1 /********************************************************************\
2 *
3 * FILE: rmd160mc.c
4 *
5 * CONTENTS: A sample C-implementation of the
6 * RIPEMD160-MAC function.
7 * TARGET: any computer with an ANSI C compiler
8 *
9 * AUTHOR: Antoon Bosselaers, ESAT-COSIC
10 * DATE: 26 March 1998
11 * VERSION: 1.0
12 *
13 * Copyright (c) Katholieke Universiteit Leuven
14 * 1998, All Rights Reserved
15 *
16 \********************************************************************/
17
18 /* header files */
19 #include <stdio.h>
20 #include <stdlib.h>
21 #include <string.h>
22 #include "rmd160mc.h"
23
24 /* constants T0, T1, T2 specific for RIPEMD160-MAC */
25 static dword T[3][4];
26
27 /***********************************************************************/
MDMACconstT(void)28 void MDMACconstT(void)
29 /*
30 calculates T0, T1, T2 required for RIPEMD160-MAC
31 this has to be done only once
32 */
33 {
34 dword MDbuf[5];
35 unsigned int i, j;
36 byte U[65] = "00abcdefghijklmnopqrstuvwxyz\
37 ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
38 dword K[9], X[16];
39
40 K[0] = 0x67452301UL;
41 K[1] = 0xefcdab89UL;
42 K[2] = 0x98badcfeUL;
43 K[3] = 0x10325476UL;
44 K[4] = 0xc3d2e1f0UL;
45 for (i=5; i<9 ;i++)
46 K[i] = 0;
47
48 for (i=0; i<3; i++) {
49 U[0] = 0x30 + i;
50 U[1] = U[0];
51 MDMACinit(K, MDbuf);
52 for (j=0; j<16; j++)
53 X[j] = BYTES_TO_DWORD(U+4*j);
54 compress(K, MDbuf, X);
55 T[i][0] = MDbuf[0];
56 T[i][1] = MDbuf[1];
57 T[i][2] = MDbuf[2];
58 T[i][3] = MDbuf[3];
59 }
60
61 }
62
63 /***********************************************************************/
MDMACsetup(byte * key)64 dword *MDMACsetup(byte *key)
65 /*
66 expands 128-bit key into (5+4+4)*32-bit K required for RIPEMD160-MAC
67 */
68 {
69 unsigned int i;
70 dword U[16];
71 dword KK[9];
72 static dword K[14];
73
74 KK[0] = 0x67452301UL;
75 KK[1] = 0xefcdab89UL;
76 KK[2] = 0x98badcfeUL;
77 KK[3] = 0x10325476UL;
78 KK[4] = 0xc3d2e1f0UL;
79 for (i=5; i<9 ;i++)
80 KK[i] = 0;
81
82 MDMACinit(KK, K);
83 for (i=0; i<4 ; i++) {
84 U[i] = BYTES_TO_DWORD(key+4*i);
85 U[i+4] = T[0][i];
86 U[i+8] = T[1][i];
87 U[i+12] = T[2][i];
88 }
89 compress(KK, K, U);
90 for (i=0; i<4 ; i++) {
91 U[i] = T[0][i];
92 U[i+4] = T[1][i];
93 U[i+8] = T[2][i];
94 U[i+12] = BYTES_TO_DWORD(key+4*i);
95 }
96 compress(KK, K, U);
97
98 MDMACinit(KK, K+5);
99 for (i=0; i<4 ; i++) {
100 U[i] = BYTES_TO_DWORD(key+4*i);
101 U[i+4] = T[1][i];
102 U[i+8] = T[2][i];
103 U[i+12] = T[0][i];
104 }
105 compress(KK, K+5, U);
106 for (i=0; i<4 ; i++) {
107 U[i] = T[1][i];
108 U[i+4] = T[2][i];
109 U[i+8] = T[0][i];
