s[6] = 0;
|
|
ctx->s[7] = 0;
|
|
|
|
ctx->n[0] = 0;
|
|
ctx->n[1] = 0;
|
|
ctx->n[2] = 0;
|
|
ctx->n[3] = 0;
|
|
ctx->n[4] = 0;
|
|
ctx->n[5] = 0;
|
|
ctx->n[6] = 0;
|
|
ctx->n[7] = 0;
|
|
|
|
ctx->w0[0] = 0;
|
|
ctx->w0[1] = 0;
|
|
ctx->w0[2] = 0;
|
|
ctx->w0[3] = 0;
|
|
|
|
ctx->w1[0] = 0;
|
|
ctx->w1[1] = 0;
|
|
ctx->w1[2] = 0;
|
|
ctx->w1[3] = 0;
|
|
|
|
ctx->w2[0] = 0;
|
|
ctx->w2[1] = 0;
|
|
ctx->w2[2] = 0;
|
|
ctx->w2[3] = 0;
|
|
|
|
ctx->w3[0] = 0;
|
|
ctx->w3[1] = 0;
|
|
ctx->w3[2] = 0;
|
|
ctx->w3[3] = 0;
|
|
|
|
ctx->len = 0;
|
|
|
|
ctx->s_sbob_sl64 = s_sbob_sl64;
|
|
}
|
|
|
|
DECLSPEC void streebog512_add (u64 *x, const u64 *y)
|
|
{
|
|
u64 carry = 0;
|
|
|
|
#ifdef _unroll
|
|
#pragma unroll
|
|
#endif
|
|
for (int i = 7; i >=0; i--)
|
|
{
|
|
const u64 left = hc_swap64_S (x[i]);
|
|
const u64 right = hc_swap64_S (y[i]);
|
|
const u64 sum = left + right + carry;
|
|
|
|
carry = (sum < left) ? (u64) 1 : (u64) 0;
|
|
|
|
x[i] = hc_swap64_S (sum);
|
|
}
|
|
}
|
|
|
|
DECLSPEC void streebog512_g (u64 *h, const u64 *n, const u64 *m, SHM_TYPE u64a (*s_sbob_sl64)[256])
|
|
{
|
|
u64 k[8];
|
|
u64 s[8];
|
|
u64 t[8];
|
|
|
|
#ifdef _unroll
|
|
#pragma unroll
|
|
#endif
|
|
for (int i = 0; i < 8; i++)
|
|
{
|
|
t[i] = h[i] ^ n[i];
|
|
}
|
|
|
|
for (int i = 0; i < 8; i++)
|
|
{
|
|
k[i] = SBOG_LPSti64;
|
|
}
|
|
|
|
#ifdef _unroll
|
|
#pragma unroll
|
|
#endif
|
|
for (int i = 0; i < 8; i++)
|
|
{
|
|
s[i] = m[i];
|
|
}
|
|
|
|
for (int r = 0; r < 12; r++)
|
|
{
|
|
#ifdef _unroll
|
|
#pragma unroll
|
|
#endif
|
|
for (int i = 0; i < 8; i++)
|
|
{
|
|
t[i] = s[i] ^ k[i];
|
|
}
|
|
|
|
#ifdef _unroll
|
|
#pragma unroll
|
|
#endif
|
|
for (int i = 0; i < 8; i++)
|
|
{
|
|
s[i] = SBOG_LPSti64;
|
|
}
|
|
|
|
for (int i = 0; i < 8; i++)
|
|
{
|
|
t[i] = k[i] ^ sbob_rc64[r][i];
|
|
}
|
|
|
|
#ifdef _unroll
|
|
#pragma unroll
|
|
#endif
|
|
for (int i = 0; i < 8; i++)
|
|
{
|
|
k[i] = SBOG_LPSti64;
|
|
}
|
|
}
|
|
|
|
#ifdef _unroll
|
|
#pragma unroll
|
|
#endif
|
|
for (int i = 0; i < 8; i++)
|
|
{
|
|
h[i] ^= s[i] ^ k[i] ^ m[i];
|
|
}
|
|
}
|
|
|
|
DECLSPEC void streebog512_transform (streebog512_ctx_t *ctx, const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3)
|
|
{
|
|
u64 m[8];
|
|
|
|
m[0] = hl32_to_64_S (w3[2], w3[3]);
|
|
m[1] = hl32_to_64_S (w3[0], w3[1]);
|
|
m[2] = hl32_to_64_S (w2[2], w2[3]);
|
|
m[3] = hl32_to_64_S (w2[0], w2[1]);
|
|
m[4] = hl32_to_64_S (w1[2], w1[3]);
|
|
m[5] = hl32_to_64_S (w1[0], w1[1]);
|
|
m[6] = hl32_to_64_S (w0[2], w0[3]);
|
|
m[7] = hl32_to_64_S (w0[0], w0[1]);
|
|
|
|
streebog512_g (ctx->h, ctx->n, m, ctx->s_sbob_sl64);
|
|
|
|
u64 counterbuf[8] = { 0 };
|
|
counterbuf[7] = 0x0002000000000000;
|
|
streebog512_add (ctx->n, counterbuf);
|
|
|
|
streebog512_add (ctx->s, m);
|
|
}
|
|
|
|
DECLSPEC void streebog512_update_64 (streebog512_ctx_t *ctx, u32 *w0, u32 *w1, u32 *w2, u32 *w3, const int len)
|
|
{
|
|
const int pos = ctx->len;
|
|
|
|
if ((pos + len) < 64)
|
|
{
|
|
switch_buffer_by_offset_be_S (w0, w1, w2, w3, pos);
|
|
|
|
ctx->w0[0] |= w0[0];
|
|
ctx->w0[1] |= w0[1];
|
|
ctx->w0[2] |= w0[2];
|
|
ctx->w0[3] |= w0[3];
|
|
ctx->w1[0] |= w1[0];
|
|
ctx->w1[1] |= w1[1];
|
|
ctx->w1[2] |= w1[2];
|
|
ctx->w1[3] |= w1[3];
|
|
ctx->w2[0] |= w2[0];
|
|
ctx->w2[1] |= w2[1];
|
|
ctx->w2[2] |= w2[2];
|
|
ctx->w2[3] |= w2[3];
|
|
ctx->w3[0] |= w3[0];
|
|
ctx->w3[1] |= w3[1];
|
|
ctx->w3[2] |= w3[2];
|
|
ctx->w3[3] |= w3[3];
|
|
|
|
ctx->len += len;
|
|
}
|
|
else
|
|
{
|
|
u32 c0[4] = { 0 };
|
|
u32 c1[4] = { 0 };
|
|
u32 c2[4] = { 0 };
|
|
u32 c3[4] = { 0 };
|
|
|
|
switch_buffer_by_offset_carry_be_S (w0, w1, w2, w3, c0, c1, c2, c3, pos);
|
|
|
|
ctx->w0[0] |= w0[0];
|
|
ctx->w0[1] |= w0[1];
|
|
ctx->w0[2] |= w0[2];
|
|
ctx->w0[3] |= w0[3];
|
|
ctx->w1[0] |= w1[0];
|
|
ctx->w1[1] |= w1[1];
|
|
ctx->w1[2] |= w1[2];
|
|
ctx->w1[3] |= w1[3];
|
|
ctx->w2[0] |= w2[0];
|
|
ctx->w2[1] |= w2[1];
|
|
