Line data Source code
1 : /* $OpenBSD: rmd160.c,v 1.5 2011/01/11 15:42:05 deraadt Exp $ */
2 : /*
3 : * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 : *
5 : * Redistribution and use in source and binary forms, with or without
6 : * modification, are permitted provided that the following conditions
7 : * are met:
8 : * 1. Redistributions of source code must retain the above copyright
9 : * notice, this list of conditions and the following disclaimer.
10 : * 2. Redistributions in binary form must reproduce the above copyright
11 : * notice, this list of conditions and the following disclaimer in the
12 : * documentation and/or other materials provided with the distribution.
13 : *
14 : * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 : * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 : * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 : * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 : * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 : * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 : * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 : * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 : * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 : * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 : */
25 : /*
26 : * Preneel, Bosselaers, Dobbertin, "The Cryptographic Hash Function RIPEMD-160",
27 : * RSA Laboratories, CryptoBytes, Volume 3, Number 2, Autumn 1997,
28 : * ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto3n2.pdf
29 : */
30 : #include <sys/param.h>
31 : #include <sys/systm.h>
32 : #include <sys/endian.h>
33 : #include <crypto/rmd160.h>
34 :
35 : #define PUT_64BIT_LE(cp, value) do { \
36 : (cp)[7] = (value) >> 56; \
37 : (cp)[6] = (value) >> 48; \
38 : (cp)[5] = (value) >> 40; \
39 : (cp)[4] = (value) >> 32; \
40 : (cp)[3] = (value) >> 24; \
41 : (cp)[2] = (value) >> 16; \
42 : (cp)[1] = (value) >> 8; \
43 : (cp)[0] = (value); } while (0)
44 :
45 : #define PUT_32BIT_LE(cp, value) do { \
46 : (cp)[3] = (value) >> 24; \
47 : (cp)[2] = (value) >> 16; \
48 : (cp)[1] = (value) >> 8; \
49 : (cp)[0] = (value); } while (0)
50 :
51 : #define H0 0x67452301U
52 : #define H1 0xEFCDAB89U
53 : #define H2 0x98BADCFEU
54 : #define H3 0x10325476U
55 : #define H4 0xC3D2E1F0U
56 :
57 : #define K0 0x00000000U
58 : #define K1 0x5A827999U
59 : #define K2 0x6ED9EBA1U
60 : #define K3 0x8F1BBCDCU
61 : #define K4 0xA953FD4EU
62 :
63 : #define KK0 0x50A28BE6U
64 : #define KK1 0x5C4DD124U
65 : #define KK2 0x6D703EF3U
66 : #define KK3 0x7A6D76E9U
67 : #define KK4 0x00000000U
68 :
