1 /********************************************************************\
3 * CONTENTS: A sample C-implementation of the RIPEMD-160 hash-function.
4 * TARGET: any computer with an ANSI C compiler
5 * AUTHOR: Antoon Bosselaers, Dept. Electrical Eng.-ESAT/COSIC
6 * DATE: 1 March 1996 VERSION: 1.0
7 **********************************************************************
8 * Copyright (c) Katholieke Universiteit Leuven 1996, All Rights Reserved
9 * The Katholieke Universiteit Leuven makes no representations concerning
10 * either the merchantability of this software or the suitability of this
11 * software for any particular purpose. It is provided "as is" without
12 * express or implied warranty of any kind. These notices must be retained
13 * in any copies of any part of this documentation and/or software.
14 \********************************************************************/
22 /********************************************************************/
23 void MDinit(word
*MDbuf
)
24 /* Initialization of the 5-word MDbuf array to the magic
25 initialization constants
28 MDbuf
[0] = 0x67452301UL
;
29 MDbuf
[1] = 0xefcdab89UL
;
30 MDbuf
[2] = 0x98badcfeUL
;
31 MDbuf
[3] = 0x10325476UL
;
32 MDbuf
[4] = 0xc3d2e1f0UL
;
35 /********************************************************************/
36 void MDcompress(word
*MDbuf
, word
*X
)
37 /* The compression function is called for every complete 64-byte
38 message block. The 5-word internal state MDbuf is updated using
39 message words X[0] through X[15]. The conversion from a string
40 of 64 bytes to an array of 16 words using a Little-endian
41 convention is the responsibility of the calling function.
44 /* make two copies of the old state */
45 word aa
= MDbuf
[0], bb
= MDbuf
[1], cc
= MDbuf
[2],
46 dd
= MDbuf
[3], ee
= MDbuf
[4];
47 word aaa
= MDbuf
[0], bbb
= MDbuf
[1], ccc
= MDbuf
[2],
48 ddd
= MDbuf
[3], eee
= MDbuf
[4];
51 FF1(aa
, bb
, cc
, dd
, ee
, X
[ 0], 11);
52 FF1(ee
, aa
, bb
, cc
, dd
, X
[ 1], 14);
53 FF1(dd
, ee
, aa
, bb
, cc
, X
[ 2], 15);
54 FF1(cc
, dd
, ee
, aa
, bb
, X
[ 3], 12);
55 FF1(bb
, cc
, dd
, ee
, aa
, X
[ 4], 5);
56 FF1(aa
, bb
, cc
, dd
, ee
, X
[ 5], 8);
57 FF1(ee
, aa
, bb
, cc
, dd
, X
[ 6], 7);
58 FF1(dd
, ee
, aa
, bb
, cc
, X
[ 7], 9);
59 FF1(cc
, dd
, ee
, aa
, bb
, X
[ 8], 11);
60 FF1(bb
, cc
