1
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
3
* LibTomCrypt is a library that provides various cryptographic
4
* algorithms in a highly modular and flexible manner.
6
* The library is free for all purposes without any express
9
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
18
/* Implementation of RIPEMD-160 based on the source by Antoon Bosselaers, ESAT-COSIC
20
* This source has been radically overhauled to be portable and work within
21
* the LibTomCrypt API by Tom St Denis
26
const struct ltc_hash_descriptor rmd160_desc =
34
{ 1, 3, 36, 3, 2, 1, },
43
/* the five basic functions F(), G() and H() */
44
#define F(x, y, z) ((x) ^ (y) ^ (z))
45
#define G(x, y, z) (((x) & (y)) | (~(x) & (z)))
46
#define H(x, y, z) (((x) | ~(y)) ^ (z))
47
#define I(x, y, z) (((x) & (z)) | ((y) & ~(z)))
48
#define J(x, y, z) ((x) ^ ((y) | ~(z)))
50
/* the ten basic operations FF() through III() */
51
#define FF(a, b, c, d, e, x, s) \
52
(a) += F((b), (c), (d)) + (x);\
53
(a) = ROLc((a), (s)) + (e);\
56
#define GG(a, b, c, d, e, x, s) \
57
(a) += G((b), (c), (d)) + (x) + 0x5a827999UL;\
58
(a) = ROLc((a), (s)) + (e);\
61
#define HH(a, b, c, d, e, x, s) \
62
(a) += H((b), (c), (d)) + (x) + 0x6ed9eba1UL;\
63
(a) = ROLc((a), (s)) + (e);\
66
#define II(a, b, c, d, e, x, s) \
67
(a) += I((b), (c), (d)) + (x) + 0x8f1bbcdcUL;\
68
(a) = ROLc((a), (s)) + (e);\
71
#define JJ(a, b, c, d, e, x, s) \
72
(a) += J((b), (c), (d)) + (x) + 0xa953fd4eUL;\
73
(a) = ROLc((a), (s)) + (e);\
76
#define FFF(a, b, c, d, e, x, s) \
77
(a) += F((b), (c), (d)) + (x);\
78
(a) = ROLc((a), (s)) + (e);\
81
#define GGG(a, b, c, d, e, x, s) \
82
(a) += G((b), (c), (d)) + (x) + 0x7a6d76e9UL;\
83
(a) = ROLc((a), (s)) + (e);\
86
#define HHH(a, b, c, d, e, x, s) \
87
(a) += H((b), (c), (d)) + (x) + 0x6d703ef3UL;\
88
(a) = ROLc((a), (s)) + (e);\
91
#define III(a, b, c, d, e, x, s) \
92
(a) += I((b), (c), (d)) + (x) + 0x5c4dd124UL;\
93
(a) = ROLc((a), (s)) + (e);\
96
#define JJJ(a, b, c, d, e, x, s) \
97
(a) += J((b), (c), (d)) + (x) + 0x50a28be6UL;\
98
(a) = ROLc((a), (s)) + (e);\
102
#ifdef LTC_CLEAN_STACK
103
static int _rmd160_compress(hash_state *md, unsigned char *buf)
105
static int rmd160_compress(hash_state *md, unsigned char *buf)
108
ulong32 aa,bb,cc,dd,ee,aaa,bbb,ccc,ddd,eee,X[16];
112
for (i = 0; i < 16; i++){
113
LOAD32L(X[i], buf + (4 * i));
117
aa = aaa = md->rmd160.state[0];
118
bb = bbb = md->rmd160.state[1];
119
cc = ccc = md->rmd160.state[2];
120
dd = ddd = md->rmd160.state[3];
121
ee = eee = md->rmd160.state[4];
124
FF(aa, bb, cc, dd, ee, X[ 0], 11);
125
FF(ee, aa, bb, cc, dd, X[ 1], 14);
126
FF(dd, ee, aa, bb, cc, X[ 2], 15);
127
FF(cc, dd, ee, aa, bb, X[ 3], 12);
128
FF(bb, cc, dd, ee, aa, X[ 4], 5);
129
FF(aa, bb, cc, dd, ee, X[ 5], 8);
130
FF(ee, aa, bb, cc, dd, X[ 6], 7);
131
