iPXE
md4.c
Go to the documentation of this file.
00001 /*
00002  * Copyright (C) 2017 Michael Brown <mbrown@fensystems.co.uk>.
00003  *
00004  * This program is free software; you can redistribute it and/or
00005  * modify it under the terms of the GNU General Public License as
00006  * published by the Free Software Foundation; either version 2 of the
00007  * License, or any later version.
00008  *
00009  * This program is distributed in the hope that it will be useful, but
00010  * WITHOUT ANY WARRANTY; without even the implied warranty of
00011  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00012  * General Public License for more details.
00013  *
00014  * You should have received a copy of the GNU General Public License
00015  * along with this program; if not, write to the Free Software
00016  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
00017  * 02110-1301, USA.
00018  *
00019  * You can also choose to distribute this program under the terms of
00020  * the Unmodified Binary Distribution Licence (as given in the file
00021  * COPYING.UBDL), provided that you have satisfied its requirements.
00022  */
00023 
00024 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
00025 
00026 /** @file
00027  *
00028  * MD4 algorithm
00029  *
00030  */
00031 
00032 #include <stdint.h>
00033 #include <string.h>
00034 #include <byteswap.h>
00035 #include <assert.h>
00036 #include <ipxe/rotate.h>
00037 #include <ipxe/crypto.h>
00038 #include <ipxe/asn1.h>
00039 #include <ipxe/md4.h>
00040 
00041 /** MD4 variables */
00042 struct md4_variables {
00043         /* This layout matches that of struct md4_digest_data,
00044          * allowing for efficient endianness-conversion,
00045          */
00046         uint32_t a;
00047         uint32_t b;
00048         uint32_t c;
00049         uint32_t d;
00050         uint32_t w[16];
00051 } __attribute__ (( packed ));
00052 
00053 /** MD4 shift amounts */
00054 static const uint8_t r[3][4] = {
00055         {  3,  7, 11, 19 },
00056         {  3,  5,  9, 13 },
00057         {  3,  9, 11, 15 },
00058 };
00059 
00060 /**
00061  * f(b,c,d,w) for steps 0 to 15
00062  *
00063  * @v v         MD4 variables
00064  * @v i         Index within round
00065  * @ret f       f(b,c,d,w)
00066  */
00067 static uint32_t md4_f_0_15 ( struct md4_variables *v, unsigned int i ) {
00068         return ( ( ( v->b & v->c ) | ( ~v->b & v->d ) ) + v->w[i] );
00069 }
00070 
00071 /**
00072  * f(b,c,d,w) for steps 16 to 31
00073  *
00074  * @v v         MD4 variables
00075  * @v i         Index within round
00076  * @ret f       f(b,c,d,w)
00077  */
00078 static uint32_t md4_f_16_31 ( struct md4_variables *v, unsigned int i ) {
00079         return ( ( ( v->b & v->c ) | ( v->b & v->d ) | ( v->c & v->d ) ) +
00080                  v->w[ ( ( i << 2 ) | ( i >> 2 ) ) % 16 ] );
00081 }
00082 
00083 /**
00084  * f(b,c,d,w) for steps 32 to 47
00085  *
00086  * @v v         MD4 variables
00087  * @v i         Index within round
00088  * @ret f       f(b,c,d,w)
00089  */
00090 static uint32_t md4_f_32_47 ( struct md4_variables *v, unsigned int i ) {
00091         static const uint8_t reverse[16] = {
00092                 0, 8, 4, 12, 2, 10, 6, 14, 1, 9, 5, 13, 3, 11, 7, 15
00093         };
00094         return ( ( v->b ^ v->c ^ v->d ) + v->w[reverse[i]] );
00095 }
00096 
00097 /** An MD4 step function */
00098 struct md4_step {
00099         /**
00100          * Calculate f(b,c,d,w)
00101          *
00102          * @v v         MD4 variables