ctx->w2[2] |= w2[2];
|
|
ctx->w2[3] |= w2[3];
|
|
ctx->w3[0] |= w3[0];
|
|
ctx->w3[1] |= w3[1];
|
|
ctx->w3[2] |= w3[2];
|
|
ctx->w3[3] |= w3[3];
|
|
|
|
streebog512_transform (ctx, ctx->w0, ctx->w1, ctx->w2, ctx->w3);
|
|
|
|
ctx->w0[0] = c0[0];
|
|
ctx->w0[1] = c0[1];
|
|
ctx->w0[2] = c0[2];
|
|
ctx->w0[3] = c0[3];
|
|
ctx->w1[0] = c1[0];
|
|
ctx->w1[1] = c1[1];
|
|
ctx->w1[2] = c1[2];
|
|
ctx->w1[3] = c1[3];
|
|
ctx->w2[0] = c2[0];
|
|
ctx->w2[1] = c2[1];
|
|
ctx->w2[2] = c2[2];
|
|
ctx->w2[3] = c2[3];
|
|
ctx->w3[0] = c3[0];
|
|
ctx->w3[1] = c3[1];
|
|
ctx->w3[2] = c3[2];
|
|
ctx->w3[3] = c3[3];
|
|
|
|
ctx->len = (pos + len) & 63;
|
|
}
|
|
}
|
|
|
|
DECLSPEC void streebog512_update (streebog512_ctx_t *ctx, const u32 *w, int len)
|
|
{
|
|
u32 w0[4];
|
|
u32 w1[4];
|
|
u32 w2[4];
|
|
u32 w3[4];
|
|
|
|
int off = 0;
|
|
|
|
while (len > 63)
|
|
{
|
|
w0[0] = w[off + 0];
|
|
w0[1] = w[off + 1];
|
|
w0[2] = w[off + 2];
|
|
w0[3] = w[off + 3];
|
|
w1[0] = w[off + 4];
|
|
w1[1] = w[off + 5];
|
|
w1[2] = w[off + 6];
|
|
w1[3] = w[off + 7];
|
|
w2[0] = w[off + 8];
|
|
w2[1] = w[off + 9];
|
|
w2[2] = w[off + 10];
|
|
w2[3] = w[off + 11];
|
|
w3[0] = w[off + 12];
|
|
w3[1] = w[off + 13];
|
|
w3[2] = w[off + 14];
|
|
w3[3] = w[off + 15];
|
|
|
|
off += 16;
|
|
len -= 64;
|
|
|
|
streebog512_update_64 (ctx, w0, w1, w2, w3, 64);
|
|
}
|
|
|
|
if (len > 0)
|
|
{
|
|
w0[0] = w[off + 0];
|
|
w0[1] = w[off + 1];
|
|
w0[2] = w[off + 2];
|
|
w0[3] = w[off + 3];
|
|
w1[0] = w[off + 4];
|
|
w1[1] = w[off + 5];
|
|
w1[2] = w[off + 6];
|
|
w1[3] = w[off + 7];
|
|
w2[0] = w[off + 8];
|
|
w2[1] = w[off + 9];
|
|
w2[2] = w[off + 10];
|
|
w2[3] = w[off + 11];
|
|
w3[0] = w[off + 12];
|
|
w3[1] = w[off + 13];
|
|
w3[2] = w[off + 14];
|
|
w3[3] = w[off + 15];
|
|
|
|
streebog512_update_64 (ctx, w0, w1, w2, w3, len);
|
|
}
|
|
}
|
|
|
|
DECLSPEC void streebog512_update_swap (streebog512_ctx_t *ctx, const u32 *w, int len)
|
|
{
|
|
u32 w0[4];
|
|
u32 w1[4];
|
|
u32 w2[4];
|
|
u32 w3[4];
|
|
|
|
int off = 0;
|
|
|
|
while (len > 63)
|
|
{
|
|
w0[0] = hc_swap32_S (w[off + 0]);
|
|
w0[1] = hc_swap32_S (w[off + 1]);
|
|
w0[2] = hc_swap32_S (w[off + 2]);
|
|
w0[3] = hc_swap32_S (w[off + 3]);
|
|
w1[0] = hc_swap32_S (w[off + 4]);
|
|
w1[1] = hc_swap32_S (w[off + 5]);
|
|
w1[2] = hc_swap32_S (w[off + 6]);
|
|
w1[3] = hc_swap32_S (w[off + 7]);
|
|
w2[0] = hc_swap32_S (w[off + 8]);
|
|
w2[1] = hc_swap32_S (w[off + 9]);
|
|
w2[2] = hc_swap32_S (w[off + 10]);
|
|
w2[3] = hc_swap32_S (w[off + 11]);
|
|
w3[0] = hc_swap32_S (w[off + 12]);
|
|
w3[1] = hc_swap32_S (w[off + 13]);
|
|
w3[2] = hc_swap32_S (w[off + 14]);
|
|
w3[3] = hc_swap32_S (w[off + 15]);
|
|
|
|
off += 16;
|
|
len -= 64;
|
|
|
|
streebog512_update_64 (ctx, w0, w1, w2, w3, 64);
|
|
}
|
|
|
|
if (len > 0)
|
|
{
|
|
w0[0] = hc_swap32_S (w[off + 0]);
|
|
w0[1] = hc_swap32_S (w[off + 1]);
|
|
w0[2] = hc_swap32_S (w[off + 2]);
|
|
w0[3] = hc_swap32_S (w[off + 3]);
|
|
w1[0] = hc_swap32_S (w[off + 4]);
|
|
w1[1] = hc_swap32_S (w[off + 5]);
|
|
w1[2] = hc_swap32_S (w[off + 6]);
|
|
w1[3] = hc_swap32_S (w[off + 7]);
|
|
w2[0] = hc_swap32_S (w[off + 8]);
|
|
w2[1] = hc_swap32_S (w[off + 9]);
|
|
w2[2] = hc_swap32_S (w[off + 10]);
|
|
w2[3] = hc_swap32_S (w[off + 11]);
|
|
w3[0] = hc_swap32_S (w[off + 12]);
|
|
w3[1] = hc_swap32_S (w[off + 13]);
|
|
w3[2] = hc_swap32_S (w[off + 14]);
|
|
w3[3] = hc_swap32_S (w[off + 15]);
|
|
|
|
streebog512_update_64 (ctx, w0, w1, w2, w3, len);
|
|
}
|
|
}
|
|
|
|
DECLSPEC void streebog512_update_global_swap (streebog512_ctx_t *ctx, const GLOBAL_AS u32 *w, int len)
|
|
{
|
|
u32 w0[4];
|
|
u32 w1[4];
|
|
u32 w2[4];
|
|
u32 w3[4];
|
|
|
|
int off = 0;
|
|
|
|
while (len > 63)
|
|
{
|
|
w0[0] = hc_swap32_S (w[off + 0]);
|
|
w0[1] = hc_swap32_S (w[off + 1]);
|
|
w0[2] = hc_swap32_S (w[off + 2]);
|
|
w0[3] = hc_swap32_S (w[off + 3]);
|
|
w1[0] = hc_swap32_S (w[off + 4]);
|
|
