1/* $NetBSD: rmd160.c,v 1.4 2008/02/16 17:37:13 apb Exp $ */ 2/* $KAME: rmd160.c,v 1.2 2003/07/25 09:37:55 itojun Exp $ */ 3/* $OpenBSD: rmd160.c,v 1.3 2001/09/26 21:40:13 markus Exp $ */ 4/* 5 * Copyright (c) 2001 Markus Friedl. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27/* 28 * Preneel, Bosselaers, Dobbertin, "The Cryptographic Hash Function RIPEMD-160", 29 * RSA Laboratories, CryptoBytes, Volume 3, Number 2, Autumn 1997, 30 * ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto3n2.pdf 31 */ 32 33#include <sys/cdefs.h> 34 35#if defined(_KERNEL) || defined(_STANDALONE) 36__KERNEL_RCSID(0, "$NetBSD: rmd160.c,v 1.4 2008/02/16 17:37:13 apb Exp $"); 37 38#include <lib/libkern/libkern.h> 39 40#else 41 42#if defined(LIBC_SCCS) && !defined(lint) 43__RCSID("$NetBSD: rmd160.c,v 1.4 2008/02/16 17:37:13 apb Exp $"); 44#endif /* LIBC_SCCS and not lint */ 45 46#include "namespace.h" 47#include <assert.h> 48#include <string.h> 49 50#endif 51 52#include <sys/types.h> 53#include <sys/param.h> 54#include <sys/rmd160.h> 55 56 57#define PUT_64BIT_LE(cp, value) do { \ 58 (cp)[7] = (u_char)((value) >> 56); \ 59 (cp)[6] = (u_char)((value) >> 48); \ 60 (cp)[5] = (u_char)((value) >> 40); \ 61 (cp)[4] = (u_char)((value) >> 32); \ 62 (cp)[3] = (u_char)((value) >> 24); \ 63 (cp)[2] = (u_char)((value) >> 16); \ 64 (cp)[1] = (u_char)((value) >> 8); \ 65 (cp)[0] = (u_char)((value)); } while (/*CONSTCOND*/0) 66 67#define PUT_32BIT_LE(cp, value) do { \ 68 (cp)[3] = (value) >> 24; \ 69 (cp)[2] = (value) >> 16; \ 70 (cp)[1] = (value) >> 8; \ 71 (cp)[0] = (value); } while (/*CONSTCOND*/0) 72 73#define H0 0x67452301U 74#define H1 0xEFCDAB89U 75#define H2 0x98BADCFEU 76#define H3 0x10325476U 77#define H4 0xC3D2E1F0U 78 79#define K0 0x00000000U 80#define K1 0x5A827999U 81#define K2 0x6ED9EBA1U 82#define K3 0x8F1BBCDCU 83#define K4 0xA953FD4EU 84 85#define KK0 0x50A28BE6U 86#define KK1 0x5C4DD124U 87#define KK2 0x6D703EF3U 88#define KK3 0x7A6D76E9U 89#define KK4 0x00000000U 90 91/* rotate x left n bits. */ 92#define ROL(n, x) (((x) << (n)) | ((x) >> (32-(n)))) 93 94#define F0(x, y, z) ((x) ^ (y) ^ (z)) 95#define F1(x, y, z) (((x) & (y)) | ((~x) & (z))) 96#define F2(x, y, z) (((x) | (~y)) ^ (z)) 97#define F3(x, y, z) (((x) & (z)) | ((y) & (~z))) 98#define F4(x, y, z) ((x) ^ ((y) | (~z))) 99 100#define R(a, b, c, d, e, Fj, Kj, sj, rj) \ 101 do { \ 102 a = ROL(sj, a + Fj(b,c,d) + X(rj) + Kj) + e; \ 103 c = ROL(10, c); \ 104 } while(/*CONSTCOND*/0) 105 106#define X(i) x[i] 107 108static const u_char PADDING[64] = { 109 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 110 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 111 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 112}; 113 114#if !defined(_KERNEL) && !defined(_STANDALONE) 115#if defined(__weak_alias) 116__weak_alias(RMD160Init,_RMD160Init) 117__weak_alias(RMD160Update,_RMD160Update) 