1
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
3
* LibTomCrypt is a library that provides various cryptographic
4
* algorithms in a highly modular and flexible manner.
6
* The library is free for all purposes without any express
9
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
12
/* Implementation of RIPEMD-128 based on the source by Antoon Bosselaers, ESAT-COSIC
14
* This source has been radically overhauled to be portable and work within
15
* the LibTomCrypt API by Tom St Denis
21
const struct _hash_descriptor rmd128_desc =
28
/* DER identifier (not supported) */
38
/* the four basic functions F(), G() and H() */
39
#define F(x, y, z) ((x) ^ (y) ^ (z))
40
#define G(x, y, z) (((x) & (y)) | (~(x) & (z)))
41
#define H(x, y, z) (((x) | ~(y)) ^ (z))
42
#define I(x, y, z) (((x) & (z)) | ((y) & ~(z)))
44
/* the eight basic operations FF() through III() */
45
#define FF(a, b, c, d, x, s) \
46
(a) += F((b), (c), (d)) + (x);\
49
#define GG(a, b, c, d, x, s) \
50
(a) += G((b), (c), (d)) + (x) + 0x5a827999UL;\
53
#define HH(a, b, c, d, x, s) \
54
(a) += H((b), (c), (d)) + (x) + 0x6ed9eba1UL;\
57
#define II(a, b, c, d, x, s) \
58
(a) += I((b), (c), (d)) + (x) + 0x8f1bbcdcUL;\
61
#define FFF(a, b, c, d, x, s) \
62
(a) += F((b), (c), (d)) + (x);\
65
#define GGG(a, b, c, d, x, s) \
66
(a) += G((b), (c), (d)) + (x) + 0x6d703ef3UL;\
69
#define HHH(a, b, c, d, x, s) \
70
(a) += H((b), (c), (d)) + (x) + 0x5c4dd124UL;\
73
#define III(a, b, c, d, x, s) \
74
(a) += I((b), (c), (d)) + (x) + 0x50a28be6UL;\
78
static int _rmd128_compress(hash_state *md, unsigned char *buf)
80
static int rmd128_compress(hash_state *md, unsigned char *buf)
83
ulong32 aa,bb,cc,dd,aaa,bbb,ccc,ddd,X[16];
87
for (i = 0; i < 16; i++){
88
LOAD32L(X[i], buf + (4 * i));
92
aa = aaa = md->rmd128.state[0];
93
bb = bbb = md->rmd128.state[1];
94
cc = ccc = md->rmd128.state[2];
95
dd = ddd = md->rmd128.state[3];
98
FF(aa, bb, cc, dd, X[ 0], 11);
99
FF(dd, aa, bb, cc, X[ 1], 14);
100
FF(cc, dd, aa, bb, X[ 2], 15);
101
FF(bb, cc, dd, aa, X[ 3], 12);
102
FF(aa, bb, cc, dd, X[ 4], 5);
103
FF(dd, aa, bb, cc, X[ 5], 8);
104
FF(cc, dd, aa, bb, X[ 6], 7);
105
FF(bb, cc, dd, aa, X[ 7], 9);
106
FF(aa, bb, cc, dd, X[ 8], 11);
107
FF(dd, aa, bb, cc, X[ 9], 13);
108
FF(cc, dd, aa, bb, X[10], 14);
109
FF(bb, cc, dd, aa, X[11], 15);
110
FF(aa, bb, cc, dd, X[12], 6);
111
FF(dd, aa, bb, cc, X[13], 7);
112
FF(cc, dd, aa, bb, X[14], 9);
113
