1 /* -*- Mode: C; tab-width: 4 -*-
2 *
3 * Copyright (c) 2002-2003 Apple Computer, Inc. All rights reserved.
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17
18
19 #ifdef __cplusplus
20 extern "C" {
21 #endif
22
23 #include "mDNSEmbeddedAPI.h"
24 #include "DNSCommon.h"
25
26 // Disable certain benign warnings with Microsoft compilers
27 #if(defined(_MSC_VER))
28 // Disable "conditional expression is constant" warning for debug macros.
29 // Otherwise, this generates warnings for the perfectly natural construct "while(1)"
30 // If someone knows a variant way of writing "while(1)" that doesn't generate warning messages, please let us know
31 #pragma warning(disable:4127)
32 #endif
33
34
35 // ***************************************************************************
36 #if COMPILER_LIKES_PRAGMA_MARK
37 #pragma mark - Byte Swapping Functions
38 #endif
39
NToH16(mDNSu8 * bytes)40 mDNSlocal mDNSu16 NToH16(mDNSu8 * bytes)
41 {
42 return (mDNSu16)((mDNSu16)bytes[0] << 8 | (mDNSu16)bytes[1]);
43 }
44
NToH32(mDNSu8 * bytes)45 mDNSlocal mDNSu32 NToH32(mDNSu8 * bytes)
46 {
47 return (mDNSu32)((mDNSu32) bytes[0] << 24 | (mDNSu32) bytes[1] << 16 | (mDNSu32) bytes[2] << 8 | (mDNSu32)bytes[3]);
48 }
49
50 // ***************************************************************************
51 #if COMPILER_LIKES_PRAGMA_MARK
52 #pragma mark - MD5 Hash Functions
53 #endif
54
55
56 /* The source for the has is derived CommonCrypto files CommonDigest.h, md32_common.h, md5_locl.h, md5_locl.h, and openssl/md5.h.
57 * The following changes have been made to the original sources:
58 * replaced CC_LONG w/ mDNSu32
59 * replaced CC_MD5* with MD5*
60 * replaced CC_LONG w/ mDNSu32, removed conditional #defines from md5.h
61 * removed extern decls for MD5_Init/Update/Final from CommonDigest.h
62 * removed APPLE_COMMON_DIGEST specific #defines from md5_locl.h
63 *
64 * Note: machine archetecure specific conditionals from the original sources are turned off, but are left in the code
65 * to aid in platform-specific optimizations and debugging.
66 * Sources originally distributed under the following license headers:
67 * CommonDigest.h - APSL
68 *
69 * md32_Common.h
70 * ====================================================================
71 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
72 *
73 * Redistribution and use in source and binary forms, with or without
74 * modification, are permitted provided that the following conditions
75 * are met:
76 *
77 * 1. Redistributions of source code must retain the above copyright
78 * notice, this list of conditions and the following disclaimer.
79 *
80 * 2. Redistributions in binary form must reproduce the above copyright
81 * notice, this list of conditions and the following disclaimer in
82 * the documentation and/or other materials provided with the
83 * distribution.
84 *
85 * 3. All advertising materials mentioning features or use of this
86 * software must display the following acknowledgment:
87 * "This product includes software developed by the OpenSSL Project
88 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
89 *
90 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
91 * endorse or promote products derived from this software without
92 * prior written permission. For written permission, please contact
93 * licensing@OpenSSL.org.
94 *
95 * 5. Products derived from this software may not be called "OpenSSL"
96 * nor may "OpenSSL" appear in their names without prior written
97 * permission of the OpenSSL Project.
98 *
99 * 6. Redistributions of any form whatsoever must retain the following
100 * acknowledgment:
101 * "This product includes software developed by the OpenSSL Project
102 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
103 *
104 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
105 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
106 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
107 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
108 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
109 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
110 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
111 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
112 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
113 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
114 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
115 * OF THE POSSIBILITY OF SUCH DAMAGE.
116 *
117 *
118 * md5_dgst.c, md5_locl.h
119 * ====================================================================
120 *
121 * This product includes cryptographic software written by Eric Young
122 * (eay@cryptsoft.com). This product includes software written by Tim
123 * Hudson (tjh@cryptsoft.com).
124 *
125 * Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
126 * All rights reserved.
127 *
128 * This package is an SSL implementation written
129 * by Eric Young (eay@cryptsoft.com).
130 * The implementation was written so as to conform with Netscapes SSL.
131 *
132 * This library is free for commercial and non-commercial use as long as
133 * the following conditions are aheared to. The following conditions
134 * apply to all code found in this distribution, be it the RC4, RSA,
135 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
136 * included with this distribution is covered by the same copyright terms
137 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
138 *
139 * Copyright remains Eric Young's, and as such any Copyright notices in
140 * the code are not to be removed.
141 * If this package is used in a product, Eric Young should be given attribution
142 * as the author of the parts of the library used.
143 * This can be in the form of a textual message at program startup or
144 * in documentation (online or textual) provided with the package.
145 *
146 * Redistribution and use in source and binary forms, with or without
147 * modification, are permitted provided that the following conditions
148 * are met:
149 * 1. Redistributions of source code must retain the copyright
150 * notice, this list of conditions and the following disclaimer.
151 * 2. Redistributions in binary form must reproduce the above copyright
152 * notice, this list of conditions and the following disclaimer in the
153 * documentation and/or other materials provided with the distribution.
154 * 3. All advertising materials mentioning features or use of this software
155 * must display the following acknowledgement:
156 * "This product includes cryptographic software written by
157 * Eric Young (eay@cryptsoft.com)"
158 * The word 'cryptographic' can be left out if the rouines from the library
159 * being used are not cryptographic related :-).
160 * 4. If you include any Windows specific code (or a derivative thereof) from
161 * the apps directory (application code) you must include an acknowledgement:
162 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
163 *
164 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
165 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
166 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
167 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
168 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
169 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
170 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
171 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
172 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
173 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
174 * SUCH DAMAGE.
175 *
176 * The licence and distribution terms for any publically available version or
177 * derivative of this code cannot be changed. i.e. this code cannot simply be
178 * copied and put under another distribution licence
179 * [including the GNU Public Licence.]
180 *
181 */
182
183 //from CommonDigest.h
184
185 #define MD5_DIGEST_LENGTH 16 /* digest length in bytes */
186 #define MD5_BLOCK_BYTES 64 /* block size in bytes */
187 #define MD5_BLOCK_LONG (MD5_BLOCK_BYTES / sizeof(mDNSu32))
188
189 typedef struct MD5state_st
190 {
191 mDNSu32 A,B,C,D;
192 mDNSu32 Nl,Nh;
193 mDNSu32 data[MD5_BLOCK_LONG];
194 int num;
195 } MD5_CTX;
196
197
198 // from openssl/md5.h
199
200 #define MD5_CBLOCK 64
201 #define MD5_LBLOCK (MD5_CBLOCK/4)
202 #define MD5_DIGEST_LENGTH 16
203
204 int MD5_Init(MD5_CTX *c);
205 int MD5_Update(MD5_CTX *c, const void *data, unsigned long len);
206 int MD5_Final(unsigned char *md, MD5_CTX *c);
207 void MD5_Transform(MD5_CTX *c, const unsigned char *b);
208
209 // From md5_locl.h
210
211 #ifndef MD5_LONG_LOG2
212 #define MD5_LONG_LOG2 2 /* default to 32 bits */
213 #endif
214
215 #ifdef MD5_ASM
216 # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
217 # define md5_block_host_order md5_block_asm_host_order
218 # elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC)
219 void md5_block_asm_data_order_aligned (MD5_CTX *c, const mDNSu32 *p,int num);
220 # define HASH_BLOCK_DATA_ORDER_ALIGNED md5_block_asm_data_order_aligned
221 # endif
222 #endif
223
224 void md5_block_host_order (MD5_CTX *c, const void *p,int num);
225 void md5_block_data_order (MD5_CTX *c, const void *p,int num);
226
227 #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
228 /*
229 * *_block_host_order is expected to handle aligned data while
230 * *_block_data_order - unaligned. As algorithm and host (x86)
231 * are in this case of the same "endianness" these two are
232 * otherwise indistinguishable. But normally you don't want to
233 * call the same function because unaligned access in places
234 * where alignment is expected is usually a "Bad Thing". Indeed,
235 * on RISCs you get punished with BUS ERROR signal or *severe*
236 * performance degradation. Intel CPUs are in turn perfectly
237 * capable of loading unaligned data without such drastic side
238 * effect. Yes, they say it's slower than aligned load, but no
239 * exception is generated and therefore performance degradation
240 * is *incomparable* with RISCs. What we should weight here is
241 * costs of unaligned access against costs of aligning data.
