ripemd128.c
Go to the documentation of this file.
1 /**
2  * @file ripemd128.c
3  * @brief RIPEMD-128 hash function
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.4.0
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
33 
34 //Dependencies
35 #include "core/crypto.h"
36 #include "hash/ripemd128.h"
37 
38 //Check crypto library configuration
39 #if (RIPEMD128_SUPPORT == ENABLED)
40 
41 //RIPEMD-128 auxiliary functions
42 #define F(x, y, z) ((x) ^ (y) ^ (z))
43 #define G(x, y, z) (((x) & (y)) | (~(x) & (z)))
44 #define H(x, y, z) (((x) | ~(y)) ^ (z))
45 #define I(x, y, z) (((x) & (z)) | ((y) & ~(z)))
46 
47 #define FF(a, b, c, d, x, s) a += F(b, c, d) + (x), a = ROL32(a, s)
48 #define GG(a, b, c, d, x, s) a += G(b, c, d) + (x) + 0x5A827999, a = ROL32(a, s)
49 #define HH(a, b, c, d, x, s) a += H(b, c, d) + (x) + 0x6ED9EBA1, a = ROL32(a, s)
50 #define II(a, b, c, d, x, s) a += I(b, c, d) + (x) + 0x8F1BBCDC, a = ROL32(a, s)
51 
52 #define FFF(a, b, c, d, x, s) a += F(b, c, d) + (x), a = ROL32(a, s)
53 #define GGG(a, b, c, d, x, s) a += G(b, c, d) + (x) + 0x6D703EF3, a = ROL32(a, s)
54 #define HHH(a, b, c, d, x, s) a += H(b, c, d) + (x) + 0x5C4DD124, a = ROL32(a, s)
55 #define III(a, b, c, d, x, s) a += I(b, c, d) + (x) + 0x50A28BE6, a = ROL32(a, s)
56 
57 //RIPEMD-128 padding
58 static const uint8_t padding[64] =
59 {
60  0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
61  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
62  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
63  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
64 };
65 
66 //RIPEMD-128 object identifier (1.3.36.3.2.2)
67 const uint8_t RIPEMD128_OID[5] = {0x2B, 0x24, 0x03, 0x02, 0x02};
68 
69 //Common interface for hash algorithms
70 const HashAlgo ripemd128HashAlgo =
71 {
72  "RIPEMD-128",
73  RIPEMD128_OID,
74  sizeof(RIPEMD128_OID),
75  sizeof(Ripemd128Context),
76  RIPEMD128_BLOCK_SIZE,
77  RIPEMD128_DIGEST_SIZE,
78  RIPEMD128_MIN_PAD_SIZE,
79  FALSE,
80  (HashAlgoCompute) ripemd128Compute,
81  (HashAlgoInit) ripemd128Init,
82  (HashAlgoUpdate) ripemd128Update,
83  (HashAlgoFinal) ripemd128Final,
84  NULL
85 };
86 
87 
88 /**
89  * @brief Digest a message using RIPEMD-128
90  * @param[in] data Pointer to the message being hashed
91  * @param[in] length Length of the message
92  * @param[out] digest Pointer to the calculated digest
93  * @return Error code
94  **/
95 
96 error_t ripemd128Compute(const void *data, size_t length, uint8_t *digest)
97 {
98 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
99  Ripemd128Context *context;
100 #else
101  Ripemd128Context context[1];
102 #endif
103 
104  //Check parameters
105  if(data == NULL && length != 0)
106  return ERROR_INVALID_PARAMETER;
107 
108  if(digest == NULL)
109  return ERROR_INVALID_PARAMETER;
110 
111 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
112  //Allocate a memory buffer to hold the RIPEMD-128 context
113  context = cryptoAllocMem(sizeof(Ripemd128Context));
114  //Failed to allocate memory?
