xref: /dflybsd-src/contrib/wpa_supplicant/src/crypto/md5-internal.c (revision 3a84a4273475ed07d0ab1c2dfeffdfedef35d9cd) 
13ff40c12SJohn Marino /*
23ff40c12SJohn Marino  * MD5 hash implementation and interface functions
33ff40c12SJohn Marino  * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
43ff40c12SJohn Marino  *
53ff40c12SJohn Marino  * This software may be distributed under the terms of the BSD license.
63ff40c12SJohn Marino  * See README for more details.
73ff40c12SJohn Marino  */
83ff40c12SJohn Marino 
93ff40c12SJohn Marino #include "includes.h"
103ff40c12SJohn Marino 
113ff40c12SJohn Marino #include "common.h"
123ff40c12SJohn Marino #include "md5.h"
133ff40c12SJohn Marino #include "md5_i.h"
143ff40c12SJohn Marino #include "crypto.h"
153ff40c12SJohn Marino 
163ff40c12SJohn Marino 
173ff40c12SJohn Marino static void MD5Transform(u32 buf[4], u32 const in[16]);
183ff40c12SJohn Marino 
193ff40c12SJohn Marino 
203ff40c12SJohn Marino typedef struct MD5Context MD5_CTX;
213ff40c12SJohn Marino 
223ff40c12SJohn Marino 
233ff40c12SJohn Marino /**
243ff40c12SJohn Marino  * md5_vector - MD5 hash for data vector
253ff40c12SJohn Marino  * @num_elem: Number of elements in the data vector
263ff40c12SJohn Marino  * @addr: Pointers to the data areas
273ff40c12SJohn Marino  * @len: Lengths of the data blocks
283ff40c12SJohn Marino  * @mac: Buffer for the hash
293ff40c12SJohn Marino  * Returns: 0 on success, -1 of failure
303ff40c12SJohn Marino  */
md5_vector(size_t num_elem,const u8 * addr[],const size_t * len,u8 * mac)313ff40c12SJohn Marino int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
323ff40c12SJohn Marino {
333ff40c12SJohn Marino 	MD5_CTX ctx;
343ff40c12SJohn Marino 	size_t i;
353ff40c12SJohn Marino 
36*a1157835SDaniel Fojt 	if (TEST_FAIL())
37*a1157835SDaniel Fojt 		return -1;
38*a1157835SDaniel Fojt 
393ff40c12SJohn Marino 	MD5Init(&ctx);
403ff40c12SJohn Marino 	for (i = 0; i < num_elem; i++)
413ff40c12SJohn Marino 		MD5Update(&ctx, addr[i], len[i]);
423ff40c12SJohn Marino 	MD5Final(mac, &ctx);
433ff40c12SJohn Marino 	return 0;
443ff40c12SJohn Marino }
453ff40c12SJohn Marino 
463ff40c12SJohn Marino 
473ff40c12SJohn Marino /* ===== start - public domain MD5 implementation ===== */
483ff40c12SJohn Marino /*
493ff40c12SJohn Marino  * This code implements the MD5 message-digest algorithm.
503ff40c12SJohn Marino  * The algorithm is due to Ron Rivest.  This code was
513ff40c12SJohn Marino  * written by Colin Plumb in 1993, no copyright is claimed.
523ff40c12SJohn Marino  * This code is in the public domain; do with it what you wish.
533ff40c12SJohn Marino  *
543ff40c12SJohn Marino  * Equivalent code is available from RSA Data Security, Inc.
553ff40c12SJohn Marino  * This code has been tested against that, and is equivalent,
563ff40c12SJohn Marino  * except that you don't need to include two pages of legalese
573ff40c12SJohn Marino  * with every copy.
583ff40c12SJohn Marino  *
593ff40c12SJohn Marino  * To compute the message digest of a chunk of bytes, declare an
603ff40c12SJohn Marino  * MD5Context structure, pass it to MD5Init, call MD5Update as
613ff40c12SJohn Marino  * needed on buffers full of bytes, and then call MD5Final, which
623ff40c12SJohn Marino  * will fill a supplied 16-byte array with the digest.
633ff40c12SJohn Marino  */
643ff40c12SJohn Marino 
653ff40c12SJohn Marino #ifndef WORDS_BIGENDIAN
663ff40c12SJohn Marino #define byteReverse(buf, len)	/* Nothing */
673ff40c12SJohn Marino #else
683ff40c12SJohn Marino /*
693ff40c12SJohn Marino  * Note: this code is harmless on little-endian machines.
