1 2/* 3 * haval.c: specifies the routines in the HAVAL (V.1) hashing library. 4 * 5 * HAVAL is a one-way hashing algorithm with the following 6 * collision-resistant property: 7 * It is computationally infeasible to find two or more 8 * messages that are hashed into the same fingerprint. 9 * 10 * Reference: 11 * Y. Zheng, J. Pieprzyk and J. Seberry: 12 * ``HAVAL --- a one-way hashing algorithm with variable 13 * length of output'', Advances in Cryptology --- AUSCRYPT'92, 14 * Lecture Notes in Computer Science, Vol.718, pp.83-104, 15 * Springer-Verlag, 1993. 16 * 17 * Descriptions: 18 * - haval_string: hash a string 19 * - haval_file: hash a file 20 * - haval_stdin: filter -- hash input from the stdin device 21 * - haval_hash: hash a string of specified length 22 * (Haval_hash is used in conjunction with 23 * haval_start & haval_end.) 24 * - haval_hash_block: hash a 32-word block 25 * - haval_start: initialization 26 * - haval_end: finalization 27 * 28 * Author: Yuliang Zheng 29 * School of Computing and Information Technology 30 * Monash University 31 * McMahons Road, Frankston 3199, Australia 32 * Email: yzheng@fcit.monash.edu.au 33 * URL: http://www-pscit.fcit.monash.edu.au:/~yuliang/ 34 * Voice: +61 3 9904 4196 35 * Fax : +61 3 9904 4124 36 * 37 * Date: 38 * First release: June 1993 39 * 40 * Revised: April 1996 41 * Major changes: 42 * 1. added #include <string.h> 43 * 2. deleted #include <memory.h> 44 * 3. appended 'L' to all 32-bit constants 45 * 46 * Many thanks to Ross Williams (ross@rocksoft.com) 47 * for his invaluable comments on the previous 48 * version of the code. 49 * 50 * Revised: April 1997 51 * Corrected the first byte in padding[128] 52 * (from 0x80 to 0x01). 53 * 54 * Thanks go to Paulo Barreto (pbarreto@uninet.com.br) 55 * who detected the padding error while implementing 56 * HAVAL independently. 57 * 58 * Copyright (C) 1997 by Yuliang Zheng. All rights reserved. 59 * This program may not be sold or used as inducement to sell 60 * a product without the written permission of the author. 61 */ 62 63#include <stdio.h> 64#include <string.h> 65#include "havalapp.h" 66#include "haval.h" 67 68#undef VERSION 69#define VERSION 1 /* current version number */ 70 71void haval_string _ANSI_ARGS_((char *, unsigned char *)); /* hash a string */ 72int haval_file _ANSI_ARGS_((char *, unsigned char *)); /* hash a file */ 73void haval_stdin _ANSI_ARGS_((void)); /* hash input from stdin */ 74void haval_start _ANSI_ARGS_((haval_state *)); /* initialization */ 75void haval_hash _ANSI_ARGS_((haval_state *, 76 unsigned char *, unsigned int)); /* updating routine */ 77void haval_end _ANSI_ARGS_((haval_state *, unsigned char *)); /* finalization */ 78void haval_hash_block _ANSI_ARGS_((haval_state *)); /* hash a 32-word block */ 79static void haval_tailor _ANSI_ARGS_((haval_state *)); /* folding the last output */ 80 81static unsigned char padding[128] = { /* constants for padding */ 820x01, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 83 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 84 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 85 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 86 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 87 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 88 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 89 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 90}; 91 92/* aku, Jul 8, 1997, added () to eliminate gcc warnings: 93 * "suggest parentheses around arithmetic in operand of ^" 94 * semantics not changed! 