1 /* @(#)rmd160.c 1.4 09/08/08 2009 J. Schilling */
2 #include <schily/mconfig.h>
3 #ifndef lint
4 static UConst char sccsid[] =
5 "@(#)rmd160.c 1.4 09/08/08 2009 J. Schilling";
6 #endif
7 /*
8 * RMD160 hash code taken from OpenBSD
9 *
10 * Portions Copyright (c) 2009 J. Schilling
11 */
12
13 /*
14 * Copyright (c) 2001 Markus Friedl. All rights reserved.
15 *
16 * Redistribution and use in source and binary forms, with or without
17 * modification, are permitted provided that the following conditions
18 * are met:
19 * 1. Redistributions of source code must retain the above copyright
20 * notice, this list of conditions and the following disclaimer.
21 * 2. Redistributions in binary form must reproduce the above copyright
22 * notice, this list of conditions and the following disclaimer in the
23 * documentation and/or other materials provided with the distribution.
24 *
25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 */
36 /*
37 * Preneel, Bosselaers, Dobbertin, "The Cryptographic Hash Function RIPEMD-160",
38 * RSA Laboratories, CryptoBytes, Volume 3, Number 2, Autumn 1997,
39 * ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto3n2.pdf
40 */
41
42 #include <schily/types.h>
43 #include <schily/string.h>
44 #include <schily/rmd160.h>
45
46 #if !defined(HAVE_MEMCPY) || !defined(HAVE_MEMSET)
47 #include <schily/schily.h>
48 #endif
49 #if !defined(HAVE_MEMCPY) && !defined(memcpy)
50 #define memcpy(s1, s2, n) movebytes(s2, s1, n)
51 #endif
52 #if !defined(HAVE_MEMSET) && !defined(memset)
53 #define memset(s, c, n) fillbytes(s, n, c)
54 #endif
55
56
57 #define PUT_64BIT_LE(cp, value) do { \
58 (cp)[7] = (value)[1] >> 24; \
59 (cp)[6] = (value)[1] >> 16; \
60 (cp)[5] = (value)[1] >> 8; \
61 (cp)[4] = (value)[1]; \
62 (cp)[3] = (value)[0] >> 24; \
63 (cp)[2] = (value)[0] >> 16; \
64 (cp)[1] = (value)[0] >> 8; \
65 (cp)[0] = (value)[0]; } while (0)
66
67 #define PUT_32BIT_LE(cp, value) do { \
68 (cp)[3] = (value) >> 24; \
69 (cp)[2] = (value) >> 16; \
70 (cp)[1] = (value) >> 8; \
71 (cp)[0] = (value); } while (0)
72
73 #ifdef PROTOTYPES
74 #define H0 0x67452301U
75 #define H1 0xEFCDAB89U
76 #define H2 0x98BADCFEU
77 #define H3 0x10325476U
78 #define H4 0xC3D2E1F0U
79
80 #define K0 0x00000000U
81 #define K1 0x5A827999U
82 #define K2 0x6ED9EBA1U
83 #define K3 0x8F1BBCDCU
84 #define K4 0xA953FD4EU
85
86 #define KK0 0x50A28BE6U
87 #define KK1 0x5C4DD124U
88 #define KK2 0x6D703EF3U
89 #define KK3 0x7A6D76E9U
90 #define KK4 0x00000000U
91 #else
92 #define H0 0x67452301
93 #define H1 0xEFCDAB89
94 #define H2 0x98BADCFE
