xref: /netbsd-src/external/bsd/openldap/dist/libraries/liblutil/md5.c (revision 82d56013d7b633d116a93943de88e08335357a7c) 
1 /*	$NetBSD: md5.c,v 1.7 2020/08/11 13:15:39 christos Exp $	*/
2 
3 /* md5.c -- MD5 message-digest algorithm */
4 /* $OpenLDAP$ */
5 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
6  *
7  * Copyright 1998-2020 The OpenLDAP Foundation.
8  * All rights reserved.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted only as authorized by the OpenLDAP
12  * Public License.
13  *
14  * A copy of this license is available in the file LICENSE in the
15  * top-level directory of the distribution or, alternatively, at
16  * <http://www.OpenLDAP.org/license.html>.
17  */
18 /* This work was adapted for inclusion in OpenLDAP Software by
19  * Kurt D. Zeilenga based upon code developed by Colin Plumb
20  * and subsequently modified by Jim Kingdon.
21  */
22 
23 /*
24  * This code implements the MD5 message-digest algorithm.
25  * The algorithm is due to Ron Rivest.  This code was
26  * written by Colin Plumb in 1993, no copyright is claimed.
27  * This code is in the public domain; do with it what you wish.
28  *
29  * Equivalent code is available from RSA Data Security, Inc.
30  * This code has been tested against that, and is equivalent,
31  * except that you don't need to include two pages of legalese
32  * with every copy.
33  *
34  * To compute the message digest of a chunk of bytes, declare an
35  * MD5Context structure, pass it to MD5Init, call MD5Update as
36  * needed on buffers full of bytes, and then call MD5Final, which
37  * will fill a supplied 16-byte array with the digest.
38  */
39 
40 /* This code was modified in 1997 by Jim Kingdon of Cyclic Software to
41    not require an integer type which is exactly 32 bits.  This work
42    draws on the changes for the same purpose by Tatu Ylonen
43    <ylo@cs.hut.fi> as part of SSH, but since I didn't actually use
44    that code, there is no copyright issue.  I hereby disclaim
45    copyright in any changes I have made; this code remains in the
46    public domain.  */
47 
48 #include <sys/cdefs.h>
49 __RCSID("$NetBSD: md5.c,v 1.7 2020/08/11 13:15:39 christos Exp $");
50 
51 #include "portable.h"
52 
53 #include <ac/string.h>
54 
55 /* include socket.h to get sys/types.h and/or winsock2.h */
56 #include <ac/socket.h>
57 
58 #include <lutil_md5.h>
59 
60 /* Little-endian byte-swapping routines.  Note that these do not
61    depend on the size of datatypes such as ber_uint_t, nor do they require
62    us to detect the endianness of the machine we are running on.  It
63    is possible they should be macros for speed, but I would be
64    surprised if they were a performance bottleneck for MD5.  */
65 
66 static ber_uint_t
67 getu32( const unsigned char *addr )
68 {
69 	return (((((unsigned long)addr[3] << 8) | addr[2]) << 8)
70 		| addr[1]) << 8 | addr[0];
71 }
72 
73 static void
74 putu32( ber_uint_t data, unsigned char *addr )
75 {
76 	addr[0] = (unsigned char)data;
77 	addr[1] = (unsigned char)(data >> 8);
78 	addr[2] = (unsigned char)(data >> 16);
79 	addr[3] = (unsigned char)(data >> 24);
80 }
81 
82 /*
83  * Start MD5 accumulation.  Set bit count to 0 and buffer to mysterious
84  * initialization constants.
85  */
86 void
87 lutil_MD5Init( struct lutil_MD5Context *ctx )
88 {
89 	ctx->buf[0] = 0x67452301;
90 	ctx->buf[1] = 0xefcdab89;
91 	ctx->buf[2] = 0x98badcfe;
92 	ctx->buf[3] = 0x10325476;
93 
94 	ctx->bits[0] = 0;
95 	ctx->bits[1] = 0;
96 }
97 
98 /*
99  * Update context to reflect the concatenation of another buffer full
100  * of bytes.
