diff options
Diffstat (limited to 'sys/crypto')
| -rw-r--r-- | sys/crypto/md4c.c | 298 | ||||
| -rw-r--r-- | sys/crypto/md5c.c | 317 |
2 files changed, 615 insertions, 0 deletions
diff --git a/sys/crypto/md4c.c b/sys/crypto/md4c.c new file mode 100644 index 000000000000..e173e17e3387 --- /dev/null +++ b/sys/crypto/md4c.c @@ -0,0 +1,298 @@ +/* MD4C.C - RSA Data Security, Inc., MD4 message-digest algorithm + */ + +/*- + SPDX-License-Identifier: RSA-MD + + Copyright (C) 1990-2, RSA Data Security, Inc. All rights reserved. + + License to copy and use this software is granted provided that it + is identified as the "RSA Data Security, Inc. MD4 Message-Digest + Algorithm" in all material mentioning or referencing this software + or this function. + + License is also granted to make and use derivative works provided + that such works are identified as "derived from the RSA Data + Security, Inc. MD4 Message-Digest Algorithm" in all material + mentioning or referencing the derived work. + + RSA Data Security, Inc. makes no representations concerning either + the merchantability of this software or the suitability of this + software for any particular purpose. It is provided "as is" + without express or implied warranty of any kind. + + These notices must be retained in any copies of any part of this + documentation and/or software. + */ + +#include <sys/param.h> +#ifdef _KERNEL +#include <sys/systm.h> +#else +#include <string.h> +#endif +#include <sys/md4.h> + +typedef unsigned char *POINTER; +typedef uint16_t UINT2; +typedef uint32_t UINT4; + +#define PROTO_LIST(list) list + +/* Constants for MD4Transform routine. + */ +#define S11 3 +#define S12 7 +#define S13 11 +#define S14 19 +#define S21 3 +#define S22 5 +#define S23 9 +#define S24 13 +#define S31 3 +#define S32 9 +#define S33 11 +#define S34 15 + +static void MD4Transform PROTO_LIST ((UINT4 [4], const unsigned char [64])); +static void Encode PROTO_LIST + ((unsigned char *, UINT4 *, unsigned int)); +static void Decode PROTO_LIST + ((UINT4 *, const unsigned char *, unsigned int)); + +static unsigned char PADDING[64] = { + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +/* F, G and H are basic MD4 functions. + */ +#define F(x, y, z) (((x) & (y)) | ((~x) & (z))) +#define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z))) +#define H(x, y, z) ((x) ^ (y) ^ (z)) + +/* ROTATE_LEFT rotates x left n bits. + */ +#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) + +/* FF, GG and HH are transformations for rounds 1, 2 and 3 */ +/* Rotation is separate from addition to prevent recomputation */ +#define FF(a, b, c, d, x, s) { \ + (a) += F ((b), (c), (d)) + (x); \ + (a) = ROTATE_LEFT ((a), (s)); \ + } +#define GG(a, b, c, d, x, s) { \ + (a) += G ((b), (c), (d)) + (x) + (UINT4)0x5a827999; \ + (a) = ROTATE_LEFT ((a), (s)); \ + } +#define HH(a, b, c, d, x, s) { \ + (a) += H ((b), (c), (d)) + (x) + (UINT4)0x6ed9eba1; \ + (a) = ROTATE_LEFT ((a), (s)); \ + } + +/* MD4 initialization. Begins an MD4 operation, writing a new context. + */ +void +MD4Init(MD4_CTX *context) +{ + context->count[0] = context->count[1] = 0; + + /* Load magic initialization constants. + */ + context->state[0] = 0x67452301; + context->state[1] = 0xefcdab89; + context->state[2] = 0x98badcfe; + context->state[3] = 0x10325476; +} + +/* MD4 block update operation. Continues an MD4 message-digest + operation, processing another message block, and updating the + context. + */ +void +MD4Update(MD4_CTX *context, const unsigned char *input, + unsigned int inputLen) +{ + unsigned int i, index, partLen; + + /* Compute number of bytes mod 64 */ + index = (unsigned int)((context->count[0] >> 3) & 0x3F); + /* Update number of bits */ + if ((context->count[0] += ((UINT4)inputLen << 3)) + < ((UINT4)inputLen << 3)) + context->count[1]++; + context->count[1] += ((UINT4)inputLen >> 29); + + partLen = 64 - index; + /* Transform as many times as possible. + */ + if (inputLen >= partLen) { + bcopy(input, &context->buffer[index], partLen); + MD4Transform (context->state, context->buffer); + + for (i = partLen; i + 63 < inputLen; i += 64) + MD4Transform (context->state, &input[i]); + + index = 0; + } + else + i = 0; + + /* Buffer remaining input */ + bcopy(&input[i], &context->buffer[index], inputLen-i); +} + +/* MD4 padding. */ +void +MD4Pad(MD4_CTX *context) +{ + unsigned char bits[8]; + unsigned int index, padLen; + + /* Save number of bits */ + Encode (bits, context->count, 8); + + /* Pad out to 56 mod 64. + */ + index = (unsigned int)((context->count[0] >> 3) & 0x3f); + padLen = (index < 56) ? (56 - index) : (120 - index); + MD4Update (context, PADDING, padLen); + + /* Append length (before padding) */ + MD4Update (context, bits, 8); +} + +/* MD4 finalization. Ends an MD4 message-digest operation, writing the + the message digest and zeroizing the context. + */ +void +MD4Final(unsigned char digest[static 16], MD4_CTX *context) +{ + /* Do padding */ + MD4Pad (context); + + /* Store state in digest */ + Encode (digest, context->state, 16); + + /* Zeroize sensitive information. + */ + bzero(context, sizeof (*context)); +} + +/* MD4 basic transformation. Transforms state based on block. + */ +static void +MD4Transform(UINT4 state[4], const unsigned char block[64]) +{ + UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16]; + + Decode (x, block, 64); + + /* Round 1 */ + FF (a, b, c, d, x[ 0], S11); /* 1 */ + FF (d, a, b, c, x[ 1], S12); /* 2 */ + FF (c, d, a, b, x[ 2], S13); /* 3 */ + FF (b, c, d, a, x[ 3], S14); /* 4 */ + FF (a, b, c, d, x[ 4], S11); /* 5 */ + FF (d, a, b, c, x[ 5], S12); /* 6 */ + FF (c, d, a, b, x[ 6], S13); /* 7 */ + FF (b, c, d, a, x[ 7], S14); /* 8 */ + FF (a, b, c, d, x[ 8], S11); /* 9 */ + FF (d, a, b, c, x[ 9], S12); /* 10 */ + FF (c, d, a, b, x[10], S13); /* 11 */ + FF (b, c, d, a, x[11], S14); /* 12 */ + FF (a, b, c, d, x[12], S11); /* 13 */ + FF (d, a, b, c, x[13], S12); /* 14 */ + FF (c, d, a, b, x[14], S13); /* 15 */ + FF (b, c, d, a, x[15], S14); /* 16 */ + + /* Round 2 */ + GG (a, b, c, d, x[ 0], S21); /* 17 */ + GG (d, a, b, c, x[ 4], S22); /* 18 */ + GG (c, d, a, b, x[ 8], S23); /* 19 */ + GG (b, c, d, a, x[12], S24); /* 20 */ + GG (a, b, c, d, x[ 1], S21); /* 21 */ + GG (d, a, b, c, x[ 5], S22); /* 22 */ + GG (c, d, a, b, x[ 9], S23); /* 23 */ + GG (b, c, d, a, x[13], S24); /* 24 */ + GG (a, b, c, d, x[ 2], S21); /* 25 */ + GG (d, a, b, c, x[ 6], S22); /* 26 */ + GG (c, d, a, b, x[10], S23); /* 27 */ + GG (b, c, d, a, x[14], S24); /* 28 */ + GG (a, b, c, d, x[ 3], S21); /* 29 */ + GG (d, a, b, c, x[ 7], S22); /* 30 */ + GG (c, d, a, b, x[11], S23); /* 31 */ + GG (b, c, d, a, x[15], S24); /* 32 */ + + /* Round 3 */ + HH (a, b, c, d, x[ 0], S31); /* 33 */ + HH (d, a, b, c, x[ 8], S32); /* 34 */ + HH (c, d, a, b, x[ 4], S33); /* 35 */ + HH (b, c, d, a, x[12], S34); /* 36 */ + HH (a, b, c, d, x[ 2], S31); /* 37 */ + HH (d, a, b, c, x[10], S32); /* 38 */ + HH (c, d, a, b, x[ 6], S33); /* 39 */ + HH (b, c, d, a, x[14], S34); /* 40 */ + HH (a, b, c, d, x[ 1], S31); /* 41 */ + HH (d, a, b, c, x[ 9], S32); /* 42 */ + HH (c, d, a, b, x[ 5], S33); /* 43 */ + HH (b, c, d, a, x[13], S34); /* 44 */ + HH (a, b, c, d, x[ 3], S31); /* 45 */ + HH (d, a, b, c, x[11], S32); /* 46 */ + HH (c, d, a, b, x[ 7], S33); /* 47 */ + HH (b, c, d, a, x[15], S34); /* 48 */ + + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + + /* Zeroize sensitive information. + */ + bzero((POINTER)x, sizeof (x)); +} + +/* Encodes input (UINT4) into output (unsigned char). Assumes len is + a multiple of 4. + */ +static void +Encode(unsigned char *output, UINT4 *input, unsigned int len) +{ + unsigned int i, j; + + for (i = 0, j = 0; j < len; i++, j += 4) { + output[j] = (unsigned char)(input[i] & 0xff); + output[j+1] = (unsigned char)((input[i] >> 8) & 0xff); + output[j+2] = (unsigned char)((input[i] >> 16) & 0xff); + output[j+3] = (unsigned char)((input[i] >> 24) & 0xff); + } +} + +/* Decodes input (unsigned char) into output (UINT4). Assumes len is + a multiple of 4. + */ +static void +Decode(UINT4 *output, const unsigned char *input, unsigned int len) +{ + unsigned int i, j; + + for (i = 0, j = 0; j < len; i++, j += 4) + output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) | + (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24); +} + +#ifdef WEAK_REFS +/* When building libmd, provide weak references. Note: this is not + activated in the context of compiling these sources for internal + use in libcrypt. + */ +#undef MD4Init +__weak_reference(_libmd_MD4Init, MD4Init); +#undef MD4Update +__weak_reference(_libmd_MD4Update, MD4Update); +#undef MD4Pad +__weak_reference(_libmd_MD4Pad, MD4Pad); +#undef MD4Final +__weak_reference(_libmd_MD4Final, MD4Final); +#endif diff --git a/sys/crypto/md5c.c b/sys/crypto/md5c.c new file mode 100644 index 000000000000..f9ffb602afdb --- /dev/null +++ b/sys/crypto/md5c.c @@ -0,0 +1,317 @@ +/*- + * Copyright (c) 2024, 2025 Robert Clausecker <fuz@FreeBSD.org> + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include <sys/endian.h> +#include <sys/types.h> +#include <sys/md5.h> + +#ifdef _KERNEL +#include <sys/param.h> +#include <sys/stdint.h> +#include <sys/systm.h> +#define assert(expr) MPASS(expr) +#else +#include <assert.h> +#include <stdint.h> +#include <string.h> +#include <strings.h> +#endif /* defined(_KERNEL) */ + +#define md5block _libmd_md5block +#ifdef MD5_ASM +extern void md5block(MD5_CTX *, const void *, size_t); +#else +static void md5block(MD5_CTX *, const void *, size_t); +#endif + +/* don't unroll in bootloader */ +#ifdef STANDALONE_SMALL +#define UNROLL +#else +#define UNROLL _Pragma("unroll") +#endif + +void +MD5Init(MD5_CTX *ctx) +{ + ctx->state[0] = 0x67452301; + ctx->state[1] = 0xefcdab89; + ctx->state[2] = 0x98badcfe; + ctx->state[3] = 0x10325476; + + ctx->count[0] = 0; + ctx->count[1] = 0; +} + +void +MD5Update(MD5_CTX *ctx, const void *data, unsigned int len) +{ + uint64_t nn; + const char *p = data; + unsigned num; + + num = ctx->count[0] % MD5_BLOCK_LENGTH; + nn = (uint64_t)ctx->count[0] | (uint64_t)ctx->count[1] << 32; + nn += len; + ctx->count[0] = (uint32_t)nn; + ctx->count[1] = (uint32_t)(nn >> 32); + + if (num > 0) { + unsigned int n = MD5_BLOCK_LENGTH - num; + + if (n > len) + n = len; + + memcpy((char *)ctx->buffer + num, p, n); + num += n; + if (num == MD5_BLOCK_LENGTH) + md5block(ctx, (void *)ctx->buffer, MD5_BLOCK_LENGTH); + + p += n; + len -= n; + } + + if (len >= MD5_BLOCK_LENGTH) { + unsigned n = len & ~(unsigned)(MD5_BLOCK_LENGTH - 1); + + md5block(ctx, p, n); + p += n; + len -= n; + } + + if (len > 0) + memcpy((void *)ctx->buffer, p, len); +} + +static void +MD5Pad(MD5_CTX *ctx) +{ + uint64_t len; + unsigned t; + unsigned char tmp[MD5_BLOCK_LENGTH + sizeof(uint64_t)] = {0x80, 0}; + + len = (uint64_t)ctx->count[0] | (uint64_t)ctx->count[1] << 32; + t = 64 + 56 - ctx->count[0] % 64; + if (t > 64) + t -= 64; + + /* length in bits */ + len <<= 3; + le64enc(tmp + t, len); + MD5Update(ctx, tmp, t + 8); + assert(ctx->count[0] % MD5_BLOCK_LENGTH == 0); +} + +void +MD5Final(unsigned char md[16], MD5_CTX *ctx) +{ + MD5Pad(ctx); + + le32enc(md + 0, ctx->state[0]); + le32enc(md + 4, ctx->state[1]); + le32enc(md + 8, ctx->state[2]); + le32enc(md + 12, ctx->state[3]); + + explicit_bzero(ctx, sizeof(ctx)); +} + +#ifndef MD5_ASM +static const uint32_t K[64] = { + 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee, + 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501, + 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be, + 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821, + 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa, + 0xd62f105d, 0x02441453, 0xd8a1e681, 0xe7d3fbc8, + 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed, + 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a, + 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c, + 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70, + 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x04881d05, + 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665, + 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039, + 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1, + 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1, + 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391, +}; + +static inline