md4.c
Go to the documentation of this file.
1 /**
2  * @file md4.c
3  * @brief MD4 (Message-Digest Algorithm)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @section Description
28  *
29  * The MD4 algorithm takes as input a message of arbitrary length and produces
30  * as output a 128-bit message digest of the input. Refer to RFC 1320
31  *
32  * @author Oryx Embedded SARL (www.oryx-embedded.com)
33  * @version 2.4.0
34  **/
35 
36 //Switch to the appropriate trace level
37 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
38 
39 //Dependencies
40 #include "core/crypto.h"
41 #include "hash/md4.h"
42 
43 //Check crypto library configuration
44 #if (MD4_SUPPORT == ENABLED)
45 
46 //MD4 auxiliary functions
47 #define F(x, y, z) (((x) & (y)) | (~(x) & (z)))
48 #define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
49 #define H(x, y, z) ((x) ^ (y) ^ (z))
50 
51 #define FF(a, b, c, d, x, s) a += F(b, c, d) + (x), a = ROL32(a, s)
52 #define GG(a, b, c, d, x, s) a += G(b, c, d) + (x) + 0x5A827999, a = ROL32(a, s)
53 #define HH(a, b, c, d, x, s) a += H(b, c, d) + (x) + 0x6ED9EBA1, a = ROL32(a, s)
54 
55 //MD4 padding
56 static const uint8_t padding[64] =
57 {
58  0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
59  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
60  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
61  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
62 };
63 
64 //MD4 object identifier (1.2.840.113549.2.4)
65 const uint8_t MD4_OID[8] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x04};
66 
67 //Common interface for hash algorithms
69 {
70  "MD4",
71  MD4_OID,
72  sizeof(MD4_OID),
73  sizeof(Md4Context),
77  FALSE,
82  NULL
83 };
84 
85 
86 /**
87  * @brief Digest a message using MD4
88  * @param[in] data Pointer to the message being hashed
89  * @param[in] length Length of the message
90  * @param[out] digest Pointer to the calculated digest
91  * @return Error code
92  **/
93 
94 error_t md4Compute(const void *data, size_t length, uint8_t *digest)
95 {
96 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
97  Md4Context *context;
98 #else
99  Md4Context context[1];
100 #endif
101 
102  //Check parameters
103  if(data == NULL && length != 0)
105 
106  if(digest == NULL)
108 
109 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
110  //Allocate a memory buffer to hold the MD4 context
111  context = cryptoAllocMem(sizeof(Md4Context));
112  //Failed to allocate memory?
113  if(context == NULL)
114  return ERROR_OUT_OF_MEMORY;
115 #endif
116 
117  //Initialize the MD4 context
118  md4Init(context);
119  //Digest the message
120  md4Update(context, data, length);
121  //Finalize the MD4 message digest
122  md4Final(context, digest);
123 
124 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
125  //Free previously allocated memory
126  cryptoFreeMem(context);
127 #endif
128 
129  //Successful operation
130  return NO_ERROR;
131 }
132 
133 
134 /**
135  * @brief Initialize MD4 message digest context
136  * @param[in] context Pointer to the MD4 context to initialize
137  **/
138 
139 void md4Init(Md4Context *context)
140 {
141  //Set initial hash value
142  context->h[0] = 0x67452301;
143  context->h[1] = 0xEFCDAB89;
144  context->h[2] = 0x98BADCFE;
145  context->h[3] = 0x10325476;
146 
147  //Number of bytes in the buffer
148  context->size = 0;
149  //Total length of the message
150  context->totalSize = 0;
151 }
152 
153 
154 /**
155  * @brief Update the MD4 context with a portion of the message being hashed
156  * @param[in] context Pointer to the MD4 context
157  * @param[in] data Pointer to the buffer being hashed
158  * @param[in] length Length of the buffer
159  **/
160 
161 void md4Update(Md4Context *context, const void *data, size_t length)
162 {
163  size_t n;
164 
165  //Process the incoming data
166  while(length > 0)
167  {
168  //The buffer can hold at most 64 bytes
169  n = MIN(length, 64 - context->size);
170 
171  //Copy the data to the buffer
172  osMemcpy(context->buffer + context->size, data, n);
173 
174  //Update the MD4 context