w1[1] = hc_swap32_S (w[off + 5]);
|
|
w1[2] = hc_swap32_S (w[off + 6]);
|
|
w1[3] = hc_swap32_S (w[off + 7]);
|
|
w2[0] = hc_swap32_S (w[off + 8]);
|
|
w2[1] = hc_swap32_S (w[off + 9]);
|
|
w2[2] = hc_swap32_S (w[off + 10]);
|
|
w2[3] = hc_swap32_S (w[off + 11]);
|
|
w3[0] = hc_swap32_S (w[off + 12]);
|
|
w3[1] = hc_swap32_S (w[off + 13]);
|
|
w3[2] = hc_swap32_S (w[off + 14]);
|
|
w3[3] = hc_swap32_S (w[off + 15]);
|
|
|
|
off += 16;
|
|
len -= 64;
|
|
|
|
streebog512_update_64 (ctx, w0, w1, w2, w3, 64);
|
|
}
|
|
|
|
if (len > 0)
|
|
{
|
|
w0[0] = hc_swap32_S (w[off + 0]);
|
|
w0[1] = hc_swap32_S (w[off + 1]);
|
|
w0[2] = hc_swap32_S (w[off + 2]);
|
|
w0[3] = hc_swap32_S (w[off + 3]);
|
|
w1[0] = hc_swap32_S (w[off + 4]);
|
|
w1[1] = hc_swap32_S (w[off + 5]);
|
|
w1[2] = hc_swap32_S (w[off + 6]);
|
|
w1[3] = hc_swap32_S (w[off + 7]);
|
|
w2[0] = hc_swap32_S (w[off + 8]);
|
|
w2[1] = hc_swap32_S (w[off + 9]);
|
|
w2[2] = hc_swap32_S (w[off + 10]);
|
|
w2[3] = hc_swap32_S (w[off + 11]);
|
|
w3[0] = hc_swap32_S (w[off + 12]);
|
|
w3[1] = hc_swap32_S (w[off + 13]);
|
|
w3[2] = hc_swap32_S (w[off + 14]);
|
|
w3[3] = hc_swap32_S (w[off + 15]);
|
|
|
|
streebog512_update_64 (ctx, w0, w1, w2, w3, len);
|
|
}
|
|
}
|
|
|
|
DECLSPEC void streebog512_final (streebog512_ctx_t *ctx)
|
|
{
|
|
const int pos = ctx->len & 63;
|
|
|
|
append_0x01_4x4_S (ctx->w0, ctx->w1, ctx->w2, ctx->w3, pos ^ 3);
|
|
|
|
u64 m[8];
|
|
|
|
m[0] = hl32_to_64_S (ctx->w3[2], ctx->w3[3]);
|
|
m[1] = hl32_to_64_S (ctx->w3[0], ctx->w3[1]);
|
|
m[2] = hl32_to_64_S (ctx->w2[2], ctx->w2[3]);
|
|
m[3] = hl32_to_64_S (ctx->w2[0], ctx->w2[1]);
|
|
m[4] = hl32_to_64_S (ctx->w1[2], ctx->w1[3]);
|
|
m[5] = hl32_to_64_S (ctx->w1[0], ctx->w1[1]);
|
|
m[6] = hl32_to_64_S (ctx->w0[2], ctx->w0[3]);
|
|
m[7] = hl32_to_64_S (ctx->w0[0], ctx->w0[1]);
|
|
|
|
streebog512_g (ctx->h, ctx->n, m, ctx->s_sbob_sl64);
|
|
|
|
u64 sizebuf[8] = { 0 };
|
|
sizebuf[7] = hc_swap64_S ((u64) (ctx->len << 3));
|
|
|
|
streebog512_add (ctx->n, sizebuf);
|
|
|
|
streebog512_add (ctx->s, m);
|
|
|
|
const u64 nullbuf[8] = { 0 };
|
|
|
|
streebog512_g (ctx->h, nullbuf, ctx->n, ctx->s_sbob_sl64);
|
|
|
|
streebog512_g (ctx->h, nullbuf, ctx->s, ctx->s_sbob_sl64);
|
|
}
|
|
|
|
DECLSPEC void streebog512_hmac_init_64 (streebog512_hmac_ctx_t *ctx, const u32 *w0, const u32 *w1, const u32 *w2, const u32 *w3, SHM_TYPE u64a (*s_sbob_sl64)[256])
|
|
{
|
|
u32 t0[4];
|
|
u32 t1[4];
|
|
u32 t2[4];
|
|
u32 t3[4];
|
|
|
|
// ipad
|
|
|
|
t0[0] = w0[0] ^ 0x36363636;
|
|
t0[1] = w0[1] ^ 0x36363636;
|
|
t0[2] = w0[2] ^ 0x36363636;
|
|
t0[3] = w0[3] ^ 0x36363636;
|
|
t1[0] = w1[0] ^ 0x36363636;
|
|
t1[1] = w1[1] ^ 0x36363636;
|
|
t1[2] = w1[2] ^ 0x36363636;
|
|
t1[3] = w1[3] ^ 0x36363636;
|
|
t2[0] = w2[0] ^ 0x36363636;
|
|
t2[1] = w2[1] ^ 0x36363636;
|
|
t2[2] = w2[2] ^ 0x36363636;
|
|
t2[3] = w2[3] ^ 0x36363636;
|
|
t3[0] = w3[0] ^ 0x36363636;
|
|
t3[1] = w3[1] ^ 0x36363636;
|
|
t3[2] = w3[2] ^ 0x36363636;
|
|
t3[3] = w3[3] ^ 0x36363636;
|
|
|
|
streebog512_init (&ctx->ipad, s_sbob_sl64);
|
|
|
|
streebog512_update_64 (&ctx->ipad, t0, t1, t2, t3, 64);
|
|
|
|
// opad
|
|
|
|
t0[0] = w0[0] ^ 0x5c5c5c5c;
|
|
t0[1] = w0[1] ^ 0x5c5c5c5c;
|
|
t0[2] = w0[2] ^ 0x5c5c5c5c;
|
|
t0[3] = w0[3] ^ 0x5c5c5c5c;
|
|
t1[0] = w1[0] ^ 0x5c5c5c5c;
|
|
t1[1] = w1[1] ^ 0x5c5c5c5c;
|
|
t1[2] = w1[2] ^ 0x5c5c5c5c;
|
|
t1[3] = w1[3] ^ 0x5c5c5c5c;
|
|
t2[0] = w2[0] ^ 0x5c5c5c5c;
|
|
t2[1] = w2[1] ^ 0x5c5c5c5c;
|
|
t2[2] = w2[2] ^ 0x5c5c5c5c;
|
|
t2[3] = w2[3] ^ 0x5c5c5c5c;
|
|
t3[0] = w3[0] ^ 0x5c5c5c5c;
|
|
t3[1] = w3[1] ^ 0x5c5c5c5c;
|
|
t3[2] = w3[2] ^ 0x5c5c5c5c;
|
|
t3[3] = w3[3] ^ 0x5c5c5c5c;
|
|
|
|
streebog512_init (&ctx->opad, s_sbob_sl64);
|
|
|
|
streebog512_update_64 (&ctx->opad, t0, t1, t2, t3, 64);
|
|
}
|
|
|
|
DECLSPEC void streebog512_hmac_init (streebog512_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u64a (*s_sbob_sl64)[256])
|
|
{
|
