• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2  *
3  * LibTomCrypt is a library that provides various cryptographic
4  * algorithms in a highly modular and flexible manner.
5  *
6  * The library is free for all purposes without any express
7  * guarantee it works.
8  *
9  * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
10  */
11 #include "tomcrypt.h"
12 
13 
14 /**
15   @file md5.c
16   MD5 hash function by Tom St Denis
17 */
18 
19 #ifdef MD5
20 
21 const struct ltc_hash_descriptor md5_desc =
22 {
23     "md5",
24     3,
25     16,
26     64,
27 
28     /* OID */
29    { 1, 2, 840, 113549, 2, 5,  },
30    6,
31 
32     &md5_init,
33     &md5_process,
34     &md5_done,
35     &md5_test,
36     NULL
37 };
38 
39 #define F(x,y,z)  (z ^ (x & (y ^ z)))
40 #define G(x,y,z)  (y ^ (z & (y ^ x)))
41 #define H(x,y,z)  (x^y^z)
42 #define I(x,y,z)  (y^(x|(~z)))
43 
44 #ifdef LTC_SMALL_CODE
45 
46 #define FF(a,b,c,d,M,s,t) \
47     a = (a + F(b,c,d) + M + t); a = ROL(a, s) + b;
48 
49 #define GG(a,b,c,d,M,s,t) \
50     a = (a + G(b,c,d) + M + t); a = ROL(a, s) + b;
51 
52 #define HH(a,b,c,d,M,s,t) \
53     a = (a + H(b,c,d) + M + t); a = ROL(a, s) + b;
54 
55 #define II(a,b,c,d,M,s,t) \
56     a = (a + I(b,c,d) + M + t); a = ROL(a, s) + b;
57 
58 static const unsigned char Worder[64] = {
59    0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,
60    1,6,11,0,5,10,15,4,9,14,3,8,13,2,7,12,
61    5,8,11,14,1,4,7,10,13,0,3,6,9,12,15,2,
62    0,7,14,5,12,3,10,1,8,15,6,13,4,11,2,9
63 };
64 
65 static const unsigned char Rorder[64] = {
66    7,12,17,22,7,12,17,22,7,12,17,22,7,12,17,22,
67    5,9,14,20,5,9,14,20,5,9,14,20,5,9,14,20,
68    4,11,16,23,4,11,16,23,4,11,16,23,4,11,16,23,
69    6,10,15,21,6,10,15,21,6,10,15,21,6,10,15,21
70 };
71 
72 static const ulong32 Korder[64] = {
73 0xd76aa478UL, 0xe8c7b756UL, 0x242070dbUL, 0xc1bdceeeUL, 0xf57c0fafUL, 0x4787c62aUL, 0xa8304613UL, 0xfd469501UL,
74 0x698098d8UL, 0x8b44f7afUL, 0xffff5bb1UL, 0x895cd7beUL, 0x6b901122UL, 0xfd987193UL, 0xa679438eUL, 0x49b40821UL,
75 0xf61e2562UL, 0xc040b340UL, 0x265e5a51UL, 0xe9b6c7aaUL, 0xd62f105dUL, 0x02441453UL, 0xd8a1e681UL, 0xe7d3fbc8UL,
76 0x21e1cde6UL, 0xc33707d6UL, 0xf4d50d87UL, 0x455a14edUL, 0xa9e3e905UL, 0xfcefa3f8UL, 0x676f02d9UL, 0x8d2a4c8aUL,
77 0xfffa3942UL, 0x8771f681UL, 0x6d9d6122UL, 0xfde5380cUL, 0xa4beea44UL, 0x4bdecfa9UL, 0xf6bb4b60UL, 0xbebfbc70UL,
78 0x289b7ec6UL, 0xeaa127faUL, 0xd4ef3085UL, 0x04881d05UL, 0xd9d4d039UL, 0xe6db99e5UL, 0x1fa27cf8UL, 0xc4ac5665UL,
79 0xf4292244UL, 0x432aff97UL, 0xab9423a7UL, 0xfc93a039UL, 0x655b59c3UL, 0x8f0ccc92UL, 0xffeff47dUL, 0x85845dd1UL,
80 0x6fa87e4fUL, 0xfe2ce6e0UL, 0xa3014314UL, 0x4e0811a1UL, 0xf7537e82UL, 0xbd3af235UL, 0x2ad7d2bbUL, 0xeb86d391UL
81 };
82 
83 #else
84 
85 #define FF(a,b,c,d,M,s,t) \
86     a = (a + F(b,c,d) + M + t); a = ROLc(a, s) + b;
87 
88 #define GG(a,b,c,d,M,s,t) \
89     a = (a + G(b,c,d) + M + t); a = ROLc(a, s) + b;
90 
91 #define HH(a,b,c,d,M,s,t) \
92     a = (a + H(b,c,d) + M + t); a = ROLc(a, s) + b;
93 
94 #define II(a,b,c,d,M,s,t) \
