1/***************************************************************************
2 *                                  _   _ ____  _
3 *  Project                     ___| | | |  _ \| |
4 *                             / __| | | | |_) | |
5 *                            | (__| |_| |  _ <| |___
6 *                             \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at http://curl.haxx.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 ***************************************************************************/
22
23#include "setup.h"
24
25#ifndef CURL_DISABLE_CRYPTO_AUTH
26
27#include "curl_md5.h"
28#include "curl_hmac.h"
29
30#ifdef USE_GNUTLS
31
32#include <gcrypt.h>
33
34typedef gcry_md_hd_t MD5_CTX;
35
36static void MD5_Init(MD5_CTX * ctx)
37{
38  gcry_md_open(ctx, GCRY_MD_MD5, 0);
39}
40
41static void MD5_Update(MD5_CTX * ctx,
42                       const unsigned char * input,
43                       unsigned int inputLen)
44{
45  gcry_md_write(*ctx, input, inputLen);
46}
47
48static void MD5_Final(unsigned char digest[16], MD5_CTX * ctx)
49{
50  memcpy(digest, gcry_md_read(*ctx, 0), 16);
51  gcry_md_close(*ctx);
52}
53
54#else
55
56#ifdef USE_SSLEAY
57/* When OpenSSL is available we use the MD5-function from OpenSSL */
58
59#  ifdef USE_OPENSSL
60#    include <openssl/md5.h>
61#  else
62#    include <md5.h>
63#  endif
64
65#else /* USE_SSLEAY */
66/* When OpenSSL is not available we use this code segment */
67
68/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
69rights reserved.
70
71License to copy and use this software is granted provided that it
72is identified as the "RSA Data Security, Inc. MD5 Message-Digest
73Algorithm" in all material mentioning or referencing this software
74or this function.
75
76License is also granted to make and use derivative works provided
77that such works are identified as "derived from the RSA Data
78Security, Inc. MD5 Message-Digest Algorithm" in all material
79mentioning or referencing the derived work.
80
81RSA Data Security, Inc. makes no representations concerning either
82the merchantability of this software or the suitability of this
83software for any particular purpose. It is provided "as is"
84without express or implied warranty of any kind.
85
86These notices must be retained in any copies of any part of this
87documentation and/or software.
88 */
89
90/* UINT4 defines a four byte word */
91typedef unsigned int UINT4;
92
93/* MD5 context. */
94struct md5_ctx {
95  UINT4 state[4];                                   /* state (ABCD) */
96  UINT4 count[2];        /* number of bits, modulo 2^64 (lsb first) */
97  unsigned char buffer[64];                         /* input buffer */
98};
99
100typedef struct md5_ctx MD5_CTX;
101
102static void MD5_Init(struct md5_ctx *);
103static void MD5_Update(struct md5_ctx *, const unsigned char *, unsigned int);
104static void MD5_Final(unsigned char [16], struct md5_ctx *);
105
106/* Constants for MD5Transform routine.
107 */
108
109#define S11 7
110#define S12 12
111#define S13 17
112#define S14 22
113#define S21 5
114#define S22 9
115#define S23 14
116#define S24 20
117#define S31 4
118#define S32 11
119#define S33 16
120#define S34 23
121#define S41 6
122#define S42 10
123#define S43 15
124#define S44 21
125
126static void MD5Transform(UINT4 [4], const unsigned char [64]);
127static void Encode(unsigned char *, UINT4 *, unsigned int);
128static void Decode(UINT4 *, const unsigned char *, unsigned int);
129
130static const unsigned char PADDING[64] = {
131  0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
132  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
133  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
134};
135
136/* F, G, H and I are basic MD5 functions.
137 */
138#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
139#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
140#define H(x, y, z) ((x) ^ (y) ^ (z))
141#define I(x, y, z) ((y) ^ ((x) | (~z)))
142
143/* ROTATE_LEFT rotates x left n bits.
144 */
145#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
146
147/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
148Rotation is separate from addition to prevent recomputation.
149 */
150#define FF(a, b, c, d, x, s, ac) { \
151 (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \
152 (a) = ROTATE_LEFT ((a), (s)); \
153 (a) += (b); \
154  }
155#define GG(a, b, c, d, x, s, ac) { \
156 (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \
157 (a) = ROTATE_LEFT ((a), (s)); \
158 (a) += (b); \
159  }
160#define HH(a, b, c, d, x, s, ac) { \
161 (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \
162 (a) = ROTATE_LEFT ((a), (s)); \
163 (a) += (b); \
164  }
165#define II(a, b, c, d, x, s, ac) { \
166 (a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \
167 (a) = ROTATE_LEFT ((a), (s)); \
168 (a) += (b); \
169  }
170
171/* MD5 initialization. Begins an MD5 operation, writing a new context.
172 */
173static void MD5_Init(struct md5_ctx *context)
174{
175  context->count[0] = context->count[1] = 0;
176  /* Load magic initialization constants. */
177  context->state[0] = 0x67452301;
178  context->state[1] = 0xefcdab89;
179  context->state[2] = 0x98badcfe;
180  context->state[3] = 0x10325476;
181}
182
183/* MD5 block update operation. Continues an MD5 message-digest
184  operation, processing another message block, and updating the
185  context.