101  */
102 void
103 lutil_MD5Update(
104     struct lutil_MD5Context	*ctx,
105     const unsigned char		*buf,
106     ber_len_t		len
107 )
108 {
109 	ber_uint_t t;
110 
111 	/* Update bitcount */
112 
113 	t = ctx->bits[0];
114 	if ((ctx->bits[0] = (t + ((ber_uint_t)len << 3)) & 0xffffffff) < t)
115 		ctx->bits[1]++;	/* Carry from low to high */
116 	ctx->bits[1] += len >> 29;
117 
118 	t = (t >> 3) & 0x3f;	/* Bytes already in shsInfo->data */
119 
120 	/* Handle any leading odd-sized chunks */
121 
122 	if ( t ) {
123 		unsigned char *p = ctx->in + t;
124 
125 		t = 64-t;
126 		if (len < t) {
127 			AC_MEMCPY(p, buf, len);
128 			return;
129 		}
130 		AC_MEMCPY(p, buf, t);
131 		lutil_MD5Transform(ctx->buf, ctx->in);
132 		buf += t;
133 		len -= t;
134 	}
135 
136 	/* Process data in 64-byte chunks */
137 
138 	while (len >= 64) {
139 		AC_MEMCPY(ctx->in, buf, 64);
140 		lutil_MD5Transform(ctx->buf, ctx->in);
141 		buf += 64;
142 		len -= 64;
143 	}
144 
145 	/* Handle any remaining bytes of data. */
146 
147 	AC_MEMCPY(ctx->in, buf, len);
148 }
149 
150 /*
151  * Final wrapup - pad to 64-byte boundary with the bit pattern
152  * 1 0* (64-bit count of bits processed, MSB-first)
153  */
154 void
155 lutil_MD5Final( unsigned char *digest, struct lutil_MD5Context *ctx )
156 {
157 	unsigned count;
158 	unsigned char *p;
159 
160 	/* Compute number of bytes mod 64 */
161 	count = (ctx->bits[0] >> 3) & 0x3F;
162 
163 	/* Set the first char of padding to 0x80.  This is safe since there is
164 	   always at least one byte free */
165 	p = ctx->in + count;
166 	*p++ = 0x80;
167 
168 	/* Bytes of padding needed to make 64 bytes */
169 	count = 64 - 1 - count;
170 
171 	/* Pad out to 56 mod 64 */
172 	if (count < 8) {
173 		/* Two lots of padding:  Pad the first block to 64 bytes */
174 		memset(p, '\0', count);
175 		lutil_MD5Transform(ctx->buf, ctx->in);
176 
177 		/* Now fill the next block with 56 bytes */
178 		memset(ctx->in, '\0', 56);
179 	} else {
180 		/* Pad block to 56 bytes */
181 		memset(p, '\0', count-8);
182 	}
183 
184 	/* Append length in bits and transform */
185 	putu32(ctx->bits[0], ctx->in + 56);
186 	putu32(ctx->bits[1], ctx->in + 60);
187 
188 	lutil_MD5Transform(ctx->buf, ctx->in);
189 	putu32(ctx->buf[0], digest);
190 	putu32(ctx->buf[1], digest + 4);
191 	putu32(ctx->buf[2], digest + 8);
192 	putu32(ctx->buf[3], digest + 12);
193 	memset(ctx, '\0', sizeof(*ctx));	/* In case it's sensitive */
194 }
195 
196 #ifndef ASM_MD5
197 
198 /* The four core functions - F1 is optimized somewhat */
199 
200 /* #define F1(x, y, z) (x & y | ~x & z) */
201 #define F1(x, y, z) (z ^ (x & (y ^ z)))
202 #define F2(x, y, z) F1(z, x, y)
203 #define F3(x, y, z) (x ^ y ^ z)
204 #define F4(x, y, z) (y ^ (x | ~z))
205 
206 /* This is the central step in the MD5 algorithm. */
207 #define MD5STEP(f, w, x, y, z, data, s) \
208 	( w += f(x, y, z) + data, w &= 0xffffffff, w = w<<s | w>>(32-s), w += x )
209 
210 /*
211  * The core of the MD5 algorithm, this alters an existing MD5 hash to
212  * reflect the addition of 16 longwords of new data.  MD5Update blocks
213  * the data and converts bytes into longwords for this routine.