703ff40c12SJohn Marino  */
byteReverse(unsigned char * buf,unsigned longs)713ff40c12SJohn Marino static void byteReverse(unsigned char *buf, unsigned longs)
723ff40c12SJohn Marino {
733ff40c12SJohn Marino     u32 t;
743ff40c12SJohn Marino     do {
753ff40c12SJohn Marino 	t = (u32) ((unsigned) buf[3] << 8 | buf[2]) << 16 |
763ff40c12SJohn Marino 	    ((unsigned) buf[1] << 8 | buf[0]);
773ff40c12SJohn Marino 	*(u32 *) buf = t;
783ff40c12SJohn Marino 	buf += 4;
793ff40c12SJohn Marino     } while (--longs);
803ff40c12SJohn Marino }
813ff40c12SJohn Marino #endif
823ff40c12SJohn Marino 
833ff40c12SJohn Marino /*
843ff40c12SJohn Marino  * Start MD5 accumulation.  Set bit count to 0 and buffer to mysterious
853ff40c12SJohn Marino  * initialization constants.
863ff40c12SJohn Marino  */
MD5Init(struct MD5Context * ctx)873ff40c12SJohn Marino void MD5Init(struct MD5Context *ctx)
883ff40c12SJohn Marino {
893ff40c12SJohn Marino     ctx->buf[0] = 0x67452301;
903ff40c12SJohn Marino     ctx->buf[1] = 0xefcdab89;
913ff40c12SJohn Marino     ctx->buf[2] = 0x98badcfe;
923ff40c12SJohn Marino     ctx->buf[3] = 0x10325476;
933ff40c12SJohn Marino 
943ff40c12SJohn Marino     ctx->bits[0] = 0;
953ff40c12SJohn Marino     ctx->bits[1] = 0;
963ff40c12SJohn Marino }
973ff40c12SJohn Marino 
983ff40c12SJohn Marino /*
993ff40c12SJohn Marino  * Update context to reflect the concatenation of another buffer full
1003ff40c12SJohn Marino  * of bytes.
1013ff40c12SJohn Marino  */
MD5Update(struct MD5Context * ctx,unsigned char const * buf,unsigned len)1023ff40c12SJohn Marino void MD5Update(struct MD5Context *ctx, unsigned char const *buf, unsigned len)
1033ff40c12SJohn Marino {
1043ff40c12SJohn Marino     u32 t;
1053ff40c12SJohn Marino 
1063ff40c12SJohn Marino     /* Update bitcount */
1073ff40c12SJohn Marino 
1083ff40c12SJohn Marino     t = ctx->bits[0];
1093ff40c12SJohn Marino     if ((ctx->bits[0] = t + ((u32) len << 3)) < t)
1103ff40c12SJohn Marino 	ctx->bits[1]++;		/* Carry from low to high */
1113ff40c12SJohn Marino     ctx->bits[1] += len >> 29;
1123ff40c12SJohn Marino 
1133ff40c12SJohn Marino     t = (t >> 3) & 0x3f;	/* Bytes already in shsInfo->data */
1143ff40c12SJohn Marino 
1153ff40c12SJohn Marino     /* Handle any leading odd-sized chunks */
1163ff40c12SJohn Marino 
1173ff40c12SJohn Marino     if (t) {
1183ff40c12SJohn Marino 	unsigned char *p = (unsigned char *) ctx->in + t;
1193ff40c12SJohn Marino 
1203ff40c12SJohn Marino 	t = 64 - t;
1213ff40c12SJohn Marino 	if (len < t) {
1223ff40c12SJohn Marino 	    os_memcpy(p, buf, len);
1233ff40c12SJohn Marino 	    return;
1243ff40c12SJohn Marino 	}
1253ff40c12SJohn Marino 	os_memcpy(p, buf, t);
1263ff40c12SJohn Marino 	byteReverse(ctx->in, 16);
1273ff40c12SJohn Marino 	MD5Transform(ctx->buf, (u32 *) ctx->in);
1283ff40c12SJohn Marino 	buf += t;
1293ff40c12SJohn Marino 	len -= t;
1303ff40c12SJohn Marino     }
1313ff40c12SJohn Marino     /* Process data in 64-byte chunks */
1323ff40c12SJohn Marino 
1333ff40c12SJohn Marino     while (len >= 64) {
1343ff40c12SJohn Marino 	os_memcpy(ctx->in, buf, 64);
1353ff40c12SJohn Marino 	byteReverse(ctx->in, 16);
1363ff40c12SJohn Marino 	MD5Transform(ctx->buf, (u32 *) ctx->in);
1373ff40c12SJohn Marino 	buf += 64;
1383ff40c12SJohn Marino 	len -= 64;
1393ff40c12SJohn Marino     }
1403ff40c12SJohn Marino 
1413ff40c12SJohn Marino     /* Handle any remaining bytes of data. */
1423ff40c12SJohn Marino 
1433ff40c12SJohn Marino     os_memcpy(ctx->in, buf, len);
1443ff40c12SJohn Marino }