95 #define H3 0x10325476
96 #define H4 0xC3D2E1F0
97
98 #define K0 0x00000000
99 #define K1 0x5A827999
100 #define K2 0x6ED9EBA1
101 #define K3 0x8F1BBCDC
102 #define K4 0xA953FD4E
103
104 #define KK0 0x50A28BE6
105 #define KK1 0x5C4DD124
106 #define KK2 0x6D703EF3
107 #define KK3 0x7A6D76E9
108 #define KK4 0x00000000
109 #endif
110
111 /* rotate x left n bits. */
112 #define ROL(n, x) (((x) << (n)) | ((x) >> (32-(n))))
113
114 #define F0(x, y, z) ((x) ^ (y) ^ (z))
115 #define F1(x, y, z) (((x) & (y)) | ((~x) & (z)))
116 #define F2(x, y, z) (((x) | (~y)) ^ (z))
117 #define F3(x, y, z) (((x) & (z)) | ((y) & (~z)))
118 #define F4(x, y, z) ((x) ^ ((y) | (~z)))
119
120 #define R(a, b, c, d, e, Fj, Kj, sj, rj) \
121 do { \
122 a = ROL(sj, a + Fj(b, c, d) + X(rj) + Kj) + e; \
123 c = ROL(10, c); \
124 } while (0)
125
126 #define X(i) x[i]
127
128 static UInt8_t PADDING[RMD160_BLOCK_LENGTH] = {
129 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
130 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
131 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
132 };
133
134 void
RMD160Init(ctx)135 RMD160Init(ctx)
136 RMD160_CTX *ctx;
137 {
138 ctx->count[0] = ctx->count[1] = 0;
139 ctx->state[0] = H0;
140 ctx->state[1] = H1;
141 ctx->state[2] = H2;
142 ctx->state[3] = H3;
143 ctx->state[4] = H4;
144 }
145
146 void
RMD160Update(ctx,input,len)147 RMD160Update(ctx, input, len)
148 RMD160_CTX *ctx;
149 const UInt8_t *input;
150 size_t len;
151 {
152 size_t have, off, need;
153
154 have = (size_t) ((ctx->count[0] / 8) % RMD160_BLOCK_LENGTH);
155 need = RMD160_BLOCK_LENGTH - have;
156
157 /* Update bitcount */
158 if ((ctx->count[0] += (UInt32_t)len << 3) < ((UInt32_t)len << 3))
159 ctx->count[1] += 1;
160
161 off = 0;
162
163 if (len >= need) {
164 if (have) {
165 memcpy(ctx->buffer + have, input, need);
166 RMD160Transform(ctx->state, ctx->buffer);
167 off = need;
168 have = 0;
169 }
170 /* now the buffer is empty */
171 while (off + RMD160_BLOCK_LENGTH <= len) {
172 RMD160Transform(ctx->state, input+off);
173 off += RMD160_BLOCK_LENGTH;
174 }
175 }
176 if (off < len)
177 memcpy(ctx->buffer + have, input+off, len-off);
178 }
179
180 void
RMD160Pad(ctx)181 RMD160Pad(ctx)
182 RMD160_CTX *ctx;
183 {
184 UInt8_t size[8];
185 size_t padlen;
186
187 PUT_64BIT_LE(size, ctx->count);
188
189 /*
190 * pad to RMD160_BLOCK_LENGTH byte blocks, at least one byte from
191 * PADDING plus 8 bytes for the size
192 */
193 padlen = RMD160_BLOCK_LENGTH - ((ctx->count[0] / 8) % RMD160_BLOCK_LENGTH);
194 if (padlen < 1 + 8)
195 padlen += RMD160_BLOCK_LENGTH;
