1
/* rmd160.c - RIPE-MD160
2
* Copyright (C) 1998, 1999, 2000, 2001, 2008 Free Software Foundation, Inc.
4
* This file is part of GnuPG.
6
* GnuPG is free software; you can redistribute it and/or modify
7
* it under the terms of the GNU General Public License as published by
8
* the Free Software Foundation; either version 3 of the License, or
9
* (at your option) any later version.
11
* GnuPG is distributed in the hope that it will be useful,
12
* but WITHOUT ANY WARRANTY; without even the implied warranty of
13
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
* GNU General Public License for more details.
16
* You should have received a copy of the GNU General Public License
17
* along with this program; if not, see <http://www.gnu.org/licenses/>.
20
/* For historic reasons gpg uses RIPE-MD160 to to identify names in
21
the trustdb. It would be better to change that to SHA-1, to take
22
advantage of a SHA-1 hardware operation provided by some CPUs.
23
This would break trustdb compatibility and thus we don't want to do
26
We do not use the libgcrypt provided implementation of RMD160
27
because that is not available in FIPS mode, thus for the sake of
28
gpg internal non-cryptographic, purposes, we use this separate
38
#include "../jnlib/types.h"
42
* Rotate the 32 bit integer X by N bytes.
44
#if defined(__GNUC__) && defined(__i386__)
48
__asm__("roll %%cl,%0"
54
#define rol(x,n) ( ((x) << (n)) | ((x) >> (32-(n))) )
57
/* Structure holding the context for the RIPE-MD160 computation. */
60
u32 h0, h1, h2, h3, h4;
62
unsigned char buf[64];
69
rmd160_init (rmd160_context_t *hd)
83
* Transform the message X which consists of 16 32-bit-words.
86
transform (rmd160_context_t *hd, const unsigned char *data)
88
u32 a,b,c,d,e,aa,bb,cc,dd,ee,t;
89
#ifdef BIG_ENDIAN_HOST
93
unsigned char *p2, *p1;
94
for (i=0, p1=data, p2=(unsigned char*)x; i < 16; i++, p2 += 4 )
104
memcpy (x, data, 64);
108
#define K0 0x00000000
109
#define K1 0x5A827999
110
#define K2 0x6ED9EBA1
111
#define K3 0x8F1BBCDC
112
#define K4 0xA953FD4E
113
#define KK0 0x50A28BE6
114
#define KK1 0x5C4DD124
115
#define KK2 0x6D703EF3
116
#define KK3 0x7A6D76E9
117
#define KK4 0x00000000
118
#define F0(x,y,z) ( (x) ^ (y) ^ (z) )
119
#define F1(x,y,z) ( ((x) & (y)) | (~(x) & (z)) )
120
#define F2(x,y,z) ( ((x) | ~(y)) ^ (z) )
121
#define F3(x,y,z) ( ((x) & (z)) | ((y) & ~(z)) )
122
#define F4(x,y,z) ( (x) ^ ((y) | ~(z)) )
123
#define R(a,b,c,d,e,f,k,r,s) do { t = a + f(b,c,d) + k + x[r]; \
134
R( a, b, c, d, e, F0, K0, 0, 11 );
135
R( e, a, b, c, d, F0, K0, 1, 14 );
136
R( d, e, a, b, c, F0, K0, 2, 15 );
137
R( c, d, e, a, b, F0, K0, 3, 12 );
138
