/src/trezor-firmware/crypto/ripemd160.c

Line	Count	Source (jump to first uncovered line)
1		/*
2		* RIPE MD-160 implementation
3		*
4		* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5		* SPDX-License-Identifier: Apache-2.0
6		*
7		* Licensed under the Apache License, Version 2.0 (the "License"); you may
8		* not use this file except in compliance with the License.
9		* You may obtain a copy of the License at
10		*
11		* http://www.apache.org/licenses/LICENSE-2.0
12		*
13		* Unless required by applicable law or agreed to in writing, software
14		* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15		* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16		* See the License for the specific language governing permissions and
17		* limitations under the License.
18		*
19		* This file is part of mbed TLS (https://tls.mbed.org)
20		*/
21
22		/*
23		* The RIPEMD-160 algorithm was designed by RIPE in 1996
24		* http://homes.esat.kuleuven.be/~bosselae/ripemd160.html
25		* http://ehash.iaik.tugraz.at/wiki/RIPEMD-160
26		*/
27
28		#include <string.h>
29
30		#include "ripemd160.h"
31		#include "memzero.h"
32
33		/*
34		* 32-bit integer manipulation macros (little endian)
35		*/
36		#ifndef GET_UINT32_LE
37	1.66M	#define GET_UINT32_LE(n,b,i) \
38	1.66M	{ \
39	1.66M	(n) = ( (uint32_t) (b)[(i) ] ) \
40	1.66M	\| ( (uint32_t) (b)[(i) + 1] << 8 ) \
41	1.66M	\| ( (uint32_t) (b)[(i) + 2] << 16 ) \
42	1.66M	\| ( (uint32_t) (b)[(i) + 3] << 24 ); \
43	1.66M	}
44		#endif
45
46		#ifndef PUT_UINT32_LE
47	1.81k	#define PUT_UINT32_LE(n,b,i) \
48	1.81k	{ \
49	1.81k	(b)[(i) ] = (uint8_t) ( ( (n) ) & 0xFF ); \
50	1.81k	(b)[(i) + 1] = (uint8_t) ( ( (n) >> 8 ) & 0xFF ); \
51	1.81k	(b)[(i) + 2] = (uint8_t) ( ( (n) >> 16 ) & 0xFF ); \
52	1.81k	(b)[(i) + 3] = (uint8_t) ( ( (n) >> 24 ) & 0xFF ); \
53	1.81k	}
54		#endif
55
56		/*
57		* RIPEMD-160 context setup
58		*/
59		void ripemd160_Init(RIPEMD160_CTX *ctx)
60	259	{
61	259	memzero(ctx, sizeof(RIPEMD160_CTX));
62	259	ctx->total[0] = 0;
63	259	ctx->total[1] = 0;
64	259	ctx->state[0] = 0x67452301;
65	259	ctx->state[1] = 0xEFCDAB89;
66	259	ctx->state[2] = 0x98BADCFE;
67	259	ctx->state[3] = 0x10325476;
68	259	ctx->state[4] = 0xC3D2E1F0;
69	259	}
70
71		#if !defined(MBEDTLS_RIPEMD160_PROCESS_ALT)
72		/*
73		* Process one block
74		*/
75		void ripemd160_process( RIPEMD160_CTX *ctx, const uint8_t data[RIPEMD160_BLOCK_LENGTH] )
76	104k	{
77	104k	uint32_t A = 0, B = 0, C = 0, D = 0, E = 0, Ap = 0, Bp = 0, Cp = 0, Dp = 0, Ep = 0, X[16] = {0};
78
79	104k	GET_UINT32_LE( X[ 0], data, 0 );
80	104k	GET_UINT32_LE( X[ 1], data, 4 );
81	104k	GET_UINT32_LE( X[ 2], data, 8 );
82	104k	GET_UINT32_LE( X[ 3], data, 12 );
83	104k	GET_UINT32_LE( X[ 4], data, 16 );
84	104k	GET_UINT32_LE( X[ 5], data, 20 );
85	104k	GET_UINT32_LE( X[ 6], data, 24 );
86	104k	GET_UINT32_LE( X[ 7], data, 28 );
87	104k	GET_UINT32_LE( X[ 8], data, 32 );
