Annotation of sys/crypto/rmd160.c, Revision 1.1.1.1
1.1 nbrk 1: /* $OpenBSD: rmd160.c,v 1.4 2003/12/14 11:22:35 markus Exp $ */
2: /*
3: * Copyright (c) 2001 Markus Friedl. All rights reserved.
4: *
5: * Redistribution and use in source and binary forms, with or without
6: * modification, are permitted provided that the following conditions
7: * are met:
8: * 1. Redistributions of source code must retain the above copyright
9: * notice, this list of conditions and the following disclaimer.
10: * 2. Redistributions in binary form must reproduce the above copyright
11: * notice, this list of conditions and the following disclaimer in the
12: * documentation and/or other materials provided with the distribution.
13: *
14: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24: */
25: /*
26: * Preneel, Bosselaers, Dobbertin, "The Cryptographic Hash Function RIPEMD-160",
27: * RSA Laboratories, CryptoBytes, Volume 3, Number 2, Autumn 1997,
28: * ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto3n2.pdf
29: */
30: #include <sys/param.h>
31: #include <sys/systm.h>
32: #include <sys/endian.h>
33: #include <crypto/rmd160.h>
34:
35: #define PUT_64BIT_LE(cp, value) do { \
36: (cp)[7] = (value) >> 56; \
37: (cp)[6] = (value) >> 48; \
38: (cp)[5] = (value) >> 40; \
39: (cp)[4] = (value) >> 32; \
40: (cp)[3] = (value) >> 24; \
41: (cp)[2] = (value) >> 16; \
42: (cp)[1] = (value) >> 8; \
43: (cp)[0] = (value); } while (0)
44:
45: #define PUT_32BIT_LE(cp, value) do { \
46: (cp)[3] = (value) >> 24; \
47: (cp)[2] = (value) >> 16; \
48: (cp)[1] = (value) >> 8; \
49: (cp)[0] = (value); } while (0)
50:
51: #define H0 0x67452301U
52: #define H1 0xEFCDAB89U
53: #define H2 0x98BADCFEU
54: #define H3 0x10325476U
55: #define H4 0xC3D2E1F0U
56:
57: #define K0 0x00000000U
58: #define K1 0x5A827999U
59: #define K2 0x6ED9EBA1U
60: #define K3 0x8F1BBCDCU
61: #define K4 0xA953FD4EU
62:
63: #define KK0 0x50A28BE6U
64: #define KK1 0x5C4DD124U
65: #define KK2 0x6D703EF3U
66: #define KK3 0x7A6D76E9U
67: #define KK4 0x00000000U
68:
69: /* rotate x left n bits. */
70: #define ROL(n, x) (((x) << (n)) | ((x) >> (32-(n))))
71:
72: #define F0(x, y, z) ((x) ^ (y) ^ (z))
73: #define F1(x, y, z) (((x) & (y)) | ((~x) & (z)))
74: #define F2(x, y, z) (((x) | (~y)) ^ (z))
75: #define F3(x, y, z) (((x) & (z)) | ((y) & (~z)))
76: #define F4(x, y, z) ((x) ^ ((y) | (~z)))
77:
78: #define R(a, b, c, d, e, Fj, Kj, sj, rj) \
79: do { \
80: a = ROL(sj, a + Fj(b,c,d) + X(rj) + Kj) + e; \
81: c = ROL(10, c); \
82: } while(0)
83:
84: #define X(i) x[i]
85:
86: static u_char PADDING[64] = {
87: 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
88: 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
89: 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
90: };
91:
92: void
93: RMD160Init(RMD160_CTX *ctx)
94: {
95: ctx->count = 0;
96: ctx->state[0] = H0;
97: ctx->state[1] = H1;
98: ctx->state[2] = H2;