118__weak_alias(RMD160Final,_RMD160Final) 119__weak_alias(RMD160Transform,_RMD160Transform) 120#endif 121#endif 122 123void 124RMD160Init(RMD160_CTX *ctx) 125{ 126 ctx->count = 0; 127 ctx->state[0] = H0; 128 ctx->state[1] = H1; 129 ctx->state[2] = H2; 130 ctx->state[3] = H3; 131 ctx->state[4] = H4; 132} 133 134void 135RMD160Update(RMD160_CTX *ctx, const u_char *input, uint32_t len) 136{ 137 uint32_t have, off, need; 138 139 have = (uint32_t)((ctx->count/8) % 64); 140 need = 64 - have; 141 ctx->count += 8 * len; 142 off = 0; 143 144 if (len >= need) { 145 if (have) { 146 memcpy(ctx->buffer + have, input, (size_t)need); 147 RMD160Transform(ctx->state, ctx->buffer); 148 off = need; 149 have = 0; 150 } 151 /* now the buffer is empty */ 152 while (off + 64 <= len) { 153 RMD160Transform(ctx->state, input+off); 154 off += 64; 155 } 156 } 157 if (off < len) 158 memcpy(ctx->buffer + have, input+off, (size_t)len-off); 159} 160 161void 162RMD160Final(u_char digest[20], RMD160_CTX *ctx) 163{ 164 int i; 165 u_char size[8]; 166 uint32_t padlen; 167 168 PUT_64BIT_LE(size, ctx->count); 169 170 /* 171 * pad to 64 byte blocks, at least one byte from PADDING plus 8 bytes 172 * for the size 173 */ 174 padlen = (uint32_t)(64 - ((ctx->count/8) % 64)); 175 if (padlen < 1 + 8) 176 padlen += 64; 177 RMD160Update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */ 178 RMD160Update(ctx, size, 8); 179 180 if (digest != NULL) 181 for (i = 0; i < 5; i++) 182 PUT_32BIT_LE(digest + i*4, ctx->state[i]); 183 184 memset(ctx, 0, sizeof (*ctx)); 185} 186 187void 188RMD160Transform(uint32_t state[5], const u_char block[64]) 189{ 190 uint32_t a, b, c, d, e, aa, bb, cc, dd, ee, t, x[16]; 191 192#if BYTE_ORDER == LITTLE_ENDIAN 193 memcpy(x, block, (size_t)64); 194#else 195 int i; 196 197 for (i = 0; i < 16; i++) 198 x[i] = le32dec(block+i*4); 199#endif 200 201 a = state[0]; 202 b = state[1]; 203 c = state[2]; 204 d = state[3]; 205 e = state[4]; 206 207 /* Round 1 */ 208 R(a, b, c, d, e, F0, K0, 11, 0); 209 R(e, a, b, c, d, F0, K0, 14, 1); 210 R(d, e, a, b, c, F0, K0, 15, 2); 211 R(c, d, e, a, b, F0, K0, 12, 3); 212 R(b, c, d, e, a, F0, K0, 5, 4); 213 R(a, b, c, d, e, F0, K0, 8, 5); 214 R(e, a, b, c, d, F0, K0, 7, 6); 215 R(d, e, a, b, c, F0, K0, 9, 7); 216 R(c, d, e, a, b, F0, K0, 11, 8); 217 R(b, c, d, e, a, F0, K0, 13, 9); 218 R(a, b, c, d, e, F0, K0, 14, 10); 219 R(e, a, b, c, d, F0, K0, 15, 11); 220 R(d, e, a, b, c, F0, K0, 6, 12); 221 R(c, d, e, a, b, F0, K0, 7, 13); 222 R(b, c, d, e, a, F0, K0, 9, 14); 223 R(a, b, c, d, e, F0, K0, 8, 15); /* #15 */ 224 /* Round 2 */ 225 R(e, a, b, c, d, F1, K1, 7, 7); 226 R(d, e, a, b, c, F1, K1, 6, 4); 227 R(c, d, e, a, b, F1, K1, 8, 13); 228 R(b, c, d, e, a, F1, K1, 13, 1); 229 R(a, b, c, d, e, F1, K1, 11, 10); 230 R(e, a, b, c, d, F1, K1, 9, 6); 231 R(d, e, a, b, c, F1, K1, 7, 15); 232 R(c, d, e, a, b, F1, K1, 