md5.c
Go to the documentation of this file.
1 /**
2  * @file md5.c
3  * @brief MD5 (Message-Digest Algorithm)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @section Description
28  *
29  * The MD5 algorithm takes as input a message of arbitrary length and produces
30  * as output a 128-bit message digest of the input. Refer to RFC 1321
31  *
32  * @author Oryx Embedded SARL (www.oryx-embedded.com)
33  * @version 2.4.4
34  **/
35 
36 //Switch to the appropriate trace level
37 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
38 
39 //Dependencies
40 #include "core/crypto.h"
41 #include "hash/md5.h"
42 
43 //Check crypto library configuration
44 #if (MD5_SUPPORT == ENABLED)
45 
46 //MD5 auxiliary functions
47 #define F(x, y, z) (((x) & (y)) | (~(x) & (z)))
48 #define G(x, y, z) (((x) & (z)) | ((y) & ~(z)))
49 #define H(x, y, z) ((x) ^ (y) ^ (z))
50 #define I(x, y, z) ((y) ^ ((x) | ~(z)))
51 
52 #define FF(a, b, c, d, x, s, k) a += F(b, c, d) + (x) + (k), a = ROL32(a, s) + (b)
53 #define GG(a, b, c, d, x, s, k) a += G(b, c, d) + (x) + (k), a = ROL32(a, s) + (b)
54 #define HH(a, b, c, d, x, s, k) a += H(b, c, d) + (x) + (k), a = ROL32(a, s) + (b)
55 #define II(a, b, c, d, x, s, k) a += I(b, c, d) + (x) + (k), a = ROL32(a, s) + (b)
56 
57 //MD5 padding
58 static const uint8_t padding[64] =
59 {
60  0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
61  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
62  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
63  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
64 };
65 
66 //MD5 constants
67 static const uint32_t k[64] =
68 {
69  0xD76AA478, 0xE8C7B756, 0x242070DB, 0xC1BDCEEE, 0xF57C0FAF, 0x4787C62A, 0xA8304613, 0xFD469501,
70  0x698098D8, 0x8B44F7AF, 0xFFFF5BB1, 0x895CD7BE, 0x6B901122, 0xFD987193, 0xA679438E, 0x49B40821,
71  0xF61E2562, 0xC040B340, 0x265E5A51, 0xE9B6C7AA, 0xD62F105D, 0x02441453, 0xD8A1E681, 0xE7D3FBC8,
72  0x21E1CDE6, 0xC33707D6, 0xF4D50D87, 0x455A14ED, 0xA9E3E905, 0xFCEFA3F8, 0x676F02D9, 0x8D2A4C8A,
73  0xFFFA3942, 0x8771F681, 0x6D9D6122, 0xFDE5380C, 0xA4BEEA44, 0x4BDECFA9, 0xF6BB4B60, 0xBEBFBC70,
74  0x289B7EC6, 0xEAA127FA, 0xD4EF3085, 0x04881D05, 0xD9D4D039, 0xE6DB99E5, 0x1FA27CF8, 0xC4AC5665,
75  0xF4292244, 0x432AFF97, 0xAB9423A7, 0xFC93A039, 0x655B59C3, 0x8F0CCC92, 0xFFEFF47D, 0x85845DD1,
76  0x6FA87E4F, 0xFE2CE6E0, 0xA3014314, 0x4E0811A1, 0xF7537E82, 0xBD3AF235, 0x2AD7D2BB, 0xEB86D391
77 };
78 
79 //MD5 object identifier (1.2.840.113549.2.5)
80 const uint8_t MD5_OID[8] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05};
81 
82 //Common interface for hash algorithms
83 const HashAlgo md5HashAlgo =
84 {
85  "MD5",
86  MD5_OID,
87  sizeof(MD5_OID),
88  sizeof(Md5Context),
89  MD5_BLOCK_SIZE,
90  MD5_DIGEST_SIZE,
91  MD5_MIN_PAD_SIZE,
92  FALSE,
93  (HashAlgoCompute) md5Compute,
94  (HashAlgoInit) md5Init,
95  (HashAlgoUpdate) md5Update,
96  (HashAlgoFinal) md5Final,
97  (HashAlgoFinalRaw) md5FinalRaw
98 };
99 
100 
101 /**
102  * @brief Digest a message using MD5
103  * @param[in] data Pointer to the message being hashed
104  * @param[in] length Length of the message
105  * @param[out] digest Pointer to the calculated digest
106  * @return Error code
107  **/
108 
109 __weak_func error_t md5Compute(const void *data, size_t length, uint8_t *digest)
110 {
111 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
112  Md5Context *context;
113 #else
114  Md5Context context[1];
115 #endif
116 
117  //Check parameters
118  if(data == NULL && length != 0)
119  return ERROR_INVALID_PARAMETER;
120 
121  if(digest == NULL)
122  return ERROR_INVALID_PARAMETER;
123 
124 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
125  //Allocate a memory buffer to hold the MD5 context
126  context = cryptoAllocMem(sizeof(Md5Context));
127  //Failed to allocate memory?