FF(bb, cc, dd, aa, X[15], 8);
116
GG(aa, bb, cc, dd, X[ 7], 7);
117
GG(dd, aa, bb, cc, X[ 4], 6);
118
GG(cc, dd, aa, bb, X[13], 8);
119
GG(bb, cc, dd, aa, X[ 1], 13);
120
GG(aa, bb, cc, dd, X[10], 11);
121
GG(dd, aa, bb, cc, X[ 6], 9);
122
GG(cc, dd, aa, bb, X[15], 7);
123
GG(bb, cc, dd, aa, X[ 3], 15);
124
GG(aa, bb, cc, dd, X[12], 7);
125
GG(dd, aa, bb, cc, X[ 0], 12);
126
GG(cc, dd, aa, bb, X[ 9], 15);
127
GG(bb, cc, dd, aa, X[ 5], 9);
128
GG(aa, bb, cc, dd, X[ 2], 11);
129
GG(dd, aa, bb, cc, X[14], 7);
130
GG(cc, dd, aa, bb, X[11], 13);
131
GG(bb, cc, dd, aa, X[ 8], 12);
134
HH(aa, bb, cc, dd, X[ 3], 11);
135
HH(dd, aa, bb, cc, X[10], 13);
136
HH(cc, dd, aa, bb, X[14], 6);
137
HH(bb, cc, dd, aa, X[ 4], 7);
138
HH(aa, bb, cc, dd, X[ 9], 14);
139
HH(dd, aa, bb, cc, X[15], 9);
140
HH(cc, dd, aa, bb, X[ 8], 13);
141
HH(bb, cc, dd, aa, X[ 1], 15);
142
HH(aa, bb, cc, dd, X[ 2], 14);
143
HH(dd, aa, bb, cc, X[ 7], 8);
144
HH(cc, dd, aa, bb, X[ 0], 13);
145
HH(bb, cc, dd, aa, X[ 6], 6);
146
HH(aa, bb, cc, dd, X[13], 5);
147
HH(dd, aa, bb, cc, X[11], 12);
148
HH(cc, dd, aa, bb, X[ 5], 7);
149
HH(bb, cc, dd, aa, X[12], 5);
152
II(aa, bb, cc, dd, X[ 1], 11);
153
II(dd, aa, bb, cc, X[ 9], 12);
154
II(cc, dd, aa, bb, X[11], 14);
155
II(bb, cc, dd, aa, X[10], 15);
156
II(aa, bb, cc, dd, X[ 0], 14);
157
II(dd, aa, bb, cc, X[ 8], 15);
158
II(cc, dd, aa, bb, X[12], 9);
159
II(bb, cc, dd, aa, X[ 4], 8);
160
II(aa, bb, cc, dd, X[13], 9);
161
II(dd, aa, bb, cc, X[ 3], 14);
162
II(cc, dd, aa, bb, X[ 7], 5);
163
II(bb, cc, dd, aa, X[15], 6);
164
II(aa, bb, cc, dd, X[14], 8);
165
II(dd, aa, bb, cc, X[ 5], 6);
166
II(cc, dd, aa, bb, X[ 6], 5);
167
II(bb, cc, dd, aa, X[ 2], 12);
169
/* parallel round 1 */
170
III(aaa, bbb, ccc, ddd, X[ 5], 8);
171
III(ddd, aaa, bbb, ccc, X[14], 9);
172
III(ccc, ddd, aaa, bbb, X[ 7], 9);
173
III(bbb, ccc, ddd, aaa, X[ 0], 11);
174
III(aaa, bbb, ccc, ddd, X[ 9], 13);
175
III(ddd, aaa, bbb, ccc, X[ 2], 15);
176
III(ccc, ddd, aaa, bbb, X[11], 15);
177
III(bbb, ccc, ddd, aaa, X[ 4], 5);
178
III(aaa, bbb, ccc, ddd, X[13], 7);
179
III(ddd, aaa, bbb, ccc, X[ 6], 7);
180
III(ccc, ddd, aaa, bbb, X[15], 8);
181
III(bbb, ccc, ddd, aaa, X[ 8], 11);
182
III(aaa, bbb, ccc, ddd, X[ 1], 14);
183
III(ddd, aaa, bbb, ccc, X[10], 14);
184
III(ccc, ddd, aaa, bbb, X[ 3], 12);
185
III(bbb, ccc, ddd, aaa, X[12], 6);
187
/* parallel round 2 */
188
HHH(aaa, bbb, ccc, ddd, X[ 6], 9);
189