88	104k	GET_UINT32_LE( X[ 9], data, 36 );
89	104k	GET_UINT32_LE( X[10], data, 40 );
90	104k	GET_UINT32_LE( X[11], data, 44 );
91	104k	GET_UINT32_LE( X[12], data, 48 );
92	104k	GET_UINT32_LE( X[13], data, 52 );
93	104k	GET_UINT32_LE( X[14], data, 56 );
94	104k	GET_UINT32_LE( X[15], data, 60 );
95
96	104k	A = Ap = ctx->state[0];
97	104k	B = Bp = ctx->state[1];
98	104k	C = Cp = ctx->state[2];
99	104k	D = Dp = ctx->state[3];
100	104k	E = Ep = ctx->state[4];
101
102	3.33M	#define F1( x, y, z ) ( x ^ y ^ z )
103	3.33M	#define F2( x, y, z ) ( ( x & y ) \| ( ~x & z ) )
104	3.33M	#define F3( x, y, z ) ( ( x \| ~y ) ^ z )
105	3.33M	#define F4( x, y, z ) ( ( x & z ) \| ( y & ~z ) )
106	3.33M	#define F5( x, y, z ) ( x ^ ( y \| ~z ) )
107
108	33.3M	#define S( x, n ) ( ( x << n ) \| ( x >> (32 - n) ) )
109
110	104k	#define P( a, b, c, d, e, r, s, f, k ) \
111	16.6M	a += f( b, c, d ) + X[r] + k; \
112	16.6M	a = S( a, s ) + e; \
113	16.6M	c = S( c, 10 );
114
115	104k	#define P2( a, b, c, d, e, r, s, rp, sp ) \
116	8.33M	P( a, b, c, d, e, r, s, F, K ); \
117	8.33M	P( a ## p, b ## p, c ## p, d ## p, e ## p, rp, sp, Fp, Kp );
118
119	1.66M	#define F F1
120	104k	#define K 0x00000000
121	1.66M	#define Fp F5
122	104k	#define Kp 0x50A28BE6
123	104k	P2( A, B, C, D, E, 0, 11, 5, 8 );
124	104k	P2( E, A, B, C, D, 1, 14, 14, 9 );
125	104k	P2( D, E, A, B, C, 2, 15, 7, 9 );
126	104k	P2( C, D, E, A, B, 3, 12, 0, 11 );
127	104k	P2( B, C, D, E, A, 4, 5, 9, 13 );
128	104k	P2( A, B, C, D, E, 5, 8, 2, 15 );
129	104k	P2( E, A, B, C, D, 6, 7, 11, 15 );
130	104k	P2( D, E, A, B, C, 7, 9, 4, 5 );
131	104k	P2( C, D, E, A, B, 8, 11, 13, 7 );
132	104k	P2( B, C, D, E, A, 9, 13, 6, 7 );
133	104k	P2( A, B, C, D, E, 10, 14, 15, 8 );
134	104k	P2( E, A, B, C, D, 11, 15, 8, 11 );
135	104k	P2( D, E, A, B, C, 12, 6, 1, 14 );
136	104k	P2( C, D, E, A, B, 13, 7, 10, 14 );
137	104k	P2( B, C, D, E, A, 14, 9, 3, 12 );
138	104k	P2( A, B, C, D, E, 15, 8, 12, 6 );
139	104k	#undef F
140	104k	#undef K
141	104k	#undef Fp
142	104k	#undef Kp
143
144	1.66M	#define F F2
145	104k	#define K 0x5A827999
146	1.66M	#define Fp F4
147	104k	#define Kp 0x5C4DD124
148	104k	P2( E, A, B, C, D, 7, 7, 6, 9 );
149	104k	P2( D, E, A, B, C, 4, 6, 11, 13 );
150	104k	P2( C, D, E, A, B, 13, 8, 3, 15 );
151	104k	P2( B, C, D, E, A, 1, 13, 7, 7 );
152	104k	P2( A, B, C, D, E, 10, 11, 0, 12 );
153	104k	P2( E, A, B, C, D, 6, 9, 13, 8 );
154	104k	P2( D, E, A, B, C, 15, 7, 5, 9 );
155	104k	P2( C, D, E, A, B, 3, 15, 10, 11 );
156	104k	P2( B, C, D, E, A, 12, 7, 14, 7 );
157	104k	P2( A, B, C, D, E, 0, 12, 15, 7 );
158	104k	P2( E, A, B, C, D, 9, 15, 8, 12 );
159	104k	P2( D, E, A, B, C, 5, 9, 12, 7 );
160	104k	P2( C, D, E, A, B, 2, 11, 4, 6 );
161	104k	P2( B, C, D, E, A, 14, 7, 9, 15 );
162	104k	P2( A, B, C, D, E, 11, 13, 1, 13 );
163	104k	P2( E, A, B, C, D, 8, 12, 2, 11 );
164	104k	#undef F
165	104k	#undef K
166	104k	#undef Fp
167	104k	#undef Kp
