1
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
3
* LibTomCrypt is a library that provides various cryptographic
4
* algorithms in a highly modular and flexible manner.
6
* The library is free for all purposes without any express
9
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
12
/* Implementation of RIPEMD-160 based on the source by Antoon Bosselaers, ESAT-COSIC
14
* This source has been radically overhauled to be portable and work within
15
* the LibTomCrypt API by Tom St Denis
21
const struct _hash_descriptor rmd160_desc =
29
{ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24,
30
0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14 },
39
/* the five basic functions F(), G() and H() */
40
#define F(x, y, z) ((x) ^ (y) ^ (z))
41
#define G(x, y, z) (((x) & (y)) | (~(x) & (z)))
42
#define H(x, y, z) (((x) | ~(y)) ^ (z))
43
#define I(x, y, z) (((x) & (z)) | ((y) & ~(z)))
44
#define J(x, y, z) ((x) ^ ((y) | ~(z)))
46
/* the ten basic operations FF() through III() */
47
#define FF(a, b, c, d, e, x, s) \
48
(a) += F((b), (c), (d)) + (x);\
49
(a) = ROL((a), (s)) + (e);\
52
#define GG(a, b, c, d, e, x, s) \
53
(a) += G((b), (c), (d)) + (x) + 0x5a827999UL;\
54
(a) = ROL((a), (s)) + (e);\
57
#define HH(a, b, c, d, e, x, s) \
58
(a) += H((b), (c), (d)) + (x) + 0x6ed9eba1UL;\
59
(a) = ROL((a), (s)) + (e);\
62
#define II(a, b, c, d, e, x, s) \
63
(a) += I((b), (c), (d)) + (x) + 0x8f1bbcdcUL;\
64
(a) = ROL((a), (s)) + (e);\
67
#define JJ(a, b, c, d, e, x, s) \
68
(a) += J((b), (c), (d)) + (x) + 0xa953fd4eUL;\
69
(a) = ROL((a), (s)) + (e);\
72
#define FFF(a, b, c, d, e, x, s) \
73
(a) += F((b), (c), (d)) + (x);\
74
(a) = ROL((a), (s)) + (e);\
77
#define GGG(a, b, c, d, e, x, s) \
78
(a) += G((b), (c), (d)) + (x) + 0x7a6d76e9UL;\
79
(a) = ROL((a), (s)) + (e);\
82
#define HHH(a, b, c, d, e, x, s) \
83
(a) += H((b), (c), (d)) + (x) + 0x6d703ef3UL;\
84
(a) = ROL((a), (s)) + (e);\
87
#define III(a, b, c, d, e, x, s) \
88
(a) += I((b), (c), (d)) + (x) + 0x5c4dd124UL;\
89
(a) = ROL((a), (s)) + (e);\
92
#define JJJ(a, b, c, d, e, x, s) \
93
(a) += J((b), (c), (d)) + (x) + 0x50a28be6UL;\
94
(a) = ROL((a), (s)) + (e);\
99
static int _rmd160_compress(hash_state *md, unsigned char *buf)
101
static int rmd160_compress(hash_state *md, unsigned char *buf)
104
ulong32 aa,bb,cc,dd,ee,aaa,bbb,ccc,ddd,eee,X[16];
108
for (i = 0; i < 16; i++){
109
LOAD32L(X[i], buf + (4 * i));
113
aa = aaa = md->rmd160.state[0];
114
bb = bbb = md->rmd160.state[1];
115
cc = ccc = md->rmd160.state[2];
116
dd = ddd = md->rmd160.state[3];
117
ee = eee = md->rmd160.state[4];
120
FF(aa, bb, cc, dd, ee, X[ 0], 11);
121
FF(ee, aa, bb, cc, dd, X[ 1], 14);
122
FF(dd, ee, aa, bb, cc, X[ 2], 15);
