/*
* Copyright (C) 2017 Michael Brown <mbrown@fensystems.co.uk>.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*
* You can also choose to distribute this program under the terms of
* the Unmodified Binary Distribution Licence (as given in the file
* COPYING.UBDL), provided that you have satisfied its requirements.
*/
FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
/** @file
*
* MD4 algorithm
*
*/
#include <stdint.h>
#include <string.h>
#include <byteswap.h>
#include <assert.h>
#include <ipxe/rotate.h>
#include <ipxe/crypto.h>
#include <ipxe/asn1.h>
#include <ipxe/md4.h>
/** MD4 variables */
struct md4_variables {
/* This layout matches that of struct md4_digest_data,
* allowing for efficient endianness-conversion,
*/
uint32_t a;
uint32_t b;
uint32_t c;
uint32_t d;
uint32_t w[16];
} __attribute__ (( packed ));
/** MD4 shift amounts */
static const uint8_t r[3][4] = {
{ 3, 7, 11, 19 },
{ 3, 5, 9, 13 },
{ 3, 9, 11, 15 },
};
/**
* f(b,c,d,w) for steps 0 to 15
*
* @v v MD4 variables
* @v i Index within round
* @ret f f(b,c,d,w)
*/
static uint32_t md4_f_0_15 ( struct md4_variables *v, unsigned int i ) {
return ( ( ( v->b & v->c ) | ( ~v->b & v->d ) ) + v->w[i] );
}
/**
* f(b,c,d,w) for steps 16 to 31
*
* @v v MD4 variables
* @v i Index within round
* @ret f f(b,c,d,w)
*/
static uint32_t md4_f_16_31 ( struct md4_variables *v, unsigned int i ) {
return ( ( ( v->b & v->c ) | ( v->b & v->d ) | ( v->c & v->d ) ) +
v->w[ ( ( i << 2 ) | ( i >> 2 ) ) % 16 ] );
}
/**
* f(b,c,d,w) for steps 32 to 47
*
* @v v MD4 variables
* @v i Index within round
* @ret f f(b,c,d,w)
*/
static uint32_t md4_f_32_47 ( struct md4_variables *v, unsigned int i ) {
static const uint8_t reverse[16] = {
0, 8, 4, 12, 2, 10, 6, 14, 1, 9, 5, 13, 3, 11, 7, 15
};
return ( ( v->b ^ v->c ^ v->d ) + v->w[reverse[i]] );
}
/** An MD4 step function */
struct md4_step {
/**
* Calculate f(b,c,d,w)
*
* @v v MD4 variables
* @v i Index within round
* @ret f f(b,c,d,w)
*/
uint32_t ( * f ) ( struct md4_variables *v, unsigned int i );
/** Constant */
uint32_t constant;
};
/** MD4 steps */
static struct md4_step md4_steps[4] = {
/** 0 to 15 */
{ .f = md4_f_0_15, .constant = 0x00000000UL },
/** 16 to 31 */
{ .f = md4_f_16_31, .constant = 0x5a827999UL },
/** 32 to 47 */
{ .f = md4_f_32_47, .constant = 0x6ed9eba1UL },
};
/**
* Initialise MD4 algorithm
*
* @v ctx MD4 context
*/
static void md4_init ( void *ctx ) {
struct md4_context *context = ctx;
context->ddd.dd.digest.h[0] = cpu_to_le32 ( 0x67452301 );
context->ddd.dd.digest.h[1] = cpu_to_le32 ( 0xefcdab89 );
context->ddd.dd.digest.h[2] = cpu_to_le32 ( 0x98badcfe );
context->ddd.dd.digest.h[3] = cpu_to_le32 ( 0x10325476 );
context->len = 0;
}
/**
* Calculate MD4 digest of accumulated data
*
* @v context MD4 context
*/
static void md4_digest ( struct md4_context *context ) {
union {
union md4_digest_data_dwords ddd;
struct md4_variables v;
} u;
uint32_t *a = &u.v.a;
uint32_t *b = &u.v.b;
uint32_t *c = &u.v.c;
uint32_t *d = &u.v.d;
uint32_t *w = u.v.w;
uint32_t f;
uint32_t temp;
struct md4_step *step;
unsigned int round;
unsigned int i;
/* Sanity checks */
assert ( ( context->len % sizeof ( context->ddd.dd.data ) ) == 0 );
linker_assert ( &u.ddd.dd.digest.h[0] == a, md4_bad_layout );
