/src/mbedtls/library/ripemd160.c

Source (jump to first uncovered line)
/*
 *  RIPE MD-160 implementation
 *
 *  Copyright The Mbed TLS Contributors
 *  SPDX-License-Identifier: Apache-2.0
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *  http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */

/*
 *  The RIPEMD-160 algorithm was designed by RIPE in 1996
 *  http://homes.esat.kuleuven.be/~bosselae/mbedtls_ripemd160.html
 *  http://ehash.iaik.tugraz.at/wiki/RIPEMD-160
 */

#include "common.h"

#if defined(MBEDTLS_RIPEMD160_C)

#include "mbedtls/ripemd160.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"

#include <string.h>

#include "mbedtls/platform.h"

#if !defined(MBEDTLS_RIPEMD160_ALT)

void mbedtls_ripemd160_init(mbedtls_ripemd160_context *ctx)
{
    memset(ctx, 0, sizeof(mbedtls_ripemd160_context));
}

void mbedtls_ripemd160_free(mbedtls_ripemd160_context *ctx)
{
    if (ctx == NULL) {
        return;
    }

    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ripemd160_context));
}

void mbedtls_ripemd160_clone(mbedtls_ripemd160_context *dst,
                             const mbedtls_ripemd160_context *src)
{
    *dst = *src;
}

/*
 * RIPEMD-160 context setup
 */
int mbedtls_ripemd160_starts(mbedtls_ripemd160_context *ctx)
{
    ctx->total[0] = 0;
    ctx->total[1] = 0;

    ctx->state[0] = 0x67452301;
    ctx->state[1] = 0xEFCDAB89;
    ctx->state[2] = 0x98BADCFE;
    ctx->state[3] = 0x10325476;
    ctx->state[4] = 0xC3D2E1F0;

    return 0;
}

#if !defined(MBEDTLS_RIPEMD160_PROCESS_ALT)
/*
 * Process one block
 */
int mbedtls_internal_ripemd160_process(mbedtls_ripemd160_context *ctx,
                                       const unsigned char data[64])
{
    struct {
        uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16];
    } local;

    local.X[0] = MBEDTLS_GET_UINT32_LE(data,  0);
    local.X[1] = MBEDTLS_GET_UINT32_LE(data,  4);
    local.X[2] = MBEDTLS_GET_UINT32_LE(data,  8);
    local.X[3] = MBEDTLS_GET_UINT32_LE(data, 12);
    local.X[4] = MBEDTLS_GET_UINT32_LE(data, 16);
    local.X[5] = MBEDTLS_GET_UINT32_LE(data, 20);
    local.X[6] = MBEDTLS_GET_UINT32_LE(data, 24);
    local.X[7] = MBEDTLS_GET_UINT32_LE(data, 28);
    local.X[8] = MBEDTLS_GET_UINT32_LE(data, 32);
    local.X[9] = MBEDTLS_GET_UINT32_LE(data, 36);
    local.X[10] = MBEDTLS_GET_UINT32_LE(data, 40);
    local.X[11] = MBEDTLS_GET_UINT32_LE(data, 44);
    local.X[12] = MBEDTLS_GET_UINT32_LE(data, 48);
    local.X[13] = MBEDTLS_GET_UINT32_LE(data, 52);
    local.X[14] = MBEDTLS_GET_UINT32_LE(data, 56);
    local.X[15] = MBEDTLS_GET_UINT32_LE(data, 60);

    local.A = local.Ap = ctx->state[0];
    local.B = local.Bp = ctx->state[1];
    local.C = local.Cp = ctx->state[2];
    local.D = local.Dp = ctx->state[3];
    local.E = local.Ep = ctx->state[4];

#define F1(x, y, z)   ((x) ^ (y) ^ (z))
#define F2(x, y, z)   (((x) & (y)) | (~(x) & (z)))
#define F3(x, y, z)   (((x) | ~(y)) ^ (z))
#define F4(x, y, z)   (((x) & (z)) | ((y) & ~(z)))
#define F5(x, y, z)   ((x) ^ ((y) | ~(z)))

#define S(x, n) (((x) << (n)) | ((x) >> (32 - (n))))

#define P(a, b, c, d, e, r, s, f, k)                      \
    do                                                      \
    {                                                       \
        (a) += f((b), (c), (d)) + local.X[r] + (k);       \
        (a) = S((a), (s)) + (e);                          \
        (c) = S((c), 10);                                 \
    } while (0)

#define P2(a, b, c, d, e, r, s, rp, sp)                               \
    do                                                                  \
    {                                                                   \
        P((a), (b), (c), (d), (e), (r), (s), F, K);                   \
        P(a ## p, b ## p, c ## p, d ## p, e ## p,                      \
          (rp), (sp), Fp, Kp);                                        \
    } while (0)

#define F   F1
#define K   0x00000000
#define Fp  F5
#define Kp  0x50A28BE6
    P2(local.A, local.B, local.C, local.D, local.E,  0, 11,  5,  8);
    P2(local.E, local.A, local.B, local.C, local.D,  1, 14, 14,  9);
    P2(local.D, local.E, local.A, local.B, local.C,  2, 15,  7,  9);
    P2(local.C, local.D, local.E, local.A, local.B,  3, 12,  0, 11);
    P2(local.B, local.C, local.D, local.E, local.A,  4,  5,  9, 13);
    P2(local.A, local.B, local.C, local.D, local.E,  5,  8,  2, 15);
    P2(local.E, local.A, local.B, local.C, local.D,  6,  7, 11, 15);
    P2(local.D, local.E, local.A, local.B, local.C,  7,  9,  4,  5);
    P2(local.C, local.D, local.E, local.A, local.B,  8, 11, 13,  7);
    P2(local.B, local.C, local.D, local.E, local.A,  9, 13,  6,  7);
    P2(local.A, local.B, local.C, local.D, local.E, 10, 14, 15,  8);
    P2(local.E, local.A, local.B, local.C, local.D, 11, 15,  8, 11);
    P2(local.D, local.E, local.A, local.B, local.C, 12,  6,  1, 14);
    P2(local.C, local.D, local.E, local.A, local.B, 13,  7, 10, 14);
    P2(local.B, local.C, local.D, local.E, local.A, 14,  9,  3, 12);
    P2(local.A, local.B, local.C, local.D, local.E, 15,  8, 12,  6);
#undef F
#undef K
#undef Fp
#undef Kp

