1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 *
9 * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
10 */
11 #include "tomcrypt.h"
12
13 /**
14 @param md4.c
15 Submitted by Dobes Vandermeer (dobes@smartt.com)
16 */
17
18 #ifdef MD4
19
20 const struct ltc_hash_descriptor md4_desc =
21 {
22 "md4",
23 6,
24 16,
25 64,
26
27 /* OID */
28 { 1, 2, 840, 113549, 2, 4, },
29 6,
30
31 &md4_init,
32 &md4_process,
33 &md4_done,
34 &md4_test,
35 NULL
36 };
37
38 #define S11 3
39 #define S12 7
40 #define S13 11
41 #define S14 19
42 #define S21 3
43 #define S22 5
44 #define S23 9
45 #define S24 13
46 #define S31 3
47 #define S32 9
48 #define S33 11
49 #define S34 15
50
51 /* F, G and H are basic MD4 functions. */
52 #define F(x, y, z) (z ^ (x & (y ^ z)))
53 #define G(x, y, z) ((x & y) | (z & (x | y)))
54 #define H(x, y, z) ((x) ^ (y) ^ (z))
55
56 /* ROTATE_LEFT rotates x left n bits. */
57 #define ROTATE_LEFT(x, n) ROLc(x, n)
58
59 /* FF, GG and HH are transformations for rounds 1, 2 and 3 */
60 /* Rotation is separate from addition to prevent recomputation */
61
62 #define FF(a, b, c, d, x, s) { \
63 (a) += F ((b), (c), (d)) + (x); \
64 (a) = ROTATE_LEFT ((a), (s)); \
65 }
66 #define GG(a, b, c, d, x, s) { \
67 (a) += G ((b), (c), (d)) + (x) + 0x5a827999UL; \
68 (a) = ROTATE_LEFT ((a), (s)); \
69 }
70 #define HH(a, b, c, d, x, s) { \
71 (a) += H ((b), (c), (d)) + (x) + 0x6ed9eba1UL; \
72 (a) = ROTATE_LEFT ((a), (s)); \
73 }
74
75 #ifdef LTC_CLEAN_STACK
_md4_compress(hash_state * md,unsigned char * buf)76 static int _md4_compress(hash_state *md, unsigned char *buf)
77 #else
78 static int md4_compress(hash_state *md, unsigned char *buf)
79 #endif
80 {
81 ulong32 x[16], a, b, c, d;
82 int i;
83
84 /* copy state */
85 a = md->md4.state[0];
86 b = md->md4.state[1];
87 c = md->md4.state[2];
88 d = md->md4.state[3];
89
90 /* copy the state into 512-bits into W[0..15] */
91 for (i = 0; i < 16; i++) {
92 LOAD32L(x[i], buf + (4*i));
93 }
94
95 /* Round 1 */
96 FF (a, b, c, d, x[ 0], S11); /* 1 */
97 FF (d, a, b, c, x[ 1], S12); /* 2 */
98 FF (c, d, a, b, x[ 2], S13); /* 3 */
99 FF (b, c, d, a, x[ 3], S14); /* 4 */
100 FF (a, b, c, d, x[ 4], S11); /* 5 */
101 FF (d, a, b, c, x[ 5], S12); /* 6 */
102 FF (c, d, a, b, x[ 6], S13); /* 7 */
103 FF (b, c, d, a, x[ 7], S14); /* 8 */
104 FF (a, b, c, d, x[ 8], S11); /* 9 */
105 FF (d, a, b, c, x[ 9], S12); /* 10 */
106 FF (c, d, a, b, x[10], S13); /* 11 */
107 FF (b, c, d, a, x[11], S14); /* 12 */
108 FF (a, b, c, d, x[12], S11); /* 13 */
109 FF (d, a, b, c, x[13], S12); /* 14 */
110 FF (c, d, a, b, x[14], S13); /* 15 */
111 FF (b, c, d, a, x[15], S14); /* 16 */
112
113 /* Round 2 */
114 GG (a, b, c, d, x[ 0], S21); /* 17 */
115 GG (d, a, b, c, x[ 4], S22); /* 18 */
116 GG (c, d, a, b, x[ 8], S23); /* 19 */
117 GG (b, c, d, a, x[12], S24); /* 20 */
118 GG (a, b, c, d, x[ 1], S21); /* 21 */
119 GG (d, a, b, c, x[ 5], S22); /* 22 */
120 GG (c, d, a, b, x[ 9], S23); /* 23 */
121 GG (b, c, d, a, x[13], S24); /* 24 */
122 GG (a, b, c, d, x[ 2], S21); /* 25 */
