ripemd128.c
Go to the documentation of this file.
1 /**
2  * @file ripemd128.c
3  * @brief RIPEMD-128 hash function
4  *
5  * @section License
6  *
7  * Copyright (C) 2010-2018 Oryx Embedded SARL. All rights reserved.
8  *
9  * This file is part of CycloneCrypto Open.
10  *
11  * This program is free software; you can redistribute it and/or
12  * modify it under the terms of the GNU General Public License
13  * as published by the Free Software Foundation; either version 2
14  * of the License, or (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License
22  * along with this program; if not, write to the Free Software Foundation,
23  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
24  *
25  * @author Oryx Embedded SARL (www.oryx-embedded.com)
26  * @version 1.9.0
27  **/
28 
29 //Switch to the appropriate trace level
30 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
31 
32 //Dependencies
33 #include "core/crypto.h"
34 #include "hash/ripemd128.h"
35 
36 //Check crypto library configuration
37 #if (RIPEMD128_SUPPORT == ENABLED)
38 
39 //RIPEMD-128 auxiliary functions
40 #define F(x, y, z) ((x) ^ (y) ^ (z))
41 #define G(x, y, z) (((x) & (y)) | (~(x) & (z)))
42 #define H(x, y, z) (((x) | ~(y)) ^ (z))
43 #define I(x, y, z) (((x) & (z)) | ((y) & ~(z)))
44 
45 #define FF(a, b, c, d, x, s) a += F(b, c, d) + (x), a = ROL32(a, s)
46 #define GG(a, b, c, d, x, s) a += G(b, c, d) + (x) + 0x5A827999, a = ROL32(a, s)
47 #define HH(a, b, c, d, x, s) a += H(b, c, d) + (x) + 0x6ED9EBA1, a = ROL32(a, s)
48 #define II(a, b, c, d, x, s) a += I(b, c, d) + (x) + 0x8F1BBCDC, a = ROL32(a, s)
49 
50 #define FFF(a, b, c, d, x, s) a += F(b, c, d) + (x), a = ROL32(a, s)
51 #define GGG(a, b, c, d, x, s) a += G(b, c, d) + (x) + 0x6D703EF3, a = ROL32(a, s)
52 #define HHH(a, b, c, d, x, s) a += H(b, c, d) + (x) + 0x5C4DD124, a = ROL32(a, s)
53 #define III(a, b, c, d, x, s) a += I(b, c, d) + (x) + 0x50A28BE6, a = ROL32(a, s)
54 
55 //RIPEMD-128 padding
56 static const uint8_t padding[64] =
57 {
58  0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
59  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
60  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
61  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
62 };
63 
64 //RIPEMD-128 object identifier (1.3.36.3.2.2)
65 const uint8_t ripemd128Oid[5] = {0x2B, 0x24, 0x03, 0x02, 0x02};
66 
67 //Common interface for hash algorithms
69 {
70  "RIPEMD-128",
72  sizeof(ripemd128Oid),
73  sizeof(Ripemd128Context),
80 };
81 
82 
83 /**
84  * @brief Digest a message using RIPEMD-128
85  * @param[in] data Pointer to the message being hashed
86  * @param[in] length Length of the message
87  * @param[out] digest Pointer to the calculated digest
88  * @return Error code
89  **/
90 
91 error_t ripemd128Compute(const void *data, size_t length, uint8_t *digest)
92 {
93  //Allocate a memory buffer to hold the RIPEMD-128 context
95  //Failed to allocate memory?