99: ctx->state[3] = H3;
100: ctx->state[4] = H4;
101: }
102:
103: void
104: RMD160Update(RMD160_CTX *ctx, const u_char *input, u_int32_t len)
105: {
106: u_int32_t have, off, need;
107:
108: have = (ctx->count/8) % 64;
109: need = 64 - have;
110: ctx->count += 8 * len;
111: off = 0;
112:
113: if (len >= need) {
114: if (have) {
115: memcpy(ctx->buffer + have, input, need);
116: RMD160Transform(ctx->state, ctx->buffer);
117: off = need;
118: have = 0;
119: }
120: /* now the buffer is empty */
121: while (off + 64 <= len) {
122: RMD160Transform(ctx->state, input+off);
123: off += 64;
124: }
125: }
126: if (off < len)
127: memcpy(ctx->buffer + have, input+off, len-off);
128: }
129:
130: void
131: RMD160Final(u_char digest[20], RMD160_CTX *ctx)
132: {
133: int i;
134: u_char size[8];
135: u_int32_t padlen;
136:
137: PUT_64BIT_LE(size, ctx->count);
138:
139: /*
140: * pad to 64 byte blocks, at least one byte from PADDING plus 8 bytes
141: * for the size
142: */
143: padlen = 64 - ((ctx->count/8) % 64);
144: if (padlen < 1 + 8)
145: padlen += 64;
146: RMD160Update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */
147: RMD160Update(ctx, size, 8);
148:
149: if (digest != NULL)
150: for (i = 0; i < 5; i++)
151: PUT_32BIT_LE(digest + i*4, ctx->state[i]);
152:
153: memset(ctx, 0, sizeof (*ctx));
154: }
155:
156: void
157: RMD160Transform(u_int32_t state[5], const u_char block[64])
158: {
159: u_int32_t a, b, c, d, e, aa, bb, cc, dd, ee, t, x[16];
160:
161: #if BYTE_ORDER == LITTLE_ENDIAN
162: memcpy(x, block, 64);
163: #else
164: int i;
165:
166: for (i = 0; i < 16; i++)
167: x[i] = (u_int32_t)(
168: (u_int32_t)(block[i*4 + 0]) |
169: (u_int32_t)(block[i*4 + 1]) << 8 |
170: (u_int32_t)(block[i*4 + 2]) << 16 |
171: (u_int32_t)(block[i*4 + 3]) << 24);
172: #endif
173:
174: a = state[0];
175: b = state[1];
176: c = state[2];
177: d = state[3];
178: e = state[4];
179:
180: /* Round 1 */
181: R(a, b, c, d, e, F0, K0, 11, 0);
182: R(e, a, b, c, d, F0, K0, 14, 1);
183: R(d, e, a, b, c, F0, K0, 15, 2);
184: R(c, d, e, a, b, F0, K0, 12, 3);
185: R(b, c, d, e, a, F0, K0, 5, 4);
186: R(a, b, c, d, e, F0, K0, 8, 5);
187: R(e, a, b, c, d, F0, K0, 7, 6);
188: R(d, e, a, b, c, F0, K0, 9, 7);
189: R(c, d, e, a, b, F0, K0, 11, 8);
190: R(b, c, d, e, a, F0, K0, 13, 9);
191: R(a, b, c, d, e, F0, K0, 14, 10);
192: R(e, a, b, c, d, F0, K0, 15, 11);
193: R(d, e, a, b, c, F0, K0, 6, 12);
194: R(c, d, e, a, b, F0, K0, 7, 13);
195: R(b, c, d, e, a, F0, K0, 9, 14);
196: R(a, b, c, d, e, F0, K0, 8, 15); /* #15 */
197: /* Round 2 */
198: R(e, a, b, c, d, F1, K1, 7, 7);
199: R(d, e, a, b, c, F1, K1, 6, 4);
200: R(c, d, e, a, b, F1, K1, 8, 13);
201: R(b, c, d, e, a, F1, K1, 13, 1);
202: R(a, b, c, d, e, F1, K1, 11, 10);
203: R(e, a, b, c, d, F1, K1, 9, 6);
204: R(d, e, a, b, c, F1, K1, 7, 15);
205: R(c, d, e, a, b, F1, K1, 15, 3);
206: R(b, c, d, e, a, F1, K1, 7, 12);
207: R(a, b, c, d, e, F1, K1, 12, 0);