123 GG (d, a, b, c, x[ 6], S22); /* 26 */
124 GG (c, d, a, b, x[10], S23); /* 27 */
125 GG (b, c, d, a, x[14], S24); /* 28 */
126 GG (a, b, c, d, x[ 3], S21); /* 29 */
127 GG (d, a, b, c, x[ 7], S22); /* 30 */
128 GG (c, d, a, b, x[11], S23); /* 31 */
129 GG (b, c, d, a, x[15], S24); /* 32 */
130
131 /* Round 3 */
132 HH (a, b, c, d, x[ 0], S31); /* 33 */
133 HH (d, a, b, c, x[ 8], S32); /* 34 */
134 HH (c, d, a, b, x[ 4], S33); /* 35 */
135 HH (b, c, d, a, x[12], S34); /* 36 */
136 HH (a, b, c, d, x[ 2], S31); /* 37 */
137 HH (d, a, b, c, x[10], S32); /* 38 */
138 HH (c, d, a, b, x[ 6], S33); /* 39 */
139 HH (b, c, d, a, x[14], S34); /* 40 */
140 HH (a, b, c, d, x[ 1], S31); /* 41 */
141 HH (d, a, b, c, x[ 9], S32); /* 42 */
142 HH (c, d, a, b, x[ 5], S33); /* 43 */
143 HH (b, c, d, a, x[13], S34); /* 44 */
144 HH (a, b, c, d, x[ 3], S31); /* 45 */
145 HH (d, a, b, c, x[11], S32); /* 46 */
146 HH (c, d, a, b, x[ 7], S33); /* 47 */
147 HH (b, c, d, a, x[15], S34); /* 48 */
148
149
150 /* Update our state */
151 md->md4.state[0] = md->md4.state[0] + a;
152 md->md4.state[1] = md->md4.state[1] + b;
153 md->md4.state[2] = md->md4.state[2] + c;
154 md->md4.state[3] = md->md4.state[3] + d;
155
156 return CRYPT_OK;
157 }
158
159 #ifdef LTC_CLEAN_STACK
md4_compress(hash_state * md,unsigned char * buf)160 static int md4_compress(hash_state *md, unsigned char *buf)
161 {
162 int err;
163 err = _md4_compress(md, buf);
164 burn_stack(sizeof(ulong32) * 20 + sizeof(int));
165 return err;
166 }
167 #endif
168
169 /**
170 Initialize the hash state
171 @param md The hash state you wish to initialize
172 @return CRYPT_OK if successful
173 */
md4_init(hash_state * md)174 int md4_init(hash_state * md)
175 {
176 LTC_ARGCHK(md != NULL);
177 md->md4.state[0] = 0x67452301UL;
178 md->md4.state[1] = 0xefcdab89UL;
179 md->md4.state[2] = 0x98badcfeUL;
180 md->md4.state[3] = 0x10325476UL;
181 md->md4.length = 0;
182 md->md4.curlen = 0;
183 return CRYPT_OK;
184 }
185
186 /**
187 Process a block of memory though the hash
188 @param md The hash state
189 @param in The data to hash
190 @param inlen The length of the data (octets)
191 @return CRYPT_OK if successful
192 */
193 HASH_PROCESS(md4_process, md4_compress, md4, 64)
194
195 /**
196 Terminate the hash to get the digest
197 @param md The hash state
198 @param out [out] The destination of the hash (16 bytes)
199 @return CRYPT_OK if successful
200 */
md4_done(hash_state * md,unsigned char * out)201 int md4_done(hash_state * md, unsigned char *out)
202 {
203 int i;
204
205 LTC_ARGCHK(md != NULL);
206 LTC_ARGCHK(out != NULL);
207
208 if (md->md4.curlen >= sizeof(md->md4.buf)) {
209 return CRYPT_INVALID_ARG;
210 }
211
212 /* increase the length of the message */
213 md->md4.length += md->md4.curlen * 8;
214
215 /* append the '1' bit */
216 md->md4.buf[md->md4.curlen++] = (unsigned char)0x80;
217
218 /* if the length is currently above 56 bytes we append zeros
219 * then compress. Then we can fall back to padding zeros and length
220 * encoding like normal.
