/src/mbedtls/library/ripemd160.c

Source (jump to first uncovered line)
/*
 *  RIPE MD-160 implementation
 *
 *  Copyright The Mbed TLS Contributors
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 */

/*
 *  The RIPEMD-160 algorithm was designed by RIPE in 1996
 *  http://homes.esat.kuleuven.be/~bosselae/mbedtls_ripemd160.html
 *  http://ehash.iaik.tugraz.at/wiki/RIPEMD-160
 */

#include "common.h"

#if defined(MBEDTLS_RIPEMD160_C)

#include "mbedtls/ripemd160.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"

#include <string.h>

#include "mbedtls/platform.h"

#if !defined(MBEDTLS_RIPEMD160_ALT)

void mbedtls_ripemd160_init(mbedtls_ripemd160_context *ctx)
{
    memset(ctx, 0, sizeof(mbedtls_ripemd160_context));
}

void mbedtls_ripemd160_free(mbedtls_ripemd160_context *ctx)
{
    if (ctx == NULL) {
        return;
    }

    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ripemd160_context));
}

void mbedtls_ripemd160_clone(mbedtls_ripemd160_context *dst,
                             const mbedtls_ripemd160_context *src)
{
    *dst = *src;
}

/*
 * RIPEMD-160 context setup
 */
int mbedtls_ripemd160_starts(mbedtls_ripemd160_context *ctx)
{
    ctx->total[0] = 0;
    ctx->total[1] = 0;

    ctx->state[0] = 0x67452301;
    ctx->state[1] = 0xEFCDAB89;
    ctx->state[2] = 0x98BADCFE;
    ctx->state[3] = 0x10325476;
    ctx->state[4] = 0xC3D2E1F0;

    return 0;
}

#if !defined(MBEDTLS_RIPEMD160_PROCESS_ALT)
/*
 * Process one block
 */
int mbedtls_internal_ripemd160_process(mbedtls_ripemd160_context *ctx,
                                       const unsigned char data[64])
{
    struct {
        uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16];
    } local;

    local.X[0] = MBEDTLS_GET_UINT32_LE(data,  0);
    local.X[1] = MBEDTLS_GET_UINT32_LE(data,  4);
    local.X[2] = MBEDTLS_GET_UINT32_LE(data,  8);
    local.X[3] = MBEDTLS_GET_UINT32_LE(data, 12);
    local.X[4] = MBEDTLS_GET_UINT32_LE(data, 16);
    local.X[5] = MBEDTLS_GET_UINT32_LE(data, 20);
    local.X[6] = MBEDTLS_GET_UINT32_LE(data, 24);
    local.X[7] = MBEDTLS_GET_UINT32_LE(data, 28);
    local.X[8] = MBEDTLS_GET_UINT32_LE(data, 32);
    local.X[9] = MBEDTLS_GET_UINT32_LE(data, 36);
    local.X[10] = MBEDTLS_GET_UINT32_LE(data, 40);
    local.X[11] = MBEDTLS_GET_UINT32_LE(data, 44);
    local.X[12] = MBEDTLS_GET_UINT32_LE(data, 48);
    local.X[13] = MBEDTLS_GET_UINT32_LE(data, 52);
    local.X[14] = MBEDTLS_GET_UINT32_LE(data, 56);
    local.X[15] = MBEDTLS_GET_UINT32_LE(data, 60);

    local.A = local.Ap = ctx->state[0];
    local.B = local.Bp = ctx->state[1];
    local.C = local.Cp = ctx->state[2];
    local.D = local.Dp = ctx->state[3];
    local.E = local.Ep = ctx->state[4];

#define F1(x, y, z)   ((x) ^ (y) ^ (z))
#define F2(x, y, z)   (((x) & (y)) | (~(x) & (z)))
#define F3(x, y, z)   (((x) | ~(y)) ^ (z))
#define F4(x, y, z)   (((x) & (z)) | ((y) & ~(z)))
#define F5(x, y, z)   ((x) ^ ((y) | ~(z)))

#define S(x, n) (((x) << (n)) | ((x) >> (32 - (n))))

#define P(a, b, c, d, e, r, s, f, k)                      \
    do                                                      \
    {                                                       \
        (a) += f((b), (c), (d)) + local.X[r] + (k);       \
        (a) = S((a), (s)) + (e);                          \
        (c) = S((c), 10);                                 \
    } while (0)

#define P2(a, b, c, d, e, r, s, rp, sp)                               \
    do                                                                  \
    {                                                                   \
        P((a), (b), (c), (d), (e), (r), (s), F, K);                   \
        P(a ## p, b ## p, c ## p, d ## p, e ## p,                      \
          (rp), (sp), Fp, Kp);                                        \
    } while (0)

#define F   F1
#define K   0x00000000
#define Fp  F5
#define Kp  0x50A28BE6
    P2(local.A, local.B, local.C, local.D, local.E,  0, 11,  5,  8);
    P2(local.E, local.A, local.B, local.C, local.D,  1, 14, 14,  9);
    P2(local.D, local.E, local.A, local.B, local.C,  2, 15,  7,  9);
    P2(local.C, local.D, local.E, local.A, local.B,  3, 12,  0, 11);
    P2(local.B, local.C, local.D, local.E, local.A,  4,  5,  9, 13);
    P2(local.A, local.B, local.C, local.D, local.E,  5,  8,  2, 15);
    P2(local.E, local.A, local.B, local.C, local.D,  6,  7, 11, 15);
    P2(local.D, local.E, local.A, local.B, local.C,  7,  9,  4,  5);
    P2(local.C, local.D, local.E, local.A, local.B,  8, 11, 13,  7);
    P2(local.B, local.C, local.D, local.E, local.A,  9, 13,  6,  7);
    P2(local.A, local.B, local.C, local.D, local.E, 10, 14, 15,  8);
    P2(local.E, local.A, local.B, local.C, local.D, 11, 15,  8, 11);
    P2(local.D, local.E, local.A, local.B, local.C, 12,  6,  1, 14);
    P2(local.C, local.D, local.E, local.A, local.B, 13,  7, 10, 14);
    P2(local.B, local.C, local.D, local.E, local.A, 14,  9,  3, 12);
    P2(local.A, local.B, local.C, local.D, local.E, 15,  8, 12,  6);
#undef F
#undef K
#undef Fp
#undef Kp

