md4.c
Go to the documentation of this file.
1 /**
2  * @file md4.c
3  * @brief MD4 (Message-Digest Algorithm)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2019 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCrypto Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @section Description
28  *
29  * The MD4 algorithm takes as input a message of arbitrary length and produces
30  * as output a 128-bit message digest of the input. Refer to RFC 1320
31  *
32  * @author Oryx Embedded SARL (www.oryx-embedded.com)
33  * @version 1.9.6
34  **/
35 
36 //Switch to the appropriate trace level
37 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
38 
39 //Dependencies
40 #include "core/crypto.h"
41 #include "hash/md4.h"
42 
43 //Check crypto library configuration
44 #if (MD4_SUPPORT == ENABLED)
45 
46 //MD4 auxiliary functions
47 #define F(x, y, z) (((x) & (y)) | (~(x) & (z)))
48 #define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
49 #define H(x, y, z) ((x) ^ (y) ^ (z))
50 
51 #define FF(a, b, c, d, x, s) a += F(b, c, d) + (x), a = ROL32(a, s)
52 #define GG(a, b, c, d, x, s) a += G(b, c, d) + (x) + 0x5A827999, a = ROL32(a, s)
53 #define HH(a, b, c, d, x, s) a += H(b, c, d) + (x) + 0x6ED9EBA1, a = ROL32(a, s)
54 
55 //MD4 padding
56 static const uint8_t padding[64] =
57 {
58  0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
59  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
60  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
61  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
62 };
63 
64 //MD4 object identifier (1.2.840.113549.2.4)
65 const uint8_t md4Oid[8] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x04};
66 
67 //Common interface for hash algorithms
69 {
70  "MD4",
71  md4Oid,
72  sizeof(md4Oid),
73  sizeof(Md4Context),
77  FALSE,
82  NULL
83 };
84 
85 
86 /**
87  * @brief Digest a message using MD4
88  * @param[in] data Pointer to the message being hashed
89  * @param[in] length Length of the message
90  * @param[out] digest Pointer to the calculated digest
91  * @return Error code
92  **/
93 
94 error_t md4Compute(const void *data, size_t length, uint8_t *digest)
95 {
96  //Allocate a memory buffer to hold the MD4 context
97  Md4Context *context = cryptoAllocMem(sizeof(Md4Context));
98  //Failed to allocate memory?
99  if(context == NULL)
100  return ERROR_OUT_OF_MEMORY;
101 
102  //Initialize the MD4 context
103  md4Init(context);
104  //Digest the message
105  md4Update(context, data, length);
106  //Finalize the MD4 message digest
107  md4Final(context, digest);
108 
109  //Free previously allocated memory
110  cryptoFreeMem(context);
111  //Successful processing
112  return NO_ERROR;
113 }
114 
115 
116 /**
117  * @brief Initialize MD4 message digest context
118  * @param[in] context Pointer to the MD4 context to initialize
119  **/
120 
121 void md4Init(Md4Context *context)
122 {
123  //Set initial hash value
124  context->h[0] = 0x67452301;
125  context->h[1] = 0xEFCDAB89;
126  context->h[2] = 0x98BADCFE;
127  context->h[3] = 0x10325476;
128 
129  //Number of bytes in the buffer
130  context->size = 0;
131  //Total length of the message
132  context->totalSize = 0;
133 }
134 
135 
136 /**
137  * @brief Update the MD4 context with a portion of the message being hashed
138  * @param[in] context Pointer to the MD4 context
139  * @param[in] data Pointer to the buffer being hashed