221 */
222 if (md->md4.curlen > 56) {
223 while (md->md4.curlen < 64) {
224 md->md4.buf[md->md4.curlen++] = (unsigned char)0;
225 }
226 md4_compress(md, md->md4.buf);
227 md->md4.curlen = 0;
228 }
229
230 /* pad upto 56 bytes of zeroes */
231 while (md->md4.curlen < 56) {
232 md->md4.buf[md->md4.curlen++] = (unsigned char)0;
233 }
234
235 /* store length */
236 STORE64L(md->md4.length, md->md4.buf+56);
237 md4_compress(md, md->md4.buf);
238
239 /* copy output */
240 for (i = 0; i < 4; i++) {
241 STORE32L(md->md4.state[i], out+(4*i));
242 }
243 #ifdef LTC_CLEAN_STACK
244 zeromem(md, sizeof(hash_state));
245 #endif
246 return CRYPT_OK;
247 }
248
249 /**
250 Self-test the hash
251 @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled
252 */
md4_test(void)253 int md4_test(void)
254 {
255 #ifndef LTC_TEST
256 return CRYPT_NOP;
257 #else
258 static const struct md4_test_case {
259 char *input;
260 unsigned char digest[16];
261 } cases[] = {
262 { "",
263 {0x31, 0xd6, 0xcf, 0xe0, 0xd1, 0x6a, 0xe9, 0x31,
264 0xb7, 0x3c, 0x59, 0xd7, 0xe0, 0xc0, 0x89, 0xc0} },
265 { "a",
266 {0xbd, 0xe5, 0x2c, 0xb3, 0x1d, 0xe3, 0x3e, 0x46,
267 0x24, 0x5e, 0x05, 0xfb, 0xdb, 0xd6, 0xfb, 0x24} },
268 { "abc",
269 {0xa4, 0x48, 0x01, 0x7a, 0xaf, 0x21, 0xd8, 0x52,
270 0x5f, 0xc1, 0x0a, 0xe8, 0x7a, 0xa6, 0x72, 0x9d} },
271 { "message digest",
272 {0xd9, 0x13, 0x0a, 0x81, 0x64, 0x54, 0x9f, 0xe8,
273 0x18, 0x87, 0x48, 0x06, 0xe1, 0xc7, 0x01, 0x4b} },
274 { "abcdefghijklmnopqrstuvwxyz",
275 {0xd7, 0x9e, 0x1c, 0x30, 0x8a, 0xa5, 0xbb, 0xcd,
276 0xee, 0xa8, 0xed, 0x63, 0xdf, 0x41, 0x2d, 0xa9} },
277 { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
278 {0x04, 0x3f, 0x85, 0x82, 0xf2, 0x41, 0xdb, 0x35,
279 0x1c, 0xe6, 0x27, 0xe1, 0x53, 0xe7, 0xf0, 0xe4} },
280 { "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
281 {0xe3, 0x3b, 0x4d, 0xdc, 0x9c, 0x38, 0xf2, 0x19,
282 0x9c, 0x3e, 0x7b, 0x16, 0x4f, 0xcc, 0x05, 0x36} },
283 };
284 int i;
285 hash_state md;
286 unsigned char digest[16];
287
288 for(i = 0; i < (int)(sizeof(cases) / sizeof(cases[0])); i++) {
289 md4_init(&md);
290 md4_process(&md, (unsigned char *)cases[i].input, (unsigned long)strlen(cases[i].input));
291 md4_done(&md, digest);
292 if (XMEMCMP(digest, cases[i].digest, 16) != 0) {
293 return CRYPT_FAIL_TESTVECTOR;
294 }
295
296 }
297 return CRYPT_OK;
298 #endif
299 }
300
301 #endif
302
303
304
305 /* $Source: /cvs/libtom/libtomcrypt/src/hashes/md4.c,v $ */
306 /* $Revision: 1.8 $ */
307 /* $Date: 2006/11/01 09:28:17 $ */
308