1285031Sdes/* 2285031Sdes * Copyright (c) 2001 Markus Friedl. All rights reserved. 3285031Sdes * 4285031Sdes * Redistribution and use in source and binary forms, with or without 5285031Sdes * modification, are permitted provided that the following conditions 6285031Sdes * are met: 7285031Sdes * 1. Redistributions of source code must retain the above copyright 8285031Sdes * notice, this list of conditions and the following disclaimer. 9285031Sdes * 2. Redistributions in binary form must reproduce the above copyright 10285031Sdes * notice, this list of conditions and the following disclaimer in the 11285031Sdes * documentation and/or other materials provided with the distribution. 12285031Sdes * 13285031Sdes * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 14285031Sdes * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 15285031Sdes * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 16285031Sdes * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 17285031Sdes * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 18285031Sdes * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19285031Sdes * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20285031Sdes * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21285031Sdes * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22285031Sdes * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23285031Sdes */ 24285031Sdes/* 25285031Sdes * Preneel, Bosselaers, Dobbertin, "The Cryptographic Hash Function RIPEMD-160", 26285031Sdes * RSA Laboratories, CryptoBytes, Volume 3, Number 2, Autumn 1997, 27285031Sdes * ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto3n2.pdf 28285031Sdes */ 29285031Sdes 30285031Sdes#include "includes.h" 31285031Sdes 32285031Sdes#ifndef WITH_OPENSSL 33285031Sdes 34285031Sdes#include <sys/types.h> 35294336Sdes#ifdef HAVE_ENDIAN_H 36285031Sdes#include <endian.h> 37294336Sdes#endif 38285031Sdes#include <string.h> 39285031Sdes#include <rmd160.h> 40285031Sdes 41285031Sdes#define PUT_64BIT_LE(cp, value) do { \ 42285031Sdes (cp)[7] = (value) >> 56; \ 43285031Sdes (cp)[6] = (value) >> 48; \ 44285031Sdes (cp)[5] = (value) >> 40; \ 45285031Sdes (cp)[4] = (value) >> 32; \ 46285031Sdes (cp)[3] = (value) >> 24; \ 47285031Sdes (cp)[2] = (value) >> 16; \ 48285031Sdes (cp)[1] = (value) >> 8; \ 49285031Sdes (cp)[0] = (value); } while (0) 50285031Sdes 51285031Sdes#define PUT_32BIT_LE(cp, value) do { \ 52285031Sdes (cp)[3] = (value) >> 24; \ 53285031Sdes (cp)[2] = (value) >> 16; \ 54285031Sdes (cp)[1] = (value) >> 8; \ 55285031Sdes (cp)[0] = (value); } while (0) 56285031Sdes 57285031Sdes#define H0 0x67452301U 