ripemd.c (42449B)
1 /* ripemd.c 2 * 3 * Copyright (C) 2000,2001 Nikos Mavroyanopoulos 4 * 5 * This library is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU Library General Public License as published 7 * by the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This library is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 * Library General Public License for more details. 14 * 15 * You should have received a copy of the GNU Library General Public 16 * License along with this library; if not, write to the 17 * Free Software Foundation, Inc., 59 Temple Place - Suite 330, 18 * Boston, MA 02111-1307, USA. 19 */ 20 21 22 /* 23 * RIPEMD-160 is a 160-bit cryptographic hash function, designed by Hans 24 * Dobbertin, Antoon Bosselaers, and Bart Preneel. It is intended to be 25 * used as a secure replacement for the 128-bit hash functions MD4, MD5, 26 * and RIPEMD 27 * See also: http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html 28 * 29 * RIPEMD-128 is a plug-in substitute for RIPEMD (or MD4 and MD5, for 30 * that matter) with a 128-bit result. 128-bit hash results do not 31 * offer sufficient protection for the next ten years, and 32 * applications using 128-bit hash functions should consider upgrading 33 * to a 160-bit hash function. 34 * 35 * RIPEMD-256 and RIPEMD-320 are optional extensions of, respectively, 36 * RIPEMD-128 and RIPEMD-160, and are intended for applications of 37 * hash functions that require a longer hash result without needing a 38 * larger security level. 39 */ 40 41 /* Implementation of the RIPE-MD Hash Algorithms. 42 * Based on the SHA-1 implementation, (C) by A.M. Kuchling 43 * 44 * The ripemd160 code was written by Nikos Mavroyanopoulos, the code 45 * for ripemd128, ripemd256 and ripemd320 was added by B. Poettering 46 * in April 2004. 47 */ 48 49 #include <stdio.h> 50 #include <string.h> 51 #include <errno.h> 52 53 #include "ripemd.h" 54 55 /* 32-bit rotate left - kludged with shifts */ 56 #define ROTL(n,X) (((X)<<(n))|((X)>>(32-(n)))) 57 58 #define f0(x,y,z) (x^y^z) 59 //#define f16(x,y,z) ((x&y)|(~(x) & z)) 60 #define f16(x,y,z) ((z)^((x)&((y)^(z)))) 61 #define f32(x,y,z) ((x|~(y))^z) 62 //#define f48(x,y,z) ((x&z)|(y&~(z))) 63 #define f48(x,y,z) ((y)^((z)&((x)^(y)))) 64 #define f64(x,y,z) (x^(y|(~z))) 65 66 #define K0 0x00000000 67 #define K1 0x5A827999 /* 2^30 * sqrt(2) */ 68 #define K2 0x6ED9EBA1 /* 2^30 * sqrt(3) */ 69 #define K3 0x8F1BBCDC /* 2^30 * sqrt(5) */ 70 #define K4 0xA953FD4E /* 2^30 * sqrt(7) */ 71 72 #define KK0 0x50A28BE6 /* 2^30 * cbrt(2) */ 73 #define KK1 0x5C4DD124 /* 2^30 * cbrt(3) */ 74 #define KK2 0x6D703EF3 /* 2^30 * cbrt(5) */ 75 #define KK3 0x7A6D76E9 /* 2^30 * cbrt(7) */ 76 #define KK4 0x00000000 77 78 #define h0init 0x67452301 79 #define h1init 0xEFCDAB89 80 #define h2init 0x98BADCFE 81 #define h3init 0x10325476 82 #define h4init 0xC3D2E1F0 83 #define h5init 0x76543210 84 #define h6init 0xFEDCBA98 85 #define h7init 0x89ABCDEF 86 #define h8init 0x01234567 87 #define h9init 0x3C2D1E0F 88 89 90 /* Initialize the RIPEMD values */ 91 92 void ripemd_init(struct ripemd_ctx *ctx) 93 { 94 /* Set the h-vars to their initial values */ 95 ctx->digest[0] = h0init; 96 ctx->digest[1] = h1init; 97 ctx->digest[2] = h2init; 98 ctx->digest[3] = h3init; 99 100 /* Initialize bit count */ 101 ctx->bitcount = 0; 102 103 /* Initialize buffer */ 104 ctx->index = 0; 105 } 106 107 void ripemd128_init(struct ripemd_ctx *ctx) 108 { 109 ripemd_init(ctx); 110 ctx->digest_len = 8 * RIPEMD128_DIGESTSIZE; 111 } 112 113 void ripemd160_init(struct ripemd_ctx *ctx) 114 { 115 ripemd_init(ctx); 116 ctx->digest[4] = h4init; 117 ctx->digest_len = 8 * RIPEMD160_DIGESTSIZE; 118 } 119 120 void ripemd256_init(struct ripemd_ctx *ctx) 121 { 122 ripemd_init(ctx); 123 ctx->digest[4] = h5init; 124 ctx->digest[5] = h6init; 125 ctx->digest[6] = h7init; 126 ctx->digest[7] = h8init; 127 ctx->digest_len = 8 * RIPEMD256_DIGESTSIZE; 128 } 129 130 void ripemd320_init(struct ripemd_ctx *ctx) 131 { 132 ripemd_init(ctx); 133 ctx->digest[4] = h4init; 134 ctx->digest[5] = h5init; 135 ctx->digest[6] = h6init; 136 ctx->digest[7] = h7init; 137 ctx->digest[8] = h8init; 138 ctx->digest[9] = h9init; 139 ctx->digest_len = 8 * RIPEMD320_DIGESTSIZE; 140 } 141 142 143 /* The RIPEMD core functions */ 144 145 #define subRound128(a, b, c, d, f, k, r, data) \ 146 ( a = ROTL( r, a + f(b,c,d) + data + k)) 147 148 #define subRound160(a, b, c, d, e, f, k, r, data) \ 149 ( a = ROTL( r, a + f(b,c,d) + data + k) + e, c = ROTL(10, c) ) 150 151 static void ripemd128_transform(struct ripemd_ctx *ctx, mutils_word32 * data) 152 { 153 mutils_word32 A, B, C, D; /* Local vars */ 154 mutils_word32 AA, BB, CC, DD; /* Local vars */ 155 mutils_word32 T; 156 157 /* Set up first buffer and local data buffer */ 158 A = AA = ctx->digest[0]; 159 B = BB = ctx->digest[1]; 160 C = CC = ctx->digest[2]; 161 D = DD = ctx->digest[3]; 162 163 /* j=0...15 */ 164 subRound128(A, B, C, D, f0, K0, 11, data[0]); 165 subRound128(D, A, B, C, f0, K0, 14, data[1]); 166 subRound128(C, D, A, B, f0, K0, 15, data[2]); 167 subRound128(B, C, D, A, f0, K0, 12, data[3]); 168 subRound128(A, B, C, D, f0, K0, 5, data[4]); 169 subRound128(D, A, B, C, f0, K0, 8, data[5]); 170 subRound128(C, D, A, B, f0, K0, 7, data[6]); 171 subRound128(B, C, D, A, f0, K0, 9, data[7]); 172 subRound128(A, B, C, D, f0, K0, 11, data[8]); 173 subRound128(D, A, B, C, f0, K0, 13, data[9]); 174 subRound128(C, D, A, B, f0, K0, 14, data[10]); 175 subRound128(B, C, D, A, f0, K0, 