96  if(context == NULL)
97  return ERROR_OUT_OF_MEMORY;
98 
99  //Initialize the RIPEMD-128 context
100  ripemd128Init(context);
101  //Digest the message
102  ripemd128Update(context, data, length);
103  //Finalize the RIPEMD-128 message digest
104  ripemd128Final(context, digest);
105 
106  //Free previously allocated memory
107  cryptoFreeMem(context);
108  //Successful processing
109  return NO_ERROR;
110 }
111 
112 
113 /**
114  * @brief Initialize RIPEMD-128 message digest context
115  * @param[in] context Pointer to the RIPEMD-128 context to initialize
116  **/
117 
119 {
120  //Set initial hash value
121  context->h[0] = 0x67452301;
122  context->h[1] = 0xEFCDAB89;
123  context->h[2] = 0x98BADCFE;
124  context->h[3] = 0x10325476;
125 
126  //Number of bytes in the buffer
127  context->size = 0;
128  //Total length of the message
129  context->totalSize = 0;
130 }
131 
132 
133 /**
134  * @brief Update the RIPEMD-128 context with a portion of the message being hashed
135  * @param[in] context Pointer to the RIPEMD-128 context
136  * @param[in] data Pointer to the buffer being hashed
137  * @param[in] length Length of the buffer
138  **/
139 
140 void ripemd128Update(Ripemd128Context *context, const void *data, size_t length)
141 {
142  size_t n;
143 
144  //Process the incoming data
145  while(length > 0)
146  {
147  //The buffer can hold at most 64 bytes
148  n = MIN(length, 64 - context->size);
149 
150  //Copy the data to the buffer
151  cryptoMemcpy(context->buffer + context->size, data, n);
152 
153  //Update the RIPEMD-128 context
154  context->size += n;
155  context->totalSize += n;
156  //Advance the data pointer
157  data = (uint8_t *) data + n;
158  //Remaining bytes to process
159  length -= n;
160 
161  //Process message in 16-word blocks
162  if(context->size == 64)
163  {
164  //Transform the 16-word block
165  ripemd128ProcessBlock(context);
166  //Empty the buffer
167  context->size = 0;
168  }
169  }
170 }
171 
172 
173 /**
174  * @brief Finish the RIPEMD-128 message digest
175  * @param[in] context Pointer to the RIPEMD-128 context
176  * @param[out] digest Calculated digest (optional parameter)
177  **/
178 
179 void ripemd128Final(Ripemd128Context *context, uint8_t *digest)
180 {
181  uint_t i;
182  size_t paddingSize;
183  uint64_t totalSize;
184 
185  //Length of the original message (before padding)
186  totalSize = context->totalSize * 8;
187 
188  //Pad the message so that its length is congruent to 56 modulo 64
189  if(context->size < 56)
190  paddingSize = 56 - context->size;
191  else
192  paddingSize = 64 + 56 - context->size;
193 
194  //Append padding
195  ripemd128Update(context, padding, paddingSize);
196 
197  //Append the length of the original message
198  context->x[14] = htole32((uint32_t) totalSize);
199  context->x[15] = htole32((uint32_t) (totalSize >> 32));
200 
201  //Calculate the message digest
202  ripemd128ProcessBlock(context);
203 
204  //Convert from host byte order to little-endian byte order
205  for(i = 0; i < 4; i++)
206  context->h[i] = htole32(context->h[i]);
207 