uint32_t +rol32(uint32_t a, int b) +{ + return (a << b | a >> (32 - b)); +} + +static void +md5block(MD5_CTX *ctx, const void *data, size_t len) +{ + uint32_t m[16], a0, b0, c0, d0; + const char *p = data; + + a0 = ctx->state[0]; + b0 = ctx->state[1]; + c0 = ctx->state[2]; + d0 = ctx->state[3]; + + while (len >= MD5_BLOCK_LENGTH) { + size_t i; + uint32_t a = a0, b = b0, c = c0, d = d0, f, tmp; + + UNROLL + for (i = 0; i < 16; i++) + m[i] = le32dec(p + 4*i); + + UNROLL + for (i = 0; i < 16; i += 4) { + f = d ^ (b & (c ^ d)); + tmp = d; + d = c; + c = b; + b += rol32(a + f + K[i] + m[i], 7); + a = tmp; + + f = d ^ (b & (c ^ d)); + tmp = d; + d = c; + c = b; + b += rol32(a + f + K[i + 1] + m[i + 1], 12); + a = tmp; + + f = d ^ (b & (c ^ d)); + tmp = d; + d = c; + c = b; + b += rol32(a + f + K[i + 2] + m[i + 2], 17); + a = tmp; + + f = d ^ (b & (c ^ d)); + tmp = d; + d = c; + c = b; + b += rol32(a + f + K[i + 3] + m[i + 3], 22); + a = tmp; + } + + UNROLL + for (; i < 32; i += 4) { + f = c ^ (d & (b ^ c)); + tmp = d; + d = c; + c = b; + b += rol32(a + f + K[i] + m[(5*i + 1) % 16], 5); + a = tmp; + + f = c ^ (d & (b ^ c)); + tmp = d; + d = c; + c = b; + b += rol32(a + f + K[i + 1] + m[(5*i + 6) % 16], 9); + a = tmp; + + f = c ^ (d & (b ^ c)); + tmp = d; + d = c; + c = b; + b += rol32(a + f + K[i + 2] + m[(5*i + 11) % 16], 14); + a = tmp; + + f = c ^ (d & (b ^ c)); + tmp = d; + d = c; + c = b; + b += rol32(a + f + K[i + 3] + m[5*i % 16], 20); + a = tmp; + } + + UNROLL + for (; i < 48; i += 4) { + f = b ^ c ^ d; + tmp = d; + d = c; + c = b; + b += rol32(a + f + K[i] + m[(3*i + 5) % 16], 4); + a = tmp; + + f = b ^ c ^ d; + tmp = d; + d = c; + c = b; + b += rol32(a + f + K[i + 1] + m[(3*i + 8) % 16], 11); + a = tmp; + + f = b ^ c ^ d; + tmp = d; + d = c; + c = b; + b += rol32(a + f + K[i + 2] + m[(3*i + 11) % 16], 16); + a = tmp; + + f = b ^ c ^ d; + tmp = d; + d = c; + c = b; + b += rol32(a + f + K[i + 3] + m[(3*i + 14) % 16], 23); + a = tmp; + } + + UNROLL + for (; i < 64; i += 4) { + f = c ^ (b | ~d); + tmp = d; + d = c; + c = b; + b += rol32(a + f + K[i] + m[7*i % 16], 6); + a = tmp; + + f = c ^ (b | ~d); + tmp = d; + d = c; + c = b; + b += rol32(a + f + K[i + 1] + m[(7*i + 7) % 16], 10); + a = tmp; + + f = c ^ (b | ~d); + tmp = d; + d = c; + c = b; + b += rol32(a + f + K[i + 2] + m[(7*i + 14) % 16], 15); + a = tmp; + + f = c ^ (b | ~d); + tmp = d; + d = c; + c = b; + b += rol32(a + f + K[i + 3] + m[(7*i + 5) % 16], 21); + a = tmp; + } + + a0 += a; + b0 += b; + c0 += c; + d0 += d; + + p += MD5_BLOCK_LENGTH; + len -= MD5_BLOCK_LENGTH; + } + + ctx->state[0] = a0; + ctx->state[1] = b0; + ctx->state[2] = c0; + ctx->state[3] = d0; +} +#endif /* !defined(MD5_ASM) */ + +#ifdef WEAK_REFS +/* When building libmd, provide weak references. Note: this is not + activated in the context of compiling these sources for internal + use in libcrypt. + */ +#undef MD5Init +__weak_reference(_libmd_MD5Init, MD5Init); +#undef MD5Update +__weak_reference(_libmd_MD5Update, MD5Update); +#undef MD5Final +__weak_reference(_libmd_MD5Final, MD5Final); +#endif |