Coverage Report

Created: 2024-01-20 12:32

/src/mbedtls/library/md5.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 *  RFC 1321 compliant MD5 implementation
3
 *
4
 *  Copyright The Mbed TLS Contributors
5
 *  SPDX-License-Identifier: Apache-2.0
6
 *
7
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
8
 *  not use this file except in compliance with the License.
9
 *  You may obtain a copy of the License at
10
 *
11
 *  http://www.apache.org/licenses/LICENSE-2.0
12
 *
13
 *  Unless required by applicable law or agreed to in writing, software
14
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16
 *  See the License for the specific language governing permissions and
17
 *  limitations under the License.
18
 */
19
/*
20
 *  The MD5 algorithm was designed by Ron Rivest in 1991.
21
 *
22
 *  http://www.ietf.org/rfc/rfc1321.txt
23
 */
24
25
#include "common.h"
26
27
#if defined(MBEDTLS_MD5_C)
28
29
#include "mbedtls/md5.h"
30
#include "mbedtls/platform_util.h"
31
#include "mbedtls/error.h"
32
33
#include <string.h>
34
35
#include "mbedtls/platform.h"
36
37
#if !defined(MBEDTLS_MD5_ALT)
38
39
void mbedtls_md5_init(mbedtls_md5_context *ctx)
40
99
{
41
99
    memset(ctx, 0, sizeof(mbedtls_md5_context));
42
99
}
43
44
void mbedtls_md5_free(mbedtls_md5_context *ctx)
45
99
{
46
99
    if (ctx == NULL) {
47
0
        return;
48
0
    }
49
50
99
    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md5_context));
51
99
}
52
53
void mbedtls_md5_clone(mbedtls_md5_context *dst,
54
                       const mbedtls_md5_context *src)
55
0
{
56
0
    *dst = *src;
57
0
}
58
59
/*
60
 * MD5 context setup
61
 */
62
int mbedtls_md5_starts(mbedtls_md5_context *ctx)
63
99
{
64
99
    ctx->total[0] = 0;
65
99
    ctx->total[1] = 0;
66
67
99
    ctx->state[0] = 0x67452301;
68
99
    ctx->state[1] = 0xEFCDAB89;
69
99
    ctx->state[2] = 0x98BADCFE;
70
99
    ctx->state[3] = 0x10325476;
71
72
99
    return 0;
73
99
}
74
75
#if !defined(MBEDTLS_MD5_PROCESS_ALT)
76
int mbedtls_internal_md5_process(mbedtls_md5_context *ctx,
77
                                 const unsigned char data[64])
78
396
{
79
396
    struct {
80
396
        uint32_t X[16], A, B, C, D;
81
396
    } local;
82
83
396
    local.X[0] = MBEDTLS_GET_UINT32_LE(data,  0);
84
396
    local.X[1] = MBEDTLS_GET_UINT32_LE(data,  4);
85
396
    local.X[2] = MBEDTLS_GET_UINT32_LE(data,  8);
86
396
    local.X[3] = MBEDTLS_GET_UINT32_LE(data, 12);
87
396
    local.X[4] = MBEDTLS_GET_UINT32_LE(data, 16);
88
396
    local.X[5] = MBEDTLS_GET_UINT32_LE(data, 20);
89
396
    local.X[6] = MBEDTLS_GET_UINT32_LE(data, 24);
90
396
    local.X[7] = MBEDTLS_GET_UINT32_LE(data, 28);
91
396
    local.X[8] = MBEDTLS_GET_UINT32_LE(data, 32);
92
396
    local.X[9] = MBEDTLS_GET_UINT32_LE(data, 36);
93
396
    local.X[10] = MBEDTLS_GET_UINT32_LE(data, 40);
94
396
    local.X[11] = MBEDTLS_GET_UINT32_LE(data, 44);
95
396
    local.X[12] = MBEDTLS_GET_UINT32_LE(data, 48);
96
396
    local.X[13] = MBEDTLS_GET_UINT32_LE(data, 52);
97
396
    local.X[14] = MBEDTLS_GET_UINT32_LE(data, 56);