208  //Copy the resulting digest
209  if(digest != NULL)
210  cryptoMemcpy(digest, context->digest, RIPEMD128_DIGEST_SIZE);
211 }
212 
213 
214 /**
215  * @brief Process message in 16-word blocks
216  * @param[in] context Pointer to the RIPEMD-128 context
217  **/
218 
220 {
221  uint_t i;
222 
223  //Initialize the working registers
224  uint32_t aa= context->h[0];
225  uint32_t bb = context->h[1];
226  uint32_t cc = context->h[2];
227  uint32_t dd = context->h[3];
228  uint32_t aaa = context->h[0];
229  uint32_t bbb = context->h[1];
230  uint32_t ccc = context->h[2];
231  uint32_t ddd = context->h[3];
232 
233  //Process message in 16-word blocks
234  uint32_t *x = context->x;
235 
236  //Convert from little-endian byte order to host byte order
237  for(i = 0; i < 16; i++)
238  x[i] = letoh32(x[i]);
239 
240  //Round 1
241  FF(aa, bb, cc, dd, x[0], 11);
242  FF(dd, aa, bb, cc, x[1], 14);
243  FF(cc, dd, aa, bb, x[2], 15);
244  FF(bb, cc, dd, aa, x[3], 12);
245  FF(aa, bb, cc, dd, x[4], 5);
246  FF(dd, aa, bb, cc, x[5], 8);
247  FF(cc, dd, aa, bb, x[6], 7);
248  FF(bb, cc, dd, aa, x[7], 9);
249  FF(aa, bb, cc, dd, x[8], 11);
250  FF(dd, aa, bb, cc, x[9], 13);
251  FF(cc, dd, aa, bb, x[10], 14);
252  FF(bb, cc, dd, aa, x[11], 15);
253  FF(aa, bb, cc, dd, x[12], 6);
254  FF(dd, aa, bb, cc, x[13], 7);
255  FF(cc, dd, aa, bb, x[14], 9);
256  FF(bb, cc, dd, aa, x[15], 8);
257 
258  //Round 2
259  GG(aa, bb, cc, dd, x[7], 7);
260  GG(dd, aa, bb, cc, x[4], 6);
261  GG(cc, dd, aa, bb, x[13], 8);
262  GG(bb, cc, dd, aa, x[1], 13);
263  GG(aa, bb, cc, dd, x[10], 11);
264  GG(dd, aa, bb, cc, x[6], 9);
265  GG(cc, dd, aa, bb, x[15], 7);
266  GG(bb, cc, dd, aa, x[3], 15);
267  GG(aa, bb, cc, dd, x[12], 7);
268  GG(dd, aa, bb, cc, x[0], 12);
269  GG(cc, dd, aa, bb, x[9], 15);
270  GG(bb, cc, dd, aa, x[5], 9);
271  GG(aa, bb, cc, dd, x[2], 11);
272  GG(dd, aa, bb, cc, x[14], 7);
273  GG(cc, dd, aa, bb, x[11], 13);
274  GG(bb, cc, dd, aa, x[8], 12);
275 
276  //Round 3
277  HH(aa, bb, cc, dd, x[3], 11);
278  HH(dd, aa, bb, cc, x[10], 13);
279  HH(cc, dd, aa, bb, x[14], 6);
280  HH(bb, cc, dd, aa, x[4], 7);
281  HH(aa, bb, cc, dd, x[9], 14);
282  HH(dd, aa, bb, cc, x[15], 9);
283  HH(cc, dd, aa, bb, x[8], 13);
284  HH(bb, cc, dd, aa, x[1], 15);
285  HH(aa, bb, cc, dd, x[2], 14);
286  HH(dd, aa, bb, cc, x[7], 8);
287  HH(cc, dd, aa, bb, x[0], 13);
288  HH(bb, cc, dd, aa, x[6], 6);
289  HH(aa, bb, cc, dd, x[13], 5);
290  HH(dd, aa, bb, cc, x[11], 12);
291  HH(cc, dd, aa, bb, x[5], 7);
292  HH(bb, cc, dd, aa, x[12], 5);
293 
294  //Round 4
295  II(aa, bb, cc, dd, x[1], 11);
296  II(dd, aa, bb, cc, x[9], 12);
297  II(cc, dd, aa, bb, x[11], 14);
298  II(bb, cc, dd, aa, x[10], 15);
299  II(aa, bb, cc, dd, x[0], 14);
300  II(dd, aa, bb, cc, x[8], 15);
301  II(cc, dd, aa, bb, x[12], 9);
302  II(bb, cc, dd, aa, x[4], 8);
303  II(aa, bb, cc, dd, x[13], 9);
304  II(dd, aa, bb, cc, x[3], 14);
305  II(cc, dd, aa, bb, x[7], 5);
306  II(bb, cc, dd, aa, x[15], 6);
307  II(aa, bb, cc, dd, x[14], 8);
308  II(dd, aa, bb, cc, x[5], 6);
309  II(cc, dd, aa, bb, x[6], 5);
310  II(bb, cc, dd, aa, x[2], 12);