58285031Sdes#define H1 0xEFCDAB89U 59285031Sdes#define H2 0x98BADCFEU 60285031Sdes#define H3 0x10325476U 61285031Sdes#define H4 0xC3D2E1F0U 62285031Sdes 63285031Sdes#define K0 0x00000000U 64285031Sdes#define K1 0x5A827999U 65285031Sdes#define K2 0x6ED9EBA1U 66285031Sdes#define K3 0x8F1BBCDCU 67285031Sdes#define K4 0xA953FD4EU 68285031Sdes 69285031Sdes#define KK0 0x50A28BE6U 70285031Sdes#define KK1 0x5C4DD124U 71285031Sdes#define KK2 0x6D703EF3U 72285031Sdes#define KK3 0x7A6D76E9U 73285031Sdes#define KK4 0x00000000U 74285031Sdes 75285031Sdes/* rotate x left n bits. */ 76285031Sdes#define ROL(n, x) (((x) << (n)) | ((x) >> (32-(n)))) 77285031Sdes 78285031Sdes#define F0(x, y, z) ((x) ^ (y) ^ (z)) 79285031Sdes#define F1(x, y, z) (((x) & (y)) | ((~x) & (z))) 80285031Sdes#define F2(x, y, z) (((x) | (~y)) ^ (z)) 81285031Sdes#define F3(x, y, z) (((x) & (z)) | ((y) & (~z))) 82285031Sdes#define F4(x, y, z) ((x) ^ ((y) | (~z))) 83285031Sdes 84285031Sdes#define R(a, b, c, d, e, Fj, Kj, sj, rj) \ 85285031Sdes do { \ 86285031Sdes a = ROL(sj, a + Fj(b,c,d) + X(rj) + Kj) + e; \ 87285031Sdes c = ROL(10, c); \ 88285031Sdes } while(0) 89285031Sdes 90285031Sdes#define X(i) x[i] 91285031Sdes 92285031Sdesstatic u_int8_t PADDING[RMD160_BLOCK_LENGTH] = { 93285031Sdes 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 94285031Sdes 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 95285031Sdes 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 96285031Sdes}; 97285031Sdes 98285031Sdesvoid 99285031SdesRMD160Init(RMD160_CTX *ctx) 100285031Sdes{ 101285031Sdes ctx->count = 0; 102285031Sdes ctx->state[0] = H0; 103285031Sdes ctx->state[1] = H1; 104285031Sdes ctx->state[2] = H2; 105285031Sdes ctx->state[3] = H3; 106285031Sdes ctx->state[4] = H4; 107285031Sdes} 108285031Sdes 109285031Sdesvoid 110285031SdesRMD160Update(RMD160_CTX *ctx, const u_int8_t *input, size_t len) 111285031Sdes{ 112285031Sdes size_t have, off, need; 113285031Sdes 114285031Sdes have = (ctx->count / 8) % RMD160_BLOCK_LENGTH; 115285031Sdes need = RMD160_BLOCK_LENGTH - have; 116285031Sdes ctx->count += 8 * len; 117285031Sdes off = 0; 118285031Sdes 119285031Sdes if (len >= need) { 120285031Sdes if (have) { 121285031Sdes memcpy(ctx->buffer + have, input, need); 122285031Sdes RMD160Transform(ctx->state, ctx->buffer); 123285031Sdes off = need; 124285031Sdes have = 0; 125285031Sdes } 126285031Sdes /* now the buffer is empty */ 127285031Sdes while (off + RMD160_BLOCK_LENGTH <= len) { 128285031Sdes RMD160Transform(ctx->state, input+off); 129285031Sdes off += RMD160_BLOCK_LENGTH; 130285031Sdes } 131285031Sdes } 132285031Sdes if (off < len) 