242 * According to my measurements allowing unaligned access results
243 * in ~9% performance improvement on Pentium II operating at
244 * 266MHz. I won't be surprised if the difference will be higher
245 * on faster systems:-)
246 *
247 * <appro@fy.chalmers.se>
248 */
249 #define md5_block_data_order md5_block_host_order
250 #endif
251
252 #define DATA_ORDER_IS_LITTLE_ENDIAN
253
254 #define HASH_LONG mDNSu32
255 #define HASH_LONG_LOG2 MD5_LONG_LOG2
256 #define HASH_CTX MD5_CTX
257 #define HASH_CBLOCK MD5_CBLOCK
258 #define HASH_LBLOCK MD5_LBLOCK
259
260 #define HASH_UPDATE MD5_Update
261 #define HASH_TRANSFORM MD5_Transform
262 #define HASH_FINAL MD5_Final
263
264 #define HASH_MAKE_STRING(c,s) do { \
265 unsigned long ll; \
266 ll=(c)->A; HOST_l2c(ll,(s)); \
267 ll=(c)->B; HOST_l2c(ll,(s)); \
268 ll=(c)->C; HOST_l2c(ll,(s)); \
269 ll=(c)->D; HOST_l2c(ll,(s)); \
270 } while (0)
271 #define HASH_BLOCK_HOST_ORDER md5_block_host_order
272 #if !defined(L_ENDIAN) || defined(md5_block_data_order)
273 #define HASH_BLOCK_DATA_ORDER md5_block_data_order
274 /*
275 * Little-endians (Intel and Alpha) feel better without this.
276 * It looks like memcpy does better job than generic
277 * md5_block_data_order on copying-n-aligning input data.
278 * But frankly speaking I didn't expect such result on Alpha.
279 * On the other hand I've got this with egcs-1.0.2 and if
280 * program is compiled with another (better?) compiler it
281 * might turn out other way around.
282 *
283 * <appro@fy.chalmers.se>
284 */
285 #endif
286
287
288 // from md32_common.h
289
290 /*
291 * This is a generic 32 bit "collector" for message digest algorithms.
292 * Whenever needed it collects input character stream into chunks of
293 * 32 bit values and invokes a block function that performs actual hash
294 * calculations.
295 *
296 * Porting guide.
297 *
298 * Obligatory macros:
299 *
300 * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
301 * this macro defines byte order of input stream.
302 * HASH_CBLOCK
303 * size of a unit chunk HASH_BLOCK operates on.
304 * HASH_LONG
305 * has to be at lest 32 bit wide, if it's wider, then
306 * HASH_LONG_LOG2 *has to* be defined along
307 * HASH_CTX
308 * context structure that at least contains following
309 * members:
310 * typedef struct {
311 * ...
312 * HASH_LONG Nl,Nh;
313 * HASH_LONG data[HASH_LBLOCK];
314 * int num;
315 * ...
316 * } HASH_CTX;
317 * HASH_UPDATE
318 * name of "Update" function, implemented here.
319 * HASH_TRANSFORM
320 * name of "Transform" function, implemented here.
321 * HASH_FINAL
322 * name of "Final" function, implemented here.
323 * HASH_BLOCK_HOST_ORDER
324 * name of "block" function treating *aligned* input message
325 * in host byte order, implemented externally.
326 * HASH_BLOCK_DATA_ORDER
327 * name of "block" function treating *unaligned* input message
328 * in original (data) byte order, implemented externally (it
329 * actually is optional if data and host are of the same
330 * "endianess").
331 * HASH_MAKE_STRING
332 * macro convering context variables to an ASCII hash string.
333 *
334 * Optional macros:
335 *
336 * B_ENDIAN or L_ENDIAN
337 * defines host byte-order.
338 * HASH_LONG_LOG2
339 * defaults to 2 if not states otherwise.
340 * HASH_LBLOCK
341 * assumed to be HASH_CBLOCK/4 if not stated otherwise.
342 * HASH_BLOCK_DATA_ORDER_ALIGNED
343 * alternative "block" function capable of treating
344 * aligned input message in original (data) order,
345 * implemented externally.
346 *
347 * MD5 example:
348 *
349 * #define DATA_ORDER_IS_LITTLE_ENDIAN
350 *
351 * #define HASH_LONG mDNSu32
352 * #define HASH_LONG_LOG2 mDNSu32_LOG2
353 * #define HASH_CTX MD5_CTX
354 * #define HASH_CBLOCK MD5_CBLOCK
355 * #define HASH_LBLOCK MD5_LBLOCK
356 * #define HASH_UPDATE MD5_Update
357 * #define HASH_TRANSFORM MD5_Transform
358 * #define HASH_FINAL MD5_Final
359 * #define HASH_BLOCK_HOST_ORDER md5_block_host_order
360 * #define HASH_BLOCK_DATA_ORDER md5_block_data_order
361 *
362 * <appro@fy.chalmers.se>
363 */
364
365 #if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
366 #error "DATA_ORDER must be defined!"
367 #endif
368
369 #ifndef HASH_CBLOCK
370 #error "HASH_CBLOCK must be defined!"
371 #endif
372 #ifndef HASH_LONG
373 #error "HASH_LONG must be defined!"
374 #endif
375 #ifndef HASH_CTX
376 #error "HASH_CTX must be defined!"
377 #endif
378
379 #ifndef HASH_UPDATE
380 #error "HASH_UPDATE must be defined!"
381 #endif
382 #ifndef HASH_TRANSFORM
383 #error "HASH_TRANSFORM must be defined!"
384 #endif
385 #ifndef HASH_FINAL
386 #error "HASH_FINAL must be defined!"
387 #endif
388
389 #ifndef HASH_BLOCK_HOST_ORDER
390 #error "HASH_BLOCK_HOST_ORDER must be defined!"
391 #endif
392
393 #if 0
394 /*
395 * Moved below as it's required only if HASH_BLOCK_DATA_ORDER_ALIGNED
396 * isn't defined.
397 */
398 #ifndef HASH_BLOCK_DATA_ORDER
399 #error "HASH_BLOCK_DATA_ORDER must be defined!"
400 #endif
401 #endif
402
403 #ifndef HASH_LBLOCK
404 #define HASH_LBLOCK (HASH_CBLOCK/4)
405 #endif
406
407 #ifndef HASH_LONG_LOG2
408 #define HASH_LONG_LOG2 2
409 #endif
410
411 /*
412 * Engage compiler specific rotate intrinsic function if available.
413 */
414 #undef ROTATE
415 #ifndef PEDANTIC
416 # if 0 /* defined(_MSC_VER) */
417 # define ROTATE(a,n) _lrotl(a,n)
418 # elif defined(__MWERKS__)
419 # if defined(__POWERPC__)
420 # define ROTATE(a,n) (unsigned MD32_REG_T)__rlwinm((int)a,n,0,31)
421 # elif defined(__MC68K__)
422 /* Motorola specific tweak. <appro@fy.chalmers.se> */
423 # define ROTATE(a,n) (n<24 ? __rol(a,n) : __ror(a,32-n))
424 # else
425 # define ROTATE(a,n) __rol(a,n)
426 # endif
427 # elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
428 /*
429 * Some GNU C inline assembler templates. Note that these are
430 * rotates by *constant* number of bits! But that's exactly
431 * what we need here...
432 *
433 * <appro@fy.chalmers.se>
434 */
435 /*
436 * LLVM is more strict about compatibility of types between input & output constraints,
437 * but we want these to be rotations of 32 bits, not 64, so we explicitly drop the
438 * most significant bytes by casting to an unsigned int.
439 */
440 # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
441 # define ROTATE(a,n) ({ register unsigned int ret; \
442 asm ( \
443 "roll %1,%0" \
444 : "=r"(ret) \
445 : "I"(n), "0"((unsigned int)a) \
446 : "cc"); \
447 ret; \
448 })
449 # elif defined(__powerpc) || defined(__ppc)
450 # define ROTATE(a,n) ({ register unsigned int ret; \
451 asm ( \
452 "rlwinm %0,%1,%2,0,31" \
453 : "=r"(ret) \
454 : "r"(a), "I"(n)); \
455 ret; \
456 })
457 # endif
458 # endif
459
460 /*
461 * Engage compiler specific "fetch in reverse byte order"
462 * intrinsic function if available.
