ripemd160.cpp
1 // Copyright (c) 2014-2019 The Bitcoin Core developers 2 // Distributed under the MIT software license, see the accompanying 3 // file COPYING or http://www.opensource.org/licenses/mit-license.php. 4 5 #include <crypto/ripemd160.h> 6 7 #include <crypto/common.h> 8 9 #include <string.h> 10 11 // Internal implementation code. 12 namespace 13 { 14 /// Internal RIPEMD-160 implementation. 15 namespace ripemd160 16 { 17 uint32_t inline f1(uint32_t x, uint32_t y, uint32_t z) { return x ^ y ^ z; } 18 uint32_t inline f2(uint32_t x, uint32_t y, uint32_t z) { return (x & y) | (~x & z); } 19 uint32_t inline f3(uint32_t x, uint32_t y, uint32_t z) { return (x | ~y) ^ z; } 20 uint32_t inline f4(uint32_t x, uint32_t y, uint32_t z) { return (x & z) | (y & ~z); } 21 uint32_t inline f5(uint32_t x, uint32_t y, uint32_t z) { return x ^ (y | ~z); } 22 23 /** Initialize RIPEMD-160 state. */ 24 void inline Initialize(uint32_t* s) 25 { 26 s[0] = 0x67452301ul; 27 s[1] = 0xEFCDAB89ul; 28 s[2] = 0x98BADCFEul; 29 s[3] = 0x10325476ul; 30 s[4] = 0xC3D2E1F0ul; 31 } 32 33 uint32_t inline rol(uint32_t x, int i) { return (x << i) | (x >> (32 - i)); } 34 35 void inline Round(uint32_t& a, uint32_t b, uint32_t& c, uint32_t d, uint32_t e, uint32_t f, uint32_t x, uint32_t k, int r) 36 { 37 a = rol(a + f + x + k, r) + e; 38 c = rol(c, 10); 39 } 40 41 void inline R11(uint32_t& a, uint32_t b, uint32_t& c, uint32_t d, uint32_t e, uint32_t x, int r) { Round(a, b, c, d, e, f1(b, c, d), x, 0, r); } 42 void inline R21(uint32_t& a, uint32_t b, uint32_t& c, uint32_t d, uint32_t e, uint32_t x, int r) { Round(a, b, c, d, e, f2(b, c, d), x, 0x5A827999ul, r); } 43 void inline R31(uint32_t& a, uint32_t b, uint32_t& c, uint32_t d, uint32_t e, uint32_t x, int r) { Round(a, b, c, d, e, f3(b, c, d), x, 0x6ED9EBA1ul, r); } 44 void inline R41(uint32_t& a, uint32_t b, uint32_t& c, uint32_t d, uint32_t e, uint32_t x, int r) { Round(a, b, c, d, e, f4(b, c, d), x, 0x8F1BBCDCul, r); } 45 void inline R51(uint32_t& a, uint32_t b, uint32_t& c, uint32_t d, uint32_t e, uint32_t x, int r) { Round(a, b, c, d, e, f5(b, c, d), x, 0xA953FD4Eul, r); } 46 47 void inline R12(uint32_t& a, uint32_t b, uint32_t& c, uint32_t d, uint32_t e, uint32_t x, int r) { Round(a, b, c, d, e, f5(b, c, d), x, 0x50A28BE6ul, r); } 48 void inline R22(uint32_t& a, uint32_t b, uint32_t& c, uint32_t d, uint32_t e, uint32_t x, int r) { Round(a, b, c, d, e, f4(b, c, d), x, 0x5C4DD124ul, r); } 49 void inline R32(uint32_t& a, uint32_t b, uint32_t& c, uint32_t d, uint32_t e, uint32_t x, int r) { Round(a, b, c, d, e, f3(b, c, d), x, 0x6D703EF3ul, r); } 50 void inline R42(uint32_t& a, uint32_t b, uint32_t& c, uint32_t d, uint32_t e, uint32_t x, int r) { Round(a, b, c, d, e, f2(b, c, d), x, 0x7A6D76E9ul, r); } 51 void inline