115  if(context == NULL)
116  return ERROR_OUT_OF_MEMORY;
117 #endif
118 
119  //Initialize the RIPEMD-128 context
120  ripemd128Init(context);
121  //Digest the message
122  ripemd128Update(context, data, length);
123  //Finalize the RIPEMD-128 message digest
124  ripemd128Final(context, digest);
125 
126 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
127  //Free previously allocated memory
128  cryptoFreeMem(context);
129 #endif
130 
131  //Successful operation
132  return NO_ERROR;
133 }
134 
135 
136 /**
137  * @brief Initialize RIPEMD-128 message digest context
138  * @param[in] context Pointer to the RIPEMD-128 context to initialize
139  **/
140 
141 void ripemd128Init(Ripemd128Context *context)
142 {
143  //Set initial hash value
144  context->h[0] = 0x67452301;
145  context->h[1] = 0xEFCDAB89;
146  context->h[2] = 0x98BADCFE;
147  context->h[3] = 0x10325476;
148 
149  //Number of bytes in the buffer
150  context->size = 0;
151  //Total length of the message
152  context->totalSize = 0;
153 }
154 
155 
156 /**
157  * @brief Update the RIPEMD-128 context with a portion of the message being hashed
158  * @param[in] context Pointer to the RIPEMD-128 context
159  * @param[in] data Pointer to the buffer being hashed
160  * @param[in] length Length of the buffer
161  **/
162 
163 void ripemd128Update(Ripemd128Context *context, const void *data, size_t length)
164 {
165  size_t n;
166 
167  //Process the incoming data
168  while(length > 0)
169  {
170  //The buffer can hold at most 64 bytes
171  n = MIN(length, 64 - context->size);
172 
173  //Copy the data to the buffer
174  osMemcpy(context->buffer + context->size, data, n);
175 
176  //Update the RIPEMD-128 context
177  context->size += n;
178  context->totalSize += n;
179  //Advance the data pointer
180  data = (uint8_t *) data + n;
181  //Remaining bytes to process
182  length -= n;
183 
184  //Process message in 16-word blocks
185  if(context->size == 64)
186  {
187  //Transform the 16-word block
188  ripemd128ProcessBlock(context);
189  //Empty the buffer
190  context->size = 0;
191  }
192  }
193 }
194 
195 
196 /**
197  * @brief Finish the RIPEMD-128 message digest
198  * @param[in] context Pointer to the RIPEMD-128 context
199  * @param[out] digest Calculated digest (optional parameter)
200  **/
201 
202 void ripemd128Final(Ripemd128Context *context, uint8_t *digest)
203 {
204  uint_t i;
205  size_t paddingSize;
206  uint64_t totalSize;
207 
208  //Length of the original message (before padding)
209  totalSize = context->totalSize * 8;
210 
211  //Pad the message so that its length is congruent to 56 modulo 64
212  if(context->size < 56)
213  {
214  paddingSize = 56 - context->size;
215  }
216  else
217  {
218  paddingSize = 64 + 56 - context->size;
219  }
220 
221  //Append padding
222  ripemd128Update(context, padding, paddingSize);
223 
224  //Append the length of the original message
225  context->x[14] = htole32((uint32_t) totalSize);
226  context->x[15] = htole32((uint32_t) (totalSize >> 32));
227 
228  //Calculate the message digest
229  ripemd128ProcessBlock(context);
230 
231  //Convert from host byte order to little-endian byte order
232  for(i = 0; i < 4; i++)
233  {
