1 /* ripemd.c
2 *
3 * Copyright (C) 2000,2001 Nikos Mavroyanopoulos
4 *
5 * This library is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU Library General Public License as published
7 * by the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Library General Public License for more details.
14 *
15 * You should have received a copy of the GNU Library General Public
16 * License along with this library; if not, write to the
17 * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 * Boston, MA 02111-1307, USA.
19 */
20
21
22 /*
23 * RIPEMD-160 is a 160-bit cryptographic hash function, designed by Hans
24 * Dobbertin, Antoon Bosselaers, and Bart Preneel. It is intended to be
25 * used as a secure replacement for the 128-bit hash functions MD4, MD5,
26 * and RIPEMD
27 * See also: http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
28 *
29 * RIPEMD-128 is a plug-in substitute for RIPEMD (or MD4 and MD5, for
30 * that matter) with a 128-bit result. 128-bit hash results do not
31 * offer sufficient protection for the next ten years, and
32 * applications using 128-bit hash functions should consider upgrading
33 * to a 160-bit hash function.
34 *
35 * RIPEMD-256 and RIPEMD-320 are optional extensions of, respectively,
36 * RIPEMD-128 and RIPEMD-160, and are intended for applications of
37 * hash functions that require a longer hash result without needing a
38 * larger security level.
39 */
40
41 /* Implementation of the RIPE-MD Hash Algorithms.
42 * Based on the SHA-1 implementation, (C) by A.M. Kuchling
43 *
44 * The ripemd160 code was written by Nikos Mavroyanopoulos, the code
45 * for ripemd128, ripemd256 and ripemd320 was added by B. Poettering
46 * in April 2004.
47 */
48
49 #include "libdefs.h"
50
51 #ifdef ENABLE_RIPEMD
52
53 #include "mhash_ripemd.h"
54
55 /* 32-bit rotate left - kludged with shifts */
56 #define ROTL(n,X) (((X)<<(n))|((X)>>(32-(n))))
57
58 #define f0(x,y,z) ((x)^(y)^(z))
59 /* #define f16(x,y,z) ((x&y)|(~(x) & z)) */
60 #define f16(x,y,z) ((z)^((x)&((y)^(z))))
61 #define f32(x,y,z) (((x)|~(y))^(z))
62 /* #define f48(x,y,z) ((x&z)|(y&~(z))) */
63 #define f48(x,y,z) ((y)^((z)&((x)^(y))))
64 #define f64(x,y,z) ((x)^((y)|(~(z))))
65
66 #define K0 0x00000000
67 #define K1 0x5A827999 /* 2^30 * sqrt(2) */
68 #define K2 0x6ED9EBA1 /* 2^30 * sqrt(3) */
69 #define K3 0x8F1BBCDC /* 2^30 * sqrt(5) */
70 #define K4 0xA953FD4E /* 2^30 * sqrt(7) */
71
72 #define KK0 0x50A28BE6 /* 2^30 * cbrt(2) */
73 #define KK1 0x5C4DD124 /* 2^30 * cbrt(3) */
74 #define KK2 0x6D703EF3 /* 2^30 * cbrt(5) */
75 #define KK3 0x7A6D76E9 /* 2^30 * cbrt(7) */
76 #define KK4 0x00000000
77
78 #define h0init 0x67452301
79 #define h1init 0xEFCDAB89
80 #define h2init 0x98BADCFE
81 #define h3init 0x10325476
82 #define h4init 0xC3D2E1F0
83 #define h5init 0x76543210
84 #define h6init 0xFEDCBA98
85 #define h7init 0x89ABCDEF
86 #define h8init 0x01234567
87 #define h9init 0x3C2D1E0F
88
89
90 /* Initialize the RIPEMD values */
91
ripemd_init(struct ripemd_ctx * ctx)92 void ripemd_init(struct ripemd_ctx *ctx)
93 {
94 /* Set the h-vars to their initial values */
95 ctx->digest[0] = h0init;
96 ctx->digest[1] = h1init;
97 ctx->digest[2] = h2init;
98 ctx->digest[3] = h3init;
99
100 /* Initialize bit count */
101 ctx->bitcount = 0;
102
103 /* Initialize buffer */
104 ctx->index = 0;
105 }
106
ripemd128_init(struct ripemd_ctx * ctx)107 void ripemd128_init(struct ripemd_ctx *ctx)
108 {
109 ripemd_init(ctx);
110 ctx->digest_len = 8 * RIPEMD128_DIGESTSIZE;
111 }
112
ripemd160_init(struct ripemd_ctx * ctx)113 void ripemd160_init(struct ripemd_ctx *ctx)
114 {
115 ripemd_init(ctx);
116 ctx->digest[4] = h4init;
117 ctx->digest_len = 8 * RIPEMD160_DIGESTSIZE;
118 }
119
ripemd256_init(struct ripemd_ctx * ctx)120 void ripemd256_init(struct ripemd_ctx *ctx)
121 {
122 ripemd_init(ctx);
123 ctx->digest[4] = h5init;
124 ctx->digest[5] = h6init;
125 ctx->digest[6] = h7init;
126 ctx->digest[7] = h8init;
127 ctx->digest_len = 8 * RIPEMD256_DIGESTSIZE;
128 }
129
ripemd320_init(struct ripemd_ctx * ctx)130 void ripemd320_init(struct ripemd_ctx *ctx)
131 {
132 ripemd_init(ctx);
133 ctx->digest[4] = h4init;
134 ctx->digest[5] = h5init;
135 ctx->digest[6] = h6init;
136 ctx->digest[7] = h7init;
137 ctx->digest[8] = h8init;
138 ctx->digest[9] = h9init;
139 ctx->digest_len = 8 * RIPEMD320_DIGESTSIZE;
140 }
141
142
143 /* The RIPEMD core functions */
144
145 #define subRound128(a, b, c, d, f, k, r, data) \
146 ( a = ROTL( r, a + f(b,c,d) + data + k))
147
148 #define subRound160(a, b, c, d, e, f, k, r, data) \
149 ( a = ROTL( r, a + f(b,c,d) + data + k) + e, c = ROTL(10, c) )
150
ripemd128_transform(struct ripemd_ctx * ctx,mutils_word32 * data)151 static void ripemd128_transform(struct ripemd_ctx *ctx, mutils_word32 * data)
152 {
153 mutils_word32 A, B, C, D; /* Local vars */
154 mutils_word32 AA, BB, CC, DD; /* Local vars */
155 mutils_word32 T;
156
157 /* Set up first buffer and local data buffer */
158 A = AA = ctx->digest[0];
159 B = BB = ctx->digest[1];
160 C = CC = ctx->digest[2];
161 D = DD = ctx->digest[3];
162
163 /* j=0...15 */
164 subRound128(A, B, C, D, f0, K0, 11, data[0]);
165 subRound128(D, A, B, C, f0, K0, 14, data[1]);
166 subRound128(C, D, A, B, f0, K0, 15, data[2]);
167 subRound128(B, C, D, A, f0, K0, 12, data[3]);
168 subRound128(A, B, C, D, f0, K0, 5, data[4]);
169 subRound128(D, A, B, C, f0, K0, 8, data[5]);
170 subRound128(C, D, A, B, f0, K0, 7, data[6]);
171 subRound128(B, C, D, A, f0, K0, 9, data[7]);