214  */
215 void
216 lutil_MD5Transform( ber_uint_t *buf, const unsigned char *inraw )
217 {
218 	register ber_uint_t a, b, c, d;
219 	ber_uint_t in[16];
220 	int i;
221 
222 	for (i = 0; i < 16; ++i)
223 		in[i] = getu32 (inraw + 4 * i);
224 
225 	a = buf[0];
226 	b = buf[1];
227 	c = buf[2];
228 	d = buf[3];
229 
230 	MD5STEP(F1, a, b, c, d, in[ 0]+0xd76aa478,  7);
231 	MD5STEP(F1, d, a, b, c, in[ 1]+0xe8c7b756, 12);
232 	MD5STEP(F1, c, d, a, b, in[ 2]+0x242070db, 17);
233 	MD5STEP(F1, b, c, d, a, in[ 3]+0xc1bdceee, 22);
234 	MD5STEP(F1, a, b, c, d, in[ 4]+0xf57c0faf,  7);
235 	MD5STEP(F1, d, a, b, c, in[ 5]+0x4787c62a, 12);
236 	MD5STEP(F1, c, d, a, b, in[ 6]+0xa8304613, 17);
237 	MD5STEP(F1, b, c, d, a, in[ 7]+0xfd469501, 22);
238 	MD5STEP(F1, a, b, c, d, in[ 8]+0x698098d8,  7);
239 	MD5STEP(F1, d, a, b, c, in[ 9]+0x8b44f7af, 12);
240 	MD5STEP(F1, c, d, a, b, in[10]+0xffff5bb1, 17);
241 	MD5STEP(F1, b, c, d, a, in[11]+0x895cd7be, 22);
242 	MD5STEP(F1, a, b, c, d, in[12]+0x6b901122,  7);
243 	MD5STEP(F1, d, a, b, c, in[13]+0xfd987193, 12);
244 	MD5STEP(F1, c, d, a, b, in[14]+0xa679438e, 17);
245 	MD5STEP(F1, b, c, d, a, in[15]+0x49b40821, 22);
246 
247 	MD5STEP(F2, a, b, c, d, in[ 1]+0xf61e2562,  5);
248 	MD5STEP(F2, d, a, b, c, in[ 6]+0xc040b340,  9);
249 	MD5STEP(F2, c, d, a, b, in[11]+0x265e5a51, 14);
250 	MD5STEP(F2, b, c, d, a, in[ 0]+0xe9b6c7aa, 20);
251 	MD5STEP(F2, a, b, c, d, in[ 5]+0xd62f105d,  5);
252 	MD5STEP(F2, d, a, b, c, in[10]+0x02441453,  9);
253 	MD5STEP(F2, c, d, a, b, in[15]+0xd8a1e681, 14);
254 	MD5STEP(F2, b, c, d, a, in[ 4]+0xe7d3fbc8, 20);
255 	MD5STEP(F2, a, b, c, d, in[ 9]+0x21e1cde6,  5);
256 	MD5STEP(F2, d, a, b, c, in[14]+0xc33707d6,  9);
257 	MD5STEP(F2, c, d, a, b, in[ 3]+0xf4d50d87, 14);
258 	MD5STEP(F2, b, c, d, a, in[ 8]+0x455a14ed, 20);
259 	MD5STEP(F2, a, b, c, d, in[13]+0xa9e3e905,  5);
260 	MD5STEP(F2, d, a, b, c, in[ 2]+0xfcefa3f8,  9);
261 	MD5STEP(F2, c, d, a, b, in[ 7]+0x676f02d9, 14);
262 	MD5STEP(F2, b, c, d, a, in[12]+0x8d2a4c8a, 20);
263 
264 	MD5STEP(F3, a, b, c, d, in[ 5]+0xfffa3942,  4);
265 	MD5STEP(F3, d, a, b, c, in[ 8]+0x8771f681, 11);
266 	MD5STEP(F3, c, d, a, b, in[11]+0x6d9d6122, 16);
267 	MD5STEP(F3, b, c, d, a, in[14]+0xfde5380c, 23);
268 	MD5STEP(F3, a, b, c, d, in[ 1]+0xa4beea44,  4);
269 	MD5STEP(F3, d, a, b, c, in[ 4]+0x4bdecfa9, 11);
