1/*
2 * This is an OpenSSL-compatible implementation of the RSA Data Security, Inc.
3 * MD4 Message-Digest Algorithm (RFC 1320).
4 *
5 * Homepage:
6 http://openwall.info/wiki/people/solar/software/public-domain-source-code/md4
7 *
8 * Author:
9 * Alexander Peslyak, better known as Solar Designer <solar at openwall.com>
10 *
11 * This software was written by Alexander Peslyak in 2001.  No copyright is
12 * claimed, and the software is hereby placed in the public domain.  In case
13 * this attempt to disclaim copyright and place the software in the public
14 * domain is deemed null and void, then the software is Copyright (c) 2001
15 * Alexander Peslyak and it is hereby released to the general public under the
16 * following terms:
17 *
18 * Redistribution and use in source and binary forms, with or without
19 * modification, are permitted.
20 *
21 * There's ABSOLUTELY NO WARRANTY, express or implied.
22 *
23 * (This is a heavily cut-down "BSD license".)
24 *
25 * This differs from Colin Plumb's older public domain implementation in that
26 * no exactly 32-bit integer data type is required (any 32-bit or wider
27 * unsigned integer data type will do), there's no compile-time endianness
28 * configuration, and the function prototypes match OpenSSL's.  No code from
29 * Colin Plumb's implementation has been reused; this comment merely compares
30 * the properties of the two independent implementations.
31 *
32 * The primary goals of this implementation are portability and ease of use.
33 * It is meant to be fast, but not as fast as possible.  Some known
34 * optimizations are not included to reduce source code size and avoid
35 * compile-time configuration.
36 */
37
38#include "curl_setup.h"
39
40/* NSS and OS/400 crypto library do not provide the MD4 hash algorithm, so
41 * that we have a local implementation of it */
42#if defined(USE_NSS) || defined(USE_OS400CRYPTO)
43
44#include "curl_md4.h"
45#include "warnless.h"
46
47#ifndef HAVE_OPENSSL
48
49#include <string.h>
50
51/* Any 32-bit or wider unsigned integer data type will do */
52typedef unsigned int MD4_u32plus;
53
54typedef struct {
55  MD4_u32plus lo, hi;
56  MD4_u32plus a, b, c, d;
57  unsigned char buffer[64];
58  MD4_u32plus block[16];
59} MD4_CTX;
60
61static void MD4_Init(MD4_CTX *ctx);
62static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size);
63static void MD4_Final(unsigned char *result, MD4_CTX *ctx);
64
65/*
66 * The basic MD4 functions.
67 *
68 * F and G are optimized compared to their RFC 1320 definitions, with the
69 * optimization for F borrowed from Colin Plumb's MD5 implementation.
70 */
71#define F(x, y, z)                      ((z) ^ ((x) & ((y) ^ (z))))
72#define G(x, y, z)                      (((x) & ((y) | (z))) | ((y) & (z)))
73#define H(x, y, z)                      ((x) ^ (y) ^ (z))
74
75/*
76 * The MD4 transformation for all three rounds.
77 */
78#define STEP(f, a, b, c, d, x, s) \
79        (a) += f((b), (c), (d)) + (x); \
80        (a) = (((a) << (s)) | (((a) & 0xffffffff) >> (32 - (s))));
81
82/*
83 * SET reads 4 input bytes in little-endian byte order and stores them
84 * in a properly aligned word in host byte order.
85 *
86 * The check for little-endian architectures that tolerate unaligned
87 * memory accesses is just an optimization.  Nothing will break if it
88 * doesn't work.
89 */
90#if defined(__i386__) || defined(__x86_64__) || defined(__vax__)
91#define SET(n) \
92        (*(MD4_u32plus *)&ptr[(n) * 4])
93#define GET(n) \
94        SET(n)
95#else
96#define SET(n) \
97        (ctx->block[(n)] = \
98        (MD4_u32plus)ptr[(n) * 4] | \
99        ((MD4_u32plus)ptr[(n) * 4 + 1] << 8) | \
100        ((MD4_u32plus)ptr[(n) * 4 + 2] << 16) | \
101        ((MD4_u32plus)ptr[(n) * 4 + 3] << 24))
102#define GET(n) \
103        (ctx->block[(n)])
104#endif
105
106/*
107 * This processes one or more 64-byte data blocks, but does NOT update
108 * the bit counters.  There are no alignment requirements.