#define F   F2
#define K   0x5A827999
#define Fp  F4
#define Kp  0x5C4DD124
    P2(local.E, local.A, local.B, local.C, local.D,  7,  7,  6,  9);
    P2(local.D, local.E, local.A, local.B, local.C,  4,  6, 11, 13);
    P2(local.C, local.D, local.E, local.A, local.B, 13,  8,  3, 15);
    P2(local.B, local.C, local.D, local.E, local.A,  1, 13,  7,  7);
    P2(local.A, local.B, local.C, local.D, local.E, 10, 11,  0, 12);
    P2(local.E, local.A, local.B, local.C, local.D,  6,  9, 13,  8);
    P2(local.D, local.E, local.A, local.B, local.C, 15,  7,  5,  9);
    P2(local.C, local.D, local.E, local.A, local.B,  3, 15, 10, 11);
    P2(local.B, local.C, local.D, local.E, local.A, 12,  7, 14,  7);
    P2(local.A, local.B, local.C, local.D, local.E,  0, 12, 15,  7);
    P2(local.E, local.A, local.B, local.C, local.D,  9, 15,  8, 12);
    P2(local.D, local.E, local.A, local.B, local.C,  5,  9, 12,  7);
    P2(local.C, local.D, local.E, local.A, local.B,  2, 11,  4,  6);
    P2(local.B, local.C, local.D, local.E, local.A, 14,  7,  9, 15);
    P2(local.A, local.B, local.C, local.D, local.E, 11, 13,  1, 13);
    P2(local.E, local.A, local.B, local.C, local.D,  8, 12,  2, 11);
#undef F
#undef K
#undef Fp
#undef Kp

#define F   F3
#define K   0x6ED9EBA1
#define Fp  F3
#define Kp  0x6D703EF3
    P2(local.D, local.E, local.A, local.B, local.C,  3, 11, 15,  9);
    P2(local.C, local.D, local.E, local.A, local.B, 10, 13,  5,  7);
    P2(local.B, local.C, local.D, local.E, local.A, 14,  6,  1, 15);
    P2(local.A, local.B, local.C, local.D, local.E,  4,  7,  3, 11);
    P2(local.E, local.A, local.B, local.C, local.D,  9, 14,  7,  8);
    P2(local.D, local.E, local.A, local.B, local.C, 15,  9, 14,  6);
    P2(local.C, local.D, local.E, local.A, local.B,  8, 13,  6,  6);
    P2(local.B, local.C, local.D, local.E, local.A,  1, 15,  9, 14);
    P2(local.A, local.B, local.C, local.D, local.E,  2, 14, 11, 12);
    P2(local.E, local.A, local.B, local.C, local.D,  7,  8,  8, 13);
    P2(local.D, local.E, local.A, local.B, local.C,  0, 13, 12,  5);
    P2(local.C, local.D, local.E, local.A, local.B,  6,  6,  2, 14);
    P2(local.B, local.C, local.D, local.E, local.A, 13,  5, 10, 13);
    P2(local.A, local.B, local.C, local.D, local.E, 11, 12,  0, 13);
    P2(local.E, local.A, local.B, local.C, local.D,  5,  7,  4,  7);
    P2(local.D, local.E, local.A, local.B, local.C, 12,  5, 13,  5);
#undef F
#undef K
#undef Fp
#undef Kp

#define F   F4
#define K   0x8F1BBCDC
#define Fp  F2
#define Kp  0x7A6D76E9
    P2(local.C, local.D, local.E, local.A, local.B,  1, 11,  8, 15);
    P2(local.B, local.C, local.D, local.E, local.A,  9, 12,  6,  5);
    P2(local.A, local.B, local.C, local.D, local.E, 11, 14,  4,  8);
    P2(local.E, local.A, local.B, local.C, local.D, 10, 15,  1, 11);
    P2(local.D, local.E, local.A, local.B, local.C,  0, 14,  3, 14);
    P2(local.C, local.D, local.E, local.A, local.B,  8, 15, 11, 14);
    P2(local.B, local.C, local.D, local.E, local.A, 12,  9, 15,  6);
    P2(local.A, local.B, local.C, local.D, local.E,  4,  8,  0, 14);
    P2(local.E, local.A, local.B, local.C, local.D, 13,  9,  5,  6);
    P2(local.D, local.E, local.A, local.B, local.C,  3, 14, 12,  9);
    P2(local.C, local.D, local.E, local.A, local.B,  7,  5,  2, 12);
    P2(local.B, local.C, local.D, local.E, local.A, 15,  6, 13,  9);
    P2(local.A, local.B, local.C, local.D, local.E, 14,  8,  9, 12);
    P2(local.E, local.A, local.B, local.C, local.D,  5,  6,  7,  5);
    P2(local.D, local.E, local.A, local.B, local.C,  6,  5, 10, 15);
    P2(local.C, local.D, local.E, local.A, local.B,  2, 12, 14,  8);
#undef F
#undef K
#undef Fp
#undef Kp

