1/* 2 * This code implements the MD5 message-digest algorithm. 3 * The algorithm is due to Ron Rivest. This code was 4 * written by Colin Plumb in 1993, no copyright is claimed. 5 * This code is in the public domain; do with it what you wish. 6 * 7 * Equivalent code is available from RSA Data Security, Inc. 8 * This code has been tested against that, and is equivalent, 9 * except that you don't need to include two pages of legalese 10 * with every copy. 11 * 12 * To compute the message digest of a chunk of bytes, declare an 13 * MD5Context structure, pass it to cifs_MD5_init, call cifs_MD5_update as 14 * needed on buffers full of bytes, and then call cifs_MD5_final, which 15 * will fill a supplied 16-byte array with the digest. 16 */ 17 18/* This code slightly modified to fit into Samba by 19 abartlet@samba.org Jun 2001 20 and to fit the cifs vfs by 21 Steve French sfrench@us.ibm.com */ 22 23#include <linux/string.h> 24#include "md5.h" 25 26static void MD5Transform(__u32 buf[4], __u32 const in[16]); 27 28/* 29 * Note: this code is harmless on little-endian machines. 30 */ 31static void 32byteReverse(unsigned char *buf, unsigned longs) 33{ 34 __u32 t; 35 do { 36 t = (__u32) ((unsigned) buf[3] << 8 | buf[2]) << 16 | 37 ((unsigned) buf[1] << 8 | buf[0]); 38 *(__u32 *) buf = t; 39 buf += 4; 40 } while (--longs); 41} 42 43/* 44 * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious 45 * initialization constants. 46 */ 47void 48cifs_MD5_init(struct MD5Context *ctx) 49{ 50 ctx->buf[0] = 0x67452301; 51 ctx->buf[1] = 0xefcdab89; 52 ctx->buf[2] = 0x98badcfe; 53 ctx->buf[3] = 0x10325476; 54 55 ctx->bits[0] = 0; 56 ctx->bits[1] = 0; 57} 58 59/* 60 * Update context to reflect the concatenation of another buffer full 61 * of bytes. 62 */ 63void 64cifs_MD5_update(struct MD5Context *ctx, unsigned char const *buf, unsigned len) 65{ 66 register __u32 t; 67 68 /* Update bitcount */ 69 70 t = ctx->bits[0]; 71 if ((ctx->bits[0] = t + ((__u32) len << 3)) < t) 72 ctx->bits[1]++; /* Carry from low to high */ 73 ctx->bits[1] += len >> 29; 74 75 t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */ 76 77 /* Handle any leading odd-sized chunks */ 78 79 if (t) { 80 unsigned char *p = (unsigned char *) ctx->in + t; 81 82 t = 64 - t; 83 if (len < t) { 84 memmove(p, buf, len); 85 return; 86 } 87 memmove(p, buf, t); 88 byteReverse(ctx->in, 16); 89 MD5Transform(ctx->buf, (__u32 *) ctx->in); 90 buf += t; 91 len -= t; 92 } 93 /* Process data in 64-byte chunks */ 94 95 while (len >= 64) { 96 memmove(ctx->in, buf, 64); 97 byteReverse(ctx->in, 16); 98 MD5Transform(ctx->buf, (__u32 *) ctx->in); 99 buf += 64; 100 len -= 64; 101 } 102 103 /* Handle any remaining bytes of data. */ 104 105 memmove(ctx->in, buf, len); 106} 107 108/* 109 * Final wrapup - pad to 64-byte boundary with the bit pattern 110 * 1 0* (64-bit count of bits processed, MSB-first) 111 */ 112void 113cifs_MD5_final(unsigned char digest[16], struct MD5Context *ctx) 114{ 115 unsigned int count; 116 unsigned char *p; 117 118 /* Compute number of bytes mod 64 */ 119 count = (ctx->bits[0] >> 3) & 0x3F; 120 121 /* Set the first char of padding to 0x80. This is safe since there is 122 always at least one byte free */ 123 p = ctx->in + count; 124 *p++ = 0x80; 125 126 /* Bytes of padding needed to make 64 bytes */ 127 count = 64 - 1 - count; 128 129 /* Pad out to 56 mod 64 */ 130 if (count < 8) { 131 /* Two lots of padding: Pad the first block to 64 bytes */ 132 memset(p, 0, count); 133 byteReverse(ctx->in, 16); 134 MD5Transform(ctx->buf, (__u32 *) ctx->in); 135 136 /* Now fill the next block with 56 bytes */ 137 memset(ctx->in, 0, 56); 138 } else { 139 /* Pad block to 56 bytes */ 140 memset(p, 0, count - 8); 141 } 142 byteReverse(ctx->in, 14); 143 144 /* Append length in bits and transform */ 145 ((__u32 *) ctx->in)[14] = ctx->bits[0]; 146 ((__u32 *) ctx->in)[15] = ctx->bits[1]; 147 148 MD5Transform(ctx->buf, (__u32 *) ctx->in); 149 byteReverse((unsigned char *) ctx->buf, 4); 150 memmove(digest, ctx->buf, 16); 151 memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */ 152} 153 154/* The four core functions - F1 is optimized somewhat */ 155 156/* #define F1(x, y, z) (x & y | ~x & z) */ 157#define F1(x, y, z) (z ^ (x & (y ^ z))) 158#define F2(x, y, z) F1(z, x, y) 159#define F3(x, y, z) (x ^ y ^ z) 160#define F4(x, y, z) (y ^ (x | ~z)) 161 162/* This is the central step in the MD5 algorithm. */ 163#define MD5STEP(f, w, x, y, z, data, s) \ 164 (w += f(x, y, z) + data, w = w<<s | w>>(32-s), w += x) 165 166/* 167 * The core of the MD5 algorithm, this alters an existing MD5 hash to 168 * reflect the addition of 16 longwords of new data. cifs_MD5_update blocks 169 * the data and converts bytes into longwords for this routine. 