md5.c
Go to the documentation of this file.
1 /**
2  * @file md5.c
3  * @brief MD5 (Message-Digest Algorithm)
4  *
5  * @section License
6  *
7  * Copyright (C) 2010-2018 Oryx Embedded SARL. All rights reserved.
8  *
9  * This file is part of CycloneCrypto Open.
10  *
11  * This program is free software; you can redistribute it and/or
12  * modify it under the terms of the GNU General Public License
13  * as published by the Free Software Foundation; either version 2
14  * of the License, or (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License
22  * along with this program; if not, write to the Free Software Foundation,
23  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
24  *
25  * @section Description
26  *
27  * The MD5 algorithm takes as input a message of arbitrary length and produces
28  * as output a 128-bit message digest of the input. Refer to RFC 1321
29  *
30  * @author Oryx Embedded SARL (www.oryx-embedded.com)
31  * @version 1.9.0
32  **/
33 
34 //Switch to the appropriate trace level
35 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
36 
37 //Dependencies
38 #include "core/crypto.h"
39 #include "hash/md5.h"
40 
41 //Check crypto library configuration
42 #if (MD5_SUPPORT == ENABLED)
43 
44 //MD5 auxiliary functions
45 #define F(x, y, z) (((x) & (y)) | (~(x) & (z)))
46 #define G(x, y, z) (((x) & (z)) | ((y) & ~(z)))
47 #define H(x, y, z) ((x) ^ (y) ^ (z))
48 #define I(x, y, z) ((y) ^ ((x) | ~(z)))
49 
50 #define FF(a, b, c, d, x, s, k) a += F(b, c, d) + (x) + (k), a = ROL32(a, s) + (b)
51 #define GG(a, b, c, d, x, s, k) a += G(b, c, d) + (x) + (k), a = ROL32(a, s) + (b)
52 #define HH(a, b, c, d, x, s, k) a += H(b, c, d) + (x) + (k), a = ROL32(a, s) + (b)
53 #define II(a, b, c, d, x, s, k) a += I(b, c, d) + (x) + (k), a = ROL32(a, s) + (b)
54 
55 //MD5 padding
56 static const uint8_t padding[64] =
57 {
58  0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
59  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
60  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
61  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
62 };
63 
64 //MD5 constants
65 static const uint32_t k[64] =
66 {
67  0xD76AA478, 0xE8C7B756, 0x242070DB, 0xC1BDCEEE, 0xF57C0FAF, 0x4787C62A, 0xA8304613, 0xFD469501,
68  0x698098D8, 0x8B44F7AF, 0xFFFF5BB1, 0x895CD7BE, 0x6B901122, 0xFD987193, 0xA679438E, 0x49B40821,
69  0xF61E2562, 0xC040B340, 0x265E5A51, 0xE9B6C7AA, 0xD62F105D, 0x02441453, 0xD8A1E681, 0xE7D3FBC8,
70  0x21E1CDE6, 0xC33707D6, 0xF4D50D87, 0x455A14ED, 0xA9E3E905, 0xFCEFA3F8, 0x676F02D9, 0x8D2A4C8A,
71  0xFFFA3942, 0x8771F681, 0x6D9D6122, 0xFDE5380C, 0xA4BEEA44, 0x4BDECFA9, 0xF6BB4B60, 0xBEBFBC70,
72  0x289B7EC6, 0xEAA127FA, 0xD4EF3085, 0x04881D05, 0xD9D4D039, 0xE6DB99E5, 0x1FA27CF8, 0xC4AC5665,
73  0xF4292244, 0x432AFF97, 0xAB9423A7, 0xFC93A039, 0x655B59C3, 0x8F0CCC92, 0xFFEFF47D, 0x85845DD1,
74  0x6FA87E4F, 0xFE2CE6E0, 0xA3014314, 0x4E0811A1, 0xF7537E82, 0xBD3AF235, 0x2AD7D2BB, 0xEB86D391
75 };
76 
77 //MD5 object identifier (1.2.840.113549.2.5)
78 const uint8_t md5Oid[8] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05};
79 
80 //Common interface for hash algorithms
82 {
83  "MD5",
84  md5Oid,
85  sizeof(md5Oid),
86  sizeof(Md5Context),
93 };
94 
95 
96 /**
97  * @brief Digest a message using MD5
98  * @param[in] data Pointer to the message being hashed
99  * @param[in] length Length of the message
100  * @param[out] digest Pointer to the calculated digest
101  * @return Error code
102  **/
103 
104 error_t md5Compute(const void *data, size_t length, uint8_t *digest)
105 {
106  //Allocate a memory buffer to hold the MD5 context
107  Md5Context *context = cryptoAllocMem(sizeof(Md5Context));
108  //Failed to allocate memory?