110 U[i+12] = BYTES_TO_DWORD(key+4*i);
111 }
112 compress(KK, K+5, U);
113
114 MDMACinit(KK, K+9);
115 for (i=0; i<4 ; i++) {
116 U[i] = BYTES_TO_DWORD(key+4*i);
117 U[i+4] = T[2][i];
118 U[i+8] = T[0][i];
119 U[i+12] = T[1][i];
120 }
121 compress(KK, K+9, U);
122 for (i=0; i<4 ; i++) {
123 U[i] = T[2][i];
124 U[i+4] = T[0][i];
125 U[i+8] = T[1][i];
126 U[i+12] = BYTES_TO_DWORD(key+4*i);
127 }
128 compress(KK, K+9, U);
129
130 return K;
131 }
132
133 /********************************************************************/
134
MDMACinit(dword * K,dword * MDbuf)135 void MDMACinit(dword *K, dword *MDbuf)
136 {
137 MDbuf[0] = K[0];
138 MDbuf[1] = K[1];
139 MDbuf[2] = K[2];
140 MDbuf[3] = K[3];
141 MDbuf[4] = K[4];
142
143 return;
144 }
145
146 /********************************************************************/
147
compress(dword * K,dword * MDbuf,dword * X)148 void compress(dword *K, dword *MDbuf, dword *X)
149 {
150 dword aa = MDbuf[0], bb = MDbuf[1], cc = MDbuf[2],
151 dd = MDbuf[3], ee = MDbuf[4];
152 dword aaa = MDbuf[0], bbb = MDbuf[1], ccc = MDbuf[2],
153 ddd = MDbuf[3], eee = MDbuf[4];
154
155 /* round 1 */
156 FF(aa, bb, cc, dd, ee, X[ 0]+K[5], 11);
157 FF(ee, aa, bb, cc, dd, X[ 1]+K[5], 14);
158 FF(dd, ee, aa, bb, cc, X[ 2]+K[5], 15);
159 FF(cc, dd, ee, aa, bb, X[ 3]+K[5], 12);
160 FF(bb, cc, dd, ee, aa, X[ 4]+K[5], 5);
161 FF(aa, bb, cc, dd, ee, X[ 5]+K[5], 8);
162 FF(ee, aa, bb, cc, dd, X[ 6]+K[5], 7);
163 FF(dd, ee, aa, bb, cc, X[ 7]+K[5], 9);
164 FF(cc, dd, ee, aa, bb, X[ 8]+K[5], 11);
165 FF(bb, cc, dd, ee, aa, X[ 9]+K[5], 13);
166 FF(aa, bb, cc, dd, ee, X[10]+K[5], 14);
167 FF(ee, aa, bb, cc, dd, X[11]+K[5], 15);
168 FF(dd, ee, aa, bb, cc, X[12]+K[5], 6);
169 FF(cc, dd, ee, aa, bb, X[13]+K[5], 7);
170 FF(bb, cc, dd, ee, aa, X[14]+K[5], 9);
171 FF(aa, bb, cc, dd, ee, X[15]+K[5], 8);
172
173 /* round 2 */
174 GG(ee, aa, bb, cc, dd, X[ 7]+K[6], 7);
175 GG(dd, ee, aa, bb, cc, X[ 4]+K[6], 6);
176 GG(cc, dd, ee, aa, bb, X[13]+K[6], 8);
177 GG(bb, cc, dd, ee, aa, X[ 1]+K[6], 13);
178 GG(aa, bb, cc, dd, ee, X[10]+K[6], 11);
179 GG(ee, aa, bb, cc, dd, X[ 6]+K[6], 9);
180 GG(dd, ee, aa, bb, cc, X[15]+K[6], 7);
181 GG(cc, dd, ee, aa, bb, X[ 3]+K[6], 15);
182 GG(bb, cc, dd, ee, aa, X[12]+K[6], 7);
183 GG(aa, bb, cc, dd, ee, X[ 0]+K[6], 12);
184 GG(ee, aa, bb, cc, dd, X[ 9]+K[6], 15);
185 GG(dd, ee, aa, bb, cc, X[ 5]+K[6], 9);
186 GG(cc, dd, ee, aa, bb, X[ 2]+K[6], 11);
187 GG(bb, cc, dd, ee, aa, X[14]+K[6], 7);
188 GG(aa, bb, cc, dd, ee, X[11]+K[6], 13);
189 GG(ee, aa, bb, cc, dd, X[ 8]+K[6], 12);
190
191 /* round 3 */