#define F   F2
#define K   0x5A827999
#define Fp  F4
#define Kp  0x5C4DD124
    P2(local.E, local.A, local.B, local.C, local.D,  7,  7,  6,  9);
    P2(local.D, local.E, local.A, local.B, local.C,  4,  6, 11, 13);
    P2(local.C, local.D, local.E, local.A, local.B, 13,  8,  3, 15);
    P2(local.B, local.C, local.D, local.E, local.A,  1, 13,  7,  7);
    P2(local.A, local.B, local.C, local.D, local.E, 10, 11,  0, 12);
    P2(local.E, local.A, local.B, local.C, local.D,  6,  9, 13,  8);
    P2(local.D, local.E, local.A, local.B, local.C, 15,  7,  5,  9);
    P2(local.C, local.D, local.E, local.A, local.B,  3, 15, 10, 11);
    P2(local.B, local.C, local.D, local.E, local.A, 12,  7, 14,  7);
    P2(local.A, local.B, local.C, local.D, local.E,  0, 12, 15,  7);
    P2(local.E, local.A, local.B, local.C, local.D,  9, 15,  8, 12);
    P2(local.D, local.E, local.A, local.B, local.C,  5,  9, 12,  7);
    P2(local.C, local.D, local.E, local.A, local.B,  2, 11,  4,  6);
    P2(local.B, local.C, local.D, local.E, local.A, 14,  7,  9, 15);
    P2(local.A, local.B, local.C, local.D, local.E, 11, 13,  1, 13);
    P2(local.E, local.A, local.B, local.C, local.D,  8, 12,  2, 11);
#undef F
#undef K
#undef Fp
#undef Kp

#define F   F3
#define K   0x6ED9EBA1
#define Fp  F3
#define Kp  0x6D703EF3
    P2(local.D, local.E, local.A, local.B, local.C,  3, 11, 15,  9);
    P2(local.C, local.D, local.E, local.A, local.B, 10, 13,  5,  7);
    P2(local.B, local.C, local.D, local.E, local.A, 14,  6,  1, 15);
    P2(local.A, local.B, local.C, local.D, local.E,  4,  7,  3, 11);
    P2(local.E, local.A, local.B, local.C, local.D,  9, 14,  7,  8);
    P2(local.D, local.E, local.A, local.B, local.C, 15,  9, 14,  6);
    P2(local.C, local.D, local.E, local.A, local.B,  8, 13,  6,  6);
    P2(local.B, local.C, local.D, local.E, local.A,  1, 15,  9, 14);
    P2(local.A, local.B, local.C, local.D, local.E,  2, 14, 11, 12);
    P2(local.E, local.A, local.B, local.C, local.D,  7,  8,  8, 13);
    P2(local.D, local.E, local.A, local.B, local.C,  0, 13, 12,  5);
    P2(local.C, local.D, local.E, local.A, local.B,  6,  6,  2, 14);
    P2(local.B, local.C, local.D, local.E, local.A, 13,  5, 10, 13);
    P2(local.A, local.B, local.C, local.D, local.E, 11, 12,  0, 13);
    P2(local.E, local.A, local.B, local.C, local.D,  5,  7,  4,  7);
    P2(local.D, local.E, local.A, local.B, local.C, 12,  5, 13,  5);
#undef F
#undef K
#undef Fp
#undef Kp

#define F   F4
#define K   0x8F1BBCDC
#define Fp  F2
#define Kp  0x7A6D76E9
    P2(local.C, local.D, local.E, local.A, local.B,  1, 11,  8, 15);
    P2(local.B, local.C, local.D, local.E, local.A,  9, 12,  6,  5);
    P2(local.A, local.B, local.C, local.D, local.E, 11, 14,  4,  8);
    P2(local.E, local.A, local.B, local.C, local.D, 10, 15,  1, 11);
    P2(local.D, local.E, local.A, local.B, local.C,  0, 14,  3, 14);
    P2(local.C, local.D, local.E, local.A, local.B,  8, 15, 11, 14);
    P2(local.B, local.C, local.D, local.E, local.A, 12,  9, 15,  6);
    P2(local.A, local.B, local.C, local.D, local.E,  4,  8,  0, 14);
    P2(local.E, local.A, local.B, local.C, local.D, 13,  9,  5,  6);
    P2(local.D, local.E, local.A, local.B, local.C,  3, 14, 12,  9);
    P2(local.C, local.D, local.E, local.A, local.B,  7,  5,  2, 12);
    P2(local.B, local.C, local.D, local.E, local.A, 15,  6, 13,  9);
    P2(local.A, local.B, local.C, local.D, local.E, 14,  8,  9, 12);
    P2(local.E, local.A, local.B, local.C, local.D,  5,  6,  7,  5);
    P2(local.D, local.E, local.A, local.B, local.C,  6,  5, 10, 15);
    P2(local.C, local.D, local.E, local.A, local.B,  2, 12, 14,  8);
#undef F
#undef K
#undef Fp
#undef Kp