168
169	1.66M	#define F F3
170	104k	#define K 0x6ED9EBA1
171	1.66M	#define Fp F3
172	104k	#define Kp 0x6D703EF3
173	104k	P2( D, E, A, B, C, 3, 11, 15, 9 );
174	104k	P2( C, D, E, A, B, 10, 13, 5, 7 );
175	104k	P2( B, C, D, E, A, 14, 6, 1, 15 );
176	104k	P2( A, B, C, D, E, 4, 7, 3, 11 );
177	104k	P2( E, A, B, C, D, 9, 14, 7, 8 );
178	104k	P2( D, E, A, B, C, 15, 9, 14, 6 );
179	104k	P2( C, D, E, A, B, 8, 13, 6, 6 );
180	104k	P2( B, C, D, E, A, 1, 15, 9, 14 );
181	104k	P2( A, B, C, D, E, 2, 14, 11, 12 );
182	104k	P2( E, A, B, C, D, 7, 8, 8, 13 );
183	104k	P2( D, E, A, B, C, 0, 13, 12, 5 );
184	104k	P2( C, D, E, A, B, 6, 6, 2, 14 );
185	104k	P2( B, C, D, E, A, 13, 5, 10, 13 );
186	104k	P2( A, B, C, D, E, 11, 12, 0, 13 );
187	104k	P2( E, A, B, C, D, 5, 7, 4, 7 );
188	104k	P2( D, E, A, B, C, 12, 5, 13, 5 );
189	104k	#undef F
190	104k	#undef K
191	104k	#undef Fp
192	104k	#undef Kp
193
194	1.66M	#define F F4
195	104k	#define K 0x8F1BBCDC
196	1.66M	#define Fp F2
197	104k	#define Kp 0x7A6D76E9
198	104k	P2( C, D, E, A, B, 1, 11, 8, 15 );
199	104k	P2( B, C, D, E, A, 9, 12, 6, 5 );
200	104k	P2( A, B, C, D, E, 11, 14, 4, 8 );
201	104k	P2( E, A, B, C, D, 10, 15, 1, 11 );
202	104k	P2( D, E, A, B, C, 0, 14, 3, 14 );
203	104k	P2( C, D, E, A, B, 8, 15, 11, 14 );
204	104k	P2( B, C, D, E, A, 12, 9, 15, 6 );
205	104k	P2( A, B, C, D, E, 4, 8, 0, 14 );
206	104k	P2( E, A, B, C, D, 13, 9, 5, 6 );
207	104k	P2( D, E, A, B, C, 3, 14, 12, 9 );
208	104k	P2( C, D, E, A, B, 7, 5, 2, 12 );
209	104k	P2( B, C, D, E, A, 15, 6, 13, 9 );
210	104k	P2( A, B, C, D, E, 14, 8, 9, 12 );
211	104k	P2( E, A, B, C, D, 5, 6, 7, 5 );
212	104k	P2( D, E, A, B, C, 6, 5, 10, 15 );
213	104k	P2( C, D, E, A, B, 2, 12, 14, 8 );
214	104k	#undef F
215	104k	#undef K
216	104k	#undef Fp
217	104k	#undef Kp
218
219	1.66M	#define F F5
220	104k	#define K 0xA953FD4E
221	1.66M	#define Fp F1
222	104k	#define Kp 0x00000000
223	104k	P2( B, C, D, E, A, 4, 9, 12, 8 );
224	104k	P2( A, B, C, D, E, 0, 15, 15, 5 );
225	104k	P2( E, A, B, C, D, 5, 5, 10, 12 );
226	104k	P2( D, E, A, B, C, 9, 11, 4, 9 );
227	104k	P2( C, D, E, A, B, 7, 6, 1, 12 );
228	104k	P2( B, C, D, E, A, 12, 8, 5, 5 );
229	104k	P2( A, B, C, D, E, 2, 13, 8, 14 );
230	104k	P2( E, A, B, C, D, 10, 12, 7, 6 );
231	104k	P2( D, E, A, B, C, 14, 5, 6, 8 );
232	104k	P2( C, D, E, A, B, 1, 12, 2, 13 );
233	104k	P2( B, C, D, E, A, 3, 13, 13, 6 );
234	104k	P2( A, B, C, D, E, 8, 14, 14, 5 );
235	104k	P2( E, A, B, C, D, 11, 11, 0, 15 );
236	104k	P2( D, E, A, B, C, 6, 8, 3, 13 );
237	104k	P2( C, D, E, A, B, 15, 5, 9, 11 );
238	104k	P2( B, C, D, E, A, 13, 6, 11, 11 );
239	104k	#undef F
240	104k	#undef K
241	104k	#undef Fp
242	104k	#undef Kp
243
244	104k	C = ctx->state[1] + C + Dp;
245	104k	ctx->state[1] = ctx->state[2] + D + Ep;
246	104k	ctx->state[2] = ctx->state[3] + E + Ap;
247	104k	ctx->state[3] = ctx->state[4] + A + Bp;
248	104k	ctx->state[4] = ctx->state[0] + B + Cp;
