1/***************************************************************************
2 *                                  _   _ ____  _
3 *  Project                     ___| | | |  _ \| |
4 *                             / __| | | | |_) | |
5 *                            | (__| |_| |  _ <| |___
6 *                             \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at http://curl.haxx.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 ***************************************************************************/
22
23#include "curl_setup.h"
24
25#ifndef CURL_DISABLE_CRYPTO_AUTH
26
27#include "curl_md5.h"
28#include "curl_hmac.h"
29#include "warnless.h"
30
31#include "curl_memory.h"
32
33#if defined(USE_GNUTLS_NETTLE)
34
35#include <nettle/md5.h>
36/* The last #include file should be: */
37#include "memdebug.h"
38
39typedef struct md5_ctx MD5_CTX;
40
41static void MD5_Init(MD5_CTX * ctx)
42{
43  md5_init(ctx);
44}
45
46static void MD5_Update(MD5_CTX * ctx,
47                       const unsigned char * input,
48                       unsigned int inputLen)
49{
50  md5_update(ctx, inputLen, input);
51}
52
53static void MD5_Final(unsigned char digest[16], MD5_CTX * ctx)
54{
55  md5_digest(ctx, 16, digest);
56}
57
58#elif defined(USE_GNUTLS)
59
60#include <gcrypt.h>
61/* The last #include file should be: */
62#include "memdebug.h"
63
64typedef gcry_md_hd_t MD5_CTX;
65
66static void MD5_Init(MD5_CTX * ctx)
67{
68  gcry_md_open(ctx, GCRY_MD_MD5, 0);
69}
70
71static void MD5_Update(MD5_CTX * ctx,
72                       const unsigned char * input,
73                       unsigned int inputLen)
74{
75  gcry_md_write(*ctx, input, inputLen);
76}
77
78static void MD5_Final(unsigned char digest[16], MD5_CTX * ctx)
79{
80  memcpy(digest, gcry_md_read(*ctx, 0), 16);
81  gcry_md_close(*ctx);
82}
83
84#elif defined(USE_SSLEAY)
85/* When OpenSSL is available we use the MD5-function from OpenSSL */
86
87#  ifdef USE_OPENSSL
88#    include <openssl/md5.h>
89#  else
90#    include <md5.h>
91#  endif
92
93#elif (defined(__MAC_OS_X_VERSION_MAX_ALLOWED) && \
94              (__MAC_OS_X_VERSION_MAX_ALLOWED >= 1040)) || \
95      (defined(__IPHONE_OS_VERSION_MAX_ALLOWED) && \
96              (__IPHONE_OS_VERSION_MAX_ALLOWED >= 20000))
97
98/* For Apple operating systems: CommonCrypto has the functions we need.
99   These functions are available on Tiger and later, as well as iOS 2.0
100   and later. If you're building for an older cat, well, sorry.
101
102   Declaring the functions as static like this seems to be a bit more
103   reliable than defining COMMON_DIGEST_FOR_OPENSSL on older cats. */
104#  include <CommonCrypto/CommonDigest.h>
105#  define MD5_CTX CC_MD5_CTX
106
107static void MD5_Init(MD5_CTX *ctx)
108{
109  CC_MD5_Init(ctx);
110}
111
112static void MD5_Update(MD5_CTX *ctx,
113                       const unsigned char *input,
114                       unsigned int inputLen)
115{
116  CC_MD5_Update(ctx, input, inputLen);
117}
118
119static void MD5_Final(unsigned char digest[16], MD5_CTX *ctx)
120{
121  CC_MD5_Final(digest, ctx);
122}
123
124#elif defined(_WIN32)
125
126#include <wincrypt.h>
127
128typedef struct {
129  HCRYPTPROV hCryptProv;
130  HCRYPTHASH hHash;
131} MD5_CTX;
132
133static void MD5_Init(MD5_CTX *ctx)
134{
135  if(CryptAcquireContext(&ctx->hCryptProv, NULL, NULL,
136                         PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
137    CryptCreateHash(ctx->hCryptProv, CALG_MD5, 0, 0, &ctx->hHash);
138  }
139}
140
141static void MD5_Update(MD5_CTX *ctx,
142                       const unsigned char *input,
143                       unsigned int inputLen)
144{
145  CryptHashData(ctx->hHash, (unsigned char *)input, inputLen, 0);
146}
147
148static void MD5_Final(unsigned char digest[16], MD5_CTX *ctx)
149{
150  unsigned long length;
151  CryptGetHashParam(ctx->hHash, HP_HASHVAL, NULL, &length, 0);
152  if(length == 16)
153    CryptGetHashParam(ctx->hHash, HP_HASHVAL, digest, &length, 0);
154  if(ctx->hHash)
155    CryptDestroyHash(ctx->hHash);
156  if(ctx->hCryptProv)
157    CryptReleaseContext(ctx->hCryptProv, 0);
158}
159
160#else
161/* When no other crypto library is available we use this code segment */
162
163/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
164rights reserved.