172 subRound128(A, B, C, D, f0, K0, 11, data[8]);
173 subRound128(D, A, B, C, f0, K0, 13, data[9]);
174 subRound128(C, D, A, B, f0, K0, 14, data[10]);
175 subRound128(B, C, D, A, f0, K0, 15, data[11]);
176 subRound128(A, B, C, D, f0, K0, 6, data[12]);
177 subRound128(D, A, B, C, f0, K0, 7, data[13]);
178 subRound128(C, D, A, B, f0, K0, 9, data[14]);
179 subRound128(B, C, D, A, f0, K0, 8, data[15]);
180
181 subRound128(AA, BB, CC, DD, f48, KK0, 8, data[5]);
182 subRound128(DD, AA, BB, CC, f48, KK0, 9, data[14]);
183 subRound128(CC, DD, AA, BB, f48, KK0, 9, data[7]);
184 subRound128(BB, CC, DD, AA, f48, KK0, 11, data[0]);
185 subRound128(AA, BB, CC, DD, f48, KK0, 13, data[9]);
186 subRound128(DD, AA, BB, CC, f48, KK0, 15, data[2]);
187 subRound128(CC, DD, AA, BB, f48, KK0, 15, data[11]);
188 subRound128(BB, CC, DD, AA, f48, KK0, 5, data[4]);
189 subRound128(AA, BB, CC, DD, f48, KK0, 7, data[13]);
190 subRound128(DD, AA, BB, CC, f48, KK0, 7, data[6]);
191 subRound128(CC, DD, AA, BB, f48, KK0, 8, data[15]);
192 subRound128(BB, CC, DD, AA, f48, KK0, 11, data[8]);
193 subRound128(AA, BB, CC, DD, f48, KK0, 14, data[1]);
194 subRound128(DD, AA, BB, CC, f48, KK0, 14, data[10]);
195 subRound128(CC, DD, AA, BB, f48, KK0, 12, data[3]);
196 subRound128(BB, CC, DD, AA, f48, KK0, 6, data[12]);
197
198 /* j=16...31 */
199 subRound128(A, B, C, D, f16, K1, 7, data[7]);
200 subRound128(D, A, B, C, f16, K1, 6, data[4]);
201 subRound128(C, D, A, B, f16, K1, 8, data[13]);
202 subRound128(B, C, D, A, f16, K1, 13, data[1]);
203 subRound128(A, B, C, D, f16, K1, 11, data[10]);
204 subRound128(D, A, B, C, f16, K1, 9, data[6]);
205 subRound128(C, D, A, B, f16, K1, 7, data[15]);
206 subRound128(B, C, D, A, f16, K1, 15, data[3]);
207 subRound128(A, B, C, D, f16, K1, 7, data[12]);
208 subRound128(D, A, B, C, f16, K1, 12, data[0]);
209 subRound128(C, D, A, B, f16, K1, 15, data[9]);
210 subRound128(B, C, D, A, f16, K1, 9, data[5]);
211 subRound128(A, B, C, D, f16, K1, 11, data[2]);
212 subRound128(D, A, B, C, f16, K1, 7, data[14]);
213 subRound128(C, D, A, B, f16, K1, 13, data[11]);
214 subRound128(B, C, D, A, f16, K1, 12, data[8]);
215
216 subRound128(AA, BB, CC, DD, f32, KK1, 9, data[6]);
217 subRound128(DD, AA, BB, CC, f32, KK1, 13, data[11]);
218 subRound128(CC, DD, AA, BB, f32, KK1, 15, data[3]);
219 subRound128(BB, CC, DD, AA, f32, KK1, 7, data[7]);
220 subRound128(AA, BB, CC, DD, f32, KK1, 12, data[0]);
221 subRound128(DD, AA, BB, CC, f32, KK1, 8, data[13]);
222 subRound128(CC, DD, AA, BB, f32, KK1, 9, data[5]);
223 subRound128(BB, CC, DD, AA, f32, KK1, 11, data[10]);
224 subRound128(AA, BB, CC, DD, f32, KK1, 7, data[14]);
225 subRound128(DD, AA, BB, CC, f32, KK1, 7, data[15]);
226 subRound128(CC, DD, AA, BB, f32, KK1, 12, data[8]);
227 subRound128(BB, CC, DD, AA, f32, KK1, 7, data[12]);
228 subRound128(AA, BB, CC, DD, f32, KK1, 6, data[4]);
229 subRound128(DD, AA, BB, CC, f32, KK1, 15, data[9]);
230 subRound128(CC, DD, AA, BB, f32, KK1, 13, data[1]);
231 subRound128(BB, CC, DD, AA, f32, KK1, 11, data[2]);
232
233 /* j=32...47 */
234 subRound128(A, B, C, D, f32, K2, 11, data[3]);
235 subRound128(D, A, B, C, f32, K2, 13, data[10]);
236 subRound128(C, D, A, B, f32, K2, 6, data[14]);
237 subRound128(B, C, D, A, f32, K2, 7, data[4]);
238 subRound128(A, B, C, D, f32, K2, 14, data[9]);
239 subRound128(D, A, B, C, f32, K2, 9, data[15]);
240 subRound128(C, D, A, B, f32, K2, 13, data[8]);
241 subRound128(B, C, D, A, f32, K2, 15, data[1]);
242 subRound128(A, B, C, D, f32, K2, 14, data[2]);
243 subRound128(D, A, B, C, f32, K2, 8, data[7]);
244 subRound128(C, D, A, B, f32, K2, 13, data[0]);
245 subRound128(B, C, D, A, f32, K2, 6, data[6]);
246 subRound128(A, B, C, D, f32, K2, 5, data[13]);
247 subRound128(D, A, B, C, f32, K2, 12, data[11]);
248 subRound128(C, D, A, B, f32, K2, 7, data[5]);
249 subRound128(B, C, D, A, f32, K2, 5, data[12]);
250
251 subRound128(AA, BB, CC, DD, f16, KK2, 9, data[15]);
252 subRound128(DD, AA, BB, CC, f16, KK2, 7, data[5]);
253 subRound128(CC, DD, AA, BB, f16, KK2, 15, data[1]);
254 subRound128(BB, CC, DD, AA, f16, KK2, 11, data[3]);
255 subRound128(AA, BB, CC, DD, f16, KK2, 8, data[7]);
256 subRound128(DD, AA, BB, CC, f16, KK2, 6, data[14]);
257 subRound128(CC, DD, AA, BB, f16, KK2, 6, data[6]);
258 subRound128(BB, CC, DD, AA, f16, KK2, 14, data[9]);
259 subRound128(AA, BB, CC, DD, f16, KK2, 12, data[11]);
260 subRound128(DD, AA, BB, CC, f16, KK2, 13, data[8]);
261 subRound128(CC, DD, AA, BB, f16, KK2, 5, data[12]);
262 subRound128(BB, CC, DD, AA, f16, KK2, 14, data[2]);
263 subRound128(AA, BB, CC, DD, f16, KK2, 13, data[10]);
264 subRound128(DD, AA, BB, CC, f16, KK2, 13, data[0]);
265 subRound128(CC, DD, AA, BB, f16, KK2, 7, data[4]);
266 subRound128(BB, CC, DD, AA, f16, KK2, 5, data[13]);
267
268 /* j=48...63 */
269 subRound128(A, B, C, D, f48, K3, 11, data[1]);
270 subRound128(D, A, B, C, f48, K3, 12, data[9]);
271 subRound128(C, D, A, B, f48, K3, 14, data[11]);
272 subRound128(B, C, D, A, f48, K3, 15, data[10]);
273 subRound128(A, B, C, D, f48, K3, 14, data[0]);
274 subRound128(D, A, B, C, f48, K3, 15, data[8]);
275 subRound128(C, D, A, B, f48, K3, 9, data[12]);
276 subRound128(B, C, D, A, f48, K3, 8, data[4]);
277 subRound128(A, B, C, D, f48, K3, 9, data[13]);
278 subRound128(D, A, B, C, f48, K3, 14, data[3]);
279 subRound128(C, D, A, B, f48, K3, 5, data[7]);
280 subRound128(B, C, D, A, f48, K3, 6, data[15]);
281 subRound128(A, B, C, D, f48, K3, 8, data[14]);
282 subRound128(D, A, B, C, f48, K3, 6, data[5]);