15, data[11]); 176 subRound128(A, B, C, D, f0, K0, 6, data[12]); 177 subRound128(D, A, B, C, f0, K0, 7, data[13]); 178 subRound128(C, D, A, B, f0, K0, 9, data[14]); 179 subRound128(B, C, D, A, f0, K0, 8, data[15]); 180 181 subRound128(AA, BB, CC, DD, f48, KK0, 8, data[5]); 182 subRound128(DD, AA, BB, CC, f48, KK0, 9, data[14]); 183 subRound128(CC, DD, AA, BB, f48, KK0, 9, data[7]); 184 subRound128(BB, CC, DD, AA, f48, KK0, 11, data[0]); 185 subRound128(AA, BB, CC, DD, f48, KK0, 13, data[9]); 186 subRound128(DD, AA, BB, CC, f48, KK0, 15, data[2]); 187 subRound128(CC, DD, AA, BB, f48, KK0, 15, data[11]); 188 subRound128(BB, CC, DD, AA, f48, KK0, 5, data[4]); 189 subRound128(AA, BB, CC, DD, f48, KK0, 7, data[13]); 190 subRound128(DD, AA, BB, CC, f48, KK0, 7, data[6]); 191 subRound128(CC, DD, AA, BB, f48, KK0, 8, data[15]); 192 subRound128(BB, CC, DD, AA, f48, KK0, 11, data[8]); 193 subRound128(AA, BB, CC, DD, f48, KK0, 14, data[1]); 194 subRound128(DD, AA, BB, CC, f48, KK0, 14, data[10]); 195 subRound128(CC, DD, AA, BB, f48, KK0, 12, data[3]); 196 subRound128(BB, CC, DD, AA, f48, KK0, 6, data[12]); 197 198 /* j=16...31 */ 199 subRound128(A, B, C, D, f16, K1, 7, data[7]); 200 subRound128(D, A, B, C, f16, K1, 6, data[4]); 201 subRound128(C, D, A, B, f16, K1, 8, data[13]); 202 subRound128(B, C, D, A, f16, K1, 13, data[1]); 203 subRound128(A, B, C, D, f16, K1, 11, data[10]); 204 subRound128(D, A, B, C, f16, K1, 9, data[6]); 205 subRound128(C, D, A, B, f16, K1, 7, data[15]); 206 subRound128(B, C, D, A, f16, K1, 15, data[3]); 207 subRound128(A, B, C, D, f16, K1, 7, data[12]); 208 subRound128(D, A, B, C, f16, K1, 12, data[0]); 209 subRound128(C, D, A, B, f16, K1, 15, data[9]); 210 subRound128(B, C, D, A, f16, K1, 9, data[5]); 211 subRound128(A, B, C, D, f16, K1, 11, data[2]); 212 subRound128(D, A, B, C, f16, K1, 7, data[14]); 213 subRound128(C, D, A, B, f16, K1, 13, data[11]); 214 subRound128(B, C, D, A, f16, K1, 12, data[8]); 215 216 subRound128(AA, BB, CC, DD, f32, KK1, 9, data[6]); 217 subRound128(DD, AA, BB, CC, f32, KK1, 13, data[11]); 218 subRound128(CC, DD, AA, BB, f32, KK1, 15, data[3]); 219 subRound128(BB, CC, DD, AA, f32, KK1, 7, data[7]); 220 subRound128(AA, BB, CC, DD, f32, KK1, 12, data[0]); 221 subRound128(DD, AA, BB, CC, f32, KK1, 8, data[13]); 222 subRound128(CC, DD, AA, BB, f32, KK1, 9, data[5]); 223 subRound128(BB, CC, DD, AA, f32, KK1, 11, data[10]); 224 subRound128(AA, BB, CC, DD, f32, KK1, 7, data[14]); 225 subRound128(DD, AA, BB, CC, f32, KK1, 7, data[15]); 226 subRound128(CC, DD, AA, BB, f32, KK1, 12, data[8]); 227 subRound128(BB, CC, DD, AA, f32, KK1, 7, data[12]); 228 subRound128(AA, BB, CC, DD, f32, KK1, 6, data[4]); 229 subRound128(DD, AA, BB, CC, f32, KK1, 15, data[9]); 230 subRound128(CC, DD, AA, BB, f32, KK1, 13, data[1]); 231 subRound128(BB, CC, DD, AA, f32, KK1, 11, data[2]); 232 233 /* j=32...47 */ 234 subRound128(A, B, C, D, f32, K2, 11, data[3]); 235 subRound128(D, A, B, C, f32, K2, 13, data[10]); 236 subRound128(C, D, A, B, f32, K2, 6, data[14]); 237 subRound128(B, C, D, A, f32, K2, 7, data[4]); 238 subRound128(A, B, C, D, f32, K2, 14, data[9]); 239 subRound128(D, A, B, C, f32, K2, 9, data[15]); 240 subRound128(C, D, A, B, f32, K2, 13, data[8]); 241 subRound128(B, C, D, A, f32, K2, 15, data[1]); 242 subRound128(A, B, C, D, f32, K2, 14, data[2]); 243 subRound128(D, A, B, C, f32, K2, 8, data[7]); 244 subRound128(C, D, A, B, f32, K2, 13, data[0]); 245 subRound128(B, C, D, A, f32, K2, 6, data[6]); 246 subRound128(A, B, C, D, f32, K2, 5, data[13]); 247 subRound128(D, A, B, C, f32, K2, 12, data[11]); 248 subRound128(C, D, A, B, f32, K2, 7, data[5]); 249 subRound128(B, C, D, A, f32, K2, 5, data[12]); 250 251 subRound128(AA, BB, CC, DD, f16, KK2, 9, data[15]); 252 subRound128(DD, AA, BB, CC, f16, KK2, 7, data[5]); 253 subRound128(CC, DD, AA, BB, f16, KK2, 15, data[1]); 254 subRound128(BB, CC, DD, AA, f16, KK2, 11, data[3]); 255 subRound128(AA, BB, CC, DD, f16, KK2, 8, data[7]); 256 subRound128(DD, AA, BB, CC, f16, KK2, 6, data[14]); 257 subRound128(CC, DD, AA, BB, f16, KK2, 6, data[6]); 258 subRound128(BB, CC, DD, AA, f16, KK2, 14, data[9]); 259 subRound128(AA, BB, CC, DD, f16, KK2, 12, data[11]); 260 subRound128(DD, AA, BB, CC, f16, KK2, 13, data[8]); 261 subRound128(CC, DD, AA, BB, f16, KK2, 5, data[12]); 262 subRound128(BB, CC, DD, AA, f16, KK2, 14, data[2]); 263 subRound128(AA, BB, CC, DD, f16, KK2, 13, data[10]); 264 subRound128(DD, AA, BB, CC, f16, KK2, 13, data[0]); 265 subRound128(CC, DD, AA, BB, f16, KK2, 7, data[4]); 266 subRound128(BB, CC, DD, AA, f16, KK2, 5, data[13]); 267 268 /* j=48...63 */ 269 subRound128(A, B, C, D, f48, K3, 11, data[1]); 270 subRound128(D, A, B, C, f48, K3, 12, data[9]); 271 subRound128(C, D, A, B, f48, K3, 14, data[11]); 272 subRound128(B, C, D, A, f48, K3, 15, data[10]); 273 subRound128(A, B, C, D, f48, K3, 14, data[0]); 274 subRound128(D, A, B, C, f48, K3, 15, data[8]); 275 subRound128(C, D, A, B, f48, K3, 9, data[12]); 276 subRound128(B, C, D, A, f48, K3, 8, data[4]); 277 subRound128(A, B, C, D, f48, K3, 9, data[13]); 278 subRound128(D, A, B, C, f48, K3, 14, data[3]); 279 subRound128(C, D, A, B, f48, K3, 5, data[7]); 280 subRound128(B, C, D, A, f48, K3, 6, data[15]); 281 subRound128(A, B, C, D, f48, K3, 8, data[14]); 282 subRound128(D, A, B, C, f48, K3, 6, data[5]); 283 subRound128(C, D, A, B, f48, K3, 5, data[6]); 284 subRound128(B, C, D, A, f48, K3, 12, data[2]); 285 286 subRound128(AA, BB, CC, DD, f0, KK4, 15, data[8]); 287 