234  context->h[i] = htole32(context->h[i]);
235  }
236 
237  //Copy the resulting digest
238  if(digest != NULL)
239  {
240  osMemcpy(digest, context->digest, RIPEMD128_DIGEST_SIZE);
241  }
242 }
243 
244 
245 /**
246  * @brief Process message in 16-word blocks
247  * @param[in] context Pointer to the RIPEMD-128 context
248  **/
249 
250 void ripemd128ProcessBlock(Ripemd128Context *context)
251 {
252  uint_t i;
253 
254  //Initialize the working registers
255  uint32_t aa= context->h[0];
256  uint32_t bb = context->h[1];
257  uint32_t cc = context->h[2];
258  uint32_t dd = context->h[3];
259  uint32_t aaa = context->h[0];
260  uint32_t bbb = context->h[1];
261  uint32_t ccc = context->h[2];
262  uint32_t ddd = context->h[3];
263 
264  //Process message in 16-word blocks
265  uint32_t *x = context->x;
266 
267  //Convert from little-endian byte order to host byte order
268  for(i = 0; i < 16; i++)
269  {
270  x[i] = letoh32(x[i]);
271  }
272 
273  //Round 1
274  FF(aa, bb, cc, dd, x[0], 11);
275  FF(dd, aa, bb, cc, x[1], 14);
276  FF(cc, dd, aa, bb, x[2], 15);
277  FF(bb, cc, dd, aa, x[3], 12);
278  FF(aa, bb, cc, dd, x[4], 5);
279  FF(dd, aa, bb, cc, x[5], 8);
280  FF(cc, dd, aa, bb, x[6], 7);
281  FF(bb, cc, dd, aa, x[7], 9);
282  FF(aa, bb, cc, dd, x[8], 11);
283  FF(dd, aa, bb, cc, x[9], 13);
284  FF(cc, dd, aa, bb, x[10], 14);
285  FF(bb, cc, dd, aa, x[11], 15);
286  FF(aa, bb, cc, dd, x[12], 6);
287  FF(dd, aa, bb, cc, x[13], 7);
288  FF(cc, dd, aa, bb, x[14], 9);
289  FF(bb, cc, dd, aa, x[15], 8);
290 
291  //Round 2
292  GG(aa, bb, cc, dd, x[7], 7);
293  GG(dd, aa, bb, cc, x[4], 6);
294  GG(cc, dd, aa, bb, x[13], 8);
295  GG(bb, cc, dd, aa, x[1], 13);
296  GG(aa, bb, cc, dd, x[10], 11);
297  GG(dd, aa, bb, cc, x[6], 9);
298  GG(cc, dd, aa, bb, x[15], 7);
299  GG(bb, cc, dd, aa, x[3], 15);
300  GG(aa, bb, cc, dd, x[12], 7);
301  GG(dd, aa, bb, cc, x[0], 12);
302  GG(cc, dd, aa, bb, x[9], 15);
303  GG(bb, cc, dd, aa, x[5], 9);
304  GG(aa, bb, cc, dd, x[2], 11);
305  GG(dd, aa, bb, cc, x[14], 7);
306  GG(cc, dd, aa, bb, x[11], 13);
307  GG(bb, cc, dd, aa, x[8], 12);
308 
309  //Round 3
310  HH(aa, bb, cc, dd, x[3], 11);
311  HH(dd, aa, bb, cc, x[10], 13);
312  HH(cc, dd, aa, bb, x[14], 6);
313  HH(bb, cc, dd, aa, x[4], 7);
314  HH(aa, bb, cc, dd, x[9], 14);
315  HH(dd, aa, bb, cc, x[15], 9);
316  HH(cc, dd, aa, bb, x[8], 13);
317  HH(bb, cc, dd, aa, x[1], 15);
318  HH(aa, bb, cc, dd, x[2], 14);
319  HH(dd, aa, bb, cc, x[7], 8);
320  HH(cc, dd, aa, bb, x[0], 13);
321  HH(bb, cc, dd, aa, x[6], 6);
322  HH(aa, bb, cc, dd, x[13], 5);
323  HH(dd, aa, bb, cc, x[11], 12);
324  HH(cc, dd, aa, bb, x[5], 7);
325  HH(bb, cc, dd, aa, x[12], 5);
326 
327  //Round 4
328  II(aa, bb, cc, dd, x[1], 11);
329  II(dd, aa, bb, cc, x[9], 12);
330  II(cc, dd, aa, bb, x[11], 14);
331  II(bb, cc, dd, aa, x[10], 15);
332  II(aa, bb, cc, dd, x[0], 14);
333  II(dd, aa, bb, cc, x[8], 15);
334  II(cc, dd, aa, bb, x[12], 9);
335  II(bb, cc, dd, aa, x[4], 8);
336  II(aa, bb, cc, dd, x[13], 9);
337  II(dd, aa, bb, cc, x[3], 14);
338  II(cc, dd, aa, bb, x[7], 5);
339  II(bb, cc, dd, aa, x[15], 6);
340  II(aa, bb, cc, dd, x[14], 8);
341  II(dd, aa, bb, cc, x[5], 6);
342  II(cc, dd, aa, bb, x[6], 5);