109 */
110static const void *body(MD4_CTX *ctx, const void *data, unsigned long size)
111{
112  const unsigned char *ptr;
113  MD4_u32plus a, b, c, d;
114  MD4_u32plus saved_a, saved_b, saved_c, saved_d;
115
116  ptr = (const unsigned char *)data;
117
118  a = ctx->a;
119  b = ctx->b;
120  c = ctx->c;
121  d = ctx->d;
122
123  do {
124    saved_a = a;
125    saved_b = b;
126    saved_c = c;
127    saved_d = d;
128
129/* Round 1 */
130    STEP(F, a, b, c, d, SET(0), 3)
131      STEP(F, d, a, b, c, SET(1), 7)
132      STEP(F, c, d, a, b, SET(2), 11)
133      STEP(F, b, c, d, a, SET(3), 19)
134      STEP(F, a, b, c, d, SET(4), 3)
135      STEP(F, d, a, b, c, SET(5), 7)
136      STEP(F, c, d, a, b, SET(6), 11)
137      STEP(F, b, c, d, a, SET(7), 19)
138      STEP(F, a, b, c, d, SET(8), 3)
139      STEP(F, d, a, b, c, SET(9), 7)
140      STEP(F, c, d, a, b, SET(10), 11)
141      STEP(F, b, c, d, a, SET(11), 19)
142      STEP(F, a, b, c, d, SET(12), 3)
143      STEP(F, d, a, b, c, SET(13), 7)
144      STEP(F, c, d, a, b, SET(14), 11)
145      STEP(F, b, c, d, a, SET(15), 19)
146
147/* Round 2 */
148      STEP(G, a, b, c, d, GET(0) + 0x5a827999, 3)
149      STEP(G, d, a, b, c, GET(4) + 0x5a827999, 5)
150      STEP(G, c, d, a, b, GET(8) + 0x5a827999, 9)
151      STEP(G, b, c, d, a, GET(12) + 0x5a827999, 13)
152      STEP(G, a, b, c, d, GET(1) + 0x5a827999, 3)
153      STEP(G, d, a, b, c, GET(5) + 0x5a827999, 5)
154      STEP(G, c, d, a, b, GET(9) + 0x5a827999, 9)
155      STEP(G, b, c, d, a, GET(13) + 0x5a827999, 13)
156      STEP(G, a, b, c, d, GET(2) + 0x5a827999, 3)
157      STEP(G, d, a, b, c, GET(6) + 0x5a827999, 5)
158      STEP(G, c, d, a, b, GET(10) + 0x5a827999, 9)
159      STEP(G, b, c, d, a, GET(14) + 0x5a827999, 13)
160      STEP(G, a, b, c, d, GET(3) + 0x5a827999, 3)
161      STEP(G, d, a, b, c, GET(7) + 0x5a827999, 5)
162      STEP(G, c, d, a, b, GET(11) + 0x5a827999, 9)
163      STEP(G, b, c, d, a, GET(15) + 0x5a827999, 13)
164
165/* Round 3 */
166      STEP(H, a, b, c, d, GET(0) + 0x6ed9eba1, 3)
167      STEP(H, d, a, b, c, GET(8) + 0x6ed9eba1, 9)
168      STEP(H, c, d, a, b, GET(4) + 0x6ed9eba1, 11)
169      STEP(H, b, c, d, a, GET(12) + 0x6ed9eba1, 15)
170      STEP(H, a, b, c, d, GET(2) + 0x6ed9eba1, 3)
171      STEP(H, d, a, b, c, GET(10) + 0x6ed9eba1, 9)
172      STEP(H, c, d, a, b, GET(6) + 0x6ed9eba1, 11)
173      STEP(H, b, c, d, a, GET(14) + 0x6ed9eba1, 15)
174      STEP(H, a, b, c, d, GET(1) + 0x6ed9eba1, 3)
175      STEP(H, d, a, b, c, GET(9) + 0x6ed9eba1, 9)
176      STEP(H, c, d, a, b, GET(5) + 0x6ed9eba1, 11)
177      STEP(H, b, c, d, a, GET(13) + 0x6ed9eba1, 15)
178      STEP(H, a, b, c, d, GET(3) + 0x6ed9eba1, 3)
179      STEP(H, d, a, b, c, GET(11) + 0x6ed9eba1, 9)
180      STEP(H, c, d, a, b, GET(7) + 0x6ed9eba1, 11)
181      STEP(H, b, c, d, a, GET(15) + 0x6ed9eba1, 15)
182
183      a += saved_a;
184    b += saved_b;
185    c += saved_c;
186    d += saved_d;
187
188    ptr += 64;
189  } while(size -= 64);
190
191  ctx->a = a;
192  ctx->b = b;
193  ctx->c = c;
194  ctx->d = d;
195
196  return ptr;