186 */
187static void MD5_Update (struct md5_ctx *context,    /* context */
188                        const unsigned char *input, /* input block */
189                        unsigned int inputLen)      /* length of input block */
190{
191  unsigned int i, bufindex, partLen;
192
193  /* Compute number of bytes mod 64 */
194  bufindex = (unsigned int)((context->count[0] >> 3) & 0x3F);
195
196  /* Update number of bits */
197  if((context->count[0] += ((UINT4)inputLen << 3))
198      < ((UINT4)inputLen << 3))
199    context->count[1]++;
200  context->count[1] += ((UINT4)inputLen >> 29);
201
202  partLen = 64 - bufindex;
203
204  /* Transform as many times as possible. */
205  if(inputLen >= partLen) {
206    memcpy(&context->buffer[bufindex], input, partLen);
207    MD5Transform(context->state, context->buffer);
208
209    for(i = partLen; i + 63 < inputLen; i += 64)
210      MD5Transform(context->state, &input[i]);
211
212    bufindex = 0;
213  }
214  else
215    i = 0;
216
217  /* Buffer remaining input */
218  memcpy(&context->buffer[bufindex], &input[i], inputLen-i);
219}
220
221/* MD5 finalization. Ends an MD5 message-digest operation, writing the
222   the message digest and zeroizing the context.
223*/
224static void MD5_Final(unsigned char digest[16], /* message digest */
225                      struct md5_ctx *context) /* context */
226{
227  unsigned char bits[8];
228  unsigned int count, padLen;
229
230  /* Save number of bits */
231  Encode (bits, context->count, 8);
232
233  /* Pad out to 56 mod 64. */
234  count = (unsigned int)((context->count[0] >> 3) & 0x3f);
235  padLen = (count < 56) ? (56 - count) : (120 - count);
236  MD5_Update (context, PADDING, padLen);
237
238  /* Append length (before padding) */
239  MD5_Update (context, bits, 8);
240
241  /* Store state in digest */
242  Encode (digest, context->state, 16);
243
244  /* Zeroize sensitive information. */
245  memset ((void *)context, 0, sizeof (*context));
246}
247
248/* MD5 basic transformation. Transforms state based on block. */
249static void MD5Transform(UINT4 state[4],
250                         const unsigned char block[64])
251{
252  UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16];
253
254  Decode (x, block, 64);
255
256  /* Round 1 */
257  FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
258  FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
259  FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
260  FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
261  FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
262  FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
263  FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
264  FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
265  FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
266  FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
267  FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
268  FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
269  FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
270  FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
271  FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
272  FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
273
274 /* Round 2 */
275  GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
276  GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
277  GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
278  GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
279  GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
280  GG (d, a, b, c, x[10], S22,  0x2441453); /* 22 */
281  GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
282  GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
283  GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
284  GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
285  GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
286  GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
287  GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
288  GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
289  GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
290  GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
291
292  /* Round 3 */
293  HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
294  HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
295  HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
296  HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
297  HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
298  HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
299  HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
300  HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
301  HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
302  HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
303  HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
304  HH (b, c, d, a, x[ 6], S34,  0x4881d05); /* 44 */
305  HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
306  HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
307  HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
308  HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
309
310  /* Round 4 */
311  II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
312  II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
313  II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
314  II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
315  II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
316  II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
317  II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
318  II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
319  II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
320  II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
321  II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
322  II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
323  II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
324  II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
325  II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
326  II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
327
328  state[0] += a;
329  state[1] += b;
330  state[2] += c;
331  state[3] += d;
332
333  /* Zeroize sensitive information. */
334  memset((void *)x, 0, sizeof (x));
335}
336
337/* Encodes input (UINT4) into output (unsigned char). Assumes len is
338  a multiple of 4.
339 */
340static void Encode (unsigned char *output,
341                    UINT4 *input,
342                    unsigned int len)
343{
344  unsigned int i, j;
345
346  for(i = 0, j = 0; j < len; i++, j += 4) {
347    output[j] = (unsigned char)(input[i] & 0xff);
348    output[j+1] = (unsigned char)((input[i] >> 8) & 0xff);
349    output[j+2] = (unsigned char)((input[i] >> 16) & 0xff);
350    output[j+3] = (unsigned char)((input[i] >> 24) & 0xff);
351  }
352}
353
354/* Decodes input (unsigned char) into output (UINT4). Assumes len is
355   a multiple of 4.
356*/
357static void Decode (UINT4 *output,
358                    const unsigned char *input,
359                    unsigned int len)
360{
361  unsigned int i, j;
362
363  for(i = 0, j = 0; j < len; i++, j += 4)
364    output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) |
365      (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24);
366}
367
368#endif /* USE_SSLEAY */
369
370#endif /* USE_GNUTLS */
371
372const HMAC_params Curl_HMAC_MD5[] = {
373  {
374    (HMAC_hinit_func) MD5_Init,           /* Hash initialization function. */
375    (HMAC_hupdate_func) MD5_Update,       /* Hash update function. */
376    (HMAC_hfinal_func) MD5_Final,         /* Hash computation end function. */
377    sizeof(MD5_CTX),                      /* Size of hash context structure. */
378    64,                                   /* Maximum key length. */
379    16                                    /* Result size. */
380  }
381};
382
383
384void Curl_md5it(unsigned char *outbuffer, /* 16 bytes */
385                const unsigned char *input)
386{
387  MD5_CTX ctx;
388  MD5_Init(&ctx);
389  MD5_Update(&ctx, input, (unsigned int)strlen((char *)input));
390  MD5_Final(outbuffer, &ctx);
391}
392
393#endif /* CURL_DISABLE_CRYPTO_AUTH */
394