283 subRound128(C, D, A, B, f48, K3, 5, data[6]);
284 subRound128(B, C, D, A, f48, K3, 12, data[2]);
285
286 subRound128(AA, BB, CC, DD, f0, KK4, 15, data[8]);
287 subRound128(DD, AA, BB, CC, f0, KK4, 5, data[6]);
288 subRound128(CC, DD, AA, BB, f0, KK4, 8, data[4]);
289 subRound128(BB, CC, DD, AA, f0, KK4, 11, data[1]);
290 subRound128(AA, BB, CC, DD, f0, KK4, 14, data[3]);
291 subRound128(DD, AA, BB, CC, f0, KK4, 14, data[11]);
292 subRound128(CC, DD, AA, BB, f0, KK4, 6, data[15]);
293 subRound128(BB, CC, DD, AA, f0, KK4, 14, data[0]);
294 subRound128(AA, BB, CC, DD, f0, KK4, 6, data[5]);
295 subRound128(DD, AA, BB, CC, f0, KK4, 9, data[12]);
296 subRound128(CC, DD, AA, BB, f0, KK4, 12, data[2]);
297 subRound128(BB, CC, DD, AA, f0, KK4, 9, data[13]);
298 subRound128(AA, BB, CC, DD, f0, KK4, 12, data[9]);
299 subRound128(DD, AA, BB, CC, f0, KK4, 5, data[7]);
300 subRound128(CC, DD, AA, BB, f0, KK4, 15, data[10]);
301 subRound128(BB, CC, DD, AA, f0, KK4, 8, data[14]);
302
303 T = ctx->digest[1] + DD + C;
304 ctx->digest[1] = ctx->digest[2] + AA + D;
305 ctx->digest[2] = ctx->digest[3] + BB + A;
306 ctx->digest[3] = ctx->digest[0] + CC + B;
307 ctx->digest[0] = T;
308 }
309
ripemd160_transform(struct ripemd_ctx * ctx,mutils_word32 * data)310 static void ripemd160_transform(struct ripemd_ctx *ctx, mutils_word32 * data)
311 {
312 mutils_word32 A, B, C, D, E; /* Local vars */
313 mutils_word32 AA, BB, CC, DD, EE; /* Local vars */
314 mutils_word32 T;
315
316 /* Set up first buffer and local data buffer */
317 A = AA = ctx->digest[0];
318 B = BB = ctx->digest[1];
319 C = CC = ctx->digest[2];
320 D = DD = ctx->digest[3];
321 E = EE = ctx->digest[4];
322
323 /* j=0...15 */
324 subRound160(A, B, C, D, E, f0, K0, 11, data[0]);
325 subRound160(E, A, B, C, D, f0, K0, 14, data[1]);
326 subRound160(D, E, A, B, C, f0, K0, 15, data[2]);
327 subRound160(C, D, E, A, B, f0, K0, 12, data[3]);
328 subRound160(B, C, D, E, A, f0, K0, 5, data[4]);
329 subRound160(A, B, C, D, E, f0, K0, 8, data[5]);
330 subRound160(E, A, B, C, D, f0, K0, 7, data[6]);
331 subRound160(D, E, A, B, C, f0, K0, 9, data[7]);
332 subRound160(C, D, E, A, B, f0, K0, 11, data[8]);
333 subRound160(B, C, D, E, A, f0, K0, 13, data[9]);
334 subRound160(A, B, C, D, E, f0, K0, 14, data[10]);
335 subRound160(E, A, B, C, D, f0, K0, 15, data[11]);
336 subRound160(D, E, A, B, C, f0, K0, 6, data[12]);
337 subRound160(C, D, E, A, B, f0, K0, 7, data[13]);
338 subRound160(B, C, D, E, A, f0, K0, 9, data[14]);
339 subRound160(A, B, C, D, E, f0, K0, 8, data[15]);
340
341 subRound160(AA, BB, CC, DD, EE, f64, KK0, 8, data[5]);
342 subRound160(EE, AA, BB, CC, DD, f64, KK0, 9, data[14]);
343 subRound160(DD, EE, AA, BB, CC, f64, KK0, 9, data[7]);
344 subRound160(CC, DD, EE, AA, BB, f64, KK0, 11, data[0]);
345 subRound160(BB, CC, DD, EE, AA, f64, KK0, 13, data[9]);
346 subRound160(AA, BB, CC, DD, EE, f64, KK0, 15, data[2]);
347 subRound160(EE, AA, BB, CC, DD, f64, KK0, 15, data[11]);
348 subRound160(DD, EE, AA, BB, CC, f64, KK0, 5, data[4]);
349 subRound160(CC, DD, EE, AA, BB, f64, KK0, 7, data[13]);
350 subRound160(BB, CC, DD, EE, AA, f64, KK0, 7, data[6]);
351 subRound160(AA, BB, CC, DD, EE, f64, KK0, 8, data[15]);
352 subRound160(EE, AA, BB, CC, DD, f64, KK0, 11, data[8]);
353 subRound160(DD, EE, AA, BB, CC, f64, KK0, 14, data[1]);
354 subRound160(CC, DD, EE, AA, BB, f64, KK0, 14, data[10]);
355 subRound160(BB, CC, DD, EE, AA, f64, KK0, 12, data[3]);
356 subRound160(AA, BB, CC, DD, EE, f64, KK0, 6, data[12]);
357
358 /* j=16...31 */
359 subRound160(E, A, B, C, D, f16, K1, 7, data[7]);
360 subRound160(D, E, A, B, C, f16, K1, 6, data[4]);
361 subRound160(C, D, E, A, B, f16, K1, 8, data[13]);
362 subRound160(B, C, D, E, A, f16, K1, 13, data[1]);
363 subRound160(A, B, C, D, E, f16, K1, 11, data[10]);
364 subRound160(E, A, B, C, D, f16, K1, 9, data[6]);
365 subRound160(D, E, A, B, C, f16, K1, 7, data[15]);
366 subRound160(C, D, E, A, B, f16, K1, 15, data[3]);
367 subRound160(B, C, D, E, A, f16, K1, 7, data[12]);
368 subRound160(A, B, C, D, E, f16, K1, 12, data[0]);
369 subRound160(E, A, B, C, D, f16, K1, 15, data[9]);
370 subRound160(D, E, A, B, C, f16, K1, 9, data[5]);
371 subRound160(C, D, E, A, B, f16, K1, 11, data[2]);
372 subRound160(B, C, D, E, A, f16, K1, 7, data[14]);
373 subRound160(A, B, C, D, E, f16, K1, 13, data[11]);
374 subRound160(E, A, B, C, D, f16, K1, 12, data[8]);
375
376 subRound160(EE, AA, BB, CC, DD, f48, KK1, 9, data[6]);
377 subRound160(DD, EE, AA, BB, CC, f48, KK1, 13, data[11]);
378 subRound160(CC, DD, EE, AA, BB, f48, KK1, 15, data[3]);
379 subRound160(BB, CC, DD, EE, AA, f48, KK1, 7, data[7]);
380 subRound160(AA, BB, CC, DD, EE, f48, KK1, 12, data[0]);
381 subRound160(EE, AA, BB, CC, DD, f48, KK1, 8, data[13]);
382 subRound160(DD, EE, AA, BB, CC, f48, KK1, 9, data[5]);
383 subRound160(CC, DD, EE, AA, BB, f48, KK1, 11, data[10]);
384 subRound160(BB, CC, DD, EE, AA, f48, KK1, 7, data[14]);
385 subRound160(AA, BB, CC, DD, EE, f48, KK1, 7, data[15]);
386 subRound160(EE, AA, BB, CC, DD, f48, KK1, 12, data[8]);
387 subRound160(DD, EE, AA, BB, CC, f48, KK1, 7, data[12]);
388 subRound160(CC, DD, EE, AA, BB, f48, KK1, 6, data[4]);
389 subRound160(BB, CC, DD, EE, AA, f48, KK1, 15, data[9]);
390 subRound160(AA, BB, CC, DD, EE, f48, KK1, 13, data[1]);
391 subRound160(EE, AA, BB, CC, DD, f48, KK1, 11, data[2]);
392
393 /* j=32...47 */
394 subRound160(D, E, A, B, C, f32, K2, 11, data[3]);
395 subRound160(C, D, E, A, B, f32, K2, 13, data[10]);