FF(dd, ee, aa, bb, cc, X[ 7], 9);
132
FF(cc, dd, ee, aa, bb, X[ 8], 11);
133
FF(bb, cc, dd, ee, aa, X[ 9], 13);
134
FF(aa, bb, cc, dd, ee, X[10], 14);
135
FF(ee, aa, bb, cc, dd, X[11], 15);
136
FF(dd, ee, aa, bb, cc, X[12], 6);
137
FF(cc, dd, ee, aa, bb, X[13], 7);
138
FF(bb, cc, dd, ee, aa, X[14], 9);
139
FF(aa, bb, cc, dd, ee, X[15], 8);
142
GG(ee, aa, bb, cc, dd, X[ 7], 7);
143
GG(dd, ee, aa, bb, cc, X[ 4], 6);
144
GG(cc, dd, ee, aa, bb, X[13], 8);
145
GG(bb, cc, dd, ee, aa, X[ 1], 13);
146
GG(aa, bb, cc, dd, ee, X[10], 11);
147
GG(ee, aa, bb, cc, dd, X[ 6], 9);
148
GG(dd, ee, aa, bb, cc, X[15], 7);
149
GG(cc, dd, ee, aa, bb, X[ 3], 15);
150
GG(bb, cc, dd, ee, aa, X[12], 7);
151
GG(aa, bb, cc, dd, ee, X[ 0], 12);
152
GG(ee, aa, bb, cc, dd, X[ 9], 15);
153
GG(dd, ee, aa, bb, cc, X[ 5], 9);
154
GG(cc, dd, ee, aa, bb, X[ 2], 11);
155
GG(bb, cc, dd, ee, aa, X[14], 7);
156
GG(aa, bb, cc, dd, ee, X[11], 13);
157
GG(ee, aa, bb, cc, dd, X[ 8], 12);
160
HH(dd, ee, aa, bb, cc, X[ 3], 11);
161
HH(cc, dd, ee, aa, bb, X[10], 13);
162
HH(bb, cc, dd, ee, aa, X[14], 6);
163
HH(aa, bb, cc, dd, ee, X[ 4], 7);
164
HH(ee, aa, bb, cc, dd, X[ 9], 14);
165
HH(dd, ee, aa, bb, cc, X[15], 9);
166
HH(cc, dd, ee, aa, bb, X[ 8], 13);
167
HH(bb, cc, dd, ee, aa, X[ 1], 15);
168
HH(aa, bb, cc, dd, ee, X[ 2], 14);
169
HH(ee, aa, bb, cc, dd, X[ 7], 8);
170
HH(dd, ee, aa, bb, cc, X[ 0], 13);
171
HH(cc, dd, ee, aa, bb, X[ 6], 6);
172
HH(bb, cc, dd, ee, aa, X[13], 5);
173
HH(aa, bb, cc, dd, ee, X[11], 12);
174
HH(ee, aa, bb, cc, dd, X[ 5], 7);
175
HH(dd, ee, aa, bb, cc, X[12], 5);
178
II(cc, dd, ee, aa, bb, X[ 1], 11);
179
II(bb, cc, dd, ee, aa, X[ 9], 12);
180
II(aa, bb, cc, dd, ee, X[11], 14);
181
II(ee, aa, bb, cc, dd, X[10], 15);
182
II(dd, ee, aa, bb, cc, X[ 0], 14);
183
II(cc, dd, ee, aa, bb, X[ 8], 15);
184
II(bb, cc, dd, ee, aa, X[12], 9);
185
II(aa, bb, cc, dd, ee, X[ 4], 8);
186
II(ee, aa, bb, cc, dd, X[13], 9);
187
II(dd, ee, aa, bb, cc, X[ 3], 14);
188
II(cc, dd, ee, aa, bb, X[ 7], 5);
189
II(bb, cc, dd, ee, aa, X[15], 6);
190
II(aa, bb, cc, dd, ee, X[14], 8);
191
II(ee, aa, bb, cc, dd, X[ 5], 6);
192
II(dd, ee, aa, bb, cc, X[ 6], 5);
193
II(cc, dd, ee, aa, bb, X[ 2], 12);
196
JJ(bb, cc, dd, ee, aa, X[ 4], 9);
197
JJ(aa, bb, cc, dd, ee, X[ 0], 15);
198
JJ(ee, aa, bb, cc, dd, X[ 5], 5);
199
JJ(dd, ee, aa, bb, cc, X[ 9], 11);
200
JJ(cc, dd, ee, aa, bb, X[ 7], 6);
201
JJ(bb, cc, dd, ee, aa, X[12], 8);
202
JJ(aa, bb, cc, dd, ee, X[ 2], 13);
203
JJ(ee, aa, bb, cc, dd, X[10], 12);
204
JJ(dd, ee, aa, bb, cc, X[14], 5);
205
JJ(cc, dd, ee, aa, bb, X[ 1], 12);
206
JJ(bb, cc, dd, ee, aa, X[ 3], 13);
207
JJ(aa, bb, cc, dd, ee, X[ 8], 14);
208
JJ(ee, aa, bb, cc, dd, X[11], 11);
209
JJ(dd, ee, aa, bb, cc, X[ 6], 8);
210
JJ(cc, dd, ee, aa, bb, X[15], 5);
211
JJ(bb, cc, dd, ee, aa, X[13], 6);
213
/* parallel round 1 */