196 RMD160Update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */
197 RMD160Update(ctx, size, 8);
198 }
199
200 void
RMD160Final(digest,ctx)201 RMD160Final(digest, ctx)
202 UInt8_t digest[RMD160_DIGEST_LENGTH];
203 RMD160_CTX *ctx;
204 {
205 int i;
206
207 RMD160Pad(ctx);
208 if (digest != NULL) {
209 for (i = 0; i < 5; i++)
210 PUT_32BIT_LE(digest + i*4, ctx->state[i]);
211 memset(ctx, 0, sizeof (*ctx));
212 }
213 }
214
215 void
RMD160Transform(state,block)216 RMD160Transform(state, block)
217 UInt32_t state[5];
218 const UInt8_t block[RMD160_BLOCK_LENGTH];
219 {
220 UInt32_t a, b, c, d, e, aa, bb, cc, dd, ee, t, x[16];
221
222 #ifndef WORDS_BIGENDIAN
223 memcpy(x, block, RMD160_BLOCK_LENGTH);
224 #else
225 int i;
226
227 for (i = 0; i < 16; i++)
228 x[i] = (UInt32_t)(
229 (UInt32_t)(block[i*4 + 0]) |
230 (UInt32_t)(block[i*4 + 1]) << 8 |
231 (UInt32_t)(block[i*4 + 2]) << 16 |
232 (UInt32_t)(block[i*4 + 3]) << 24);
233 #endif
234
235 a = state[0];
236 b = state[1];
237 c = state[2];
238 d = state[3];
239 e = state[4];
240
241 /* Round 1 */
242 R(a, b, c, d, e, F0, K0, 11, 0);
243 R(e, a, b, c, d, F0, K0, 14, 1);
244 R(d, e, a, b, c, F0, K0, 15, 2);
245 R(c, d, e, a, b, F0, K0, 12, 3);
246 R(b, c, d, e, a, F0, K0, 5, 4);
247 R(a, b, c, d, e, F0, K0, 8, 5);
248 R(e, a, b, c, d, F0, K0, 7, 6);
249 R(d, e, a, b, c, F0, K0, 9, 7);
250 R(c, d, e, a, b, F0, K0, 11, 8);
251 R(b, c, d, e, a, F0, K0, 13, 9);
252 R(a, b, c, d, e, F0, K0, 14, 10);
253 R(e, a, b, c, d, F0, K0, 15, 11);
254 R(d, e, a, b, c, F0, K0, 6, 12);
255 R(c, d, e, a, b, F0, K0, 7, 13);
256 R(b, c, d, e, a, F0, K0, 9, 14);
257 R(a, b, c, d, e, F0, K0, 8, 15); /* #15 */
258 /* Round 2 */
259 R(e, a, b, c, d, F1, K1, 7, 7);
260 R(d, e, a, b, c, F1, K1, 6, 4);
261 R(c, d, e, a, b, F1, K1, 8, 13);
262 R(b, c, d, e, a, F1, K1, 13, 1);
263 R(a, b, c, d, e, F1, K1, 11, 10);
264 R(e, a, b, c, d, F1, K1, 9, 6);
265 R(d, e, a, b, c, F1, K1, 7, 15);
266 R(c, d, e, a, b, F1, K1, 15, 3);
267 R(b, c, d, e, a, F1, K1, 7, 12);
268 R(a, b, c, d, e, F1, K1, 12, 0);
269 R(e, a, b, c, d, F1, K1, 15, 9);
270 R(d, e, a, b, c, F1, K1, 9, 5);
271 R(c, d, e, a, b, F1, K1, 11, 2);
272 R(b, c, d, e, a, F1, K1, 7, 14);
273 R(a, b, c, d, e, F1, K1, 13, 11);
274 R(e, a, b, c, d, F1, K1, 12, 8); /* #31 */
275 /* Round 3 */
276 R(d, e, a, b, c, F2, K2, 11, 3);
277 R(c, d, e, a, b, F2, K2, 13, 10);
278 R(b, c, d, e, a, F2, K2, 6, 14);
279 R(a, b, c, d, e, F2, K2, 7, 4);
280 R(e, a, b, c, d, F2, K2, 14, 9);
281 R(d, e, a, b, c, F2, K2, 9, 15);
282 R(c, d, e, a, b, F2, K2, 13, 8);