, dd
, ee
, aa
, X
[ 9], 13);
61 FF1(aa
, bb
, cc
, dd
, ee
, X
[10], 14);
62 FF1(ee
, aa
, bb
, cc
, dd
, X
[11], 15);
63 FF1(dd
, ee
, aa
, bb
, cc
, X
[12], 6);
64 FF1(cc
, dd
, ee
, aa
, bb
, X
[13], 7);
65 FF1(bb
, cc
, dd
, ee
, aa
, X
[14], 9);
66 FF1(aa
, bb
, cc
, dd
, ee
, X
[15], 8);
69 FF2(ee
, aa
, bb
, cc
, dd
, X
[ 7], 7);
70 FF2(dd
, ee
, aa
, bb
, cc
, X
[ 4], 6);
71 FF2(cc
, dd
, ee
, aa
, bb
, X
[13], 8);
72 FF2(bb
, cc
, dd
, ee
, aa
, X
[ 1], 13);
73 FF2(aa
, bb
, cc
, dd
, ee
, X
[10], 11);
74 FF2(ee
, aa
, bb
, cc
, dd
, X
[ 6], 9);
75 FF2(dd
, ee
, aa
, bb
, cc
, X
[15], 7);
76 FF2(cc
, dd
, ee
, aa
, bb
, X
[ 3], 15);
77 FF2(bb
, cc
, dd
, ee
, aa
, X
[12], 7);
78 FF2(aa
, bb
, cc
, dd
, ee
, X
[ 0], 12);
79 FF2(ee
, aa
, bb
, cc
, dd
, X
[ 9], 15);
80 FF2(dd
, ee
, aa
, bb
, cc
, X
[ 5], 9);
81 FF2(cc
, dd
, ee
, aa
, bb
, X
[ 2], 11);
82 FF2(bb
, cc
, dd
, ee
, aa
, X
[14], 7);
83 FF2(aa
, bb
, cc
, dd
, ee
, X
[11], 13);
84 FF2(ee
, aa
, bb
, cc
, dd
, X
[ 8], 12);
87 FF3(dd
, ee
, aa
, bb
, cc
, X
[ 3], 11);
88 FF3(cc
, dd
, ee
, aa
, bb
, X
[10], 13);
89 FF3(bb
, cc
, dd
, ee
, aa
, X
[14], 6);
90 FF3(aa
, bb
, cc
, dd
, ee
, X
[ 4], 7);
91 FF3(ee
, aa
, bb
, cc
, dd
, X
[ 9], 14);
92 FF3(dd
, ee
, aa
, bb
, cc
, X
[15], 9);
93 FF3(cc
, dd
, ee
, aa
, bb
, X
[ 8], 13);
94 FF3(bb
, cc
, dd
, ee
, aa
, X
[ 1], 15);
95 FF3(aa
, bb
, cc
, dd
, ee
, X
[ 2], 14);
96 FF3(ee
, aa
, bb
, cc
, dd
, X
[ 7], 8);
97 FF3(dd
, ee
, aa
, bb
, cc
, X
[ 0], 13);
98 FF3(cc
, dd
, ee
, aa
, bb
, X
[ 6], 6);
99 FF3(bb
, cc
, dd
, ee
, aa
, X
[13], 5);
100 FF3(aa
, bb
, cc
, dd
, ee
, X
[11], 12);
101 FF3(ee
, aa
, bb
, cc
, dd
, X
[ 5], 7);
102 FF3(dd
, ee
, aa
, bb
, cc
, X
[12], 5);
105 FF4(cc
, dd
, ee
, aa
, bb
, X
[ 1], 11);
106 FF4(bb
, cc
, dd
, ee
, aa
, X
[ 9], 12);
107 FF4(aa
, bb
, cc
, dd
, ee
, X
[11], 14);
108 FF4(ee
, aa
, bb
, cc
, dd
, X
[10], 15);
109 FF4(dd
, ee
, aa
, bb
, cc
, X
[ 0], 14);
110 FF4(cc
, dd
, ee
, aa
, bb
, X
[ 8], 15);
111 FF4(bb
, cc
, dd
, ee
, aa
, X
[12], 9);
112 FF4(aa
, bb
, cc
, dd
, ee
, X
[ 4], 8);
113 FF4(ee
, aa
, bb
, cc
, dd
, X
[13], 9);
114 FF4(dd
, ee
, aa
, bb
, cc
, X
[ 3], 14);
115 FF4(cc
, dd
, ee
, aa
, bb
, X
[ 7], 5);
116 FF4(bb
, cc
, dd
, ee
, aa
, X
[15], 6);
117 FF4(aa
, bb
, cc
, dd
, ee
, X
[14], 8);