311 
312  //Parallel round 1
313  III(aaa, bbb, ccc, ddd, x[5], 8);
314  III(ddd, aaa, bbb, ccc, x[14], 9);
315  III(ccc, ddd, aaa, bbb, x[7], 9);
316  III(bbb, ccc, ddd, aaa, x[0], 11);
317  III(aaa, bbb, ccc, ddd, x[9], 13);
318  III(ddd, aaa, bbb, ccc, x[2], 15);
319  III(ccc, ddd, aaa, bbb, x[11], 15);
320  III(bbb, ccc, ddd, aaa, x[4], 5);
321  III(aaa, bbb, ccc, ddd, x[13], 7);
322  III(ddd, aaa, bbb, ccc, x[6], 7);
323  III(ccc, ddd, aaa, bbb, x[15], 8);
324  III(bbb, ccc, ddd, aaa, x[8], 11);
325  III(aaa, bbb, ccc, ddd, x[1], 14);
326  III(ddd, aaa, bbb, ccc, x[10], 14);
327  III(ccc, ddd, aaa, bbb, x[3], 12);
328  III(bbb, ccc, ddd, aaa, x[12], 6);
329 
330  //Parallel round 2
331  HHH(aaa, bbb, ccc, ddd, x[6], 9);
332  HHH(ddd, aaa, bbb, ccc, x[11], 13);
333  HHH(ccc, ddd, aaa, bbb, x[3], 15);
334  HHH(bbb, ccc, ddd, aaa, x[7], 7);
335  HHH(aaa, bbb, ccc, ddd, x[0], 12);
336  HHH(ddd, aaa, bbb, ccc, x[13], 8);
337  HHH(ccc, ddd, aaa, bbb, x[5], 9);
338  HHH(bbb, ccc, ddd, aaa, x[10], 11);
339  HHH(aaa, bbb, ccc, ddd, x[14], 7);
340  HHH(ddd, aaa, bbb, ccc, x[15], 7);
341  HHH(ccc, ddd, aaa, bbb, x[8], 12);
342  HHH(bbb, ccc, ddd, aaa, x[12], 7);
343  HHH(aaa, bbb, ccc, ddd, x[4], 6);
344  HHH(ddd, aaa, bbb, ccc, x[9], 15);
345  HHH(ccc, ddd, aaa, bbb, x[1], 13);
346  HHH(bbb, ccc, ddd, aaa, x[2], 11);
347 
348  //Parallel round 3
349  GGG(aaa, bbb, ccc, ddd, x[15], 9);
350  GGG(ddd, aaa, bbb, ccc, x[5], 7);
351  GGG(ccc, ddd, aaa, bbb, x[1], 15);
352  GGG(bbb, ccc, ddd, aaa, x[3], 11);
353  GGG(aaa, bbb, ccc, ddd, x[7], 8);
354  GGG(ddd, aaa, bbb, ccc, x[14], 6);
355  GGG(ccc, ddd, aaa, bbb, x[6], 6);
356  GGG(bbb, ccc, ddd, aaa, x[9], 14);
357  GGG(aaa, bbb, ccc, ddd, x[11], 12);
358  GGG(ddd, aaa, bbb, ccc, x[8], 13);
359  GGG(ccc, ddd, aaa, bbb, x[12], 5);
360  GGG(bbb, ccc, ddd, aaa, x[2], 14);
361  GGG(aaa, bbb, ccc, ddd, x[10], 13);
362  GGG(ddd, aaa, bbb, ccc, x[0], 13);
363  GGG(ccc, ddd, aaa, bbb, x[4], 7);
364  GGG(bbb, ccc, ddd, aaa, x[13], 5);
365 
366  //Parallel round 4
367  FFF(aaa, bbb, ccc, ddd, x[8], 15);
368  FFF(ddd, aaa, bbb, ccc, x[6], 5);
369  FFF(ccc, ddd, aaa, bbb, x[4], 8);
370  FFF(bbb, ccc, ddd, aaa, x[1], 11);
371  FFF(aaa, bbb, ccc, ddd, x[3], 14);
372  FFF(ddd, aaa, bbb, ccc, x[11], 14);
373  FFF(ccc, ddd, aaa, bbb, x[15], 6);
374  FFF(bbb, ccc, ddd, aaa, x[0], 14);
375  FFF(aaa, bbb, ccc, ddd, x[5], 6);
376  FFF(ddd, aaa, bbb, ccc, x[12], 9);
377  FFF(ccc, ddd, aaa, bbb, x[2], 12);
378  FFF(bbb, ccc, ddd, aaa, x[13], 9);
379  FFF(aaa, bbb, ccc, ddd, x[9], 12);
380  FFF(ddd, aaa, bbb, ccc, x[7], 5);
381  FFF(ccc, ddd, aaa, bbb, x[10], 15);
382  FFF(bbb, ccc, ddd, aaa, x[14], 8);
383 
384  //Combine results
385  ddd = context->h[1] + cc + ddd;
386  context->h[1] = context->h[2] + dd + aaa;
387  context->h[2] = context->h[3] + aa + bbb;
388  context->h[3] = context->h[0] + bb + ccc;
389  context->h[0] = ddd;
390 }
391 
392 #endif
const uint8_t ripemd128Oid[5]
Definition: ripemd128.c:65
error_t ripemd128Compute(const void *data, size_t length, uint8_t *digest)
Digest a message using RIPEMD-128.
