sys/opencrypto/rmd160.c

64921Smarcel/*	$OpenBSD: rmd160.c,v 1.3 2001/09/26 21:40:13 markus Exp $	*/
64921Smarcel/*-
64921Smarcel * Copyright (c) 2001 Markus Friedl.  All rights reserved.
64921Smarcel *
64921Smarcel * Redistribution and use in source and binary forms, with or without
64921Smarcel * modification, are permitted provided that the following conditions
64921Smarcel * are met:
64921Smarcel * 1. Redistributions of source code must retain the above copyright
111798Sdes *    notice, this list of conditions and the following disclaimer.
64921Smarcel * 2. Redistributions in binary form must reproduce the above copyright
64921Smarcel *    notice, this list of conditions and the following disclaimer in the
64921Smarcel *    documentation and/or other materials provided with the distribution.
64921Smarcel *
64921Smarcel * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
65067Smarcel * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
64921Smarcel * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
64921Smarcel * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
64921Smarcel * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
64921Smarcel * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
64921Smarcel * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
64921Smarcel * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
64921Smarcel * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
64921Smarcel * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
64921Smarcel */
64921Smarcel
64921Smarcel/*
64921Smarcel * Preneel, Bosselaers, Dobbertin, "The Cryptographic Hash Function RIPEMD-160",
64921Smarcel * RSA Laboratories, CryptoBytes, Volume 3, Number 2, Autumn 1997,
115705Sobrien * ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto3n2.pdf
115705Sobrien */
115705Sobrien
64921Smarcel#include <sys/cdefs.h>
76166Smarkm__FBSDID("$FreeBSD$");
162472Snetchild
162472Snetchild#include <sys/param.h>
140992Ssobomax#include <sys/systm.h>
84811Sjhb#include <sys/endian.h>
140992Ssobomax#include <opencrypto/rmd160.h>
64921Smarcel
76166Smarkm#define PUT_64BIT_LE(cp, value) do { \
161310Snetchild	(cp)[7] = (value) >> 56; \
164033Srwatson	(cp)[6] = (value) >> 48; \
64921Smarcel	(cp)[5] = (value) >> 40; \
161310Snetchild	(cp)[4] = (value) >> 32; \
76166Smarkm	(cp)[3] = (value) >> 24; \
76166Smarkm	(cp)[2] = (value) >> 16; \
134838Sdfr	(cp)[1] = (value) >> 8; \
102814Siedowse	(cp)[0] = (value); } while (0)
64921Smarcel
64921Smarcel#define PUT_32BIT_LE(cp, value) do { \
161310Snetchild	(cp)[3] = (value) >> 24; \
166188Sjeff	(cp)[2] = (value) >> 16; \
