ripemd128.c
Go to the documentation of this file.
1 /**
2  * @file ripemd128.c
3  * @brief RIPEMD-128 hash function
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2019 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCrypto Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 1.9.6
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
33 
34 //Dependencies
35 #include "core/crypto.h"
36 #include "hash/ripemd128.h"
37 
38 //Check crypto library configuration
39 #if (RIPEMD128_SUPPORT == ENABLED)
40 
41 //RIPEMD-128 auxiliary functions
42 #define F(x, y, z) ((x) ^ (y) ^ (z))
43 #define G(x, y, z) (((x) & (y)) | (~(x) & (z)))
44 #define H(x, y, z) (((x) | ~(y)) ^ (z))
45 #define I(x, y, z) (((x) & (z)) | ((y) & ~(z)))
46 
47 #define FF(a, b, c, d, x, s) a += F(b, c, d) + (x), a = ROL32(a, s)
48 #define GG(a, b, c, d, x, s) a += G(b, c, d) + (x) + 0x5A827999, a = ROL32(a, s)
49 #define HH(a, b, c, d, x, s) a += H(b, c, d) + (x) + 0x6ED9EBA1, a = ROL32(a, s)
50 #define II(a, b, c, d, x, s) a += I(b, c, d) + (x) + 0x8F1BBCDC, a = ROL32(a, s)
51 
52 #define FFF(a, b, c, d, x, s) a += F(b, c, d) + (x), a = ROL32(a, s)
53 #define GGG(a, b, c, d, x, s) a += G(b, c, d) + (x) + 0x6D703EF3, a = ROL32(a, s)
54 #define HHH(a, b, c, d, x, s) a += H(b, c, d) + (x) + 0x5C4DD124, a = ROL32(a, s)
55 #define III(a, b, c, d, x, s) a += I(b, c, d) + (x) + 0x50A28BE6, a = ROL32(a, s)
56 
57 //RIPEMD-128 padding
58 static const uint8_t padding[64] =
59 {
60  0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
61  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
62  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
63  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
64 };
65 
66 //RIPEMD-128 object identifier (1.3.36.3.2.2)
67 const uint8_t ripemd128Oid[5] = {0x2B, 0x24, 0x03, 0x02, 0x02};
68 
69 //Common interface for hash algorithms
71 {
72  "RIPEMD-128",
74  sizeof(ripemd128Oid),
75  sizeof(Ripemd128Context),
79  FALSE,
84  NULL
85 };
86 
87 
88 /**
89  * @brief Digest a message using RIPEMD-128
90  * @param[in] data Pointer to the message being hashed
91  * @param[in] length Length of the message
92  * @param[out] digest Pointer to the calculated digest
93  * @return Error code
94  **/
95 
96 error_t ripemd128Compute(const void *data, size_t length, uint8_t *digest)
97 {
98  //Allocate a memory buffer to hold the RIPEMD-128 context
100  //Failed to allocate memory?