R52(uint32_t& a, uint32_t b, uint32_t& c, uint32_t d, uint32_t e, uint32_t x, int r) { Round(a, b, c, d, e, f1(b, c, d), x, 0, r); } 52 53 /** Perform a RIPEMD-160 transformation, processing a 64-byte chunk. */ 54 void Transform(uint32_t* s, const unsigned char* chunk) 55 { 56 uint32_t a1 = s[0], b1 = s[1], c1 = s[2], d1 = s[3], e1 = s[4]; 57 uint32_t a2 = a1, b2 = b1, c2 = c1, d2 = d1, e2 = e1; 58 uint32_t w0 = ReadLE32(chunk + 0), w1 = ReadLE32(chunk + 4), w2 = ReadLE32(chunk + 8), w3 = ReadLE32(chunk + 12); 59 uint32_t w4 = ReadLE32(chunk + 16), w5 = ReadLE32(chunk + 20), w6 = ReadLE32(chunk + 24), w7 = ReadLE32(chunk + 28); 60 uint32_t w8 = ReadLE32(chunk + 32), w9 = ReadLE32(chunk + 36), w10 = ReadLE32(chunk + 40), w11 = ReadLE32(chunk + 44); 61 uint32_t w12 = ReadLE32(chunk + 48), w13 = ReadLE32(chunk + 52), w14 = ReadLE32(chunk + 56), w15 = ReadLE32(chunk + 60); 62 63 R11(a1, b1, c1, d1, e1, w0, 11); 64 R12(a2, b2, c2, d2, e2, w5, 8); 65 R11(e1, a1, b1, c1, d1, w1, 14); 66 R12(e2, a2, b2, c2, d2, w14, 9); 67 R11(d1, e1, a1, b1, c1, w2, 15); 68 R12(d2, e2, a2, b2, c2, w7, 9); 69 R11(c1, d1, e1, a1, b1, w3, 12); 70 R12(c2, d2, e2, a2, b2, w0, 11); 71 R11(b1, c1, d1, e1, a1, w4, 5); 72 R12(b2, c2, d2, e2, a2, w9, 13); 73 R11(a1, b1, c1, d1, e1, w5, 8); 74 R12(a2, b2, c2, d2, e2, w2, 15); 75 R11(e1, a1, b1, c1, d1, w6, 7); 76 R12(e2, a2, b2, c2, d2, w11, 15); 77 R11(d1, e1, a1, b1, c1, w7, 9); 78 R12(d2, e2, a2, b2, c2, w4, 5); 79 R11(c1, d1, e1, a1, b1, w8, 11); 80 R12(c2, d2, e2, a2, b2, w13, 7); 81 R11(b1, c1, d1, e1, a1, w9, 13); 82 R12(b2, c2, d2, e2, a2, w6, 7); 83 R11(a1, b1, c1, d1, e1, w10, 14); 84 R12(a2, b2, c2, d2, e2, w15, 8); 85 R11(e1, a1, b1, c1, d1, w11, 15); 86 R12(e2, a2, b2, c2, d2, w8, 11); 87 R11(d1, e1, a1, b1, c1, w12, 6); 88 R12(d2, e2, a2, b2, c2, w1, 14); 89 R11(c1, d1, e1, a1, b1, w13, 7); 90 R12(c2, d2, e2, a2, b2, w10, 14); 91 R11(b1, c1, d1, e1, a1, w14, 9); 92 R12(b2, c2, d2, e2, a2, w3, 12); 93 R11(a1, b1, c1, d1, e1, w15, 8); 94 R12(a2, b2, c2, d2, e2, w12, 6); 95 96 R21(e1, a1, b1, c1, d1, w7, 7); 97 R22(e2, a2, b2, c2, d2, w6, 9); 98 R21(d1, e1, a1, b1, c1, w4, 6); 99 R22(d2, e2, a2, b2, c2, w11, 13); 100 R21(c1, d1, e1, a1, b1, w13, 8); 101 R22(c2, d2, e2, a2, b2, w3, 15); 102 R21(b1, c1, d1, e1, a1, w1, 13); 103 R22(b2, c2, d2, e2, a2, w7, 7); 104 R21(a1, b1, c1, d1, e1, w10, 11); 105 R22(a2, b2, c2, d2, e2, w0, 12); 106 R21(e1, a1, b1, c1, d1, w6, 9); 107 R22(e2, a2, b2, c2, d2, w13, 8); 108 R21(d1, e1, a1, b1, c1, w15, 7); 109 R22(d2, e2, a2, b2, c2, w5, 9); 110 R21(c1, d1, e1, a1, b1, w3, 15); 111 R22(c2, d2, e2, a2, b2, w10, 11); 112 R21(b1, c1, d1, e1, a1, w12, 7); 113 R22(b2, c2, d2, e2, a2, w14, 7); 114 R21(a1, b1, c1, d1, e1, w0, 12); 115 R22(a2, b2, c2, d2, e2, w15, 7); 116 