128  if(context == NULL)
129  return ERROR_OUT_OF_MEMORY;
130 #endif
131 
132  //Initialize the MD5 context
133  md5Init(context);
134  //Digest the message
135  md5Update(context, data, length);
136  //Finalize the MD5 message digest
137  md5Final(context, digest);
138 
139 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
140  //Free previously allocated memory
141  cryptoFreeMem(context);
142 #endif
143 
144  //Successful operation
145  return NO_ERROR;
146 }
147 
148 
149 /**
150  * @brief Initialize MD5 message digest context
151  * @param[in] context Pointer to the MD5 context to initialize
152  **/
153 
154 __weak_func void md5Init(Md5Context *context)
155 {
156  //Set initial hash value
157  context->h[0] = 0x67452301;
158  context->h[1] = 0xEFCDAB89;
159  context->h[2] = 0x98BADCFE;
160  context->h[3] = 0x10325476;
161 
162  //Number of bytes in the buffer
163  context->size = 0;
164  //Total length of the message
165  context->totalSize = 0;
166 }
167 
168 
169 /**
170  * @brief Update the MD5 context with a portion of the message being hashed
171  * @param[in] context Pointer to the MD5 context
172  * @param[in] data Pointer to the buffer being hashed
173  * @param[in] length Length of the buffer
174  **/
175 
176 __weak_func void md5Update(Md5Context *context, const void *data, size_t length)
177 {
178  size_t n;
179 
180  //Process the incoming data
181  while(length > 0)
182  {
183  //The buffer can hold at most 64 bytes
184  n = MIN(length, 64 - context->size);
185 
186  //Copy the data to the buffer
187  osMemcpy(context->buffer + context->size, data, n);
188 
189  //Update the MD5 context
190  context->size += n;
191  context->totalSize += n;
192  //Advance the data pointer
193  data = (uint8_t *) data + n;
194  //Remaining bytes to process
195  length -= n;
196 
197  //Process message in 16-word blocks
198  if(context->size == 64)
199  {
200  //Transform the 16-word block
201  md5ProcessBlock(context);
202  //Empty the buffer
203  context->size = 0;
204  }
205  }
206 }
207 
208 
209 /**
210  * @brief Finish the MD5 message digest
211  * @param[in] context Pointer to the MD5 context
212  * @param[out] digest Calculated digest (optional parameter)
213  **/
214 
215 __weak_func void md5Final(Md5Context *context, uint8_t *digest)
216 {
217  uint_t i;
218  size_t paddingSize;
219  uint64_t totalSize;
220 
221  //Length of the original message (before padding)
222  totalSize = context->totalSize * 8;
223 
224  //Pad the message so that its length is congruent to 56 modulo 64
225  if(context->size < 56)
226  {
227  paddingSize = 56 - context->size;
228  }
229  else
230  {
231  paddingSize = 64 + 56 - context->size;
232  }
233 
234  //Append padding
235  md5Update(context, padding, paddingSize);
236 
237  //Append the length of the original message
238  context->x[14] = htole32((uint32_t) totalSize);
239  context->x[15] = htole32((uint32_t) (totalSize >> 32));
240 
241  //Calculate the message digest
242  md5ProcessBlock(context);
243 
244  //Convert from host byte order to little-endian byte order
245  for(i = 0; i < 4; i++)
246  {
247  context->h[i] = htole32(context->h[i]);
248  }
249 
250  //Copy the resulting digest
251  if(digest != NULL)
252  {
253  osMemcpy(digest, context->digest, MD5_DIGEST_SIZE);
254  }
255 }
256 
257 
258 /**
259  * @brief Finish the MD5 message digest (no padding added)
260  * @param[in] context Pointer to the MD5 context
261  * @param[out] digest Calculated digest
262  **/
263 
264 __weak_func void md5FinalRaw(Md5Context *context, uint8_t *digest)
265 {
