1 /*
2 * This library is free software; you can redistribute it and/or
3 * modify it under the terms of the GNU Lesser General Public
4 * License as published by the Free Software Foundation; either
5 * version 2.1 of the License, or (at your option) any later version.
6 *
7 * This library is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
10 * Lesser General Public License for more details.
11 *
12 * You should have received a copy of the GNU Lesser General Public
13 * License along with this library; if not, write to the Free Software
14 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
15 *
16 */
17
18 /*!\file ripemd128.c
19 * \brief RIPEMD-128 hash function.
20 * \author Jeff Johnson <jbj@rpm5.org>
21 * \author Bob Deblier <bob.deblier@telenet.be>
22 * \ingroup HASH_m HASH_ripemd128_m
23 */
24
25 #define BEECRYPT_DLL_EXPORT
26
27 #if HAVE_CONFIG_H
28 # include "config.h"
29 #endif
30
31 #include "beecrypt/ripemd128.h"
32 #include "beecrypt/endianness.h"
33
34 /*!\addtogroup HASH_ripemd128_m
35 * \{
36 */
37
38 /*@unchecked@*/ /*@observer@*/
39 static uint32_t ripemd128hinit[4] = {
40 0x67452301U, 0xefcdab89U, 0x98badcfeU, 0x10325476U
41 };
42
43 /*@-sizeoftype@*/
44 /*@unchecked@*/ /*@observer@*/
45 const hashFunction ripemd128 = {
46 .name = "RIPEMD-128",
47 .paramsize = sizeof(ripemd128Param),
48 .blocksize = 64,
49 .digestsize = 16,
50 .reset = (hashFunctionReset) ripemd128Reset,
51 .update = (hashFunctionUpdate) ripemd128Update,
52 .digest = (hashFunctionDigest) ripemd128Digest
53 };
54 /*@=sizeoftype@*/
55
ripemd128Reset(register ripemd128Param * mp)56 int ripemd128Reset(register ripemd128Param* mp)
57 {
58 /*@-sizeoftype@*/
59 memcpy(mp->h, ripemd128hinit, 4 * sizeof(uint32_t));
60 memset(mp->data, 0, 16 * sizeof(uint32_t));
61 /*@=sizeoftype@*/
62 #if (MP_WBITS == 64)
63 mpzero(1, mp->length);
64 #elif (MP_WBITS == 32)
65 mpzero(2, mp->length);
66 #else
67 # error
68 #endif
69 mp->offset = 0;
70 return 0;
71 }
72
73 #define LSR1(a, b, c, d, x, s) \
74 a = ROTL32((b^c^d) + a + x, s);
75 #define LSR2(a, b, c, d, x, s) \
76 a = ROTL32(((b&c)|(~b&d)) + a + x + 0x5a827999U, s);
77 #define LSR3(a, b, c, d, x, s) \
78 a = ROTL32(((b|~c)^d) + a + x + 0x6ed9eba1U, s);
79 #define LSR4(a, b, c, d, x, s) \
80 a = ROTL32(((b&d)|(c&~d)) + a + x + 0x8f1bbcdcU, s);
81
82 #define RSR4(a, b, c, d, x, s) \
83 a = ROTL32((b^c^d) + a + x, s);
84 #define RSR3(a, b, c, d, x, s) \
85 a = ROTL32(((b&c)|(~b&d)) + a + x + 0x6d703ef3U, s);
86 #define RSR2(a, b, c, d, x, s) \
87 a = ROTL32(((b|~c)^d) + a + x + 0x5c4dd124U, s);
88 #define RSR1(a, b, c, d, x, s) \
89 a = ROTL32(((b&d)|(c&~d)) + a + x + 0x50a28be6U, s);
90
91 #ifndef ASM_RIPEMD128PROCESS
ripemd128Process(ripemd128Param * mp)92 void ripemd128Process(ripemd128Param* mp)
93 {
94 register uint32_t la, lb, lc, ld;
95 register uint32_t ra, rb, rc, rd;
96 register uint32_t* x;