#define F   F5
#define K   0xA953FD4E
#define Fp  F1
#define Kp  0x00000000
    P2(local.B, local.C, local.D, local.E, local.A,  4,  9, 12,  8);
    P2(local.A, local.B, local.C, local.D, local.E,  0, 15, 15,  5);
    P2(local.E, local.A, local.B, local.C, local.D,  5,  5, 10, 12);
    P2(local.D, local.E, local.A, local.B, local.C,  9, 11,  4,  9);
    P2(local.C, local.D, local.E, local.A, local.B,  7,  6,  1, 12);
    P2(local.B, local.C, local.D, local.E, local.A, 12,  8,  5,  5);
    P2(local.A, local.B, local.C, local.D, local.E,  2, 13,  8, 14);
    P2(local.E, local.A, local.B, local.C, local.D, 10, 12,  7,  6);
    P2(local.D, local.E, local.A, local.B, local.C, 14,  5,  6,  8);
    P2(local.C, local.D, local.E, local.A, local.B,  1, 12,  2, 13);
    P2(local.B, local.C, local.D, local.E, local.A,  3, 13, 13,  6);
    P2(local.A, local.B, local.C, local.D, local.E,  8, 14, 14,  5);
    P2(local.E, local.A, local.B, local.C, local.D, 11, 11,  0, 15);
    P2(local.D, local.E, local.A, local.B, local.C,  6,  8,  3, 13);
    P2(local.C, local.D, local.E, local.A, local.B, 15,  5,  9, 11);
    P2(local.B, local.C, local.D, local.E, local.A, 13,  6, 11, 11);
#undef F
#undef K
#undef Fp
#undef Kp

    local.C       = ctx->state[1] + local.C + local.Dp;
    ctx->state[1] = ctx->state[2] + local.D + local.Ep;
    ctx->state[2] = ctx->state[3] + local.E + local.Ap;
    ctx->state[3] = ctx->state[4] + local.A + local.Bp;
    ctx->state[4] = ctx->state[0] + local.B + local.Cp;
    ctx->state[0] = local.C;

    /* Zeroise variables to clear sensitive data from memory. */
    mbedtls_platform_zeroize(&local, sizeof(local));

    return 0;
}

#endif /* !MBEDTLS_RIPEMD160_PROCESS_ALT */

/*
 * RIPEMD-160 process buffer
 */
int mbedtls_ripemd160_update(mbedtls_ripemd160_context *ctx,
                             const unsigned char *input,
                             size_t ilen)
{
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    size_t fill;
    uint32_t left;

    if (ilen == 0) {
        return 0;
    }

    left = ctx->total[0] & 0x3F;
    fill = 64 - left;

    ctx->total[0] += (uint32_t) ilen;
    ctx->total[0] &= 0xFFFFFFFF;

    if (ctx->total[0] < (uint32_t) ilen) {
        ctx->total[1]++;
    }

    if (left && ilen >= fill) {
        memcpy((void *) (ctx->buffer + left), input, fill);

        if ((ret = mbedtls_internal_ripemd160_process(ctx, ctx->buffer)) != 0) {
            return ret;
        }

        input += fill;
        ilen  -= fill;
        left = 0;
    }

    while (ilen >= 64) {
        if ((ret = mbedtls_internal_ripemd160_process(ctx, input)) != 0) {
            return ret;
        }

        input += 64;
        ilen  -= 64;
    }

    if (ilen > 0) {
        memcpy((void *) (ctx->buffer + left), input, ilen);
    }

    return 0;
}

static const unsigned char ripemd160_padding[64] =
{
    0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};

/*
 * RIPEMD-160 final digest
 */
int mbedtls_ripemd160_finish(mbedtls_ripemd160_context *ctx,
                             unsigned char output[20])
{
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    uint32_t last, padn;
    uint32_t high, low;
    unsigned char msglen[8];

    high = (ctx->total[0] >> 29)
           | (ctx->total[1] <<  3);
    low  = (ctx->total[0] <<  3);

    MBEDTLS_PUT_UINT32_LE(low,  msglen, 0);
    MBEDTLS_PUT_UINT32_LE(high, msglen, 4);

    last = ctx->total[0] & 0x3F;
    padn = (last < 56) ? (56 - last) : (120 - last);

    ret = mbedtls_ripemd160_update(ctx, ripemd160_padding, padn);
    if (ret != 0) {
        goto exit;
    }

    ret = mbedtls_ripemd160_update(ctx, msglen, 8);
    if (ret != 0) {
        goto exit;
    }

    MBEDTLS_PUT_UINT32_LE(ctx->state[0], output,  0);
    MBEDTLS_PUT_UINT32_LE(ctx->state[1], output,  4);
    MBEDTLS_PUT_UINT32_LE(ctx->state[2], output,  8);
    MBEDTLS_PUT_UINT32_LE(ctx->state[3], output, 12);
    MBEDTLS_PUT_UINT32_LE(ctx->state[4], output, 16);

    ret = 0;

exit:
    mbedtls_ripemd160_free(ctx);
    return ret;
}

#endif /* ! MBEDTLS_RIPEMD160_ALT */

/*
 * output = RIPEMD-160( input buffer )
 */
int mbedtls_ripemd160(const unsigned char *input,
                      size_t ilen,
                      unsigned char output[20])
{
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    mbedtls_ripemd160_context ctx;

    mbedtls_ripemd160_init(&ctx);

    if ((ret = mbedtls_ripemd160_starts(&ctx)) != 0) {
        goto exit;
    }

    if ((ret = mbedtls_ripemd160_update(&ctx, input, ilen)) != 0) {
        goto exit;
    }

    if ((ret = mbedtls_ripemd160_finish(&ctx, output)) != 0) {
        goto exit;
    }

exit:
    mbedtls_ripemd160_free(&ctx);

    return ret;
}

#if defined(MBEDTLS_SELF_TEST)
/*
 * Test vectors from the RIPEMD-160 paper and
 * http://homes.esat.kuleuven.be/~bosselae/mbedtls_ripemd160.html#HMAC
 */
#define TESTS   8
static const unsigned char ripemd160_test_str[TESTS][81] =
{
    { "" },
    { "a" },
    { "abc" },
    { "message digest" },
    { "abcdefghijklmnopqrstuvwxyz" },
    { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
    { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
    { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" },
};

