1/********************************************************************\
2 *  FILE:     rmd160.c
3 *  CONTENTS: A sample C-implementation of the RIPEMD-160 hash-function.
4 *  TARGET:   any computer with an ANSI C compiler
5 *  AUTHOR:   Antoon Bosselaers, Dept. Electrical Eng.-ESAT/COSIC
6 *  DATE:     1 March 1996       VERSION:  1.0
7 **********************************************************************
8 * Copyright (c) Katholieke Universiteit Leuven 1996, All Rights Reserved
9 * The Katholieke Universiteit Leuven makes no representations concerning
10 * either the merchantability of this software or the suitability of this
11 * software for any particular purpose. It is provided "as is" without
12 * express or implied warranty of any kind. These notices must be retained
13 * in any copies of any part of this documentation and/or software.
14\********************************************************************/
15
16/* header files */
17#include <stdio.h>
18#include <stdlib.h>
19#include <string.h>
20#include "rmd160.h"
21
22/********************************************************************/
23void MDinit(word *MDbuf)
24/* Initialization of the 5-word MDbuf array to the magic
25   initialization constants
26 */
27{
28   MDbuf[0] = 0x67452301UL;
29   MDbuf[1] = 0xefcdab89UL;
30   MDbuf[2] = 0x98badcfeUL;
31   MDbuf[3] = 0x10325476UL;
32   MDbuf[4] = 0xc3d2e1f0UL;
33}
34
35/********************************************************************/
36void MDcompress(word *MDbuf, word *X)
37/* The compression function is called for every complete 64-byte
38   message block. The 5-word internal state MDbuf is updated using
39   message words X[0] through X[15]. The conversion from a string
40   of 64 bytes to an array of 16 words using a Little-endian
41   convention is the responsibility of the calling function.
42*/
43{
44   /* make two copies of the old state */
45   word aa = MDbuf[0],  bb = MDbuf[1],  cc = MDbuf[2],
46        dd = MDbuf[3],  ee = MDbuf[4];
47   word aaa = MDbuf[0], bbb = MDbuf[1], ccc = MDbuf[2],
48        ddd = MDbuf[3], eee = MDbuf[4];
49
50   /* round 1 */
51   FF1(aa, bb, cc, dd, ee, X[ 0], 11);
52   FF1(ee, aa, bb, cc, dd, X[ 1], 14);
53   FF1(dd, ee, aa, bb, cc, X[ 2], 15);
54   FF1(cc, dd, ee, aa, bb, X[ 3], 12);
55   FF1(bb, cc, dd, ee, aa, X[ 4],  5);
56   FF1(aa, bb, cc, dd, ee, X[ 5],  8);
57   FF1(ee, aa, bb, cc, dd, X[ 6],  7);
58   FF1(dd, ee, aa, bb, cc, X[ 7],  9);
59   FF1(cc, dd, ee, aa, bb, X[ 8], 11);
60   FF1(bb, cc, dd, ee, aa, X[ 9], 13);
61   FF1(aa, bb, cc, dd, ee, X[10], 14);
62   FF1(ee, aa, bb, cc, dd, X[11], 15);
63   FF1(dd, ee, aa, bb, cc, X[12],  6);
64   FF1(cc, dd, ee, aa, bb, X[13],  7);
65   FF1(bb, cc, dd, ee, aa, X[14],  9);
66   FF1(aa, bb, cc, dd, ee, X[15],  8);
67
68   /* round 2 */
69   FF2(ee, aa, bb, cc, dd, X[ 7],  7);
70   FF2(dd, ee, aa, bb, cc, X[ 4],  6);
71   FF2(cc, dd, ee, aa, bb, X[13],  8);
