TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / refs/heads/2.28-sphinx-versioned-documentation / . / library / md4.c
blob: 163afb1ddb46b869dc3c8d612c1439df635f1743 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * RFC 1186/1320 compliant MD4 implementation
3 *
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]4 * Copyright The Mbed TLS Contributors
Manuel Pégourié-Gonnard37ff1402015-09-04 14:21:07 +0200[diff] [blame]5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]18 */
19/*
20 * The MD4 algorithm was designed by Ron Rivest in 1990.
21 *
22 * http://www.ietf.org/rfc/rfc1186.txt
23 * http://www.ietf.org/rfc/rfc1320.txt
24 */
25
Gilles Peskinedb09ef62020-06-03 01:43:33 +0200[diff] [blame]26#include "common.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]27
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]28#if defined(MBEDTLS_MD4_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]29
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]30#include "mbedtls/md4.h"
Andres Amaya Garcia1f6301b2018-04-17 09:51:09 -0500[diff] [blame]31#include "mbedtls/platform_util.h"
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]32#include "mbedtls/error.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]33
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]34#include <string.h>
35
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]36#include "mbedtls/platform.h"
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]37
Manuel Pégourié-Gonnard8b2641d2015-08-27 20:03:46 +0200[diff] [blame]38#if !defined(MBEDTLS_MD4_ALT)
39
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]40void mbedtls_md4_init(mbedtls_md4_context *ctx)
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]41{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]42 memset(ctx, 0, sizeof(mbedtls_md4_context));
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]43}
44
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]45void mbedtls_md4_free(mbedtls_md4_context *ctx)
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]46{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]47 if (ctx == NULL) {
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]48 return;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]49 }
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]50
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]51 mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md4_context));
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]52}
53
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]54void mbedtls_md4_clone(mbedtls_md4_context *dst,
55 const mbedtls_md4_context *src)
Manuel Pégourié-Gonnard16d412f2015-07-06 15:26:26 +0200[diff] [blame]56{
57 *dst = *src;
58}
59
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]60/*
61 * MD4 context setup
62 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]63int mbedtls_md4_starts_ret(mbedtls_md4_context *ctx)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]64{
65 ctx->total[0] = 0;
66 ctx->total[1] = 0;
67
68 ctx->state[0] = 0x67452301;
69 ctx->state[1] = 0xEFCDAB89;
70 ctx->state[2] = 0x98BADCFE;
71 ctx->state[3] = 0x10325476;
Andres Amaya Garciabee06352017-04-28 17:00:30 +0100[diff] [blame]72
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]73 return 0;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]74}
75
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]76#if !defined(MBEDTLS_DEPRECATED_REMOVED)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]77void mbedtls_md4_starts(mbedtls_md4_context *ctx)
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]78{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]79 mbedtls_md4_starts_ret(ctx);
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]80}
81#endif
82
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]83#if !defined(MBEDTLS_MD4_PROCESS_ALT)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]84int mbedtls_internal_md4_process(mbedtls_md4_context *ctx,
85 const unsigned char data[64])
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]86{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]87 struct {
gabor-mezei-arm4cb56f82020-08-25 19:12:01 +0200[diff] [blame]88 uint32_t X[16], A, B, C, D;
89 } local;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]90
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]91 local.X[0] = MBEDTLS_GET_UINT32_LE(data, 0);
92 local.X[1] = MBEDTLS_GET_UINT32_LE(data, 4);
93 local.X[2] = MBEDTLS_GET_UINT32_LE(data, 8);
94 local.X[3] = MBEDTLS_GET_UINT32_LE(data, 12);
95 local.X[4] = MBEDTLS_GET_UINT32_LE(data, 16);
96 local.X[5] = MBEDTLS_GET_UINT32_LE(data, 20);
97 local.X[6] = MBEDTLS_GET_UINT32_LE(data, 24);
98 local.X[7] = MBEDTLS_GET_UINT32_LE(data, 28);
99 local.X[8] = MBEDTLS_GET_UINT32_LE(data, 32);
100 local.X[9] = MBEDTLS_GET_UINT32_LE(data, 36);