165
166License to copy and use this software is granted provided that it
167is identified as the "RSA Data Security, Inc. MD5 Message-Digest
168Algorithm" in all material mentioning or referencing this software
169or this function.
170
171License is also granted to make and use derivative works provided
172that such works are identified as "derived from the RSA Data
173Security, Inc. MD5 Message-Digest Algorithm" in all material
174mentioning or referencing the derived work.
175
176RSA Data Security, Inc. makes no representations concerning either
177the merchantability of this software or the suitability of this
178software for any particular purpose. It is provided "as is"
179without express or implied warranty of any kind.
180
181These notices must be retained in any copies of any part of this
182documentation and/or software.
183 */
184
185/* UINT4 defines a four byte word */
186typedef unsigned int UINT4;
187
188/* MD5 context. */
189struct md5_ctx {
190  UINT4 state[4];                                   /* state (ABCD) */
191  UINT4 count[2];        /* number of bits, modulo 2^64 (lsb first) */
192  unsigned char buffer[64];                         /* input buffer */
193};
194
195typedef struct md5_ctx MD5_CTX;
196
197static void MD5_Init(struct md5_ctx *);
198static void MD5_Update(struct md5_ctx *, const unsigned char *, unsigned int);
199static void MD5_Final(unsigned char [16], struct md5_ctx *);
200
201/* Constants for MD5Transform routine.
202 */
203
204#define S11 7
205#define S12 12
206#define S13 17
207#define S14 22
208#define S21 5
209#define S22 9
210#define S23 14
211#define S24 20
212#define S31 4
213#define S32 11
214#define S33 16
215#define S34 23
216#define S41 6
217#define S42 10
218#define S43 15
219#define S44 21
220
221static void MD5Transform(UINT4 [4], const unsigned char [64]);
222static void Encode(unsigned char *, UINT4 *, unsigned int);
223static void Decode(UINT4 *, const unsigned char *, unsigned int);
224
225static const unsigned char PADDING[64] = {
226  0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
227  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
228  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
229};
230
231/* F, G, H and I are basic MD5 functions.
232 */
233#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
234#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
235#define H(x, y, z) ((x) ^ (y) ^ (z))
236#define I(x, y, z) ((y) ^ ((x) | (~z)))
237
238/* ROTATE_LEFT rotates x left n bits.
239 */
240#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
241
242/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
243Rotation is separate from addition to prevent recomputation.
244 */
245#define FF(a, b, c, d, x, s, ac) { \
246 (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \
247 (a) = ROTATE_LEFT ((a), (s)); \
248 (a) += (b); \
249  }
250#define GG(a, b, c, d, x, s, ac) { \
251 (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \
252 (a) = ROTATE_LEFT ((a), (s)); \
253 (a) += (b); \
254  }
255#define HH(a, b, c, d, x, s, ac) { \
256 (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \
257 (a) = ROTATE_LEFT ((a), (s)); \
258 (a) += (b); \
259  }
260#define II(a, b, c, d, x, s, ac) { \
261 (a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \
262 (a) = ROTATE_LEFT ((a), (s)); \
263 (a) += (b); \
264  }
265
266/* MD5 initialization. Begins an MD5 operation, writing a new context.