subRound128(DD, AA, BB, CC, f0, KK4, 5, data[6]); 288 subRound128(CC, DD, AA, BB, f0, KK4, 8, data[4]); 289 subRound128(BB, CC, DD, AA, f0, KK4, 11, data[1]); 290 subRound128(AA, BB, CC, DD, f0, KK4, 14, data[3]); 291 subRound128(DD, AA, BB, CC, f0, KK4, 14, data[11]); 292 subRound128(CC, DD, AA, BB, f0, KK4, 6, data[15]); 293 subRound128(BB, CC, DD, AA, f0, KK4, 14, data[0]); 294 subRound128(AA, BB, CC, DD, f0, KK4, 6, data[5]); 295 subRound128(DD, AA, BB, CC, f0, KK4, 9, data[12]); 296 subRound128(CC, DD, AA, BB, f0, KK4, 12, data[2]); 297 subRound128(BB, CC, DD, AA, f0, KK4, 9, data[13]); 298 subRound128(AA, BB, CC, DD, f0, KK4, 12, data[9]); 299 subRound128(DD, AA, BB, CC, f0, KK4, 5, data[7]); 300 subRound128(CC, DD, AA, BB, f0, KK4, 15, data[10]); 301 subRound128(BB, CC, DD, AA, f0, KK4, 8, data[14]); 302 303 T = ctx->digest[1] + DD + C; 304 ctx->digest[1] = ctx->digest[2] + AA + D; 305 ctx->digest[2] = ctx->digest[3] + BB + A; 306 ctx->digest[3] = ctx->digest[0] + CC + B; 307 ctx->digest[0] = T; 308 } 309 310 static void ripemd160_transform(struct ripemd_ctx *ctx, mutils_word32 * data) 311 { 312 mutils_word32 A, B, C, D, E; /* Local vars */ 313 mutils_word32 AA, BB, CC, DD, EE; /* Local vars */ 314 mutils_word32 T; 315 316 /* Set up first buffer and local data buffer */ 317 A = AA = ctx->digest[0]; 318 B = BB = ctx->digest[1]; 319 C = CC = ctx->digest[2]; 320 D = DD = ctx->digest[3]; 321 E = EE = ctx->digest[4]; 322 323 /* j=0...15 */ 324 subRound160(A, B, C, D, E, f0, K0, 11, data[0]); 325 subRound160(E, A, B, C, D, f0, K0, 14, data[1]); 326 subRound160(D, E, A, B, C, f0, K0, 15, data[2]); 327 subRound160(C, D, E, A, B, f0, K0, 12, data[3]); 328 subRound160(B, C, D, E, A, f0, K0, 5, data[4]); 329 subRound160(A, B, C, D, E, f0, K0, 8, data[5]); 330 subRound160(E, A, B, C, D, f0, K0, 7, data[6]); 331 subRound160(D, E, A, B, C, f0, K0, 9, data[7]); 332 subRound160(C, D, E, A, B, f0, K0, 11, data[8]); 333 subRound160(B, C, D, E, A, f0, K0, 13, data[9]); 334 subRound160(A, B, C, D, E, f0, K0, 14, data[10]); 335 subRound160(E, A, B, C, D, f0, K0, 15, data[11]); 336 subRound160(D, E, A, B, C, f0, K0, 6, data[12]); 337 subRound160(C, D, E, A, B, f0, K0, 7, data[13]); 338 subRound160(B, C, D, E, A, f0, K0, 9, data[14]); 339 subRound160(A, B, C, D, E, f0, K0, 8, data[15]); 340 341 subRound160(AA, BB, CC, DD, EE, f64, KK0, 8, data[5]); 342 subRound160(EE, AA, BB, CC, DD, f64, KK0, 9, data[14]); 343 subRound160(DD, EE, AA, BB, CC, f64, KK0, 9, data[7]); 344 subRound160(CC, DD, EE, AA, BB, f64, KK0, 11, data[0]); 345 subRound160(BB, CC, DD, EE, AA, f64, KK0, 13, data[9]); 346 subRound160(AA, BB, CC, DD, EE, f64, KK0, 15, data[2]); 347 subRound160(EE, AA, BB, CC, DD, f64, KK0, 15, data[11]); 348 subRound160(DD, EE, AA, BB, CC, f64, KK0, 5, data[4]); 349 subRound160(CC, DD, EE, AA, BB, f64, KK0, 7, data[13]); 350 subRound160(BB, CC, DD, EE, AA, f64, KK0, 7, data[6]); 351 subRound160(AA, BB, CC, DD, EE, f64, KK0, 8, data[15]); 352 subRound160(EE, AA, BB, CC, DD, f64, KK0, 11, data[8]); 353 subRound160(DD, EE, AA, BB, CC, f64, KK0, 14, data[1]); 354 subRound160(CC, DD, EE, AA, BB, f64, KK0, 14, data[10]); 355 subRound160(BB, CC, DD, EE, AA, f64, KK0, 12, data[3]); 356 subRound160(AA, BB, CC, DD, EE, f64, KK0, 6, data[12]); 357 358 /* j=16...31 */ 359 subRound160(E, A, B, C, D, f16, K1, 7, data[7]); 360 subRound160(D, E, A, B, C, f16, K1, 6, data[4]); 361 subRound160(C, D, E, A, B, f16, K1, 8, data[13]); 362 subRound160(B, C, D, E, A, f16, K1, 13, data[1]); 363 subRound160(A, B, C, D, E, f16, K1, 11, data[10]); 364 subRound160(E, A, B, C, D, f16, K1, 9, data[6]); 365 subRound160(D, E, A, B, C, f16, K1, 7, data[15]); 366 subRound160(C, D, E, A, B, f16, K1, 15, data[3]); 367 subRound160(B, C, D, E, A, f16, K1, 7, data[12]); 368 subRound160(A, B, C, D, E, f16, K1, 12, data[0]); 369 subRound160(E, A, B, C, D, f16, K1, 15, data[9]); 370 subRound160(D, E, A, B, C, f16, K1, 9, data[5]); 371 subRound160(C, D, E, A, B, f16, K1, 11, data[2]); 372 subRound160(B, C, D, E, A, f16, K1, 7, data[14]); 373 subRound160(A, B, C, D, E, f16, K1, 13, data[11]); 374 subRound160(E, A, B, C, D, f16, K1, 12, data[8]); 375 376 subRound160(EE, AA, BB, CC, DD, f48, KK1, 9, data[6]); 377 subRound160(DD, EE, AA, BB, CC, f48, KK1, 13, data[11]); 378 subRound160(CC, DD, EE, AA, BB, f48, KK1, 15, data[3]); 379 subRound160(BB, CC, DD, EE, AA, f48, KK1, 7, data[7]); 380 subRound160(AA, BB, CC, DD, EE, f48, KK1, 12, data[0]); 381 subRound160(EE, AA, BB, CC, DD, f48, KK1, 8, data[13]); 382 subRound160(DD, EE, AA, BB, CC, f48, KK1, 9, data[5]); 383 subRound160(CC, DD, EE, AA, BB, f48, KK1, 11, data[10]); 384 subRound160(BB, CC, DD, EE, AA, f48, KK1, 7, data[14]); 385 subRound160(AA, BB, CC, DD, EE, f48, KK1, 7, data[15]); 386 subRound160(EE, AA, BB, CC, DD, f48, KK1, 12, data[8]); 387 subRound160(DD, EE, AA, BB, CC, f48, KK1, 7, data[12]); 388 subRound160(CC, DD, EE, AA, BB, f48, KK1, 6, data[4]); 389 subRound160(BB, CC, DD, EE, AA, f48, KK1, 15, data[9]); 390 subRound160(AA, BB, CC, DD, EE, f48, KK1, 13, data[1]); 391 subRound160(EE, AA, BB, CC, DD, f48, KK1, 11, data[2]); 392 393 /* j=32...47 */ 394 subRound160(D, E, A, B, C, f32, K2, 11, data[3]); 395 subRound160(C, D, E, A, B, f32, K2, 13, data[10]); 396 subRound160(B, C, D, E, A, f32, K2, 6, data[14]); 397 subRound160(A, B, C, D, E, f32, K2, 7, data[4]); 398 subRound160(E, A, B, C, D, f32, K2, 14, data[9]); 399 subRound160(D, E, A, B, C, f32, K2, 9, data[15]); 400 subRound160(C, D, E, A, B, f32, K2, 