101 local.X[10] = MBEDTLS_GET_UINT32_LE(data, 40);
102 local.X[11] = MBEDTLS_GET_UINT32_LE(data, 44);
103 local.X[12] = MBEDTLS_GET_UINT32_LE(data, 48);
104 local.X[13] = MBEDTLS_GET_UINT32_LE(data, 52);
105 local.X[14] = MBEDTLS_GET_UINT32_LE(data, 56);
106 local.X[15] = MBEDTLS_GET_UINT32_LE(data, 60);
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]107
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]108#define S(x, n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]109
gabor-mezei-arm4cb56f82020-08-25 19:12:01 +0200[diff] [blame]110 local.A = ctx->state[0];
111 local.B = ctx->state[1];
112 local.C = ctx->state[2];
113 local.D = ctx->state[3];
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]114
Hanno Becker1eeca412018-10-15 12:01:35 +0100[diff] [blame]115#define F(x, y, z) (((x) & (y)) | ((~(x)) & (z)))
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]116#define P(a, b, c, d, x, s) \
Hanno Becker26d02e12018-10-30 09:29:25 +0000[diff] [blame]117 do \
118 { \
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]119 (a) += F((b), (c), (d)) + (x); \
120 (a) = S((a), (s)); \
121 } while (0)
Hanno Becker1eeca412018-10-15 12:01:35 +0100[diff] [blame]122
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]123
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]124 P(local.A, local.B, local.C, local.D, local.X[0], 3);
125 P(local.D, local.A, local.B, local.C, local.X[1], 7);
126 P(local.C, local.D, local.A, local.B, local.X[2], 11);
127 P(local.B, local.C, local.D, local.A, local.X[3], 19);
128 P(local.A, local.B, local.C, local.D, local.X[4], 3);
129 P(local.D, local.A, local.B, local.C, local.X[5], 7);
130 P(local.C, local.D, local.A, local.B, local.X[6], 11);
131 P(local.B, local.C, local.D, local.A, local.X[7], 19);
132 P(local.A, local.B, local.C, local.D, local.X[8], 3);
133 P(local.D, local.A, local.B, local.C, local.X[9], 7);
134 P(local.C, local.D, local.A, local.B, local.X[10], 11);
135 P(local.B, local.C, local.D, local.A, local.X[11], 19);
136 P(local.A, local.B, local.C, local.D, local.X[12], 3);
137 P(local.D, local.A, local.B, local.C, local.X[13], 7);
138 P(local.C, local.D, local.A, local.B, local.X[14], 11);
139 P(local.B, local.C, local.D, local.A, local.X[15], 19);
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]140
141#undef P
142#undef F
143
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]144#define F(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
145#define P(a, b, c, d, x, s) \
Hanno Becker1eeca412018-10-15 12:01:35 +0100[diff] [blame]146 do \
147 { \
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]148 (a) += F((b), (c), (d)) + (x) + 0x5A827999; \
149 (a) = S((a), (s)); \
150 } while (0)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]151
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]152 P(local.A, local.B, local.C, local.D, local.X[0], 3);
153 P(local.D, local.A, local.B, local.C, local.X[4], 5);
154 P(local.C, local.D, local.A, local.B, local.X[8], 9);
155 P(local.B, local.C, local.D, local.A, local.X[12], 13);
156 P(local.A, local.B, local.C, local.D, local.X[1], 3);
157 P(local.D, local.A, local.B, local.C, local.X[5], 5);
158 P(local.C, local.D, local.A, local.B, local.X[9], 9);
159 P(local.B, local.C, local.D, local.A, local.X[13], 13);
160 P(local.A, local.B, local.C, local.D, local.X[2], 3);
161 P(local.D, local.A, local.B, local.C, local.X[6], 5);
162 P(local.C, local.D, local.A, local.B, local.X[10], 9);
163 P(local.B, local.C, local.D, local.A, local.X[14], 13);
164 P(local.A, local.B, local.C, local.D, local.X[3], 3);
165 P(local.D, local.A, local.B, local.C, local.X[7], 5);
166 P(local.C, local.D, local.A, local.B, local.X[11], 9);
167 P(local.B, local.C, local.D, local.A, local.X[15], 13);
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]168
169#undef P
170#undef F
171
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]172#define F(x, y, z) ((x) ^ (y) ^ (z))
173#define P(a, b, c, d, x, s) \
Hanno Becker26d02e12018-10-30 09:29:25 +0000[diff] [blame]174 do \
175 { \
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]176 (a) += F((b), (c), (d)) + (x) + 0x6ED9EBA1; \
177 (a) = S((a), (s)); \
178 } while (0)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]179
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]180 P(local.A, local.B, local.C, local.D, local.X[0], 3);
181 P(local.D, local.A, local.B, local.C, local.X[8], 9);
182 P(local.C, local.D, local.A, local.B, local.X[4], 11);
183 P(local.B, local.C, local.D, local.A, local.X[12], 15);
184 P(local.A, local.B, local.C, local.D, local.X[2], 3);
185 P(local.D, local.A, local.B, local.C, local.X[10], 9);
186 P(local.C, local.D, local.A, local.B, local.X[6], 11);
187 P(local.B, local.C, local.D, local.A, local.X[14], 15);