266  uint_t i;
267 
268  //Convert from host byte order to little-endian byte order
269  for(i = 0; i < 4; i++)
270  {
271  context->h[i] = htole32(context->h[i]);
272  }
273 
274  //Copy the resulting digest
275  osMemcpy(digest, context->digest, MD5_DIGEST_SIZE);
276 
277  //Convert from little-endian byte order to host byte order
278  for(i = 0; i < 4; i++)
279  {
280  context->h[i] = letoh32(context->h[i]);
281  }
282 }
283 
284 
285 /**
286  * @brief Process message in 16-word blocks
287  * @param[in] context Pointer to the MD5 context
288  **/
289 
290 __weak_func void md5ProcessBlock(Md5Context *context)
291 {
292  uint_t i;
293 
294  //Initialize the 4 working registers
295  uint32_t a = context->h[0];
296  uint32_t b = context->h[1];
297  uint32_t c = context->h[2];
298  uint32_t d = context->h[3];
299 
300  //Process message in 16-word blocks
301  uint32_t *x = context->x;
302 
303  //Convert from little-endian byte order to host byte order
304  for(i = 0; i < 16; i++)
305  {
306  x[i] = letoh32(x[i]);
307  }
308 
309  //Round 1
310  FF(a, b, c, d, x[0], 7, k[0]);
311  FF(d, a, b, c, x[1], 12, k[1]);
312  FF(c, d, a, b, x[2], 17, k[2]);
313  FF(b, c, d, a, x[3], 22, k[3]);
314  FF(a, b, c, d, x[4], 7, k[4]);
315  FF(d, a, b, c, x[5], 12, k[5]);
316  FF(c, d, a, b, x[6], 17, k[6]);
317  FF(b, c, d, a, x[7], 22, k[7]);
318  FF(a, b, c, d, x[8], 7, k[8]);
319  FF(d, a, b, c, x[9], 12, k[9]);
320  FF(c, d, a, b, x[10], 17, k[10]);
321  FF(b, c, d, a, x[11], 22, k[11]);
322  FF(a, b, c, d, x[12], 7, k[12]);
323  FF(d, a, b, c, x[13], 12, k[13]);
324  FF(c, d, a, b, x[14], 17, k[14]);
325  FF(b, c, d, a, x[15], 22, k[15]);
326 
327  //Round 2
328  GG(a, b, c, d, x[1], 5, k[16]);
329  GG(d, a, b, c, x[6], 9, k[17]);
330  GG(c, d, a, b, x[11], 14, k[18]);
331  GG(b, c, d, a, x[0], 20, k[19]);
332  GG(a, b, c, d, x[5], 5, k[20]);
333  GG(d, a, b, c, x[10], 9, k[21]);
334  GG(c, d, a, b, x[15], 14, k[22]);
335  GG(b, c, d, a, x[4], 20, k[23]);
336  GG(a, b, c, d, x[9], 5, k[24]);
337  GG(d, a, b, c, x[14], 9, k[25]);
338  GG(c, d, a, b, x[3], 14, k[26]);
339  GG(b, c, d, a, x[8], 20, k[27]);
340  GG(a, b, c, d, x[13], 5, k[28]);
341  GG(d, a, b, c, x[2], 9, k[29]);
342  GG(c, d, a, b, x[7], 14, k[30]);
343  GG(b, c, d, a, x[12], 20, k[31]);
344 
345  //Round 3
346  HH(a, b, c, d, x[5], 4, k[32]);
347  HH(d, a, b, c, x[8], 11, k[33]);
348  HH(c, d, a, b, x[11], 16, k[34]);
349  HH(b, c, d, a, x[14], 23, k[35]);
350  HH(a, b, c, d, x[1], 4, k[36]);
351  HH(d, a, b, c, x[4], 11, k[37]);
352  HH(c, d, a, b, x[7], 16, k[38]);
353  HH(b, c, d, a, x[10], 23, k[39]);
354  HH(a, b, c, d, x[13], 4, k[40]);
355  HH(d, a, b, c, x[0], 11, k[41]);
356  HH(c, d, a, b, x[3], 16, k[42]);
357  HH(b, c, d, a, x[6], 23, k[43]);
358  HH(a, b, c, d, x[9], 4, k[44]);
359  HH(d, a, b, c, x[12], 11, k[45]);
360  HH(c, d, a, b, x[15], 16, k[46]);
361  HH(b, c, d, a, x[2], 23, k[47]);
362 
363  //Round 4
364  II(a, b, c, d, x[0], 6, k[48]);
365  II(d, a, b, c, x[7], 10, k[49]);
366  II(c, d, a, b, x[14], 15, k[50]);
367  II(b, c, d, a, x[5], 21, k[51]);
368  II(a, b, c, d, x[12], 6, k[52]);
369  II(d, a, b, c, x[3], 10, k[53]);
370  II(c, d, a, b, x[10], 15, k[54]);
371  II(b, c, d, a, x[1], 21, k[55]);
372  II(a, b, c, d, x[8], 6, k[56]);
373  II(d, a, b, c, x[15], 10, k[57]);
374  II(c, d, a, b, x[6], 15, k[58]);
375  II(b, c, d, a, x[13], 21, k[59]);
376  II(a, b, c, d, x[4], 6, k[60]);
377  II(d, a, b, c, x[11], 10, k[61]);
378  II(c, d, a, b, x[2], 15, k[62]);
379  II(b, c, d, a, x[9], 21, k[63]);
380 
381  //Update the hash value