97 #ifdef WORDS_BIGENDIAN
98 register byte t;
99 #endif
100
101 x = mp->data;
102 #ifdef WORDS_BIGENDIAN
103 t = 16;
104 while (t--)
105 {
106 register uint32_t temp = swapu32(*x);
107 *(x++) = temp;
108 }
109 x = mp->data;
110 #endif
111
112 la = mp->h[0]; lb = mp->h[1]; lc = mp->h[2]; ld = mp->h[3];
113 ra = mp->h[0]; rb = mp->h[1]; rc = mp->h[2]; rd = mp->h[3];
114
115 /* In theory OpenMP would allows us to do the 'left' and 'right' sections in parallel,
116 * but in practice the overhead make the code much slower
117 */
118
119 /* left round 1 */
120 LSR1(la, lb, lc, ld, x[ 0], 11);
121 LSR1(ld, la, lb, lc, x[ 1], 14);
122 LSR1(lc, ld, la, lb, x[ 2], 15);
123 LSR1(lb, lc, ld, la, x[ 3], 12);
124 LSR1(la, lb, lc, ld, x[ 4], 5);
125 LSR1(ld, la, lb, lc, x[ 5], 8);
126 LSR1(lc, ld, la, lb, x[ 6], 7);
127 LSR1(lb, lc, ld, la, x[ 7], 9);
128 LSR1(la, lb, lc, ld, x[ 8], 11);
129 LSR1(ld, la, lb, lc, x[ 9], 13);
130 LSR1(lc, ld, la, lb, x[10], 14);
131 LSR1(lb, lc, ld, la, x[11], 15);
132 LSR1(la, lb, lc, ld, x[12], 6);
133 LSR1(ld, la, lb, lc, x[13], 7);
134 LSR1(lc, ld, la, lb, x[14], 9);
135 LSR1(lb, lc, ld, la, x[15], 8);
136
137 /* left round 2 */
138 LSR2(la, lb, lc, ld, x[ 7], 7);
139 LSR2(ld, la, lb, lc, x[ 4], 6);
140 LSR2(lc, ld, la, lb, x[13], 8);
141 LSR2(lb, lc, ld, la, x[ 1], 13);
142 LSR2(la, lb, lc, ld, x[10], 11);
143 LSR2(ld, la, lb, lc, x[ 6], 9);
144 LSR2(lc, ld, la, lb, x[15], 7);
145 LSR2(lb, lc, ld, la, x[ 3], 15);
146 LSR2(la, lb, lc, ld, x[12], 7);
147 LSR2(ld, la, lb, lc, x[ 0], 12);
148 LSR2(lc, ld, la, lb, x[ 9], 15);
149 LSR2(lb, lc, ld, la, x[ 5], 9);
150 LSR2(la, lb, lc, ld, x[ 2], 11);
151 LSR2(ld, la, lb, lc, x[14], 7);
152 LSR2(lc, ld, la, lb, x[11], 13);
153 LSR2(lb, lc, ld, la, x[ 8], 12);
154
155 /* left round 3 */
156 LSR3(la, lb, lc, ld, x[ 3], 11);
157 LSR3(ld, la, lb, lc, x[10], 13);
158 LSR3(lc, ld, la, lb, x[14], 6);
159 LSR3(lb, lc, ld, la, x[ 4], 7);
160 LSR3(la, lb, lc, ld, x[ 9], 14);
161 LSR3(ld, la, lb, lc, x[15], 9);
162 LSR3(lc, ld, la, lb, x[ 8], 13);
163 LSR3(lb, lc, ld, la, x[ 1], 15);
164 LSR3(la, lb, lc, ld, x[ 2], 14);
165 LSR3(ld, la, lb, lc, x[ 7], 8);
166 LSR3(lc, ld, la, lb, x[ 0], 13);
167 LSR3(lb, lc, ld, la, x[ 6], 6);
168 LSR3(la, lb, lc, ld, x[13], 5);
169 LSR3(ld, la, lb, lc, x[11], 12);
170 LSR3(lc, ld, la, lb, x[ 5], 7);
171 LSR3(lb, lc, ld, la, x[12], 5);
172
173 /* left round 4 */
174 LSR4(la, lb, lc, ld, x[ 1], 11);
175 LSR4(ld, la, lb, lc, x[ 9], 12);
176 LSR4(lc, ld, la, lb, x[11], 14);
177 LSR4(lb, lc, ld, la, x[10], 15);
178 LSR4(la, lb, lc, ld, x[ 0], 14);
179 LSR4(ld, la, lb, lc, x[ 8], 15);
180 LSR4(lc, ld, la, lb, x[12], 9);
181 LSR4(lb, lc, ld, la, x[ 4], 8);
182 LSR4(la, lb, lc, ld, x[13], 9);
183 LSR4(ld, la, lb, lc, x[ 3], 14);
184 LSR4(lc, ld, la, lb, x[ 7], 5);
185 LSR4(lb, lc, ld, la, x[15], 6);
186 LSR4(la, lb, lc, ld, x[14], 8);
187 LSR4(ld, la, lb, lc, x[ 5], 6);