72   FF2(bb, cc, dd, ee, aa, X[ 1], 13);
73   FF2(aa, bb, cc, dd, ee, X[10], 11);
74   FF2(ee, aa, bb, cc, dd, X[ 6],  9);
75   FF2(dd, ee, aa, bb, cc, X[15],  7);
76   FF2(cc, dd, ee, aa, bb, X[ 3], 15);
77   FF2(bb, cc, dd, ee, aa, X[12],  7);
78   FF2(aa, bb, cc, dd, ee, X[ 0], 12);
79   FF2(ee, aa, bb, cc, dd, X[ 9], 15);
80   FF2(dd, ee, aa, bb, cc, X[ 5],  9);
81   FF2(cc, dd, ee, aa, bb, X[ 2], 11);
82   FF2(bb, cc, dd, ee, aa, X[14],  7);
83   FF2(aa, bb, cc, dd, ee, X[11], 13);
84   FF2(ee, aa, bb, cc, dd, X[ 8], 12);
85
86   /* round 3 */
87   FF3(dd, ee, aa, bb, cc, X[ 3], 11);
88   FF3(cc, dd, ee, aa, bb, X[10], 13);
89   FF3(bb, cc, dd, ee, aa, X[14],  6);
90   FF3(aa, bb, cc, dd, ee, X[ 4],  7);
91   FF3(ee, aa, bb, cc, dd, X[ 9], 14);
92   FF3(dd, ee, aa, bb, cc, X[15],  9);
93   FF3(cc, dd, ee, aa, bb, X[ 8], 13);
94   FF3(bb, cc, dd, ee, aa, X[ 1], 15);
95   FF3(aa, bb, cc, dd, ee, X[ 2], 14);
96   FF3(ee, aa, bb, cc, dd, X[ 7],  8);
97   FF3(dd, ee, aa, bb, cc, X[ 0], 13);
98   FF3(cc, dd, ee, aa, bb, X[ 6],  6);
99   FF3(bb, cc, dd, ee, aa, X[13],  5);
100   FF3(aa, bb, cc, dd, ee, X[11], 12);
101   FF3(ee, aa, bb, cc, dd, X[ 5],  7);
102   FF3(dd, ee, aa, bb, cc, X[12],  5);
103
104   /* round 4 */
105   FF4(cc, dd, ee, aa, bb, X[ 1], 11);
106   FF4(bb, cc, dd, ee, aa, X[ 9], 12);
107   FF4(aa, bb, cc, dd, ee, X[11], 14);
108   FF4(ee, aa, bb, cc, dd, X[10], 15);
109   FF4(dd, ee, aa, bb, cc, X[ 0], 14);
110   FF4(cc, dd, ee, aa, bb, X[ 8], 15);
111   FF4(bb, cc, dd, ee, aa, X[12],  9);
112   FF4(aa, bb, cc, dd, ee, X[ 4],  8);
113   FF4(ee, aa, bb, cc, dd, X[13],  9);
114   FF4(dd, ee, aa, bb, cc, X[ 3], 14);
115   FF4(cc, dd, ee, aa, bb, X[ 7],  5);
116   FF4(bb, cc, dd, ee, aa, X[15],  6);
117   FF4(aa, bb, cc, dd, ee, X[14],  8);
118   FF4(ee, aa, bb, cc, dd, X[ 5],  6);
119   FF4(dd, ee, aa, bb, cc, X[ 6],  5);
120   FF4(cc, dd, ee, aa, bb, X[ 2], 12);
121
122   /* round 5 */
123   FF5(bb, cc, dd, ee, aa, X[ 4],  9);
124   FF5(aa, bb, cc, dd, ee, X[ 0], 15);
125   FF5(ee, aa, bb, cc, dd, X[ 5],  5);
126   FF5(dd, ee, aa, bb, cc, X[ 9], 11);
127   FF5(cc, dd, ee, aa, bb, X[ 7],  6);
128   FF5(bb, cc, dd, ee, aa, X[12],  8);
129   FF5(aa, bb, cc, dd, ee, X[ 2], 13);
130   FF5(ee, aa, bb, cc, dd, X[10], 12);
131   FF5(dd, ee, aa, bb, cc, X[14],  5);
132   FF5(cc, dd, ee, aa, bb, X[ 1], 12);
133   FF5(bb, cc, dd, ee, aa, X[ 3], 13);
134   FF5(aa, bb, cc, dd, ee, X[ 8], 14);
135   FF5(ee, aa, bb, cc, dd, X[11], 11);
136   FF5(dd, ee, aa, bb, cc, X[ 6],  8);
137   FF5(cc, dd, ee, aa, bb, X[15],  5);
138   FF5(bb, cc, dd, ee, aa, X[13],  6);
139
140   /* parallel round 1 */
141   FFF5(aaa, bbb, ccc, ddd, eee, X[ 5],  8);
142   FFF5(eee, aaa, bbb, ccc, ddd, X[14],  9);
143   FFF5(ddd, eee, aaa, bbb, ccc, X[ 7],  9);
144   FFF5(ccc, ddd, eee, aaa, bbb, X[ 0], 11);
145   FFF5(bbb, ccc, ddd, eee, aaa, X[ 9], 13);