123
FF(cc, dd, ee, aa, bb, X[ 3], 12);
124
FF(bb, cc, dd, ee, aa, X[ 4], 5);
125
FF(aa, bb, cc, dd, ee, X[ 5], 8);
126
FF(ee, aa, bb, cc, dd, X[ 6], 7);
127
FF(dd, ee, aa, bb, cc, X[ 7], 9);
128
FF(cc, dd, ee, aa, bb, X[ 8], 11);
129
FF(bb, cc, dd, ee, aa, X[ 9], 13);
130
FF(aa, bb, cc, dd, ee, X[10], 14);
131
FF(ee, aa, bb, cc, dd, X[11], 15);
132
FF(dd, ee, aa, bb, cc, X[12], 6);
133
FF(cc, dd, ee, aa, bb, X[13], 7);
134
FF(bb, cc, dd, ee, aa, X[14], 9);
135
FF(aa, bb, cc, dd, ee, X[15], 8);
138
GG(ee, aa, bb, cc, dd, X[ 7], 7);
139
GG(dd, ee, aa, bb, cc, X[ 4], 6);
140
GG(cc, dd, ee, aa, bb, X[13], 8);
141
GG(bb, cc, dd, ee, aa, X[ 1], 13);
142
GG(aa, bb, cc, dd, ee, X[10], 11);
143
GG(ee, aa, bb, cc, dd, X[ 6], 9);
144
GG(dd, ee, aa, bb, cc, X[15], 7);
145
GG(cc, dd, ee, aa, bb, X[ 3], 15);
146
GG(bb, cc, dd, ee, aa, X[12], 7);
147
GG(aa, bb, cc, dd, ee, X[ 0], 12);
148
GG(ee, aa, bb, cc, dd, X[ 9], 15);
149
GG(dd, ee, aa, bb, cc, X[ 5], 9);
150
GG(cc, dd, ee, aa, bb, X[ 2], 11);
151
GG(bb, cc, dd, ee, aa, X[14], 7);
152
GG(aa, bb, cc, dd, ee, X[11], 13);
153
GG(ee, aa, bb, cc, dd, X[ 8], 12);
156
HH(dd, ee, aa, bb, cc, X[ 3], 11);
157
HH(cc, dd, ee, aa, bb, X[10], 13);
158
HH(bb, cc, dd, ee, aa, X[14], 6);
159
HH(aa, bb, cc, dd, ee, X[ 4], 7);
160
HH(ee, aa, bb, cc, dd, X[ 9], 14);
161
HH(dd, ee, aa, bb, cc, X[15], 9);
162
HH(cc, dd, ee, aa, bb, X[ 8], 13);
163
HH(bb, cc, dd, ee, aa, X[ 1], 15);
164
HH(aa, bb, cc, dd, ee, X[ 2], 14);
165
HH(ee, aa, bb, cc, dd, X[ 7], 8);
166
HH(dd, ee, aa, bb, cc, X[ 0], 13);
167
HH(cc, dd, ee, aa, bb, X[ 6], 6);
168
HH(bb, cc, dd, ee, aa, X[13], 5);
169
HH(aa, bb, cc, dd, ee, X[11], 12);
170
HH(ee, aa, bb, cc, dd, X[ 5], 7);
171
HH(dd, ee, aa, bb, cc, X[12], 5);
174
II(cc, dd, ee, aa, bb, X[ 1], 11);
175
II(bb, cc, dd, ee, aa, X[ 9], 12);
176
II(aa, bb, cc, dd, ee, X[11], 14);
177
II(ee, aa, bb, cc, dd, X[10], 15);
178
II(dd, ee, aa, bb, cc, X[ 0], 14);
179
II(cc, dd, ee, aa, bb, X[ 8], 15);
180
II(bb, cc, dd, ee, aa, X[12], 9);
181
II(aa, bb, cc, dd, ee, X[ 4], 8);
182
II(ee, aa, bb, cc, dd, X[13], 9);
183
II(dd, ee, aa, bb, cc, X[ 3], 14);
184
II(cc, dd, ee, aa, bb, X[ 7], 5);
185
II(bb, cc, dd, ee, aa, X[15], 6);
186
II(aa, bb, cc, dd, ee, X[14], 8);
187
II(ee, aa, bb, cc, dd, X[ 5], 6);
188
II(dd, ee, aa, bb, cc, X[ 6], 5);
189
II(cc, dd, ee, aa, bb, X[ 2], 12);
192
JJ(bb, cc, dd, ee, aa, X[ 4], 9);
193
JJ(aa, bb, cc, dd, ee, X[ 0], 15);
194
JJ(ee, aa, bb, cc, dd, X[ 5], 5);
195
JJ(dd, ee, aa, bb, cc, X[ 9], 11);
196
JJ(cc, dd, ee, aa, bb, X[ 7], 6);
197
JJ(bb, cc, dd, ee, aa, X[12], 8);
198
JJ(aa, bb, cc, dd, ee, X[ 2], 13);
199
JJ(ee, aa, bb, cc, dd, X[10], 12);
200
JJ(dd, ee, aa, bb, cc, X[14], 5);