#define F   F5
#define K   0xA953FD4E
#define Fp  F1
#define Kp  0x00000000
    P2(local.B, local.C, local.D, local.E, local.A,  4,  9, 12,  8);
    P2(local.A, local.B, local.C, local.D, local.E,  0, 15, 15,  5);
    P2(local.E, local.A, local.B, local.C, local.D,  5,  5, 10, 12);
    P2(local.D, local.E, local.A, local.B, local.C,  9, 11,  4,  9);
    P2(local.C, local.D, local.E, local.A, local.B,  7,  6,  1, 12);
    P2(local.B, local.C, local.D, local.E, local.A, 12,  8,  5,  5);
    P2(local.A, local.B, local.C, local.D, local.E,  2, 13,  8, 14);
    P2(local.E, local.A, local.B, local.C, local.D, 10, 12,  7,  6);
    P2(local.D, local.E, local.A, local.B, local.C, 14,  5,  6,  8);
    P2(local.C, local.D, local.E, local.A, local.B,  1, 12,  2, 13);
    P2(local.B, local.C, local.D, local.E, local.A,  3, 13, 13,  6);
    P2(local.A, local.B, local.C, local.D, local.E,  8, 14, 14,  5);
    P2(local.E, local.A, local.B, local.C, local.D, 11, 11,  0, 15);
    P2(local.D, local.E, local.A, local.B, local.C,  6,  8,  3, 13);
    P2(local.C, local.D, local.E, local.A, local.B, 15,  5,  9, 11);
    P2(local.B, local.C, local.D, local.E, local.A, 13,  6, 11, 11);
#undef F
#undef K
#undef Fp
#undef Kp

    local.C       = ctx->state[1] + local.C + local.Dp;
    ctx->state[1] = ctx->state[2] + local.D + local.Ep;
    ctx->state[2] = ctx->state[3] + local.E + local.Ap;
    ctx->state[3] = ctx->state[4] + local.A + local.Bp;
    ctx->state[4] = ctx->state[0] + local.B + local.Cp;
    ctx->state[0] = local.C;

    /* Zeroise variables to clear sensitive data from memory. */
    mbedtls_platform_zeroize(&local, sizeof(local));

    return 0;
}

#endif /* !MBEDTLS_RIPEMD160_PROCESS_ALT */

/*
 * RIPEMD-160 process buffer
 */
int mbedtls_ripemd160_update(mbedtls_ripemd160_context *ctx,
                             const unsigned char *input,
                             size_t ilen)
{
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    size_t fill;
    uint32_t left;

    if (ilen == 0) {
        return 0;
    }

    left = ctx->total[0] & 0x3F;
    fill = 64 - left;

    ctx->total[0] += (uint32_t) ilen;
    ctx->total[0] &= 0xFFFFFFFF;

    if (ctx->total[0] < (uint32_t) ilen) {
        ctx->total[1]++;
    }

    if (left && ilen >= fill) {
        memcpy((void *) (ctx->buffer + left), input, fill);

        if ((ret = mbedtls_internal_ripemd160_process(ctx, ctx->buffer)) != 0) {
            return ret;
        }

        input += fill;
        ilen  -= fill;
        left = 0;
    }

    while (ilen >= 64) {
        if ((ret = mbedtls_internal_ripemd160_process(ctx, input)) != 0) {
            return ret;
        }

        input += 64;
        ilen  -= 64;
    }

    if (ilen > 0) {
        memcpy((void *) (ctx->buffer + left), input, ilen);
    }

    return 0;
}

static const unsigned char ripemd160_padding[64] =
{
    0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};

/*
 * RIPEMD-160 final digest
 */
int mbedtls_ripemd160_finish(mbedtls_ripemd160_context *ctx,
                             unsigned char output[20])
{
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    uint32_t last, padn;
    uint32_t high, low;
    unsigned char msglen[8];

    high = (ctx->total[0] >> 29)
           | (ctx->total[1] <<  3);
    low  = (ctx->total[0] <<  3);

    MBEDTLS_PUT_UINT32_LE(low,  msglen, 0);
    MBEDTLS_PUT_UINT32_LE(high, msglen, 4);

    last = ctx->total[0] & 0x3F;
    padn = (last < 56) ? (56 - last) : (120 - last);

    ret = mbedtls_ripemd160_update(ctx, ripemd160_padding, padn);
    if (ret != 0) {
        return ret;
    }

    ret = mbedtls_ripemd160_update(ctx, msglen, 8);
    if (ret != 0) {
        return ret;
    }

    MBEDTLS_PUT_UINT32_LE(ctx->state[0], output,  0);
    MBEDTLS_PUT_UINT32_LE(ctx->state[1], output,  4);
    MBEDTLS_PUT_UINT32_LE(ctx->state[2], output,  8);
    MBEDTLS_PUT_UINT32_LE(ctx->state[3], output, 12);
    MBEDTLS_PUT_UINT32_LE(ctx->state[4], output, 16);

    return 0;
}

#endif /* ! MBEDTLS_RIPEMD160_ALT */

/*
 * output = RIPEMD-160( input buffer )
 */
int mbedtls_ripemd160(const unsigned char *input,
                      size_t ilen,
                      unsigned char output[20])
{
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    mbedtls_ripemd160_context ctx;

    mbedtls_ripemd160_init(&ctx);

    if ((ret = mbedtls_ripemd160_starts(&ctx)) != 0) {
        goto exit;
    }

    if ((ret = mbedtls_ripemd160_update(&ctx, input, ilen)) != 0) {
        goto exit;
    }

    if ((ret = mbedtls_ripemd160_finish(&ctx, output)) != 0) {
        goto exit;
    }

exit:
    mbedtls_ripemd160_free(&ctx);