146   FFF5(aaa, bbb, ccc, ddd, eee, X[ 2], 15);
147   FFF5(eee, aaa, bbb, ccc, ddd, X[11], 15);
148   FFF5(ddd, eee, aaa, bbb, ccc, X[ 4],  5);
149   FFF5(ccc, ddd, eee, aaa, bbb, X[13],  7);
150   FFF5(bbb, ccc, ddd, eee, aaa, X[ 6],  7);
151   FFF5(aaa, bbb, ccc, ddd, eee, X[15],  8);
152   FFF5(eee, aaa, bbb, ccc, ddd, X[ 8], 11);
153   FFF5(ddd, eee, aaa, bbb, ccc, X[ 1], 14);
154   FFF5(ccc, ddd, eee, aaa, bbb, X[10], 14);
155   FFF5(bbb, ccc, ddd, eee, aaa, X[ 3], 12);
156   FFF5(aaa, bbb, ccc, ddd, eee, X[12],  6);
157
158   /* parallel round 2 */
159   FFF4(eee, aaa, bbb, ccc, ddd, X[ 6],  9);
160   FFF4(ddd, eee, aaa, bbb, ccc, X[11], 13);
161   FFF4(ccc, ddd, eee, aaa, bbb, X[ 3], 15);
162   FFF4(bbb, ccc, ddd, eee, aaa, X[ 7],  7);
163   FFF4(aaa, bbb, ccc, ddd, eee, X[ 0], 12);
164   FFF4(eee, aaa, bbb, ccc, ddd, X[13],  8);
165   FFF4(ddd, eee, aaa, bbb, ccc, X[ 5],  9);
166   FFF4(ccc, ddd, eee, aaa, bbb, X[10], 11);
167   FFF4(bbb, ccc, ddd, eee, aaa, X[14],  7);
168   FFF4(aaa, bbb, ccc, ddd, eee, X[15],  7);
169   FFF4(eee, aaa, bbb, ccc, ddd, X[ 8], 12);
170   FFF4(ddd, eee, aaa, bbb, ccc, X[12],  7);
171   FFF4(ccc, ddd, eee, aaa, bbb, X[ 4],  6);
172   FFF4(bbb, ccc, ddd, eee, aaa, X[ 9], 15);
173   FFF4(aaa, bbb, ccc, ddd, eee, X[ 1], 13);
174   FFF4(eee, aaa, bbb, ccc, ddd, X[ 2], 11);
175
176   /* parallel round 3 */
177   FFF3(ddd, eee, aaa, bbb, ccc, X[15],  9);
178   FFF3(ccc, ddd, eee, aaa, bbb, X[ 5],  7);
179   FFF3(bbb, ccc, ddd, eee, aaa, X[ 1], 15);
180   FFF3(aaa, bbb, ccc, ddd, eee, X[ 3], 11);
181   FFF3(eee, aaa, bbb, ccc, ddd, X[ 7],  8);
182   FFF3(ddd, eee, aaa, bbb, ccc, X[14],  6);
183   FFF3(ccc, ddd, eee, aaa, bbb, X[ 6],  6);
184   FFF3(bbb, ccc, ddd, eee, aaa, X[ 9], 14);
185   FFF3(aaa, bbb, ccc, ddd, eee, X[11], 12);
186   FFF3(eee, aaa, bbb, ccc, ddd, X[ 8], 13);
187   FFF3(ddd, eee, aaa, bbb, ccc, X[12],  5);
188   FFF3(ccc, ddd, eee, aaa, bbb, X[ 2], 14);
189   FFF3(bbb, ccc, ddd, eee, aaa, X[10], 13);
190   FFF3(aaa, bbb, ccc, ddd, eee, X[ 0], 13);
191   FFF3(eee, aaa, bbb, ccc, ddd, X[ 4],  7);
192   FFF3(ddd, eee, aaa, bbb, ccc, X[13],  5);
193
194   /* parallel round 4 */
195   FFF2(ccc, ddd, eee, aaa, bbb, X[ 8], 15);
196   FFF2(bbb, ccc, ddd, eee, aaa, X[ 6],  5);
197   FFF2(aaa, bbb, ccc, ddd, eee, X[ 4],  8);
198   FFF2(eee, aaa, bbb, ccc, ddd, X[ 1], 11);
199   FFF2(ddd, eee, aaa, bbb, ccc, X[ 3], 14);
200   FFF2(ccc, ddd, eee, aaa, bbb, X[11], 14);
201   FFF2(bbb, ccc, ddd, eee, aaa, X[15],  6);
202   FFF2(aaa, bbb, ccc, ddd, eee, X[ 0], 14);
203   FFF2(eee, aaa, bbb, ccc, ddd, X[ 5],  6);
204   FFF2(ddd, eee, aaa, bbb, ccc, X[12],  9);
205   FFF2(ccc, ddd, eee, aaa, bbb, X[ 2], 12);
206   FFF2(bbb, ccc, ddd, eee, aaa, X[13],  9);
207   FFF2(aaa, bbb, ccc, ddd, eee, X[ 9], 12);
208   FFF2(eee, aaa, bbb, ccc, ddd, X[ 7],  5);
209   FFF2(ddd, eee, aaa, bbb, ccc, X[10], 15);
210   FFF2(ccc, ddd, eee, aaa, bbb, X[14],  8);