95 */ 96#define f_1(x6, x5, x4, x3, x2, x1, x0) \ 97 (((x1) & ((x0) ^ (x4))) ^ ((x2) & (x5)) ^ \ 98 ((x3) & (x6)) ^ (x0)) 99 100#define f_2(x6, x5, x4, x3, x2, x1, x0) \ 101 (((x2) & (((x1) & ~(x3)) ^ ((x4) & (x5)) ^ (x6) ^ (x0))) ^ \ 102 ((x4) & ((x1) ^ (x5))) ^ ((x3) & (x5)) ^ (x0)) 103 104#define f_3(x6, x5, x4, x3, x2, x1, x0) \ 105 (((x3) & (((x1) & (x2)) ^ (x6) ^ (x0))) ^ \ 106 ((x1) & (x4)) ^ ((x2) & (x5)) ^ (x0)) 107 108#define f_4(x6, x5, x4, x3, x2, x1, x0) \ 109 (((x4) & (((x5) & ~(x2)) ^ ((x3) & ~(x6)) ^ (x1) ^ (x6) ^ (x0))) ^ \ 110 ((x3) & (((x1) & (x2)) ^ (x5) ^ (x6))) ^ \ 111 ((x2) & (x6)) ^ (x0)) 112 113#define f_5(x6, x5, x4, x3, x2, x1, x0) \ 114 (((x0) & (((x1) & (x2) & (x3)) ^ ~(x5))) ^ \ 115 ((x1) & (x4)) ^ ((x2) & (x5)) ^ ((x3) & (x6))) 116 117/* 118 * Permutations phi_{i,j}, i=3,4,5, j=1,...,i. 119 * 120 * PASS = 3: 121 * 6 5 4 3 2 1 0 122 * | | | | | | | (replaced by) 123 * phi_{3,1}: 1 0 3 5 6 2 4 124 * phi_{3,2}: 4 2 1 0 5 3 6 125 * phi_{3,3}: 6 1 2 3 4 5 0 126 * 127 * PASS = 4: 128 * 6 5 4 3 2 1 0 129 * | | | | | | | (replaced by) 130 * phi_{4,1}: 2 6 1 4 5 3 0 131 * phi_{4,2}: 3 5 2 0 1 6 4 132 * phi_{4,3}: 1 4 3 6 0 2 5 133 * phi_{4,4}: 6 4 0 5 2 1 3 134 * 135 * PASS = 5: 136 * 6 5 4 3 2 1 0 137 * | | | | | | | (replaced by) 138 * phi_{5,1}: 3 4 1 0 5 2 6 139 * phi_{5,2}: 6 2 1 0 3 4 5 140 * phi_{5,3}: 2 6 0 4 3 1 5 141 * phi_{5,4}: 1 5 3 2 0 4 6 142 * phi_{5,5}: 2 5 0 6 4 3 1 143 */ 144 145#if PASS == 3 146#define Fphi_1(x6, x5, x4, x3, x2, x1, x0) \ 147 f_1(x1, x0, x3, x5, x6, x2, x4) 148#elif PASS == 4 149#define Fphi_1(x6, x5, x4, x3, x2, x1, x0) \ 150 f_1(x2, x6, x1, x4, x5, x3, x0) 151#else 152#define Fphi_1(x6, x5, x4, x3, x2, x1, x0) \ 153 f_1(x3, x4, x1, x0, x5, x2, x6) 154#endif 155 156#if PASS == 3 157#define Fphi_2(x6, x5, x4, x3, x2, x1, x0) \ 158 f_2(x4, x2, x1, x0, x5, x3, x6) 159#elif PASS == 4 160#define Fphi_2(x6, x5, x4, x3, x2, x1, x0) \ 161 f_2(x3, x5, x2, x0, x1, x6, x4) 162#else 163#define Fphi_2(x6, x5, x4, x3, x2, x1, x0) \ 164 f_2(x6, x2, x1, x0, x3, x4, x5) 165#endif 166 167#if PASS == 3 168#define Fphi_3(x6, x5, x4, x3, x2, x1, x0) \ 169 f_3(x6, x1, x2, x3, x4, x5, x0) 170#elif PASS == 4 171#define Fphi_3(x6, x5, x4, x3, x2, x1, x0) \ 172 f_3(x1, x4, x3, x6, x0, x2, x5) 173#else 174#define Fphi_3(x6, x5, x4, x3, x2, x1, x0) \ 175 f_3(x2, x6, x0, x4, x3, x1, x5) 176#endif 177 178#if PASS == 4 179#define Fphi_4(x6, x5, x4, x3, x2, x1, x0) \ 180 f_4(x6, x4, x0, x5, x2, x1, x3) 181#else 182#define Fphi_4(x6, x5, x4, x3, x2, x1, x0) \ 183 f_4(x1, x5, x3, x2, x0, x4, x6) 184#endif 185 186#define Fphi_5(x6, x5, x4, x3, x2, x1, x0) \ 187 f_5(x2, x5, x0, x6, x4, x3, x1) 188 189#define rotate_right(x, n) (((x) >> (n)) | ((x) << (32-(n)))) 190 191#define FF_1(x7, x6, x5, x4, x3, x2, x1, x0, w) { \ 192 register haval_word temp = Fphi_1(x6, x5, x4, x3, x2, x1, x0); \ 193 (x7) = rotate_right(temp, 7) + rotate_right((x7), 11) + (w); \ 194 } 195 196#define FF_2(x7, x6, x5, x4, x3, x2, x1, x0, w, c) { \ 197 register haval_word temp = Fphi_2(x6, x5, x4, x3, x2, x1, x0); \ 198 (x7) = rotate_right(temp, 7) + rotate_right((x7), 11) + (w) + (c); \ 199 } 200 201#define FF_3(x7, x6, x5, x4, x3, x2, x1, x0, w, c) { \ 202 register haval_word temp = Fphi_3(x6, x5, x4, x3, x2, x1, x0); \ 203 (x7) = rotate_right(temp, 7) + rotate_right((x7), 11) + (w) + (c); \ 204 } 205 206#define