201
JJ(cc, dd, ee, aa, bb, X[ 1], 12);
202
JJ(bb, cc, dd, ee, aa, X[ 3], 13);
203
JJ(aa, bb, cc, dd, ee, X[ 8], 14);
204
JJ(ee, aa, bb, cc, dd, X[11], 11);
205
JJ(dd, ee, aa, bb, cc, X[ 6], 8);
206
JJ(cc, dd, ee, aa, bb, X[15], 5);
207
JJ(bb, cc, dd, ee, aa, X[13], 6);
209
/* parallel round 1 */
210
JJJ(aaa, bbb, ccc, ddd, eee, X[ 5], 8);
211
JJJ(eee, aaa, bbb, ccc, ddd, X[14], 9);
212
JJJ(ddd, eee, aaa, bbb, ccc, X[ 7], 9);
213
JJJ(ccc, ddd, eee, aaa, bbb, X[ 0], 11);
214
JJJ(bbb, ccc, ddd, eee, aaa, X[ 9], 13);
215
JJJ(aaa, bbb, ccc, ddd, eee, X[ 2], 15);
216
JJJ(eee, aaa, bbb, ccc, ddd, X[11], 15);
217
JJJ(ddd, eee, aaa, bbb, ccc, X[ 4], 5);
218
JJJ(ccc, ddd, eee, aaa, bbb, X[13], 7);
219
JJJ(bbb, ccc, ddd, eee, aaa, X[ 6], 7);
220
JJJ(aaa, bbb, ccc, ddd, eee, X[15], 8);
221
JJJ(eee, aaa, bbb, ccc, ddd, X[ 8], 11);
222
JJJ(ddd, eee, aaa, bbb, ccc, X[ 1], 14);
223
JJJ(ccc, ddd, eee, aaa, bbb, X[10], 14);
224
JJJ(bbb, ccc, ddd, eee, aaa, X[ 3], 12);
225
JJJ(aaa, bbb, ccc, ddd, eee, X[12], 6);
227
/* parallel round 2 */
228
III(eee, aaa, bbb, ccc, ddd, X[ 6], 9);
229
III(ddd, eee, aaa, bbb, ccc, X[11], 13);
230
III(ccc, ddd, eee, aaa, bbb, X[ 3], 15);
231
III(bbb, ccc, ddd, eee, aaa, X[ 7], 7);
232
III(aaa, bbb, ccc, ddd, eee, X[ 0], 12);
233
III(eee, aaa, bbb, ccc, ddd, X[13], 8);
234
III(ddd, eee, aaa, bbb, ccc, X[ 5], 9);
235
III(ccc, ddd, eee, aaa, bbb, X[10], 11);
236
III(bbb, ccc, ddd, eee, aaa, X[14], 7);
237
III(aaa, bbb, ccc, ddd, eee, X[15], 7);
238
III(eee, aaa, bbb, ccc, ddd, X[ 8], 12);
239
III(ddd, eee, aaa, bbb, ccc, X[12], 7);
240
III(ccc, ddd, eee, aaa, bbb, X[ 4], 6);
241
III(bbb, ccc, ddd, eee, aaa, X[ 9], 15);
242
III(aaa, bbb, ccc, ddd, eee, X[ 1], 13);
243
III(eee, aaa, bbb, ccc, ddd, X[ 2], 11);
245
/* parallel round 3 */
246
HHH(ddd, eee, aaa, bbb, ccc, X[15], 9);
247
HHH(ccc, ddd, eee, aaa, bbb, X[ 5], 7);
248
HHH(bbb, ccc, ddd, eee, aaa, X[ 1], 15);
249
HHH(aaa, bbb, ccc, ddd, eee, X[ 3], 11);
250
HHH(eee, aaa, bbb, ccc, ddd, X[ 7], 8);
251
HHH(ddd, eee, aaa, bbb, ccc, X[14], 6);
252
HHH(ccc, ddd, eee, aaa, bbb, X[ 6], 6);
253
HHH(bbb, ccc, ddd, eee, aaa, X[ 9], 14);
254
HHH(aaa, bbb, ccc, ddd, eee, X[11], 12);
255
HHH(eee, aaa, bbb, ccc, ddd, X[ 8], 13);
256
HHH(ddd, eee, aaa, bbb, ccc, X[12], 5);
257
HHH(ccc, ddd, eee, aaa, bbb, X[ 2], 14);
258
HHH(bbb, ccc, ddd, eee, aaa, X[10], 13);
259
HHH(aaa, bbb, ccc, ddd, eee, X[ 0], 13);
260
HHH(eee, aaa, bbb, ccc, ddd, X[ 4], 7);
261
HHH(ddd, eee, aaa, bbb, ccc, X[13], 5);
263
/* parallel round 4 */
264
GGG(ccc, ddd, eee, aaa, bbb, X[ 8], 15);
265
GGG(bbb, ccc, ddd, eee, aaa, X[ 6], 5);
266
GGG(aaa, bbb, ccc, ddd, eee, X[ 4], 8);
267
GGG(eee, aaa, bbb, ccc, ddd, X[ 1], 11);