98
396
    local.X[15] = MBEDTLS_GET_UINT32_LE(data, 60);
99
100
396
#define S(x, n)                                                          \
101
25.3k
    (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
102
103
396
#define P(a, b, c, d, k, s, t)                                                \
104
25.3k
    do                                                                  \
105
25.3k
    {                                                                   \
106
25.3k
        (a) += F((b), (c), (d)) + local.X[(k)] + (t);                     \
107
25.3k
        (a) = S((a), (s)) + (b);                                         \
108
25.3k
    } while (0)
109
110
396
    local.A = ctx->state[0];
111
396
    local.B = ctx->state[1];
112
396
    local.C = ctx->state[2];
113
396
    local.D = ctx->state[3];
114
115
6.33k
#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
116
117
396
    P(local.A, local.B, local.C, local.D,  0,  7, 0xD76AA478);
118
396
    P(local.D, local.A, local.B, local.C,  1, 12, 0xE8C7B756);
119
396
    P(local.C, local.D, local.A, local.B,  2, 17, 0x242070DB);
120
396
    P(local.B, local.C, local.D, local.A,  3, 22, 0xC1BDCEEE);
121
396
    P(local.A, local.B, local.C, local.D,  4,  7, 0xF57C0FAF);
122
396
    P(local.D, local.A, local.B, local.C,  5, 12, 0x4787C62A);
123
396
    P(local.C, local.D, local.A, local.B,  6, 17, 0xA8304613);
124
396
    P(local.B, local.C, local.D, local.A,  7, 22, 0xFD469501);
125
396
    P(local.A, local.B, local.C, local.D,  8,  7, 0x698098D8);
126
396
    P(local.D, local.A, local.B, local.C,  9, 12, 0x8B44F7AF);
127
396
    P(local.C, local.D, local.A, local.B, 10, 17, 0xFFFF5BB1);
128
396
    P(local.B, local.C, local.D, local.A, 11, 22, 0x895CD7BE);
129
396
    P(local.A, local.B, local.C, local.D, 12,  7, 0x6B901122);
130
396
    P(local.D, local.A, local.B, local.C, 13, 12, 0xFD987193);
131
396
    P(local.C, local.D, local.A, local.B, 14, 17, 0xA679438E);
132
396
    P(local.B, local.C, local.D, local.A, 15, 22, 0x49B40821);
133
134
396
#undef F
135
136
6.33k
#define F(x, y, z) ((y) ^ ((z) & ((x) ^ (y))))
137
138
396
    P(local.A, local.B, local.C, local.D,  1,  5, 0xF61E2562);
139
396
    P(local.D, local.A, local.B, local.C,  6,  9, 0xC040B340);
140
396
    P(local.C, local.D, local.A, local.B, 11, 14, 0x265E5A51);
141
396
    P(local.B, local.C, local.D, local.A,  0, 20, 0xE9B6C7AA);
142
396
    P(local.A, local.B, local.C, local.D,  5,  5, 0xD62F105D);
143
396
    P(local.D, local.A, local.B, local.C, 10,  9, 0x02441453);
144
396
    P(local.C, local.D, local.A, local.B, 15, 14, 0xD8A1E681);
145
396
    P(local.B, local.C, local.D, local.A,  4, 20, 0xE7D3FBC8);
146
396
    P(local.A, local.B, local.C, local.D,  9,  5, 0x21E1CDE6);
147
396
    P(local.D, local.A, local.B, local.C, 14,  9, 0xC33707D6);
148
396
    P(local.C, local.D, local.A, local.B,  3, 14, 0xF4D50D87);
149
396
    P(local.B, local.C, local.D, local.A,  8, 20, 0x455A14ED);
150
396
    P(local.A, local.B, local.C, local.D, 13,  5, 0xA9E3E905);
151
396