FF_4(x7, x6, x5, x4, x3, x2, x1, x0, w, c) { \ 207 register haval_word temp = Fphi_4(x6, x5, x4, x3, x2, x1, x0); \ 208 (x7) = rotate_right(temp, 7) + rotate_right((x7), 11) + (w) + (c); \ 209 } 210 211#define FF_5(x7, x6, x5, x4, x3, x2, x1, x0, w, c) { \ 212 register haval_word temp = Fphi_5(x6, x5, x4, x3, x2, x1, x0); \ 213 (x7) = rotate_right(temp, 7) + rotate_right((x7), 11) + (w) + (c); \ 214 } 215 216/* 217 * translate every four characters into a word. 218 * assume the number of characters is a multiple of four. 219 */ 220#define ch2uint(string, word, slen) { \ 221 unsigned char *sp = string; \ 222 haval_word *wp = word; \ 223 while (sp < (string) + (slen)) { \ 224 *wp++ = (haval_word)*sp | \ 225 ((haval_word)*(sp+1) << 8) | \ 226 ((haval_word)*(sp+2) << 16) | \ 227 ((haval_word)*(sp+3) << 24); \ 228 sp += 4; \ 229 } \ 230} 231 232/* translate each word into four characters */ 233#define uint2ch(word, string, wlen) { \ 234 haval_word *wp = word; \ 235 unsigned char *sp = string; \ 236 while (wp < (word) + (wlen)) { \ 237 *(sp++) = (unsigned char)( *wp & 0xFF); \ 238 *(sp++) = (unsigned char)((*wp >> 8) & 0xFF); \ 239 *(sp++) = (unsigned char)((*wp >> 16) & 0xFF); \ 240 *(sp++) = (unsigned char)((*wp >> 24) & 0xFF); \ 241 wp++; \ 242 } \ 243} 244 245 246/* hash a string */ 247void haval_string (string, fingerprint) 248 char *string; 249 unsigned char fingerprint[FPTLEN >> 3]; 250{ 251 haval_state state; 252 unsigned int len = strlen (string); 253 254 haval_start (&state); 255 haval_hash (&state, (unsigned char *)string, len); 256 haval_end (&state, fingerprint); 257} 258 259/* hash a file */ 260int haval_file (file_name, fingerprint) 261 char *file_name; 262 unsigned char fingerprint[FPTLEN >> 3]; 263{ 264 FILE *file; 265 haval_state state; 266 int len; 267 unsigned char buffer[1024]; 268 269 if ((file = fopen (file_name, "rb")) == NULL){ 270 return (1); /* fail */ 271 } else { 272 haval_start (&state); 273 /* aku, Jul 8, 1997, added () around assignment, as suggested by gcc -Wall */ 274 while ((len = fread (buffer, 1, 1024, file))) { 275 haval_hash (&state, buffer, len); 276 } 277 fclose (file); 278 haval_end (&state, fingerprint); 279 return (0); /* success */ 280 } 281} 282 283#ifndef __WIN32__ 284 285/* hash input from stdin */ 286void haval_stdin () 287{ 288 haval_state state; 289 int i, len; 290 unsigned char buffer[32], 291 fingerprint[FPTLEN >> 3]; 292 293 haval_start (&state); 294 /* aku, Jul 8, 1997, added () around assignment, as suggested by gcc -Wall */ 295 while ((len = fread (buffer, 1, 32, stdin))) { 296 haval_hash (&state, buffer, len); 297 } 298 haval_end (&state, fingerprint); 299 300 for (i = 0; i < FPTLEN >> 3; i++) { 301 putchar(fingerprint[i]); 302 } 303} 304 305#endif 306 307/* initialization */ 308void haval_start (state) 309 haval_state *state; 310{ 311 state->count[0] = state->count[1] = 0; /* clear count */ 312 state->fingerprint[0] = 0x243F6A88L; /* initial fingerprint */ 313 state->fingerprint[1] = 0x85A308D3L; 314 state->fingerprint[2] = 0x13198A2EL; 315 state->fingerprint[3] = 0x03707344L; 316 state->fingerprint[4] = 0xA4093822L; 317 state->fingerprint[5] = 0x299F31D0L; 318 state->fingerprint[6] = 0x082EFA98L; 319 state->fingerprint[7] = 0xEC4E6C89L; 320} 321 322/* 323 * hash a string of specified length. 