95     a = (a + I(b,c,d) + M + t); a = ROLc(a, s) + b;
96 
97 
98 #endif
99 
100 #ifdef LTC_CLEAN_STACK
_md5_compress(hash_state * md,unsigned char * buf)101 static int _md5_compress(hash_state *md, unsigned char *buf)
102 #else
103 static int  md5_compress(hash_state *md, unsigned char *buf)
104 #endif
105 {
106     ulong32 i, W[16], a, b, c, d;
107 #ifdef LTC_SMALL_CODE
108     ulong32 t;
109 #endif
110 
111     /* copy the state into 512-bits into W[0..15] */
112     for (i = 0; i < 16; i++) {
113         LOAD32L(W[i], buf + (4*i));
114     }
115 
116     /* copy state */
117     a = md->md5.state[0];
118     b = md->md5.state[1];
119     c = md->md5.state[2];
120     d = md->md5.state[3];
121 
122 #ifdef LTC_SMALL_CODE
123     for (i = 0; i < 16; ++i) {
124         FF(a,b,c,d,W[Worder[i]],Rorder[i],Korder[i]);
125         t = d; d = c; c = b; b = a; a = t;
126     }
127 
128     for (; i < 32; ++i) {
129         GG(a,b,c,d,W[Worder[i]],Rorder[i],Korder[i]);
130         t = d; d = c; c = b; b = a; a = t;
131     }
132 
133     for (; i < 48; ++i) {
134         HH(a,b,c,d,W[Worder[i]],Rorder[i],Korder[i]);
135         t = d; d = c; c = b; b = a; a = t;
136     }
137 
138     for (; i < 64; ++i) {
139         II(a,b,c,d,W[Worder[i]],Rorder[i],Korder[i]);
140         t = d; d = c; c = b; b = a; a = t;
141     }
142 
143 #else
144     FF(a,b,c,d,W[0],7,0xd76aa478UL)
145     FF(d,a,b,c,W[1],12,0xe8c7b756UL)
146     FF(c,d,a,b,W[2],17,0x242070dbUL)
147     FF(b,c,d,a,W[3],22,0xc1bdceeeUL)
148     FF(a,b,c,d,W[4],7,0xf57c0fafUL)
149     FF(d,a,b,c,W[5],12,0x4787c62aUL)
150     FF(c,d,a,b,W[6],17,0xa8304613UL)
151     FF(b,c,d,a,W[7],22,0xfd469501UL)
152     FF(a,b,c,d,W[8],7,0x698098d8UL)
153     FF(d,a,b,c,W[9],12,0x8b44f7afUL)
154     FF(c,d,a,b,W[10],17,0xffff5bb1UL)
155     FF(b,c,d,a,W[11],22,0x895cd7beUL)
156     FF(a,b,c,d,W[12],7,0x6b901122UL)
157     FF(d,a,b,c,W[13],12,0xfd987193UL)
158     FF(c,d,a,b,W[14],17,0xa679438eUL)
159     FF(b,c,d,a,W[15],22,0x49b40821UL)
160     GG(a,b,c,d,W[1],5,0xf61e2562UL)
161     GG(d,a,b,c,W[6],9,0xc040b340UL)
162     GG(c,d,a,b,W[11],14,0x265e5a51UL)
163     GG(b,c,d,a,W[0],20,0xe9b6c7aaUL)
164     GG(a,b,c,d,W[5],5,0xd62f105dUL)
165     GG(d,a,b,c,W[10],9,0x02441453UL)
166     GG(c,d,a,b,W[15],14,0xd8a1e681UL)
167     GG(b,c,d,a,W[4],20,0xe7d3fbc8UL)
168     GG(a,b,c,d,W[9],5,0x21e1cde6UL)
169     GG(d,a,b,c,W[14],9,0xc33707d6UL)
170     GG(c,d,a,b,W[3],14,0xf4d50d87UL)
171     GG(b,c,d,a,W[8],20,0x455a14edUL)
172     GG(a,b,c,d,W[13],5,0xa9e3e905UL)
173     GG(d,a,b,c,W[2],9,0xfcefa3f8UL)
174     GG(c,d,a,b,W[7],14,0x676f02d9UL)
175     GG(b,c,d,a,W[12],20,0x8d2a4c8aUL)
176     HH(a,b,c,d,W[5],4,0xfffa3942UL)
177     HH(d,a,b,c,W[8],11,0x8771f681UL)
178     HH(c,d,a,b,W[11],16,0x6d9d6122UL)
179     HH(b,c,d,a,W[14],23,0xfde5380cUL)
180     HH(a,b,c,d,W[1],4,0xa4beea44UL)
181     HH(d,a,b,c,W[4],11,0x4bdecfa9UL)
182     HH(c,d,a,b,W[7],16,0xf6bb4b60UL)
183     HH(b,c,d,a,W[10],23,0xbebfbc70UL)
184     HH(a,b,c,d,W[13],4,0x289b7ec6UL)
185     HH(d,a,b,c,W[0],11,0xeaa127faUL)