R21(e1, a1, b1, c1, d1, w9, 15); 117 R22(e2, a2, b2, c2, d2, w8, 12); 118 R21(d1, e1, a1, b1, c1, w5, 9); 119 R22(d2, e2, a2, b2, c2, w12, 7); 120 R21(c1, d1, e1, a1, b1, w2, 11); 121 R22(c2, d2, e2, a2, b2, w4, 6); 122 R21(b1, c1, d1, e1, a1, w14, 7); 123 R22(b2, c2, d2, e2, a2, w9, 15); 124 R21(a1, b1, c1, d1, e1, w11, 13); 125 R22(a2, b2, c2, d2, e2, w1, 13); 126 R21(e1, a1, b1, c1, d1, w8, 12); 127 R22(e2, a2, b2, c2, d2, w2, 11); 128 129 R31(d1, e1, a1, b1, c1, w3, 11); 130 R32(d2, e2, a2, b2, c2, w15, 9); 131 R31(c1, d1, e1, a1, b1, w10, 13); 132 R32(c2, d2, e2, a2, b2, w5, 7); 133 R31(b1, c1, d1, e1, a1, w14, 6); 134 R32(b2, c2, d2, e2, a2, w1, 15); 135 R31(a1, b1, c1, d1, e1, w4, 7); 136 R32(a2, b2, c2, d2, e2, w3, 11); 137 R31(e1, a1, b1, c1, d1, w9, 14); 138 R32(e2, a2, b2, c2, d2, w7, 8); 139 R31(d1, e1, a1, b1, c1, w15, 9); 140 R32(d2, e2, a2, b2, c2, w14, 6); 141 R31(c1, d1, e1, a1, b1, w8, 13); 142 R32(c2, d2, e2, a2, b2, w6, 6); 143 R31(b1, c1, d1, e1, a1, w1, 15); 144 R32(b2, c2, d2, e2, a2, w9, 14); 145 R31(a1, b1, c1, d1, e1, w2, 14); 146 R32(a2, b2, c2, d2, e2, w11, 12); 147 R31(e1, a1, b1, c1, d1, w7, 8); 148 R32(e2, a2, b2, c2, d2, w8, 13); 149 R31(d1, e1, a1, b1, c1, w0, 13); 150 R32(d2, e2, a2, b2, c2, w12, 5); 151 R31(c1, d1, e1, a1, b1, w6, 6); 152 R32(c2, d2, e2, a2, b2, w2, 14); 153 R31(b1, c1, d1, e1, a1, w13, 5); 154 R32(b2, c2, d2, e2, a2, w10, 13); 155 R31(a1, b1, c1, d1, e1, w11, 12); 156 R32(a2, b2, c2, d2, e2, w0, 13); 157 R31(e1, a1, b1, c1, d1, w5, 7); 158 R32(e2, a2, b2, c2, d2, w4, 7); 159 R31(d1, e1, a1, b1, c1, w12, 5); 160 R32(d2, e2, a2, b2, c2, w13, 5); 161 162 R41(c1, d1, e1, a1, b1, w1, 11); 163 R42(c2, d2, e2, a2, b2, w8, 15); 164 R41(b1, c1, d1, e1, a1, w9, 12); 165 R42(b2, c2, d2, e2, a2, w6, 5); 166 R41(a1, b1, c1, d1, e1, w11, 14); 167 R42(a2, b2, c2, d2, e2, w4, 8); 168 R41(e1, a1, b1, c1, d1, w10, 15); 169 R42(e2, a2, b2, c2, d2, w1, 11); 170 R41(d1, e1, a1, b1, c1, w0, 14); 171 R42(d2, e2, a2, b2, c2, w3, 14); 172 R41(c1, d1, e1, a1, b1, w8, 15); 173 R42(c2, d2, e2, a2, b2, w11, 14); 174 R41(b1, c1, d1, e1, a1, w12, 9); 175 R42(b2, c2, d2, e2, a2, w15, 6); 176 R41(a1, b1, c1, d1, e1, w4, 8); 177 R42(a2, b2, c2, d2, e2, w0, 14); 178 R41(e1, a1, b1, c1, d1, w13, 9); 179 R42(e2, a2, b2, c2, d2, w5, 6); 180 R41(d1, e1, a1, b1, c1, w3, 14); 181 R42(d2, e2, a2, b2, c2, w12, 9); 182 R41(c1, d1, e1, a1, b1, w7, 5); 183 R42(c2, d2, e2, a2, b2, w2, 12); 184 R41(b1, c1, d1, e1, a1, w15, 6); 185 R42(b2, c2, d2, e2, a2, w13, 9); 186 R41(a1, b1, c1, d1, e1, w14, 8); 187 R42(a2, b2, c2, d2, e2, w9, 12); 188 R41(e1, a1, b1, c1, d1, w5, 6); 189 R42(e2, a2, b2, c2, d2, w7, 5); 190 R41(d1, e1, a1, b1, c1, w6, 5); 191 R42(d2, e2, a2, b2, c2, w10, 15); 192 R41(c1, d1, e1, a1, b1, w2, 12); 193 