md5.c (12545B)
1 /* 2 * RFC 1321 compliant MD5 implementation 3 * 4 * Copyright The Mbed TLS Contributors 5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 6 */ 7 /* 8 * The MD5 algorithm was designed by Ron Rivest in 1991. 9 * 10 * http://www.ietf.org/rfc/rfc1321.txt 11 */ 12 13 #include "common.h" 14 15 #if defined(MBEDTLS_MD5_C) 16 17 #include "mbedtls/md5.h" 18 #include "mbedtls/platform_util.h" 19 #include "mbedtls/error.h" 20 21 #include <string.h> 22 23 #include "mbedtls/platform.h" 24 25 #if !defined(MBEDTLS_MD5_ALT) 26 27 void mbedtls_md5_init(mbedtls_md5_context *ctx) 28 { 29 memset(ctx, 0, sizeof(mbedtls_md5_context)); 30 } 31 32 void mbedtls_md5_free(mbedtls_md5_context *ctx) 33 { 34 if (ctx == NULL) { 35 return; 36 } 37 38 mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md5_context)); 39 } 40 41 void mbedtls_md5_clone(mbedtls_md5_context *dst, 42 const mbedtls_md5_context *src) 43 { 44 *dst = *src; 45 } 46 47 /* 48 * MD5 context setup 49 */ 50 int mbedtls_md5_starts(mbedtls_md5_context *ctx) 51 { 52 ctx->total[0] = 0; 53 ctx->total[1] = 0; 54 55 ctx->state[0] = 0x67452301; 56 ctx->state[1] = 0xEFCDAB89; 57 ctx->state[2] = 0x98BADCFE; 58 ctx->state[3] = 0x10325476; 59 60 return 0; 61 } 62 63 #if !defined(MBEDTLS_MD5_PROCESS_ALT) 64 int mbedtls_internal_md5_process(mbedtls_md5_context *ctx, 65 const unsigned char data[64]) 66 { 67 struct { 68 uint32_t X[16], A, B, C, D; 69 } local; 70 71 local.X[0] = MBEDTLS_GET_UINT32_LE(data, 0); 72 local.X[1] = MBEDTLS_GET_UINT32_LE(data, 4); 73 local.X[2] = MBEDTLS_GET_UINT32_LE(data, 8); 74 local.X[3] = MBEDTLS_GET_UINT32_LE(data, 12); 75 local.X[4] = MBEDTLS_GET_UINT32_LE(data, 16); 76 local.X[5] = MBEDTLS_GET_UINT32_LE(data, 20); 77 local.X[6] = MBEDTLS_GET_UINT32_LE(data, 24); 78 local.X[7] = MBEDTLS_GET_UINT32_LE(data, 28); 79 local.X[8] = MBEDTLS_GET_UINT32_LE(data, 32); 80 local.X[9] = MBEDTLS_GET_UINT32_LE(data, 36); 81 local.X[10] = MBEDTLS_GET_UINT32_LE(data, 40); 82 local.X[11] = MBEDTLS_GET_UINT32_LE(data, 44); 83 local.X[12] = MBEDTLS_GET_UINT32_LE(data, 48); 84 local.X[13] = MBEDTLS_GET_UINT32_LE(data, 52); 85 local.X[14] = MBEDTLS_GET_UINT32_LE(data, 56); 86 local.X[15] = MBEDTLS_GET_UINT32_LE(data, 60); 87 88 #define S(x, n) \ 89 (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n)))) 90 91 #define P(a, b, c, d, k, s, t) \ 92 do \ 93 { \ 94 (a) += F((b), (c), (d)) + local.X[(k)] + (t); \ 95 (a) = S((a), (s)) + (b); \ 96 } while (0) 97 98 local.A = ctx->state[0]; 99 local.B = ctx->state[1]; 100 local.C = ctx->state[2]; 101 local.D = ctx->state[3]; 102 103 #define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) 104 105 P(local.A, local.B, local.C, local.D, 0, 7, 0xD76AA478); 106 P(local.D, local.A, local.B, local.C, 1, 12, 0xE8C7B756); 107 P(local.C, local.D, local.A, local.B, 2, 17, 0x242070DB); 108 P(local.B, local.C, local.D, local.A, 3, 22, 0xC1BDCEEE); 109 P(local.A, local.B, local.C, local.D, 4, 7, 0xF57C0FAF); 110 P(local.D, local.A, local.B, local.C, 5, 12, 0x4787C62A); 111 P(local.C, local.D, local.A, local.B, 6, 17, 