109  if(context == NULL)
110  return ERROR_OUT_OF_MEMORY;
111 
112  //Initialize the MD5 context
113  md5Init(context);
114  //Digest the message
115  md5Update(context, data, length);
116  //Finalize the MD5 message digest
117  md5Final(context, digest);
118 
119  //Free previously allocated memory
120  cryptoFreeMem(context);
121  //Successful processing
122  return NO_ERROR;
123 }
124 
125 
126 /**
127  * @brief Initialize MD5 message digest context
128  * @param[in] context Pointer to the MD5 context to initialize
129  **/
130 
131 void md5Init(Md5Context *context)
132 {
133  //Set initial hash value
134  context->h[0] = 0x67452301;
135  context->h[1] = 0xEFCDAB89;
136  context->h[2] = 0x98BADCFE;
137  context->h[3] = 0x10325476;
138 
139  //Number of bytes in the buffer
140  context->size = 0;
141  //Total length of the message
142  context->totalSize = 0;
143 }
144 
145 
146 /**
147  * @brief Update the MD5 context with a portion of the message being hashed
148  * @param[in] context Pointer to the MD5 context
149  * @param[in] data Pointer to the buffer being hashed
150  * @param[in] length Length of the buffer
151  **/
152 
153 void md5Update(Md5Context *context, const void *data, size_t length)
154 {
155  size_t n;
156 
157  //Process the incoming data
158  while(length > 0)
159  {
160  //The buffer can hold at most 64 bytes
161  n = MIN(length, 64 - context->size);
162 
163  //Copy the data to the buffer
164  cryptoMemcpy(context->buffer + context->size, data, n);
165 
166  //Update the MD5 context
167  context->size += n;
168  context->totalSize += n;
169  //Advance the data pointer
170  data = (uint8_t *) data + n;
171  //Remaining bytes to process
172  length -= n;
173 
174  //Process message in 16-word blocks
175  if(context->size == 64)
176  {
177  //Transform the 16-word block
178  md5ProcessBlock(context);
179  //Empty the buffer
180  context->size = 0;
181  }
182  }
183 }
184 
185 
186 /**
187  * @brief Finish the MD5 message digest
188  * @param[in] context Pointer to the MD5 context
189  * @param[out] digest Calculated digest (optional parameter)
190  **/
191 
192 void md5Final(Md5Context *context, uint8_t *digest)
193 {
194  uint_t i;
195  size_t paddingSize;
196  uint64_t totalSize;
197 
198  //Length of the original message (before padding)
199  totalSize = context->totalSize * 8;
200 
201  //Pad the message so that its length is congruent to 56 modulo 64
202  if(context->size < 56)
203  paddingSize = 56 - context->size;
204  else
205  paddingSize = 64 + 56 - context->size;
206 
207  //Append padding
208  md5Update(context, padding, paddingSize);
209 
210  //Append the length of the original message
211  context->x[14] = htole32((uint32_t) totalSize);
212  context->x[15] = htole32((uint32_t) (totalSize >> 32));
213 
214  //Calculate the message digest
215  md5ProcessBlock(context);
216 
217  //Convert from host byte order to little-endian byte order