R42(c2, d2, e2, a2, b2, w14, 8); 194 195 R51(b1, c1, d1, e1, a1, w4, 9); 196 R52(b2, c2, d2, e2, a2, w12, 8); 197 R51(a1, b1, c1, d1, e1, w0, 15); 198 R52(a2, b2, c2, d2, e2, w15, 5); 199 R51(e1, a1, b1, c1, d1, w5, 5); 200 R52(e2, a2, b2, c2, d2, w10, 12); 201 R51(d1, e1, a1, b1, c1, w9, 11); 202 R52(d2, e2, a2, b2, c2, w4, 9); 203 R51(c1, d1, e1, a1, b1, w7, 6); 204 R52(c2, d2, e2, a2, b2, w1, 12); 205 R51(b1, c1, d1, e1, a1, w12, 8); 206 R52(b2, c2, d2, e2, a2, w5, 5); 207 R51(a1, b1, c1, d1, e1, w2, 13); 208 R52(a2, b2, c2, d2, e2, w8, 14); 209 R51(e1, a1, b1, c1, d1, w10, 12); 210 R52(e2, a2, b2, c2, d2, w7, 6); 211 R51(d1, e1, a1, b1, c1, w14, 5); 212 R52(d2, e2, a2, b2, c2, w6, 8); 213 R51(c1, d1, e1, a1, b1, w1, 12); 214 R52(c2, d2, e2, a2, b2, w2, 13); 215 R51(b1, c1, d1, e1, a1, w3, 13); 216 R52(b2, c2, d2, e2, a2, w13, 6); 217 R51(a1, b1, c1, d1, e1, w8, 14); 218 R52(a2, b2, c2, d2, e2, w14, 5); 219 R51(e1, a1, b1, c1, d1, w11, 11); 220 R52(e2, a2, b2, c2, d2, w0, 15); 221 R51(d1, e1, a1, b1, c1, w6, 8); 222 R52(d2, e2, a2, b2, c2, w3, 13); 223 R51(c1, d1, e1, a1, b1, w15, 5); 224 R52(c2, d2, e2, a2, b2, w9, 11); 225 R51(b1, c1, d1, e1, a1, w13, 6); 226 R52(b2, c2, d2, e2, a2, w11, 11); 227 228 uint32_t t = s[0]; 229 s[0] = s[1] + c1 + d2; 230 s[1] = s[2] + d1 + e2; 231 s[2] = s[3] + e1 + a2; 232 s[3] = s[4] + a1 + b2; 233 s[4] = t + b1 + c2; 234 } 235 236 } // namespace ripemd160 237 238 } // namespace 239 240 ////// RIPEMD160 241 242 CRIPEMD160::CRIPEMD160() 243 { 244 ripemd160::Initialize(s); 245 } 246 247 CRIPEMD160& CRIPEMD160::Write(const unsigned char* data, size_t len) 248 { 249 const unsigned char* end = data + len; 250 size_t bufsize = bytes % 64; 251 if (bufsize && bufsize + len >= 64) { 252 // Fill the buffer, and process it. 253 memcpy(buf + bufsize, data, 64 - bufsize); 254 bytes += 64 - bufsize; 255 data += 64 - bufsize; 256 ripemd160::Transform(s, buf); 257 bufsize = 0; 258 } 259 while (end - data >= 64) { 260 // Process full chunks directly from the source. 261 ripemd160::Transform(s, data); 262 bytes += 64; 263 data += 64; 264 } 265 if (end > data) { 266 // Fill the buffer with what remains. 267 memcpy(buf + bufsize, data, end - data); 268 bytes += end - data; 269 } 270 return *this; 271 } 272 273 void CRIPEMD160::Finalize(unsigned char hash[OUTPUT_SIZE]) 274 { 275 static const unsigned char pad[64] = {0x80}; 276 unsigned char sizedesc[8]; 277 WriteLE64(sizedesc, bytes << 3); 278 Write(pad, 1 + ((119 - (bytes % 64)) % 64)); 279 Write(sizedesc, 8); 280 WriteLE32(hash, s[0]); 281 WriteLE32(hash + 4, s[1]); 282 WriteLE32(hash + 8, s[2]); 283 WriteLE32(hash + 12, s[3]); 284 WriteLE32(hash + 16, s[4]); 285 } 286 287 CRIPEMD160& CRIPEMD160::Reset() 288 { 289 bytes = 0; 290 ripemd160::Initialize(s); 291 return *this; 292 }