1/*************************************************************************** 2 * _ _ ____ _ 3 * Project ___| | | | _ \| | 4 * / __| | | | |_) | | 5 * | (__| |_| | _ <| |___ 6 * \___|\___/|_| \_\_____| 7 * 8 * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. 9 * 10 * This software is licensed as described in the file COPYING, which 11 * you should have received as part of this distribution. The terms 12 * are also available at http://curl.haxx.se/docs/copyright.html. 13 * 14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell 15 * copies of the Software, and permit persons to whom the Software is 16 * furnished to do so, under the terms of the COPYING file. 17 * 18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 19 * KIND, either express or implied. 20 * 21 ***************************************************************************/ 22 23#include "setup.h" 24 25#ifndef CURL_DISABLE_CRYPTO_AUTH 26 27#include "curl_md5.h" 28#include "curl_hmac.h" 29 30#ifdef USE_GNUTLS 31 32#include <gcrypt.h> 33 34typedef gcry_md_hd_t MD5_CTX; 35 36static void MD5_Init(MD5_CTX * ctx) 37{ 38 gcry_md_open(ctx, GCRY_MD_MD5, 0); 39} 40 41static void MD5_Update(MD5_CTX * ctx, 42 const unsigned char * input, 43 unsigned int inputLen) 44{ 45 gcry_md_write(*ctx, input, inputLen); 46} 47 48static void MD5_Final(unsigned char digest[16], MD5_CTX * ctx) 49{ 50 memcpy(digest, gcry_md_read(*ctx, 0), 16); 51 gcry_md_close(*ctx); 52} 53 54#else 55 56#ifdef USE_SSLEAY 57/* When OpenSSL is available we use the MD5-function from OpenSSL */ 58 59# ifdef USE_OPENSSL 60# include <openssl/md5.h> 61# else 62# include <md5.h> 63# endif 64 65#else /* USE_SSLEAY */ 66/* When OpenSSL is not available we use this code segment */ 67 68/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All 69rights reserved. 70 71License to copy and use this software is granted provided that it 72is identified as the "RSA Data Security, Inc. MD5 Message-Digest 73Algorithm" in all material mentioning or referencing this software 74or this function. 75 76License is also granted to make and use derivative works provided 77that such works are identified as "derived from the RSA Data 78Security, Inc. MD5 Message-Digest Algorithm" in all material 79mentioning or referencing the derived work. 80 81RSA Data Security, Inc. makes no representations concerning either 82the merchantability of this software or the suitability of this 83software for any particular purpose. It is provided "as is" 84without express or implied warranty of any kind. 85 86These notices must be retained in any copies of any part of this 87documentation and/or software. 88 */ 89 90/* UINT4 defines a four byte word */ 91typedef unsigned int UINT4; 92 93/* MD5 context. */ 94struct md5_ctx { 95 UINT4 state[4]; /* state (ABCD) */ 96 UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */ 97 unsigned char buffer[64]; /* input buffer */ 98}; 99 100typedef struct md5_ctx MD5_CTX; 101 102static void MD5_Init(struct md5_ctx *); 103static void MD5_Update(struct md5_ctx *, const unsigned char *, unsigned int); 104static void MD5_Final(unsigned char [16], struct md5_ctx *); 105 106/* Constants for MD5Transform routine. 107 */ 108 109#define S11 7 110#define S12 12 111#define S13 17 112#define S14 22 113#define S21 5 114#define S22 9 115#define S23 14 116#define S24 20 117#define S31 4 118#define S32 11 119#define S33 16 120#define S34 23 121#define S41 6 122#define S42 10 123#define S43 15 124#define S44 21 125 126static void MD5Transform(UINT4 [4], const unsigned char [64]); 127static void Encode(unsigned char *, UINT4 *, unsigned int); 128static void Decode(UINT4 *, const unsigned char *, unsigned int); 129 130static const unsigned char PADDING[64] = { 131 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 132 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 133 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 134}; 135 136/* F, G, H and I are basic MD5 functions. 137 */ 138#define F(x, y, z) (((x) & (y)) | ((~x) & (z))) 139#define G(x, y, z) (((x) & (z)) | ((y) & (~z))) 140#define H(x, y, z) ((x) ^ (y) ^ (z)) 141#define I(x, y, z) ((y) ^ ((x) | (~z))) 142 143/* ROTATE_LEFT rotates x left n bits. 144 */ 145#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) 146 147/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. 148Rotation is separate from addition to prevent recomputation. 