    return ret;
}

#if defined(MBEDTLS_SELF_TEST)
/*
 * Test vectors from the RIPEMD-160 paper and
 * http://homes.esat.kuleuven.be/~bosselae/mbedtls_ripemd160.html#HMAC
 */
#define TESTS   8
static const unsigned char ripemd160_test_str[TESTS][81] =
{
    { "" },
    { "a" },
    { "abc" },
    { "message digest" },
    { "abcdefghijklmnopqrstuvwxyz" },
    { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
    { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
    { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" },
};

static const size_t ripemd160_test_strlen[TESTS] =
{
    0, 1, 3, 14, 26, 56, 62, 80
};

static const unsigned char ripemd160_test_md[TESTS][20] =
{
    { 0x9c, 0x11, 0x85, 0xa5, 0xc5, 0xe9, 0xfc, 0x54, 0x61, 0x28,
      0x08, 0x97, 0x7e, 0xe8, 0xf5, 0x48, 0xb2, 0x25, 0x8d, 0x31 },
    { 0x0b, 0xdc, 0x9d, 0x2d, 0x25, 0x6b, 0x3e, 0xe9, 0xda, 0xae,
      0x34, 0x7b, 0xe6, 0xf4, 0xdc, 0x83, 0x5a, 0x46, 0x7f, 0xfe },
    { 0x8e, 0xb2, 0x08, 0xf7, 0xe0, 0x5d, 0x98, 0x7a, 0x9b, 0x04,
      0x4a, 0x8e, 0x98, 0xc6, 0xb0, 0x87, 0xf1, 0x5a, 0x0b, 0xfc },
    { 0x5d, 0x06, 0x89, 0xef, 0x49, 0xd2, 0xfa, 0xe5, 0x72, 0xb8,
      0x81, 0xb1, 0x23, 0xa8, 0x5f, 0xfa, 0x21, 0x59, 0x5f, 0x36 },
    { 0xf7, 0x1c, 0x27, 0x10, 0x9c, 0x69, 0x2c, 0x1b, 0x56, 0xbb,
      0xdc, 0xeb, 0x5b, 0x9d, 0x28, 0x65, 0xb3, 0x70, 0x8d, 0xbc },
    { 0x12, 0xa0, 0x53, 0x38, 0x4a, 0x9c, 0x0c, 0x88, 0xe4, 0x05,
      0xa0, 0x6c, 0x27, 0xdc, 0xf4, 0x9a, 0xda, 0x62, 0xeb, 0x2b },
    { 0xb0, 0xe2, 0x0b, 0x6e, 0x31, 0x16, 0x64, 0x02, 0x86, 0xed,
      0x3a, 0x87, 0xa5, 0x71, 0x30, 0x79, 0xb2, 0x1f, 0x51, 0x89 },
    { 0x9b, 0x75, 0x2e, 0x45, 0x57, 0x3d, 0x4b, 0x39, 0xf4, 0xdb,
      0xd3, 0x32, 0x3c, 0xab, 0x82, 0xbf, 0x63, 0x32, 0x6b, 0xfb },
};

/*
 * Checkup routine
 */
int mbedtls_ripemd160_self_test(int verbose)
{
    int i, ret = 0;
    unsigned char output[20];

    memset(output, 0, sizeof output);

    for (i = 0; i < TESTS; i++) {
        if (verbose != 0) {
            mbedtls_printf("  RIPEMD-160 test #%d: ", i + 1);
        }

        ret = mbedtls_ripemd160(ripemd160_test_str[i],
                                ripemd160_test_strlen[i], output);
        if (ret != 0) {
            goto fail;
        }

        if (memcmp(output, ripemd160_test_md[i], 20) != 0) {
            ret = 1;
            goto fail;
        }

        if (verbose != 0) {
            mbedtls_printf("passed\n");
        }
    }

    if (verbose != 0) {
        mbedtls_printf("\n");
    }

    return 0;