186     HH(c,d,a,b,W[3],16,0xd4ef3085UL)
187     HH(b,c,d,a,W[6],23,0x04881d05UL)
188     HH(a,b,c,d,W[9],4,0xd9d4d039UL)
189     HH(d,a,b,c,W[12],11,0xe6db99e5UL)
190     HH(c,d,a,b,W[15],16,0x1fa27cf8UL)
191     HH(b,c,d,a,W[2],23,0xc4ac5665UL)
192     II(a,b,c,d,W[0],6,0xf4292244UL)
193     II(d,a,b,c,W[7],10,0x432aff97UL)
194     II(c,d,a,b,W[14],15,0xab9423a7UL)
195     II(b,c,d,a,W[5],21,0xfc93a039UL)
196     II(a,b,c,d,W[12],6,0x655b59c3UL)
197     II(d,a,b,c,W[3],10,0x8f0ccc92UL)
198     II(c,d,a,b,W[10],15,0xffeff47dUL)
199     II(b,c,d,a,W[1],21,0x85845dd1UL)
200     II(a,b,c,d,W[8],6,0x6fa87e4fUL)
201     II(d,a,b,c,W[15],10,0xfe2ce6e0UL)
202     II(c,d,a,b,W[6],15,0xa3014314UL)
203     II(b,c,d,a,W[13],21,0x4e0811a1UL)
204     II(a,b,c,d,W[4],6,0xf7537e82UL)
205     II(d,a,b,c,W[11],10,0xbd3af235UL)
206     II(c,d,a,b,W[2],15,0x2ad7d2bbUL)
207     II(b,c,d,a,W[9],21,0xeb86d391UL)
208 #endif
209 
210     md->md5.state[0] = md->md5.state[0] + a;
211     md->md5.state[1] = md->md5.state[1] + b;
212     md->md5.state[2] = md->md5.state[2] + c;
213     md->md5.state[3] = md->md5.state[3] + d;
214 
215     return CRYPT_OK;
216 }
217 
218 #ifdef LTC_CLEAN_STACK
md5_compress(hash_state * md,unsigned char * buf)219 static int md5_compress(hash_state *md, unsigned char *buf)
220 {
221    int err;
222    err = _md5_compress(md, buf);
223    burn_stack(sizeof(ulong32) * 21);
224    return err;
225 }
226 #endif
227 
228 /**
229    Initialize the hash state
230    @param md   The hash state you wish to initialize
231    @return CRYPT_OK if successful
232 */
md5_init(hash_state * md)233 int md5_init(hash_state * md)
234 {
235    LTC_ARGCHK(md != NULL);
236    md->md5.state[0] = 0x67452301UL;
237    md->md5.state[1] = 0xefcdab89UL;
238    md->md5.state[2] = 0x98badcfeUL;
239    md->md5.state[3] = 0x10325476UL;
240    md->md5.curlen = 0;
241    md->md5.length = 0;
242    return CRYPT_OK;
243 }
244 
245 /**
246    Process a block of memory though the hash
247    @param md     The hash state
248    @param in     The data to hash
249    @param inlen  The length of the data (octets)
250    @return CRYPT_OK if successful
251 */
252 HASH_PROCESS(md5_process, md5_compress, md5, 64)
253 
254 /**
255    Terminate the hash to get the digest
256    @param md  The hash state
257    @param out [out] The destination of the hash (16 bytes)
258    @return CRYPT_OK if successful
259 */
md5_done(hash_state * md,unsigned char * out)260 int md5_done(hash_state * md, unsigned char *out)
261 {
262     int i;
263 
264     LTC_ARGCHK(md  != NULL);
265     LTC_ARGCHK(out != NULL);
266 
267     if (md->md5.curlen >= sizeof(md->md5.buf)) {
268        return CRYPT_INVALID_ARG;
269     }
270 
271 
272     /* increase the length of the message */
273     md->md5.length += md->md5.curlen * 8;
274 
275     /* append the '1' bit */
276     md->md5.buf[md->md5.curlen++] = (unsigned char)0x80;
277 
278     /* if the length is currently above 56 bytes we append zeros
279      * then compress.  Then we can fall back to padding zeros and length
280      * encoding like normal.