188 P(local.A, local.B, local.C, local.D, local.X[1], 3);
189 P(local.D, local.A, local.B, local.C, local.X[9], 9);
190 P(local.C, local.D, local.A, local.B, local.X[5], 11);
191 P(local.B, local.C, local.D, local.A, local.X[13], 15);
192 P(local.A, local.B, local.C, local.D, local.X[3], 3);
193 P(local.D, local.A, local.B, local.C, local.X[11], 9);
194 P(local.C, local.D, local.A, local.B, local.X[7], 11);
195 P(local.B, local.C, local.D, local.A, local.X[15], 15);
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]196
197#undef F
198#undef P
199
gabor-mezei-arm4cb56f82020-08-25 19:12:01 +0200[diff] [blame]200 ctx->state[0] += local.A;
201 ctx->state[1] += local.B;
202 ctx->state[2] += local.C;
203 ctx->state[3] += local.D;
Andres Amaya Garciabee06352017-04-28 17:00:30 +0100[diff] [blame]204
gabor-mezei-armd1c98fc2020-08-19 14:03:06 +0200[diff] [blame]205 /* Zeroise variables to clear sensitive data from memory. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]206 mbedtls_platform_zeroize(&local, sizeof(local));
Andres Amaya Garciabee06352017-04-28 17:00:30 +0100[diff] [blame]207
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]208 return 0;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]209}
Jaeden Amero041039f2018-02-19 15:28:08 +0000[diff] [blame]210
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]211#if !defined(MBEDTLS_DEPRECATED_REMOVED)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]212void mbedtls_md4_process(mbedtls_md4_context *ctx,
213 const unsigned char data[64])
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]214{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]215 mbedtls_internal_md4_process(ctx, data);
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]216}
217#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]218#endif /* !MBEDTLS_MD4_PROCESS_ALT */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]219
220/*
221 * MD4 process buffer
222 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]223int mbedtls_md4_update_ret(mbedtls_md4_context *ctx,
224 const unsigned char *input,
225 size_t ilen)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]226{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]227 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]228 size_t fill;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]229 uint32_t left;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]230
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]231 if (ilen == 0) {
232 return 0;
233 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]234
235 left = ctx->total[0] & 0x3F;
236 fill = 64 - left;
237
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]238 ctx->total[0] += (uint32_t) ilen;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]239 ctx->total[0] &= 0xFFFFFFFF;
240
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]241 if (ctx->total[0] < (uint32_t) ilen) {
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]242 ctx->total[1]++;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]243 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]244
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]245 if (left && ilen >= fill) {
246 memcpy((void *) (ctx->buffer + left),
247 (void *) input, fill);
Andres Amaya Garciabee06352017-04-28 17:00:30 +0100[diff] [blame]248
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]249 if ((ret = mbedtls_internal_md4_process(ctx, ctx->buffer)) != 0) {
250 return ret;
251 }
Andres Amaya Garciabee06352017-04-28 17:00:30 +0100[diff] [blame]252
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]253 input += fill;
254 ilen -= fill;
255 left = 0;
256 }
257
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]258 while (ilen >= 64) {
259 if ((ret = mbedtls_internal_md4_process(ctx, input)) != 0) {
260 return ret;
261 }
Andres Amaya Garciabee06352017-04-28 17:00:30 +0100[diff] [blame]262
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]263 input += 64;
264 ilen -= 64;
265 }
266
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]267 if (ilen > 0) {
268 memcpy((void *) (ctx->buffer + left),
269 (void *) input, ilen);
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]270 }
Andres Amaya Garciabee06352017-04-28 17:00:30 +0100[diff] [blame]271
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]272 return 0;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]273}
274
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]275#if !defined(MBEDTLS_DEPRECATED_REMOVED)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]276void mbedtls_md4_update(mbedtls_md4_context *ctx,
277 const unsigned char *input,
278 size_t ilen)
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]279{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]280 mbedtls_md4_update_ret(ctx, input, ilen);
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]281}