0xA8304613); 112 P(local.B, local.C, local.D, local.A, 7, 22, 0xFD469501); 113 P(local.A, local.B, local.C, local.D, 8, 7, 0x698098D8); 114 P(local.D, local.A, local.B, local.C, 9, 12, 0x8B44F7AF); 115 P(local.C, local.D, local.A, local.B, 10, 17, 0xFFFF5BB1); 116 P(local.B, local.C, local.D, local.A, 11, 22, 0x895CD7BE); 117 P(local.A, local.B, local.C, local.D, 12, 7, 0x6B901122); 118 P(local.D, local.A, local.B, local.C, 13, 12, 0xFD987193); 119 P(local.C, local.D, local.A, local.B, 14, 17, 0xA679438E); 120 P(local.B, local.C, local.D, local.A, 15, 22, 0x49B40821); 121 122 #undef F 123 124 #define F(x, y, z) ((y) ^ ((z) & ((x) ^ (y)))) 125 126 P(local.A, local.B, local.C, local.D, 1, 5, 0xF61E2562); 127 P(local.D, local.A, local.B, local.C, 6, 9, 0xC040B340); 128 P(local.C, local.D, local.A, local.B, 11, 14, 0x265E5A51); 129 P(local.B, local.C, local.D, local.A, 0, 20, 0xE9B6C7AA); 130 P(local.A, local.B, local.C, local.D, 5, 5, 0xD62F105D); 131 P(local.D, local.A, local.B, local.C, 10, 9, 0x02441453); 132 P(local.C, local.D, local.A, local.B, 15, 14, 0xD8A1E681); 133 P(local.B, local.C, local.D, local.A, 4, 20, 0xE7D3FBC8); 134 P(local.A, local.B, local.C, local.D, 9, 5, 0x21E1CDE6); 135 P(local.D, local.A, local.B, local.C, 14, 9, 0xC33707D6); 136 P(local.C, local.D, local.A, local.B, 3, 14, 0xF4D50D87); 137 P(local.B, local.C, local.D, local.A, 8, 20, 0x455A14ED); 138 P(local.A, local.B, local.C, local.D, 13, 5, 0xA9E3E905); 139 P(local.D, local.A, local.B, local.C, 2, 9, 0xFCEFA3F8); 140 P(local.C, local.D, local.A, local.B, 7, 14, 0x676F02D9); 141 P(local.B, local.C, local.D, local.A, 12, 20, 0x8D2A4C8A); 142 143 #undef F 144 145 #define F(x, y, z) ((x) ^ (y) ^ (z)) 146 147 P(local.A, local.B, local.C, local.D, 5, 4, 0xFFFA3942); 148 P(local.D, local.A, local.B, local.C, 8, 11, 0x8771F681); 149 P(local.C, local.D, local.A, local.B, 11, 16, 0x6D9D6122); 150 P(local.B, local.C, local.D, local.A, 14, 23, 0xFDE5380C); 151 P(local.A, local.B, local.C, local.D, 1, 4, 0xA4BEEA44); 152 P(local.D, local.A, local.B, local.C, 4, 11, 0x4BDECFA9); 153 P(local.C, local.D, local.A, local.B, 7, 16, 0xF6BB4B60); 154 P(local.B, local.C, local.D, local.A, 10, 23, 0xBEBFBC70); 155 P(local.A, local.B, local.C, local.D, 13, 4, 0x289B7EC6); 156 P(local.D, local.A, local.B, local.C, 0, 11, 0xEAA127FA); 157 P(local.C, local.D, local.A, local.B, 3, 16, 0xD4EF3085); 158 P(local.B, local.C, local.D, local.A, 6, 23, 0x04881D05); 159 P(local.A, local.B, local.C, local.D, 9, 4, 0xD9D4D039); 160 P(local.D, local.A, local.B, local.C, 12, 11, 0xE6DB99E5); 161 P(local.C, local.D, local.A, local.B, 15, 16, 0x1FA27CF8); 162 P(local.B, local.C, local.D, local.A, 2, 23, 0xC4AC5665); 163 164 #undef F 165 166 #define F(x, y, z) ((y) ^ ((x) | ~(z))) 167 168 P(local.A, local.B, local.C, local.D, 0, 6, 0xF4292244); 169 P(local.D, local.A, local.B, local.C, 7, 10, 0x432AFF97); 170 P(local.C, local.D, local.A, local.B, 14, 15, 0xAB9423A7); 171 P(local.B, local.C, local.D, local.A, 5, 21, 0xFC93A039); 172 P(local.A, local.B, local.C, local.D, 12, 6, 