343  II(bb, cc, dd, aa, x[2], 12);
344 
345  //Parallel round 1
346  III(aaa, bbb, ccc, ddd, x[5], 8);
347  III(ddd, aaa, bbb, ccc, x[14], 9);
348  III(ccc, ddd, aaa, bbb, x[7], 9);
349  III(bbb, ccc, ddd, aaa, x[0], 11);
350  III(aaa, bbb, ccc, ddd, x[9], 13);
351  III(ddd, aaa, bbb, ccc, x[2], 15);
352  III(ccc, ddd, aaa, bbb, x[11], 15);
353  III(bbb, ccc, ddd, aaa, x[4], 5);
354  III(aaa, bbb, ccc, ddd, x[13], 7);
355  III(ddd, aaa, bbb, ccc, x[6], 7);
356  III(ccc, ddd, aaa, bbb, x[15], 8);
357  III(bbb, ccc, ddd, aaa, x[8], 11);
358  III(aaa, bbb, ccc, ddd, x[1], 14);
359  III(ddd, aaa, bbb, ccc, x[10], 14);
360  III(ccc, ddd, aaa, bbb, x[3], 12);
361  III(bbb, ccc, ddd, aaa, x[12], 6);
362 
363  //Parallel round 2
364  HHH(aaa, bbb, ccc, ddd, x[6], 9);
365  HHH(ddd, aaa, bbb, ccc, x[11], 13);
366  HHH(ccc, ddd, aaa, bbb, x[3], 15);
367  HHH(bbb, ccc, ddd, aaa, x[7], 7);
368  HHH(aaa, bbb, ccc, ddd, x[0], 12);
369  HHH(ddd, aaa, bbb, ccc, x[13], 8);
370  HHH(ccc, ddd, aaa, bbb, x[5], 9);
371  HHH(bbb, ccc, ddd, aaa, x[10], 11);
372  HHH(aaa, bbb, ccc, ddd, x[14], 7);
373  HHH(ddd, aaa, bbb, ccc, x[15], 7);
374  HHH(ccc, ddd, aaa, bbb, x[8], 12);
375  HHH(bbb, ccc, ddd, aaa, x[12], 7);
376  HHH(aaa, bbb, ccc, ddd, x[4], 6);
377  HHH(ddd, aaa, bbb, ccc, x[9], 15);
378  HHH(ccc, ddd, aaa, bbb, x[1], 13);
379  HHH(bbb, ccc, ddd, aaa, x[2], 11);
380 
381  //Parallel round 3
382  GGG(aaa, bbb, ccc, ddd, x[15], 9);
383  GGG(ddd, aaa, bbb, ccc, x[5], 7);
384  GGG(ccc, ddd, aaa, bbb, x[1], 15);
385  GGG(bbb, ccc, ddd, aaa, x[3], 11);
386  GGG(aaa, bbb, ccc, ddd, x[7], 8);
387  GGG(ddd, aaa, bbb, ccc, x[14], 6);
388  GGG(ccc, ddd, aaa, bbb, x[6], 6);
389  GGG(bbb, ccc, ddd, aaa, x[9], 14);
390  GGG(aaa, bbb, ccc, ddd, x[11], 12);
391  GGG(ddd, aaa, bbb, ccc, x[8], 13);
392  GGG(ccc, ddd, aaa, bbb, x[12], 5);
393  GGG(bbb, ccc, ddd, aaa, x[2], 14);
394  GGG(aaa, bbb, ccc, ddd, x[10], 13);
395  GGG(ddd, aaa, bbb, ccc, x[0], 13);
396  GGG(ccc, ddd, aaa, bbb, x[4], 7);
397  GGG(bbb, ccc, ddd, aaa, x[13], 5);
398 
399  //Parallel round 4
400  FFF(aaa, bbb, ccc, ddd, x[8], 15);
401  FFF(ddd, aaa, bbb, ccc, x[6], 5);
402  FFF(ccc, ddd, aaa, bbb, x[4], 8);
403  FFF(bbb, ccc, ddd, aaa, x[1], 11);
404  FFF(aaa, bbb, ccc, ddd, x[3], 14);
405  FFF(ddd, aaa, bbb, ccc, x[11], 14);
406  FFF(ccc, ddd, aaa, bbb, x[15], 6);
407  FFF(bbb, ccc, ddd, aaa, x[0], 14);
408  FFF(aaa, bbb, ccc, ddd, x[5], 6);
409  FFF(ddd, aaa, bbb, ccc, x[12], 9);
410  FFF(ccc, ddd, aaa, bbb, x[2], 12);
411  FFF(bbb, ccc, ddd, aaa, x[13], 9);
412  FFF(aaa, bbb, ccc, ddd, x[9], 12);
413  FFF(ddd, aaa, bbb, ccc, x[7], 5);
414  FFF(ccc, ddd, aaa, bbb, x[10], 15);
415  FFF(bbb, ccc, ddd, aaa, x[14], 8);
416 
417  //Combine results
418  ddd = context->h[1] + cc + ddd;
419  context->h[1] = context->h[2] + dd + aaa;
420  context->h[2] = context->h[3] + aa + bbb;
421  context->h[3] = context->h[0] + bb + ccc;
422  context->h[0] = ddd;
423 }
424 
425 #endif
uint_t
unsigned int uint_t
Definition: compiler_port.h:50
htole32
#define htole32(value)
Definition: cpu_endian.h:430
letoh32
#define letoh32(value)
Definition: cpu_endian.h:438
crypto.h
General definitions for cryptographic algorithms.
