search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
camellia: fix camellia_self_test failure on compilers where char is unsigned by default
[tropicssl.git] / library / md2.c
blobaf3fbc47ab847b6b51dc760935cfe2723ea77620
1 /*
2 * RFC 1115/1319 compliant MD2 implementation
3 *
4 * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
5 *
6 * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
7 *
8 * All rights reserved.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 *
14 * * Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * * Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * * Neither the names of PolarSSL or XySSL nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
26 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 */
35 /*
36 * The MD2 algorithm was designed by Ron Rivest in 1989.
37 *
38 * http://www.ietf.org/rfc/rfc1115.txt
39 * http://www.ietf.org/rfc/rfc1319.txt
40 */
41
42 #include "tropicssl/config.h"
43
44 #if defined(TROPICSSL_MD2_C)
45
46 #include "tropicssl/md2.h"
47
48 #include <string.h>
49 #include <stdio.h>
50
51 static const unsigned char PI_SUBST[256] = {
52 0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36,
53 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13, 0x62, 0xA7, 0x05, 0xF3,
54 0xC0, 0xC7, 0x73, 0x8C, 0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C,
55 0x82, 0xCA, 0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16,
56 0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12, 0xBE, 0x4E,
57 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49, 0xA0, 0xFB, 0xF5, 0x8E,
58 0xBB, 0x2F, 0xEE, 0x7A, 0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2,
59 0x07, 0x3F, 0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21,
60 0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27, 0x35, 0x3E,
61 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03, 0xFF, 0x19, 0x30, 0xB3,
62 0x48, 0xA5, 0xB5, 0xD1, 0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56,
63 0xAA, 0xC6, 0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6,
64 0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1, 0x45, 0x9D,
65 0x70, 0x59, 0x64, 0x71, 0x87, 0x20, 0x86, 0x5B, 0xCF, 0x65,
66 0xE6, 0x2D, 0xA8, 0x02, 0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0,
67 0xB9, 0xF6, 0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F,
68 0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A, 0xC3, 0x5C,
69 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26, 0x2C, 0x53, 0x0D, 0x6E,
70 0x85, 0x28, 0x84, 0x09, 0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81,
71 0x4D, 0x52, 0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA,
72 0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A, 0x78, 0x88,
73 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D, 0xE9, 0xCB, 0xD5, 0xFE,
74 0x3B, 0x00, 0x1D, 0x39, 0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58,
75 0xD0, 0xE4, 0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A,
76 0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A, 0xDB, 0x99,
77 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14
78 };
79
80 /*
81 * MD2 context setup
82 */
83 void md2_starts(md2_context * ctx)
84 {
85 memset(ctx, 0, sizeof(md2_context));
86 }
87
88 static void md2_process(md2_context * ctx)
89 {
90 int i, j;
91 unsigned char t = 0;
92
93 for (i = 0; i < 16; i++) {
94 ctx->state[i + 16] = ctx->buffer[i];
95 ctx->state[i + 32] =
96 (unsigned char)(ctx->buffer[i] ^ ctx->state[i]);
97 }
98
99 for (i = 0; i < 18; i++) {
100 for (j = 0; j < 48; j++) {
101 ctx->state[j] = (unsigned char)
102 (ctx->state[j] ^ PI_SUBST[t]);
103 t = ctx->state[j];
104 }
105
106 t = (unsigned char)(t + i);
107 }
108
109 t = ctx->cksum[15];
110
111 for (i = 0; i < 16; i++) {
112 ctx->cksum[i] = (unsigned char)
113 (ctx->cksum[i] ^ PI_SUBST[ctx->buffer[i] ^ t]);
114 t = ctx->cksum[i];
115 }
116 }
117
118 /*
119 * MD2 process buffer
120 */
121 void md2_update(md2_context * ctx, const unsigned char *input, int ilen)
122 {
123 int fill;
124
125 while (ilen > 0) {
126 if (ctx->left + ilen > 16)
127 fill = 16 - ctx->left;
128 else
129 fill = ilen;
130
131 memcpy(ctx->buffer + ctx->left, input, fill);
132
133 ctx->left += fill;
134 input += fill;
135 ilen -= fill;
136
137 if (ctx->left == 16) {
138 ctx->left = 0;
139 md2_process(ctx);
140 }
141 }
142 }
143
144 /*
145 * MD2 final digest
146 */
147 void md2_finish(md2_context * ctx, unsigned char output[16])
148 {
149 int i;
150 unsigned char x;
151