268
GGG(ddd, eee, aaa, bbb, ccc, X[ 3], 14);
269
GGG(ccc, ddd, eee, aaa, bbb, X[11], 14);
270
GGG(bbb, ccc, ddd, eee, aaa, X[15], 6);
271
GGG(aaa, bbb, ccc, ddd, eee, X[ 0], 14);
272
GGG(eee, aaa, bbb, ccc, ddd, X[ 5], 6);
273
GGG(ddd, eee, aaa, bbb, ccc, X[12], 9);
274
GGG(ccc, ddd, eee, aaa, bbb, X[ 2], 12);
275
GGG(bbb, ccc, ddd, eee, aaa, X[13], 9);
276
GGG(aaa, bbb, ccc, ddd, eee, X[ 9], 12);
277
GGG(eee, aaa, bbb, ccc, ddd, X[ 7], 5);
278
GGG(ddd, eee, aaa, bbb, ccc, X[10], 15);
279
GGG(ccc, ddd, eee, aaa, bbb, X[14], 8);
281
/* parallel round 5 */
282
FFF(bbb, ccc, ddd, eee, aaa, X[12] , 8);
283
FFF(aaa, bbb, ccc, ddd, eee, X[15] , 5);
284
FFF(eee, aaa, bbb, ccc, ddd, X[10] , 12);
285
FFF(ddd, eee, aaa, bbb, ccc, X[ 4] , 9);
286
FFF(ccc, ddd, eee, aaa, bbb, X[ 1] , 12);
287
FFF(bbb, ccc, ddd, eee, aaa, X[ 5] , 5);
288
FFF(aaa, bbb, ccc, ddd, eee, X[ 8] , 14);
289
FFF(eee, aaa, bbb, ccc, ddd, X[ 7] , 6);
290
FFF(ddd, eee, aaa, bbb, ccc, X[ 6] , 8);
291
FFF(ccc, ddd, eee, aaa, bbb, X[ 2] , 13);
292
FFF(bbb, ccc, ddd, eee, aaa, X[13] , 6);
293
FFF(aaa, bbb, ccc, ddd, eee, X[14] , 5);
294
FFF(eee, aaa, bbb, ccc, ddd, X[ 0] , 15);
295
FFF(ddd, eee, aaa, bbb, ccc, X[ 3] , 13);
296
FFF(ccc, ddd, eee, aaa, bbb, X[ 9] , 11);
297
FFF(bbb, ccc, ddd, eee, aaa, X[11] , 11);
299
/* combine results */
300
ddd += cc + md->rmd160.state[1]; /* final result for md->rmd160.state[0] */
301
md->rmd160.state[1] = md->rmd160.state[2] + dd + eee;
302
md->rmd160.state[2] = md->rmd160.state[3] + ee + aaa;
303
md->rmd160.state[3] = md->rmd160.state[4] + aa + bbb;
304
md->rmd160.state[4] = md->rmd160.state[0] + bb + ccc;
305
md->rmd160.state[0] = ddd;
311
static int rmd160_compress(hash_state *md, unsigned char *buf)
314
err = _rmd160_compress(md, buf);
315
burn_stack(sizeof(ulong32) * 26 + sizeof(int));
320
int rmd160_init(hash_state * md)
323
md->rmd160.state[0] = 0x67452301UL;
324
md->rmd160.state[1] = 0xefcdab89UL;
325
md->rmd160.state[2] = 0x98badcfeUL;
326
md->rmd160.state[3] = 0x10325476UL;
327
md->rmd160.state[4] = 0xc3d2e1f0UL;
328
md->rmd160.curlen = 0;
329
md->rmd160.length = 0;
333
HASH_PROCESS(rmd160_process, rmd160_compress, rmd160, 64)
335
int rmd160_done(hash_state * md, unsigned char *hash)
340
_ARGCHK(hash != NULL);
342
if (md->rmd160.curlen >= sizeof(md->rmd160.buf)) {
343
return CRYPT_INVALID_ARG;
347
/* increase the length of the message */
348
md->rmd160.length += md->rmd160.curlen * 8;
350
/* append the '1' bit */
351
md->rmd160.buf[md->rmd160.curlen++] = (unsigned char)0x80;
353
/* if the length is currently above 56 bytes we append zeros
354
* then compress. Then we can fall back to padding zeros and length
355
* encoding like normal.