396 subRound160(B, C, D, E, A, f32, K2, 6, data[14]);
397 subRound160(A, B, C, D, E, f32, K2, 7, data[4]);
398 subRound160(E, A, B, C, D, f32, K2, 14, data[9]);
399 subRound160(D, E, A, B, C, f32, K2, 9, data[15]);
400 subRound160(C, D, E, A, B, f32, K2, 13, data[8]);
401 subRound160(B, C, D, E, A, f32, K2, 15, data[1]);
402 subRound160(A, B, C, D, E, f32, K2, 14, data[2]);
403 subRound160(E, A, B, C, D, f32, K2, 8, data[7]);
404 subRound160(D, E, A, B, C, f32, K2, 13, data[0]);
405 subRound160(C, D, E, A, B, f32, K2, 6, data[6]);
406 subRound160(B, C, D, E, A, f32, K2, 5, data[13]);
407 subRound160(A, B, C, D, E, f32, K2, 12, data[11]);
408 subRound160(E, A, B, C, D, f32, K2, 7, data[5]);
409 subRound160(D, E, A, B, C, f32, K2, 5, data[12]);
410
411 subRound160(DD, EE, AA, BB, CC, f32, KK2, 9, data[15]);
412 subRound160(CC, DD, EE, AA, BB, f32, KK2, 7, data[5]);
413 subRound160(BB, CC, DD, EE, AA, f32, KK2, 15, data[1]);
414 subRound160(AA, BB, CC, DD, EE, f32, KK2, 11, data[3]);
415 subRound160(EE, AA, BB, CC, DD, f32, KK2, 8, data[7]);
416 subRound160(DD, EE, AA, BB, CC, f32, KK2, 6, data[14]);
417 subRound160(CC, DD, EE, AA, BB, f32, KK2, 6, data[6]);
418 subRound160(BB, CC, DD, EE, AA, f32, KK2, 14, data[9]);
419 subRound160(AA, BB, CC, DD, EE, f32, KK2, 12, data[11]);
420 subRound160(EE, AA, BB, CC, DD, f32, KK2, 13, data[8]);
421 subRound160(DD, EE, AA, BB, CC, f32, KK2, 5, data[12]);
422 subRound160(CC, DD, EE, AA, BB, f32, KK2, 14, data[2]);
423 subRound160(BB, CC, DD, EE, AA, f32, KK2, 13, data[10]);
424 subRound160(AA, BB, CC, DD, EE, f32, KK2, 13, data[0]);
425 subRound160(EE, AA, BB, CC, DD, f32, KK2, 7, data[4]);
426 subRound160(DD, EE, AA, BB, CC, f32, KK2, 5, data[13]);
427
428 /* j=48...63 */
429 subRound160(C, D, E, A, B, f48, K3, 11, data[1]);
430 subRound160(B, C, D, E, A, f48, K3, 12, data[9]);
431 subRound160(A, B, C, D, E, f48, K3, 14, data[11]);
432 subRound160(E, A, B, C, D, f48, K3, 15, data[10]);
433 subRound160(D, E, A, B, C, f48, K3, 14, data[0]);
434 subRound160(C, D, E, A, B, f48, K3, 15, data[8]);
435 subRound160(B, C, D, E, A, f48, K3, 9, data[12]);
436 subRound160(A, B, C, D, E, f48, K3, 8, data[4]);
437 subRound160(E, A, B, C, D, f48, K3, 9, data[13]);
438 subRound160(D, E, A, B, C, f48, K3, 14, data[3]);
439 subRound160(C, D, E, A, B, f48, K3, 5, data[7]);
440 subRound160(B, C, D, E, A, f48, K3, 6, data[15]);
441 subRound160(A, B, C, D, E, f48, K3, 8, data[14]);
442 subRound160(E, A, B, C, D, f48, K3, 6, data[5]);
443 subRound160(D, E, A, B, C, f48, K3, 5, data[6]);
444 subRound160(C, D, E, A, B, f48, K3, 12, data[2]);
445
446 subRound160(CC, DD, EE, AA, BB, f16, KK3, 15, data[8]);
447 subRound160(BB, CC, DD, EE, AA, f16, KK3, 5, data[6]);
448 subRound160(AA, BB, CC, DD, EE, f16, KK3, 8, data[4]);
449 subRound160(EE, AA, BB, CC, DD, f16, KK3, 11, data[1]);
450 subRound160(DD, EE, AA, BB, CC, f16, KK3, 14, data[3]);
451 subRound160(CC, DD, EE, AA, BB, f16, KK3, 14, data[11]);
452 subRound160(BB, CC, DD, EE, AA, f16, KK3, 6, data[15]);
453 subRound160(AA, BB, CC, DD, EE, f16, KK3, 14, data[0]);
454 subRound160(EE, AA, BB, CC, DD, f16, KK3, 6, data[5]);
455 subRound160(DD, EE, AA, BB, CC, f16, KK3, 9, data[12]);
456 subRound160(CC, DD, EE, AA, BB, f16, KK3, 12, data[2]);
457 subRound160(BB, CC, DD, EE, AA, f16, KK3, 9, data[13]);
458 subRound160(AA, BB, CC, DD, EE, f16, KK3, 12, data[9]);
459 subRound160(EE, AA, BB, CC, DD, f16, KK3, 5, data[7]);
460 subRound160(DD, EE, AA, BB, CC, f16, KK3, 15, data[10]);
461 subRound160(CC, DD, EE, AA, BB, f16, KK3, 8, data[14]);
462
463 /* j=64...79 */
464 subRound160(B, C, D, E, A, f64, K4, 9, data[4]);
465 subRound160(A, B, C, D, E, f64, K4, 15, data[0]);
466 subRound160(E, A, B, C, D, f64, K4, 5, data[5]);
467 subRound160(D, E, A, B, C, f64, K4, 11, data[9]);
468 subRound160(C, D, E, A, B, f64, K4, 6, data[7]);
469 subRound160(B, C, D, E, A, f64, K4, 8, data[12]);
470 subRound160(A, B, C, D, E, f64, K4, 13, data[2]);
471 subRound160(E, A, B, C, D, f64, K4, 12, data[10]);
472 subRound160(D, E, A, B, C, f64, K4, 5, data[14]);
473 subRound160(C, D, E, A, B, f64, K4, 12, data[1]);
474 subRound160(B, C, D, E, A, f64, K4, 13, data[3]);
475 subRound160(A, B, C, D, E, f64, K4, 14, data[8]);
476 subRound160(E, A, B, C, D, f64, K4, 11, data[11]);
477 subRound160(D, E, A, B, C, f64, K4, 8, data[6]);
478 subRound160(C, D, E, A, B, f64, K4, 5, data[15]);
479 subRound160(B, C, D, E, A, f64, K4, 6, data[13]);
480
481 subRound160(BB, CC, DD, EE, AA, f0, KK4, 8, data[12]);
482 subRound160(AA, BB, CC, DD, EE, f0, KK4, 5, data[15]);
483 subRound160(EE, AA, BB, CC, DD, f0, KK4, 12, data[10]);
484 subRound160(DD, EE, AA, BB, CC, f0, KK4, 9, data[4]);
485 subRound160(CC, DD, EE, AA, BB, f0, KK4, 12, data[1]);
486 subRound160(BB, CC, DD, EE, AA, f0, KK4, 5, data[5]);
487 subRound160(AA, BB, CC, DD, EE, f0, KK4, 14, data[8]);
488 subRound160(EE, AA, BB, CC, DD, f0, KK4, 6, data[7]);
489 subRound160(DD, EE, AA, BB, CC, f0, KK4, 8, data[6]);
490 subRound160(CC, DD, EE, AA, BB, f0, KK4, 13, data[2]);
491 subRound160(BB, CC, DD, EE, AA, f0, KK4, 6, data[13]);
492 subRound160(AA, BB, CC, DD, EE, f0, KK4, 5, data[14]);
493 subRound160(EE, AA, BB, CC, DD, f0, KK4, 15, data[0]);
494 subRound160(DD, EE, AA, BB, CC, f0, KK4, 13, data[3]);
495 subRound160(CC, DD, EE, AA, BB, f0, KK4, 11, data[9]);
496 subRound160(BB, CC, DD, EE, AA, f0, KK4, 11, data[11]);
497
498
499 T = ctx->digest[1] + DD + C;
500 ctx->digest[1] = ctx->digest[2] + EE + D;
501 ctx->digest[2] = ctx->digest[3] + AA + E;
