|
|
@@ -0,0 +1,301 @@
|
|
|
+/*
|
|
|
+ * Source:
|
|
|
+ * https://github.com/pycrypto/pycrypto/blob/master/src/RIPEMD160.c
|
|
|
+ *
|
|
|
+ * RIPEMD160.c : RIPEMD-160 implementation
|
|
|
+ *
|
|
|
+ * Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
|
|
|
+ *
|
|
|
+ * ===================================================================
|
|
|
+ * The contents of this file are dedicated to the public domain. To
|
|
|
+ * the extent that dedication to the public domain is not available,
|
|
|
+ * everyone is granted a worldwide, perpetual, royalty-free,
|
|
|
+ * non-exclusive license to exercise all rights associated with the
|
|
|
+ * contents of this file for any purpose whatsoever.
|
|
|
+ * No rights are reserved.
|
|
|
+ *
|
|
|
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
|
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
|
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
|
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
|
|
|
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
|
|
|
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
|
|
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
|
+ * SOFTWARE.
|
|
|
+ * ===================================================================
|
|
|
+ *
|
|
|
+ * Country of origin: Canada
|
|
|
+ *
|
|
|
+ * This implementation (written in C) is based on an implementation the author
|
|
|
+ * wrote in Python.
|
|
|
+ *
|
|
|
+ * This implementation was written with reference to the RIPEMD-160
|
|
|
+ * specification, which is available at:
|
|
|
+ * http://homes.esat.kuleuven.be/~cosicart/pdf/AB-9601/
|
|
|
+ *
|
|
|
+ * It is also documented in the _Handbook of Applied Cryptography_, as
|
|
|
+ * Algorithm 9.55. It's on page 30 of the following PDF file:
|
|
|
+ * http://www.cacr.math.uwaterloo.ca/hac/about/chap9.pdf
|
|
|
+ *
|
|
|
+ * The RIPEMD-160 specification doesn't really tell us how to do padding, but
|
|
|
+ * since RIPEMD-160 is inspired by MD4, you can use the padding algorithm from
|
|
|
+ * RFC 1320.
|
|
|
+ *
|
|
|
+ * According to http://www.users.zetnet.co.uk/hopwood/crypto/scan/md.html:
|
|
|
+ * "RIPEMD-160 is big-bit-endian, little-byte-endian, and left-justified."
|
|
|
+ */
|
|
|
+
|
|
|
+#include <stdint.h>
|
|
|
+#include <stddef.h>
|
|
|
+#include "stdlib.h"
|
|
|
+
|
|
|
+#define RIPEMD160_DIGEST_SIZE 20
|
|
|
+#define BLOCK_SIZE 64
|
|
|
+
|
|
|
+typedef struct {
|
|
|
+ uint32_t h[5]; /* The current hash state */
|
|
|
+ uint64_t length; /* Total number of _bits_ (not bytes) added to the
|
|
|
+ hash. This includes bits that have been buffered
|
|
|
+ but not not fed through the compression function yet. */
|
|
|
+ union {
|
|
|
+ uint32_t w[16];
|
|
|
+ uint8_t b[64];
|
|
|
+ } buf;
|
|
|
+ uint8_t bufpos; /* number of bytes currently in the buffer */
|
|
|
+} ripemd160_state;
|
|
|
+
|
|
|
+
|
|
|
+/* cyclic left-shift the 32-bit word n left by s bits */
|
|
|
+#define ROL(s, n) (((n) << (s)) | ((n) >> (32-(s))))
|
|
|
+
|
|
|
+/* Initial values for the chaining variables.