    P(local.D, local.A, local.B, local.C,  2,  9, 0xFCEFA3F8);
152
396
    P(local.C, local.D, local.A, local.B,  7, 14, 0x676F02D9);
153
396
    P(local.B, local.C, local.D, local.A, 12, 20, 0x8D2A4C8A);
154
155
396
#undef F
156
157
6.33k
#define F(x, y, z) ((x) ^ (y) ^ (z))
158
159
396
    P(local.A, local.B, local.C, local.D,  5,  4, 0xFFFA3942);
160
396
    P(local.D, local.A, local.B, local.C,  8, 11, 0x8771F681);
161
396
    P(local.C, local.D, local.A, local.B, 11, 16, 0x6D9D6122);
162
396
    P(local.B, local.C, local.D, local.A, 14, 23, 0xFDE5380C);
163
396
    P(local.A, local.B, local.C, local.D,  1,  4, 0xA4BEEA44);
164
396
    P(local.D, local.A, local.B, local.C,  4, 11, 0x4BDECFA9);
165
396
    P(local.C, local.D, local.A, local.B,  7, 16, 0xF6BB4B60);
166
396
    P(local.B, local.C, local.D, local.A, 10, 23, 0xBEBFBC70);
167
396
    P(local.A, local.B, local.C, local.D, 13,  4, 0x289B7EC6);
168
396
    P(local.D, local.A, local.B, local.C,  0, 11, 0xEAA127FA);
169
396
    P(local.C, local.D, local.A, local.B,  3, 16, 0xD4EF3085);
170
396
    P(local.B, local.C, local.D, local.A,  6, 23, 0x04881D05);
171
396
    P(local.A, local.B, local.C, local.D,  9,  4, 0xD9D4D039);
172
396
    P(local.D, local.A, local.B, local.C, 12, 11, 0xE6DB99E5);
173
396
    P(local.C, local.D, local.A, local.B, 15, 16, 0x1FA27CF8);
174
396
    P(local.B, local.C, local.D, local.A,  2, 23, 0xC4AC5665);
175
176
396
#undef F
177
178
6.33k
#define F(x, y, z) ((y) ^ ((x) | ~(z)))
179
180
396
    P(local.A, local.B, local.C, local.D,  0,  6, 0xF4292244);
181
396
    P(local.D, local.A, local.B, local.C,  7, 10, 0x432AFF97);
182
396
    P(local.C, local.D, local.A, local.B, 14, 15, 0xAB9423A7);
183
396
    P(local.B, local.C, local.D, local.A,  5, 21, 0xFC93A039);
184
396
    P(local.A, local.B, local.C, local.D, 12,  6, 0x655B59C3);
185
396
    P(local.D, local.A, local.B, local.C,  3, 10, 0x8F0CCC92);
186
396
    P(local.C, local.D, local.A, local.B, 10, 15, 0xFFEFF47D);
187
396
    P(local.B, local.C, local.D, local.A,  1, 21, 0x85845DD1);
188
396
    P(local.A, local.B, local.C, local.D,  8,  6, 0x6FA87E4F);
189
396
    P(local.D, local.A, local.B, local.C, 15, 10, 0xFE2CE6E0);
190
396
    P(local.C, local.D, local.A, local.B,  6, 15, 0xA3014314);
191
396
    P(local.B, local.C, local.D, local.A, 13, 21, 0x4E0811A1);
192
396
    P(local.A, local.B, local.C, local.D,  4,  6, 0xF7537E82);
193
396
    P(local.D, local.A, local.B, local.C, 11, 10, 0xBD3AF235);
194
396
    P(local.C, local.D, local.A, local.B,  2, 15, 0x2AD7D2BB);
195
396
    P(local.B, local.C, local.D, local.A,  9, 21, 0xEB86D391);
196
197
396
#undef F
198
199
396
    ctx->state[0] += local.A;
200
396
    ctx->state[1] += local.B;
201
396
    ctx->state[2] += local.C;
202
396
    ctx->state[3] += local.D;
203
204
    /* Zeroise variables to clear sensitive data from memory. */
205
396
    mbedtls_platform_zeroize(&local, sizeof(local));
206
207
396
    return 0;
208
396
}
209
210
#endif /* !MBEDTLS_MD5_PROCESS_ALT */
211
212
/*
213
 * MD5 process buffer
214
 */
215