282#endif
283
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]284static const unsigned char md4_padding[64] =
285{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]286 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]287 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
288 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
289 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
290};
291
292/*
293 * MD4 final digest
294 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]295int mbedtls_md4_finish_ret(mbedtls_md4_context *ctx,
296 unsigned char output[16])
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]297{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]298 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]299 uint32_t last, padn;
300 uint32_t high, low;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]301 unsigned char msglen[8];
302
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]303 high = (ctx->total[0] >> 29)
304 | (ctx->total[1] << 3);
305 low = (ctx->total[0] << 3);
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]306
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]307 MBEDTLS_PUT_UINT32_LE(low, msglen, 0);
308 MBEDTLS_PUT_UINT32_LE(high, msglen, 4);
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]309
310 last = ctx->total[0] & 0x3F;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]311 padn = (last < 56) ? (56 - last) : (120 - last);
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]312
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]313 ret = mbedtls_md4_update_ret(ctx, (unsigned char *) md4_padding, padn);
314 if (ret != 0) {
315 return ret;
316 }
Andres Amaya Garciabee06352017-04-28 17:00:30 +0100[diff] [blame]317
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]318 if ((ret = mbedtls_md4_update_ret(ctx, msglen, 8)) != 0) {
319 return ret;
320 }
Andres Amaya Garciabee06352017-04-28 17:00:30 +0100[diff] [blame]321
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]322
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]323 MBEDTLS_PUT_UINT32_LE(ctx->state[0], output, 0);
324 MBEDTLS_PUT_UINT32_LE(ctx->state[1], output, 4);
325 MBEDTLS_PUT_UINT32_LE(ctx->state[2], output, 8);
326 MBEDTLS_PUT_UINT32_LE(ctx->state[3], output, 12);
Andres Amaya Garciabee06352017-04-28 17:00:30 +0100[diff] [blame]327
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]328 return 0;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]329}
330
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]331#if !defined(MBEDTLS_DEPRECATED_REMOVED)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]332void mbedtls_md4_finish(mbedtls_md4_context *ctx,
333 unsigned char output[16])
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]334{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]335 mbedtls_md4_finish_ret(ctx, output);
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]336}
337#endif
338
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]339#endif /* !MBEDTLS_MD4_ALT */
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]340
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]341/*
342 * output = MD4( input buffer )
343 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]344int mbedtls_md4_ret(const unsigned char *input,
345 size_t ilen,
346 unsigned char output[16])
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]347{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]348 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]349 mbedtls_md4_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]350
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]351 mbedtls_md4_init(&ctx);
Andres Amaya Garciabee06352017-04-28 17:00:30 +0100[diff] [blame]352
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]353 if ((ret = mbedtls_md4_starts_ret(&ctx)) != 0) {
Andres Amaya Garcia0963e6c2017-07-20 14:34:08 +0100[diff] [blame]354 goto exit;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]355 }
Andres Amaya Garciabee06352017-04-28 17:00:30 +0100[diff] [blame]356
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]357 if ((ret = mbedtls_md4_update_ret(&ctx, input, ilen)) != 0) {
Andres Amaya Garcia0963e6c2017-07-20 14:34:08 +0100[diff] [blame]358 goto exit;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]359 }
Andres Amaya Garciabee06352017-04-28 17:00:30 +0100[diff] [blame]360
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]361 if ((ret = mbedtls_md4_finish_ret(&ctx, output)) != 0) {
Andres Amaya Garcia0963e6c2017-07-20 14:34:08 +0100[diff] [blame]362 goto exit;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]363 }
Andres Amaya Garciabee06352017-04-28 17:00:30 +0100[diff] [blame]364
Andres Amaya Garcia0963e6c2017-07-20 14:34:08 +0100[diff] [blame]365exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]366 mbedtls_md4_free(&ctx);