463 */
464 # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
465 /* some GNU C inline assembler templates by <appro@fy.chalmers.se> */
466 # if (defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)) && !defined(I386_ONLY)
467 # define BE_FETCH32(a) ({ register unsigned int l=(a);\
468 asm ( \
469 "bswapl %0" \
470 : "=r"(l) : "0"(l)); \
471 l; \
472 })
473 # elif defined(__powerpc)
474 # define LE_FETCH32(a) ({ register unsigned int l; \
475 asm ( \
476 "lwbrx %0,0,%1" \
477 : "=r"(l) \
478 : "r"(a)); \
479 l; \
480 })
481
482 # elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC)
483 # define LE_FETCH32(a) ({ register unsigned int l; \
484 asm ( \
485 "lda [%1]#ASI_PRIMARY_LITTLE,%0"\
486 : "=r"(l) \
487 : "r"(a)); \
488 l; \
489 })
490 # endif
491 # endif
492 #endif /* PEDANTIC */
493
494 #if HASH_LONG_LOG2==2 /* Engage only if sizeof(HASH_LONG)== 4 */
495 /* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */
496 #ifdef ROTATE
497 /* 5 instructions with rotate instruction, else 9 */
498 #define REVERSE_FETCH32(a,l) ( \
499 l=*(const HASH_LONG *)(a), \
500 ((ROTATE(l,8)&0x00FF00FF)|(ROTATE((l&0x00FF00FF),24))) \
501 )
502 #else
503 /* 6 instructions with rotate instruction, else 8 */
504 #define REVERSE_FETCH32(a,l) ( \
505 l=*(const HASH_LONG *)(a), \
506 l=(((l>>8)&0x00FF00FF)|((l&0x00FF00FF)<<8)), \
507 ROTATE(l,16) \
508 )
509 /*
510 * Originally the middle line started with l=(((l&0xFF00FF00)>>8)|...
511 * It's rewritten as above for two reasons:
512 * - RISCs aren't good at long constants and have to explicitely
513 * compose 'em with several (well, usually 2) instructions in a
514 * register before performing the actual operation and (as you
515 * already realized:-) having same constant should inspire the
516 * compiler to permanently allocate the only register for it;
517 * - most modern CPUs have two ALUs, but usually only one has
518 * circuitry for shifts:-( this minor tweak inspires compiler
519 * to schedule shift instructions in a better way...
520 *
521 * <appro@fy.chalmers.se>
522 */
523 #endif
524 #endif
525
526 #ifndef ROTATE
527 #define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
528 #endif
529
530 /*
531 * Make some obvious choices. E.g., HASH_BLOCK_DATA_ORDER_ALIGNED
532 * and HASH_BLOCK_HOST_ORDER ought to be the same if input data
533 * and host are of the same "endianess". It's possible to mask
534 * this with blank #define HASH_BLOCK_DATA_ORDER though...
535 *
536 * <appro@fy.chalmers.se>
537 */
538 #if defined(B_ENDIAN)
539 # if defined(DATA_ORDER_IS_BIG_ENDIAN)
540 # if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2
541 # define HASH_BLOCK_DATA_ORDER_ALIGNED HASH_BLOCK_HOST_ORDER
542 # endif
543 # elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
544 # ifndef HOST_FETCH32
545 # ifdef LE_FETCH32
546 # define HOST_FETCH32(p,l) LE_FETCH32(p)
547 # elif defined(REVERSE_FETCH32)
548 # define HOST_FETCH32(p,l) REVERSE_FETCH32(p,l)
549 # endif
550 # endif
551 # endif
552 #elif defined(L_ENDIAN)
553 # if defined(DATA_ORDER_IS_LITTLE_ENDIAN)
554 # if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2
555 # define HASH_BLOCK_DATA_ORDER_ALIGNED HASH_BLOCK_HOST_ORDER
556 # endif
557 # elif defined(DATA_ORDER_IS_BIG_ENDIAN)
558 # ifndef HOST_FETCH32
559 # ifdef BE_FETCH32
560 # define HOST_FETCH32(p,l) BE_FETCH32(p)
561 # elif defined(REVERSE_FETCH32)
562 # define HOST_FETCH32(p,l) REVERSE_FETCH32(p,l)
563 # endif
564 # endif
565 # endif
566 #endif
567
568 #if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
569 #ifndef HASH_BLOCK_DATA_ORDER
570 #error "HASH_BLOCK_DATA_ORDER must be defined!"
571 #endif
572 #endif
573
574 #if defined(DATA_ORDER_IS_BIG_ENDIAN)
575
576 #define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \
577 l|=(((unsigned long)(*((c)++)))<<16), \
578 l|=(((unsigned long)(*((c)++)))<< 8), \
579 l|=(((unsigned long)(*((c)++))) ), \
580 l)
581 #define HOST_p_c2l(c,l,n) { \
582 switch (n) { \
583 case 0: l =((unsigned long)(*((c)++)))<<24; \
584 case 1: l|=((unsigned long)(*((c)++)))<<16; \
585 case 2: l|=((unsigned long)(*((c)++)))<< 8; \
586 case 3: l|=((unsigned long)(*((c)++))); \
587 } }
588 #define HOST_p_c2l_p(c,l,sc,len) { \
589 switch (sc) { \
590 case 0: l =((unsigned long)(*((c)++)))<<24; \
591 if (--len == 0) break; \
592 case 1: l|=((unsigned long)(*((c)++)))<<16; \
593 if (--len == 0) break; \
594 case 2: l|=((unsigned long)(*((c)++)))<< 8; \
595 } }
596 /* NOTE the pointer is not incremented at the end of this */
597 #define HOST_c2l_p(c,l,n) { \
598 l=0; (c)+=n; \
599 switch (n) { \
600 case 3: l =((unsigned long)(*(--(c))))<< 8; \
601 case 2: l|=((unsigned long)(*(--(c))))<<16; \
602 case 1: l|=((unsigned long)(*(--(c))))<<24; \
603 } }
604 #define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
605 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
606 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
607 *((c)++)=(unsigned char)(((l) )&0xff), \
608 l)
609
610 #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
611
612 #define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \
613 l|=(((unsigned long)(*((c)++)))<< 8), \
614 l|=(((unsigned long)(*((c)++)))<<16), \
615 l|=(((unsigned long)(*((c)++)))<<24), \
616 l)
617 #define HOST_p_c2l(c,l,n) { \
618 switch (n) { \
619 case 0: l =((unsigned long)(*((c)++))); \
620 case 1: l|=((unsigned long)(*((c)++)))<< 8; \
621 case 2: l|=((unsigned long)(*((c)++)))<<16; \
622 case 3: l|=((unsigned long)(*((c)++)))<<24; \
623 } }
624 #define HOST_p_c2l_p(c,l,sc,len) { \
625 switch (sc) { \
626 case 0: l =((unsigned long)(*((c)++))); \
627 if (--len == 0) break; \
628 case 1: l|=((unsigned long)(*((c)++)))<< 8; \
629 if (--len == 0) break; \
630 case 2: l|=((unsigned long)(*((c)++)))<<16; \
631 } }
632 /* NOTE the pointer is not incremented at the end of this */
633 #define HOST_c2l_p(c,l,n) { \
634 l=0; (c)+=n; \
635 switch (n) { \
636 case 3: l =((unsigned long)(*(--(c))))<<16; \
637 case 2: l|=((unsigned long)(*(--(c))))<< 8; \
638 case 1: l|=((unsigned long)(*(--(c)))); \
639 } }
640 #define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
641 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
642 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
643 *((c)++)=(unsigned char)(((l)>>24)&0xff), \
644 l)
645
646 #endif
647
648 /*
649 * Time for some action:-)
650 */
651
HASH_UPDATE(HASH_CTX * c,const void * data_,unsigned long len)652 int HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len)
653 {
654 const unsigned char *data=(const unsigned char *)data_;
655 register HASH_LONG * p;
656 register unsigned long l;
657 int sw,sc,ew,ec;
658
659 if (len==0) return 1;
660
661 l=(c->Nl+(len<<3))&0xffffffffL;
662 /* 95-05-24 eay Fixed a bug with the overflow handling, thanks to
663 * Wei Dai <weidai@eskimo.com> for pointing it out. */
664 if (l < c->Nl) /* overflow */
665 c->Nh++;
666 c->Nh+=(len>>29);
667 c->Nl=l;
668
669 if (c->num != 0)
670 {
671 p=c->data;
672 sw=c->num>>2;
673 sc=c->num&0x03;
674
675 if ((c->num+len) >= HASH_CBLOCK)
676 {
677 l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l;
678 for (; sw<HASH_LBLOCK; sw++)
679 {
680 HOST_c2l(data,l); p[sw]=l;
681 }
682 HASH_BLOCK_HOST_ORDER (c,p,1);
683 len-=(HASH_CBLOCK-c->num);
684 c->num=0;
685 /* drop through and do the rest */
686 }
687 else
688 {
689 c->num+=len;
690 if ((sc+len) < 4) /* ugly, add char's to a word */
691 {
692 l=p[sw]; HOST_p_c2l_p(data,l,sc,len); p[sw]=l;
693 }
694 else
695 {
696 ew=(c->num>>2);
697 ec=(c->num&0x03);
698 if (sc)
699 l=p[sw];
700 HOST_p_c2l(data,l,sc);
701 p[sw++]=l;
702 for (; sw < ew; sw++)
703 {
704 HOST_c2l(data,l); p[sw]=l;
705 }
706 if (ec)
707 {
708 HOST_c2l_p(data,l,ec); p[sw]=l;
709 }
710 }
711 return 1;
712 }
713 }
714
715 sw=(int)(len/HASH_CBLOCK);
716 if (sw > 0)
717 {
718 #if defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
719 /*
720 * Note that HASH_BLOCK_DATA_ORDER_ALIGNED gets defined
721 * only if sizeof(HASH_LONG)==4.