283 R(b, c, d, e, a, F2, K2, 15, 1);
284 R(a, b, c, d, e, F2, K2, 14, 2);
285 R(e, a, b, c, d, F2, K2, 8, 7);
286 R(d, e, a, b, c, F2, K2, 13, 0);
287 R(c, d, e, a, b, F2, K2, 6, 6);
288 R(b, c, d, e, a, F2, K2, 5, 13);
289 R(a, b, c, d, e, F2, K2, 12, 11);
290 R(e, a, b, c, d, F2, K2, 7, 5);
291 R(d, e, a, b, c, F2, K2, 5, 12); /* #47 */
292 /* Round 4 */
293 R(c, d, e, a, b, F3, K3, 11, 1);
294 R(b, c, d, e, a, F3, K3, 12, 9);
295 R(a, b, c, d, e, F3, K3, 14, 11);
296 R(e, a, b, c, d, F3, K3, 15, 10);
297 R(d, e, a, b, c, F3, K3, 14, 0);
298 R(c, d, e, a, b, F3, K3, 15, 8);
299 R(b, c, d, e, a, F3, K3, 9, 12);
300 R(a, b, c, d, e, F3, K3, 8, 4);
301 R(e, a, b, c, d, F3, K3, 9, 13);
302 R(d, e, a, b, c, F3, K3, 14, 3);
303 R(c, d, e, a, b, F3, K3, 5, 7);
304 R(b, c, d, e, a, F3, K3, 6, 15);
305 R(a, b, c, d, e, F3, K3, 8, 14);
306 R(e, a, b, c, d, F3, K3, 6, 5);
307 R(d, e, a, b, c, F3, K3, 5, 6);
308 R(c, d, e, a, b, F3, K3, 12, 2); /* #63 */
309 /* Round 5 */
310 R(b, c, d, e, a, F4, K4, 9, 4);
311 R(a, b, c, d, e, F4, K4, 15, 0);
312 R(e, a, b, c, d, F4, K4, 5, 5);
313 R(d, e, a, b, c, F4, K4, 11, 9);
314 R(c, d, e, a, b, F4, K4, 6, 7);
315 R(b, c, d, e, a, F4, K4, 8, 12);
316 R(a, b, c, d, e, F4, K4, 13, 2);
317 R(e, a, b, c, d, F4, K4, 12, 10);
318 R(d, e, a, b, c, F4, K4, 5, 14);
319 R(c, d, e, a, b, F4, K4, 12, 1);
320 R(b, c, d, e, a, F4, K4, 13, 3);
321 R(a, b, c, d, e, F4, K4, 14, 8);
322 R(e, a, b, c, d, F4, K4, 11, 11);
323 R(d, e, a, b, c, F4, K4, 8, 6);
324 R(c, d, e, a, b, F4, K4, 5, 15);
325 R(b, c, d, e, a, F4, K4, 6, 13); /* #79 */
326
327 aa = a; bb = b; cc = c; dd = d; ee = e;
328
329 a = state[0];
330 b = state[1];
331 c = state[2];
332 d = state[3];
333 e = state[4];
334
335 /* Parallel round 1 */
336 R(a, b, c, d, e, F4, KK0, 8, 5);
337 R(e, a, b, c, d, F4, KK0, 9, 14);
338 R(d, e, a, b, c, F4, KK0, 9, 7);
339 R(c, d, e, a, b, F4, KK0, 11, 0);
340 R(b, c, d, e, a, F4, KK0, 13, 9);
341 R(a, b, c, d, e, F4, KK0, 15, 2);
342 R(e, a, b, c, d, F4, KK0, 15, 11);
343 R(d, e, a, b, c, F4, KK0, 5, 4);
344 R(c, d, e, a, b, F4, KK0, 7, 13);
345 R(b, c, d, e, a, F4, KK0, 7, 6);
346 R(a, b, c, d, e, F4, KK0, 8, 15);
347 R(e, a, b, c, d, F4, KK0, 11, 8);
348 R(d, e, a, b, c, F4, KK0, 14, 1);
349 R(c, d, e, a, b, F4, KK0, 14, 10);
350 R(b, c, d, e, a, F4, KK0, 12, 3);
351 R(a, b, c, d, e, F4, KK0, 6, 12); /* #15 */
352 /* Parallel round 2 */
353 R(e, a, b, c, d, F3, KK1, 9, 6);
354 R(d, e, a, b, c, F3, KK1, 13, 11);
355 R(c, d, e, a, b, F3, KK1, 15, 3);
356 R(b, c, d, e, a, F3, KK1, 7, 7);
357 R(a, b, c, d, e, F3, KK1, 12, 0);