|
|
|
+ * This is just 0123456789ABCDEFFEDCBA9876543210F0E1D2C3 in little-endian. */
|
|
|
+static const uint32_t initial_h[5] = { 0x67452301u, 0xEFCDAB89u, 0x98BADCFEu, 0x10325476u, 0xC3D2E1F0u };
|
|
|
+
|
|
|
+/* Ordering of message words. Based on the permutations rho(i) and pi(i), defined as follows:
|
|
|
+ *
|
|
|
+ * rho(i) := { 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8 }[i] 0 <= i <= 15
|
|
|
+ *
|
|
|
+ * pi(i) := 9*i + 5 (mod 16)
|
|
|
+ *
|
|
|
+ * Line | Round 1 | Round 2 | Round 3 | Round 4 | Round 5
|
|
|
+ * -------+-----------+-----------+-----------+-----------+-----------
|
|
|
+ * left | id | rho | rho^2 | rho^3 | rho^4
|
|
|
+ * right | pi | rho pi | rho^2 pi | rho^3 pi | rho^4 pi
|
|
|
+ */
|
|
|
+
|
|
|
+/* Left line */
|
|
|
+static const uint8_t RL[5][16] = {
|
|
|
+ { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }, /* Round 1: id */
|
|
|
+ { 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8 }, /* Round 2: rho */
|
|
|
+ { 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12 }, /* Round 3: rho^2 */
|
|
|
+ { 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2 }, /* Round 4: rho^3 */
|
|
|
+ { 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13 } /* Round 5: rho^4 */
|
|
|
+};
|
|
|
+
|
|
|
+/* Right line */
|
|
|
+static const uint8_t RR[5][16] = {
|
|
|
+ { 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12 }, /* Round 1: pi */
|
|
|
+ { 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2 }, /* Round 2: rho pi */
|
|
|
+ { 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13 }, /* Round 3: rho^2 pi */
|
|
|
+ { 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14 }, /* Round 4: rho^3 pi */
|
|
|
+ { 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11 } /* Round 5: rho^4 pi */
|
|
|
+};
|
|
|
+
|
|
|
+/*
|
|
|
+ * Shifts - Since we don't actually re-order the message words according to
|
|
|
+ * the permutations above (we could, but it would be slower), these tables
|
|
|
+ * come with the permutations pre-applied.
|
|
|
+ */
|
|
|
+
|
|
|
+/* Shifts, left line */
|
|
|
+static const uint8_t SL[5][16] = {
|
|
|
+ { 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8 }, /* Round 1 */
|
|
|
+ { 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12 }, /* Round 2 */
|
|
|
+ { 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5 }, /* Round 3 */
|
|
|
+ { 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12 }, /* Round 4 */
|
|
|
+ { 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6 } /* Round 5 */
|
|
|
+};
|
|
|
+
|
|
|
+/* Shifts, right line */
|
|
|
+static const uint8_t SR[5][16] = {
|
|
|
+ { 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6 }, /* Round 1 */
|
|
|
+ { 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11 }, /* Round 2 */
|
|
|
+ { 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5 }, /* Round 3 */
|
|
|
+ { 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8 }, /* Round 4 */
|
|
|
+ { 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11 } /* Round 5 */
|
|
|
+};
|
|
|
+
|
|
|
+/* Boolean functions */
|
|
|
+
|
|
|
+#define F1(x, y, z) ((x) ^ (y) ^ (z))
|
|
|
+#define F2(x, y, z) (((x) & (y)) | (~(x) & (z)))
|
|
|
+#define F3(x, y, z) (((x) | ~(y)) ^ (z))
|
|
|
+#define F4(x, y, z) (((x) & (z)) | ((y) & ~(z)))