170 */ 171static void 172MD5Transform(__u32 buf[4], __u32 const in[16]) 173{ 174 register __u32 a, b, c, d; 175 176 a = buf[0]; 177 b = buf[1]; 178 c = buf[2]; 179 d = buf[3]; 180 181 MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7); 182 MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12); 183 MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17); 184 MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22); 185 MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7); 186 MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12); 187 MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17); 188 MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22); 189 MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7); 190 MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12); 191 MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17); 192 MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22); 193 MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7); 194 MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12); 195 MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17); 196 MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22); 197 198 MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5); 199 MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9); 200 MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14); 201 MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20); 202 MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5); 203 MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9); 204 MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14); 205 MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20); 206 MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5); 207 MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9); 208 MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14); 209 MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20); 210 MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5); 211 MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9); 212 MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14); 213 MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20); 214 215 MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4); 216 MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11); 217 MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16); 218 MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23); 219 MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4); 220 MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11); 221 MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16); 222 MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23); 223 MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4); 224 MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11); 225 MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16); 226 MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23); 227 MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4); 228 MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11); 229 MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16); 230 MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23); 231 232 MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6); 233 MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10); 234 MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15); 235 MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21); 236 MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6); 237 MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10); 238 MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15); 239 MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21); 240 MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6); 241 MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10); 242 MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15); 243 MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21); 244 MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6); 245 MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10); 246 MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15); 247 MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21); 248 249 buf[0] += a; 250 buf[1] += b; 251 buf[2] += c; 252 buf[3] += d; 253} 254 255 256/*********************************************************************** 257 the microsoft version of hmac_md5 initialisation. 258***********************************************************************/ 259void 260hmac_md5_init_limK_to_64(const unsigned char *key, int key_len, 261 struct HMACMD5Context *ctx) 262{ 263 int i; 264 265 /* if key is longer than 64 bytes truncate it */ 266 if (key_len > 64) 267 key_len = 64; 268 269 /* start out by storing key in pads */ 270 memset(ctx->k_ipad, 0, sizeof(ctx->k_ipad)); 271 memset(ctx->k_opad, 0, sizeof(ctx->k_opad)); 272 memcpy(ctx->k_ipad, key, key_len); 273 memcpy(ctx->k_opad, key, key_len); 274 275 /* XOR key with ipad and opad values */ 276 for (i = 0; i < 64; i++) { 277 ctx->k_ipad[i] ^= 0x36; 278 ctx->k_opad[i] ^= 0x5c; 279 } 280 281 cifs_MD5_init(&ctx->ctx); 282 cifs_MD5_update(&ctx->ctx, ctx->k_ipad, 64); 283} 284 285/*********************************************************************** 286 update hmac_md5 "inner" buffer 287***********************************************************************/ 288void 289hmac_md5_update(const unsigned char *text, int text_len, 290 struct HMACMD5Context *ctx) 291{ 292 cifs_MD5_update(&ctx->ctx, text, text_len); /* then text of datagram */ 293} 294 295/*********************************************************************** 296 finish off hmac_md5 "inner" buffer and generate outer one. 297***********************************************************************/ 298void 299hmac_md5_final(unsigned char *digest, struct HMACMD5Context *ctx) 300{ 301 struct MD5Context ctx_o; 302 303 cifs_MD5_final(digest, &ctx->ctx); 304 305 cifs_MD5_init(&ctx_o); 306 cifs_MD5_update(&ctx_o, ctx->k_opad, 64); 307 cifs_MD5_update(&ctx_o, digest, 16); 308 cifs_MD5_final(digest, &ctx_o); 309} 310 311/*********************************************************** 312 single function to calculate an HMAC MD5 digest from data. 313 use the microsoft hmacmd5 init method because the key is 16 bytes. 314************************************************************/ 315