|
u32 w0[4];
|
|
u32 w1[4];
|
|
u32 w2[4];
|
|
u32 w3[4];
|
|
|
|
if (len > 64)
|
|
{
|
|
streebog512_ctx_t tmp;
|
|
|
|
streebog512_init (&tmp, s_sbob_sl64);
|
|
|
|
streebog512_update (&tmp, w, len);
|
|
|
|
streebog512_final (&tmp);
|
|
|
|
w0[0] = h32_from_64_S (tmp.h[7]);
|
|
w0[1] = l32_from_64_S (tmp.h[7]);
|
|
w0[2] = h32_from_64_S (tmp.h[6]);
|
|
w0[3] = l32_from_64_S (tmp.h[6]);
|
|
w1[0] = h32_from_64_S (tmp.h[5]);
|
|
w1[1] = l32_from_64_S (tmp.h[5]);
|
|
w1[2] = h32_from_64_S (tmp.h[4]);
|
|
w1[3] = l32_from_64_S (tmp.h[4]);
|
|
w2[0] = h32_from_64_S (tmp.h[3]);
|
|
w2[1] = l32_from_64_S (tmp.h[3]);
|
|
w2[2] = h32_from_64_S (tmp.h[2]);
|
|
w2[3] = l32_from_64_S (tmp.h[2]);
|
|
w3[0] = h32_from_64_S (tmp.h[1]);
|
|
w3[1] = l32_from_64_S (tmp.h[1]);
|
|
w3[2] = h32_from_64_S (tmp.h[0]);
|
|
w3[3] = l32_from_64_S (tmp.h[0]);
|
|
}
|
|
else
|
|
{
|
|
w0[0] = w[ 0];
|
|
w0[1] = w[ 1];
|
|
w0[2] = w[ 2];
|
|
w0[3] = w[ 3];
|
|
w1[0] = w[ 4];
|
|
w1[1] = w[ 5];
|
|
w1[2] = w[ 6];
|
|
w1[3] = w[ 7];
|
|
w2[0] = w[ 8];
|
|
w2[1] = w[ 9];
|
|
w2[2] = w[10];
|
|
w2[3] = w[11];
|
|
w3[0] = w[12];
|
|
w3[1] = w[13];
|
|
w3[2] = w[14];
|
|
w3[3] = w[15];
|
|
}
|
|
|
|
streebog512_hmac_init_64 (ctx, w0, w1, w2, w3, s_sbob_sl64);
|
|
}
|
|
|
|
DECLSPEC void streebog512_hmac_init_swap (streebog512_hmac_ctx_t *ctx, const u32 *w, const int len, SHM_TYPE u64a (*s_sbob_sl64)[256])
|
|
{
|
|
u32 w0[4];
|
|
u32 w1[4];
|
|
u32 w2[4];
|
|
u32 w3[4];
|
|
|
|
if (len > 64)
|
|
{
|
|
streebog512_ctx_t tmp;
|
|
|
|
streebog512_init (&tmp, s_sbob_sl64);
|
|
|
|
streebog512_update_swap (&tmp, w, len);
|
|
|
|
streebog512_final (&tmp);
|
|
|
|
w0[0] = h32_from_64_S (tmp.h[7]);
|
|
w0[1] = l32_from_64_S (tmp.h[7]);
|
|
w0[2] = h32_from_64_S (tmp.h[6]);
|
|
w0[3] = l32_from_64_S (tmp.h[6]);
|
|
w1[0] = h32_from_64_S (tmp.h[5]);
|
|
w1[1] = l32_from_64_S (tmp.h[5]);
|
|
w1[2] = h32_from_64_S (tmp.h[4]);
|
|
w1[3] = l32_from_64_S (tmp.h[4]);
|
|
w2[0] = h32_from_64_S (tmp.h[3]);
|
|
w2[1] = l32_from_64_S (tmp.h[3]);
|
|
w2[2] = h32_from_64_S (tmp.h[2]);
|
|
w2[3] = l32_from_64_S (tmp.h[2]);
|
|
w3[0] = h32_from_64_S (tmp.h[1]);
|
|
w3[1] = l32_from_64_S (tmp.h[1]);
|
|
w3[2] = h32_from_64_S (tmp.h[0]);
|
|
w3[3] = l32_from_64_S (tmp.h[0]);
|
|
}
|
|
else
|
|
{
|
|
w0[0] = hc_swap32_S (w[ 0]);
|
|
w0[1] = hc_swap32_S (w[ 1]);
|
|
w0[2] = hc_swap32_S (w[ 2]);
|
|
w0[3] = hc_swap32_S (w[ 3]);
|
|
w1[0] = hc_swap32_S (w[ 4]);
|
|
w1[1] = hc_swap32_S (w[ 5]);
|
|
w1[2] = hc_swap32_S (w[ 6]);
|
|
w1[3] = hc_swap32_S (w[ 7]);
|
|
w2[0] = hc_swap32_S (w[ 8]);
|
|
w2[1] = hc_swap32_S (w[ 9]);
|
|
w2[2] = hc_swap32_S (w[10]);
|
|
w2[3] = hc_swap32_S (w[11]);
|
|
w3[0] = hc_swap32_S (w[12]);
|
|
w3[1] = hc_swap32_S (w[13]);
|
|
w3[2] = hc_swap32_S (w[14]);
|
|
w3[3] = hc_swap32_S (w[15]);
|
|
}
|
|
|
|
streebog512_hmac_init_64 (ctx, w0, w1, w2, w3, s_sbob_sl64);
|
|
}
|
|
|
|
DECLSPEC void streebog512_hmac_update_64 (streebog512_hmac_ctx_t *ctx, u32 *w0, u32 *w1, u32 *w2, u32 *w3, const int len)
|
|
{
|
|
streebog512_update_64 (&ctx->ipad, w0, w1, w2, w3, len);
|
|
}
|
|
|
|
DECLSPEC void streebog512_hmac_update (streebog512_hmac_ctx_t *ctx, const u32 *w, const int len)
|
|
{
|
|
streebog512_update (&ctx->ipad, w, len);
|
|
}
|
|
|
|
DECLSPEC void streebog512_hmac_update_swap (streebog512_hmac_ctx_t *ctx, const u32 *w, const int len)
|
|
{
|
|
streebog512_update_swap (&ctx->ipad, w, len);
|
|
}
|
|
|
|
DECLSPEC void streebog512_hmac_update_global_swap (streebog512_hmac_ctx_t *ctx, const GLOBAL_AS u32 *w, const int len)
|
|
{
|
|
streebog512_update_global_swap (&ctx->ipad, w, len);
|
|
}
|
|
|
|
DECLSPEC void streebog512_hmac_final (streebog512_hmac_ctx_t *ctx)
|
|
{
|
|
streebog512_final (&ctx->ipad);
|
|
|
|
u32 t0[4];
|
|
u32 t1[4];
|
|
u32 t2[4];
|
|
u32 t3[4];
|
|
|
|
t0[0] = h32_from_64_S (ctx->ipad.h[7]);
|
|
t0[1] = l32_from_64_S (ctx->ipad.h[7]);
|
|