118 FF4(ee
, aa
, bb
, cc
, dd
, X
[ 5], 6);
119 FF4(dd
, ee
, aa
, bb
, cc
, X
[ 6], 5);
120 FF4(cc
, dd
, ee
, aa
, bb
, X
[ 2], 12);
123 FF5(bb
, cc
, dd
, ee
, aa
, X
[ 4], 9);
124 FF5(aa
, bb
, cc
, dd
, ee
, X
[ 0], 15);
125 FF5(ee
, aa
, bb
, cc
, dd
, X
[ 5], 5);
126 FF5(dd
, ee
, aa
, bb
, cc
, X
[ 9], 11);
127 FF5(cc
, dd
, ee
, aa
, bb
, X
[ 7], 6);
128 FF5(bb
, cc
, dd
, ee
, aa
, X
[12], 8);
129 FF5(aa
, bb
, cc
, dd
, ee
, X
[ 2], 13);
130 FF5(ee
, aa
, bb
, cc
, dd
, X
[10], 12);
131 FF5(dd
, ee
, aa
, bb
, cc
, X
[14], 5);
132 FF5(cc
, dd
, ee
, aa
, bb
, X
[ 1], 12);
133 FF5(bb
, cc
, dd
, ee
, aa
, X
[ 3], 13);
134 FF5(aa
, bb
, cc
, dd
, ee
, X
[ 8], 14);
135 FF5(ee
, aa
, bb
, cc
, dd
, X
[11], 11);
136 FF5(dd
, ee
, aa
, bb
, cc
, X
[ 6], 8);
137 FF5(cc
, dd
, ee
, aa
, bb
, X
[15], 5);
138 FF5(bb
, cc
, dd
, ee
, aa
, X
[13], 6);
140 /* parallel round 1 */
141 FFF5(aaa
, bbb
, ccc
, ddd
, eee
, X
[ 5], 8);
142 FFF5(eee
, aaa
, bbb
, ccc
, ddd
, X
[14], 9);
143 FFF5(ddd
, eee
, aaa
, bbb
, ccc
, X
[ 7], 9);
144 FFF5(ccc
, ddd
, eee
, aaa
, bbb
, X
[ 0], 11);
145 FFF5(bbb
, ccc
, ddd
, eee
, aaa
, X
[ 9], 13);
146 FFF5(aaa
, bbb
, ccc
, ddd
, eee
, X
[ 2], 15);
147 FFF5(eee
, aaa
, bbb
, ccc
, ddd
, X
[11], 15);
148 FFF5(ddd
, eee
, aaa
, bbb
, ccc
, X
[ 4], 5);
149 FFF5(ccc
, ddd
, eee
, aaa
, bbb
, X
[13], 7);
150 FFF5(bbb
, ccc
, ddd
, eee
, aaa
, X
[ 6], 7);
151 FFF5(aaa
, bbb
, ccc
, ddd
, eee
, X
[15], 8);
152 FFF5(eee
, aaa
, bbb
, ccc
, ddd
, X
[ 8], 11);
153 FFF5(ddd
, eee
, aaa
, bbb
, ccc
, X
[ 1], 14);
154 FFF5(ccc
, ddd
, eee
, aaa
, bbb
, X
[10], 14);
155 FFF5(bbb
, ccc
, ddd
, eee
, aaa
, X
[ 3], 12);
156 FFF5(aaa
, bbb
, ccc
, ddd
, eee
, X
[12], 6);
158 /* parallel round 2 */
159 FFF4(eee
, aaa
, bbb
, ccc
, ddd
, X
[ 6], 9);
160 FFF4(ddd
, eee
, aaa
, bbb
, ccc
, X
[11], 13);
161 FFF4(ccc
, ddd
, eee
, aaa
, bbb
, X
[ 3], 15);
162 FFF4(bbb
, ccc
, ddd
, eee
, aaa
, X
[ 7], 7);
163 FFF4(aaa
, bbb
, ccc
, ddd
, eee
, X
[ 0], 12);
164 FFF4(eee
, aaa
, bbb
, ccc
, ddd
, X
[13], 8);
165 FFF4(ddd
, eee
, aaa
, bbb
, ccc
, X
[ 5], 9);
166 FFF4(ccc
, ddd
, eee
, aaa
, bbb
, X
[10], 11);
167 FFF4(bbb
, ccc
, ddd
, eee
, aaa
, X
[14], 7);
168 FFF4(aaa
, bbb
, ccc
, ddd
, eee
, X
[15], 7);
169 FFF4(eee
, aaa
, bbb
, ccc
, ddd
, X
[ 8], 12);