69 : /* rotate x left n bits. */
70 : #define ROL(n, x) (((x) << (n)) | ((x) >> (32-(n))))
71 :
72 : #define F0(x, y, z) ((x) ^ (y) ^ (z))
73 : #define F1(x, y, z) (((x) & (y)) | ((~x) & (z)))
74 : #define F2(x, y, z) (((x) | (~y)) ^ (z))
75 : #define F3(x, y, z) (((x) & (z)) | ((y) & (~z)))
76 : #define F4(x, y, z) ((x) ^ ((y) | (~z)))
77 :
78 : #define R(a, b, c, d, e, Fj, Kj, sj, rj) \
79 : do { \
80 : a = ROL(sj, a + Fj(b,c,d) + X(rj) + Kj) + e; \
81 : c = ROL(10, c); \
82 : } while(0)
83 :
84 : #define X(i) x[i]
85 :
86 : static u_char PADDING[64] = {
87 : 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
88 : 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
89 : 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
90 : };
91 :
92 : void
93 0 : RMD160Init(RMD160_CTX *ctx)
94 : {
95 0 : ctx->count = 0;
96 0 : ctx->state[0] = H0;
97 0 : ctx->state[1] = H1;
98 0 : ctx->state[2] = H2;
99 0 : ctx->state[3] = H3;
100 0 : ctx->state[4] = H4;
101 0 : }
102 :
103 : void
104 0 : RMD160Update(RMD160_CTX *ctx, const u_char *input, u_int32_t len)
105 : {
106 : u_int32_t have, off, need;
107 :
108 0 : have = (ctx->count/8) % 64;
109 0 : need = 64 - have;
110 0 : ctx->count += 8 * len;
111 : off = 0;
112 :
113 0 : if (len >= need) {
114 0 : if (have) {
115 0 : memcpy(ctx->buffer + have, input, need);
116 0 : RMD160Transform(ctx->state, ctx->buffer);
117 : off = need;
118 : have = 0;
119 0 : }
120 : /* now the buffer is empty */
121 0 : while (off + 64 <= len) {
122 0 : RMD160Transform(ctx->state, input+off);
123 : off += 64;
124 : }
125 : }
126 0 : if (off < len)
127 0 : memcpy(ctx->buffer + have, input+off, len-off);
128 0 : }
129 :
130 : void
131 0 : RMD160Final(u_char digest[20], RMD160_CTX *ctx)
132 : {
133 : int i;
134 0 : u_char size[8];
135 : u_int32_t padlen;
136 :
137 0 : PUT_64BIT_LE(size, ctx->count);
138 :
139 : /*
140 : * pad to 64 byte blocks, at least one byte from PADDING plus 8 bytes
141 : * for the size
142 : */
143 0 : padlen = 64 - ((ctx->count/8) % 64);
144 0 : if (padlen < 1 + 8)
145 0 : padlen += 64;
146 0 : RMD160Update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */
147 0 : RMD160Update(ctx, size, 8);
148 :
149 0 : if (digest != NULL)
150 0 : for (i = 0; i < 5; i++)
151 0 : PUT_32BIT_LE(digest + i*4, ctx->state[i]);
152 :
153 0 : explicit_bzero(ctx, sizeof (*ctx));
154 0 : }
155 :
156 : void
157 0 : RMD160Transform(u_int32_t state[5], const u_char block[64])
158 : {
159 : u_int32_t a, b, c, d, e, aa, bb, cc, dd, ee, t, x[16];
160 :
161 : #if BYTE_ORDER == LITTLE_ENDIAN
162 0 : memcpy(x, block, 64);
163 : #else
