md4.c
Go to the documentation of this file.
1 /**
2  * @file md4.c
3  * @brief MD4 (Message-Digest Algorithm)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2025 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @section Description
28  *
29  * The MD4 algorithm takes as input a message of arbitrary length and produces
30  * as output a 128-bit message digest of the input. Refer to RFC 1320
31  *
32  * @author Oryx Embedded SARL (www.oryx-embedded.com)
33  * @version 2.5.0
34  **/
35 
36 //Switch to the appropriate trace level
37 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
38 
39 //Dependencies
40 #include "core/crypto.h"
41 #include "hash/md4.h"
42 
43 //Check crypto library configuration
44 #if (MD4_SUPPORT == ENABLED)
45 
46 //MD4 auxiliary functions
47 #define F(x, y, z) (((x) & (y)) | (~(x) & (z)))
48 #define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
49 #define H(x, y, z) ((x) ^ (y) ^ (z))
50 
51 #define FF(a, b, c, d, x, s) a += F(b, c, d) + (x), a = ROL32(a, s)
52 #define GG(a, b, c, d, x, s) a += G(b, c, d) + (x) + 0x5A827999, a = ROL32(a, s)
53 #define HH(a, b, c, d, x, s) a += H(b, c, d) + (x) + 0x6ED9EBA1, a = ROL32(a, s)
54 
55 //MD4 padding
56 static const uint8_t padding[64] =
57 {
58  0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
59  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
60  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
61  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
62 };
63 
64 //MD4 object identifier (1.2.840.113549.2.4)
65 const uint8_t MD4_OID[8] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x04};
66 
67 //Common interface for hash algorithms
68 const HashAlgo md4HashAlgo =
69 {
70  "MD4",
71  MD4_OID,
72  sizeof(MD4_OID),
73  sizeof(Md4Context),
74  MD4_BLOCK_SIZE,
75  MD4_DIGEST_SIZE,
76  MD4_MIN_PAD_SIZE,
77  FALSE,
78  (HashAlgoCompute) md4Compute,
79  (HashAlgoInit) md4Init,
80  (HashAlgoUpdate) md4Update,
81  (HashAlgoFinal) md4Final,
82  NULL
83 };
84 
85 
86 /**
87  * @brief Digest a message using MD4
88  * @param[in] data Pointer to the message being hashed
89  * @param[in] length Length of the message
90  * @param[out] digest Pointer to the calculated digest
91  * @return Error code
92  **/
93 
94 error_t md4Compute(const void *data, size_t length, uint8_t *digest)
95 {
96 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
97  Md4Context *context;
98 #else
99  Md4Context context[1];
100 #endif
101 
102  //Check parameters
103  if(data == NULL && length != 0)
104  return ERROR_INVALID_PARAMETER;
105 
106  if(digest == NULL)
107  return ERROR_INVALID_PARAMETER;
108 
109 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
110  //Allocate a memory buffer to hold the MD4 context
111  context = cryptoAllocMem(sizeof(Md4Context));
112  //Failed to allocate memory?
113  if(context == NULL)
114  return ERROR_OUT_OF_MEMORY;
115 #endif
116 
117  //Initialize the MD4 context
118  md4Init(context);
119  //Digest the message
120  md4Update(context, data, length);
121  //Finalize the MD4 message digest
122  md4Final(context, digest);
123 
124 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
125  //Free previously allocated memory
126  cryptoFreeMem(context);
127 #endif
128 
129  //Successful operation
130  return NO_ERROR;
131 }
132 
133 
134 /**
135  * @brief Initialize MD4 message digest context
136  * @param[in] context Pointer to the MD4 context to initialize
137  **/
138 
139 void md4Init(Md4Context *context)
140 {
141  //Set initial hash value
142  context->h[0] = 0x67452301;
143  context->h[1] = 0xEFCDAB89;
144  context->h[2] = 0x98BADCFE;
145  context->h[3] = 0x10325476;
146 
147  //Number of bytes in the buffer
148  context->size = 0;
149  //Total length of the message
150  context->totalSize = 0;
151 }
152 
153 
154 /**
155  * @brief Update the MD4 context with a portion of the message being hashed
156  * @param[in] context Pointer to the MD4 context
157  * @param[in] data Pointer to the buffer being hashed
158  * @param[in] length Length of the buffer
159  **/
160 
161 void md4Update(Md4Context *context, const void *data, size_t length)
162 {
163  size_t n;
164 
165  //Process the incoming data
166  while(length > 0)
167  {
168  //The buffer can hold at most 64 bytes