214
JJJ(aaa, bbb, ccc, ddd, eee, X[ 5], 8);
215
JJJ(eee, aaa, bbb, ccc, ddd, X[14], 9);
216
JJJ(ddd, eee, aaa, bbb, ccc, X[ 7], 9);
217
JJJ(ccc, ddd, eee, aaa, bbb, X[ 0], 11);
218
JJJ(bbb, ccc, ddd, eee, aaa, X[ 9], 13);
219
JJJ(aaa, bbb, ccc, ddd, eee, X[ 2], 15);
220
JJJ(eee, aaa, bbb, ccc, ddd, X[11], 15);
221
JJJ(ddd, eee, aaa, bbb, ccc, X[ 4], 5);
222
JJJ(ccc, ddd, eee, aaa, bbb, X[13], 7);
223
JJJ(bbb, ccc, ddd, eee, aaa, X[ 6], 7);
224
JJJ(aaa, bbb, ccc, ddd, eee, X[15], 8);
225
JJJ(eee, aaa, bbb, ccc, ddd, X[ 8], 11);
226
JJJ(ddd, eee, aaa, bbb, ccc, X[ 1], 14);
227
JJJ(ccc, ddd, eee, aaa, bbb, X[10], 14);
228
JJJ(bbb, ccc, ddd, eee, aaa, X[ 3], 12);
229
JJJ(aaa, bbb, ccc, ddd, eee, X[12], 6);
231
/* parallel round 2 */
232
III(eee, aaa, bbb, ccc, ddd, X[ 6], 9);
233
III(ddd, eee, aaa, bbb, ccc, X[11], 13);
234
III(ccc, ddd, eee, aaa, bbb, X[ 3], 15);
235
III(bbb, ccc, ddd, eee, aaa, X[ 7], 7);
236
III(aaa, bbb, ccc, ddd, eee, X[ 0], 12);
237
III(eee, aaa, bbb, ccc, ddd, X[13], 8);
238
III(ddd, eee, aaa, bbb, ccc, X[ 5], 9);
239
III(ccc, ddd, eee, aaa, bbb, X[10], 11);
240
III(bbb, ccc, ddd, eee, aaa, X[14], 7);
241
III(aaa, bbb, ccc, ddd, eee, X[15], 7);
242
III(eee, aaa, bbb, ccc, ddd, X[ 8], 12);
243
III(ddd, eee, aaa, bbb, ccc, X[12], 7);
244
III(ccc, ddd, eee, aaa, bbb, X[ 4], 6);
245
III(bbb, ccc, ddd, eee, aaa, X[ 9], 15);
246
III(aaa, bbb, ccc, ddd, eee, X[ 1], 13);
247
III(eee, aaa, bbb, ccc, ddd, X[ 2], 11);
249
/* parallel round 3 */
250
HHH(ddd, eee, aaa, bbb, ccc, X[15], 9);
251
HHH(ccc, ddd, eee, aaa, bbb, X[ 5], 7);
252
HHH(bbb, ccc, ddd, eee, aaa, X[ 1], 15);
253
HHH(aaa, bbb, ccc, ddd, eee, X[ 3], 11);
254
HHH(eee, aaa, bbb, ccc, ddd, X[ 7], 8);
255
HHH(ddd, eee, aaa, bbb, ccc, X[14], 6);
256
HHH(ccc, ddd, eee, aaa, bbb, X[ 6], 6);
257
HHH(bbb, ccc, ddd, eee, aaa, X[ 9], 14);
258
HHH(aaa, bbb, ccc, ddd, eee, X[11], 12);
259
HHH(eee, aaa, bbb, ccc, ddd, X[ 8], 13);
260
HHH(ddd, eee, aaa, bbb, ccc, X[12], 5);
261
HHH(ccc, ddd, eee, aaa, bbb, X[ 2], 14);
262
HHH(bbb, ccc, ddd, eee, aaa, X[10], 13);
263
HHH(aaa, bbb, ccc, ddd, eee, X[ 0], 13);
264
HHH(eee, aaa, bbb, ccc, ddd, X[ 4], 7);
265
HHH(ddd, eee, aaa, bbb, ccc, X[13], 5);
267
/* parallel round 4 */
268
GGG(ccc, ddd, eee, aaa, bbb, X[ 8], 15);
269
GGG(bbb, ccc, ddd, eee, aaa, X[ 6], 5);
270
GGG(aaa, bbb, ccc, ddd, eee, X[ 4], 8);
271
GGG(eee, aaa, bbb, ccc, ddd, X[ 1], 11);
272
GGG(ddd, eee, aaa, bbb, ccc, X[ 3], 14);
273
GGG(ccc, ddd, eee, aaa, bbb, X[11], 14);
274
GGG(bbb, ccc, ddd, eee, aaa, X[15], 6);
275
GGG(aaa, bbb, ccc, ddd, eee, X[ 0], 14);
276
GGG(eee, aaa, bbb, ccc, ddd, X[ 5], 6);
277
GGG(ddd, eee, aaa, bbb, ccc, X[12], 9);
278
GGG(ccc, ddd, eee, aaa, bbb, X[ 2], 12);
279
GGG(bbb, ccc, ddd, eee, aaa, X[13], 9);
280
GGG(aaa, bbb, ccc, ddd, eee, X[ 9], 12);
281