15, 3); 233 R(b, c, d, e, a, F1, K1, 7, 12); 234 R(a, b, c, d, e, F1, K1, 12, 0); 235 R(e, a, b, c, d, F1, K1, 15, 9); 236 R(d, e, a, b, c, F1, K1, 9, 5); 237 R(c, d, e, a, b, F1, K1, 11, 2); 238 R(b, c, d, e, a, F1, K1, 7, 14); 239 R(a, b, c, d, e, F1, K1, 13, 11); 240 R(e, a, b, c, d, F1, K1, 12, 8); /* #31 */ 241 /* Round 3 */ 242 R(d, e, a, b, c, F2, K2, 11, 3); 243 R(c, d, e, a, b, F2, K2, 13, 10); 244 R(b, c, d, e, a, F2, K2, 6, 14); 245 R(a, b, c, d, e, F2, K2, 7, 4); 246 R(e, a, b, c, d, F2, K2, 14, 9); 247 R(d, e, a, b, c, F2, K2, 9, 15); 248 R(c, d, e, a, b, F2, K2, 13, 8); 249 R(b, c, d, e, a, F2, K2, 15, 1); 250 R(a, b, c, d, e, F2, K2, 14, 2); 251 R(e, a, b, c, d, F2, K2, 8, 7); 252 R(d, e, a, b, c, F2, K2, 13, 0); 253 R(c, d, e, a, b, F2, K2, 6, 6); 254 R(b, c, d, e, a, F2, K2, 5, 13); 255 R(a, b, c, d, e, F2, K2, 12, 11); 256 R(e, a, b, c, d, F2, K2, 7, 5); 257 R(d, e, a, b, c, F2, K2, 5, 12); /* #47 */ 258 /* Round 4 */ 259 R(c, d, e, a, b, F3, K3, 11, 1); 260 R(b, c, d, e, a, F3, K3, 12, 9); 261 R(a, b, c, d, e, F3, K3, 14, 11); 262 R(e, a, b, c, d, F3, K3, 15, 10); 263 R(d, e, a, b, c, F3, K3, 14, 0); 264 R(c, d, e, a, b, F3, K3, 15, 8); 265 R(b, c, d, e, a, F3, K3, 9, 12); 266 R(a, b, c, d, e, F3, K3, 8, 4); 267 R(e, a, b, c, d, F3, K3, 9, 13); 268 R(d, e, a, b, c, F3, K3, 14, 3); 269 R(c, d, e, a, b, F3, K3, 5, 7); 270 R(b, c, d, e, a, F3, K3, 6, 15); 271 R(a, b, c, d, e, F3, K3, 8, 14); 272 R(e, a, b, c, d, F3, K3, 6, 5); 273 R(d, e, a, b, c, F3, K3, 5, 6); 274 R(c, d, e, a, b, F3, K3, 12, 2); /* #63 */ 275 /* Round 5 */ 276 R(b, c, d, e, a, F4, K4, 9, 4); 277 R(a, b, c, d, e, F4, K4, 15, 0); 278 R(e, a, b, c, d, F4, K4, 5, 5); 279 R(d, e, a, b, c, F4, K4, 11, 9); 280 R(c, d, e, a, b, F4, K4, 6, 7); 281 R(b, c, d, e, a, F4, K4, 8, 12); 282 R(a, b, c, d, e, F4, K4, 13, 2); 283 R(e, a, b, c, d, F4, K4, 12, 10); 284 R(d, e, a, b, c, F4, K4, 5, 14); 285 R(c, d, e, a, b, F4, K4, 12, 1); 286 R(b, c, d, e, a, F4, K4, 13, 3); 287 R(a, b, c, d, e, F4, K4, 14, 8); 288 R(e, a, b, c, d, F4, K4, 11, 11); 289 R(d, e, a, b, c, F4, K4, 8, 6); 290 R(c, d, e, a, b, F4, K4, 5, 15); 291 R(b, c, d, e, a, F4, K4, 6, 13); /* #79 */ 292 293 aa = a ; bb = b; cc = c; dd = d; ee = e; 294 295 a = state[0]; 296 b = state[1]; 297 c = state[2]; 298 d = state[3]; 299 e = state[4]; 300 301 /* Parallel round 1 */ 302 R(a, b, c, d, e, F4, KK0, 8, 5); 303 R(e, a, b, c, d, F4, KK0, 9, 14); 304 R(d, e, a, b, c, F4, KK0, 9, 7); 305 R(c, d, e, a, b, F4, KK0, 11, 0); 306 R(b, c, d, e, a, F4, KK0, 13, 9); 307 R(a, b, c, d, e, F4, KK0, 15, 2); 308 R(e, a, b, c, d, F4, KK0, 15, 11); 309 R(d, e, a, b, c, F4, KK0, 5, 4); 310 R(c, d, e, a, b, F4, KK0, 7, 13); 311 R(b, c, d, e, a, F4, KK0, 7, 6); 312 R(a, b, c, d, e, F4, KK0, 8, 15); 313 R(e, a, b, c, d, F4, KK0, 11, 8); 314 R(d, e, a, b, c, F4, KK0, 14, 1); 315 R(c, d, e, a, b, F4, KK0, 