140  * @param[in] length Length of the buffer
141  **/
142 
143 void md4Update(Md4Context *context, const void *data, size_t length)
144 {
145  size_t n;
146 
147  //Process the incoming data
148  while(length > 0)
149  {
150  //The buffer can hold at most 64 bytes
151  n = MIN(length, 64 - context->size);
152 
153  //Copy the data to the buffer
154  cryptoMemcpy(context->buffer + context->size, data, n);
155 
156  //Update the MD4 context
157  context->size += n;
158  context->totalSize += n;
159  //Advance the data pointer
160  data = (uint8_t *) data + n;
161  //Remaining bytes to process
162  length -= n;
163 
164  //Process message in 16-word blocks
165  if(context->size == 64)
166  {
167  //Transform the 16-word block
168  md4ProcessBlock(context);
169  //Empty the buffer
170  context->size = 0;
171  }
172  }
173 }
174 
175 
176 /**
177  * @brief Finish the MD4 message digest
178  * @param[in] context Pointer to the MD4 context
179  * @param[out] digest Calculated digest (optional parameter)
180  **/
181 
182 void md4Final(Md4Context *context, uint8_t *digest)
183 {
184  uint_t i;
185  size_t paddingSize;
186  uint64_t totalSize;
187 
188  //Length of the original message (before padding)
189  totalSize = context->totalSize * 8;
190 
191  //Pad the message so that its length is congruent to 56 modulo 64
192  if(context->size < 56)
193  paddingSize = 56 - context->size;
194  else
195  paddingSize = 64 + 56 - context->size;
196 
197  //Append padding
198  md4Update(context, padding, paddingSize);
199 
200  //Append the length of the original message
201  context->x[14] = htole32((uint32_t) totalSize);
202  context->x[15] = htole32((uint32_t) (totalSize >> 32));
203 
204  //Calculate the message digest
205  md4ProcessBlock(context);
206 
207  //Convert from host byte order to little-endian byte order
208  for(i = 0; i < 4; i++)
209  {
210  context->h[i] = htole32(context->h[i]);
211  }
212 
213  //Copy the resulting digest
214  if(digest != NULL)
215  cryptoMemcpy(digest, context->digest, MD4_DIGEST_SIZE);
216 }
217 
218 
219 /**
220  * @brief Process message in 16-word blocks
221  * @param[in] context Pointer to the MD4 context
222  **/
223 
225 {
226  uint_t i;
227 
228  //Initialize the 4 working registers
229  uint32_t a = context->h[0];
230  uint32_t b = context->h[1];
231  uint32_t c = context->h[2];
232  uint32_t d = context->h[3];
233 
234  //Process message in 16-word blocks
235  uint32_t *x = context->x;
236 
237  //Convert from little-endian byte order to host byte order
238  for(i = 0; i < 16; i++)
239  {
240  x[i] = letoh32(x[i]);
241  }
242 
243  //Round 1
244  FF(a, b, c, d, x[0], 3);
245  FF(d, a, b, c, x[1], 7);
246  FF(c, d, a, b, x[2], 11);
247  FF(b, c, d, a, x[3], 19);
248  FF(a, b, c, d, x[4], 3);
249  FF(d, a, b, c, x[5], 7);
250  FF(c, d, a, b, x[6], 11);
251  FF(b, c, d, a, x[7], 19);
252  FF(a, b, c, d, x[8], 3);
253  FF(d, a, b, c, x[9], 7);
254  FF(c, d, a, b, x[10], 11);
255  FF(b, c, d, a, x[11], 19);
256  FF(a, b, c, d, x[12], 3);
257  FF(d, a, b, c, x[13], 7);
258  FF(c, d, a, b, x[14], 11);
259  FF(b, c, d, a, x[15], 19);
260 
261  //Round 2
262  GG(a, b, c, d, x[0], 3);
263  GG(d, a, b, c, x[4], 5);
264  GG(c, d, a, b, x[8], 9);
265  GG(b, c, d, a, x[12], 13);
266  GG(a, b, c, d, x[1], 3);
267  GG(d, a, b, c, x[5], 5);
268  GG(c, d, a, b, x[9], 9);
269  GG(b, c, d, a, x[13], 13);