0x655B59C3); 173 P(local.D, local.A, local.B, local.C, 3, 10, 0x8F0CCC92); 174 P(local.C, local.D, local.A, local.B, 10, 15, 0xFFEFF47D); 175 P(local.B, local.C, local.D, local.A, 1, 21, 0x85845DD1); 176 P(local.A, local.B, local.C, local.D, 8, 6, 0x6FA87E4F); 177 P(local.D, local.A, local.B, local.C, 15, 10, 0xFE2CE6E0); 178 P(local.C, local.D, local.A, local.B, 6, 15, 0xA3014314); 179 P(local.B, local.C, local.D, local.A, 13, 21, 0x4E0811A1); 180 P(local.A, local.B, local.C, local.D, 4, 6, 0xF7537E82); 181 P(local.D, local.A, local.B, local.C, 11, 10, 0xBD3AF235); 182 P(local.C, local.D, local.A, local.B, 2, 15, 0x2AD7D2BB); 183 P(local.B, local.C, local.D, local.A, 9, 21, 0xEB86D391); 184 185 #undef F 186 187 ctx->state[0] += local.A; 188 ctx->state[1] += local.B; 189 ctx->state[2] += local.C; 190 ctx->state[3] += local.D; 191 192 /* Zeroise variables to clear sensitive data from memory. */ 193 mbedtls_platform_zeroize(&local, sizeof(local)); 194 195 return 0; 196 } 197 198 #endif /* !MBEDTLS_MD5_PROCESS_ALT */ 199 200 /* 201 * MD5 process buffer 202 */ 203 int mbedtls_md5_update(mbedtls_md5_context *ctx, 204 const unsigned char *input, 205 size_t ilen) 206 { 207 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 208 size_t fill; 209 uint32_t left; 210 211 if (ilen == 0) { 212 return 0; 213 } 214 215 left = ctx->total[0] & 0x3F; 216 fill = 64 - left; 217 218 ctx->total[0] += (uint32_t) ilen; 219 ctx->total[0] &= 0xFFFFFFFF; 220 221 if (ctx->total[0] < (uint32_t) ilen) { 222 ctx->total[1]++; 223 } 224 225 if (left && ilen >= fill) { 226 memcpy((void *) (ctx->buffer + left), input, fill); 227 if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) { 228 return ret; 229 } 230 231 input += fill; 232 ilen -= fill; 233 left = 0; 234 } 235 236 while (ilen >= 64) { 237 if ((ret = mbedtls_internal_md5_process(ctx, input)) != 0) { 238 return ret; 239 } 240 241 input += 64; 242 ilen -= 64; 243 } 244 245 if (ilen > 0) { 246 memcpy((void *) (ctx->buffer + left), input, ilen); 247 } 248 249 return 0; 250 } 251 252 /* 253 * MD5 final digest 254 */ 255 int mbedtls_md5_finish(mbedtls_md5_context *ctx, 256 unsigned char output[16]) 257 { 258 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 259 uint32_t used; 260 uint32_t high, low; 261 262 /* 263 * Add padding: 0x80 then 0x00 until 8 bytes remain for the length 264 */ 265 used = ctx->total[0] & 0x3F; 266 267 ctx->buffer[used++] = 0x80; 268 269 if (used <= 56) { 270 /* Enough room for padding + length in current block */ 271 memset(ctx->buffer + used, 0, 56 - used); 272 } else { 273 /* We'll need an extra block */ 274 memset(ctx->buffer + used, 0, 64 - used); 275 276 if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) { 277 goto exit; 278 } 279 280 memset(ctx->buffer, 0, 56); 281 } 282 283 /* 284 * Add message length 285 */ 286 high = (ctx->total[0] >> 29) 287 | (ctx->total[1] << 3); 288 low = (ctx->total[0] << 3); 289 290 MBEDTLS_PUT_UINT32_LE(low, ctx->buffer, 56); 291 MBEDTLS_PUT_UINT32_LE(high, ctx->buffer, 60); 292 293 if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) { 