/src/mbedtls/library/md5.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * RFC 1321 compliant MD5 implementation |
3 | | * |
4 | | * Copyright The Mbed TLS Contributors |
5 | | * SPDX-License-Identifier: Apache-2.0 |
6 | | * |
7 | | * Licensed under the Apache License, Version 2.0 (the "License"); you may |
8 | | * not use this file except in compliance with the License. |
9 | | * You may obtain a copy of the License at |
10 | | * |
11 | | * http://www.apache.org/licenses/LICENSE-2.0 |
12 | | * |
13 | | * Unless required by applicable law or agreed to in writing, software |
14 | | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
15 | | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
16 | | * See the License for the specific language governing permissions and |
17 | | * limitations under the License. |
18 | | */ |
19 | | /* |
20 | | * The MD5 algorithm was designed by Ron Rivest in 1991. |
21 | | * |
22 | | * http://www.ietf.org/rfc/rfc1321.txt |
23 | | */ |
24 | | |
25 | | #include "common.h" |
26 | | |
27 | | #if defined(MBEDTLS_MD5_C) |
28 | | |
29 | | #include "mbedtls/md5.h" |
30 | | #include "mbedtls/platform_util.h" |
31 | | #include "mbedtls/error.h" |
32 | | |
33 | | #include <string.h> |
34 | | |
35 | | #include "mbedtls/platform.h" |
36 | | |
37 | | #if !defined(MBEDTLS_MD5_ALT) |
38 | | |
39 | | void mbedtls_md5_init(mbedtls_md5_context *ctx) |
40 | 99 | { |
41 | 99 | memset(ctx, 0, sizeof(mbedtls_md5_context)); |
42 | 99 | } |
43 | | |
44 | | void mbedtls_md5_free(mbedtls_md5_context *ctx) |
45 | 99 | { |
46 | 99 | if (ctx == NULL) { |
47 | 0 | return; |
48 | 0 | } |
49 | | |
50 | 99 | mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md5_context)); |
51 | 99 | } |
52 | | |
53 | | void mbedtls_md5_clone(mbedtls_md5_context *dst, |
54 | | const mbedtls_md5_context *src) |
55 | 0 | { |
56 | 0 | *dst = *src; |
57 | 0 | } |
58 | | |
59 | | /* |
60 | | * MD5 context setup |
61 | | */ |
62 | | int mbedtls_md5_starts(mbedtls_md5_context *ctx) |
63 | 99 | { |
64 | 99 | ctx->total[0] = 0; |
65 | 99 | ctx->total[1] = 0; |
66 | | |
67 | 99 | ctx->state[0] = 0x67452301; |
68 | 99 | ctx->state[1] = 0xEFCDAB89; |
69 | 99 | ctx->state[2] = 0x98BADCFE; |
70 | 99 | ctx->state[3] = 0x10325476; |
71 | | |
72 | 99 | return 0; |
73 | 99 | } |
74 | | |
75 | | #if !defined(MBEDTLS_MD5_PROCESS_ALT) |
76 | | int mbedtls_internal_md5_process(mbedtls_md5_context *ctx, |
77 | | const unsigned char data[64]) |
78 | 396 | { |
79 | 396 | struct { |
80 | 396 | uint32_t X[16], A, B, C, D; |
81 | 396 | } local; |
82 | | |
83 | 396 | local.X[0] = MBEDTLS_GET_UINT32_LE(data, 0); |
84 | 396 | local.X[1] = MBEDTLS_GET_UINT32_LE(data, 4); |