00103          * @v i         Index within round
00104          * @ret f       f(b,c,d,w)
00105          */
00106         uint32_t ( * f ) ( struct md4_variables *v, unsigned int i );
00107         /** Constant */
00108         uint32_t constant;
00109 };
00110 
00111 /** MD4 steps */
00112 static struct md4_step md4_steps[4] = {
00113         /** 0 to 15 */
00114         { .f = md4_f_0_15,      .constant = 0x00000000UL },
00115         /** 16 to 31 */
00116         { .f = md4_f_16_31,     .constant = 0x5a827999UL },
00117         /** 32 to 47 */
00118         { .f = md4_f_32_47,     .constant = 0x6ed9eba1UL },
00119 };
00120 
00121 /**
00122  * Initialise MD4 algorithm
00123  *
00124  * @v ctx               MD4 context
00125  */
00126 static void md4_init ( void *ctx ) {
00127         struct md4_context *context = ctx;
00128 
00129         context->ddd.dd.digest.h[0] = cpu_to_le32 ( 0x67452301 );
00130         context->ddd.dd.digest.h[1] = cpu_to_le32 ( 0xefcdab89 );
00131         context->ddd.dd.digest.h[2] = cpu_to_le32 ( 0x98badcfe );
00132         context->ddd.dd.digest.h[3] = cpu_to_le32 ( 0x10325476 );
00133         context->len = 0;
00134 }
00135 
00136 /**
00137  * Calculate MD4 digest of accumulated data
00138  *
00139  * @v context           MD4 context
00140  */
00141 static void md4_digest ( struct md4_context *context ) {
00142         union {
00143                 union md4_digest_data_dwords ddd;
00144                 struct md4_variables v;
00145         } u;
00146         uint32_t *a = &u.v.a;
00147         uint32_t *b = &u.v.b;
00148         uint32_t *c = &u.v.c;
00149         uint32_t *d = &u.v.d;
00150         uint32_t *w = u.v.w;
00151         uint32_t f;
00152         uint32_t temp;
00153         struct md4_step *step;
00154         unsigned int round;
00155         unsigned int i;
00156 
00157         /* Sanity checks */
00158         assert ( ( context->len % sizeof ( context->ddd.dd.data ) ) == 0 );
00159         linker_assert ( &u.ddd.dd.digest.h[0] == a, md4_bad_layout );
00160         linker_assert ( &u.ddd.dd.digest.h[1] == b, md4_bad_layout );
00161         linker_assert ( &u.ddd.dd.digest.h[2] == c, md4_bad_layout );
00162         linker_assert ( &u.ddd.dd.digest.h[3] == d, md4_bad_layout );
00163         linker_assert ( &u.ddd.dd.data.dword[0] == w, md4_bad_layout );
00164 
00165         DBGC ( context, "MD4 digesting:\n" );
00166         DBGC_HDA ( context, 0, &context->ddd.dd.digest,
00167                    sizeof ( context->ddd.dd.digest ) );
00168         DBGC_HDA ( context, context->len, &context->ddd.dd.data,
00169                    sizeof ( context->ddd.dd.data ) );
00170 
00171         /* Convert h[0..3] to host-endian, and initialise a, b, c, d,
00172          * and x[0..15]
00173          */
00174         for ( i = 0 ; i < ( sizeof ( u.ddd.dword ) /
00175                             sizeof ( u.ddd.dword[0] ) ) ; i++ ) {
00176                 le32_to_cpus ( &context->ddd.dword[i] );
00177                 u.ddd.dword[i] = context->ddd.dword[i];
00178         }
00179 
00180         /* Main loop */
00181         for ( i = 0 ; i < 48 ; i++ ) {
00182                 round = ( i / 16 );
00183                 step = &md4_steps[round];
00184                 f = step->f ( &u.v, ( i % 16 ) );
00185                 temp = *d;
00186                 *d = *c;
00187                 *c = *b;
00188                 *b = rol32 ( ( *a + f + step->constant ), r[round][ i % 4 ] );
00189                 *a = temp;
00190                 DBGC2 ( context, "%2d : %08x %08x %08x %08x\n",
