1 /* Functions to compute MD4 message digest of files or memory blocks.
2 according to the definition of MD4 in RFC 1320 from April 1992.
3 Copyright (C) 1995-1997, 1999-2003, 2005-2006, 2008-2011 Free Software
4 Foundation, Inc.
5
6 This program is free software; you can redistribute it and/or modify it
7 under the terms of the GNU General Public License as published by the
8 Free Software Foundation; either version 2, or (at your option) any
9 later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software Foundation,
18 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
19
20 /* Adapted by Simon Josefsson from gnulib md5.? and Libgcrypt
21 cipher/md4.c . */
22
23 #include "md4.h"
24
25 #include <stdalign.h>
26 #include <stdint.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <sys/types.h>
30
31 #if USE_UNLOCKED_IO
32 # include "unlocked-io.h"
33 #endif
34
35 #ifdef WORDS_BIGENDIAN
36 # define SWAP(n) \
37 (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24))
38 #else
39 # define SWAP(n) (n)
40 #endif
41
42 #define BLOCKSIZE 32768
43 #if BLOCKSIZE % 64 != 0
44 # error "invalid BLOCKSIZE"
45 #endif
46
47 /* This array contains the bytes used to pad the buffer to the next
48 64-byte boundary. (RFC 1320, 3.1: Step 1) */
49 static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ };
50
51
52 /* Initialize structure containing state of computation.
53 (RFC 1320, 3.3: Step 3) */
54 void
md4_init_ctx(struct md4_ctx * ctx)55 md4_init_ctx (struct md4_ctx *ctx)
56 {
57 ctx->A = 0x67452301;
58 ctx->B = 0xefcdab89;
59 ctx->C = 0x98badcfe;
60 ctx->D = 0x10325476;
61
62 ctx->total[0] = ctx->total[1] = 0;
63 ctx->buflen = 0;
64 }
65
66 /* Copy the 4 byte value from v into the memory location pointed to by *cp,
67 If your architecture allows unaligned access this is equivalent to
68 * (uint32_t *) cp = v */
69 static inline void
set_uint32(char * cp,uint32_t v)70 set_uint32 (char *cp, uint32_t v)
71 {
72 memcpy (cp, &v, sizeof v);
73 }
74
75 /* Put result from CTX in first 16 bytes following RESBUF. The result
76 must be in little endian byte order. */
77 void *
md4_read_ctx(const struct md4_ctx * ctx,void * resbuf)78 md4_read_ctx (const struct md4_ctx *ctx, void *resbuf)
79 {
80 char *r = resbuf;
81 set_uint32 (r + 0 * sizeof ctx->A, SWAP (ctx->A));
82 set_uint32 (r + 1 * sizeof ctx->B, SWAP (ctx->B));
83 set_uint32 (r + 2 * sizeof ctx->C, SWAP (ctx->C));
84 set_uint32 (r + 3 * sizeof ctx->D, SWAP (ctx->D));
85
86 return resbuf;
87 }
88
89 /* Process the remaining bytes in the internal buffer and the usual
90 prolog according to the standard and write the result to RESBUF. */
91 void *
md4_finish_ctx(struct md4_ctx * ctx,void * resbuf)92 md4_finish_ctx (struct md4_ctx *ctx, void *resbuf)
93 {
94 /* Take yet unprocessed bytes into account. */
95 uint32_t bytes = ctx->buflen;
96 size_t pad;
97
98 /* Now count remaining bytes. */
99 ctx->total[0] += bytes;
100 if (ctx->total[0] < bytes)
101 ++ctx->total[1];
102
103 pad = bytes >= 56 ? 64 + 56 - bytes : 56 - bytes;
104 memcpy (&((char*)ctx->buffer)[bytes], fillbuf, pad);
105
106 /* Put the 64-bit file length in *bits* at the end of the buffer. */
107 ctx->buffer[(bytes + pad) / 4] = SWAP (ctx->total[0] << 3);
108 ctx->buffer[(bytes + pad) / 4 + 1] = SWAP ((ctx->total[1] << 3) |
109 (ctx->total[0] >> 29));
110
111 /* Process last bytes. */
112 md4_process_block (ctx->buffer, bytes + pad + 8, ctx);
113
114 return md4_read_ctx (ctx, resbuf);
115 }
116
117 /* Compute MD4 message digest for bytes read from STREAM. The
118 resulting message digest number will be written into the 16 bytes
119 beginning at RESBLOCK. */
120 int
md4_stream(FILE * stream,void * resblock)121 md4_stream (FILE * stream, void *resblock)
122 {
123 struct md4_ctx ctx;
124 size_t sum;
125
126 char *buffer = malloc (BLOCKSIZE + 72);
127 if (!buffer)
128 return 1;
129
130 /* Initialize the computation context. */
131 md4_init_ctx (&ctx);
132
133 /* Iterate over full file contents. */
134 while (1)
135 {
136 /* We read the file in blocks of BLOCKSIZE bytes. One call of the
137 computation function processes the whole buffer so that with the
138 next round of the loop another block can be read. */
139 size_t n;
140 sum = 0;
141
142 /* Read block. Take care for partial reads. */
143 while (1)
144 {
145 n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream);
146
147 sum += n;
148
149 if (sum == BLOCKSIZE)
150 break;
151
152 if (n == 0)
153 {
154 /* Check for the error flag IFF N == 0, so that we don't
155 exit the loop after a partial read due to e.g., EAGAIN
156 or EWOULDBLOCK. */
157 if (ferror (stream))
158 {
159 free (buffer);
160 return 1;
161 }
162 goto process_partial_block;
163 }
164
165 /* We've read at least one byte, so ignore errors. But always
166 check for EOF, since feof may be true even though N > 0.