382  context->h[0] += a;
383  context->h[1] += b;
384  context->h[2] += c;
385  context->h[3] += d;
386 }
387 
388 #endif
b
uint8_t b
Definition: nbns_common.h:104
Md5Context::digest
uint8_t digest[16]
Definition: md5.h:66
HashAlgoInit
void(* HashAlgoInit)(void *context)
Definition: crypto.h:991
md5HashAlgo
const HashAlgo md5HashAlgo
Definition: md5.c:83
a
uint8_t a
Definition: ndp.h:411
GG
#define GG(a, b, c, d, x, s, k)
Definition: md5.c:53
x
uint8_t x
Definition: lldp_ext_med.h:211
HH
#define HH(a, b, c, d, x, s, k)
Definition: md5.c:54
data
uint8_t data[]
Definition: ethernet.h:222
MD5_BLOCK_SIZE
#define MD5_BLOCK_SIZE
Definition: md5.h:43
ERROR_OUT_OF_MEMORY
@ ERROR_OUT_OF_MEMORY
Definition: error.h:63
MD5_MIN_PAD_SIZE
#define MD5_MIN_PAD_SIZE
Definition: md5.h:47
HashAlgoUpdate
void(* HashAlgoUpdate)(void *context, const void *data, size_t length)
Definition: crypto.h:993
md5Init
__weak_func void md5Init(Md5Context *context)
Initialize MD5 message digest context.
Definition: md5.c:154
md5ProcessBlock
__weak_func void md5ProcessBlock(Md5Context *context)
Process message in 16-word blocks.
Definition: md5.c:290
Md5Context::x
uint32_t x[16]
Definition: md5.h:70
letoh32
#define letoh32(value)
Definition: cpu_endian.h:438
Md5Context::buffer
uint8_t buffer[64]
Definition: md5.h:71
FALSE
#define FALSE
Definition: os_port.h:46
ERROR_INVALID_PARAMETER
@ ERROR_INVALID_PARAMETER
Invalid parameter.
Definition: error.h:47
osMemcpy
#define osMemcpy(dest, src, length)
Definition: os_port.h:141
error_t
error_t
Error codes.
Definition: error.h:43
htole32
#define htole32(value)
Definition: cpu_endian.h:430
md5Update
__weak_func void md5Update(Md5Context *context, const void *data, size_t length)
Update the MD5 context with a portion of the message being hashed.
Definition: md5.c:176
md5Final
__weak_func void md5Final(Md5Context *context, uint8_t *digest)
Finish the MD5 message digest.
Definition: md5.c:215
md5FinalRaw
__weak_func void md5FinalRaw(Md5Context *context, uint8_t *digest)
Finish the MD5 message digest (no padding added)
Definition: md5.c:264
crypto.h
General definitions for cryptographic algorithms.
Md5Context
MD5 algorithm context.
Definition: md5.h:62
MD5_OID
const uint8_t MD5_OID[8]
Definition: md5.c:80
length
uint8_t length
Definition: tcp.h:368
II
#define II(a, b, c, d, x, s, k)
Definition: md5.c:55
MIN
#define MIN(a, b)
Definition: os_port.h:63
Md5Context::totalSize
uint64_t totalSize
Definition: md5.h:74
MD5_DIGEST_SIZE
#define MD5_DIGEST_SIZE
Definition: md5.h:45
HashAlgoFinal
void(* HashAlgoFinal)(void *context, uint8_t *digest)
Definition: crypto.h:995
n
uint8_t n
Definition: dhcpv6_common.h:416
md5.h
MD5 (Message-Digest Algorithm)
cryptoFreeMem
#define cryptoFreeMem(p)
Definition: crypto.h:791
FF
#define FF(a, b, c, d, x, s, k)
Definition: md5.c:52
Md5Context::size
size_t size
Definition: md5.h:73
cryptoAllocMem
#define cryptoAllocMem(size)
Definition: crypto.h:786
md5Compute
__weak_func error_t md5Compute(const void *data, size_t length, uint8_t *digest)
Digest a message using MD5.
Definition: md5.c:109
HashAlgo
Common interface for hash algorithms.
Definition: crypto.h:1046
uint_t
unsigned int uint_t
Definition: compiler_port.h:50
HashAlgoCompute
error_t(* HashAlgoCompute)(const void *data, size_t length, uint8_t *digest)
Definition: crypto.h:988
HashAlgoFinalRaw
void(* HashAlgoFinalRaw)(void *context, uint8_t *digest)
Definition: crypto.h:997
Md5Context::h
uint32_t h[4]
Definition: md5.h:65
NO_ERROR
@ NO_ERROR
Success.
Definition: error.h:44
c
uint8_t c
Definition: ndp.h:514