t0[2] = h32_from_64_S (ctx->ipad.h[6]);
|
|
t0[3] = l32_from_64_S (ctx->ipad.h[6]);
|
|
t1[0] = h32_from_64_S (ctx->ipad.h[5]);
|
|
t1[1] = l32_from_64_S (ctx->ipad.h[5]);
|
|
t1[2] = h32_from_64_S (ctx->ipad.h[4]);
|
|
t1[3] = l32_from_64_S (ctx->ipad.h[4]);
|
|
t2[0] = h32_from_64_S (ctx->ipad.h[3]);
|
|
t2[1] = l32_from_64_S (ctx->ipad.h[3]);
|
|
t2[2] = h32_from_64_S (ctx->ipad.h[2]);
|
|
t2[3] = l32_from_64_S (ctx->ipad.h[2]);
|
|
t3[0] = h32_from_64_S (ctx->ipad.h[1]);
|
|
t3[1] = l32_from_64_S (ctx->ipad.h[1]);
|
|
t3[2] = h32_from_64_S (ctx->ipad.h[0]);
|
|
t3[3] = l32_from_64_S (ctx->ipad.h[0]);
|
|
|
|
streebog512_update_64 (&ctx->opad, t0, t1, t2, t3, 64);
|
|
|
|
streebog512_final (&ctx->opad);
|
|
}
|
|
|
|
DECLSPEC void streebog512_init_vector (streebog512_ctx_vector_t *ctx, SHM_TYPE u64a (*s_sbob_sl64)[256])
|
|
{
|
|
ctx->h[0] = 0;
|
|
ctx->h[1] = 0;
|
|
ctx->h[2] = 0;
|
|
ctx->h[3] = 0;
|
|
ctx->h[4] = 0;
|
|
ctx->h[5] = 0;
|
|
ctx->h[6] = 0;
|
|
ctx->h[7] = 0;
|
|
|
|
ctx->s[0] = 0;
|
|
ctx->s[1] = 0;
|
|
ctx->s[2] = 0;
|
|
ctx->s[3] = 0;
|
|
ctx->s[4] = 0;
|
|
ctx->s[5] = 0;
|
|
ctx->s[6] = 0;
|
|
ctx->s[7] = 0;
|
|
|
|
ctx->n[0] = 0;
|
|
ctx->n[1] = 0;
|
|
ctx->n[2] = 0;
|
|
ctx->n[3] = 0;
|
|
ctx->n[4] = 0;
|
|
ctx->n[5] = 0;
|
|
ctx->n[6] = 0;
|
|
ctx->n[7] = 0;
|
|
|
|
ctx->w0[0] = 0;
|
|
ctx->w0[1] = 0;
|
|
ctx->w0[2] = 0;
|
|
ctx->w0[3] = 0;
|
|
|
|
ctx->w1[0] = 0;
|
|
ctx->w1[1] = 0;
|
|
ctx->w1[2] = 0;
|
|
ctx->w1[3] = 0;
|
|
|
|
ctx->w2[0] = 0;
|
|
ctx->w2[1] = 0;
|
|
ctx->w2[2] = 0;
|
|
ctx->w2[3] = 0;
|
|
|
|
ctx->w3[0] = 0;
|
|
ctx->w3[1] = 0;
|
|
ctx->w3[2] = 0;
|
|
ctx->w3[3] = 0;
|
|
|
|
ctx->len = 0;
|
|
|
|
ctx->s_sbob_sl64 = s_sbob_sl64;
|
|
}
|
|
|
|
DECLSPEC void streebog512_add_vector (u64x *x, const u64x *y)
|
|
{
|
|
u64x carry = 0;
|
|
|
|
#ifdef _unroll
|
|
#pragma unroll
|
|
#endif
|
|
for (int i = 7; i >=0; i--)
|
|
{
|
|
const u64x left = hc_swap64 (x[i]);
|
|
const u64x right = hc_swap64 (y[i]);
|
|
const u64x sum = left + right + carry;
|
|
|
|
carry = (sum < left) ? (u64x) 1 : (u64x) 0;
|
|
|
|
x[i] = hc_swap64 (sum);
|
|
}
|
|
}
|
|
|
|
DECLSPEC void streebog512_g_vector (u64x *h, const u64x *n, const u64x *m, SHM_TYPE u64a (*s_sbob_sl64)[256])
|
|
{
|
|
u64x k[8];
|
|
u64x s[8];
|
|
u64x t[8];
|
|
|
|
#ifdef _unroll
|
|
#pragma unroll
|
|
#endif
|
|
for (int i = 0; i < 8; i++)
|
|
{
|
|
t[i] = h[i] ^ n[i];
|
|
}
|
|
|
|
for (int i = 0; i < 8; i++)
|
|
{
|
|
k[i] = SBOG_LPSti64;
|
|
}
|
|
|
|
#ifdef _unroll
|
|
#pragma unroll
|
|
#endif
|
|
for (int i = 0; i < 8; i++)
|
|
{
|
|
s[i] = m[i];
|
|
}
|
|
|
|
for (int r = 0; r < 12; r++)
|
|
{
|
|
#ifdef _unroll
|
|
#pragma unroll
|
|
#endif
|
|
for (int i = 0; i < 8; i++)
|
|
{
|
|
t[i] = s[i] ^ k[i];
|
|
}
|
|
|
|
#ifdef _unroll
|
|
#pragma unroll
|
|
#endif
|
|
for (int i = 0; i < 8; i++)
|
|
{
|
|
s[i] = SBOG_LPSti64;
|
|
}
|
|
|
|
for (int i = 0; i < 8; i++)
|
|
{
|
|
t[i] = k[i] ^ sbob_rc64[r][i];
|
|
}
|
|
|
|
#ifdef _unroll
|
|
#pragma unroll
|
|
#endif
|
|
for (int i = 0; i < 8; i++)
|
|
{
|
|
k[i] = SBOG_LPSti64;
|
|
}
|
|
}
|
|
|
|
#ifdef _unroll
|
|
#pragma unroll
|
|
#endif
|
|
for (int i = 0; i < 8; i++)
|
|
{
|
|
h[i] ^= s[i] ^ k[i] ^ m[i];
|
|
}
|
|
}
|
|
|
|
DECLSPEC void streebog512_transform_vector (streebog512_ctx_vector_t *ctx, const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3)
|
|
{
|
|
u64x m[8];
|
|
|
|
m[0] = hl32_to_64 (w3[2], w3[3]);
|
|
m[1] = hl32_to_64 (w3[0], w3[1]);
|
|
m[2] = hl32_to_64 (w2[2], w2[3]);
|
|
m[3] = hl32_to_64 (w2[0], w2[1]);
|
|
m[4] = hl32_to_64 (w1[2], w1[3]);
|
|
m[5] = hl32_to_64 (w1[0], w1[1]);
|
|
m[6] = hl32_to_64 (w0[2], w0[3]);
|
|
m[7] = hl32_to_64 (w0[0], w0[1]);
|
|
|
|
streebog512_g_vector (ctx->h, ctx->n, m, ctx->s_sbob_sl64);
|
|
|
|
u64x counterbuf[8] = { 0 };
|
|
counterbuf[7] = 0x0002000000000000;
|
|
streebog512_add_vector (ctx->n, counterbuf);
|
|
|
|