294 goto exit; 295 } 296 297 /* 298 * Output final state 299 */ 300 MBEDTLS_PUT_UINT32_LE(ctx->state[0], output, 0); 301 MBEDTLS_PUT_UINT32_LE(ctx->state[1], output, 4); 302 MBEDTLS_PUT_UINT32_LE(ctx->state[2], output, 8); 303 MBEDTLS_PUT_UINT32_LE(ctx->state[3], output, 12); 304 305 ret = 0; 306 307 exit: 308 mbedtls_md5_free(ctx); 309 return ret; 310 } 311 312 #endif /* !MBEDTLS_MD5_ALT */ 313 314 /* 315 * output = MD5( input buffer ) 316 */ 317 int mbedtls_md5(const unsigned char *input, 318 size_t ilen, 319 unsigned char output[16]) 320 { 321 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 322 mbedtls_md5_context ctx; 323 324 mbedtls_md5_init(&ctx); 325 326 if ((ret = mbedtls_md5_starts(&ctx)) != 0) { 327 goto exit; 328 } 329 330 if ((ret = mbedtls_md5_update(&ctx, input, ilen)) != 0) { 331 goto exit; 332 } 333 334 if ((ret = mbedtls_md5_finish(&ctx, output)) != 0) { 335 goto exit; 336 } 337 338 exit: 339 mbedtls_md5_free(&ctx); 340 341 return ret; 342 } 343 344 #if defined(MBEDTLS_SELF_TEST) 345 /* 346 * RFC 1321 test vectors 347 */ 348 static const unsigned char md5_test_buf[7][81] = 349 { 350 { "" }, 351 { "a" }, 352 { "abc" }, 353 { "message digest" }, 354 { "abcdefghijklmnopqrstuvwxyz" }, 355 { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, 356 { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" } 357 }; 358 359 static const size_t md5_test_buflen[7] = 360 { 361 0, 1, 3, 14, 26, 62, 80 362 }; 363 364 static const unsigned char md5_test_sum[7][16] = 365 { 366 { 0xD4, 0x1D, 0x8C, 0xD9, 0x8F, 0x00, 0xB2, 0x04, 367 0xE9, 0x80, 0x09, 0x98, 0xEC, 0xF8, 0x42, 0x7E }, 368 { 0x0C, 0xC1, 0x75, 0xB9, 0xC0, 0xF1, 0xB6, 0xA8, 369 0x31, 0xC3, 0x99, 0xE2, 0x69, 0x77, 0x26, 0x61 }, 370 { 0x90, 0x01, 0x50, 0x98, 0x3C, 0xD2, 0x4F, 0xB0, 371 0xD6, 0x96, 0x3F, 0x7D, 0x28, 0xE1, 0x7F, 0x72 }, 372 { 0xF9, 0x6B, 0x69, 0x7D, 0x7C, 0xB7, 0x93, 0x8D, 373 0x52, 0x5A, 0x2F, 0x31, 0xAA, 0xF1, 0x61, 0xD0 }, 374 { 0xC3, 0xFC, 0xD3, 0xD7, 0x61, 0x92, 0xE4, 0x00, 375 0x7D, 0xFB, 0x49, 0x6C, 0xCA, 0x67, 0xE1, 0x3B }, 376 { 0xD1, 0x74, 0xAB, 0x98, 0xD2, 0x77, 0xD9, 0xF5, 377 0xA5, 0x61, 0x1C, 0x2C, 0x9F, 0x41, 0x9D, 0x9F }, 378 { 0x57, 0xED, 0xF4, 0xA2, 0x2B, 0xE3, 0xC9, 0x55, 379 0xAC, 0x49, 0xDA, 0x2E, 0x21, 0x07, 0xB6, 0x7A } 380 }; 381 382 /* 383 * Checkup routine 384 */ 385 int mbedtls_md5_self_test(int verbose) 386 { 387 int i, ret = 0; 388 unsigned char md5sum[16]; 389 390 for (i = 0; i < 7; i++) { 391 if (verbose != 0) { 392 mbedtls_printf(" MD5 test #%d: ", i + 1); 393 } 394 395 ret = mbedtls_md5(md5_test_buf[i], md5_test_buflen[i], md5sum); 396 if (ret != 0) { 397 goto fail; 398 } 399 400 if (memcmp(md5sum, md5_test_sum[i], 16) != 0) { 401 ret = 1; 402 goto fail; 403 } 404 405 if (verbose != 0) { 406 mbedtls_printf("passed\n"); 407 } 408 } 409 410 if (verbose != 0) { 411 mbedtls_printf("\n"); 412 } 413 414 return 0; 415 416 fail: 417 if (verbose != 0) { 418 mbedtls_printf("failed\n"); 419 } 420 421 return ret; 422 } 423 424 #endif /* MBEDTLS_SELF_TEST */ 425 426 #endif /* MBEDTLS_MD5_C */