Definition: ripemd128.c:91
#define cryptoMemcpy(dest, src, length)
Definition: crypto.h:590
#define cryptoFreeMem(p)
Definition: crypto.h:578
uint32_t h[4]
Definition: ripemd128.h:58
error_t(* HashAlgoCompute)(const void *data, size_t length, uint8_t *digest)
Definition: crypto.h:1020
#define cryptoAllocMem(size)
Definition: crypto.h:573
General definitions for cryptographic algorithms.
uint32_t totalSize
#define RIPEMD128_DIGEST_SIZE
Definition: ripemd128.h:38
uint8_t digest[16]
Definition: ripemd128.h:59
uint32_t x[16]
Definition: ripemd128.h:63
#define GGG(a, b, c, d, x, s)
Definition: ripemd128.c:51
void(* HashAlgoInit)(void *context)
Definition: crypto.h:1021
void ripemd128ProcessBlock(Ripemd128Context *context)
Process message in 16-word blocks.
Definition: ripemd128.c:219
#define GG(a, b, c, d, x, s)
Definition: ripemd128.c:46
#define htole32(value)
Definition: cpu_endian.h:404
void ripemd128Final(Ripemd128Context *context, uint8_t *digest)
Finish the RIPEMD-128 message digest.
Definition: ripemd128.c:179
#define MIN(a, b)
Definition: os_port.h:60
#define HHH(a, b, c, d, x, s)
Definition: ripemd128.c:52
#define FFF(a, b, c, d, x, s)
Definition: ripemd128.c:50
void ripemd128Update(Ripemd128Context *context, const void *data, size_t length)
Update the RIPEMD-128 context with a portion of the message being hashed.
Definition: ripemd128.c:140
#define III(a, b, c, d, x, s)
Definition: ripemd128.c:53
void(* HashAlgoUpdate)(void *context, const void *data, size_t length)
Definition: crypto.h:1022
Success.
Definition: error.h:42
#define II(a, b, c, d, x, s)
Definition: ripemd128.c:48
error_t
Error codes.
Definition: error.h:40
unsigned int uint_t
Definition: compiler_port.h:43
uint8_t data[]
Definition: dtls_misc.h:167
#define HH(a, b, c, d, x, s)
Definition: ripemd128.c:47
#define FF(a, b, c, d, x, s)
Definition: ripemd128.c:45
uint16_t aa
Definition: dns_common.h:169
RIPEMD-128 hash function.
#define letoh32(value)
Definition: cpu_endian.h:412
RIPEMD-128 algorithm context.
Definition: ripemd128.h:54
uint8_t buffer[64]
Definition: ripemd128.h:64
Common interface for hash algorithms.
Definition: crypto.h:1054
uint8_t length
Definition: dtls_misc.h:140
uint8_t n
#define RIPEMD128_BLOCK_SIZE
Definition: ripemd128.h:36
void ripemd128Init(Ripemd128Context *context)
Initialize RIPEMD-128 message digest context.
Definition: ripemd128.c:118
uint64_t totalSize
Definition: ripemd128.h:67
void(* HashAlgoFinal)(void *context, uint8_t *digest)
Definition: crypto.h:1023
const HashAlgo ripemd128HashAlgo
Definition: ripemd128.c:68