1 // panama.h - originally written and placed in the public domain by Wei Dai
2
3 /// \file panama.h
4 /// \brief Classes for Panama hash and stream cipher
5
6 #ifndef CRYPTOPP_PANAMA_H
7 #define CRYPTOPP_PANAMA_H
8
9 #include "strciphr.h"
10 #include "iterhash.h"
11 #include "secblock.h"
12
13 // Clang 3.3 integrated assembler crash on Linux. Clang 3.4 due to compiler error with .intel_syntax
14 //#if CRYPTOPP_BOOL_X32 || defined(CRYPTOPP_DISABLE_MIXED_ASM)
15 //# define CRYPTOPP_DISABLE_PANAMA_ASM
16 //#endif
17
18 // https://github.com/weidai11/cryptopp/issues/758
19 #define CRYPTOPP_DISABLE_PANAMA_ASM 1
20
NAMESPACE_BEGIN(CryptoPP)21 NAMESPACE_BEGIN(CryptoPP)
22
23 // Base class, do not use directly
24 template <class B>
25 class CRYPTOPP_NO_VTABLE Panama
26 {
27 public:
28 virtual ~Panama() {}
29 std::string AlgorithmProvider() const;
30 void Reset();
31 void Iterate(size_t count, const word32 *p=NULLPTR, byte *output=NULLPTR, const byte *input=NULLPTR, KeystreamOperation operation=WRITE_KEYSTREAM);
32
33 protected:
34 typedef word32 Stage[8];
35 CRYPTOPP_CONSTANT(STAGES = 32);
36
37 FixedSizeAlignedSecBlock<word32, 20 + 8*32> m_state;
38 };
39
40 namespace Weak {
41 /// \brief Panama hash
42 /// \sa <a href="http://www.weidai.com/scan-mirror/md.html#Panama">Panama Hash</a>
43 template <class B = LittleEndian>
44 class PanamaHash : protected Panama<B>, public AlgorithmImpl<IteratedHash<word32, NativeByteOrder, 32>, PanamaHash<B> >
45 {
46 public:
47 CRYPTOPP_CONSTANT(DIGESTSIZE = 32);
~PanamaHash()48 virtual ~PanamaHash() {}
PanamaHash()49 PanamaHash() {Panama<B>::Reset();}
DigestSize()50 unsigned int DigestSize() const {return DIGESTSIZE;}
51 void TruncatedFinal(byte *hash, size_t size);
StaticAlgorithmName()52 CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return B::ToEnum() == BIG_ENDIAN_ORDER ? "Panama-BE" : "Panama-LE";}
AlgorithmProvider()53 std::string AlgorithmProvider() const {return Panama<B>::AlgorithmProvider();} // Fix https://github.com/weidai11/cryptopp/issues/801
54
55 protected:
Init()56 void Init() {Panama<B>::Reset();}
HashEndianCorrectedBlock(const word32 * data)57 void HashEndianCorrectedBlock(const word32 *data) {this->Iterate(1, data);} // push
58 size_t HashMultipleBlocks(const word32 *input, size_t length);
StateBuf()59 word32* StateBuf() {return NULLPTR;}
60
61 FixedSizeSecBlock<word32, 8> m_buf;
62 };
63 }
64
65 /// \brief MAC construction using a hermetic hash function
66 template <class T_Hash, class T_Info = T_Hash>
67 class HermeticHashFunctionMAC : public AlgorithmImpl<SimpleKeyingInterfaceImpl<TwoBases<MessageAuthenticationCode, VariableKeyLength<32, 0, INT_MAX> > >, T_Info>
68 {
69 public:
UncheckedSetKey(const byte * key,unsigned int length,const NameValuePairs & params)70 void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms)
71 {
72 CRYPTOPP_UNUSED(params);
73
74 m_key.Assign(key, length);
75 Restart();
76 }
77
Restart()78 void Restart()
79 {
80 m_hash.Restart();
81 m_keyed = false;
82 }
83
Update(const byte * input,size_t length)84 void Update(const byte *input, size_t length)
85 {
86 if (!m_keyed)
87 KeyHash();
88 m_hash.Update(input, length);
89 }
90
TruncatedFinal(byte * digest,size_t digestSize)91 void TruncatedFinal(byte *digest, size_t digestSize)
92 {
93 if (!m_keyed)
94 KeyHash();
95 m_hash.TruncatedFinal(digest, digestSize);
96 m_keyed = false;
97 }
98
DigestSize()99 unsigned int DigestSize() const
100 {return m_hash.DigestSize();}
BlockSize()101 unsigned int BlockSize() const
102 {return m_hash.BlockSize();}
OptimalBlockSize()103 unsigned int OptimalBlockSize() const
104 {return m_hash.OptimalBlockSize();}
OptimalDataAlignment()105 unsigned int OptimalDataAlignment() const
106 {return m_hash.OptimalDataAlignment();}
107
108 protected:
KeyHash()109 void KeyHash()
110 {
111 m_hash.Update(m_key, m_key.size());
112 m_keyed = true;
113 }
114
115 T_Hash m_hash;
116 bool m_keyed;
117 SecByteBlock m_key;
118 };
119
120 namespace Weak {
121 /// \brief Panama message authentication code
122 template <class B = LittleEndian>
123 class PanamaMAC : public HermeticHashFunctionMAC<PanamaHash<B> >
124 {
125 public:
PanamaMAC()126 PanamaMAC() {}
PanamaMAC(const byte * key,unsigned int length)127 PanamaMAC(const byte *key, unsigned int length)
128 {this->SetKey(key, length);}
129 };
130 }
131
132 /// \brief Panama stream cipher information
133 template <class B>
134 struct PanamaCipherInfo : public FixedKeyLength<32, SimpleKeyingInterface::UNIQUE_IV, 32>
135 {
StaticAlgorithmNamePanamaCipherInfo136 CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return B::ToEnum() == BIG_ENDIAN_ORDER ? "Panama-BE" : "Panama-LE";}
137 };
138
139 /// \brief Panama stream cipher operation
140 template <class B>
141 class PanamaCipherPolicy : public AdditiveCipherConcretePolicy<word32, 8>,
142 public PanamaCipherInfo<B>,
143 protected Panama<B>
144 {
145 protected:
~PanamaCipherPolicy()146 virtual ~PanamaCipherPolicy() {}
147 std::string AlgorithmProvider() const;
148 void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length);
149 void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount);
CipherIsRandomAccess()150 bool CipherIsRandomAccess() const {return false;}
151 void CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length);
152 unsigned int GetAlignment() const;
153
154 FixedSizeSecBlock<word32, 8> m_key;
155 FixedSizeSecBlock<word32, 8> m_buf;
156 };
157
158 /// \brief Panama stream cipher
159 /// \sa <a href="http://www.cryptolounge.org/wiki/PANAMA">Panama Stream Cipher</a>
160 template <class B = LittleEndian>
161 struct PanamaCipher : public PanamaCipherInfo<B>, public SymmetricCipherDocumentation
162 {
163 typedef SymmetricCipherFinal<ConcretePolicyHolder<PanamaCipherPolicy<B>, AdditiveCipherTemplate<> >, PanamaCipherInfo<B> > Encryption;
164 typedef Encryption Decryption;
165 };
166
167 NAMESPACE_END
168
169 #endif
170