13, data[8]); 401 subRound160(B, C, D, E, A, f32, K2, 15, data[1]); 402 subRound160(A, B, C, D, E, f32, K2, 14, data[2]); 403 subRound160(E, A, B, C, D, f32, K2, 8, data[7]); 404 subRound160(D, E, A, B, C, f32, K2, 13, data[0]); 405 subRound160(C, D, E, A, B, f32, K2, 6, data[6]); 406 subRound160(B, C, D, E, A, f32, K2, 5, data[13]); 407 subRound160(A, B, C, D, E, f32, K2, 12, data[11]); 408 subRound160(E, A, B, C, D, f32, K2, 7, data[5]); 409 subRound160(D, E, A, B, C, f32, K2, 5, data[12]); 410 411 subRound160(DD, EE, AA, BB, CC, f32, KK2, 9, data[15]); 412 subRound160(CC, DD, EE, AA, BB, f32, KK2, 7, data[5]); 413 subRound160(BB, CC, DD, EE, AA, f32, KK2, 15, data[1]); 414 subRound160(AA, BB, CC, DD, EE, f32, KK2, 11, data[3]); 415 subRound160(EE, AA, BB, CC, DD, f32, KK2, 8, data[7]); 416 subRound160(DD, EE, AA, BB, CC, f32, KK2, 6, data[14]); 417 subRound160(CC, DD, EE, AA, BB, f32, KK2, 6, data[6]); 418 subRound160(BB, CC, DD, EE, AA, f32, KK2, 14, data[9]); 419 subRound160(AA, BB, CC, DD, EE, f32, KK2, 12, data[11]); 420 subRound160(EE, AA, BB, CC, DD, f32, KK2, 13, data[8]); 421 subRound160(DD, EE, AA, BB, CC, f32, KK2, 5, data[12]); 422 subRound160(CC, DD, EE, AA, BB, f32, KK2, 14, data[2]); 423 subRound160(BB, CC, DD, EE, AA, f32, KK2, 13, data[10]); 424 subRound160(AA, BB, CC, DD, EE, f32, KK2, 13, data[0]); 425 subRound160(EE, AA, BB, CC, DD, f32, KK2, 7, data[4]); 426 subRound160(DD, EE, AA, BB, CC, f32, KK2, 5, data[13]); 427 428 /* j=48...63 */ 429 subRound160(C, D, E, A, B, f48, K3, 11, data[1]); 430 subRound160(B, C, D, E, A, f48, K3, 12, data[9]); 431 subRound160(A, B, C, D, E, f48, K3, 14, data[11]); 432 subRound160(E, A, B, C, D, f48, K3, 15, data[10]); 433 subRound160(D, E, A, B, C, f48, K3, 14, data[0]); 434 subRound160(C, D, E, A, B, f48, K3, 15, data[8]); 435 subRound160(B, C, D, E, A, f48, K3, 9, data[12]); 436 subRound160(A, B, C, D, E, f48, K3, 8, data[4]); 437 subRound160(E, A, B, C, D, f48, K3, 9, data[13]); 438 subRound160(D, E, A, B, C, f48, K3, 14, data[3]); 439 subRound160(C, D, E, A, B, f48, K3, 5, data[7]); 440 subRound160(B, C, D, E, A, f48, K3, 6, data[15]); 441 subRound160(A, B, C, D, E, f48, K3, 8, data[14]); 442 subRound160(E, A, B, C, D, f48, K3, 6, data[5]); 443 subRound160(D, E, A, B, C, f48, K3, 5, data[6]); 444 subRound160(C, D, E, A, B, f48, K3, 12, data[2]); 445 446 subRound160(CC, DD, EE, AA, BB, f16, KK3, 15, data[8]); 447 subRound160(BB, CC, DD, EE, AA, f16, KK3, 5, data[6]); 448 subRound160(AA, BB, CC, DD, EE, f16, KK3, 8, data[4]); 449 subRound160(EE, AA, BB, CC, DD, f16, KK3, 11, data[1]); 450 subRound160(DD, EE, AA, BB, CC, f16, KK3, 14, data[3]); 451 subRound160(CC, DD, EE, AA, BB, f16, KK3, 14, data[11]); 452 subRound160(BB, CC, DD, EE, AA, f16, KK3, 6, data[15]); 453 subRound160(AA, BB, CC, DD, EE, f16, KK3, 14, data[0]); 454 subRound160(EE, AA, BB, CC, DD, f16, KK3, 6, data[5]); 455 subRound160(DD, EE, AA, BB, CC, f16, KK3, 9, data[12]); 456 subRound160(CC, DD, EE, AA, BB, f16, KK3, 12, data[2]); 457 subRound160(BB, CC, DD, EE, AA, f16, KK3, 9, data[13]); 458 subRound160(AA, BB, CC, DD, EE, f16, KK3, 12, data[9]); 459 subRound160(EE, AA, BB, CC, DD, f16, KK3, 5, data[7]); 460 subRound160(DD, EE, AA, BB, CC, f16, KK3, 15, data[10]); 461 subRound160(CC, DD, EE, AA, BB, f16, KK3, 8, data[14]); 462 463 /* j=64...79 */ 464 subRound160(B, C, D, E, A, f64, K4, 9, data[4]); 465 subRound160(A, B, C, D, E, f64, K4, 15, data[0]); 466 subRound160(E, A, B, C, D, f64, K4, 5, data[5]); 467 subRound160(D, E, A, B, C, f64, K4, 11, data[9]); 468 subRound160(C, D, E, A, B, f64, K4, 6, data[7]); 469 subRound160(B, C, D, E, A, f64, K4, 8, data[12]); 470 subRound160(A, B, C, D, E, f64, K4, 13, data[2]); 471 subRound160(E, A, B, C, D, f64, K4, 12, data[10]); 472 subRound160(D, E, A, B, C, f64, K4, 5, data[14]); 473 subRound160(C, D, E, A, B, f64, K4, 12, data[1]); 474 subRound160(B, C, D, E, A, f64, K4, 13, data[3]); 475 subRound160(A, B, C, D, E, f64, K4, 14, data[8]); 476 subRound160(E, A, B, C, D, f64, K4, 11, data[11]); 477 subRound160(D, E, A, B, C, f64, K4, 8, data[6]); 478 subRound160(C, D, E, A, B, f64, K4, 5, data[15]); 479 subRound160(B, C, D, E, A, f64, K4, 6, data[13]); 480 481 subRound160(BB, CC, DD, EE, AA, f0, KK4, 8, data[12]); 482 subRound160(AA, BB, CC, DD, EE, f0, KK4, 5, data[15]); 483 subRound160(EE, AA, BB, CC, DD, f0, KK4, 12, data[10]); 484 subRound160(DD, EE, AA, BB, CC, f0, KK4, 9, data[4]); 485 subRound160(CC, DD, EE, AA, BB, f0, KK4, 12, data[1]); 486 subRound160(BB, CC, DD, EE, AA, f0, KK4, 5, data[5]); 487 subRound160(AA, BB, CC, DD, EE, f0, KK4, 14, data[8]); 488 subRound160(EE, AA, BB, CC, DD, f0, KK4, 6, data[7]); 489 subRound160(DD, EE, AA, BB, CC, f0, KK4, 8, data[6]); 490 subRound160(CC, DD, EE, AA, BB, f0, KK4, 13, data[2]); 491 subRound160(BB, CC, DD, EE, AA, f0, KK4, 6, data[13]); 492 subRound160(AA, BB, CC, DD, EE, f0, KK4, 5, data[14]); 493 subRound160(EE, AA, BB, CC, DD, f0, KK4, 15, data[0]); 494 subRound160(DD, EE, AA, BB, CC, f0, KK4, 13, data[3]); 495 subRound160(CC, DD, EE, AA, BB, f0, KK4, 11, data[9]); 496 subRound160(BB, CC, DD, EE, AA, f0, KK4, 11, data[11]); 497 498 499 T = ctx->digest[1] + DD + C; 500 ctx->digest[1] = ctx->digest[2] + EE + D; 501 ctx->digest[2] = ctx->digest[3] + AA + E; 502 ctx->digest[3] = ctx->digest[4] + BB + A; 503 ctx->digest[4] = ctx->digest[0] + CC + B; 504 ctx->digest[0] = T; 505 } 506 507 508 static void ripemd256_transform(struct ripemd_ctx *ctx, mutils_word32 * data) 509 { 510 mutils_word32 A, B, C, D; /* Local vars */ 511 mutils_word32 AA, BB, CC, DD; /* Local vars */ 512 mutils_word32 T; 513 514 /* Set up first buffer and local data buffer */ 515 A = ctx->digest[0]; 516 B = ctx->digest[1]; 517 C = ctx->digest[2]; 518 D = ctx->digest[3]; 519 AA = ctx->digest[4]; 520 BB = ctx->digest[5]; 521 CC = ctx->digest[6]; 522 DD = ctx->digest[7]; 523 524 /* j=0...15 */ 525 subRound128(A, B, C, D, f0, K0, 11, data[0]); 526 subRound128(D, A, B, C, f0, K0, 14, data[1]); 527 subRound128(C, D, A, B, f0, K0, 15, data[2]); 528 subRound128(B, C, D, A, f0, K0, 12, data[3]); 529 subRound128(A, B, C, D, f0, K0, 5, data[4]); 530 subRound128(D, A, B, C, f0, K0, 8, data[5]); 531 subRound128(C, D, A, B, f0, K0, 7, data[6]); 532 subRound128(B, C, D, A, f0, K0, 9, data[7]); 533 subRound128(A, B, C, D, f0, K0, 11, data[8]); 534 subRound128(D, A, B, C, f0, K0, 13, data[9]); 535 subRound128(C, D, A, B, f0, K0, 14, data[10]); 536 subRound128(B, C, D, A, f0, K0, 15, data[11]); 537 subRound128(A, B, C, D, f0, K0, 6, data[12]); 538 subRound128(D, A, B, C, f0, K0, 7, data[13]); 539 subRound128(C, D, A, B, f0, K0, 9, data[14]); 540 subRound128(B, C, D, A, f0, K0, 8, data[15]); 541 542 subRound128(AA, BB, CC, DD, f48, KK0, 8, data[5]); 543 subRound128(DD, AA, BB, CC, f48, KK0, 9, data[14]); 544 subRound128(CC, DD, AA, BB, f48, KK0, 9, data[7]); 545 subRound128(BB, CC, DD, AA, f48, KK0, 11, data[0]); 546 subRound128(AA, BB, CC, DD, f48, KK0, 13, data[9]); 547 subRound128(DD, AA, BB, CC, f48, KK0, 15, data[2]); 548 subRound128(CC, DD, AA, BB, f48, KK0, 15, data[11]); 549 subRound128(BB, CC, DD, AA, f48, KK0, 5, data[4]); 550 subRound128(AA, BB, CC, DD, f48, KK0, 7, data[13]); 551 subRound128(DD, AA, BB, CC, f48, KK0, 7, data[6]); 552 subRound128(CC, DD, AA, BB, f48, KK0, 8, data[15]); 553 subRound128(BB, CC, DD, AA, f48, KK0, 11, data[8]); 554 subRound128(AA, BB, CC, DD, f48, KK0, 14, data[1]); 555 subRound128(DD, AA, BB, CC, f48, KK0, 14, data[10]); 556 subRound128(CC, DD, AA, BB, f48, KK0, 12, data[3]); 557 subRound128(BB, CC, DD, AA, f48, KK0, 6, data[12]); 558 559 T = A; A = AA; AA = T; 560 561 /* j=16...31 */ 562 subRound128(A, B, C, D, f16, K1, 7, data[7]); 563 subRound128(D, A, B, C, f16, K1, 6, data[4]); 564 subRound128(C, D, A, B, f16, K1, 8, data[13]); 565 subRound128(B, C, D, A, f16, K1, 13, data[1]); 566 subRound128(A, B, C, D, f16, K1, 11, data[10]); 567 subRound128(D, A, B, C, f16, K1, 9, data[6]); 568 subRound128(C, D, A, B, f16, K1, 7, data[15]); 569 subRound128(B, C, D, A, f16, K1, 15, data[3]); 570 subRound128(A, B, C, D, f16, K1, 7, data[12]); 571 subRound128(D, A, B, C, f16, K1, 12, data[0]); 572 subRound128(C, D, A, B, f16, K1, 15, data[9]); 573 subRound128(B, C, D, A, f16, K1, 9, data[5]); 574 subRound128(A, B, C, D, f16, K1, 11, data[2]); 575 subRound128(D, A, B, C, f16, K1, 7, data[14]); 576 subRound128(C, D, A, B, f16, K1, 13, data[11]); 577 subRound128(B, C, D, A, f16, K1, 12, data[8]); 578 579 subRound128(AA, BB, CC, DD, f32, KK1, 9, data[6]); 580 subRound128(DD, AA, BB, CC, f32, KK1, 13, data[11]); 581 subRound128(CC, DD, AA, BB, f32, KK1, 15, data[3]); 582 subRound128(BB, CC, DD, AA, f32, KK1, 7, data[7]); 583 subRound128(AA, BB, CC, DD, f32, KK1, 12, data[0]); 584 subRound128(DD, AA, BB, CC, f32, KK1, 8, data[13]); 585 subRound128(CC, DD, AA, BB, f32, KK1, 9, data[5]); 586 subRound128(BB, CC, DD, AA, f32, KK1, 11, data[10]); 587 subRound128(AA, BB, CC, DD, f32, KK1, 7, data[14]); 588 subRound128(DD, AA, BB, CC, f32, KK1, 7, data[15]); 589 subRound128(CC, DD, AA, BB, f32, KK1, 12, data[8]); 590 subRound128(BB, CC, DD, AA, f32, KK1, 7, data[12]); 591 subRound128(AA, BB, CC, DD, f32, KK1, 6, data[4]); 592 subRound128(DD, AA, BB, CC, f32, KK1, 15, data[9]); 593 subRound128(CC, DD, AA, BB, f32, KK1, 13, data[1]); 594 subRound128(BB, CC, DD, AA, f32, KK1, 11, data[2]); 595 596 T = B; B = BB; BB = T; 597 598 /* j=32...47 */ 599 subRound128(A, B, C, D, f32, K2, 11, data[3]); 600 subRound128(D, A, B, C, f32, K2, 13, data[10]); 601 subRound128(C, D, A, B, f32, K2, 6, data[14]); 602 subRound128(B, C, D, A, f32, K2, 7, data[4]); 603 subRound128(A, B, C, D, f32, K2, 14, data[9]); 604 subRound128(D, A, B, C, f32, K2, 9, data[15]); 605 subRound128(C, D, A, B, f32, K2, 13, data[8]); 606 subRound128(B, C, D, A, f32, K2, 15, data[1]); 607 subRound128(A, B, C, D, f32, K2, 14, data[2]); 608 subRound128(D, A, B, C, f32, K2, 8, data[7]); 609 subRound128(C, D, A, B, f32, K2, 13, data[0]); 610 subRound128(B, C, D, A, f32, K2, 6, data[6]); 611 subRound128(A, B, C, D, f32, K2, 5, data[13]); 612 subRound128(D, A, B, C, f32, K2, 12, data[11]); 613 subRound128(C, D, A, B, f32, K2, 7, data[5]); 614 subRound128(B, C, D, A, f32, K2, 5, data[12]); 615 616 subRound128(AA, BB, CC, DD, f16, KK2, 9, data[15]); 617 subRound128(DD, AA, BB, CC, f16, KK2, 7, data[5]); 618 subRound128(CC, DD, AA, BB, f16, KK2, 15, data[1]); 619 subRound128(BB, CC, DD, AA, f16, KK2, 11, data[3]); 620 subRound128(AA, BB, CC, DD, f16, KK2, 8, data[7]); 621 subRound128(DD, AA, BB, CC, f16, KK2, 6, data[14]); 622 subRound128(CC, DD, AA, BB, f16, KK2, 6, data[6]); 623 subRound128(BB, CC, DD, AA, f16, KK2, 14, data[9]); 624 subRound128(AA, BB, CC, DD, f16, KK2, 12, data[11]); 625 subRound128(DD, AA, BB, CC, f16, KK2, 13, data[8]); 626 subRound128(CC, DD, AA, BB, f16, KK2, 5, data[12]); 627 subRound128(BB, CC, DD, AA, f16, KK2, 14, data[2]); 628 subRound128(AA, BB, CC, DD, f16, KK2, 13, data[10]); 629 subRound128(DD, AA, BB, CC, f16, KK2, 