|
|
|
+#define F5(x, y, z) ((x) ^ ((y) | ~(z)))
|
|
|
+
|
|
|
+/* Round constants, left line */
|
|
|
+static const uint32_t KL[5] = {
|
|
|
+ 0x00000000u, /* Round 1: 0 */
|
|
|
+ 0x5A827999u, /* Round 2: floor(2**30 * sqrt(2)) */
|
|
|
+ 0x6ED9EBA1u, /* Round 3: floor(2**30 * sqrt(3)) */
|
|
|
+ 0x8F1BBCDCu, /* Round 4: floor(2**30 * sqrt(5)) */
|
|
|
+ 0xA953FD4Eu /* Round 5: floor(2**30 * sqrt(7)) */
|
|
|
+};
|
|
|
+
|
|
|
+/* Round constants, right line */
|
|
|
+static const uint32_t KR[5] = {
|
|
|
+ 0x50A28BE6u, /* Round 1: floor(2**30 * cubert(2)) */
|
|
|
+ 0x5C4DD124u, /* Round 2: floor(2**30 * cubert(3)) */
|
|
|
+ 0x6D703EF3u, /* Round 3: floor(2**30 * cubert(5)) */
|
|
|
+ 0x7A6D76E9u, /* Round 4: floor(2**30 * cubert(7)) */
|
|
|
+ 0x00000000u /* Round 5: 0 */
|
|
|
+};
|
|
|
+
|
|
|
+/* The RIPEMD160 compression function. Operates on self->buf */
|
|
|
+static void ripemd160_compress(ripemd160_state *self)
|
|
|
+{
|
|
|
+ uint8_t w, round;
|
|
|
+ uint32_t T;
|
|
|
+ uint32_t AL, BL, CL, DL, EL; /* left line */
|
|
|
+ uint32_t AR, BR, CR, DR, ER; /* right line */
|
|
|
+
|
|
|
+ /* Load the left and right lines with the initial state */
|
|
|
+ AL = AR = self->h[0];
|
|
|
+ BL = BR = self->h[1];
|
|
|
+ CL = CR = self->h[2];
|
|
|
+ DL = DR = self->h[3];
|
|
|
+ EL = ER = self->h[4];
|
|
|
+
|
|
|
+ /* Round 1 */
|
|
|
+ round = 0;
|
|
|
+ for (w = 0; w < 16; w++) { /* left line */
|
|
|
+ T = ROL(SL[round][w], AL + F1(BL, CL, DL) + self->buf.w[RL[round][w]] + KL[round]) + EL;
|
|
|
+ AL = EL; EL = DL; DL = ROL(10, CL); CL = BL; BL = T;
|
|
|
+ }
|
|
|
+ for (w = 0; w < 16; w++) { /* right line */
|
|
|
+ T = ROL(SR[round][w], AR + F5(BR, CR, DR) + self->buf.w[RR[round][w]] + KR[round]) + ER;
|
|
|
+ AR = ER; ER = DR; DR = ROL(10, CR); CR = BR; BR = T;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Round 2 */
|
|
|
+ round++;
|
|
|
+ for (w = 0; w < 16; w++) { /* left line */
|
|
|
+ T = ROL(SL[round][w], AL + F2(BL, CL, DL) + self->buf.w[RL[round][w]] + KL[round]) + EL;
|
|
|
+ AL = EL; EL = DL; DL = ROL(10, CL); CL = BL; BL = T;
|
|
|
+ }
|
|
|
+ for (w = 0; w < 16; w++) { /* right line */
|
|
|
+ T = ROL(SR[round][w], AR + F4(BR, CR, DR) + self->buf.w[RR[round][w]] + KR[round]) + ER;
|
|
|
+ AR = ER; ER = DR; DR = ROL(10, CR); CR = BR; BR = T;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Round 3 */
|
|
|
+ round++;
|
|
|
+ for (w = 0; w < 16; w++) { /* left line */
|
|
|
+ T = ROL(SL[round][w], AL + F3(BL, CL, DL) + self->buf.w[RL[round][w]] + KL[round]) + EL;
|
|
|
+ AL = EL; EL = DL; DL = ROL(10, CL); CL = BL; BL = T;
|
|
|
+ }
|
|
|
+ for (w = 0; w < 16; w++) { /* right line */
|
|
|
+ T = ROL(SR[round][w], AR + F3(BR, CR, DR) + self->buf.w[RR[round][w]] + KR[round]) + ER;
|
|
|
+ AR = ER; ER = DR; DR = ROL(10, CR); CR = BR; BR = T;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Round 4 */
|
|
|
+ round++;
|
|
|
+ for (w = 0; w < 16; w++) { /* left line */
|
|
|
+ T = ROL(SL[round][w], AL + F4(BL, CL, DL) + self->buf.w[RL[round][w]] + KL[round]) + EL;
|
|
|
+ AL = EL; EL = DL; DL = ROL(10, CL); CL = BL; BL = T;
|
|
|
+ }
|
|
|
+ for (w = 0; w < 16; w++) { /* right line */
|
|
|
+ T = ROL(SR[round][w], AR + F2(BR, CR, DR) + self->buf.w[RR[round][w]] + KR[round]) + ER;