722 */
723 if ((((unsigned long)data)%4) == 0)
724 {
725 /* data is properly aligned so that we can cast it: */
726 HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,sw);
727 sw*=HASH_CBLOCK;
728 data+=sw;
729 len-=sw;
730 }
731 else
732 #if !defined(HASH_BLOCK_DATA_ORDER)
733 while (sw--)
734 {
735 mDNSPlatformMemCopy(p=c->data,data,HASH_CBLOCK);
736 HASH_BLOCK_DATA_ORDER_ALIGNED(c,p,1);
737 data+=HASH_CBLOCK;
738 len-=HASH_CBLOCK;
739 }
740 #endif
741 #endif
742 #if defined(HASH_BLOCK_DATA_ORDER)
743 {
744 HASH_BLOCK_DATA_ORDER(c,data,sw);
745 sw*=HASH_CBLOCK;
746 data+=sw;
747 len-=sw;
748 }
749 #endif
750 }
751
752 if (len!=0)
753 {
754 p = c->data;
755 c->num = (int)len;
756 ew=(int)(len>>2); /* words to copy */
757 ec=(int)(len&0x03);
758 for (; ew; ew--,p++)
759 {
760 HOST_c2l(data,l); *p=l;
761 }
762 HOST_c2l_p(data,l,ec);
763 *p=l;
764 }
765 return 1;
766 }
767
768
HASH_TRANSFORM(HASH_CTX * c,const unsigned char * data)769 void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data)
770 {
771 #if defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
772 if ((((unsigned long)data)%4) == 0)
773 /* data is properly aligned so that we can cast it: */
774 HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,1);
775 else
776 #if !defined(HASH_BLOCK_DATA_ORDER)
777 {
778 mDNSPlatformMemCopy(c->data,data,HASH_CBLOCK);
779 HASH_BLOCK_DATA_ORDER_ALIGNED (c,c->data,1);
780 }
781 #endif
782 #endif
783 #if defined(HASH_BLOCK_DATA_ORDER)
784 HASH_BLOCK_DATA_ORDER (c,data,1);
785 #endif
786 }
787
788
HASH_FINAL(unsigned char * md,HASH_CTX * c)789 int HASH_FINAL (unsigned char *md, HASH_CTX *c)
790 {
791 register HASH_LONG *p;
792 register unsigned long l;
793 register int i,j;
794 static const unsigned char end[4]={0x80,0x00,0x00,0x00};
795 const unsigned char *cp=end;
796
797 /* c->num should definitly have room for at least one more byte. */
798 p=c->data;
799 i=c->num>>2;
800 j=c->num&0x03;
801
802 #if 0
803 /* purify often complains about the following line as an
804 * Uninitialized Memory Read. While this can be true, the
805 * following p_c2l macro will reset l when that case is true.
806 * This is because j&0x03 contains the number of 'valid' bytes
807 * already in p[i]. If and only if j&0x03 == 0, the UMR will
808 * occur but this is also the only time p_c2l will do
809 * l= *(cp++) instead of l|= *(cp++)
810 * Many thanks to Alex Tang <altitude@cic.net> for pickup this
811 * 'potential bug' */
812 #ifdef PURIFY
813 if (j==0) p[i]=0; /* Yeah, but that's not the way to fix it:-) */
814 #endif
815 l=p[i];
816 #else
817 l = (j==0) ? 0 : p[i];
818 #endif
819 HOST_p_c2l(cp,l,j); p[i++]=l; /* i is the next 'undefined word' */
820
821 if (i>(HASH_LBLOCK-2)) /* save room for Nl and Nh */
822 {
823 if (i<HASH_LBLOCK) p[i]=0;
824 HASH_BLOCK_HOST_ORDER (c,p,1);
825 i=0;
826 }
827 for (; i<(HASH_LBLOCK-2); i++)
828 p[i]=0;
829
830 #if defined(DATA_ORDER_IS_BIG_ENDIAN)
831 p[HASH_LBLOCK-2]=c->Nh;
832 p[HASH_LBLOCK-1]=c->Nl;
833 #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
834 p[HASH_LBLOCK-2]=c->Nl;
835 p[HASH_LBLOCK-1]=c->Nh;
836 #endif
837 HASH_BLOCK_HOST_ORDER (c,p,1);
838
839 #ifndef HASH_MAKE_STRING
840 #error "HASH_MAKE_STRING must be defined!"
841 #else
842 HASH_MAKE_STRING(c,md);
843 #endif
844
845 c->num=0;
846 /* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
847 * but I'm not worried :-)
848 OPENSSL_cleanse((void *)c,sizeof(HASH_CTX));
849 */
850 return 1;
851 }
852
853 #ifndef MD32_REG_T
854 #define MD32_REG_T long
855 /*
856 * This comment was originaly written for MD5, which is why it
857 * discusses A-D. But it basically applies to all 32-bit digests,
858 * which is why it was moved to common header file.
859 *
860 * In case you wonder why A-D are declared as long and not
861 * as mDNSu32. Doing so results in slight performance
862 * boost on LP64 architectures. The catch is we don't
863 * really care if 32 MSBs of a 64-bit register get polluted
864 * with eventual overflows as we *save* only 32 LSBs in
865 * *either* case. Now declaring 'em long excuses the compiler
866 * from keeping 32 MSBs zeroed resulting in 13% performance
867 * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
868 * Well, to be honest it should say that this *prevents*
869 * performance degradation.
870 * <appro@fy.chalmers.se>
871 * Apparently there're LP64 compilers that generate better
872 * code if A-D are declared int. Most notably GCC-x86_64
873 * generates better code.
