Difference between revisions of "83Plus:BCALLs:8018"

From WikiTI
Jump to: navigation, search
 
(Comments: a slightly troubling bug)
 
(8 intermediate revisions by 2 users not shown)
Line 1: Line 1:
'''Note:''' Do not take the information on this template page as actual documentation!
+
[[Category:83Plus:BCALLs:By Name:Cryptography|MD5Final]] [[Category:83Plus:BCALLs:By Name|MD5Final]] [[Category:83Plus:BCALLs:By Address|8018 - MD5Final]]
 
+
Use this template for ROMCalls on calculators that don't use banked OS calls. Simply replace every occurance of bcall/BCALL/b_call with romcall/ROMCall/call.
+
 
+
The BCALLs are named by their b_call address, in hexadecimal. An example is [[83Plus:BCALLs:4009]].
+
 
+
----
+
 
+
 
== Synopsis ==
 
== Synopsis ==
'''Official Name:''' ProveTheRiemannHypothesis
+
'''Official Name:''' MD5Final
  
'''BCALL Address:''' 0042
+
'''Other Name:''' FinishMD5
  
Proves the Riemann Hypothesis, storing the proof in an AppVar.
+
'''BCALL Address:''' 8018
 +
 
 +
Finishes an MD5 hash by adding padding and length bits.
  
 
=== Inputs ===
 
=== Inputs ===
* [[83Plus:RAM:8478|OP1]]: AppVar to save proof into
+
* [[83Plus:RAM:8269|8269]]: (8 bytes) Holds the length in bits of the data hashed so far.
* HL: Maximum length of proof, in pages (must be at least 200)
+
* [[83Plus:RAM:8292|8292]]: (16 bytes) Current MD5 hash
* bit proofCorrect, (iy + proofFlags): Set to generate a correct proof
+
  
 
=== Outputs ===
 
=== Outputs ===
* Proof stored in AppVar
+
* [[83Plus:RAM:8292|8292]]: (16 bytes) Completed MD5 hash
* Zero Flag: Set if successful
+
  
 
=== Destroys ===
 
=== Destroys ===
* af
+
* [[83Plus:RAM:8259|8259]]: (16 bytes) Alternate registers (roughly equivalent to the AA, BB, CC, and DD registers specified in the MD5 standard.)
 +
* [[83Plus:RAM:83A5|83A5]]: (64 bytes) Buffer holding data to be hashed.
  
 
== Comments ==
 
== Comments ==
This B_CALL proves the Riemann Hypothesis, giving a proof under the required number of pages. It does this by randomly guessing proofs until it finds one that works. Needless to say, the calculator's batteries will run out before this B_CALL completes.
+
This B_CALL "completes" a hash started by [[83Plus:BCALLs:808D|MD5Init]] and [[83Plus:BCALLs:8090|MD5Update]].
 +
 
 +
'''Warning:''' Early versions of this B_CALL contain a bug, such that computing the hash of a string with length congruent to 55 mod 64 gives an incorrect result.  (Rather than adding only one byte of padding, it adds a full 65 bytes, the last of which is E5 rather than zero.)
 +
 
 +
This is most likely not a security hole if you are simply using MD5 as a black-box hash function, and you don't assume the result on one calculator will match that on another.
 +
 
 +
If you need the actual, RFC-compliant MD5 hash, you can add the padding and length bytes yourself using MD5Update.  (Leaving off the padding and length altogether would be a significant security hole; and in any case, MD5Update only updates the hash every 64 bytes.)  See below for a simple implementation of this.
 +
 
 +
Boot code versions known to contain this bug:
 +
* TI-73 1.3005
 +
* TI-83 Plus BE 1.00, 1.01
 +
 
 +
Boot code versions known not to contain this bug:
 +
* TI-83 Plus SE 1.00
 +
* TI-84 Plus BE/SE 1.00, 1.02
  