167 Otherwise, we could end up calling fread after EOF. */
168 if (feof (stream))
169 goto process_partial_block;
170 }
171
172 /* Process buffer with BLOCKSIZE bytes. Note that
173 BLOCKSIZE % 64 == 0
174 */
175 md4_process_block (buffer, BLOCKSIZE, &ctx);
176 }
177
178 process_partial_block:;
179
180 /* Process any remaining bytes. */
181 if (sum > 0)
182 md4_process_bytes (buffer, sum, &ctx);
183
184 /* Construct result in desired memory. */
185 md4_finish_ctx (&ctx, resblock);
186 free (buffer);
187 return 0;
188 }
189
190 /* Compute MD4 message digest for LEN bytes beginning at BUFFER. The
191 result is always in little endian byte order, so that a byte-wise
192 output yields to the wanted ASCII representation of the message
193 digest. */
194 void *
md4_buffer(const char * buffer,size_t len,void * resblock)195 md4_buffer (const char *buffer, size_t len, void *resblock)
196 {
197 struct md4_ctx ctx;
198
199 /* Initialize the computation context. */
200 md4_init_ctx (&ctx);
201
202 /* Process whole buffer but last len % 64 bytes. */
203 md4_process_bytes (buffer, len, &ctx);
204
205 /* Put result in desired memory area. */
206 return md4_finish_ctx (&ctx, resblock);
207 }
208
209 void
md4_process_bytes(const void * buffer,size_t len,struct md4_ctx * ctx)210 md4_process_bytes (const void *buffer, size_t len, struct md4_ctx *ctx)
211 {
212 /* When we already have some bits in our internal buffer concatenate
213 both inputs first. */
214 if (ctx->buflen != 0)
215 {
216 size_t left_over = ctx->buflen;
217 size_t add = 128 - left_over > len ? len : 128 - left_over;
218
219 memcpy (&((char*)ctx->buffer)[left_over], buffer, add);
220 ctx->buflen += add;
221
222 if (ctx->buflen > 64)
223 {
224 md4_process_block (ctx->buffer, ctx->buflen & ~63, ctx);
225
226 ctx->buflen &= 63;
227 /* The regions in the following copy operation cannot overlap. */
228 memcpy (ctx->buffer, &((char*)ctx->buffer)[(left_over + add) & ~63],
229 ctx->buflen);
230 }
231
232 buffer = (const char *) buffer + add;
233 len -= add;
234 }
235
236 /* Process available complete blocks. */
237 if (len >= 64)
238 {
239 #if !_STRING_ARCH_unaligned
240 # define UNALIGNED_P(p) ((uintptr_t) (p) % alignof (uint32_t) != 0)
241 if (UNALIGNED_P (buffer))
242 while (len > 64)
243 {
244 md4_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx);
245 buffer = (const char *) buffer + 64;
246 len -= 64;
247 }
248 else
249 #endif
250 {
251 md4_process_block (buffer, len & ~63, ctx);
252 buffer = (const char *) buffer + (len & ~63);
253 len &= 63;
254 }
255 }
256
257 /* Move remaining bytes in internal buffer. */
258 if (len > 0)
259 {
260 size_t left_over = ctx->buflen;
261
262 memcpy (&((char*)ctx->buffer)[left_over], buffer, len);
263 left_over += len;
264 if (left_over >= 64)
265 {
266 md4_process_block (ctx->buffer, 64, ctx);
267 left_over -= 64;
268 memcpy (ctx->buffer, &ctx->buffer[16], left_over);
269 }
270 ctx->buflen = left_over;
271 }
272 }
273
274 /* --- Code below is the primary difference between md5.c and md4.c --- */
275
276 /* MD4 round constants */
277 #define K1 0x5a827999
278 #define K2 0x6ed9eba1
279
280 /* Round functions. */
281 #define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
282 #define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
283 #define H(x, y, z) ((x) ^ (y) ^ (z))
284 #define rol(x, n) (((x) << (n)) | ((uint32_t) (x) >> (32 - (n))))
285 #define R1(a,b,c,d,k,s) a=rol(a+F(b,c,d)+x[k],s);
286 #define R2(a,b,c,d,k,s) a=rol(a+G(b,c,d)+x[k]+K1,s);
287 #define R3(a,b,c,d,k,s) a=rol(a+H(b,c,d)+x[k]+K2,s);
288
289 /* Process LEN bytes of BUFFER, accumulating context into CTX.