324 * to be used in conjunction with haval_start and haval_end. 325 */ 326void haval_hash (state, str, str_len) 327 haval_state *state; 328 unsigned char *str; 329 unsigned int str_len; 330{ 331 unsigned int i, 332 rmd_len, 333 fill_len; 334 335 /* calculate the number of bytes in the remainder */ 336 rmd_len = (unsigned int)((state->count[0] >> 3) & 0x7F); 337 fill_len = 128 - rmd_len; 338 339 /* update the number of bits */ 340 if ((state->count[0] += (haval_word)str_len << 3) 341 < ((haval_word)str_len << 3)) { 342 state->count[1]++; 343 } 344 state->count[1] += (haval_word)str_len >> 29; 345 346#ifdef LITTLE_ENDIAN 347 348 /* hash as many blocks as possible */ 349 if (rmd_len + str_len >= 128) { 350 memcpy (((unsigned char *)state->block)+rmd_len, str, fill_len); 351 haval_hash_block (state); 352 for (i = fill_len; i + 127 < str_len; i += 128){ 353 memcpy ((unsigned char *)state->block, str+i, 128); 354 haval_hash_block (state); 355 } 356 rmd_len = 0; 357 } else { 358 i = 0; 359 } 360 memcpy (((unsigned char *)state->block)+rmd_len, str+i, str_len-i); 361 362#else 363 364 /* hash as many blocks as possible */ 365 if (rmd_len + str_len >= 128) { 366 memcpy (&state->remainder[rmd_len], str, fill_len); 367 ch2uint(state->remainder, state->block, 128); 368 haval_hash_block (state); 369 for (i = fill_len; i + 127 < str_len; i += 128){ 370 memcpy (state->remainder, str+i, 128); 371 ch2uint(state->remainder, state->block, 128); 372 haval_hash_block (state); 373 } 374 rmd_len = 0; 375 } else { 376 i = 0; 377 } 378 /* save the remaining input chars */ 379 memcpy (&state->remainder[rmd_len], str+i, str_len-i); 380 381#endif 382} 383 384/* finalization */ 385void haval_end (state, final_fpt) 386 haval_state* state; 387 unsigned char* final_fpt; 388{ 389 unsigned char tail[10]; 390 unsigned int rmd_len, pad_len; 391 392 /* 393 * save the version number, the number of passes, the fingerprint 394 * length and the number of bits in the unpadded message. 395 */ 396 tail[0] = (unsigned char)(((FPTLEN & 0x3) << 6) | 397 ((PASS & 0x7) << 3) | 398 (VERSION & 0x7)); 399 tail[1] = (unsigned char)((FPTLEN >> 2) & 0xFF); 400 uint2ch (state->count, &tail[2], 2); 401 402 /* pad out to 118 mod 128 */ 403 rmd_len = (unsigned int)((state->count[0] >> 3) & 0x7f); 404 pad_len = (rmd_len < 118) ? (118 - rmd_len) : (246 - rmd_len); 405 haval_hash (state, padding, pad_len); 406 407 /* 408 * append the version number, the number of passes, 409 * the fingerprint length and the number of bits 410 */ 411 haval_hash (state, tail, 10); 412 413 /* tailor the last output */ 414 haval_tailor(state); 415 416 /* translate and save the final fingerprint */ 417 uint2ch (state->fingerprint, final_fpt, FPTLEN >> 5); 418 419 /* clear the state information */ 420 memset ((unsigned char *)state, 0, sizeof (*state)); 421} 422 423/* hash a 32-word block */ 424void haval_hash_block (state) 425 haval_state *state; 426{ 427 register haval_word t0 = state->fingerprint[0], /* make use of */ 428 t1 = state->fingerprint[1], /* internal registers */ 429 t2 = state->fingerprint[2], 430 t3 = state->fingerprint[3], 431 t4 = state->fingerprint[4], 432 t5 = state->fingerprint[5], 433 t6 = state->fingerprint[6], 434 t7 = state->fingerprint[7], 435 *w = state->block; 436 437 /* Pass 1 */ 438 FF_1(t7, t6, t5, t4, t3, t2, t1, t0, *(w )); 439 FF_1(t6, t5, t4, t3, t2, t1, t0, t7, *(w+ 1)); 440 FF_1(t5, t4, t3, t2, t1, t0, t7, t6, *(w+ 2)); 441 FF_1(t4, t3, t2, t1, t0, t7, t6, t5, *(w+ 3)); 442 FF_1(t3, t2, t1, t0, t7, t6, t5, t4, *(w+ 4)); 443 FF_1(t2, t1, t0, t7, t6, t5, t4, t3, *(w+ 5)); 444 