R( b, c, d, e, a, F0, K0, 4, 5 );
139
R( a, b, c, d, e, F0, K0, 5, 8 );
140
R( e, a, b, c, d, F0, K0, 6, 7 );
141
R( d, e, a, b, c, F0, K0, 7, 9 );
142
R( c, d, e, a, b, F0, K0, 8, 11 );
143
R( b, c, d, e, a, F0, K0, 9, 13 );
144
R( a, b, c, d, e, F0, K0, 10, 14 );
145
R( e, a, b, c, d, F0, K0, 11, 15 );
146
R( d, e, a, b, c, F0, K0, 12, 6 );
147
R( c, d, e, a, b, F0, K0, 13, 7 );
148
R( b, c, d, e, a, F0, K0, 14, 9 );
149
R( a, b, c, d, e, F0, K0, 15, 8 );
150
R( e, a, b, c, d, F1, K1, 7, 7 );
151
R( d, e, a, b, c, F1, K1, 4, 6 );
152
R( c, d, e, a, b, F1, K1, 13, 8 );
153
R( b, c, d, e, a, F1, K1, 1, 13 );
154
R( a, b, c, d, e, F1, K1, 10, 11 );
155
R( e, a, b, c, d, F1, K1, 6, 9 );
156
R( d, e, a, b, c, F1, K1, 15, 7 );
157
R( c, d, e, a, b, F1, K1, 3, 15 );
158
R( b, c, d, e, a, F1, K1, 12, 7 );
159
R( a, b, c, d, e, F1, K1, 0, 12 );
160
R( e, a, b, c, d, F1, K1, 9, 15 );
161
R( d, e, a, b, c, F1, K1, 5, 9 );
162
R( c, d, e, a, b, F1, K1, 2, 11 );
163
R( b, c, d, e, a, F1, K1, 14, 7 );
164
R( a, b, c, d, e, F1, K1, 11, 13 );
165
R( e, a, b, c, d, F1, K1, 8, 12 );
166
R( d, e, a, b, c, F2, K2, 3, 11 );
167
R( c, d, e, a, b, F2, K2, 10, 13 );
168
R( b, c, d, e, a, F2, K2, 14, 6 );
169
R( a, b, c, d, e, F2, K2, 4, 7 );
170
R( e, a, b, c, d, F2, K2, 9, 14 );
171
R( d, e, a, b, c, F2, K2, 15, 9 );
172
R( c, d, e, a, b, F2, K2, 8, 13 );
173
R( b, c, d, e, a, F2, K2, 1, 15 );
174
R( a, b, c, d, e, F2, K2, 2, 14 );
175
R( e, a, b, c, d, F2, K2, 7, 8 );
176
R( d, e, a, b, c, F2, K2, 0, 13 );
177
R( c, d, e, a, b, F2, K2, 6, 6 );
178
R( b, c, d, e, a, F2, K2, 13, 5 );
179
R( a, b, c, d, e, F2, K2, 11, 12 );
180
R( e, a, b, c, d, F2, K2, 5, 7 );
181
R( d, e, a, b, c, F2, K2, 12, 5 );
182
R( c, d, e, a, b, F3, K3, 1, 11 );
183
R( b, c, d, e, a, F3, K3, 9, 12 );
184
R( a, b, c, d, e, F3, K3, 11, 14 );
185
R( e, a, b, c, d, F3, K3, 10, 15 );
186
R( d, e, a, b, c, F3, K3, 0, 14 );
187
R( c, d, e, a, b, F3, K3, 8, 15 );
188
R( b, c, d, e, a, F3, K3, 12, 9 );
189
R( a, b, c, d, e, F3, K3, 4, 8 );
190
R( e, a, b, c, d, F3, K3, 13, 9 );
191
R( d, e, a, b, c, F3, K3, 3, 14 );
192
R( c, d, e, a, b, F3, K3, 7, 5 );
193
R( b, c, d, e, a, F3, K3, 15, 6 );
194
R( a, b, c, d, e, F3, K3, 14, 8 );
195
R( e, a, b, c, d, F3, K3, 5, 6 );
196
R( d, e, a, b, c, F3, K3, 6, 5 );
197
R( c, d, e, a, b, F3, K3, 2, 12 );
198
R( b, c, d, e, a, F4, K4, 4, 9 );
199
R( a, b, c, d, e, F4, K4, 0, 15 );
200
R( e, a, b, c, d, F4, K4, 5, 5 );
201
R( d, e, a, b, c, F4, K4, 9, 11 );
202
R( c, d, e, a, b, F4, K4, 7, 6 );
203
R( b, c, d, e, a, F4, K4, 12, 8 );
204
R( a, b, c, d, e, F4, K4, 2, 13 );
205
R( e, a, b, c, d, F4, K4, 10, 12 );
206