164 : int i;
165 :
166 : for (i = 0; i < 16; i++)
167 : x[i] = (u_int32_t)(
168 : (u_int32_t)(block[i*4 + 0]) |
169 : (u_int32_t)(block[i*4 + 1]) << 8 |
170 : (u_int32_t)(block[i*4 + 2]) << 16 |
171 : (u_int32_t)(block[i*4 + 3]) << 24);
172 : #endif
173 :
174 0 : a = state[0];
175 0 : b = state[1];
176 0 : c = state[2];
177 0 : d = state[3];
178 0 : e = state[4];
179 :
180 : /* Round 1 */
181 0 : R(a, b, c, d, e, F0, K0, 11, 0);
182 0 : R(e, a, b, c, d, F0, K0, 14, 1);
183 0 : R(d, e, a, b, c, F0, K0, 15, 2);
184 0 : R(c, d, e, a, b, F0, K0, 12, 3);
185 0 : R(b, c, d, e, a, F0, K0, 5, 4);
186 0 : R(a, b, c, d, e, F0, K0, 8, 5);
187 0 : R(e, a, b, c, d, F0, K0, 7, 6);
188 0 : R(d, e, a, b, c, F0, K0, 9, 7);
189 0 : R(c, d, e, a, b, F0, K0, 11, 8);
190 0 : R(b, c, d, e, a, F0, K0, 13, 9);
191 0 : R(a, b, c, d, e, F0, K0, 14, 10);
192 0 : R(e, a, b, c, d, F0, K0, 15, 11);
193 0 : R(d, e, a, b, c, F0, K0, 6, 12);
194 0 : R(c, d, e, a, b, F0, K0, 7, 13);
195 0 : R(b, c, d, e, a, F0, K0, 9, 14);
196 0 : R(a, b, c, d, e, F0, K0, 8, 15); /* #15 */
197 : /* Round 2 */
198 0 : R(e, a, b, c, d, F1, K1, 7, 7);
199 0 : R(d, e, a, b, c, F1, K1, 6, 4);
200 0 : R(c, d, e, a, b, F1, K1, 8, 13);
201 0 : R(b, c, d, e, a, F1, K1, 13, 1);
202 0 : R(a, b, c, d, e, F1, K1, 11, 10);
203 0 : R(e, a, b, c, d, F1, K1, 9, 6);
204 0 : R(d, e, a, b, c, F1, K1, 7, 15);
205 0 : R(c, d, e, a, b, F1, K1, 15, 3);
206 0 : R(b, c, d, e, a, F1, K1, 7, 12);
207 0 : R(a, b, c, d, e, F1, K1, 12, 0);
208 0 : R(e, a, b, c, d, F1, K1, 15, 9);
209 0 : R(d, e, a, b, c, F1, K1, 9, 5);
210 0 : R(c, d, e, a, b, F1, K1, 11, 2);
211 0 : R(b, c, d, e, a, F1, K1, 7, 14);
212 0 : R(a, b, c, d, e, F1, K1, 13, 11);
213 0 : R(e, a, b, c, d, F1, K1, 12, 8); /* #31 */
214 : /* Round 3 */
215 0 : R(d, e, a, b, c, F2, K2, 11, 3);
216 0 : R(c, d, e, a, b, F2, K2, 13, 10);
217 0 : R(b, c, d, e, a, F2, K2, 6, 14);
218 0 : R(a, b, c, d, e, F2, K2, 7, 4);
219 0 : R(e, a, b, c, d, F2, K2, 14, 9);
220 0 : R(d, e, a, b, c, F2, K2, 9, 15);
221 0 : R(c, d, e, a, b, F2, K2, 13, 8);
222 0 : R(b, c, d, e, a, F2, K2, 15, 1);
223 0 : R(a, b, c, d, e, F2, K2, 14, 2);
224 0 : R(e, a, b, c, d, F2, K2, 8, 7);
225 0 : R(d, e, a, b, c, F2, K2, 13, 0);
226 0 : R(c, d, e, a, b, F2, K2, 6, 6);
227 0 : R(b, c, d, e, a, F2, K2, 5, 13);
228 0 : R(a, b, c, d, e, F2, K2, 12, 11);
229 0 : R(e, a, b, c, d, F2, K2, 7, 5);
230 0 : R(d, e, a, b, c, F2, K2, 5, 12); /* #47 */
231 : /* Round 4 */
232 0 : R(c, d, e, a, b, F3, K3, 11, 1);
233 0 : R(b, c, d, e, a, F3, K3, 12, 9);
234 0 : R(a, b, c, d, e, F3, K3, 14, 11);