FF_1(t1, t0, t7, t6, t5, t4, t3, t2, *(w+ 6)); 445 FF_1(t0, t7, t6, t5, t4, t3, t2, t1, *(w+ 7)); 446 447 FF_1(t7, t6, t5, t4, t3, t2, t1, t0, *(w+ 8)); 448 FF_1(t6, t5, t4, t3, t2, t1, t0, t7, *(w+ 9)); 449 FF_1(t5, t4, t3, t2, t1, t0, t7, t6, *(w+10)); 450 FF_1(t4, t3, t2, t1, t0, t7, t6, t5, *(w+11)); 451 FF_1(t3, t2, t1, t0, t7, t6, t5, t4, *(w+12)); 452 FF_1(t2, t1, t0, t7, t6, t5, t4, t3, *(w+13)); 453 FF_1(t1, t0, t7, t6, t5, t4, t3, t2, *(w+14)); 454 FF_1(t0, t7, t6, t5, t4, t3, t2, t1, *(w+15)); 455 456 FF_1(t7, t6, t5, t4, t3, t2, t1, t0, *(w+16)); 457 FF_1(t6, t5, t4, t3, t2, t1, t0, t7, *(w+17)); 458 FF_1(t5, t4, t3, t2, t1, t0, t7, t6, *(w+18)); 459 FF_1(t4, t3, t2, t1, t0, t7, t6, t5, *(w+19)); 460 FF_1(t3, t2, t1, t0, t7, t6, t5, t4, *(w+20)); 461 FF_1(t2, t1, t0, t7, t6, t5, t4, t3, *(w+21)); 462 FF_1(t1, t0, t7, t6, t5, t4, t3, t2, *(w+22)); 463 FF_1(t0, t7, t6, t5, t4, t3, t2, t1, *(w+23)); 464 465 FF_1(t7, t6, t5, t4, t3, t2, t1, t0, *(w+24)); 466 FF_1(t6, t5, t4, t3, t2, t1, t0, t7, *(w+25)); 467 FF_1(t5, t4, t3, t2, t1, t0, t7, t6, *(w+26)); 468 FF_1(t4, t3, t2, t1, t0, t7, t6, t5, *(w+27)); 469 FF_1(t3, t2, t1, t0, t7, t6, t5, t4, *(w+28)); 470 FF_1(t2, t1, t0, t7, t6, t5, t4, t3, *(w+29)); 471 FF_1(t1, t0, t7, t6, t5, t4, t3, t2, *(w+30)); 472 FF_1(t0, t7, t6, t5, t4, t3, t2, t1, *(w+31)); 473 474 /* Pass 2 */ 475 FF_2(t7, t6, t5, t4, t3, t2, t1, t0, *(w+ 5), 0x452821E6L); 476 FF_2(t6, t5, t4, t3, t2, t1, t0, t7, *(w+14), 0x38D01377L); 477 FF_2(t5, t4, t3, t2, t1, t0, t7, t6, *(w+26), 0xBE5466CFL); 478 FF_2(t4, t3, t2, t1, t0, t7, t6, t5, *(w+18), 0x34E90C6CL); 479 FF_2(t3, t2, t1, t0, t7, t6, t5, t4, *(w+11), 0xC0AC29B7L); 480 FF_2(t2, t1, t0, t7, t6, t5, t4, t3, *(w+28), 0xC97C50DDL); 481 FF_2(t1, t0, t7, t6, t5, t4, t3, t2, *(w+ 7), 0x3F84D5B5L); 482 FF_2(t0, t7, t6, t5, t4, t3, t2, t1, *(w+16), 0xB5470917L); 483 484 FF_2(t7, t6, t5, t4, t3, t2, t1, t0, *(w ), 0x9216D5D9L); 485 FF_2(t6, t5, t4, t3, t2, t1, t0, t7, *(w+23), 0x8979FB1BL); 486 FF_2(t5, t4, t3, t2, t1, t0, t7, t6, *(w+20), 0xD1310BA6L); 487 FF_2(t4, t3, t2, t1, t0, t7, t6, t5, *(w+22), 0x98DFB5ACL); 488 FF_2(t3, t2, t1, t0, t7, t6, t5, t4, *(w+ 1), 0x2FFD72DBL); 489 FF_2(t2, t1, t0, t7, t6, t5, t4, t3, *(w+10), 0xD01ADFB7L); 490 FF_2(t1, t0, t7, t6, t5, t4, t3, t2, *(w+ 4), 0xB8E1AFEDL); 491 FF_2(t0, t7, t6, t5, t4, t3, t2, t1, *(w+ 8), 0x6A267E96L); 492 493 FF_2(t7, t6, t5, t4, t3, t2, t1, t0, *(w+30), 0xBA7C9045L); 494 FF_2(t6, t5, t4, t3, t2, t1, t0, t7, *(w+ 3), 0xF12C7F99L); 495 FF_2(t5, t4, t3, t2, t1, t0, t7, t6, *(w+21), 0x24A19947L); 496 FF_2(t4, t3, t2, t1, t0, t7, t6, t5, *(w+ 9), 0xB3916CF7L); 497 FF_2(t3, t2, t1, t0, t7, t6, t5, t4, *(w+17), 0x0801F2E2L); 498 FF_2(t2, t1, t0, t7, t6, t5, t4, t3, *(w+24), 0x858EFC16L); 499 FF_2(t1, t0, t7, t6, t5, t4, t3, t2, *(w+29), 0x636920D8L); 500 FF_2(t0, t7, t6, t5, t4, t3, t2, t1, *(w+ 6), 0x71574E69L); 501 502 FF_2(t7, t6, t5, t4, t3, t2, t1, t0, *(w+19), 0xA458FEA3L); 503 FF_2(t6, t5, t4, t3, t2, t1, t0, t7, *(w+12), 0xF4933D7EL); 504 FF_2(t5, t4, t3, t2, t1, t0, t7, t6, *(w+15), 0x0D95748FL); 505 FF_2(t4, t3, t2, t1, t0, t7, t6, t5, *(w+13), 0x728EB658L); 506 FF_2(t3, t2, t1, t0, t7, t6, t5, t4, *(w+ 2), 0x718BCD58L); 507 FF_2(t2, t1, t0, t7, t6, t5, t4, t3, *(w+25), 0x82154AEEL); 508 FF_2(t1, t0, t7, t6, t5, t4, t3, t2, *(w+31), 0x7B54A41DL); 509 FF_2(t0, t7, t6, t5, t4, t3, t2, t1, *(w+27), 0xC25A59B5L); 510 511 /* Pass 3 */ 512 FF_3(t7, t6, t5, t4, t3, t2, t1, t0, *(w+19), 