00191                         i, *a, *b, *c, *d );
00192         }
00193 
00194         /* Add chunk to hash and convert back to little-endian */
00195         for ( i = 0 ; i < 4 ; i++ ) {
00196                 context->ddd.dd.digest.h[i] =
00197                         cpu_to_le32 ( context->ddd.dd.digest.h[i] +
00198                                       u.ddd.dd.digest.h[i] );
00199         }
00200 
00201         DBGC ( context, "MD4 digested:\n" );
00202         DBGC_HDA ( context, 0, &context->ddd.dd.digest,
00203                    sizeof ( context->ddd.dd.digest ) );
00204 }
00205 
00206 /**
00207  * Accumulate data with MD4 algorithm
00208  *
00209  * @v ctx               MD4 context
00210  * @v data              Data
00211  * @v len               Length of data
00212  */
00213 static void md4_update ( void *ctx, const void *data, size_t len ) {
00214         struct md4_context *context = ctx;
00215         const uint8_t *byte = data;
00216         size_t offset;
00217 
00218         /* Accumulate data a byte at a time, performing the digest
00219          * whenever we fill the data buffer
00220          */
00221         while ( len-- ) {
00222                 offset = ( context->len % sizeof ( context->ddd.dd.data ) );
00223                 context->ddd.dd.data.byte[offset] = *(byte++);
00224                 context->len++;
00225                 if ( ( context->len % sizeof ( context->ddd.dd.data ) ) == 0 )
00226                         md4_digest ( context );
00227         }
00228 }
00229 
00230 /**
00231  * Generate MD4 digest
00232  *
00233  * @v ctx               MD4 context
00234  * @v out               Output buffer
00235  */
00236 static void md4_final ( void *ctx, void *out ) {
00237         struct md4_context *context = ctx;
00238         uint64_t len_bits;
00239         uint8_t pad;
00240 
00241         /* Record length before pre-processing */
00242         len_bits = cpu_to_le64 ( ( ( uint64_t ) context->len ) * 8 );
00243 
00244         /* Pad with a single "1" bit followed by as many "0" bits as required */
00245         pad = 0x80;
00246         do {
00247                 md4_update ( ctx, &pad, sizeof ( pad ) );
00248                 pad = 0x00;
00249         } while ( ( context->len % sizeof ( context->ddd.dd.data ) ) !=
00250                   offsetof ( typeof ( context->ddd.dd.data ), final.len ) );
00251 
00252         /* Append length (in bits) */
00253         md4_update ( ctx, &len_bits, sizeof ( len_bits ) );
00254         assert ( ( context->len % sizeof ( context->ddd.dd.data ) ) == 0 );
00255 
00256         /* Copy out final digest */
00257         memcpy ( out, &context->ddd.dd.digest,
00258                  sizeof ( context->ddd.dd.digest ) );
00259 }
00260 
00261 /** MD4 algorithm */
00262 struct digest_algorithm md4_algorithm = {
00263         .name           = "md4",
00264         .ctxsize        = sizeof ( struct md4_context ),
00265         .blocksize      = sizeof ( union md4_block ),
00266         .digestsize     = sizeof ( struct md4_digest ),
00267         .init           = md4_init,
00268         .update         = md4_update,
00269         .final          = md4_final,
00270 };
00271 
00272 /** "md4" object identifier */
00273 static uint8_t oid_md4[] = { ASN1_OID_MD4 };
00274 
00275 /** "md4" OID-identified algorithm */
00276 struct asn1_algorithm oid_md4_algorithm __asn1_algorithm = {
00277         .name = "md4",
00278         .digest = &md4_algorithm,
00279         .oid = ASN1_OID_CURSOR ( oid_md4 ),
00280 };