md4.c
Go to the documentation of this file.
1 /**
2  * @file md4.c
3  * @brief MD4 (Message-Digest Algorithm)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2020 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @section Description
28  *
29  * The MD4 algorithm takes as input a message of arbitrary length and produces
30  * as output a 128-bit message digest of the input. Refer to RFC 1320
31  *
32  * @author Oryx Embedded SARL (www.oryx-embedded.com)
33  * @version 1.9.8
34  **/
35 
36 //Switch to the appropriate trace level
37 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
38 
39 //Dependencies
40 #include "core/crypto.h"
41 #include "hash/md4.h"
42 
43 //Check crypto library configuration
44 #if (MD4_SUPPORT == ENABLED)
45 
46 //MD4 auxiliary functions
47 #define F(x, y, z) (((x) & (y)) | (~(x) & (z)))
48 #define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
49 #define H(x, y, z) ((x) ^ (y) ^ (z))
50 
51 #define FF(a, b, c, d, x, s) a += F(b, c, d) + (x), a = ROL32(a, s)
52 #define GG(a, b, c, d, x, s) a += G(b, c, d) + (x) + 0x5A827999, a = ROL32(a, s)
53 #define HH(a, b, c, d, x, s) a += H(b, c, d) + (x) + 0x6ED9EBA1, a = ROL32(a, s)
54 
55 //MD4 padding
56 static const uint8_t padding[64] =
57 {
58  0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
59  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
60  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
61  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
62 };
63 
64 //MD4 object identifier (1.2.840.113549.2.4)
65 const uint8_t md4Oid[8] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x04};
66 
67 //Common interface for hash algorithms
69 {
70  "MD4",
71  md4Oid,
72  sizeof(md4Oid),
73  sizeof(Md4Context),
77  FALSE,
82  NULL
83 };
84 
85 
86 /**
87  * @brief Digest a message using MD4
88  * @param[in] data Pointer to the message being hashed
89  * @param[in] length Length of the message
90  * @param[out] digest Pointer to the calculated digest
91  * @return Error code
92  **/
93 
94 error_t md4Compute(const void *data, size_t length, uint8_t *digest)
95 {
96  //Allocate a memory buffer to hold the MD4 context
97  Md4Context *context = cryptoAllocMem(sizeof(Md4Context));
98  //Failed to allocate memory?
99  if(context == NULL)
100  return ERROR_OUT_OF_MEMORY;
101 
102  //Initialize the MD4 context
103  md4Init(context);
104  //Digest the message
105  md4Update(context, data, length);
106  //Finalize the MD4 message digest
107  md4Final(context, digest);
108 
109  //Free previously allocated memory
110  cryptoFreeMem(context);
111  //Successful processing
112  return NO_ERROR;
113 }
114 
115 
116 /**
117  * @brief Initialize MD4 message digest context
118  * @param[in] context Pointer to the MD4 context to initialize
119  **/
120 
121 void md4Init(Md4Context *context)
122 {
123  //Set initial hash value
124  context->h[0] = 0x67452301;
125  context->h[1] = 0xEFCDAB89;
126  context->h[2] = 0x98BADCFE;
127  context->h[3] = 0x10325476;
128 
129  //Number of bytes in the buffer
130  context->size = 0;
131  //Total length of the message
132  context->totalSize = 0;
133 }
134 
135 
136 /**
137  * @brief Update the MD4 context with a portion of the message being hashed
138  * @param[in] context Pointer to the MD4 context
139  * @param[in] data Pointer to the buffer being hashed