static const size_t ripemd160_test_strlen[TESTS] =
{
    0, 1, 3, 14, 26, 56, 62, 80
};

static const unsigned char ripemd160_test_md[TESTS][20] =
{
    { 0x9c, 0x11, 0x85, 0xa5, 0xc5, 0xe9, 0xfc, 0x54, 0x61, 0x28,
      0x08, 0x97, 0x7e, 0xe8, 0xf5, 0x48, 0xb2, 0x25, 0x8d, 0x31 },
    { 0x0b, 0xdc, 0x9d, 0x2d, 0x25, 0x6b, 0x3e, 0xe9, 0xda, 0xae,
      0x34, 0x7b, 0xe6, 0xf4, 0xdc, 0x83, 0x5a, 0x46, 0x7f, 0xfe },
    { 0x8e, 0xb2, 0x08, 0xf7, 0xe0, 0x5d, 0x98, 0x7a, 0x9b, 0x04,
      0x4a, 0x8e, 0x98, 0xc6, 0xb0, 0x87, 0xf1, 0x5a, 0x0b, 0xfc },
    { 0x5d, 0x06, 0x89, 0xef, 0x49, 0xd2, 0xfa, 0xe5, 0x72, 0xb8,
      0x81, 0xb1, 0x23, 0xa8, 0x5f, 0xfa, 0x21, 0x59, 0x5f, 0x36 },
    { 0xf7, 0x1c, 0x27, 0x10, 0x9c, 0x69, 0x2c, 0x1b, 0x56, 0xbb,
      0xdc, 0xeb, 0x5b, 0x9d, 0x28, 0x65, 0xb3, 0x70, 0x8d, 0xbc },
    { 0x12, 0xa0, 0x53, 0x38, 0x4a, 0x9c, 0x0c, 0x88, 0xe4, 0x05,
      0xa0, 0x6c, 0x27, 0xdc, 0xf4, 0x9a, 0xda, 0x62, 0xeb, 0x2b },
    { 0xb0, 0xe2, 0x0b, 0x6e, 0x31, 0x16, 0x64, 0x02, 0x86, 0xed,
      0x3a, 0x87, 0xa5, 0x71, 0x30, 0x79, 0xb2, 0x1f, 0x51, 0x89 },
    { 0x9b, 0x75, 0x2e, 0x45, 0x57, 0x3d, 0x4b, 0x39, 0xf4, 0xdb,
      0xd3, 0x32, 0x3c, 0xab, 0x82, 0xbf, 0x63, 0x32, 0x6b, 0xfb },
};

/*
 * Checkup routine
 */
int mbedtls_ripemd160_self_test(int verbose)
{
    int i, ret = 0;
    unsigned char output[20];

    memset(output, 0, sizeof(output));

    for (i = 0; i < TESTS; i++) {
        if (verbose != 0) {
            mbedtls_printf("  RIPEMD-160 test #%d: ", i + 1);
        }

        ret = mbedtls_ripemd160(ripemd160_test_str[i],
                                ripemd160_test_strlen[i], output);
        if (ret != 0) {
            goto fail;
        }

        if (memcmp(output, ripemd160_test_md[i], 20) != 0) {
            ret = 1;
            goto fail;
        }

        if (verbose != 0) {
            mbedtls_printf("passed\n");
        }
    }

    if (verbose != 0) {
        mbedtls_printf("\n");
    }

    return 0;