133285031Sdes memcpy(ctx->buffer + have, input+off, len-off); 134285031Sdes} 135285031Sdes 136285031Sdesvoid 137285031SdesRMD160Pad(RMD160_CTX *ctx) 138285031Sdes{ 139285031Sdes u_int8_t size[8]; 140285031Sdes size_t padlen; 141285031Sdes 142285031Sdes PUT_64BIT_LE(size, ctx->count); 143285031Sdes 144285031Sdes /* 145285031Sdes * pad to RMD160_BLOCK_LENGTH byte blocks, at least one byte from 146285031Sdes * PADDING plus 8 bytes for the size 147285031Sdes */ 148285031Sdes padlen = RMD160_BLOCK_LENGTH - ((ctx->count / 8) % RMD160_BLOCK_LENGTH); 149285031Sdes if (padlen < 1 + 8) 150285031Sdes padlen += RMD160_BLOCK_LENGTH; 151285031Sdes RMD160Update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */ 152285031Sdes RMD160Update(ctx, size, 8); 153285031Sdes} 154285031Sdes 155285031Sdesvoid 156285031SdesRMD160Final(u_int8_t digest[RMD160_DIGEST_LENGTH], RMD160_CTX *ctx) 157285031Sdes{ 158285031Sdes int i; 159285031Sdes 160285031Sdes RMD160Pad(ctx); 161285031Sdes for (i = 0; i < 5; i++) 162285031Sdes PUT_32BIT_LE(digest + i*4, ctx->state[i]); 163285031Sdes memset(ctx, 0, sizeof (*ctx)); 164285031Sdes} 165285031Sdes 166285031Sdesvoid 167285031SdesRMD160Transform(u_int32_t state[5], const u_int8_t block[RMD160_BLOCK_LENGTH]) 168285031Sdes{ 169285031Sdes u_int32_t a, b, c, d, e, aa, bb, cc, dd, ee, t, x[16]; 170285031Sdes 171285031Sdes#if BYTE_ORDER == LITTLE_ENDIAN 172285031Sdes memcpy(x, block, RMD160_BLOCK_LENGTH); 173285031Sdes#else 174285031Sdes int i; 175285031Sdes 176285031Sdes for (i = 0; i < 16; i++) 177285031Sdes x[i] = (u_int32_t)( 178285031Sdes (u_int32_t)(block[i*4 + 0]) | 179285031Sdes (u_int32_t)(block[i*4 + 1]) << 8 | 180285031Sdes (u_int32_t)(block[i*4 + 2]) << 16 | 181285031Sdes (u_int32_t)(block[i*4 + 3]) << 24); 182285031Sdes#endif 183285031Sdes 184285031Sdes a = state[0]; 185285031Sdes b = state[1]; 186285031Sdes c = state[2]; 187285031Sdes d = state[3]; 188285031Sdes e = state[4]; 189285031Sdes 190285031Sdes /* Round 1 */ 191285031Sdes R(a, b, c, d, e, F0, K0, 11, 0); 192285031Sdes R(e, a, b, c, d, F0, K0, 14, 1); 193285031Sdes R(d, e, a, b, c, F0, K0, 15, 2); 194285031Sdes R(c, d, e, a, b, F0, K0, 12, 3); 195285031Sdes R(b, c, d, e, a, F0, K0, 5, 4); 196285031Sdes R(a, b, c, d, e, F0, K0, 8, 5); 197285031Sdes R(e, a, b, c, d, F0, K0, 7, 6); 198285031Sdes R(d, e, a, b, c, F0, K0, 9, 7); 199285031Sdes R(c, d, e, a, b, F0, K0, 11, 8); 200285031Sdes R(b, c, d, e, a, F0, K0, 13, 9); 201285031Sdes R(a, b, c, d, e, F0, K0, 14, 10); 202285031Sdes R(e, a, b, c, d, F0, K0, 15, 11); 203285031Sdes R(d, e, a, b, c, F0, K0, 6, 12); 204285031Sdes R(c, d, e, a, b, F0, K0, 7, 13); 