874 * <appro@fy.chalmers.se>
875 */
876 #endif
877
878
879 // from md5_locl.h (continued)
880
881 /*
882 #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z)))
883 #define G(x,y,z) (((x) & (z)) | ((y) & (~(z))))
884 */
885
886 /* As pointed out by Wei Dai <weidai@eskimo.com>, the above can be
887 * simplified to the code below. Wei attributes these optimizations
888 * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
889 */
890 #define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d))
891 #define G(b,c,d) ((((b) ^ (c)) & (d)) ^ (c))
892 #define H(b,c,d) ((b) ^ (c) ^ (d))
893 #define I(b,c,d) (((~(d)) | (b)) ^ (c))
894
895 #define R0(a,b,c,d,k,s,t) { \
896 a+=((k)+(t)+F((b),(c),(d))); \
897 a=ROTATE(a,s); \
898 a+=b; };\
899
900 #define R1(a,b,c,d,k,s,t) { \
901 a+=((k)+(t)+G((b),(c),(d))); \
902 a=ROTATE(a,s); \
903 a+=b; };
904
905 #define R2(a,b,c,d,k,s,t) { \
906 a+=((k)+(t)+H((b),(c),(d))); \
907 a=ROTATE(a,s); \
908 a+=b; };
909
910 #define R3(a,b,c,d,k,s,t) { \
911 a+=((k)+(t)+I((b),(c),(d))); \
912 a=ROTATE(a,s); \
913 a+=b; };
914
915 // from md5_dgst.c
916
917
918 /* Implemented from RFC1321 The MD5 Message-Digest Algorithm
919 */
920
921 #define INIT_DATA_A (unsigned long)0x67452301L
922 #define INIT_DATA_B (unsigned long)0xefcdab89L
923 #define INIT_DATA_C (unsigned long)0x98badcfeL
924 #define INIT_DATA_D (unsigned long)0x10325476L
925
MD5_Init(MD5_CTX * c)926 int MD5_Init(MD5_CTX *c)
927 {
928 c->A=INIT_DATA_A;
929 c->B=INIT_DATA_B;
930 c->C=INIT_DATA_C;
931 c->D=INIT_DATA_D;
932 c->Nl=0;
933 c->Nh=0;
934 c->num=0;
935 return 1;
936 }
937
938 #ifndef md5_block_host_order
md5_block_host_order(MD5_CTX * c,const void * data,int num)939 void md5_block_host_order (MD5_CTX *c, const void *data, int num)
940 {
941 const mDNSu32 *X=(const mDNSu32 *)data;
942 register unsigned MD32_REG_T A,B,C,D;
943
944 A=c->A;
945 B=c->B;
946 C=c->C;
947 D=c->D;
948
949 for (;num--;X+=HASH_LBLOCK)
950 {
951 /* Round 0 */
952 R0(A,B,C,D,X[ 0], 7,0xd76aa478L);
953 R0(D,A,B,C,X[ 1],12,0xe8c7b756L);
954 R0(C,D,A,B,X[ 2],17,0x242070dbL);
955 R0(B,C,D,A,X[ 3],22,0xc1bdceeeL);
956 R0(A,B,C,D,X[ 4], 7,0xf57c0fafL);
957 R0(D,A,B,C,X[ 5],12,0x4787c62aL);
958 R0(C,D,A,B,X[ 6],17,0xa8304613L);
959 R0(B,C,D,A,X[ 7],22,0xfd469501L);
960 R0(A,B,C,D,X[ 8], 7,0x698098d8L);
961 R0(D,A,B,C,X[ 9],12,0x8b44f7afL);
962 R0(C,D,A,B,X[10],17,0xffff5bb1L);
963 R0(B,C,D,A,X[11],22,0x895cd7beL);
964 R0(A,B,C,D,X[12], 7,0x6b901122L);
965 R0(D,A,B,C,X[13],12,0xfd987193L);
966 R0(C,D,A,B,X[14],17,0xa679438eL);
967 R0(B,C,D,A,X[15],22,0x49b40821L);
968 /* Round 1 */
969 R1(A,B,C,D,X[ 1], 5,0xf61e2562L);
970 R1(D,A,B,C,X[ 6], 9,0xc040b340L);
971 R1(C,D,A,B,X[11],14,0x265e5a51L);
972 R1(B,C,D,A,X[ 0],20,0xe9b6c7aaL);
973 R1(A,B,C,D,X[ 5], 5,0xd62f105dL);
974 R1(D,A,B,C,X[10], 9,0x02441453L);
975 R1(C,D,A,B,X[15],14,0xd8a1e681L);
976 R1(B,C,D,A,X[ 4],20,0xe7d3fbc8L);
977 R1(A,B,C,D,X[ 9], 5,0x21e1cde6L);
978 R1(D,A,B,C,X[14], 9,0xc33707d6L);
979 R1(C,D,A,B,X[ 3],14,0xf4d50d87L);
980 R1(B,C,D,A,X[ 8],20,0x455a14edL);
981 R1(A,B,C,D,X[13], 5,0xa9e3e905L);
982 R1(D,A,B,C,X[ 2], 9,0xfcefa3f8L);
983 R1(C,D,A,B,X[ 7],14,0x676f02d9L);
984 R1(B,C,D,A,X[12],20,0x8d2a4c8aL);
985 /* Round 2 */
986 R2(A,B,C,D,X[ 5], 4,0xfffa3942L);
987 R2(D,A,B,C,X[ 8],11,0x8771f681L);
988 R2(C,D,A,B,X[11],16,0x6d9d6122L);
989 R2(B,C,D,A,X[14],23,0xfde5380cL);
990 R2(A,B,C,D,X[ 1], 4,0xa4beea44L);
991 R2(D,A,B,C,X[ 4],11,0x4bdecfa9L);
992 R2(C,D,A,B,X[ 7],16,0xf6bb4b60L);
993 R2(B,C,D,A,X[10],23,0xbebfbc70L);
994 R2(A,B,C,D,X[13], 4,0x289b7ec6L);
995 R2(D,A,B,C,X[ 0],11,0xeaa127faL);
996 R2(C,D,A,B,X[ 3],16,0xd4ef3085L);
997 R2(B,C,D,A,X[ 6],23,0x04881d05L);
998 R2(A,B,C,D,X[ 9], 4,0xd9d4d039L);
999 R2(D,A,B,C,X[12],11,0xe6db99e5L);
1000 R2(C,D,A,B,X[15],16,0x1fa27cf8L);
1001 R2(B,C,D,A,X[ 2],23,0xc4ac5665L);
1002 /* Round 3 */
1003 R3(A,B,C,D,X[ 0], 6,0xf4292244L);
1004 R3(D,A,B,C,X[ 7],10,0x432aff97L);
1005 R3(C,D,A,B,X[14],15,0xab9423a7L);
1006 R3(B,C,D,A,X[ 5],21,0xfc93a039L);
1007 R3(A,B,C,D,X[12], 6,0x655b59c3L);
1008 R3(D,A,B,C,X[ 3],10,0x8f0ccc92L);
1009 R3(C,D,A,B,X[10],15,0xffeff47dL);
1010 R3(B,C,D,A,X[ 1],21,0x85845dd1L);
1011 R3(A,B,C,D,X[ 8], 6,0x6fa87e4fL);
1012 R3(D,A,B,C,X[15],10,0xfe2ce6e0L);
1013 R3(C,D,A,B,X[ 6],15,0xa3014314L);
1014 R3(B,C,D,A,X[13],21,0x4e0811a1L);
1015 R3(A,B,C,D,X[ 4], 6,0xf7537e82L);
1016 R3(D,A,B,C,X[11],10,0xbd3af235L);
1017 R3(C,D,A,B,X[ 2],15,0x2ad7d2bbL);
1018 R3(B,C,D,A,X[ 9],21,0xeb86d391L);
1019
1020 A = c->A += A;
1021 B = c->B += B;
1022 C = c->C += C;
1023 D = c->D += D;
1024 }
1025 }
1026 #endif
1027
1028 #ifndef md5_block_data_order
1029 #ifdef X
1030 #undef X
1031 #endif
md5_block_data_order(MD5_CTX * c,const void * data_,int num)1032 void md5_block_data_order (MD5_CTX *c, const void *data_, int num)
1033 {
1034 const unsigned char *data=data_;
1035 register unsigned MD32_REG_T A,B,C,D,l;
1036 #ifndef MD32_XARRAY
1037 /* See comment in crypto/sha/sha_locl.h for details. */
1038 unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
1039 XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
1040 # define X(i) XX##i
1041 #else
1042 mDNSu32 XX[MD5_LBLOCK];
1043 # define X(i) XX[i]
1044 #endif
1045
1046 A=c->A;
1047 B=c->B;
1048 C=c->C;
1049 D=c->D;
1050
1051 for (;num--;)
1052 {
1053 HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l;
1054 /* Round 0 */
1055 R0(A,B,C,D,X( 0), 7,0xd76aa478L); HOST_c2l(data,l); X( 2)=l;
1056 R0(D,A,B,C,X( 1),12,0xe8c7b756L); HOST_c2l(data,l); X( 3)=l;