Andres Amaya Garciabee06352017-04-28 17:00:30 +0100[diff] [blame]367
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]368 return ret;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]369}
370
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]371#if !defined(MBEDTLS_DEPRECATED_REMOVED)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]372void mbedtls_md4(const unsigned char *input,
373 size_t ilen,
374 unsigned char output[16])
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]375{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]376 mbedtls_md4_ret(input, ilen, output);
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]377}
378#endif
379
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]380#if defined(MBEDTLS_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]381
382/*
383 * RFC 1320 test vectors
384 */
Andres Amaya Garcia2d0aa8b2017-07-21 14:57:26 +0100[diff] [blame]385static const unsigned char md4_test_str[7][81] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]386{
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]387 { "" },
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]388 { "a" },
389 { "abc" },
390 { "message digest" },
391 { "abcdefghijklmnopqrstuvwxyz" },
392 { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
Guido Vranken962e4ee2020-08-21 21:08:56 +0200[diff] [blame]393 { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]394};
395
Andres Amaya Garcia2d0aa8b2017-07-21 14:57:26 +0100[diff] [blame]396static const size_t md4_test_strlen[7] =
397{
398 0, 1, 3, 14, 26, 62, 80
399};
400
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]401static const unsigned char md4_test_sum[7][16] =
402{
403 { 0x31, 0xD6, 0xCF, 0xE0, 0xD1, 0x6A, 0xE9, 0x31,
404 0xB7, 0x3C, 0x59, 0xD7, 0xE0, 0xC0, 0x89, 0xC0 },
405 { 0xBD, 0xE5, 0x2C, 0xB3, 0x1D, 0xE3, 0x3E, 0x46,
406 0x24, 0x5E, 0x05, 0xFB, 0xDB, 0xD6, 0xFB, 0x24 },
407 { 0xA4, 0x48, 0x01, 0x7A, 0xAF, 0x21, 0xD8, 0x52,
408 0x5F, 0xC1, 0x0A, 0xE8, 0x7A, 0xA6, 0x72, 0x9D },
409 { 0xD9, 0x13, 0x0A, 0x81, 0x64, 0x54, 0x9F, 0xE8,
410 0x18, 0x87, 0x48, 0x06, 0xE1, 0xC7, 0x01, 0x4B },
411 { 0xD7, 0x9E, 0x1C, 0x30, 0x8A, 0xA5, 0xBB, 0xCD,
412 0xEE, 0xA8, 0xED, 0x63, 0xDF, 0x41, 0x2D, 0xA9 },
413 { 0x04, 0x3F, 0x85, 0x82, 0xF2, 0x41, 0xDB, 0x35,
414 0x1C, 0xE6, 0x27, 0xE1, 0x53, 0xE7, 0xF0, 0xE4 },
415 { 0xE3, 0x3B, 0x4D, 0xDC, 0x9C, 0x38, 0xF2, 0x19,
416 0x9C, 0x3E, 0x7B, 0x16, 0x4F, 0xCC, 0x05, 0x36 }
417};
418
419/*
420 * Checkup routine
421 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]422int mbedtls_md4_self_test(int verbose)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]423{
Andres Amaya Garcia2d0aa8b2017-07-21 14:57:26 +0100[diff] [blame]424 int i, ret = 0;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]425 unsigned char md4sum[16];
426
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]427 for (i = 0; i < 7; i++) {
428 if (verbose != 0) {
429 mbedtls_printf(" MD4 test #%d: ", i + 1);
430 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]431
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]432 ret = mbedtls_md4_ret(md4_test_str[i], md4_test_strlen[i], md4sum);
433 if (ret != 0) {
Andres Amaya Garciabee06352017-04-28 17:00:30 +0100[diff] [blame]434 goto fail;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]435 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]436
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]437 if (memcmp(md4sum, md4_test_sum[i], 16) != 0) {
Andres Amaya Garcia2d0aa8b2017-07-21 14:57:26 +0100[diff] [blame]438 ret = 1;
Andres Amaya Garciabee06352017-04-28 17:00:30 +0100[diff] [blame]439 goto fail;
Andres Amaya Garcia2d0aa8b2017-07-21 14:57:26 +0100[diff] [blame]440 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]441
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]442 if (verbose != 0) {
443 mbedtls_printf("passed\n");
444 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]445 }
446
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]447 if (verbose != 0) {
448 mbedtls_printf("\n");
449 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]450
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]451 return 0;
Andres Amaya Garciabee06352017-04-28 17:00:30 +0100[diff] [blame]452
453fail:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]454 if (verbose != 0) {
455 mbedtls_printf("failed\n");
456 }
Andres Amaya Garciabee06352017-04-28 17:00:30 +0100[diff] [blame]457
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]458 return ret;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]459}
460
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]461#endif /* MBEDTLS_SELF_TEST */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]462
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]463#endif /* MBEDTLS_MD4_C */