From bd1f055d8eb448be4aa207fe004a3815245cdb23 Mon Sep 17 00:00:00 2001 From: Simon Josefsson Date: Sat, 9 Aug 2003 20:04:30 +0000 Subject: [PATCH] Add md4. --- crypto/Makefile.am | 2 +- crypto/md4-meta.c | 28 ++++++ crypto/md4.c | 289 +++++++++++++++++++++++++++++++++++++++++++++++++++++ crypto/md4.h | 58 +++++++++++ 4 files changed, 376 insertions(+), 1 deletion(-) create mode 100644 crypto/md4-meta.c create mode 100644 crypto/md4.c create mode 100644 crypto/md4.h diff --git a/crypto/Makefile.am b/crypto/Makefile.am index e2fa0cf1..0551bdc2 100644 --- a/crypto/Makefile.am +++ b/crypto/Makefile.am @@ -1,7 +1,7 @@ noinst_LTLIBRARIES = libnettle.la libnettle_la_SOURCES = macros.h nettle-meta.h keymap.h rotors.h parity.h \ - sha1.c sha.h sha1-meta.c md5.h md5.c md5-meta.c \ + sha1.c sha.h sha1-meta.c md5.h md5.c md5-meta.c md4.h md4.c md4-meta.c \ memxor.c memxor.h \ hmac.c hmac.h hmac-md5.c hmac-sha1.c \ aes.h aes.c aes-internal.h \ diff --git a/crypto/md4-meta.c b/crypto/md4-meta.c new file mode 100644 index 00000000..04980e6a --- /dev/null +++ b/crypto/md4-meta.c @@ -0,0 +1,28 @@ +/* md4-meta.c */ + +/* nettle, low-level cryptographics library + * + * Copyright (C) 2003 Simon Josefsson + * + * The nettle library is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or (at your + * option) any later version. + * + * The nettle library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + * License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the nettle library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. + */ + +#include "nettle-meta.h" + +#include "md4.h" + +const struct nettle_hash nettle_md4 += _NETTLE_HASH(md4, MD4); diff --git a/crypto/md4.c b/crypto/md4.c new file mode 100644 index 00000000..299c7d80 --- /dev/null +++ b/crypto/md4.c @@ -0,0 +1,289 @@ +/* md4.c + * + * The MD4 hash function, described in RFC 1320. + */ + +/* nettle, low-level cryptographics library + * + * Copyright (C) 2003 Simon Josefsson + * + * The nettle library is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or (at your + * option) any later version. + * + * The nettle library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + * License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the nettle library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. + */ + +/* Based on public domain code hacked by Simon Josefsson. */ + +#include "md4.h" + +#include "macros.h" + +#include +#include + +/* A block, treated as a sequence of 32-bit words. */ +#define MD4_DATA_LENGTH 16 + +static void +md4_transform(uint32_t *digest, const uint32_t *data); + +static void +md4_block(struct md4_ctx *ctx, const uint8_t *block); + +void +md4_init(struct md4_ctx *ctx) +{ + ctx->digest[0] = 0x67452301; + ctx->digest[1] = 0xefcdab89; + ctx->digest[2] = 0x98badcfe; + ctx->digest[3] = 0x10325476; + + ctx->count_l = ctx->count_h = 0; + ctx->index = 0; +} + +void +md4_update(struct md4_ctx *ctx, + unsigned length, + const uint8_t *data) +{ + if (ctx->index) + { + /* Try to fill partial block */ + unsigned left = MD4_DATA_SIZE - ctx->index; + if (length < left) + { + memcpy(ctx->block + ctx->index, data, length); + ctx->index += length; + return; /* Finished */ + } + else + { + memcpy(ctx->block + ctx->index, data, left); + md4_block(ctx, ctx->block); + data += left; + length -= left; + } + } + while (length >= MD4_DATA_SIZE) + { + md4_block(ctx, data); + data += MD4_DATA_SIZE; + length -= MD4_DATA_SIZE; + } + if ((ctx->index = length)) /* This assignment is intended */ + /* Buffer leftovers */ + memcpy(ctx->block, data, length); +} + +/* Final wrapup - pad to MD4_DATA_SIZE-byte boundary with the bit + * pattern 1 0* (64-bit count of bits processed, LSB-first) */ + +static void +md4_final(struct md4_ctx *ctx) +{ + uint32_t data[MD4_DATA_LENGTH]; + unsigned i; + unsigned words; + + i = ctx->index; + + /* Set the first char of padding to 0x80. This is safe since there + * is always at least one byte free */ + assert(i < MD4_DATA_SIZE); + ctx->block[i++] = 0x80; + + /* Fill rest of word */ + for( ; i & 3; i++) + ctx->block[i] = 0; + + /* i is now a multiple of the word size 4 */ + words = i >> 2; + for (i = 0; i < words; i++) + data[i] = LE_READ_UINT32(ctx->block + 4*i); + + if (words > (MD4_DATA_LENGTH-2)) + { /* No room for length in this block. Process it and + * pad with another one */ + for (i = words ; i < MD4_DATA_LENGTH; i++) + data[i] = 0; + md4_transform(ctx->digest, data); + for (i = 0; i < (MD4_DATA_LENGTH-2); i++) + data[i] = 0; + } + else + for (i = words ; i < MD4_DATA_LENGTH - 2; i++) + data[i] = 0; + + /* There are 512 = 2^9 bits in one block + * Little-endian order => Least significant word first */ + + data[MD4_DATA_LENGTH-1] = (ctx->count_h << 9) | (ctx->count_l >> 23); + data[MD4_DATA_LENGTH-2] = (ctx->count_l << 9) | (ctx->index << 3); + md4_transform(ctx->digest, data); +} + +void +md4_digest(struct md4_ctx *ctx, + unsigned length, + uint8_t *digest) +{ + unsigned i; + unsigned words; + unsigned leftover; + + assert(length <= MD4_DIGEST_SIZE); + + md4_final(ctx); + + words = length / 4; + leftover = length % 4; + + /* Little endian order */ + for (i = 0; i < words; i++, digest += 4) + LE_WRITE_UINT32(digest, ctx->digest[i]); + + if (leftover) + { + uint32_t word; + unsigned j; + + assert(i < _MD4_DIGEST_LENGTH); + + /* Still least significant byte first. */ + for (word = ctx->digest[i], j = 0; j < leftover; + j++, word >>= 8) + digest[j] = word & 0xff; + } + md4_init(ctx); +} + +#if defined(__GNUC__) && defined(__i386__) +static inline uint32_t +rol( uint32_t x, int n) +{ + __asm__("roll %%cl,%0" + :"=r" (x) + :"0" (x),"c" (n)); + return x; +} +#else +#define rol(x,n) ( ((x) << (n)) | ((x) >> (32-(n))) ) +#endif + +/* MD4 functions */ +#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) +#define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z))) +#define H(x, y, z) ((x) ^ (y) ^ (z)) + +/* Perform the MD4 transformation on one full block of 16 32-bit + * words. + * + * Compresses 20 (_MD4_DIGEST_LENGTH + MD4_DATA_LENGTH) words into 4 + * (_MD4_DIGEST_LENGTH) words. */ + +static void +md4_transform(uint32_t *digest, const uint32_t *data) +{ + uint32_t A, B, C, D; + A = digest[0]; + B = digest[1]; + C = digest[2]; + D = digest[3]; + + /* Round 1. */ +#define function(a,b,c,d,k,s) a=rol(a+F(b,c,d)+data[k],s); + function(A,B,C,D, 0, 3); + function(D,A,B,C, 1, 