205285031Sdes R(b, c, d, e, a, F0, K0, 9, 14); 206285031Sdes R(a, b, c, d, e, F0, K0, 8, 15); /* #15 */ 207285031Sdes /* Round 2 */ 208285031Sdes R(e, a, b, c, d, F1, K1, 7, 7); 209285031Sdes R(d, e, a, b, c, F1, K1, 6, 4); 210285031Sdes R(c, d, e, a, b, F1, K1, 8, 13); 211285031Sdes R(b, c, d, e, a, F1, K1, 13, 1); 212285031Sdes R(a, b, c, d, e, F1, K1, 11, 10); 213285031Sdes R(e, a, b, c, d, F1, K1, 9, 6); 214285031Sdes R(d, e, a, b, c, F1, K1, 7, 15); 215285031Sdes R(c, d, e, a, b, F1, K1, 15, 3); 216285031Sdes R(b, c, d, e, a, F1, K1, 7, 12); 217285031Sdes R(a, b, c, d, e, F1, K1, 12, 0); 218285031Sdes R(e, a, b, c, d, F1, K1, 15, 9); 219285031Sdes R(d, e, a, b, c, F1, K1, 9, 5); 220285031Sdes R(c, d, e, a, b, F1, K1, 11, 2); 221285031Sdes R(b, c, d, e, a, F1, K1, 7, 14); 222285031Sdes R(a, b, c, d, e, F1, K1, 13, 11); 223285031Sdes R(e, a, b, c, d, F1, K1, 12, 8); /* #31 */ 224285031Sdes /* Round 3 */ 225285031Sdes R(d, e, a, b, c, F2, K2, 11, 3); 226285031Sdes R(c, d, e, a, b, F2, K2, 13, 10); 227285031Sdes R(b, c, d, e, a, F2, K2, 6, 14); 228285031Sdes R(a, b, c, d, e, F2, K2, 7, 4); 229285031Sdes R(e, a, b, c, d, F2, K2, 14, 9); 230285031Sdes R(d, e, a, b, c, F2, K2, 9, 15); 231285031Sdes R(c, d, e, a, b, F2, K2, 13, 8); 232285031Sdes R(b, c, d, e, a, F2, K2, 15, 1); 233285031Sdes R(a, b, c, d, e, F2, K2, 14, 2); 234285031Sdes R(e, a, b, c, d, F2, K2, 8, 7); 235285031Sdes R(d, e, a, b, c, F2, K2, 13, 0); 236285031Sdes R(c, d, e, a, b, F2, K2, 6, 6); 237285031Sdes R(b, c, d, e, a, F2, K2, 5, 13); 238285031Sdes R(a, b, c, d, e, F2, K2, 12, 11); 239285031Sdes R(e, a, b, c, d, F2, K2, 7, 5); 240285031Sdes R(d, e, a, b, c, F2, K2, 5, 12); /* #47 */ 241285031Sdes /* Round 4 */ 242285031Sdes R(c, d, e, a, b, F3, K3, 11, 1); 243285031Sdes R(b, c, d, e, a, F3, K3, 12, 9); 244285031Sdes R(a, b, c, d, e, F3, K3, 14, 11); 245285031Sdes R(e, a, b, c, d, F3, K3, 15, 10); 246285031Sdes R(d, e, a, b, c, F3, K3, 14, 0); 247285031Sdes R(c, d, e, a, b, F3, K3, 15, 8); 248285031Sdes R(b, c, d, e, a, F3, K3, 9, 12); 249285031Sdes R(a, b, c, d, e, F3, K3, 8, 4); 250285031Sdes R(e, a, b, c, d, F3, K3, 9, 13); 251285031Sdes R(d, e, a, b, c, F3, K3, 14, 3); 252285031Sdes R(c, d, e, a, b, F3, K3, 5, 7); 253285031Sdes R(b, c, d, e, a, F3, K3, 6, 15); 254285031Sdes R(a, b, c, d, e, F3, K3, 8, 14); 255285031Sdes R(e, a, b, c, d, F3, K3, 6, 5); 256285031Sdes R(d, e, a, b, c, F3, K3, 5, 6); 257285031Sdes R(c, d, e, a, b, F3, K3, 12, 2); /* #63 */ 258285031Sdes /* Round 5 */ 259285031Sdes R(b, c, d, e, a, F4, K4, 9, 4); 260285031Sdes R(a, b, c, d, e, F4, K4, 15, 0); 261285031Sdes R(e, a, b, c, d, F4, K4, 5, 