270  GG(a, b, c, d, x[2], 3);
271  GG(d, a, b, c, x[6], 5);
272  GG(c, d, a, b, x[10], 9);
273  GG(b, c, d, a, x[14], 13);
274  GG(a, b, c, d, x[3], 3);
275  GG(d, a, b, c, x[7], 5);
276  GG(c, d, a, b, x[11], 9);
277  GG(b, c, d, a, x[15], 13);
278 
279  //Round 3
280  HH(a, b, c, d, x[0], 3);
281  HH(d, a, b, c, x[8], 9);
282  HH(c, d, a, b, x[4], 11);
283  HH(b, c, d, a, x[12], 15);
284  HH(a, b, c, d, x[2], 3);
285  HH(d, a, b, c, x[10], 9);
286  HH(c, d, a, b, x[6], 11);
287  HH(b, c, d, a, x[14], 15);
288  HH(a, b, c, d, x[1], 3);
289  HH(d, a, b, c, x[9], 9);
290  HH(c, d, a, b, x[5], 11);
291  HH(b, c, d, a, x[13], 15);
292  HH(a, b, c, d, x[3], 3);
293  HH(d, a, b, c, x[11], 9);
294  HH(c, d, a, b, x[7], 11);
295  HH(b, c, d, a, x[15], 15);
296 
297  //Update the hash value
298  context->h[0] += a;
299  context->h[1] += b;
300  context->h[2] += c;
301  context->h[3] += d;
302 }
303 
304 #endif
uint8_t length
Definition: dtls_misc.h:149
void(* HashAlgoInit)(void *context)
Definition: crypto.h:1094
uint8_t a
Definition: ndp.h:410
void md4Update(Md4Context *context, const void *data, size_t length)
Update the MD4 context with a portion of the message being hashed.
Definition: md4.c:143
uint8_t b[6]
Definition: dtls_misc.h:139
size_t size
Definition: md4.h:70
void md4Init(Md4Context *context)
Initialize MD4 message digest context.
Definition: md4.c:121
@ ERROR_OUT_OF_MEMORY
Definition: error.h:63
#define HH(a, b, c, d, x, s)
Definition: md4.c:53
const uint8_t md4Oid[8]
Definition: md4.c:65
void(* HashAlgoUpdate)(void *context, const void *data, size_t length)
Definition: crypto.h:1095
#define letoh32(value)
Definition: cpu_endian.h:414
#define FALSE
Definition: os_port.h:46
error_t
Error codes.
Definition: error.h:42
#define htole32(value)
Definition: cpu_endian.h:406
#define MD4_DIGEST_SIZE
Definition: md4.h:40
uint8_t digest[16]
Definition: md4.h:63
void md4ProcessBlock(Md4Context *context)
Process message in 16-word blocks.
Definition: md4.c:224
General definitions for cryptographic algorithms.
MD4 algorithm context.
Definition: md4.h:58
uint8_t buffer[64]
Definition: md4.h:68
#define MIN(a, b)
Definition: os_port.h:62
void(* HashAlgoFinal)(void *context, uint8_t *digest)
Definition: crypto.h:1096
#define FF(a, b, c, d, x, s)
Definition: md4.c:51
MD4 (Message-Digest Algorithm)
uint8_t n
#define MD4_MIN_PAD_SIZE
Definition: md4.h:42
#define cryptoMemcpy(dest, src, length)
Definition: crypto.h:642
uint32_t h[4]
Definition: md4.h:62
#define cryptoFreeMem(p)
Definition: crypto.h:630
uint32_t totalSize
#define GG(a, b, c, d, x, s)
Definition: md4.c:52
uint64_t totalSize
Definition: md4.h:71
error_t md4Compute(const void *data, size_t length, uint8_t *digest)
Digest a message using MD4.
Definition: md4.c:94
#define cryptoAllocMem(size)
Definition: crypto.h:625
Common interface for hash algorithms.
Definition: crypto.h:1128
#define MD4_BLOCK_SIZE
Definition: md4.h:38
unsigned int uint_t
Definition: compiler_port.h:45
uint8_t data[]
Definition: dtls_misc.h:176
error_t(* HashAlgoCompute)(const void *data, size_t length, uint8_t *digest)
Definition: crypto.h:1093
void md4Final(Md4Context *context, uint8_t *digest)
Finish the MD4 message digest.
Definition: md4.c:182
const HashAlgo md4HashAlgo
Definition: md4.c:68
uint32_t x[16]
Definition: md4.h:67
@ NO_ERROR
Success.
Definition: error.h:44
uint8_t c
Definition: ndp.h:513