170 FFF4(ddd
, eee
, aaa
, bbb
, ccc
, X
[12], 7);
171 FFF4(ccc
, ddd
, eee
, aaa
, bbb
, X
[ 4], 6);
172 FFF4(bbb
, ccc
, ddd
, eee
, aaa
, X
[ 9], 15);
173 FFF4(aaa
, bbb
, ccc
, ddd
, eee
, X
[ 1], 13);
174 FFF4(eee
, aaa
, bbb
, ccc
, ddd
, X
[ 2], 11);
176 /* parallel round 3 */
177 FFF3(ddd
, eee
, aaa
, bbb
, ccc
, X
[15], 9);
178 FFF3(ccc
, ddd
, eee
, aaa
, bbb
, X
[ 5], 7);
179 FFF3(bbb
, ccc
, ddd
, eee
, aaa
, X
[ 1], 15);
180 FFF3(aaa
, bbb
, ccc
, ddd
, eee
, X
[ 3], 11);
181 FFF3(eee
, aaa
, bbb
, ccc
, ddd
, X
[ 7], 8);
182 FFF3(ddd
, eee
, aaa
, bbb
, ccc
, X
[14], 6);
183 FFF3(ccc
, ddd
, eee
, aaa
, bbb
, X
[ 6], 6);
184 FFF3(bbb
, ccc
, ddd
, eee
, aaa
, X
[ 9], 14);
185 FFF3(aaa
, bbb
, ccc
, ddd
, eee
, X
[11], 12);
186 FFF3(eee
, aaa
, bbb
, ccc
, ddd
, X
[ 8], 13);
187 FFF3(ddd
, eee
, aaa
, bbb
, ccc
, X
[12], 5);
188 FFF3(ccc
, ddd
, eee
, aaa
, bbb
, X
[ 2], 14);
189 FFF3(bbb
, ccc
, ddd
, eee
, aaa
, X
[10], 13);
190 FFF3(aaa
, bbb
, ccc
, ddd
, eee
, X
[ 0], 13);
191 FFF3(eee
, aaa
, bbb
, ccc
, ddd
, X
[ 4], 7);
192 FFF3(ddd
, eee
, aaa
, bbb
, ccc
, X
[13], 5);
194 /* parallel round 4 */
195 FFF2(ccc
, ddd
, eee
, aaa
, bbb
, X
[ 8], 15);
196 FFF2(bbb
, ccc
, ddd
, eee
, aaa
, X
[ 6], 5);
197 FFF2(aaa
, bbb
, ccc
, ddd
, eee
, X
[ 4], 8);
198 FFF2(eee
, aaa
, bbb
, ccc
, ddd
, X
[ 1], 11);
199 FFF2(ddd
, eee
, aaa
, bbb
, ccc
, X
[ 3], 14);
200 FFF2(ccc
, ddd
, eee
, aaa
, bbb
, X
[11], 14);
201 FFF2(bbb
, ccc
, ddd
, eee
, aaa
, X
[15], 6);
202 FFF2(aaa
, bbb
, ccc
, ddd
, eee
, X
[ 0], 14);
203 FFF2(eee
, aaa
, bbb
, ccc
, ddd
, X
[ 5], 6);
204 FFF2(ddd
, eee
, aaa
, bbb
, ccc
, X
[12], 9);
205 FFF2(ccc
, ddd
, eee
, aaa
, bbb
, X
[ 2], 12);
206 FFF2(bbb
, ccc
, ddd
, eee
, aaa
, X
[13], 9);
207 FFF2(aaa
, bbb
, ccc
, ddd
, eee
, X
[ 9], 12);
208 FFF2(eee
, aaa
, bbb
, ccc
, ddd
, X
[ 7], 5);
209 FFF2(ddd
, eee
, aaa
, bbb
, ccc
, X
[10], 15);
210 FFF2(ccc
, ddd
, eee
, aaa
, bbb
, X
[14], 8);
212 /* parallel round 5 */
213 FFF1(bbb
, ccc
, ddd
, eee
, aaa
, X
[12] , 8);
214 FFF1(aaa
, bbb
, ccc
, ddd
, eee
, X
[15] , 5);
215 FFF1(eee
, aaa
, bbb
, ccc
, ddd
, X
[10] , 12);
216 FFF1(ddd
, eee
, aaa
, bbb
, ccc
, X
[ 4] , 9);
217 FFF1(ccc
, ddd
, eee
, aaa
, bbb
, X
[ 1] , 12);
218 FFF1(bbb
, ccc
, ddd
, eee
, aaa
, X
[ 5] , 5);
219 FFF1(aaa