149 */ 150#define FF(a, b, c, d, x, s, ac) { \ 151 (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \ 152 (a) = ROTATE_LEFT ((a), (s)); \ 153 (a) += (b); \ 154 } 155#define GG(a, b, c, d, x, s, ac) { \ 156 (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \ 157 (a) = ROTATE_LEFT ((a), (s)); \ 158 (a) += (b); \ 159 } 160#define HH(a, b, c, d, x, s, ac) { \ 161 (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \ 162 (a) = ROTATE_LEFT ((a), (s)); \ 163 (a) += (b); \ 164 } 165#define II(a, b, c, d, x, s, ac) { \ 166 (a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \ 167 (a) = ROTATE_LEFT ((a), (s)); \ 168 (a) += (b); \ 169 } 170 171/* MD5 initialization. Begins an MD5 operation, writing a new context. 172 */ 173static void MD5_Init(struct md5_ctx *context) 174{ 175 context->count[0] = context->count[1] = 0; 176 /* Load magic initialization constants. */ 177 context->state[0] = 0x67452301; 178 context->state[1] = 0xefcdab89; 179 context->state[2] = 0x98badcfe; 180 context->state[3] = 0x10325476; 181} 182 183/* MD5 block update operation. Continues an MD5 message-digest 184 operation, processing another message block, and updating the 185 context. 186 */ 187static void MD5_Update (struct md5_ctx *context, /* context */ 188 const unsigned char *input, /* input block */ 189 unsigned int inputLen) /* length of input block */ 190{ 191 unsigned int i, bufindex, partLen; 192 193 /* Compute number of bytes mod 64 */ 194 bufindex = (unsigned int)((context->count[0] >> 3) & 0x3F); 195 196 /* Update number of bits */ 197 if((context->count[0] += ((UINT4)inputLen << 3)) 198 < ((UINT4)inputLen << 3)) 199 context->count[1]++; 200 context->count[1] += ((UINT4)inputLen >> 29); 201 202 partLen = 64 - bufindex; 203 204 /* Transform as many times as possible. */ 205 if(inputLen >= partLen) { 206 memcpy(&context->buffer[bufindex], input, partLen); 207 MD5Transform(context->state, context->buffer); 208 209 for(i = partLen; i + 63 < inputLen; i += 64) 210 MD5Transform(context->state, &input[i]); 211 212 bufindex = 0; 213 } 214 else 215 i = 0; 216 217 /* Buffer remaining input */ 218 memcpy(&context->buffer[bufindex], &input[i], inputLen-i); 219} 220 221/* MD5 finalization. Ends an MD5 message-digest operation, writing the 222 the message digest and zeroizing the context. 223*/ 224static void MD5_Final(unsigned char digest[16], /* message digest */ 225 struct md5_ctx *context) /* context */ 226{ 227 unsigned char bits[8]; 228 unsigned int count, padLen; 229 230 /* Save number of bits */ 231 Encode (bits, context->count, 8); 232 233 /* Pad out to 56 mod 64. */ 234 count = (unsigned int)((context->count[0] >> 3) & 0x3f); 235 padLen = (count < 56) ? (56 - count) : (120 - count); 236 MD5_Update (context, PADDING, padLen); 237 238 /* Append length (before padding) */ 239 MD5_Update (context, bits, 8); 240 241 /* Store state in digest */ 242 Encode (digest, context->state, 16); 243 244 /* Zeroize sensitive information. */ 245 memset ((void *)context, 0, sizeof (*context)); 246} 247 248/* MD5 basic transformation. Transforms state based on block. */ 249static void MD5Transform(UINT4 state[4], 250 const unsigned char block[64]) 251{ 252 UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16]; 253 254 Decode (x, block, 64); 255 256 /* Round 1 */ 257 FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */ 258 FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */ 259 FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */ 260 FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */ 261 FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */ 262 FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */ 263 FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */ 264 FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */ 265 FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */ 266 FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */ 267 FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ 268 FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ 269 FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ 270 FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ 271 FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ 272 FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ 273 274 /* Round 2 */ 275 GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */ 276 GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */ 277 GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ 278 GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */ 279 GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */ 280 GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */ 281 GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ 282 GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */ 283 GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */ 284 GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ 285 GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */ 286 GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ 287 GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ 288 GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ 289 GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ 290 GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ 291 292 /* Round 3 */ 293 HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */ 294 HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */ 295 HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ 296 HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ 297 HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */ 298 HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */ 299 HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */ 300 HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ 301 HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ 302 HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */ 303 HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */ 304 HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */ 305 HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */ 306 HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ 307 HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ 308 HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */ 309 310 /* Round 4 */ 311 II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */ 312 II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */ 313 II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ 314 II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */ 315 II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ 316 II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */ 317 II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ 318 II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */ 319 II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */ 320 II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ 321 II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */ 322 II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ 323 II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */ 324 II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ 325 II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */ 326 II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */ 327 328 state[0] += a; 329 state[1] += b; 330 state[2] += c; 331 state[3] += d; 332 333 /* Zeroize sensitive information. */ 334 memset((void *)x, 0, sizeof (x)); 335} 336 337/* Encodes input (UINT4) into output (unsigned char). Assumes len is 338 a multiple of 4. 339 */ 340static void Encode (unsigned char *output, 341 UINT4 *input, 342 unsigned int len) 343{ 344 unsigned int i, j; 345 346 for(i = 0, j = 0; j < len; i++, j += 4) { 347 output[j] = (unsigned char)(input[i] & 0xff); 348 output[j+1] = (unsigned char)((input[i] >> 8) & 0xff); 349 output[j+2] = (unsigned char)((input[i] >> 16) & 0xff); 350 output[j+3] = (unsigned char)((input[i] >> 24) & 0xff); 351 } 352} 353 354/* Decodes input (unsigned char) into output (UINT4). Assumes len is 355 a multiple of 4. 356*/ 357static void Decode (UINT4 *output, 358 const unsigned char *input, 359 unsigned int len) 360{ 361 unsigned int i, j; 362 363 for(i = 0, j = 0; j < len; i++, j += 4) 364 output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) | 365 (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24); 366} 367 368#endif /* USE_SSLEAY */ 369 370#endif /* USE_GNUTLS */ 371 372const HMAC_params Curl_HMAC_MD5[] = { 373 { 374 (HMAC_hinit_func) MD5_Init, /* Hash initialization function. */ 375 (HMAC_hupdate_func) MD5_Update, /* Hash update function. */ 376 (HMAC_hfinal_func) MD5_Final, /* Hash computation end function. */ 377 sizeof(MD5_CTX), /* Size of hash context structure. */ 378 64, /* Maximum key length. */ 379 16 /* Result size. */ 380 } 381}; 382 383 384void Curl_md5it(unsigned char *outbuffer, /* 16 bytes */ 385 const unsigned char *input) 386{ 387 MD5_CTX ctx; 388 MD5_Init(&ctx); 389 MD5_Update(&ctx, input, (unsigned int)strlen((char *)input)); 390 MD5_Final(outbuffer, &ctx); 391} 392 393#endif /* CURL_DISABLE_CRYPTO_AUTH */ 394