fail:
    if (verbose != 0) {
        mbedtls_printf("failed\n");
    }

    return ret;
}

#endif /* MBEDTLS_SELF_TEST */

#endif /* MBEDTLS_RIPEMD160_C */

Coverage Report

Created: 2024-11-21 07:03

Line	Count	Source (jump to first uncovered line)
1		/*
2		* RIPE MD-160 implementation
3		*
4		* Copyright The Mbed TLS Contributors
5		* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6		*/
7
8		/*
9		* The RIPEMD-160 algorithm was designed by RIPE in 1996
10		* http://homes.esat.kuleuven.be/~bosselae/mbedtls_ripemd160.html
11		* http://ehash.iaik.tugraz.at/wiki/RIPEMD-160
12		*/
13
14		#include "common.h"
15
16		#if defined(MBEDTLS_RIPEMD160_C)
17
18		#include "mbedtls/ripemd160.h"
19		#include "mbedtls/platform_util.h"
20		#include "mbedtls/error.h"
21
22		#include <string.h>
23
24		#include "mbedtls/platform.h"
25
26		#if !defined(MBEDTLS_RIPEMD160_ALT)
27
28		void mbedtls_ripemd160_init(mbedtls_ripemd160_context *ctx)
29	634	{
30	634	memset(ctx, 0, sizeof(mbedtls_ripemd160_context));
31	634	}
32
33		void mbedtls_ripemd160_free(mbedtls_ripemd160_context *ctx)
34	13.4k	{
35	13.4k	if (ctx == NULL) {
36	0	return;
37	0	}
38
39	13.4k	mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ripemd160_context));
40	13.4k	}
41
42		void mbedtls_ripemd160_clone(mbedtls_ripemd160_context *dst,
43		const mbedtls_ripemd160_context *src)
44	0	{
45	0	dst = src;
46	0	}
47
48		/*
49		* RIPEMD-160 context setup
50		*/
51		int mbedtls_ripemd160_starts(mbedtls_ripemd160_context *ctx)
52	12.9k	{
53	12.9k	ctx->total[0] = 0;
54	12.9k	ctx->total[1] = 0;
55
56	12.9k	ctx->state[0] = 0x67452301;
57	12.9k	ctx->state[1] = 0xEFCDAB89;
58	12.9k	ctx->state[2] = 0x98BADCFE;
59	12.9k	ctx->state[3] = 0x10325476;
60	12.9k	ctx->state[4] = 0xC3D2E1F0;
61
62	12.9k	return 0;
63	12.9k	}
64
65		#if !defined(MBEDTLS_RIPEMD160_PROCESS_ALT)
66		/*
67		* Process one block
68		*/
69		int mbedtls_internal_ripemd160_process(mbedtls_ripemd160_context *ctx,
70		const unsigned char data[64])
71	786k	{
72	786k	struct {
73	786k	uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16];
74	786k	} local;
75
76	786k	local.X[0] = MBEDTLS_GET_UINT32_LE(data, 0);
77	786k	local.X[1] = MBEDTLS_GET_UINT32_LE(data, 4);
78	786k	local.X[2] = MBEDTLS_GET_UINT32_LE(data, 8);
79	786k	local.X[3] = MBEDTLS_GET_UINT32_LE(data, 12);
80	786k	local.X[4] = MBEDTLS_GET_UINT32_LE(data, 16);
81	786k	local.X[5] = MBEDTLS_GET_UINT32_LE(data, 20);
82	786k	local.X[6] = MBEDTLS_GET_UINT32_LE(data, 24);
83	786k	local.X[7] = MBEDTLS_GET_UINT32_LE(data, 28);
84	786k	local.X[8] = MBEDTLS_GET_UINT32_LE(data, 32);
85	786k	local.X[9] = MBEDTLS_GET_UINT32_LE(data, 36);
86	786k	local.X[10] = MBEDTLS_GET_UINT32_LE(data, 40);
87	786k	local.X[11] = MBEDTLS_GET_UINT32_LE(data, 44);
88	786k	local.X[12] = MBEDTLS_GET_UINT32_LE(data, 48);
89	786k	local.X[13] = MBEDTLS_GET_UINT32_LE(data, 52);
90	786k	local.X[14] = MBEDTLS_GET_UINT32_LE(data, 56);
91	786k	local.X[15] = MBEDTLS_GET_UINT32_LE(data, 60);
92
93	786k	local.A = local.Ap = ctx->state[0];
94	786k	local.B = local.Bp = ctx->state[1];
95	786k	local.C = local.Cp = ctx->state[2];
96	786k	local.D = local.Dp = ctx->state[3];
97	786k	local.E = local.Ep = ctx->state[4];
98
99	25.1M	#define F1(x, y, z) ((x) ^ (y) ^ (z))
100	25.1M	#define F2(x, y, z) (((x) & (y)) \| (~(x) & (z)))
101	25.1M	#define F3(x, y, z) (((x) \| ~(y)) ^ (z))
102	25.1M	#define F4(x, y, z) (((x) & (z)) \| ((y) & ~(z)))
103	25.1M	#define F5(x, y, z) ((x) ^ ((y) \| ~(z)))
104
105	251M	#define S(x, n) (((x) << (n)) \| ((x) >> (32 - (n))))
106
107	786k	#define P(a, b, c, d, e, r, s, f, k) \
108	125M	do \
109	125M	{ \
110	125M	(a) += f((b), (c), (d)) + local.X[r] + (k); \
111	125M	(a) = S((a), (s)) + (e); \
112	125M	(c) = S((c), 10); \
113	125M	} while (0)
114
115	786k	#define P2(a, b, c, d, e, r, s, rp, sp) \
116	62.9M	do \
117	62.9M	{ \
118	62.9M	P((a), (b), (c), (d), (e), (r), (s), F, K); \
119	62.9M	P(a ## p, b ## p, c ## p, d ## p, e ## p, \
120	62.9M	(rp), (sp), Fp, Kp); \
121	62.9M	} while (0)
122
123	12.5M	#define F F1
124	786k	#define K 0x00000000
125	12.5M	#define Fp F5
126	786k	#define Kp 0x50A28BE6
127	786k	P2(local.A, local.B, local.C, local.D, local.E, 0, 11, 5, 8);
128	786k	P2(local.E, local.A, local.B, local.C, local.D, 1, 14, 14, 9);
129	786k	P2(local.D, local.E, local.A, local.B, local.C, 2, 15, 7, 9);
130	786k	P2(local.C, local.D, local.E, local.A, local.B, 3, 12, 0, 11);
