CoCalc -- ripemd160.c

GitHub Repository: freebsd/freebsd-src
Path: blob/main/crypto/libecc/src/hash/ripemd160.c
³⁴⁸⁶⁹ views
1
/*
2
 *  Copyright (C) 2021 - This file is part of libecc project
3
 *
4
 *  Authors:
5
 *      Arnaud EBALARD <[email protected]>
6
 *      Ryad BENADJILA <[email protected]>
7
 *
8
 *  This software is licensed under a dual BSD and GPL v2 license.
9
 *  See LICENSE file at the root folder of the project.
10
 */
11
#include <libecc/lib_ecc_config.h>
12
#ifdef WITH_HASH_RIPEMD160
13

14
#include <libecc/hash/ripemd160.h>
15

16
/****************************************************/
17
/*
18
 * 32-bit integer manipulation macros (big endian)
19
 */
20
#ifndef GET_UINT32_LE
21
#define GET_UINT32_LE(n, b, i)                          \
22
do {                                                    \
23
        (n) =     ( ((u32) (b)[(i) + 3]) << 24 )        \
24
                | ( ((u32) (b)[(i) + 2]) << 16 )        \
25
                | ( ((u32) (b)[(i) + 1]) <<  8 )        \
26
                | ( ((u32) (b)[(i)    ])       );       \
27
} while( 0 )
28
#endif
29

30
#ifndef PUT_UINT32_LE
31
#define PUT_UINT32_LE(n, b, i)                  \
32
do {                                            \
33
        (b)[(i) + 3] = (u8) ( (n) >> 24 );      \
34
        (b)[(i) + 2] = (u8) ( (n) >> 16 );      \
35
        (b)[(i) + 1] = (u8) ( (n) >>  8 );      \
36
        (b)[(i)    ] = (u8) ( (n)       );      \
37
} while( 0 )
38
#endif
39

40
/*
41
 * 64-bit integer manipulation macros (big endian)
42
 */
43
#ifndef PUT_UINT64_LE
44
#define PUT_UINT64_LE(n,b,i)            \
45
do {                                    \
46
    (b)[(i) + 7] = (u8) ( (n) >> 56 );  \
47
    (b)[(i) + 6] = (u8) ( (n) >> 48 );  \
48
    (b)[(i) + 5] = (u8) ( (n) >> 40 );  \
49
    (b)[(i) + 4] = (u8) ( (n) >> 32 );  \
50
    (b)[(i) + 3] = (u8) ( (n) >> 24 );  \
51
    (b)[(i) + 2] = (u8) ( (n) >> 16 );  \
52
    (b)[(i) + 1] = (u8) ( (n) >>  8 );  \
53
    (b)[(i)    ] = (u8) ( (n)       );  \
54
} while( 0 )
55
#endif /* PUT_UINT64_LE */
56

57
/* Elements related to RIPEMD160 */
58
#define ROTL_RIPEMD160(x, n)    ((((u32)(x)) << (n)) | (((u32)(x)) >> (32-(n))))
59

60
#define F1_RIPEMD160(x, y, z)   ((x) ^ (y) ^ (z))
61
#define F2_RIPEMD160(x, y, z)   (((x) & (y)) | ((~(x)) & (z)))
62
#define F3_RIPEMD160(x, y, z)   (((x) | (~(y))) ^ (z))
63
#define F4_RIPEMD160(x, y, z)   (((x) & (z)) | ((y) & (~(z))))
64
#define F5_RIPEMD160(x, y, z)   ((x) ^ ((y) | (~(z))))
65

66
/* Left constants */
67
static const u32 KL_RIPEMD160[5] = {
68
	0x00000000, 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xa953fd4e
69
};
70
/* Right constants */
71
static const u32 KR_RIPEMD160[5] = {
72
	0x50a28be6, 0x5c4dd124, 0x6d703ef3, 0x7a6d76e9, 0x00000000
73
};
74