int mbedtls_md5_update(mbedtls_md5_context *ctx,
216
                       const unsigned char *input,
217
                       size_t ilen)
218
198
{
219
198
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
220
198
    size_t fill;
221
198
    uint32_t left;
222
223
198
    if (ilen == 0) {
224
0
        return 0;
225
0
    }
226
227
198
    left = ctx->total[0] & 0x3F;
228
198
    fill = 64 - left;
229
230
198
    ctx->total[0] += (uint32_t) ilen;
231
198
    ctx->total[0] &= 0xFFFFFFFF;
232
233
198
    if (ctx->total[0] < (uint32_t) ilen) {
234
0
        ctx->total[1]++;
235
0
    }
236
237
198
    if (left && ilen >= fill) {
238
0
        memcpy((void *) (ctx->buffer + left), input, fill);
239
0
        if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) {
240
0
            return ret;
241
0
        }
242
243
0
        input += fill;
244
0
        ilen  -= fill;
245
0
        left = 0;
246
0
    }
247
248
495
    while (ilen >= 64) {
249
297
        if ((ret = mbedtls_internal_md5_process(ctx, input)) != 0) {
250
0
            return ret;
251
0
        }
252
253
297
        input += 64;
254
297
        ilen  -= 64;
255
297
    }
256
257
198
    if (ilen > 0) {
258
99
        memcpy((void *) (ctx->buffer + left), input, ilen);
259
99
    }
260
261
198
    return 0;
262
198
}
263
264
/*
265
 * MD5 final digest
266
 */
267
int mbedtls_md5_finish(mbedtls_md5_context *ctx,
268
                       unsigned char output[16])
269
99
{
270
99
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
271
99
    uint32_t used;
272
99
    uint32_t high, low;
273
274
    /*
275
     * Add padding: 0x80 then 0x00 until 8 bytes remain for the length
276
     */
277
99
    used = ctx->total[0] & 0x3F;
278
279
99
    ctx->buffer[used++] = 0x80;
280
281
99
    if (used <= 56) {
282
        /* Enough room for padding + length in current block */
283
99
        memset(ctx->buffer + used, 0, 56 - used);
284
99
    } else {
285
        /* We'll need an extra block */
286
0
        memset(ctx->buffer + used, 0, 64 - used);
287
288
0
        if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) {
289
0
            return ret;
290
0
        }
291
292
0
        memset(ctx->buffer, 0, 56);
293
0
    }
294
295
    /*
296
     * Add message length
297
     */
298
99
    high = (ctx->total[0] >> 29)
299
99
           | (ctx->total[1] <<  3);
300
99
    low  = (ctx->total[0] <<  3);
301
302
99
    MBEDTLS_PUT_UINT32_LE(low,  ctx->buffer, 56);
303
99
    MBEDTLS_PUT_UINT32_LE(high, ctx->buffer, 60);
304
305
99
    if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) {
306
0
        return ret;
307
0
    }
308
309
    /*
310
     * Output final state
311
     */
312
99
    MBEDTLS_PUT_UINT32_LE(ctx->state[0], output,  0);
313
99
    MBEDTLS_PUT_UINT32_LE(ctx->state[1], output,  4);
314
99
    MBEDTLS_PUT_UINT32_LE(ctx->state[2], output,  8);
315
99
    MBEDTLS_PUT_UINT32_LE(ctx->state[3], output, 12);
316
317
99
    return 0;
318
99
}
319
320
#endif /* !MBEDTLS_MD5_ALT */
321
322
/*
323
 * output = MD5( input buffer )
324
 */
325