, bbb
, ccc
, ddd
, eee
, X
[ 8] , 14);
220 FFF1(eee
, aaa
, bbb
, ccc
, ddd
, X
[ 7] , 6);
221 FFF1(ddd
, eee
, aaa
, bbb
, ccc
, X
[ 6] , 8);
222 FFF1(ccc
, ddd
, eee
, aaa
, bbb
, X
[ 2] , 13);
223 FFF1(bbb
, ccc
, ddd
, eee
, aaa
, X
[13] , 6);
224 FFF1(aaa
, bbb
, ccc
, ddd
, eee
, X
[14] , 5);
225 FFF1(eee
, aaa
, bbb
, ccc
, ddd
, X
[ 0] , 15);
226 FFF1(ddd
, eee
, aaa
, bbb
, ccc
, X
[ 3] , 13);
227 FFF1(ccc
, ddd
, eee
, aaa
, bbb
, X
[ 9] , 11);
228 FFF1(bbb
, ccc
, ddd
, eee
, aaa
, X
[11] , 11);
230 /* combine results into new state */
231 ddd
+= cc
+ MDbuf
[1];
232 MDbuf
[1] = MDbuf
[2] + dd
+ eee
;
233 MDbuf
[2] = MDbuf
[3] + ee
+ aaa
;
234 MDbuf
[3] = MDbuf
[4] + aa
+ bbb
;
235 MDbuf
[4] = MDbuf
[0] + bb
+ ccc
;
239 /********************************************************************/
240 void MDfinish(word
*MDbuf
, byte
*string
, word lswlen
, word mswlen
)
241 /* The final value of the 5-word MDbuf array is calculated.
242 lswlen and mswlen contain, respectively, the least and most significant
243 32 bits of the message bit length mod 2^64, and string is an incomplete
244 block containing the (lswlen mod 512) remaining message bits.
245 (In case the message is already a multiple of 512 bits, string
246 is not used.) The conversion of the 5-word final state MDbuf to
247 the 20-byte hash result using a Little-endian convention is the
248 responsibility of the calling function.
255 /* clear 16-word message block */
256 memset(X
, 0, 16*sizeof(word
));
258 /* copy (lswlen mod 512) bits from string into X */
259 length
= ((lswlen
&511)+7)/8; /* number of bytes */
260 mask
= (lswlen
&7) ? ((byte
)1 << (lswlen
&7)) - 1 : 0xff;
261 for (i
=0; i
<length
; i
++) {
262 /* byte i goes into word X[i div 4] at bit position 8*(i mod 4) */
264 X
[i
>>2] ^= (word
) (*string
&mask
) << (8*(i
&3));
266 X
[i
>>2] ^= (word
) *string
++ << (8*(i
&3));
269 /* append a single 1 */
270 X
[(lswlen
>>5)&15] ^= (word
)1 << (8*((lswlen
>>3)&3)+7-(lswlen
&7));
272 if ((lswlen
& 511) > 447) {
273 /* length doesn't fit in this block anymore.
274 Compress, and put length in the next block */
275 MDcompress(MDbuf
, X
);
276 memset(X
, 0, 16*sizeof(word
));
278 /* append length in bits*/
281 MDcompress(MDbuf
, X
);
284 /************************ end of file rmd160.c **********************/