281      */
282     if (md->md5.curlen > 56) {
283         while (md->md5.curlen < 64) {
284             md->md5.buf[md->md5.curlen++] = (unsigned char)0;
285         }
286         md5_compress(md, md->md5.buf);
287         md->md5.curlen = 0;
288     }
289 
290     /* pad upto 56 bytes of zeroes */
291     while (md->md5.curlen < 56) {
292         md->md5.buf[md->md5.curlen++] = (unsigned char)0;
293     }
294 
295     /* store length */
296     STORE64L(md->md5.length, md->md5.buf+56);
297     md5_compress(md, md->md5.buf);
298 
299     /* copy output */
300     for (i = 0; i < 4; i++) {
301         STORE32L(md->md5.state[i], out+(4*i));
302     }
303 #ifdef LTC_CLEAN_STACK
304     zeromem(md, sizeof(hash_state));
305 #endif
306     return CRYPT_OK;
307 }
308 
309 /**
310   Self-test the hash
311   @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled
312 */
md5_test(void)313 int  md5_test(void)
314 {
315  #ifndef LTC_TEST
316     return CRYPT_NOP;
317  #else
318   static const struct {
319       char *msg;
320       unsigned char hash[16];
321   } tests[] = {
322     { "",
323       { 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
324         0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e } },
325     { "a",
326       {0x0c, 0xc1, 0x75, 0xb9, 0xc0, 0xf1, 0xb6, 0xa8,
327        0x31, 0xc3, 0x99, 0xe2, 0x69, 0x77, 0x26, 0x61 } },
328     { "abc",
329       { 0x90, 0x01, 0x50, 0x98, 0x3c, 0xd2, 0x4f, 0xb0,
330         0xd6, 0x96, 0x3f, 0x7d, 0x28, 0xe1, 0x7f, 0x72 } },
331     { "message digest",
332       { 0xf9, 0x6b, 0x69, 0x7d, 0x7c, 0xb7, 0x93, 0x8d,
333         0x52, 0x5a, 0x2f, 0x31, 0xaa, 0xf1, 0x61, 0xd0 } },
334     { "abcdefghijklmnopqrstuvwxyz",
335       { 0xc3, 0xfc, 0xd3, 0xd7, 0x61, 0x92, 0xe4, 0x00,
336         0x7d, 0xfb, 0x49, 0x6c, 0xca, 0x67, 0xe1, 0x3b } },
337     { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
338       { 0xd1, 0x74, 0xab, 0x98, 0xd2, 0x77, 0xd9, 0xf5,
339         0xa5, 0x61, 0x1c, 0x2c, 0x9f, 0x41, 0x9d, 0x9f } },
340     { "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
341       { 0x57, 0xed, 0xf4, 0xa2, 0x2b, 0xe3, 0xc9, 0x55,
342         0xac, 0x49, 0xda, 0x2e, 0x21, 0x07, 0xb6, 0x7a } },
343     { NULL, { 0 } }
344   };
345 
346   int i;
347   unsigned char tmp[16];
348   hash_state md;
349 
350   for (i = 0; tests[i].msg != NULL; i++) {
351       md5_init(&md);
352       md5_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
353       md5_done(&md, tmp);
354       if (XMEMCMP(tmp, tests[i].hash, 16) != 0) {
355          return CRYPT_FAIL_TESTVECTOR;
356       }
357   }
358   return CRYPT_OK;
359  #endif
360 }
361 
362 #endif
363 
364 
365 
366 /* $Source: /cvs/libtom/libtomcrypt/src/hashes/md5.c,v $ */
367 /* $Revision: 1.8 $ */
368 /* $Date: 2006/11/01 09:28:17 $ */
369