streebog512_add_vector (ctx->s, m);
|
|
}
|
|
|
|
DECLSPEC void streebog512_update_vector_64 (streebog512_ctx_vector_t *ctx, u32x *w0, u32x *w1, u32x *w2, u32x *w3, const int len)
|
|
{
|
|
const int pos = ctx->len;
|
|
|
|
if ((pos + len) < 64)
|
|
{
|
|
switch_buffer_by_offset_be (w0, w1, w2, w3, pos);
|
|
|
|
ctx->w0[0] |= w0[0];
|
|
ctx->w0[1] |= w0[1];
|
|
ctx->w0[2] |= w0[2];
|
|
ctx->w0[3] |= w0[3];
|
|
ctx->w1[0] |= w1[0];
|
|
ctx->w1[1] |= w1[1];
|
|
ctx->w1[2] |= w1[2];
|
|
ctx->w1[3] |= w1[3];
|
|
ctx->w2[0] |= w2[0];
|
|
ctx->w2[1] |= w2[1];
|
|
ctx->w2[2] |= w2[2];
|
|
ctx->w2[3] |= w2[3];
|
|
ctx->w3[0] |= w3[0];
|
|
ctx->w3[1] |= w3[1];
|
|
ctx->w3[2] |= w3[2];
|
|
ctx->w3[3] |= w3[3];
|
|
|
|
ctx->len += len;
|
|
}
|
|
else
|
|
{
|
|
u32x c0[4] = { 0 };
|
|
u32x c1[4] = { 0 };
|
|
u32x c2[4] = { 0 };
|
|
u32x c3[4] = { 0 };
|
|
|
|
switch_buffer_by_offset_carry_be (w0, w1, w2, w3, c0, c1, c2, c3, pos);
|
|
|
|
ctx->w0[0] |= w0[0];
|
|
ctx->w0[1] |= w0[1];
|
|
ctx->w0[2] |= w0[2];
|
|
ctx->w0[3] |= w0[3];
|
|
ctx->w1[0] |= w1[0];
|
|
ctx->w1[1] |= w1[1];
|
|
ctx->w1[2] |= w1[2];
|
|
ctx->w1[3] |= w1[3];
|
|
ctx->w2[0] |= w2[0];
|
|
ctx->w2[1] |= w2[1];
|
|
ctx->w2[2] |= w2[2];
|
|
ctx->w2[3] |= w2[3];
|
|
ctx->w3[0] |= w3[0];
|
|
ctx->w3[1] |= w3[1];
|
|
ctx->w3[2] |= w3[2];
|
|
ctx->w3[3] |= w3[3];
|
|
|
|
streebog512_transform_vector (ctx, ctx->w0, ctx->w1, ctx->w2, ctx->w3);
|
|
|
|
ctx->w0[0] = c0[0];
|
|
ctx->w0[1] = c0[1];
|
|
ctx->w0[2] = c0[2];
|
|
ctx->w0[3] = c0[3];
|
|
ctx->w1[0] = c1[0];
|
|
ctx->w1[1] = c1[1];
|
|
ctx->w1[2] = c1[2];
|
|
ctx->w1[3] = c1[3];
|
|
ctx->w2[0] = c2[0];
|
|
ctx->w2[1] = c2[1];
|
|
ctx->w2[2] = c2[2];
|
|
ctx->w2[3] = c2[3];
|
|
ctx->w3[0] = c3[0];
|
|
ctx->w3[1] = c3[1];
|
|
ctx->w3[2] = c3[2];
|
|
ctx->w3[3] = c3[3];
|
|
|
|
ctx->len = (pos + len) & 63;
|
|
}
|
|
}
|
|
|
|
DECLSPEC void streebog512_update_vector (streebog512_ctx_vector_t *ctx, const u32x *w, int len)
|
|
{
|
|
u32x w0[4];
|
|
u32x w1[4];
|
|
u32x w2[4];
|
|
u32x w3[4];
|
|
|
|
int off = 0;
|
|
|
|
while (len > 63)
|
|
{
|
|
w0[0] = w[off + 0];
|
|
w0[1] = w[off + 1];
|
|
w0[2] = w[off + 2];
|
|
w0[3] = w[off + 3];
|
|
w1[0] = w[off + 4];
|
|
w1[1] = w[off + 5];
|
|
w1[2] = w[off + 6];
|
|
w1[3] = w[off + 7];
|
|
w2[0] = w[off + 8];
|
|
w2[1] = w[off + 9];
|
|
w2[2] = w[off + 10];
|
|
w2[3] = w[off + 11];
|
|
w3[0] = w[off + 12];
|
|
w3[1] = w[off + 13];
|
|
w3[2] = w[off + 14];
|
|
w3[3] = w[off + 15];
|
|
|
|
off += 16;
|
|
len -= 64;
|
|
|
|
streebog512_update_vector_64 (ctx, w0, w1, w2, w3, 64);
|
|
}
|
|
|
|
if (len > 0)
|
|
{
|
|
w0[0] = w[off + 0];
|
|
w0[1] = w[off + 1];
|
|
w0[2] = w[off + 2];
|
|
w0[3] = w[off + 3];
|
|
w1[0] = w[off + 4];
|
|
w1[1] = w[off + 5];
|
|
w1[2] = w[off + 6];
|
|
w1[3] = w[off + 7];
|
|
w2[0] = w[off + 8];
|
|
w2[1] = w[off + 9];
|
|
w2[2] = w[off + 10];
|
|
w2[3] = w[off + 11];
|
|
w3[0] = w[off + 12];
|
|
w3[1] = w[off + 13];
|
|
w3[2] = w[off + 14];
|
|
w3[3] = w[off + 15];
|
|
|
|
streebog512_update_vector_64 (ctx, w0, w1, w2, w3, len);
|
|
}
|
|
}
|
|
|
|
DECLSPEC void streebog512_update_vector_swap (streebog512_ctx_vector_t *ctx, const u32x *w, int len)
|
|
{
|
|
u32x w0[4];
|
|
u32x w1[4];
|
|
u32x w2[4];
|
|
u32x w3[4];
|
|
|
|
int off = 0;
|
|
|
|
while (len > 63)
|
|
{
|
|
w0[0] = hc_swap32 (w[off + 0]);
|
|
w0[1] = hc_swap32 (w[off + 1]);
|
|
w0[2] = hc_swap32 (w[off + 2]);
|
|
w0[3] = hc_swap32 (w[off + 3]);
|
|
w1[0] = hc_swap32 (w[off + 4]);
|
|
w1[1] = hc_swap32 (w[off + 5]);
|
|
w1[2] = hc_swap32 (w[off + 6]);
|
|
w1[3] = hc_swap32 (w[off + 7]);
|
|
w2[0] = hc_swap32 (w[off + 8]);
|
|
w2[1] = hc_swap32 (w[off + 9]);
|
|
w2[2] = hc_swap32 (w[off + 10]);
|
|
w2[3] = hc_swap32 (w[off + 11]);
|
|
w3[0] = hc_swap32 (w[off + 12]);
|
|
w3[1] = hc_swap32 (w[off + 13]);
|
|
w3[2] = hc_swap32 (w[off + 14]);
|
|
w3[3] = hc_swap32 (w[off + 15]);
|
|
|
|
off += 16;
|
|
len -= 64;
|
|
|
|