175  context->size += n;
176  context->totalSize += n;
177  //Advance the data pointer
178  data = (uint8_t *) data + n;
179  //Remaining bytes to process
180  length -= n;
181 
182  //Process message in 16-word blocks
183  if(context->size == 64)
184  {
185  //Transform the 16-word block
186  md4ProcessBlock(context);
187  //Empty the buffer
188  context->size = 0;
189  }
190  }
191 }
192 
193 
194 /**
195  * @brief Finish the MD4 message digest
196  * @param[in] context Pointer to the MD4 context
197  * @param[out] digest Calculated digest (optional parameter)
198  **/
199 
200 void md4Final(Md4Context *context, uint8_t *digest)
201 {
202  uint_t i;
203  size_t paddingSize;
204  uint64_t totalSize;
205 
206  //Length of the original message (before padding)
207  totalSize = context->totalSize * 8;
208 
209  //Pad the message so that its length is congruent to 56 modulo 64
210  if(context->size < 56)
211  {
212  paddingSize = 56 - context->size;
213  }
214  else
215  {
216  paddingSize = 64 + 56 - context->size;
217  }
218 
219  //Append padding
220  md4Update(context, padding, paddingSize);
221 
222  //Append the length of the original message
223  context->x[14] = htole32((uint32_t) totalSize);
224  context->x[15] = htole32((uint32_t) (totalSize >> 32));
225 
226  //Calculate the message digest
227  md4ProcessBlock(context);
228 
229  //Convert from host byte order to little-endian byte order
230  for(i = 0; i < 4; i++)
231  {
232  context->h[i] = htole32(context->h[i]);
233  }
234 
235  //Copy the resulting digest
236  if(digest != NULL)
237  {
238  osMemcpy(digest, context->digest, MD4_DIGEST_SIZE);
239  }
240 }
241 
242 
243 /**
244  * @brief Process message in 16-word blocks
245  * @param[in] context Pointer to the MD4 context
246  **/
247 
249 {
250  uint_t i;
251 
252  //Initialize the 4 working registers
253  uint32_t a = context->h[0];
254  uint32_t b = context->h[1];
255  uint32_t c = context->h[2];
256  uint32_t d = context->h[3];
257 
258  //Process message in 16-word blocks
259  uint32_t *x = context->x;
260 
261  //Convert from little-endian byte order to host byte order
262  for(i = 0; i < 16; i++)
263  {
264  x[i] = letoh32(x[i]);
265  }
266 
267  //Round 1
268  FF(a, b, c, d, x[0], 3);
269  FF(d, a, b, c, x[1], 7);
270  FF(c, d, a, b, x[2], 11);
271  FF(b, c, d, a, x[3], 19);
272  FF(a, b, c, d, x[4], 3);
273  FF(d, a, b, c, x[5], 7);
274  FF(c, d, a, b, x[6], 11);
275  FF(b, c, d, a, x[7], 19);
276  FF(a, b, c, d, x[8], 3);
277  FF(d, a, b, c, x[9], 7);
278  FF(c, d, a, b, x[10], 11);
279  FF(b, c, d, a, x[11], 19);
280  FF(a, b, c, d, x[12], 3);
281  FF(d, a, b, c, x[13], 7);
282  FF(c, d, a, b, x[14], 11);
283  FF(b, c, d, a, x[15], 19);
284 
285  //Round 2
286  GG(a, b, c, d, x[0], 3);
287  GG(d, a, b, c, x[4], 5);
288  GG(c, d, a, b, x[8], 9);
289  GG(b, c, d, a, x[12], 13);
290  GG(a, b, c, d, x[1], 3);
291  GG(d, a, b, c, x[5], 5);
292  GG(c, d, a, b, x[9], 9);
293  GG(b, c, d, a, x[13], 13);
294  GG(a, b, c, d, x[2], 3);
295  GG(d, a, b, c, x[6], 5);
296  GG(c, d, a, b, x[10], 9);
297  GG(b, c, d, a, x[14], 13);
298  GG(a, b, c, d, x[3], 3);
299  GG(d, a, b, c, x[7], 5);
300  GG(c, d, a, b, x[11], 9);
301  GG(b, c, d, a, x[15], 13);
302 
303  //Round 3
304  HH(a, b, c, d, x[0], 3);
305  HH(d, a, b, c, x[8], 9);
306  HH(c, d, a, b, x[4], 11);
307  HH(b, c, d, a, x[12], 15);
308  HH(a, b, c, d, x[2], 3);
309  HH(d, a, b, c, x[10], 9);
310  HH(c, d, a, b, x[6], 11);
311  HH(b, c, d, a, x[14], 15);
312  HH(a, b, c, d, x[1], 3);
313  HH(d, a, b, c, x[9], 9);
314  HH(c, d, a, b, x[5], 11);
315  HH(b, c, d, a, x[13], 15);
316  HH(a, b, c, d, x[3], 3);
317  HH(d, a, b, c, x[11], 9);
318  HH(c, d, a, b, x[7], 11);
319  HH(b, c, d, a, x[15], 15);
320 
321  //Update the hash value
322  context->h[0] += a;
323  context->h[1] += b;
324  context->h[2] += c;
325  context->h[3] += d;
326 }
327 
328 #endif
unsigned int uint_t
Definition: compiler_port.h:50
#define htole32(value)
Definition: cpu_endian.h:430
#define letoh32(value)
Definition: cpu_endian.h:438
General definitions for cryptographic algorithms.