169  n = MIN(length, 64 - context->size);
170 
171  //Copy the data to the buffer
172  osMemcpy(context->buffer + context->size, data, n);
173 
174  //Update the MD4 context
175  context->size += n;
176  context->totalSize += n;
177  //Advance the data pointer
178  data = (uint8_t *) data + n;
179  //Remaining bytes to process
180  length -= n;
181 
182  //Process message in 16-word blocks
183  if(context->size == 64)
184  {
185  //Transform the 16-word block
186  md4ProcessBlock(context);
187  //Empty the buffer
188  context->size = 0;
189  }
190  }
191 }
192 
193 
194 /**
195  * @brief Finish the MD4 message digest
196  * @param[in] context Pointer to the MD4 context
197  * @param[out] digest Calculated digest
198  **/
199 
200 void md4Final(Md4Context *context, uint8_t *digest)
201 {
202  uint_t i;
203  size_t paddingSize;
204  uint64_t totalSize;
205 
206  //Length of the original message (before padding)
207  totalSize = context->totalSize * 8;
208 
209  //Pad the message so that its length is congruent to 56 modulo 64
210  if(context->size < 56)
211  {
212  paddingSize = 56 - context->size;
213  }
214  else
215  {
216  paddingSize = 64 + 56 - context->size;
217  }
218 
219  //Append padding
220  md4Update(context, padding, paddingSize);
221 
222  //Append the length of the original message
223  for(i = 0; i < 8; i++)
224  {
225  context->buffer[56 + i] = totalSize & 0xFF;
226  totalSize >>= 8;
227  }
228 
229  //Calculate the message digest
230  md4ProcessBlock(context);
231 
232  //Copy the resulting digest
233  for(i = 0; i < (MD4_DIGEST_SIZE / 4); i++)
234  {
235  STORE32LE(context->h[i], digest + i * 4);
236  }
237 }
238 
239 
240 /**
241  * @brief Process message in 16-word blocks
242  * @param[in] context Pointer to the MD4 context
243  **/
244 
245 void md4ProcessBlock(Md4Context *context)
246 {
247  uint_t i;
248 
249  //Initialize the 4 working registers
250  uint32_t a = context->h[0];
251  uint32_t b = context->h[1];
252  uint32_t c = context->h[2];
253  uint32_t d = context->h[3];
254 
255  //Process message in 16-word blocks
256  uint32_t *x = context->x;
257 
258  //Convert from little-endian byte order to host byte order
259  for(i = 0; i < 16; i++)
260  {
261  x[i] = LOAD32LE(context->buffer + i * 4);
262  }
263 
264  //Round 1
265  FF(a, b, c, d, x[0], 3);
266  FF(d, a, b, c, x[1], 7);
267  FF(c, d, a, b, x[2], 11);
268  FF(b, c, d, a, x[3], 19);
269  FF(a, b, c, d, x[4], 3);
270  FF(d, a, b, c, x[5], 7);
271  FF(c, d, a, b, x[6], 11);
272  FF(b, c, d, a, x[7], 19);
273  FF(a, b, c, d, x[8], 3);
274  FF(d, a, b, c, x[9], 7);
275  FF(c, d, a, b, x[10], 11);
276  FF(b, c, d, a, x[11], 19);
277  FF(a, b, c, d, x[12], 3);
278  FF(d, a, b, c, x[13], 7);
279  FF(c, d, a, b, x[14], 11);
280  FF(b, c, d, a, x[15], 19);
281 
282  //Round 2
283  GG(a, b, c, d, x[0], 3);
284  GG(d, a, b, c, x[4], 5);
285  GG(c, d, a, b, x[8], 9);
286  GG(b, c, d, a, x[12], 13);
287  GG(a, b, c, d, x[1], 3);
288  GG(d, a, b, c, x[5], 5);
289  GG(c, d, a, b, x[9], 9);
290  GG(b, c, d, a, x[13], 13);
291  GG(a, b, c, d, x[2], 3);
292  GG(d, a, b, c, x[6], 5);
293  GG(c, d, a, b, x[10], 9);
294  GG(b, c, d, a, x[14], 13);
295  GG(a, b, c, d, x[3], 3);
296  GG(d, a, b, c, x[7], 5);
297  GG(c, d, a, b, x[11], 9);
298  GG(b, c, d, a, x[15], 13);
299 
300  //Round 3
301  HH(a, b, c, d, x[0], 3);
302  HH(d, a, b, c, x[8], 9);
303  HH(c, d, a, b, x[4], 11);
304  HH(b, c, d, a, x[12], 15);
305  HH(a, b, c, d, x[2], 3);
306  HH(d, a, b, c, x[10], 9);
307  HH(c, d, a, b, x[6], 11);
308  HH(b, c, d, a, x[14], 15);
309  HH(a, b, c, d, x[1], 3);
310  HH(d, a, b, c, x[9], 9);
311  HH(c, d, a, b, x[5], 11);
312  HH(b, c, d, a, x[13], 15);
313  HH(a, b, c, d, x[3], 3);
314  HH(d, a, b, c, x[11], 9);
315  HH(c, d, a, b, x[7], 11);
316  HH(b, c, d, a, x[15], 15);
317 
318  //Update the hash value
319  context->h[0] += a;
320  context->h[1] += b;
321  context->h[2] += c;
322  context->h[3] += d;
323 }
324 
325 #endif
b
uint8_t b
Definition: nbns_common.h:104
HashAlgoInit
void(* HashAlgoInit)(void *context)
Definition: crypto.h:1027
a
uint8_t a
Definition: ndp.h:411
md4Update
void md4Update(Md4Context *context, const void *data, size_t length)
Update the MD4 context with a portion of the message being hashed.
