Mercurial > dropbear

comparison src/hashes/md2.c @ 191:1c15b283127b libtomcrypt-orig

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Import of libtomcrypt 1.02 with manual path rename rearrangement etc
author Matt Johnston <matt@ucc.asn.au>
date Fri, 06 May 2005 13:23:02 +0000
parents
children 39d5d58461d6
comparison
equal deleted inserted replaced
143:5d99163f7e32 191:1c15b283127b
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtomcrypt.org
10 */
11 #include "tomcrypt.h"
12
13 /**
14 @param md2.c
15 MD2 (RFC 1319) hash function implementation by Tom St Denis
16 */
17
18 #ifdef MD2
19
20 const struct ltc_hash_descriptor md2_desc =
21 {
22 "md2",
23 7,
24 16,
25 16,
26
27 /* DER encoding */
28 { 0x30, 0x20, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86,
29 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x02, 0x05, 0x00,
30 0x04, 0x10 },
31 18,
32
33 &md2_init,
34 &md2_process,
35 &md2_done,
36 &md2_test
37 };
38
39 static const unsigned char PI_SUBST[256] = {
40 41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6,
41 19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188,
42 76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24,
43 138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251,
44 245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63,
45 148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50,
46 39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165,
47 181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210,
48 150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157,
49 112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27,
50 96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15,
51 85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197,
52 234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65,
53 129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123,
54 8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233,
55 203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228,
56 166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237,
57 31, 26, 219, 153, 141, 51, 159, 17, 131, 20
58 };
59
60 /* adds 16 bytes to the checksum */
61 static void md2_update_chksum(hash_state *md)
62 {
63 int j;
64 unsigned char L;
65 L = md->md2.chksum[15];
66 for (j = 0; j < 16; j++) {
67
68 /* caution, the RFC says its "C[j] = S[M[i*16+j] xor L]" but the reference source code [and test vectors] say
69 otherwise.
70 */
71 L = (md->md2.chksum[j] ^= PI_SUBST[(int)(md->md2.buf[j] ^ L)] & 255);
72 }
73 }
74
75 static void md2_compress(hash_state *md)
76 {
77 int j, k;
78 unsigned char t;
79
80 /* copy block */
81 for (j = 0; j < 16; j++) {
82 md->md2.X[16+j] = md->md2.buf[j];
83 md->md2.X[32+j] = md->md2.X[j] ^ md->md2.X[16+j];
84 }
85
86 t = (unsigned char)0;
87
88 /* do 18 rounds */
89 for (j = 0; j < 18; j++) {
90 for (k = 0; k < 48; k++) {
91 t = (md->md2.X[k] ^= PI_SUBST[(int)(t & 255)]);
92 }
93 t = (t + (unsigned char)j) & 255;
94 }
95 }
96
97 /**
98 Initialize the hash state
99 @param md The hash state you wish to initialize
100 @return CRYPT_OK if successful
101 */
102 int md2_init(hash_state *md)
103 {
104 LTC_ARGCHK(md != NULL);
105
106 /* MD2 uses a zero'ed state... */
107 zeromem(md->md2.X, sizeof(md->md2.X));
108 zeromem(md->md2.chksum, sizeof(md->md2.chksum));