GGG(eee, aaa, bbb, ccc, ddd, X[ 7], 5);
282
GGG(ddd, eee, aaa, bbb, ccc, X[10], 15);
283
GGG(ccc, ddd, eee, aaa, bbb, X[14], 8);
285
/* parallel round 5 */
286
FFF(bbb, ccc, ddd, eee, aaa, X[12] , 8);
287
FFF(aaa, bbb, ccc, ddd, eee, X[15] , 5);
288
FFF(eee, aaa, bbb, ccc, ddd, X[10] , 12);
289
FFF(ddd, eee, aaa, bbb, ccc, X[ 4] , 9);
290
FFF(ccc, ddd, eee, aaa, bbb, X[ 1] , 12);
291
FFF(bbb, ccc, ddd, eee, aaa, X[ 5] , 5);
292
FFF(aaa, bbb, ccc, ddd, eee, X[ 8] , 14);
293
FFF(eee, aaa, bbb, ccc, ddd, X[ 7] , 6);
294
FFF(ddd, eee, aaa, bbb, ccc, X[ 6] , 8);
295
FFF(ccc, ddd, eee, aaa, bbb, X[ 2] , 13);
296
FFF(bbb, ccc, ddd, eee, aaa, X[13] , 6);
297
FFF(aaa, bbb, ccc, ddd, eee, X[14] , 5);
298
FFF(eee, aaa, bbb, ccc, ddd, X[ 0] , 15);
299
FFF(ddd, eee, aaa, bbb, ccc, X[ 3] , 13);
300
FFF(ccc, ddd, eee, aaa, bbb, X[ 9] , 11);
301
FFF(bbb, ccc, ddd, eee, aaa, X[11] , 11);
303
/* combine results */
304
ddd += cc + md->rmd160.state[1]; /* final result for md->rmd160.state[0] */
305
md->rmd160.state[1] = md->rmd160.state[2] + dd + eee;
306
md->rmd160.state[2] = md->rmd160.state[3] + ee + aaa;
307
md->rmd160.state[3] = md->rmd160.state[4] + aa + bbb;
308
md->rmd160.state[4] = md->rmd160.state[0] + bb + ccc;
309
md->rmd160.state[0] = ddd;
314
#ifdef LTC_CLEAN_STACK
315
static int rmd160_compress(hash_state *md, unsigned char *buf)
318
err = _rmd160_compress(md, buf);
319
burn_stack(sizeof(ulong32) * 26 + sizeof(int));
325
Initialize the hash state
326
@param md The hash state you wish to initialize
327
@return CRYPT_OK if successful
329
int rmd160_init(hash_state * md)
331
LTC_ARGCHK(md != NULL);
332
md->rmd160.state[0] = 0x67452301UL;
333
md->rmd160.state[1] = 0xefcdab89UL;
334
md->rmd160.state[2] = 0x98badcfeUL;
335
md->rmd160.state[3] = 0x10325476UL;
336
md->rmd160.state[4] = 0xc3d2e1f0UL;
337
md->rmd160.curlen = 0;
338
md->rmd160.length = 0;
343
Process a block of memory though the hash
344
@param md The hash state
345
@param in The data to hash
346
@param inlen The length of the data (octets)
347
@return CRYPT_OK if successful
349
HASH_PROCESS(rmd160_process, rmd160_compress, rmd160, 64)
352
Terminate the hash to get the digest
353
@param md The hash state
354
@param out [out] The destination of the hash (20 bytes)
355
@return CRYPT_OK if successful
357
int rmd160_done(hash_state * md, unsigned char *out)
361
LTC_ARGCHK(md != NULL);
362
LTC_ARGCHK(out != NULL);
364
if (md->rmd160.curlen >= sizeof(md->rmd160.buf)) {
365
return CRYPT_INVALID_ARG;
369
/* increase the length of the message */
370
md->rmd160.length += md->rmd160.curlen * 8;
372
/* append the '1' bit */
373
md->rmd160.buf[md->rmd160.curlen++] = (unsigned char)0x80;
375
/* if the length is currently above 56 bytes we append zeros
376
* then compress. Then we can fall back to padding zeros and length
377
* encoding like normal.