75
/* Left line */
76
static const u8 RL_RIPEMD160[5][16] = {
77
	{ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 },
78
	{ 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8 },
79
	{ 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12 },
80
	{ 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2 },
81
	{ 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13 }
82
};
83
static const u8 SL_RIPEMD160[5][16] = {
84
	{ 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8 },
85
	{ 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12 },
86
	{ 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5 },
87
	{ 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12 },
88
	{ 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6 }
89
};
90

91
/* Right line */
92
static const u8 RR_RIPEMD160[5][16] = {
93
	{ 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12 },
94
	{ 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2 },
95
	{ 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13 },
96
	{ 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14 },
97
	{ 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11 }
98
};
99
static const u8 SR_RIPEMD160[5][16] = {
100
	{ 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6 },
101
	{ 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11 },
102
	{ 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5 },
103
	{ 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8 },
104
	{ 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11 }
105
};
106

107
#define RIPEMD160_CORE(a, b, c, d, e, round, idx, w, F, S, R, K) do { 				\
108
	u32 t = ROTL_RIPEMD160(a + F(b, c, d) + w[R[round][idx]] + K[round], S[round][idx]) + e;\
109
	a = e; e = d; d = ROTL_RIPEMD160(c, 10); c = b; b = t; 					\
110
} while(0)
111

112
/* RIPEMD160 core processing */
113
ATTRIBUTE_WARN_UNUSED_RET static int ripemd160_process(ripemd160_context *ctx,
114
			   const u8 data[RIPEMD160_BLOCK_SIZE])
115
{
116
	/* Left line */
117
	u32 al, bl, cl, dl, el;
118
	/* Right line */
119
	u32 ar, br, cr, dr, er;
120
	/* Temporary data */
121
	u32 tt;
122
	/* Data */
123
	u32 W[16];
124
	unsigned int i;
125
	int ret;
126

127
	MUST_HAVE((data != NULL), ret, err);
128
	RIPEMD160_HASH_CHECK_INITIALIZED(ctx, ret, err);
129

130
	/* Init our inner variables */
131
	al = ar = ctx->ripemd160_state[0];
132
	bl = br = ctx->ripemd160_state[1];
133
	cl = cr = ctx->ripemd160_state[2];
134
	dl = dr = ctx->ripemd160_state[3];
135
	el = er = ctx->ripemd160_state[4];
136

137
	/* Load data */
138
	for (i = 0; i < 16; i++) {
139
		GET_UINT32_LE(W[i], data, (4 * i));
140
	}
141

142
	/* Round 1 */
143
	for(i = 0; i < 16; i++){
144
		RIPEMD160_CORE(al, bl, cl, dl, el, 0, i, W, F1_RIPEMD160, SL_RIPEMD160, RL_RIPEMD160, KL_RIPEMD160);
145
		RIPEMD160_CORE(ar, br, cr, dr, er, 0, i, W, F5_RIPEMD160, SR_RIPEMD160, RR_RIPEMD160, KR_RIPEMD160);
146
	}
147
	/* Round 2 */
148
	for(i = 0; i < 16; i++){
149
		RIPEMD160_CORE(al, bl, cl, dl, el, 1, i, W, F2_RIPEMD160, SL_RIPEMD160, RL_RIPEMD160, KL_RIPEMD160);
150
		RIPEMD160_CORE(ar, br, cr, dr, er, 1, i, W, F4_RIPEMD160, SR_RIPEMD160, RR_RIPEMD160, KR_RIPEMD160);
151
	}
152
	/* Round 3 */
153
	for(i = 0; i < 16; i++){
154
		RIPEMD160_CORE(al, bl, cl, dl, el, 2, i, W, F3_RIPEMD160, SL_RIPEMD160, RL_RIPEMD160, KL_RIPEMD160);
155
		RIPEMD160_CORE(ar, br, cr, dr, er, 2, i, W, F3_RIPEMD160, SR_RIPEMD160, RR_RIPEMD160, KR_RIPEMD160);
156
	}
157
	/* Round 4 */
158
	for(i = 0; i < 16; i++){
159
		RIPEMD160_CORE(al, bl, cl, dl, el, 3, i, W, F4_RIPEMD160, SL_RIPEMD160, RL_RIPEMD160, KL_RIPEMD160);
160
		RIPEMD160_CORE(ar, br, cr, dr, er, 3, i, W, F2_RIPEMD160, SR_RIPEMD160, RR_RIPEMD160, KR_RIPEMD160);
161
	}
162
	/* Round 5 */
163
	for(i = 0; i < 16; i++){
164
		RIPEMD160_CORE(al, bl, cl, dl, el, 4, i, W, F5_RIPEMD160, SL_RIPEMD160, RL_RIPEMD160, KL_RIPEMD160);
165
		RIPEMD160_CORE(ar, br, cr, dr, er, 4, i, W, F1_RIPEMD160, SR_RIPEMD160, RR_RIPEMD160, KR_RIPEMD160);
166
	}
167