== Example ==
+
=== Replacement code ===
  NaodW29-nowiki8e12bb1231d78a400000001
+
(uses OP1)
 +
MD5Final:
 +
        ld hl,[[83Plus:RAM:8269|MD5Length]]
 +
        rst 20h
 +
 +
        ld hl,MD5Final_Padding
 +
        ld bc,1
 +
        B_CALL [[83Plus:BCALLs:8090|MD5Update]]
 +
MD5Final_PadLoop:
 +
        ld a,(MD5Length)
 +
        cp 0c0h
 +
        jr z,MD5Final_24mod32
 +
MD5Final_ContinuePadding:
 +
        ld hl,MD5Final_Padding+1
 +
        ld bc,1
 +
        B_CALL MD5Update
 +
        jr MD5Final_PadLoop
 +
MD5Final_24mod32:
 +
        ld a,(MD5Length+1)
 +
        and 1
 +
        jr z,MD5Final_ContinuePadding
 +
 +
        ld hl,OP1
 +
        ld bc,8
 +
        B_CALL MD5Update
 +
        ret
 +
 +
MD5Final_Padding: db 80h, 00h
  
== Credits and Contributions ==
+
== Example ==  
* '''/dev/null:''' For not answering my questions about this B_CALL
+
B_CALL [[83Plus:BCALLs:808D|MD5Init]]
 +
ld bc,14
 +
ld hl,String
 +
B_CALL [[83Plus:BCALLs:8090|MD5Update]]
 +
B_CALL MD5Final
 +
; should give: f96b697d7cb7938d525a2f31aaf161d0
 +
 +
String: .db "message digest"

Latest revision as of 13:12, 24 July 2007

Synopsis

Official Name: MD5Final

Other Name: FinishMD5

BCALL Address: 8018

Finishes an MD5 hash by adding padding and length bits.

Inputs

  • 8269: (8 bytes) Holds the length in bits of the data hashed so far.
  • 8292: (16 bytes) Current MD5 hash

Outputs

  • 8292: (16 bytes) Completed MD5 hash

Destroys

  • 8259: (16 bytes) Alternate registers (roughly equivalent to the AA, BB, CC, and DD registers specified in the MD5 standard.)
  • 83A5: (64 bytes) Buffer holding data to be hashed.

Comments

This B_CALL "completes" a hash started by MD5Init and MD5Update.

Warning: Early versions of this B_CALL contain a bug, such that computing the hash of a string with length congruent to 55 mod 64 gives an incorrect result. (Rather than adding only one byte of padding, it adds a full 65 bytes, the last of which is E5 rather than zero.)

This is most likely not a security hole if you are simply using MD5 as a black-box hash function, and you don't assume the result on one calculator will match that on another.

If you need the actual, RFC-compliant MD5 hash, you can add the padding and length bytes yourself using MD5Update. (Leaving off the padding and length altogether would be a significant security hole; and in any case, MD5Update only updates the hash every 64 bytes.) See below for a simple implementation of this.

Boot code versions known to contain this bug:

  • TI-73 1.3005
  • TI-83 Plus BE 1.00, 1.01

Boot code versions known not to contain this bug:

  • TI-83 Plus SE 1.00
  • TI-84 Plus BE/SE 1.00, 1.02

Replacement code

(uses OP1)

MD5Final:
       ld hl,MD5Length
       rst 20h

       ld hl,MD5Final_Padding
       ld bc,1
       B_CALL MD5Update
MD5Final_PadLoop:
       ld a,(MD5Length)
       cp 0c0h
       jr z,MD5Final_24mod32
MD5Final_ContinuePadding:
       ld hl,MD5Final_Padding+1
       ld bc,1
       B_CALL MD5Update
       jr MD5Final_PadLoop
MD5Final_24mod32:
       ld a,(MD5Length+1)
       and 1
       jr z,MD5Final_ContinuePadding

       ld hl,OP1
       ld bc,8
       B_CALL MD5Update
       ret

MD5Final_Padding:  db 80h, 00h

Example

B_CALL MD5Init
ld bc,14
ld hl,String
B_CALL MD5Update
B_CALL MD5Final
; should give: f96b697d7cb7938d525a2f31aaf161d0

String: .db "message digest"