Mercurial > dropbear

comparison libtomcrypt/src/hashes/md2.c @ 391:00fcf5045160

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head c1db4398d56c56c6d06ae1e20c1e0d04dbb598ed) to branch 'au.asn.ucc.matt.dropbear' (head d26d5eb2837f46b56a33fb0e7573aa0201abd4d5)
author Matt Johnston <matt@ucc.asn.au>
date Thu, 11 Jan 2007 04:29:08 +0000
parents 0cbe8f6dbf9e
children f849a5ca2efc
comparison
equal deleted inserted replaced
390:d8e44bef7917 391:00fcf5045160
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtomcrypt.com
10 */
11 #include "tomcrypt.h"
12
13 /**
14 @param md2.c
15 MD2 (RFC 1319) hash function implementation by Tom St Denis
16 */
17
18 #ifdef MD2
19
20 const struct ltc_hash_descriptor md2_desc =
21 {
22 "md2",
23 7,
24 16,
25 16,
26
27 /* OID */
28 { 1, 2, 840, 113549, 2, 2, },
29 6,
30
31 &md2_init,
32 &md2_process,
33 &md2_done,
34 &md2_test,
35 NULL
36 };
37
38 static const unsigned char PI_SUBST[256] = {
39 41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6,
40 19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188,
41 76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24,
42 138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251,
43 245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63,
44 148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50,
45 39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165,
46 181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210,
47 150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157,
48 112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27,
49 96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15,
50 85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197,
51 234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65,
52 129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123,
53 8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233,
54 203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228,
55 166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237,
56 31, 26, 219, 153, 141, 51, 159, 17, 131, 20
57 };
58
59 /* adds 16 bytes to the checksum */
60 static void md2_update_chksum(hash_state *md)
61 {
62 int j;
63 unsigned char L;
64 L = md->md2.chksum[15];
65 for (j = 0; j < 16; j++) {
66
67 /* caution, the RFC says its "C[j] = S[M[i*16+j] xor L]" but the reference source code [and test vectors] say
68 otherwise.
69 */
70 L = (md->md2.chksum[j] ^= PI_SUBST[(int)(md->md2.buf[j] ^ L)] & 255);
71 }
72 }
73
74 static void md2_compress(hash_state *md)
75 {
76 int j, k;
77 unsigned char t;
78
79 /* copy block */
80 for (j = 0; j < 16; j++) {
81 md->md2.X[16+j] = md->md2.buf[j];
82 md->md2.X[32+j] = md->md2.X[j] ^ md->md2.X[16+j];
83 }
84
85 t = (unsigned char)0;
86
87 /* do 18 rounds */
88 for (j = 0; j < 18; j++) {
89 for (k = 0; k < 48; k++) {
90 t = (md->md2.X[k] ^= PI_SUBST[(int)(t & 255)]);
91 }
92 t = (t + (unsigned char)j) & 255;
93 }
94 }
95
96 /**
97 Initialize the hash state
98 @param md The hash state you wish to initialize
99 @return CRYPT_OK if successful
100 */
101 int md2_init(hash_state *md)
102 {
103 LTC_ARGCHK(md != NULL);
104
105 /* MD2 uses a zero'ed state... */
106 zeromem(md->md2.X, sizeof(md->md2.X));
107 zeromem(md->md2.chksum, sizeof(md->md2.chksum));
108 zeromem(md->md2.buf, sizeof(md->md2.buf));
109 md->md2.curlen = 0;
110 return CRYPT_OK;
111 }