85 | 396 | local.X[2] = MBEDTLS_GET_UINT32_LE(data, 8); |
86 | 396 | local.X[3] = MBEDTLS_GET_UINT32_LE(data, 12); |
87 | 396 | local.X[4] = MBEDTLS_GET_UINT32_LE(data, 16); |
88 | 396 | local.X[5] = MBEDTLS_GET_UINT32_LE(data, 20); |
89 | 396 | local.X[6] = MBEDTLS_GET_UINT32_LE(data, 24); |
90 | 396 | local.X[7] = MBEDTLS_GET_UINT32_LE(data, 28); |
91 | 396 | local.X[8] = MBEDTLS_GET_UINT32_LE(data, 32); |
92 | 396 | local.X[9] = MBEDTLS_GET_UINT32_LE(data, 36); |
93 | 396 | local.X[10] = MBEDTLS_GET_UINT32_LE(data, 40); |
94 | 396 | local.X[11] = MBEDTLS_GET_UINT32_LE(data, 44); |
95 | 396 | local.X[12] = MBEDTLS_GET_UINT32_LE(data, 48); |
96 | 396 | local.X[13] = MBEDTLS_GET_UINT32_LE(data, 52); |
97 | 396 | local.X[14] = MBEDTLS_GET_UINT32_LE(data, 56); |
98 | 396 | local.X[15] = MBEDTLS_GET_UINT32_LE(data, 60); |
99 | | |
100 | 396 | #define S(x, n) \ |
101 | 25.3k | (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n)))) |
102 | | |
103 | 396 | #define P(a, b, c, d, k, s, t) \ |
104 | 25.3k | do \ |
105 | 25.3k | { \ |
106 | 25.3k | (a) += F((b), (c), (d)) + local.X[(k)] + (t); \ |
107 | 25.3k | (a) = S((a), (s)) + (b); \ |
108 | 25.3k | } while (0) |
109 | | |
110 | 396 | local.A = ctx->state[0]; |
111 | 396 | local.B = ctx->state[1]; |
112 | 396 | local.C = ctx->state[2]; |
113 | 396 | local.D = ctx->state[3]; |
114 | | |
115 | 6.33k | #define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) |
116 | | |
117 | 396 | P(local.A, local.B, local.C, local.D, 0, 7, 0xD76AA478); |
118 | 396 | P(local.D, local.A, local.B, local.C, 1, 12, 0xE8C7B756); |
119 | 396 | P(local.C, local.D, local.A, local.B, 2, 17, 0x242070DB); |
120 | 396 | P(local.B, local.C, local.D, local.A, 3, 22, 0xC1BDCEEE); |
121 | 396 | P(local.A, local.B, local.C, local.D, 4, 7, 0xF57C0FAF); |
122 | 396 | P(local.D, local.A, local.B, local.C, 5, 12, 0x4787C62A); |
123 | 396 | P(local.C, local.D, local.A, local.B, 6, 17, 0xA8304613); |
124 | 396 | P(local.B, local.C, local.D, local.A, 7, 22, 0xFD469501); |
125 | 396 | P(local.A, local.B, local.C, local.D, 8, 7, 0x698098D8); |
126 | 396 | P(local.D, local.A, local.B, local.C, 9, 12, 0x8B44F7AF); |
127 | 396 | P(local.C, local.D, local.A, local.B, 10, 17, 0xFFFF5BB1); |
128 | 396 | P(local.B, local.C, local.D, local.A, 11, 22, 0x895CD7BE); |
129 | 396 | P(local.A, local.B, local.C, local.D, 12, 7, 0x6B901122); |
130 | 396 | P(local.D, local.A, local.B, local.C, 13, 12, 0xFD987193); |
131 | 396 | P(local.C, local.D, local.A, local.B, 14, 17, 0xA679438E); |
132 | 396 | P(local.B, local.C, local.D, local.A, 15, 22, 0x49B40821); |
133 | | |
134 | 396 | #undef F |
135 | | |
136 | 6.33k | #define F(x, y, z) ((y) ^ ((z) & ((x) ^ (y)))) |
137 | | |