streebog512_update_vector_64 (ctx, w0, w1, w2, w3, 64);
|
|
}
|
|
|
|
if (len > 0)
|
|
{
|
|
w0[0] = hc_swap32 (w[off + 0]);
|
|
w0[1] = hc_swap32 (w[off + 1]);
|
|
w0[2] = hc_swap32 (w[off + 2]);
|
|
w0[3] = hc_swap32 (w[off + 3]);
|
|
w1[0] = hc_swap32 (w[off + 4]);
|
|
w1[1] = hc_swap32 (w[off + 5]);
|
|
w1[2] = hc_swap32 (w[off + 6]);
|
|
w1[3] = hc_swap32 (w[off + 7]);
|
|
w2[0] = hc_swap32 (w[off + 8]);
|
|
w2[1] = hc_swap32 (w[off + 9]);
|
|
w2[2] = hc_swap32 (w[off + 10]);
|
|
w2[3] = hc_swap32 (w[off + 11]);
|
|
w3[0] = hc_swap32 (w[off + 12]);
|
|
w3[1] = hc_swap32 (w[off + 13]);
|
|
w3[2] = hc_swap32 (w[off + 14]);
|
|
w3[3] = hc_swap32 (w[off + 15]);
|
|
|
|
streebog512_update_vector_64 (ctx, w0, w1, w2, w3, len);
|
|
}
|
|
}
|
|
|
|
DECLSPEC void streebog512_final_vector (streebog512_ctx_vector_t *ctx)
|
|
{
|
|
const int pos = ctx->len & 63;
|
|
|
|
append_0x01_4x4_VV (ctx->w0, ctx->w1, ctx->w2, ctx->w3, pos ^ 3);
|
|
|
|
u64x m[8];
|
|
|
|
m[0] = hl32_to_64 (ctx->w3[2], ctx->w3[3]);
|
|
m[1] = hl32_to_64 (ctx->w3[0], ctx->w3[1]);
|
|
m[2] = hl32_to_64 (ctx->w2[2], ctx->w2[3]);
|
|
m[3] = hl32_to_64 (ctx->w2[0], ctx->w2[1]);
|
|
m[4] = hl32_to_64 (ctx->w1[2], ctx->w1[3]);
|
|
m[5] = hl32_to_64 (ctx->w1[0], ctx->w1[1]);
|
|
m[6] = hl32_to_64 (ctx->w0[2], ctx->w0[3]);
|
|
m[7] = hl32_to_64 (ctx->w0[0], ctx->w0[1]);
|
|
|
|
streebog512_g_vector (ctx->h, ctx->n, m, ctx->s_sbob_sl64);
|
|
|
|
u64x sizebuf[8] = { 0 };
|
|
sizebuf[7] = hc_swap64 ((u64x) (ctx->len << 3));
|
|
|
|
streebog512_add_vector (ctx->n, sizebuf);
|
|
|
|
streebog512_add_vector (ctx->s, m);
|
|
|
|
const u64x nullbuf[8] = { 0 };
|
|
|
|
streebog512_g_vector (ctx->h, nullbuf, ctx->n, ctx->s_sbob_sl64);
|
|
|
|
streebog512_g_vector (ctx->h, nullbuf, ctx->s, ctx->s_sbob_sl64);
|
|
}
|
|
|
|
DECLSPEC void streebog512_hmac_init_vector_64 (streebog512_hmac_ctx_vector_t *ctx, const u32x *w0, const u32x *w1, const u32x *w2, const u32x *w3, SHM_TYPE u64a (*s_sbob_sl64)[256])
|
|
{
|
|
u32x t0[4];
|
|
u32x t1[4];
|
|
u32x t2[4];
|
|
u32x t3[4];
|
|
|
|
// ipad
|
|
|
|
t0[0] = w0[0] ^ 0x36363636;
|
|
t0[1] = w0[1] ^ 0x36363636;
|
|
t0[2] = w0[2] ^ 0x36363636;
|
|
t0[3] = w0[3] ^ 0x36363636;
|
|
t1[0] = w1[0] ^ 0x36363636;
|
|
t1[1] = w1[1] ^ 0x36363636;
|
|
t1[2] = w1[2] ^ 0x36363636;
|
|
t1[3] = w1[3] ^ 0x36363636;
|
|
t2[0] = w2[0] ^ 0x36363636;
|
|
t2[1] = w2[1] ^ 0x36363636;
|
|
t2[2] = w2[2] ^ 0x36363636;
|
|
t2[3] = w2[3] ^ 0x36363636;
|
|
t3[0] = w3[0] ^ 0x36363636;
|
|
t3[1] = w3[1] ^ 0x36363636;
|
|
t3[2] = w3[2] ^ 0x36363636;
|
|
t3[3] = w3[3] ^ 0x36363636;
|
|
|
|
streebog512_init_vector (&ctx->ipad, s_sbob_sl64);
|
|
|
|
streebog512_update_vector_64 (&ctx->ipad, t0, t1, t2, t3, 64);
|
|
|
|
// opad
|
|
|
|
t0[0] = w0[0] ^ 0x5c5c5c5c;
|
|
t0[1] = w0[1] ^ 0x5c5c5c5c;
|
|
t0[2] = w0[2] ^ 0x5c5c5c5c;
|
|
t0[3] = w0[3] ^ 0x5c5c5c5c;
|
|
t1[0] = w1[0] ^ 0x5c5c5c5c;
|
|
t1[1] = w1[1] ^ 0x5c5c5c5c;
|
|
t1[2] = w1[2] ^ 0x5c5c5c5c;
|
|
t1[3] = w1[3] ^ 0x5c5c5c5c;
|
|
t2[0] = w2[0] ^ 0x5c5c5c5c;
|
|
t2[1] = w2[1] ^ 0x5c5c5c5c;
|
|
t2[2] = w2[2] ^ 0x5c5c5c5c;
|
|
t2[3] = w2[3] ^ 0x5c5c5c5c;
|
|
t3[0] = w3[0] ^ 0x5c5c5c5c;
|
|
t3[1] = w3[1] ^ 0x5c5c5c5c;
|
|
t3[2] = w3[2] ^ 0x5c5c5c5c;
|
|
t3[3] = w3[3] ^ 0x5c5c5c5c;
|
|
|
|
streebog512_init_vector (&ctx->opad, s_sbob_sl64);
|
|
|
|
streebog512_update_vector_64 (&ctx->opad, t0, t1, t2, t3, 64);
|
|
}
|
|
|
|
DECLSPEC void streebog512_hmac_init_vector (streebog512_hmac_ctx_vector_t *ctx, const u32x *w, const int len, SHM_TYPE u64a (*s_sbob_sl64)[256])
|
|
{
|
|
u32x w0[4];
|
|
u32x w1[4];
|
|
u32x w2[4];
|
|
u32x w3[4];
|
|
|
|
if (len > 64)
|
|
{
|
|
streebog512_ctx_vector_t tmp;
|
|
|
|
streebog512_init_vector (&tmp, s_sbob_sl64);
|
|
|
|
streebog512_update_vector (&tmp, w, len);
|
|
|
|
streebog512_final_vector (&tmp);
|
|
|
|
w0[0] = h32_from_64 (tmp.h[7]);
|
|
w0[1] = l32_from_64 (tmp.h[7]);
|
|
w0[2] = h32_from_64 (tmp.h[6]);