1057 R0(C,D,A,B,X( 2),17,0x242070dbL); HOST_c2l(data,l); X( 4)=l;
1058 R0(B,C,D,A,X( 3),22,0xc1bdceeeL); HOST_c2l(data,l); X( 5)=l;
1059 R0(A,B,C,D,X( 4), 7,0xf57c0fafL); HOST_c2l(data,l); X( 6)=l;
1060 R0(D,A,B,C,X( 5),12,0x4787c62aL); HOST_c2l(data,l); X( 7)=l;
1061 R0(C,D,A,B,X( 6),17,0xa8304613L); HOST_c2l(data,l); X( 8)=l;
1062 R0(B,C,D,A,X( 7),22,0xfd469501L); HOST_c2l(data,l); X( 9)=l;
1063 R0(A,B,C,D,X( 8), 7,0x698098d8L); HOST_c2l(data,l); X(10)=l;
1064 R0(D,A,B,C,X( 9),12,0x8b44f7afL); HOST_c2l(data,l); X(11)=l;
1065 R0(C,D,A,B,X(10),17,0xffff5bb1L); HOST_c2l(data,l); X(12)=l;
1066 R0(B,C,D,A,X(11),22,0x895cd7beL); HOST_c2l(data,l); X(13)=l;
1067 R0(A,B,C,D,X(12), 7,0x6b901122L); HOST_c2l(data,l); X(14)=l;
1068 R0(D,A,B,C,X(13),12,0xfd987193L); HOST_c2l(data,l); X(15)=l;
1069 R0(C,D,A,B,X(14),17,0xa679438eL);
1070 R0(B,C,D,A,X(15),22,0x49b40821L);
1071 /* Round 1 */
1072 R1(A,B,C,D,X( 1), 5,0xf61e2562L);
1073 R1(D,A,B,C,X( 6), 9,0xc040b340L);
1074 R1(C,D,A,B,X(11),14,0x265e5a51L);
1075 R1(B,C,D,A,X( 0),20,0xe9b6c7aaL);
1076 R1(A,B,C,D,X( 5), 5,0xd62f105dL);
1077 R1(D,A,B,C,X(10), 9,0x02441453L);
1078 R1(C,D,A,B,X(15),14,0xd8a1e681L);
1079 R1(B,C,D,A,X( 4),20,0xe7d3fbc8L);
1080 R1(A,B,C,D,X( 9), 5,0x21e1cde6L);
1081 R1(D,A,B,C,X(14), 9,0xc33707d6L);
1082 R1(C,D,A,B,X( 3),14,0xf4d50d87L);
1083 R1(B,C,D,A,X( 8),20,0x455a14edL);
1084 R1(A,B,C,D,X(13), 5,0xa9e3e905L);
1085 R1(D,A,B,C,X( 2), 9,0xfcefa3f8L);
1086 R1(C,D,A,B,X( 7),14,0x676f02d9L);
1087 R1(B,C,D,A,X(12),20,0x8d2a4c8aL);
1088 /* Round 2 */
1089 R2(A,B,C,D,X( 5), 4,0xfffa3942L);
1090 R2(D,A,B,C,X( 8),11,0x8771f681L);
1091 R2(C,D,A,B,X(11),16,0x6d9d6122L);
1092 R2(B,C,D,A,X(14),23,0xfde5380cL);
1093 R2(A,B,C,D,X( 1), 4,0xa4beea44L);
1094 R2(D,A,B,C,X( 4),11,0x4bdecfa9L);
1095 R2(C,D,A,B,X( 7),16,0xf6bb4b60L);
1096 R2(B,C,D,A,X(10),23,0xbebfbc70L);
1097 R2(A,B,C,D,X(13), 4,0x289b7ec6L);
1098 R2(D,A,B,C,X( 0),11,0xeaa127faL);
1099 R2(C,D,A,B,X( 3),16,0xd4ef3085L);
1100 R2(B,C,D,A,X( 6),23,0x04881d05L);
1101 R2(A,B,C,D,X( 9), 4,0xd9d4d039L);
1102 R2(D,A,B,C,X(12),11,0xe6db99e5L);
1103 R2(C,D,A,B,X(15),16,0x1fa27cf8L);
1104 R2(B,C,D,A,X( 2),23,0xc4ac5665L);
1105 /* Round 3 */
1106 R3(A,B,C,D,X( 0), 6,0xf4292244L);
1107 R3(D,A,B,C,X( 7),10,0x432aff97L);
1108 R3(C,D,A,B,X(14),15,0xab9423a7L);
1109 R3(B,C,D,A,X( 5),21,0xfc93a039L);
1110 R3(A,B,C,D,X(12), 6,0x655b59c3L);
1111 R3(D,A,B,C,X( 3),10,0x8f0ccc92L);
1112 R3(C,D,A,B,X(10),15,0xffeff47dL);
1113 R3(B,C,D,A,X( 1),21,0x85845dd1L);
1114 R3(A,B,C,D,X( 8), 6,0x6fa87e4fL);
1115 R3(D,A,B,C,X(15),10,0xfe2ce6e0L);
1116 R3(C,D,A,B,X( 6),15,0xa3014314L);
1117 R3(B,C,D,A,X(13),21,0x4e0811a1L);
1118 R3(A,B,C,D,X( 4), 6,0xf7537e82L);
1119 R3(D,A,B,C,X(11),10,0xbd3af235L);
1120 R3(C,D,A,B,X( 2),15,0x2ad7d2bbL);
1121 R3(B,C,D,A,X( 9),21,0xeb86d391L);
1122
1123 A = c->A += A;
1124 B = c->B += B;
1125 C = c->C += C;
1126 D = c->D += D;
1127 }
1128 }
1129 #endif
1130
1131
1132 // ***************************************************************************
1133 #if COMPILER_LIKES_PRAGMA_MARK
1134 #pragma mark - base64 -> binary conversion
1135 #endif
1136
1137 static const char Base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
1138 static const char Pad64 = '=';
1139
1140
1141 #define mDNSisspace(x) (x == '\t' || x == '\n' || x == '\v' || x == '\f' || x == '\r' || x == ' ')
1142
mDNSstrchr(const char * s,int c)1143 mDNSlocal const char *mDNSstrchr(const char *s, int c)
1144 {
1145 while (1)
1146 {
1147 if (c == *s) return s;
1148 if (!*s) return mDNSNULL;
1149 s++;
1150 }
1151 }
1152
1153 // skips all whitespace anywhere.
1154 // converts characters, four at a time, starting at (or after)
1155 // src from base - 64 numbers into three 8 bit bytes in the target area.
1156 // it returns the number of data bytes stored at the target, or -1 on error.
1157 // adapted from BIND sources
1158
DNSDigest_Base64ToBin(const char * src,mDNSu8 * target,mDNSu32 targsize)1159 mDNSlocal mDNSs32 DNSDigest_Base64ToBin(const char *src, mDNSu8 *target, mDNSu32 targsize)
1160 {
1161 int tarindex, state, ch;
1162 const char *pos;
1163
1164 state = 0;
1165 tarindex = 0;
1166
1167 while ((ch = *src++) != '\0') {
1168 if (mDNSisspace(ch)) /* Skip whitespace anywhere. */
1169 continue;
1170
1171 if (ch == Pad64)
1172 break;
1173
1174 pos = mDNSstrchr(Base64, ch);
1175 if (pos == 0) /* A non-base64 character. */
1176 return (-1);
1177
1178 switch (state) {
1179 case 0:
1180 if (target) {
1181 if ((mDNSu32)tarindex >= targsize)
1182 return (-1);
1183 target[tarindex] = (mDNSu8)((pos - Base64) << 2);
1184 }
1185 state = 1;
1186 break;
1187 case 1:
1188 if (target) {
1189 if ((mDNSu32)tarindex + 1 >= targsize)
1190 return (-1);
1191 target[tarindex] |= (pos - Base64) >> 4;
1192 target[tarindex+1] = (mDNSu8)(((pos - Base64) & 0x0f) << 4);
1193 }
1194 tarindex++;
1195 state = 2;
1196 break;
1197 case 2:
1198 if (target) {
1199 if ((mDNSu32)tarindex + 1 >= targsize)
1200 return (-1);
1201 target[tarindex] |= (pos - Base64) >> 2;
1202 target[tarindex+1] = (mDNSu8)(((pos - Base64) & 0x03) << 6);
1203 }
1204 tarindex++;
1205 state = 3;
1206 break;
1207 case 3:
1208 if (target) {
1209 if ((mDNSu32)tarindex >= targsize)
1210 return (-1);
1211 target[tarindex] |= (pos - Base64);
1212 }
1213 tarindex++;
1214 state = 0;
1215 break;
1216 default:
1217 return -1;
1218 }
1219 }
1220
1221 /*
1222 * We are done decoding Base-64 chars. Let's see if we ended
1223 * on a byte boundary, and/or with erroneous trailing characters.