152 x = (unsigned char)(16 - ctx->left);
153
154 for (i = ctx->left; i < 16; i++)
155 ctx->buffer[i] = x;
156
157 md2_process(ctx);
158
159 memcpy(ctx->buffer, ctx->cksum, 16);
160 md2_process(ctx);
161
162 memcpy(output, ctx->state, 16);
163 }
164
165 /*
166 * output = MD2( input buffer )
167 */
168 void md2(const unsigned char *input, int ilen, unsigned char output[16])
169 {
170 md2_context ctx;
171
172 md2_starts(&ctx);
173 md2_update(&ctx, input, ilen);
174 md2_finish(&ctx, output);
175
176 memset(&ctx, 0, sizeof(md2_context));
177 }
178
179 /*
180 * output = MD2( file contents )
181 */
182 int md2_file(const char *path, unsigned char output[16])
183 {
184 FILE *f;
185 size_t n;
186 md2_context ctx;
187 unsigned char buf[1024];
188
189 if ((f = fopen(path, "rb")) == NULL)
190 return (1);
191
192 md2_starts(&ctx);
193
194 while ((n = fread(buf, 1, sizeof(buf), f)) > 0)
195 md2_update(&ctx, buf, (int)n);
196
197 md2_finish(&ctx, output);
198
199 memset(&ctx, 0, sizeof(md2_context));
200
201 if (ferror(f) != 0) {
202 fclose(f);
203 return (2);
204 }
205
206 fclose(f);
207 return (0);
208 }
209
210 /*
211 * MD2 HMAC context setup
212 */
213 void md2_hmac_starts(md2_context * ctx, const unsigned char *key, int keylen)
214 {
215 int i;
216 unsigned char sum[16];
217
218 if (keylen > 64) {
219 md2(key, keylen, sum);
220 keylen = 16;
221 key = sum;
222 }
223
224 memset(ctx->ipad, 0x36, 64);
225 memset(ctx->opad, 0x5C, 64);
226
227 for (i = 0; i < keylen; i++) {
228 ctx->ipad[i] = (unsigned char)(ctx->ipad[i] ^ key[i]);
229 ctx->opad[i] = (unsigned char)(ctx->opad[i] ^ key[i]);
230 }
231
232 md2_starts(ctx);
233 md2_update(ctx, ctx->ipad, 64);
234
235 memset(sum, 0, sizeof(sum));
236 }
237
238 /*
239 * MD2 HMAC process buffer
240 */
241 void md2_hmac_update(md2_context * ctx, const unsigned char *input, int ilen)
242 {
243 md2_update(ctx, input, ilen);
244 }
245
246 /*
247 * MD2 HMAC final digest
248 */
249 void md2_hmac_finish(md2_context * ctx, unsigned char output[16])
250 {
251 unsigned char tmpbuf[16];
252
253 md2_finish(ctx, tmpbuf);
254 md2_starts(ctx);
255 md2_update(ctx, ctx->opad, 64);
256 md2_update(ctx, tmpbuf, 16);
257 md2_finish(ctx, output);
258
259 memset(tmpbuf, 0, sizeof(tmpbuf));
260 }
261
262 /*
263 * output = HMAC-MD2( hmac key, input buffer )
264 */
265 void md2_hmac(const unsigned char *key, int keylen,
266 const unsigned char *input, int ilen,
267 unsigned char output[16])
268 {
269 md2_context ctx;
270
271 md2_hmac_starts(&ctx, key, keylen);
272 md2_hmac_update(&ctx, input, ilen);
273 md2_hmac_finish(&ctx, output);
274
275 memset(&ctx, 0, sizeof(md2_context));
276 }
277
278 #if defined(TROPICSSL_SELF_TEST)
279
280 /*
281 * RFC 1319 test vectors
282 */
283 static const char md2_test_str[7][81] = {
284 {""},
285 {"a"},
286 {"abc"},
287 {"message digest"},
288 {"abcdefghijklmnopqrstuvwxyz"},
289 {"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"},
290 {
291 "12345678901234567890123456789012345678901234567890123456789012"
292 "345678901234567890"}
293 };
294
295 static const unsigned char md2_test_sum[7][16] = {
296 {
297 0x83, 0x50, 0xE5, 0xA3, 0xE2, 0x4C, 0x15, 0x3D,
298 0xF2, 0x27, 0x5C, 0x9F, 0x80, 0x69, 0x27, 0x73},
299 {
300 0x32, 0xEC, 0x01, 0xEC, 0x4A, 0x6D, 0xAC, 0x72,
301 0xC0, 0xAB, 0x96, 0xFB, 0x34, 0xC0, 0xB5, 0xD1},
302 {
303 0xDA, 0x85, 0x3B, 0x0D, 0x3F, 0x88, 0xD9, 0x9B,
304 0x30, 0x28, 0x3A, 0x69, 0xE6, 0xDE, 0xD6, 0xBB},
305 {
306 0xAB, 0x4F, 0x49, 0x6B, 0xFB, 0x2A, 0x53, 0x0B,
307 0x21, 0x9F, 0xF3, 0x30, 0x31, 0xFE, 0x06, 0xB0},
308 {
309 0x4E, 0x8D, 0xDF, 0xF3, 0x65, 0x02, 0x92, 0xAB,
310 0x5A, 0x41, 0x08, 0xC3, 0xAA, 0x47, 0x94, 0x0B},
311 {
312 0xDA, 0x33, 0xDE, 0xF2, 0xA4, 0x2D, 0xF1, 0x39,
313 0x75, 0x35, 0x28, 0x46, 0xC3, 0x03, 0x38, 0xCD},
314 {
315 0xD5, 0x97, 0x6F, 0x79, 0xD8, 0x3D, 0x3A, 0x0D,
316 0xC9, 0x80, 0x6C, 0x3C, 0x66, 0xF3, 0xEF, 0xD8}
317 };
318
319 /*
320 * Checkup routine
321 */
322 int md2_self_test(int verbose)
323 {
324 int i;
325 unsigned char md2sum[16];
326
327 for (i = 0; i < 7; i++) {
328 if (verbose != 0)
329 printf(" MD2 test #%d: ", i + 1);
330
331 md2((const unsigned char *)md2_test_str[i],
332 strlen(md2_test_str[i]), md2sum);
333
334 if (memcmp(md2sum, md2_test_sum[i], 16) != 0) {
335 if (verbose != 0)
336 printf("failed\n");
337
338 return (1);
339 }
340
341 if (verbose != 0)
342 printf("passed\n");
343 }
344
345 if (verbose != 0)
346 printf("\n");
347
348 return (0);
349 }
350
351 #endif
352
353 #endif
fork of last BSD polarssl