138 | 396 | P(local.A, local.B, local.C, local.D, 1, 5, 0xF61E2562); |
139 | 396 | P(local.D, local.A, local.B, local.C, 6, 9, 0xC040B340); |
140 | 396 | P(local.C, local.D, local.A, local.B, 11, 14, 0x265E5A51); |
141 | 396 | P(local.B, local.C, local.D, local.A, 0, 20, 0xE9B6C7AA); |
142 | 396 | P(local.A, local.B, local.C, local.D, 5, 5, 0xD62F105D); |
143 | 396 | P(local.D, local.A, local.B, local.C, 10, 9, 0x02441453); |
144 | 396 | P(local.C, local.D, local.A, local.B, 15, 14, 0xD8A1E681); |
145 | 396 | P(local.B, local.C, local.D, local.A, 4, 20, 0xE7D3FBC8); |
146 | 396 | P(local.A, local.B, local.C, local.D, 9, 5, 0x21E1CDE6); |
147 | 396 | P(local.D, local.A, local.B, local.C, 14, 9, 0xC33707D6); |
148 | 396 | P(local.C, local.D, local.A, local.B, 3, 14, 0xF4D50D87); |
149 | 396 | P(local.B, local.C, local.D, local.A, 8, 20, 0x455A14ED); |
150 | 396 | P(local.A, local.B, local.C, local.D, 13, 5, 0xA9E3E905); |
151 | 396 | P(local.D, local.A, local.B, local.C, 2, 9, 0xFCEFA3F8); |
152 | 396 | P(local.C, local.D, local.A, local.B, 7, 14, 0x676F02D9); |
153 | 396 | P(local.B, local.C, local.D, local.A, 12, 20, 0x8D2A4C8A); |
154 | | |
155 | 396 | #undef F |
156 | | |
157 | 6.33k | #define F(x, y, z) ((x) ^ (y) ^ (z)) |
158 | | |
159 | 396 | P(local.A, local.B, local.C, local.D, 5, 4, 0xFFFA3942); |
160 | 396 | P(local.D, local.A, local.B, local.C, 8, 11, 0x8771F681); |
161 | 396 | P(local.C, local.D, local.A, local.B, 11, 16, 0x6D9D6122); |
162 | 396 | P(local.B, local.C, local.D, local.A, 14, 23, 0xFDE5380C); |
163 | 396 | P(local.A, local.B, local.C, local.D, 1, 4, 0xA4BEEA44); |
164 | 396 | P(local.D, local.A, local.B, local.C, 4, 11, 0x4BDECFA9); |
165 | 396 | P(local.C, local.D, local.A, local.B, 7, 16, 0xF6BB4B60); |
166 | 396 | P(local.B, local.C, local.D, local.A, 10, 23, 0xBEBFBC70); |
167 | 396 | P(local.A, local.B, local.C, local.D, 13, 4, 0x289B7EC6); |
168 | 396 | P(local.D, local.A, local.B, local.C, 0, 11, 0xEAA127FA); |
169 | 396 | P(local.C, local.D, local.A, local.B, 3, 16, 0xD4EF3085); |
170 | 396 | P(local.B, local.C, local.D, local.A, 6, 23, 0x04881D05); |
171 | 396 | P(local.A, local.B, local.C, local.D, 9, 4, 0xD9D4D039); |
172 | 396 | P(local.D, local.A, local.B, local.C, 12, 11, 0xE6DB99E5); |
173 | 396 | P(local.C, local.D, local.A, local.B, 15, 16, 0x1FA27CF8); |
174 | 396 | P(local.B, local.C, local.D, local.A, 2, 23, 0xC4AC5665); |
175 | | |
176 | 396 | #undef F |
177 | | |
178 | 6.33k | #define F(x, y, z) ((y) ^ ((x) | ~(z))) |
179 | | |
180 | 396 | P(local.A, local.B, local.C, local.D, 0, 6, 0xF4292244); |
181 | 396 | P(local.D, local.A, local.B, local.C, 7, 10, 0x432AFF97); |