192 HH(dd, ee, aa, bb, cc, X[ 3]+K[7], 11);
193 HH(cc, dd, ee, aa, bb, X[10]+K[7], 13);
194 HH(bb, cc, dd, ee, aa, X[14]+K[7], 6);
195 HH(aa, bb, cc, dd, ee, X[ 4]+K[7], 7);
196 HH(ee, aa, bb, cc, dd, X[ 9]+K[7], 14);
197 HH(dd, ee, aa, bb, cc, X[15]+K[7], 9);
198 HH(cc, dd, ee, aa, bb, X[ 8]+K[7], 13);
199 HH(bb, cc, dd, ee, aa, X[ 1]+K[7], 15);
200 HH(aa, bb, cc, dd, ee, X[ 2]+K[7], 14);
201 HH(ee, aa, bb, cc, dd, X[ 7]+K[7], 8);
202 HH(dd, ee, aa, bb, cc, X[ 0]+K[7], 13);
203 HH(cc, dd, ee, aa, bb, X[ 6]+K[7], 6);
204 HH(bb, cc, dd, ee, aa, X[13]+K[7], 5);
205 HH(aa, bb, cc, dd, ee, X[11]+K[7], 12);
206 HH(ee, aa, bb, cc, dd, X[ 5]+K[7], 7);
207 HH(dd, ee, aa, bb, cc, X[12]+K[7], 5);
208
209 /* round 4 */
210 II(cc, dd, ee, aa, bb, X[ 1]+K[8], 11);
211 II(bb, cc, dd, ee, aa, X[ 9]+K[8], 12);
212 II(aa, bb, cc, dd, ee, X[11]+K[8], 14);
213 II(ee, aa, bb, cc, dd, X[10]+K[8], 15);
214 II(dd, ee, aa, bb, cc, X[ 0]+K[8], 14);
215 II(cc, dd, ee, aa, bb, X[ 8]+K[8], 15);
216 II(bb, cc, dd, ee, aa, X[12]+K[8], 9);
217 II(aa, bb, cc, dd, ee, X[ 4]+K[8], 8);
218 II(ee, aa, bb, cc, dd, X[13]+K[8], 9);
219 II(dd, ee, aa, bb, cc, X[ 3]+K[8], 14);
220 II(cc, dd, ee, aa, bb, X[ 7]+K[8], 5);
221 II(bb, cc, dd, ee, aa, X[15]+K[8], 6);
222 II(aa, bb, cc, dd, ee, X[14]+K[8], 8);
223 II(ee, aa, bb, cc, dd, X[ 5]+K[8], 6);
224 II(dd, ee, aa, bb, cc, X[ 6]+K[8], 5);
225 II(cc, dd, ee, aa, bb, X[ 2]+K[8], 12);
226
227 /* round 5 */
228 JJ(bb, cc, dd, ee, aa, X[ 4]+K[5], 9);
229 JJ(aa, bb, cc, dd, ee, X[ 0]+K[5], 15);
230 JJ(ee, aa, bb, cc, dd, X[ 5]+K[5], 5);
231 JJ(dd, ee, aa, bb, cc, X[ 9]+K[5], 11);
232 JJ(cc, dd, ee, aa, bb, X[ 7]+K[5], 6);
233 JJ(bb, cc, dd, ee, aa, X[12]+K[5], 8);
234 JJ(aa, bb, cc, dd, ee, X[ 2]+K[5], 13);
235 JJ(ee, aa, bb, cc, dd, X[10]+K[5], 12);
236 JJ(dd, ee, aa, bb, cc, X[14]+K[5], 5);
237 JJ(cc, dd, ee, aa, bb, X[ 1]+K[5], 12);
238 JJ(bb, cc, dd, ee, aa, X[ 3]+K[5], 13);
239 JJ(aa, bb, cc, dd, ee, X[ 8]+K[5], 14);
240 JJ(ee, aa, bb, cc, dd, X[11]+K[5], 11);
241 JJ(dd, ee, aa, bb, cc, X[ 6]+K[5], 8);
242 JJ(cc, dd, ee, aa, bb, X[15]+K[5], 5);
243 JJ(bb, cc, dd, ee, aa, X[13]+K[5], 6);
244
245 /* parallel round 1 */
246 JJJ(aaa, bbb, ccc, ddd, eee, X[ 5]+K[6], 8);
247 JJJ(eee, aaa, bbb, ccc, ddd, X[14]+K[6], 9);
248 JJJ(ddd, eee, aaa, bbb, ccc, X[ 7]+K[6], 9);
249 JJJ(ccc, ddd, eee, aaa, bbb, X[ 0]+K[6], 11);
250 JJJ(bbb, ccc, ddd, eee, aaa, X[ 9]+K[6], 13);
251 JJJ(aaa, bbb, ccc, ddd, eee, X[ 2]+K[6], 15);
252 JJJ(eee, aaa, bbb, ccc, ddd, X[11]+K[6], 15);
253 JJJ(ddd, eee, aaa, bbb, ccc, X[ 4]+K[6], 5);
254 JJJ(ccc, ddd, eee, aaa, bbb, X[13]+K[6], 7);