fail:
    if (verbose != 0) {
        mbedtls_printf("failed\n");
    }

    return ret;
}

#endif /* MBEDTLS_SELF_TEST */

#endif /* MBEDTLS_RIPEMD160_C */

Coverage Report

Created: 2023-09-24 16:03

Line	Count	Source (jump to first uncovered line)
1		/*
2		* RIPE MD-160 implementation
3		*
4		* Copyright The Mbed TLS Contributors
5		* SPDX-License-Identifier: Apache-2.0
6		*
7		* Licensed under the Apache License, Version 2.0 (the "License"); you may
8		* not use this file except in compliance with the License.
9		* You may obtain a copy of the License at
10		*
11		* http://www.apache.org/licenses/LICENSE-2.0
12		*
13		* Unless required by applicable law or agreed to in writing, software
14		* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15		* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16		* See the License for the specific language governing permissions and
17		* limitations under the License.
18		*/
19
20		/*
21		* The RIPEMD-160 algorithm was designed by RIPE in 1996
22		* http://homes.esat.kuleuven.be/~bosselae/mbedtls_ripemd160.html
23		* http://ehash.iaik.tugraz.at/wiki/RIPEMD-160
24		*/
25
26		#include "common.h"
27
28		#if defined(MBEDTLS_RIPEMD160_C)
29
30		#include "mbedtls/ripemd160.h"
31		#include "mbedtls/platform_util.h"
32		#include "mbedtls/error.h"
33
34		#include <string.h>
35
36		#include "mbedtls/platform.h"
37
38		#if !defined(MBEDTLS_RIPEMD160_ALT)
39
40		void mbedtls_ripemd160_init(mbedtls_ripemd160_context *ctx)
41	0	{
42	0	memset(ctx, 0, sizeof(mbedtls_ripemd160_context));
43	0	}
44
45		void mbedtls_ripemd160_free(mbedtls_ripemd160_context *ctx)
46	0	{
47	0	if (ctx == NULL) {
48	0	return;
49	0	}
50
51	0	mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ripemd160_context));
52	0	}
53
54		void mbedtls_ripemd160_clone(mbedtls_ripemd160_context *dst,
55		const mbedtls_ripemd160_context *src)
56	0	{
57	0	dst = src;
58	0	}
59
60		/*
61		* RIPEMD-160 context setup
62		*/
63		int mbedtls_ripemd160_starts(mbedtls_ripemd160_context *ctx)
64	0	{
65	0	ctx->total[0] = 0;
66	0	ctx->total[1] = 0;
67
68	0	ctx->state[0] = 0x67452301;
69	0	ctx->state[1] = 0xEFCDAB89;
70	0	ctx->state[2] = 0x98BADCFE;
71	0	ctx->state[3] = 0x10325476;
72	0	ctx->state[4] = 0xC3D2E1F0;
73
74	0	return 0;
75	0	}
76
77		#if !defined(MBEDTLS_RIPEMD160_PROCESS_ALT)
78		/*
79		* Process one block
80		*/
81		int mbedtls_internal_ripemd160_process(mbedtls_ripemd160_context *ctx,
82		const unsigned char data[64])
83	0	{
84	0	struct {
85	0	uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16];
86	0	} local;
87
88	0	local.X[0] = MBEDTLS_GET_UINT32_LE(data, 0);
89	0	local.X[1] = MBEDTLS_GET_UINT32_LE(data, 4);
90	0	local.X[2] = MBEDTLS_GET_UINT32_LE(data, 8);
91	0	local.X[3] = MBEDTLS_GET_UINT32_LE(data, 12);
92	0	local.X[4] = MBEDTLS_GET_UINT32_LE(data, 16);
93	0	local.X[5] = MBEDTLS_GET_UINT32_LE(data, 20);
94	0	local.X[6] = MBEDTLS_GET_UINT32_LE(data, 24);
95	0	local.X[7] = MBEDTLS_GET_UINT32_LE(data, 28);
96	0	local.X[8] = MBEDTLS_GET_UINT32_LE(data, 32);
97	0	local.X[9] = MBEDTLS_GET_UINT32_LE(data, 36);
98	0	local.X[10] = MBEDTLS_GET_UINT32_LE(data, 40);
99	0	local.X[11] = MBEDTLS_GET_UINT32_LE(data, 44);
100	0	local.X[12] = MBEDTLS_GET_UINT32_LE(data, 48);
101	0	local.X[13] = MBEDTLS_GET_UINT32_LE(data, 52);
102	0	local.X[14] = MBEDTLS_GET_UINT32_LE(data, 56);
103	0	local.X[15] = MBEDTLS_GET_UINT32_LE(data, 60);
104
105	0	local.A = local.Ap = ctx->state[0];
106	0	local.B = local.Bp = ctx->state[1];
107	0	local.C = local.Cp = ctx->state[2];
108	0	local.D = local.Dp = ctx->state[3];
109	0	local.E = local.Ep = ctx->state[4];
110
111	0	#define F1(x, y, z) ((x) ^ (y) ^ (z))
112	0	#define F2(x, y, z) (((x) & (y)) \| (~(x) & (z)))
113	0	#define F3(x, y, z) (((x) \| ~(y)) ^ (z))
114	0	#define F4(x, y, z) (((x) & (z)) \| ((y) & ~(z)))
115	0	#define F5(x, y, z) ((x) ^ ((y) \| ~(z)))
116
117	0	#define S(x, n) (((x) << (n)) \| ((x) >> (32 - (n))))
118
119	0	#define P(a, b, c, d, e, r, s, f, k) \
120	0	do \
121	0	{ \
122	0	(a) += f((b), (c), (d)) + local.X[r] + (k); \
123	0	(a) = S((a), (s)) + (e); \
124	0	(c) = S((c), 10); \
125	0	} while (0)
126
127	0	#define P2(a, b, c, d, e, r, s, rp, sp) \
128	0	do \
129	0	{ \
130	0	P((a), (b), (c), (d), (e), (r), (s), F, K); \
131	0	P(a ## p, b ## p, c ## p, d ## p, e ## p, \
132	0	(rp), (sp), Fp, Kp); \