131	786k	P2(local.B, local.C, local.D, local.E, local.A, 4, 5, 9, 13);
132	786k	P2(local.A, local.B, local.C, local.D, local.E, 5, 8, 2, 15);
133	786k	P2(local.E, local.A, local.B, local.C, local.D, 6, 7, 11, 15);
134	786k	P2(local.D, local.E, local.A, local.B, local.C, 7, 9, 4, 5);
135	786k	P2(local.C, local.D, local.E, local.A, local.B, 8, 11, 13, 7);
136	786k	P2(local.B, local.C, local.D, local.E, local.A, 9, 13, 6, 7);
137	786k	P2(local.A, local.B, local.C, local.D, local.E, 10, 14, 15, 8);
138	786k	P2(local.E, local.A, local.B, local.C, local.D, 11, 15, 8, 11);
139	786k	P2(local.D, local.E, local.A, local.B, local.C, 12, 6, 1, 14);
140	786k	P2(local.C, local.D, local.E, local.A, local.B, 13, 7, 10, 14);
141	786k	P2(local.B, local.C, local.D, local.E, local.A, 14, 9, 3, 12);
142	786k	P2(local.A, local.B, local.C, local.D, local.E, 15, 8, 12, 6);
143	786k	#undef F
144	786k	#undef K
145	786k	#undef Fp
146	786k	#undef Kp
147
148	12.5M	#define F F2
149	786k	#define K 0x5A827999
150	12.5M	#define Fp F4
151	786k	#define Kp 0x5C4DD124
152	786k	P2(local.E, local.A, local.B, local.C, local.D, 7, 7, 6, 9);
153	786k	P2(local.D, local.E, local.A, local.B, local.C, 4, 6, 11, 13);
154	786k	P2(local.C, local.D, local.E, local.A, local.B, 13, 8, 3, 15);
155	786k	P2(local.B, local.C, local.D, local.E, local.A, 1, 13, 7, 7);
156	786k	P2(local.A, local.B, local.C, local.D, local.E, 10, 11, 0, 12);
157	786k	P2(local.E, local.A, local.B, local.C, local.D, 6, 9, 13, 8);
158	786k	P2(local.D, local.E, local.A, local.B, local.C, 15, 7, 5, 9);
159	786k	P2(local.C, local.D, local.E, local.A, local.B, 3, 15, 10, 11);
160	786k	P2(local.B, local.C, local.D, local.E, local.A, 12, 7, 14, 7);
161	786k	P2(local.A, local.B, local.C, local.D, local.E, 0, 12, 15, 7);
162	786k	P2(local.E, local.A, local.B, local.C, local.D, 9, 15, 8, 12);
163	786k	P2(local.D, local.E, local.A, local.B, local.C, 5, 9, 12, 7);
164	786k	P2(local.C, local.D, local.E, local.A, local.B, 2, 11, 4, 6);
165	786k	P2(local.B, local.C, local.D, local.E, local.A, 14, 7, 9, 15);
166	786k	P2(local.A, local.B, local.C, local.D, local.E, 11, 13, 1, 13);
167	786k	P2(local.E, local.A, local.B, local.C, local.D, 8, 12, 2, 11);
168	786k	#undef F
169	786k	#undef K
170	786k	#undef Fp
171	786k	#undef Kp
172
173	12.5M	#define F F3
174	786k	#define K 0x6ED9EBA1
175	12.5M	#define Fp F3
176	786k	#define Kp 0x6D703EF3
177	786k	P2(local.D, local.E, local.A, local.B, local.C, 3, 11, 15, 9);
178	786k	P2(local.C, local.D, local.E, local.A, local.B, 10, 13, 5, 7);
179	786k	P2(local.B, local.C, local.D, local.E, local.A, 14, 6, 1, 15);
180	786k	P2(local.A, local.B, local.C, local.D, local.E, 4, 7, 3, 11);
181	786k	P2(local.E, local.A, local.B, local.C, local.D, 9, 14, 7, 8);
182	786k	P2(local.D, local.E, local.A, local.B, local.C, 15, 9, 14, 6);
183	786k	P2(local.C, local.D, local.E, local.A, local.B, 8, 13, 6, 6);
184	786k	P2(local.B, local.C, local.D, local.E, local.A, 1, 15, 9, 14);
185	786k	P2(local.A, local.B, local.C, local.D, local.E, 2, 14, 11, 12);
186	786k	P2(local.E, local.A, local.B, local.C, local.D, 7, 8, 8, 13);
187	786k	P2(local.D, local.E, local.A, local.B, local.C, 0, 13, 12, 5);
188	786k	P2(local.C, local.D, local.E, local.A, local.B, 6, 6, 2, 14);
189	786k	P2(local.B, local.C, local.D, local.E, local.A, 13, 5, 10, 13);
190	786k	P2(local.A, local.B, local.C, local.D, local.E, 11, 12, 0, 13);
191	786k	P2(local.E, local.A, local.B, local.C, local.D, 5, 7, 4, 7);
192	786k	P2(local.D, local.E, local.A, local.B, local.C, 12, 5, 13, 5);
193	786k	#undef F
194	786k	#undef K
195	786k	#undef Fp
196	786k	#undef Kp
197
198	12.5M	#define F F4
199	786k	#define K 0x8F1BBCDC
200	12.5M	#define Fp F2
201	786k	#define Kp 0x7A6D76E9
202	786k	P2(local.C, local.D, local.E, local.A, local.B, 1, 11, 8, 15);
203	786k	P2(local.B, local.C, local.D, local.E, local.A, 9, 12, 6, 5);
204	786k	P2(local.A, local.B, local.C, local.D, local.E, 11, 14, 4, 8);
205	786k	P2(local.E, local.A, local.B, local.C, local.D, 10, 15, 1, 11);
206	786k	P2(local.D, local.E, local.A, local.B, local.C, 0, 14, 3, 14);
207	786k	P2(local.C, local.D, local.E, local.A, local.B, 8, 15, 11, 14);
208	786k	P2(local.B, local.C, local.D, local.E, local.A, 12, 9, 15, 6);
209	786k	P2(local.A, local.B, local.C, local.D, local.E, 4, 8, 0, 14);
210	786k	P2(local.E, local.A, local.B, local.C, local.D, 13, 9, 5, 6);
211	786k	P2(local.D, local.E, local.A, local.B, local.C, 3, 14, 12, 9);