7); + function(C,D,A,B, 2,11); + function(B,C,D,A, 3,19); + function(A,B,C,D, 4, 3); + function(D,A,B,C, 5, 7); + function(C,D,A,B, 6,11); + function(B,C,D,A, 7,19); + function(A,B,C,D, 8, 3); + function(D,A,B,C, 9, 7); + function(C,D,A,B,10,11); + function(B,C,D,A,11,19); + function(A,B,C,D,12, 3); + function(D,A,B,C,13, 7); + function(C,D,A,B,14,11); + function(B,C,D,A,15,19); + +#undef function + + /* Round 2. */ +#define function(a,b,c,d,k,s) a=rol(a+G(b,c,d)+data[k]+0x5a827999,s); + + function(A,B,C,D, 0, 3); + function(D,A,B,C, 4, 5); + function(C,D,A,B, 8, 9); + function(B,C,D,A,12,13); + function(A,B,C,D, 1, 3); + function(D,A,B,C, 5, 5); + function(C,D,A,B, 9, 9); + function(B,C,D,A,13,13); + function(A,B,C,D, 2, 3); + function(D,A,B,C, 6, 5); + function(C,D,A,B,10, 9); + function(B,C,D,A,14,13); + function(A,B,C,D, 3, 3); + function(D,A,B,C, 7, 5); + function(C,D,A,B,11, 9); + function(B,C,D,A,15,13); + +#undef function + + /* Round 3. */ +#define function(a,b,c,d,k,s) a=rol(a+H(b,c,d)+data[k]+0x6ed9eba1,s); + + function(A,B,C,D, 0, 3); + function(D,A,B,C, 8, 9); + function(C,D,A,B, 4,11); + function(B,C,D,A,12,15); + function(A,B,C,D, 2, 3); + function(D,A,B,C,10, 9); + function(C,D,A,B, 6,11); + function(B,C,D,A,14,15); + function(A,B,C,D, 1, 3); + function(D,A,B,C, 9, 9); + function(C,D,A,B, 5,11); + function(B,C,D,A,13,15); + function(A,B,C,D, 3, 3); + function(D,A,B,C,11, 9); + function(C,D,A,B, 7,11); + function(B,C,D,A,15,15); + + digest[0] += A; + digest[1] += B; + digest[2] += C; + digest[3] += D; +} + +static void +md4_block(struct md4_ctx *ctx, const uint8_t *block) +{ + uint32_t data[MD4_DATA_LENGTH]; + unsigned i; + + /* Update block count */ + if (!++ctx->count_l) + ++ctx->count_h; + + /* Endian independent conversion */ + for (i = 0; i<16; i++, block += 4) + data[i] = LE_READ_UINT32(block); + + md4_transform(ctx->digest, data); +} diff --git a/crypto/md4.h b/crypto/md4.h new file mode 100644 index 00000000..fc183047 --- /dev/null +++ b/crypto/md4.h @@ -0,0 +1,58 @@ +/* md4.h + * + * The MD4 hash function, described in RFC 1320. + */ + +/* nettle, low-level cryptographics library + * + * Copyright (C) 2003 Simon Josefsson + * + * The nettle library is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or (at your + * option) any later version. + * + * The nettle library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + * License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the nettle library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. + */ + +#ifndef NETTLE_MD4_H_INCLUDED +#define NETTLE_MD4_H_INCLUDED + +#include + +#define MD4_DIGEST_SIZE 16 +#define MD4_DATA_SIZE 64 + +/* Digest is kept internally as 4 32-bit words. */ +#define _MD4_DIGEST_LENGTH 4 + +struct md4_ctx +{ + uint32_t digest[_MD4_DIGEST_LENGTH]; + uint32_t count_l, count_h; /* Block count */ + uint8_t block[MD4_DATA_SIZE]; /* Block buffer */ + unsigned index; /* Into buffer */ +}; + +void +md4_init(struct md4_ctx *ctx); + +void +md4_update(struct md4_ctx *ctx, + unsigned length, + const uint8_t *data); + +void +md4_digest(struct md4_ctx *ctx, + unsigned length, + uint8_t *digest); + +#endif /* NETTLE_MD4_H_INCLUDED */ -- 2.11.4.GIT