|
|
w0[3] = l32_from_64 (tmp.h[6]);
|
|
w1[0] = h32_from_64 (tmp.h[5]);
|
|
w1[1] = l32_from_64 (tmp.h[5]);
|
|
w1[2] = h32_from_64 (tmp.h[4]);
|
|
w1[3] = l32_from_64 (tmp.h[4]);
|
|
w2[0] = h32_from_64 (tmp.h[3]);
|
|
w2[1] = l32_from_64 (tmp.h[3]);
|
|
w2[2] = h32_from_64 (tmp.h[2]);
|
|
w2[3] = l32_from_64 (tmp.h[2]);
|
|
w3[0] = h32_from_64 (tmp.h[1]);
|
|
w3[1] = l32_from_64 (tmp.h[1]);
|
|
w3[2] = h32_from_64 (tmp.h[0]);
|
|
w3[3] = l32_from_64 (tmp.h[0]);
|
|
}
|
|
else
|
|
{
|
|
w0[0] = w[ 0];
|
|
w0[1] = w[ 1];
|
|
w0[2] = w[ 2];
|
|
w0[3] = w[ 3];
|
|
w1[0] = w[ 4];
|
|
w1[1] = w[ 5];
|
|
w1[2] = w[ 6];
|
|
w1[3] = w[ 7];
|
|
w2[0] = w[ 8];
|
|
w2[1] = w[ 9];
|
|
w2[2] = w[10];
|
|
w2[3] = w[11];
|
|
w3[0] = w[12];
|
|
w3[1] = w[13];
|
|
w3[2] = w[14];
|
|
w3[3] = w[15];
|
|
}
|
|
|
|
streebog512_hmac_init_vector_64 (ctx, w0, w1, w2, w3, s_sbob_sl64);
|
|
}
|
|
|
|
DECLSPEC void streebog512_hmac_init_vector_swap (streebog512_hmac_ctx_vector_t *ctx, const u32x *w, const int len, SHM_TYPE u64a (*s_sbob_sl64)[256])
|
|
{
|
|
u32x w0[4];
|
|
u32x w1[4];
|
|
u32x w2[4];
|
|
u32x w3[4];
|
|
|
|
if (len > 64)
|
|
{
|
|
streebog512_ctx_vector_t tmp;
|
|
|
|
streebog512_init_vector (&tmp, s_sbob_sl64);
|
|
|
|
streebog512_update_vector_swap (&tmp, w, len);
|
|
|
|
streebog512_final_vector (&tmp);
|
|
|
|
w0[0] = h32_from_64 (tmp.h[7]);
|
|
w0[1] = l32_from_64 (tmp.h[7]);
|
|
w0[2] = h32_from_64 (tmp.h[6]);
|
|
w0[3] = l32_from_64 (tmp.h[6]);
|
|
w1[0] = h32_from_64 (tmp.h[5]);
|
|
w1[1] = l32_from_64 (tmp.h[5]);
|
|
w1[2] = h32_from_64 (tmp.h[4]);
|
|
w1[3] = l32_from_64 (tmp.h[4]);
|
|
w2[0] = h32_from_64 (tmp.h[3]);
|
|
w2[1] = l32_from_64 (tmp.h[3]);
|
|
w2[2] = h32_from_64 (tmp.h[2]);
|
|
w2[3] = l32_from_64 (tmp.h[2]);
|
|
w3[0] = h32_from_64 (tmp.h[1]);
|
|
w3[1] = l32_from_64 (tmp.h[1]);
|
|
w3[2] = h32_from_64 (tmp.h[0]);
|
|
w3[3] = l32_from_64 (tmp.h[0]);
|
|
}
|
|
else
|
|
{
|
|
w0[0] = hc_swap32 (w[ 0]);
|
|
w0[1] = hc_swap32 (w[ 1]);
|
|
w0[2] = hc_swap32 (w[ 2]);
|
|
w0[3] = hc_swap32 (w[ 3]);
|
|
w1[0] = hc_swap32 (w[ 4]);
|
|
w1[1] = hc_swap32 (w[ 5]);
|
|
w1[2] = hc_swap32 (w[ 6]);
|
|
w1[3] = hc_swap32 (w[ 7]);
|
|
w2[0] = hc_swap32 (w[ 8]);
|
|
w2[1] = hc_swap32 (w[ 9]);
|
|
w2[2] = hc_swap32 (w[10]);
|
|
w2[3] = hc_swap32 (w[11]);
|
|
w3[0] = hc_swap32 (w[12]);
|
|
w3[1] = hc_swap32 (w[13]);
|
|
w3[2] = hc_swap32 (w[14]);
|
|
w3[3] = hc_swap32 (w[15]);
|
|
}
|
|
|
|
streebog512_hmac_init_vector_64 (ctx, w0, w1, w2, w3, s_sbob_sl64);
|
|
}
|
|
|
|
DECLSPEC void streebog512_hmac_update_vector (streebog512_hmac_ctx_vector_t *ctx, const u32x *w, const int len)
|
|
{
|
|
streebog512_update_vector (&ctx->ipad, w, len);
|
|
}
|
|
|
|
DECLSPEC void streebog512_hmac_update_vector_swap (streebog512_hmac_ctx_vector_t *ctx, const u32x *w, const int len)
|
|
{
|
|
streebog512_update_vector_swap (&ctx->ipad, w, len);
|
|
}
|
|
|
|
DECLSPEC void streebog512_hmac_final_vector (streebog512_hmac_ctx_vector_t *ctx)
|
|
{
|
|
streebog512_final_vector (&ctx->ipad);
|
|
|
|
u32x t0[4];
|
|
u32x t1[4];
|
|
u32x t2[4];
|
|
u32x t3[4];
|
|
|
|
t0[0] = h32_from_64 (ctx->ipad.h[7]);
|
|
t0[1] = l32_from_64 (ctx->ipad.h[7]);
|
|
t0[2] = h32_from_64 (ctx->ipad.h[6]);
|
|
t0[3] = l32_from_64 (ctx->ipad.h[6]);
|
|
t1[0] = h32_from_64 (ctx->ipad.h[5]);
|
|
t1[1] = l32_from_64 (ctx->ipad.h[5]);
|
|
t1[2] = h32_from_64 (ctx->ipad.h[4]);
|
|
t1[3] = l32_from_64 (ctx->ipad.h[4]);
|
|
t2[0] = h32_from_64 (ctx->ipad.h[3]);
|
|
t2[1] = l32_from_64 (ctx->ipad.h[3]);
|
|
t2[2] = h32_from_64 (ctx->ipad.h[2]);
|
|
t2[3] = l32_from_64 (ctx->ipad.h[2]);
|
|
t3[0] = h32_from_64 (ctx->ipad.h[1]);
|
|
t3[1] = l32_from_64 (ctx->ipad.h[1]);
|
|
t3[2] = h32_from_64 (ctx->ipad.h[0]);
|
|
t3[3] = l32_from_64 (ctx->ipad.h[0]);
|
|
|
|
streebog512_update_vector_64 (&ctx->opad, t0, t1, t2, t3, 64);
|
|
|
|
streebog512_final_vector (&ctx->opad);
|
|
}
|