290 It is assumed that LEN % 64 == 0. */
291
292 void
md4_process_block(const void * buffer,size_t len,struct md4_ctx * ctx)293 md4_process_block (const void *buffer, size_t len, struct md4_ctx *ctx)
294 {
295 const uint32_t *words = buffer;
296 size_t nwords = len / sizeof (uint32_t);
297 const uint32_t *endp = words + nwords;
298 uint32_t x[16];
299 uint32_t A = ctx->A;
300 uint32_t B = ctx->B;
301 uint32_t C = ctx->C;
302 uint32_t D = ctx->D;
303
304 /* First increment the byte count. RFC 1320 specifies the possible
305 length of the file up to 2^64 bits. Here we only compute the
306 number of bytes. Do a double word increment. */
307 ctx->total[0] += len;
308 if (ctx->total[0] < len)
309 ++ctx->total[1];
310
311 /* Process all bytes in the buffer with 64 bytes in each round of
312 the loop. */
313 while (words < endp)
314 {
315 int t;
316 for (t = 0; t < 16; t++)
317 {
318 x[t] = SWAP (*words);
319 words++;
320 }
321
322 /* Round 1. */
323 R1 (A, B, C, D, 0, 3);
324 R1 (D, A, B, C, 1, 7);
325 R1 (C, D, A, B, 2, 11);
326 R1 (B, C, D, A, 3, 19);
327 R1 (A, B, C, D, 4, 3);
328 R1 (D, A, B, C, 5, 7);
329 R1 (C, D, A, B, 6, 11);
330 R1 (B, C, D, A, 7, 19);
331 R1 (A, B, C, D, 8, 3);
332 R1 (D, A, B, C, 9, 7);
333 R1 (C, D, A, B, 10, 11);
334 R1 (B, C, D, A, 11, 19);
335 R1 (A, B, C, D, 12, 3);
336 R1 (D, A, B, C, 13, 7);
337 R1 (C, D, A, B, 14, 11);
338 R1 (B, C, D, A, 15, 19);
339
340 /* Round 2. */
341 R2 (A, B, C, D, 0, 3);
342 R2 (D, A, B, C, 4, 5);
343 R2 (C, D, A, B, 8, 9);
344 R2 (B, C, D, A, 12, 13);
345 R2 (A, B, C, D, 1, 3);
346 R2 (D, A, B, C, 5, 5);
347 R2 (C, D, A, B, 9, 9);
348 R2 (B, C, D, A, 13, 13);
349 R2 (A, B, C, D, 2, 3);
350 R2 (D, A, B, C, 6, 5);
351 R2 (C, D, A, B, 10, 9);
352 R2 (B, C, D, A, 14, 13);
353 R2 (A, B, C, D, 3, 3);
354 R2 (D, A, B, C, 7, 5);
355 R2 (C, D, A, B, 11, 9);
356 R2 (B, C, D, A, 15, 13);
357
358 /* Round 3. */
359 R3 (A, B, C, D, 0, 3);
360 R3 (D, A, B, C, 8, 9);
361 R3 (C, D, A, B, 4, 11);
362 R3 (B, C, D, A, 12, 15);
363 R3 (A, B, C, D, 2, 3);
364 R3 (D, A, B, C, 10, 9);
365 R3 (C, D, A, B, 6, 11);
366 R3 (B, C, D, A, 14, 15);
367 R3 (A, B, C, D, 1, 3);
368 R3 (D, A, B, C, 9, 9);
369 R3 (C, D, A, B, 5, 11);
370 R3 (B, C, D, A, 13, 15);
371 R3 (A, B, C, D, 3, 3);
372 R3 (D, A, B, C, 11, 9);
373 R3 (C, D, A, B, 7, 11);
374 R3 (B, C, D, A, 15, 15);
375
376 A = ctx->A += A;
377 B = ctx->B += B;
378 C = ctx->C += C;
379 D = ctx->D += D;
380 }
381 }
382