0x9C30D539L); 513 FF_3(t6, t5, t4, t3, t2, t1, t0, t7, *(w+ 9), 0x2AF26013L); 514 FF_3(t5, t4, t3, t2, t1, t0, t7, t6, *(w+ 4), 0xC5D1B023L); 515 FF_3(t4, t3, t2, t1, t0, t7, t6, t5, *(w+20), 0x286085F0L); 516 FF_3(t3, t2, t1, t0, t7, t6, t5, t4, *(w+28), 0xCA417918L); 517 FF_3(t2, t1, t0, t7, t6, t5, t4, t3, *(w+17), 0xB8DB38EFL); 518 FF_3(t1, t0, t7, t6, t5, t4, t3, t2, *(w+ 8), 0x8E79DCB0L); 519 FF_3(t0, t7, t6, t5, t4, t3, t2, t1, *(w+22), 0x603A180EL); 520 521 FF_3(t7, t6, t5, t4, t3, t2, t1, t0, *(w+29), 0x6C9E0E8BL); 522 FF_3(t6, t5, t4, t3, t2, t1, t0, t7, *(w+14), 0xB01E8A3EL); 523 FF_3(t5, t4, t3, t2, t1, t0, t7, t6, *(w+25), 0xD71577C1L); 524 FF_3(t4, t3, t2, t1, t0, t7, t6, t5, *(w+12), 0xBD314B27L); 525 FF_3(t3, t2, t1, t0, t7, t6, t5, t4, *(w+24), 0x78AF2FDAL); 526 FF_3(t2, t1, t0, t7, t6, t5, t4, t3, *(w+30), 0x55605C60L); 527 FF_3(t1, t0, t7, t6, t5, t4, t3, t2, *(w+16), 0xE65525F3L); 528 FF_3(t0, t7, t6, t5, t4, t3, t2, t1, *(w+26), 0xAA55AB94L); 529 530 FF_3(t7, t6, t5, t4, t3, t2, t1, t0, *(w+31), 0x57489862L); 531 FF_3(t6, t5, t4, t3, t2, t1, t0, t7, *(w+15), 0x63E81440L); 532 FF_3(t5, t4, t3, t2, t1, t0, t7, t6, *(w+ 7), 0x55CA396AL); 533 FF_3(t4, t3, t2, t1, t0, t7, t6, t5, *(w+ 3), 0x2AAB10B6L); 534 FF_3(t3, t2, t1, t0, t7, t6, t5, t4, *(w+ 1), 0xB4CC5C34L); 535 FF_3(t2, t1, t0, t7, t6, t5, t4, t3, *(w ), 0x1141E8CEL); 536 FF_3(t1, t0, t7, t6, t5, t4, t3, t2, *(w+18), 0xA15486AFL); 537 FF_3(t0, t7, t6, t5, t4, t3, t2, t1, *(w+27), 0x7C72E993L); 538 539 FF_3(t7, t6, t5, t4, t3, t2, t1, t0, *(w+13), 0xB3EE1411L); 540 FF_3(t6, t5, t4, t3, t2, t1, t0, t7, *(w+ 6), 0x636FBC2AL); 541 FF_3(t5, t4, t3, t2, t1, t0, t7, t6, *(w+21), 0x2BA9C55DL); 542 FF_3(t4, t3, t2, t1, t0, t7, t6, t5, *(w+10), 0x741831F6L); 543 FF_3(t3, t2, t1, t0, t7, t6, t5, t4, *(w+23), 0xCE5C3E16L); 544 FF_3(t2, t1, t0, t7, t6, t5, t4, t3, *(w+11), 0x9B87931EL); 545 FF_3(t1, t0, t7, t6, t5, t4, t3, t2, *(w+ 5), 0xAFD6BA33L); 546 FF_3(t0, t7, t6, t5, t4, t3, t2, t1, *(w+ 2), 0x6C24CF5CL); 547 548#if PASS >= 4 549 /* Pass 4. executed only when PASS =4 or 5 */ 550 FF_4(t7, t6, t5, t4, t3, t2, t1, t0, *(w+24), 0x7A325381L); 551 FF_4(t6, t5, t4, t3, t2, t1, t0, t7, *(w+ 4), 0x28958677L); 552 FF_4(t5, t4, t3, t2, t1, t0, t7, t6, *(w ), 0x3B8F4898L); 553 FF_4(t4, t3, t2, t1, t0, t7, t6, t5, *(w+14), 0x6B4BB9AFL); 554 FF_4(t3, t2, t1, t0, t7, t6, t5, t4, *(w+ 2), 0xC4BFE81BL); 555 FF_4(t2, t1, t0, t7, t6, t5, t4, t3, *(w+ 7), 0x66282193L); 556 FF_4(t1, t0, t7, t6, t5, t4, t3, t2, *(w+28), 0x61D809CCL); 557 FF_4(t0, t7, t6, t5, t4, t3, t2, t1, *(w+23), 0xFB21A991L); 558 559 FF_4(t7, t6, t5, t4, t3, t2, t1, t0, *(w+26), 0x487CAC60L); 560 FF_4(t6, t5, t4, t3, t2, t1, t0, t7, *(w+ 6), 0x5DEC8032L); 561 FF_4(t5, t4, t3, t2, t1, t0, t7, t6, *(w+30), 0xEF845D5DL); 562 FF_4(t4, t3, t2, t1, t0, t7, t6, t5, *(w+20), 0xE98575B1L); 563 FF_4(t3, t2, t1, t0, t7, t6, t5, t4, *(w+18), 0xDC262302L); 564 FF_4(t2, t1, t0, t7, t6, t5, t4, t3, *(w+25), 0xEB651B88L); 565 FF_4(t1, t0, t7, t6, t5, t4, t3, t2, *(w+19), 0x23893E81L); 566 FF_4(t0, t7, t6, t5, t4, t3, t2, t1, *(w+ 3), 0xD396ACC5L); 567 568 FF_4(t7, t6, t5, t4, t3, t2, t1, t0, *(w+22), 0x0F6D6FF3L); 569 FF_4(t6, t5, t4, t3, t2, t1, t0, t7, *(w+11), 0x83F44239L); 570 FF_4(t5, t4, t3, t2, t1, t0, t7, t6, *(w+31), 0x2E0B4482L); 571 FF_4(t4, t3, t2, t1, t0, t7, t6, t5, *(w+21), 0xA4842004L); 572 FF_4(t3, t2, t1, t0, t7, t6, t5, t4, *(w+ 8), 0x69C8F04AL); 573 