182 | 396 | P(local.C, local.D, local.A, local.B, 14, 15, 0xAB9423A7); |
183 | 396 | P(local.B, local.C, local.D, local.A, 5, 21, 0xFC93A039); |
184 | 396 | P(local.A, local.B, local.C, local.D, 12, 6, 0x655B59C3); |
185 | 396 | P(local.D, local.A, local.B, local.C, 3, 10, 0x8F0CCC92); |
186 | 396 | P(local.C, local.D, local.A, local.B, 10, 15, 0xFFEFF47D); |
187 | 396 | P(local.B, local.C, local.D, local.A, 1, 21, 0x85845DD1); |
188 | 396 | P(local.A, local.B, local.C, local.D, 8, 6, 0x6FA87E4F); |
189 | 396 | P(local.D, local.A, local.B, local.C, 15, 10, 0xFE2CE6E0); |
190 | 396 | P(local.C, local.D, local.A, local.B, 6, 15, 0xA3014314); |
191 | 396 | P(local.B, local.C, local.D, local.A, 13, 21, 0x4E0811A1); |
192 | 396 | P(local.A, local.B, local.C, local.D, 4, 6, 0xF7537E82); |
193 | 396 | P(local.D, local.A, local.B, local.C, 11, 10, 0xBD3AF235); |
194 | 396 | P(local.C, local.D, local.A, local.B, 2, 15, 0x2AD7D2BB); |
195 | 396 | P(local.B, local.C, local.D, local.A, 9, 21, 0xEB86D391); |
196 | | |
197 | 396 | #undef F |
198 | | |
199 | 396 | ctx->state[0] += local.A; |
200 | 396 | ctx->state[1] += local.B; |
201 | 396 | ctx->state[2] += local.C; |
202 | 396 | ctx->state[3] += local.D; |
203 | | |
204 | | /* Zeroise variables to clear sensitive data from memory. */ |
205 | 396 | mbedtls_platform_zeroize(&local, sizeof(local)); |
206 | | |
207 | 396 | return 0; |
208 | 396 | } |
209 | | |
210 | | #endif /* !MBEDTLS_MD5_PROCESS_ALT */ |
211 | | |
212 | | /* |
213 | | * MD5 process buffer |
214 | | */ |
215 | | int mbedtls_md5_update(mbedtls_md5_context *ctx, |
216 | | const unsigned char *input, |
217 | | size_t ilen) |
218 | 198 | { |
219 | 198 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
220 | 198 | size_t fill; |
221 | 198 | uint32_t left; |
222 | | |
223 | 198 | if (ilen == 0) { |
224 | 0 | return 0; |
225 | 0 | } |
226 | | |
227 | 198 | left = ctx->total[0] & 0x3F; |
228 | 198 | fill = 64 - left; |
229 | | |
230 | 198 | ctx->total[0] += (uint32_t) ilen; |
231 | 198 | ctx->total[0] &= 0xFFFFFFFF; |
232 | | |
233 | 198 | if (ctx->total[0] < (uint32_t) ilen) { |
234 | 0 | ctx->total[1]++; |
235 | 0 | } |
236 | | |
237 | 198 | if (left && ilen >= fill) { |
238 | 0 | memcpy((void *) (ctx->buffer + left), input, fill); |
239 | 0 | if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) { |
240 | 0 | return ret; |
241 | 0 | } |
242 | | |
243 | 0 | input += fill; |
244 | 0 | ilen -= fill; |
245 | 0 | left = 0; |
246 | 0 | } |
247 | | |
248 | 495 | while (ilen >= 64) { |
249 | 297 | if ((ret = mbedtls_internal_md5_process(ctx, input)) != 0) { |
250 | 0 | return ret; |
251 | 0 | } |
252 | | |
253 | 297 | input += 64; |
254 | 297 | ilen -= 64; |
255 | 297 | } |
256 | | |