HHH(ddd, aaa, bbb, ccc, X[11], 13);
190
HHH(ccc, ddd, aaa, bbb, X[ 3], 15);
191
HHH(bbb, ccc, ddd, aaa, X[ 7], 7);
192
HHH(aaa, bbb, ccc, ddd, X[ 0], 12);
193
HHH(ddd, aaa, bbb, ccc, X[13], 8);
194
HHH(ccc, ddd, aaa, bbb, X[ 5], 9);
195
HHH(bbb, ccc, ddd, aaa, X[10], 11);
196
HHH(aaa, bbb, ccc, ddd, X[14], 7);
197
HHH(ddd, aaa, bbb, ccc, X[15], 7);
198
HHH(ccc, ddd, aaa, bbb, X[ 8], 12);
199
HHH(bbb, ccc, ddd, aaa, X[12], 7);
200
HHH(aaa, bbb, ccc, ddd, X[ 4], 6);
201
HHH(ddd, aaa, bbb, ccc, X[ 9], 15);
202
HHH(ccc, ddd, aaa, bbb, X[ 1], 13);
203
HHH(bbb, ccc, ddd, aaa, X[ 2], 11);
205
/* parallel round 3 */
206
GGG(aaa, bbb, ccc, ddd, X[15], 9);
207
GGG(ddd, aaa, bbb, ccc, X[ 5], 7);
208
GGG(ccc, ddd, aaa, bbb, X[ 1], 15);
209
GGG(bbb, ccc, ddd, aaa, X[ 3], 11);
210
GGG(aaa, bbb, ccc, ddd, X[ 7], 8);
211
GGG(ddd, aaa, bbb, ccc, X[14], 6);
212
GGG(ccc, ddd, aaa, bbb, X[ 6], 6);
213
GGG(bbb, ccc, ddd, aaa, X[ 9], 14);
214
GGG(aaa, bbb, ccc, ddd, X[11], 12);
215
GGG(ddd, aaa, bbb, ccc, X[ 8], 13);
216
GGG(ccc, ddd, aaa, bbb, X[12], 5);
217
GGG(bbb, ccc, ddd, aaa, X[ 2], 14);
218
GGG(aaa, bbb, ccc, ddd, X[10], 13);
219
GGG(ddd, aaa, bbb, ccc, X[ 0], 13);
220
GGG(ccc, ddd, aaa, bbb, X[ 4], 7);
221
GGG(bbb, ccc, ddd, aaa, X[13], 5);
223
/* parallel round 4 */
224
FFF(aaa, bbb, ccc, ddd, X[ 8], 15);
225
FFF(ddd, aaa, bbb, ccc, X[ 6], 5);
226
FFF(ccc, ddd, aaa, bbb, X[ 4], 8);
227
FFF(bbb, ccc, ddd, aaa, X[ 1], 11);
228
FFF(aaa, bbb, ccc, ddd, X[ 3], 14);
229
FFF(ddd, aaa, bbb, ccc, X[11], 14);
230
FFF(ccc, ddd, aaa, bbb, X[15], 6);
231
FFF(bbb, ccc, ddd, aaa, X[ 0], 14);
232
FFF(aaa, bbb, ccc, ddd, X[ 5], 6);
233
FFF(ddd, aaa, bbb, ccc, X[12], 9);
234
FFF(ccc, ddd, aaa, bbb, X[ 2], 12);
235
FFF(bbb, ccc, ddd, aaa, X[13], 9);
236
FFF(aaa, bbb, ccc, ddd, X[ 9], 12);
237
FFF(ddd, aaa, bbb, ccc, X[ 7], 5);
238
FFF(ccc, ddd, aaa, bbb, X[10], 15);
239
FFF(bbb, ccc, ddd, aaa, X[14], 8);
241
/* combine results */
242
ddd += cc + md->rmd128.state[1]; /* final result for MDbuf[0] */
243
md->rmd128.state[1] = md->rmd128.state[2] + dd + aaa;
244
md->rmd128.state[2] = md->rmd128.state[3] + aa + bbb;
245
md->rmd128.state[3] = md->rmd128.state[0] + bb + ccc;
246
md->rmd128.state[0] = ddd;
252
static int rmd128_compress(hash_state *md, unsigned char *buf)
255
err = _rmd128_compress(md, buf);
256
burn_stack(sizeof(ulong32) * 24 + sizeof(int));
261
int rmd128_init(hash_state * md)
264
md->rmd128.state[0] = 0x67452301UL;