64921Smarcel	(cp)[1] = (value) >> 8; \
64921Smarcel	(cp)[0] = (value); } while (0)
64921Smarcel
64921Smarcel#define	H0	0x67452301U
64921Smarcel#define	H1	0xEFCDAB89U
64921Smarcel#define	H2	0x98BADCFEU
67238Sgallatin#define	H3	0x10325476U
67238Sgallatin#define	H4	0xC3D2E1F0U
67238Sgallatin
67238Sgallatin#define	K0	0x00000000U
64921Smarcel#define	K1	0x5A827999U
68583Smarcel#define	K2	0x6ED9EBA1U
64921Smarcel#define	K3	0x8F1BBCDCU
64921Smarcel#define	K4	0xA953FD4EU
64921Smarcel
161310Snetchild#define	KK0	0x50A28BE6U
64921Smarcel#define	KK1	0x5C4DD124U
161310Snetchild#define	KK2	0x6D703EF3U
161310Snetchild#define	KK3	0x7A6D76E9U
161310Snetchild#define	KK4	0x00000000U
161310Snetchild
161310Snetchild/* rotate x left n bits.  */
161310Snetchild#define ROL(n, x) (((x) << (n)) | ((x) >> (32-(n))))
83221Smarcel
83221Smarcel#define F0(x, y, z) ((x) ^ (y) ^ (z))
83221Smarcel#define F1(x, y, z) (((x) & (y)) | ((~x) & (z)))
83221Smarcel#define F2(x, y, z) (((x) | (~y)) ^ (z))
83221Smarcel#define F3(x, y, z) (((x) & (z)) | ((y) & (~z)))
83221Smarcel#define F4(x, y, z) ((x) ^ ((y) | (~z)))
83221Smarcel
83221Smarcel#define R(a, b, c, d, e, Fj, Kj, sj, rj) \
83221Smarcel	do { \
83221Smarcel		a = ROL(sj, a + Fj(b,c,d) + X(rj) + Kj) + e; \
64921Smarcel		c = ROL(10, c); \
64921Smarcel	} while(0)
83221Smarcel
83221Smarcel#define X(i)	x[i]
83221Smarcel
83221Smarcelstatic u_char PADDING[64] = {
83221Smarcel	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
83221Smarcel	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
64921Smarcel	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
64921Smarcel};
64921Smarcel
67051Sgallatinvoid
67051SgallatinRMD160Init(RMD160_CTX *ctx)
67051Sgallatin{
67051Sgallatin	ctx->count = 0;
67051Sgallatin	ctx->state[0] = H0;
67051Sgallatin	ctx->state[1] = H1;
67051Sgallatin	ctx->state[2] = H2;
67051Sgallatin	ctx->state[3] = H3;
67051Sgallatin	ctx->state[4] = H4;
67051Sgallatin}
67051Sgallatin
67051Sgallatinvoid
67051SgallatinRMD160Update(RMD160_CTX *ctx, const u_char *input, u_int32_t len)
67051Sgallatin{
67051Sgallatin	u_int32_t have, off, need;
67051Sgallatin
67051Sgallatin	have = (ctx->count/8) % 64;
67051Sgallatin	need = 64 - have;
67051Sgallatin	ctx->count += 8 * len;
67051Sgallatin	off = 0;
67051Sgallatin
67051Sgallatin	if (len >= need) {
67051Sgallatin		if (have) {
67051Sgallatin			memcpy(ctx->buffer + have, input, need);
83366Sjulian			RMD160Transform(ctx->state, ctx->buffer);
64921Smarcel			off = need;
140992Ssobomax			have = 0;
140992Ssobomax		}
140992Ssobomax		/* now the buffer is empty */