error_t(* HashAlgoCompute)(const void *data, size_t length, uint8_t *digest)
Definition: crypto.h:956
void(* HashAlgoFinal)(void *context, uint8_t *digest)
Definition: crypto.h:963
void(* HashAlgoUpdate)(void *context, const void *data, size_t length)
Definition: crypto.h:961
#define cryptoAllocMem(size)
Definition: crypto.h:765
#define cryptoFreeMem(p)
Definition: crypto.h:770
void(* HashAlgoInit)(void *context)
Definition: crypto.h:959
uint8_t n
error_t
Error codes.
Definition: error.h:43
@ NO_ERROR
Success.
Definition: error.h:44
@ ERROR_OUT_OF_MEMORY
Definition: error.h:63
@ ERROR_INVALID_PARAMETER
Invalid parameter.
Definition: error.h:47
uint8_t data[]
Definition: ethernet.h:222
uint8_t x
Definition: lldp_ext_med.h:211
const HashAlgo md4HashAlgo
Definition: md4.c:68
#define HH(a, b, c, d, x, s)
Definition: md4.c:53
#define GG(a, b, c, d, x, s)
Definition: md4.c:52
const uint8_t MD4_OID[8]
Definition: md4.c:65
void md4Update(Md4Context *context, const void *data, size_t length)
Update the MD4 context with a portion of the message being hashed.
Definition: md4.c:161
error_t md4Compute(const void *data, size_t length, uint8_t *digest)
Digest a message using MD4.
Definition: md4.c:94
#define FF(a, b, c, d, x, s)
Definition: md4.c:51
void md4Init(Md4Context *context)
Initialize MD4 message digest context.
Definition: md4.c:139
void md4ProcessBlock(Md4Context *context)
Process message in 16-word blocks.
Definition: md4.c:248
void md4Final(Md4Context *context, uint8_t *digest)
Finish the MD4 message digest.
Definition: md4.c:200
MD4 (Message-Digest Algorithm)
#define MD4_DIGEST_SIZE
Definition: md4.h:40
#define MD4_MIN_PAD_SIZE
Definition: md4.h:42
#define MD4_BLOCK_SIZE
Definition: md4.h:38
uint8_t b
Definition: nbns_common.h:104
uint8_t c
Definition: ndp.h:514
uint8_t a
Definition: ndp.h:411
#define osMemcpy(dest, src, length)
Definition: os_port.h:141
#define MIN(a, b)
Definition: os_port.h:63
#define FALSE
Definition: os_port.h:46
Common interface for hash algorithms.
Definition: crypto.h:1014
MD4 algorithm context.
Definition: md4.h:57
uint32_t h[4]
Definition: md4.h:60
uint64_t totalSize
Definition: md4.h:69
size_t size
Definition: md4.h:68
uint8_t digest[16]
Definition: md4.h:61
uint8_t buffer[64]
Definition: md4.h:66
uint32_t x[16]
Definition: md4.h:65
uint8_t length
Definition: tcp.h:368