101  if(context == NULL)
102  return ERROR_OUT_OF_MEMORY;
103 
104  //Initialize the RIPEMD-128 context
105  ripemd128Init(context);
106  //Digest the message
107  ripemd128Update(context, data, length);
108  //Finalize the RIPEMD-128 message digest
109  ripemd128Final(context, digest);
110 
111  //Free previously allocated memory
112  cryptoFreeMem(context);
113  //Successful processing
114  return NO_ERROR;
115 }
116 
117 
118 /**
119  * @brief Initialize RIPEMD-128 message digest context
120  * @param[in] context Pointer to the RIPEMD-128 context to initialize
121  **/
122 
124 {
125  //Set initial hash value
126  context->h[0] = 0x67452301;
127  context->h[1] = 0xEFCDAB89;
128  context->h[2] = 0x98BADCFE;
129  context->h[3] = 0x10325476;
130 
131  //Number of bytes in the buffer
132  context->size = 0;
133  //Total length of the message
134  context->totalSize = 0;
135 }
136 
137 
138 /**
139  * @brief Update the RIPEMD-128 context with a portion of the message being hashed
140  * @param[in] context Pointer to the RIPEMD-128 context
141  * @param[in] data Pointer to the buffer being hashed
142  * @param[in] length Length of the buffer
143  **/
144 
145 void ripemd128Update(Ripemd128Context *context, const void *data, size_t length)
146 {
147  size_t n;
148 
149  //Process the incoming data
150  while(length > 0)
151  {
152  //The buffer can hold at most 64 bytes
153  n = MIN(length, 64 - context->size);
154 
155  //Copy the data to the buffer
156  cryptoMemcpy(context->buffer + context->size, data, n);
157 
158  //Update the RIPEMD-128 context
159  context->size += n;
160  context->totalSize += n;
161  //Advance the data pointer
162  data = (uint8_t *) data + n;
163  //Remaining bytes to process
164  length -= n;
165 
166  //Process message in 16-word blocks
167  if(context->size == 64)
168  {
169  //Transform the 16-word block
170  ripemd128ProcessBlock(context);
171  //Empty the buffer
172  context->size = 0;
173  }
174  }
175 }
176 
177 
178 /**
179  * @brief Finish the RIPEMD-128 message digest
180  * @param[in] context Pointer to the RIPEMD-128 context
181  * @param[out] digest Calculated digest (optional parameter)
182  **/
183 
184 void ripemd128Final(Ripemd128Context *context, uint8_t *digest)
185 {
186  uint_t i;
187  size_t paddingSize;
188  uint64_t totalSize;
189 
190  //Length of the original message (before padding)
191  totalSize = context->totalSize * 8;
192 
193  //Pad the message so that its length is congruent to 56 modulo 64
194  if(context->size < 56)
195  paddingSize = 56 - context->size;
196  else
197  paddingSize = 64 + 56 - context->size;
198 
199  //Append padding
200  ripemd128Update(context, padding, paddingSize);
201 
202  //Append the length of the original message
203  context->x[14] = htole32((uint32_t) totalSize);
204  context->x[15] = htole32((uint32_t) (totalSize >> 32));
205 
206  //Calculate the message digest
207  ripemd128ProcessBlock(context);
208 
209  //Convert from host byte order to little-endian byte order
210  for(i = 0; i < 4; i++)
211  {
212  context->h[i] = htole32(context->h[i]);
213  }