140  * @param[in] length Length of the buffer
141  **/
142 
143 void md4Update(Md4Context *context, const void *data, size_t length)
144 {
145  size_t n;
146 
147  //Process the incoming data
148  while(length > 0)
149  {
150  //The buffer can hold at most 64 bytes
151  n = MIN(length, 64 - context->size);
152 
153  //Copy the data to the buffer
154  osMemcpy(context->buffer + context->size, data, n);
155 
156  //Update the MD4 context
157  context->size += n;
158  context->totalSize += n;
159  //Advance the data pointer
160  data = (uint8_t *) data + n;
161  //Remaining bytes to process
162  length -= n;
163 
164  //Process message in 16-word blocks
165  if(context->size == 64)
166  {
167  //Transform the 16-word block
168  md4ProcessBlock(context);
169  //Empty the buffer
170  context->size = 0;
171  }
172  }
173 }
174 
175 
176 /**
177  * @brief Finish the MD4 message digest
178  * @param[in] context Pointer to the MD4 context
179  * @param[out] digest Calculated digest (optional parameter)
180  **/
181 
182 void md4Final(Md4Context *context, uint8_t *digest)
183 {
184  uint_t i;
185  size_t paddingSize;
186  uint64_t totalSize;
187 
188  //Length of the original message (before padding)
189  totalSize = context->totalSize * 8;
190 
191  //Pad the message so that its length is congruent to 56 modulo 64
192  if(context->size < 56)
193  {
194  paddingSize = 56 - context->size;
195  }
196  else
197  {
198  paddingSize = 64 + 56 - context->size;
199  }
200 
201  //Append padding
202  md4Update(context, padding, paddingSize);
203 
204  //Append the length of the original message
205  context->x[14] = htole32((uint32_t) totalSize);
206  context->x[15] = htole32((uint32_t) (totalSize >> 32));
207 
208  //Calculate the message digest
209  md4ProcessBlock(context);
210 
211  //Convert from host byte order to little-endian byte order
212  for(i = 0; i < 4; i++)
213  {
214  context->h[i] = htole32(context->h[i]);
215  }
216 
217  //Copy the resulting digest
218  if(digest != NULL)
219  osMemcpy(digest, context->digest, MD4_DIGEST_SIZE);
220 }
221 
222 
223 /**
224  * @brief Process message in 16-word blocks
225  * @param[in] context Pointer to the MD4 context
226  **/
227 
229 {
230  uint_t i;
231 
232  //Initialize the 4 working registers
233  uint32_t a = context->h[0];
234  uint32_t b = context->h[1];
235  uint32_t c = context->h[2];
236  uint32_t d = context->h[3];
237 
238  //Process message in 16-word blocks
239  uint32_t *x = context->x;
240 
241  //Convert from little-endian byte order to host byte order
242  for(i = 0; i < 16; i++)
243  {
244  x[i] = letoh32(x[i]);
245  }
246 
247  //Round 1
248  FF(a, b, c, d, x[0], 3);
249  FF(d, a, b, c, x[1], 7);
250  FF(c, d, a, b, x[2], 11);
251  FF(b, c, d, a, x[3], 19);
252  FF(a, b, c, d, x[4], 3);
253  FF(d, a, b, c, x[5], 7);
254  FF(c, d, a, b, x[6], 11);
255  FF(b, c, d, a, x[7], 19);
256  FF(a, b, c, d, x[8], 3);
257  FF(d, a, b, c, x[9], 7);
258  FF(c, d, a, b, x[10], 11);
259  FF(b, c, d, a, x[11], 19);
260  FF(a, b, c, d, x[12], 3);
261  FF(d, a, b, c, x[13], 7);
262  FF(c, d, a, b, x[14], 11);
263  FF(b, c, d, a, x[15], 19);
264 
265  //Round 2
266  GG(a, b, c, d, x[0], 3);
267  GG(d, a, b, c, x[4], 5);
268  GG(c, d, a, b, x[8], 9);
269  GG(b, c, d, a, x[12], 13);
270  GG(a, b, c, d, x[1], 3);
271  GG(d, a, b, c, x[5], 5);
272  GG(c, d, a, b, x[9], 9);