5); 262285031Sdes R(d, e, a, b, c, F4, K4, 11, 9); 263285031Sdes R(c, d, e, a, b, F4, K4, 6, 7); 264285031Sdes R(b, c, d, e, a, F4, K4, 8, 12); 265285031Sdes R(a, b, c, d, e, F4, K4, 13, 2); 266285031Sdes R(e, a, b, c, d, F4, K4, 12, 10); 267285031Sdes R(d, e, a, b, c, F4, K4, 5, 14); 268285031Sdes R(c, d, e, a, b, F4, K4, 12, 1); 269285031Sdes R(b, c, d, e, a, F4, K4, 13, 3); 270285031Sdes R(a, b, c, d, e, F4, K4, 14, 8); 271285031Sdes R(e, a, b, c, d, F4, K4, 11, 11); 272285031Sdes R(d, e, a, b, c, F4, K4, 8, 6); 273285031Sdes R(c, d, e, a, b, F4, K4, 5, 15); 274285031Sdes R(b, c, d, e, a, F4, K4, 6, 13); /* #79 */ 275285031Sdes 276285031Sdes aa = a ; bb = b; cc = c; dd = d; ee = e; 277285031Sdes 278285031Sdes a = state[0]; 279285031Sdes b = state[1]; 280285031Sdes c = state[2]; 281285031Sdes d = state[3]; 282285031Sdes e = state[4]; 283285031Sdes 284285031Sdes /* Parallel round 1 */ 285285031Sdes R(a, b, c, d, e, F4, KK0, 8, 5); 286285031Sdes R(e, a, b, c, d, F4, KK0, 9, 14); 287285031Sdes R(d, e, a, b, c, F4, KK0, 9, 7); 288285031Sdes R(c, d, e, a, b, F4, KK0, 11, 0); 289285031Sdes R(b, c, d, e, a, F4, KK0, 13, 9); 290285031Sdes R(a, b, c, d, e, F4, KK0, 15, 2); 291285031Sdes R(e, a, b, c, d, F4, KK0, 15, 11); 292285031Sdes R(d, e, a, b, c, F4, KK0, 5, 4); 293285031Sdes R(c, d, e, a, b, F4, KK0, 7, 13); 294285031Sdes R(b, c, d, e, a, F4, KK0, 7, 6); 295285031Sdes R(a, b, c, d, e, F4, KK0, 8, 15); 296285031Sdes R(e, a, b, c, d, F4, KK0, 11, 8); 297285031Sdes R(d, e, a, b, c, F4, KK0, 14, 1); 298285031Sdes R(c, d, e, a, b, F4, KK0, 14, 10); 299285031Sdes R(b, c, d, e, a, F4, KK0, 12, 3); 300285031Sdes R(a, b, c, d, e, F4, KK0, 6, 12); /* #15 */ 301285031Sdes /* Parallel round 2 */ 302285031Sdes R(e, a, b, c, d, F3, KK1, 9, 6); 303285031Sdes R(d, e, a, b, c, F3, KK1, 13, 11); 304285031Sdes R(c, d, e, a, b, F3, KK1, 15, 3); 305285031Sdes R(b, c, d, e, a, F3, KK1, 7, 7); 306285031Sdes R(a, b, c, d, e, F3, KK1, 12, 0); 307285031Sdes R(e, a, b, c, d, F3, KK1, 8, 13); 308285031Sdes R(d, e, a, b, c, F3, KK1, 9, 5); 309285031Sdes R(c, d, e, a, b, F3, KK1, 11, 10); 310285031Sdes R(b, c, d, e, a, F3, KK1, 7, 14); 311285031Sdes R(a, b, c, d, e, F3, KK1, 7, 15); 312285031Sdes R(e, a, b, c, d, F3, KK1, 12, 8); 313285031Sdes R(d, e, a, b, c, F3, KK1, 7, 12); 314285031Sdes R(c, d, e, a, b, F3, KK1, 6, 4); 315285031Sdes R(b, c, d, e, a, F3, KK1, 15, 9); 316285031Sdes R(a, b, c, d, e, F3, KK1, 13, 1); 317285031Sdes R(e, a, b, c, d, F3, KK1, 11, 2); /* #31 */ 318285031Sdes /* Parallel round 3 */ 319285031Sdes R(d, e, a, b, c, F2, KK2, 9, 15); 320285031Sdes R(c, d, e, a, b, F2, KK2, 7, 5); 321285031Sdes