267 */
268static void MD5_Init(struct md5_ctx *context)
269{
270  context->count[0] = context->count[1] = 0;
271  /* Load magic initialization constants. */
272  context->state[0] = 0x67452301;
273  context->state[1] = 0xefcdab89;
274  context->state[2] = 0x98badcfe;
275  context->state[3] = 0x10325476;
276}
277
278/* MD5 block update operation. Continues an MD5 message-digest
279  operation, processing another message block, and updating the
280  context.
281 */
282static void MD5_Update (struct md5_ctx *context,    /* context */
283                        const unsigned char *input, /* input block */
284                        unsigned int inputLen)      /* length of input block */
285{
286  unsigned int i, bufindex, partLen;
287
288  /* Compute number of bytes mod 64 */
289  bufindex = (unsigned int)((context->count[0] >> 3) & 0x3F);
290
291  /* Update number of bits */
292  if((context->count[0] += ((UINT4)inputLen << 3))
293      < ((UINT4)inputLen << 3))
294    context->count[1]++;
295  context->count[1] += ((UINT4)inputLen >> 29);
296
297  partLen = 64 - bufindex;
298
299  /* Transform as many times as possible. */
300  if(inputLen >= partLen) {
301    memcpy(&context->buffer[bufindex], input, partLen);
302    MD5Transform(context->state, context->buffer);
303
304    for(i = partLen; i + 63 < inputLen; i += 64)
305      MD5Transform(context->state, &input[i]);
306
307    bufindex = 0;
308  }
309  else
310    i = 0;
311
312  /* Buffer remaining input */
313  memcpy(&context->buffer[bufindex], &input[i], inputLen-i);
314}
315
316/* MD5 finalization. Ends an MD5 message-digest operation, writing the
317   the message digest and zeroizing the context.
318*/
319static void MD5_Final(unsigned char digest[16], /* message digest */
320                      struct md5_ctx *context) /* context */
321{
322  unsigned char bits[8];
323  unsigned int count, padLen;
324
325  /* Save number of bits */
326  Encode (bits, context->count, 8);
327
328  /* Pad out to 56 mod 64. */
329  count = (unsigned int)((context->count[0] >> 3) & 0x3f);
330  padLen = (count < 56) ? (56 - count) : (120 - count);
331  MD5_Update (context, PADDING, padLen);
332
333  /* Append length (before padding) */
334  MD5_Update (context, bits, 8);
335
336  /* Store state in digest */
337  Encode (digest, context->state, 16);
338
339  /* Zeroize sensitive information. */
340  memset ((void *)context, 0, sizeof (*context));
341}
342
343/* MD5 basic transformation. Transforms state based on block. */
344static void MD5Transform(UINT4 state[4],
345                         const unsigned char block[64])
346{
347  UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16];
348
349  Decode (x, block, 64);
350
351  /* Round 1 */
352  FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
353  FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
354  FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
355  FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
356  FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
357  FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
358  FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
359  FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
360  FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
361  FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
362  FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
363  FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
364  FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
365  FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
366  FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
367  FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
368
369 /* Round 2 */
370  GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
371  GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
372  GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
373  GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
374  GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
375  GG (d, a, b, c, x[10], S22,  0x2441453); /* 22 */
376  GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
377  GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
378  GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
379  GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
380  GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
381  GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
382  GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
383  GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
384  GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
385  GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
386
387  /* Round 3 */
388  HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
389  HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
390  HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
391  HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
392  HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
393  HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
394  HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
395  HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
396  HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
397  HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
398  HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
399  HH (b, c, d, a, x[ 6], S34,  0x4881d05); /* 44 */
400  HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
401  HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
402  HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
403  HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
404
405  /* Round 4 */
406  II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
407  II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
408  II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
409  II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
410  II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
411  II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
412  II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
413  II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
414  II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
415  II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
416  II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
417  II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
418  II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
419  II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
420  II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
421  II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
422
423  state[0] += a;
424  state[1] += b;
425  state[2] += c;
426  state[3] += d;
427
428  /* Zeroize sensitive information. */
429  memset((void *)x, 0, sizeof (x));
430}
431
432/* Encodes input (UINT4) into output (unsigned char). Assumes len is
433  a multiple of 4.