212	786k	P2(local.C, local.D, local.E, local.A, local.B, 7, 5, 2, 12);
213	786k	P2(local.B, local.C, local.D, local.E, local.A, 15, 6, 13, 9);
214	786k	P2(local.A, local.B, local.C, local.D, local.E, 14, 8, 9, 12);
215	786k	P2(local.E, local.A, local.B, local.C, local.D, 5, 6, 7, 5);
216	786k	P2(local.D, local.E, local.A, local.B, local.C, 6, 5, 10, 15);
217	786k	P2(local.C, local.D, local.E, local.A, local.B, 2, 12, 14, 8);
218	786k	#undef F
219	786k	#undef K
220	786k	#undef Fp
221	786k	#undef Kp
222
223	12.5M	#define F F5
224	786k	#define K 0xA953FD4E
225	12.5M	#define Fp F1
226	786k	#define Kp 0x00000000
227	786k	P2(local.B, local.C, local.D, local.E, local.A, 4, 9, 12, 8);
228	786k	P2(local.A, local.B, local.C, local.D, local.E, 0, 15, 15, 5);
229	786k	P2(local.E, local.A, local.B, local.C, local.D, 5, 5, 10, 12);
230	786k	P2(local.D, local.E, local.A, local.B, local.C, 9, 11, 4, 9);
231	786k	P2(local.C, local.D, local.E, local.A, local.B, 7, 6, 1, 12);
232	786k	P2(local.B, local.C, local.D, local.E, local.A, 12, 8, 5, 5);
233	786k	P2(local.A, local.B, local.C, local.D, local.E, 2, 13, 8, 14);
234	786k	P2(local.E, local.A, local.B, local.C, local.D, 10, 12, 7, 6);
235	786k	P2(local.D, local.E, local.A, local.B, local.C, 14, 5, 6, 8);
236	786k	P2(local.C, local.D, local.E, local.A, local.B, 1, 12, 2, 13);
237	786k	P2(local.B, local.C, local.D, local.E, local.A, 3, 13, 13, 6);
238	786k	P2(local.A, local.B, local.C, local.D, local.E, 8, 14, 14, 5);
239	786k	P2(local.E, local.A, local.B, local.C, local.D, 11, 11, 0, 15);
240	786k	P2(local.D, local.E, local.A, local.B, local.C, 6, 8, 3, 13);
241	786k	P2(local.C, local.D, local.E, local.A, local.B, 15, 5, 9, 11);
242	786k	P2(local.B, local.C, local.D, local.E, local.A, 13, 6, 11, 11);
243	786k	#undef F
244	786k	#undef K
245	786k	#undef Fp
246	786k	#undef Kp
247
248	786k	local.C = ctx->state[1] + local.C + local.Dp;
249	786k	ctx->state[1] = ctx->state[2] + local.D + local.Ep;
250	786k	ctx->state[2] = ctx->state[3] + local.E + local.Ap;
251	786k	ctx->state[3] = ctx->state[4] + local.A + local.Bp;
252	786k	ctx->state[4] = ctx->state[0] + local.B + local.Cp;
253	786k	ctx->state[0] = local.C;
254
255		/* Zeroise variables to clear sensitive data from memory. */
256	786k	mbedtls_platform_zeroize(&local, sizeof(local));
257
258	786k	return 0;
259	786k	}
260
261		#endif /* !MBEDTLS_RIPEMD160_PROCESS_ALT */
262
263		/*
264		* RIPEMD-160 process buffer
265		*/
266		int mbedtls_ripemd160_update(mbedtls_ripemd160_context *ctx,
267		const unsigned char *input,
268		size_t ilen)
269	89.9k	{
270	89.9k	int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
271	89.9k	size_t fill;
272	89.9k	uint32_t left;
273
274	89.9k	if (ilen == 0) {
275	29.9k	return 0;
276	29.9k	}
277
278	60.0k	left = ctx->total[0] & 0x3F;
279	60.0k	fill = 64 - left;
280
281	60.0k	ctx->total[0] += (uint32_t) ilen;
282	60.0k	ctx->total[0] &= 0xFFFFFFFF;
283
284	60.0k	if (ctx->total[0] < (uint32_t) ilen) {
285	0	ctx->total[1]++;
286	0	}
287
288	60.0k	if (left && ilen >= fill) {
289	17.4k	memcpy((void *) (ctx->buffer + left), input, fill);
290
291	17.4k	if ((ret = mbedtls_internal_ripemd160_process(ctx, ctx->buffer)) != 0) {
292	0	return ret;
293	0	}
294
295	17.4k	input += fill;
296	17.4k	ilen -= fill;
297	17.4k	left = 0;
298	17.4k	}
299
300	829k	while (ilen >= 64) {
301	769k	if ((ret = mbedtls_internal_ripemd160_process(ctx, input)) != 0) {
302	0	return ret;
303	0	}
304
305	769k	input += 64;
306	769k	ilen -= 64;
307	769k	}
308
309	60.0k	if (ilen > 0) {
310	34.2k	memcpy((void *) (ctx->buffer + left), input, ilen);
311	34.2k	}
312
313	60.0k	return 0;
314	60.0k	}
315
316		static const unsigned char ripemd160_padding[64] =
317		{
318		0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
319		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
320		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
321		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
322		};
323
324		/*
325		* RIPEMD-160 final digest
326		*/
327		int mbedtls_ripemd160_finish(mbedtls_ripemd160_context *ctx,
328		unsigned char output[20])
329	12.8k	{
330	12.8k	int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
331	12.8k	uint32_t last, padn;
332	12.8k	uint32_t high, low;
333	12.8k	unsigned char msglen[8];
334
335	12.8k	high = (ctx->total[0] >> 29)
336	12.8k	\| (ctx->total[1] << 3);
337	12.8k	low = (ctx->total[0] << 3);