257 | 198 | if (ilen > 0) { |
258 | 99 | memcpy((void *) (ctx->buffer + left), input, ilen); |
259 | 99 | } |
260 | | |
261 | 198 | return 0; |
262 | 198 | } |
263 | | |
264 | | /* |
265 | | * MD5 final digest |
266 | | */ |
267 | | int mbedtls_md5_finish(mbedtls_md5_context *ctx, |
268 | | unsigned char output[16]) |
269 | 99 | { |
270 | 99 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
271 | 99 | uint32_t used; |
272 | 99 | uint32_t high, low; |
273 | | |
274 | | /* |
275 | | * Add padding: 0x80 then 0x00 until 8 bytes remain for the length |
276 | | */ |
277 | 99 | used = ctx->total[0] & 0x3F; |
278 | | |
279 | 99 | ctx->buffer[used++] = 0x80; |
280 | | |
281 | 99 | if (used <= 56) { |
282 | | /* Enough room for padding + length in current block */ |
283 | 99 | memset(ctx->buffer + used, 0, 56 - used); |
284 | 99 | } else { |
285 | | /* We'll need an extra block */ |
286 | 0 | memset(ctx->buffer + used, 0, 64 - used); |
287 | |
|
288 | 0 | if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) { |
289 | 0 | return ret; |
290 | 0 | } |
291 | | |
292 | 0 | memset(ctx->buffer, 0, 56); |
293 | 0 | } |
294 | | |
295 | | /* |
296 | | * Add message length |
297 | | */ |
298 | 99 | high = (ctx->total[0] >> 29) |
299 | 99 | | (ctx->total[1] << 3); |
300 | 99 | low = (ctx->total[0] << 3); |
301 | | |
302 | 99 | MBEDTLS_PUT_UINT32_LE(low, ctx->buffer, 56); |
303 | 99 | MBEDTLS_PUT_UINT32_LE(high, ctx->buffer, 60); |
304 | | |
305 | 99 | if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) { |
306 | 0 | return ret; |
307 | 0 | } |
308 | | |
309 | | /* |
310 | | * Output final state |
311 | | */ |
312 | 99 | MBEDTLS_PUT_UINT32_LE(ctx->state[0], output, 0); |
313 | 99 | MBEDTLS_PUT_UINT32_LE(ctx->state[1], output, 4); |
314 | 99 | MBEDTLS_PUT_UINT32_LE(ctx->state[2], output, 8); |
315 | 99 | MBEDTLS_PUT_UINT32_LE(ctx->state[3], output, 12); |
316 | | |
317 | 99 | return 0; |
318 | 99 | } |
319 | | |
320 | | #endif /* !MBEDTLS_MD5_ALT */ |
321 | | |
322 | | /* |
323 | | * output = MD5( input buffer ) |
324 | | */ |
325 | | int mbedtls_md5(const unsigned char *input, |
326 | | size_t ilen, |
327 | | unsigned char output[16]) |
328 | 0 | { |
329 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
330 | 0 | mbedtls_md5_context ctx; |
331 | |
|
332 | 0 | mbedtls_md5_init(&ctx); |
333 | |
|
334 | 0 | if ((ret = mbedtls_md5_starts(&ctx)) != 0) { |
335 | 0 | goto exit; |
336 | 0 | } |
337 | | |
338 | 0 | if ((ret = mbedtls_md5_update(&ctx, input, ilen)) != 0) { |
339 | 0 | goto exit; |
340 | 0 | } |
341 | | |
342 | 0 | if ((ret = mbedtls_md5_finish(&ctx, output)) != 0) { |
343 | 0 | goto exit; |
344 | 0 | } |
345 | | |
346 | 0 | exit: |