64921Smarcel		while (off + 64 <= len) {
141468Sjhb			RMD160Transform(ctx->state, input+off);
64921Smarcel			off += 64;
64921Smarcel		}
72543Sjlemon	}
140992Ssobomax	if (off < len)
64921Smarcel		memcpy(ctx->buffer + have, input+off, len-off);
64921Smarcel}
140992Ssobomax
140992Ssobomaxvoid
140992SsobomaxRMD160Final(u_char digest[20], RMD160_CTX *ctx)
140992Ssobomax{
148623Ssobomax	int i;
161310Snetchild	u_char size[8];
161310Snetchild	u_int32_t padlen;
161310Snetchild
161310Snetchild	PUT_64BIT_LE(size, ctx->count);
161310Snetchild
161310Snetchild	/*
161310Snetchild	 * pad to 64 byte blocks, at least one byte from PADDING plus 8 bytes
161310Snetchild	 * for the size
140992Ssobomax	 */
64921Smarcel	padlen = 64 - ((ctx->count/8) % 64);
64921Smarcel	if (padlen < 1 + 8)
83221Smarcel		padlen += 64;
83221Smarcel	RMD160Update(ctx, PADDING, padlen - 8);		/* padlen - 8 <= 64 */
83221Smarcel	RMD160Update(ctx, size, 8);
83221Smarcel
83221Smarcel	if (digest != NULL)
64921Smarcel		for (i = 0; i < 5; i++)
83366Sjulian			PUT_32BIT_LE(digest + i*4, ctx->state[i]);
64921Smarcel
83221Smarcel	memset(ctx, 0, sizeof (*ctx));
83221Smarcel}
83221Smarcel
83221Smarcelvoid
83221SmarcelRMD160Transform(u_int32_t state[5], const u_char block[64])
83221Smarcel{
83221Smarcel	u_int32_t a, b, c, d, e, aa, bb, cc, dd, ee, t, x[16];
83221Smarcel
83366Sjulian#if BYTE_ORDER == LITTLE_ENDIAN
64921Smarcel	memcpy(x, block, 64);
83221Smarcel#else
83221Smarcel	int i;
64921Smarcel
83221Smarcel	for (i = 0; i < 16; i++)
83221Smarcel		x[i] = bswap32(*(const u_int32_t*)(block+i*4));
83221Smarcel#endif
83366Sjulian
83221Smarcel	a = state[0];
83221Smarcel	b = state[1];
83221Smarcel	c = state[2];
83221Smarcel	d = state[3];
83221Smarcel	e = state[4];
83221Smarcel
83221Smarcel	/* Round 1 */
83221Smarcel	R(a, b, c, d, e, F0, K0, 11,  0);
111797Sdes	R(e, a, b, c, d, F0, K0, 14,  1);
83221Smarcel	R(d, e, a, b, c, F0, K0, 15,  2);
83221Smarcel	R(c, d, e, a, b, F0, K0, 12,  3);
83366Sjulian	R(b, c, d, e, a, F0, K0,  5,  4);
83221Smarcel	R(a, b, c, d, e, F0, K0,  8,  5);
83221Smarcel	R(e, a, b, c, d, F0, K0,  7,  6);
83221Smarcel	R(d, e, a, b, c, F0, K0,  9,  7);
83221Smarcel	R(c, d, e, a, b, F0, K0, 11,  8);
83221Smarcel	R(b, c, d, e, a, F0, K0, 13,  9);
83221Smarcel	R(a, b, c, d, e, F0, K0, 14, 10);
83221Smarcel	R(e, a, b, c, d, F0, K0, 15, 11);
83221Smarcel	R(d, e, a, b, c, F0, K0,  6, 12);
83366Sjulian	R(c, d, e, a, b, F0, K0,  7, 13);
83221Smarcel	R(b, c, d, e, a, F0, K0,  9, 14);
83221Smarcel	R(a, b, c, d, e, F0, K0,  8, 15); /* #15 */
83221Smarcel	/* Round 2 */
83221Smarcel	R(e, a, b, c, d, F1, K1,  7,  7);