112
113 /**
114 Process a block of memory though the hash
115 @param md The hash state
116 @param in The data to hash
117 @param inlen The length of the data (octets)
118 @return CRYPT_OK if successful
119 */
120 int md2_process(hash_state *md, const unsigned char *in, unsigned long inlen)
121 {
122 unsigned long n;
123 LTC_ARGCHK(md != NULL);
124 LTC_ARGCHK(in != NULL);
125 if (md-> md2 .curlen > sizeof(md-> md2 .buf)) {
126 return CRYPT_INVALID_ARG;
127 }
128 while (inlen > 0) {
129 n = MIN(inlen, (16 - md->md2.curlen));
130 XMEMCPY(md->md2.buf + md->md2.curlen, in, (size_t)n);
131 md->md2.curlen += n;
132 in += n;
133 inlen -= n;
134
135 /* is 16 bytes full? */
136 if (md->md2.curlen == 16) {
137 md2_compress(md);
138 md2_update_chksum(md);
139 md->md2.curlen = 0;
140 }
141 }
142 return CRYPT_OK;
143 }
144
145 /**
146 Terminate the hash to get the digest
147 @param md The hash state
148 @param out [out] The destination of the hash (16 bytes)
149 @return CRYPT_OK if successful
150 */
151 int md2_done(hash_state * md, unsigned char *out)
152 {
153 unsigned long i, k;
154
155 LTC_ARGCHK(md != NULL);
156 LTC_ARGCHK(out != NULL);
157
158 if (md->md2.curlen >= sizeof(md->md2.buf)) {
159 return CRYPT_INVALID_ARG;
160 }
161
162
163 /* pad the message */
164 k = 16 - md->md2.curlen;
165 for (i = md->md2.curlen; i < 16; i++) {
166 md->md2.buf[i] = (unsigned char)k;
167 }
168
169 /* hash and update */
170 md2_compress(md);
171 md2_update_chksum(md);
172
173 /* hash checksum */
174 XMEMCPY(md->md2.buf, md->md2.chksum, 16);
175 md2_compress(md);
176
177 /* output is lower 16 bytes of X */
178 XMEMCPY(out, md->md2.X, 16);
179
180 #ifdef LTC_CLEAN_STACK
181 zeromem(md, sizeof(hash_state));
182 #endif
183 return CRYPT_OK;
184 }
185
186 /**
187 Self-test the hash
188 @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled
189 */
190 int md2_test(void)
191 {
192 #ifndef LTC_TEST
193 return CRYPT_NOP;
194 #else
195 static const struct {
196 char *msg;
197 unsigned char md[16];
198 } tests[] = {
199 { "",
200 {0x83,0x50,0xe5,0xa3,0xe2,0x4c,0x15,0x3d,
201 0xf2,0x27,0x5c,0x9f,0x80,0x69,0x27,0x73
202 }
203 },
204 { "a",
205 {0x32,0xec,0x01,0xec,0x4a,0x6d,0xac,0x72,
206 0xc0,0xab,0x96,0xfb,0x34,0xc0,0xb5,0xd1
207 }
208 },
209 { "message digest",
210 {0xab,0x4f,0x49,0x6b,0xfb,0x2a,0x53,0x0b,
211 0x21,0x9f,0xf3,0x30,0x31,0xfe,0x06,0xb0
212 }
213 },
214 { "abcdefghijklmnopqrstuvwxyz",
215 {0x4e,0x8d,0xdf,0xf3,0x65,0x02,0x92,0xab,
216 0x5a,0x41,0x08,0xc3,0xaa,0x47,0x94,0x0b
217 }
218 },
219 { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
220 {0xda,0x33,0xde,0xf2,0xa4,0x2d,0xf1,0x39,
221 0x75,0x35,0x28,0x46,0xc3,0x03,0x38,0xcd
222 }
223 },
224 { "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
225 {0xd5,0x97,0x6f,0x79,0xd8,0x3d,0x3a,0x0d,
226 0xc9,0x80,0x6c,0x3c,0x66,0xf3,0xef,0xd8
227 }
228 }
229 };
230 int i;
231 hash_state md;
232 unsigned char buf[16];
233
234 for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
235 md2_init(&md);
236 md2_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
237 md2_done(&md, buf);
238 if (XMEMCMP(buf, tests[i].md, 16) != 0) {
239 return CRYPT_FAIL_TESTVECTOR;
240 }
241 }
242 return CRYPT_OK;
243 #endif
244 }
245
246 #endif
247
248
249 /* $Source: /cvs/libtom/libtomcrypt/src/hashes/md2.c,v $ */
250 /* $Revision: 1.8 $ */
251 /* $Date: 2006/11/01 09:28:17 $ */