13, data[0]); 630 subRound128(CC, DD, AA, BB, f16, KK2, 7, data[4]); 631 subRound128(BB, CC, DD, AA, f16, KK2, 5, data[13]); 632 633 T = C; C = CC; CC = T; 634 635 /* j=48...63 */ 636 subRound128(A, B, C, D, f48, K3, 11, data[1]); 637 subRound128(D, A, B, C, f48, K3, 12, data[9]); 638 subRound128(C, D, A, B, f48, K3, 14, data[11]); 639 subRound128(B, C, D, A, f48, K3, 15, data[10]); 640 subRound128(A, B, C, D, f48, K3, 14, data[0]); 641 subRound128(D, A, B, C, f48, K3, 15, data[8]); 642 subRound128(C, D, A, B, f48, K3, 9, data[12]); 643 subRound128(B, C, D, A, f48, K3, 8, data[4]); 644 subRound128(A, B, C, D, f48, K3, 9, data[13]); 645 subRound128(D, A, B, C, f48, K3, 14, data[3]); 646 subRound128(C, D, A, B, f48, K3, 5, data[7]); 647 subRound128(B, C, D, A, f48, K3, 6, data[15]); 648 subRound128(A, B, C, D, f48, K3, 8, data[14]); 649 subRound128(D, A, B, C, f48, K3, 6, data[5]); 650 subRound128(C, D, A, B, f48, K3, 5, data[6]); 651 subRound128(B, C, D, A, f48, K3, 12, data[2]); 652 653 subRound128(AA, BB, CC, DD, f0, KK4, 15, data[8]); 654 subRound128(DD, AA, BB, CC, f0, KK4, 5, data[6]); 655 subRound128(CC, DD, AA, BB, f0, KK4, 8, data[4]); 656 subRound128(BB, CC, DD, AA, f0, KK4, 11, data[1]); 657 subRound128(AA, BB, CC, DD, f0, KK4, 14, data[3]); 658 subRound128(DD, AA, BB, CC, f0, KK4, 14, data[11]); 659 subRound128(CC, DD, AA, BB, f0, KK4, 6, data[15]); 660 subRound128(BB, CC, DD, AA, f0, KK4, 14, data[0]); 661 subRound128(AA, BB, CC, DD, f0, KK4, 6, data[5]); 662 subRound128(DD, AA, BB, CC, f0, KK4, 9, data[12]); 663 subRound128(CC, DD, AA, BB, f0, KK4, 12, data[2]); 664 subRound128(BB, CC, DD, AA, f0, KK4, 9, data[13]); 665 subRound128(AA, BB, CC, DD, f0, KK4, 12, data[9]); 666 subRound128(DD, AA, BB, CC, f0, KK4, 5, data[7]); 667 subRound128(CC, DD, AA, BB, f0, KK4, 15, data[10]); 668 subRound128(BB, CC, DD, AA, f0, KK4, 8, data[14]); 669 670 /* T = D; D = DD; DD = T; */ 671 672 ctx->digest[0] += A; 673 ctx->digest[1] += B; 674 ctx->digest[2] += C; 675 ctx->digest[3] += DD; 676 ctx->digest[4] += AA; 677 ctx->digest[5] += BB; 678 ctx->digest[6] += CC; 679 ctx->digest[7] += D; 680 } 681 682 static void ripemd320_transform(struct ripemd_ctx *ctx, mutils_word32 * data) 683 { 684 mutils_word32 A, B, C, D, E; /* Local vars */ 685 mutils_word32 AA, BB, CC, DD, EE; /* Local vars */ 686 mutils_word32 T; 687 688 /* Set up first buffer and local data buffer */ 689 A = ctx->digest[0]; 690 B = ctx->digest[1]; 691 C = ctx->digest[2]; 692 D = ctx->digest[3]; 693 E = ctx->digest[4]; 694 AA = ctx->digest[5]; 695 BB = ctx->digest[6]; 696 CC = ctx->digest[7]; 697 DD = ctx->digest[8]; 698 EE = ctx->digest[9]; 699 700 /* j=0...15 */ 701 subRound160(A, B, C, D, E, f0, K0, 11, data[0]); 702 subRound160(E, A, B, C, D, f0, K0, 14, data[1]); 703 subRound160(D, E, A, B, C, f0, K0, 15, data[2]); 704 subRound160(C, D, E, A, B, f0, K0, 12, data[3]); 705 subRound160(B, C, D, E, A, f0, K0, 5, data[4]); 706 subRound160(A, B, C, D, E, f0, K0, 8, data[5]); 707 subRound160(E, A, B, C, D, f0, K0, 7, data[6]); 708 subRound160(D, E, A, B, C, f0, K0, 9, data[7]); 709 subRound160(C, D, E, A, B, f0, K0, 11, data[8]); 710 subRound160(B, C, D, E, A, f0, K0, 13, data[9]); 711 subRound160(A, B, C, D, E, f0, K0, 14, data[10]); 712 subRound160(E, A, B, C, D, f0, K0, 15, data[11]); 713 subRound160(D, E, A, B, C, f0, K0, 6, data[12]); 714 subRound160(C, D, E, A, B, f0, K0, 7, data[13]); 715 subRound160(B, C, D, E, A, f0, K0, 9, data[14]); 716 subRound160(A, B, C, D, E, f0, K0, 8, data[15]); 717 718 subRound160(AA, BB, CC, DD, EE, f64, KK0, 8, data[5]); 719 subRound160(EE, AA, BB, CC, DD, f64, KK0, 9, data[14]); 720 subRound160(DD, EE, AA, BB, CC, f64, KK0, 9, data[7]); 721 subRound160(CC, DD, EE, AA, BB, f64, KK0, 11, data[0]); 722 subRound160(BB, CC, DD, EE, AA, f64, KK0, 13, data[9]); 723 subRound160(AA, BB, CC, DD, EE, f64, KK0, 15, data[2]); 724 subRound160(EE, AA, BB, CC, DD, f64, KK0, 15, data[11]); 725 subRound160(DD, EE, AA, BB, CC, f64, KK0, 5, data[4]); 726 subRound160(CC, DD, EE, AA, BB, f64, KK0, 7, data[13]); 727 subRound160(BB, CC, DD, EE, AA, f64, KK0, 7, data[6]); 728 subRound160(AA, BB, CC, DD, EE, f64, KK0, 8, data[15]); 729 subRound160(EE, AA, BB, CC, DD, f64, KK0, 11, data[8]); 730 subRound160(DD, EE, AA, BB, CC, f64, KK0, 14, data[1]); 731 subRound160(CC, DD, EE, AA, BB, f64, KK0, 14, data[10]); 732 subRound160(BB, CC, DD, EE, AA, f64, KK0, 12, data[3]); 733 subRound160(AA, BB, CC, DD, EE, f64, KK0, 6, data[12]); 734 735 T = A; A = AA; AA = T; 736 737 /* j=16...31 */ 738 subRound160(E, A, B, C, D, f16, K1, 7, data[7]); 739 subRound160(D, E, A, B, C, f16, K1, 6, data[4]); 740 subRound160(C, D, E, A, B, f16, K1, 8, data[13]); 741 subRound160(B, C, D, E, A, f16, K1, 13, data[1]); 742 subRound160(A, B, C, D, E, f16, K1, 11, data[10]); 743 subRound160(E, A, B, C, D, f16, K1, 9, data[6]); 744 subRound160(D, E, A, B, C, f16, K1, 7, data[15]); 745 subRound160(C, D, E, A, B, f16, K1, 15, data[3]); 746 subRound160(B, C, D, E, A, f16, K1, 7, data[12]); 747 subRound160(A, B, C, D, E, f16, K1, 12, data[0]); 748 subRound160(E, A, B, C, D, f16, K1, 15, data[9]); 749 subRound160(D, E, A, B, C, f16, K1, 9, data[5]); 750 subRound160(C, D, E, A, B, f16, K1, 11, data[2]); 751 subRound160(B, C, D, E, A, f16, K1, 7, data[14]); 752 subRound160(A, B, C, D, E, f16, K1, 13, data[11]); 753 subRound160(E, A, B, C, D, f16, K1, 12, data[8]); 754 755 subRound160(EE, AA, BB, CC, DD, f48, KK1, 9, data[6]); 756 subRound160(DD, EE, AA, BB, CC, f48, KK1, 