502 ctx->digest[3] = ctx->digest[4] + BB + A;
503 ctx->digest[4] = ctx->digest[0] + CC + B;
504 ctx->digest[0] = T;
505 }
506
507
ripemd256_transform(struct ripemd_ctx * ctx,mutils_word32 * data)508 static void ripemd256_transform(struct ripemd_ctx *ctx, mutils_word32 * data)
509 {
510 mutils_word32 A, B, C, D; /* Local vars */
511 mutils_word32 AA, BB, CC, DD; /* Local vars */
512 mutils_word32 T;
513
514 /* Set up first buffer and local data buffer */
515 A = ctx->digest[0];
516 B = ctx->digest[1];
517 C = ctx->digest[2];
518 D = ctx->digest[3];
519 AA = ctx->digest[4];
520 BB = ctx->digest[5];
521 CC = ctx->digest[6];
522 DD = ctx->digest[7];
523
524 /* j=0...15 */
525 subRound128(A, B, C, D, f0, K0, 11, data[0]);
526 subRound128(D, A, B, C, f0, K0, 14, data[1]);
527 subRound128(C, D, A, B, f0, K0, 15, data[2]);
528 subRound128(B, C, D, A, f0, K0, 12, data[3]);
529 subRound128(A, B, C, D, f0, K0, 5, data[4]);
530 subRound128(D, A, B, C, f0, K0, 8, data[5]);
531 subRound128(C, D, A, B, f0, K0, 7, data[6]);
532 subRound128(B, C, D, A, f0, K0, 9, data[7]);
533 subRound128(A, B, C, D, f0, K0, 11, data[8]);
534 subRound128(D, A, B, C, f0, K0, 13, data[9]);
535 subRound128(C, D, A, B, f0, K0, 14, data[10]);
536 subRound128(B, C, D, A, f0, K0, 15, data[11]);
537 subRound128(A, B, C, D, f0, K0, 6, data[12]);
538 subRound128(D, A, B, C, f0, K0, 7, data[13]);
539 subRound128(C, D, A, B, f0, K0, 9, data[14]);
540 subRound128(B, C, D, A, f0, K0, 8, data[15]);
541
542 subRound128(AA, BB, CC, DD, f48, KK0, 8, data[5]);
543 subRound128(DD, AA, BB, CC, f48, KK0, 9, data[14]);
544 subRound128(CC, DD, AA, BB, f48, KK0, 9, data[7]);
545 subRound128(BB, CC, DD, AA, f48, KK0, 11, data[0]);
546 subRound128(AA, BB, CC, DD, f48, KK0, 13, data[9]);
547 subRound128(DD, AA, BB, CC, f48, KK0, 15, data[2]);
548 subRound128(CC, DD, AA, BB, f48, KK0, 15, data[11]);
549 subRound128(BB, CC, DD, AA, f48, KK0, 5, data[4]);
550 subRound128(AA, BB, CC, DD, f48, KK0, 7, data[13]);
551 subRound128(DD, AA, BB, CC, f48, KK0, 7, data[6]);
552 subRound128(CC, DD, AA, BB, f48, KK0, 8, data[15]);
553 subRound128(BB, CC, DD, AA, f48, KK0, 11, data[8]);
554 subRound128(AA, BB, CC, DD, f48, KK0, 14, data[1]);
555 subRound128(DD, AA, BB, CC, f48, KK0, 14, data[10]);
556 subRound128(CC, DD, AA, BB, f48, KK0, 12, data[3]);
557 subRound128(BB, CC, DD, AA, f48, KK0, 6, data[12]);
558
559 T = A; A = AA; AA = T;
560
561 /* j=16...31 */
562 subRound128(A, B, C, D, f16, K1, 7, data[7]);
563 subRound128(D, A, B, C, f16, K1, 6, data[4]);
564 subRound128(C, D, A, B, f16, K1, 8, data[13]);
565 subRound128(B, C, D, A, f16, K1, 13, data[1]);
566 subRound128(A, B, C, D, f16, K1, 11, data[10]);
567 subRound128(D, A, B, C, f16, K1, 9, data[6]);
568 subRound128(C, D, A, B, f16, K1, 7, data[15]);
569 subRound128(B, C, D, A, f16, K1, 15, data[3]);
570 subRound128(A, B, C, D, f16, K1, 7, data[12]);
571 subRound128(D, A, B, C, f16, K1, 12, data[0]);
572 subRound128(C, D, A, B, f16, K1, 15, data[9]);
573 subRound128(B, C, D, A, f16, K1, 9, data[5]);
574 subRound128(A, B, C, D, f16, K1, 11, data[2]);
575 subRound128(D, A, B, C, f16, K1, 7, data[14]);
576 subRound128(C, D, A, B, f16, K1, 13, data[11]);
577 subRound128(B, C, D, A, f16, K1, 12, data[8]);
578
579 subRound128(AA, BB, CC, DD, f32, KK1, 9, data[6]);
580 subRound128(DD, AA, BB, CC, f32, KK1, 13, data[11]);
581 subRound128(CC, DD, AA, BB, f32, KK1, 15, data[3]);
582 subRound128(BB, CC, DD, AA, f32, KK1, 7, data[7]);
583 subRound128(AA, BB, CC, DD, f32, KK1, 12, data[0]);
584 subRound128(DD, AA, BB, CC, f32, KK1, 8, data[13]);
585 subRound128(CC, DD, AA, BB, f32, KK1, 9, data[5]);
586 subRound128(BB, CC, DD, AA, f32, KK1, 11, data[10]);
587 subRound128(AA, BB, CC, DD, f32, KK1, 7, data[14]);
588 subRound128(DD, AA, BB, CC, f32, KK1, 7, data[15]);
589 subRound128(CC, DD, AA, BB, f32, KK1, 12, data[8]);
590 subRound128(BB, CC, DD, AA, f32, KK1, 7, data[12]);
591 subRound128(AA, BB, CC, DD, f32, KK1, 6, data[4]);
592 subRound128(DD, AA, BB, CC, f32, KK1, 15, data[9]);
593 subRound128(CC, DD, AA, BB, f32, KK1, 13, data[1]);
594 subRound128(BB, CC, DD, AA, f32, KK1, 11, data[2]);
595
596 T = B; B = BB; BB = T;
597
598 /* j=32...47 */
599 subRound128(A, B, C, D, f32, K2, 11, data[3]);
600 subRound128(D, A, B, C, f32, K2, 13, data[10]);
601 subRound128(C, D, A, B, f32, K2, 6, data[14]);
602 subRound128(B, C, D, A, f32, K2, 7, data[4]);
603 subRound128(A, B, C, D, f32, K2, 14, data[9]);
604 subRound128(D, A, B, C, f32, K2, 9, data[15]);
605 subRound128(C, D, A, B, f32, K2, 13, data[8]);
606 subRound128(B, C, D, A, f32, K2, 15, data[1]);
607 subRound128(A, B, C, D, f32, K2, 14, data[2]);
608 subRound128(D, A, B, C, f32, K2, 8, data[7]);
609 subRound128(C, D, A, B, f32, K2, 13, data[0]);
610 subRound128(B, C, D, A, f32, K2, 6, data[6]);
611 subRound128(A, B, C, D, f32, K2, 5, data[13]);
612 subRound128(D, A, B, C, f32, K2, 12, data[11]);
613 subRound128(C, D, A, B, f32, K2, 7, data[5]);
614 subRound128(B, C, D, A, f32, K2, 5, data[12]);
615
616 subRound128(AA, BB, CC, DD, f16, KK2, 9, data[15]);
617 subRound128(DD, AA, BB, CC, f16, KK2, 7, data[5]);
618 subRound128(CC, DD, AA, BB, f16, KK2, 15, data[1]);
619 subRound128(BB, CC, DD, AA, f16, KK2, 11, data[3]);
620 subRound128(AA, BB, CC, DD, f16, KK2, 8, data[7]);
621 subRound128(DD, AA, BB, CC, f16, KK2, 6, data[14]);
622 subRound128(CC, DD, AA, BB, f16, KK2, 6, data[6]);
623 subRound128(BB, CC, DD, AA, f16, KK2, 14, data[9]);
624 subRound128(AA, BB, CC, DD, f16, KK2, 12, data[11]);