14, 10); 316 R(b, c, d, e, a, F4, KK0, 12, 3); 317 R(a, b, c, d, e, F4, KK0, 6, 12); /* #15 */ 318 /* Parallel round 2 */ 319 R(e, a, b, c, d, F3, KK1, 9, 6); 320 R(d, e, a, b, c, F3, KK1, 13, 11); 321 R(c, d, e, a, b, F3, KK1, 15, 3); 322 R(b, c, d, e, a, F3, KK1, 7, 7); 323 R(a, b, c, d, e, F3, KK1, 12, 0); 324 R(e, a, b, c, d, F3, KK1, 8, 13); 325 R(d, e, a, b, c, F3, KK1, 9, 5); 326 R(c, d, e, a, b, F3, KK1, 11, 10); 327 R(b, c, d, e, a, F3, KK1, 7, 14); 328 R(a, b, c, d, e, F3, KK1, 7, 15); 329 R(e, a, b, c, d, F3, KK1, 12, 8); 330 R(d, e, a, b, c, F3, KK1, 7, 12); 331 R(c, d, e, a, b, F3, KK1, 6, 4); 332 R(b, c, d, e, a, F3, KK1, 15, 9); 333 R(a, b, c, d, e, F3, KK1, 13, 1); 334 R(e, a, b, c, d, F3, KK1, 11, 2); /* #31 */ 335 /* Parallel round 3 */ 336 R(d, e, a, b, c, F2, KK2, 9, 15); 337 R(c, d, e, a, b, F2, KK2, 7, 5); 338 R(b, c, d, e, a, F2, KK2, 15, 1); 339 R(a, b, c, d, e, F2, KK2, 11, 3); 340 R(e, a, b, c, d, F2, KK2, 8, 7); 341 R(d, e, a, b, c, F2, KK2, 6, 14); 342 R(c, d, e, a, b, F2, KK2, 6, 6); 343 R(b, c, d, e, a, F2, KK2, 14, 9); 344 R(a, b, c, d, e, F2, KK2, 12, 11); 345 R(e, a, b, c, d, F2, KK2, 13, 8); 346 R(d, e, a, b, c, F2, KK2, 5, 12); 347 R(c, d, e, a, b, F2, KK2, 14, 2); 348 R(b, c, d, e, a, F2, KK2, 13, 10); 349 R(a, b, c, d, e, F2, KK2, 13, 0); 350 R(e, a, b, c, d, F2, KK2, 7, 4); 351 R(d, e, a, b, c, F2, KK2, 5, 13); /* #47 */ 352 /* Parallel round 4 */ 353 R(c, d, e, a, b, F1, KK3, 15, 8); 354 R(b, c, d, e, a, F1, KK3, 5, 6); 355 R(a, b, c, d, e, F1, KK3, 8, 4); 356 R(e, a, b, c, d, F1, KK3, 11, 1); 357 R(d, e, a, b, c, F1, KK3, 14, 3); 358 R(c, d, e, a, b, F1, KK3, 14, 11); 359 R(b, c, d, e, a, F1, KK3, 6, 15); 360 R(a, b, c, d, e, F1, KK3, 14, 0); 361 R(e, a, b, c, d, F1, KK3, 6, 5); 362 R(d, e, a, b, c, F1, KK3, 9, 12); 363 R(c, d, e, a, b, F1, KK3, 12, 2); 364 R(b, c, d, e, a, F1, KK3, 9, 13); 365 R(a, b, c, d, e, F1, KK3, 12, 9); 366 R(e, a, b, c, d, F1, KK3, 5, 7); 367 R(d, e, a, b, c, F1, KK3, 15, 10); 368 R(c, d, e, a, b, F1, KK3, 8, 14); /* #63 */ 369 /* Parallel round 5 */ 370 R(b, c, d, e, a, F0, KK4, 8, 12); 371 R(a, b, c, d, e, F0, KK4, 5, 15); 372 R(e, a, b, c, d, F0, KK4, 12, 10); 373 R(d, e, a, b, c, F0, KK4, 9, 4); 374 R(c, d, e, a, b, F0, KK4, 12, 1); 375 R(b, c, d, e, a, F0, KK4, 5, 5); 376 R(a, b, c, d, e, F0, KK4, 14, 8); 377 R(e, a, b, c, d, F0, KK4, 6, 7); 378 R(d, e, a, b, c, F0, KK4, 8, 6); 379 R(c, d, e, a, b, F0, KK4, 13, 2); 380 R(b, c, d, e, a, F0, KK4, 6, 13); 381 R(a, b, c, d, e, F0, KK4, 5, 14); 382 R(e, a, b, c, d, F0, KK4, 15, 0); 383 R(d, e, a, b, c, F0, KK4, 13, 3); 384 R(c, d, e, a, b, F0, KK4, 11, 9); 385 R(b, c, d, e, a, F0, KK4, 11, 11); /* #79 */ 386 387 t = state[1] + cc + d; 388 state[1] = state[2] + dd + e; 389 state[2] = state[3] + ee + a; 390 state[3] = state[4] + aa + b; 391 state[4] = state[0] + bb + c; 392 state[0] = t; 393} 394