197}
198
199static void MD4_Init(MD4_CTX *ctx)
200{
201  ctx->a = 0x67452301;
202  ctx->b = 0xefcdab89;
203  ctx->c = 0x98badcfe;
204  ctx->d = 0x10325476;
205
206  ctx->lo = 0;
207  ctx->hi = 0;
208}
209
210static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
211{
212  MD4_u32plus saved_lo;
213  unsigned long used, available;
214
215  saved_lo = ctx->lo;
216  if((ctx->lo = (saved_lo + size) & 0x1fffffff) < saved_lo)
217    ctx->hi++;
218  ctx->hi += (MD4_u32plus)size >> 29;
219
220  used = saved_lo & 0x3f;
221
222  if(used) {
223    available = 64 - used;
224
225    if(size < available) {
226      memcpy(&ctx->buffer[used], data, size);
227      return;
228    }
229
230    memcpy(&ctx->buffer[used], data, available);
231    data = (const unsigned char *)data + available;
232    size -= available;
233    body(ctx, ctx->buffer, 64);
234  }
235
236  if(size >= 64) {
237    data = body(ctx, data, size & ~(unsigned long)0x3f);
238    size &= 0x3f;
239  }
240
241  memcpy(ctx->buffer, data, size);
242}
243
244static void MD4_Final(unsigned char *result, MD4_CTX *ctx)
245{
246  unsigned long used, available;
247
248  used = ctx->lo & 0x3f;
249
250  ctx->buffer[used++] = 0x80;
251
252  available = 64 - used;
253
254  if(available < 8) {
255    memset(&ctx->buffer[used], 0, available);
256    body(ctx, ctx->buffer, 64);
257    used = 0;
258    available = 64;
259  }
260
261  memset(&ctx->buffer[used], 0, available - 8);
262
263  ctx->lo <<= 3;
264  ctx->buffer[56] = curlx_ultouc((ctx->lo)&0xff);
265  ctx->buffer[57] = curlx_ultouc((ctx->lo >> 8)&0xff);
266  ctx->buffer[58] = curlx_ultouc((ctx->lo >> 16)&0xff);
267  ctx->buffer[59] = curlx_ultouc((ctx->lo >> 24)&0xff);
268  ctx->buffer[60] = curlx_ultouc((ctx->hi)&0xff);
269  ctx->buffer[61] = curlx_ultouc((ctx->hi >> 8)&0xff);
270  ctx->buffer[62] = curlx_ultouc((ctx->hi >> 16)&0xff);
271  ctx->buffer[63] = curlx_ultouc(ctx->hi >> 24);
272
273  body(ctx, ctx->buffer, 64);
274
275  result[0] = curlx_ultouc((ctx->a)&0xff);
276  result[1] = curlx_ultouc((ctx->a >> 8)&0xff);
277  result[2] = curlx_ultouc((ctx->a >> 16)&0xff);
278  result[3] = curlx_ultouc(ctx->a >> 24);
279  result[4] = curlx_ultouc((ctx->b)&0xff);
280  result[5] = curlx_ultouc((ctx->b >> 8)&0xff);
281  result[6] = curlx_ultouc((ctx->b >> 16)&0xff);
282  result[7] = curlx_ultouc(ctx->b >> 24);
283  result[8] = curlx_ultouc((ctx->c)&0xff);
284  result[9] = curlx_ultouc((ctx->c >> 8)&0xff);
285  result[10] = curlx_ultouc((ctx->c >> 16)&0xff);
286  result[11] = curlx_ultouc(ctx->c >> 24);
287  result[12] = curlx_ultouc((ctx->d)&0xff);
288  result[13] = curlx_ultouc((ctx->d >> 8)&0xff);
289  result[14] = curlx_ultouc((ctx->d >> 16)&0xff);
290  result[15] = curlx_ultouc(ctx->d >> 24);
291
292  memset(ctx, 0, sizeof(*ctx));
293}
294
295#endif
296
297void Curl_md4it(unsigned char *output, const unsigned char *input, size_t len)
298{
299  MD4_CTX ctx;
300  MD4_Init(&ctx);
301  MD4_Update(&ctx, input, curlx_uztoui(len));
302  MD4_Final(output, &ctx);
303}
304#endif /* defined(USE_NSS) || defined(USE_OS400CRYPTO) */
305