625 subRound128(DD, AA, BB, CC, f16, KK2, 13, data[8]);
626 subRound128(CC, DD, AA, BB, f16, KK2, 5, data[12]);
627 subRound128(BB, CC, DD, AA, f16, KK2, 14, data[2]);
628 subRound128(AA, BB, CC, DD, f16, KK2, 13, data[10]);
629 subRound128(DD, AA, BB, CC, f16, KK2, 13, data[0]);
630 subRound128(CC, DD, AA, BB, f16, KK2, 7, data[4]);
631 subRound128(BB, CC, DD, AA, f16, KK2, 5, data[13]);
632
633 T = C; C = CC; CC = T;
634
635 /* j=48...63 */
636 subRound128(A, B, C, D, f48, K3, 11, data[1]);
637 subRound128(D, A, B, C, f48, K3, 12, data[9]);
638 subRound128(C, D, A, B, f48, K3, 14, data[11]);
639 subRound128(B, C, D, A, f48, K3, 15, data[10]);
640 subRound128(A, B, C, D, f48, K3, 14, data[0]);
641 subRound128(D, A, B, C, f48, K3, 15, data[8]);
642 subRound128(C, D, A, B, f48, K3, 9, data[12]);
643 subRound128(B, C, D, A, f48, K3, 8, data[4]);
644 subRound128(A, B, C, D, f48, K3, 9, data[13]);
645 subRound128(D, A, B, C, f48, K3, 14, data[3]);
646 subRound128(C, D, A, B, f48, K3, 5, data[7]);
647 subRound128(B, C, D, A, f48, K3, 6, data[15]);
648 subRound128(A, B, C, D, f48, K3, 8, data[14]);
649 subRound128(D, A, B, C, f48, K3, 6, data[5]);
650 subRound128(C, D, A, B, f48, K3, 5, data[6]);
651 subRound128(B, C, D, A, f48, K3, 12, data[2]);
652
653 subRound128(AA, BB, CC, DD, f0, KK4, 15, data[8]);
654 subRound128(DD, AA, BB, CC, f0, KK4, 5, data[6]);
655 subRound128(CC, DD, AA, BB, f0, KK4, 8, data[4]);
656 subRound128(BB, CC, DD, AA, f0, KK4, 11, data[1]);
657 subRound128(AA, BB, CC, DD, f0, KK4, 14, data[3]);
658 subRound128(DD, AA, BB, CC, f0, KK4, 14, data[11]);
659 subRound128(CC, DD, AA, BB, f0, KK4, 6, data[15]);
660 subRound128(BB, CC, DD, AA, f0, KK4, 14, data[0]);
661 subRound128(AA, BB, CC, DD, f0, KK4, 6, data[5]);
662 subRound128(DD, AA, BB, CC, f0, KK4, 9, data[12]);
663 subRound128(CC, DD, AA, BB, f0, KK4, 12, data[2]);
664 subRound128(BB, CC, DD, AA, f0, KK4, 9, data[13]);
665 subRound128(AA, BB, CC, DD, f0, KK4, 12, data[9]);
666 subRound128(DD, AA, BB, CC, f0, KK4, 5, data[7]);
667 subRound128(CC, DD, AA, BB, f0, KK4, 15, data[10]);
668 subRound128(BB, CC, DD, AA, f0, KK4, 8, data[14]);
669
670 /* T = D; D = DD; DD = T; */
671
672 ctx->digest[0] += A;
673 ctx->digest[1] += B;
674 ctx->digest[2] += C;
675 ctx->digest[3] += DD;
676 ctx->digest[4] += AA;
677 ctx->digest[5] += BB;
678 ctx->digest[6] += CC;
679 ctx->digest[7] += D;
680 }
681
ripemd320_transform(struct ripemd_ctx * ctx,mutils_word32 * data)682 static void ripemd320_transform(struct ripemd_ctx *ctx, mutils_word32 * data)
683 {
684 mutils_word32 A, B, C, D, E; /* Local vars */
685 mutils_word32 AA, BB, CC, DD, EE; /* Local vars */
686 mutils_word32 T;
687
688 /* Set up first buffer and local data buffer */
689 A = ctx->digest[0];
690 B = ctx->digest[1];
691 C = ctx->digest[2];
692 D = ctx->digest[3];
693 E = ctx->digest[4];
694 AA = ctx->digest[5];
695 BB = ctx->digest[6];
696 CC = ctx->digest[7];
697 DD = ctx->digest[8];
698 EE = ctx->digest[9];
699
700 /* j=0...15 */
701 subRound160(A, B, C, D, E, f0, K0, 11, data[0]);
702 subRound160(E, A, B, C, D, f0, K0, 14, data[1]);
703 subRound160(D, E, A, B, C, f0, K0, 15, data[2]);
704 subRound160(C, D, E, A, B, f0, K0, 12, data[3]);
705 subRound160(B, C, D, E, A, f0, K0, 5, data[4]);
706 subRound160(A, B, C, D, E, f0, K0, 8, data[5]);
707 subRound160(E, A, B, C, D, f0, K0, 7, data[6]);
708 subRound160(D, E, A, B, C, f0, K0, 9, data[7]);
709 subRound160(C, D, E, A, B, f0, K0, 11, data[8]);
710 subRound160(B, C, D, E, A, f0, K0, 13, data[9]);
711 subRound160(A, B, C, D, E, f0, K0, 14, data[10]);
712 subRound160(E, A, B, C, D, f0, K0, 15, data[11]);
713 subRound160(D, E, A, B, C, f0, K0, 6, data[12]);
714 subRound160(C, D, E, A, B, f0, K0, 7, data[13]);
715 subRound160(B, C, D, E, A, f0, K0, 9, data[14]);
716 subRound160(A, B, C, D, E, f0, K0, 8, data[15]);
717
718 subRound160(AA, BB, CC, DD, EE, f64, KK0, 8, data[5]);
719 subRound160(EE, AA, BB, CC, DD, f64, KK0, 9, data[14]);
720 subRound160(DD, EE, AA, BB, CC, f64, KK0, 9, data[7]);
721 subRound160(CC, DD, EE, AA, BB, f64, KK0, 11, data[0]);
722 subRound160(BB, CC, DD, EE, AA, f64, KK0, 13, data[9]);
723 subRound160(AA, BB, CC, DD, EE, f64, KK0, 15, data[2]);
724 subRound160(EE, AA, BB, CC, DD, f64, KK0, 15, data[11]);
725 subRound160(DD, EE, AA, BB, CC, f64, KK0, 5, data[4]);
726 subRound160(CC, DD, EE, AA, BB, f64, KK0, 7, data[13]);
727 subRound160(BB, CC, DD, EE, AA, f64, KK0, 7, data[6]);
728 subRound160(AA, BB, CC, DD, EE, f64, KK0, 8, data[15]);
729 subRound160(EE, AA, BB, CC, DD, f64, KK0, 11, data[8]);
730 subRound160(DD, EE, AA, BB, CC, f64, KK0, 14, data[1]);
731 subRound160(CC, DD, EE, AA, BB, f64, KK0, 14, data[10]);
732 subRound160(BB, CC, DD, EE, AA, f64, KK0, 12, data[3]);
733 subRound160(AA, BB, CC, DD, EE, f64, KK0, 6, data[12]);
734
735 T = A; A = AA; AA = T;
736
737 /* j=16...31 */
738 subRound160(E, A, B, C, D, f16, K1, 7, data[7]);
739 subRound160(D, E, A, B, C, f16, K1, 6, data[4]);
740 subRound160(C, D, E, A, B, f16, K1, 8, data[13]);
741 subRound160(B, C, D, E, A, f16, K1, 13, data[1]);
742 subRound160(A, B, C, D, E, f16, K1, 11, data[10]);
743 subRound160(E, A, B, C, D, f16, K1, 9, data[6]);
744 subRound160(D, E, A, B, C, f16, K1, 7, data[15]);
745 subRound160(C, D, E, A, B, f16, K1, 15, data[3]);
746 subRound160(B, C, D, E, A, f16, K1, 7, data[12]);
747 subRound160(A, B, C, D, E, f16, K1, 12, data[0]);
748 subRound160(E, A, B, C, D, f16, K1, 15, data[9]);