1453ff40c12SJohn Marino 
1463ff40c12SJohn Marino /*
1473ff40c12SJohn Marino  * Final wrapup - pad to 64-byte boundary with the bit pattern
1483ff40c12SJohn Marino  * 1 0* (64-bit count of bits processed, MSB-first)
1493ff40c12SJohn Marino  */
MD5Final(unsigned char digest[16],struct MD5Context * ctx)1503ff40c12SJohn Marino void MD5Final(unsigned char digest[16], struct MD5Context *ctx)
1513ff40c12SJohn Marino {
1523ff40c12SJohn Marino     unsigned count;
1533ff40c12SJohn Marino     unsigned char *p;
1543ff40c12SJohn Marino 
1553ff40c12SJohn Marino     /* Compute number of bytes mod 64 */
1563ff40c12SJohn Marino     count = (ctx->bits[0] >> 3) & 0x3F;
1573ff40c12SJohn Marino 
1583ff40c12SJohn Marino     /* Set the first char of padding to 0x80.  This is safe since there is
1593ff40c12SJohn Marino        always at least one byte free */
1603ff40c12SJohn Marino     p = ctx->in + count;
1613ff40c12SJohn Marino     *p++ = 0x80;
1623ff40c12SJohn Marino 
1633ff40c12SJohn Marino     /* Bytes of padding needed to make 64 bytes */
1643ff40c12SJohn Marino     count = 64 - 1 - count;
1653ff40c12SJohn Marino 
1663ff40c12SJohn Marino     /* Pad out to 56 mod 64 */
1673ff40c12SJohn Marino     if (count < 8) {
1683ff40c12SJohn Marino 	/* Two lots of padding:  Pad the first block to 64 bytes */
1693ff40c12SJohn Marino 	os_memset(p, 0, count);
1703ff40c12SJohn Marino 	byteReverse(ctx->in, 16);
1713ff40c12SJohn Marino 	MD5Transform(ctx->buf, (u32 *) ctx->in);
1723ff40c12SJohn Marino 
1733ff40c12SJohn Marino 	/* Now fill the next block with 56 bytes */
1743ff40c12SJohn Marino 	os_memset(ctx->in, 0, 56);
1753ff40c12SJohn Marino     } else {
1763ff40c12SJohn Marino 	/* Pad block to 56 bytes */
1773ff40c12SJohn Marino 	os_memset(p, 0, count - 8);
1783ff40c12SJohn Marino     }
1793ff40c12SJohn Marino     byteReverse(ctx->in, 14);
1803ff40c12SJohn Marino 
1813ff40c12SJohn Marino     /* Append length in bits and transform */
1823ff40c12SJohn Marino     ((u32 *) aliasing_hide_typecast(ctx->in, u32))[14] = ctx->bits[0];
1833ff40c12SJohn Marino     ((u32 *) aliasing_hide_typecast(ctx->in, u32))[15] = ctx->bits[1];
1843ff40c12SJohn Marino 
1853ff40c12SJohn Marino     MD5Transform(ctx->buf, (u32 *) ctx->in);
1863ff40c12SJohn Marino     byteReverse((unsigned char *) ctx->buf, 4);
1873ff40c12SJohn Marino     os_memcpy(digest, ctx->buf, 16);
1883ff40c12SJohn Marino     os_memset(ctx, 0, sizeof(*ctx));	/* In case it's sensitive */
1893ff40c12SJohn Marino }
1903ff40c12SJohn Marino 
1913ff40c12SJohn Marino /* The four core functions - F1 is optimized somewhat */
1923ff40c12SJohn Marino 
1933ff40c12SJohn Marino /* #define F1(x, y, z) (x & y | ~x & z) */
1943ff40c12SJohn Marino #define F1(x, y, z) (z ^ (x & (y ^ z)))
1953ff40c12SJohn Marino #define F2(x, y, z) F1(z, x, y)
1963ff40c12SJohn Marino #define F3(x, y, z) (x ^ y ^ z)
1973ff40c12SJohn Marino #define F4(x, y, z) (y ^ (x | ~z))
1983ff40c12SJohn Marino 
1993ff40c12SJohn Marino /* This is the central step in the MD5 algorithm. */
2003ff40c12SJohn Marino #define MD5STEP(f, w, x, y, z, data, s) \
2013ff40c12SJohn Marino 	( w += f(x, y, z) + data,  w = w<<s | w>>(32-s),  w += x )
2023ff40c12SJohn Marino 
2033ff40c12SJohn Marino /*
2043ff40c12SJohn Marino  * The core of the MD5 algorithm, this alters an existing MD5 hash to
2053ff40c12SJohn Marino  * reflect the addition of 16 longwords of new data.  MD5Update blocks
2063ff40c12SJohn Marino  * the data and converts bytes into longwords for this routine.