270 	MD5STEP(F3, c, d, a, b, in[ 7]+0xf6bb4b60, 16);
271 	MD5STEP(F3, b, c, d, a, in[10]+0xbebfbc70, 23);
272 	MD5STEP(F3, a, b, c, d, in[13]+0x289b7ec6,  4);
273 	MD5STEP(F3, d, a, b, c, in[ 0]+0xeaa127fa, 11);
274 	MD5STEP(F3, c, d, a, b, in[ 3]+0xd4ef3085, 16);
275 	MD5STEP(F3, b, c, d, a, in[ 6]+0x04881d05, 23);
276 	MD5STEP(F3, a, b, c, d, in[ 9]+0xd9d4d039,  4);
277 	MD5STEP(F3, d, a, b, c, in[12]+0xe6db99e5, 11);
278 	MD5STEP(F3, c, d, a, b, in[15]+0x1fa27cf8, 16);
279 	MD5STEP(F3, b, c, d, a, in[ 2]+0xc4ac5665, 23);
280 
281 	MD5STEP(F4, a, b, c, d, in[ 0]+0xf4292244,  6);
282 	MD5STEP(F4, d, a, b, c, in[ 7]+0x432aff97, 10);
283 	MD5STEP(F4, c, d, a, b, in[14]+0xab9423a7, 15);
284 	MD5STEP(F4, b, c, d, a, in[ 5]+0xfc93a039, 21);
285 	MD5STEP(F4, a, b, c, d, in[12]+0x655b59c3,  6);
286 	MD5STEP(F4, d, a, b, c, in[ 3]+0x8f0ccc92, 10);
287 	MD5STEP(F4, c, d, a, b, in[10]+0xffeff47d, 15);
288 	MD5STEP(F4, b, c, d, a, in[ 1]+0x85845dd1, 21);
289 	MD5STEP(F4, a, b, c, d, in[ 8]+0x6fa87e4f,  6);
290 	MD5STEP(F4, d, a, b, c, in[15]+0xfe2ce6e0, 10);
291 	MD5STEP(F4, c, d, a, b, in[ 6]+0xa3014314, 15);
292 	MD5STEP(F4, b, c, d, a, in[13]+0x4e0811a1, 21);
293 	MD5STEP(F4, a, b, c, d, in[ 4]+0xf7537e82,  6);
294 	MD5STEP(F4, d, a, b, c, in[11]+0xbd3af235, 10);
295 	MD5STEP(F4, c, d, a, b, in[ 2]+0x2ad7d2bb, 15);
296 	MD5STEP(F4, b, c, d, a, in[ 9]+0xeb86d391, 21);
297 
298 	buf[0] += a;
299 	buf[1] += b;
300 	buf[2] += c;
301 	buf[3] += d;
302 }
303 #endif
304 
305 #ifdef TEST
306 /* Simple test program.  Can use it to manually run the tests from
307    RFC1321 for example.  */
308 #include <stdio.h>
309 
310 int
311 main (int  argc, char **argv )
312 {
313 	struct lutil_MD5Context context;
314 	unsigned char checksum[LUTIL_MD5_BYTES];
315 	int i;
316 	int j;
317 
318 	if (argc < 2)
319 	{
320 		fprintf (stderr, "usage: %s string-to-hash\n", argv[0]);
321 		return EXIT_FAILURE;
322 	}
323 	for (j = 1; j < argc; ++j)
324 	{
325 		printf ("MD5 (\"%s\") = ", argv[j]);
326 		lutil_MD5Init (&context);
327 		lutil_MD5Update (&context, argv[j], strlen (argv[j]));
328 		lutil_MD5Final (checksum, &context);
329 		for (i = 0; i < LUTIL_MD5_BYTES; i++)
330 		{
331 			printf ("%02x", (unsigned int) checksum[i]);
332 		}
333 		printf ("\n");
334 	}
335 	return EXIT_SUCCESS;
336 }
337 #endif /* TEST */
338