1224 */
1225
1226 if (ch == Pad64) { /* We got a pad char. */
1227 ch = *src++; /* Skip it, get next. */
1228 switch (state) {
1229 case 0: /* Invalid = in first position */
1230 case 1: /* Invalid = in second position */
1231 return (-1);
1232
1233 case 2: /* Valid, means one byte of info */
1234 /* Skip any number of spaces. */
1235 for ((void)mDNSNULL; ch != '\0'; ch = *src++)
1236 if (!mDNSisspace(ch))
1237 break;
1238 /* Make sure there is another trailing = sign. */
1239 if (ch != Pad64)
1240 return (-1);
1241 ch = *src++; /* Skip the = */
1242 /* Fall through to "single trailing =" case. */
1243 /* FALLTHROUGH */
1244
1245 case 3: /* Valid, means two bytes of info */
1246 /*
1247 * We know this char is an =. Is there anything but
1248 * whitespace after it?
1249 */
1250 for ((void)mDNSNULL; ch != '\0'; ch = *src++)
1251 if (!mDNSisspace(ch))
1252 return (-1);
1253
1254 /*
1255 * Now make sure for cases 2 and 3 that the "extra"
1256 * bits that slopped past the last full byte were
1257 * zeros. If we don't check them, they become a
1258 * subliminal channel.
1259 */
1260 if (target && target[tarindex] != 0)
1261 return (-1);
1262 }
1263 } else {
1264 /*
1265 * We ended by seeing the end of the string. Make sure we
1266 * have no partial bytes lying around.
1267 */
1268 if (state != 0)
1269 return (-1);
1270 }
1271
1272 return (tarindex);
1273 }
1274
1275
1276 // ***************************************************************************
1277 #if COMPILER_LIKES_PRAGMA_MARK
1278 #pragma mark - API exported to mDNS Core
1279 #endif
1280
1281 // Constants
1282 #define HMAC_IPAD 0x36
1283 #define HMAC_OPAD 0x5c
1284 #define MD5_LEN 16
1285
1286 #define HMAC_MD5_AlgName (*(const domainname*) "\010" "hmac-md5" "\007" "sig-alg" "\003" "reg" "\003" "int")
1287
1288 // Adapted from Appendix, RFC 2104
DNSDigest_ConstructHMACKey(DomainAuthInfo * info,const mDNSu8 * key,mDNSu32 len)1289 mDNSlocal void DNSDigest_ConstructHMACKey(DomainAuthInfo *info, const mDNSu8 *key, mDNSu32 len)
1290 {
1291 MD5_CTX k;
1292 mDNSu8 buf[MD5_LEN];
1293 int i;
1294
1295 // If key is longer than HMAC_LEN reset it to MD5(key)
1296 if (len > HMAC_LEN)
1297 {
1298 MD5_Init(&k);
1299 MD5_Update(&k, key, len);
1300 MD5_Final(buf, &k);
1301 key = buf;
1302 len = MD5_LEN;
1303 }
1304
1305 // store key in pads
1306 mDNSPlatformMemZero(info->keydata_ipad, HMAC_LEN);
1307 mDNSPlatformMemZero(info->keydata_opad, HMAC_LEN);
1308 mDNSPlatformMemCopy(info->keydata_ipad, key, len);
1309 mDNSPlatformMemCopy(info->keydata_opad, key, len);
1310
1311 // XOR key with ipad and opad values
1312 for (i = 0; i < HMAC_LEN; i++)
1313 {
1314 info->keydata_ipad[i] ^= HMAC_IPAD;
1315 info->keydata_opad[i] ^= HMAC_OPAD;
1316 }
1317
1318 }
1319
DNSDigest_ConstructHMACKeyfromBase64(DomainAuthInfo * info,const char * b64key)1320 mDNSexport mDNSs32 DNSDigest_ConstructHMACKeyfromBase64(DomainAuthInfo *info, const char *b64key)
1321 {
1322 mDNSu8 keybuf[1024];
1323 mDNSs32 keylen = DNSDigest_Base64ToBin(b64key, keybuf, sizeof(keybuf));
1324 if (keylen < 0) return(keylen);
1325 DNSDigest_ConstructHMACKey(info, keybuf, (mDNSu32)keylen);
1326 return(keylen);
1327 }
1328
DNSDigest_SignMessage(DNSMessage * msg,mDNSu8 ** end,DomainAuthInfo * info,mDNSu16 tcode)1329 mDNSexport void DNSDigest_SignMessage(DNSMessage *msg, mDNSu8 **end, DomainAuthInfo *info, mDNSu16 tcode)
1330 {
1331 AuthRecord tsig;
1332 mDNSu8 *rdata, *const countPtr = (mDNSu8 *)&msg->h.numAdditionals; // Get existing numAdditionals value
1333 mDNSu32 utc32;
1334 mDNSu8 utc48[6];
1335 mDNSu8 digest[MD5_LEN];
1336 mDNSu8 *ptr = *end;
1337 mDNSu32 len;
1338 mDNSOpaque16 buf;
1339 MD5_CTX c;
1340 mDNSu16 numAdditionals = (mDNSu16)((mDNSu16)countPtr[0] << 8 | countPtr[1]);
1341
1342 // Init MD5 context, digest inner key pad and message
1343 MD5_Init(&c);
1344 MD5_Update(&c, info->keydata_ipad, HMAC_LEN);
1345 MD5_Update(&c, (mDNSu8 *)msg, (unsigned long)(*end - (mDNSu8 *)msg));
1346
1347 // Construct TSIG RR, digesting variables as apporpriate
1348 mDNS_SetupResourceRecord(&tsig, mDNSNULL, 0, kDNSType_TSIG, 0, kDNSRecordTypeKnownUnique, AuthRecordAny, mDNSNULL, mDNSNULL);
1349
1350 // key name
1351 AssignDomainName(&tsig.namestorage, &info->keyname);
1352 MD5_Update(&c, info->keyname.c, DomainNameLength(&info->keyname));
1353
1354 // class
1355 tsig.resrec.rrclass = kDNSQClass_ANY;
1356 buf = mDNSOpaque16fromIntVal(kDNSQClass_ANY);
1357 MD5_Update(&c, buf.b, sizeof(mDNSOpaque16));
1358
1359 // ttl
1360 tsig.resrec.rroriginalttl = 0;
1361 MD5_Update(&c, (mDNSu8 *)&tsig.resrec.rroriginalttl, sizeof(tsig.resrec.rroriginalttl));
1362
1363 // alg name
1364 AssignDomainName(&tsig.resrec.rdata->u.name, &HMAC_MD5_AlgName);
1365 len = DomainNameLength(&HMAC_MD5_AlgName);
1366 rdata = tsig.resrec.rdata->u.data + len;
1367 MD5_Update(&c, HMAC_MD5_AlgName.c, len);
1368
1369 // time
1370 // get UTC (universal time), convert to 48-bit unsigned in network byte order
1371 utc32 = (mDNSu32)mDNSPlatformUTC();
1372 if (utc32 == (unsigned)-1) { LogMsg("ERROR: DNSDigest_SignMessage - mDNSPlatformUTC returned bad time -1"); *end = mDNSNULL; }
1373 utc48[0] = 0;
1374 utc48[1] = 0;
1375 utc48[2] = (mDNSu8)((utc32 >> 24) & 0xff);
1376 utc48[3] = (mDNSu8)((utc32 >> 16) & 0xff);
1377 utc48[4] = (mDNSu8)((utc32 >> 8) & 0xff);
1378 utc48[5] = (mDNSu8)( utc32 & 0xff);
1379
1380 mDNSPlatformMemCopy(rdata, utc48, 6);
1381 rdata += 6;
1382 MD5_Update(&c, utc48, 6);
1383
1384 // 300 sec is fudge recommended in RFC 2485
1385 rdata[0] = (mDNSu8)((300 >> 8) & 0xff);