2073ff40c12SJohn Marino  */
MD5Transform(u32 buf[4],u32 const in[16])2083ff40c12SJohn Marino static void MD5Transform(u32 buf[4], u32 const in[16])
2093ff40c12SJohn Marino {
2103ff40c12SJohn Marino     register u32 a, b, c, d;
2113ff40c12SJohn Marino 
2123ff40c12SJohn Marino     a = buf[0];
2133ff40c12SJohn Marino     b = buf[1];
2143ff40c12SJohn Marino     c = buf[2];
2153ff40c12SJohn Marino     d = buf[3];
2163ff40c12SJohn Marino 
2173ff40c12SJohn Marino     MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7);
2183ff40c12SJohn Marino     MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
2193ff40c12SJohn Marino     MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17);
2203ff40c12SJohn Marino     MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
2213ff40c12SJohn Marino     MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
2223ff40c12SJohn Marino     MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12);
2233ff40c12SJohn Marino     MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17);
2243ff40c12SJohn Marino     MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22);
2253ff40c12SJohn Marino     MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7);
2263ff40c12SJohn Marino     MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
2273ff40c12SJohn Marino     MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
2283ff40c12SJohn Marino     MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22);
2293ff40c12SJohn Marino     MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7);
2303ff40c12SJohn Marino     MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12);
2313ff40c12SJohn Marino     MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17);
2323ff40c12SJohn Marino     MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22);
2333ff40c12SJohn Marino 
2343ff40c12SJohn Marino     MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5);
2353ff40c12SJohn Marino     MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9);
2363ff40c12SJohn Marino     MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14);
2373ff40c12SJohn Marino     MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
2383ff40c12SJohn Marino     MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5);
2393ff40c12SJohn Marino     MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9);
2403ff40c12SJohn Marino     MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
2413ff40c12SJohn Marino     MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
2423ff40c12SJohn Marino     MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
2433ff40c12SJohn Marino     MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9);
2443ff40c12SJohn Marino     MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
2453ff40c12SJohn Marino     MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20);
2463ff40c12SJohn Marino     MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
2473ff40c12SJohn Marino     MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
2483ff40c12SJohn Marino     MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14);
2493ff40c12SJohn Marino     MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
2503ff40c12SJohn Marino 
2513ff40c12SJohn Marino     MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4);
2523ff40c12SJohn Marino     MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11);
2533ff40c12SJohn Marino     MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
2543ff40c12SJohn Marino     MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23);
2553ff40c12SJohn Marino     MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4);
2563ff40c12SJohn Marino     MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
2573ff40c12SJohn Marino     MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
2583ff40c12SJohn Marino     MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
2593ff40c12SJohn Marino     MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
2603ff40c12SJohn Marino     MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
2613ff40c12SJohn Marino     MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
2623ff40c12SJohn Marino     MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23);
2633ff40c12SJohn Marino     MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
2643ff40c12SJohn Marino     MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
2653ff40c12SJohn Marino     MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
2663ff40c12SJohn Marino     MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
2673ff40c12SJohn Marino 
2683ff40c12SJohn Marino     MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6);
2693ff40c12SJohn Marino     MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10);
2703ff40c12SJohn Marino     MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15);
2713ff40c12SJohn Marino     MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21);
2723ff40c12SJohn Marino     MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6);
2733ff40c12SJohn Marino     MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
2743ff40c12SJohn Marino     MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15);
2753ff40c12SJohn Marino     MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21);
2763ff40c12SJohn Marino     MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
2773ff40c12SJohn Marino     MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
2783ff40c12SJohn Marino     MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15);
2793ff40c12SJohn Marino     MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
2803ff40c12SJohn Marino     MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6);
2813ff40c12SJohn Marino     MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10);
2823ff40c12SJohn Marino     MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
2833ff40c12SJohn Marino     MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21);
2843ff40c12SJohn Marino 
2853ff40c12SJohn Marino     buf[0] += a;
2863ff40c12SJohn Marino     buf[1] += b;
2873ff40c12SJohn Marino     buf[2] += c;
2883ff40c12SJohn Marino     buf[3] += d;
2893ff40c12SJohn Marino }
2903ff40c12SJohn Marino /* ===== end - public domain MD5 implementation ===== */
291