357
if (md->rmd160.curlen > 56) {
358
while (md->rmd160.curlen < 64) {
359
md->rmd160.buf[md->rmd160.curlen++] = (unsigned char)0;
361
rmd160_compress(md, md->rmd160.buf);
362
md->rmd160.curlen = 0;
365
/* pad upto 56 bytes of zeroes */
366
while (md->rmd160.curlen < 56) {
367
md->rmd160.buf[md->rmd160.curlen++] = (unsigned char)0;
371
STORE64L(md->rmd160.length, md->rmd160.buf+56);
372
rmd160_compress(md, md->rmd160.buf);
375
for (i = 0; i < 5; i++) {
376
STORE32L(md->rmd160.state[i], hash+(4*i));
379
zeromem(md, sizeof(hash_state));
384
int rmd160_test(void)
389
static const struct {
391
unsigned char md[20];
394
{ 0x9c, 0x11, 0x85, 0xa5, 0xc5, 0xe9, 0xfc, 0x54, 0x61, 0x28,
395
0x08, 0x97, 0x7e, 0xe8, 0xf5, 0x48, 0xb2, 0x25, 0x8d, 0x31 }
398
{ 0x0b, 0xdc, 0x9d, 0x2d, 0x25, 0x6b, 0x3e, 0xe9, 0xda, 0xae,
399
0x34, 0x7b, 0xe6, 0xf4, 0xdc, 0x83, 0x5a, 0x46, 0x7f, 0xfe }
402
{ 0x8e, 0xb2, 0x08, 0xf7, 0xe0, 0x5d, 0x98, 0x7a, 0x9b, 0x04,
403
0x4a, 0x8e, 0x98, 0xc6, 0xb0, 0x87, 0xf1, 0x5a, 0x0b, 0xfc }
406
{ 0x5d, 0x06, 0x89, 0xef, 0x49, 0xd2, 0xfa, 0xe5, 0x72, 0xb8,
407
0x81, 0xb1, 0x23, 0xa8, 0x5f, 0xfa, 0x21, 0x59, 0x5f, 0x36 }
409
{ "abcdefghijklmnopqrstuvwxyz",
410
{ 0xf7, 0x1c, 0x27, 0x10, 0x9c, 0x69, 0x2c, 0x1b, 0x56, 0xbb,
411
0xdc, 0xeb, 0x5b, 0x9d, 0x28, 0x65, 0xb3, 0x70, 0x8d, 0xbc }
413
{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
414
{ 0x12, 0xa0, 0x53, 0x38, 0x4a, 0x9c, 0x0c, 0x88, 0xe4, 0x05,
415
0xa0, 0x6c, 0x27, 0xdc, 0xf4, 0x9a, 0xda, 0x62, 0xeb, 0x2b }
419
unsigned char buf[20];
422
for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
424
rmd160_process(&md, (unsigned char *)tests[x].msg, strlen(tests[x].msg));
425
rmd160_done(&md, buf);
426
if (memcmp(buf, tests[x].md, 20) != 0) {
428
printf("Failed test %d\n", x);
430
return CRYPT_FAIL_TESTVECTOR;