133	0	} while (0)
134
135	0	#define F F1
136	0	#define K 0x00000000
137	0	#define Fp F5
138	0	#define Kp 0x50A28BE6
139	0	P2(local.A, local.B, local.C, local.D, local.E, 0, 11, 5, 8);
140	0	P2(local.E, local.A, local.B, local.C, local.D, 1, 14, 14, 9);
141	0	P2(local.D, local.E, local.A, local.B, local.C, 2, 15, 7, 9);
142	0	P2(local.C, local.D, local.E, local.A, local.B, 3, 12, 0, 11);
143	0	P2(local.B, local.C, local.D, local.E, local.A, 4, 5, 9, 13);
144	0	P2(local.A, local.B, local.C, local.D, local.E, 5, 8, 2, 15);
145	0	P2(local.E, local.A, local.B, local.C, local.D, 6, 7, 11, 15);
146	0	P2(local.D, local.E, local.A, local.B, local.C, 7, 9, 4, 5);
147	0	P2(local.C, local.D, local.E, local.A, local.B, 8, 11, 13, 7);
148	0	P2(local.B, local.C, local.D, local.E, local.A, 9, 13, 6, 7);
149	0	P2(local.A, local.B, local.C, local.D, local.E, 10, 14, 15, 8);
150	0	P2(local.E, local.A, local.B, local.C, local.D, 11, 15, 8, 11);
151	0	P2(local.D, local.E, local.A, local.B, local.C, 12, 6, 1, 14);
152	0	P2(local.C, local.D, local.E, local.A, local.B, 13, 7, 10, 14);
153	0	P2(local.B, local.C, local.D, local.E, local.A, 14, 9, 3, 12);
154	0	P2(local.A, local.B, local.C, local.D, local.E, 15, 8, 12, 6);
155	0	#undef F
156	0	#undef K
157	0	#undef Fp
158	0	#undef Kp
159
160	0	#define F F2
161	0	#define K 0x5A827999
162	0	#define Fp F4
163	0	#define Kp 0x5C4DD124
164	0	P2(local.E, local.A, local.B, local.C, local.D, 7, 7, 6, 9);
165	0	P2(local.D, local.E, local.A, local.B, local.C, 4, 6, 11, 13);
166	0	P2(local.C, local.D, local.E, local.A, local.B, 13, 8, 3, 15);
167	0	P2(local.B, local.C, local.D, local.E, local.A, 1, 13, 7, 7);
168	0	P2(local.A, local.B, local.C, local.D, local.E, 10, 11, 0, 12);
169	0	P2(local.E, local.A, local.B, local.C, local.D, 6, 9, 13, 8);
170	0	P2(local.D, local.E, local.A, local.B, local.C, 15, 7, 5, 9);
171	0	P2(local.C, local.D, local.E, local.A, local.B, 3, 15, 10, 11);
172	0	P2(local.B, local.C, local.D, local.E, local.A, 12, 7, 14, 7);
173	0	P2(local.A, local.B, local.C, local.D, local.E, 0, 12, 15, 7);
174	0	P2(local.E, local.A, local.B, local.C, local.D, 9, 15, 8, 12);
175	0	P2(local.D, local.E, local.A, local.B, local.C, 5, 9, 12, 7);
176	0	P2(local.C, local.D, local.E, local.A, local.B, 2, 11, 4, 6);
177	0	P2(local.B, local.C, local.D, local.E, local.A, 14, 7, 9, 15);
178	0	P2(local.A, local.B, local.C, local.D, local.E, 11, 13, 1, 13);
179	0	P2(local.E, local.A, local.B, local.C, local.D, 8, 12, 2, 11);
180	0	#undef F
181	0	#undef K
182	0	#undef Fp
183	0	#undef Kp
184
185	0	#define F F3
186	0	#define K 0x6ED9EBA1
187	0	#define Fp F3
188	0	#define Kp 0x6D703EF3
189	0	P2(local.D, local.E, local.A, local.B, local.C, 3, 11, 15, 9);
190	0	P2(local.C, local.D, local.E, local.A, local.B, 10, 13, 5, 7);
191	0	P2(local.B, local.C, local.D, local.E, local.A, 14, 6, 1, 15);
192	0	P2(local.A, local.B, local.C, local.D, local.E, 4, 7, 3, 11);
193	0	P2(local.E, local.A, local.B, local.C, local.D, 9, 14, 7, 8);
194	0	P2(local.D, local.E, local.A, local.B, local.C, 15, 9, 14, 6);
195	0	P2(local.C, local.D, local.E, local.A, local.B, 8, 13, 6, 6);
196	0	P2(local.B, local.C, local.D, local.E, local.A, 1, 15, 9, 14);
197	0	P2(local.A, local.B, local.C, local.D, local.E, 2, 14, 11, 12);
198	0	P2(local.E, local.A, local.B, local.C, local.D, 7, 8, 8, 13);
199	0	P2(local.D, local.E, local.A, local.B, local.C, 0, 13, 12, 5);
200	0	P2(local.C, local.D, local.E, local.A, local.B, 6, 6, 2, 14);
201	0	P2(local.B, local.C, local.D, local.E, local.A, 13, 5, 10, 13);
202	0	P2(local.A, local.B, local.C, local.D, local.E, 11, 12, 0, 13);
203	0	P2(local.E, local.A, local.B, local.C, local.D, 5, 7, 4, 7);
204	0	P2(local.D, local.E, local.A, local.B, local.C, 12, 5, 13, 5);
205	0	#undef F
206	0	#undef K
207	0	#undef Fp
208	0	#undef Kp
209
210	0	#define F F4
211	0	#define K 0x8F1BBCDC
212	0	#define Fp F2
213	0	#define Kp 0x7A6D76E9
214	0	P2(local.C, local.D, local.E, local.A, local.B, 1, 11, 8, 15);
215	0	P2(local.B, local.C, local.D, local.E, local.A, 9, 12, 6, 5);
216	0	P2(local.A, local.B, local.C, local.D, local.E, 11, 14, 4, 8);
217	0	P2(local.E, local.A, local.B, local.C, local.D, 10, 15, 1, 11);
218	0	P2(local.D, local.E, local.A, local.B, local.C, 0, 14, 3, 14);
219	0	P2(local.C, local.D, local.E, local.A, local.B, 8, 15, 11, 14);