R( d, e, a, b, c, F4, K4, 14, 5 );
207
R( c, d, e, a, b, F4, K4, 1, 12 );
208
R( b, c, d, e, a, F4, K4, 3, 13 );
209
R( a, b, c, d, e, F4, K4, 8, 14 );
210
R( e, a, b, c, d, F4, K4, 11, 11 );
211
R( d, e, a, b, c, F4, K4, 6, 8 );
212
R( c, d, e, a, b, F4, K4, 15, 5 );
213
R( b, c, d, e, a, F4, K4, 13, 6 );
215
aa = a; bb = b; cc = c; dd = d; ee = e;
223
R( a, b, c, d, e, F4, KK0, 5, 8);
224
R( e, a, b, c, d, F4, KK0, 14, 9);
225
R( d, e, a, b, c, F4, KK0, 7, 9);
226
R( c, d, e, a, b, F4, KK0, 0, 11);
227
R( b, c, d, e, a, F4, KK0, 9, 13);
228
R( a, b, c, d, e, F4, KK0, 2, 15);
229
R( e, a, b, c, d, F4, KK0, 11, 15);
230
R( d, e, a, b, c, F4, KK0, 4, 5);
231
R( c, d, e, a, b, F4, KK0, 13, 7);
232
R( b, c, d, e, a, F4, KK0, 6, 7);
233
R( a, b, c, d, e, F4, KK0, 15, 8);
234
R( e, a, b, c, d, F4, KK0, 8, 11);
235
R( d, e, a, b, c, F4, KK0, 1, 14);
236
R( c, d, e, a, b, F4, KK0, 10, 14);
237
R( b, c, d, e, a, F4, KK0, 3, 12);
238
R( a, b, c, d, e, F4, KK0, 12, 6);
239
R( e, a, b, c, d, F3, KK1, 6, 9);
240
R( d, e, a, b, c, F3, KK1, 11, 13);
241
R( c, d, e, a, b, F3, KK1, 3, 15);
242
R( b, c, d, e, a, F3, KK1, 7, 7);
243
R( a, b, c, d, e, F3, KK1, 0, 12);
244
R( e, a, b, c, d, F3, KK1, 13, 8);
245
R( d, e, a, b, c, F3, KK1, 5, 9);
246
R( c, d, e, a, b, F3, KK1, 10, 11);
247
R( b, c, d, e, a, F3, KK1, 14, 7);
248
R( a, b, c, d, e, F3, KK1, 15, 7);
249
R( e, a, b, c, d, F3, KK1, 8, 12);
250
R( d, e, a, b, c, F3, KK1, 12, 7);
251
R( c, d, e, a, b, F3, KK1, 4, 6);
252
R( b, c, d, e, a, F3, KK1, 9, 15);
253
R( a, b, c, d, e, F3, KK1, 1, 13);
254
R( e, a, b, c, d, F3, KK1, 2, 11);
255
R( d, e, a, b, c, F2, KK2, 15, 9);
256
R( c, d, e, a, b, F2, KK2, 5, 7);
257
R( b, c, d, e, a, F2, KK2, 1, 15);
258
R( a, b, c, d, e, F2, KK2, 3, 11);
259
R( e, a, b, c, d, F2, KK2, 7, 8);
260
R( d, e, a, b, c, F2, KK2, 14, 6);
261
R( c, d, e, a, b, F2, KK2, 6, 6);
262
R( b, c, d, e, a, F2, KK2, 9, 14);
263
R( a, b, c, d, e, F2, KK2, 11, 12);
264
R( e, a, b, c, d, F2, KK2, 8, 13);
265
R( d, e, a, b, c, F2, KK2, 12, 5);
266
R( c, d, e, a, b, F2, KK2, 2, 14);
267
R( b, c, d, e, a, F2, KK2, 10, 13);
268
R( a, b, c, d, e, F2, KK2, 0, 13);
269
R( e, a, b, c, d, F2, KK2, 4, 7);
270
R( d, e, a, b, c, F2, KK2, 13, 5);
271
R( c, d, e, a, b, F1, KK3, 8, 15);
272
R( b, c, d, e, a, F1, KK3, 6, 5);
273
R( a, b, c, d, e, F1, KK3, 4, 8);
274
R( e, a, b, c, d, F1, KK3, 1, 11);
275
R( d, e, a, b, c, F1, KK3, 3, 14);
276
R( c, d, e, a, b, F1, KK3, 11, 14);
277
R( b, c, d, e, a, F1, KK3, 15, 6);
278
R( a, b, c, d, e, F1, KK3, 0, 14);
279
R( e, a, b, c, d, F1, KK3, 5, 6);
280
R( d, e, a, b, c, F1, KK3, 12, 9);
281
R( c, d, e, a, b, F1, KK3, 2, 12);
282