347 | 0 | mbedtls_md5_free(&ctx); |
348 | |
|
349 | 0 | return ret; |
350 | 0 | } |
351 | | |
352 | | #if defined(MBEDTLS_SELF_TEST) |
353 | | /* |
354 | | * RFC 1321 test vectors |
355 | | */ |
356 | | static const unsigned char md5_test_buf[7][81] = |
357 | | { |
358 | | { "" }, |
359 | | { "a" }, |
360 | | { "abc" }, |
361 | | { "message digest" }, |
362 | | { "abcdefghijklmnopqrstuvwxyz" }, |
363 | | { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, |
364 | | { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" } |
365 | | }; |
366 | | |
367 | | static const size_t md5_test_buflen[7] = |
368 | | { |
369 | | 0, 1, 3, 14, 26, 62, 80 |
370 | | }; |
371 | | |
372 | | static const unsigned char md5_test_sum[7][16] = |
373 | | { |
374 | | { 0xD4, 0x1D, 0x8C, 0xD9, 0x8F, 0x00, 0xB2, 0x04, |
375 | | 0xE9, 0x80, 0x09, 0x98, 0xEC, 0xF8, 0x42, 0x7E }, |
376 | | { 0x0C, 0xC1, 0x75, 0xB9, 0xC0, 0xF1, 0xB6, 0xA8, |
377 | | 0x31, 0xC3, 0x99, 0xE2, 0x69, 0x77, 0x26, 0x61 }, |
378 | | { 0x90, 0x01, 0x50, 0x98, 0x3C, 0xD2, 0x4F, 0xB0, |
379 | | 0xD6, 0x96, 0x3F, 0x7D, 0x28, 0xE1, 0x7F, 0x72 }, |
380 | | { 0xF9, 0x6B, 0x69, 0x7D, 0x7C, 0xB7, 0x93, 0x8D, |
381 | | 0x52, 0x5A, 0x2F, 0x31, 0xAA, 0xF1, 0x61, 0xD0 }, |
382 | | { 0xC3, 0xFC, 0xD3, 0xD7, 0x61, 0x92, 0xE4, 0x00, |
383 | | 0x7D, 0xFB, 0x49, 0x6C, 0xCA, 0x67, 0xE1, 0x3B }, |
384 | | { 0xD1, 0x74, 0xAB, 0x98, 0xD2, 0x77, 0xD9, 0xF5, |
385 | | 0xA5, 0x61, 0x1C, 0x2C, 0x9F, 0x41, 0x9D, 0x9F }, |
386 | | { 0x57, 0xED, 0xF4, 0xA2, 0x2B, 0xE3, 0xC9, 0x55, |
387 | | 0xAC, 0x49, 0xDA, 0x2E, 0x21, 0x07, 0xB6, 0x7A } |
388 | | }; |
389 | | |
390 | | /* |
391 | | * Checkup routine |
392 | | */ |
393 | | int mbedtls_md5_self_test(int verbose) |
394 | 0 | { |
395 | 0 | int i, ret = 0; |
396 | 0 | unsigned char md5sum[16]; |
397 | |
|
398 | 0 | for (i = 0; i < 7; i++) { |
399 | 0 | if (verbose != 0) { |
400 | 0 | mbedtls_printf(" MD5 test #%d: ", i + 1); |
401 | 0 | } |
402 | |
|
403 | 0 | ret = mbedtls_md5(md5_test_buf[i], md5_test_buflen[i], md5sum); |
404 | 0 | if (ret != 0) { |
405 | 0 | goto fail; |
406 | 0 | } |
407 | | |
408 | 0 | if (memcmp(md5sum, md5_test_sum[i], 16) != 0) { |
409 | 0 | ret = 1; |
410 | 0 | goto fail; |
411 | 0 | } |
412 | | |
413 | 0 | if (verbose != 0) { |
414 | 0 | mbedtls_printf("passed\n"); |
415 | 0 | } |
416 | 0 | } |
417 | | |
418 | 0 | if (verbose != 0) { |
419 | 0 | mbedtls_printf("\n"); |
420 | 0 | } |
421 | |
|
422 | 0 | return 0; |
423 | | |
424 | 0 | fail: |
425 | 0 | if (verbose != 0) { |
426 | 0 | mbedtls_printf("failed\n"); |
427 | 0 | } |
428 | |
|
429 | 0 | return ret; |
430 | 0 | } |
431 | | |
432 | | #endif /* MBEDTLS_SELF_TEST */ |
433 | | |
434 | | #endif /* MBEDTLS_MD5_C */ |