379
if (md->rmd160.curlen > 56) {
380
while (md->rmd160.curlen < 64) {
381
md->rmd160.buf[md->rmd160.curlen++] = (unsigned char)0;
383
rmd160_compress(md, md->rmd160.buf);
384
md->rmd160.curlen = 0;
387
/* pad upto 56 bytes of zeroes */
388
while (md->rmd160.curlen < 56) {
389
md->rmd160.buf[md->rmd160.curlen++] = (unsigned char)0;
393
STORE64L(md->rmd160.length, md->rmd160.buf+56);
394
rmd160_compress(md, md->rmd160.buf);
397
for (i = 0; i < 5; i++) {
398
STORE32L(md->rmd160.state[i], out+(4*i));
400
#ifdef LTC_CLEAN_STACK
401
zeromem(md, sizeof(hash_state));
408
@return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled
410
int rmd160_test(void)
415
static const struct {
417
unsigned char md[20];
420
{ 0x9c, 0x11, 0x85, 0xa5, 0xc5, 0xe9, 0xfc, 0x54, 0x61, 0x28,
421
0x08, 0x97, 0x7e, 0xe8, 0xf5, 0x48, 0xb2, 0x25, 0x8d, 0x31 }
424
{ 0x0b, 0xdc, 0x9d, 0x2d, 0x25, 0x6b, 0x3e, 0xe9, 0xda, 0xae,
425
0x34, 0x7b, 0xe6, 0xf4, 0xdc, 0x83, 0x5a, 0x46, 0x7f, 0xfe }
428
{ 0x8e, 0xb2, 0x08, 0xf7, 0xe0, 0x5d, 0x98, 0x7a, 0x9b, 0x04,
429
0x4a, 0x8e, 0x98, 0xc6, 0xb0, 0x87, 0xf1, 0x5a, 0x0b, 0xfc }
432
{ 0x5d, 0x06, 0x89, 0xef, 0x49, 0xd2, 0xfa, 0xe5, 0x72, 0xb8,
433
0x81, 0xb1, 0x23, 0xa8, 0x5f, 0xfa, 0x21, 0x59, 0x5f, 0x36 }
435
{ "abcdefghijklmnopqrstuvwxyz",
436
{ 0xf7, 0x1c, 0x27, 0x10, 0x9c, 0x69, 0x2c, 0x1b, 0x56, 0xbb,
437
0xdc, 0xeb, 0x5b, 0x9d, 0x28, 0x65, 0xb3, 0x70, 0x8d, 0xbc }
439
{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
440
{ 0x12, 0xa0, 0x53, 0x38, 0x4a, 0x9c, 0x0c, 0x88, 0xe4, 0x05,
441
0xa0, 0x6c, 0x27, 0xdc, 0xf4, 0x9a, 0xda, 0x62, 0xeb, 0x2b }
445
unsigned char buf[20];
448
for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
450
rmd160_process(&md, (unsigned char *)tests[x].msg, strlen(tests[x].msg));
451
rmd160_done(&md, buf);
452
if (memcmp(buf, tests[x].md, 20) != 0) {
454
printf("Failed test %d\n", x);
456
return CRYPT_FAIL_TESTVECTOR;
466
/* $Source: /cvs/libtom/libtomcrypt/src/hashes/rmd160.c,v $ */
467
/* $Revision: 1.5 $ */
468
/* $Date: 2005/05/23 02:42:07 $ */