R(b, c, d, e, a, F2, KK2, 15, 1); 322285031Sdes R(a, b, c, d, e, F2, KK2, 11, 3); 323285031Sdes R(e, a, b, c, d, F2, KK2, 8, 7); 324285031Sdes R(d, e, a, b, c, F2, KK2, 6, 14); 325285031Sdes R(c, d, e, a, b, F2, KK2, 6, 6); 326285031Sdes R(b, c, d, e, a, F2, KK2, 14, 9); 327285031Sdes R(a, b, c, d, e, F2, KK2, 12, 11); 328285031Sdes R(e, a, b, c, d, F2, KK2, 13, 8); 329285031Sdes R(d, e, a, b, c, F2, KK2, 5, 12); 330285031Sdes R(c, d, e, a, b, F2, KK2, 14, 2); 331285031Sdes R(b, c, d, e, a, F2, KK2, 13, 10); 332285031Sdes R(a, b, c, d, e, F2, KK2, 13, 0); 333285031Sdes R(e, a, b, c, d, F2, KK2, 7, 4); 334285031Sdes R(d, e, a, b, c, F2, KK2, 5, 13); /* #47 */ 335285031Sdes /* Parallel round 4 */ 336285031Sdes R(c, d, e, a, b, F1, KK3, 15, 8); 337285031Sdes R(b, c, d, e, a, F1, KK3, 5, 6); 338285031Sdes R(a, b, c, d, e, F1, KK3, 8, 4); 339285031Sdes R(e, a, b, c, d, F1, KK3, 11, 1); 340285031Sdes R(d, e, a, b, c, F1, KK3, 14, 3); 341285031Sdes R(c, d, e, a, b, F1, KK3, 14, 11); 342285031Sdes R(b, c, d, e, a, F1, KK3, 6, 15); 343285031Sdes R(a, b, c, d, e, F1, KK3, 14, 0); 344285031Sdes R(e, a, b, c, d, F1, KK3, 6, 5); 345285031Sdes R(d, e, a, b, c, F1, KK3, 9, 12); 346285031Sdes R(c, d, e, a, b, F1, KK3, 12, 2); 347285031Sdes R(b, c, d, e, a, F1, KK3, 9, 13); 348285031Sdes R(a, b, c, d, e, F1, KK3, 12, 9); 349285031Sdes R(e, a, b, c, d, F1, KK3, 5, 7); 350285031Sdes R(d, e, a, b, c, F1, KK3, 15, 10); 351285031Sdes R(c, d, e, a, b, F1, KK3, 8, 14); /* #63 */ 352285031Sdes /* Parallel round 5 */ 353285031Sdes R(b, c, d, e, a, F0, KK4, 8, 12); 354285031Sdes R(a, b, c, d, e, F0, KK4, 5, 15); 355285031Sdes R(e, a, b, c, d, F0, KK4, 12, 10); 356285031Sdes R(d, e, a, b, c, F0, KK4, 9, 4); 357285031Sdes R(c, d, e, a, b, F0, KK4, 12, 1); 358285031Sdes R(b, c, d, e, a, F0, KK4, 5, 5); 359285031Sdes R(a, b, c, d, e, F0, KK4, 14, 8); 360285031Sdes R(e, a, b, c, d, F0, KK4, 6, 7); 361285031Sdes R(d, e, a, b, c, F0, KK4, 8, 6); 362285031Sdes R(c, d, e, a, b, F0, KK4, 13, 2); 363285031Sdes R(b, c, d, e, a, F0, KK4, 6, 13); 364285031Sdes R(a, b, c, d, e, F0, KK4, 5, 14); 365285031Sdes R(e, a, b, c, d, F0, KK4, 15, 0); 366285031Sdes R(d, e, a, b, c, F0, KK4, 13, 3); 367285031Sdes R(c, d, e, a, b, F0, KK4, 11, 9); 368285031Sdes R(b, c, d, e, a, F0, KK4, 11, 11); /* #79 */ 369285031Sdes 370285031Sdes t = state[1] + cc + d; 371285031Sdes state[1] = state[2] + dd + e; 372285031Sdes state[2] = state[3] + ee + a; 373285031Sdes state[3] = state[4] + aa + b; 374285031Sdes state[4] = state[0] + bb + c; 375285031Sdes state[0] = t; 376285031Sdes} 377285031Sdes 378285031Sdes#endif /* !WITH_OPENSSL */ 379