434 */
435static void Encode (unsigned char *output,
436                    UINT4 *input,
437                    unsigned int len)
438{
439  unsigned int i, j;
440
441  for(i = 0, j = 0; j < len; i++, j += 4) {
442    output[j] = (unsigned char)(input[i] & 0xff);
443    output[j+1] = (unsigned char)((input[i] >> 8) & 0xff);
444    output[j+2] = (unsigned char)((input[i] >> 16) & 0xff);
445    output[j+3] = (unsigned char)((input[i] >> 24) & 0xff);
446  }
447}
448
449/* Decodes input (unsigned char) into output (UINT4). Assumes len is
450   a multiple of 4.
451*/
452static void Decode (UINT4 *output,
453                    const unsigned char *input,
454                    unsigned int len)
455{
456  unsigned int i, j;
457
458  for(i = 0, j = 0; j < len; i++, j += 4)
459    output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) |
460      (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24);
461}
462
463#endif /* CRYPTO LIBS */
464
465/* The last #include file should be: */
466#include "memdebug.h"
467
468const HMAC_params Curl_HMAC_MD5[] = {
469  {
470    (HMAC_hinit_func) MD5_Init,           /* Hash initialization function. */
471    (HMAC_hupdate_func) MD5_Update,       /* Hash update function. */
472    (HMAC_hfinal_func) MD5_Final,         /* Hash computation end function. */
473    sizeof(MD5_CTX),                      /* Size of hash context structure. */
474    64,                                   /* Maximum key length. */
475    16                                    /* Result size. */
476  }
477};
478
479const MD5_params Curl_DIGEST_MD5[] = {
480  {
481    (Curl_MD5_init_func) MD5_Init,      /* Digest initialization function */
482    (Curl_MD5_update_func) MD5_Update,  /* Digest update function */
483    (Curl_MD5_final_func) MD5_Final,    /* Digest computation end function */
484    sizeof(MD5_CTX),                    /* Size of digest context struct */
485    16                                  /* Result size */
486  }
487};
488
489void Curl_md5it(unsigned char *outbuffer, /* 16 bytes */
490                const unsigned char *input)
491{
492  MD5_CTX ctx;
493  MD5_Init(&ctx);
494  MD5_Update(&ctx, input, curlx_uztoui(strlen((char *)input)));
495  MD5_Final(outbuffer, &ctx);
496}
497
498MD5_context *Curl_MD5_init(const MD5_params *md5params)
499{
500  MD5_context *ctxt;
501
502  /* Create MD5 context */
503  ctxt = malloc(sizeof *ctxt);
504
505  if(!ctxt)
506    return ctxt;
507
508  ctxt->md5_hashctx = malloc(md5params->md5_ctxtsize);
509
510  if(!ctxt->md5_hashctx) {
511    free(ctxt);
512    return NULL;
513  }
514
515  ctxt->md5_hash = md5params;
516
517  (*md5params->md5_init_func)(ctxt->md5_hashctx);
518
519  return ctxt;
520}
521
522int Curl_MD5_update(MD5_context *context,
523                    const unsigned char *data,
524                    unsigned int len)
525{
526  (*context->md5_hash->md5_update_func)(context->md5_hashctx, data, len);
527
528  return 0;
529}
530
531int Curl_MD5_final(MD5_context *context, unsigned char *result)
532{
533  (*context->md5_hash->md5_final_func)(result, context->md5_hashctx);
534
535  free(context->md5_hashctx);
536  free(context);
537
538  return 0;
539}
540
541#endif /* CURL_DISABLE_CRYPTO_AUTH */
542