358 R(e, a, b, c, d, F3, KK1, 8, 13);
359 R(d, e, a, b, c, F3, KK1, 9, 5);
360 R(c, d, e, a, b, F3, KK1, 11, 10);
361 R(b, c, d, e, a, F3, KK1, 7, 14);
362 R(a, b, c, d, e, F3, KK1, 7, 15);
363 R(e, a, b, c, d, F3, KK1, 12, 8);
364 R(d, e, a, b, c, F3, KK1, 7, 12);
365 R(c, d, e, a, b, F3, KK1, 6, 4);
366 R(b, c, d, e, a, F3, KK1, 15, 9);
367 R(a, b, c, d, e, F3, KK1, 13, 1);
368 R(e, a, b, c, d, F3, KK1, 11, 2); /* #31 */
369 /* Parallel round 3 */
370 R(d, e, a, b, c, F2, KK2, 9, 15);
371 R(c, d, e, a, b, F2, KK2, 7, 5);
372 R(b, c, d, e, a, F2, KK2, 15, 1);
373 R(a, b, c, d, e, F2, KK2, 11, 3);
374 R(e, a, b, c, d, F2, KK2, 8, 7);
375 R(d, e, a, b, c, F2, KK2, 6, 14);
376 R(c, d, e, a, b, F2, KK2, 6, 6);
377 R(b, c, d, e, a, F2, KK2, 14, 9);
378 R(a, b, c, d, e, F2, KK2, 12, 11);
379 R(e, a, b, c, d, F2, KK2, 13, 8);
380 R(d, e, a, b, c, F2, KK2, 5, 12);
381 R(c, d, e, a, b, F2, KK2, 14, 2);
382 R(b, c, d, e, a, F2, KK2, 13, 10);
383 R(a, b, c, d, e, F2, KK2, 13, 0);
384 R(e, a, b, c, d, F2, KK2, 7, 4);
385 R(d, e, a, b, c, F2, KK2, 5, 13); /* #47 */
386 /* Parallel round 4 */
387 R(c, d, e, a, b, F1, KK3, 15, 8);
388 R(b, c, d, e, a, F1, KK3, 5, 6);
389 R(a, b, c, d, e, F1, KK3, 8, 4);
390 R(e, a, b, c, d, F1, KK3, 11, 1);
391 R(d, e, a, b, c, F1, KK3, 14, 3);
392 R(c, d, e, a, b, F1, KK3, 14, 11);
393 R(b, c, d, e, a, F1, KK3, 6, 15);
394 R(a, b, c, d, e, F1, KK3, 14, 0);
395 R(e, a, b, c, d, F1, KK3, 6, 5);
396 R(d, e, a, b, c, F1, KK3, 9, 12);
397 R(c, d, e, a, b, F1, KK3, 12, 2);
398 R(b, c, d, e, a, F1, KK3, 9, 13);
399 R(a, b, c, d, e, F1, KK3, 12, 9);
400 R(e, a, b, c, d, F1, KK3, 5, 7);
401 R(d, e, a, b, c, F1, KK3, 15, 10);
402 R(c, d, e, a, b, F1, KK3, 8, 14); /* #63 */
403 /* Parallel round 5 */
404 R(b, c, d, e, a, F0, KK4, 8, 12);
405 R(a, b, c, d, e, F0, KK4, 5, 15);
406 R(e, a, b, c, d, F0, KK4, 12, 10);
407 R(d, e, a, b, c, F0, KK4, 9, 4);
408 R(c, d, e, a, b, F0, KK4, 12, 1);
409 R(b, c, d, e, a, F0, KK4, 5, 5);
410 R(a, b, c, d, e, F0, KK4, 14, 8);
411 R(e, a, b, c, d, F0, KK4, 6, 7);
412 R(d, e, a, b, c, F0, KK4, 8, 6);
413 R(c, d, e, a, b, F0, KK4, 13, 2);
414 R(b, c, d, e, a, F0, KK4, 6, 13);
415 R(a, b, c, d, e, F0, KK4, 5, 14);
416 R(e, a, b, c, d, F0, KK4, 15, 0);
417 R(d, e, a, b, c, F0, KK4, 13, 3);
418 R(c, d, e, a, b, F0, KK4, 11, 9);
419 R(b, c, d, e, a, F0, KK4, 11, 11); /* #79 */
420
421 t = state[1] + cc + d;
422 state[1] = state[2] + dd + e;
423 state[2] = state[3] + ee + a;
424 state[3] = state[4] + aa + b;
425 state[4] = state[0] + bb + c;
426 state[0] = t;
427 }
428