255 JJJ(bbb, ccc, ddd, eee, aaa, X[ 6]+K[6], 7);
256 JJJ(aaa, bbb, ccc, ddd, eee, X[15]+K[6], 8);
257 JJJ(eee, aaa, bbb, ccc, ddd, X[ 8]+K[6], 11);
258 JJJ(ddd, eee, aaa, bbb, ccc, X[ 1]+K[6], 14);
259 JJJ(ccc, ddd, eee, aaa, bbb, X[10]+K[6], 14);
260 JJJ(bbb, ccc, ddd, eee, aaa, X[ 3]+K[6], 12);
261 JJJ(aaa, bbb, ccc, ddd, eee, X[12]+K[6], 6);
262
263 /* parallel round 2 */
264 III(eee, aaa, bbb, ccc, ddd, X[ 6]+K[7], 9);
265 III(ddd, eee, aaa, bbb, ccc, X[11]+K[7], 13);
266 III(ccc, ddd, eee, aaa, bbb, X[ 3]+K[7], 15);
267 III(bbb, ccc, ddd, eee, aaa, X[ 7]+K[7], 7);
268 III(aaa, bbb, ccc, ddd, eee, X[ 0]+K[7], 12);
269 III(eee, aaa, bbb, ccc, ddd, X[13]+K[7], 8);
270 III(ddd, eee, aaa, bbb, ccc, X[ 5]+K[7], 9);
271 III(ccc, ddd, eee, aaa, bbb, X[10]+K[7], 11);
272 III(bbb, ccc, ddd, eee, aaa, X[14]+K[7], 7);
273 III(aaa, bbb, ccc, ddd, eee, X[15]+K[7], 7);
274 III(eee, aaa, bbb, ccc, ddd, X[ 8]+K[7], 12);
275 III(ddd, eee, aaa, bbb, ccc, X[12]+K[7], 7);
276 III(ccc, ddd, eee, aaa, bbb, X[ 4]+K[7], 6);
277 III(bbb, ccc, ddd, eee, aaa, X[ 9]+K[7], 15);
278 III(aaa, bbb, ccc, ddd, eee, X[ 1]+K[7], 13);
279 III(eee, aaa, bbb, ccc, ddd, X[ 2]+K[7], 11);
280
281 /* parallel round 3 */
282 HHH(ddd, eee, aaa, bbb, ccc, X[15]+K[8], 9);
283 HHH(ccc, ddd, eee, aaa, bbb, X[ 5]+K[8], 7);
284 HHH(bbb, ccc, ddd, eee, aaa, X[ 1]+K[8], 15);
285 HHH(aaa, bbb, ccc, ddd, eee, X[ 3]+K[8], 11);
286 HHH(eee, aaa, bbb, ccc, ddd, X[ 7]+K[8], 8);
287 HHH(ddd, eee, aaa, bbb, ccc, X[14]+K[8], 6);
288 HHH(ccc, ddd, eee, aaa, bbb, X[ 6]+K[8], 6);
289 HHH(bbb, ccc, ddd, eee, aaa, X[ 9]+K[8], 14);
290 HHH(aaa, bbb, ccc, ddd, eee, X[11]+K[8], 12);
291 HHH(eee, aaa, bbb, ccc, ddd, X[ 8]+K[8], 13);
292 HHH(ddd, eee, aaa, bbb, ccc, X[12]+K[8], 5);
293 HHH(ccc, ddd, eee, aaa, bbb, X[ 2]+K[8], 14);
294 HHH(bbb, ccc, ddd, eee, aaa, X[10]+K[8], 13);
295 HHH(aaa, bbb, ccc, ddd, eee, X[ 0]+K[8], 13);
296 HHH(eee, aaa, bbb, ccc, ddd, X[ 4]+K[8], 7);
297 HHH(ddd, eee, aaa, bbb, ccc, X[13]+K[8], 5);
298
299 /* parallel round 4 */
300 GGG(ccc, ddd, eee, aaa, bbb, X[ 8]+K[5], 15);
301 GGG(bbb, ccc, ddd, eee, aaa, X[ 6]+K[5], 5);
302 GGG(aaa, bbb, ccc, ddd, eee, X[ 4]+K[5], 8);
303 GGG(eee, aaa, bbb, ccc, ddd, X[ 1]+K[5], 11);
304 GGG(ddd, eee, aaa, bbb, ccc, X[ 3]+K[5], 14);
305 GGG(ccc, ddd, eee, aaa, bbb, X[11]+K[5], 14);
306 GGG(bbb, ccc, ddd, eee, aaa, X[15]+K[5], 6);
307 GGG(aaa, bbb, ccc, ddd, eee, X[ 0]+K[5], 14);
308 GGG(eee, aaa, bbb, ccc, ddd, X[ 5]+K[5], 6);
309 GGG(ddd, eee, aaa, bbb, ccc, X[12]+K[5], 9);
310 GGG(ccc, ddd, eee, aaa, bbb, X[ 2]+K[5], 12);