168
	/* Mix the lines and update state */
169
	tt = (ctx->ripemd160_state[1] + cl + dr);
170
	ctx->ripemd160_state[1] = (ctx->ripemd160_state[2] + dl + er);
171
	ctx->ripemd160_state[2] = (ctx->ripemd160_state[3] + el + ar);
172
	ctx->ripemd160_state[3] = (ctx->ripemd160_state[4] + al + br);
173
	ctx->ripemd160_state[4] = (ctx->ripemd160_state[0] + bl + cr);
174
	ctx->ripemd160_state[0] = tt;
175

176
	ret = 0;
177

178
err:
179
	return ret;
180
}
181

182
/* Init hash function */
183
int ripemd160_init(ripemd160_context *ctx)
184
{
185
	int ret;
186

187
	MUST_HAVE((ctx != NULL), ret, err);
188

189
	ctx->ripemd160_total = 0;
190
	ctx->ripemd160_state[0] = 0x67452301;
191
	ctx->ripemd160_state[1] = 0xefcdab89;
192
	ctx->ripemd160_state[2] = 0x98badcfe;
193
	ctx->ripemd160_state[3] = 0x10325476;
194
	ctx->ripemd160_state[4] = 0xc3d2e1f0;
195

196
	/* Tell that we are initialized */
197
	ctx->magic = RIPEMD160_HASH_MAGIC;
198

199
	ret = 0;
200

201
err:
202
	return ret;
203
}
204

205
/* Update hash function */
206
int ripemd160_update(ripemd160_context *ctx, const u8 *input, u32 ilen)
207
{
208
	const u8 *data_ptr = input;
209
	u32 remain_ilen = ilen;
210
	u16 fill;
211
	u8 left;
212
	int ret;
213

214
	MUST_HAVE((input != NULL) || (ilen == 0), ret, err);
215
	RIPEMD160_HASH_CHECK_INITIALIZED(ctx, ret, err);
216

217
	/* Nothing to process, return */
218
	if (ilen == 0) {
219
		ret = 0;
220
		goto err;
221
	}
222

223
	/* Get what's left in our local buffer */
224
	left = (ctx->ripemd160_total & 0x3F);
225
	fill = (u16)(RIPEMD160_BLOCK_SIZE - left);
226

227
	ctx->ripemd160_total += ilen;
228

229
	if ((left > 0) && (remain_ilen >= fill)) {
230
		/* Copy data at the end of the buffer */
231
		ret = local_memcpy(ctx->ripemd160_buffer + left, data_ptr, fill); EG(ret, err);
232
		ret = ripemd160_process(ctx, ctx->ripemd160_buffer); EG(ret, err);
233
		data_ptr += fill;
234
		remain_ilen -= fill;
235
		left = 0;
236
	}
237

238
	while (remain_ilen >= RIPEMD160_BLOCK_SIZE) {
239
		ret = ripemd160_process(ctx, data_ptr); EG(ret, err);
240
		data_ptr += RIPEMD160_BLOCK_SIZE;
241
		remain_ilen -= RIPEMD160_BLOCK_SIZE;
242
	}
243

244
	if (remain_ilen > 0) {
245
		ret = local_memcpy(ctx->ripemd160_buffer + left, data_ptr, remain_ilen); EG(ret, err);
246
	}
247