Definition: md4.c:161
x
uint8_t x
Definition: lldp_ext_med.h:211
Md4Context::size
size_t size
Definition: md4.h:64
data
uint8_t data[]
Definition: ethernet.h:222
STORE32LE
#define STORE32LE(a, p)
Definition: cpu_endian.h:279
md4Init
void md4Init(Md4Context *context)
Initialize MD4 message digest context.
Definition: md4.c:139
ERROR_OUT_OF_MEMORY
@ ERROR_OUT_OF_MEMORY
Definition: error.h:63
HH
#define HH(a, b, c, d, x, s)
Definition: md4.c:53
HashAlgoUpdate
void(* HashAlgoUpdate)(void *context, const void *data, size_t length)
Definition: crypto.h:1029
FALSE
#define FALSE
Definition: os_port.h:46
ERROR_INVALID_PARAMETER
@ ERROR_INVALID_PARAMETER
Invalid parameter.
Definition: error.h:47
osMemcpy
#define osMemcpy(dest, src, length)
Definition: os_port.h:144
error_t
error_t
Error codes.
Definition: error.h:43
MD4_DIGEST_SIZE
#define MD4_DIGEST_SIZE
Definition: md4.h:40
MD4_OID
const uint8_t MD4_OID[8]
Definition: md4.c:65
md4ProcessBlock
void md4ProcessBlock(Md4Context *context)
Process message in 16-word blocks.
Definition: md4.c:245
crypto.h
General definitions for cryptographic algorithms.
Md4Context
MD4 algorithm context.
Definition: md4.h:57
length
uint8_t length
Definition: tcp.h:375
Md4Context::buffer
uint8_t buffer[64]
Definition: md4.h:62
MIN
#define MIN(a, b)
Definition: os_port.h:63
HashAlgoFinal
void(* HashAlgoFinal)(void *context, uint8_t *digest)
Definition: crypto.h:1031
FF
#define FF(a, b, c, d, x, s)
Definition: md4.c:51
md4.h
MD4 (Message-Digest Algorithm)
n
uint8_t n
Definition: dhcpv6_common.h:416
MD4_MIN_PAD_SIZE
#define MD4_MIN_PAD_SIZE
Definition: md4.h:42
Md4Context::h
uint32_t h[4]
Definition: md4.h:58
cryptoFreeMem
#define cryptoFreeMem(p)
Definition: crypto.h:826
GG
#define GG(a, b, c, d, x, s)
Definition: md4.c:52
Md4Context::totalSize
uint64_t totalSize
Definition: md4.h:65
md4Compute
error_t md4Compute(const void *data, size_t length, uint8_t *digest)
Digest a message using MD4.
Definition: md4.c:94
cryptoAllocMem
#define cryptoAllocMem(size)
Definition: crypto.h:821
HashAlgo
Common interface for hash algorithms.
Definition: crypto.h:1082
LOAD32LE
#define LOAD32LE(p)
Definition: cpu_endian.h:203
MD4_BLOCK_SIZE
#define MD4_BLOCK_SIZE
Definition: md4.h:38
uint_t
unsigned int uint_t
Definition: compiler_port.h:57
HashAlgoCompute
error_t(* HashAlgoCompute)(const void *data, size_t length, uint8_t *digest)
Definition: crypto.h:1024
md4Final
void md4Final(Md4Context *context, uint8_t *digest)
Finish the MD4 message digest.
Definition: md4.c:200
md4HashAlgo
const HashAlgo md4HashAlgo
Definition: md4.c:68
Md4Context::x
uint32_t x[16]
Definition: md4.h:61
NO_ERROR
@ NO_ERROR
Success.
Definition: error.h:44
c
uint8_t c
Definition: ndp.h:514