214 
215  //Copy the resulting digest
216  if(digest != NULL)
217  cryptoMemcpy(digest, context->digest, RIPEMD128_DIGEST_SIZE);
218 }
219 
220 
221 /**
222  * @brief Process message in 16-word blocks
223  * @param[in] context Pointer to the RIPEMD-128 context
224  **/
225 
227 {
228  uint_t i;
229 
230  //Initialize the working registers
231  uint32_t aa= context->h[0];
232  uint32_t bb = context->h[1];
233  uint32_t cc = context->h[2];
234  uint32_t dd = context->h[3];
235  uint32_t aaa = context->h[0];
236  uint32_t bbb = context->h[1];
237  uint32_t ccc = context->h[2];
238  uint32_t ddd = context->h[3];
239 
240  //Process message in 16-word blocks
241  uint32_t *x = context->x;
242 
243  //Convert from little-endian byte order to host byte order
244  for(i = 0; i < 16; i++)
245  {
246  x[i] = letoh32(x[i]);
247  }
248 
249  //Round 1
250  FF(aa, bb, cc, dd, x[0], 11);
251  FF(dd, aa, bb, cc, x[1], 14);
252  FF(cc, dd, aa, bb, x[2], 15);
253  FF(bb, cc, dd, aa, x[3], 12);
254  FF(aa, bb, cc, dd, x[4], 5);
255  FF(dd, aa, bb, cc, x[5], 8);
256  FF(cc, dd, aa, bb, x[6], 7);
257  FF(bb, cc, dd, aa, x[7], 9);
258  FF(aa, bb, cc, dd, x[8], 11);
259  FF(dd, aa, bb, cc, x[9], 13);
260  FF(cc, dd, aa, bb, x[10], 14);
261  FF(bb, cc, dd, aa, x[11], 15);
262  FF(aa, bb, cc, dd, x[12], 6);
263  FF(dd, aa, bb, cc, x[13], 7);
264  FF(cc, dd, aa, bb, x[14], 9);
265  FF(bb, cc, dd, aa, x[15], 8);
266 
267  //Round 2
268  GG(aa, bb, cc, dd, x[7], 7);
269  GG(dd, aa, bb, cc, x[4], 6);
270  GG(cc, dd, aa, bb, x[13], 8);
271  GG(bb, cc, dd, aa, x[1], 13);
272  GG(aa, bb, cc, dd, x[10], 11);
273  GG(dd, aa, bb, cc, x[6], 9);
274  GG(cc, dd, aa, bb, x[15], 7);
275  GG(bb, cc, dd, aa, x[3], 15);
276  GG(aa, bb, cc, dd, x[12], 7);
277  GG(dd, aa, bb, cc, x[0], 12);
278  GG(cc, dd, aa, bb, x[9], 15);
279  GG(bb, cc, dd, aa, x[5], 9);
280  GG(aa, bb, cc, dd, x[2], 11);
281  GG(dd, aa, bb, cc, x[14], 7);
282  GG(cc, dd, aa, bb, x[11], 13);
283  GG(bb, cc, dd, aa, x[8], 12);
284 
285  //Round 3
286  HH(aa, bb, cc, dd, x[3], 11);
287  HH(dd, aa, bb, cc, x[10], 13);
288  HH(cc, dd, aa, bb, x[14], 6);
289  HH(bb, cc, dd, aa, x[4], 7);
290  HH(aa, bb, cc, dd, x[9], 14);
291  HH(dd, aa, bb, cc, x[15], 9);
292  HH(cc, dd, aa, bb, x[8], 13);
293  HH(bb, cc, dd, aa, x[1], 15);
294  HH(aa, bb, cc, dd, x[2], 14);
295  HH(dd, aa, bb, cc, x[7], 8);
296  HH(cc, dd, aa, bb, x[0], 13);
297  HH(bb, cc, dd, aa, x[6], 6);
298  HH(aa, bb, cc, dd, x[13], 5);
299  HH(dd, aa, bb, cc, x[11], 12);
300  HH(cc, dd, aa, bb, x[5], 7);
301  HH(bb, cc, dd, aa, x[12], 5);
302 
303  //Round 4
304  II(aa, bb, cc, dd, x[1], 11);
305  II(dd, aa, bb, cc, x[9], 12);
306  II(cc, dd, aa, bb, x[11], 14);
307  II(bb, cc, dd, aa, x[10], 15);
308  II(aa, bb, cc, dd, x[0], 14);
309  II(dd, aa, bb, cc, x[8], 15);
310  II(cc, dd, aa, bb, x[12], 9);
311  II(bb, cc, dd, aa, x[4], 8);
312  II(aa, bb, cc, dd, x[13], 9);
313  II(dd, aa, bb, cc, x[3], 14);
314  II(cc, dd, aa, bb, x[7], 5);
315  II(bb, cc, dd, aa, x[15], 6);
316  II(aa, bb, cc, dd, x[14], 8);
317  II(dd, aa, bb, cc, x[5], 6);
318  II(cc, dd, aa, bb, x[6], 5);