188 LSR4(lc, ld, la, lb, x[ 6], 5);
189 LSR4(lb, lc, ld, la, x[ 2], 12);
190
191 /* right round 1 */
192 RSR1(ra, rb, rc, rd, x[ 5], 8);
193 RSR1(rd, ra, rb, rc, x[14], 9);
194 RSR1(rc, rd, ra, rb, x[ 7], 9);
195 RSR1(rb, rc, rd, ra, x[ 0], 11);
196 RSR1(ra, rb, rc, rd, x[ 9], 13);
197 RSR1(rd, ra, rb, rc, x[ 2], 15);
198 RSR1(rc, rd, ra, rb, x[11], 15);
199 RSR1(rb, rc, rd, ra, x[ 4], 5);
200 RSR1(ra, rb, rc, rd, x[13], 7);
201 RSR1(rd, ra, rb, rc, x[ 6], 7);
202 RSR1(rc, rd, ra, rb, x[15], 8);
203 RSR1(rb, rc, rd, ra, x[ 8], 11);
204 RSR1(ra, rb, rc, rd, x[ 1], 14);
205 RSR1(rd, ra, rb, rc, x[10], 14);
206 RSR1(rc, rd, ra, rb, x[ 3], 12);
207 RSR1(rb, rc, rd, ra, x[12], 6);
208
209 /* right round 2 */
210 RSR2(ra, rb, rc, rd, x[ 6], 9);
211 RSR2(rd, ra, rb, rc, x[11], 13);
212 RSR2(rc, rd, ra, rb, x[ 3], 15);
213 RSR2(rb, rc, rd, ra, x[ 7], 7);
214 RSR2(ra, rb, rc, rd, x[ 0], 12);
215 RSR2(rd, ra, rb, rc, x[13], 8);
216 RSR2(rc, rd, ra, rb, x[ 5], 9);
217 RSR2(rb, rc, rd, ra, x[10], 11);
218 RSR2(ra, rb, rc, rd, x[14], 7);
219 RSR2(rd, ra, rb, rc, x[15], 7);
220 RSR2(rc, rd, ra, rb, x[ 8], 12);
221 RSR2(rb, rc, rd, ra, x[12], 7);
222 RSR2(ra, rb, rc, rd, x[ 4], 6);
223 RSR2(rd, ra, rb, rc, x[ 9], 15);
224 RSR2(rc, rd, ra, rb, x[ 1], 13);
225 RSR2(rb, rc, rd, ra, x[ 2], 11);
226
227 /* right round 3 */
228 RSR3(ra, rb, rc, rd, x[15], 9);
229 RSR3(rd, ra, rb, rc, x[ 5], 7);
230 RSR3(rc, rd, ra, rb, x[ 1], 15);
231 RSR3(rb, rc, rd, ra, x[ 3], 11);
232 RSR3(ra, rb, rc, rd, x[ 7], 8);
233 RSR3(rd, ra, rb, rc, x[14], 6);
234 RSR3(rc, rd, ra, rb, x[ 6], 6);
235 RSR3(rb, rc, rd, ra, x[ 9], 14);
236 RSR3(ra, rb, rc, rd, x[11], 12);
237 RSR3(rd, ra, rb, rc, x[ 8], 13);
238 RSR3(rc, rd, ra, rb, x[12], 5);
239 RSR3(rb, rc, rd, ra, x[ 2], 14);
240 RSR3(ra, rb, rc, rd, x[10], 13);
241 RSR3(rd, ra, rb, rc, x[ 0], 13);
242 RSR3(rc, rd, ra, rb, x[ 4], 7);
243 RSR3(rb, rc, rd, ra, x[13], 5);
244
245 /* right round 4 */
246 RSR4(ra, rb, rc, rd, x[ 8], 15);
247 RSR4(rd, ra, rb, rc, x[ 6], 5);
248 RSR4(rc, rd, ra, rb, x[ 4], 8);
249 RSR4(rb, rc, rd, ra, x[ 1], 11);
250 RSR4(ra, rb, rc, rd, x[ 3], 14);
251 RSR4(rd, ra, rb, rc, x[11], 14);
252 RSR4(rc, rd, ra, rb, x[15], 6);
253 RSR4(rb, rc, rd, ra, x[ 0], 14);
254 RSR4(ra, rb, rc, rd, x[ 5], 6);
255 RSR4(rd, ra, rb, rc, x[12], 9);
256 RSR4(rc, rd, ra, rb, x[ 2], 12);
257 RSR4(rb, rc, rd, ra, x[13], 9);
258 RSR4(ra, rb, rc, rd, x[ 9], 12);
259 RSR4(rd, ra, rb, rc, x[ 7], 5);
260 RSR4(rc, rd, ra, rb, x[10], 15);
261 RSR4(rb, rc, rd, ra, x[14], 8);
262
263 /* combine results */
264 rd += lc + mp->h[1];
265 mp->h[1] = mp->h[2] + ld + ra;
266 mp->h[2] = mp->h[3] + la + rb;
267 mp->h[3] = mp->h[0] + lb + rc;
268 mp->h[0] = rd;
269 }
270 #endif
271
ripemd128Update(ripemd128Param * mp,const byte * data,size_t size)272 int ripemd128Update(ripemd128Param* mp, const byte* data, size_t size)
273 {
274 register uint32_t proclength;