248
	ret = 0;
249

250
err:
251
	return ret;
252
}
253

254
/* Finalize */
255
int ripemd160_final(ripemd160_context *ctx, u8 output[RIPEMD160_DIGEST_SIZE])
256
{
257
	unsigned int block_present = 0;
258
	u8 last_padded_block[2 * RIPEMD160_BLOCK_SIZE];
259
	int ret;
260

261
	MUST_HAVE((output != NULL), ret, err);
262
	RIPEMD160_HASH_CHECK_INITIALIZED(ctx, ret, err);
263

264
	/* Fill in our last block with zeroes */
265
	ret = local_memset(last_padded_block, 0, sizeof(last_padded_block)); EG(ret, err);
266

267
	/* This is our final step, so we proceed with the padding */
268
	block_present = (ctx->ripemd160_total % RIPEMD160_BLOCK_SIZE);
269
	if (block_present != 0) {
270
		/* Copy what's left in our temporary context buffer */
271
		ret = local_memcpy(last_padded_block, ctx->ripemd160_buffer,
272
			     block_present); EG(ret, err);
273
	}
274

275
	/* Put the 0x80 byte, beginning of padding  */
276
	last_padded_block[block_present] = 0x80;
277

278
	/* Handle possible additional block */
279
	if (block_present > (RIPEMD160_BLOCK_SIZE - 1 - sizeof(u64))) {
280
		/* We need an additional block */
281
		PUT_UINT64_LE(8 * ctx->ripemd160_total, last_padded_block,
282
			      (2 * RIPEMD160_BLOCK_SIZE) - sizeof(u64));
283
		ret = ripemd160_process(ctx, last_padded_block); EG(ret, err);
284
		ret = ripemd160_process(ctx, last_padded_block + RIPEMD160_BLOCK_SIZE); EG(ret, err);
285
	} else {
286
		/* We do not need an additional block */
287
		PUT_UINT64_LE(8 * ctx->ripemd160_total, last_padded_block,
288
			      RIPEMD160_BLOCK_SIZE - sizeof(u64));
289
		ret = ripemd160_process(ctx, last_padded_block); EG(ret, err);
290
	}
291

292
	/* Output the hash result */
293
	PUT_UINT32_LE(ctx->ripemd160_state[0], output, 0);
294
	PUT_UINT32_LE(ctx->ripemd160_state[1], output, 4);
295
	PUT_UINT32_LE(ctx->ripemd160_state[2], output, 8);
296
	PUT_UINT32_LE(ctx->ripemd160_state[3], output, 12);
297
	PUT_UINT32_LE(ctx->ripemd160_state[4], output, 16);
298

299
	/* Tell that we are uninitialized */
300
	ctx->magic = WORD(0);
301

302
	ret = 0;
303

304
err:
305
	return ret;
306
}
307

308
int ripemd160_scattered(const u8 **inputs, const u32 *ilens,
309
		      u8 output[RIPEMD160_DIGEST_SIZE])
310
{
311
	ripemd160_context ctx;
312
	int ret, pos = 0;
313

314
	MUST_HAVE((inputs != NULL) && (ilens != NULL) && (output != NULL), ret, err);
315

316
	ret = ripemd160_init(&ctx); EG(ret, err);
317

318
	while (inputs[pos] != NULL) {
319
		ret = ripemd160_update(&ctx, inputs[pos], ilens[pos]); EG(ret, err);
320
		pos += 1;
321
	}
322

323
	ret = ripemd160_final(&ctx, output);
324

325
err:
326
	return ret;
327
}
328

329
int ripemd160(const u8 *input, u32 ilen, u8 output[RIPEMD160_DIGEST_SIZE])
330
{
331
	ripemd160_context ctx;
332
	int ret;
333

334
	ret = ripemd160_init(&ctx); EG(ret, err);
335
	ret = ripemd160_update(&ctx, input, ilen); EG(ret, err);
336
	ret = ripemd160_final(&ctx, output);
337

338
err:
339
	return ret;
340
}
341

342
#else /* WITH_HASH_RIPEMD160 */
343

344
/*
345
 * Dummy definition to avoid the empty translation unit ISO C warning
346
 */
347
typedef int dummy;
348
#endif /* WITH_HASH_RIPEMD160 */
349

350
Product

Resources

Company