218  for(i = 0; i < 4; i++)
219  context->h[i] = htole32(context->h[i]);
220 
221  //Copy the resulting digest
222  if(digest != NULL)
223  cryptoMemcpy(digest, context->digest, MD5_DIGEST_SIZE);
224 }
225 
226 
227 /**
228  * @brief Process message in 16-word blocks
229  * @param[in] context Pointer to the MD5 context
230  **/
231 
233 {
234  uint_t i;
235 
236  //Initialize the 4 working registers
237  uint32_t a = context->h[0];
238  uint32_t b = context->h[1];
239  uint32_t c = context->h[2];
240  uint32_t d = context->h[3];
241 
242  //Process message in 16-word blocks
243  uint32_t *x = context->x;
244 
245  //Convert from little-endian byte order to host byte order
246  for(i = 0; i < 16; i++)
247  x[i] = letoh32(x[i]);
248 
249  //Round 1
250  FF(a, b, c, d, x[0], 7, k[0]);
251  FF(d, a, b, c, x[1], 12, k[1]);
252  FF(c, d, a, b, x[2], 17, k[2]);
253  FF(b, c, d, a, x[3], 22, k[3]);
254  FF(a, b, c, d, x[4], 7, k[4]);
255  FF(d, a, b, c, x[5], 12, k[5]);
256  FF(c, d, a, b, x[6], 17, k[6]);
257  FF(b, c, d, a, x[7], 22, k[7]);
258  FF(a, b, c, d, x[8], 7, k[8]);
259  FF(d, a, b, c, x[9], 12, k[9]);
260  FF(c, d, a, b, x[10], 17, k[10]);
261  FF(b, c, d, a, x[11], 22, k[11]);
262  FF(a, b, c, d, x[12], 7, k[12]);
263  FF(d, a, b, c, x[13], 12, k[13]);
264  FF(c, d, a, b, x[14], 17, k[14]);
265  FF(b, c, d, a, x[15], 22, k[15]);
266 
267  //Round 2
268  GG(a, b, c, d, x[1], 5, k[16]);
269  GG(d, a, b, c, x[6], 9, k[17]);
270  GG(c, d, a, b, x[11], 14, k[18]);
271  GG(b, c, d, a, x[0], 20, k[19]);
272  GG(a, b, c, d, x[5], 5, k[20]);
273  GG(d, a, b, c, x[10], 9, k[21]);
274  GG(c, d, a, b, x[15], 14, k[22]);
275  GG(b, c, d, a, x[4], 20, k[23]);
276  GG(a, b, c, d, x[9], 5, k[24]);
277  GG(d, a, b, c, x[14], 9, k[25]);
278  GG(c, d, a, b, x[3], 14, k[26]);
279  GG(b, c, d, a, x[8], 20, k[27]);
280  GG(a, b, c, d, x[13], 5, k[28]);
281  GG(d, a, b, c, x[2], 9, k[29]);
282  GG(c, d, a, b, x[7], 14, k[30]);
283  GG(b, c, d, a, x[12], 20, k[31]);
284 
285  //Round 3
286  HH(a, b, c, d, x[5], 4, k[32]);
287  HH(d, a, b, c, x[8], 11, k[33]);
288  HH(c, d, a, b, x[11], 16, k[34]);
289  HH(b, c, d, a, x[14], 23, k[35]);
290  HH(a, b, c, d, x[1], 4, k[36]);
291  HH(d, a, b, c, x[4], 11, k[37]);
292  HH(c, d, a, b, x[7], 16, k[38]);
293  HH(b, c, d, a, x[10], 23, k[39]);
294  HH(a, b, c, d, x[13], 4, k[40]);
295  HH(d, a, b, c, x[0], 11, k[41]);
296  HH(c, d, a, b, x[3], 16, k[42]);
297  HH(b, c, d, a, x[6], 23, k[43]);
298  HH(a, b, c, d, x[9], 4, k[44]);
299  HH(d, a, b, c, x[12], 11, k[45]);
300  HH(c, d, a, b, x[15], 16, k[46]);
301  HH(b, c, d, a, x[2], 23, k[47]);
302 
303  //Round 4
304  II(a, b, c, d, x[0], 6, k[48]);
305  II(d, a, b, c, x[7], 10, k[49]);
306  II(c, d, a, b, x[14], 15, k[50]);
307  II(b, c, d, a, x[5], 21, k[51]);
308  II(a, b, c, d, x[12], 6, k[52]);
309  II(d, a, b, c, x[3], 10, k[53]);
310  II(c, d, a, b, x[10], 15, k[54]);