13, data[11]); 757 subRound160(CC, DD, EE, AA, BB, f48, KK1, 15, data[3]); 758 subRound160(BB, CC, DD, EE, AA, f48, KK1, 7, data[7]); 759 subRound160(AA, BB, CC, DD, EE, f48, KK1, 12, data[0]); 760 subRound160(EE, AA, BB, CC, DD, f48, KK1, 8, data[13]); 761 subRound160(DD, EE, AA, BB, CC, f48, KK1, 9, data[5]); 762 subRound160(CC, DD, EE, AA, BB, f48, KK1, 11, data[10]); 763 subRound160(BB, CC, DD, EE, AA, f48, KK1, 7, data[14]); 764 subRound160(AA, BB, CC, DD, EE, f48, KK1, 7, data[15]); 765 subRound160(EE, AA, BB, CC, DD, f48, KK1, 12, data[8]); 766 subRound160(DD, EE, AA, BB, CC, f48, KK1, 7, data[12]); 767 subRound160(CC, DD, EE, AA, BB, f48, KK1, 6, data[4]); 768 subRound160(BB, CC, DD, EE, AA, f48, KK1, 15, data[9]); 769 subRound160(AA, BB, CC, DD, EE, f48, KK1, 13, data[1]); 770 subRound160(EE, AA, BB, CC, DD, f48, KK1, 11, data[2]); 771 772 T = B; B = BB; BB = T; 773 774 /* j=32...47 */ 775 subRound160(D, E, A, B, C, f32, K2, 11, data[3]); 776 subRound160(C, D, E, A, B, f32, K2, 13, data[10]); 777 subRound160(B, C, D, E, A, f32, K2, 6, data[14]); 778 subRound160(A, B, C, D, E, f32, K2, 7, data[4]); 779 subRound160(E, A, B, C, D, f32, K2, 14, data[9]); 780 subRound160(D, E, A, B, C, f32, K2, 9, data[15]); 781 subRound160(C, D, E, A, B, f32, K2, 13, data[8]); 782 subRound160(B, C, D, E, A, f32, K2, 15, data[1]); 783 subRound160(A, B, C, D, E, f32, K2, 14, data[2]); 784 subRound160(E, A, B, C, D, f32, K2, 8, data[7]); 785 subRound160(D, E, A, B, C, f32, K2, 13, data[0]); 786 subRound160(C, D, E, A, B, f32, K2, 6, data[6]); 787 subRound160(B, C, D, E, A, f32, K2, 5, data[13]); 788 subRound160(A, B, C, D, E, f32, K2, 12, data[11]); 789 subRound160(E, A, B, C, D, f32, K2, 7, data[5]); 790 subRound160(D, E, A, B, C, f32, K2, 5, data[12]); 791 792 subRound160(DD, EE, AA, BB, CC, f32, KK2, 9, data[15]); 793 subRound160(CC, DD, EE, AA, BB, f32, KK2, 7, data[5]); 794 subRound160(BB, CC, DD, EE, AA, f32, KK2, 15, data[1]); 795 subRound160(AA, BB, CC, DD, EE, f32, KK2, 11, data[3]); 796 subRound160(EE, AA, BB, CC, DD, f32, KK2, 8, data[7]); 797 subRound160(DD, EE, AA, BB, CC, f32, KK2, 6, data[14]); 798 subRound160(CC, DD, EE, AA, BB, f32, KK2, 6, data[6]); 799 subRound160(BB, CC, DD, EE, AA, f32, KK2, 14, data[9]); 800 subRound160(AA, BB, CC, DD, EE, f32, KK2, 12, data[11]); 801 subRound160(EE, AA, BB, CC, DD, f32, KK2, 13, data[8]); 802 subRound160(DD, EE, AA, BB, CC, f32, KK2, 5, data[12]); 803 subRound160(CC, DD, EE, AA, BB, f32, KK2, 14, data[2]); 804 subRound160(BB, CC, DD, EE, AA, f32, KK2, 13, data[10]); 805 subRound160(AA, BB, CC, DD, EE, f32, KK2, 13, data[0]); 806 subRound160(EE, AA, BB, CC, DD, f32, KK2, 7, data[4]); 807 subRound160(DD, EE, AA, BB, CC, f32, KK2, 5, data[13]); 808 809 T = C; C = CC; CC = T; 810 811 /* j=48...63 */ 812 subRound160(C, D, E, A, B, f48, K3, 11, data[1]); 813 subRound160(B, C, D, E, A, f48, K3, 12, data[9]); 814 subRound160(A, B, C, D, E, f48, K3, 14, data[11]); 815 subRound160(E, A, B, C, D, f48, K3, 15, data[10]); 816 subRound160(D, E, A, B, C, f48, K3, 14, data[0]); 817 subRound160(C, D, E, A, B, f48, K3, 15, data[8]); 818 subRound160(B, C, D, E, A, f48, K3, 9, data[12]); 819 subRound160(A, B, C, D, E, f48, K3, 8, data[4]); 820 subRound160(E, A, B, C, D, f48, K3, 9, data[13]); 821 subRound160(D, E, A, B, C, f48, K3, 14, data[3]); 822 subRound160(C, D, E, A, B, f48, K3, 5, data[7]); 823 subRound160(B, C, D, E, A, f48, K3, 6, data[15]); 824 subRound160(A, B, C, D, E, f48, K3, 8, data[14]); 825 subRound160(E, A, B, C, D, f48, K3, 6, data[5]); 826 subRound160(D, E, A, B, C, f48, K3, 5, data[6]); 827 subRound160(C, D, E, A, B, f48, K3, 12, data[2]); 828 829 subRound160(CC, DD, EE, AA, BB, f16, KK3, 15, data[8]); 830 subRound160(BB, CC, DD, EE, AA, f16, KK3, 5, data[6]); 831 subRound160(AA, BB, CC, DD, EE, f16, KK3, 8, data[4]); 832 subRound160(EE, AA, BB, CC, DD, f16, KK3, 11, data[1]); 833 subRound160(DD, EE, AA, BB, CC, f16, KK3, 14, data[3]); 834 subRound160(CC, DD, EE, AA, BB, f16, KK3, 14, data[11]); 835 subRound160(BB, CC, DD, EE, AA, f16, KK3, 6, data[15]); 836 subRound160(AA, BB, CC, DD, EE, f16, KK3, 14, data[0]); 837 subRound160(EE, AA, BB, CC, DD, f16, KK3, 6, data[5]); 838 subRound160(DD, EE, AA, BB, CC, f16, KK3, 9, data[12]); 839 subRound160(CC, DD, EE, AA, BB, f16, KK3, 12, data[2]); 840 subRound160(BB, CC, DD, EE, AA, f16, KK3, 9, data[13]); 841 subRound160(AA, BB, CC, DD, EE, f16, KK3, 12, data[9]); 842 subRound160(EE, AA, BB, CC, DD, f16, KK3, 5, data[7]); 843 subRound160(DD, EE, AA, BB, CC, f16, KK3, 15, data[10]); 844 subRound160(CC, DD, EE, AA, BB, f16, KK3, 8, data[14]); 845 846 T = D; D = DD; DD = T; 847 848 /* j=64...79 */ 849 subRound160(B, C, D, E, A, f64, K4, 9, data[4]); 850 subRound160(A, B, C, D, E, f64, K4, 15, data[0]); 851 subRound160(E, A, B, C, D, f64, K4, 5, data[5]); 852 subRound160(D, E, A, B, C, f64, K4, 11, data[9]); 853 subRound160(C, D, E, A, B, f64, K4, 6, data[7]); 854 subRound160(B, C, D, E, A, f64, K4, 8, data[12]); 855 subRound160(A, B, C, D, E, f64, K4, 13, data[2]); 856 subRound160(E, A, B, C, D, f64, K4, 12, data[10]); 857 subRound160(D, E, A, B, C, f64, K4, 5, data[14]); 858 subRound160(C, D, E, A, B, f64, K4, 12, data[1]); 859 subRound160(B, C, D, E, A, f64, K4, 13, data[3]); 860 subRound160(A, B, C, D, E, f64, K4, 14, data[8]); 861 subRound160(E, A, B, C, D, f64, K4, 11, data[11]); 862 subRound160(D, E, A, B, C, f64, K4, 8, data[6]); 863 subRound160(C, D, E, A, B, f64, K4, 5, data[15]); 864 