FF_4(t2, t1, t0, t7, t6, t5, t4, t3, *(w+27), 0x9E1F9B5EL); 574 FF_4(t1, t0, t7, t6, t5, t4, t3, t2, *(w+12), 0x21C66842L); 575 FF_4(t0, t7, t6, t5, t4, t3, t2, t1, *(w+ 9), 0xF6E96C9AL); 576 577 FF_4(t7, t6, t5, t4, t3, t2, t1, t0, *(w+ 1), 0x670C9C61L); 578 FF_4(t6, t5, t4, t3, t2, t1, t0, t7, *(w+29), 0xABD388F0L); 579 FF_4(t5, t4, t3, t2, t1, t0, t7, t6, *(w+ 5), 0x6A51A0D2L); 580 FF_4(t4, t3, t2, t1, t0, t7, t6, t5, *(w+15), 0xD8542F68L); 581 FF_4(t3, t2, t1, t0, t7, t6, t5, t4, *(w+17), 0x960FA728L); 582 FF_4(t2, t1, t0, t7, t6, t5, t4, t3, *(w+10), 0xAB5133A3L); 583 FF_4(t1, t0, t7, t6, t5, t4, t3, t2, *(w+16), 0x6EEF0B6CL); 584 FF_4(t0, t7, t6, t5, t4, t3, t2, t1, *(w+13), 0x137A3BE4L); 585#endif 586 587#if PASS == 5 588 /* Pass 5. executed only when PASS = 5 */ 589 FF_5(t7, t6, t5, t4, t3, t2, t1, t0, *(w+27), 0xBA3BF050L); 590 FF_5(t6, t5, t4, t3, t2, t1, t0, t7, *(w+ 3), 0x7EFB2A98L); 591 FF_5(t5, t4, t3, t2, t1, t0, t7, t6, *(w+21), 0xA1F1651DL); 592 FF_5(t4, t3, t2, t1, t0, t7, t6, t5, *(w+26), 0x39AF0176L); 593 FF_5(t3, t2, t1, t0, t7, t6, t5, t4, *(w+17), 0x66CA593EL); 594 FF_5(t2, t1, t0, t7, t6, t5, t4, t3, *(w+11), 0x82430E88L); 595 FF_5(t1, t0, t7, t6, t5, t4, t3, t2, *(w+20), 0x8CEE8619L); 596 FF_5(t0, t7, t6, t5, t4, t3, t2, t1, *(w+29), 0x456F9FB4L); 597 598 FF_5(t7, t6, t5, t4, t3, t2, t1, t0, *(w+19), 0x7D84A5C3L); 599 FF_5(t6, t5, t4, t3, t2, t1, t0, t7, *(w ), 0x3B8B5EBEL); 600 FF_5(t5, t4, t3, t2, t1, t0, t7, t6, *(w+12), 0xE06F75D8L); 601 FF_5(t4, t3, t2, t1, t0, t7, t6, t5, *(w+ 7), 0x85C12073L); 602 FF_5(t3, t2, t1, t0, t7, t6, t5, t4, *(w+13), 0x401A449FL); 603 FF_5(t2, t1, t0, t7, t6, t5, t4, t3, *(w+ 8), 0x56C16AA6L); 604 FF_5(t1, t0, t7, t6, t5, t4, t3, t2, *(w+31), 0x4ED3AA62L); 605 FF_5(t0, t7, t6, t5, t4, t3, t2, t1, *(w+10), 0x363F7706L); 606 607 FF_5(t7, t6, t5, t4, t3, t2, t1, t0, *(w+ 5), 0x1BFEDF72L); 608 FF_5(t6, t5, t4, t3, t2, t1, t0, t7, *(w+ 9), 0x429B023DL); 609 FF_5(t5, t4, t3, t2, t1, t0, t7, t6, *(w+14), 0x37D0D724L); 610 FF_5(t4, t3, t2, t1, t0, t7, t6, t5, *(w+30), 0xD00A1248L); 611 FF_5(t3, t2, t1, t0, t7, t6, t5, t4, *(w+18), 0xDB0FEAD3L); 612 FF_5(t2, t1, t0, t7, t6, t5, t4, t3, *(w+ 6), 0x49F1C09BL); 613 FF_5(t1, t0, t7, t6, t5, t4, t3, t2, *(w+28), 0x075372C9L); 614 FF_5(t0, t7, t6, t5, t4, t3, t2, t1, *(w+24), 0x80991B7BL); 615 616 FF_5(t7, t6, t5, t4, t3, t2, t1, t0, *(w+ 2), 0x25D479D8L); 617 FF_5(t6, t5, t4, t3, t2, t1, t0, t7, *(w+23), 0xF6E8DEF7L); 618 FF_5(t5, t4, t3, t2, t1, t0, t7, t6, *(w+16), 0xE3FE501AL); 619 FF_5(t4, t3, t2, t1, t0, t7, t6, t5, *(w+22), 0xB6794C3BL); 620 FF_5(t3, t2, t1, t0, t7, t6, t5, t4, *(w+ 4), 0x976CE0BDL); 621 FF_5(t2, t1, t0, t7, t6, t5, t4, t3, *(w+ 1), 0x04C006BAL); 622 FF_5(t1, t0, t7, t6, t5, t4, t3, t2, *(w+25), 0xC1A94FB6L); 623 FF_5(t0, t7, t6, t5, t4, t3, t2, t1, *(w+15), 0x409F60C4L); 624#endif 625 626 state->fingerprint[0] += t0; 627 state->fingerprint[1] += t1; 628 state->fingerprint[2] += t2; 629 state->fingerprint[3] += t3; 630 state->fingerprint[4] += t4; 631 state->fingerprint[5] += t5; 632 state->fingerprint[6] += t6; 633 state->fingerprint[7] += t7; 634} 635 636/* tailor the last output */ 637static void haval_tailor (state) 638 haval_state *state; 639{ 640#if (FPTLEN != 224) && (FPTLEN != 256) /* aku, Jul 8, 1997, define temp only if necessary */ 641 haval_word temp; 642#endif 643 644#if FPTLEN == 128 645 temp = (state->fingerprint[7] & 0x000000FFL) | 646 (state->fingerprint[6] & 0xFF000000L) | 647 (state->fingerprint[5] & 0x00FF0000L) | 648 (state->fingerprint[4] & 0x0000FF00L); 649 state->fingerprint[0] += rotate_right(temp, 8); 650 651 temp = (state->fingerprint[7] & 0x0000FF00L) | 652 (state->fingerprint[6] & 0x000000FFL) | 653 (state->fingerprint[5] & 0xFF000000L) | 654 (state->fingerprint[4] & 0x00FF0000L); 655 state->fingerprint[1] += rotate_right(temp, 16); 656 657 temp = (state->fingerprint[7] & 0x00FF0000L) | 658 (state->fingerprint[6] & 0x0000FF00L) | 659 (state->fingerprint[5] & 0x000000FFL) | 660 (state->fingerprint[4] & 0xFF000000L); 661 state->fingerprint[2] += rotate_right(temp, 24); 662 663 temp = (state->fingerprint[7] & 0xFF000000L) | 664 (state->fingerprint[6] & 0x00FF0000L) | 665 (state->fingerprint[5] & 0x0000FF00L) | 666 (state->fingerprint[4] & 0x000000FFL); 667 state->fingerprint[3] += temp; 668 669#elif FPTLEN == 160 670 temp = (state->fingerprint[7] & (haval_word)0x3F) | 671 (state->fingerprint[6] & ((haval_word)0x7F << 25)) | 672 (state->fingerprint[5] & ((haval_word)0x3F << 19)); 673 state->fingerprint[0] += rotate_right(temp, 19); 674 675 temp = (state->fingerprint[7] & ((haval_word)0x3F << 6)) | 676 (state->fingerprint[6] & (haval_word)0x3F) | 677 (state->fingerprint[5] & ((haval_word)0x7F << 25)); 678 state->fingerprint[1] += rotate_right(temp, 25); 679 680 temp = (state->fingerprint[7] & ((haval_word)0x7F << 12)) | 681 (state->fingerprint[6] & ((haval_word)0x3F << 6)) | 682 (state->fingerprint[5] & (haval_word)0x3F); 683 state->fingerprint[2] += temp; 684 685 temp = (state->fingerprint[7] & ((haval_word)0x3F << 19)) | 686 (state->fingerprint[6] & ((haval_word)0x7F << 12)) | 687 (state->fingerprint[5] & ((haval_word)0x3F << 6)); 688 state->fingerprint[3] += temp >> 6; 689 690 temp = (state->fingerprint[7] & ((haval_word)0x7F << 25)) | 691 (state->fingerprint[6] & ((haval_word)0x3F << 19)) | 692 (state->fingerprint[5] & ((haval_word)0x7F << 12)); 693 state->fingerprint[4] += temp >> 12; 694 695#elif FPTLEN == 192 696 temp = (state->fingerprint[7] & (haval_word)0x1F) | 697 (state->fingerprint[6] & ((haval_word)0x3F << 26)); 698 state->fingerprint[0] += rotate_right(temp, 26); 699 700 temp = (state->fingerprint[7] & ((haval_word)0x1F << 5)) | 701 (state->fingerprint[6] & (haval_word)0x1F); 702 state->fingerprint[1] += temp; 703 704 temp = (state->fingerprint[7] & ((haval_word)0x3F << 10)) | 705 (state->fingerprint[6] & ((haval_word)0x1F << 5)); 706 state->fingerprint[2] += temp >> 5; 707 708 temp = (state->fingerprint[7] & ((haval_word)0x1F << 16)) | 709 (state->fingerprint[6] & ((haval_word)0x3F << 10)); 710 state->fingerprint[3] += temp >> 10; 711 712 temp = (state->fingerprint[7] & ((haval_word)0x1F << 21)) | 713 (state->fingerprint[6] & ((haval_word)0x1F << 16)); 714 state->fingerprint[4] += temp >> 16; 715 716 temp = (state->fingerprint[7] & ((haval_word)0x3F << 26)) | 717 (state->fingerprint[6] & ((haval_word)0x1F << 21)); 718 state->fingerprint[5] += temp >> 21; 719 720#elif FPTLEN == 224 721 state->fingerprint[0] += (state->fingerprint[7] >> 27) & 0x1F; 722 state->fingerprint[1] += (state->fingerprint[7] >> 22) & 0x1F; 723 state->fingerprint[2] += (state->fingerprint[7] >> 18) & 0x0F; 724 state->fingerprint[3] += (state->fingerprint[7] >> 13) & 0x1F; 725 state->fingerprint[4] += (state->fingerprint[7] >> 9) & 0x0F; 726 state->fingerprint[5] += (state->fingerprint[7] >> 4) & 0x1F; 727 state->fingerprint[6] += state->fingerprint[7] & 0x0F; 728#endif 729} 730 731