2022年8月14日 星期日

RFC 1319 - MD2 Message-Digest Algorithm


Message Digest 演算法是以隨意長度的message作為input, 並產生128-bit的"fingerprint"或"message "digest". 雖然RFC後面有附上實作, 但是網路上這篇比較容易閱讀, 有助於理解MD2的演算法,
/**
 * @file md2.c
 * @author .ukasz Grudnik (https://github.com/lukaszgrudnik)
 * @brief MD2 algorithm based on RFC documentation https://datatracker.ietf.org/doc/html/rfc1319
 * @version 0.1
 * @date 2022-06-26
 *
 * @copyright Copyright (c) 2022
 *
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

// This step uses a 256-byte "random" permutation constructed from the
//    digits of pi. Let S[i] denote the i-th element of this table.
static unsigned char S[256] = {
    41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6,
    19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188,
    76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24,
    138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251,
    245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63,
    148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50,
    39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165,
    181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210,
    150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157,
    112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27,
    96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15,
    85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197,
    234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65,
    129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123,
    8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233,
    203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228,
    166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237,
    31, 26, 219, 153, 141, 51, 159, 17, 131, 20
};

int main(int argc, char *argv[])
{

    if (argc == 1) {
        printf("error: Type message to hash\n");
        printf("./a.out <message>\n");
        return -1;
    }

    // Step 1. Append Padding Bytes
    int p, N, n;


    // The message is "padded" (extended) so that its length (in bytes) is
    //   congruent to 0, modulo 16.
    n = strlen(argv[1]) * sizeof(unsigned char);
    p = 16 - n % 16;
    N = n + p;

    unsigned char *M = (unsigned char *)malloc(N);

    // Padding is performed as follows: "i" bytes of value "i" are appended
    //   to the message so that the length in bytes of the padded message
    //   becomes congruent to 0, modulo 16. At least one byte and at most 16
    //   16 bytes are appended.
    memcpy(M, argv[1], n);
    memset(M+n, p, p);

    // Step 2. Append Checksum
    // Clear checksum.
    unsigned char C[16];
    memset(C, 0, 16);

    unsigned char c;
    // Set L to 0.
    unsigned char L = 0;

    // Process each 16-word block.
    for (int i = 0; i <= N / 16 - 1; i++) {
        for (int j = 0; j <= 15; j++) {
            c = M[i * 16 + j]; // Set c to M[i*16+j]
            C[j] ^= S[c ^ L];  // Set C[j] to S[c xor L]
            L = C[j];          // Set L to C[j]
        }
    }

    // The 16-byte checksum C[0 ... 15] is appended to the message
    // Let M[0] with checksum), where N' = N + 16.
    int N_ = N + 16;
    unsigned char *M_ = (unsigned char *)malloc(N_);

    memcpy(M_, M, N);
    memcpy(M_ + N, C, 16);

    //  Step 3. Initialize MD Buffer
    //  A 48-byte buffer X is used to compute the message digest.
    //  The buffer is initialized to zero.
    unsigned char X[48] = {0};

    //  Step 4. Process Message in 16-Byte Blocks
    unsigned int t = 0;

    for (int m = 0; m < 16; m++) {
        printf("%d ", M_[N + m]);
    }

    // Process each 16-word block
    for (int i = 0; i <= (N_ / 16) - 1; i++) {
        // Copy block i into X.
        for (int j = 0; j <= 15; j++) {
            X[16 + j] = M_[16 * i + j]; // Set X[16+j] to M[i*16+j].
            X[32 + j] = (X[16 + j] ^ X[j]); // Set X[32+j] to (X[16+j] xor X[j])
        }

        // Set t to 0.
        t = 0;
        // Do 18 rounds.
        for (int j = 0; j <= 17; j++) {
            for (int k = 0; k <= 47; k++) {
                t = X[k] ^= S[t]; // Set t and X[k] to (X[k] xor S[t]).
            }
            t = (t + j) % 256; // Set t to (t+j) modulo 256.
        }
    }

    // Step 5. Output
    printf("\nHash:\n");
    for (int i = 0; i < 48; i++) {
        printf("%02x ", X[i]);
    }
    return 0;
}

    參考資料:
  • https://www.ietf.org/rfc/rfc1319.txt
  • https://github.com/lukaszgrudnik/MD2
  • https://nickthecrypt.medium.com/cryptography-hash-method-md2-message-digest-2-step-by-step-explanation-made-easy-with-python-10faa2e35e85




熱門文章