249	104k	ctx->state[0] = C;
250	104k	}
251		#endif /* !MBEDTLS_RIPEMD160_PROCESS_ALT */
252
253		/*
254		* RIPEMD-160 process buffer
255		*/
256		void ripemd160_Update( RIPEMD160_CTX ctx, const uint8_t input, uint32_t ilen )
257	37.4k	{
258	37.4k	uint32_t fill = 0;
259	37.4k	uint32_t left = 0;
260
261	37.4k	if( ilen == 0 )
262	35.1k	return;
263
264	2.29k	left = ctx->total[0] & 0x3F;
265	2.29k	fill = RIPEMD160_BLOCK_LENGTH - left;
266
267	2.29k	ctx->total[0] += (uint32_t) ilen;
268	2.29k	ctx->total[0] &= 0xFFFFFFFF;
269
270	2.29k	if( ctx->total[0] < (uint32_t) ilen )
271	0	ctx->total[1]++;
272
273	2.29k	if( left && ilen >= fill )
274	1.01k	{
275	1.01k	memcpy( (void *) (ctx->buffer + left), input, fill );
276	1.01k	ripemd160_process( ctx, ctx->buffer );
277	1.01k	input += fill;
278	1.01k	ilen -= fill;
279	1.01k	left = 0;
280	1.01k	}
281
282	105k	while( ilen >= RIPEMD160_BLOCK_LENGTH )
283	103k	{
284	103k	ripemd160_process( ctx, input );
285	103k	input += RIPEMD160_BLOCK_LENGTH;
286	103k	ilen -= RIPEMD160_BLOCK_LENGTH;
287	103k	}
288
289	2.29k	if( ilen > 0 )
290	1.98k	{
291	1.98k	memcpy( (void *) (ctx->buffer + left), input, ilen );
292	1.98k	}
293	2.29k	}
294
295		static const uint8_t ripemd160_padding[RIPEMD160_BLOCK_LENGTH] =
296		{
297		0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
298		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
299		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
300		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
301		};
302
303		/*
304		* RIPEMD-160 final digest
305		*/
306		void ripemd160_Final( RIPEMD160_CTX *ctx, uint8_t output[RIPEMD160_DIGEST_LENGTH] )
307	259	{
308	259	uint32_t last = 0; uint32_t padn = 0;
309	259	uint32_t high = 0; uint32_t low = 0;
310	259	uint8_t msglen[8] = {0};
311
312	259	high = ( ctx->total[0] >> 29 )
313	259	\| ( ctx->total[1] << 3 );
314	259	low = ( ctx->total[0] << 3 );
315
316	259	PUT_UINT32_LE( low, msglen, 0 );
317	259	PUT_UINT32_LE( high, msglen, 4 );
318
319	259	last = ctx->total[0] & 0x3F;
320	259	padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
321
322	259	ripemd160_Update( ctx, ripemd160_padding, padn );
323	259	ripemd160_Update( ctx, msglen, 8 );
324
325	259	PUT_UINT32_LE( ctx->state[0], output, 0 );
326	259	PUT_UINT32_LE( ctx->state[1], output, 4 );
327	259	PUT_UINT32_LE( ctx->state[2], output, 8 );
328	259	PUT_UINT32_LE( ctx->state[3], output, 12 );
329	259	PUT_UINT32_LE( ctx->state[4], output, 16 );
330
331	259	memzero(ctx, sizeof(RIPEMD160_CTX));
332	259	}
333
334		/*
335		* output = RIPEMD-160( input buffer )
336		*/
337		void ripemd160(const uint8_t *msg, uint32_t msg_len, uint8_t hash[RIPEMD160_DIGEST_LENGTH])
338	0	{
339	0	RIPEMD160_CTX ctx = {0};
340	0	ripemd160_Init( &ctx );
341	0	ripemd160_Update( &ctx, msg, msg_len );
342	0	ripemd160_Final( &ctx, hash );
343	0	}

Coverage Report

Created: 2024-09-11 06:39