235 0 : R(e, a, b, c, d, F3, K3, 15, 10);
236 0 : R(d, e, a, b, c, F3, K3, 14, 0);
237 0 : R(c, d, e, a, b, F3, K3, 15, 8);
238 0 : R(b, c, d, e, a, F3, K3, 9, 12);
239 0 : R(a, b, c, d, e, F3, K3, 8, 4);
240 0 : R(e, a, b, c, d, F3, K3, 9, 13);
241 0 : R(d, e, a, b, c, F3, K3, 14, 3);
242 0 : R(c, d, e, a, b, F3, K3, 5, 7);
243 0 : R(b, c, d, e, a, F3, K3, 6, 15);
244 0 : R(a, b, c, d, e, F3, K3, 8, 14);
245 0 : R(e, a, b, c, d, F3, K3, 6, 5);
246 0 : R(d, e, a, b, c, F3, K3, 5, 6);
247 0 : R(c, d, e, a, b, F3, K3, 12, 2); /* #63 */
248 : /* Round 5 */
249 0 : R(b, c, d, e, a, F4, K4, 9, 4);
250 0 : R(a, b, c, d, e, F4, K4, 15, 0);
251 0 : R(e, a, b, c, d, F4, K4, 5, 5);
252 0 : R(d, e, a, b, c, F4, K4, 11, 9);
253 0 : R(c, d, e, a, b, F4, K4, 6, 7);
254 0 : R(b, c, d, e, a, F4, K4, 8, 12);
255 0 : R(a, b, c, d, e, F4, K4, 13, 2);
256 0 : R(e, a, b, c, d, F4, K4, 12, 10);
257 0 : R(d, e, a, b, c, F4, K4, 5, 14);
258 0 : R(c, d, e, a, b, F4, K4, 12, 1);
259 0 : R(b, c, d, e, a, F4, K4, 13, 3);
260 0 : R(a, b, c, d, e, F4, K4, 14, 8);
261 0 : R(e, a, b, c, d, F4, K4, 11, 11);
262 0 : R(d, e, a, b, c, F4, K4, 8, 6);
263 0 : R(c, d, e, a, b, F4, K4, 5, 15);
264 0 : R(b, c, d, e, a, F4, K4, 6, 13); /* #79 */
265 :
266 : aa = a ; bb = b; cc = c; dd = d; ee = e;
267 :
268 : a = state[0];
269 : b = state[1];
270 : c = state[2];
271 : d = state[3];
272 : e = state[4];
273 :
274 : /* Parallel round 1 */
275 0 : R(a, b, c, d, e, F4, KK0, 8, 5);
276 0 : R(e, a, b, c, d, F4, KK0, 9, 14);
277 0 : R(d, e, a, b, c, F4, KK0, 9, 7);
278 0 : R(c, d, e, a, b, F4, KK0, 11, 0);
279 0 : R(b, c, d, e, a, F4, KK0, 13, 9);
280 0 : R(a, b, c, d, e, F4, KK0, 15, 2);
281 0 : R(e, a, b, c, d, F4, KK0, 15, 11);
282 0 : R(d, e, a, b, c, F4, KK0, 5, 4);
283 0 : R(c, d, e, a, b, F4, KK0, 7, 13);
284 0 : R(b, c, d, e, a, F4, KK0, 7, 6);
285 0 : R(a, b, c, d, e, F4, KK0, 8, 15);
286 0 : R(e, a, b, c, d, F4, KK0, 11, 8);
287 0 : R(d, e, a, b, c, F4, KK0, 14, 1);
288 0 : R(c, d, e, a, b, F4, KK0, 14, 10);
289 0 : R(b, c, d, e, a, F4, KK0, 12, 3);
290 0 : R(a, b, c, d, e, F4, KK0, 6, 12); /* #15 */
291 : /* Parallel round 2 */
292 0 : R(e, a, b, c, d, F3, KK1, 9, 6);
293 0 : R(d, e, a, b, c, F3, KK1, 13, 11);
294 0 : R(c, d, e, a, b, F3, KK1, 15, 3);
295 0 : R(b, c, d, e, a, F3, KK1, 7, 7);
296 0 : R(a, b, c, d, e, F3, KK1, 12, 0);
297 0 : R(e, a, b, c, d, F3, KK1, 8, 13);
298 0 : R(d, e, a, b, c, F3, KK1, 9, 5);
299 0 : R(c, d, e, a, b, F3, KK1, 11, 10);
300 0 : R(b, c, d, e, a, F3, KK1, 7, 14);
301 0 : R(a, b, c, d, e, F3, KK1, 7, 15);
302 0 : R(e, a, b, c, d, F3, KK1, 12, 8);