319  II(bb, cc, dd, aa, x[2], 12);
320 
321  //Parallel round 1
322  III(aaa, bbb, ccc, ddd, x[5], 8);
323  III(ddd, aaa, bbb, ccc, x[14], 9);
324  III(ccc, ddd, aaa, bbb, x[7], 9);
325  III(bbb, ccc, ddd, aaa, x[0], 11);
326  III(aaa, bbb, ccc, ddd, x[9], 13);
327  III(ddd, aaa, bbb, ccc, x[2], 15);
328  III(ccc, ddd, aaa, bbb, x[11], 15);
329  III(bbb, ccc, ddd, aaa, x[4], 5);
330  III(aaa, bbb, ccc, ddd, x[13], 7);
331  III(ddd, aaa, bbb, ccc, x[6], 7);
332  III(ccc, ddd, aaa, bbb, x[15], 8);
333  III(bbb, ccc, ddd, aaa, x[8], 11);
334  III(aaa, bbb, ccc, ddd, x[1], 14);
335  III(ddd, aaa, bbb, ccc, x[10], 14);
336  III(ccc, ddd, aaa, bbb, x[3], 12);
337  III(bbb, ccc, ddd, aaa, x[12], 6);
338 
339  //Parallel round 2
340  HHH(aaa, bbb, ccc, ddd, x[6], 9);
341  HHH(ddd, aaa, bbb, ccc, x[11], 13);
342  HHH(ccc, ddd, aaa, bbb, x[3], 15);
343  HHH(bbb, ccc, ddd, aaa, x[7], 7);
344  HHH(aaa, bbb, ccc, ddd, x[0], 12);
345  HHH(ddd, aaa, bbb, ccc, x[13], 8);
346  HHH(ccc, ddd, aaa, bbb, x[5], 9);
347  HHH(bbb, ccc, ddd, aaa, x[10], 11);
348  HHH(aaa, bbb, ccc, ddd, x[14], 7);
349  HHH(ddd, aaa, bbb, ccc, x[15], 7);
350  HHH(ccc, ddd, aaa, bbb, x[8], 12);
351  HHH(bbb, ccc, ddd, aaa, x[12], 7);
352  HHH(aaa, bbb, ccc, ddd, x[4], 6);
353  HHH(ddd, aaa, bbb, ccc, x[9], 15);
354  HHH(ccc, ddd, aaa, bbb, x[1], 13);
355  HHH(bbb, ccc, ddd, aaa, x[2], 11);
356 
357  //Parallel round 3
358  GGG(aaa, bbb, ccc, ddd, x[15], 9);
359  GGG(ddd, aaa, bbb, ccc, x[5], 7);
360  GGG(ccc, ddd, aaa, bbb, x[1], 15);
361  GGG(bbb, ccc, ddd, aaa, x[3], 11);
362  GGG(aaa, bbb, ccc, ddd, x[7], 8);
363  GGG(ddd, aaa, bbb, ccc, x[14], 6);
364  GGG(ccc, ddd, aaa, bbb, x[6], 6);
365  GGG(bbb, ccc, ddd, aaa, x[9], 14);
366  GGG(aaa, bbb, ccc, ddd, x[11], 12);
367  GGG(ddd, aaa, bbb, ccc, x[8], 13);
368  GGG(ccc, ddd, aaa, bbb, x[12], 5);
369  GGG(bbb, ccc, ddd, aaa, x[2], 14);
370  GGG(aaa, bbb, ccc, ddd, x[10], 13);
371  GGG(ddd, aaa, bbb, ccc, x[0], 13);
372  GGG(ccc, ddd, aaa, bbb, x[4], 7);
373  GGG(bbb, ccc, ddd, aaa, x[13], 5);
374 
375  //Parallel round 4
376  FFF(aaa, bbb, ccc, ddd, x[8], 15);
377  FFF(ddd, aaa, bbb, ccc, x[6], 5);
378  FFF(ccc, ddd, aaa, bbb, x[4], 8);
379  FFF(bbb, ccc, ddd, aaa, x[1], 11);
380  FFF(aaa, bbb, ccc, ddd, x[3], 14);
381  FFF(ddd, aaa, bbb, ccc, x[11], 14);
382  FFF(ccc, ddd, aaa, bbb, x[15], 6);
383  FFF(bbb, ccc, ddd, aaa, x[0], 14);
384  FFF(aaa, bbb, ccc, ddd, x[5], 6);
385  FFF(ddd, aaa, bbb, ccc, x[12], 9);
386  FFF(ccc, ddd, aaa, bbb, x[2], 12);
387  FFF(bbb, ccc, ddd, aaa, x[13], 9);
388  FFF(aaa, bbb, ccc, ddd, x[9], 12);
389  FFF(ddd, aaa, bbb, ccc, x[7], 5);
390  FFF(ccc, ddd, aaa, bbb, x[10], 15);
391  FFF(bbb, ccc, ddd, aaa, x[14], 8);
392 
393  //Combine results
394  ddd = context->h[1] + cc + ddd;
395  context->h[1] = context->h[2] + dd + aaa;
396  context->h[2] = context->h[3] + aa + bbb;
397  context->h[3] = context->h[0] + bb + ccc;
398  context->h[0] = ddd;
399 }
400 
401 #endif
uint8_t length
Definition: dtls_misc.h:149
void(* HashAlgoInit)(void *context)
Definition: crypto.h:1094
RIPEMD-128 hash function.