311 GGG(bbb, ccc, ddd, eee, aaa, X[13]+K[5], 9);
312 GGG(aaa, bbb, ccc, ddd, eee, X[ 9]+K[5], 12);
313 GGG(eee, aaa, bbb, ccc, ddd, X[ 7]+K[5], 5);
314 GGG(ddd, eee, aaa, bbb, ccc, X[10]+K[5], 15);
315 GGG(ccc, ddd, eee, aaa, bbb, X[14]+K[5], 8);
316
317 /* parallel round 5 */
318 FFF(bbb, ccc, ddd, eee, aaa, X[12]+K[6], 8);
319 FFF(aaa, bbb, ccc, ddd, eee, X[15]+K[6], 5);
320 FFF(eee, aaa, bbb, ccc, ddd, X[10]+K[6], 12);
321 FFF(ddd, eee, aaa, bbb, ccc, X[ 4]+K[6], 9);
322 FFF(ccc, ddd, eee, aaa, bbb, X[ 1]+K[6], 12);
323 FFF(bbb, ccc, ddd, eee, aaa, X[ 5]+K[6], 5);
324 FFF(aaa, bbb, ccc, ddd, eee, X[ 8]+K[6], 14);
325 FFF(eee, aaa, bbb, ccc, ddd, X[ 7]+K[6], 6);
326 FFF(ddd, eee, aaa, bbb, ccc, X[ 6]+K[6], 8);
327 FFF(ccc, ddd, eee, aaa, bbb, X[ 2]+K[6], 13);
328 FFF(bbb, ccc, ddd, eee, aaa, X[13]+K[6], 6);
329 FFF(aaa, bbb, ccc, ddd, eee, X[14]+K[6], 5);
330 FFF(eee, aaa, bbb, ccc, ddd, X[ 0]+K[6], 15);
331 FFF(ddd, eee, aaa, bbb, ccc, X[ 3]+K[6], 13);
332 FFF(ccc, ddd, eee, aaa, bbb, X[ 9]+K[6], 11);
333 FFF(bbb, ccc, ddd, eee, aaa, X[11]+K[6], 11);
334
335 /* combine results */
336 ddd += cc + MDbuf[1]; /* final result for MDbuf[0] */
337 MDbuf[1] = MDbuf[2] + dd + eee;
338 MDbuf[2] = MDbuf[3] + ee + aaa;
339 MDbuf[3] = MDbuf[4] + aa + bbb;
340 MDbuf[4] = MDbuf[0] + bb + ccc;
341 MDbuf[0] = ddd;
342
343 return;
344 }
345
346 /********************************************************************/
347
MDMACfinish(dword * K,dword * MDbuf,byte * strptr,dword lswlen,dword mswlen)348 void MDMACfinish(dword *K, dword *MDbuf, byte *strptr,
349 dword lswlen, dword mswlen)
350 {
351 unsigned int i; /* counter */
352 dword X[16]; /* message words */
353
354 memset(X, 0, 16*sizeof(dword));
355
356 /* put bytes from strptr into X */
357 for (i=0; i<(lswlen&63); i++) {
358 /* byte i goes into word X[i div 4] at pos. 8*(i mod 4) */
359 X[i>>2] ^= (dword) *strptr++ << (8 * (i&3));
360 }
361
362 /* append the bit m_n == 1 */
363 X[(lswlen>>2)&15] ^= (dword)1 << (8*(lswlen&3) + 7);
364
365 if ((lswlen & 63) > 55) {
366 /* length goes to next block */
367 compress(K, MDbuf, X);
368 memset(X, 0, 16*sizeof(dword));
369 }
370
371 /* append length in bits*/
372 X[14] = lswlen << 3;
373 X[15] = (lswlen >> 29) | (mswlen << 3);
374 compress(K, MDbuf, X);
375
376 /* last block */
377 for (i=0; i<4; i++) {
378 X[i] = K[9+i];
379 X[i+4] = K[9+i] ^ T[0][i];
380 X[i+8] = K[9+i] ^ T[1][i];
381 X[i+12] = K[9+i] ^ T[2][i];
382 }
383 compress(K, MDbuf, X);
384
385 return;
386 }
387
388 /*********************** end of file rmd160mc.c *********************/
389
390