83221Smarcel	R(d, e, a, b, c, F1, K1,  6,  4);
83221Smarcel	R(c, d, e, a, b, F1, K1,  8, 13);
83221Smarcel	R(b, c, d, e, a, F1, K1, 13,  1);
83221Smarcel	R(a, b, c, d, e, F1, K1, 11, 10);
83221Smarcel	R(e, a, b, c, d, F1, K1,  9,  6);
83221Smarcel	R(d, e, a, b, c, F1, K1,  7, 15);
83221Smarcel	R(c, d, e, a, b, F1, K1, 15,  3);
83221Smarcel	R(b, c, d, e, a, F1, K1,  7, 12);
83221Smarcel	R(a, b, c, d, e, F1, K1, 12,  0);
111797Sdes	R(e, a, b, c, d, F1, K1, 15,  9);
83221Smarcel	R(d, e, a, b, c, F1, K1,  9,  5);
83221Smarcel	R(c, d, e, a, b, F1, K1, 11,  2);
83221Smarcel	R(b, c, d, e, a, F1, K1,  7, 14);
83221Smarcel	R(a, b, c, d, e, F1, K1, 13, 11);
83221Smarcel	R(e, a, b, c, d, F1, K1, 12,  8); /* #31 */
83221Smarcel	/* Round 3 */
83221Smarcel	R(d, e, a, b, c, F2, K2, 11,  3);
83221Smarcel	R(c, d, e, a, b, F2, K2, 13, 10);
83366Sjulian	R(b, c, d, e, a, F2, K2,  6, 14);
83221Smarcel	R(a, b, c, d, e, F2, K2,  7,  4);
83221Smarcel	R(e, a, b, c, d, F2, K2, 14,  9);
83221Smarcel	R(d, e, a, b, c, F2, K2,  9, 15);
83221Smarcel	R(c, d, e, a, b, F2, K2, 13,  8);
83221Smarcel	R(b, c, d, e, a, F2, K2, 15,  1);
83221Smarcel	R(a, b, c, d, e, F2, K2, 14,  2);
83366Sjulian	R(e, a, b, c, d, F2, K2,  8,  7);
83221Smarcel	R(d, e, a, b, c, F2, K2, 13,  0);
83221Smarcel	R(c, d, e, a, b, F2, K2,  6,  6);
83221Smarcel	R(b, c, d, e, a, F2, K2,  5, 13);
83221Smarcel	R(a, b, c, d, e, F2, K2, 12, 11);
83221Smarcel	R(e, a, b, c, d, F2, K2,  7,  5);
83221Smarcel	R(d, e, a, b, c, F2, K2,  5, 12); /* #47 */
83221Smarcel	/* Round 4 */
83366Sjulian	R(c, d, e, a, b, F3, K3, 11,  1);
83221Smarcel	R(b, c, d, e, a, F3, K3, 12,  9);
83221Smarcel	R(a, b, c, d, e, F3, K3, 14, 11);
83221Smarcel	R(e, a, b, c, d, F3, K3, 15, 10);
83221Smarcel	R(d, e, a, b, c, F3, K3, 14,  0);
83221Smarcel	R(c, d, e, a, b, F3, K3, 15,  8);
83221Smarcel	R(b, c, d, e, a, F3, K3,  9, 12);
83221Smarcel	R(a, b, c, d, e, F3, K3,  8,  4);
83221Smarcel	R(e, a, b, c, d, F3, K3,  9, 13);
83366Sjulian	R(d, e, a, b, c, F3, K3, 14,  3);
83221Smarcel	R(c, d, e, a, b, F3, K3,  5,  7);
83221Smarcel	R(b, c, d, e, a, F3, K3,  6, 15);
83221Smarcel	R(a, b, c, d, e, F3, K3,  8, 14);
83221Smarcel	R(e, a, b, c, d, F3, K3,  6,  5);
83221Smarcel	R(d, e, a, b, c, F3, K3,  5,  6);
83366Sjulian	R(c, d, e, a, b, F3, K3, 12,  2); /* #63 */
83221Smarcel	/* Round 5 */
83221Smarcel	R(b, c, d, e, a, F4, K4,  9,  4);
83221Smarcel	R(a, b, c, d, e, F4, K4, 15,  0);
83221Smarcel	R(e, a, b, c, d, F4, K4,  5,  5);
83221Smarcel	R(d, e, a, b, c, F4, K4, 11,  9);
83221Smarcel	R(c, d, e, a, b, F4, K4,  6,  7);
83221Smarcel	R(b, c, d, e, a, F4, K4,  8, 12);