220	0	P2(local.B, local.C, local.D, local.E, local.A, 12, 9, 15, 6);
221	0	P2(local.A, local.B, local.C, local.D, local.E, 4, 8, 0, 14);
222	0	P2(local.E, local.A, local.B, local.C, local.D, 13, 9, 5, 6);
223	0	P2(local.D, local.E, local.A, local.B, local.C, 3, 14, 12, 9);
224	0	P2(local.C, local.D, local.E, local.A, local.B, 7, 5, 2, 12);
225	0	P2(local.B, local.C, local.D, local.E, local.A, 15, 6, 13, 9);
226	0	P2(local.A, local.B, local.C, local.D, local.E, 14, 8, 9, 12);
227	0	P2(local.E, local.A, local.B, local.C, local.D, 5, 6, 7, 5);
228	0	P2(local.D, local.E, local.A, local.B, local.C, 6, 5, 10, 15);
229	0	P2(local.C, local.D, local.E, local.A, local.B, 2, 12, 14, 8);
230	0	#undef F
231	0	#undef K
232	0	#undef Fp
233	0	#undef Kp
234
235	0	#define F F5
236	0	#define K 0xA953FD4E
237	0	#define Fp F1
238	0	#define Kp 0x00000000
239	0	P2(local.B, local.C, local.D, local.E, local.A, 4, 9, 12, 8);
240	0	P2(local.A, local.B, local.C, local.D, local.E, 0, 15, 15, 5);
241	0	P2(local.E, local.A, local.B, local.C, local.D, 5, 5, 10, 12);
242	0	P2(local.D, local.E, local.A, local.B, local.C, 9, 11, 4, 9);
243	0	P2(local.C, local.D, local.E, local.A, local.B, 7, 6, 1, 12);
244	0	P2(local.B, local.C, local.D, local.E, local.A, 12, 8, 5, 5);
245	0	P2(local.A, local.B, local.C, local.D, local.E, 2, 13, 8, 14);
246	0	P2(local.E, local.A, local.B, local.C, local.D, 10, 12, 7, 6);
247	0	P2(local.D, local.E, local.A, local.B, local.C, 14, 5, 6, 8);
248	0	P2(local.C, local.D, local.E, local.A, local.B, 1, 12, 2, 13);
249	0	P2(local.B, local.C, local.D, local.E, local.A, 3, 13, 13, 6);
250	0	P2(local.A, local.B, local.C, local.D, local.E, 8, 14, 14, 5);
251	0	P2(local.E, local.A, local.B, local.C, local.D, 11, 11, 0, 15);
252	0	P2(local.D, local.E, local.A, local.B, local.C, 6, 8, 3, 13);
253	0	P2(local.C, local.D, local.E, local.A, local.B, 15, 5, 9, 11);
254	0	P2(local.B, local.C, local.D, local.E, local.A, 13, 6, 11, 11);
255	0	#undef F
256	0	#undef K
257	0	#undef Fp
258	0	#undef Kp
259
260	0	local.C = ctx->state[1] + local.C + local.Dp;
261	0	ctx->state[1] = ctx->state[2] + local.D + local.Ep;
262	0	ctx->state[2] = ctx->state[3] + local.E + local.Ap;
263	0	ctx->state[3] = ctx->state[4] + local.A + local.Bp;
264	0	ctx->state[4] = ctx->state[0] + local.B + local.Cp;
265	0	ctx->state[0] = local.C;
266
267		/* Zeroise variables to clear sensitive data from memory. */
268	0	mbedtls_platform_zeroize(&local, sizeof(local));
269
270	0	return 0;
271	0	}
272
273		#endif /* !MBEDTLS_RIPEMD160_PROCESS_ALT */
274
275		/*
276		* RIPEMD-160 process buffer
277		*/
278		int mbedtls_ripemd160_update(mbedtls_ripemd160_context *ctx,
279		const unsigned char *input,
280		size_t ilen)
281	0	{
282	0	int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
283	0	size_t fill;
284	0	uint32_t left;
285
286	0	if (ilen == 0) {
287	0	return 0;
288	0	}
289
290	0	left = ctx->total[0] & 0x3F;
291	0	fill = 64 - left;
292
293	0	ctx->total[0] += (uint32_t) ilen;
294	0	ctx->total[0] &= 0xFFFFFFFF;
295
296	0	if (ctx->total[0] < (uint32_t) ilen) {
297	0	ctx->total[1]++;
298	0	}
299
300	0	if (left && ilen >= fill) {
301	0	memcpy((void *) (ctx->buffer + left), input, fill);
302
303	0	if ((ret = mbedtls_internal_ripemd160_process(ctx, ctx->buffer)) != 0) {
304	0	return ret;
305	0	}
306
307	0	input += fill;
308	0	ilen -= fill;
309	0	left = 0;
310	0	}
311
312	0	while (ilen >= 64) {
313	0	if ((ret = mbedtls_internal_ripemd160_process(ctx, input)) != 0) {
314	0	return ret;
315	0	}
316
317	0	input += 64;
318	0	ilen -= 64;
319	0	}
320
321	0	if (ilen > 0) {
322	0	memcpy((void *) (ctx->buffer + left), input, ilen);
323	0	}
324
325	0	return 0;
326	0	}
327
328		static const unsigned char ripemd160_padding[64] =
329		{
330		0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
331		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
332		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
333		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
334		};
335
336		/*
337		* RIPEMD-160 final digest
338		*/
339		int mbedtls_ripemd160_finish(mbedtls_ripemd160_context *ctx,
340		unsigned char output[20])
341	0	{
342	0	int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
343	0	uint32_t last, padn;
344	0	uint32_t high, low;
345	0	unsigned char msglen[8];
346
347	0	high = (ctx->total[0] >> 29)