linker_assert ( &u.ddd.dd.digest.h[1] == b, md4_bad_layout );
linker_assert ( &u.ddd.dd.digest.h[2] == c, md4_bad_layout );
linker_assert ( &u.ddd.dd.digest.h[3] == d, md4_bad_layout );
linker_assert ( &u.ddd.dd.data.dword[0] == w, md4_bad_layout );
DBGC ( context, "MD4 digesting:\n" );
DBGC_HDA ( context, 0, &context->ddd.dd.digest,
sizeof ( context->ddd.dd.digest ) );
DBGC_HDA ( context, context->len, &context->ddd.dd.data,
sizeof ( context->ddd.dd.data ) );
/* Convert h[0..3] to host-endian, and initialise a, b, c, d,
* and x[0..15]
*/
for ( i = 0 ; i < ( sizeof ( u.ddd.dword ) /
sizeof ( u.ddd.dword[0] ) ) ; i++ ) {
le32_to_cpus ( &context->ddd.dword[i] );
u.ddd.dword[i] = context->ddd.dword[i];
}
/* Main loop */
for ( i = 0 ; i < 48 ; i++ ) {
round = ( i / 16 );
step = &md4_steps[round];
f = step->f ( &u.v, ( i % 16 ) );
temp = *d;
*d = *c;
*c = *b;
*b = rol32 ( ( *a + f + step->constant ), r[round][ i % 4 ] );
*a = temp;
DBGC2 ( context, "%2d : %08x %08x %08x %08x\n",
i, *a, *b, *c, *d );
}
/* Add chunk to hash and convert back to little-endian */
for ( i = 0 ; i < 4 ; i++ ) {
context->ddd.dd.digest.h[i] =
cpu_to_le32 ( context->ddd.dd.digest.h[i] +
u.ddd.dd.digest.h[i] );
}
DBGC ( context, "MD4 digested:\n" );
DBGC_HDA ( context, 0, &context->ddd.dd.digest,
sizeof ( context->ddd.dd.digest ) );
}
/**
* Accumulate data with MD4 algorithm
*
* @v ctx MD4 context
* @v data Data
* @v len Length of data
*/
static void md4_update ( void *ctx, const void *data, size_t len ) {
struct md4_context *context = ctx;
const uint8_t *byte = data;
size_t offset;
/* Accumulate data a byte at a time, performing the digest
* whenever we fill the data buffer
*/
while ( len-- ) {
offset = ( context->len % sizeof ( context->ddd.dd.data ) );
context->ddd.dd.data.byte[offset] = *(byte++);
context->len++;
if ( ( context->len % sizeof ( context->ddd.dd.data ) ) == 0 )
md4_digest ( context );
}
}
/**
* Generate MD4 digest
*
* @v ctx MD4 context
* @v out Output buffer
*/
static void md4_final ( void *ctx, void *out ) {
struct md4_context *context = ctx;
uint64_t len_bits;
uint8_t pad;
/* Record length before pre-processing */
len_bits = cpu_to_le64 ( ( ( uint64_t ) context->len ) * 8 );
/* Pad with a single "1" bit followed by as many "0" bits as required */
pad = 0x80;
do {
md4_update ( ctx, &pad, sizeof ( pad ) );
pad = 0x00;
} while ( ( context->len % sizeof ( context->ddd.dd.data ) ) !=
offsetof ( typeof ( context->ddd.dd.data ), final.len ) );
/* Append length (in bits) */
md4_update ( ctx, &len_bits, sizeof ( len_bits ) );
assert ( ( context->len % sizeof ( context->ddd.dd.data ) ) == 0 );
/* Copy out final digest */
memcpy ( out, &context->ddd.dd.digest,
sizeof ( context->ddd.dd.digest ) );
}
/** MD4 algorithm */
struct digest_algorithm md4_algorithm = {
.name = "md4",
.ctxsize = sizeof ( struct md4_context ),
.blocksize = sizeof ( union md4_block ),
.digestsize = sizeof ( struct md4_digest ),
.init = md4_init,
.update = md4_update,
.final = md4_final,
};
/** "md4" object identifier */
static uint8_t oid_md4[] = { ASN1_OID_MD4 };
/** "md4" OID-identified algorithm */
struct asn1_algorithm oid_md4_algorithm __asn1_algorithm = {
.name = "md4",
.digest = &md4_algorithm,
.oid = ASN1_OID_CURSOR ( oid_md4 ),
};