83366Sjulian	R(a, b, c, d, e, F4, K4, 13,  2);
83221Smarcel	R(e, a, b, c, d, F4, K4, 12, 10);
83221Smarcel	R(d, e, a, b, c, F4, K4,  5, 14);
83221Smarcel	R(c, d, e, a, b, F4, K4, 12,  1);
83221Smarcel	R(b, c, d, e, a, F4, K4, 13,  3);
83221Smarcel	R(a, b, c, d, e, F4, K4, 14,  8);
83221Smarcel	R(e, a, b, c, d, F4, K4, 11, 11);
83221Smarcel	R(d, e, a, b, c, F4, K4,  8,  6);
83366Sjulian	R(c, d, e, a, b, F4, K4,  5, 15);
83221Smarcel	R(b, c, d, e, a, F4, K4,  6, 13); /* #79 */
83221Smarcel
83221Smarcel	aa = a ; bb = b; cc = c; dd = d; ee = e;
83221Smarcel
83221Smarcel	a = state[0];
83221Smarcel	b = state[1];
64921Smarcel	c = state[2];
64921Smarcel	d = state[3];
64921Smarcel	e = state[4];
83366Sjulian
64921Smarcel	/* Parallel round 1 */
83221Smarcel	R(a, b, c, d, e, F4, KK0,  8,  5);
83221Smarcel	R(e, a, b, c, d, F4, KK0,  9, 14);
64921Smarcel	R(d, e, a, b, c, F4, KK0,  9,  7);
64921Smarcel	R(c, d, e, a, b, F4, KK0, 11,  0);
83221Smarcel	R(b, c, d, e, a, F4, KK0, 13,  9);
83221Smarcel	R(a, b, c, d, e, F4, KK0, 15,  2);
91437Speter	R(e, a, b, c, d, F4, KK0, 15, 11);
64921Smarcel	R(d, e, a, b, c, F4, KK0,  5,  4);
64921Smarcel	R(c, d, e, a, b, F4, KK0,  7, 13);
111797Sdes	R(b, c, d, e, a, F4, KK0,  7,  6);
64921Smarcel	R(a, b, c, d, e, F4, KK0,  8, 15);
64921Smarcel	R(e, a, b, c, d, F4, KK0, 11,  8);
64921Smarcel	R(d, e, a, b, c, F4, KK0, 14,  1);
64921Smarcel	R(c, d, e, a, b, F4, KK0, 14, 10);
64921Smarcel	R(b, c, d, e, a, F4, KK0, 12,  3);
64921Smarcel	R(a, b, c, d, e, F4, KK0,  6, 12); /* #15 */
64921Smarcel	/* Parallel round 2 */
64921Smarcel	R(e, a, b, c, d, F3, KK1,  9,  6);
83366Sjulian	R(d, e, a, b, c, F3, KK1, 13, 11);
64921Smarcel	R(c, d, e, a, b, F3, KK1, 15,  3);
64921Smarcel	R(b, c, d, e, a, F3, KK1,  7,  7);
64921Smarcel	R(a, b, c, d, e, F3, KK1, 12,  0);
83366Sjulian	R(e, a, b, c, d, F3, KK1,  8, 13);
64921Smarcel	R(d, e, a, b, c, F3, KK1,  9,  5);
64921Smarcel	R(c, d, e, a, b, F3, KK1, 11, 10);
166150Snetchild	R(b, c, d, e, a, F3, KK1,  7, 14);
166150Snetchild	R(a, b, c, d, e, F3, KK1,  7, 15);
64921Smarcel	R(e, a, b, c, d, F3, KK1, 12,  8);
64921Smarcel	R(d, e, a, b, c, F3, KK1,  7, 12);
72543Sjlemon	R(c, d, e, a, b, F3, KK1,  6,  4);
72543Sjlemon	R(b, c, d, e, a, F3, KK1, 15,  9);
64921Smarcel	R(a, b, c, d, e, F3, KK1, 13,  1);
64921Smarcel	R(e, a, b, c, d, F3, KK1, 11,  2); /* #31 */
166150Snetchild	/* Parallel round 3 */
64921Smarcel	R(d, e, a, b, c, F2, KK2,  9, 15);
166150Snetchild	R(c, d, e, a, b, F2, KK2,  7,  5);
166150Snetchild	R(b, c, d, e, a, F2, KK2, 15,  1);
166150Snetchild	R(a, b, c, d, e, F2, KK2, 11,  3);