1386 rdata[1] = (mDNSu8)( 300 & 0xff);
1387 MD5_Update(&c, rdata, sizeof(mDNSOpaque16));
1388 rdata += sizeof(mDNSOpaque16);
1389
1390 // digest error (tcode) and other data len (zero) - we'll add them to the rdata later
1391 buf.b[0] = (mDNSu8)((tcode >> 8) & 0xff);
1392 buf.b[1] = (mDNSu8)( tcode & 0xff);
1393 MD5_Update(&c, buf.b, sizeof(mDNSOpaque16)); // error
1394 buf.NotAnInteger = 0;
1395 MD5_Update(&c, buf.b, sizeof(mDNSOpaque16)); // other data len
1396
1397 // finish the message & tsig var hash
1398 MD5_Final(digest, &c);
1399
1400 // perform outer MD5 (outer key pad, inner digest)
1401 MD5_Init(&c);
1402 MD5_Update(&c, info->keydata_opad, HMAC_LEN);
1403 MD5_Update(&c, digest, MD5_LEN);
1404 MD5_Final(digest, &c);
1405
1406 // set remaining rdata fields
1407 rdata[0] = (mDNSu8)((MD5_LEN >> 8) & 0xff);
1408 rdata[1] = (mDNSu8)( MD5_LEN & 0xff);
1409 rdata += sizeof(mDNSOpaque16);
1410 mDNSPlatformMemCopy(rdata, digest, MD5_LEN); // MAC
1411 rdata += MD5_LEN;
1412 rdata[0] = msg->h.id.b[0]; // original ID
1413 rdata[1] = msg->h.id.b[1];
1414 rdata[2] = (mDNSu8)((tcode >> 8) & 0xff);
1415 rdata[3] = (mDNSu8)( tcode & 0xff);
1416 rdata[4] = 0; // other data len
1417 rdata[5] = 0;
1418 rdata += 6;
1419
1420 tsig.resrec.rdlength = (mDNSu16)(rdata - tsig.resrec.rdata->u.data);
1421 *end = PutResourceRecordTTLJumbo(msg, ptr, &numAdditionals, &tsig.resrec, 0);
1422 if (!*end) { LogMsg("ERROR: DNSDigest_SignMessage - could not put TSIG"); *end = mDNSNULL; return; }
1423
1424 // Write back updated numAdditionals value
1425 countPtr[0] = (mDNSu8)(numAdditionals >> 8);
1426 countPtr[1] = (mDNSu8)(numAdditionals & 0xFF);
1427 }
1428
DNSDigest_VerifyMessage(DNSMessage * msg,mDNSu8 * end,LargeCacheRecord * lcr,DomainAuthInfo * info,mDNSu16 * rcode,mDNSu16 * tcode)1429 mDNSexport mDNSBool DNSDigest_VerifyMessage(DNSMessage *msg, mDNSu8 *end, LargeCacheRecord * lcr, DomainAuthInfo *info, mDNSu16 * rcode, mDNSu16 * tcode)
1430 {
1431 mDNSu8 * ptr = (mDNSu8*) &lcr->r.resrec.rdata->u.data;
1432 mDNSs32 now;
1433 mDNSs32 then;
1434 mDNSu8 thisDigest[MD5_LEN];
1435 mDNSu8 thatDigest[MD5_LEN];
1436 mDNSu32 macsize;
1437 mDNSOpaque16 buf;
1438 mDNSu8 utc48[6];
1439 mDNSs32 delta;
1440 mDNSu16 fudge;
1441 domainname * algo;
1442 MD5_CTX c;
1443 mDNSBool ok = mDNSfalse;
1444
1445 // We only support HMAC-MD5 for now
1446
1447 algo = (domainname*) ptr;
1448
1449 if (!SameDomainName(algo, &HMAC_MD5_AlgName))
1450 {
1451 LogMsg("ERROR: DNSDigest_VerifyMessage - TSIG algorithm not supported: %##s", algo->c);
1452 *rcode = kDNSFlag1_RC_NotAuth;
1453 *tcode = TSIG_ErrBadKey;
1454 ok = mDNSfalse;
1455 goto exit;
1456 }
1457
1458 ptr += DomainNameLength(algo);
1459
1460 // Check the times
1461
1462 now = mDNSPlatformUTC();
1463 if (now == -1)
1464 {
1465 LogMsg("ERROR: DNSDigest_VerifyMessage - mDNSPlatformUTC returned bad time -1");
1466 *rcode = kDNSFlag1_RC_NotAuth;
1467 *tcode = TSIG_ErrBadTime;
1468 ok = mDNSfalse;
1469 goto exit;
1470 }
1471
1472 // Get the 48 bit time field, skipping over the first word
1473
1474 utc48[0] = *ptr++;
1475 utc48[1] = *ptr++;
1476 utc48[2] = *ptr++;
1477 utc48[3] = *ptr++;
1478 utc48[4] = *ptr++;
1479 utc48[5] = *ptr++;
1480
1481 then = (mDNSs32)NToH32(utc48 + sizeof(mDNSu16));
1482
1483 fudge = NToH16(ptr);
1484
1485 ptr += sizeof(mDNSu16);
1486
1487 delta = (now > then) ? now - then : then - now;
1488
1489 if (delta > fudge)
1490 {
1491 LogMsg("ERROR: DNSDigest_VerifyMessage - time skew > %d", fudge);
1492 *rcode = kDNSFlag1_RC_NotAuth;
1493 *tcode = TSIG_ErrBadTime;
1494 ok = mDNSfalse;
1495 goto exit;
1496 }
1497
1498 // MAC size
1499
1500 macsize = (mDNSu32) NToH16(ptr);
1501
1502 ptr += sizeof(mDNSu16);
1503
1504 // MAC
1505
1506 mDNSPlatformMemCopy(thatDigest, ptr, MD5_LEN);
1507
1508 // Init MD5 context, digest inner key pad and message
1509
1510 MD5_Init(&c);
1511 MD5_Update(&c, info->keydata_ipad, HMAC_LEN);
1512 MD5_Update(&c, (mDNSu8*) msg, (unsigned long)(end - (mDNSu8*) msg));
1513
1514 // Key name
1515
1516 MD5_Update(&c, lcr->r.resrec.name->c, DomainNameLength(lcr->r.resrec.name));
1517
1518 // Class name
1519
1520 buf = mDNSOpaque16fromIntVal(lcr->r.resrec.rrclass);
1521 MD5_Update(&c, buf.b, sizeof(mDNSOpaque16));
1522
1523 // TTL
1524
1525 MD5_Update(&c, (mDNSu8*) &lcr->r.resrec.rroriginalttl, sizeof(lcr->r.resrec.rroriginalttl));
1526
1527 // Algorithm
1528
1529 MD5_Update(&c, algo->c, DomainNameLength(algo));
1530
1531 // Time
1532
1533 MD5_Update(&c, utc48, 6);
1534
1535 // Fudge
1536
1537 buf = mDNSOpaque16fromIntVal(fudge);
1538 MD5_Update(&c, buf.b, sizeof(mDNSOpaque16));
1539
1540 // Digest error and other data len (both zero) - we'll add them to the rdata later
1541
1542 buf.NotAnInteger = 0;
1543 MD5_Update(&c, buf.b, sizeof(mDNSOpaque16)); // error
1544 MD5_Update(&c, buf.b, sizeof(mDNSOpaque16)); // other data len
1545
1546 // Finish the message & tsig var hash
1547
1548 MD5_Final(thisDigest, &c);
1549
1550 // perform outer MD5 (outer key pad, inner digest)
1551
1552 MD5_Init(&c);
1553 MD5_Update(&c, info->keydata_opad, HMAC_LEN);
1554 MD5_Update(&c, thisDigest, MD5_LEN);
1555 MD5_Final(thisDigest, &c);
1556
1557 if (!mDNSPlatformMemSame(thisDigest, thatDigest, MD5_LEN))
1558 {
1559 LogMsg("ERROR: DNSDigest_VerifyMessage - bad signature");
1560 *rcode = kDNSFlag1_RC_NotAuth;
1561 *tcode = TSIG_ErrBadSig;
1562 ok = mDNSfalse;
1563 goto exit;
1564 }
1565
1566 // set remaining rdata fields
1567 ok = mDNStrue;
1568
1569 exit:
1570
1571 return ok;
1572 }
1573
1574
1575 #ifdef __cplusplus
1576 }
1577 #endif
1578