275
276 #if (MP_WBITS == 64)
277 mpw add[1];
278 mpsetw(1, add, size);
279 mplshift(1, add, 3);
280 mpadd(1, mp->length, add);
281 #elif (MP_WBITS == 32)
282 mpw add[2];
283 mpsetw(2, add, size);
284 mplshift(2, add, 3);
285 (void) mpadd(2, mp->length, add);
286 #else
287 # error
288 #endif
289
290 while (size > 0)
291 {
292 proclength = ((mp->offset + size) > 64U) ? (64U - mp->offset) : size;
293 /*@-mayaliasunique@*/
294 memcpy(((byte *) mp->data) + mp->offset, data, proclength);
295 /*@=mayaliasunique@*/
296 size -= proclength;
297 data += proclength;
298 mp->offset += proclength;
299
300 if (mp->offset == 64U)
301 {
302 ripemd128Process(mp);
303 mp->offset = 0;
304 }
305 }
306 return 0;
307 }
308
ripemd128Finish(ripemd128Param * mp)309 static void ripemd128Finish(ripemd128Param* mp)
310 /*@modifies mp @*/
311 {
312 register byte *ptr = ((byte *) mp->data) + mp->offset++;
313
314 *(ptr++) = 0x80;
315
316 if (mp->offset > 56)
317 {
318 while (mp->offset++ < 64)
319 *(ptr++) = 0;
320
321 ripemd128Process(mp);
322 mp->offset = 0;
323 }
324
325 ptr = ((byte *) mp->data) + mp->offset;
326 while (mp->offset++ < 56)
327 *(ptr++) = 0;
328
329 #if (MP_WBITS == 64)
330 ptr[0] = (byte)(mp->length[0] );
331 ptr[1] = (byte)(mp->length[0] >> 8);
332 ptr[2] = (byte)(mp->length[0] >> 16);
333 ptr[3] = (byte)(mp->length[0] >> 24);
334 ptr[4] = (byte)(mp->length[0] >> 32);
335 ptr[5] = (byte)(mp->length[0] >> 40);
336 ptr[6] = (byte)(mp->length[0] >> 48);
337 ptr[7] = (byte)(mp->length[0] >> 56);
338 #elif (MP_WBITS == 32)
339 ptr[0] = (byte)(mp->length[1] );
340 ptr[1] = (byte)(mp->length[1] >> 8);
341 ptr[2] = (byte)(mp->length[1] >> 16);
342 ptr[3] = (byte)(mp->length[1] >> 24);
343 ptr[4] = (byte)(mp->length[0] );
344 ptr[5] = (byte)(mp->length[0] >> 8);
345 ptr[6] = (byte)(mp->length[0] >> 16);
346 ptr[7] = (byte)(mp->length[0] >> 24);
347 #else
348 # error
349 #endif
350
351 ripemd128Process(mp);
352
353 mp->offset = 0;
354 }
355
356 /*@-protoparammatch@*/
ripemd128Digest(ripemd128Param * mp,byte * data)357 int ripemd128Digest(ripemd128Param* mp, byte* data)
358 {
359 ripemd128Finish(mp);
360
361 /* encode 4 integers little-endian style */
362 data[ 0] = (byte)(mp->h[0] );
363 data[ 1] = (byte)(mp->h[0] >> 8);
364 data[ 2] = (byte)(mp->h[0] >> 16);
365 data[ 3] = (byte)(mp->h[0] >> 24);
366 data[ 4] = (byte)(mp->h[1] );
367 data[ 5] = (byte)(mp->h[1] >> 8);
368 data[ 6] = (byte)(mp->h[1] >> 16);
369 data[ 7] = (byte)(mp->h[1] >> 24);
370 data[ 8] = (byte)(mp->h[2] );
371 data[ 9] = (byte)(mp->h[2] >> 8);
372 data[10] = (byte)(mp->h[2] >> 16);
373 data[11] = (byte)(mp->h[2] >> 24);
374 data[12] = (byte)(mp->h[3] );
375 data[13] = (byte)(mp->h[3] >> 8);
376 data[14] = (byte)(mp->h[3] >> 16);
377 data[15] = (byte)(mp->h[3] >> 24);
378
379 (void) ripemd128Reset(mp);
380
381 return 0;
382 }
383 /*@=protoparammatch@*/
384
385 /*!\}
386 */
387
388