273  GG(b, c, d, a, x[13], 13);
274  GG(a, b, c, d, x[2], 3);
275  GG(d, a, b, c, x[6], 5);
276  GG(c, d, a, b, x[10], 9);
277  GG(b, c, d, a, x[14], 13);
278  GG(a, b, c, d, x[3], 3);
279  GG(d, a, b, c, x[7], 5);
280  GG(c, d, a, b, x[11], 9);
281  GG(b, c, d, a, x[15], 13);
282 
283  //Round 3
284  HH(a, b, c, d, x[0], 3);
285  HH(d, a, b, c, x[8], 9);
286  HH(c, d, a, b, x[4], 11);
287  HH(b, c, d, a, x[12], 15);
288  HH(a, b, c, d, x[2], 3);
289  HH(d, a, b, c, x[10], 9);
290  HH(c, d, a, b, x[6], 11);
291  HH(b, c, d, a, x[14], 15);
292  HH(a, b, c, d, x[1], 3);
293  HH(d, a, b, c, x[9], 9);
294  HH(c, d, a, b, x[5], 11);
295  HH(b, c, d, a, x[13], 15);
296  HH(a, b, c, d, x[3], 3);
297  HH(d, a, b, c, x[11], 9);
298  HH(c, d, a, b, x[7], 11);
299  HH(b, c, d, a, x[15], 15);
300 
301  //Update the hash value
302  context->h[0] += a;
303  context->h[1] += b;
304  context->h[2] += c;
305  context->h[3] += d;
306 }
307 
308 #endif
uint8_t length
Definition: coap_common.h:190
void(* HashAlgoInit)(void *context)
Definition: crypto.h:1028
uint8_t a
Definition: ndp.h:410
uint8_t data[]
Definition: ethernet.h:209
void md4Update(Md4Context *context, const void *data, size_t length)
Update the MD4 context with a portion of the message being hashed.
Definition: md4.c:143
size_t size
Definition: md4.h:70
void md4Init(Md4Context *context)
Initialize MD4 message digest context.
Definition: md4.c:121
#define HH(a, b, c, d, x, s)
Definition: md4.c:53
const uint8_t md4Oid[8]
Definition: md4.c:65
void(* HashAlgoUpdate)(void *context, const void *data, size_t length)
Definition: crypto.h:1029
#define letoh32(value)
Definition: cpu_endian.h:438
#define FALSE
Definition: os_port.h:46
#define osMemcpy(dest, src, length)
Definition: os_port.h:134
error_t
Error codes.
Definition: error.h:42
#define htole32(value)
Definition: cpu_endian.h:430
#define MD4_DIGEST_SIZE
Definition: md4.h:40
uint8_t digest[16]
Definition: md4.h:63
void md4ProcessBlock(Md4Context *context)
Process message in 16-word blocks.
Definition: md4.c:228
General definitions for cryptographic algorithms.
MD4 algorithm context.
Definition: md4.h:58
uint8_t buffer[64]
Definition: md4.h:68
#define MIN(a, b)
Definition: os_port.h:62
void(* HashAlgoFinal)(void *context, uint8_t *digest)
Definition: crypto.h:1030
uint8_t b[6]
Definition: ethernet.h:179
#define FF(a, b, c, d, x, s)
Definition: md4.c:51
MD4 (Message-Digest Algorithm)
uint8_t n
#define MD4_MIN_PAD_SIZE
Definition: md4.h:42
uint32_t h[4]
Definition: md4.h:62
#define cryptoFreeMem(p)
Definition: crypto.h:630
uint32_t totalSize
#define GG(a, b, c, d, x, s)
Definition: md4.c:52
uint64_t totalSize
Definition: md4.h:71
error_t md4Compute(const void *data, size_t length, uint8_t *digest)
Digest a message using MD4.
Definition: md4.c:94
#define cryptoAllocMem(size)
Definition: crypto.h:625
Common interface for hash algorithms.
Definition: crypto.h:1062
#define MD4_BLOCK_SIZE
Definition: md4.h:38
unsigned int uint_t
Definition: compiler_port.h:45
error_t(* HashAlgoCompute)(const void *data, size_t length, uint8_t *digest)
Definition: crypto.h:1027
void md4Final(Md4Context *context, uint8_t *digest)
Finish the MD4 message digest.
Definition: md4.c:182
const HashAlgo md4HashAlgo
Definition: md4.c:68
uint32_t x[16]
Definition: md4.h:67
Success.
Definition: error.h:44
uint8_t c
Definition: ndp.h:513