749 subRound160(D, E, A, B, C, f16, K1, 9, data[5]);
750 subRound160(C, D, E, A, B, f16, K1, 11, data[2]);
751 subRound160(B, C, D, E, A, f16, K1, 7, data[14]);
752 subRound160(A, B, C, D, E, f16, K1, 13, data[11]);
753 subRound160(E, A, B, C, D, f16, K1, 12, data[8]);
754
755 subRound160(EE, AA, BB, CC, DD, f48, KK1, 9, data[6]);
756 subRound160(DD, EE, AA, BB, CC, f48, KK1, 13, data[11]);
757 subRound160(CC, DD, EE, AA, BB, f48, KK1, 15, data[3]);
758 subRound160(BB, CC, DD, EE, AA, f48, KK1, 7, data[7]);
759 subRound160(AA, BB, CC, DD, EE, f48, KK1, 12, data[0]);
760 subRound160(EE, AA, BB, CC, DD, f48, KK1, 8, data[13]);
761 subRound160(DD, EE, AA, BB, CC, f48, KK1, 9, data[5]);
762 subRound160(CC, DD, EE, AA, BB, f48, KK1, 11, data[10]);
763 subRound160(BB, CC, DD, EE, AA, f48, KK1, 7, data[14]);
764 subRound160(AA, BB, CC, DD, EE, f48, KK1, 7, data[15]);
765 subRound160(EE, AA, BB, CC, DD, f48, KK1, 12, data[8]);
766 subRound160(DD, EE, AA, BB, CC, f48, KK1, 7, data[12]);
767 subRound160(CC, DD, EE, AA, BB, f48, KK1, 6, data[4]);
768 subRound160(BB, CC, DD, EE, AA, f48, KK1, 15, data[9]);
769 subRound160(AA, BB, CC, DD, EE, f48, KK1, 13, data[1]);
770 subRound160(EE, AA, BB, CC, DD, f48, KK1, 11, data[2]);
771
772 T = B; B = BB; BB = T;
773
774 /* j=32...47 */
775 subRound160(D, E, A, B, C, f32, K2, 11, data[3]);
776 subRound160(C, D, E, A, B, f32, K2, 13, data[10]);
777 subRound160(B, C, D, E, A, f32, K2, 6, data[14]);
778 subRound160(A, B, C, D, E, f32, K2, 7, data[4]);
779 subRound160(E, A, B, C, D, f32, K2, 14, data[9]);
780 subRound160(D, E, A, B, C, f32, K2, 9, data[15]);
781 subRound160(C, D, E, A, B, f32, K2, 13, data[8]);
782 subRound160(B, C, D, E, A, f32, K2, 15, data[1]);
783 subRound160(A, B, C, D, E, f32, K2, 14, data[2]);
784 subRound160(E, A, B, C, D, f32, K2, 8, data[7]);
785 subRound160(D, E, A, B, C, f32, K2, 13, data[0]);
786 subRound160(C, D, E, A, B, f32, K2, 6, data[6]);
787 subRound160(B, C, D, E, A, f32, K2, 5, data[13]);
788 subRound160(A, B, C, D, E, f32, K2, 12, data[11]);
789 subRound160(E, A, B, C, D, f32, K2, 7, data[5]);
790 subRound160(D, E, A, B, C, f32, K2, 5, data[12]);
791
792 subRound160(DD, EE, AA, BB, CC, f32, KK2, 9, data[15]);
793 subRound160(CC, DD, EE, AA, BB, f32, KK2, 7, data[5]);
794 subRound160(BB, CC, DD, EE, AA, f32, KK2, 15, data[1]);
795 subRound160(AA, BB, CC, DD, EE, f32, KK2, 11, data[3]);
796 subRound160(EE, AA, BB, CC, DD, f32, KK2, 8, data[7]);
797 subRound160(DD, EE, AA, BB, CC, f32, KK2, 6, data[14]);
798 subRound160(CC, DD, EE, AA, BB, f32, KK2, 6, data[6]);
799 subRound160(BB, CC, DD, EE, AA, f32, KK2, 14, data[9]);
800 subRound160(AA, BB, CC, DD, EE, f32, KK2, 12, data[11]);
801 subRound160(EE, AA, BB, CC, DD, f32, KK2, 13, data[8]);
802 subRound160(DD, EE, AA, BB, CC, f32, KK2, 5, data[12]);
803 subRound160(CC, DD, EE, AA, BB, f32, KK2, 14, data[2]);
804 subRound160(BB, CC, DD, EE, AA, f32, KK2, 13, data[10]);
805 subRound160(AA, BB, CC, DD, EE, f32, KK2, 13, data[0]);
806 subRound160(EE, AA, BB, CC, DD, f32, KK2, 7, data[4]);
807 subRound160(DD, EE, AA, BB, CC, f32, KK2, 5, data[13]);
808
809 T = C; C = CC; CC = T;
810
811 /* j=48...63 */
812 subRound160(C, D, E, A, B, f48, K3, 11, data[1]);
813 subRound160(B, C, D, E, A, f48, K3, 12, data[9]);
814 subRound160(A, B, C, D, E, f48, K3, 14, data[11]);
815 subRound160(E, A, B, C, D, f48, K3, 15, data[10]);
816 subRound160(D, E, A, B, C, f48, K3, 14, data[0]);
817 subRound160(C, D, E, A, B, f48, K3, 15, data[8]);
818 subRound160(B, C, D, E, A, f48, K3, 9, data[12]);
819 subRound160(A, B, C, D, E, f48, K3, 8, data[4]);
820 subRound160(E, A, B, C, D, f48, K3, 9, data[13]);
821 subRound160(D, E, A, B, C, f48, K3, 14, data[3]);
822 subRound160(C, D, E, A, B, f48, K3, 5, data[7]);
823 subRound160(B, C, D, E, A, f48, K3, 6, data[15]);
824 subRound160(A, B, C, D, E, f48, K3, 8, data[14]);
825 subRound160(E, A, B, C, D, f48, K3, 6, data[5]);
826 subRound160(D, E, A, B, C, f48, K3, 5, data[6]);
827 subRound160(C, D, E, A, B, f48, K3, 12, data[2]);
828
829 subRound160(CC, DD, EE, AA, BB, f16, KK3, 15, data[8]);
830 subRound160(BB, CC, DD, EE, AA, f16, KK3, 5, data[6]);
831 subRound160(AA, BB, CC, DD, EE, f16, KK3, 8, data[4]);
832 subRound160(EE, AA, BB, CC, DD, f16, KK3, 11, data[1]);
833 subRound160(DD, EE, AA, BB, CC, f16, KK3, 14, data[3]);
834 subRound160(CC, DD, EE, AA, BB, f16, KK3, 14, data[11]);
835 subRound160(BB, CC, DD, EE, AA, f16, KK3, 6, data[15]);
836 subRound160(AA, BB, CC, DD, EE, f16, KK3, 14, data[0]);
837 subRound160(EE, AA, BB, CC, DD, f16, KK3, 6, data[5]);
838 subRound160(DD, EE, AA, BB, CC, f16, KK3, 9, data[12]);
839 subRound160(CC, DD, EE, AA, BB, f16, KK3, 12, data[2]);
840 subRound160(BB, CC, DD, EE, AA, f16, KK3, 9, data[13]);
841 subRound160(AA, BB, CC, DD, EE, f16, KK3, 12, data[9]);
842 subRound160(EE, AA, BB, CC, DD, f16, KK3, 5, data[7]);
843 subRound160(DD, EE, AA, BB, CC, f16, KK3, 15, data[10]);
844 subRound160(CC, DD, EE, AA, BB, f16, KK3, 8, data[14]);
845
846 T = D; D = DD; DD = T;
847
848 /* j=64...79 */
849 subRound160(B, C, D, E, A, f64, K4, 9, data[4]);
850 subRound160(A, B, C, D, E, f64, K4, 15, data[0]);
851 subRound160(E, A, B, C, D, f64, K4, 5, data[5]);
852 subRound160(D, E, A, B, C, f64, K4, 11, data[9]);
853 subRound160(C, D, E, A, B, f64, K4, 6, data[7]);
854 subRound160(B, C, D, E, A, f64, K4, 8, data[12]);
855 subRound160(A, B, C, D, E, f64, K4, 13, data[2]);
856 subRound160(E, A, B, C, D, f64, K4, 12, data[10]);
857 subRound160(D, E, A, B, C, f64, K4, 5, data[14]);