uint32_t x[16]
Definition: ripemd128.h:67
uint8_t digest[16]
Definition: ripemd128.h:63
#define III(a, b, c, d, x, s)
Definition: ripemd128.c:55
void ripemd128ProcessBlock(Ripemd128Context *context)
Process message in 16-word blocks.
Definition: ripemd128.c:226
#define II(a, b, c, d, x, s)
Definition: ripemd128.c:50
uint8_t aa
Definition: dns_common.h:171
#define RIPEMD128_DIGEST_SIZE
Definition: ripemd128.h:40
@ ERROR_OUT_OF_MEMORY
Definition: error.h:63
#define HH(a, b, c, d, x, s)
Definition: ripemd128.c:49
void ripemd128Final(Ripemd128Context *context, uint8_t *digest)
Finish the RIPEMD-128 message digest.
Definition: ripemd128.c:184
#define HHH(a, b, c, d, x, s)
Definition: ripemd128.c:54
#define FFF(a, b, c, d, x, s)
Definition: ripemd128.c:52
void(* HashAlgoUpdate)(void *context, const void *data, size_t length)
Definition: crypto.h:1095
const HashAlgo ripemd128HashAlgo
Definition: ripemd128.c:70
#define GGG(a, b, c, d, x, s)
Definition: ripemd128.c:53
#define letoh32(value)
Definition: cpu_endian.h:414
const uint8_t ripemd128Oid[5]
Definition: ripemd128.c:67
#define FALSE
Definition: os_port.h:46
error_t
Error codes.
Definition: error.h:42
#define htole32(value)
Definition: cpu_endian.h:406
uint8_t buffer[64]
Definition: ripemd128.h:68
#define FF(a, b, c, d, x, s)
Definition: ripemd128.c:47
void ripemd128Init(Ripemd128Context *context)
Initialize RIPEMD-128 message digest context.
Definition: ripemd128.c:123
General definitions for cryptographic algorithms.
#define RIPEMD128_BLOCK_SIZE
Definition: ripemd128.h:38
#define MIN(a, b)
Definition: os_port.h:62
void(* HashAlgoFinal)(void *context, uint8_t *digest)
Definition: crypto.h:1096
uint64_t totalSize
Definition: ripemd128.h:71
uint8_t n
#define cryptoMemcpy(dest, src, length)
Definition: crypto.h:642
#define cryptoFreeMem(p)
Definition: crypto.h:630
#define GG(a, b, c, d, x, s)
Definition: ripemd128.c:48
uint32_t totalSize
error_t ripemd128Compute(const void *data, size_t length, uint8_t *digest)
Digest a message using RIPEMD-128.
Definition: ripemd128.c:96
#define cryptoAllocMem(size)
Definition: crypto.h:625
uint32_t h[4]
Definition: ripemd128.h:62
RIPEMD-128 algorithm context.
Definition: ripemd128.h:58
Common interface for hash algorithms.
Definition: crypto.h:1128
#define RIPEMD128_MIN_PAD_SIZE
Definition: ripemd128.h:42
unsigned int uint_t
Definition: compiler_port.h:45
uint8_t data[]
Definition: dtls_misc.h:176
error_t(* HashAlgoCompute)(const void *data, size_t length, uint8_t *digest)
Definition: crypto.h:1093
void ripemd128Update(Ripemd128Context *context, const void *data, size_t length)
Update the RIPEMD-128 context with a portion of the message being hashed.
Definition: ripemd128.c:145
@ NO_ERROR
Success.
Definition: error.h:44