265
md->rmd128.state[1] = 0xefcdab89UL;
266
md->rmd128.state[2] = 0x98badcfeUL;
267
md->rmd128.state[3] = 0x10325476UL;
268
md->rmd128.curlen = 0;
269
md->rmd128.length = 0;
273
HASH_PROCESS(rmd128_process, rmd128_compress, rmd128, 64)
275
int rmd128_done(hash_state * md, unsigned char *hash)
280
_ARGCHK(hash != NULL);
282
if (md->rmd128.curlen >= sizeof(md->rmd128.buf)) {
283
return CRYPT_INVALID_ARG;
287
/* increase the length of the message */
288
md->rmd128.length += md->rmd128.curlen * 8;
290
/* append the '1' bit */
291
md->rmd128.buf[md->rmd128.curlen++] = (unsigned char)0x80;
293
/* if the length is currently above 56 bytes we append zeros
294
* then compress. Then we can fall back to padding zeros and length
295
* encoding like normal.
297
if (md->rmd128.curlen > 56) {
298
while (md->rmd128.curlen < 64) {
299
md->rmd128.buf[md->rmd128.curlen++] = (unsigned char)0;
301
rmd128_compress(md, md->rmd128.buf);
302
md->rmd128.curlen = 0;
305
/* pad upto 56 bytes of zeroes */
306
while (md->rmd128.curlen < 56) {
307
md->rmd128.buf[md->rmd128.curlen++] = (unsigned char)0;
311
STORE64L(md->rmd128.length, md->rmd128.buf+56);
312
rmd128_compress(md, md->rmd128.buf);
315
for (i = 0; i < 4; i++) {
316
STORE32L(md->rmd128.state[i], hash+(4*i));
319
zeromem(md, sizeof(hash_state));
324
int rmd128_test(void)
329
static const struct {
331
unsigned char md[16];
334
{ 0xcd, 0xf2, 0x62, 0x13, 0xa1, 0x50, 0xdc, 0x3e,
335
0xcb, 0x61, 0x0f, 0x18, 0xf6, 0xb3, 0x8b, 0x46 }
338
{ 0x86, 0xbe, 0x7a, 0xfa, 0x33, 0x9d, 0x0f, 0xc7,
339
0xcf, 0xc7, 0x85, 0xe7, 0x2f, 0x57, 0x8d, 0x33 }
342
{ 0xc1, 0x4a, 0x12, 0x19, 0x9c, 0x66, 0xe4, 0xba,
343
0x84, 0x63, 0x6b, 0x0f, 0x69, 0x14, 0x4c, 0x77 }
346
{ 0x9e, 0x32, 0x7b, 0x3d, 0x6e, 0x52, 0x30, 0x62,
347
0xaf, 0xc1, 0x13, 0x2d, 0x7d, 0xf9, 0xd1, 0xb8 }
349
{ "abcdefghijklmnopqrstuvwxyz",
350
{ 0xfd, 0x2a, 0xa6, 0x07, 0xf7, 0x1d, 0xc8, 0xf5,
351
0x10, 0x71, 0x49, 0x22, 0xb3, 0x71, 0x83, 0x4e }
353
{ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
354
{ 0xd1, 0xe9, 0x59, 0xeb, 0x17, 0x9c, 0x91, 0x1f,
355
0xae, 0xa4, 0x62, 0x4c, 0x60, 0xc5, 0xc7, 0x02 }
359
unsigned char buf[16];
362
for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
364
rmd128_process(&md, (unsigned char *)tests[x].msg, strlen(tests[x].msg));
365
rmd128_done(&md, buf);
366
if (memcmp(buf, tests[x].md, 16) != 0) {
368
printf("Failed test %d\n", x);
370
return CRYPT_FAIL_TESTVECTOR;