int mbedtls_md5(const unsigned char *input,
326
                size_t ilen,
327
                unsigned char output[16])
328
0
{
329
0
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
330
0
    mbedtls_md5_context ctx;
331
332
0
    mbedtls_md5_init(&ctx);
333
334
0
    if ((ret = mbedtls_md5_starts(&ctx)) != 0) {
335
0
        goto exit;
336
0
    }
337
338
0
    if ((ret = mbedtls_md5_update(&ctx, input, ilen)) != 0) {
339
0
        goto exit;
340
0
    }
341
342
0
    if ((ret = mbedtls_md5_finish(&ctx, output)) != 0) {
343
0
        goto exit;
344
0
    }
345
346
0
exit:
347
0
    mbedtls_md5_free(&ctx);
348
349
0
    return ret;
350
0
}
351
352
#if defined(MBEDTLS_SELF_TEST)
353
/*
354
 * RFC 1321 test vectors
355
 */
356
static const unsigned char md5_test_buf[7][81] =
357
{
358
    { "" },
359
    { "a" },
360
    { "abc" },
361
    { "message digest" },
362
    { "abcdefghijklmnopqrstuvwxyz" },
363
    { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
364
    { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" }
365
};
366
367
static const size_t md5_test_buflen[7] =
368
{
369
    0, 1, 3, 14, 26, 62, 80
370
};
371
372
static const unsigned char md5_test_sum[7][16] =
373
{
374
    { 0xD4, 0x1D, 0x8C, 0xD9, 0x8F, 0x00, 0xB2, 0x04,
375
      0xE9, 0x80, 0x09, 0x98, 0xEC, 0xF8, 0x42, 0x7E },
376
    { 0x0C, 0xC1, 0x75, 0xB9, 0xC0, 0xF1, 0xB6, 0xA8,
377
      0x31, 0xC3, 0x99, 0xE2, 0x69, 0x77, 0x26, 0x61 },
378
    { 0x90, 0x01, 0x50, 0x98, 0x3C, 0xD2, 0x4F, 0xB0,
379
      0xD6, 0x96, 0x3F, 0x7D, 0x28, 0xE1, 0x7F, 0x72 },
380
    { 0xF9, 0x6B, 0x69, 0x7D, 0x7C, 0xB7, 0x93, 0x8D,
381
      0x52, 0x5A, 0x2F, 0x31, 0xAA, 0xF1, 0x61, 0xD0 },
382
    { 0xC3, 0xFC, 0xD3, 0xD7, 0x61, 0x92, 0xE4, 0x00,
383
      0x7D, 0xFB, 0x49, 0x6C, 0xCA, 0x67, 0xE1, 0x3B },
384
    { 0xD1, 0x74, 0xAB, 0x98, 0xD2, 0x77, 0xD9, 0xF5,
385
      0xA5, 0x61, 0x1C, 0x2C, 0x9F, 0x41, 0x9D, 0x9F },
386
    { 0x57, 0xED, 0xF4, 0xA2, 0x2B, 0xE3, 0xC9, 0x55,
387
      0xAC, 0x49, 0xDA, 0x2E, 0x21, 0x07, 0xB6, 0x7A }
388
};
389
390
/*
391
 * Checkup routine
392
 */
393
int mbedtls_md5_self_test(int verbose)
394
0
{
395
0
    int i, ret = 0;
396
0
    unsigned char md5sum[16];
397
398
0
    for (i = 0; i < 7; i++) {
399
0
        if (verbose != 0) {
400
0
            mbedtls_printf("  MD5 test #%d: ", i + 1);
401
0
        }
402
403
0
        ret = mbedtls_md5(md5_test_buf[i], md5_test_buflen[i], md5sum);
404
0
        if (ret != 0) {
405
0
            goto fail;
406
0
        }
407
408
0
        if (memcmp(md5sum, md5_test_sum[i], 16) != 0) {
409
0
            ret = 1;
410
0
            goto fail;
411
0
        }
412
413
0
        if (verbose != 0) {
414
0
            mbedtls_printf("passed\n");
415
0
        }
416
0
    }
417
418
0
    if (verbose != 0) {
419
0
        mbedtls_printf("\n");
420
0
    }
421
422
0
    return 0;
423
424
0
fail:
425
0
    if (verbose != 0) {
426
0
        mbedtls_printf("failed\n");
427
0
    }
428
429
0
    return ret;
430
0
}
431
432
#endif /* MBEDTLS_SELF_TEST */
433
434
#endif /* MBEDTLS_MD5_C */