HashAlgoCompute
error_t(* HashAlgoCompute)(const void *data, size_t length, uint8_t *digest)
Definition: crypto.h:956
HashAlgoFinal
void(* HashAlgoFinal)(void *context, uint8_t *digest)
Definition: crypto.h:963
HashAlgoUpdate
void(* HashAlgoUpdate)(void *context, const void *data, size_t length)
Definition: crypto.h:961
cryptoAllocMem
#define cryptoAllocMem(size)
Definition: crypto.h:765
cryptoFreeMem
#define cryptoFreeMem(p)
Definition: crypto.h:770
HashAlgoInit
void(* HashAlgoInit)(void *context)
Definition: crypto.h:959
n
uint8_t n
Definition: dhcpv6_common.h:416
aa
uint8_t aa
Definition: dns_common.h:187
error_t
error_t
Error codes.
Definition: error.h:43
NO_ERROR
@ NO_ERROR
Success.
Definition: error.h:44
ERROR_OUT_OF_MEMORY
@ ERROR_OUT_OF_MEMORY
Definition: error.h:63
ERROR_INVALID_PARAMETER
@ ERROR_INVALID_PARAMETER
Invalid parameter.
Definition: error.h:47
data
uint8_t data[]
Definition: ethernet.h:222
x
uint8_t x
Definition: lldp_ext_med.h:211
osMemcpy
#define osMemcpy(dest, src, length)
Definition: os_port.h:141
MIN
#define MIN(a, b)
Definition: os_port.h:63
FALSE
#define FALSE
Definition: os_port.h:46
GGG
#define GGG(a, b, c, d, x, s)
Definition: ripemd128.c:53
ripemd128Update
void ripemd128Update(Ripemd128Context *context, const void *data, size_t length)
Update the RIPEMD-128 context with a portion of the message being hashed.
Definition: ripemd128.c:163
ripemd128Init
void ripemd128Init(Ripemd128Context *context)
Initialize RIPEMD-128 message digest context.
Definition: ripemd128.c:141
HHH
#define HHH(a, b, c, d, x, s)
Definition: ripemd128.c:54
HH
#define HH(a, b, c, d, x, s)
Definition: ripemd128.c:49
FFF
#define FFF(a, b, c, d, x, s)
Definition: ripemd128.c:52
GG
#define GG(a, b, c, d, x, s)
Definition: ripemd128.c:48
ripemd128HashAlgo
const HashAlgo ripemd128HashAlgo
Definition: ripemd128.c:70
III
#define III(a, b, c, d, x, s)
Definition: ripemd128.c:55
RIPEMD128_OID
const uint8_t RIPEMD128_OID[5]
Definition: ripemd128.c:67
ripemd128ProcessBlock
void ripemd128ProcessBlock(Ripemd128Context *context)
Process message in 16-word blocks.
Definition: ripemd128.c:250
FF
#define FF(a, b, c, d, x, s)
Definition: ripemd128.c:47
ripemd128Compute
error_t ripemd128Compute(const void *data, size_t length, uint8_t *digest)
Digest a message using RIPEMD-128.
Definition: ripemd128.c:96
II
#define II(a, b, c, d, x, s)
Definition: ripemd128.c:50
ripemd128Final
void ripemd128Final(Ripemd128Context *context, uint8_t *digest)
Finish the RIPEMD-128 message digest.
Definition: ripemd128.c:202
ripemd128.h
RIPEMD-128 hash function.
RIPEMD128_BLOCK_SIZE
#define RIPEMD128_BLOCK_SIZE
Definition: ripemd128.h:38
RIPEMD128_MIN_PAD_SIZE
#define RIPEMD128_MIN_PAD_SIZE
Definition: ripemd128.h:42
RIPEMD128_DIGEST_SIZE
#define RIPEMD128_DIGEST_SIZE
Definition: ripemd128.h:40
HashAlgo
Common interface for hash algorithms.
Definition: crypto.h:1014
Ripemd128Context
RIPEMD-128 algorithm context.
Definition: ripemd128.h:57
Ripemd128Context::h
uint32_t h[4]
Definition: ripemd128.h:60
Ripemd128Context::totalSize
uint64_t totalSize
Definition: ripemd128.h:69
Ripemd128Context::digest
uint8_t digest[16]
Definition: ripemd128.h:61
Ripemd128Context::buffer
uint8_t buffer[64]
Definition: ripemd128.h:66
Ripemd128Context::x
uint32_t x[16]
Definition: ripemd128.h:65
length
uint8_t length
Definition: tcp.h:368