subRound160(B, C, D, E, A, f64, K4, 6, data[13]); 865 866 subRound160(BB, CC, DD, EE, AA, f0, KK4, 8, data[12]); 867 subRound160(AA, BB, CC, DD, EE, f0, KK4, 5, data[15]); 868 subRound160(EE, AA, BB, CC, DD, f0, KK4, 12, data[10]); 869 subRound160(DD, EE, AA, BB, CC, f0, KK4, 9, data[4]); 870 subRound160(CC, DD, EE, AA, BB, f0, KK4, 12, data[1]); 871 subRound160(BB, CC, DD, EE, AA, f0, KK4, 5, data[5]); 872 subRound160(AA, BB, CC, DD, EE, f0, KK4, 14, data[8]); 873 subRound160(EE, AA, BB, CC, DD, f0, KK4, 6, data[7]); 874 subRound160(DD, EE, AA, BB, CC, f0, KK4, 8, data[6]); 875 subRound160(CC, DD, EE, AA, BB, f0, KK4, 13, data[2]); 876 subRound160(BB, CC, DD, EE, AA, f0, KK4, 6, data[13]); 877 subRound160(AA, BB, CC, DD, EE, f0, KK4, 5, data[14]); 878 subRound160(EE, AA, BB, CC, DD, f0, KK4, 15, data[0]); 879 subRound160(DD, EE, AA, BB, CC, f0, KK4, 13, data[3]); 880 subRound160(CC, DD, EE, AA, BB, f0, KK4, 11, data[9]); 881 subRound160(BB, CC, DD, EE, AA, f0, KK4, 11, data[11]); 882 883 /* T = E; E = EE; EE = T; */ 884 885 ctx->digest[0] += A; 886 ctx->digest[1] += B; 887 ctx->digest[2] += C; 888 ctx->digest[3] += D; 889 ctx->digest[4] += EE; 890 ctx->digest[5] += AA; 891 ctx->digest[6] += BB; 892 ctx->digest[7] += CC; 893 ctx->digest[8] += DD; 894 ctx->digest[9] += E; 895 } 896 897 static void ripemd_transform(struct ripemd_ctx *ctx, mutils_word32 * data) 898 { 899 switch(ctx->digest_len) /* select the right compression function */ 900 { 901 case 8 * RIPEMD128_DIGESTSIZE: 902 ripemd128_transform(ctx, data); break; 903 case 8 * RIPEMD160_DIGESTSIZE: 904 ripemd160_transform(ctx, data); break; 905 case 8 * RIPEMD256_DIGESTSIZE: 906 ripemd256_transform(ctx, data); break; 907 case 8 * RIPEMD320_DIGESTSIZE: 908 ripemd320_transform(ctx, data); break; 909 } 910 } 911 912 #ifndef EXTRACT_UCHAR 913 #define EXTRACT_UCHAR(p) (*(mutils_word8 *)(p)) 914 #endif 915 916 #define STRING2INT(s) ((((((EXTRACT_UCHAR(s+3) << 8) \ 917 | EXTRACT_UCHAR(s+2)) << 8) \ 918 | EXTRACT_UCHAR(s+1)) << 8) \ 919 | EXTRACT_UCHAR(s)) 920 921 static void ripemd_block(struct ripemd_ctx *ctx, mutils_word8 *block) 922 { 923 mutils_word32 data[RIPEMD_DATALEN]; 924 mutils_word32 i; 925 926 /* Update bit count */ 927 ctx->bitcount += RIPEMD_DATASIZE * 8; 928 929 /* Endian independent conversion */ 930 for (i = 0; i < RIPEMD_DATALEN; i++, block += 4) 931 data[i] = STRING2INT(block); 932 933 ripemd_transform(ctx, data); 934 } 935 936 void ripemd_update(struct ripemd_ctx *ctx, mutils_word8 *buffer, mutils_word32 len) 937 { 938 if (ctx->index) { /* Try to fill partial block */ 939 unsigned left = RIPEMD_DATASIZE - ctx->index; 940 if (len < left) { 941 memcpy(ctx->block + ctx->index, buffer, len); 942 ctx->index += len; 943 return; /* Finished */ 944 } else { 945 memcpy(ctx->block + ctx->index, buffer, left); 946 ripemd_block(ctx, ctx->block); 947 buffer += left; 948 len -= left; 949 } 950 } 951 while (len >= RIPEMD_DATASIZE) { 952 ripemd_block(ctx, buffer); 953 buffer += RIPEMD_DATASIZE; 954 len -= RIPEMD_DATASIZE; 955 } 956 if ((ctx->index = len)) 957 /* This assignment is intended */ 958 /* Buffer leftovers */ 959 memcpy(ctx->block, buffer, len); 960 } 961 962 /* Final wrapup - pad to RIPEMD_DATASIZE-byte boundary with the bit pattern 963 1 0* (64-bit count of bits processed, LSB-first) */ 964 965 void ripemd_final(struct ripemd_ctx *ctx) 966 { 967 mutils_word32 data[RIPEMD_DATALEN]; 968 mutils_word32 i; 969 mutils_word32 words; 970 971 i = ctx->index; 972 /* Set the first char of padding to 0x80. This is safe since there is 973 always at least one byte free */ 974 ctx->block[i++] = 0x80; 975 976 /* Fill rest of word */ 977 for (; i & 3; i++) 978 ctx->block[i] = 0; 979 980 /* i is now a multiple of the word size 4 */ 981 words = i >> 2; 982 for (i = 0; i < words; i++) 983 data[i] = STRING2INT(ctx->block + 4 * i); 984 985 if (words > (RIPEMD_DATALEN - 2)) { /* No room for length in this block. 986 * Process it and pad with another one */ 987 for (i = words; i < RIPEMD_DATALEN; i++) 988 data[i] = 0; 989 ripemd_transform(ctx, data); 990 for (i = 0; i < (RIPEMD_DATALEN - 2); i++) 991 data[i] = 0; 992 } else 993 for (i = words; i < RIPEMD_DATALEN - 2; i++) 994 data[i] = 0; 995 996 /* add length padding */ 997 ctx->bitcount += 8 * ctx->index; 998 data[RIPEMD_DATALEN - 2] = 999 ctx->bitcount & ((1LL << 32) - 1); 1000 data[RIPEMD_DATALEN - 1] = 1001 ctx->bitcount >> 32; 1002 1003 ripemd_transform(ctx, data); 1004 } 1005 1006 void ripemd_digest(struct ripemd_ctx *ctx, mutils_word8 * s) 1007 { 1008 mutils_word32 i; 1009 1010 if (s!=NULL) 1011 for (i = 0; i < ctx->digest_len / 32; i++) { 1012 *s++ = 0xff & ctx->digest[i]; 1013 *s++ = 0xff & (ctx->digest[i] >> 8); 1014 *s++ = 0xff & (ctx->digest[i] >> 16); 1015 *s++ = 0xff & (ctx->digest[i] >> 24); 1016 } 1017 } 1018 1019 1020 int 1021 main( int argc, 1022 char *argv[] ) 1023 { 1024 struct ripemd_ctx ctx; 1025 uint8_t buffer[1024]; 1026 uint8_t digest[RIPEMD160_DIGESTSIZE]; 1027 int n, i; 1028 1029 ripemd160_init( &ctx ); 1030 while ( !feof( stdin ) ) { 1031 n = fread( buffer, 1, sizeof( buffer ), stdin ); 1032 if ( n > 0 ) 1033 ripemd_update( &ctx, buffer, n ); 1034 if ( n < sizeof( buffer ) && ferror( stdin ) ) { 1035 fprintf( stderr, "error reading stdin: errno=%i\n", errno ); 1036 return 1; 1037 } 1038 } 1039 ripemd_final( &ctx ); 1040 ripemd_digest( &ctx, digest ); 1041 1042 for ( i = 0; i < sizeof( digest ); i++ ) 1043 fputc( digest[i], stdout ); 1044 1045 fflush( stdout ); 1046 return 0; 1047 }