R( b, c, d, e, a, F1, KK3, 13, 9);
283
R( a, b, c, d, e, F1, KK3, 9, 12);
284
R( e, a, b, c, d, F1, KK3, 7, 5);
285
R( d, e, a, b, c, F1, KK3, 10, 15);
286
R( c, d, e, a, b, F1, KK3, 14, 8);
287
R( b, c, d, e, a, F0, KK4, 12, 8);
288
R( a, b, c, d, e, F0, KK4, 15, 5);
289
R( e, a, b, c, d, F0, KK4, 10, 12);
290
R( d, e, a, b, c, F0, KK4, 4, 9);
291
R( c, d, e, a, b, F0, KK4, 1, 12);
292
R( b, c, d, e, a, F0, KK4, 5, 5);
293
R( a, b, c, d, e, F0, KK4, 8, 14);
294
R( e, a, b, c, d, F0, KK4, 7, 6);
295
R( d, e, a, b, c, F0, KK4, 6, 8);
296
R( c, d, e, a, b, F0, KK4, 2, 13);
297
R( b, c, d, e, a, F0, KK4, 13, 6);
298
R( a, b, c, d, e, F0, KK4, 14, 5);
299
R( e, a, b, c, d, F0, KK4, 0, 15);
300
R( d, e, a, b, c, F0, KK4, 3, 13);
301
R( c, d, e, a, b, F0, KK4, 9, 11);
302
R( b, c, d, e, a, F0, KK4, 11, 11);
306
hd->h1 = hd->h2 + e + dd;
307
hd->h2 = hd->h3 + a + ee;
308
hd->h3 = hd->h4 + b + aa;
309
hd->h4 = hd->h0 + c + bb;
314
/* Update the message digest with the content of (INBUF,INLEN). */
316
rmd160_write (rmd160_context_t *hd, const unsigned char *inbuf, size_t inlen)
318
if( hd->count == 64 )
320
/* Flush the buffer. */
321
transform (hd, hd->buf);
330
for (; inlen && hd->count < 64; inlen--)
331
hd->buf[hd->count++] = *inbuf++;
332
rmd160_write (hd, NULL, 0);
339
transform (hd, inbuf);
345
for (; inlen && hd->count < 64; inlen--)
346
hd->buf[hd->count++] = *inbuf++;
350
/* Complete the message computation. */
352
rmd160_final( rmd160_context_t *hd )
357
rmd160_write (hd, NULL, 0); /* Flush buffer. */
360
/* Multiply by 64 to make a byte count. */
365
if ((lsb += hd->count) < t)
367
/* Multiply by 8 to make a bit count. */
376
hd->buf[hd->count++] = 0x80; /* Pad character. */
377
while (hd->count < 56)
378
hd->buf[hd->count++] = 0;
382
/* Need one extra block. */
383
hd->buf[hd->count++] = 0x80; /* Pad character. */
384
while (hd->count < 64)
385
hd->buf[hd->count++] = 0;
386
rmd160_write (hd, NULL, 0); /* Flush buffer. */
387
memset (hd->buf, 0, 56); /* Fill next block with zeroes. */
389
/* Append the 64 bit count. */
391
hd->buf[57] = lsb >> 8;
392
hd->buf[58] = lsb >> 16;
393
hd->buf[59] = lsb >> 24;
395
hd->buf[61] = msb >> 8;
396
hd->buf[62] = msb >> 16;
397
hd->buf[63] = msb >> 24;
398
transform (hd, hd->buf);
401
#define X(a) do { *p++ = hd->h##a; *p++ = hd->h##a >> 8; \
402
*p++ = hd->h##a >> 16; *p++ = hd->h##a >> 24; } while(0)
413
* Compines function to put the hash value of the supplied BUFFER into
414
* OUTBUF which must have a size of 20 bytes.
417
rmd160_hash_buffer (void *outbuf, const void *buffer, size_t length)
422
rmd160_write (&hd, buffer, length);
424
memcpy (outbuf, hd.buf, 20);