166150Snetchild	R(e, a, b, c, d, F2, KK2,  8,  7);
166150Snetchild	R(d, e, a, b, c, F2, KK2,  6, 14);
64921Smarcel	R(c, d, e, a, b, F2, KK2,  6,  6);
83366Sjulian	R(b, c, d, e, a, F2, KK2, 14,  9);
83366Sjulian	R(a, b, c, d, e, F2, KK2, 12, 11);
161310Snetchild	R(e, a, b, c, d, F2, KK2, 13,  8);
161310Snetchild	R(d, e, a, b, c, F2, KK2,  5, 12);
161310Snetchild	R(c, d, e, a, b, F2, KK2, 14,  2);
161310Snetchild	R(b, c, d, e, a, F2, KK2, 13, 10);
166150Snetchild	R(a, b, c, d, e, F2, KK2, 13,  0);
166150Snetchild	R(e, a, b, c, d, F2, KK2,  7,  4);
166150Snetchild	R(d, e, a, b, c, F2, KK2,  5, 13); /* #47 */
166150Snetchild	/* Parallel round 4 */
166150Snetchild	R(c, d, e, a, b, F1, KK3, 15,  8);
170307Sjeff	R(b, c, d, e, a, F1, KK3,  5,  6);
166150Snetchild	R(a, b, c, d, e, F1, KK3,  8,  4);
166188Sjeff	R(e, a, b, c, d, F1, KK3, 11,  1);
170307Sjeff	R(d, e, a, b, c, F1, KK3, 14,  3);
166150Snetchild	R(c, d, e, a, b, F1, KK3, 14, 11);
64921Smarcel	R(b, c, d, e, a, F1, KK3,  6, 15);
64921Smarcel	R(a, b, c, d, e, F1, KK3, 14,  0);
64921Smarcel	R(e, a, b, c, d, F1, KK3,  6,  5);
64921Smarcel	R(d, e, a, b, c, F1, KK3,  9, 12);
83366Sjulian	R(c, d, e, a, b, F1, KK3, 12,  2);
64921Smarcel	R(b, c, d, e, a, F1, KK3,  9, 13);
64921Smarcel	R(a, b, c, d, e, F1, KK3, 12,  9);
161611Snetchild	R(e, a, b, c, d, F1, KK3,  5,  7);
166150Snetchild	R(d, e, a, b, c, F1, KK3, 15, 10);
64921Smarcel	R(c, d, e, a, b, F1, KK3,  8, 14); /* #63 */
64921Smarcel	/* Parallel round 5 */
72543Sjlemon	R(b, c, d, e, a, F0, KK4,  8, 12);
72543Sjlemon	R(a, b, c, d, e, F0, KK4,  5, 15);
64921Smarcel	R(e, a, b, c, d, F0, KK4, 12, 10);
64921Smarcel	R(d, e, a, b, c, F0, KK4,  9,  4);
161611Snetchild	R(c, d, e, a, b, F0, KK4, 12,  1);
166150Snetchild	R(b, c, d, e, a, F0, KK4,  5,  5);
64921Smarcel	R(a, b, c, d, e, F0, KK4, 14,  8);
161611Snetchild	R(e, a, b, c, d, F0, KK4,  6,  7);
166150Snetchild	R(d, e, a, b, c, F0, KK4,  8,  6);
161611Snetchild	R(c, d, e, a, b, F0, KK4, 13,  2);
161611Snetchild	R(b, c, d, e, a, F0, KK4,  6, 13);
64921Smarcel	R(a, b, c, d, e, F0, KK4,  5, 14);
83366Sjulian	R(e, a, b, c, d, F0, KK4, 15,  0);
83366Sjulian	R(d, e, a, b, c, F0, KK4, 13,  3);
161310Snetchild	R(c, d, e, a, b, F0, KK4, 11,  9);
161310Snetchild	R(b, c, d, e, a, F0, KK4, 11, 11); /* #79 */
161310Snetchild
166150Snetchild	t =        state[1] + cc + d;
166150Snetchild	state[1] = state[2] + dd + e;
166150Snetchild	state[2] = state[3] + ee + a;
166150Snetchild	state[3] = state[4] + aa + b;
166150Snetchild	state[4] = state[0] + bb + c;
166150Snetchild	state[0] = t;
166150Snetchild}
166150Snetchild