109 zeromem(md->md2.buf, sizeof(md->md2.buf));
110 md->md2.curlen = 0;
111 return CRYPT_OK;
112 }
113
114 /**
115 Process a block of memory though the hash
116 @param md The hash state
117 @param in The data to hash
118 @param inlen The length of the data (octets)
119 @return CRYPT_OK if successful
120 */
121 int md2_process(hash_state *md, const unsigned char *in, unsigned long inlen)
122 {
123 unsigned long n;
124 LTC_ARGCHK(md != NULL);
125 LTC_ARGCHK(in != NULL);
126 if (md-> md2 .curlen > sizeof(md-> md2 .buf)) {
127 return CRYPT_INVALID_ARG;
128 }
129 while (inlen > 0) {
130 n = MIN(inlen, (16 - md->md2.curlen));
131 XMEMCPY(md->md2.buf + md->md2.curlen, in, (size_t)n);
132 md->md2.curlen += n;
133 in += n;
134 inlen -= n;
135
136 /* is 16 bytes full? */
137 if (md->md2.curlen == 16) {
138 md2_compress(md);
139 md2_update_chksum(md);
140 md->md2.curlen = 0;
141 }
142 }
143 return CRYPT_OK;
144 }
145
146 /**
147 Terminate the hash to get the digest
148 @param md The hash state
149 @param out [out] The destination of the hash (16 bytes)
150 @return CRYPT_OK if successful
151 */
152 int md2_done(hash_state * md, unsigned char *out)
153 {
154 unsigned long i, k;
155
156 LTC_ARGCHK(md != NULL);
157 LTC_ARGCHK(out != NULL);
158
159 if (md->md2.curlen >= sizeof(md->md2.buf)) {
160 return CRYPT_INVALID_ARG;
161 }
162
163
164 /* pad the message */
165 k = 16 - md->md2.curlen;
166 for (i = md->md2.curlen; i < 16; i++) {
167 md->md2.buf[i] = (unsigned char)k;
168 }
169
170 /* hash and update */
171 md2_compress(md);
172 md2_update_chksum(md);
173
174 /* hash checksum */
175 XMEMCPY(md->md2.buf, md->md2.chksum, 16);
176 md2_compress(md);
177
178 /* output is lower 16 bytes of X */
179 XMEMCPY(out, md->md2.X, 16);
180
181 #ifdef LTC_CLEAN_STACK
182 zeromem(md, sizeof(hash_state));
183 #endif
184 return CRYPT_OK;
185 }
186
187 /**
188 Self-test the hash
189 @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled
190 */
191 int md2_test(void)
192 {
193 #ifndef LTC_TEST
194 return CRYPT_NOP;
195 #else
196 static const struct {
197 char *msg;
198 unsigned char md[16];
199 } tests[] = {
200 { "",
201 {0x83,0x50,0xe5,0xa3,0xe2,0x4c,0x15,0x3d,
202 0xf2,0x27,0x5c,0x9f,0x80,0x69,0x27,0x73
203 }
204 },
205 { "a",
206 {0x32,0xec,0x01,0xec,0x4a,0x6d,0xac,0x72,
207 0xc0,0xab,0x96,0xfb,0x34,0xc0,0xb5,0xd1
208 }
209 },
210 { "message digest",
211 {0xab,0x4f,0x49,0x6b,0xfb,0x2a,0x53,0x0b,
212 0x21,0x9f,0xf3,0x30,0x31,0xfe,0x06,0xb0
213 }
214 },
215 { "abcdefghijklmnopqrstuvwxyz",
216 {0x4e,0x8d,0xdf,0xf3,0x65,0x02,0x92,0xab,
217 0x5a,0x41,0x08,0xc3,0xaa,0x47,0x94,0x0b
218 }
219 },
220 { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
221 {0xda,0x33,0xde,0xf2,0xa4,0x2d,0xf1,0x39,
222 0x75,0x35,0x28,0x46,0xc3,0x03,0x38,0xcd
223 }
224 },
225 { "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
226 {0xd5,0x97,0x6f,0x79,0xd8,0x3d,0x3a,0x0d,
227 0xc9,0x80,0x6c,0x3c,0x66,0xf3,0xef,0xd8
228 }
229 }
230 };
231 int i;
232 hash_state md;
233 unsigned char buf[16];
234
235 for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
236 md2_init(&md);
237 md2_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
238 md2_done(&md, buf);
239 if (memcmp(buf, tests[i].md, 16) != 0) {
240 return CRYPT_FAIL_TESTVECTOR;
241 }
242 }
243 return CRYPT_OK;
244 #endif
245 }
246
247 #endif
248