311  II(b, c, d, a, x[1], 21, k[55]);
312  II(a, b, c, d, x[8], 6, k[56]);
313  II(d, a, b, c, x[15], 10, k[57]);
314  II(c, d, a, b, x[6], 15, k[58]);
315  II(b, c, d, a, x[13], 21, k[59]);
316  II(a, b, c, d, x[4], 6, k[60]);
317  II(d, a, b, c, x[11], 10, k[61]);
318  II(c, d, a, b, x[2], 15, k[62]);
319  II(b, c, d, a, x[9], 21, k[63]);
320 
321  //Update the hash value
322  context->h[0] += a;
323  context->h[1] += b;
324  context->h[2] += c;
325  context->h[3] += d;
326 }
327 
328 #endif
#define GG(a, b, c, d, x, s, k)
Definition: md5.c:51
error_t md5Compute(const void *data, size_t length, uint8_t *digest)
Digest a message using MD5.
Definition: md5.c:104
uint8_t c
Definition: ndp.h:510
#define cryptoMemcpy(dest, src, length)
Definition: crypto.h:590
#define cryptoFreeMem(p)
Definition: crypto.h:578
size_t size
Definition: md5.h:66
error_t(* HashAlgoCompute)(const void *data, size_t length, uint8_t *digest)
Definition: crypto.h:1020
#define cryptoAllocMem(size)
Definition: crypto.h:573
General definitions for cryptographic algorithms.
uint32_t x[16]
Definition: md5.h:63
uint32_t totalSize
uint8_t a
Definition: ndp.h:407
void md5Final(Md5Context *context, uint8_t *digest)
Finish the MD5 message digest.
Definition: md5.c:192
void(* HashAlgoInit)(void *context)
Definition: crypto.h:1021
const uint8_t md5Oid[8]
Definition: md5.c:78
#define htole32(value)
Definition: cpu_endian.h:404
uint8_t digest[16]
Definition: md5.h:59
uint32_t h[4]
Definition: md5.h:58
MD5 algorithm context.
Definition: md5.h:54
#define MIN(a, b)
Definition: os_port.h:60
#define II(a, b, c, d, x, s, k)
Definition: md5.c:53
#define MD5_BLOCK_SIZE
Definition: md5.h:36
uint8_t buffer[64]
Definition: md5.h:64
void(* HashAlgoUpdate)(void *context, const void *data, size_t length)
Definition: crypto.h:1022
Success.
Definition: error.h:42
error_t
Error codes.
Definition: error.h:40
unsigned int uint_t
Definition: compiler_port.h:43
#define FF(a, b, c, d, x, s, k)
Definition: md5.c:50
const HashAlgo md5HashAlgo
Definition: md5.c:81
uint8_t data[]
Definition: dtls_misc.h:167
uint64_t totalSize
Definition: md5.h:67
void md5Init(Md5Context *context)
Initialize MD5 message digest context.
Definition: md5.c:131
#define MD5_DIGEST_SIZE
Definition: md5.h:38
#define letoh32(value)
Definition: cpu_endian.h:412
Common interface for hash algorithms.
Definition: crypto.h:1054
uint8_t length
Definition: dtls_misc.h:140
uint8_t n
MD5 (Message-Digest Algorithm)
void md5ProcessBlock(Md5Context *context)
Process message in 16-word blocks.
Definition: md5.c:232
uint8_t b[6]
Definition: dtls_misc.h:130
#define HH(a, b, c, d, x, s, k)
Definition: md5.c:52
void(* HashAlgoFinal)(void *context, uint8_t *digest)
Definition: crypto.h:1023
void md5Update(Md5Context *context, const void *data, size_t length)
Update the MD5 context with a portion of the message being hashed.
Definition: md5.c:153