338
339	12.8k	MBEDTLS_PUT_UINT32_LE(low, msglen, 0);
340	12.8k	MBEDTLS_PUT_UINT32_LE(high, msglen, 4);
341
342	12.8k	last = ctx->total[0] & 0x3F;
343	12.8k	padn = (last < 56) ? (56 - last) : (120 - last);
344
345	12.8k	ret = mbedtls_ripemd160_update(ctx, ripemd160_padding, padn);
346	12.8k	if (ret != 0) {
347	0	goto exit;
348	0	}
349
350	12.8k	ret = mbedtls_ripemd160_update(ctx, msglen, 8);
351	12.8k	if (ret != 0) {
352	0	goto exit;
353	0	}
354
355	12.8k	MBEDTLS_PUT_UINT32_LE(ctx->state[0], output, 0);
356	12.8k	MBEDTLS_PUT_UINT32_LE(ctx->state[1], output, 4);
357	12.8k	MBEDTLS_PUT_UINT32_LE(ctx->state[2], output, 8);
358	12.8k	MBEDTLS_PUT_UINT32_LE(ctx->state[3], output, 12);
359	12.8k	MBEDTLS_PUT_UINT32_LE(ctx->state[4], output, 16);
360
361	12.8k	ret = 0;
362
363	12.8k	exit:
364	12.8k	mbedtls_ripemd160_free(ctx);
365	12.8k	return ret;
366	12.8k	}
367
368		#endif /* ! MBEDTLS_RIPEMD160_ALT */
369
370		/*
371		* output = RIPEMD-160( input buffer )
372		*/
373		int mbedtls_ripemd160(const unsigned char *input,
374		size_t ilen,
375		unsigned char output[20])
376	0	{
377	0	int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
378	0	mbedtls_ripemd160_context ctx;
379
380	0	mbedtls_ripemd160_init(&ctx);
381
382	0	if ((ret = mbedtls_ripemd160_starts(&ctx)) != 0) {
383	0	goto exit;
384	0	}
385
386	0	if ((ret = mbedtls_ripemd160_update(&ctx, input, ilen)) != 0) {
387	0	goto exit;
388	0	}
389
390	0	if ((ret = mbedtls_ripemd160_finish(&ctx, output)) != 0) {
391	0	goto exit;
392	0	}
393
394	0	exit:
395	0	mbedtls_ripemd160_free(&ctx);
396
397	0	return ret;
398	0	}
399
400		#if defined(MBEDTLS_SELF_TEST)
401		/*
402		* Test vectors from the RIPEMD-160 paper and
403		* http://homes.esat.kuleuven.be/~bosselae/mbedtls_ripemd160.html#HMAC
404		*/
405	0	#define TESTS 8
406		static const unsigned char ripemd160_test_str[TESTS][81] =
407		{
408		{ "" },
409		{ "a" },
410		{ "abc" },
411		{ "message digest" },
412		{ "abcdefghijklmnopqrstuvwxyz" },
413		{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
414		{ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
415		{ "12345678901234567890123456789012345678901234567890123456789012345678901234567890" },
416		};
417
418		static const size_t ripemd160_test_strlen[TESTS] =
419		{
420		0, 1, 3, 14, 26, 56, 62, 80
421		};
422
423		static const unsigned char ripemd160_test_md[TESTS][20] =
424		{
425		{ 0x9c, 0x11, 0x85, 0xa5, 0xc5, 0xe9, 0xfc, 0x54, 0x61, 0x28,
426		0x08, 0x97, 0x7e, 0xe8, 0xf5, 0x48, 0xb2, 0x25, 0x8d, 0x31 },
427		{ 0x0b, 0xdc, 0x9d, 0x2d, 0x25, 0x6b, 0x3e, 0xe9, 0xda, 0xae,
428		0x34, 0x7b, 0xe6, 0xf4, 0xdc, 0x83, 0x5a, 0x46, 0x7f, 0xfe },
429		{ 0x8e, 0xb2, 0x08, 0xf7, 0xe0, 0x5d, 0x98, 0x7a, 0x9b, 0x04,
430		0x4a, 0x8e, 0x98, 0xc6, 0xb0, 0x87, 0xf1, 0x5a, 0x0b, 0xfc },
431		{ 0x5d, 0x06, 0x89, 0xef, 0x49, 0xd2, 0xfa, 0xe5, 0x72, 0xb8,
432		0x81, 0xb1, 0x23, 0xa8, 0x5f, 0xfa, 0x21, 0x59, 0x5f, 0x36 },
433		{ 0xf7, 0x1c, 0x27, 0x10, 0x9c, 0x69, 0x2c, 0x1b, 0x56, 0xbb,
434		0xdc, 0xeb, 0x5b, 0x9d, 0x28, 0x65, 0xb3, 0x70, 0x8d, 0xbc },
435		{ 0x12, 0xa0, 0x53, 0x38, 0x4a, 0x9c, 0x0c, 0x88, 0xe4, 0x05,
436		0xa0, 0x6c, 0x27, 0xdc, 0xf4, 0x9a, 0xda, 0x62, 0xeb, 0x2b },
437		{ 0xb0, 0xe2, 0x0b, 0x6e, 0x31, 0x16, 0x64, 0x02, 0x86, 0xed,
438		0x3a, 0x87, 0xa5, 0x71, 0x30, 0x79, 0xb2, 0x1f, 0x51, 0x89 },
439		{ 0x9b, 0x75, 0x2e, 0x45, 0x57, 0x3d, 0x4b, 0x39, 0xf4, 0xdb,
440		0xd3, 0x32, 0x3c, 0xab, 0x82, 0xbf, 0x63, 0x32, 0x6b, 0xfb },
441		};
442
443		/*
444		* Checkup routine
445		*/
446		int mbedtls_ripemd160_self_test(int verbose)
447	0	{
448	0	int i, ret = 0;
449	0	unsigned char output[20];
450
451	0	memset(output, 0, sizeof(output));
452
453	0	for (i = 0; i < TESTS; i++) {
454	0	if (verbose != 0) {
455	0	mbedtls_printf(" RIPEMD-160 test #%d: ", i + 1);
456	0	}
457
458	0	ret = mbedtls_ripemd160(ripemd160_test_str[i],
459	0	ripemd160_test_strlen[i], output);
460	0	if (ret != 0) {
461	0	goto fail;
462	0	}
463
464	0	if (memcmp(output, ripemd160_test_md[i], 20) != 0) {
465	0	ret = 1;
466	0	goto fail;
467	0	}
468
469	0	if (verbose != 0) {
470	0	mbedtls_printf("passed\n");
471	0	}
472	0	}
473
474	0	if (verbose != 0) {
475	0	mbedtls_printf("\n");
476	0	}
477
478	0	return 0;
479
480	0	fail:
481	0	if (verbose != 0) {
482	0	mbedtls_printf("failed\n");
483	0	}
484
485	0	return ret;
486	0	}
487
488		#endif /* MBEDTLS_SELF_TEST */
489
490		#endif /* MBEDTLS_RIPEMD160_C */