208: R(e, a, b, c, d, F1, K1, 15, 9);
209: R(d, e, a, b, c, F1, K1, 9, 5);
210: R(c, d, e, a, b, F1, K1, 11, 2);
211: R(b, c, d, e, a, F1, K1, 7, 14);
212: R(a, b, c, d, e, F1, K1, 13, 11);
213: R(e, a, b, c, d, F1, K1, 12, 8); /* #31 */
214: /* Round 3 */
215: R(d, e, a, b, c, F2, K2, 11, 3);
216: R(c, d, e, a, b, F2, K2, 13, 10);
217: R(b, c, d, e, a, F2, K2, 6, 14);
218: R(a, b, c, d, e, F2, K2, 7, 4);
219: R(e, a, b, c, d, F2, K2, 14, 9);
220: R(d, e, a, b, c, F2, K2, 9, 15);
221: R(c, d, e, a, b, F2, K2, 13, 8);
222: R(b, c, d, e, a, F2, K2, 15, 1);
223: R(a, b, c, d, e, F2, K2, 14, 2);
224: R(e, a, b, c, d, F2, K2, 8, 7);
225: R(d, e, a, b, c, F2, K2, 13, 0);
226: R(c, d, e, a, b, F2, K2, 6, 6);
227: R(b, c, d, e, a, F2, K2, 5, 13);
228: R(a, b, c, d, e, F2, K2, 12, 11);
229: R(e, a, b, c, d, F2, K2, 7, 5);
230: R(d, e, a, b, c, F2, K2, 5, 12); /* #47 */
231: /* Round 4 */
232: R(c, d, e, a, b, F3, K3, 11, 1);
233: R(b, c, d, e, a, F3, K3, 12, 9);
234: R(a, b, c, d, e, F3, K3, 14, 11);
235: R(e, a, b, c, d, F3, K3, 15, 10);
236: R(d, e, a, b, c, F3, K3, 14, 0);
237: R(c, d, e, a, b, F3, K3, 15, 8);
238: R(b, c, d, e, a, F3, K3, 9, 12);
239: R(a, b, c, d, e, F3, K3, 8, 4);
240: R(e, a, b, c, d, F3, K3, 9, 13);
241: R(d, e, a, b, c, F3, K3, 14, 3);
242: R(c, d, e, a, b, F3, K3, 5, 7);
243: R(b, c, d, e, a, F3, K3, 6, 15);
244: R(a, b, c, d, e, F3, K3, 8, 14);
245: R(e, a, b, c, d, F3, K3, 6, 5);
246: R(d, e, a, b, c, F3, K3, 5, 6);
247: R(c, d, e, a, b, F3, K3, 12, 2); /* #63 */
248: /* Round 5 */
249: R(b, c, d, e, a, F4, K4, 9, 4);
250: R(a, b, c, d, e, F4, K4, 15, 0);
251: R(e, a, b, c, d, F4, K4, 5, 5);
252: R(d, e, a, b, c, F4, K4, 11, 9);
253: R(c, d, e, a, b, F4, K4, 6, 7);
254: R(b, c, d, e, a, F4, K4, 8, 12);
255: R(a, b, c, d, e, F4, K4, 13, 2);
256: R(e, a, b, c, d, F4, K4, 12, 10);
257: R(d, e, a, b, c, F4, K4, 5, 14);
258: R(c, d, e, a, b, F4, K4, 12, 1);
259: R(b, c, d, e, a, F4, K4, 13, 3);
260: R(a, b, c, d, e, F4, K4, 14, 8);
261: R(e, a, b, c, d, F4, K4, 11, 11);
262: R(d, e, a, b, c, F4, K4, 8, 6);
263: R(c, d, e, a, b, F4, K4, 5, 15);
264: R(b, c, d, e, a, F4, K4, 6, 13); /* #79 */
265:
266: aa = a ; bb = b; cc = c; dd = d; ee = e;
267:
268: a = state[0];
269: b = state[1];
270: c = state[2];
271: d = state[3];
272: e = state[4];
273:
274: /* Parallel round 1 */
275: R(a, b, c, d, e, F4, KK0, 8, 5);
276: R(e, a, b, c, d, F4, KK0, 9, 14);
277: R(d, e, a, b, c, F4, KK0, 9, 7);
278: R(c, d, e, a, b, F4, KK0, 11, 0);
279: R(b, c, d, e, a, F4, KK0, 13, 9);
280: R(a, b, c, d, e, F4, KK0, 15, 2);
281: R(e, a, b, c, d, F4, KK0, 15, 11);
282: R(d, e, a, b, c, F4, KK0, 5, 4);
283: R(c, d, e, a, b, F4, KK0, 7, 13);
284: R(b, c, d, e, a, F4, KK0, 7, 6);
285: R(a, b, c, d, e, F4, KK0, 8, 15);
286: R(e, a, b, c, d, F4, KK0, 11, 8);
287: R(d, e, a, b, c, F4, KK0, 14, 1);
288: R(c, d, e, a, b, F4, KK0, 14, 10);
289: R(b, c, d, e, a, F4, KK0, 12, 3);