|
|
|
+ AR = ER; ER = DR; DR = ROL(10, CR); CR = BR; BR = T;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Round 5 */
|
|
|
+ round++;
|
|
|
+ for (w = 0; w < 16; w++) { /* left line */
|
|
|
+ T = ROL(SL[round][w], AL + F5(BL, CL, DL) + self->buf.w[RL[round][w]] + KL[round]) + EL;
|
|
|
+ AL = EL; EL = DL; DL = ROL(10, CL); CL = BL; BL = T;
|
|
|
+ }
|
|
|
+ for (w = 0; w < 16; w++) { /* right line */
|
|
|
+ T = ROL(SR[round][w], AR + F1(BR, CR, DR) + self->buf.w[RR[round][w]] + KR[round]) + ER;
|
|
|
+ AR = ER; ER = DR; DR = ROL(10, CR); CR = BR; BR = T;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Final mixing stage */
|
|
|
+ T = self->h[1] + CL + DR;
|
|
|
+ self->h[1] = self->h[2] + DL + ER;
|
|
|
+ self->h[2] = self->h[3] + EL + AR;
|
|
|
+ self->h[3] = self->h[4] + AL + BR;
|
|
|
+ self->h[4] = self->h[0] + BL + CR;
|
|
|
+ self->h[0] = T;
|
|
|
+
|
|
|
+ /* Clear the buffer and wipe the temporary variables */
|
|
|
+ T = AL = BL = CL = DL = EL = AR = BR = CR = DR = ER = 0;
|
|
|
+ __memset(&self->buf, 0, sizeof(self->buf));
|
|
|
+ self->bufpos = 0;
|
|
|
+}
|
|
|
+
|
|
|
+static void ripemd160_update(ripemd160_state *self, const unsigned char *p, int length)
|
|
|
+{
|
|
|
+ unsigned int bytes_needed;
|
|
|
+
|
|
|
+ while (length > 0) {
|
|
|
+ /* Figure out how many bytes we need to fill the internal buffer. */
|
|
|
+ bytes_needed = 64 - self->bufpos;
|
|
|
+
|
|
|
+ if ((unsigned int) length >= bytes_needed) {
|
|
|
+ /* We have enough bytes, so copy them into the internal buffer and run
|
|
|
+ * the compression function. */
|
|
|
+ __memcpy(&self->buf.b[self->bufpos], p, bytes_needed);
|
|
|
+ self->bufpos += bytes_needed;
|
|
|
+ self->length += bytes_needed << 3; /* length is in bits */
|
|
|
+ p += bytes_needed;
|
|
|
+ ripemd160_compress(self);
|
|
|
+ length -= bytes_needed;
|
|
|
+ continue;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* We do not have enough bytes to fill the internal buffer.
|
|
|
+ * Copy what's there and return. */
|
|
|
+ __memcpy(&self->buf.b[self->bufpos], p, length);
|
|
|
+ self->bufpos += length;
|
|
|
+ self->length += length << 3; /* length is in bits */
|
|
|
+ return;
|
|
|
+ }
|
|
|
+}
|
|
|
+
|
|
|
+static void ripemd160_digest(ripemd160_state *self, unsigned char *out)
|
|
|
+{
|
|
|
+ /* Append the padding */
|
|
|
+ self->buf.b[self->bufpos++] = 0x80;
|
|
|
+
|
|
|
+ if (self->bufpos > 56) {
|
|
|
+ self->bufpos = 64;
|
|
|
+ ripemd160_compress(self);
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Append the length */
|
|
|
+ self->buf.w[14] = (uint32_t) (self->length & 0xFFFFffffu);
|
|
|
+ self->buf.w[15] = (uint32_t) ((self->length >> 32) & 0xFFFFffffu);
|
|
|
+ self->bufpos = 64;
|
|
|
+ ripemd160_compress(self);
|
|
|
+
|
|
|
+ /* Copy the final state into the output buffer */
|
|
|
+ __memcpy(out, &self->h, RIPEMD160_DIGEST_SIZE);
|
|
|
+}
|
|
|
+
|
|
|
+
|
|
|
+void ripemd160(void *in, int inlen, void *out)
|
|
|
+{
|
|
|
+ ripemd160_state state;
|
|
|
+
|
|
|
+ __memset(&state, 0, sizeof(state));
|
|
|
+ __memcpy(&state.h, initial_h, sizeof(initial_h));
|
|
|
+
|
|
|
+ ripemd160_update(&state, in, inlen);
|
|
|
+
|
|
|
+ ripemd160_digest(&state, out);
|
|
|
+}
|
|
|
+
|
|
|
+/* vim:set ts=4 sw=4 sts=4 expandtab: */
|
Sean Young