858 subRound160(C, D, E, A, B, f64, K4, 12, data[1]);
859 subRound160(B, C, D, E, A, f64, K4, 13, data[3]);
860 subRound160(A, B, C, D, E, f64, K4, 14, data[8]);
861 subRound160(E, A, B, C, D, f64, K4, 11, data[11]);
862 subRound160(D, E, A, B, C, f64, K4, 8, data[6]);
863 subRound160(C, D, E, A, B, f64, K4, 5, data[15]);
864 subRound160(B, C, D, E, A, f64, K4, 6, data[13]);
865
866 subRound160(BB, CC, DD, EE, AA, f0, KK4, 8, data[12]);
867 subRound160(AA, BB, CC, DD, EE, f0, KK4, 5, data[15]);
868 subRound160(EE, AA, BB, CC, DD, f0, KK4, 12, data[10]);
869 subRound160(DD, EE, AA, BB, CC, f0, KK4, 9, data[4]);
870 subRound160(CC, DD, EE, AA, BB, f0, KK4, 12, data[1]);
871 subRound160(BB, CC, DD, EE, AA, f0, KK4, 5, data[5]);
872 subRound160(AA, BB, CC, DD, EE, f0, KK4, 14, data[8]);
873 subRound160(EE, AA, BB, CC, DD, f0, KK4, 6, data[7]);
874 subRound160(DD, EE, AA, BB, CC, f0, KK4, 8, data[6]);
875 subRound160(CC, DD, EE, AA, BB, f0, KK4, 13, data[2]);
876 subRound160(BB, CC, DD, EE, AA, f0, KK4, 6, data[13]);
877 subRound160(AA, BB, CC, DD, EE, f0, KK4, 5, data[14]);
878 subRound160(EE, AA, BB, CC, DD, f0, KK4, 15, data[0]);
879 subRound160(DD, EE, AA, BB, CC, f0, KK4, 13, data[3]);
880 subRound160(CC, DD, EE, AA, BB, f0, KK4, 11, data[9]);
881 subRound160(BB, CC, DD, EE, AA, f0, KK4, 11, data[11]);
882
883 /* T = E; E = EE; EE = T; */
884
885 ctx->digest[0] += A;
886 ctx->digest[1] += B;
887 ctx->digest[2] += C;
888 ctx->digest[3] += D;
889 ctx->digest[4] += EE;
890 ctx->digest[5] += AA;
891 ctx->digest[6] += BB;
892 ctx->digest[7] += CC;
893 ctx->digest[8] += DD;
894 ctx->digest[9] += E;
895 }
896
ripemd_transform(struct ripemd_ctx * ctx,mutils_word32 * data)897 static void ripemd_transform(struct ripemd_ctx *ctx, mutils_word32 * data)
898 {
899 switch(ctx->digest_len) /* select the right compression function */
900 {
901 case 8 * RIPEMD128_DIGESTSIZE:
902 ripemd128_transform(ctx, data); break;
903 case 8 * RIPEMD160_DIGESTSIZE:
904 ripemd160_transform(ctx, data); break;
905 case 8 * RIPEMD256_DIGESTSIZE:
906 ripemd256_transform(ctx, data); break;
907 case 8 * RIPEMD320_DIGESTSIZE:
908 ripemd320_transform(ctx, data); break;
909 }
910 }
911
912 #ifndef EXTRACT_UCHAR
913 #define EXTRACT_UCHAR(p) (*(mutils_word8 *)(p))
914 #endif
915
916 #define STRING2INT(s) ((((((EXTRACT_UCHAR((s)+3) << 8) \
917 | EXTRACT_UCHAR((s)+2)) << 8) \
918 | EXTRACT_UCHAR((s)+1)) << 8) \
919 | EXTRACT_UCHAR(s))
920
ripemd_block(struct ripemd_ctx * ctx,mutils_word8 * block)921 static void ripemd_block(struct ripemd_ctx *ctx, mutils_word8 *block)
922 {
923 mutils_word32 data[RIPEMD_DATALEN];
924 mutils_word32 i;
925
926 /* Update bit count */
927 ctx->bitcount += RIPEMD_DATASIZE * 8;
928
929 /* Endian independent conversion */
930 for (i = 0; i < RIPEMD_DATALEN; i++, block += 4)
931 data[i] = STRING2INT(block);
932
933 ripemd_transform(ctx, data);
934 }
935
ripemd_update(struct ripemd_ctx * ctx,mutils_word8 * buffer,mutils_word32 len)936 void ripemd_update(struct ripemd_ctx *ctx, mutils_word8 *buffer, mutils_word32 len)
937 {
938 if (ctx->index) { /* Try to fill partial block */
939 unsigned left = RIPEMD_DATASIZE - ctx->index;
940 if (len < left) {
941 mutils_memcpy(ctx->block + ctx->index, buffer, len);
942 ctx->index += len;
943 return; /* Finished */
944 } else {
945 mutils_memcpy(ctx->block + ctx->index, buffer, left);
946 ripemd_block(ctx, ctx->block);
947 buffer += left;
948 len -= left;
949 }
950 }
951 while (len >= RIPEMD_DATASIZE) {
952 ripemd_block(ctx, buffer);
953 buffer += RIPEMD_DATASIZE;
954 len -= RIPEMD_DATASIZE;
955 }
956 if ((ctx->index = len))
957 /* This assignment is intended */
958 /* Buffer leftovers */
959 mutils_memcpy(ctx->block, buffer, len);
960 }
961
962 /* Final wrapup - pad to RIPEMD_DATASIZE-byte boundary with the bit pattern
963 1 0* (64-bit count of bits processed, LSB-first) */
964
ripemd_final(struct ripemd_ctx * ctx)965 void ripemd_final(struct ripemd_ctx *ctx)
966 {
967 mutils_word32 data[RIPEMD_DATALEN];
968 mutils_word32 i;
969 mutils_word32 words;
970
971 i = ctx->index;
972 /* Set the first char of padding to 0x80. This is safe since there is
973 always at least one byte free */
974 ctx->block[i++] = 0x80;
975
976 /* Fill rest of word */
977 for (; i & 3; i++)
978 ctx->block[i] = 0;
979
980 /* i is now a multiple of the word size 4 */
981 words = i >> 2;
982 for (i = 0; i < words; i++)
983 data[i] = STRING2INT(ctx->block + 4 * i);
984
985 if (words > (RIPEMD_DATALEN - 2)) { /* No room for length in this block.
986 * Process it and pad with another one */
987 for (i = words; i < RIPEMD_DATALEN; i++)
988 data[i] = 0;
989 ripemd_transform(ctx, data);
990 for (i = 0; i < (RIPEMD_DATALEN - 2); i++)
991 data[i] = 0;
992 } else
993 for (i = words; i < RIPEMD_DATALEN - 2; i++)
994 data[i] = 0;
995
996 /* add length padding */
997 ctx->bitcount += 8 * ctx->index;
998 data[RIPEMD_DATALEN - 2] =
999 ctx->bitcount & ((1LL << 32) - 1);
1000 data[RIPEMD_DATALEN - 1] =
1001 ctx->bitcount >> 32;
1002
1003 ripemd_transform(ctx, data);
1004 }
1005
ripemd_digest(struct ripemd_ctx * ctx,mutils_word8 * s)1006 void ripemd_digest(struct ripemd_ctx *ctx, mutils_word8 * s)
1007 {
1008 mutils_word32 i;
1009
1010 if (s!=NULL)
1011 for (i = 0; i < ctx->digest_len / 32; i++) {
1012 *s++ = 0xff & ctx->digest[i];
1013 *s++ = 0xff & (ctx->digest[i] >> 8);
1014 *s++ = 0xff & (ctx->digest[i] >> 16);
1015 *s++ = 0xff & (ctx->digest[i] >> 24);
1016 }
1017 }
1018
1019 #endif /* ENABLE_RIPEMD */
1020