290: R(a, b, c, d, e, F4, KK0, 6, 12); /* #15 */
291: /* Parallel round 2 */
292: R(e, a, b, c, d, F3, KK1, 9, 6);
293: R(d, e, a, b, c, F3, KK1, 13, 11);
294: R(c, d, e, a, b, F3, KK1, 15, 3);
295: R(b, c, d, e, a, F3, KK1, 7, 7);
296: R(a, b, c, d, e, F3, KK1, 12, 0);
297: R(e, a, b, c, d, F3, KK1, 8, 13);
298: R(d, e, a, b, c, F3, KK1, 9, 5);
299: R(c, d, e, a, b, F3, KK1, 11, 10);
300: R(b, c, d, e, a, F3, KK1, 7, 14);
301: R(a, b, c, d, e, F3, KK1, 7, 15);
302: R(e, a, b, c, d, F3, KK1, 12, 8);
303: R(d, e, a, b, c, F3, KK1, 7, 12);
304: R(c, d, e, a, b, F3, KK1, 6, 4);
305: R(b, c, d, e, a, F3, KK1, 15, 9);
306: R(a, b, c, d, e, F3, KK1, 13, 1);
307: R(e, a, b, c, d, F3, KK1, 11, 2); /* #31 */
308: /* Parallel round 3 */
309: R(d, e, a, b, c, F2, KK2, 9, 15);
310: R(c, d, e, a, b, F2, KK2, 7, 5);
311: R(b, c, d, e, a, F2, KK2, 15, 1);
312: R(a, b, c, d, e, F2, KK2, 11, 3);
313: R(e, a, b, c, d, F2, KK2, 8, 7);
314: R(d, e, a, b, c, F2, KK2, 6, 14);
315: R(c, d, e, a, b, F2, KK2, 6, 6);
316: R(b, c, d, e, a, F2, KK2, 14, 9);
317: R(a, b, c, d, e, F2, KK2, 12, 11);
318: R(e, a, b, c, d, F2, KK2, 13, 8);
319: R(d, e, a, b, c, F2, KK2, 5, 12);
320: R(c, d, e, a, b, F2, KK2, 14, 2);
321: R(b, c, d, e, a, F2, KK2, 13, 10);
322: R(a, b, c, d, e, F2, KK2, 13, 0);
323: R(e, a, b, c, d, F2, KK2, 7, 4);
324: R(d, e, a, b, c, F2, KK2, 5, 13); /* #47 */
325: /* Parallel round 4 */
326: R(c, d, e, a, b, F1, KK3, 15, 8);
327: R(b, c, d, e, a, F1, KK3, 5, 6);
328: R(a, b, c, d, e, F1, KK3, 8, 4);
329: R(e, a, b, c, d, F1, KK3, 11, 1);
330: R(d, e, a, b, c, F1, KK3, 14, 3);
331: R(c, d, e, a, b, F1, KK3, 14, 11);
332: R(b, c, d, e, a, F1, KK3, 6, 15);
333: R(a, b, c, d, e, F1, KK3, 14, 0);
334: R(e, a, b, c, d, F1, KK3, 6, 5);
335: R(d, e, a, b, c, F1, KK3, 9, 12);
336: R(c, d, e, a, b, F1, KK3, 12, 2);
337: R(b, c, d, e, a, F1, KK3, 9, 13);
338: R(a, b, c, d, e, F1, KK3, 12, 9);
339: R(e, a, b, c, d, F1, KK3, 5, 7);
340: R(d, e, a, b, c, F1, KK3, 15, 10);
341: R(c, d, e, a, b, F1, KK3, 8, 14); /* #63 */
342: /* Parallel round 5 */
343: R(b, c, d, e, a, F0, KK4, 8, 12);
344: R(a, b, c, d, e, F0, KK4, 5, 15);
345: R(e, a, b, c, d, F0, KK4, 12, 10);
346: R(d, e, a, b, c, F0, KK4, 9, 4);
347: R(c, d, e, a, b, F0, KK4, 12, 1);
348: R(b, c, d, e, a, F0, KK4, 5, 5);
349: R(a, b, c, d, e, F0, KK4, 14, 8);
350: R(e, a, b, c, d, F0, KK4, 6, 7);
351: R(d, e, a, b, c, F0, KK4, 8, 6);
352: R(c, d, e, a, b, F0, KK4, 13, 2);
353: R(b, c, d, e, a, F0, KK4, 6, 13);
354: R(a, b, c, d, e, F0, KK4, 5, 14);
355: R(e, a, b, c, d, F0, KK4, 15, 0);
356: R(d, e, a, b, c, F0, KK4, 13, 3);
357: R(c, d, e, a, b, F0, KK4, 11, 9);
358: R(b, c, d, e, a, F0, KK4, 11, 11); /* #79 */
359:
360: t = state[1] + cc + d;
361: state[1] = state[2] + dd + e;
362: state[2] = state[3] + ee + a;
363: state[3] = state[4] + aa + b;
364: state[4] = state[0] + bb + c;
365: state[0] = t;
366: }
CVSweb