348	0	\| (ctx->total[1] << 3);
349	0	low = (ctx->total[0] << 3);
350
351	0	MBEDTLS_PUT_UINT32_LE(low, msglen, 0);
352	0	MBEDTLS_PUT_UINT32_LE(high, msglen, 4);
353
354	0	last = ctx->total[0] & 0x3F;
355	0	padn = (last < 56) ? (56 - last) : (120 - last);
356
357	0	ret = mbedtls_ripemd160_update(ctx, ripemd160_padding, padn);
358	0	if (ret != 0) {
359	0	return ret;
360	0	}
361
362	0	ret = mbedtls_ripemd160_update(ctx, msglen, 8);
363	0	if (ret != 0) {
364	0	return ret;
365	0	}
366
367	0	MBEDTLS_PUT_UINT32_LE(ctx->state[0], output, 0);
368	0	MBEDTLS_PUT_UINT32_LE(ctx->state[1], output, 4);
369	0	MBEDTLS_PUT_UINT32_LE(ctx->state[2], output, 8);
370	0	MBEDTLS_PUT_UINT32_LE(ctx->state[3], output, 12);
371	0	MBEDTLS_PUT_UINT32_LE(ctx->state[4], output, 16);
372
373	0	return 0;
374	0	}
375
376		#endif /* ! MBEDTLS_RIPEMD160_ALT */
377
378		/*
379		* output = RIPEMD-160( input buffer )
380		*/
381		int mbedtls_ripemd160(const unsigned char *input,
382		size_t ilen,
383		unsigned char output[20])
384	0	{
385	0	int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
386	0	mbedtls_ripemd160_context ctx;
387
388	0	mbedtls_ripemd160_init(&ctx);
389
390	0	if ((ret = mbedtls_ripemd160_starts(&ctx)) != 0) {
391	0	goto exit;
392	0	}
393
394	0	if ((ret = mbedtls_ripemd160_update(&ctx, input, ilen)) != 0) {
395	0	goto exit;
396	0	}
397
398	0	if ((ret = mbedtls_ripemd160_finish(&ctx, output)) != 0) {
399	0	goto exit;
400	0	}
401
402	0	exit:
403	0	mbedtls_ripemd160_free(&ctx);
404
405	0	return ret;
406	0	}
407
408		#if defined(MBEDTLS_SELF_TEST)
409		/*
410		* Test vectors from the RIPEMD-160 paper and
411		* http://homes.esat.kuleuven.be/~bosselae/mbedtls_ripemd160.html#HMAC
412		*/
413	0	#define TESTS 8
414		static const unsigned char ripemd160_test_str[TESTS][81] =
415		{
416		{ "" },
417		{ "a" },
418		{ "abc" },
419		{ "message digest" },
420		{ "abcdefghijklmnopqrstuvwxyz" },
421		{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
422		{ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
423		{ "12345678901234567890123456789012345678901234567890123456789012345678901234567890" },
424		};
425
426		static const size_t ripemd160_test_strlen[TESTS] =
427		{
428		0, 1, 3, 14, 26, 56, 62, 80
429		};
430
431		static const unsigned char ripemd160_test_md[TESTS][20] =
432		{
433		{ 0x9c, 0x11, 0x85, 0xa5, 0xc5, 0xe9, 0xfc, 0x54, 0x61, 0x28,
434		0x08, 0x97, 0x7e, 0xe8, 0xf5, 0x48, 0xb2, 0x25, 0x8d, 0x31 },
435		{ 0x0b, 0xdc, 0x9d, 0x2d, 0x25, 0x6b, 0x3e, 0xe9, 0xda, 0xae,
436		0x34, 0x7b, 0xe6, 0xf4, 0xdc, 0x83, 0x5a, 0x46, 0x7f, 0xfe },
437		{ 0x8e, 0xb2, 0x08, 0xf7, 0xe0, 0x5d, 0x98, 0x7a, 0x9b, 0x04,
438		0x4a, 0x8e, 0x98, 0xc6, 0xb0, 0x87, 0xf1, 0x5a, 0x0b, 0xfc },
439		{ 0x5d, 0x06, 0x89, 0xef, 0x49, 0xd2, 0xfa, 0xe5, 0x72, 0xb8,
440		0x81, 0xb1, 0x23, 0xa8, 0x5f, 0xfa, 0x21, 0x59, 0x5f, 0x36 },
441		{ 0xf7, 0x1c, 0x27, 0x10, 0x9c, 0x69, 0x2c, 0x1b, 0x56, 0xbb,
442		0xdc, 0xeb, 0x5b, 0x9d, 0x28, 0x65, 0xb3, 0x70, 0x8d, 0xbc },
443		{ 0x12, 0xa0, 0x53, 0x38, 0x4a, 0x9c, 0x0c, 0x88, 0xe4, 0x05,
444		0xa0, 0x6c, 0x27, 0xdc, 0xf4, 0x9a, 0xda, 0x62, 0xeb, 0x2b },
445		{ 0xb0, 0xe2, 0x0b, 0x6e, 0x31, 0x16, 0x64, 0x02, 0x86, 0xed,
446		0x3a, 0x87, 0xa5, 0x71, 0x30, 0x79, 0xb2, 0x1f, 0x51, 0x89 },
447		{ 0x9b, 0x75, 0x2e, 0x45, 0x57, 0x3d, 0x4b, 0x39, 0xf4, 0xdb,
448		0xd3, 0x32, 0x3c, 0xab, 0x82, 0xbf, 0x63, 0x32, 0x6b, 0xfb },
449		};
450
451		/*
452		* Checkup routine
453		*/
454		int mbedtls_ripemd160_self_test(int verbose)
455	0	{
456	0	int i, ret = 0;
457	0	unsigned char output[20];
458
459	0	memset(output, 0, sizeof output);
460
461	0	for (i = 0; i < TESTS; i++) {
462	0	if (verbose != 0) {
463	0	mbedtls_printf(" RIPEMD-160 test #%d: ", i + 1);
464	0	}
465
466	0	ret = mbedtls_ripemd160(ripemd160_test_str[i],
467	0	ripemd160_test_strlen[i], output);
468	0	if (ret != 0) {
469	0	goto fail;
470	0	}
471
472	0	if (memcmp(output, ripemd160_test_md[i], 20) != 0) {
473	0	ret = 1;
474	0	goto fail;
475	0	}
476
477	0	if (verbose != 0) {
478	0	mbedtls_printf("passed\n");
479	0	}
480	0	}
481
482	0	if (verbose != 0) {
483	0	mbedtls_printf("\n");
484	0	}
485
486	0	return 0;
487
488	0	fail:
489	0	if (verbose != 0) {
490	0	mbedtls_printf("failed\n");
491	0	}
492
493	0	return ret;
494	0	}
495
496		#endif /* MBEDTLS_SELF_TEST */
497
498		#endif /* MBEDTLS_RIPEMD160_C */