211
212   /* parallel round 5 */
213   FFF1(bbb, ccc, ddd, eee, aaa, X[12] ,  8);
214   FFF1(aaa, bbb, ccc, ddd, eee, X[15] ,  5);
215   FFF1(eee, aaa, bbb, ccc, ddd, X[10] , 12);
216   FFF1(ddd, eee, aaa, bbb, ccc, X[ 4] ,  9);
217   FFF1(ccc, ddd, eee, aaa, bbb, X[ 1] , 12);
218   FFF1(bbb, ccc, ddd, eee, aaa, X[ 5] ,  5);
219   FFF1(aaa, bbb, ccc, ddd, eee, X[ 8] , 14);
220   FFF1(eee, aaa, bbb, ccc, ddd, X[ 7] ,  6);
221   FFF1(ddd, eee, aaa, bbb, ccc, X[ 6] ,  8);
222   FFF1(ccc, ddd, eee, aaa, bbb, X[ 2] , 13);
223   FFF1(bbb, ccc, ddd, eee, aaa, X[13] ,  6);
224   FFF1(aaa, bbb, ccc, ddd, eee, X[14] ,  5);
225   FFF1(eee, aaa, bbb, ccc, ddd, X[ 0] , 15);
226   FFF1(ddd, eee, aaa, bbb, ccc, X[ 3] , 13);
227   FFF1(ccc, ddd, eee, aaa, bbb, X[ 9] , 11);
228   FFF1(bbb, ccc, ddd, eee, aaa, X[11] , 11);
229
230   /* combine results into new state */
231   ddd += cc + MDbuf[1];
232   MDbuf[1] = MDbuf[2] + dd + eee;
233   MDbuf[2] = MDbuf[3] + ee + aaa;
234   MDbuf[3] = MDbuf[4] + aa + bbb;
235   MDbuf[4] = MDbuf[0] + bb + ccc;
236   MDbuf[0] = ddd;
237}
238
239/********************************************************************/
240void MDfinish(word *MDbuf, byte *string, word lswlen, word mswlen)
241/* The final value of the 5-word MDbuf array is calculated.
242   lswlen and mswlen contain, respectively, the least and most significant
243   32 bits of the message bit length mod 2^64, and string is an incomplete
244   block containing the (lswlen mod 512) remaining message bits.
245   (In case the message is already a multiple of 512 bits, string
246   is not used.) The conversion of the 5-word final state MDbuf to
247   the 20-byte hash result using a Little-endian convention is the
248   responsibility of the calling function.
249*/
250{
251   size_t i, length;
252   byte   mask;
253   word   X[16];
254
255   /* clear 16-word message block */
256   memset(X, 0, 16*sizeof(word));
257
258   /* copy (lswlen mod 512) bits from string into X */
259   length = ((lswlen&511)+7)/8; /* number of bytes */
260   mask = (lswlen&7) ? ((byte)1 << (lswlen&7)) - 1 : 0xff;
261   for (i=0; i<length; i++) {
262      /* byte i goes into word X[i div 4] at bit position 8*(i mod 4) */
263      if (i == length-1)
264         X[i>>2] ^= (word) (*string&mask) << (8*(i&3));
265      else
266         X[i>>2] ^= (word) *string++ << (8*(i&3));
267   }
268
269   /* append a single 1 */
270   X[(lswlen>>5)&15] ^= (word)1 << (8*((lswlen>>3)&3)+7-(lswlen&7));
271
272   if ((lswlen & 511) > 447) {
273      /* length doesn't fit in this block anymore.
274         Compress, and put length in the next block */
275      MDcompress(MDbuf, X);
276      memset(X, 0, 16*sizeof(word));
277   }
278  /* append length in bits*/
279   X[14] = lswlen;
280   X[15] = mswlen;
281   MDcompress(MDbuf, X);
282}
283
284/************************ end of file rmd160.c **********************/
285
286