303 0 : R(d, e, a, b, c, F3, KK1, 7, 12);
304 0 : R(c, d, e, a, b, F3, KK1, 6, 4);
305 0 : R(b, c, d, e, a, F3, KK1, 15, 9);
306 0 : R(a, b, c, d, e, F3, KK1, 13, 1);
307 0 : R(e, a, b, c, d, F3, KK1, 11, 2); /* #31 */
308 : /* Parallel round 3 */
309 0 : R(d, e, a, b, c, F2, KK2, 9, 15);
310 0 : R(c, d, e, a, b, F2, KK2, 7, 5);
311 0 : R(b, c, d, e, a, F2, KK2, 15, 1);
312 0 : R(a, b, c, d, e, F2, KK2, 11, 3);
313 0 : R(e, a, b, c, d, F2, KK2, 8, 7);
314 0 : R(d, e, a, b, c, F2, KK2, 6, 14);
315 0 : R(c, d, e, a, b, F2, KK2, 6, 6);
316 0 : R(b, c, d, e, a, F2, KK2, 14, 9);
317 0 : R(a, b, c, d, e, F2, KK2, 12, 11);
318 0 : R(e, a, b, c, d, F2, KK2, 13, 8);
319 0 : R(d, e, a, b, c, F2, KK2, 5, 12);
320 0 : R(c, d, e, a, b, F2, KK2, 14, 2);
321 0 : R(b, c, d, e, a, F2, KK2, 13, 10);
322 0 : R(a, b, c, d, e, F2, KK2, 13, 0);
323 0 : R(e, a, b, c, d, F2, KK2, 7, 4);
324 0 : R(d, e, a, b, c, F2, KK2, 5, 13); /* #47 */
325 : /* Parallel round 4 */
326 0 : R(c, d, e, a, b, F1, KK3, 15, 8);
327 0 : R(b, c, d, e, a, F1, KK3, 5, 6);
328 0 : R(a, b, c, d, e, F1, KK3, 8, 4);
329 0 : R(e, a, b, c, d, F1, KK3, 11, 1);
330 0 : R(d, e, a, b, c, F1, KK3, 14, 3);
331 0 : R(c, d, e, a, b, F1, KK3, 14, 11);
332 0 : R(b, c, d, e, a, F1, KK3, 6, 15);
333 0 : R(a, b, c, d, e, F1, KK3, 14, 0);
334 0 : R(e, a, b, c, d, F1, KK3, 6, 5);
335 0 : R(d, e, a, b, c, F1, KK3, 9, 12);
336 0 : R(c, d, e, a, b, F1, KK3, 12, 2);
337 0 : R(b, c, d, e, a, F1, KK3, 9, 13);
338 0 : R(a, b, c, d, e, F1, KK3, 12, 9);
339 0 : R(e, a, b, c, d, F1, KK3, 5, 7);
340 0 : R(d, e, a, b, c, F1, KK3, 15, 10);
341 0 : R(c, d, e, a, b, F1, KK3, 8, 14); /* #63 */
342 : /* Parallel round 5 */
343 0 : R(b, c, d, e, a, F0, KK4, 8, 12);
344 0 : R(a, b, c, d, e, F0, KK4, 5, 15);
345 0 : R(e, a, b, c, d, F0, KK4, 12, 10);
346 0 : R(d, e, a, b, c, F0, KK4, 9, 4);
347 0 : R(c, d, e, a, b, F0, KK4, 12, 1);
348 0 : R(b, c, d, e, a, F0, KK4, 5, 5);
349 0 : R(a, b, c, d, e, F0, KK4, 14, 8);
350 0 : R(e, a, b, c, d, F0, KK4, 6, 7);
351 0 : R(d, e, a, b, c, F0, KK4, 8, 6);
352 0 : R(c, d, e, a, b, F0, KK4, 13, 2);
353 0 : R(b, c, d, e, a, F0, KK4, 6, 13);
354 0 : R(a, b, c, d, e, F0, KK4, 5, 14);
355 0 : R(e, a, b, c, d, F0, KK4, 15, 0);
356 0 : R(d, e, a, b, c, F0, KK4, 13, 3);
357 0 : R(c, d, e, a, b, F0, KK4, 11, 9);
358 0 : R(b, c, d, e, a, F0, KK4, 11, 11); /* #79 */
359 :
360 0 : t = state[1] + cc + d;
361 0 : state[1] = state[2] + dd + e;
362 0 : state[2] = state[3] + ee + a;
363 0 : state[3] = state[4] + aa + b;
364 0 : state[4] = state[0] + bb + c;
365 0 : state[0] = t;
366 0 : }
|
